Package: dgit Version: 9.14 Severity: normal $ dgit push-source Format `3.0 (quilt)', need to check/update patch stack canonical suite name for unstable is sid examining quilt state (multiple patches, linear mode) dgit: base trees orig=4279eec4f1a3bd0a717f o+d/p=5d5ad4032c09579ff44b dgit: quilt differences: src: ## orig ## gitignores: == orig == dgit: quilt differences: HEAD == o+d/p HEAD == o+d/p starting quiltify (multiple patches, linear mode) quiltify linearisation planning successful, executing... nothing quilty to commit, ok. dpkg-source: info: using source format '3.0 (quilt)' dpkg-source: info: building groff using existing ./groff_1.22.4.orig.tar.gz dpkg-source: info: building groff using existing ./groff_1.22.4.orig.tar.gz.asc gpgv: [don't know]: invalid packet (ctb=2d) gpgv: no signature found gpgv: the signature could not be verified. Please remember that the signature file (.sig or .asc) should be the first file given on the command line. dpkg-source: warning: failed to verify signature on ./groff_1.22.4.orig.tar.gz.asc dpkg-source: info: using patch list from debian/patches/series dpkg-source: info: building groff in groff_1.22.4-7.debian.tar.xz dpkg-source: info: building groff in groff_1.22.4-7.dsc changelog will contain changes since 1.22.4-6 dpkg-genchanges: info: not including original source code in upload last upload to archive: specified git info (debian) using existing groff_1.22.4.orig.tar.gz using existing groff_1.22.4.orig.tar.gz.asc nothing quilty to commit, ok. checking that groff_1.22.4-7.dsc corresponds to HEAD dpkg-source: warning: extracting unsigned source package (/home/cjwatson/src/debian/groff/trunk/groff/../groff_1.22.4-7.dsc) dpkg-source: info: extracting groff in groff-1.22.4 dpkg-source: info: unpacking groff_1.22.4.orig.tar.gz dpkg-source: info: unpacking groff_1.22.4-7.debian.tar.xz dpkg-source: info: using patch list from debian/patches/series dpkg-source: info: applying bash-scripts.patch dpkg-source: info: applying nroff-ifs.patch dpkg-source: info: applying doc-gfdl.patch dpkg-source: info: applying doc-gzipped.patch dpkg-source: info: applying extratmacdirs.patch dpkg-source: info: applying papersize-config.patch dpkg-source: info: applying load-desc-failure.patch dpkg-source: info: applying mmse-note.patch dpkg-source: info: applying display-utc-times.patch dpkg-source: info: applying sort-perl-hash-keys.patch dpkg-source: info: applying avoid-perl-diamond.patch dpkg-source: info: applying mdoc-Lk-arguments.patch dpkg-source: info: applying bsd-updates.patch dpkg-source: info: applying document-sgr.patch dpkg-source: info: applying destructor-segv.patch ../groff_1.22.4-7_source.changes already has appropriate .orig(s) (if any) gpg: WARNING: server 'gpg-agent' is older than us (2.2.19 < 2.2.27) gpg: Note: Outdated servers may lack important security fixes. gpg: Note: Use the command "gpgconf --kill all" to restart them. gpg: WARNING: server 'gpg-agent' is older than us (2.2.19 < 2.2.27) gpg: Note: Outdated servers may lack important security fixes. gpg: Note: Use the command "gpgconf --kill all" to restart them. gpg: Signature made Thu 09 Sep 2021 18:21:14 BST gpg: using RSA key AC0A4FF12611B6FCCF01C111393587D97D86500B gpg: checking the trustdb gpg: public key BFE09513E94EC0C2 is 4372 seconds newer than the signature gpg: public key 2BAEE41F0644FAB7 is 676 seconds newer than the signature gpg: public key 2BAEE41F0644FAB7 is 660 seconds newer than the signature gpg: public key 8921B5DCCD15A883 is 11958 days newer than the signature gpg: public key 8921B5DCCD15A883 is 11958 days newer than the signature gpg: public key 8921B5DCCD15A883 is 11958 days newer than the signature gpg: public key 9710B89BCA57AD7C is 12758 days newer than the signature gpg: public key of ultimately trusted key 0E3DB4D402F53CC6 not found gpg: public key of ultimately trusted key 9586533FAD672468 not found gpg: public key of ultimately trusted key A74F479F4E500079 not found gpg: public key of ultimately trusted key 79293F36215383B8 not found gpg: public key of ultimately trusted key A337CC09F1F12F4C not found gpg: public key of ultimately trusted key 0B0F571CA04CEE7F not found gpg: public key of ultimately trusted key 9DE2F2078A48CE0B not found gpg: public key of ultimately trusted key B6FEEE02ED291A57 not found gpg: public key of ultimately trusted key 9095D28B3513A7B0 not found gpg: marginals needed: 3 completes needed: 1 trust model: classic gpg: depth: 0 valid: 12 signed: 100 trust: 0-, 0q, 0n, 0m, 0f, 12u gpg: depth: 1 valid: 100 signed: 343 trust: 60-, 19q, 2n, 12m, 7f, 0u gpg: depth: 2 valid: 164 signed: 283 trust: 123-, 34q, 0n, 6m, 1f, 0u gpg: depth: 3 valid: 2 signed: 42 trust: 2-, 0q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2035-01-22 gpg: Good signature from "Colin Watson <cjwat...@chiark.greenend.org.uk>" [ultimate] gpg: aka "Colin Watson <cjwat...@canonical.com>" [ultimate] gpg: aka "Colin Watson <cjwat...@debian.org>" [ultimate] gpg: aka "Colin Watson <cjwat...@ubuntu.com>" [ultimate] dgit: failed command: git verify-tag 7fc8242a8eaa1da7e442993b6a300b8da9f34d5f dgit: error: subprocess failed with error exit status 1 ! Push failed, *after* signing the tag. ! If you want to try again, you should use a new version number.
I'm not sure why "git verify-tag" apparently returned non-zero here, but the trustdb junk in the output is suspicious. Perhaps dgit ought to run gpg with the "--no-auto-check-trustdb" option to suppress this? Thanks, -- Colin Watson (he/him) [cjwat...@debian.org]
