Hi! On Mon, 2026-02-23 at 17:49:25 +0100, Bernhard E. Reiter wrote: > Package: sqv > Version: 1.3.0-3+b2 > Severity: normal > X-Debbugs-Cc: [email protected]
> Following the instuction at the bottom of > https://repos.gnupg.org/deb/gnupg/trixie/ > > E.g. one variant: > gpg \ > --no-default-keyring \ > --keyring /usr/share/keyrings/gnupg-keyring.gpg \ > --fetch-keys https://repos.gnupg.org/deb/gnupg/trixie/gnupg-signing-key.gpg > > leads to /usr/share/keyrings/gnupg-keyring.gpg > which cannot be parsed by sqv and makes apt-upgrade and the instructions > fail with > > apt-update > [..] > > Get:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease [3761 B] > Err:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease > Sub-process /usr/bin/sqv returned an error code (1), error message is: > Error: Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg" > Caused by: 0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF 1: > EOF > > Expectation is that apt-update can work with that repository > and its keyring. I think this report is invalid, because I'm assuming the keyring generated is in the non-portable GnuPG specific KeyBox format. GnuPG should have mentioned this during the generation of the keyring, otherwise can be confirmed with file(1). The correct options are to either download the keyring with wget/curl, or to download it with gpg, and then --export it into a proper OpenPGP formatted keyring. > This is a regression from my point of view. I don't think this is a regression, as the usage seems invalid to me. Thanks, Guillem
