Dear Colleagues,

I'm attempting to upload Fitspng into ftp-master, unfortunately,
without any
success. Moreover, I haven't received any message why the upload
has been
rejected, or anything else. I has understand it could be caused by
GPG key
expiration, but I'm not sure if another action should be also
invoked.

Be nice to me, please. This is my first upload action without
sponsor.
I don't know what can be expected having no experiences yet.


dput reports successful upload of the source build:

f@dell:/tmp/fitspng$ dput -P fitspng_2.0-1_source.changes
Trying to upload package to ftp-master (ftp.upload.debian.org)
Checking signature on .changes
gpg: /tmp/fitspng/fitspng_2.0-1_source.changes: Valid signature
from 1E625DF64972FF9A
Checking signature on .dsc
gpg: /tmp/fitspng/fitspng_2.0-1.dsc: Valid signature from
1E625DF64972FF9A
Uploading to ftp-master (via ftp to ftp.upload.debian.org):
Uploading fitspng_2.0-1.dsc: done.
Uploading fitspng_2.0.orig.tar.gz: done.
Uploading fitspng_2.0-1.debian.tar.xz: done.
Uploading fitspng_2.0-1_source.buildinfo: done.
Uploading fitspng_2.0-1_source.changes: done.
Successfully uploaded packages.

Immediately after the action, /pub/UploadQueue/ directory
listing looks appropriately:

.. 40672 Feb 01 17:43 fitspng_2.0-1.debian.tar.xz
.. 2035 Feb 01 17:43 fitspng_2.0-1.dsc
.. 6389 Feb 01 17:43 fitspng_2.0-1_source.buildinfo
.. 2724 Feb 01 17:43 fitspng_2.0-1_source.changes
.. 1138938 Feb 01 17:43 fitspng_2.0.orig.tar.gz

If I leave the ftp connection, any traces are lost,
like Fitspng fell down into a black hole. No information
has been received since the point.


Similar troubles describes https://lists.debian.org/debian-devel/2014/03/msg00369.html.
They are due GPG key confusion.

By following of suggestions related on the post, and knowing that
my GPG key has expired 2022-01-25, I uploaded renewed key
on hkp://keyring.debian.org during Sunday. However, keycheck https://nm.debian.org/process/867/keycheck/ still indicates
the expiration, and rsync confirms that the last keyring
update was, accidentally, 25. January.

Now, I'm in doubts if the problem is related on the expiration,
or if there is something different which should be investigated
as well as.

I am grateful for any suggestion,
FH
--
F. Hroch <hroch@physics.muni.cz>, Masaryk University,
Dept. of theor. physics and astrophysics, Brno, Moravia, CZ

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Feb 02, 2022 at 11:50:47AM +0100, Filip Hroch wrote:

I'm attempting to upload Fitspng into ftp-master, unfortunately, without any success. Moreover, I haven't received any message why the upload has been rejected, or anything else.

When a valid signature is not found the uploader indeed doesn't get any notifications.

From coccia.debian.org:/srv/ftp-master.debian.org/log/current:

20220202110344|process-upload|dak|fitspng_2.0-1_amd64.changes|Error while loading changes file fitspng_2.0-1_amd64.changes: No valid signature found. (GPG exited with status code 0)
gpg: Signature made Mon Jan 31 21:59:10 2022 UTC
gpg: using RSA key 50329FD7732E2AB08161435F1E625DF64972FF9A
gpg: issuer "hroch@physics.muni.cz"
gpg: Good signature from "Filip Hroch <hroch@physics.muni.cz>" [expired]
gpg: WARNING: Using untrusted key!

By following of suggestions related on the post, and knowing that
my GPG key has expired 2022-01-25, I uploaded renewed key
on hkp://keyring.debian.org during Sunday. However, keycheck https://nm.debian.org/process/867/keycheck/ still indicates
the expiration, and rsync confirms that the last keyring
update was, accidentally, 25. January.

Now, I'm in doubts if the problem is related on the expiration,
or if there is something different which should be investigated
as well as.

Yes, it's because of key expiration.
Unfortunately I have no idea anymore which is the source of key data for
the upload processing as that's inconsitent and I don't know if it's
documented anywhere.

