Control: forwarded https://gitlab.com/sequoia-pgp/sequoia/-/issues/590
Hi Guillem--
On Sat 2020-09-05 17:20:26 +0200, Guillem Jover wrote:
> I was trying out sqop, to potentially add native support for it into
> dpkg-dev
This is great to hear! I think that you were running into (at least)
three different things:
- the upstream signing keys (OpenPGP certificates) shipped in libbsd
0.10.0 appear to be expired
- you're shipping two upstream signing keys there, but sqop verify is
buggy when a stream has two certificates in it:
https://gitlab.com/sequoia-pgp/sequoia/-/issues/590
- you've included the two certificates as separate ASCII-armored blobs,
rather than a single ASCII-armored keyring that contains two
certificates. We probably need to clarify whether "sop" can accept a
CERTS stream shaped like that:
https://gitlab.com/dkg/openpgp-stateless-cli/-/issues/28
In the meantime, here's a patch to libbsd 0.10.0 that at least resolves
the out-of-date certificates and the single-keyring-blob issue.
--dkg
From 6bde48deb1d35cbb010b55e6fb8cb92037378b5b Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor
Date: Fri, 16 Oct 2020 15:22:22 -0400
Subject: [PATCH] refresh keys for Guillem Jover
This should help with resolving #969590
---
debian/upstream/signing-key.asc | 187 +++-
1 file changed, 85 insertions(+), 102 deletions(-)
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
index 2f18626..d7d6d85 100644
--- a/debian/upstream/signing-key.asc
+++ b/debian/upstream/signing-key.asc
@@ -1,5 +1,4 @@
-BEGIN PGP PUBLIC KEY BLOCK-
-Version: GnuPG v1
mQGiBDfw+1oRBADQWbb/dnJBnw6s/c9LSU5ORjiKrYMF/EhFQGgKgz90IOvdl4kk
DlSaqFUruQo2IheUp6eN61JpH5ygCKoFZfH9l+BTG4L0yv276nXq+wY2iQlgBjwy
@@ -10,105 +9,89 @@ OYitNVhEL2Z3yi0JMrgzYPXGEukn/HhWKgiwX/sjrpY81ZihFp3kiZ1GSbRBcsEO
ZVWyA/9DJc1VcOpsQMMXkvMnxj1YqtcJzlXDby44V4onuWsTNKsHGP0IFkL1LKlm
7WAiKOqZ/zabtiWF3jjZOZt6wLdpvAsiixO6WWgGk2wobLeNKqLie5h16tNMens4
LRDhEVRCupncftBHDOd+V2h10dsC96nLL89lST1NpUfnf9ShA7QjR3VpbGxlbSBK
-b3ZlciA8Z3VpbGxlbUBoYWRyb25zLm9yZz6IXAQTEQIAHAUCPh+9gQIbAwQLBwMC
-AxUCAwMWAgECHgECF4AACgkQuW9ciZ2SjJvhowCeNsfqtYXEZQKb0yG7HFb84lIk
-aL4AoLttFVmbTlY2GKspXAM6W4Fzb+YGiGQEExECACQCGwMCHgECF4ACGQEFAkoC
-LSEFCwkIBwMFFQoJCAsFFgIDAQAACgkQuW9ciZ2SjJsFbACfcIoqZgGLO/ZlX8O2
-LKMU2iZ2UlkAoMI/syljpxraeWH5to5XbMuVcWMHiF8EExECAB8CGwMECwcDAgMV
-AgMDFgIBAh4BAheABQJBAHlGAhkBAAoJELlvXImdkoybUH4AnRSa8eHRtmdfKmbm
-EBKcajGXjFeiAKCsR+rn4GCDo1Q+uBKSft5EfHWdaLQnR3VpbGxlbSBKb3ZlciA8
