[dput-ng-maint] Bug#850455: dput-ng: dcut dm fails to find maintainer key
Wookey
wookey at wookware.org
Fri Jan 6 17:39:04 UTC 2017
Source: dput-ng
Version: 1.8
Severity: normal
Dear Maintainer,
I tried to use dcut dm to give my co-maintainer (Punit Agrawal) upload
permissions. It didn't go well.
this page:
https://wiki.debian.org/DebianMaintainer#Granting_Permissions
says comands of this format should work:
dcut dm --uid 0xfedcba9876543210 --allow glibc
however if I import punit's key locally:
$ gpg --recv-key F5392FD213FBFEDD
gpg: requesting key F5392FD213FBFEDD from hkp server keys.gnupg.net
gpg: key F5392FD213FBFEDD: "Punit Agrawal <punitagrawal at gmail.com>"
not changed
gpg: Total number processed: 1
gpg: unchanged: 1
and check that debian-keyring is installed and his key is in the
maintainers keyring:
$ dpkg -l debian-keyring
ii debian-keyring 2015.04.10 all GnuPG keys of Debian
Developers a
$ gpg --keyring /usr/share/keyrings/debian-maintainers.gpg --list-key
punit
pub 4096R/F5392FD213FBFEDD 2014-03-29
uid Punit Agrawal <punitagrawal at gmail.com>
sub 4096R/20806957C14ABC91 2014-03-29
then run the documented command:
$ dcut ftp-master dm --uid F5392FD213FBFEDD --allow=global
Uploading commands file to ftp.upload.debian.org (incoming:
/pub/UploadQueue/)
There was an error looking up the DM's key
dput-ng uses the DM keyring in /usr/share/keyrings/
as the keyring to pull full fingerprints from.
Please ensure your keyring is up to date:
sudo apt-get install debian-keyring
Or, if you can not get the keyring, you may use their
full fingerprint (without spaces) and pass the --force
argument in. This goes to dak directly, so try to
pay attention to formatting.
DM fingerprint lookup for argument F5392FD213FBFEDD failed.
GnuPG returned error: gpg: error reading key: public key not found
This seems like a bug.
The man page says:
--uid
Any searchable, unique identity to identify an existing Debian
Maintainer. This can be a (full) name an e-mail address or a
GnuPG fingerprint of any existing Debian Maintainer. Note, the
identity provided must be known in the DM keyring installed on
your local system. The keyring is used to validate the supplied
argument and makes sure the identity hint supplied matches
exactly one DM. If the user you want to change ACLs on is not
known to the local DM keyring, you can provide the full GPG user
ID as argument, and pass --force, to cause dcut to bypass any
argument checking/translation. Please note, this will generate a
commands file which will be uploaded literally as is. Use with
caution.
I tried this with a name, an email and a preceding 0x:
dcut ftp-master dm --uid "Punit Agrawal" --allow=global
dcut ftp-master dm --uid 0xF5392FD213FBFEDD --allow=global
dcut ftp-master dm --uid "<punit.agrawal at gmail.com>" --allow=global
all give the same result of failing to look up the key/user
only the full fingerprint (no spaces), with -f to force works.
(And --force/-f only works if it is at the start of the command - I
can't just add it as an option at the end.)
More information about the dput-ng-maint
mailing list