Public bug reported: Hi, I originally found this on daily questing images (20250524) which for some reason on apt update+upgrade will do this:
... Installing dependencies: gpgv-from-sq gpgv-sq ... But I have in the meantime verified that it breaks on amd64 just as much, there the update will not pull in the two packages, but if i do so myself it fails there in the same way. It initially failed in a very convoluted way, but here is a simplified approach: # repro ``` $ curl https://cloud-images.ubuntu.com/daily/streams/v1/index.sjson -o index.sjson $ md5sum /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg index.sjson $ gpgv --keyring=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg index.sjson | head ``` bad case ``` gpgv: Signature made Tue May 27 09:01:32 2025 +00:00 gpgv: using RSA key 4A3CE3CD565D7EB5C810E2B97FF3F408476CF100 gpgv: Can't check signature: Bad public key { "updated": "Tue, 27 May 2025 09:01:16 +0000", ... ``` good case ``` gpgv: Good signature from "Ubuntu Cloud Image Builder (Canonical Internal Cloud Image Builder) <[email protected]>"``` ``` Switching in and out of gpgv-from-sq and gpgv-sq is triggering/fixing the issue. ** Affects: cloud-images Importance: Undecided Status: New ** Affects: rust-sequoia-chameleon-gnupg (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2111790 Title: gpgv-sq breaks verifying signed simplestreams data To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2111790/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
