Spurious gpg verification warning from dpkg-source
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
launchpad-buildd |
Triaged
|
Low
|
Unassigned |
Bug Description
In this thread:
https:/
Mr. Colin Watson agrees that this could/should be turned into a bug. I am doing so because it just bit me and I spent 2+ hours chasing my tail researching this GPG non-issue as chronicled in point#4 here:
https:/
Unpack source
─────────────
gpgv: Signature made Sat May 23 03:43:06 2015 UTC using RSA key ID C20BEC80
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./tor-onions_
is an example of the problem. These messages show up in all of my builds. Is it possible for the build process to automatically acquire my key and verify my signature? I'd like the extra assurance in knowing that Launchpad can verify the authenticity of the software uploaded to it.
In almost all Linux distributions, it's easy enough to send a command to gpg to receive a specific key so that it can verify signatures, but how do I do this in Launchpad (in the build process specifically) to resolve this message? Launchpad knows my PGP key already.
affects: | launchpad → launchpad-buildd |
summary: |
- Colin Watson agrees this is a bug + Spurious gpg verification warning from dpkg-source |
Changed in launchpad-buildd: | |
importance: | Undecided → Low |
status: | New → Triaged |
Changed in launchpad: | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in launchpad-buildd: | |
status: | Triaged → In Progress |
assignee: | nobody → Colin Watson (cjwatson) |
tags: | added: lp-soyuz soyuz-build |
Urgh, I confused this with another bug. Sorry for the noise / getting people's hopes up!