Package: sqv Version: 1.3.0-3+b2 Severity: normal X-Debbugs-Cc: [email protected]
Dear Maintainer, the switch to sgv for apt changed how keyrings are parsed. Ran into an example, where instructions from last August do not work anymore. This looks like a regression. Should I send a report to the apt package as well? What I did to get into the situation: Start with a pretty vanilla basic Trixie 13.3 installation: Following the instuction at the bottom of https://repos.gnupg.org/deb/gnupg/trixie/ E.g. one variant: gpg \ --no-default-keyring \ --keyring /usr/share/keyrings/gnupg-keyring.gpg \ --fetch-keys https://repos.gnupg.org/deb/gnupg/trixie/gnupg-signing-key.gpg leads to /usr/share/keyrings/gnupg-keyring.gpg which cannot be parsed by sqv and makes apt-upgrade and the instructions fail with apt-update [..] Get:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease [3761 B] Err:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Error: Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg" Caused by: 0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF 1: EOF Expectation is that apt-update can work with that repository and its keyring. Addition details: A reproduction of the problem without apt: curl -O https://repos.gnupg.org/deb/gnupg/trixie/dists/trixie/Release curl -O https://repos.gnupg.org/deb/gnupg/trixie/dists/trixie/Release.gpg sqv --verbose --keyring=/usr/share/keyrings/gnupg-keyring.gpg --signature-file=Release.gpg Release Error: Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg" Caused by: 0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF 1: EOF ls /etc/crypto-policies/back-ends/sequoia.config ls: cannot access '/etc/crypto-policies/back-ends/sequoia.config': No such file or directory The command in the instruction that writes the keyring uses the installed conservative gnupg 2.4.7-21+b3 Debian package. Documentation of sources.list and other examples indicate that Signed-By with such a keyring should work. This is a regression from my point of view. Here is the report towards the instructions as GnuPG: https://dev.gnupg.org/T8122 Best Regards, Bernhard -- System Information: Debian Release: 13.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.73+deb13-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sqv depends on: ii libc6 2.41-12+deb13u1 ii libgcc-s1 14.2.0-19 ii libgmp10 2:6.3.0+dfsg-3 ii libhogweed6t64 3.10.1-1 ii libnettle8t64 3.10.1-1 sqv recommends no packages. sqv suggests no packages. -- no debconf information
