On 29/01/15 16:43, Jeff King wrote:
Weird. The pubkeys are there in keyring.gpg; I wonder why the older
version of gpg has trouble extracting them (and how one was _supposed_
to export secret keys at that time).
Importing the unmodified keyring.gpg with 1.2.6 yields this:
$ gpg --homedir "$GNUPGHOME" --import /tmp/keyring.gpg
gpg: keyring `/home/tgc/gpghome/secring.gpg' created
gpg: keyring `/home/tgc/gpghome/pubring.gpg' created
gpg: key CDDE430D: secret key imported
gpg: key B7227189: secret key imported
gpg: Total number processed: 2
gpg: secret keys read: 2
gpg: secret keys imported: 2
$ gpg --homedir "$GNUPGHOME" --list-keys
$ gpg --homedir "$GNUPGHOME" --list-secret-keys
/home/tgc/gpghome/secring.gpg
-----------------------------
sec 1024D/CDDE430D 2007-06-07 C O Mitter <committer@xxxxxxxxxxx>
ssb 2048g/7703B0E5 2007-06-07
sec 2048R/B7227189 2013-03-22 Eris Discordia <discord@xxxxxxxxxxx>
ssb 2048R/29472784 2013-03-22
$
So if I understand you correctly, the tests should pass with the patch
below?
Yes, adding the pubkeys as a separate entity makes gpg 1.2.6 understand
things fine.
gnupg 1.2.6 with the patched keyring:
$ gpg --homedir "$GNUPGHOME" --import /tmp/keyring.gpg
gpg: keyring `/home/tgc/gpghome/secring.gpg' created
gpg: keyring `/home/tgc/gpghome/pubring.gpg' created
gpg: key CDDE430D: secret key imported
gpg: key B7227189: secret key imported
gpg: /home/tgc/gpghome/trustdb.gpg: trustdb created
gpg: key CDDE430D: public key "C O Mitter <committer@xxxxxxxxxxx>" imported
gpg: key B7227189: public key "Eris Discordia <discord@xxxxxxxxxxx>"
imported
gpg: Total number processed: 4
gpg: imported: 2 (RSA: 1)
gpg: secret keys read: 2
gpg: secret keys imported: 2
$ gpg --homedir "$GNUPGHOME" --list-keys
/home/tgc/gpghome/pubring.gpg
-----------------------------
pub 1024D/CDDE430D 2007-06-07 C O Mitter <committer@xxxxxxxxxxx>
sub 2048g/7703B0E5 2007-06-07
pub 2048R/B7227189 2013-03-22 Eris Discordia <discord@xxxxxxxxxxx>
sub 2048R/29472784 2013-03-22
$
The patch should work as posted, though I have only tested the new
keyring by hand as shown above.
It feels a bit hacky, and I wish I knew more about why the current file
doesn't work (i.e., if we did "gpg --export-secret-keys" with v1.2.6,
would it produce different output that can be read by both versions?).
I grabbed the binary keyrings from 1e3eefb^ and pointed gpg 1.2.6 at them.
$ gpg --homedir "$GNUPGHOME" --armor --export-secret-keys CDDE430D >
CDDE430D.secret.key
$ gpg --homedir "$PWD/gpghome3" --import CDDE430D.secret.key
gpg: keyring `/home/tgc/gpghome3/secring.gpg' created
gpg: keyring `/home/tgc/gpghome3/pubring.gpg' created
gpg: key CDDE430D: secret key imported
gpg: Total number processed: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
$ gpg --homedir "$PWD/gpghome3" --list-keys
$
No public key imported however the pubkey *was* exported to
CDDE430D.secret.key
Importing that same keyfile using gnupg 1.4.5 on an RHEL5 host:
$ gpg --homedir "$PWD/gpghome" --import /tmp/CDDE430D.secret.key
gpg: keyring `/home/tgc/gpghome/secring.gpg' created
gpg: keyring `/home/tgc/gpghome/pubring.gpg' created
gpg: key CDDE430D: secret key imported
gpg: /home/tgc/gpghome/trustdb.gpg: trustdb created
gpg: key CDDE430D: public key "C O Mitter <committer@xxxxxxxxxxx>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
$ gpg --homedir "/home/tgc/gpghome" --list-keys
/home/tgc/gpghome/pubring.gpg
-----------------------------
pub 1024D/CDDE430D 2007-06-07
uid C O Mitter <committer@xxxxxxxxxxx>
sub 2048g/7703B0E5 2007-06-07
$
So gnupg 1.2.6 can export fine but cannot correctly import the same.
Another option is to just declare that version old and broken, and skip
the tests (either by checking its version, or just checking after we
import the keys that we can actually _use_ them).
That would seem a bit heavy-handed as it is otherwise working fine with
the old gnupg.
<snip patch>
-tgc
--
Tom G. Christensen - Systemmedarbejder - IT-drift
Statsbiblioteket - Victor Albecks Vej 1 - 8000 Aarhus C
Tlf: (+45) 8946 2027 - Fax: (+45) 8946 2029
CVR/SE: 10100682 - EAN: 5798000791084
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html