severity 662948 normal tags 662948 unreproducible thanks Hi Christoph,
On Wed, Mar 7, 2012 at 14:54, Christoph Anton Mitterer <cales...@scientia.net> wrote: > I reproduced this on 4 different sid machines... > Every time I did > 1) debsums -asc debian-archive-keyring > => all fine > 2) upgrade apt > 3) debsums -asc debian-archive-keyring > => /usr/share/keyrings/debian-archive-removed-keys.gpg "corrupted" > 4) reinstalled debian-archive-keyring I can't reproduce this here with your steps. Also, gpg doesn't complain about MD5 for me. Note also that we haven't made a changed in 0.8.15.10 to apt-key. The last changes were in 0.8.15.6 and 0.8.15.3, but both do not really interact with the removed keyring. The 'apt-key update' command is triggered in apt (and debian-archive-keyring) postinst and works with this keyring, but it only does --list-keys on it - which should be a read-only operation in gpg… Does the file /etc/apt/trustdb.gpg exists on your system and has correct permissions? (600 aka -rw-------) gpg seems to complain about it. APT doesn't really need it as all keys in the trusted.gpg keyring(s) are considered fully trusted, but gpg cries havoc if it isn't to its liking (similar to a secret keyring, but we got right of it in 0.8.15.3 with a bit of tempfile trickery. For trustdb.gpg is is currently not an option though…). > Marking this as critical, as it _could_ (though I don't believe it) be > security relvant and as it modifies > data from another package. I have changed to 'normal' for now as i can't reproduce it and as an RC bug it would prevent the migration of a security bugfix to testing… Best regards David Kalnischkies -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
