Debian Bug report logs -
#846892
pkg-mozilla-archive-keyring: build generates a keybox file instead of a gpg transferable key
Reported by: Clint Adams <clint@debian.org>
Date: Sat, 3 Dec 2016 23:36:04 UTC
Severity: serious
Tags: patch
Found in version pkg-mozilla-archive-keyring/1.1
Fixed in version pkg-mozilla-archive-keyring/1.2
Done: Mike Hommey <glandium@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, dkg@fifthhorseman.net, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#846892; Package pkg-mozilla-archive-keyring.
(Sat, 03 Dec 2016 23:36:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Clint Adams <clint@debian.org>:
New Bug report received and forwarded. Copy sent to dkg@fifthhorseman.net, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>.
(Sat, 03 Dec 2016 23:36:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: pkg-mozilla-archive-keyring
Version: 1.1
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
With gnupg 2 as the default, the $(KEYRING) target in debian/rules
generates a GPG keybox database version 1 instead of an RFC4880
OpenPGP Transferable Key, or "GPG key public ring".
All of the other keyrings in /etc/apt/trusted.gpg.d or /usr/share/keyrings
are in the latter format.
Also I suspect that this has an effect on the package's reproducibility
but I'm unsure because `kbxutil --cut` doesn't do what I expected it
to do.
Two ways this could be changed are
1) gpg --dearmor -o $@ $<
2) hot dearmor < $< > $@
Information forwarded
to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#846892; Package pkg-mozilla-archive-keyring.
(Tue, 08 Aug 2017 15:03:02 GMT) (full text, mbox, link).
Message #8 received at 846892@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: severity -1 serious
On Sat, Dec 03, 2016 at 11:33:25PM +0000, Clint Adams wrote:
> With gnupg 2 as the default, the $(KEYRING) target in debian/rules
> generates a GPG keybox database version 1 instead of an RFC4880
> OpenPGP Transferable Key, or "GPG key public ring".
>
> All of the other keyrings in /etc/apt/trusted.gpg.d or /usr/share/keyrings
> are in the latter format.
That's actually a problem, as a simple rebuild creates an unusable file.
> Also I suspect that this has an effect on the package's reproducibility
It does :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
[signature.asc (application/pgp-signature, inline)]
Severity set to 'serious' from 'normal'
Request was from Mattia Rizzolo <mattia@debian.org>
to 846892-submit@bugs.debian.org.
(Tue, 08 Aug 2017 15:03:02 GMT) (full text, mbox, link).
Reply sent
to Mike Hommey <glandium@debian.org>:
You have taken responsibility.
(Mon, 28 May 2018 00:39:04 GMT) (full text, mbox, link).
Notification sent
to Clint Adams <clint@debian.org>:
Bug acknowledged by developer.
(Mon, 28 May 2018 00:39:04 GMT) (full text, mbox, link).
Message #15 received at 846892-close@bugs.debian.org (full text, mbox, reply):
Source: pkg-mozilla-archive-keyring
Source-Version: 1.2
We believe that the bug you reported is fixed in the latest version of
pkg-mozilla-archive-keyring, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 846892@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated pkg-mozilla-archive-keyring package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 28 May 2018 09:11:51 +0900
Source: pkg-mozilla-archive-keyring
Binary: pkg-mozilla-archive-keyring
Architecture: source all
Version: 1.2
Distribution: unstable
Urgency: medium
Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description:
pkg-mozilla-archive-keyring - GnuPG archive keys for the Debian Mozilla team package repository
Closes: 846892 899787
Changes:
pkg-mozilla-archive-keyring (1.2) unstable; urgency=medium
.
* debian/rules:
- Touch the keyring before using gpg, so that gpg uses the PGP/GPG
key public ring (v4) format instead of GPG keybox database version
1. Closes: #846892.
- Use a temporary file when creating the keyring.
* debian/control:
- Move Maintainer off alioth. Closes: #899787.
