Hi! On Mon, 2026-02-23 at 18:24:22 +0100, Guillem Jover wrote: > On Mon, 2026-02-23 at 17:49:25 +0100, Bernhard E. Reiter wrote: > > Package: sqv > > Version: 1.3.0-3+b2 > > Severity: normal > > X-Debbugs-Cc: [email protected] > > > Following the instuction at the bottom of > > https://repos.gnupg.org/deb/gnupg/trixie/ > > > > E.g. one variant: > > gpg \ > > --no-default-keyring \ > > --keyring /usr/share/keyrings/gnupg-keyring.gpg \ > > --fetch-keys > > https://repos.gnupg.org/deb/gnupg/trixie/gnupg-signing-key.gpg > > > > leads to /usr/share/keyrings/gnupg-keyring.gpg > > which cannot be parsed by sqv and makes apt-upgrade and the instructions > > fail with > > > > apt-update > > [..] > > > > Get:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease [3761 B] > > Err:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease > > Sub-process /usr/bin/sqv returned an error code (1), error message is: > > Error: Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg" > > Caused by: 0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF > > 1: EOF > > > > Expectation is that apt-update can work with that repository > > and its keyring. > > I think this report is invalid, because I'm assuming the keyring generated > is in the non-portable GnuPG specific KeyBox format. GnuPG should have > mentioned this during the generation of the keyring, otherwise can be > confirmed with file(1).
After noticing <https://gnupg.org/blog/20250827-new-repository.html> I think it should be clear this is a keybox keyring, from the output presented. > The correct options are to either download the keyring with wget/curl, > or to download it with gpg, and then --export it into a proper OpenPGP > formatted keyring. > > > This is a regression from my point of view. > > I don't think this is a regression, as the usage seems invalid to me. And thus I think the report should just be closed. Although I could see an argument to be made to make the error more helpful by detecting and pointing out that this is an unsupported keybox formatted file (which is what dpkg does) and which would be a wishlist feature request for upstream, but I can also see why one would not want to bother with this either. Thanks, Guillem