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmH6aO8tFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh VxgP/iYOAepOw7aFevgp4NSdFjejGbDQ7/nso39kiyfDIuxN22/ku2HzhqUH/w0Q b36iQ5NgXlWOB1XZxstJhcngdAJW/JAK9hplR6+AJ1F6rkiooopfmt4h2FKCi90M Fc4nf1+1zeRPsTN2xFwZ6pjd6sxa+HM6dCytezJ9B3KLiiXlAFV/OexG7FlrSJbd OlJxzIRTH0PTIbkh2f5Hf2auzOlqiCe6eMvP1OtKZR7ex89KzUh2LO8w1PFKpBmj QuY6pQRnEQ3e1Q6hRN5KeAyfqYEU++2X9JFrg9L0oepq7Kn2/hQKFK/fP7b5bkiy KSP6Itu7+2sgqTMX1k6OLgT2Tpso3lqdrvZj+FYVDByHVJl8hfRmeAA9rCC+W/ii /o13yEtnbjEDhHIcsI2OFX20Bxw5voH7zMjzuU54nSidiwC89La9Jp2iNQP/xbYc j3eAy20s54rAQ8Rvu6ZbBGu6IhEF2T0abVncNaAHNfjjx0JmdqmUV/RMS865SUmR 2hNQi+MGWylDPEpsldSggcKUo8HTOWoA6R7BphDdSBvK3o05UerU0YGOfyYB0SAK gcpj7VIbWadjydkC21XC9c1fMLyQLe4EUsJDCx7+K5kNtDDGttybNpqmSd8e4+YT AMVvsQjbR6XzBt0QAHIRVbBVTN3n5RuQ60ReXT9RbLCEHu6K
=InzR
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Filip

On 2022-02-02 11:50:47 +0100, Filip Hroch wrote:

Dear Colleagues,

I'm attempting to upload Fitspng into ftp-master, unfortunately, without any success. Moreover, I haven't received any message why the upload has been rejected, or anything else. I has understand it could be caused by GPG key expiration, but I'm not sure if another action should be also invoked.

Be nice to me, please. This is my first upload action without sponsor.
I don't know what can be expected having no experiences yet.

dput reports successful upload of the source build:

f@dell:/tmp/fitspng$ dput -P fitspng_2.0-1_source.changes
Trying to upload package to ftp-master (ftp.upload.debian.org)
Checking signature on .changes
gpg: /tmp/fitspng/fitspng_2.0-1_source.changes: Valid signature from 1E625DF64972FF9A
Checking signature on .dsc
gpg: /tmp/fitspng/fitspng_2.0-1.dsc: Valid signature from 1E625DF64972FF9A Uploading to ftp-master (via ftp to ftp.upload.debian.org):
Uploading fitspng_2.0-1.dsc: done.
Uploading fitspng_2.0.orig.tar.gz: done.
Uploading fitspng_2.0-1.debian.tar.xz: done.
Uploading fitspng_2.0-1_source.buildinfo: done.
Uploading fitspng_2.0-1_source.changes: done.
Successfully uploaded packages.

Immediately after the action, /pub/UploadQueue/ directory
listing looks appropriately:

.. 40672 Feb 01 17:43 fitspng_2.0-1.debian.tar.xz
.. 2035 Feb 01 17:43 fitspng_2.0-1.dsc
.. 6389 Feb 01 17:43 fitspng_2.0-1_source.buildinfo
.. 2724 Feb 01 17:43 fitspng_2.0-1_source.changes
.. 1138938 Feb 01 17:43 fitspng_2.0.orig.tar.gz

If I leave the ftp connection, any traces are lost,
like Fitspng fell down into a black hole. No information
has been received since the point.

Similar troubles describes https://lists.debian.org/debian-devel/2014/03/msg00369.html.
They are due GPG key confusion.

By following of suggestions related on the post, and knowing that
my GPG key has expired 2022-01-25, I uploaded renewed key
on hkp://keyring.debian.org during Sunday. However, keycheck https://nm.debian.org/process/867/keycheck/ still indicates
the expiration, and rsync confirms that the last keyring
update was, accidentally, 25. January.

Now, I'm in doubts if the problem is related on the expiration,
or if there is something different which should be investigated
as well as.

From coccia.debian.org:/srv/upload.debian.org/queed/run/log:

20220201000342|process-upload|dak|fitspng_2.0-1_source.changes|Error while loading changes file fitspng_2.0-1_source.changes: No valid signature found. (GPG exited with status code 0)
gpg: Signature made Sat Jan 29 15:29:40 2022 UTC
gpg: using RSA key 50329FD7732E2AB08161435F1E625DF64972FF9A
gpg: issuer "hroch@physics.muni.cz"
gpg: Good signature from "Filip Hroch <hroch@physics.muni.cz>" [expired]
gpg: WARNING: Using untrusted key!

