to find signed-by value, run gpg on the individual keys to print better error messages in case it fails (gpg doesn't give an indication which file it was unable to read) and print progress bar

mmdebstrap

@@ -5213,9 +5213,13 @@ sub main() {
                     $signedby = " [signed-by=\"$keyring\"]";
                     last;
                 }
-                {
+                info "Finding correct signed-by value...";
-                    open(my $fh, '-|', @gpgcmd, '--with-colons', '--show-keys',
+                my $progress = 0.0;
-                        @keyrings) // error "failed to fork(): $!";
+                print_progress($progress);
+                for (my $i = 0 ; $i < scalar @keyrings ; $i++) {
+                    my $k = $keyrings[$i];
+                    open(my $fh, '-|', @gpgcmd, '--with-colons',
+                        '--show-keys', $k) // error "failed to fork(): $!";
                     while (my $line = <$fh>) {
                         if ($line !~ /^fpr:::::::::([^:]+):/) {
                             next;
@@ -5223,10 +5227,12 @@ sub main() {
                         push @aptfingerprints, $1;
                     }
                     close $fh;
-                }
                     if ($? != 0) {
-                    error "gpg failed";
+                        warning("gpg failed to read $k");
                     }
+                    print_progress($i / (scalar @keyrings) * 100.0, undef);
+                }
+                print_progress("done");
                 if (scalar @aptfingerprints == 0) {
                     $signedby = " [signed-by=\"$keyring\"]";
                     last;

tests/logfile

@@ -7,6 +7,7 @@ export LC_ALL=C.UTF-8
 head --lines=-1 /tmp/log > /tmp/trimmed
 cat << LOG | diff -u - /tmp/trimmed
 I: chroot architecture {{ HOSTARCH }} is equal to the host's architecture
+I: Finding correct signed-by value...
 I: automatically chosen format: directory
 I: running apt-get update...
 I: downloading packages with apt...