Re: All gnupg tests broken on el4 [Re: [ANNOUNCE] Git v2.3.0-rc2]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 29/01/15 16:43, Jeff King wrote:
Weird. The pubkeys are there in keyring.gpg; I wonder why the older
version of gpg has trouble extracting them (and how one was _supposed_
to export secret keys at that time).


Importing the unmodified keyring.gpg with 1.2.6 yields this:
$ gpg --homedir "$GNUPGHOME" --import /tmp/keyring.gpg
gpg: keyring `/home/tgc/gpghome/secring.gpg' created
gpg: keyring `/home/tgc/gpghome/pubring.gpg' created
gpg: key CDDE430D: secret key imported
gpg: key B7227189: secret key imported
gpg: Total number processed: 2
gpg:       secret keys read: 2
gpg:   secret keys imported: 2
$ gpg --homedir "$GNUPGHOME" --list-keys
$ gpg --homedir "$GNUPGHOME" --list-secret-keys
/home/tgc/gpghome/secring.gpg
-----------------------------
sec  1024D/CDDE430D 2007-06-07 C O Mitter <committer@xxxxxxxxxxx>
ssb  2048g/7703B0E5 2007-06-07

sec  2048R/B7227189 2013-03-22 Eris Discordia <discord@xxxxxxxxxxx>
ssb  2048R/29472784 2013-03-22
$

So if I understand you correctly, the tests should pass with the patch
below?


Yes, adding the pubkeys as a separate entity makes gpg 1.2.6 understand things fine.

gnupg 1.2.6 with the patched keyring:
$ gpg --homedir "$GNUPGHOME" --import /tmp/keyring.gpg
gpg: keyring `/home/tgc/gpghome/secring.gpg' created
gpg: keyring `/home/tgc/gpghome/pubring.gpg' created
gpg: key CDDE430D: secret key imported
gpg: key B7227189: secret key imported
gpg: /home/tgc/gpghome/trustdb.gpg: trustdb created
gpg: key CDDE430D: public key "C O Mitter <committer@xxxxxxxxxxx>" imported
gpg: key B7227189: public key "Eris Discordia <discord@xxxxxxxxxxx>" imported
gpg: Total number processed: 4
gpg:               imported: 2  (RSA: 1)
gpg:       secret keys read: 2
gpg:   secret keys imported: 2
$ gpg --homedir "$GNUPGHOME" --list-keys
/home/tgc/gpghome/pubring.gpg
-----------------------------
pub  1024D/CDDE430D 2007-06-07 C O Mitter <committer@xxxxxxxxxxx>
sub  2048g/7703B0E5 2007-06-07

pub  2048R/B7227189 2013-03-22 Eris Discordia <discord@xxxxxxxxxxx>
sub  2048R/29472784 2013-03-22
$

The patch should work as posted, though I have only tested the new keyring by hand as shown above.

It feels a bit hacky, and I wish I knew more about why the current file
doesn't work (i.e., if we did "gpg --export-secret-keys" with v1.2.6,
would it produce different output that can be read by both versions?).

I grabbed the binary keyrings from 1e3eefb^ and pointed gpg 1.2.6 at them.

$ gpg --homedir "$GNUPGHOME" --armor --export-secret-keys CDDE430D > CDDE430D.secret.key
$ gpg --homedir "$PWD/gpghome3" --import CDDE430D.secret.key
gpg: keyring `/home/tgc/gpghome3/secring.gpg' created
gpg: keyring `/home/tgc/gpghome3/pubring.gpg' created
gpg: key CDDE430D: secret key imported
gpg: Total number processed: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1
$ gpg --homedir "$PWD/gpghome3" --list-keys
$

No public key imported however the pubkey *was* exported to CDDE430D.secret.key

Importing that same keyfile using gnupg 1.4.5 on an RHEL5 host:
$ gpg --homedir "$PWD/gpghome" --import /tmp/CDDE430D.secret.key
gpg: keyring `/home/tgc/gpghome/secring.gpg' created
gpg: keyring `/home/tgc/gpghome/pubring.gpg' created
gpg: key CDDE430D: secret key imported
gpg: /home/tgc/gpghome/trustdb.gpg: trustdb created
gpg: key CDDE430D: public key "C O Mitter <committer@xxxxxxxxxxx>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1
$ gpg --homedir "/home/tgc/gpghome" --list-keys
/home/tgc/gpghome/pubring.gpg
-----------------------------
pub   1024D/CDDE430D 2007-06-07
uid                  C O Mitter <committer@xxxxxxxxxxx>
sub   2048g/7703B0E5 2007-06-07
$

So gnupg 1.2.6 can export fine but cannot correctly import the same.

Another option is to just declare that version old and broken, and skip
the tests (either by checking its version, or just checking after we
import the keys that we can actually _use_ them).

That would seem a bit heavy-handed as it is otherwise working fine with the old gnupg.

<snip patch>

-tgc


--
Tom G. Christensen - Systemmedarbejder - IT-drift
Statsbiblioteket - Victor Albecks Vej 1 - 8000 Aarhus C
Tlf: (+45) 8946 2027 - Fax: (+45) 8946 2029
CVR/SE: 10100682 - EAN: 5798000791084
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]