[dput-ng-maint] Bug#850455: dput-ng: dcut dm fails to find maintainer key

Wookey wookey at wookware.org
Fri Jan 6 17:39:04 UTC 2017 

Source: dput-ng
Version: 1.8
Severity: normal

Dear Maintainer,

I tried to use dcut dm to give my co-maintainer (Punit Agrawal) upload
permissions. It didn't go well.

this page:
https://wiki.debian.org/DebianMaintainer#Granting_Permissions
says comands of this format should work:
dcut dm --uid 0xfedcba9876543210 --allow glibc

however if I import punit's key locally:
$ gpg --recv-key F5392FD213FBFEDD
gpg: requesting key F5392FD213FBFEDD from hkp server keys.gnupg.net
gpg: key F5392FD213FBFEDD: "Punit Agrawal <punitagrawal at gmail.com>"
not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

and check that debian-keyring is installed and his key is in the
maintainers keyring:
$ dpkg -l debian-keyring
ii  debian-keyring 2015.04.10   all          GnuPG keys of Debian
Developers a

$ gpg --keyring /usr/share/keyrings/debian-maintainers.gpg --list-key
punit
pub   4096R/F5392FD213FBFEDD 2014-03-29
uid                          Punit Agrawal <punitagrawal at gmail.com>
sub   4096R/20806957C14ABC91 2014-03-29

then run the documented command:
$ dcut ftp-master dm --uid F5392FD213FBFEDD --allow=global 
Uploading commands file to ftp.upload.debian.org (incoming:
/pub/UploadQueue/)

There was an error looking up the DM's key

 dput-ng uses the DM keyring in /usr/share/keyrings/
 as the keyring to pull full fingerprints from.
  
 Please ensure your keyring is up to date:
   
   sudo apt-get install debian-keyring
      
 Or, if you can not get the keyring, you may use their
 full fingerprint (without spaces) and pass the --force
 argument in. This goes to dak directly, so try to
 pay attention to formatting.
	  
	  
 DM fingerprint lookup for argument F5392FD213FBFEDD failed.
GnuPG returned error: gpg: error reading key: public key not found

This seems like a bug.

The man page says:
--uid
    
     Any searchable, unique identity to identify an existing Debian
     Maintainer. This can be a (full) name an e-mail address or a
     GnuPG fingerprint of any existing Debian Maintainer. Note, the
     identity provided must be known in the DM keyring installed on
     your local system. The keyring is used to validate the supplied
     argument and makes sure the identity hint supplied matches
     exactly one DM. If the user you want to change ACLs on is not
     known to the local DM keyring, you can provide the full GPG user
     ID as argument, and pass --force, to cause dcut to bypass any
     argument checking/translation. Please note, this will generate a
     commands file which will be uploaded literally as is. Use with
     caution.

I tried this with a name, an email and a preceding 0x:
dcut ftp-master dm --uid "Punit Agrawal" --allow=global
dcut ftp-master dm --uid 0xF5392FD213FBFEDD --allow=global
dcut ftp-master dm --uid "<punit.agrawal at gmail.com>" --allow=global

all give the same result of failing to look up the key/user

only the full fingerprint (no spaces), with -f to force works.

(And --force/-f only works if it is at the start of the command - I
can't just add it as an option at the end.)

More information about the dput-ng-maint mailing list