In that case you do not get a mail. You'll have to wait until your key
with the new expiry date is synced to ftp-master (happens once a month)
or ask a sponsor to upload it for you in the meantime.

Cheers
--
Sebastian Ramacher

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmH6awkACgkQafL8UW6n GZPDjA//YlL1NNfdxoYSKiMh43BZjR2+qQUerJaA/FtF9/q4ELX/UfEbDGR8OHMB aLJwjY98QBa6ypZLGOTCu+0XYrPEBPf6jmZnbhxd5R79l11UokTt9zmurW32x8Fr e4gibCYz3rdXm45Xb++6nOk/OZGiRl/ItxV6AZCVHPaMFNUa5NI/wetE9u7T2so+ Cy3ZsJUjF5PsW7ZGkN9ae+fcCLxl4oJ13ewk+hipTbbP0CzxLh+5gWF8Xu7eMo/N 6lQYAIS+mjYWBIC9fUEflQxRLKDr67aVME1ozf1t5wTRts+N6ZGFx6osyUZzXm+V Q/TvJvbZ3GicXz/YCHbfcSJozQ9CnP25xsuavvryBYo3nxqoNE2m0hA8ezmZeCd7 5AjZ1KK0t7Hb7aEIAV+lIeNYy2/Dkr+HD/S4NoCmAr3qhfUYJvIb7WErI8YG7FJy rV163AXXvLGgFWZtzSaYynQkC6BMReGLIFQHwGkwhNs3cqi2DBVd4HWWRvABaJ8j O/s5HzOrCma+eFEK0RgXUM0HOBvNUdIxZ056240dDrVn3Xn19I3JmcicxiBppN23 Dfoh5lJhitLQZ7T0+5eR3q9cQDRXWyb67jt0MVUOqMg1y/qnWbwv+ejSyqJrCMuC gQQaWMX8ZjHUNnm9zo+W4Cm8YmepQlMI6P9Q9Ga+TyAcHxXU7YE=
=VzuS
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-02-02 16:20:15 +0500, Andrey Rahmatullin wrote:

On Wed, Feb 02, 2022 at 11:50:47AM +0100, Filip Hroch wrote:

I'm attempting to upload Fitspng into ftp-master, unfortunately, without any
success. Moreover, I haven't received any message why the upload has been rejected, or anything else.

When a valid signature is not found the uploader indeed doesn't get any notifications.

From coccia.debian.org:/srv/ftp-master.debian.org/log/current:

20220202110344|process-upload|dak|fitspng_2.0-1_amd64.changes|Error while loading changes file fitspng_2.0-1_amd64.changes: No valid signature found. (GPG exited with status code 0)
gpg: Signature made Mon Jan 31 21:59:10 2022 UTC
gpg: using RSA key 50329FD7732E2AB08161435F1E625DF64972FF9A gpg: issuer "hroch@physics.muni.cz"
gpg: Good signature from "Filip Hroch <hroch@physics.muni.cz>" [expired]
gpg: WARNING: Using untrusted key!

By following of suggestions related on the post, and knowing that
my GPG key has expired 2022-01-25, I uploaded renewed key
on hkp://keyring.debian.org during Sunday. However, keycheck https://nm.debian.org/process/867/keycheck/ still indicates
the expiration, and rsync confirms that the last keyring
update was, accidentally, 25. January.

Now, I'm in doubts if the problem is related on the expiration,
or if there is something different which should be investigated
as well as.

Yes, it's because of key expiration.
Unfortunately I have no idea anymore which is the source of key data for
the upload processing as that's inconsitent and I don't know if it's documented anywhere.

From https://keyring.debian.org/

"You can check the result with --recv-keys, but note it can take up to 15 minutes for your submission to be processed. Your updated key will then
be included into the active keyring in our next keyring push (which
happens approx. monthly)."

