FS#42966 - [pacman-key] --lsign-key is broken with gnupg 2.1

Attached to Project: Pacman
Opened by Stefan Tatschner (rumpelsepp) - Sunday, 30 November 2014, 20:42 GMT
Last edited by Gaetan Bisson (vesath) - Monday, 08 December 2014, 02:13 GMT
Task Type Bug Report
Category General
Status Closed
Assigned To Allan McRae (Allan)
Gaetan Bisson (vesath)
Architecture All
Severity Low
Priority Normal
Reported Version 4.1.2
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 5
Private No

Details

I can't sign a key locally with gnupg 2.1, see also here: https://bbs.archlinux.org/viewtopic.php?pid=1480281#p1480281

# pacman-key -r 941C2A25
gpg: key 941C2A25: "Antonio Rojas <nobody@domain.tld>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
==> Updating trust database...
gpg: next trustdb check due at 2014-12-31
# pacman-key --lsign-key 941C2A25
-> Locally signing key 941C2A25...
==> ERROR: 941C2A25 could not be locally signed.

# pacman-key -f 7A4E76095D8A52E4
pub rsa4096/941C2A25 2014-10-21
Key fingerprint = 9D74 DF6F 91B7 BDAB D581 5CA8 4AC5 588F 941C 2A25
uid [marginal] Antonio Rojas <nobody@domain.tld>
uid [marginal] Antonio Rojas <nobody@domain.tld>
uid [marginal] Antonio Rojas <nobody@domain.tld>
uid [marginal] Antonio Rojas <nobody@domain.tld>
sub rsa2048/5D8A52E4 2014-11-07
sub rsa2048/4C6E5289 2014-11-07

note: email is anonymised
This task depends upon

Closed by  Gaetan Bisson (vesath)
Monday, 08 December 2014, 02:13 GMT
Reason for closing:  Fixed
Additional comments about closing:  News posted.
Comment by Claire Farron (clfarron4) - Sunday, 30 November 2014, 20:56 GMT
I have the same problem.

~ % sudo pacman-key --recv-keys E6366A92
gpg: key E6366A92: public key "Claire Farron <diesal3@googlemail.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
==> Updating trust database...
~ % sudo pacman-key --lsign-key E6366A92
-> Locally signing key E6366A92...
==> ERROR: E6366A92 could not be locally signed.

No point in obfuscating the e-mails since my public key is public.
Comment by Allan McRae (Allan) - Monday, 01 December 2014, 00:50 GMT
I have located the source of the problem and will post a solution soon.
Comment by Adam Garibay (garibreezy) - Thursday, 04 December 2014, 20:46 GMT
My workaround is adding the lines discribed here in post two
https://bbs.archlinux.org/viewtopic.php?id=190522

After this has been done I register the key using "pacman-key -r"

For an unknown reason the "--lsign-key" option does still not work, but you can do "pacman-key --edit-key (key)" and then "lsign" and select yes for all questions.

I'm not sure if this is the proper way of doing this, and I would like to hear more feedback. Seems like way to much to add repo-ck.

Loading...