Bug#877731: apt-secure: apt-secure doesn't know how to handle armored keyfiles
Package: apt
Version: 1.4.7
Severity: normal
Dear Maintainer,
when adding an old-style armored key, apt fails to use this. If you dump
such a keyfile inside etc/apt/trusted.gpg.d/ (or
/usr/share/keyrings/name.gpg, with accompanying sources file) apt-update
will choke because it thinks the public key isn't available.
gpg --export -a --export-options export-minimal 1646B01B86E50310
>/usr/share/keyrings/yarn-keyring.gpg
apt update
W: An error occurred during the signature verification. The repository
is not updated and the previous index files will be used. GPG error:
https://dl.yarnpkg.com/debian stable InRelease: The following signatures
couldn't be verified because the public key is not available: NO_PUBKEY
E074D16EB6FF4DE3
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease
The following signatures couldn't be verified because the public key is
not available: NO_PUBKEY E074D16EB6FF4DE3
W: Some index files failed to download. They have been ignored, or old
ones used instead.
I think this should at least be more obvious in the manpage that a
simple armored keyfile will not be taken into account and only keyrings
matter. This works:
gpg --export --export-options export-minimal 1646B01B86E50310
>/usr/share/keyrings/yarn-keyring.gpg
-- Package-specific info:
-- (no /etc/apt/preferences present) --
-- (no /etc/apt/preferences.d/* present) --
-- (/etc/apt/sources.list present, but not submitted) --
-- /etc/apt/sources.list.d/yarn.list --
deb [signed-by=/usr/share/keyrings/yarn-keyring.gpg]
https://dl.yarnpkg.com/debian/ stable main
-- System Information:
Debian Release: 9.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
(ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages apt depends on:
ii adduser 3.115
ii debian-archive-keyring 2017.5
ii gpgv 2.1.18-6
ii init-system-helpers 1.48
ii libapt-pkg5.0 1.4.7
ii libc6 2.24-11+deb9u1
ii libgcc1 1:6.3.0-18
ii libstdc++6 6.3.0-18
Versions of packages apt recommends:
ii gnupg 2.1.18-6
Versions of packages apt suggests:
pn apt-doc <none>
pn aptitude | synaptic | wajig <none>
ii dpkg-dev 1.18.24
pn powermgmt-base <none>
pn python-apt <none>
-- no debconf information
Reply to: