bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#35414: 26.2; ELPA packages signed with second, unknown key

From: Brandon Invergo
Subject: bug#35414: 26.2; ELPA packages signed with second, unknown key
Date: Wed, 24 Apr 2019 23:03:29 +0100
User-agent: mu4e 1.2.0; emacs 26.2 
Stefan Monnier writes:

>> I assume (without checking) that this is related to the key from
>> http://lists.gnu.org/r/emacs-diffs/2019-04/msg00546.html
>
> Hmm... Indeed: this new keyring contains two keys (the old 2014 key
> which will expire in September and a new key to replace it).

I see.  Sorry, I only searched the bugs list but not the diffs list!

> Hmm... I just tried with Debian's Emacs-25.1 and with a new build from
> the `emacs-26` branch:
>
>     emacs -Q --eval '(setq package-check-signature t)
>     M-x package-list-packages RET
>     M-x package-refresh-contents RET
>
> and didn't get any error.

I suppose it's worth asking (but apologies if I misunderstand what's
happening under the hood): did you perform this test with an empty
keyring (or just with what's available in Debian's Emacs-25.1
installation)?  I suspect that you already have the new public key in
your keyring, so you wouldn't experience the problem.

> It's a brand new key that is now in etc/package-keyring.gpg in the
> `master` branch of Emacs, as well as in the `gnu-elpa-keyring-update`
> package in GNU ELPA.
>
> This is because the key 474F05837FBDEF9B is about to expire (it's
> really high time we start preparing for the new key).

OK, that should make things easy enough.  Of course, I hadn't seen that
package because I was unable to update my archives!

Unfortunately, installing the package (after temporarily disabling sig
verification) doesn't solve the problem for me.  Am I correct to assume
that the package should "just work" after installing (and restarting
Emacs)?  Just for fun I tried manually running gnu-elpa-keyring-update,
which resulted in this this:

Debugger entered--Lisp error: (error "Can’t find the keyring.gpg file with the 
new keys")
  signal(error ("Can’t find the keyring.gpg file with the new keys"))
  error("Can't find the keyring.gpg file with the new keys")
  gnu-elpa-keyring-update--keyring()
  gnu-elpa-keyring-update()
  eval((gnu-elpa-keyring-update) nil)
  eval-expression((gnu-elpa-keyring-update) nil nil 127)
  funcall-interactively(eval-expression (gnu-elpa-keyring-update) nil nil 127)
  call-interactively(eval-expression nil nil)
  command-execute(eval-expression)

gnu-elpa-keyring-update--keyring has the value
"etc/gnu-elpa-keyring.gpg", which doesn't exist relative to any relevant
paths that I can think of.  The files in .emacs.d/elpa/gnupg haven't
been modified.

I looked at the ELPA git repo and saw that the keyring should be
distributed in the etc subdirectory of the package.  So I tried manually
downloading the keyring from elpa.gnu.org via wget, however I got a 404
error (trying different reasonable URLs).  I then manually downloaded it
from the ELPA git repository and put it in
.emacs.d/elpa/gnu-elpa-keyring-update-2019.0/etc et voila!  Success.

So, I guess the "bug" at this point is that it would appear that the
keyring isn't properly installed with the keyring-update package.  I
apologize for the original noise, since you obviously had already
considered and worked on a fix for the underlying problem.

Thanks for your help!

--
-brandon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]