Bug#1033155: [pkg-gnupg-maint] Bug#1033155: migration test fails when EC key present in test keyrings
Hi Andreas-- Thank you for addressing this problem, it is much appreciated! --dkg On Sun 2023-03-26 14:00:17 +0200, Andreas Metzler wrote: > On 2023-03-18 Jonathan Wiltshire wrote: >> Source: gnupg2 >> Version: 2.2.40-1 >> Severity: important >> Tags: patch >> X-Debbugs-Cc: j...@debian.org > >> Hi, > >> The stable release key for bookworm is EC, and this causes gpg1 to bail >> out when it is imported as part of the migration test. Attached patch >> limits the keyrings used to the archive's automatic keys, which are >> still RSA. > [...] > > Hello Jonathan, > > afaict currently all keys are RSA except for > debian-archive-bookworm-stable.gpg. Wouldn't it be better to just skip > this single key? > > cu Andreas > > ___ > pkg-gnupg-maint mailing list > pkg-gnupg-ma...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-gnupg-maint signature.asc Description: PGP signature
Bug#1033155: migration test fails when EC key present in test keyrings
On 2023-03-26 Andreas Metzler wrote: > On 2023-03-18 Jonathan Wiltshire wrote: [...] > > The stable release key for bookworm is EC, and this causes gpg1 to bail > > out when it is imported as part of the migration test. Attached patch > > limits the keyrings used to the archive's automatic keys, which are > > still RSA. > [...] > afaict currently all keys are RSA except for > debian-archive-bookworm-stable.gpg. Wouldn't it be better to just skip > this single key? Hello, I am going to fix this by NMU. (non-delayed, Daniel is on the LowThresholdNmu list.) cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' signature.asc Description: PGP signature
Bug#1033155: migration test fails when EC key present in test keyrings
On 2023-03-18 Jonathan Wiltshire wrote: > Source: gnupg2 > Version: 2.2.40-1 > Severity: important > Tags: patch > X-Debbugs-Cc: j...@debian.org > Hi, > The stable release key for bookworm is EC, and this causes gpg1 to bail > out when it is imported as part of the migration test. Attached patch > limits the keyrings used to the archive's automatic keys, which are > still RSA. [...] Hello Jonathan, afaict currently all keys are RSA except for debian-archive-bookworm-stable.gpg. Wouldn't it be better to just skip this single key? cu Andreas
Bug#1033155: migration test fails when EC key present in test keyrings
Control: severity -1 serious On 2023-03-18 14:19 +, Jonathan Wiltshire wrote: > Source: gnupg2 > Version: 2.2.40-1 > Severity: important > Tags: patch > X-Debbugs-Cc: j...@debian.org > > Hi, > > The stable release key for bookworm is EC, and this causes gpg1 to bail > out when it is imported as part of the migration test. Attached patch > limits the keyrings used to the archive's automatic keys, which are > still RSA. AIUI this autopkgtest failure prevents debian-archive-keyring from migrating, so I have bumped the severity. Cheers, Sven
Bug#1033155: migration test fails when EC key present in test keyrings
Source: gnupg2
Version: 2.2.40-1
Severity: important
Tags: patch
X-Debbugs-Cc: j...@debian.org
Hi,
The stable release key for bookworm is EC, and this causes gpg1 to bail
out when it is imported as part of the migration test. Attached patch
limits the keyrings used to the archive's automatic keys, which are
still RSA.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-6-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Index: gnupg2-2.2.40/debian/tests/migration
===
--- gnupg2-2.2.40.orig/debian/tests/migration
+++ gnupg2-2.2.40/debian/tests/migration
@@ -11,7 +11,7 @@ gpg1=(gpg1 --homedir "$GPG_HOME" --batch
mkdir "$GPG_HOME"
chmod 700 "$GPG_HOME"
-cat /usr/share/keyrings/debian-archive-*.gpg | "${gpg1[@]}" --import
+cat /usr/share/keyrings/debian-archive-*-automatic.gpg | "${gpg1[@]}" --import
"${gpg1[@]}" --list-keys
"${gpg[@]}" --list-keys > "$DIR/key.list.before"
migrate-pubring-from-classic-gpg "$GPG_HOME"
