[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#35414: 26.2; ELPA packages signed with second, unknown key
From: |
Brandon Invergo |
Subject: |
bug#35414: 26.2; ELPA packages signed with second, unknown key |
Date: |
Wed, 24 Apr 2019 23:03:29 +0100 |
User-agent: |
mu4e 1.2.0; emacs 26.2 |
Stefan Monnier writes:
>> I assume (without checking) that this is related to the key from
>> http://lists.gnu.org/r/emacs-diffs/2019-04/msg00546.html
>
> Hmm... Indeed: this new keyring contains two keys (the old 2014 key
> which will expire in September and a new key to replace it).
I see. Sorry, I only searched the bugs list but not the diffs list!
> Hmm... I just tried with Debian's Emacs-25.1 and with a new build from
> the `emacs-26` branch:
>
> emacs -Q --eval '(setq package-check-signature t)
> M-x package-list-packages RET
> M-x package-refresh-contents RET
>
> and didn't get any error.
I suppose it's worth asking (but apologies if I misunderstand what's
happening under the hood): did you perform this test with an empty
keyring (or just with what's available in Debian's Emacs-25.1
installation)? I suspect that you already have the new public key in
your keyring, so you wouldn't experience the problem.
> It's a brand new key that is now in etc/package-keyring.gpg in the
> `master` branch of Emacs, as well as in the `gnu-elpa-keyring-update`
> package in GNU ELPA.
>
> This is because the key 474F05837FBDEF9B is about to expire (it's
> really high time we start preparing for the new key).
OK, that should make things easy enough. Of course, I hadn't seen that
package because I was unable to update my archives!
Unfortunately, installing the package (after temporarily disabling sig
verification) doesn't solve the problem for me. Am I correct to assume
that the package should "just work" after installing (and restarting
Emacs)? Just for fun I tried manually running gnu-elpa-keyring-update,
which resulted in this this:
Debugger entered--Lisp error: (error "Can’t find the keyring.gpg file with the
new keys")
signal(error ("Can’t find the keyring.gpg file with the new keys"))
error("Can't find the keyring.gpg file with the new keys")
gnu-elpa-keyring-update--keyring()
gnu-elpa-keyring-update()
eval((gnu-elpa-keyring-update) nil)
eval-expression((gnu-elpa-keyring-update) nil nil 127)
funcall-interactively(eval-expression (gnu-elpa-keyring-update) nil nil 127)
call-interactively(eval-expression nil nil)
command-execute(eval-expression)
gnu-elpa-keyring-update--keyring has the value
"etc/gnu-elpa-keyring.gpg", which doesn't exist relative to any relevant
paths that I can think of. The files in .emacs.d/elpa/gnupg haven't
been modified.
I looked at the ELPA git repo and saw that the keyring should be
distributed in the etc subdirectory of the package. So I tried manually
downloading the keyring from elpa.gnu.org via wget, however I got a 404
error (trying different reasonable URLs). I then manually downloaded it
from the ELPA git repository and put it in
.emacs.d/elpa/gnu-elpa-keyring-update-2019.0/etc et voila! Success.
So, I guess the "bug" at this point is that it would appear that the
keyring isn't properly installed with the keyring-update package. I
apologize for the original noise, since you obviously had already
considered and worked on a fix for the underlying problem.
Thanks for your help!
--
-brandon
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Brandon Invergo, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Glenn Morris, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Stefan Monnier, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key,
Brandon Invergo <=
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Stefan Monnier, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Stefan Monnier, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Glenn Morris, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Eli Zaretskii, 2019/04/25
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Brandon Invergo, 2019/04/25