On Sun, Jun 07, 2026 at 09:35:09AM +0200, Michele Cane wrote: > Package: hplip > Version: 3.26.4+dfsg0-2 > Severity: important > Followup-For: Bug #1137654 > > I can confirm that this is still reproducible with hplip 3.26.4+dfsg0-2, > but the failure mode is clearer now. > > The plugin metadata currently points to: > > > http://www.openprinting.org/download/printdriver/auxfiles/HP/plugins/hplip-3.26.4-plugin.run > > The downloaded file has the checksum listed in plugin.conf: > > 199f78f8af7f36894d7180e9090963ce2550a75ec701f8a4ba37665a9746fdf0 > > So the file is not corrupted. The verification failure happens because the > current plugin is signed with HP's newer RSA key: > > primary fingerprint: 82FF A7C6 AA74 11D9 34BD E173 AC69 536A 2CF3 A243 > signing subkey: 1E3D 9B4E 4447 5F51 EC08 45AB 5E4E 4D24 A34E CD57 > > The hplip package still ships/imports the older HPLIP DSA key: > > 4ABA 2F66 DBD5 A958 9491 0E06 73D7 70CD A590 47B9 >
Hi, thanks for the info. It is not only about plugins but also about upgrades, hplip.v2$ uscan --download-current-version Newest version of hplip on remote site is 3.26.4, specified download version is 3.26.4 gpgv: Signature made Wed May 20 07:22:15 2026 CEST gpgv: using RSA key 5E4E4D24A34ECD57 gpgv: Can't check signature: No public key uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 83. hplip.v2$ uscan --download-version 3.22.10 Newest version of hplip on remote site is 3.22.10, specified download version is 3.22.10 gpgv: Signature made Thu Oct 27 15:17:27 2022 CEST gpgv: using DSA key 4ABA2F66DBD5A95894910E0673D770CDA59047B9 gpgv: Good signature from "HPLIP (HP Linux Imaging and Printing) <[email protected]>" So, Thorsten, seems that it is really needed to upgrade hplip gpg key under debian/upstream/signing-key.asc (it is installed in the package and apparently used to verify plugins). While we are at this you may want to upgrade debian/watch to v5, see attached watch file for a proposal. Hope this helps, -- Agustin
Version: 5 Source: https://sf.net/hplip/ Matching-Pattern: hplip-@ANY_VERSION@@ARCHIVE_EXT@ Dversion-Mangle: s/\+(dfsg|repack)([0-9]+)?$// Uversion-Mangle: s/^(\S+py\d)/0.0.$1/;s/_/./g Pgp-Sig-Url-Mangle: s/$/.asc/

