Your message dated Mon, 28 Apr 2025 19:19:04 +0000
with message-id <e1u9u0o-004eqk...@fasolo.debian.org>
and subject line Bug#1104288: fixed in rust-sequoia-gpg-agent 0.6.1-1
has caused the Debian Bug report #1104288,
regarding rust-sequoia-gpg-agent: Importing keys into gpg-agent 2.4.x is broken
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1104288: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104288
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: rust-sequoia-gpg-agent
Version: 0.6.0-1
Severity: important
Dear Maintainer,
importing ecc secret keys into gpg-agent 2.4.x is broken.
When importing keys, a checksum is computed over the key material.
This checksum computation (inadvertently) changed during development
shortly before gpg-agent 2.4.0 was released. sequoia-gpg-agent
contains a heuristic to deal with gpg-agent 2.4.x's new behavior, but
that heuristic is ineffective when doing a non-interactive import.
When doing a non-interactive import, the checksum is not checked at
import time, but only later when the key is used. In the following, a
patched gpg-agent is used to highlight the different behavior.
First, we do an interactive import. Observe how each (sub)key is
imported twice, with the first import failing due to a checksum
mismatch (note how the actual_csum and desired_csum differ by 8):
teythoon@europ ~ % gpg-sq --import /tmp/key.pgp
gpg: key D4BD12F1284374E0: "some...@example.org" not changed
DUMPING!!!!gpg-agent[3128335]: DBG: XXX is v4_or_later=1
gpg-agent[3128335]: DBG: XXX pubkey_algo=18
gpg-agent[3128335]: DBG: XXX is_protected=0
gpg-agent[3128335]: DBG: XXX protect_algo=0
gpg-agent[3128335]: DBG: XXX iv
gpg-agent[3128335]: DBG: XXX ivlen=0
gpg-agent[3128335]: DBG: XXX s2k_mode=0
gpg-agent[3128335]: DBG: XXX s2k_algo=0
gpg-agent[3128335]: DBG: XXX s2k_salt 70ed1f25cd7f0000
gpg-agent[3128335]: DBG: XXX s2k_count=0
gpg-agent[3128335]: DBG: XXX curve='NIST P-256'
gpg-agent[3128335]: DBG: skey(_): [520 bit]
gpg-agent[3128335]: DBG:
041d50fc8e4e2cf05cd93269317e0b799b8deb50a56e2c8f3ec599aee990db31 \
gpg-agent[3128335]: DBG:
e45b4a84a2eacb4883f3a1f01e2df3947d1f16a249563980567163f403eaed87 \
gpg-agent[3128335]: DBG: bc
gpg-agent[3128335]: DBG: skey(_): [264 bit]
gpg-agent[3128335]: DBG:
00a552dba7653e8c63ff5685ae130b9c17627874ac6bb6d2bb6904c01e780bd2 \
gpg-agent[3128335]: DBG: 97
gpg-agent[3128335]: nbits original: 264
gpg-agent[3128335]: nbytes: 33
gpg-agent[3128335]: nbits rounded up: 264
gpg-agent[3128335]: *buffer: 00
gpg-agent[3128335]: nbits corrected: 264
gpg-agent[3128335]: actual_csum: 3916
gpg-agent[3128335]: desired_csum: 3908
gpg-agent[3128335]: command 'IMPORT_KEY' failed: Checksum error
DUMPING!!!!gpg-agent[3128335]: DBG: XXX is v4_or_later=1
gpg-agent[3128335]: DBG: XXX pubkey_algo=18
gpg-agent[3128335]: DBG: XXX is_protected=0
gpg-agent[3128335]: DBG: XXX protect_algo=0
gpg-agent[3128335]: DBG: XXX iv
