Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gpgv: keydb_search failed: invalid packet #822

Open
fd98279 opened this issue Mar 18, 2019 · 3 comments
Open

gpgv: keydb_search failed: invalid packet #822

fd98279 opened this issue Mar 18, 2019 · 3 comments

Comments

@fd98279
Copy link

fd98279 commented Mar 18, 2019
edited
Loading

gpgv: keydb_search failed: invalid packet

Detailed Description

Trying to run this command as per tutorial on Debian 10 (Worked on Ubuntu 18.04) . Fails with error:
aptly mirror create -architectures=amd64 -keyring=trustedkeys.gpg -filter='Priority (required) | Priority (important) | Priority (standard)' stretch-main http://ftp.us.debian.org/debian/ stretch main
Downloading http://ftp.us.debian.org/debian/dists/stretch/InRelease...
Downloading http://ftp.us.debian.org/debian/dists/stretch/Release...
Downloading http://ftp.us.debian.org/debian/dists/stretch/Release.gpg...
gpgv: Signature made Sat 16 Feb 2019 10:57:48 AM UTC using RSA key ID 46925553
gpgv: [don't know]: invalid packet (ctb=00)
gpgv: keydb_search failed: invalid packet
gpgv: Can't check signature: public key not found
gpgv: Signature made Sat 16 Feb 2019 10:57:48 AM UTC using RSA key ID 2B90D010
gpgv: [don't know]: invalid packet (ctb=00)
gpgv: keydb_search failed: invalid packet
gpgv: Can't check signature: public key not found
gpgv: Signature made Sat 16 Feb 2019 11:04:31 AM UTC using RSA key ID 1A7B6500
gpgv: [don't know]: invalid packet (ctb=00)
gpgv: keydb_search failed: invalid packet
gpgv: Can't check signature: public key not found
ERROR: unable to fetch mirror: verification of detached signature failed: exit status 2

I executed this command to add the public keys to the keyring (as suggested by the aptly mirror create command):
gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver pool.sks-keyservers.net --recv-keys 8B48AD6246925553 7638D0442B90D010 EF0F382A1A7B6500

Keys in my trustedkeys.gpg keyring:
$ gpg --no-default-keyring --keyring trustedkeys.gpg --list-keys
~/.gnupg/trustedkeys.gpg

pub rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
067E3C456BAE240ACEE88F6FEF0F382A1A7B6500
uid [ unknown] Debian Stable Release Key (9/stretch) debian-release@lists.debian.org

pub rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
126C0D24BD8A2942CC7DF8AC7638D0442B90D010
uid [ unknown] Debian Archive Automatic Signing Key (8/jessie) ftpmaster@debian.org

pub rsa4096 2012-04-27 [SC] [expires: 2020-04-25]
A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553
uid [ unknown] Debian Archive Automatic Signing Key (7.0/wheezy) ftpmaster@debian.org

Context

Possible Implementation

Your Environment

Debain 10

$ dpkg -l | grep gpg
ii gpg 2.2.12-1 amd64 GNU Privacy Guard -- minimalist public key operations
ii gpg-agent 2.2.12-1 amd64 GNU privacy guard - cryptographic agent
ii gpg-wks-client 2.2.12-1 amd64 GNU privacy guard - Web Key Service client
ii gpg-wks-server 2.2.12-1 amd64 GNU privacy guard - Web Key Service server
ii gpgconf 2.2.12-1 amd64 GNU privacy guard - core configuration utilities
ii gpgsm 2.2.12-1 amd64 GNU privacy guard - S/MIME version
ii gpgv 2.2.12-1 amd64 GNU privacy guard - signature verification tool
ii gpgv1 1.4.23-1 amd64 GNU privacy guard - signature verification tool (deprecated "classic" version)
ii libgpg-error0:amd64 1.35-1 amd64 GnuPG development runtime library
@vexingcodes
Copy link

Saw the same error today. I got it to work by specifying gpg1 rather than gpg when running the key import command:

gpg1 --no-default-keyring --keyring trustedkeys.gpg --keyserver pool.sks-keyservers.net --recv-keys 8B48AD6246925553 7638D0442B90D010 EF0F382A1A7B6500

I'm not sure this is the "right" thing to do, but it does cause the commands to succeed.

@baby-gnu
Copy link

baby-gnu commented Jul 4, 2019

Looks like it does not work with gpg2

@mpas97
Copy link

mpas97 commented Aug 29, 2019

I have the same issue. I've debugged a lot and here are my results:
If I run the command using internal as gpg provider
aptly -keyring=trustedkeys.gpg -gpg-provider=internal mirror create
I get the following error:
openpgp: invalid data: tag byte does not have MSB set
So I looked for similar issues and I found this one.
As written there, a way to fix the issue is to export the keyring file again to have everything in the right format. My command:
gpg --no-default-keyring --keyring /root/.gnupg/trustedkeys.gpg --export --output /root/.gnupg/newkeyring.gpg
Running aptly -keyring=newkeyring.gpg mirror create works fine now.

But to the wrong format problem, this had to happen when we imported the keys like in
gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export | gpg --no-default-keyring --keyring /root/.gnupg/trustedkeys.gpg --import.
I retried the whole thing but using the > command (instead of gpg --import) to write the export directly into a file and surprise, the aptly mirror create works out of the box.
So use gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export > /root/.gnupg/trustedkeys.gpg at the beginning and you should be fine.

@realchrisolin realchrisolin mentioned this issue Sep 29, 2020
Closed
@sdelafond sdelafond mentioned this issue Feb 11, 2022
Closed
@DClabaut DClabaut mentioned this issue Dec 19, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@baby-gnu @fd98279 @mpas97 @vexingcodes