Your message dated Fri, 14 Mar 2025 19:36:07 +0000
with message-id <[email protected]>
and subject line Bug#1100485: fixed in haskell-hopenpgp-tools 0.23.11-1
has caused the Debian Bug report #1100485,
regarding hopenpgp-tools: hokey canonicalize damages signature
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1100485: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100485
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: hopenpgp-tools
Version: 0.23.10-1
Severity: normal
X-Debbugs-Cc: [email protected]
With gpg 2.2.46 I have:
$ gpg --export 39CB544D6527CF60 | gpg --import
gpg: key 39CB544D6527CF60: "Nicolas Pitre <[email protected]>" not
changed
gpg: Total number processed: 1
gpg: unchanged: 1
$ gpg --export 39CB544D6527CF60 | hokey canonicalize | gpg --import
hokey (hopenpgp-tools) 0.23.10
Copyright (C) 2012-2023 Clint Adams
hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions.
gpg: key 39CB544D6527CF60: 1 bad signature
gpg: key 39CB544D6527CF60: "Nicolas Pitre <[email protected]>" not
changed
gpg: Total number processed: 1
gpg: unchanged: 1
So when piping the certificate through `hokey canonicalize`, gpg is
unhappy with the result ("1 bad signature").
I didn't try to debug, so maybe it's also gpg (or the public key) that
is wrong here. Another indication that it's indeed hokey that is broken
here is that Sequoia is also reports a broken signature:
$ diff -u <(gpg --export 39CB544D6527CF60 | sq inspect
--dump-bad-signatures) <(gpg --export 39CB544D6527CF60 | hokey canonicalize |
sq inspect --dump-bad-signatures)
hokey (hopenpgp-tools) 0.23.10
Copyright (C) 2012-2023 Clint Adams
hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions.
--- /dev/fd/63 2025-03-14 12:41:09.762163073 +0100
+++ /dev/fd/62 2025-03-14 12:41:09.766163061 +0100
@@ -7,10 +7,11 @@
Key flags: certification, signing
Subkey: E582CAEAF7CBA7AA04344A927F4A62820BF463B7
+ Invalid: No binding signature at time
2025-03-14T11:41:09Z
+ Invalid: No binding signature at time
2025-03-14T11:41:09Z
Public-key algo: RSA
Public-key size: 2048 bits
Creation time: 2014-08-27 18:44:41 UTC
- Key flags: signing
Subkey: 41DAFFF1E479BE87915F2E61CB32F57D9BA1D6FF
Public-key algo: RSA
@@ -52,3 +53,34 @@
UserID: Nicolas Pitre <[email protected]>
Certifications: 1, use --certifications to list
+ Bad Signature:
+ Version: 4
+ Type: SubkeyBinding
+ Pk algo: RSA
+ Hash algo: SHA256
+ Hashed area:
+ Signature creation time: 2025-02-25 05:18:24 UTC
(critical)
+ Issuer: 39CB544D6527CF60
+ Nicolas Pitre <[email protected]>
(UNAUTHENTICATED)
+ Notation: [email protected]
+ 00000000 1a 30 59 f3 ea fd 72 88 a3 2b 5e a5
1b e2 43 bd
+ 00000010 89 d8 f6 37 92 11 28 a5 50 8d b1 af
c8 e9 16 48
+ Key flags: S
+ Embedded signature: (critical)
+ Version: 4
+ Type: PrimaryKeyBinding
+ Pk algo: RSA
+ Hash algo: SHA256
+ Hashed area:
+ Signature creation time: 2025-02-25
05:18:24 UTC (critical)
+ Issuer: 7F4A62820BF463B7
+ Nicolas Pitre <[email protected]>
(UNAUTHENTICATED)
+ Notation: [email protected]
+ 00000000 d8 bd 36 7c ef bd c5 da 85 b8
f7 02 5d 3b 81 28
+ 00000010 1b b8 e1 68 40 15 89 ec b5 8b
f0 eb d4 bb b0 f4
+ Issuer Fingerprint:
E582CAEAF7CBA7AA04344A927F4A62820BF463B7
+ Nicolas Pitre <[email protected]>
(UNAUTHENTICATED)
+ Digest prefix: 4CA6
+ Level: 0 (signature over data)
+ Digest prefix: DB75
+ Level: 0 (signature over data)
The key 39CB544D6527CF60 is available on the keyservers if you want to
reproduce. (gpg --keyserver-options no-self-sigs-only --keyserver
keyserver.ubuntu.com --recv 39CB544D6527CF60)
Best regards
Uwe
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (750, 'testing-debug'), (750, 'testing'), (700,
'stable-updates'), (700, 'stable-security'), (700, 'stable-debug'), (700,
'stable'), (600, 'unstable'), (500, 'unstable-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf
Kernel: Linux 6.12.6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages hopenpgp-tools depends on:
ii libbz2-1.0 1.0.8-6
ii libc6 2.40-4
ii libffi8 3.4.6-1
ii libgmp10 2:6.3.0+dfsg-3
ii libnettle8t64 3.10-1+b1
ii libnuma1 2.0.18-1+b1
ii libyaml-0-2 0.2.5-2
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
hopenpgp-tools recommends no packages.
