[pkg-gnupg-maint] Bug#928894: Bug#928894: custom keyring is not honoured
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun May 12 23:52:17 BST 2019
Control: tags 928894 + moreinfo
Hi Toni--
On Sun 2019-05-12 19:46:45 +0100, Toni wrote:
> --recv-keys does not seem to honour the keyring options, so the received
> key ends up in the wrong keyring:
>
> $ touch ~/mnt/tools/gitea-keys.gpg
> $ gpg --no-default-keyring --keyring ~/mnt/tools/gitea-keys.gpg --recv-keys CC64B1DB67ABBEECAB24B6455FC346329753F4B0
> gpg: key 0x2D9AE806EC1592E2: 6 signatures not checked due to missing keys
> gpg: key 0x2D9AE806EC1592E2: public key "Teabot <teabot at gitea.io>" imported
> gpg: Total number processed: 1
> gpg: imported: 1
> $ gpg --list-options show-keyring -k teabot at gitea.io
> gpg: please do a --check-trustdb
> Keyring: /home/toni/.gnupg/pubring.gpg
> --------------------------------------
> pub rsa4096/0x2D9AE806EC1592E2 2018-06-24 [SC] [expires: 2020-06-23]
> 7C9E68152594688862D62AF62D9AE806EC1592E2
> uid [ unknown] Teabot <teabot at gitea.io>
> sub rsa4096/0x1FBE01D7CBADB9A0 2018-06-24 [E] [expires: 2020-06-23]
> sub rsa4096/0x5FC346329753F4B0 2018-06-24 [S] [expires: 2019-06-24]
I'm not sure that this demonstrates what you're describing.
Here is a run with gpg 2.2.15-1 that demonstrates the key being fetched
into the extra keyring:
0 dkg at alice:/tmp/cdtemp.AhkyjS$ export GNUPGHOME=$(pwd)
0 dkg at alice:/tmp/cdtemp.AhkyjS$ touch $(pwd)/extra.gpg
0 dkg at alice:/tmp/cdtemp.AhkyjS$ gpg --no-default-keyring --keyring $(pwd)/extra.gpg --recv-keys CC64B1DB67ABBEECAB24B6455FC346329753F4B0
gpg: key 2D9AE806EC1592E2: 6 signatures not checked due to missing keys
gpg: /tmp/cdtemp.AhkyjS/trustdb.gpg: trustdb created
gpg: key 2D9AE806EC1592E2: public key "Teabot <teabot at gitea.io>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
0 dkg at alice:/tmp/cdtemp.AhkyjS$ gpg --list-options show-keyring -k teabot at gitea.io
gpg: keybox '/tmp/cdtemp.AhkyjS/pubring.kbx' created
gpg: error reading key: No public key
2 dkg at alice:/tmp/cdtemp.AhkyjS$ ls -la
total 24
drwx------ 4 dkg dkg 160 May 12 18:48 .
drwxrwxrwt 28 root root 1420 May 12 18:47 ..
drwx------ 2 dkg dkg 60 May 12 18:48 crls.d
-rw-r--r-- 1 dkg dkg 6467 May 12 18:48 extra.gpg
-rw-r--r-- 1 dkg dkg 6467 May 12 18:48 extra.gpg~
drwx------ 2 dkg dkg 40 May 12 18:48 private-keys-v1.d
-rw------- 1 dkg dkg 32 May 12 18:48 pubring.kbx
-rw------- 1 dkg dkg 1200 May 12 18:48 trustdb.gpg
0 dkg at alice:/tmp/cdtemp.AhkyjS$
perhaps the teabot key was already in your default keyring before you
run the --recv-keys operation? that would certainly explain the
behavior that you're seeing.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190512/568a4324/attachment.sig>
More information about the pkg-gnupg-maint
mailing list