[pkg-gnupg-maint] Bug#854829: Bug#854829: gnupg: tofu-default-policy ask -> Assertion "conflict_set" in get_trust failed

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Feb 14 00:42:29 UTC 2017


Control: tags 854829 + moreinfo

On Sat 2017-02-11 01:07:42 -0500, Teemu Likonen wrote:
> Benedikt Wildenhain [2017-02-10 22:34:29+01] wrote:
>
>> setting "tofu-default-policy ask" in gnupg.conf causes gnupg to crash
>> when using the --fingerprint command under certain circumstances:
>>
>> $ gpg --fingerprint
>> gpg: Ohhhh jeeee: Assertion "conflict_set" in get_trust failed (../../g10/tofu.c:2780)
>> Aborted
>>
>> $ gpg --fingerprint  o at b
>> gpg: Ohhhh jeeee: Assertion "conflict_set" in get_trust failed (../../g10/tofu.c:2780)
>> Aborted
>
> Confirmed on gnupg 2.1.18-3:
>
>     $ gpg --tofu-default-policy ask --fingerprint
>     gpg: Ohhhh jeeee: Assertion "conflict_set" in get_trust failed (../../g10/tofu.c:2780)

Can you try to replicate this with 2.1.18-5 or 2.1.18-6 ?

I'm unable to replicate it on 2.1.18-4, which makes me think it's been
solved by one of the backported patches from upstream, but it's possible
that this is related to details about what's in your pubring and the
state of your tofudb as well.

If you are able to replicate it with a newer version of the gnupg
package, can i ask you to try to replicate it starting from an empty
$GNUPGHOME?  if it doesn't fail with an empty GNUPGHOME, is there some
particular combination of public or secret keys that you can import into
that home to trigger the failure?

here's me testing it with an empty $GNUPGHOME:

  $ export GNUPGHOME=$(mktemp -d)
  $ gpg --tofu-default-policy ask --fingerprint
  gpg: keybox '/tmp/tmp.eoTzFO/pubring.kbx' created
  gpg: /tmp/tmp.eoTzFO/trustdb.gpg: trustdb created
  $ gpg --tofu-default-policy ask --fingerprint
  $

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170213/db3032bf/attachment.sig>


More information about the pkg-gnupg-maint mailing list