[Touch-packages] [Bug 1912526] Re: cannot import new keys if another malformed key exists
I have to say that it is quite a shame that Canonical does not provide a proper solution for this problem, as it has quite a big impact if you cannot update packages with security fixes anymore. Anyway, I managed to solve the problem. From an earlier repo installation I had a file "isv:ownCloud:desktop.asc" inside -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1912526 Title: cannot import new keys if another malformed key exists Status in apt package in Ubuntu: New Bug description: "apt-key add" fails to import keys if there exists another key with a malformed file name. Such malformed key names used to be provided by the openSUSE Build Service (https://github.com/openSUSE/software-o-o/issues/842). After importing such malformed key, future key imports will fail with something like: $ sudo apt-key add linux_signing_key.pub gpg: invalid key resource URL '/tmp/apt-key-gpghome.f8IaqZ48Ze/isv:ownCloud:desktop.asc.gpg' gpg: keyblock resource '(null)': General error even though no such file "isv:ownCloud:desktop.asc.gpg" exists anywhere on the filesystem. This affects deb packages that import public repo keys during installation, such as Google Chrome or Vivaldi, and results in minor issues such as breaking GUI tools and CLI warnings, and the major issue that the installed repo cannot be used anymore to update the software (Google Chrome, Vivaldi). apt-key should be robust to such issues and continue importing keys. As in the example above, apt-key should import "linux_signing_key.pub" no matter if another unrelated key is malformed etc. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: apt 2.0.2ubuntu0.2 ProcVersionSignature: Ubuntu 5.8.0-38.43~20.04.1-generic 5.8.18 Uname: Linux 5.8.0-38-generic x86_64 NonfreeKernelModules: openafs nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.14 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Wed Jan 20 19:24:34 2021 InstallationDate: Installed on 2020-04-24 (271 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) SourcePackage: apt UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1912526/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1912526] Re: cannot import new keys if another malformed key exists
I have to say that it is quite a shame that Canonical does not provide a
proper solution for this problem, as it has quite a big impact if you
cannot update packages with security fixes anymore.
Anyway, I managed to solve the problem. From an earlier repo
installation, I had a key file with the troubling filename
"isv:ownCloud:desktop.asc" at "/etc/apt/trusted.gpg.d". After removing
that file ("sudo rm /etc/apt/trusted.gpg.d/isv:ownCloud:desktop.asc") I
was able to import new keys again.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1912526
Title:
cannot import new keys if another malformed key exists
Status in apt package in Ubuntu:
New
Bug description:
"apt-key add" fails to import keys if there exists another key with a
malformed file name.
Such malformed key names used to be provided by the openSUSE Build
Service (https://github.com/openSUSE/software-o-o/issues/842).
After importing such malformed key, future key imports will fail with
something like:
$ sudo apt-key add linux_signing_key.pub
gpg: invalid key resource URL
'/tmp/apt-key-gpghome.f8IaqZ48Ze/isv:ownCloud:desktop.asc.gpg'
gpg: keyblock resource '(null)': General error
even though no such file "isv:ownCloud:desktop.asc.gpg" exists
anywhere on the filesystem.
This affects deb packages that import public repo keys during
installation, such as Google Chrome or Vivaldi, and results in minor
issues such as breaking GUI tools and CLI warnings, and the major
issue that the installed repo cannot be used anymore to update the
software (Google Chrome, Vivaldi).
apt-key should be robust to such issues and continue importing keys.
