Your message dated Sat, 03 Dec 2016 18:21:33 +0000 with message-id <[email protected]> and subject line Bug#845963: fixed in multistrap 2.2.2 has caused the Debian Bug report #845963, regarding multistrap triest to feed "GPG keybox database version 1" to apt to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 845963: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845963 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: multistrap Version: 2.2.1 Severity: grave Justification: renders package unusable Hi, multistrap seems to use gpg --no-default-keyring --homedir=${dir}/etc/apt/trusted.gpg.d/ --keyring=multistrap.gpg --import ... to prepare files for /etc/apt/trusted.gpg.d. With gnupg (>= 2) this will create files of type "GPG keybox database version 1". That format is incompatible with apt which uses gpgv. Instead the binary OpenPGP format (also known as "GPG key public ring") should be used which is the common export format of gnupg and works across all gnupg versions and is supported by gpgv. I'm making this bug "grave" because I cannot come up with a workaround for this problem and am also not able to imagine a situation where a used would want to create a system with untrusted packages. Thanks! cheers, josch
--- End Message ---
--- Begin Message ---Source: multistrap Source-Version: 2.2.2 We believe that the bug you reported is fixed in the latest version of multistrap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Johannes Schauer <[email protected]> (supplier of updated multistrap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 03 Dec 2016 18:53:43 +0100 Source: multistrap Binary: multistrap Architecture: source Version: 2.2.2 Distribution: unstable Urgency: medium Maintainer: Johannes Schauer <[email protected]> Changed-By: Johannes Schauer <[email protected]> Description: multistrap - multiple repository bootstrap based on apt Closes: 751896 803365 819103 835909 845963 Changes: multistrap (2.2.2) unstable; urgency=medium . * New maintainer (Closes: #835909) * Move development to dgit * Move B-D on po4a to Build-Depends-Arch (it's not needed for the clean target) * Bump debhelper compatibility level to 10 * Switch debian/rules to dh and drop cdbs * Use dh_bash-completion to install bash completion script into the right location (fixes lintian warning about deprecated /etc/bash_completion.d/) * Do not try to feed GPG keybox database version 1 files to apt (closes: #845963) * Allow uppercase letters in paths (closes: #751896) * Allow shell special characters (including spaces) in paths (closes: #803365) * Stop creating /etc/dpkg/dpkg.cfg.d/multiarch (closes: #819103) Checksums-Sha1: f982e06d9a8a04103b0caf57a69d34701180406e 1717 multistrap_2.2.2.dsc 37d1d2d708801e3088e1d77fabd7a0dec624fb88 123720 multistrap_2.2.2.tar.xz Checksums-Sha256: d52417c1f7266e13761cb0ec4ea5359a332a63099e39e8e1fc45100010366c0a 1717 multistrap_2.2.2.dsc 44fae56bd3521052a33675fe3a4ef4923ff28e62f06aa71e8a40540a61aa3ca4 123720 multistrap_2.2.2.tar.xz Files: fd836f97095208850a0fcf2b28c14b97 1717 utils optional multistrap_2.2.2.dsc a43bdc8b16715d73e900186e640edcc6 123720 utils optional multistrap_2.2.2.tar.xz -----BEGIN PGP SIGNATURE----- iQIuBAEBCAAYBQJYQwcTERxqb3NjaEBkZWJpYW4ub3JnAAoJEPLLpcePvYPhKUcP /j26tkrrox+1iG4LPpkjePbWTGBpaeqfI+CQ3L0s3cVGPEP/flHZjgf7XhLpNQUd s2q1zaOPzbrnbh4iuPovY8RQGRbeN3tgILmbyfIEW+h6D1VvBZsT0gOOpWGz8agn ds8i90ngA5B9PGz0ZpkBputVyHt/BlxMvXma9hi/A1moXGl92G4J+2OAdR3roTyY o1P9Czp0PcIEqXPp7l87K/B6LxNYxHHLlQoLcO4/iVxnxf/y8mHmfscURkmbkBvE DY3Hs3n7ESe4b+2G4cXvE6orJYPfRvvJKU9E+u3F6XpUrTuzG3sgLoMNJemNfPrb /Ji5AbWiNPBucNe0/OJXyjErFZWTd+KQ9BSn91nisFF3XaBfWtXylsCBf8Zkva1b NcOMnoznJRwqY7dJ/u7kqrHYVIhCOBAsP5CRki0J9NZdC/zoa8aOabhrgDwEJb6+ kljeSPm+zWhvrfiN3Ai7Rz4HBLXDQj621hIv4xMgHd5TTaynHrBWnkrgWG3wUK3x 0x7Dg4Rl396fxQJjAGl7YyYEgljYPnmWnATCE4SuecuscnGWnvzhxinS5/98s0x4 aup5xrZwJJdi/zcn+Tkw/6sRcjNJ4GarfZQ+uTa/il1AAI/lLl5Diw/lFAxWHZOA rriMXY8VZiWK94ZS8t6CAARBvP6q+SPfaAtIbxHIPobM =mDGu -----END PGP SIGNATURE-----
--- End Message ---
