Package: src:dpkg
Version: 1.20.2
User: debian...@lists.debian.org
Usertags: breaks
Affects: dgit

Hi.  My grep-excuses says:

> autopkgtest regression
>     in dgit (9.11) on amd64
>     due to dpkg (1.19.7 to 1.20.2)
> test info
>     REGRESSION
>     https://ci.debian.net/data/autopkgtest/testing/amd64/d/dgit/6073505/log.gz
>     https://ci.debian.net/packages/d/dgit/testing/amd64
>     null
>     https://ci.debian.net/api/v1/retry/6073505

The relevant part of the log says:

  + dgit --dgit=dgit --dget:-u 
--dput:--config=/tmp/autopkgtest-lxc.8prm8y9v/downtmp/autopkgtest_tmp/dput.cf 
--config-lookup-explode=dgit-distro.debian.alias-canon -dtest-dummy -D 
-kBCD22CD83243B79D3DFAC33EA3DBCBC039B13D8A import-dsc 
../mirror/pool/main/example_1.2.dsc t.1.2
  | git rev-parse --show-toplevel
  => `/tmp/autopkgtest-lxc.8prm8y9v/downtmp/autopkgtest_tmp/example'
  | git config -z --get-regexp --local '.*'
  | git config -z --get-regexp --local '.*'
  | git config -z --get-regexp --global '.*'
  | git config -z --get-regexp --system '.*'
  | git check-ref-format --normalize refs/heads/t.1.2
  => `refs/heads/t.1.2'
  | git symbolic-ref -q HEAD
  => `refs/heads/master'
  | git for-each-ref '--format=%(objectname)' '[r]efs/heads/t.1.2'
  => `'
  gpgv: unknown type of key resource 'trustedkeys.kbx'
  gpgv: keyblock resource 
'/tmp/autopkgtest-lxc.8prm8y9v/downtmp/autopkgtest_tmp/gnupg/trustedkeys.kbx': 
General error
  gpgv: Signature made Sun Jun 28 07:40:07 2020 UTC
  gpgv:                using RSA key BCD22CD83243B79D3DFAC33EA3DBCBC039B13D8A
  gpgv: Can't check signature: No public key
  dgit: error: failed to verify signature on ../mirror/pool/main/example_1.2.dsc
  + rc=255
  + set +x

  %%%%%%%%%%%%%%%%%%%% EXITING 255 %%%%%%%%%%%%%%%%%%%%

                  Most relevant logs are just before assignment rc=255
                  Will now do cleanup etc.

The string "failed to verify signature" is not generated by code in
dgit.  Looking at the code in dgit, I think the error happens here:

    my $dp = new Dpkg::Source::Package filename => $dscfn,
        require_valid_signature => $needsig;
    {
        local $SIG{__WARN__} = sub {
            print STDERR $_[0];
            return unless $needsig;
            fail __ "import-dsc signature check failed";
        };
        if (!$dp->is_signed()) {
            warn f_ "%s: warning: importing unsigned .dsc\n", $us;
        } else {
            my $r = $dp->check_signature();
            confess "->check_signature => $r" if $needsig && $r;
        }
    }

I think this rather complex code is trying to deal with API
compatibility issues surrounding require_valid_signature etc.  Anyway,
I think the message is generated by the call to
Dpkg::Source::Package::new.  I think that function inserted $0 into
the error message.

I don't know why it is verifying the signature.  I think in this
particular test $needsig is 0.  I searched the code for the variable
and the only place dgit sets it trueish is if dgit import-dsc is
told --require-valid-signature.

So I don't know what a "trustedkeys.kbx" file is or why I need one
now.  (dgit's test suite naturally has a set of test keys, so it has
its own idea of the public keys to use for signature verifications.
But this test case should not involve any of that.)

FYI this is currently preventing the migration of the new dpkg.

>From the above it seems to me that that migration block is correct
because src:dpkg has a regression here.

Thanks,
Ian.

-- 
Ian Jackson <ijack...@chiark.greenend.org.uk>   These opinions are my own.  

Pronouns: they/he.  If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.

Reply via email to