Package: mini-dinstall
Version: 0.7.3+nmu2
Severity: normal
Dear Maintainer,
Note: the version (0.7.3+nmu2) is a local version I built to workaround the
regression.
It's based on the original 0.7.3 code from Debian
A previous bugfix caused a regression:
* The problematic fix is named "Check GPG keyrings for read access before using
them."
from 23'rd Nov 2023
https://salsa.debian.org/debian/mini-dinstall/-/commit/ad12a309987683f89d7e6ac70defbc38b9d44c81
* The problem is that on line 26, "keyrings_r_ok" is a class variable
not an object variable.
* As a result, each new instance of "DebianSigVerifier" is
appending the keyrings names again to the SAME variable.
This keyring list is ever growing (until restarting the service)
* As a result "gpgv" is run with duplicate GPG keyrings and it fails.
(no idea why)
* When I discovered this regression:
- I first tested manual "gpgv" run with the duplicated list and it failed
- Then I applied locally a stupid (but working) workaround.
I just removed duplicates before running the "gpgv" program.
* Now I had more time to look in salsa and found the root cause.
* The fix should be simple -- Set and initialize an object (not CLASS) variable
I.e: "self.keyrings_r_ok = []" in the beginning of "__init__(...)"
and remove the class variable definition.
-- System Information:
Debian Release: 13.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.48+deb13-amd64 (SMP w/48 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mini-dinstall depends on:
ii apt-utils 3.0.3
ii init-system-helpers 1.69~deb13u1
ii python3 3.13.5-1
ii python3-apt 3.0.0
Versions of packages mini-dinstall recommends:
ii gpgv 2.4.7-21+b3
Versions of packages mini-dinstall suggests:
ii debian-keyring 2025.07.26
-- no debconf information
