Ohhhh jeeee: ... this is a bug (getkey.c:3284:merge_selfsigs)
Closed, ResolvedPublic

Description

mr-fox ~ # gpg --refresh-keys
gpg: refreshing 4 keys from hkp://keys.gnupg.net
gpg: key 9E6438C817072058: "Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>" 2 new signatures
gpg: key DB6B8C1F96D8BF6D: "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" 3 new signatures
gpg: key BB572E0E2D182910: "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" 3 new signatures
gpg: Total number processed: 3
gpg: new signatures: 8
gpg: [don't know]: invalid packet (ctb=39)
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keyring_get_keyblock failed: Invalid keyring
gpg: failed to rebuild keyring cache: Invalid keyring
gpg: packet(1) with unknown version 149
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring
gpg: keydb_search failed: Invalid keyring
gpg: public key of ultimately trusted key 865072CD3102D581 not found
gpg: [don't know]: invalid packet (ctb=4e)
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring
gpg: keydb_search failed: Invalid keyring
gpg: public key of ultimately trusted key 9E6438C817072058 not found
gpg: Ohhhh jeeee: ... this is a bug (getkey.c:3284:merge_selfsigs)
Aborted

see external links for more info

/enjoy

Details

External Link
https://bugs.gentoo.org/show_bug.cgi?id=628964
Version
2.1.20-r1

Related Objects

toralf created this task.Aug 26 2017, 2:59 PM
werner added a subscriber: werner.Aug 26 2017, 6:12 PM

Can you please try 2.1.23 ? We might have fixed that already.

It even worked now (few hours later) :

mr-fox ~ # gpg --refresh-keys
gpg: refreshing 4 keys from hkp://keys.gnupg.net
gpg: key 9E6438C817072058: "Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>" not changed
gpg: key DB6B8C1F96D8BF6D: "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" not changed
gpg: key BB572E0E2D182910: "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" not changed
gpg: Total number processed: 3
gpg: unchanged: 3

erratic behavior ? :-/

FWIW,
the issue might be related to a key form Gentoo, which was expired but was then later renewed (at least it is no longer expired).

The appropriate logs here from my build bot are :

gpg: Signature made Fri 25 Aug 2017 05:34:38 PM CEST
gpg: using RSA key 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910

and a day later

gpg: Signature made Fri 25 Aug 2017 05:34:38 PM CEST
gpg: using RSA key 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" [ultimate]

gniibe added a subscriber: gniibe.Sep 5 2017, 12:10 PM

I tried to reproduce the problem with gpg-2.1.22 or later, but I couldn't.
What I did was:
(1) Prepare expired key of 2D182910, by removing three signature of current public key.
(2) Set "ultimate" trust with the key.
(3) Import current public key of 2D182910.

Since it's keyring problem in 2.1.20, I suspect it is caused by T3096: Arch Linux Keys bug.

For me, I cannot replicate this issue with 2.1.20, either.

gniibe claimed this task.Sep 6 2017, 4:07 AM
gniibe closed this task as Resolved.

With following files, I managed to emulate similar experiment. My intention is to replicate.

The session is:
(1) mkdir tmp/gpg; chmod og-rx tmp/gpg
(2) cp pubring-for-test.gpg tmp/gpg/pubring.gpg
(3) gpg-2.1.20 --homedir=tmp/gpg --import test-gentoo-keys.asc

The result is:

gpg: key 9E6438C817072058: "Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>" 2 new signatures
gpg: key DB6B8C1F96D8BF6D: "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" 3 new signatures
gpg: key BB572E0E2D182910: "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" 3 new signatures
gpg: Total number processed: 3
gpg:         new signatures: 8
gpg: [don't know]: partial length invalid for packet type 33
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keyring_get_keyblock failed: Invalid keyring
gpg: failed to rebuild keyring cache: Invalid keyring
gpg: no ultimately trusted keys found

It's not exact same, but I think it is caused by same bug.

And it's the one of T3096: Arch Linux Keys bug.

So, I'm closing this bug report.