[Simple-cdd-devel] Bug#864896: extrafiles signed with deprecated squeeze key
Vagrant Cascadian
vagrant at debian.org
Fri Jun 16 17:27:10 UTC 2017
Package: ftp.debian.org
X-Debbugs-Cc: Tobias Erichsen <erichsen at te-systems.de>, simple-cdd-devel at lists.alioth.debian.org
Control: Affects -1 simple-cdd
On 2017-06-15, Tobias Erichsen wrote:
> I have just tried to run simple-cdd for the first time on Stretch RC5 and encountered the following error:
>
> 2017-06-16 08:03:40 ERROR verify gpg signature exited with code 2
> 2017-06-16 08:03:40 ERROR Last 3 lines of standard error:
> 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: Signature made Fri 16 Jun 2017 04:56:35 AM CEST
> 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: using RSA key AED4B06F473041FA
> 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: Can't check signature: No public key
Thanks for pointing the issue out, Tobias!
Apparently, http://deb.debian.org/debian/extrafiles is still signed with
the now deprecated squeeze release key, which is only present in
debian-keyring's debian-archive-removed-keys.gpg.
jcristau pointed out where this is happening:
https://anonscm.debian.org/git/mirror/dak.git/tree/config/debian/dinstall.functions#n693
It would be really nice to get this fixed before stretch release!
For simple-cdd, you can work around the issue by specifying both old and
new keyrings:
simple-cdd --keyring=/usr/share/keyrings/debian-archive-keyring.gpg,/usr/share/keyrings/debian-archive-removed-keys.gpg
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/simple-cdd-devel/attachments/20170616/a533e9e1/attachment.sig>
More information about the Simple-cdd-devel
mailing list