[pkg-gnupg-maint] Bug#872525: debian-archive-keyring FTBFS with gnupg 2.1.23

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Aug 18 07:46:30 UTC 2017 

On Fri 2017-08-18 10:02:49 +0300, Adrian Bunk wrote:
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/debian-archive-keyring.html
>
> ...
> gpg --no-options --no-default-keyring --no-auto-check-trustdb --trustdb-name ./trustdb.gpg \
> 	--keyring keyrings/team-members.gpg --verify \
> 	keyrings/debian-archive-keyring.gpg.asc \
> 	keyrings/debian-archive-keyring.gpg
> gpg: Signature made Thu May 25 06:30:03 2017 -12
> gpg:                using RSA key C5CE5DC2C542CD59
> gpg: BAD signature from "Adam D. Barratt <adam at adam-barratt.org.uk>" [unknown]
> Makefile:17: recipe for target 'verify-results' failed
> make[1]: *** [verify-results] Error 1
> make[1]: Leaving directory '/build/1st/debian-archive-keyring-2017.5'
> dh_auto_build: make -j1 returned exit code 2
> debian/rules:3: recipe for target 'build' failed
> make: *** [build] Error 2
>
>
> Works after downgrading gnupg to the buster version.
>
> The Debian GnuPG Maintainers are Cc'ed, please reassign
> if the bug turns out to be there.

The difference between the keyrings is the trust packets:

0 dkg at alice:/tmp/cdtemp.kXzrYG/debian-archive-keyring-2017.5$ diff -u <(pgpdump < /usr/share/keyrings/debian-archive-keyring.gpg) <(pgpdump < keyrings/debian-archive-keyring.gpg) | head -n 30
--- /dev/fd/63	2017-08-18 03:30:23.802753003 -0400
+++ /dev/fd/62	2017-08-18 03:30:23.806753375 -0400
@@ -4,8 +4,12 @@
 	Pub alg - RSA Encrypt or Sign(pub 1)
 	RSA n(4096 bits) - ...
 	RSA e(17 bits) - ...
+Old: Trust Packet(tag 12)(12 bytes)
+	Trust - 00 00 67 70 67 01 00 00 00 00 00 00 
 Old: User ID Packet(tag 13)(59 bytes)
 	User ID - Wheezy Stable Release Key <debian-release at lists.debian.org>
+Old: Trust Packet(tag 12)(12 bytes)
+	Trust - 00 00 67 70 67 02 00 00 00 00 00 00 
 Old: Signature Packet(tag 2)(573 bytes)
 	Ver 4 - new
 	Sig type - Positive certification of a User ID and Public Key packet(0x13).
@@ -42,8 +46,8 @@
 	Hash left 2 bytes - cd 52 
 	RSA m^d mod n(4094 bits) - ...
 		-> PKCS-1
-Old: Trust Packet(tag 12)(2 bytes)
-	Trust - 00 03 
+Old: Trust Packet(tag 12)(6 bytes)
+	Trust - 00 03 67 70 67 00 
 Old: Signature Packet(tag 2)(540 bytes)
 	Ver 4 - new
 	Sig type - Generic certification of a User ID and Public Key packet(0x10).
@@ -56,8 +60,8 @@
 	Hash left 2 bytes - 43 61 
 	RSA m^d mod n(4096 bits) - ...
 		-> PKCS-1
0 dkg at alice:/tmp/cdtemp.kXzrYG/debian-archive-keyring-2017.5$ 



This is happening because of a combination of several factors:

One of them is https://bugs.debian.org/870780 -- the
debian-archive-keyring really shouldn't have OpenPGP trust packets in it
in the first place.  Those are deliberately underspecified and
vendor-specific:

  https://tools.ietf.org/html/rfc4880#section-5.10

  5.10.  Trust Packet (Tag 12)

   The Trust packet is used only within keyrings and is not normally
   exported.  Trust packets contain data that record the user's
   specifications of which key holders are trustworthy introducers,
   along with other information that implementing software uses for
   trust information.  The format of Trust packets is defined by a given
   implementation.

   Trust packets SHOULD NOT be emitted to output streams that are
   transferred to other users, and they SHOULD be ignored on any input
   other than local keyring files.



The larger problem here is that jetring (and debian-archive-keyring, and
anything else which uses jetring) seems to assume some things about what
GnuPG does with the contents of ~/.gnupg.

GnuPG upstream has been increasingly clear for several years now that if
you want portable, interoperable, or outward-facing stability from
GnuPG, you need to use its established interfaces, and not make
assumptions about what it's doing inside ~/.gnupg .  For example, the
creation of an exportable OpenPGP keyring (that is, linear concatenation
of OpenPGP packets representing an OpenPGP certificate) should be done
with --export, not with --keyring and then fishing around in the binarys
contents of the keyring itself.

GnuPG 2.1.23 is recording additional information (as compared to
previous versions) in the "Trust Packets" that it keeps in its internal
keyring.  This is fully in keeping with the OpenPGP spec.

If #870780 was resolved (perhaps by fixing jetring to use GnuPG's
external interfaces?) and a new debian-archive-keyring.gpg.asc was
created by Adam (or some other member of the team) then i think this
problem would go away.

Please do not fish out internal data structures from GnuPG's cache and
expect them to be constant across versions of GnuPG!  AFAIK, GnuPG
itself is able to read and interpret keyrings across versions, but it
isn't going to necessarily keep them entirely untouched because it uses
trust packets to cache its calculated validity and other information.

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170818/6f0761f4/attachment.sig>

More information about the pkg-gnupg-maint mailing list