As in the example above, apt-key should import "linux_signing_key.pub"
no matter if another unrelated key is malformed etc.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: apt 2.0.2ubuntu0.2
ProcVersionSignature: Ubuntu 5.8.0-38.43~20.04.1-generic 5.8.18
Uname: Linux 5.8.0-38-generic x86_64
NonfreeKernelModules: openafs nvidia_uvm nvidia_drm nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu27.14
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Wed Jan 20 19:24:34 2021
InstallationDate: Installed on 2020-04-24 (271 days ago)
InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
SourcePackage: apt
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1912526/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1912526] Re: cannot import new keys if another malformed key exists
It's in the latest Ubuntu LTS and will stay be there until 2025. If it is legacy and deprecated, maybe it should have been removed? In its current state, this apt-key issue has some security implications: First, the Ubuntu update GUI is not very intuitive in handling this issue. It presents the user only with a message that there is a connection issue, which is not true in this case. Options then are to "try again" which will never resolve an issue with unsigned repos, or acknowledge the issue with "Ok". This can be confusing as the "Ok" does not indicate that updates can still be installed. A user might just close the dialog and never install additional updates. The update manager should just install all updates available and not bother the user with unintuitive choices. Second, even if you manage to decipher the update manager GUI, you will still be left with a browser (e.g. Google Chrome in the example above) that will never be updated. This means in the worst case that someone is using a browser on Ubuntu LTS that gathered 5 years of security issues. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1912526 Title: cannot import new keys if another malformed key exists Status in apt package in Ubuntu: New Bug description: "apt-key add" fails to import keys if there exists another key with a malformed file name. Such malformed key names used to be provided by the openSUSE Build Service (https://github.com/openSUSE/software-o-o/issues/842). After importing such malformed key, future key imports will fail with something like: $ sudo apt-key add linux_signing_key.pub gpg: invalid key resource URL '/tmp/apt-key-gpghome.f8IaqZ48Ze/isv:ownCloud:desktop.asc.gpg' gpg: keyblock resource '(null)': General error even though no such file "isv:ownCloud:desktop.asc.gpg" exists anywhere on the filesystem. This affects deb packages that import public repo keys during installation, such as Google Chrome or Vivaldi, and results in minor issues such as breaking GUI tools and CLI warnings, and the major issue that the installed repo cannot be used anymore to update the software (Google Chrome, Vivaldi). apt-key should be robust to such issues and continue importing keys. As in the example above, apt-key should import "linux_signing_key.pub" no matter if another unrelated key is malformed etc. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: apt 2.0.2ubuntu0.2 ProcVersionSignature: Ubuntu 5.8.0-38.43~20.04.1-generic 5.8.18 Uname: Linux 5.8.0-38-generic x86_64 NonfreeKernelModules: openafs nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.14 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Wed Jan 20 19:24:34 2021 InstallationDate: Installed on 2020-04-24 (271 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) SourcePackage: apt UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1912526/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1912526] Re: cannot import new keys if another malformed key exists
It's a legacy tool nobody should be using anymore. It's been like what, half a decade or so, we've been telling people to stop it, and drop files into trusted.gpg.d. It will go away in 2022. So I'm not super excited about spending time investigating and fixing this, but I guess I'll have a crack at it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1912526 Title: cannot import new keys if another malformed key exists Status in apt package in Ubuntu: New Bug description: "apt-key add" fails to import keys if there exists another key with a malformed file name. Such malformed key names used to be provided by the openSUSE Build Service (https://github.com/openSUSE/software-o-o/issues/842). After importing such malformed key, future key imports will fail with something like: $ sudo apt-key add linux_signing_key.pub gpg: invalid key resource URL '/tmp/apt-key-gpghome.f8IaqZ48Ze/isv:ownCloud:desktop.asc.gpg' gpg: keyblock resource '(null)': General error even though no such file "isv:ownCloud:desktop.asc.gpg" exists anywhere on the filesystem. This affects deb packages that import public repo keys during installation, such as Google Chrome or Vivaldi, and results in minor issues such as breaking GUI tools and CLI warnings, and the major issue that the installed repo cannot be used anymore to update the software (Google Chrome, Vivaldi). apt-key should be robust to such issues and continue importing keys. As in the example above, apt-key should import "linux_signing_key.pub" no matter if another unrelated key is malformed etc. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: apt 2.0.2ubuntu0.2 ProcVersionSignature: Ubuntu 5.8.0-38.43~20.04.1-generic 5.8.18 Uname: Linux 5.8.0-38-generic x86_64 NonfreeKernelModules: openafs nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.14 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Wed Jan 20 19:24:34 2021 InstallationDate: Installed on 2020-04-24 (271 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) SourcePackage: apt UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1912526/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
