The value of the subpacket type octet may be:
0 = Reserved
1 = Reserved
2 = Signature Creation Time
3 = Signature Expiration Time
4 = Exportable Certification
5 = Trust Signature
6 = Regular _expression_
7 = Revocable
8 = Reserved
9 = Key Expiration Time
10 = Placeholder for backward compatibility
11 = Preferred Symmetric Algorithms
12 = Revocation Key
13 = Reserved
14 = Reserved
15 = Reserved
16 = Issuer
17 = Reserved
18 = Reserved
19 = Reserved
20 = Notation Data
21 = Preferred Hash Algorithms
22 = Preferred Compression Algorithms
23 = Key Server Preferences
24 = Preferred Key Server
25 = Primary User ID
26 = Policy URI
27 = Key Flags
28 = Signer's User ID
29 = Reason for Revocation
30 = Features
31 = Signature Target
32 = Embedded Signature
100 To 110 = Private or experimentalso I suspect something has added to the original spec - which package, and how was it signed?
Regards,
Alistair
>Number: 54048
>Category: pkg
>Synopsis: pkg_admin unable to verify signature
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Mar 08 19:25:00 +0000 2019
>Originator: Tiago Seco
>Release: NetBSD 8.0 (GENERIC)
>Organization:
>Environment:
NetBSD localhost 8.0 NetBSD 8.0 (GENERIC) #0: Tue Jul 17 14:59:51 UTC 2018 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
pkg_admin fetch-pkg-vulnerabilities -s fails when verifying the signature with the following:
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
Ignoring unusual/reserved signature subpacket 33
pkg_admin: unable to verify signature: Signature key id 706b677372632d73 not found
--
gpg settings and keys:
localhost# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/9F80359C 2018-04-19 [expires: 2019-05-14]
uid pkgsrc Security Team <pkgsrc-security%pkgsrc.org@localhost>
uid pkgsrc Security Team <pkgsrc-security%NetBSD.org@localhost>
sub 4096R/FE41A229 2018-04-19 [expires: 2019-05-14]
localhost# pkg_admin config-var GPG
/usr/pkg/bin/gpg
>How-To-Repeat:
curl -sS https://pkgsrc.org/pkgsrc-security_pgp_key.asc | gpg --import
pkg_admin fetch-pkg-vulnerabilities -s
>Fix: