... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

linux.debian.bugs.dist

Ohh some weird Debian bug report thing

28,835 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 28,733 of 28,835

Guillem Jover to Guillem Jover

Bug#1128841: sqv does not parse keyring

24 Feb 26 01:30:02

   From: guillem@debian.org   
      
   Hi!   
      
   On Mon, 2026-02-23 at 18:24:22 +0100, Guillem Jover wrote:   
   > On Mon, 2026-02-23 at 17:49:25 +0100, Bernhard E. Reiter wrote:   
   > > Package: sqv   
   > > Version: 1.3.0-3+b2   
   > > Severity: normal   
   > > X-Debbugs-Cc: bernhard@intevation.de   
   >   
   > > Following the instuction at the bottom of   
   > >   https://repos.gnupg.org/deb/gnupg/trixie/   
   > >   
   > > E.g. one variant:   
   > >  gpg \   
   > >   --no-default-keyring \   
   > >   --keyring /usr/share/keyrings/gnupg-keyring.gpg \   
   > >   --fetch-keys https://repos.gnupg.org/deb/gnupg/trixie/gnup   
   -signing-key.gpg   
   > >   
   > > leads to /usr/share/keyrings/gnupg-keyring.gpg   
   > > which cannot be parsed by sqv and makes apt-upgrade and the instructions   
   > > fail with   
   > >   
   > > apt-update   
   > > [..]   
   > >   
   > > Get:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease [3761 B]   
   > > Err:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease   
   > >   Sub-process /usr/bin/sqv returned an error code (1), error message is:   
   Error: Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg"  Caused   
   by:     0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF     1: EOF   
   > >   
   > > Expectation is that apt-update can work with that repository   
   > > and its keyring.   
   >   
   > I think this report is invalid, because I'm assuming the keyring generated   
   > is in the non-portable GnuPG specific KeyBox format. GnuPG should have   
   > mentioned this during the generation of the keyring, otherwise can be   
   > confirmed with file(1).   
      
   After noticing  I   
   think it should be clear this is a keybox keyring, from the output   
   presented.   
      
   > The correct options are to either download the keyring with wget/curl,   
   > or to download it with gpg, and then --export it into a proper OpenPGP   
   > formatted keyring.   
   >   
   > > This is a regression from my point of view.   
   >   
   > I don't think this is a regression, as the usage seems invalid to me.   
      
   And thus I think the report should just be closed. Although I could   
   see an argument to be made to make the error more helpful by detecting   
   and pointing out that this is an unsupported keybox formatted file   
   (which is what dpkg does) and which would be a wishlist feature   
   request for upstream, but I can also see why one would not want to   
   bother with this either.   
      
   Thanks,   
   Guillem   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]