gpg-agent[3128335]: DBG: XXX ivlen=0
gpg-agent[3128335]: DBG: XXX s2k_mode=0
gpg-agent[3128335]: DBG: XXX s2k_algo=0
gpg-agent[3128335]: DBG: XXX s2k_salt 70ed1f25cd7f0000
gpg-agent[3128335]: DBG: XXX s2k_count=0
gpg-agent[3128335]: DBG: XXX curve='NIST P-256'
gpg-agent[3128335]: DBG: skey(_): [520 bit]
gpg-agent[3128335]: DBG:
041d50fc8e4e2cf05cd93269317e0b799b8deb50a56e2c8f3ec599aee990db31 \
gpg-agent[3128335]: DBG:
e45b4a84a2eacb4883f3a1f01e2df3947d1f16a249563980567163f403eaed87 \
gpg-agent[3128335]: DBG: bc
gpg-agent[3128335]: DBG: skey(_): [264 bit]
gpg-agent[3128335]: DBG:
00a552dba7653e8c63ff5685ae130b9c17627874ac6bb6d2bb6904c01e780bd2 \
gpg-agent[3128335]: DBG: 97
gpg-agent[3128335]: nbits original: 264
gpg-agent[3128335]: nbytes: 33
gpg-agent[3128335]: nbits rounded up: 264
gpg-agent[3128335]: *buffer: 00
gpg-agent[3128335]: nbits corrected: 264
gpg-agent[3128335]: actual_csum: 3916
gpg-agent[3128335]: desired_csum: 3916
DUMPING!!!!gpg-agent[3128335]: DBG: XXX is v4_or_later=1
gpg-agent[3128335]: DBG: XXX pubkey_algo=18
gpg-agent[3128335]: DBG: XXX is_protected=0
gpg-agent[3128335]: DBG: XXX protect_algo=0
gpg-agent[3128335]: DBG: XXX iv
gpg-agent[3128335]: DBG: XXX ivlen=0
gpg-agent[3128335]: DBG: XXX s2k_mode=0
gpg-agent[3128335]: DBG: XXX s2k_algo=0
gpg-agent[3128335]: DBG: XXX s2k_salt 70ed1f25cd7f0000
gpg-agent[3128335]: DBG: XXX s2k_count=0
gpg-agent[3128335]: DBG: XXX curve='NIST P-256'
gpg-agent[3128335]: DBG: skey(_): [520 bit]
gpg-agent[3128335]: DBG:
041bce6ab3fcd178b64be460682d33e0bc11cf9723e82ee8aa7efe205264288d \
gpg-agent[3128335]: DBG:
d4ac69c8f1fec07e8193fcdb6685ee6e74c17b1e997b39ce272940a6e87474ff \
gpg-agent[3128335]: DBG: 8e
gpg-agent[3128335]: DBG: skey(_): [264 bit]
gpg-agent[3128335]: DBG:
00f6fdb74b4c0bff40a38af95e1e562910efd669eed74e62967718f9cd150ea4 \
gpg-agent[3128335]: DBG: 10
gpg-agent[3128335]: nbits original: 264
gpg-agent[3128335]: nbytes: 33
gpg-agent[3128335]: nbits rounded up: 264
gpg-agent[3128335]: *buffer: 00
gpg-agent[3128335]: nbits corrected: 264
gpg-agent[3128335]: actual_csum: 4138
gpg-agent[3128335]: desired_csum: 4130
gpg-agent[3128335]: command 'IMPORT_KEY' failed: Checksum error
DUMPING!!!!gpg-agent[3128335]: DBG: XXX is v4_or_later=1
gpg-agent[3128335]: DBG: XXX pubkey_algo=18
gpg-agent[3128335]: DBG: XXX is_protected=0
gpg-agent[3128335]: DBG: XXX protect_algo=0
gpg-agent[3128335]: DBG: XXX iv
gpg-agent[3128335]: DBG: XXX ivlen=0
gpg-agent[3128335]: DBG: XXX s2k_mode=0
gpg-agent[3128335]: DBG: XXX s2k_algo=0
gpg-agent[3128335]: DBG: XXX s2k_salt 70ed1f25cd7f0000
gpg-agent[3128335]: DBG: XXX s2k_count=0
gpg-agent[3128335]: DBG: XXX curve='NIST P-256'
gpg-agent[3128335]: DBG: skey(_): [520 bit]
gpg-agent[3128335]: DBG:
041bce6ab3fcd178b64be460682d33e0bc11cf9723e82ee8aa7efe205264288d \
gpg-agent[3128335]: DBG:
d4ac69c8f1fec07e8193fcdb6685ee6e74c17b1e997b39ce272940a6e87474ff \
gpg-agent[3128335]: DBG: 8e
gpg-agent[3128335]: DBG: skey(_): [264 bit]
gpg-agent[3128335]: DBG:
00f6fdb74b4c0bff40a38af95e1e562910efd669eed74e62967718f9cd150ea4 \
gpg-agent[3128335]: DBG: 10
gpg-agent[3128335]: nbits original: 264
gpg-agent[3128335]: nbytes: 33
gpg-agent[3128335]: nbits rounded up: 264
gpg-agent[3128335]: *buffer: 00
gpg-agent[3128335]: nbits corrected: 264
gpg-agent[3128335]: actual_csum: 4138
gpg-agent[3128335]: desired_csum: 4138
gpg: key D4BD12F1284374E0: secret key imported
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
teythoon@europ ~ % gpg-sq --armor --sign --local-user
F5A31D60D474FC443F82B268B0F4EC4354E6D4D6 <<< hi
-----BEGIN PGP MESSAGE-----
xA0DAAoTsPTsQ1Tm1NYBywliAAAAAABoaQrCvQQAEwoAbwWCaA9SkwkQsPTsQ1Tm
1NZHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnYlv/Jy1T
XqfUEjs/77Vhmac4/lgFwt/ARNQCtOybP60WIQT1ox1g1HT8RD+Csmiw9OxDVObU
1gAAcqoBAJsL9U768p4vNGaSsYlZkErcoIU/c2xbhlbI9ShM0Cf6AQCC626Kl4ez
c17yzTSlPlNLuB5r56YyZyHsbpTJuNlnwQ==
=nw7v
-----END PGP MESSAGE-----
Now, we do a non-interactive import:
teythoon@europ ~ % rm $GNUPGHOME/private-keys-v1.d/*
zsh: sure you want to delete all the files in
/tmp/tmp.aUYEK4L0US/private-keys-v1.d [yn]? y
teythoon@europ ~ % gpg-sq --import --batch /tmp/key.pgp
gpg: key D4BD12F1284374E0: "some...@example.org" not changed
DUMPING!!!!gpg-agent[3128335]: DBG: XXX is v4_or_later=1
gpg-agent[3128335]: DBG: XXX pubkey_algo=18
gpg-agent[3128335]: DBG: XXX is_protected=0
gpg-agent[3128335]: DBG: XXX protect_algo=0
gpg-agent[3128335]: DBG: XXX iv
gpg-agent[3128335]: DBG: XXX ivlen=0
gpg-agent[3128335]: DBG: XXX s2k_mode=0
gpg-agent[3128335]: DBG: XXX s2k_algo=0
gpg-agent[3128335]: DBG: XXX s2k_salt 70dd9f24cd7f0000
gpg-agent[3128335]: DBG: XXX s2k_count=0
gpg-agent[3128335]: DBG: XXX curve='NIST P-256'
gpg-agent[3128335]: DBG: skey(_): [520 bit]
gpg-agent[3128335]: DBG:
041d50fc8e4e2cf05cd93269317e0b799b8deb50a56e2c8f3ec599aee990db31 \
gpg-agent[3128335]: DBG:
e45b4a84a2eacb4883f3a1f01e2df3947d1f16a249563980567163f403eaed87 \
gpg-agent[3128335]: DBG: bc
gpg-agent[3128335]: DBG: skey(_): [264 bit]
gpg-agent[3128335]: DBG:
00a552dba7653e8c63ff5685ae130b9c17627874ac6bb6d2bb6904c01e780bd2 \
gpg-agent[3128335]: DBG: 97
DUMPING!!!!gpg-agent[3128335]: DBG: XXX is v4_or_later=1
gpg-agent[3128335]: DBG: XXX pubkey_algo=18
gpg-agent[3128335]: DBG: XXX is_protected=0
gpg-agent[3128335]: DBG: XXX protect_algo=0
gpg-agent[3128335]: DBG: XXX iv
gpg-agent[3128335]: DBG: XXX ivlen=0
gpg-agent[3128335]: DBG: XXX s2k_mode=0
gpg-agent[3128335]: DBG: XXX s2k_algo=0
gpg-agent[3128335]: DBG: XXX s2k_salt 70dd9f24cd7f0000
gpg-agent[3128335]: DBG: XXX s2k_count=0
gpg-agent[3128335]: DBG: XXX curve='NIST P-256'
gpg-agent[3128335]: DBG: skey(_): [520 bit]
gpg-agent[3128335]: DBG:
041bce6ab3fcd178b64be460682d33e0bc11cf9723e82ee8aa7efe205264288d \
gpg-agent[3128335]: DBG:
d4ac69c8f1fec07e8193fcdb6685ee6e74c17b1e997b39ce272940a6e87474ff \
gpg-agent[3128335]: DBG: 8e
