:: [devuan-dev] bug#902: marked as don…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Devuan bug Tracking System
Date:  
To: dak
Subject: [devuan-dev] bug#902: marked as done (devuan-keyring: Archive keys not installed below /etc/apt/trusted.gpg.d)
Your message dated Fri, 15 Aug 2025 15:10:02 +0000
with message-id <1755270602.849454.23928.nullmailer@???>
and subject line #902: fixed in src:devuan-keyring version 2025.08.09
has caused the Devuan bug report #902,
regarding devuan-keyring: Archive keys not installed below /etc/apt/trusted.gpg.d
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@???
immediately.)


--
902: https://bugs.devuan.org/cgi/bugreport.cgi?bug=902
Devuan Bug Tracking System
Contact owner@??? with problems
Package: devuan-keyring
Version: 2025.07.30
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Until the 2025.06.02 version of this package, archive keys were
installed under /etc/apt/trusted.gpg.d/. However, 2025.07.30 no
longer does.

This prevents downloading anything from the package archives without
errors like this 

  $ apt-get update
  Get:1 http://deb.devuan.org/merged ceres InRelease [47.6 kB]
  Err:1 http://deb.devuan.org/merged ceres InRelease
    The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 94532124541922FB
  Reading package lists...
  W: OpenPGP signature verification failed: http://deb.devuan.org/merged ceres InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 94532124541922FB
  E: The repository 'http://deb.devuan.org/merged ceres InRelease' is not signed.


I found out after trying the above command in a freshly debootstrapped
`ceres` for the official Devuan Docker container images I maintain.
See https://git.devuan.org/paddy-hack/container-images/issues/62

To illustrate the issue, 

  $ dpkg-deb -c devuan-keyring_2025.06.02_all.deb | grep /etc/apt/trusted.gpg.d
  drwxr-xr-x root/root         0 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/
  -rw-r--r-- root/root      7067 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg
  -rw-r--r-- root/root      9964 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-2022-archive.gpg
  -rw-r--r-- root/root      5481 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-amprolla-2022-archive.gpg
  -rw-r--r-- root/root      4594 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-daedalus-archive.gpg
  -rw-r--r-- root/root      4595 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-excalibur-archive.gpg
  -rw-r--r-- root/root      5226 2025-06-03 01:11 ./etc/apt/trusted.gpg.d/devuan-keyring-freia-archive.gpg
  $ dpkg-deb -c devuan-keyring_2025.07.30_all.deb | grep /etc/apt/trusted.gpg.d


-- System Information:
Architecture: x86_64

Kernel: Linux 6.12.38+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: runit (via /run/runit.stopit)
LSM: AppArmor: enabled

devuan-keyring depends on no packages.

devuan-keyring recommends no packages.

devuan-keyring suggests no packages.

-- no debconf information

Version: 2025.08.09

Source package devuan-keyring (2025.08.09) added to Devuan suite unstable.

This closes bug report 902.

Thanks

DAK managing the Devuan archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 

Format: 1.8
Date: Sat, 09 Aug 2025 14:58:32 +0100
Source: devuan-keyring
Architecture: source
Version: 2025.08.09
Distribution: unstable
Urgency: medium
Maintainer: Devuan Developers <devuan-dev@???>
Changed-By: Mark Hindley <mark@???>
Closes: 902
Changes:
 devuan-keyring (2025.08.09) unstable; urgency=medium
 .
   * Restore installation of keys (now armoured, as Debian) in
     /etc/apt/trusted.gpg.d. (Closes: #902)
Checksums-Sha1:
 281f4a70a4eba9b66f91018c4209650b8344cccc 1500 devuan-keyring_2025.08.09.dsc
 12d32af5be7aec10722bb231ccf370fab3183413 171472 devuan-keyring_2025.08.09.tar.xz
 24d690cce69a01cbebab6f2e4d6062a24345593e 6568 devuan-keyring_2025.08.09_source.buildinfo
Checksums-Sha256:
 8de02f5f4d875335383e40a9c9e106117f2d2ddd61ff203306388d17e0bfdc1e 1500 devuan-keyring_2025.08.09.dsc
 2f8c42ef762a1c371b49b2623ed153d0d8266cce78d68e0dc4a7b6734a66ef64 171472 devuan-keyring_2025.08.09.tar.xz
 a04e404a64dd28967edfacc1241e5f750c4ac957453006790406a18c303279fb 6568 devuan-keyring_2025.08.09_source.buildinfo
Files:
 2ee4e7f242a86658057df1df371af765 1500 misc optional devuan-keyring_2025.08.09.dsc
 d7379336aa7b441b957cc3f89f6d4c54 171472 misc optional devuan-keyring_2025.08.09.tar.xz
 af2b10553773f2cad6713382ab98c86c 6568 misc optional devuan-keyring_2025.08.09_source.buildinfo


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEcuPLdzMV36LkZHQ9lFMhJFQZIvsFAmifTawACgkQlFMhJFQZ
IvtqZgf/Z44bdm6NgXff7b4hAp4P+pekRbj7tfLwjEFyE4RO+C+8nYf6tImnn3pu
88ArL9H/HLivhGnZas3WgK8xz3S3KeHvpnvIdK1JKIM+4SNe/1q1q+aQ+ayVdzNh
IX9zOmVmOTIUXF9j9XHwbFEjHQ+EsSmGnxW8XQkAVrnM662Q/PkVlMYLnCei1MMA
6E7C4KMIBb+GNnFPhbhtXVxmnh3sDQ1OwEGVgbSEFVNZWLkPq/1P072X1zpDwY5I
Dzzazm9RPs3c80pKPrJsD1bYk51raQsdRt8Dl4ctcSxCrWsAhoEyiq7pVcAp+DBZ
eHMI87YS5apdiwDd+a5SA/e9PDCyCA==
=DYf2
-----END PGP SIGNATURE-----
This message was posted to the following mailing lists:
devuan-dev
Mailing List Info | Nearby Messages		<-[devuan-dev] bug#904: coreutils: key package depends on libsystemd[devuan-dev] bug#904: coreutils: key package depends on libsystemd->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)