Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#847136: emdebian-archive-keyring: cannot upgrade - gpg: no valid OpenPGP data found.
36 views
Skip to first unread message
Alban Browaeys
Dec 5, 2016, 5:10:03 PM12/5/16
to
Package: emdebian-archive-keyring
Version: 2.1
Severity: important
Dear Maintainer,
Upgrading from 2.0.5 to 2.1 I get this error in postinst:
Setting up emdebian-archive-keyring (2.1) ...
Warning: apt-key should not be used in scripts (called from postinst maintainerscript of the package emdebian-archive-keyring)
gpg: no valid OpenPGP data found.
dpkg: error processing package emdebian-archive-keyring (--configure):
subprocess installed post-installation script returned error exit status 2
Errors were encountered while processing:
emdebian-archive-keyring
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
A by-hand run of apt-key add /usr/share/emdebian-tools/emdebian-archive-keyring.gpg also outputs:
"gpg: no valid OpenPGP data found"
as file /usr/share/keyrings/debian-keyring.gpg
/usr/share/keyrings/debian-keyring.gpg: GPG key public ring, created Tue Jul 5 05:06:24 2011
vs
file /usr/share/emdebian-tools/emdebian-archive-keyring.gpg
/usr/share/emdebian-tools/emdebian-archive-keyring.gpg: GPG keybox database version 1, created-at Mon Dec 5 04:47:53 2016, last-maintained Mon Dec 5 04:47:53 2016
I so believe the issue is apt-key add supports only old gpg binary keyring format , and the latter is in new keybox format.
Regards,
Alban
-- System Information:
Debian Release: stretch/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-rc7prahal+ (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages emdebian-archive-keyring depends on:
ii apt 1.4~beta1
ii gnupg 2.1.16-2
emdebian-archive-keyring recommends no packages.
emdebian-archive-keyring suggests no packages.
-- no debconf information
Version: 2.1
Severity: important
Dear Maintainer,
Upgrading from 2.0.5 to 2.1 I get this error in postinst:
Setting up emdebian-archive-keyring (2.1) ...
Warning: apt-key should not be used in scripts (called from postinst maintainerscript of the package emdebian-archive-keyring)
gpg: no valid OpenPGP data found.
dpkg: error processing package emdebian-archive-keyring (--configure):
subprocess installed post-installation script returned error exit status 2
Errors were encountered while processing:
emdebian-archive-keyring
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
A by-hand run of apt-key add /usr/share/emdebian-tools/emdebian-archive-keyring.gpg also outputs:
"gpg: no valid OpenPGP data found"
as file /usr/share/keyrings/debian-keyring.gpg
/usr/share/keyrings/debian-keyring.gpg: GPG key public ring, created Tue Jul 5 05:06:24 2011
vs
file /usr/share/emdebian-tools/emdebian-archive-keyring.gpg
/usr/share/emdebian-tools/emdebian-archive-keyring.gpg: GPG keybox database version 1, created-at Mon Dec 5 04:47:53 2016, last-maintained Mon Dec 5 04:47:53 2016
I so believe the issue is apt-key add supports only old gpg binary keyring format , and the latter is in new keybox format.
Regards,
Alban
-- System Information:
Debian Release: stretch/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-rc7prahal+ (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages emdebian-archive-keyring depends on:
ii apt 1.4~beta1
ii gnupg 2.1.16-2
emdebian-archive-keyring recommends no packages.
emdebian-archive-keyring suggests no packages.
-- no debconf information
Alban Browaeys
Dec 5, 2016, 5:40:03 PM12/5/16
to
Package: emdebian-archive-keyring
Version: 2.1
Followup-For: Bug #847136
Dear Maintainer,
the issue :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846892
quoting Clint Adams <<<EOQ
With gnupg 2 as the default, the $(KEYRING) target in debian/rules
generates a GPG keybox database version 1 instead of an RFC4880
OpenPGP Transferable Key, or "GPG key public ring".
All of the other keyrings in /etc/apt/trusted.gpg.d or /usr/share/keyrings
are in the latter format.
Also I suspect that this has an effect on the package's reproducibility
but I'm unsure because `kbxutil --cut` doesn't do what I expected it
to do.
Two ways this could be changed are
1) gpg --dearmor -o $@ $<
2) hot dearmor < $< > $@
EOQ
more background in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844724
which ends up adding a section in apt-key >= 1.4-beta1 "
SUPPORTED KEYRING FILES
apt-key supports only the binary OpenPGP format (also known as "GPG key public ring") in files with the "gpg" extension, not the keybox database format introduced in newer gpg(1) versions as default
for keyring files. Binary keyring files intended to be used with any apt version should therefore always be created with gpg --export.
Alternatively, if all systems which should be using the created keyring have at least apt version >= 1.4 installed, you can use the ASCII armored format with the "asc" extension instead which can be
created with gpg --armor --export.
"
Best regards
Version: 2.1
Followup-For: Bug #847136
Dear Maintainer,
the issue :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846892
quoting Clint Adams <<<EOQ
With gnupg 2 as the default, the $(KEYRING) target in debian/rules
generates a GPG keybox database version 1 instead of an RFC4880
OpenPGP Transferable Key, or "GPG key public ring".
All of the other keyrings in /etc/apt/trusted.gpg.d or /usr/share/keyrings
are in the latter format.
Also I suspect that this has an effect on the package's reproducibility
but I'm unsure because `kbxutil --cut` doesn't do what I expected it
to do.
Two ways this could be changed are
1) gpg --dearmor -o $@ $<
2) hot dearmor < $< > $@
EOQ
more background in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844724
which ends up adding a section in apt-key >= 1.4-beta1 "
SUPPORTED KEYRING FILES
apt-key supports only the binary OpenPGP format (also known as "GPG key public ring") in files with the "gpg" extension, not the keybox database format introduced in newer gpg(1) versions as default
for keyring files. Binary keyring files intended to be used with any apt version should therefore always be created with gpg --export.
Alternatively, if all systems which should be using the created keyring have at least apt version >= 1.4 installed, you can use the ASCII armored format with the "asc" extension instead which can be
created with gpg --armor --export.
"
Best regards
0 new messages