[Pkg-rust-maintainers] Bug#969588: sqv: Cannot use ASCII armored key as keyring?
Daniel Kahn Gillmor
dkg at debian.org
Thu Oct 15 16:40:59 BST 2020
On Sat 2020-09-05 17:09:06 +0200, Guillem Jover wrote:
> I was trying out sqv, to potentially add native support for it into
> dpkg-dev, but either it does not work as expected or I'm confused by
> the docs. :)
>
> $ apt source libbsd
> $ sqv -v --keyring libbsd-0.10.0/debian/upstream/signing-key.asc \
> libbsd_0.10.0.orig.tar.xz.asc libbsd_0.10.0.orig.tar.xz
> Missing key 4F3E74F436050C10F5696574B972BF3EA4AE57A3, which is needed to verify signature.
> 0 of 1 signatures are valid (threshold is: 1).
> $ sqv -v --keyring /usr/share/keyrings/debian-keyring.gpg \
> libbsd_0.10.0.orig.tar.xz.asc libbsd_0.10.0.orig.tar.xz
> 4F3E74F436050C10F5696574B972BF3EA4AE57A3
> 1 of 1 signatures are valid (threshold is: 1).
I forwarded this to upstream at
https://gitlab.com/sequoia-pgp/sequoia/-/issues/585, and Justus there
suggests that the problem is that the OpenPGP certificate in
libbsd-0.10.0/debian/upstream/signing-key.asc is not up-to-date. With a
refreshed version of the certificate, it appears to work.
So i don't think this is a bug in sqv, and i'm closing the ticket. Feel
free to reopen if you think that there is still a problem!
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20201015/1a42770c/attachment.sig>
More information about the Pkg-rust-maintainers
mailing list