-Z3VpbGxlbS5qb3ZlckBtZW50YS5uZXQ+iEkEMBEIAAkFAlBRap0CHSAACgkQuW9c
-iZ2SjJt5YgCfVhqeBekwiY/vD2GejXaCeT0JTF4AnROHyYPP5Dqzw3+dx+f6kQff
-Rgb8iGIEExECABoFCwcKAwQDFQMCAxYCAQIXgAIZAQUCPAbwvAASB2VHUEcAAQEJ
-ELlvXImdkoybKFEAn3DgGW1hKTuD3o7gzTiiIGY2Bo/wAJ95EeXvOVPTFDazesNU
-rCIq2CaFcohmBBMRAgAeAheABQJKAi0pBQsJCAcDBRUKCQgLBRYCAwEAAh4BABIH
-ZUdQRwABAQkQuW9ciZ2SjJt4EQCdGQBpCgbIg+V+LNdps8TfgYfYhg8An0CgCUH8
-CtyLeG99sZOCkBJlnr/hiF8EExECABcFCwcKAwQDFQMCAxYCAQIXgAUCQQB5PAAS
-B2VHUEcAAQEJELlvXImdkoybxswAoL8pYhJI010VXUzsYWeS8ezYWcD3AJ9/szPM
-bQvJb/2RwKTzgYmQH1hbI7QpR3VpbGxlbSBKb3ZlciA8Z3VpbGxlbWpvdmVyQGFt
-YnR1LmJjbi5lcz6ISQQwEQgACQUCUlDecgIdIAAKCRC5b1yJnZKMmwpoAJ93SP16
-gbLZG98572ygKG98Q6YwpACcDm0h0X999XI48NgFA+o2KFx13C+IZgQTEQIAHgIX
-gAUCSgItKQULCQgHAwUVCgkICwUWAgMBAAIeAQASB2VHUEcAAQEJELlvXImdkoyb
-4BwAoNKPxf67yivAMhLHIgDvIjR1uxUEAKCLgCz30A1+pRVXbO7RL0mxdkOvlIhX
-BBMRAgAXBQI8BvArBQsHCgMEAxUDAgMWAgECF4AACgkQuW9ciZ2SjJs83wCfUpRF
-hacPD51+ftZ45fkaS5t0xKMAoPt8+fomtgxPZw2tHtbpHJgfaJ+rtCtHdWlsbGVt
-IEpvdmVyIDxndWlsbGVtLmpvdmVyQGNhbXB1cy51YWIuZXM+iEkEMBEIAAkFAlJQ
-3pACHSAACgkQuW9ciZ2SjJts0gCfXdSHsStoZ4xP6GuVMnwwQqCZoEoAnRYNAgQa
-wUMDYnXB4o3pN4M0Ge8aiGYEExECAB4CF4AFAkoCLSkFCwkIBwMFFQoJCAsFFgID
-AQACHgEAEgdlR1BHAAEBCRC5b1yJnZKMm6lGAKCqjCRUI6G3KDQahmUhfFgXaIFr
-+ACg3yaE5/xBXq0vGo/Z/Pwpj8/71pqIVwQTEQIAFwUCPAbwbwULBwoDBAMVAwID
-FgIBAheAAAoJELlvXImdkoyb+rgAn3f3ojXxeXNHo2Df55H8iReHgtuGAKCnMO9b
-E5upP4xiLUdqwc7CShVQdbQrR3VpbGxlbSBKb3ZlciA8Z3VpbGxlbS5qb3ZlckBs
-ZXB0b24uaG4ub3JnPohfBBMRAgAXBQI8BvCaBQsHCgMEAxUDAgMWAgECF4AAEgkQ
-uW9ciZ2SjJsHZUdQRwABAYOrAKDH8m8CfFqjJENjmDqadQKkk5KDAgCg7EkvWOSt
-n6THjMX0OVFsL9iUZVeISQQwEQIACQUCQQGRfgIdIAAKCRC5b1yJnZKMm4R5AKDa
-O41ZaQmZVfxjEEpzzNZYZn72pQCfapLHJFPClhl0+i+Du2YgpGlGmBu0Lkd1aWxs
-ZW0gSm92ZXIgPGd1aWxsZW0uam92ZXJAc2lsaWNvbnRvd2VyLm5ldD6IXAQTEQIA
-HAUCPXdG1wIbAwQLBwMCAxUCAwMWAgECHgECF4AACgkQuW9ciZ2SjJuqIwCeKKhX
-PQYr9wHOO93mLUN1kOAGsVIAn3sRwB0IjY1Xom/cn/oxs8cIIQHAiEgEMBECAAkF
-AkEAeZMCHSAACgkQuW9ciZ2SjJuXlgCgoYXA7VcuBZOvdxWgoCzxaYWg7twAmM6I
-9puPp0Dt8JcbQb/vUYFlDUq0L0d1aWxsZW0gSm92ZXIgPGd1aWxsZW0uam92ZXJA
-c2lsaWNvbnRvd2VyLmluZm8+iFwEExECABwFAj13R5ACGwMECwcDAgMVAgMDFgIB
-Ah4BAheAAAoJELlvXImdkoybyd0AmwWXWQD7t7dydSEK50ssKrRYTI6oAJ9ISga0
-5Fvhpa+4cBcstdayi2eeYIhJBDARAgAJBQJBAHnWAh0gAAoJELlvXImdkoybNbkA
-njqUds0y0/pvxchTAt4GD/HL6EELAJ9yw5dz9KArvosuzmYfC0oZuDgNirQlR3Vp
-bGxlbSBKb3ZlciA8Z3VpbGxlbUBsZXB0b24uaG4ub3JnPohcBBMRAgAcBQI9gXRL
-AhsDBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRC5b1yJnZKMmyZtAJ9Hg6g8PfvZLb/T