Re: debuild finds no secret key after dist-upgrade (original) (raw)

Hi,

Andrey Rahmatullin wrote:

Note that making a package and signing it are two separate operations (and you are supposed to run all build commands with -us -uc and run debsign explicitly).

I understand that my signature as sponsored preparer is not of interest but rather the signature of the sponsor who uploads my files.

Currently my cheat sheet has as commands for packing up and checking after preparing the ./debian files:

debuild -S debuild -b cme check dpkg lintian -I -E --color never --show-overrides | less debclean

As superuser to make the binaries accessible for tests:

dpkg -i libisofs6_1.4.8-1_amd64.deb

Can you give me a command sequence as replacement for debuild -S, which omits the gpg part ?

The only file with new timestamp is the empty directory .gnupg/private-keys-v1.d which according to https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring is supposed to contain automatically converted secret keys.

Then something went wrong?

Possibly. The dist-upgrade lasted longer than an hour and produced a zillion of message lines. Unpacked software grew by 1.2 GB, plus another 1.2 GB in /var/cache/apt. Hopefully i could roll back by a gzipped plain copy of the virtual disk.

Do you have .gnupg/.gpg-v21-migrated?

No.

Are .gnupg/private-keys-v1.d perms correct?

$ ls -ld .gnupg/private-keys-v1.d drwx------ 2 thomas thomas 4096 Aug 21 2015 .gnupg/private-keys-v1.d $ ls -lcd .gnupg/private-keys-v1.d drwx------ 2 thomas thomas 4096 Sep 15 17:30 .gnupg/private-keys-v1.d $ ls -alc .gnupg/private-keys-v1.d total 8 drwx------ 2 thomas thomas 4096 Sep 15 17:30 . drwx------ 3 thomas thomas 4096 Sep 5 2015 ..

Are .gnupg perms correct?

$ ls -ld .gnupg drwx------ 3 thomas thomas 4096 Sep 5 2015 .gnupg $ ls -lcd .gnupg drwx------ 3 thomas thomas 4096 Sep 5 2015 .gnupg

It all worked a year ago. So good that i cannot tell currently which GPG key i used. (Would have to boot the old Sid to get gpg --list-secret-keys working again.)

Policy 5.5 says that ".changes" stems from control, changelog, or rules. Do i have to edit one of them ?

No, you need to read dpkg-source(1) about including the orig tarball sig into the source package.

I read about .asc there, but not about .sig. And the instructions for .asc just say: "Optionally each original tarball can be accompanied by a detached upstream signature" No clarification is to see what "accompanied" means in particular.

Is the requirement for a .sig or .asc new since september 2016 ? Back then i did not have an orig.tar.gz.sig on Sid while i ran debuild -S. (Since today have orig.tar.gz.sig stored as neighbor of orig.tar.gz. But that did not help.)

I take instructions. They must just be tangible enough.

Have a nice day :)

Thomas

Reply to: