Your message dated Mon, 08 Apr 2024 03:20:18 +0000 with message-id <e1rtfyq-00aed0...@fasolo.debian.org> and subject line Bug#1059150: fixed in debsig-verify 0.30 has caused the Debian Bug report #1059150, regarding No longer works with signing subkeys to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1059150: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059150 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: debsig-verify Version: 0.23+b2 Severity: important Tags: patch Hey Guillem, Updating our derived distro from bullseye to bookworm, we've moved on from 0.23 to 0.28. We're using subkeys for signing our debs, and that no longer works. I can see that the change you've made to no longer fall back if a fingerprint doesn't match (849d9633ebf809398c848821c603148ae0470278) has broken this. Here's a patch that I've added locally on top of 0.28 to also attempt to match subkey fingerprints. This passes tests here and makes subkeys work for us again. Cheers, Steve -- System Information: Debian Release: 11.8 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldoldstable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-26-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debsig-verify depends on: ii gnupg 2.2.27-2+deb11u2 ii gpg 2.2.27-2+deb11u2 ii libc6 2.31-13+deb11u7 ii libexpat1 2.2.10-2+deb11u5 debsig-verify recommends no packages. Versions of packages debsig-verify suggests: ii debian-keyring 2021.09.25 ii debsigs 0.1.25 -- no debconf informationdiff --git a/src/openpgp-gpg.c b/src/openpgp-gpg.c index 4c29b7f..97ec3a4 100644 --- a/src/openpgp-gpg.c +++ b/src/openpgp-gpg.c @@ -115,6 +115,7 @@ enum keyid_state { KEYID_FPR, KEYID_UID, KEYID_SIG, + KEYID_SUB, }; enum colon_fields { @@ -221,7 +222,7 @@ gpg_getKeyID(const char *keyring, const char *match_id) /* Certificate found. */ state = KEYID_PUB; - } else if (state == KEYID_PUB) { + } else if (state == KEYID_PUB || state == KEYID_SUB) { if (!match_prefix(buf, "fpr:")) continue; fpr = get_colon_field(buf, COLON_FIELD_FPR_ID); @@ -241,6 +242,7 @@ gpg_getKeyID(const char *keyring, const char *match_id) continue; if (strcmp(uid, match_id) != 0) { free(uid); + state = KEYID_SUB; continue; } free(uid);
--- End Message ---
--- Begin Message ---Source: debsig-verify Source-Version: 0.30 Done: Guillem Jover <guil...@debian.org> We believe that the bug you reported is fixed in the latest version of debsig-verify, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1059...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guillem Jover <guil...@debian.org> (supplier of updated debsig-verify package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 08 Apr 2024 04:53:04 +0200 Source: debsig-verify Architecture: source Version: 0.30 Distribution: unstable Urgency: medium Maintainer: Dpkg Developers <debian-d...@lists.debian.org> Changed-By: Guillem Jover <guil...@debian.org> Closes: 1059150 Changes: debsig-verify (0.30) unstable; urgency=medium . * Add OpenPGP subkey support. Based on a patch by Steve McIntyre <st...@einval.com>. Closes: #1059150 * Switch from pkg-config to pkgconf. * Documentation: - doc: Bump required C compiler to support C99. * Packaging: - Update copyright years. * Test suite: - Add new macro to set the OpenPGP key to use. - Switch to use sq --signer-file. Checksums-Sha1: 01670e599b512c3cbaa897f492cfa2700cd717c5 1883 debsig-verify_0.30.dsc cb4c8bba735a039089d06ee62c4f8d28640a2fd9 148388 debsig-verify_0.30.tar.xz c3583ec44c15a4d66263a491cb94c2fd7b22d370 6682 debsig-verify_0.30_amd64.buildinfo Checksums-Sha256: 0804e0ece8790d81cb8295976b0b344eb362bbad3dfd88141c3c2bd6baf209c9 1883 debsig-verify_0.30.dsc cb97fdf5f8af2aecc18c3436a18c5f50a4563e4dcc506553c022e22838d1b808 148388 debsig-verify_0.30.tar.xz 466649a8b747ab8e4f1fc071778d0e9c2667a674f06a4af822a686553ba36826 6682 debsig-verify_0.30_amd64.buildinfo Files: 6413ca59d30c14247db5155f3c6a514f 1883 admin optional debsig-verify_0.30.dsc b72ec987ffd867e3f9d1cb08f70ed75c 148388 admin optional debsig-verify_0.30.tar.xz ec6a1deba0dc37dbf3514006324b8b7d 6682 admin optional debsig-verify_0.30_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAmYTXRYACgkQuXK/PqSu V6ObCw/9GAQE2+GKCuSkB+bc1GVtm9e7g8XOfga5UMvBQH/23Zxcl8srSQUAmd8k +hrCUC+Fxpgcvp1SNSD8ngWXs1n4K0dVBKtIGlW2Nldu4zLTWTrIW5mbMvyNaCbN YPPVYFWVNjx0ojsPmwCGKCkiWFJBXGfz4RWe2FeuclyoOMK5kJfP77YzGEYuqO8x fYoe6mME4JQp7Ohb1X4CsEvfF8zoRIxmynfvkGjAXAUMXUDosQi3oJcGsNL4SA33 hDe3B9n9bjCFnybBz76/TDUdt88H78VlJlLo9/b+ryMjAmsMcXqNn8TmWv+ZNNRd AnmVoqCa/zWQJjqniIZm1tzcdf0DJJAl+1XfNhB1PeEPKiQ/sbRZ6QGs+wvmfjgg NJz3hDRK0aGiONYtc2/pCA864s6vKhRd8rlgSvDHMwwMM0aQGqyOp3PYsmbcdBgv 1cSavrBmV/YP67JQrAw/P7pGoAB11+IB95PoPloQBJKxsQx1u3MWBOc+4WDQyjcW vTFLuj1jtZH6bcxCFFPBq59Zgt9Bb3rQU4naqfVGnWC0jS7a0/VJNfReygtbvq0x knFHqbLg6cZzFRfEqFs4pR6KDvQMZqoOmeW3fZ3m0fsySpNi183TQuYn6V89kT6s XiBR2iAzNLxfe3ZtraAGJKZMAdV2tQry9Xv4Sl2IO+mT273/5hU= =yHok -----END PGP SIGNATURE-----pgpQmPwqipFbb.pgp
Description: PGP signature
--- End Message ---