Clean up GPG signing process
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
New
|
Undecided
|
Unassigned | ||
Bug Description
I want to try and use PPA, although I've never built an Ubuntu source package before... luckily the sign up screen has some good advise: upload an OpenPGP key, sign the Code of Conduct and read how to build an Ubuntu source package: https:/
I go to my homepage and under "Actions" I select "Update OpenPGP keys".
So I follow the instructions:
1. Ensure you already have a key. In a terminal window, enter:
gpg --list-keys <email address hidden>
====
brett@office:~$ gpg --list-keys <email address hidden>
gpg: error reading key: public key not found
====
If you have no key, create one:
gpg --gen-key
====
brett@office:~$ gpg --gen-key
gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Sat 21 Feb 2009 12:01:25 PM EST
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <email address hidden>"
Real name: Brett Alton
Email address: <email address hidden>
Comment:
You selected this USER-ID:
"Brett Alton <email address hidden>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
gpg: gpg-agent is not available in this session
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++
gpg: key 47E76C4E marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2009-02-21
pub 1024D/47E76C4E 2008-02-22 [expires: 2009-02-21]
Key fingerprint = 00BD A0B0 5ED6 555D 8C82 DC4F 8631 2E1E 47E7 6C4E
uid Brett Alton <email address hidden>
sub 2048g/329D5018 2008-02-22 [expires: 2009-02-21]
====
2. Ensure the key has been uploaded to a keyserver. To do this:
gpg --send-key key-id
Things start to go down hill when I try and run `gpg --send-key 00BD A0B0 5ED6 555D 8C82 DC4F 8631 2E1E 47E7 6C4E`, unaware that what I am doing is incorrect, even if Launchpad JUST told me to do so.
====
brett@office:~$ gpg --send-key 00BD A0B0 5ED6 555D 8C82 DC4F 8631 2E1E 47E7 6C4E
gpg: "00BD" not a key ID: skipping
gpg: "A0B0" not a key ID: skipping
gpg: "5ED6" not a key ID: skipping
gpg: "555D" not a key ID: skipping
gpg: "8C82" not a key ID: skipping
gpg: "DC4F" not a key ID: skipping
gpg: "8631" not a key ID: skipping
gpg: "2E1E" not a key ID: skipping
gpg: "47E7" not a key ID: skipping
gpg: "6C4E" not a key ID: skipping
====
3. Enter your key fingerprint. Use:
gpg --fingerprint key-id
So I did a search in Google asking what Launchpad means by 'key-id'. I find this IRC chat (http://
====
brett@office:~$ gpg --list-secret-keys
/home/brett/
-------
sec 1024D/DD610DED 2007-12-05 [expires: 2012-12-03]
uid Brett Alton <email address hidden>
ssb 2048g/4806B616 2007-12-05
sec 1024D/47E76C4E 2008-02-22 [expires: 2009-02-21]
uid Brett Alton <email address hidden>
ssb 2048g/329D5018 2008-02-22
====
So I run `gpg --send-key DD610DED` and it returns:
====
brett@office:~$ gpg --send-key DD610DED
gpg: sending key DD610DED to hkp server subkeys.pgp.net
====
Thinking everything is working, I continue.
I then run `gpg --fingerprint DD610DED` as Launchpad told me to do so at https:/
====
brett@office:~$ gpg --fingerprint DD610DED
pub 1024D/DD610DED 2007-12-05 [expires: 2012-12-03]
Key fingerprint = 1909 1ADC 6F33 D57F 46CF 9F93 E310 A51C DD61 0DED
uid Brett Alton <email address hidden>
sub 2048g/4806B616 2007-12-05 [expires: 2012-12-03]
====
I do some searching around and find this page: https:/
I then run through those instructions:
====
brett@office:~$ gpg --keyserver keyserver.
brett@office:~$ gpg --fingerprint
/home/brett/
-------
pub 1024D/DD610DED 2007-12-05 [expires: 2012-12-03]
Key fingerprint = 1909 1ADC 6F33 D57F 46CF 9F93 E310 A51C DD61 0DED
uid Brett Alton <email address hidden>
sub 2048g/4806B616 2007-12-05 [expires: 2012-12-03]
pub 1024D/47E76C4E 2008-02-22 [expires: 2009-02-21]
Key fingerprint = 00BD A0B0 5ED6 555D 8C82 DC4F 8631 2E1E 47E7 6C4E
uid Brett Alton <email address hidden>
sub 2048g/329D5018 2008-02-22 [expires: 2009-02-21]
brett@office:~$ gpg --list-keys
/home/brett/
-------
pub 1024D/DD610DED 2007-12-05 [expires: 2012-12-03]
uid Brett Alton <email address hidden>
sub 2048g/4806B616 2007-12-05 [expires: 2012-12-03]
pub 1024D/47E76C4E 2008-02-22 [expires: 2009-02-21]
uid Brett Alton <email address hidden>
sub 2048g/329D5018 2008-02-22 [expires: 2009-02-21]
brett@office:~$ gpg --send-keys --keyserver keyserver.
gpg: sending key 47E76C4E to hkp server keyserver.
====
Finally getting my key to go through, I can input my fingerprint at https:/
I use FireGPG (which I have to build from their SVN since their download is down) because I'm using gMail. I can read the LaunchPad message and I clicked on the link.
I can now sign the Ubuntu Cod of Conduct.
====
brett@office:~$ gpg --clearsign UbuntuCodeOfCon
You need a passphrase to unlock the secret key for
user: "Brett Alton <email address hidden>"
1024-bit DSA key, ID 47E76C4E, created 2008-02-22
gpg: gpg-agent is not available in this session
gpg: can't open `UbuntuCodeOfCo
gpg: UbuntuCodeOfCon
====
Thinking it has something to do with "gpg: gpg-agent is not available in this session", I try to install it:
====
brett@office:~$ sudo aptitude install gpg-agent
[sudo] password for brett:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Building tag database... Done
Couldn't find any package matching "gpg-agent". However, the following
packages contain "gpg-agent" in their description:
libgpg-error-dev mew-beta-bin gnupg-agent libgpg-error0 mew-bin
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Writing extended state information... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Building tag database... Done
====
Whoops:
====
brett@office:~$ sudo aptitude install gnupg-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Building tag database... Done
The following NEW packages will be automatically installed:
libpth20 pinentry-curses
The following NEW packages will be installed:
gnupg-agent libpth20 pinentry-curses
0 packages upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 337kB of archives. After unpacking 795kB will be used.
Do you want to continue? [Y/n/?] y
Writing extended state information... Done
Get:1 http://
Get:2 http://
Get:3 http://
Fetched 337kB in 0s (480kB/s)
Selecting previously deselected package libpth20.
(Reading database ... 133851 files and directories currently installed.)
Unpacking libpth20 (from .../libpth20_
Selecting previously deselected package gnupg-agent.
Unpacking gnupg-agent (from .../gnupg-
Selecting previously deselected package pinentry-curses.
Unpacking pinentry-curses (from .../pinentry-
Setting up libpth20 (2.0.7-8) ...
Setting up gnupg-agent (2.0.4-1ubuntu3) ...
Setting up pinentry-curses (0.7.3-1ubuntu2) ...
Processing triggers for libc6 ...
ldconfig deferred processing now taking place
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Building tag database... Done
====
So I try to sign the file again:
====
brett@office:~$ gpg --clearsign UbuntuCodeOfCon
You need a passphrase to unlock the secret key for
user: "Brett Alton <email address hidden>"
1024-bit DSA key, ID 47E76C4E, created 2008-02-22
gpg: gpg-agent is not available in this session
gpg: can't open `UbuntuCodeOfCo
gpg: UbuntuCodeOfCon
====
But the same error message pops up.
Think I just have the file in the wrong place? No:
====
brett@office:~$ ls -l Ubuntu*
-rw-r--r-- 1 brett brett 4606 2008-02-22 13:42 UbuntuCodeofCon
====
It's in my home directory.
What do I do now?
And do you think we could consolidate all of this information on to one page PLEASE!? It has taken a lot of configuring and research on my own to get where I am.
| Diogo Matsubara (matsubara) wrote | #1 |
The filename is case sensitive. When you tried to --clearsign it you used the filename with an "Of" capitalized "UbuntuCodeOfCo