When using gpgv-sq as gpgv, apt (emits warnings due to errors from gpgv not parsing those options. With apt 2.9.1, where using these options got added in apt 2.7.13, when doing apt update one gets something like:
W: https://<repo-url>/InRelease: Unknown response from gpgv to --assert-pubkey-algo check: gpgv: error: Error parsing command-line arguments
For each configured repository.
Designs
Child items
0
Show closed items
No child items are currently assigned. Use child items to break down this issue into smaller parts.
Linked items
0
Link issues together to show that they're related or that one is blocking others.
Learn more.
Related merge requests
1
When this merge request is accepted, this issue will be closed automatically.
if [ "$ASSERT_PUBKEY_ALGO" ]; then test="$(LC_ALL=C.UTF-8 "$GPGV" --assert-pubkey-algo 2>&1 || :)" case "$test" in *"missing argument"*) GPGV_ARGS="--assert-pubkey-algo=$ASSERT_PUBKEY_ALGO" ;; *[Ii]"nvalid option"*"assert-pubkey-algo"*) ;; *) apt_warn "Unknown response from gpgv to --assert-pubkey-algo check: $test" ;; esac fi
Any word on attempting to fix this? This makes a system with gpgv-from-sq installed appear to be broken. It's probably worth raising as an issue in apt as well, since apt shouldn't be this brittle -- but maybe the apt devs see this brittleness as a feature?
For the record, the semantics are BONKERS. For example, gpg --assert-pubkey-algo '>=ed448' will accept Ed25519 signatures, because as compare_pubkey_string will tell you, 25519 >= 448.
For the record, i was expecting the resolution to be something like "make error messages for missing arguments more closely align with g10code error messages". I do not think this interface is a reasonable interface to expect other implementations to adopt.
I just upgraded to gpgv-sq 0.9.0 and was hoping to see these warnings go away. it looks like the fixes are not part of any released version, unfortunately. Any chance of cutting a new release?
Seems to me that apt is matching on the exact error message when trying to autodetect support for --assert-pubkey-algo. I would very much like to keep the improved error message. There is a better way to check whether a parameter is known to gpg/gpgv: