Bug#1092723: recv-keys doesn’t get the same key as gpg

Fri, 10 Jan 2025 13:33:15 -0800 

Package: gpg-from-sq
Version: 0.11.2-7
Severity: important

Dear Maintainers,

while testing gpg-from-sq I noticed that I get an incorrect behaviour
trying to retrieve a key from a keyserver and exporting it as
upstream/signing-key.asc.

I have a script that does something like :

rm ~/addkey.keyring
gpg --no-default-keyring --keyring ~/addkey.keyring --keyserver 
hkp://keyserver.ubuntu.com --recv-keys F1955ED9D1C2D10D80B31B3B14EE37CD15C53BDD
gpg --yes --no-default-keyring --keyring ~/addkey.keyring --export 
--export-options export-minimal,export-clean --armor --output 
debian/upstream/signing-key.asc


1. This breaks with gpg-from-sq which tells me
gpg:   error: Key resource "/home/coucouf/addkey.keyring" does not exist


2. If I touch ~/addkey.keyring first then the steps above will run without 
errorring out, but the resulting ascii key is incorrect.
Running uscan --download-current-version afterwards tells me:

uscan die: Failed to dearmor key(s) from debian/upstream/signing-key.asc at 
/usr/share/perl5/Devscripts/Uscan/Output.pm line 77.


You’ll find the keys exported by gpg and sq in attachment.
This examples comes from skrooge master or debian/2.33.0-1 tag. [1]


[1] https://salsa.debian.org/qt-kde-team/extras/skrooge


Thanks for your work on the sequoia stack.
--
Aurélien


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'testing'), 
(500, 'stable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.8-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gpg-from-sq depends on:
ii  gpg-sq  0.11.2-7

Versions of packages gpg-from-sq recommends:
ii  gpgv-from-sq  0.11.2-7

gpg-from-sq suggests no packages.

-- no debconf information

Attachment: signing-key.asc.from-gpg
Description: application/pgp-keys

Attachment: signing-key.asc.from-sq
Description: application/pgp-keys

Reply via email to