- Bump Standards-Version to 4.1.4.
* debian/compat, debian/control: Bump to debhelper 10.
* debian/copyright: Update format URL.
Checksums-Sha1:
116bdd56b75cceb97be993c875fe1899398c347f 1590 pkg-mozilla-archive-keyring_1.2.dsc
1a55061f3154ef695d8ba2628eae18c447771d27 3584 pkg-mozilla-archive-keyring_1.2.tar.xz
3cb011a47821f1af3150a4ac7ee5d31f45461e3f 3800 pkg-mozilla-archive-keyring_1.2_all.deb
ae67ec1aed632eb04005651cd0da870741a00418 10861 pkg-mozilla-archive-keyring_1.2_amd64.buildinfo
Checksums-Sha256:
c969b687aeef20cf44718361d3595491c3a32b8c4386fea205af8650ed906bc7 1590 pkg-mozilla-archive-keyring_1.2.dsc
5dd07a4be6a3c0638b4e5511e32031020504c86aea64d9501c8f0fcc82327875 3584 pkg-mozilla-archive-keyring_1.2.tar.xz
4f06c563b7162315f5512c02eec04c313544074a020c09da264907e8126b94c5 3800 pkg-mozilla-archive-keyring_1.2_all.deb
e3a7ab1805dbeb0d555bbd6e5168a914bd0142fbb8b31079ca1eb53620528f58 10861 pkg-mozilla-archive-keyring_1.2_amd64.buildinfo
Files:
244ebceb8eabca40e5bdf1d366f83507 1590 utils extra pkg-mozilla-archive-keyring_1.2.dsc
79294e9870dc8fbd01e7055d69ef506e 3584 utils extra pkg-mozilla-archive-keyring_1.2.tar.xz
55a6302d61b40c5ef77754a24bfac05c 3800 utils extra pkg-mozilla-archive-keyring_1.2_all.deb
3f066c035ee992e39a5de9e073ca0422 10861 utils extra pkg-mozilla-archive-keyring_1.2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEGC4WHREwufzNfbFn5CqgT6aqjHIFAlsLSkUACgkQ5CqgT6aq
jHIMUg/+NHiaFhAGKXPsSsc17b3zwSjx5mm4MXtz05XL36BYmVpi+7+QWgBXEEdr
CFwcX2JURYuU3ixu4ysTTcRi9owqUahyZob7fiCpAYTqpZ0sOeNq3JvOolBx8P5F
hRqOVHcSqjvJMFVITFFbpLthPrNIHV4Rvq5UjCbX2g1FX85e6j2E2M6s2XXTo7g9
Jw7OoAKFcTykOCxOnaio+LVXzVxpJoNM52PB4HMgsGiww3DWRnIu/IkaTJFzCP5+
8010sYQJyYBWIpR5t2ueSQ3fTO5OiIgftOOEFd8LvlY9vrrPRRLyRyuTTRCJiTFF
R5IlMl3AHKwT5ShKrI7YNsXVW0t9EtWLemYmmjyri7Ow654j3IavCxBoisg9wBRk
F7NOp4TaANmjcRuASXX8yUb/HxAJR2fdgN3a5245NwOnNTOtX/04EvVFlRK2wXJd
AlCL4YFTcl7uwpGqSRrmv1+svVJrLG8LrEhDRPxA/82ChzrvS4k11So66FqnEHL2
tEpS3Qo9C4PZw/ThqSW3KEynlz/skIQoqrVUyBFSAsHHXBjfP0Q19xNJ7RTM4GjH
TCN7NK/GMy9k/K8cjRwmXNDBEwCjOYNnzpAKFcMOU5McwZqUXo0B1ey1PiPKWhuA
8YkkBy4I4vLk9zHkPsz797IGxUNN4OzC1x5LjOUngSAgaoOSHe0=
=ir5w
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 04 Aug 2019 07:57:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 14:02:30 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.