Your message dated Sat, 22 Mar 2025 10:49:18 +0000
with message-id <e1tvwpm-004wad...@fasolo.debian.org>
and subject line Bug#1101011: fixed in gnupg2 2.2.46-6
has caused the Debian Bug report #1101011,
regarding gnupg2: gpgv returns bad signature for a previously valid file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1101011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnupg2
Version: 2.2.46-2
Severity: grave
X-Debbugs-Cc: debian-wb-t...@lists.debian.org
Control: affects -1 buildd.debian.org
Control: affects -1 src:dupload
Hi,
Starting with gnupg2 version 2.2.46-2, gpgv report a bad signature with
the attached changes file with the attached pubring and the following
command:
| $ gpgv --keyring ./pubring.gpg lwt-log_1.1.2-4+b14_riscv64-buildd.changes
| gpgv: Signature made Fri Mar 21 16:49:21 2025 CET
| gpgv: using RSA key 26F3C34BC64F1ED58095CC58B44F38757CF7C9E7
| gpgv: BAD signature from "buildd autosigning key rv-manda-03
<buildd_riscv64-rv-manda...@buildd.debian.org>"
With version 2.2.46-1 it outputs:
| $ gpgv --keyring ./pubring.gpg lwt-log_1.1.2-4+b14_riscv64-buildd.changes
| gpgv: Signature made Fri Mar 21 16:49:21 2025 CET
| gpgv: using RSA key 26F3C34BC64F1ED58095CC58B44F38757CF7C9E7
| gpgv: Good signature from "buildd autosigning key rv-manda-03
<buildd_riscv64-rv-manda...@buildd.debian.org>"
Note that sq is able to successfully validate that file:
| $ sq verify --signer-file=./pubring.gpg --message
lwt-log_1.1.2-4+b14_riscv64-buildd.changes
| Authenticated signature made by 26F3C34BC64F1ED58095CC58B44F38757CF7C9E7
(buildd autosigning key rv-manda-03
<buildd_riscv64-rv-manda...@buildd.debian.org> (UNAUTHENTICATED))
[snip]
| 1 authenticated signature.
Note that this file has been signed by gnupg2 version 2.2.46-2.
Resigning the file doesn't help. This breaks the signature verification
done by openpgp-check (part of dupload) on the build daemons.
Regards
Aurelien
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Mar 2025 15:44:52 +0000
Source: lwt-log (1.1.2-4)
Binary: liblwt-log-ocaml liblwt-log-ocaml-dbgsym liblwt-log-ocaml-dev
Binary-Only: yes
Architecture: riscv64
Version: 1.1.2-4+b14
Distribution: sid
Urgency: low
Maintainer: riscv64 Build Daemon (rv-manda-03)
<buildd_riscv64-rv-manda...@buildd.debian.org>
Changed-By: riscv64 Build Daemon (rv-manda-03)
<buildd_riscv64-rv-manda...@buildd.debian.org>
Description:
liblwt-log-ocaml - optimised functions to read and write int16/32/64 (runtime)
liblwt-log-ocaml-dev - Lwt-friendly logging library (development)
Changes:
lwt-log (1.1.2-4+b14) sid; urgency=low, binary-only=yes
.
* Binary-only non-maintainer upload for riscv64; no source changes.
* Rebuild with new ABIs of dependencies
Checksums-Sha1:
26c7ef89281028928da3dca8b92eab91bd8c61b2 13036
liblwt-log-ocaml-dbgsym_1.1.2-4+b14_riscv64.deb
43400189602d538112528329dd7c7680743a9e60 267872
liblwt-log-ocaml-dev_1.1.2-4+b14_riscv64.deb
f10f643c8970bc3d8fe9ac317de5e67b3f096f24 90792
liblwt-log-ocaml_1.1.2-4+b14_riscv64.deb
9fe907678ffafd01e2b2a38c1cc45ac41032c7b3 7219
lwt-log_1.1.2-4+b14_riscv64-buildd.buildinfo
Checksums-Sha256:
d79e3b5e6bf823e6dede086d036cc07f7836122f1278b693618793b5c9076265 13036
liblwt-log-ocaml-dbgsym_1.1.2-4+b14_riscv64.deb
86085ae9d6b76b1439d7ef0ed5e59882d9a82ed9070bf0562cf9859e22e4ea0d 267872
liblwt-log-ocaml-dev_1.1.2-4+b14_riscv64.deb
953f3300f8284b35fb992d21143dc19680ed5fdea9d0c8dbdf3fab2f7722fe31 90792
liblwt-log-ocaml_1.1.2-4+b14_riscv64.deb
5ce0081e1e3bceee63235cc1ba1c11d30f01f0f84dba29f9ad672895e94f8142 7219
