context: -------- i was trying to:
$ ./pre-inst-env guix refresh --update dropbear but the key is not imported, because "no user ID". apparently some keyservers drop the user id for privacy reasons. the problem: ------------ then i went to the manual, and it suggests: $ gpg --export [email protected] | kbxutil --import-openpgp >> mykeyring.kbx and i ran: $ curl https://matt.ucc.asn.au/dropbear/releases/dropbear-key-2015.asc | gpg --import $ gpg --export F7347EF2EE2E07A267628CA944931494F29C6773 | kbxutil --import-openpgp >>~/.config/guix/upstream/trustedkeys.kbx it ran without errors, but when i tried to guix refresh it failed with: gpgv: [don't know]: invalid packet (ctb=00) i double checked, and made sure the trustedkeys.kbx was empty prior to running the above. analysis: --------- i ran the following after guix refresh has successfully imported the key: $ gpg --export F7347EF2EE2E07A267628CA944931494F29C6773 | kbxutil --import-openpgp >x $ file x x: data $ file ~/.config/guix/upstream/trustedkeys.kbx /home/user/.config/guix/upstream/trustedkeys.kbx: OpenPGP Public Key Version 4, Created Mon Jun 29 12:53:01 2015, RSA (Encrypt or Sign, 4096 bits) $ ll x -rw-r--r-- 1 user users 1883 Jul 3 16:41 x $ ll ~/.config/guix/upstream/trustedkeys.kbx -rw-r--r-- 1 user users 1208 Jul 3 16:18 /home/user/.config/guix/upstream/trustedkeys.kbx i.e. what the manual suggests results in a different file format than what guix refresh creates/expects. workaround: ----------- in the end i cleared the trustedkeys.kbx file, and i used another keyserver that doesn't strip the ID: ./pre-inst-env guix refresh --key-server="hkps://keyserver.ubuntu.com" --update dropbear -- • attila lendvai • PGP: 963F 5D5F 45C7 DFCD 0A39 -- “Good people don’t need laws to tell them to act responsibly, and bad people will find a way around the laws.” — Plato (c. 427–347 BC)
