Re: Signature key id b5952cabdd765a20 not found

[Roland Illig <roland.illig%gmx.de@localhost>]

Am 01.10.2022 um 23:08 schrieb Jonathan Perkin:
> * On 2022-10-01 at 21:46 BST, Roland Illig wrote:
> > There's still a lot of work to be done until signed binary packages are
> > user-friendly. Having the packages signed is something I really like
> > though. I regard it as a basic requirement rather than a feature.
>
> There are some rough edges, but on the whole they work brilliantly and
> I've been shipping them for around 8 years now with very few complaints
> over many millions of installs.  The key migration is something I've not
> had to do up until recently, and it's hopefully a one-time thing.

Perhaps I stumbled upon the "some rough edges" and fell directly on my nose.

> pkg_info:
> unable to verify signature:
> Signature key id b5952cabdd765a20 not found

This error message was a typical technical error message, as unhelpful
as it gets. As I described in my initial mail, I consulted the usual
documentation but couldn't find any hint on how to solve this problem.

Before I fixed a few long-standing bugs in netpgp, I didn't even know
that that tool exists, and neither pkg_info(1) nor pkg_install.conf(5)
mentions it, so I still don't know how an average pkgsrc user would be
supposed to solve this problem.

It may well be that many millions of installs succeeded. I am assuming
that these installs all use a similar setup. Mine differed from the
default though, and I was treated with a dead-end error message.

Furthermore, when I tried to get more information about the signature
key, I was greeted with:

$ netpgpkeys \
    --export-key \
    --keyring=/usr/pkg/etc/gnupg/pkgsrc.gpg \
    b5952cabdd765a20

-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----
<A5><A5><A5><A5><A5><A5><A5>

That's a classical use-after-free bug, which added to my frustration.
I'm glad that I run NetBSD with MALLOC_CONF=junk:true added to my
environment, so that bugs like these become immediately visible.

Roland