FS#43479 : [devtools] Handling of gnupg 2.1.x public keyring

FS#43479 - [devtools] Handling of gnupg 2.1.x public keyring

Attached to Project: Arch Linux
Opened by Christian Hesse (eworm) - Friday, 16 January 2015, 22:57 GMT
Last edited by Pierre Schmitz (Pierre) - Thursday, 14 May 2015, 08:37 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Pierre Schmitz (Pierre) Dave Reisner (falconindy)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
devtools helper scripts know how to handle public keyring from ~/.gnupg/pubring.gpg. This file is created by gnupg before 2.1 and gnupg 2.1.x can handle it when present. However gnupg 2.1.x does create a file ~/.gnupg/pubring.kbx if no configuration is found. This breaks devtools helper scripts.
https://www.gnupg.org/faq/whats-new-in-2.1.html#sec-1-11

Additional info:
devtools 20141224-1

Steps to reproduce:
$ mv ~/.gnupg/pubring.gpg ~/.gnupg/publickeys
$ gpg --import ~/.gnupg/publickeys
$ makechrootpkg -r ~chroots/extra-x86_64/
[...]
==> Verifying source file signatures with gpg...
archive.tar.gz ... FAILED (unknown public key DEADBEEF)

This task depends upon

Closed by Pierre Schmitz (Pierre)
Thursday, 14 May 2015, 08:37 GMT
Reason for closing: Fixed

Comment by Christian Hesse (eworm) - Friday, 16 January 2015, 23:02 GMT

And the workaround is pretty simple...

$ rm ~/.gnupg/pubring.kbx
$ touch ~/.gnupg/pubring.gpg

After that gnupg will use the old file.

Comment by Christian Hesse (eworm) - Friday, 16 January 2015, 23:07 GMT

This should fix it...

0001-handle-gnupg-2.1.x-publi... (0.9 KiB)

Comment by Joakim Hernberg (jhernberg) - Saturday, 28 February 2015, 15:04 GMT

FWIW, this fixes the issue for me.

Comment by Evangelos Foutras (foutrelis) - Thursday, 05 March 2015, 09:26 GMT

I reopened this because the case of both pubring.kbx and pubring.gpg files existing isn't handled correctly.

For example, take the following real case:

$ ls -l ~/.gnupg | grep pubring | grep -v ~$
-rw------- 1 someuser users 1284991 7. Feb 09:44 pubring.gpg
-rw-r--r-- 1 someuser users 13673 7. Sep 2007 pubring.kbx

Obviously the keyring from 2007 isn't the one we want to copy to the chroot.

We could either prioritize pubring.gpg or simply copy both files.

Comment by Christian Hesse (eworm) - Thursday, 05 March 2015, 09:34 GMT

Ah, looks like you hit a case where pubring.kbx was created by gpgsm.
Probably we should copy both files then.

Comment by Christian Hesse (eworm) - Friday, 06 March 2015, 07:42 GMT

This is my proposed fix. Should be pretty straight forward...

0001-fix-handling-of-public-k... (1 KiB)

Comment by Doug Newgard (Scimmia) - Wednesday, 13 May 2015, 20:16 GMT

Patches should be sent to the arch-projects mailing list.

Comment by Pierre Schmitz (Pierre) - Thursday, 14 May 2015, 08:37 GMT

Thanks for the patch. Got hit by the issue as well.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#43479 - [devtools] Handling of gnupg 2.1.x public keyring

Details

Loading...