Bug#1128841: marked as done (sqv does not parse keyring that works with gpgv)

Tue, 24 Feb 2026 01:25:16 -0800 

Your message dated Tue, 24 Feb 2026 10:16:11 +0100
with message-id <[email protected]>
and subject line Re: Bug#1128841: sqv does not parse keyring that works with 
gpgv
has caused the Debian Bug report #1128841,
regarding sqv does not parse keyring that works with gpgv
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1128841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128841
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: sqv
Version: 1.3.0-3+b2
Severity: normal
X-Debbugs-Cc: [email protected]

Dear Maintainer,

the switch to sgv for apt changed how keyrings are parsed.

Ran into an example, where instructions from last August
do not work anymore. This looks like a regression.

Should I send a report to the apt package as well?

What I did to get into the situation:

Start with a pretty vanilla basic Trixie 13.3 installation:

Following the instuction at the bottom of
  https://repos.gnupg.org/deb/gnupg/trixie/

E.g. one variant:
 gpg \
  --no-default-keyring \
  --keyring /usr/share/keyrings/gnupg-keyring.gpg \
  --fetch-keys https://repos.gnupg.org/deb/gnupg/trixie/gnupg-signing-key.gpg

leads to /usr/share/keyrings/gnupg-keyring.gpg
which cannot be parsed by sqv and makes apt-upgrade and the instructions
fail with 

apt-update
[..]

Get:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease [3761 B]
Err:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease
  Sub-process /usr/bin/sqv returned an error code (1), error message is: Error: 
Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg"  Caused by:     
0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF     1: EOF

Expectation is that apt-update can work with that repository 
and its keyring.


Addition details:

A reproduction of the problem without apt:
curl -O https://repos.gnupg.org/deb/gnupg/trixie/dists/trixie/Release
curl -O https://repos.gnupg.org/deb/gnupg/trixie/dists/trixie/Release.gpg
sqv --verbose --keyring=/usr/share/keyrings/gnupg-keyring.gpg 
--signature-file=Release.gpg Release

Error: Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg"

Caused by:
    0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF
    1: EOF


ls /etc/crypto-policies/back-ends/sequoia.config
ls: cannot access '/etc/crypto-policies/back-ends/sequoia.config': No such file 
or directory


The command in the instruction that writes the keyring uses the installed 
conservative gnupg 2.4.7-21+b3 Debian package. Documentation of sources.list 
and other examples indicate that Signed-By with such a keyring should work.

This is a regression from my point of view.

Here is the report towards the instructions
as GnuPG: https://dev.gnupg.org/T8122


Best Regards,
Bernhard

-- System Information:
Debian Release: 13.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.73+deb13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sqv depends on:
ii  libc6           2.41-12+deb13u1
ii  libgcc-s1       14.2.0-19
ii  libgmp10        2:6.3.0+dfsg-3
ii  libhogweed6t64  3.10.1-1
ii  libnettle8t64   3.10.1-1

sqv recommends no packages.

sqv suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Hi Guillem,

Am Dienstag 24 Februar 2026 01:22:17 schrieben Sie:
> On Mon, 2026-02-23 at 18:24:22 +0100, Guillem Jover wrote:
> > On Mon, 2026-02-23 at 17:49:25 +0100, Bernhard E. Reiter wrote:

> > I think this report is invalid,

after your information, I agree.

> > because I'm assuming the keyring 
> > generated is in the non-portable GnuPG specific KeyBox format. GnuPG
> > should have mentioned this during the generation of the keyring,
> > otherwise can be confirmed with file(1).
>
> After noticing <https://gnupg.org/blog/20250827-new-repository.html> I
> think it should be clear this is a keybox keyring, from the output
> presented.

yes, I have confirmed it with file.

And there is some documentation somewhere saying that the new keybox format
is not supported. I did not make the connection, sorry for the noise.

Thanks a lot for responding!

Best Regards,
Bernhard
ps.: I'll try to close the issue for good. 
Please assist if I do not get it done the right way.

--- End Message ---

Reply via email to