From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Brandon Invergo Newsgroups: gmane.emacs.bugs Subject: bug#35414: 26.2; ELPA packages signed with second, unknown key Date: Wed, 24 Apr 2019 23:03:29 +0100 Message-ID: <875zr36oy6.fsf@invergo.net> References: <87mukfsgtb.fsf@invergo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="76095"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: mu4e 1.2.0; emacs 26.2 Cc: 35414@debbugs.gnu.org To: Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Apr 25 00:04:27 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1hJQ09-000JZ9-LJ for geb-bug-gnu-emacs@m.gmane.org; Thu, 25 Apr 2019 00:04:26 +0200 Original-Received: from localhost ([127.0.0.1]:47853 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJQ08-0005F8-Mr for geb-bug-gnu-emacs@m.gmane.org; Wed, 24 Apr 2019 18:04:24 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:58144) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJQ01-0005Eq-VA for bug-gnu-emacs@gnu.org; Wed, 24 Apr 2019 18:04:19 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJPzx-00083Q-P1 for bug-gnu-emacs@gnu.org; Wed, 24 Apr 2019 18:04:17 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:43136) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hJPzl-000810-UQ for bug-gnu-emacs@gnu.org; Wed, 24 Apr 2019 18:04:06 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hJPzl-000238-OS for bug-gnu-emacs@gnu.org; Wed, 24 Apr 2019 18:04:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Brandon Invergo Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 24 Apr 2019 22:04:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 35414 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 35414-submit@debbugs.gnu.org id=B35414.15561434267858 (code B ref 35414); Wed, 24 Apr 2019 22:04:01 +0000 Original-Received: (at 35414) by debbugs.gnu.org; 24 Apr 2019 22:03:46 +0000 Original-Received: from localhost ([127.0.0.1]:56680 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJPzW-00022f-EB for submit@debbugs.gnu.org; Wed, 24 Apr 2019 18:03:46 -0400 Original-Received: from orchid.birch.relay.mailchannels.net ([23.83.209.137]:61317) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJPzS-00022V-Uw for 35414@debbugs.gnu.org; Wed, 24 Apr 2019 18:03:43 -0400 X-Sender-Id: dreamhost|x-authsender|brandon@invergo.net Original-Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 3D6CF5E03E8; Wed, 24 Apr 2019 22:03:38 +0000 (UTC) Original-Received: from pdx1-sub0-mail-a45.g.dreamhost.com (100-96-7-81.trex.outbound.svc.cluster.local [100.96.7.81]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 86CE05E2657; Wed, 24 Apr 2019 22:03:36 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|brandon@invergo.net Original-Received: from pdx1-sub0-mail-a45.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Wed, 24 Apr 2019 22:03:38 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|brandon@invergo.net X-MailChannels-Auth-Id: dreamhost X-Arch-Skirt: 4ee87fce76f8ad25_1556143417885_2194403274 X-MC-Loop-Signature: 1556143417885:616993006 X-MC-Ingress-Time: 1556143417884 Original-Received: from pdx1-sub0-mail-a45.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a45.g.dreamhost.com (Postfix) with ESMTP id DA2737F1FF; Wed, 24 Apr 2019 15:03:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=invergo.net; h=references :from:to:cc:subject:in-reply-to:date:message-id:mime-version :content-type:content-transfer-encoding; s=invergo.net; bh=kUlKW fv8rIPGV77OTMUOR+zrsKQ=; b=K53ZJPI064vOfjlwDDduBo4NkfN0oVS5zmCrw gZjAeD6Sd/1AUORRKONtWXX1xAXlMcpc0hjW5ljjG8wKRvBKC65ciVh1co37tgFr ALfFEszU7DKo0LC4D7EEbfYwcDgrBa8/ET/uN0oahR9vPl/bd5bYz3WCPAYDlHSf 6TDWi4= Original-Received: from localhost (cpc88606-newt36-2-0-cust493.19-3.cable.virginm.net [86.6.93.238]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: brandon@invergo.net) by pdx1-sub0-mail-a45.g.dreamhost.com (Postfix) with ESMTPSA id DAF1F7F1F4; Wed, 24 Apr 2019 15:03:32 -0700 (PDT) X-DH-BACKEND: pdx1-sub0-mail-a45 In-reply-to: X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduuddrheefgddtgecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpehffgfhvffujgffkfggtgfgsehtqhertddtreejnecuhfhrohhmpeeurhgrnhguohhnucfknhhvvghrghhouceosghrrghnughonhesihhnvhgvrhhgohdrnhgvtheqnecuffhomhgrihhnpehgnhhurdhorhhgnecukfhppeekiedriedrleefrddvfeeknecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepkeeirdeirdelfedrvdefkedprhgvthhurhhnqdhprghthhepuehrrghnughonhcukfhnvhgvrhhgohcuoegsrhgrnhguohhnsehinhhvvghrghhordhnvghtqedpmhgrihhlfhhrohhmpegsrhgrnhguohhnsehinhhvvghrghhordhnvghtpdhnrhgtphhtthhopeefheegudegseguvggssghughhsrdhgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:158207 Archived-At: Stefan Monnier writes: >> I assume (without checking) that this is related to the key from >> http://lists.gnu.org/r/emacs-diffs/2019-04/msg00546.html > > Hmm... Indeed: this new keyring contains two keys (the old 2014 key > which will expire in September and a new key to replace it). I see. Sorry, I only searched the bugs list but not the diffs list! > Hmm... I just tried with Debian's Emacs-25.1 and with a new build from > the `emacs-26` branch: > > emacs -Q --eval '(setq package-check-signature t) > M-x package-list-packages RET > M-x package-refresh-contents RET > > and didn't get any error. I suppose it's worth asking (but apologies if I misunderstand what's happening under the hood): did you perform this test with an empty keyring (or just with what's available in Debian's Emacs-25.1 installation)? I suspect that you already have the new public key in your keyring, so you wouldn't experience the problem. > It's a brand new key that is now in etc/package-keyring.gpg in the > `master` branch of Emacs, as well as in the `gnu-elpa-keyring-update` > package in GNU ELPA. > > This is because the key 474F05837FBDEF9B is about to expire (it's > really high time we start preparing for the new key). OK, that should make things easy enough. Of course, I hadn't seen that package because I was unable to update my archives! Unfortunately, installing the package (after temporarily disabling sig verification) doesn't solve the problem for me. Am I correct to assume that the package should "just work" after installing (and restarting Emacs)? Just for fun I tried manually running gnu-elpa-keyring-update, which resulted in this this: Debugger entered--Lisp error: (error "Can=E2=80=99t find the keyring.gpg fi= le with the new keys") signal(error ("Can=E2=80=99t find the keyring.gpg file with the new keys"= )) error("Can't find the keyring.gpg file with the new keys") gnu-elpa-keyring-update--keyring() gnu-elpa-keyring-update() eval((gnu-elpa-keyring-update) nil) eval-expression((gnu-elpa-keyring-update) nil nil 127) funcall-interactively(eval-expression (gnu-elpa-keyring-update) nil nil 1= 27) call-interactively(eval-expression nil nil) command-execute(eval-expression) gnu-elpa-keyring-update--keyring has the value "etc/gnu-elpa-keyring.gpg", which doesn't exist relative to any relevant paths that I can think of. The files in .emacs.d/elpa/gnupg haven't been modified. I looked at the ELPA git repo and saw that the keyring should be distributed in the etc subdirectory of the package. So I tried manually downloading the keyring from elpa.gnu.org via wget, however I got a 404 error (trying different reasonable URLs). I then manually downloaded it from the ELPA git repository and put it in .emacs.d/elpa/gnu-elpa-keyring-update-2019.0/etc et voila! Success. So, I guess the "bug" at this point is that it would appear that the keyring isn't properly installed with the keyring-update package. I apologize for the original noise, since you obviously had already considered and worked on a fix for the underlying problem. Thanks for your help! -- -brandon