Multiple people reports issues when doing gpg --refresh-keys (or likely specifically --check-trustdb that is implied behavior when the previous finds updates). Trying to narrow it down gpg: Total number processed: 664 gpg: unchanged: 651 gpg: new signatures: 1249 gpg: [don't know]: invalid packet (ctb=21) gpg: keyring_get_keyblock: read error: Invalid packet gpg: keyring_get_keyblock failed: Invalid keyring gpg: failed to rebuild keyring cache: Invalid keyring gpg: [don't know]: invalid packet (ctb=38) gpg: keyring_get_keyblock: read error: Invalid packet gpg: keydb_get_keyblock failed: Invalid keyring gpg: keydb_search failed: Invalid keyring gpg: public key of ultimately trusted key 47DCC4A825D5DBB4 not found gpg: [don't know]: invalid packet (ctb=7c) gpg: keyring_get_keyblock: read error: Invalid packet gpg: keydb_get_keyblock failed: Invalid keyring gpg: keydb_search failed: Invalid keyring gpg: public key of ultimately trusted key F2097FC5C40D00D2 not found gpg: [don't know]: invalid packet (ctb=55) gpg: keyring_get_keyblock: read error: Invalid packet gpg: keydb_get_keyblock failed: Invalid keyring gpg: keydb_search failed: Invalid keyring gpg: public key of ultimately trusted key 49549808154ABE02 not found gpg: [don't know]: partial length invalid for packet type 27 gpg: keyring_get_keyblock: read error: Invalid packet gpg: keydb_get_keyblock failed: Invalid keyring gpg: keydb_search failed: Invalid keyring gpg: public key of ultimately trusted key 13C658AFF6E87884 not found gpg: [don't know]: invalid packet (ctb=67) gpg: keyring_get_keyblock: read error: Invalid packet gpg: keydb_get_keyblock failed: Invalid keyring gpg: keydb_search failed: Invalid keyring gpg: public key of ultimately trusted key 43FE956C542CA00B not found gpg: [don't know]: invalid packet (ctb=06) gpg: keyring_get_keyblock: read error: Invalid packet gpg: keydb_get_keyblock failed: Invalid keyring gpg: keydb_search failed: Invalid keyring gpg: public key of ultimately trusted key 1088280EC805EAEA not found gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: [don't know]: invalid packet (ctb=00) gpg: keyring_get_keyblock: read error: Invalid packet gpg: keydb_get_keyblock failed: Invalid keyring gpg: validate_key_list failed
I'm contemplating p.masking 2.1.20 until this is narrowed down
(In reply to Kristian Fiskerstrand from comment #1) > I'm contemplating p.masking 2.1.20 until this is narrowed down Seems it only affects the old keyring format (pubring.gpg) and not the newer keybox format (pubring.kbx) that is created by default for new setups (old setups can migrate to it by moving pubring.gpg out of gnupg homedir and doing an --import along with a trustdb export and import)
This is fixed upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=22739433e98be80e46fe7d01d52a9627c1aebaae
commit 68d406d2de327f13ad3906d50c458c9727f7e024 Author: Kristian Fiskerstrand <k_f@gentoo.org> Date: Tue May 9 14:59:22 2017 +0200 app-crypt/gnupg: Fix regression from 2.1.19 Gentoo-Bug: 616336 Package-Manager: Portage-2.3.3, Repoman-2.3.1