From: bernhard@intevation.de   
      
   Package: sqv   
   Version: 1.3.0-3+b2   
   Severity: normal   
   X-Debbugs-Cc: bernhard@intevation.de   
      
   Dear Maintainer,   
      
   the switch to sgv for apt changed how keyrings are parsed.   
      
   Ran into an example, where instructions from last August   
   do not work anymore. This looks like a regression.   
      
   Should I send a report to the apt package as well?   
      
   What I did to get into the situation:   
      
   Start with a pretty vanilla basic Trixie 13.3 installation:   
      
   Following the instuction at the bottom of   
     https://repos.gnupg.org/deb/gnupg/trixie/   
      
   E.g. one variant:   
    gpg \   
     --no-default-keyring \   
     --keyring /usr/share/keyrings/gnupg-keyring.gpg \   
     --fetch-keys https://repos.gnupg.org/deb/gnupg/trixie/gnupg-signing-key.gpg   
      
   leads to /usr/share/keyrings/gnupg-keyring.gpg   
   which cannot be parsed by sqv and makes apt-upgrade and the instructions   
   fail with   
      
   apt-update   
   [..]   
      
   Get:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease [3761 B]   
   Err:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease   
     Sub-process /usr/bin/sqv returned an error code (1), error message is:   
   Error: Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg"  Caused   
   by:     0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF     1: EOF   
      
   Expectation is that apt-update can work with that repository   
   and its keyring.   
      
      
   Addition details:   
      
   A reproduction of the problem without apt:   
   curl -O https://repos.gnupg.org/deb/gnupg/trixie/dists/trixie/Release   
   curl -O https://repos.gnupg.org/deb/gnupg/trixie/dists/trixie/Release.gpg   
   sqv --verbose --keyring=/usr/share/keyrings/gnupg-keyring.gpg --   
   ignature-file=Release.gpg Release   
      
   Error: Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg"   
      
   Caused by:   
       0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF   
       1: EOF   
      
      
   ls /etc/crypto-policies/back-ends/sequoia.config   
   ls: cannot access '/etc/crypto-policies/back-ends/sequoia.config': No such   
   file or directory   
      
      
   The command in the instruction that writes the keyring uses the installed   
   conservative gnupg 2.4.7-21+b3 Debian package. Documentation of sources.list   
   and other examples indicate that Signed-By with such a keyring should work.   
      
   This is a regression from my point of view.   
      
   Here is the report towards the instructions   
   as GnuPG: https://dev.gnupg.org/T8122   
      
      
   Best Regards,   
   Bernhard   
      
   -- System Information:   
   Debian Release: 13.3   
     APT prefers stable-updates   
     APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,   
   'stable')   
   Architecture: amd64 (x86_64)   
      
   Kernel: Linux 6.12.73+deb13-amd64 (SMP w/2 CPU threads; PREEMPT)   
   Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set   
   Shell: /bin/sh linked to /usr/bin/dash   
   Init: systemd (via /run/systemd/system)   
   LSM: AppArmor: enabled   
      
   Versions of packages sqv depends on:   
   ii  libc6           2.41-12+deb13u1   
   ii  libgcc-s1       14.2.0-19   
   ii  libgmp10        2:6.3.0+dfsg-3   
   ii  libhogweed6t64  3.10.1-1   
   ii  libnettle8t64   3.10.1-1   
      
   sqv recommends no packages.   
      
   sqv suggests no packages.   
      
   -- no debconf information   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)