Re: debuild finds no secret key after dist-upgrade (original) (raw)

Hi,

  • How to bring the original tarball's .sig file into the packaging ?

Convert it to .asc

I could try to squeeze something out of https://lists.gnupg.org/pipermail/gnupg-users/2011-November/043252.html or https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832267 but will probably generate such an .asc file from original data as soon as i found out how it relates to the .asc payload wrapper which i generate by gpg --clearsign.

Reading GnuPG manual, i get the suspicion that dpkg-source's .asc is just a gpg --detach-sig with a suffix that the GnuPG manual uses for --clearsign results. I may be wrong.

and read dpkg-source(1).

I try hard. But what does it mean when it says "tarball can be accompanied by a detached upstream signature" ? A big problem with Debian packaging is that nearly everything happens automagically but the docs expect the reader to know the entrails and the multi-layer structure.

Can it [my key] be too old for the new gpg binary ?

Have you read https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring

Yes. But it does not explain how the dist-upgrade of last year left gpg in the state which after another dist-upgrade makes it inoperational. Something must have confused apt-get (or a layer underneath).

My own contribution to the mess is mainly my key. So i first look at this.

Check /usr/bin/gpg2 or whatever it was called in the old gnupg2 package?

There is one and it does not see keys. Obviously it is not used by debuild of the old Sid.

Surely you understand that installing or removing packages cannot have any effect on user files?

I'm trying to make as few assumptions as possible.

please fix your workflow ASAP.

I am thankful for your advise. But your instructions are far too short.

It is not easy to navigate between contradicting DD styles and tool chains. And then there is https://www.debian.org/doc/manuals/maint-guide/ ...

I don't strive for becoming a Debian Maintainer. The preparation of my packages is done out of the mere need that nobody found it necessary to maintain them for two years, while debian-cd had to switch to my GNU xorriso source package because Debian's xorriso was too old to fulfill the needs of Debian installation ISOs.

My aptness for contribution is actually restricted to providing the original source tarball, its .sig file, and the

Normally i do not complain. But i cannot achieve results beyond my limits.

Use pbuilder or sbuild.

My Sid remembers an encounter with pbuilder. 1.2 GB of cache. I could try to find in my mail archive why i tried it and why i gave up on it.

The more different tools and approaches i get urged to use, the more error prone becomes the whole procedure. Isn't any tool in the box which can make a Debian package out of a vanilla autotools based tarball ? ./configure && make && make install GUIX can, Arch can, Fedora can. My upstream releases get packaged faster than i have started my dist-upgrade on the Sid VM.

Have a nice day :)

Thomas

Reply to: