Devuan bug report logs -
#902
devuan-keyring: Archive keys not installed below /etc/apt/trusted.gpg.d
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to devuan-bugs@lists.dyne.org, Devuan Developers <devuan-dev@lists.dyne.org>:
bug#902; Package devuan-keyring.
(Sat, 09 Aug 2025 04:58:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Olaf Meeuwissen <paddy-hack@member.fsf.org>:
New bug report received and forwarded. Copy sent to Devuan Developers <devuan-dev@lists.dyne.org>.
(Sat, 09 Aug 2025 04:58:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):
Package: devuan-keyring
Version: 2025.07.30
Severity: grave
Justification: renders package unusable
Dear Maintainer,
Until the 2025.06.02 version of this package, archive keys were
installed under /etc/apt/trusted.gpg.d/. However, 2025.07.30 no
longer does.
This prevents downloading anything from the package archives without
errors like this
$ apt-get update
Get:1 http://deb.devuan.org/merged ceres InRelease [47.6 kB]
Err:1 http://deb.devuan.org/merged ceres InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 94532124541922FB
Reading package lists...
W: OpenPGP signature verification failed: http://deb.devuan.org/merged ceres InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 94532124541922FB
E: The repository 'http://deb.devuan.org/merged ceres InRelease' is not signed.
I found out after trying the above command in a freshly debootstrapped
`ceres` for the official Devuan Docker container images I maintain.
See https://git.devuan.org/paddy-hack/container-images/issues/62
To illustrate the issue,
$ dpkg-deb -c devuan-keyring_2025.06.02_all.deb | grep /etc/apt/trusted.gpg.d
drwxr-xr-x root/root 0 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/
-rw-r--r-- root/root 7067 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg
-rw-r--r-- root/root 9964 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-2022-archive.gpg
-rw-r--r-- root/root 5481 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-amprolla-2022-archive.gpg
-rw-r--r-- root/root 4594 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-daedalus-archive.gpg
-rw-r--r-- root/root 4595 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-excalibur-archive.gpg
-rw-r--r-- root/root 5226 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-freia-archive.gpg
$ dpkg-deb -c devuan-keyring_2025.07.30_all.deb | grep /etc/apt/trusted.gpg.d
-- System Information:
Architecture: x86_64
Kernel: Linux 6.12.38+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: runit (via /run/runit.stopit)
LSM: AppArmor: enabled
devuan-keyring depends on no packages.
devuan-keyring recommends no packages.
devuan-keyring suggests no packages.
-- no debconf information
Information forwarded
to devuan-bugs@lists.dyne.org, Devuan Developers <devuan-dev@lists.dyne.org>:
bug#902; Package devuan-keyring.
(Sat, 09 Aug 2025 17:06:01 GMT) (full text, mbox, link).
Message #8 received at 902@bugs.devuan.org (full text, mbox, reply):
Olaf,
Thanks for this.
I propose the attached changes which
- restore installation of keys in /etc/apt/trusted.gpg
- change the keys to ascii armoured (as Debian already does)
- handles the renamed conffiles.
Boian,
Any comments?
Mark
diff --git a/Makefile b/Makefile
index 391fa64..35b5fe8 100644
--- a/Makefile
+++ b/Makefile
@@ -8,10 +8,13 @@ INDIVIDUAL_KEYS := $(wildcard public_keys/individual/*.pgp)
ARCHIVE_KEYS := $(wildcard public_keys/archive/*.pgp)
REMOVED_KEYS := $(wildcard public_keys/removed/*.pgp)
-all: keyrings/devuan-archive-keyring.pgp keyrings/devuan-keyring.pgp keyrings/devuan-removed-keys.pgp
+all: keyrings/devuan-archive-keyring.pgp keyrings/devuan-keyring.pgp keyrings/devuan-removed-keys.pgp $(patsubst %.pgp,%.asc,$(ARCHIVE_KEYS))
.DELETE_ON_ERROR:
+%.asc : %.pgp
+ gpg --armor --export --no-default-keyring --keyring $< > $@
+
keyrings/gnupg:
install -m700 -d $@
@@ -49,6 +52,6 @@ refresh: | keyrings/gnupg
done
clean:
- rm -fr keyrings
+ rm -fr keyrings public_keys/archive/*.asc
.PHONY: clean refresh
diff --git a/debian/changelog b/debian/changelog
index 5fb94a8..a851aba 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+devuan-keyring (2025.08.09) unstable; urgency=medium
