Package: src:dpkg Version: 1.20.2 User: debian...@lists.debian.org Usertags: breaks Affects: dgit
Hi. My grep-excuses says: > autopkgtest regression > in dgit (9.11) on amd64 > due to dpkg (1.19.7 to 1.20.2) > test info > REGRESSION > https://ci.debian.net/data/autopkgtest/testing/amd64/d/dgit/6073505/log.gz > https://ci.debian.net/packages/d/dgit/testing/amd64 > null > https://ci.debian.net/api/v1/retry/6073505 The relevant part of the log says: + dgit --dgit=dgit --dget:-u --dput:--config=/tmp/autopkgtest-lxc.8prm8y9v/downtmp/autopkgtest_tmp/dput.cf --config-lookup-explode=dgit-distro.debian.alias-canon -dtest-dummy -D -kBCD22CD83243B79D3DFAC33EA3DBCBC039B13D8A import-dsc ../mirror/pool/main/example_1.2.dsc t.1.2 | git rev-parse --show-toplevel => `/tmp/autopkgtest-lxc.8prm8y9v/downtmp/autopkgtest_tmp/example' | git config -z --get-regexp --local '.*' | git config -z --get-regexp --local '.*' | git config -z --get-regexp --global '.*' | git config -z --get-regexp --system '.*' | git check-ref-format --normalize refs/heads/t.1.2 => `refs/heads/t.1.2' | git symbolic-ref -q HEAD => `refs/heads/master' | git for-each-ref '--format=%(objectname)' '[r]efs/heads/t.1.2' => `' gpgv: unknown type of key resource 'trustedkeys.kbx' gpgv: keyblock resource '/tmp/autopkgtest-lxc.8prm8y9v/downtmp/autopkgtest_tmp/gnupg/trustedkeys.kbx': General error gpgv: Signature made Sun Jun 28 07:40:07 2020 UTC gpgv: using RSA key BCD22CD83243B79D3DFAC33EA3DBCBC039B13D8A gpgv: Can't check signature: No public key dgit: error: failed to verify signature on ../mirror/pool/main/example_1.2.dsc + rc=255 + set +x %%%%%%%%%%%%%%%%%%%% EXITING 255 %%%%%%%%%%%%%%%%%%%% Most relevant logs are just before assignment rc=255 Will now do cleanup etc. The string "failed to verify signature" is not generated by code in dgit. Looking at the code in dgit, I think the error happens here: my $dp = new Dpkg::Source::Package filename => $dscfn, require_valid_signature => $needsig; { local $SIG{__WARN__} = sub { print STDERR $_[0]; return unless $needsig; fail __ "import-dsc signature check failed"; }; if (!$dp->is_signed()) { warn f_ "%s: warning: importing unsigned .dsc\n", $us; } else { my $r = $dp->check_signature(); confess "->check_signature => $r" if $needsig && $r; } } I think this rather complex code is trying to deal with API compatibility issues surrounding require_valid_signature etc. Anyway, I think the message is generated by the call to Dpkg::Source::Package::new. I think that function inserted $0 into the error message. I don't know why it is verifying the signature. I think in this particular test $needsig is 0. I searched the code for the variable and the only place dgit sets it trueish is if dgit import-dsc is told --require-valid-signature. So I don't know what a "trustedkeys.kbx" file is or why I need one now. (dgit's test suite naturally has a set of test keys, so it has its own idea of the public keys to use for signature verifications. But this test case should not involve any of that.) FYI this is currently preventing the migration of the new dpkg. >From the above it seems to me that that migration block is correct because src:dpkg has a regression here. Thanks, Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
