[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#844724: apt: Does not seem to support new GnuPG keybox keyring format

Package: apt
Version: 1.3.1
Severity: important

[ Setting as important as this is GnuPG default, but if you think this
  is a new feature or similar please just change it to wishlist. ]

Hi!

It seems like apt (and its gpgv method) do not support the new GnuPG
keybox keyring format? Which is the one currently generated by default
with newer GnuPG versions. A simple session to demonstrate:

  ,--- (line-wrapped for easier readability) ---
  # cd /etc/apt/trusted.gpg.d
  # file debian-archive-jessie-automatic.gpg
  debian-archive-jessie-automatic.gpg: GPG key public ring,
  created Fri Nov 21 21:01:13 2014
  # mv debian-archive-jessie-automatic.gpg ~
  # gpg --no-default-keyring --no-options --no-auto-check-trustdb \
        --keyring ./debian-archive-jessie-automatic.gpg --import \
        <~/debian-archive-jessie-automatic.gpg
  gpg: keybox './debian-archive-jessie-automatic.gpg' created
  gpg: key 7638D0442B90D010: public key "Debian Archive Automatic Signing
       Key (8/jessie) <ftpmaster@debian.org>" imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  # file debian-archive-jessie-automatic.gpg
  debian-archive-jessie-automatic.gpg: GPG keybox database version 1,
  created-at Fri Nov 18 12:50:26 2016,
  last-maintained Fri Nov 18 12:50:26 2016
  # apt update
  Hit:1 https://cdn-aws.deb.debian.org/debian unstable InRelease
  Err:1 https://cdn-aws.deb.debian.org/debian unstable InRelease
    The following signatures couldn't be verified because the public key is
    not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  1 package can be upgraded. Run 'apt list --upgradable' to see it.
  W: An error occurred during the signature verification.
    The repository is not updated and the previous index files will be used.
    GPG error: https://cdn-aws.deb.debian.org/debian unstable InRelease:
    The following signatures couldn't be verified because the public key
    is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
  W: Failed to fetch https://deb.debian.org/debian/dists/unstable/InRelease
    The following signatures couldn't be verified because the public key is
    not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
  W: Some index files failed to download. They have been ignored, or
    old ones used instead.
  `---

Although I've trimmed it down here, it seems like one single keybox
formatted keyring makes the whole verification fail for all other
keyrings.

Thanks,
Guillem
Reply to: