[pkg-gnupg-maint] Bug#928894: Bug#928894: custom keyring is not honoured
Toni Mueller
toni at debian.org
Mon May 13 01:01:57 BST 2019
Hi Daniel,
On Sun, May 12, 2019 at 06:52:17PM -0400, Daniel Kahn Gillmor wrote:
> I'm not sure that this demonstrates what you're describing.
>
> Here is a run with gpg 2.2.15-1 that demonstrates the key being fetched
> into the extra keyring:
>
> 0 dkg at alice:/tmp/cdtemp.AhkyjS$ export GNUPGHOME=$(pwd)
I did not do this. This variable is unset in my environment.
> 0 dkg at alice:/tmp/cdtemp.AhkyjS$ touch $(pwd)/extra.gpg
> 0 dkg at alice:/tmp/cdtemp.AhkyjS$ gpg --no-default-keyring --keyring $(pwd)/extra.gpg --recv-keys CC64B1DB67ABBEECAB24B6455FC346329753F4B0
> gpg: key 2D9AE806EC1592E2: 6 signatures not checked due to missing keys
> gpg: /tmp/cdtemp.AhkyjS/trustdb.gpg: trustdb created
> gpg: key 2D9AE806EC1592E2: public key "Teabot <teabot at gitea.io>" imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg: imported: 1
> 0 dkg at alice:/tmp/cdtemp.AhkyjS$ gpg --list-options show-keyring -k teabot at gitea.io
> gpg: keybox '/tmp/cdtemp.AhkyjS/pubring.kbx' created
> gpg: error reading key: No public key
> 2 dkg at alice:/tmp/cdtemp.AhkyjS$ ls -la
> total 24
> drwx------ 4 dkg dkg 160 May 12 18:48 .
> drwxrwxrwt 28 root root 1420 May 12 18:47 ..
> drwx------ 2 dkg dkg 60 May 12 18:48 crls.d
> -rw-r--r-- 1 dkg dkg 6467 May 12 18:48 extra.gpg
> -rw-r--r-- 1 dkg dkg 6467 May 12 18:48 extra.gpg~
> drwx------ 2 dkg dkg 40 May 12 18:48 private-keys-v1.d
> -rw------- 1 dkg dkg 32 May 12 18:48 pubring.kbx
> -rw------- 1 dkg dkg 1200 May 12 18:48 trustdb.gpg
> 0 dkg at alice:/tmp/cdtemp.AhkyjS$
Your experiment only shows that the key did *not* end
up in /tmp/cdtemp.AhkyjS/pubring.kbx. Otherwise, the "gpg -k" above
should have listed it, instead of saying "No public key".
> perhaps the teabot key was already in your default keyring before you
> run the --recv-keys operation? that would certainly explain the
> behavior that you're seeing.
No, it does not. If a key is already there, it would not say
"imported: 1". And since it said "imported: 1" for you, I challenge you
to find the location of that key, because it is obviously not in your
temporary keyring.
For what it's worth, here's another run, setting GNUPGHOME:
$ touch ~/mnt/tools/gitea-keys.gpg
$ GNUPGHOME=`/bin/pwd`
$ echo ${GNUPGHOME}
/home/toni/mnt/tools
$ gpg --list-options show-keyring -k teabot at gitea.io
gpg: please do a --check-trustdb
gpg: error reading key: No public key
$ gpg --keyring ~/mnt/tools/gitea-keys.gpg --list-options show-keyring -k teabot at gitea.io
gpg: please do a --check-trustdb
gpg: error reading key: No public key
$ gpg --keyring ~/mnt/tools/gitea-keys.gpg --no-default-keyring --recv-keys CC64B1DB67ABBEECAB24B6455FC346329753F4B0
gpg: key 0x2D9AE806EC1592E2: 6 signatures not checked due to missing keys
gpg: key 0x2D9AE806EC1592E2: public key "Teabot <teabot at gitea.io>" imported
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --keyring ~/mnt/tools/gitea-keys.gpg --no-default-keyring --recv-keys CC64B1DB67ABBEECAB24B6455FC346329753F4B0
gpg: key 0x2D9AE806EC1592E2: 6 signatures not checked due to missing keys
gpg: key 0x2D9AE806EC1592E2: "Teabot <teabot at gitea.io>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
$ gpg --keyring ~/mnt/tools/gitea-keys.gpg --list-options show-keyring -k teabot at gitea.io
gpg: please do a --check-trustdb
Keyring: /home/toni/.gnupg/pubring.gpg
--------------------------------------
pub rsa4096/0x2D9AE806EC1592E2 2018-06-24 [SC] [expires: 2020-06-23]
7C9E68152594688862D62AF62D9AE806EC1592E2
uid [ unknown] Teabot <teabot at gitea.io>
sub rsa4096/0x1FBE01D7CBADB9A0 2018-06-24 [E] [expires: 2020-06-23]
sub rsa4096/0x5FC346329753F4B0 2018-06-24 [S] [expires: 2019-06-24]
$ l `/bin/pwd`/gitea-keys.gpg
-rw-r----- 1 toni toni 0 May 13 00:55 /home/toni/mnt/tools/gitea-keys.gpg
$
Enjoy,
Toni
More information about the pkg-gnupg-maint
mailing list