Bug#984884: libgcrypt20: Unknown error executing apt-key [Bullseye]

Tue, 09 Mar 2021 09:45:14 -0800 

Package: libgcrypt20
Version: 1.8.7-3
Severity: critical
I set it as critical because user cannot anymore upgrade their system, please adjust Severity if you think it not correct. Note that this can be also a security problem because very old libgcrypt20 is in use.
Some users in Italian mailing list have reported that they have an error when they try upgrade/install packages: 

# apt update
Get:1 http://deb.debian.org/debian bullseye InRelease [142 kB]
Err:1 http://deb.debian.org/debian bullseye InRelease
  Unknown error executing apt-key
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye InRelease: Unknown error executing apt-key W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease Unknown error executing apt-key W: Some index files failed to download. They have been ignored, or old ones used instead. 

dig the problem we found that they have the following files on their system:

$ /sbin/ldconfig -p | grep libgcrypt
    libgcrypt.so.20 (libc6,x86-64) => /lib/x86_64-linux-gnu/libgcrypt.so.20
libgcrypt.so.20 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libgcrypt.so.20 

$ ls -l /lib/x86_64-linux-gnu/libgcrypt.so.20
lrwxrwxrwx 1 root root 19 17 mar 2020 /lib/x86_64-linux-gnu/libgcrypt.so.20 -> libgcrypt.so.20.1.5 
$ ls -l /lib/x86_64-linux-gnu/libgcrypt.so.20.1.5
-rw-r--r-- 1 root root 1112184 14 gen 2017 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.5 

but these files are from package migrated to testing in:
[2017-01-25] libgcrypt20 1.7.5-3 MIGRATED to testing (Debian testing watch)[¹] 

So for some reason when the library path change they have not been deleted.

All users with that problem cannot use apt to solve the issue.
I know that the user that report the problem has not the security repository in its sources.list file. 

I suggest to check that those file are removed from
/lib/x86_64-linux-gnu/
in all new libgcrypt20 new version, elsewhere when Bullseye become stable more user can have that problem. 

Ciao
Davide

[¹]
https://tracker.debian.org/pkg/libgcrypt20/news/?page=3
https://snapshot.debian.org/archive/debian/20170114T162918Z/pool/main/libg/libgcrypt20/libgcrypt20_1.7.5-3_amd64.deb

Reply via email to