GNU bug report logs - #71918
[DOCUMENTATION] the suggested key import method for `guix refresh` doesn't work

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Attila Lendvai <attila <at> lendvai.name>
Subject: bug#71918: closed (Re: bug#71918: [DOCUMENTATION] the suggested
 key import method for `guix refresh` doesn't work)
Date: Tue, 25 Mar 2025 09:05:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#71918: [DOCUMENTATION] the suggested key import method for `guix refresh` doesn't work

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 71918 <at> debbugs.gnu.org.

-- 
71918: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=71918
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Attila Lendvai <attila <at> lendvai.name>, 71918-done <at> debbugs.gnu.org
Subject: Re: bug#71918: [DOCUMENTATION] the suggested key import method for
 `guix refresh` doesn't work
Date: Tue, 25 Mar 2025 10:04:45 +0100

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:

>> -You can export keys from your default GPG keyring into a keybox file using
>> -commands like this one:
>> -
>> -@example
>> -gpg --export rms@@gnu.org | kbxutil --import-openpgp >> mykeyring.kbx
>> -@end example
>> -
>> -Likewise, you can fetch keys to a specific keybox file like this:
>> +You can fetch keys to a specific keybox file like this:
>>  
>>  @example
>>  gpg --no-default-keyring --keyring mykeyring.kbx \
>
> Sounds reasonable to me.

Finally applied, thanks!

[Message part 3 (message/rfc822, inline)]

From: Attila Lendvai <attila <at> lendvai.name>
To: "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: [DOCUMENTATION] the suggested key import method for `guix refresh`
 doesn't work
Date: Wed, 03 Jul 2024 14:48:36 +0000

context:
--------

i was trying to:

$ ./pre-inst-env guix refresh --update dropbear

but the key is not imported, because "no user ID". apparently some keyservers drop the user id for privacy reasons.


the problem:
------------

then i went to the manual, and it suggests:

$ gpg --export rms <at> gnu.org | kbxutil --import-openpgp >> mykeyring.kbx

and i ran:

$ curl https://matt.ucc.asn.au/dropbear/releases/dropbear-key-2015.asc | gpg --import
$ gpg --export F7347EF2EE2E07A267628CA944931494F29C6773 | kbxutil --import-openpgp >>~/.config/guix/upstream/trustedkeys.kbx

it ran without errors, but when i tried to guix refresh it failed with:

gpgv: [don't know]: invalid packet (ctb=00)

i double checked, and made sure the trustedkeys.kbx was empty prior to running the above.


analysis:
---------

i ran the following after guix refresh has successfully imported the key:

$ gpg --export F7347EF2EE2E07A267628CA944931494F29C6773 | kbxutil --import-openpgp >x
$ file x
x: data
$ file ~/.config/guix/upstream/trustedkeys.kbx
/home/user/.config/guix/upstream/trustedkeys.kbx: OpenPGP Public Key Version 4, Created Mon Jun 29 12:53:01 2015, RSA (Encrypt or Sign, 4096 bits)
$ ll x
-rw-r--r-- 1 user users 1883 Jul  3 16:41 x
$ ll ~/.config/guix/upstream/trustedkeys.kbx
-rw-r--r-- 1 user users 1208 Jul  3 16:18 /home/user/.config/guix/upstream/trustedkeys.kbx

i.e. what the manual suggests results in a different file format than what guix refresh creates/expects.


workaround:
-----------

in the end i cleared the trustedkeys.kbx file, and i used another keyserver that doesn't strip the ID:

./pre-inst-env guix refresh --key-server="hkps://keyserver.ubuntu.com" --update dropbear

--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“Good people don’t need laws to tell them to act responsibly, and bad people will find a way around the laws.”
	— Plato (c. 427–347 BC)

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.