Mailinglist Archive: opensuse-packaging (129 mails)

< Previous Next >
[opensuse-packaging] openSUSE:Factory/findutils: source_validator issue
Hello oS packaging fellows,

I tried to add the signature checking to findutils,
but the Base:System --> oS:F request was auto-declined due to
a source_validator failure:

On 12/29/2015 06:15 PM, Factory Auto wrote:

State of request 351211 was changed by factory-auto:

review -> declined

Output of check script:
Source validator failed. Try "osc service localrun source_validator"
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: key 64A95EE5: no valid user IDs
gpg: Signature made Mon Dec 28 22:47:23 2015 CET using RSA key ID 64A95EE5
gpg: Can't check signature: No public key
(E) signature findutils/findutils-4.6.0.tar.gz.sig does not validate

- submit Base:System/findutils => openSUSE:Factory/findutils

Running the command locally doesn't seem to yield a problem:

$ osc co Base:System/findutils \
&& cd Base:System/findutils

$ osc service localrun source_validator
gpg: public key of ultimately trusted key 96917195 not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Signature made Mon 28 Dec 2015 10:47:23 PM CET using RSA key ID 64A95EE5
gpg: Good signature from "James Youngman <jay@xxxxxxx>" [unknown]
gpg: aka "James Youngman <JYoungman@xxxxxxxxx>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0C 1C D7 CA 66 33 D2 E9 14 E0 5F 16 D5 24 60 E9

$ echo $?

I know that James has updated his key material somewhen in December,
but I wouln't know what to do TBH ... other than removing the *.sig
and the keyring files again.

Any hint?

Thanks & have a nice day,
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages