Problem:

debsig-verify verification fails with no (or unhelpful) information about what is wrong. The specific output that isn’t really telling me what’s wrong is:

gpg: [don't know]: invalid packet (ctb=2d)
gpg: keydb_search failed: Invalid packet
gpg: Can't check signature: No public key

Here is a live example:

$ debsig-verify --debug etx8-web-2.2.0-485a0ab-b1644.deb 
debsig: Starting verification for: etx8-web-2.2.0-485a0ab-b1644.deb
debsig:         getSigKeyID: got 7F246C702F7DCFF8 for origin key
debsig: Using policy directory: /etc/debsig/policies/7F246C702F7DCFF8
debsig:   Parsing policy file: /etc/debsig/policies/7F246C702F7DCFF8/etx8-web.pol
debsig:     parsePolicyFile: parsing '/etc/debsig/policies/7F246C702F7DCFF8/etx8-web.pol'
debsig:     parsePolicyFile: completed
debsig:     Checking Selection group(s).
debsig:       Processing 'origin' key...
debsig:         getKeyID: no match, falling back to 7F246C702F7DCFF8
debsig:         getSigKeyID: got 7F246C702F7DCFF8 for origin key
debsig:     Selection group(s) passed, policy is usable.
debsig: Using policy file: /etc/debsig/policies/7F246C702F7DCFF8/etx8-web.pol
debsig:     Checking Verification group(s).
debsig:       Processing 'origin' key...
debsig:         getKeyID: no match, falling back to 7F246C702F7DCFF8
debsig:         getSigKeyID: got 7F246C702F7DCFF8 for origin key
gpg: Signature made Sat Jun 22 20:11:42 2024 UTC
gpg:                using EDDSA key B2C786B97C0B0E397C7E34EA7F246C702F7DCFF8
gpg: [don't know]: invalid packet (ctb=2d)
gpg: keydb_search failed: Invalid packet
gpg: [don't know]: invalid packet (ctb=2d)
gpg: keydb_search failed: Invalid packet
gpg: Can't check signature: No public key
debsig: gpgVerify: gpg exited abnormally or with non-zero exit status
debsig: verifyGroupRules: failed for origin
debsig:     Verification group failed checks.
debsig: Failed verification for etx8-web-2.2.0-485a0ab-b1644.deb.

Basically, everything is set up “correctly”, and this system has been working in the past.