I'm attempting to upload Fitspng into ftp-master, unfortunately, without any success. Moreover, I haven't received any message why the upload has been rejected, or anything else.When a valid signature is not found the uploader indeed doesn't get any notifications.
By following of suggestions related on the post, and knowing thatYes, it's because of key expiration.
my GPG key has expired 2022-01-25, I uploaded renewed key
on hkp://keyring.debian.org during Sunday. However, keycheck https://nm.debian.org/process/867/keycheck/ still indicates
the expiration, and rsync confirms that the last keyring
update was, accidentally, 25. January.
Now, I'm in doubts if the problem is related on the expiration,
or if there is something different which should be investigated
as well as.
Dear Colleagues,
I'm attempting to upload Fitspng into ftp-master, unfortunately, without any success. Moreover, I haven't received any message why the upload has been rejected, or anything else. I has understand it could be caused by GPG key expiration, but I'm not sure if another action should be also invoked.
Be nice to me, please. This is my first upload action without sponsor.
I don't know what can be expected having no experiences yet.
dput reports successful upload of the source build:
f@dell:/tmp/fitspng$ dput -P fitspng_2.0-1_source.changes
Trying to upload package to ftp-master (ftp.upload.debian.org)
Checking signature on .changes
gpg: /tmp/fitspng/fitspng_2.0-1_source.changes: Valid signature from 1E625DF64972FF9A
Checking signature on .dsc
gpg: /tmp/fitspng/fitspng_2.0-1.dsc: Valid signature from 1E625DF64972FF9A Uploading to ftp-master (via ftp to ftp.upload.debian.org):
Uploading fitspng_2.0-1.dsc: done.
Uploading fitspng_2.0.orig.tar.gz: done.
Uploading fitspng_2.0-1.debian.tar.xz: done.
Uploading fitspng_2.0-1_source.buildinfo: done.
Uploading fitspng_2.0-1_source.changes: done.
Successfully uploaded packages.
Immediately after the action, /pub/UploadQueue/ directory
listing looks appropriately:
.. 40672 Feb 01 17:43 fitspng_2.0-1.debian.tar.xz
.. 2035 Feb 01 17:43 fitspng_2.0-1.dsc
.. 6389 Feb 01 17:43 fitspng_2.0-1_source.buildinfo
.. 2724 Feb 01 17:43 fitspng_2.0-1_source.changes
.. 1138938 Feb 01 17:43 fitspng_2.0.orig.tar.gz
If I leave the ftp connection, any traces are lost,
like Fitspng fell down into a black hole. No information
has been received since the point.
Similar troubles describes https://lists.debian.org/debian-devel/2014/03/msg00369.html.
They are due GPG key confusion.
By following of suggestions related on the post, and knowing that
my GPG key has expired 2022-01-25, I uploaded renewed key
on hkp://keyring.debian.org during Sunday. However, keycheck https://nm.debian.org/process/867/keycheck/ still indicates
the expiration, and rsync confirms that the last keyring
update was, accidentally, 25. January.
Now, I'm in doubts if the problem is related on the expiration,
or if there is something different which should be investigated
as well as.
On Wed, Feb 02, 2022 at 11:50:47AM +0100, Filip Hroch wrote:
I'm attempting to upload Fitspng into ftp-master, unfortunately, without anyWhen a valid signature is not found the uploader indeed doesn't get any notifications.
success. Moreover, I haven't received any message why the upload has been rejected, or anything else.
From coccia.debian.org:/srv/ftp-master.debian.org/log/current:
20220202110344|process-upload|dak|fitspng_2.0-1_amd64.changes|Error while loading changes file fitspng_2.0-1_amd64.changes: No valid signature found. (GPG exited with status code 0)
gpg: Signature made Mon Jan 31 21:59:10 2022 UTC
gpg: using RSA key 50329FD7732E2AB08161435F1E625DF64972FF9A gpg: issuer "hroch@physics.muni.cz"
gpg: Good signature from "Filip Hroch <hroch@physics.muni.cz>" [expired]
gpg: WARNING: Using untrusted key!
By following of suggestions related on the post, and knowing that
my GPG key has expired 2022-01-25, I uploaded renewed key
on hkp://keyring.debian.org during Sunday. However, keycheck https://nm.debian.org/process/867/keycheck/ still indicates
the expiration, and rsync confirms that the last keyring
update was, accidentally, 25. January.
Now, I'm in doubts if the problem is related on the expiration,Yes, it's because of key expiration.
or if there is something different which should be investigated
as well as.
Unfortunately I have no idea anymore which is the source of key data for
the upload processing as that's inconsitent and I don't know if it's documented anywhere.
On 2022-02-02 16:20:15 +0500, Andrey Rahmatullin wrote:...
On Wed, Feb 02, 2022 at 11:50:47AM +0100, Filip Hroch wrote:
When a valid signature is not found the uploader indeed doesn't
get any
notifications.
as well as.Yes, it's because of key expiration.
Unfortunately I have no idea anymore which is the source of key
data for
the upload processing as that's inconsitent and I don't know if
it's
documented anywhere.
From https://keyring.debian.org/
"You can check the result with --recv-keys, but note it can take
up to 15
minutes for your submission to be processed. Your updated key
will then
be included into the active keyring in our next keyring push
(which
happens approx. monthly)."
Hi Sebastian, and Andrey,
thank you very much for that help. I decided to practise my patience,
there's no hurry for Fitspng upload.
Sebastian Ramacher <sramacher@debian.org> writes:
On 2022-02-02 16:20:15 +0500, Andrey Rahmatullin wrote:...
On Wed, Feb 02, 2022 at 11:50:47AM +0100, Filip Hroch wrote:
When a valid signature is not found the uploader indeed doesn't get
any
notifications.
as well as.Yes, it's because of key expiration.
Unfortunately I have no idea anymore which is the source of key
data for
the upload processing as that's inconsitent and I don't know if
it's
documented anywhere.
From https://keyring.debian.org/
"You can check the result with --recv-keys, but note it can take up
to 15
minutes for your submission to be processed. Your updated key will
then
be included into the active keyring in our next keyring push (which
happens approx. monthly)."
I checked validity of the key on keyring.debian.org GPG server
via an independent account, during Sunday already. The authoritative
source of keys is the active keyring, I think.
All the situation is my fail. I has prepare the upload since begin
of January, so I has prolonged the key approx. two weaks ago, but
notified only Ubuntu's Hockey puck, and forget of the Debian's master.
Thank you very much,
FH
--
F. Hroch <hroch@physics.muni.cz>, Masaryk University,
Dept. of theor. physics and astrophysics, Brno, Moravia, CZ
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 299 |
Nodes: | 16 (2 / 14) |
Uptime: | 81:31:02 |
Calls: | 6,696 |
Calls today: | 1 |
Files: | 12,229 |
Messages: | 5,347,841 |