+
+ * Restore installation of keys (now ascii armoured, as Debian) in
+ /etc/apt/trusted.gpg.d. (Closes: #902)
+
+ -- Mark Hindley <mark@hindley.org.uk> Sat, 09 Aug 2025 14:58:32 +0100
+
devuan-keyring (2025.07.30) unstable; urgency=medium
[ Boian Bonev ]
diff --git a/debian/install b/debian/install
index 92b5554..17299a5 100644
--- a/debian/install
+++ b/debian/install
@@ -1,2 +1,3 @@
keyrings/devuan-*.pgp /usr/share/keyrings
keyrings/devuan-*.gpg /usr/share/keyrings
+public_keys/archive/*.asc /etc/apt/trusted.gpg.d
diff --git a/debian/maintscript b/debian/maintscript
new file mode 100644
index 0000000..34172df
--- /dev/null
+++ b/debian/maintscript
@@ -0,0 +1,7 @@
+mv_conffile /etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg /etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.asc 2025-08-09
+mv_conffile /etc/apt/trusted.gpg.d/devuan-keyring-2022-archive.gpg /etc/apt/trusted.gpg.d/devuan-keyring-2022-archive.asc 2025-08-09
+mv_conffile /etc/apt/trusted.gpg.d/devuan-keyring-amprolla-2022-archive.gpg /etc/apt/trusted.gpg.d/devuan-keyring-amprolla-2022-archive.asc 2025-08-09
+mv_conffile /etc/apt/trusted.gpg.d/devuan-keyring-daedalus-archive.gpg /etc/apt/trusted.gpg.d/devuan-keyring-daedalus-archive.asc 2025-08-09
+mv_conffile /etc/apt/trusted.gpg.d/devuan-keyring-dak-2025-archive.gpg /etc/apt/trusted.gpg.d/devuan-keyring-dak-2025-archive.asc 2025-08-09
+mv_conffile /etc/apt/trusted.gpg.d/devuan-keyring-excalibur-archive.gpg /etc/apt/trusted.gpg.d/devuan-keyring-excalibur-archive.asc
+mv_conffile /etc/apt/trusted.gpg.d/devuan-keyring-freia-archive.gpg /etc/apt/trusted.gpg.d/devuan-keyring-freia-archive.asc
Information forwarded
to devuan-bugs@lists.dyne.org, Devuan Developers <devuan-dev@lists.dyne.org>:
bug#902; Package devuan-keyring.
(Sun, 10 Aug 2025 00:50:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Olaf Meeuwissen <olaf@ueda.ne.jp>:
Extra info received and forwarded to list. Copy sent to Devuan Developers <devuan-dev@lists.dyne.org>.
(Sun, 10 Aug 2025 00:50:03 GMT) (full text, mbox, link).
Message #13 received at 902@bugs.devuan.org (full text, mbox, reply):
Mark,
Thanks for the quick response on this.
Two nitpicks:
- s/ascii/ASCII/g, to avoid confusion with Devuan's ascii release ;-)
- /etc/apt/trusted.gpg.d/ becomes a bit of a misnomer when it only has
*.asc files
One question:
- Does the patch also add /var/lib/dpkg/info/devuan-keyring.conffiles?
That file was missing after installing 2025.07.30.
Hope this helps,
--
Olaf Meeuwissen
Information forwarded
to devuan-bugs@lists.dyne.org, Devuan Developers <devuan-dev@lists.dyne.org>:
bug#902; Package devuan-keyring.
(Sun, 10 Aug 2025 06:26:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mark Hindley <mark@hindley.org.uk>:
Extra info received and forwarded to list. Copy sent to Devuan Developers <devuan-dev@lists.dyne.org>.
(Sun, 10 Aug 2025 06:26:03 GMT) (full text, mbox, link).
Message #18 received at 902@bugs.devuan.org (full text, mbox, reply):
Olaf,
Thanks.
On Sun, Aug 10, 2025 at 09:41:41AM +0900, Olaf Meeuwissen wrote:
> Two nitpicks:
> - s/ascii/ASCII/g, to avoid confusion with Devuan's ascii release ;-)
Good point: even the Devuan release is occasionally uppercase. I will remove it
completely and just refer to 'armoured'.
> - /etc/apt/trusted.gpg.d/ becomes a bit of a misnomer when it only has
> *.asc files
Yes. That requires coordination with apt. I expect that will get updated in
Debian during the next cycle.
> One question:
> - Does the patch also add /var/lib/dpkg/info/devuan-keyring.conffiles?
> That file was missing after installing 2025.07.30.
Yes, that is restored and contains
/etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.asc
/etc/apt/trusted.gpg.d/devuan-keyring-2022-archive.asc
/etc/apt/trusted.gpg.d/devuan-keyring-amprolla-2022-archive.asc
/etc/apt/trusted.gpg.d/devuan-keyring-daedalus-archive.asc
/etc/apt/trusted.gpg.d/devuan-keyring-dak-2025-archive.asc
/etc/apt/trusted.gpg.d/devuan-keyring-excalibur-archive.asc
/etc/apt/trusted.gpg.d/devuan-keyring-freia-archive.asc
/etc/apt/trusted.gpg.d/devuan-keyring-gryphon-archive.asc
Once I have and ACK from Boian, I will build.
Mark
Information forwarded
to devuan-bugs@lists.dyne.org, Devuan Developers <devuan-dev@lists.dyne.org>:
bug#902; Package devuan-keyring.
(Sun, 10 Aug 2025 12:46:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Boian Bonev <bbonev@devuan.org>:
Extra info received and forwarded to list. Copy sent to Devuan Developers <devuan-dev@lists.dyne.org>.
(Sun, 10 Aug 2025 12:46:03 GMT) (full text, mbox, link).
Message #23 received at 902@bugs.devuan.org (full text, mbox, reply):
Hi,
I was trying to reproduce w/o success... Tried all combinations of
gpgv/sqv and whats not else. Then did a fresh debootstrap and the
problem is present there.
The difference between my test system and the new chroot came to be
modernized apt sources (apt modernize-sources). That includes:
Signed-By: /usr/share/keyrings/devuan-archive-keyring.gpg
which obviously resolves the problem. And that was the reason my
testing of the devuan-keyring showed no problems before it got built :(
Let's restore the .asc files in /etc/apt/trusted.gpg.d/
and keep the pgp extension change (including the gpg symlinks). That is
most closely following debian-archive-keyring.
With best regards,
b.
Reply sent
to dak@devuan.org:
You have taken responsibility.
(Fri, 15 Aug 2025 15:12:01 GMT) (full text, mbox, link).
Notification sent
to Olaf Meeuwissen <paddy-hack@member.fsf.org>:
bug acknowledged by developer.
(Fri, 15 Aug 2025 15:12:02 GMT) (full text, mbox, link).
Message #28 received at 902-done@bugs.devuan.org (full text, mbox, reply):
Version: 2025.08.09
Source package devuan-keyring (2025.08.09) added to Devuan suite unstable.
This closes bug report 902.
Thanks
DAK managing the Devuan archive
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 09 Aug 2025 14:58:32 +0100
Source: devuan-keyring
Architecture: source
Version: 2025.08.09
Distribution: unstable
Urgency: medium
Maintainer: Devuan Developers <devuan-dev@lists.dyne.org>
Changed-By: Mark Hindley <mark@hindley.org.uk>
Closes: 902
Changes:
devuan-keyring (2025.08.09) unstable; urgency=medium
.
* Restore installation of keys (now armoured, as Debian) in
/etc/apt/trusted.gpg.d. (Closes: #902)
Checksums-Sha1:
281f4a70a4eba9b66f91018c4209650b8344cccc 1500 devuan-keyring_2025.08.09.dsc
12d32af5be7aec10722bb231ccf370fab3183413 171472 devuan-keyring_2025.08.09.tar.xz
24d690cce69a01cbebab6f2e4d6062a24345593e 6568 devuan-keyring_2025.08.09_source.buildinfo
Checksums-Sha256:
8de02f5f4d875335383e40a9c9e106117f2d2ddd61ff203306388d17e0bfdc1e 1500 devuan-keyring_2025.08.09.dsc
2f8c42ef762a1c371b49b2623ed153d0d8266cce78d68e0dc4a7b6734a66ef64 171472 devuan-keyring_2025.08.09.tar.xz
a04e404a64dd28967edfacc1241e5f750c4ac957453006790406a18c303279fb 6568 devuan-keyring_2025.08.09_source.buildinfo
Files:
2ee4e7f242a86658057df1df371af765 1500 misc optional devuan-keyring_2025.08.09.dsc
d7379336aa7b441b957cc3f89f6d4c54 171472 misc optional devuan-keyring_2025.08.09.tar.xz
af2b10553773f2cad6713382ab98c86c 6568 misc optional devuan-keyring_2025.08.09_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEcuPLdzMV36LkZHQ9lFMhJFQZIvsFAmifTawACgkQlFMhJFQZ
IvtqZgf/Z44bdm6NgXff7b4hAp4P+pekRbj7tfLwjEFyE4RO+C+8nYf6tImnn3pu
88ArL9H/HLivhGnZas3WgK8xz3S3KeHvpnvIdK1JKIM+4SNe/1q1q+aQ+ayVdzNh
IX9zOmVmOTIUXF9j9XHwbFEjHQ+EsSmGnxW8XQkAVrnM662Q/PkVlMYLnCei1MMA
6E7C4KMIBb+GNnFPhbhtXVxmnh3sDQ1OwEGVgbSEFVNZWLkPq/1P072X1zpDwY5I
Dzzazm9RPs3c80pKPrJsD1bYk51raQsdRt8Dl4ctcSxCrWsAhoEyiq7pVcAp+DBZ
eHMI87YS5apdiwDd+a5SA/e9PDCyCA==
=DYf2
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.