On 2025-03-08 Andreas Metzler <
ametzler@bebt.de> wrote:
On 2024-11-24 Andreas Metzler <ametzler@bebt.de> wrote:
Source: libgnupg-interface-perl
Version: 1.04-4
Severity: normal
X-Debbugs-Cc: gnupg2@packages.debian.org
libgnupg-interface-perl throws testsuite erors agains gpg 2.4.6-1:
[...]
starting with 2.2.46-4 we are now also seeing a (single) testsuite error against 2.2.x:
t/get_public_keys.t ........
1..3
ok 1
ok 2
not ok 3
Failed 1/3 subtests
This is strange. Taking test/public_keys.pgp from
libgnupg-interface-perl (attached for convenience) we find a difference
in gpg output:
(sid)ametzler@argenau:/var/tmp/LIB/libgnupg-interface-perl-1.04$ rm -rf /tmp/gpghome && install -d -m0700 /tmp/gpghome && gpg --homedir /tmp/gpghome/ --import test/public_keys.pgp
gpg: keybox '/tmp/gpghome/pubring.kbx' created
gpg: key 53AE596EF950DA9C: 2 signatures not checked due to missing keys
gpg: /tmp/gpghome/trustdb.gpg: trustdb created
gpg: key 53AE596EF950DA9C: public key "GnuPG test key (for testing purposes only)" imported
gpg: key 56FFD10A260C4FA3: 6 signatures not checked due to missing keys
gpg: key 56FFD10A260C4FA3: public key "Frank J. Tobin <
ftobin@neverending.org>" imported
gpg: Total number processed: 2
gpg: imported: 2
gpg: no ultimately trusted keys found
# 2.2.46-4
(sid)ametzler@argenau:/var/tmp/LIB/libgnupg-interface-perl-1.04$ gpg --homedir /tmp/gpghome/ --armor --with-colons --fixed-list-mode --with-fingerprint --with-key-data --check-sigs -- 0x93AFC4B1B0288A104996B44253AE596EF950DA9C | grep 6FFD10A260C4FA3:
953180097
sig:!::17:56FFD10A260C4FA3:953180097::::Frank J. Tobin <
ftobin@neverending.org>:10x:::::2:
# 2.2.46-3
(sid)ametzler@argenau:/var/tmp/LIB/libgnupg-interface-perl-1.04$ gpg --homedir /tmp/gpghome/ --armor --with-colons --fixed-list-mode --with-fingerprint --with-key-data --check-sigs -- 0x93AFC4B1B0288A104996B44253AE596EF950DA9C | grep 6FFD10A260C4FA3:
953180097
sig:?::17:56FFD10A260C4FA3:953180097:::::10x:::::2:
Note "!" vs "?".
Or comparing the vanilla --check-sigs output we find that 2.2.46-3
warned about "missing keys", -4 sees "8 good signatures". (sid)ametzler@argenau:/var/tmp/LIB/libgnupg-interface-perl-1.04$ gpg --homedir /tmp/gpghome/ --check-sigs -- 0x93AFC4B1B0288A104996B44253AE596EF950DA9C > /tmp/readable-3 2>&1
# same for gpg 2.2.46-4 ... (sid)ametzler@argenau:/var/tmp/LIB/libgnupg-interface-perl-1.04$ diff /tmp/readable-?
5a6
sig! 56FFD10A260C4FA3 2000-03-16 Frank J. Tobin <ftobin@neverending.org>
8a10
sig! 56FFD10A260C4FA3 2000-03-16 Frank J. Tobin <ftobin@neverending.org>
13,14c15
< gpg: 6 good signatures
< gpg: 2 signatures not checked due to missing keys
---
gpg: 8 good signatures
cu Andreas
H4sICBilzWcAA3B1YmxpY19rZXlzLnBncACFlnk41Gsbx39mRnaGsqSMKXuWIfvShGzZlVCc NMOYkBnbCBXKYOyhLMXMlEHZtxSpTmUJFRKNCTl4FQrZt8w7nOtcr7dzztVfv+v5537uz/f5 3t/7l8N2F6KTy8QIQgDSRnFB40AvnPgedWzBtjvgjHrWDU9BlyFwMTy9okfU9ki70sNPygP4 b8sv0QJnEhld2N3jwkfjLAZDOrJU3VU77q1ESdRGlgpOf5BZdArsuM3oUxBNwF5+zHkbmTDc f7/sopF3uOZcbBL6nZN/jmU6HWrBFjQgLYucFIDqHfu9zgqgph7SMW4V+B5yruNhUuhGxqJG yS1RCBA9avGiGLPo98U2dWCccYkrrar17Kt2E/w9F2+auv31S0ytpw5SMV8+D990TqzenQQZ FTvuEnTgWuyQYlLsPK7Qf7ejRmZ4a/bU3Ziry1yzLXWZUw7KSCeYjviusQdSt19j7IVX78u2 2lrF3Jad7IPMcRY4OYiH0PgH+l+m+NKVXtdCgKghyKuzqm19SrtXeZnp4cSCgjwuoObkERtU xuZKM2OGslLUu+wrbdco6mln3ys9XJXbQ3uwoRzK+Jq/6bK2X9xzvLX+gu24mKjmMRG9wJmb Nj9OI4kasjlcuNwiTGipxCg9o/ENz4L/2yWZtRUR6iJ4hvA8CRU06hZLqEgjO0NIKIikIAg4 wA7Ss+fvF+WNErSL1X98TwTPrSFwDuzE7OaW5bXLB3EAADcX9GT5adyqPSN3bxdAVqlau+/N XUqoYNoVmn5CmWXl/9EKUE68LJOjPxiWTZgmHcyYolkafGb0V4IAcO0hcxzB3hwejAkKhvti wuDyXvjA7ZM3Dgv3JwT644MwQXA87kKYAgkN2c1qSZydh4MbDAELg0FgERAbSDSKHWQmPxkD 2ssGCHFgzO3NATa