Your message dated Tue, 28 Nov 2023 03:12:32 +0000
with message-id <[email protected]>
and subject line Bug#922348: fixed in ubuntu-keyring 2023.11.28.1-0.1
has caused the Debian Bug report #922348,
regarding unsupported APT keyring format (GPG keybox database version 1)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
922348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922348
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ubuntu-dbgsym-keyring
Version: 2018.09.18.1-4
Severity: normal
Dear Maintainer,
the following files are in a GPG keybox database version 1 format.
- keyrings/ubuntu-dbgsym-keyring.gpg
- keyrings/ubuntu-dbgsym-removed-keys.gpg
As said in the apt-key(8) man page:
> apt-key supports only the binary OpenPGP format (also known as "GPG
> key public ring") in files with the "gpg" extension, not the keybox
> database format introduced in newer gpg(1) versions as default for
> keyring files.
$ file keyrings/ubuntu-dbgsym-keyring.gpg
keyrings/ubuntu-dbgsym-removed-keys.gpg
keyrings/ubuntu-dbgsym-keyring.gpg: GPG keybox database version 1,
created-at Thu Feb 1 12:47:14 2018, last-maintained Thu Feb 1 12:47:14 2018
keyrings/ubuntu-dbgsym-removed-keys.gpg: GPG keybox database version 1,
created-at Thu Feb 1 12:47:35 2018, last-maintained Thu Feb 1 12:47:35 2018
The latter of these keyringss can be configured with debconf(1) to be
installed as an APT trust anchor. This won't work.
(ubuntu-dbgsym-keyring.gpg does not seem to be offered?)
The issue is not as severe, because this is not the default behavior for
the package. It may also be rather unlikely anyone would install the
removed keys.
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ubuntu-dbgsym-keyring depends on:
ii debconf [debconf-2.0] 1.5.70
Versions of packages ubuntu-dbgsym-keyring recommends:
ii gpgv 2.2.12-1
ubuntu-dbgsym-keyring suggests no packages.
apt 1.8.0~rc3.
--- End Message ---
--- Begin Message ---
Source: ubuntu-keyring
Source-Version: 2023.11.28.1-0.1
Done: Dimitri John Ledkov <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ubuntu-keyring, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dimitri John Ledkov <[email protected]> (supplier of updated
ubuntu-keyring package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Nov 2023 01:51:00 +0000
Source: ubuntu-keyring
Built-For-Profiles: noudeb
Architecture: source
Version: 2023.11.28.1-0.1
Distribution: unstable
Urgency: medium
Maintainer: Hideki Yamane <[email protected]>
Changed-By: Dimitri John Ledkov <[email protected]>
Closes: 922348 929165 987393 1019165 1033746
Changes:
ubuntu-keyring (2023.11.28.1-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream release. Closes: #922348
* Drop support to configure keyring as trusted, on non-Ubuntu systems
this keyrings only make sense for debootstrap purposed and image
validation. Also obsolete (removed-keys) should never have been
offered to be treated as trusted, as they are for EOL
products. Closes: #987393, #1019165, #1033746
* Cleanup broken filenames using correct maintainer scripts. Closes:
#929165
* Remove autopkgtest, doesn't test keyrings themselves.
Checksums-Sha1:
6d6c775151c09f40236594f8c9fd66b25899bb79 2222
ubuntu-keyring_2023.11.28.1-0.1.dsc
a9030566ddcc24c250763def9c3f274d72e39bea 20236
ubuntu-keyring_2023.11.28.1.orig.tar.xz
634b1eade1bd43cb765694aff8aaca5c077f94dc 5564
ubuntu-keyring_2023.11.28.1-0.1.debian.tar.xz
e66eebfee017a8e523e99e9ae0c2bd16aff79a06 11426
ubuntu-keyring_2023.11.28.1-0.1_source.buildinfo
Checksums-Sha256:
f0b16662d2e3163ee710032da2ef3cbf15160919c944d673f86359bf2cd7ea33 2222
ubuntu-keyring_2023.11.28.1-0.1.dsc
aecd455ae15561371d6e454f121f079f0641d5e1b579a5563a2bc363fc74aa2e 20236
ubuntu-keyring_2023.11.28.1.orig.tar.xz
18737a91a6fb9ac21d99c199915146092530748b37d74e697a2852e13fe9dad2 5564
ubuntu-keyring_2023.11.28.1-0.1.debian.tar.xz
75a93f7c22a4bba39c81f73d9f5a409d2d26137a82e7b0cb26ae478194d9f75e 11426
ubuntu-keyring_2023.11.28.1-0.1_source.buildinfo
Files:
e048d64386e6122164eb566d19b5a9d6 2222 misc optional
ubuntu-keyring_2023.11.28.1-0.1.dsc
3f72b4b9b2b6afa763deeec54c5c571c 20236 misc optional
ubuntu-keyring_2023.11.28.1.orig.tar.xz
40add945ebd72d2e07861adf89d325c4 5564 misc optional
ubuntu-keyring_2023.11.28.1-0.1.debian.tar.xz
f2ceae4fa186a89f08f0ffbdbb2d421d 11426 misc optional
ubuntu-keyring_2023.11.28.1-0.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7iQKBSojGtiSWEHXm47ISdXvcO0FAmVlUV8ACgkQm47ISdXv
cO3tCg/+LFLEg7ZXT6JB7gncZnCDGcgps9rmckRklWSvk0mOLn6h8Lw6rlubUdxE
8Jamlrw/hXMYVEmm6+pK1xjabjmZnPXCHKA8q5UpS4gYt+vWWprtJwG2poLyqGzc
1ZCobYiwfFkclgUYUGD/eHw4T40ZDrsWTXHO9EmzAQbQAQD/4IpMzxwDUqRFt9G1
ZIP1Da/X1pmIIx3IhGvQel9sYUx4ZeGoZT5VNFZdIN4gTfOBUXIQrPsXKSlhPqOJ
okG9ImcR5ikfQlsFeGijwc1sLac4eL36yZYFXAZDSY2fXX6WXljICWrohqvpR5lM
H9zxO+nMxKphCxvX/Lrwki0NvhK7PDH75T7J8ASCxzJGtZMvPh5DUGWTC/gXL3BX
F62vPU2Pq4ek1v7+nf86qNhETiXMjk9fl9wk9Lg/Lr33mgzo8VvGIPLpptgAayYz
VmbI+ZC+Rt/451BA4xRBGfJdFmJLYECYujXap+p+k2kTGp8/14JlQ3mfhkcp4Jvm
7+TyVXPtPZ+cfcEXOhqM27OPOchPj85X+godnQO/vZlvphG2mWd3/u+LCWh9HUSm
GPK3Ic4kiM9PGsuTtX6G9KAahD68eKM5HTQjMsvJz30dvcbe5bw7RVit3RbPjDs5
nc4673IVmnJUwYynr5i/mGwMcwz7WPQROrjaogKjSKVP8BHZj2E=
=g51X
-----END PGP SIGNATURE-----
--- End Message ---
