(name . bug-guix@gnu.org)(address . bug-guix@gnu.org)
context:
--------
i was trying to:
$ ./pre-inst-env guix refresh --update dropbear
but the key is not imported, because "no user ID". apparently some keyservers drop the user id for privacy reasons.
the problem:
------------
then i went to the manual, and it suggests:
$ gpg --export rms@gnu.org | kbxutil --import-openpgp >> mykeyring.kbx
and i ran:
$ curl https://matt.ucc.asn.au/dropbear/releases/dropbear-key-2015.asc| gpg --import
$ gpg --export F7347EF2EE2E07A267628CA944931494F29C6773 | kbxutil --import-openpgp >>~/.config/guix/upstream/trustedkeys.kbx
it ran without errors, but when i tried to guix refresh it failed with:
gpgv: [don't know]: invalid packet (ctb=00)
i double checked, and made sure the trustedkeys.kbx was empty prior to running the above.
analysis:
---------
i ran the following after guix refresh has successfully imported the key:
$ gpg --export F7347EF2EE2E07A267628CA944931494F29C6773 | kbxutil --import-openpgp >x
$ file x
x: data
$ file ~/.config/guix/upstream/trustedkeys.kbx
/home/user/.config/guix/upstream/trustedkeys.kbx: OpenPGP Public Key Version 4, Created Mon Jun 29 12:53:01 2015, RSA (Encrypt or Sign, 4096 bits)
$ ll x
-rw-r--r-- 1 user users 1883 Jul 3 16:41 x
$ ll ~/.config/guix/upstream/trustedkeys.kbx
-rw-r--r-- 1 user users 1208 Jul 3 16:18 /home/user/.config/guix/upstream/trustedkeys.kbx
i.e. what the manual suggests results in a different file format than what guix refresh creates/expects.
workaround:
-----------
in the end i cleared the trustedkeys.kbx file, and i used another keyserver that doesn't strip the ID:
./pre-inst-env guix refresh --key-server="hkps://keyserver.ubuntu.com" --update dropbear
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“Good people don’t need laws to tell them to act responsibly, and bad people will find a way around the laws.”
— Plato (c. 427–347 BC)