lwt-log_1.1.2-4+b14_riscv64-buildd.buildinfo
Files:
6d610dbcb2312db94bb587449c3ca077 13036 debug optional
liblwt-log-ocaml-dbgsym_1.1.2-4+b14_riscv64.deb
316e80c7a61074be34ee8a88182a910a 267872 ocaml optional
liblwt-log-ocaml-dev_1.1.2-4+b14_riscv64.deb
f3b4dda224621f7c1644493aaa03bb4a 90792 ocaml optional
liblwt-log-ocaml_1.1.2-4+b14_riscv64.deb
bf9d0af85f635b301b319213475ef2e7 7219 ocaml optional
lwt-log_1.1.2-4+b14_riscv64-buildd.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEJvPDS8ZPHtWAlcxYtE84dXz3yecFAmfdioEACgkQtE84dXz3
yecD6BAAljL5+dX5TRPATwA2loo5c4geiNwIbm3gmX7iK4I36L/dFchOqCKqD2Sk
qjmTMNeFRjUN8YIoXuUI9isKZn03lcpdckUhiIwyuV+xjUk4xmQqYdMZKhU7CpLg
tJOEFJ2DnJsJ1r2jdv//eMGG+4r8hHoMpp6f2z/y8fI2KNa5YEAWAYw5tJOIP89a
K02/JwAmPrprb46uAYhzk3iCuXuC4sYJnmNzRLvo/29PnFh2olPar+tlb8F3BBxg
5du7PceNrplzjtyKLAws6ilMy/V28+YcTbP1serNWr/LjBiH2ErQU/3HgXKXAiz6
yVX/sXI40196tZwWguNVzUYyi2RF5xQfo1oqceGmHqAAS5tMEeh8vFWkA/7IR/zQ
8jXyrPlns/hE8t0CnZgoOWSqsC14tmn88KjcCjlgcPomaztNviajMarsWo6i7ktM
m7S0uH2cfG0QzjuQOsEMGC0f0/JTuXscUTrNoIjEoaDQPbdnIGd3JnEAmKo0bb6c
g1jLYFEpUwJ45l02aEstQ8xtG4sXTMFjwEyZF61hkEEFV5Eyxt1FJohIiLSTxxup
1WjsupZilG3KXml4qnkiUXSDKPu0PJPFsZjEipxo7ekAv5QbK+6xO9Ughx56Aboj
VW8JvTwQnnhnXeOFnunnzzoMePZJJ8L/uvr+MyRW96BgUS/s4kA=
=gweN
-----END PGP SIGNATURE-----
pubring.gpg
Description: application/pgp-keys
--- End Message ---
--- Begin Message ---
Source: gnupg2
Source-Version: 2.2.46-6
Done: Andreas Metzler <ametz...@debian.org>
We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1101...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametz...@debian.org> (supplier of updated gnupg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Mar 2025 11:22:35 +0100
Source: gnupg2
Architecture: source
Version: 2.2.46-6
Distribution: unstable
Urgency: high
Maintainer: Debian GnuPG Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametz...@debian.org>
Closes: 1100448 1101011
Changes:
gnupg2 (2.2.46-6) unstable; urgency=high
.
* Formatting fixes for gpgcompose.1 by Bjarni Ingi Gislason.
(Closes: #1100448)
* Revert FreePG patch for CSF newline cleanup. Closes: #1101011
Checksums-Sha1:
df80afbe9facec4a62eb4e3d31b86e0d175ce592 3874 gnupg2_2.2.46-6.dsc
c7b9959b2d4dfd78872f061d90601c87a8de27a9 159696 gnupg2_2.2.46-6.debian.tar.xz
Checksums-Sha256:
3165b07d7fb87095a8efcc64c25e49d91a062f711a4b08d6153ed9798b34b2f0 3874
gnupg2_2.2.46-6.dsc
46d7cc0e8537744df0b32837c9feea9aeccbda0da9920cb92220e0df1e7f84b6 159696
gnupg2_2.2.46-6.debian.tar.xz
Files:
57a9efb7153182c87a5af4167e0c70f1 3874 utils optional gnupg2_2.2.46-6.dsc
b0b39fe43a93dfd689e6d5bd56cd0ae1 159696 utils optional
gnupg2_2.2.46-6.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmfekcAACgkQpU8BhUOC
FIRBNg/9FZKJ+2c1ZY/HRHsUmY9He10XyEwISz3PlQaS2Nl1AiWdl6ffsAVjmhnC
/ONsPLa/Zxfl/qyBK9DHbbp71Ct1tH9/Fn1jm7Z5EyrFF21xNzAavGDq2D9ENIZQ
+Ye2Te/c11uqrt6HRsLp6cx/JJRsoM7+1QFz0qTx4sYQ6y3qwnfXJNryK/YvYwVa
mykgDYgRP++f8Kbm/F48tmGvSD/7Yss0MArDK2A2cC56xLEP4x5xnQbertIvvWLu
Jwr3UlVBYujpipjkGc86sdKH6arXEYDHstq4aSKnhdJEolq2sww64Z3AH3VoX3EN
6p7+fYOKlg7syx84qLWBZ8yEW5aQUvUnFn3K8rql7cPEBSt0wcGDtq7uXnKguaEi
vYhu8xBrgjZOeR31Zzbn9BHVjaBNTTKWhOqfVRkRospr9jkLDaFbnWPdT4YVFiYg
MlHbHAAHCCkoLJ/MrgfkK1p+l+GckdjZwFbu8HDJP4DO/t3xUVuGQcyYt7oe+x39
yVDeX9cMbXvLTpjqoqaxnBnj6HSKA6jJCviGlsGjJ8uvcjK84E7MvlL6JzynnO7U
bA15g6fK4ltyxr/FAAy6+tiIiUS8OskFkY8mNyj39xN1FHe3r7A/ArJp14Yn8nDN
CFW5x67KKiqsJZb1L4U148xEMWuNuRAE31G7AhFBKdF+IWJ2dGQ=
=cBY5
-----END PGP SIGNATURE-----
pgplG7CvRooaD.pgp
Description: PGP signature
--- End Message ---
