[Pkg-rust-maintainers] Bug#1128841: sqv does not parse keyring that works with gpgv
Guillem Jover
guillem at debian.org
Mon Feb 23 17:24:22 GMT 2026
Hi!
On Mon, 2026-02-23 at 17:49:25 +0100, Bernhard E. Reiter wrote:
> Package: sqv
> Version: 1.3.0-3+b2
> Severity: normal
> X-Debbugs-Cc: bernhard at intevation.de
> Following the instuction at the bottom of
> https://repos.gnupg.org/deb/gnupg/trixie/
>
> E.g. one variant:
> gpg \
> --no-default-keyring \
> --keyring /usr/share/keyrings/gnupg-keyring.gpg \
> --fetch-keys https://repos.gnupg.org/deb/gnupg/trixie/gnupg-signing-key.gpg
>
> leads to /usr/share/keyrings/gnupg-keyring.gpg
> which cannot be parsed by sqv and makes apt-upgrade and the instructions
> fail with
>
> apt-update
> [..]
>
> Get:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease [3761 B]
> Err:4 https://repos.gnupg.org/deb/gnupg/trixie trixie InRelease
> Sub-process /usr/bin/sqv returned an error code (1), error message is: Error: Failed to parse keyring "/usr/share/keyrings/gnupg-keyring.gpg" Caused by: 0: Reading "/usr/share/keyrings/gnupg-keyring.gpg": EOF 1: EOF
>
> Expectation is that apt-update can work with that repository
> and its keyring.
I think this report is invalid, because I'm assuming the keyring generated
is in the non-portable GnuPG specific KeyBox format. GnuPG should have
mentioned this during the generation of the keyring, otherwise can be
confirmed with file(1).
The correct options are to either download the keyring with wget/curl,
or to download it with gpg, and then --export it into a proper OpenPGP
formatted keyring.
> This is a regression from my point of view.
I don't think this is a regression, as the usage seems invalid to me.
Thanks,
Guillem
More information about the Pkg-rust-maintainers
mailing list