Home | Devuan | Git | Forum | Packages | Popcon
Donate now!
Download

Devuan bug report logs - #902
devuan-keyring: Archive keys not installed below /etc/apt/trusted.gpg.d

version graph

Package: devuan-keyring; Maintainer for devuan-keyring is Devuan Developers <devuan-dev@lists.dyne.org>; Source for devuan-keyring is src:devuan-keyring.

Reported by: Olaf Meeuwissen <paddy-hack@member.fsf.org>

Date: Sat, 9 Aug 2025 04:58:01 UTC

Severity: grave

Found in version devuan-keyring/2025.07.30

Fixed in version 2025.08.09

Done: dak@devuan.org

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: owner@bugs.devuan.org
From: "Devuan bug Tracking System" <owner@bugs.devuan.org>
To: Olaf Meeuwissen <paddy-hack@member.fsf.org>
Subject: bug#902 closed by dak@devuan.org (#902: fixed in src:devuan-keyring
 version 2025.08.09)
Message-ID: <handler.902.D902.17552706345801.notifdone@bugs.devuan.org>
References: <1755270602.849454.23928.nullmailer@dak.localnet.devuan.org>
 <175471541405.7365.13707578174712627271.reportbug@basecamp>
X-Devuan-PR-Message: they-closed 902
X-Devuan-PR-Package: devuan-keyring
X-Devuan-PR-Source: devuan-keyring
Reply-To: 902@bugs.devuan.org
Date: Fri, 15 Aug 2025 15:12:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1755270722-5821-1"

[Message part 1 (text/plain, inline)]
This is an automatic notification regarding your bug report
which was filed against the devuan-keyring package:

#902: devuan-keyring: Archive keys not installed below /etc/apt/trusted.gpg.d

It has been closed by dak@devuan.org.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact dak@devuan.org by
replying to this email.


-- 
902: https://bugs.devuan.org/cgi/bugreport.cgi?bug=902
Devuan Bug Tracking System
Contact owner@bugs.devuan.org with problems

[Message part 2 (message/rfc822, inline)]
From: dak@devuan.org
To: 902-done@bugs.devuan.org
Subject: #902: fixed in src:devuan-keyring version 2025.08.09
Date: Fri, 15 Aug 2025 15:10:02 +0000
Version: 2025.08.09

Source package devuan-keyring (2025.08.09) added to Devuan suite unstable.

This closes bug report 902.

Thanks

DAK managing the Devuan archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Aug 2025 14:58:32 +0100
Source: devuan-keyring
Architecture: source
Version: 2025.08.09
Distribution: unstable
Urgency: medium
Maintainer: Devuan Developers <devuan-dev@lists.dyne.org>
Changed-By: Mark Hindley <mark@hindley.org.uk>
Closes: 902
Changes:
 devuan-keyring (2025.08.09) unstable; urgency=medium
 .
   * Restore installation of keys (now armoured, as Debian) in
     /etc/apt/trusted.gpg.d. (Closes: #902)
Checksums-Sha1:
 281f4a70a4eba9b66f91018c4209650b8344cccc 1500 devuan-keyring_2025.08.09.dsc
 12d32af5be7aec10722bb231ccf370fab3183413 171472 devuan-keyring_2025.08.09.tar.xz
 24d690cce69a01cbebab6f2e4d6062a24345593e 6568 devuan-keyring_2025.08.09_source.buildinfo
Checksums-Sha256:
 8de02f5f4d875335383e40a9c9e106117f2d2ddd61ff203306388d17e0bfdc1e 1500 devuan-keyring_2025.08.09.dsc
 2f8c42ef762a1c371b49b2623ed153d0d8266cce78d68e0dc4a7b6734a66ef64 171472 devuan-keyring_2025.08.09.tar.xz
 a04e404a64dd28967edfacc1241e5f750c4ac957453006790406a18c303279fb 6568 devuan-keyring_2025.08.09_source.buildinfo
Files:
 2ee4e7f242a86658057df1df371af765 1500 misc optional devuan-keyring_2025.08.09.dsc
 d7379336aa7b441b957cc3f89f6d4c54 171472 misc optional devuan-keyring_2025.08.09.tar.xz
 af2b10553773f2cad6713382ab98c86c 6568 misc optional devuan-keyring_2025.08.09_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEcuPLdzMV36LkZHQ9lFMhJFQZIvsFAmifTawACgkQlFMhJFQZ
IvtqZgf/Z44bdm6NgXff7b4hAp4P+pekRbj7tfLwjEFyE4RO+C+8nYf6tImnn3pu
88ArL9H/HLivhGnZas3WgK8xz3S3KeHvpnvIdK1JKIM+4SNe/1q1q+aQ+ayVdzNh
IX9zOmVmOTIUXF9j9XHwbFEjHQ+EsSmGnxW8XQkAVrnM662Q/PkVlMYLnCei1MMA
6E7C4KMIBb+GNnFPhbhtXVxmnh3sDQ1OwEGVgbSEFVNZWLkPq/1P072X1zpDwY5I
Dzzazm9RPs3c80pKPrJsD1bYk51raQsdRt8Dl4ctcSxCrWsAhoEyiq7pVcAp+DBZ
eHMI87YS5apdiwDd+a5SA/e9PDCyCA==
=DYf2
-----END PGP SIGNATURE-----
[Message part 3 (message/rfc822, inline)]
From: Olaf Meeuwissen <paddy-hack@member.fsf.org>
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Subject: devuan-keyring: Archive keys not installed below /etc/apt/trusted.gpg.d
Date: Sat, 09 Aug 2025 13:56:54 +0900
Package: devuan-keyring
Version: 2025.07.30
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Until the 2025.06.02 version of this package, archive keys were
installed under /etc/apt/trusted.gpg.d/.  However, 2025.07.30 no
longer does.

This prevents downloading anything from the package archives without
errors like this

  $ apt-get update
  Get:1 http://deb.devuan.org/merged ceres InRelease [47.6 kB]
  Err:1 http://deb.devuan.org/merged ceres InRelease
    The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 94532124541922FB
  Reading package lists...
  W: OpenPGP signature verification failed: http://deb.devuan.org/merged ceres InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 94532124541922FB
  E: The repository 'http://deb.devuan.org/merged ceres InRelease' is not signed.

I found out after trying the above command in a freshly debootstrapped
`ceres` for the official Devuan Docker container images I maintain.
See https://git.devuan.org/paddy-hack/container-images/issues/62

To illustrate the issue,

  $ dpkg-deb -c devuan-keyring_2025.06.02_all.deb | grep /etc/apt/trusted.gpg.d
  drwxr-xr-x root/root         0 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/
  -rw-r--r-- root/root      7067 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg
  -rw-r--r-- root/root      9964 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-2022-archive.gpg
  -rw-r--r-- root/root      5481 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-amprolla-2022-archive.gpg
  -rw-r--r-- root/root      4594 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-daedalus-archive.gpg
  -rw-r--r-- root/root      4595 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-excalibur-archive.gpg
  -rw-r--r-- root/root      5226 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-freia-archive.gpg
  $ dpkg-deb -c devuan-keyring_2025.07.30_all.deb | grep /etc/apt/trusted.gpg.d

-- System Information:
Architecture: x86_64

Kernel: Linux 6.12.38+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: runit (via /run/runit.stopit)
LSM: AppArmor: enabled

devuan-keyring depends on no packages.

devuan-keyring recommends no packages.

devuan-keyring suggests no packages.

-- no debconf information

Send a report that this bug log contains spam.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Tue Aug 19 05:35:13 2025;