#942413 [emacs] Installation of packages from GNU ELPA fails due to expired key

#942413#5
Date:
2019-10-15 21:40:13 UTC
From:
To:
--- Please enter the report below this line. ---

The key for signing the emacs packages in the official GNU ELPA archive has changed.
The key included in this emacs version has expired.
This disables the download of the archive list as well as any package from elpa.

The measures listed on https://elpa.gnu.org/packages/gnu-elpa-keyring-update.html
can only partly fix this situation, it leads to:

package-install-from-archive: https://elpa.gnu.org/packages/gnu-elpa-keyring-update-2019.3.tar: Bad Request

Please update the included keyring (or use a newer upstream where it's included).

Debian Release: 10.1
  990 stable          security.debian.org
  990 stable          ftp2.de.debian.org
  500 stable-updates  ftp2.de.debian.org
--- Package information. ---
Depends            (Version) | Installed
============================-+-=============
emacs-gtk       (>= 1:26.1)  | 1:26.1+1-3.2
 OR emacs-lucid (>= 1:26.1)  |
 OR emacs-nox    (>= 1:26.1) |


Package's Recommends field is empty.

Package's Suggests field is empty.

#942413#10
Date:
2019-10-16 00:21:41 UTC
From:
To:
Michael Kesper <mkesper@schokokeks.org> writes:

I believe the fixes should be in buster-updates and bullseye:

https://packages.debian.org/emacs
https://metadata.ftp-master.debian.org/changelogs//main/e/emacs/emacs_26.1+1-3.2+deb10u1_changelog
https://metadata.ftp-master.debian.org/changelogs//main/e/emacs/emacs_26.1+1-4_changelog

but please feel free to re-open the bug if if you don't feel that
adequately addresses the problem.

Thanks

#942413#15
Date:
2019-10-16 00:21:41 UTC
From:
To:
Michael Kesper <mkesper@schokokeks.org> writes:

I believe the fixes should be in buster-updates and bullseye:

https://packages.debian.org/emacs
https://metadata.ftp-master.debian.org/changelogs//main/e/emacs/emacs_26.1+1-3.2+deb10u1_changelog
https://metadata.ftp-master.debian.org/changelogs//main/e/emacs/emacs_26.1+1-4_changelog

but please feel free to re-open the bug if if you don't feel that
adequately addresses the problem.

Thanks

#942413#22
Date:
2019-10-16 08:04:07 UTC
From:
To:
Dear maintainers,

I don't think this is an adequate solution as that version does not get installed
by default, even if buster-updates are enabled.
The version in buster is just broken without this patch.

$ LANG=C apt policy emacs
emacs:
  Installed: 1:26.1+1-3.2
  Candidate: 1:26.1+1-3.2
  Version table:
     1:26.1+1-3.2+deb10u1 500
        500 http://ftp2.de.debian.org/debian buster-updates/main amd64 Packages
        500 http://ftp2.de.debian.org/debian buster-updates/main i386 Packages
 *** 1:26.1+1-3.2 990
        990 http://ftp2.de.debian.org/debian buster/main amd64 Packages
        990 http://ftp2.de.debian.org/debian buster/main i386 Packages
        100 /var/lib/dpkg/status

Bye
Michael

#942413#27
Date:
2019-10-17 01:29:55 UTC
From:
To:
Michael Kesper <mkesper@schokokeks.org> writes:

Sure, until the buster-updates make it in to buster proper (unless the
default priorities are changed in /etc/apt/preferences --
apt-preferences(5))?

Assuming I don't misunderstand the situation.

Thanks

#942413#32
Date:
2020-05-11 07:56:12 UTC
From:
To:
I see the same output, but in my case I have already manually fetched the latest signing key
and imported it into ~/.emacs.d/elpa/gnupg, namely 066DAFCB81E42C40. So my problem
may be different, or it may be another subtle aspect of the same problem.

Please see also my question on stackexchange:
https://emacs.stackexchange.com/questions/58424/is-elpa-broken

#942413#37
Date:
2020-07-15 05:00:44 UTC
From:
To:
Is it upstream 26.3 that fixes this?  What process would bring 26.3 to
buster?

On Tue, 15 Oct 2019 23:40:13 +0200 Michael Kesper wrote:

 > Package: emacs
 > Version: 1:26.1+1-3.2
 > Severity: important
 >
 > --- Please enter the report below this line. ---
 >
 > The key for signing the emacs packages in the official GNU ELPA
archive has changed.
 > The key included in this emacs version has expired.
 > This disables the download of the archive list as well as any package
from elpa.
 >
 > The measures listed on
https://elpa.gnu.org/packages/gnu-elpa-keyring-update.html
 > can only partly fix this situation, it leads to:
 >
 > package-install-from-archive:
https://elpa.gnu.org/packages/gnu-elpa-keyring-update-2019.3.tar: Bad
Request
 >
 > Please update the included keyring (or use a newer upstream where
it's included).
 >
 > --- System information. ---
 > Architecture:
 > Kernel: Linux 4.19.0-6-amd64
 >
 > Debian Release: 10.1
 > 990 stable security.debian.org
 > 990 stable ftp2.de.debian.org
 > 500 stable-updates ftp2.de.debian.org
 >
 > --- Package information. ---
 > Depends (Version) | Installed
 > ============================-+-=============
 > emacs-gtk (>= 1:26.1) | 1:26.1+1-3.2
 > OR emacs-lucid (>= 1:26.1) |
 > OR emacs-nox (>= 1:26.1) |
 >
 >
 > Package's Recommends field is empty.
 >
 > Package's Suggests field is empty.
 >

#942413#42
Date:
2021-01-20 06:16:33 UTC
From:
To:
There is no way really to get 26.3 into Buster, but there is a bug #969971 which requests additional updates for the version in Buster to fix this.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969971

/* era */