Bug#984884: libgcrypt20: Unknown error executing apt-key [Bullseye]

Davide Prina davide.prina at gmail.com
Tue Mar 9 17:43:31 GMT 2021 

Package: libgcrypt20
Version: 1.8.7-3
Severity: critical

I set it as critical because user cannot anymore upgrade their system, 
please adjust Severity if you think it not correct. Note that this can 
be also a security problem because very old libgcrypt20 is in use.

Some users in Italian mailing list have reported that they have an error 
when they try upgrade/install packages:

# apt update
Get:1 http://deb.debian.org/debian bullseye InRelease [142 kB]
Err:1 http://deb.debian.org/debian bullseye InRelease
   Unknown error executing apt-key
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository 
is not updated and the previous index files will be used. GPG error: 
http://deb.debian.org/debian bullseye InRelease: Unknown error executing 
apt-key
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease 
  Unknown error executing apt-key
W: Some index files failed to download. They have been ignored, or old 
ones used instead.

dig the problem we found that they have the following files on their system:

$ /sbin/ldconfig -p | grep libgcrypt
     libgcrypt.so.20 (libc6,x86-64) => /lib/x86_64-linux-gnu/libgcrypt.so.20
     libgcrypt.so.20 (libc6,x86-64) => 
/usr/lib/x86_64-linux-gnu/libgcrypt.so.20

$ ls -l /lib/x86_64-linux-gnu/libgcrypt.so.20
lrwxrwxrwx 1 root root 19 17 mar  2020 
/lib/x86_64-linux-gnu/libgcrypt.so.20 -> libgcrypt.so.20.1.5
$ ls -l /lib/x86_64-linux-gnu/libgcrypt.so.20.1.5
-rw-r--r-- 1 root root 1112184 14 gen  2017 
/lib/x86_64-linux-gnu/libgcrypt.so.20.1.5

but these files are from package migrated to testing in:
[2017-01-25] libgcrypt20 1.7.5-3 MIGRATED to testing (Debian testing 
watch)[¹]

So for some reason when the library path change they have not been deleted.

All users with that problem cannot use apt to solve the issue.

I know that the user that report the problem has not the security 
repository in its sources.list file.

I suggest to check that those file are removed from
/lib/x86_64-linux-gnu/
in all new libgcrypt20 new version, elsewhere when Bullseye become 
stable more user can have that problem.

Ciao
Davide

[¹]
https://tracker.debian.org/pkg/libgcrypt20/news/?page=3
https://snapshot.debian.org/archive/debian/20170114T162918Z/pool/main/libg/libgcrypt20/libgcrypt20_1.7.5-3_amd64.deb

More information about the Pkg-gnutls-maint mailing list