Cheers
--
Sebastian Ramacher

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmH6cXwACgkQafL8UW6n GZPGoRAAuOygd8LfKnDB96bMnfWY8cDf0DnRooh1V7fvWOq6CfiU4hyc/BoAxv5g VDAUz4AfEuXhzGFr+/FD5iGEezE5rG4Uh14QkN7Pw2gjhzyO086dEHSI8wHJd4t3 d7TyaEw6BxKeX9g0hsb8BiXpWnCAsdt3xL0D7fkZRx0e/uePPYInOwA68UiveTp2 XjV3q0Z0NQTJKDJXDI442x6BCb+n3OQHd1r8ZiQVU4bhLYsUqr7onVlQAkHdSkHC kV5wAAcZhwckjl38FMqGgXNs++Trzb7GrcB0z7iVFI5BrPYqKmluER2JbmL+fRL4 L8FYuoxw/B4bV5w8OTtp5chszywZRioRGz5WScnqrVgDfsexhdt08wErJCHJu7C2 lRDCuGfa8wWbTFtpmtujYLXTNCznhRzbecx/pRggNhPJX9+6RN0IQbg/ZPrGz3HG F83OqFuNAJzBwobmnDa4WUOuEuujAbysWH8eTJUghG7tNITQqlghVIvGyOyBM8lq NJnC0SezG1G0EENJmKuqQMifTz6N0+xD9FVOtAgJjwZ9lLRiQ1PoECYMUn0Xnt9c 1eOyofMahxEemp0Zrsj10e4gCPwBz19sOrGW2o1SR7jbvx/LlxwRAu4xjyZNUEr6 3KxNI1PwBQM+jnE52ng4xvvyS9OZSe/Ya/GYAPpGoq/weQiF8/k=
=nAww
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Sebastian, and Andrey,

thank you very much for that help. I decided to practise my
patience,
there's no hurry for Fitspng upload.


Sebastian Ramacher <sramacher@debian.org> writes:

On 2022-02-02 16:20:15 +0500, Andrey Rahmatullin wrote:

On Wed, Feb 02, 2022 at 11:50:47AM +0100, Filip Hroch wrote:

...

When a valid signature is not found the uploader indeed doesn't
get any
notifications.

as well as.

Yes, it's because of key expiration.
Unfortunately I have no idea anymore which is the source of key
data for
the upload processing as that's inconsitent and I don't know if
it's
documented anywhere.

From https://keyring.debian.org/

"You can check the result with --recv-keys, but note it can take
up to 15
minutes for your submission to be processed. Your updated key
will then
be included into the active keyring in our next keyring push
(which
happens approx. monthly)."

I checked validity of the key on keyring.debian.org GPG server
via an independent account, during Sunday already. The
authoritative
source of keys is the active keyring, I think.

All the situation is my fail. I has prepare the upload since begin
of January, so I has prolonged the key approx. two weaks ago, but
notified only Ubuntu's Hockey puck, and forget of the Debian's
master.

Thank you very much,
FH
--
F. Hroch <hroch@physics.muni.cz>, Masaryk University,
Dept. of theor. physics and astrophysics, Brno, Moravia, CZ

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Filip,

otherwise, I would just sponsor you upload(s) in the meantime. Justping
me if needed.

Cheers

Ole

Filip Hroch <hroch@physics.muni.cz> writes:

Hi Sebastian, and Andrey,

thank you very much for that help. I decided to practise my patience,
there's no hurry for Fitspng upload.

Sebastian Ramacher <sramacher@debian.org> writes:

On 2022-02-02 16:20:15 +0500, Andrey Rahmatullin wrote:

On Wed, Feb 02, 2022 at 11:50:47AM +0100, Filip Hroch wrote:

...

When a valid signature is not found the uploader indeed doesn't get
any
notifications.

as well as.

Yes, it's because of key expiration.
Unfortunately I have no idea anymore which is the source of key
data for
the upload processing as that's inconsitent and I don't know if
it's
documented anywhere.

From https://keyring.debian.org/

"You can check the result with --recv-keys, but note it can take up
to 15
minutes for your submission to be processed. Your updated key will
then
be included into the active keyring in our next keyring push (which
happens approx. monthly)."

I checked validity of the key on keyring.debian.org GPG server
via an independent account, during Sunday already. The authoritative
source of keys is the active keyring, I think.

All the situation is my fail. I has prepare the upload since begin
of January, so I has prolonged the key approx. two weaks ago, but
notified only Ubuntu's Hockey puck, and forget of the Debian's master.

Thank you very much,
FH
--
F. Hroch <hroch@physics.muni.cz>, Masaryk University,
Dept. of theor. physics and astrophysics, Brno, Moravia, CZ

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)