Bug#844724: apt: Does not seem to support new GnuPG keybox keyring format

[Julian Andres Klode <jak@debian.org>]

Control: severity -1 wishlist

On Fri, Nov 18, 2016 at 01:58:18PM +0100, Guillem Jover wrote:
> Package: apt
> Version: 1.3.1
> Severity: important
> 
> [ Setting as important as this is GnuPG default, but if you think this
>   is a new feature or similar please just change it to wishlist. ]
> 
> Hi!
> 
> It seems like apt (and its gpgv method) do not support the new GnuPG
> keybox keyring format? Which is the one currently generated by default
> with newer GnuPG versions. A simple session to demonstrate:
> 
>   ,--- (line-wrapped for easier readability) ---
>   # cd /etc/apt/trusted.gpg.d
>   # file debian-archive-jessie-automatic.gpg
>   debian-archive-jessie-automatic.gpg: GPG key public ring,
>   created Fri Nov 21 21:01:13 2014
>   # mv debian-archive-jessie-automatic.gpg ~
>   # gpg --no-default-keyring --no-options --no-auto-check-trustdb \
>         --keyring ./debian-archive-jessie-automatic.gpg --import \
>         <~/debian-archive-jessie-automatic.gpg

The format we expect is the one generated by --export (standard concatenated
key packets), not the one used for creating keyrings by importing things.

We require that key files can be concatenated, otherwise we would have
to depend on gnupg to merge the key files for verification purposes.
-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev

When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.