#2044 closed defect (fixed)

i2p-keyring on debian stable/stretch not working

Reported by: echelon Owned by: zzz
Priority: major Milestone: 0.9.32
Component: package/debian Version: 0.9.31
Keywords: Cc:
Parent Tickets:

Description

hi

dpkg -i i2p-keyring_2017.09.18_all.deb
Selecting previously unselected package i2p-keyring.
(Reading database ... 338993 files and directories currently installed.)
Preparing to unpack i2p-keyring_2017.09.18_all.deb ...
Unpacking i2p-keyring (2017.09.18) ...
Setting up i2p-keyring (2017.09.18) ...
Adding/refreshing keys:

67ECE5605BCF1346 1381446626 [ expires 1539458811 ]

... Warning: apt-key should not be used in scripts (called from postinst maintainerscript of the package i2p-keyring)
gpg: no valid OpenPGP data found.
dpkg: error processing package i2p-keyring (--install):

subprocess installed post-installation script returned error exit status 2

Errors were encountered while processing:

i2p-keyring

Subtickets

Change History (5)

comment:1 Changed 18 months ago by zzz

  • Milestone changed from undecided to 0.9.32
  • Status changed from new to accepted

I don't know how I broke it but I need to fix it quick, old key expires 10/1.
I just updated the key and followed the instructions I left myself last year.

Thanks to val on IRC:

<val_> So, anyway, I wanted to create a bug for Debian repository: i2p-keyring won't update or install anymore.
* anyone (anyone@dtve5mmucuguxvy6zcm6zquhawka3om2wbs7l7mlhlxjes7xikca.b32.i2p) has joined
<val_> https://paste.ee/p/3135L
<val_> that's with set -x on top of i2p-keyring.postinst: https://paste.ee/p/NojzR


Reading package lists... Done
Building dependency tree       
Reading state information... Done
i2p-keyring is already the newest version.
The following packages were automatically installed and are no longer required:
  dns-root-data libmnl0 libnetfilter-conntrack3
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] 
Setting up i2p-keyring (2017.09.18) ...
+ KEYRING=/usr/share/keyrings/i2p-archive-keyring.gpg
+ REMOVED_KEYS=/usr/share/keyrings/i2p-archive-removed-keys.gpg
+ mktemp --tmpdir trustdb.gpg.XXXXXXXXXX
+ TRUSTDB=/tmp/trustdb.gpg.TWlz8Yti7w
+ trap cleanup 0
+ [ ! -x /usr/bin/apt-key ]
+ postinst configure 
+ sync_keys update
+ action=update
+ [ -s /usr/share/keyrings/i2p-archive-keyring.gpg ]
+ [ update = update ]
+ echo Adding/refreshing keys:
Adding/refreshing keys:
+ read key
+ list_keys --keyring /usr/share/keyrings/i2p-archive-keyring.gpg
+ run_gpg --with-colons --list-keys --keyring /usr/share/keyrings/i2p-archive-keyring.gpg
+ [ -f /tmp/trustdb.gpg.TWlz8Yti7w ]
+ [ ! -s /tmp/trustdb.gpg.TWlz8Yti7w ]
+ rm -f /tmp/trustdb.gpg.TWlz8Yti7w
+ grep ^pub
+ gpg --homedir=/dev/null --secret-keyring=/dev/null --trustdb-name=/tmp/trustdb.gpg.TWlz8Yti7w --batch --ignore-time-conflict --no-options --lock-never --no-auto-check-trustdb --no-default-keyring --with-colons --list-keys --keyring /usr/share/keyrings/i2p-archive-keyring.gpg
+ echo -n ... 
... + apt-key add /usr/share/keyrings/i2p-archive-keyring.gpg
gpg: no valid OpenPGP data found.
+ cleanup
+ [ -f /tmp/trustdb.gpg.TWlz8Yti7w ]
+ rm -f /tmp/trustdb.gpg.TWlz8Yti7w
dpkg: error processing package i2p-keyring (--configure):
 subprocess installed post-installation script returned error exit status 2
dpkg: dependency problems prevent configuration of killyourtv-keyring:
 killyourtv-keyring depends on i2p-keyring; however:
  Package i2p-keyring is not configured yet.

dpkg: error processing package killyourtv-keyring (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 i2p-keyring
 killyourtv-keyring
E: Sub-process /usr/bin/dpkg returned an error code (1)

comment:2 Changed 18 months ago by zzz

This appears to be caused by a change in apt-key, or, rather, a change in gpg that apt-key doesn't support.

man apt-key:

SUPPORTED KEYRING FILES

apt-key supports only the binary OpenPGP format (also known as "GPG key public ring") in files with the
"gpg" extension, not the keybox database format introduced in newer gpg(1) versions as default for
keyring files. Binary keyring files intended to be used with any apt version should therefore always be
created with gpg --export.

Alternatively, if all systems which should be using the created keyring have at least apt version >= 1.4
installed, you can use the ASCII armored format with the "asc" extension instead which can be created
with gpg --armor --export.

comment:3 Changed 18 months ago by zzz

  • Resolution set to fixed
  • Status changed from accepted to closed

Broken by GPG changes, not by the 2017-09-18 i2p-keyring package. Fixed by changing the way the keys are imported in 2017-09-20 i2p-keyring package.

Advice further down in the apt-get manual says that keys should be stored directly in /etc/apt/trusted.gpg.d/ , and there's now a dkpg lint warning about using apt-key in scripts, but ignored all that and just fixed the import as the simplest way for now.

comment:4 Changed 18 months ago by zzz

  • Resolution fixed deleted
  • Status changed from closed to reopened

reopening, doesn't work on old stable with old gpg

comment:5 Changed 18 months ago by zzz

  • Resolution set to fixed
  • Status changed from reopened to closed

Fixed in version 2017-09-21 by using newer binary keyring format rather than old keybox format.

Note: See TracTickets for help on using tickets.