gpg-agent[3128335]: DBG: skey(_): [264 bit]
gpg-agent[3128335]: DBG:
00f6fdb74b4c0bff40a38af95e1e562910efd669eed74e62967718f9cd150ea4 \
gpg-agent[3128335]: DBG: 10
gpg: key D4BD12F1284374E0: secret key imported
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
teythoon@europ ~ % gpg-sq --armor --sign --local-user
F5A31D60D474FC443F82B268B0F4EC4354E6D4D6 <<< hi
-----BEGIN PGP MESSAGE-----
gpg-agent[3128335]: DBG: XXX is v4_or_later=1
gpg-agent[3128335]: DBG: XXX pubkey_algo=18
gpg-agent[3128335]: DBG: XXX is_protected=0
gpg-agent[3128335]: DBG: XXX protect_algo=0
gpg-agent[3128335]: DBG: XXX iv
gpg-agent[3128335]: DBG: XXX ivlen=0
gpg-agent[3128335]: DBG: XXX s2k_mode=0
gpg-agent[3128335]: DBG: XXX s2k_algo=0
gpg-agent[3128335]: DBG: XXX s2k_salt a0d89f24cd7f0000
gpg-agent[3128335]: DBG: XXX s2k_count=0
gpg-agent[3128335]: DBG: XXX curve='NIST P-256'
gpg-agent[3128335]: DBG: skey(_): [520 bit]
gpg-agent[3128335]: DBG:
041bce6ab3fcd178b64be460682d33e0bc11cf9723e82ee8aa7efe205264288d \
gpg-agent[3128335]: DBG:
d4ac69c8f1fec07e8193fcdb6685ee6e74c17b1e997b39ce272940a6e87474ff \
gpg-agent[3128335]: DBG: 8e
gpg-agent[3128335]: DBG: skey(_): [264 bit]
gpg-agent[3128335]: DBG:
00f6fdb74b4c0bff40a38af95e1e562910efd669eed74e62967718f9cd150ea4 \
gpg-agent[3128335]: DBG: 10
gpg-agent[3128335]: nbits original: 264
gpg-agent[3128335]: nbytes: 33
gpg-agent[3128335]: nbits rounded up: 264
gpg-agent[3128335]: *buffer: 00
gpg-agent[3128335]: nbits corrected: 264
gpg-agent[3128335]: actual_csum: 4138
gpg-agent[3128335]: desired_csum: 4130
gpg-agent[3128335]: failed to convert unprotected openpgp key: Checksum error
gpg-agent[3128335]: failed to read the secret key
gpg-agent[3128335]: command 'PKSIGN' failed: Checksum error
xA0DAAoTsPTsQ1Tm1NYBywliAAAAAABogpg: Operation failed: Checksum error <GPG
Agent>
Note how the import succeeds, but the checksum mismatch is detected
when the key is used.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (900, 'testing'), (700, 'unstable'), (500, 'testing-debug'),
(500, 'stable-debug'), (500, 'proposed-updates-debug'), (400, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.19-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: rust-sequoia-gpg-agent
Source-Version: 0.6.1-1
Done: Holger Levsen <hol...@debian.org>
We believe that the bug you reported is fixed in the latest version of
rust-sequoia-gpg-agent, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1104...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <hol...@debian.org> (supplier of updated rust-sequoia-gpg-agent
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 28 Apr 2025 21:04:47 +0200
Source: rust-sequoia-gpg-agent
Architecture: source
Version: 0.6.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers
<pkg-rust-maintain...@alioth-lists.debian.net>
Changed-By: Holger Levsen <hol...@debian.org>
Closes: 1104288
Changes:
rust-sequoia-gpg-agent (0.6.1-1) unstable; urgency=medium
.
