Open fd98279 opened 5 years ago
Saw the same error today. I got it to work by specifying gpg1
rather than gpg
when running the key import command:
gpg1 --no-default-keyring --keyring trustedkeys.gpg --keyserver pool.sks-keyservers.net --recv-keys 8B48AD6246925553 7638D0442B90D010 EF0F382A1A7B6500
I'm not sure this is the "right" thing to do, but it does cause the commands to succeed.
Looks like it does not work with gpg2
I have the same issue. I've debugged a lot and here are my results:
If I run the command using internal
as gpg provider
aptly -keyring=trustedkeys.gpg -gpg-provider=internal mirror create
I get the following error:
openpgp: invalid data: tag byte does not have MSB set
So I looked for similar issues and I found this one.
As written there, a way to fix the issue is to export the keyring file again to have everything in the right format. My command:
gpg --no-default-keyring --keyring /root/.gnupg/trustedkeys.gpg --export --output /root/.gnupg/newkeyring.gpg
Running aptly -keyring=newkeyring.gpg mirror create
works fine now.
But to the wrong format problem, this had to happen when we imported the keys like in
gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export | gpg --no-default-keyring --keyring /root/.gnupg/trustedkeys.gpg --import
.
I retried the whole thing but using the >
command (instead of gpg --import
) to write the export directly into a file and surprise, the aptly mirror create
works out of the box.
So use gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export > /root/.gnupg/trustedkeys.gpg
at the beginning and you should be fine.
gpgv: keydb_search failed: invalid packet
Detailed Description
Trying to run this command as per tutorial on Debian 10 (Worked on Ubuntu 18.04) . Fails with error: aptly mirror create -architectures=amd64 -keyring=trustedkeys.gpg -filter='Priority (required) | Priority (important) | Priority (standard)' stretch-main http://ftp.us.debian.org/debian/ stretch main Downloading http://ftp.us.debian.org/debian/dists/stretch/InRelease... Downloading http://ftp.us.debian.org/debian/dists/stretch/Release... Downloading http://ftp.us.debian.org/debian/dists/stretch/Release.gpg... gpgv: Signature made Sat 16 Feb 2019 10:57:48 AM UTC using RSA key ID 46925553 gpgv: [don't know]: invalid packet (ctb=00) gpgv: keydb_search failed: invalid packet gpgv: Can't check signature: public key not found gpgv: Signature made Sat 16 Feb 2019 10:57:48 AM UTC using RSA key ID 2B90D010 gpgv: [don't know]: invalid packet (ctb=00) gpgv: keydb_search failed: invalid packet gpgv: Can't check signature: public key not found gpgv: Signature made Sat 16 Feb 2019 11:04:31 AM UTC using RSA key ID 1A7B6500 gpgv: [don't know]: invalid packet (ctb=00) gpgv: keydb_search failed: invalid packet gpgv: Can't check signature: public key not found ERROR: unable to fetch mirror: verification of detached signature failed: exit status 2
I executed this command to add the public keys to the keyring (as suggested by the aptly mirror create command): gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver pool.sks-keyservers.net --recv-keys 8B48AD6246925553 7638D0442B90D010 EF0F382A1A7B6500
Keys in my trustedkeys.gpg keyring: $ gpg --no-default-keyring --keyring trustedkeys.gpg --list-keys ~/.gnupg/trustedkeys.gpg
pub rsa4096 2017-05-20 [SC] [expires: 2025-05-18] 067E3C456BAE240ACEE88F6FEF0F382A1A7B6500 uid [ unknown] Debian Stable Release Key (9/stretch) debian-release@lists.debian.org
pub rsa4096 2014-11-21 [SC] [expires: 2022-11-19] 126C0D24BD8A2942CC7DF8AC7638D0442B90D010 uid [ unknown] Debian Archive Automatic Signing Key (8/jessie) ftpmaster@debian.org
pub rsa4096 2012-04-27 [SC] [expires: 2020-04-25] A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553 uid [ unknown] Debian Archive Automatic Signing Key (7.0/wheezy) ftpmaster@debian.org
Context
Possible Implementation
Your Environment
Debain 10
$ dpkg -l | grep gpg ii gpg 2.2.12-1 amd64 GNU Privacy Guard -- minimalist public key operations ii gpg-agent 2.2.12-1 amd64 GNU privacy guard - cryptographic agent ii gpg-wks-client 2.2.12-1 amd64 GNU privacy guard - Web Key Service client ii gpg-wks-server 2.2.12-1 amd64 GNU privacy guard - Web Key Service server ii gpgconf 2.2.12-1 amd64 GNU privacy guard - core configuration utilities ii gpgsm 2.2.12-1 amd64 GNU privacy guard - S/MIME version ii gpgv 2.2.12-1 amd64 GNU privacy guard - signature verification tool ii gpgv1 1.4.23-1 amd64 GNU privacy guard - signature verification tool (deprecated "classic" version) ii libgpg-error0:amd64 1.35-1 amd64 GnuPG development runtime library