home  bbs  files  messages ]

      ZZLI4428             linux.debian.maint.dpkg             86 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 12 of 86 on ZZLI4428, Wednesday 9-16-25, 1:14  
  From: =?UTF-8?B?T3R0BYBLZWVDPGZ  
  To: ALL  
  Subj: Bug#1111617: dpkg-dev: dpkg-source --ext  
 XPost: linux.debian.bugs.dist 
 From: otto@debian.org 
  
 Hi, 
  
 > > $ dpkg-source --version 
 > > Debian dpkg-source version 1.22.21. 
 > > $ dpkg-source --extract bpfcc_0.31.0+ds-7.dsc 
 > > dpkg-source: warning: cannot verify inline signature for 
 > > ./bpfcc_0.31.0+ds-7.dsc: no acceptable signature found 
 > > dpkg-source: info: extracting bpfcc in bpfcc-0.31.0+ds 
 > > dpkg-source: error: unpack target exists: bpfcc-0.31.0+ds 
 > 
 > In this case I assume you have another OpenPGP implementation installed 
 > and do not have a SOP implementation around, and the code skips calling 
 > the verification if there are no keyrings (probably sqv and no 
 > sopv-gpgv?). 
  
 The above is from a plain debian:unstable container image with only 
 `apt install -y dpkg-dev` run to be able to test the command, and 
 seems your guess about what dependencies are pulled in by default is 
 correct: 
  
 # dpkg -l | grep -E "gpg|sqv|keyring" 
 ii  debian-archive-keyring    2025.1                      all 
 OpenPGP archive certificates of the Debian archive 
 ii  sqv                       1.3.0-3                     amd64 
 OpenPGP signature verification program from Sequoia 
  
 > I improved this at the time in git and with no debian-keyring and with 
 > a sopv implementation one gets the following instead: 
 > 
 >   ,--- 
 >   $ dpkg-source --version 
 >   Debian dpkg-source version 1.22.19-165-g023ab. 
 >   $ dpkg-source: info: verifying ./bpfcc_0.31.0+ds-7.dsc 
 >   dpkg-source: info: skipping absent keyring /usr/share/keyrin 
 s/debian-keyring.gpg 
 >   dpkg-source: info: skipping absent keyring /usr/share/keyrin 
 s/debian-tag2upload.pgp 
 >   dpkg-source: info: skipping absent keyring /usr/share/keyrin 
 s/debian-nonupload.gpg 
 >   dpkg-source: info: skipping absent keyring /usr/share/keyrin 
 s/debian-maintainers.gpg 
 >   dpkg-source: warning: cannot verify inline signature for ./b 
 fcc_0.31.0+ds-7.dsc: missing OpenPGP keyrings 
  
 The above is very clear about what keys it was checking and what is 
 missing, thanks! 
  
 Thanks also for the explanations and pointing out that 
 `--require-valid-signature` exists! 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,092 visits
(c) 1994,  bbs@darkrealms.ca