* Package sequoia-gpg-agent 0.6.1 from crates.io using debcargo 2.7.8
- Closes: #1104288.
Checksums-Sha1:
46972542437c9dad56251c18d8300e0fc0ec4112 3488
rust-sequoia-gpg-agent_0.6.1-1.dsc
0e5905ebfdb413b48d763b99b0d5b95466f71bcd 141341
rust-sequoia-gpg-agent_0.6.1.orig.tar.gz
55f222b64e5db39263e18ba408ccfca5198d1acf 2984
rust-sequoia-gpg-agent_0.6.1-1.debian.tar.xz
e22a8fc17c91534f882625c3ce51cd3abdeac61a 8057
rust-sequoia-gpg-agent_0.6.1-1_source.buildinfo
Checksums-Sha256:
f840363975da635cb6b7ad1f0d3fbd7e7fd40059713a777ba380fe5708779df2 3488
rust-sequoia-gpg-agent_0.6.1-1.dsc
39ab6a2ffa6d877864ff652e9babd2df40d1c5e67e3a17657ff11fcf7d1e09e3 141341
rust-sequoia-gpg-agent_0.6.1.orig.tar.gz
b43ee415d0d7c033df1aa0c0fb491db89d4df2a73bc18e255bc30531fab3b7eb 2984
rust-sequoia-gpg-agent_0.6.1-1.debian.tar.xz
573edbaece4e78fedbe27f834d50a388624a602f9c3ca69fad31a8ef47299782 8057
rust-sequoia-gpg-agent_0.6.1-1_source.buildinfo
Files:
2e255d7f8acb487592a827186bcdae5a 3488 rust optional
rust-sequoia-gpg-agent_0.6.1-1.dsc
36517aa4f54b00b9ade142575a0a9043 141341 rust optional
rust-sequoia-gpg-agent_0.6.1.orig.tar.gz
16bdd02e8050d451d8a42abd232dfd64 2984 rust optional
rust-sequoia-gpg-agent_0.6.1-1.debian.tar.xz
d9230832f6b8cc0cd445141bdc7722cc 8057 rust optional
rust-sequoia-gpg-agent_0.6.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJoD9GgCRAJGrhWBpqqHEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmcBv6prek3vJsG4MQ4Glx+ssJHOgzrtfewTA0ZJ/TER
5BYhBLi/VBN7CdNc8Cb+nQkauFYGmqocAAC8ZBAAsPuYbagTbNe9ae/AePAu9Rn7
cRnY7JHBB+ofEfBhOBFTHUFB5cwpd1092kg1UeNoSiedL2tbo+um8xc/7VuY3CRk
SVlFRgsHjc8Wrf6cOAss5WcV3havmmOV1PZAbOTJjuPHmo77cKJcF/Dr4Cco18rL
gWbtTQeEUi5+2PNEuKjTx1fh+HNaqpBzoZg5EM938Xt/pL0m0cFVi7qr7G3n3cvT
r82ht1xcsPkPDJJaXDFfgwe8S48I6E6fuuRyycLqmsQuYTO6mIdle0gaTkBSaTDv
KluT+ubgmHF5ux2mJjGhjW4Yeuq5LnwdmxUPLB9a2rLXtMs7FuGrvghsgPLCwS7Y
o+kDD4ZopHEDIywb2KrbdxugtD/iK5+AGeZeoIhvyXxhsqgMbczxSt+FzsE9vGH1
N7Kr2WpuOpzv100tnh81ipWsiy4Uqu8/zCUSP0d0ErjziuOuZsaJi2OhMzTpm31x
XhN0u62KYjAGYlftP7KRmb9yq1Yu7dxpMO+Ohx1lGDuNmppGnV5HSUh24baMAxJg
VsNGVWBJ2LAfFB3E+FQt1SD/4axKUBXQhV782E8xXjD1QtS4JJ/YkRZ0L95OCQ4G
0w5QSJydC/yPHNEuEJnYBX8oMzLkP93LlhHwfcDKF7RP5Vz7v6+5D7UlGGETk5j3
hrwW0g2qtYcNCDLKcuw=
=+GPM
-----END PGP SIGNATURE-----
pgpfAISwVmDpa.pgp
Description: PGP signature
--- End Message ---
