XPost: linux.debian.bugs.dist 
 From: guillem@debian.org 
  
 Hi! 
  
 On Sun, 2025-09-14 at 20:55:21 -0700, Otto Kek€€l€€inen wrote: 
 > I am running into this same issue: 
 > 
 > $ dpkg-source --version 
 > Debian dpkg-source version 1.22.21. 
 > $ dpkg-source --extract bpfcc_0.31.0+ds-7.dsc 
 > usage: sopv-gpgv inline-verify [-h] [--debug] [--not-before TIMESTAMP] 
 >                                [--not-after TIMESTAMP] 
 >                                [--verifications-out VERIFICATIONS] 
 >                                CERTS [CERTS ...] 
 > sopv-gpgv inline-verify: error: the following arguments are required: CERTS 
 > dpkg-source: warning: cannot verify inline signature for 
 > ./bpfcc_0.31.0+ds-7.dsc: error code 2 
 > dpkg-source: info: extracting bpfcc in bpfcc-0.31.0+ds 
 > dpkg-source: error: unpack target exists: bpfcc-0.31.0+ds 
  
 This is a problem in the dpkg OpenPGP support when using the SOP 
 backend, where it should not be calling the SOP command when it has no 
 keyrings available, otherwise the SOP command will print an error that 
 no certificates (read that as keyrings) have been passed. This failure 
 is considered a warning by dpkg-source (because it is equivalent to not 
 being able to verify the signature). 
  
 A way to avoid this confusing output, you can install the debian-keyring 
 package. Then dpkg-source will be able to verify signatures. Although 
 those will still not be considered fatal, for that you'd need to pass 
 --require-valid-signature. (The reason verification is not fatal, is 
 because due to how we transfer trust from the uploader to the archive, 
 there's no certificate handling such as key rotation, expiration, or 
 removal from the Debian keyring, for old source packages. For €€apt 
 source€€ it will verify the .dsc against the signed Sources in the repo, 
 and then skip all verification with dpkg-source.) 
  
 > $ dpkg-source --version 
 > Debian dpkg-source version 1.22.21. 
 > $ dpkg-source --extract bpfcc_0.31.0+ds-7.dsc 
 > dpkg-source: warning: cannot verify inline signature for 
 > ./bpfcc_0.31.0+ds-7.dsc: no acceptable signature found 
 > dpkg-source: info: extracting bpfcc in bpfcc-0.31.0+ds 
 > dpkg-source: error: unpack target exists: bpfcc-0.31.0+ds 
  
 In this case I assume you have another OpenPGP implementation installed 
 and do not have a SOP implementation around, and the code skips calling 
 the verification if there are no keyrings (probably sqv and no 
 sopv-gpgv?). 
  
 I improved this at the time in git and with no debian-keyring and with 
 a sopv implementation one gets the following instead: 
  
   ,--- 
   $ dpkg-source --version 
   Debian dpkg-source version 1.22.19-165-g023ab. 
   $ dpkg-source: info: verifying ./bpfcc_0.31.0+ds-7.dsc 
   dpkg-source: info: skipping absent keyring /usr/share/keyrings 
 debian-keyring.gpg 
   dpkg-source: info: skipping absent keyring /usr/share/keyrings 
 debian-tag2upload.pgp 
   dpkg-source: info: skipping absent keyring /usr/share/keyrings 
 debian-nonupload.gpg 
   dpkg-source: info: skipping absent keyring /usr/share/keyrings 
 debian-maintainers.gpg 
   dpkg-source: warning: cannot verify inline signature for ./bpf 
 c_0.31.0+ds-7.dsc: missing OpenPGP keyrings 
   dpkg-source: info: extracting bpfcc in bpfcc-0.31.0+ds 
   dpkg-source: info: unpacking bpfcc_0.31.0+ds.orig.tar.gz 
   dpkg-source: info: unpacking bpfcc_0.31.0+ds-7.debian.tar.xz 
   dpkg-source: info: using patch list from debian/patches/series 
   dpkg-source: info: applying fix-install-path.patch 
   dpkg-source: info: applying 2001_fix_path_to_deadloc.c.patch 
   dpkg-source: info: applying 2002_fix_netqtop.c_path.patch 
   dpkg-source: info: applying 2003-libbpf-tools-debian.patch 
   dpkg-source: info: applying 0001-Cleanup-existing-temporary-ke 
 nel-headers-path.patch 
   `--- 
  
 > I read this bug report and also 
 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106148 and the 
 > commit attached in this bug report, but I still didn't quite 
 > understand this. Why is it only a warning and why isn't the build 
 > stopped? What is the path to CERTS that should be passed on a regular 
 > Debian unstable system? 
  
 This is a combination of issues at play, as mentioned above, which 
 look rather confusing. I'm planning on fixing this for stable too, 
 once the current version in git has hit unstable. Which should happen 
 in few weeks I guess. 
  
 Thanks, 
 Guillem 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)