Bug#1125311: apt update fails when repository key has lines terminated by CR-LF

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1125311: apt update fails when repository key has lines terminated by CR-LF
From: Alex Cernat <alex.cernat@gmail.com>
Date: Mon, 12 Jan 2026 13:55:37 +0200
Message-id: <[🔎] 176821893712.127533.13051907881018423006.reportbug@adm-netdata.s.m.ro>
Reply-to: Alex Cernat <alex.cernat@gmail.com>, 1125311@bugs.debian.org

Package: apt
Version: 2.2.4
Severity: normal
X-Debbugs-Cc: alex.cernat@gmail.com

APT on Debian 10/11/12, maybe even 13
apt versions: 2.6.1 (deb 12), 2.2.4 (deb 11), 1.8.2.3 (deb 10) - latest official package each

When a 3rd party repository key file in ascii armored format has lines terminated by CR-LF, the apt update command fails to recognize the key.

Example:

https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub

Error on apt update:

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C208ADDE26C2B797

Just by removing the CR characters from that file makes everything ok.

Of course that the key file can be stripped of carriage returns or gpg de-armored, but (at least for me) this behavior seems totaly irrational (it's a text line, indeed terminated windows-style)

This is the .sources file:

X-Repolib-Name: HPE Management Component Pack
Enabled: yes
Types: deb
URIs: https://downloads.linux.hpe.com/SDR/repo/mcp/
Suites: bookworm/current
Components: non-free
Architectures: amd64
Signed-By: /etc/apt/keyrings/hpe-sdr.asc
Enabled: yes

Regards,
Alex

-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (no /etc/apt/preferences.d/* present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- (/etc/apt/sources.list.d/netdata.sources present, but not submitted) --


-- System Information:
Debian Release: 11.11
  APT prefers oldoldstable-updates
  APT policy: (500, 'oldoldstable-updates'), (500, 'oldoldstable-security'), (500, 'oldoldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-37-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser                 3.118+deb11u1
ii  debian-archive-keyring  2021.1.1+deb11u1
ii  gpgv                    2.2.27-2+deb11u2
ii  libapt-pkg6.0           2.2.4
ii  libc6                   2.31-13+deb11u13
ii  libgcc-s1               10.2.1-6
ii  libgnutls30             3.7.1-5+deb11u8
ii  libseccomp2             2.5.1-1+deb11u1
ii  libstdc++6              10.2.1-6
ii  libsystemd0             247.3-7+deb11u7

Versions of packages apt recommends:
ii  ca-certificates  20210119

Versions of packages apt suggests:
pn  apt-doc                      <none>
pn  aptitude | synaptic | wajig  <none>
pn  dpkg-dev                     <none>
pn  gnupg | gnupg2 | gnupg1      <none>
pn  powermgmt-base               <none>

-- no debconf information

Reply to:

Prev by Date: Bug#1125256: apt: need new hook endpoint when there are "Not upgrading" packages for apt upgrade -V
Next by Date: Bug#1125317: apt: 'show -a' command shows the same outdated Description for all package versions
Previous by thread: Bug#1125256: apt: need new hook endpoint when there are "Not upgrading" packages for apt upgrade -V
Next by thread: Bug#1125317: apt: 'show -a' command shows the same outdated Description for all package versions
Index(es):
- Date
- Thread