Package: dpkg-dev Version: 1.13.22 Severity: normal
apt-get source <package> took nearly 30 minutes to complete because dpkg-source trips over gpg verification of the debian-keyring. Previously, I aborted apt-get source and ran gpg --check-trustdb, before returning to apt-get source which then completed. This time, I let it complete and got: $ apt-get source google-perftools Reading package lists... Done Building dependency tree... Done Need to get 782kB of source archives. Get: 1 ftp://ftp.uk.debian.org unstable/main google-perftools 0.8-3 (dsc) [666B] Get: 2 ftp://ftp.uk.debian.org unstable/main google-perftools 0.8-3 (tar) [760kB] Get: 3 ftp://ftp.uk.debian.org unstable/main google-perftools 0.8-3 (diff) [21.4kB] Fetched 782kB in 13s (56.3kB/s) gpg: Signature made Wed 13 Sep 2006 17:15:16 BST using DSA key ID E91CD250 gpg: requesting key E91CD250 from hkp server subkeys.pgp.net gpg: can't create `/usr/share/keyrings/debian-keyring.gpg.tmp': Permission denied gpg: failed to rebuild keyring cache: file open error gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 21 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 19 signed: 73 trust: 1-, 0q, 0n, 0m, 18f, 0u gpg: depth: 2 valid: 15 signed: 265 trust: 10-, 2q, 0n, 0m, 3f, 0u gpg: depth: 3 valid: 91 signed: 549 trust: 75-, 13q, 0n, 0m, 3f, 0u gpg: depth: 4 valid: 28 signed: 285 trust: 20-, 8q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2006-12-12 gpg: Good signature from "Daigo Moriwaki ...." gpg: aka "Daigo Moriwaki ...." gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 17C5 58FC 44F2 7E08 DDF1 3BBC 35C3 E3FA E91C D250 dpkg-source: extracting google-perftools in google-perftools-0.8 dpkg-source: unpacking google-perftools_0.8.orig.tar.gz dpkg-source: applying ./google-perftools_0.8-3.diff.gz Then I used rm -rf ./* and repeated the apt-get source - everything worked OK again with no delays. There are two things that come to mind. Running 'gpg --check-trustdb' on my PERSONAL keyring should have no effect. Secondly, that this commonly happens when *new* keys are added to my personal keyring. apt-get source shouldn't need to be run as sudo and it shouldn't be affected by changes in my personal keyring. Maybe dpkg-source needs to explicitly set --no-default-keyring when calling gpg to verify debian-keyring ? -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-powerpc Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages dpkg-dev depends on: ii binutils 2.17-2 The GNU assembler, linker and bina ii cpio 2.6-17 GNU cpio -- a program to manage ar ii dpkg 1.13.22 package maintenance system for Deb ii make 3.81-3 The GNU version of the "make" util ii patch 2.5.9-4 Apply a diff file to an original ii perl [perl5] 5.8.8-6.1 Larry Wall's Practical Extraction ii perl-modules 5.8.8-6.1 Core Perl modules Versions of packages dpkg-dev recommends: ii bzip2 1.0.3-6 high-quality block-sorting file co ii gcc [c-compiler] 4:4.1.1-7 The GNU C compiler ii gcc-4.0 [c-compiler] 4.0.3-7 The GNU C compiler ii gcc-4.1 [c-compiler] 4.1.1-13 The GNU C compiler -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