hopenpgp-tools suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: haskell-hopenpgp-tools
Source-Version: 0.23.11-1
Done: Clint Adams <[email protected]>
We believe that the bug you reported is fixed in the latest version of
haskell-hopenpgp-tools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Clint Adams <[email protected]> (supplier of updated haskell-hopenpgp-tools
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Mar 2025 15:08:34 -0400
Source: haskell-hopenpgp-tools
Architecture: source
Version: 0.23.11-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Haskell Group
<[email protected]>
Changed-By: Clint Adams <[email protected]>
Closes: 1100485
Changes:
haskell-hopenpgp-tools (0.23.11-1) unstable; urgency=medium
.
* New upstream version.
- Requires hOpenPGP 2.10.1, which contains a fix for a parser
bug which was affecting `hokey canonicalize`. Thanks to
Uwe Kleine-König and Justus Winter for debugging!
closes: #1100485.
Checksums-Sha1:
87273173c7bcf59e64b904739aeb0c43d9e25f53 3093
haskell-hopenpgp-tools_0.23.11-1.dsc
5224c38c55bbc502f313eb4543f55ea71bbf89b9 37220
haskell-hopenpgp-tools_0.23.11.orig.tar.gz
bb2ed13e4f3028fe75f4b17fd84261a9030b00f9 14452
haskell-hopenpgp-tools_0.23.11-1.debian.tar.xz
dc3148058e8c360d45e2105269840a5aed728b6e 15037
haskell-hopenpgp-tools_0.23.11-1_source.buildinfo
Checksums-Sha256:
b8865b4c83739bcdda522cdc369c45f738364043590c22b9fe3e1f215bedf3c3 3093
haskell-hopenpgp-tools_0.23.11-1.dsc
2a056bd320caafe0f7ac3c95d56819f9fef02ddafe11b59802ea5a678d88a54f 37220
haskell-hopenpgp-tools_0.23.11.orig.tar.gz
785708f198dd9a24383220c77be8ab56349d4e1ce6c6c9c4b70bf27409906008 14452
haskell-hopenpgp-tools_0.23.11-1.debian.tar.xz
57e08dd8a02990fd5194b8936d437181154f13f84bd7beb2cb1ca2145fbf09a0 15037
haskell-hopenpgp-tools_0.23.11-1_source.buildinfo
Files:
5b7b9df31b741fd0131391ea0927c9a3 3093 haskell optional
haskell-hopenpgp-tools_0.23.11-1.dsc
95194855f2595b106bf3c5826970db56 37220 haskell optional
haskell-hopenpgp-tools_0.23.11.orig.tar.gz
3d3ef25a05d3fda74c7e5b6016056f13 14452 haskell optional
haskell-hopenpgp-tools_0.23.11-1.debian.tar.xz
f77bdbcf5ea46c3a6e17327f242d3238 15037 haskell optional
haskell-hopenpgp-tools_0.23.11-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJn1H+VCRD200lbsK6aAkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmdYZgmpLrX8fQC+/bd5jXXIPs1sISEMMe15u3n+WXqk
5RYhBCEAoyxG+JWvOgh4OvbTSVuwrpoCAAAa8g/8C8g+0E3M8TB/8f0K8P7UMnAg
S57PmJurGqKincqyGFy1PJKRSspMLVN/RaOAEnD+XpxKKdnyY+CARwZp82jq7zTZ
0Gx5Nl81YDgfizNKUWQDlLSQCCu3uS0dt5xvdPsEzLtZO+j8DBQiSzgaonF8vPKE
cQODSdtuVewGMd73fd+Y/UWTL5ykUkAxMgjoaQN6MSrjHGRT+eDhdOKiayVpDaf+
IBTw2jsEQcfzq8O6CXIkBJt5blhq0K66j9Rr5+DgSqhl6HASTvNMB3d2yMZNzIaL
iNhtN40iL6XZOuQl4/lFw3NJAtyXxATRoX3bu0GCKuITON4hHWuId41WtH4gOOdl
TU8lwuIZ/6jLpLvzfvhYnNLRaP6/87iBwLwO2FcNn07IpkvKbwpHhe3zs65E6zOM
Ky1zGndFgAALkHupd/5CxkdqdgEVcx4vPH6yDleeBfEDEJM56tTXS+Box6Z1qx5+
WQY3V9jTQVuxxebiwJJr4RugqyWTtMHkh9bgQzF7n7Ja/k+UJZCRU5FNeRTAR8yI
7I2asG2EVTYd/w2dHPn1pf9Q6kV2yGyYoObjRcmBjPZVIshhOSmpbDDn6+pq6wXM
lz69wieEBZdBQcUTUQja108sYTBf7OQm2hiFi9y5yf1HD+attCnfVm4Phynrrlg4
lM0Ucifjvdzgf6KEqYE=
=oIx/
-----END PGP SIGNATURE-----
pgpypY2vidv2w.pgp
Description: PGP signature
--- End Message ---
