bug#71918: [DOCUMENTATION] the suggested key import method for `guix refresh` doesn't work

[Attila Lendvai]

context:
--------

i was trying to:

$ ./pre-inst-env guix refresh --update dropbear

but the key is not imported, because "no user ID". apparently some keyservers 
drop the user id for privacy reasons.


the problem:
------------

then i went to the manual, and it suggests:

$ gpg --export rms@gnu.org | kbxutil --import-openpgp >> mykeyring.kbx

and i ran:

$ curl https://matt.ucc.asn.au/dropbear/releases/dropbear-key-2015.asc | gpg 
--import
$ gpg --export F7347EF2EE2E07A267628CA944931494F29C6773 | kbxutil 
--import-openpgp >>~/.config/guix/upstream/trustedkeys.kbx

it ran without errors, but when i tried to guix refresh it failed with:

gpgv: [don't know]: invalid packet (ctb=00)

i double checked, and made sure the trustedkeys.kbx was empty prior to running 
the above.


analysis:
---------

i ran the following after guix refresh has successfully imported the key:

$ gpg --export F7347EF2EE2E07A267628CA944931494F29C6773 | kbxutil 
--import-openpgp >x
$ file x
x: data
$ file ~/.config/guix/upstream/trustedkeys.kbx
/home/user/.config/guix/upstream/trustedkeys.kbx: OpenPGP Public Key Version 4, 
Created Mon Jun 29 12:53:01 2015, RSA (Encrypt or Sign, 4096 bits)
$ ll x
-rw-r--r-- 1 user users 1883 Jul  3 16:41 x
$ ll ~/.config/guix/upstream/trustedkeys.kbx
-rw-r--r-- 1 user users 1208 Jul  3 16:18 
/home/user/.config/guix/upstream/trustedkeys.kbx

i.e. what the manual suggests results in a different file format than what guix 
refresh creates/expects.


workaround:
-----------

in the end i cleared the trustedkeys.kbx file, and i used another keyserver 
that doesn't strip the ID:

./pre-inst-env guix refresh --key-server="hkps://keyserver.ubuntu.com" --update 
dropbear

--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“Good people don’t need laws to tell them to act responsibly, and bad people 
will find a way around the laws.”
        — Plato (c. 427–347 BC)