[pkg-gnupg-maint] Bug#1095451: gpg: for new users, gpg fails to do anything without keyboxd installed

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Feb 8 03:25:14 GMT 2025 

Package: gpg
Version: 2.4.7-3
Severity: normal

The 2.4 series of GnuPG introduces keyboxd, but doesn't force migration
to it for existing users.

For new users, however, running without an explicitly set $GNUPGHOME,
/usr/bin/gpg creates ~/.gnupg and populates it with a single file,
common.conf, which contains a single line:

    use-keyboxd

This means that while an existing user of gpg can upgrade to gpg 2.4.x
and see things mostly work, a new user who has avoided installing the
keyboxd package (e.g, by installing "gpg" but not "gnupg") will see the
following kind of misbehavior:


```
0 dkg at bob:~$ gpg --import < /usr/share/keyrings/debian-archive-keyring.gpg 
gpg: directory '/home/dkg/.gnupg' created
gpg: error running '/usr/lib/gnupg/keyboxd': probably not installed
gpg: failed to start keyboxd '/usr/lib/gnupg/keyboxd': Configuration error
gpg: can't connect to the keyboxd: Configuration error
gpg: error opening key DB: No Keybox daemon running
gpg: error running '/usr/lib/gnupg/keyboxd': probably not installed
gpg: failed to start keyboxd '/usr/lib/gnupg/keyboxd': Configuration error
gpg: can't connect to the keyboxd: Configuration error
gpg: error opening key DB: No Keybox daemon running
gpg: key DCC9EFBF77E11517: 2 signatures not checked due to missing keys
gpg: error running '/usr/lib/gnupg/keyboxd': probably not installed
gpg: failed to start keyboxd '/usr/lib/gnupg/keyboxd': Configuration error
gpg: can't connect to the keyboxd: Configuration error
gpg: error opening key DB: No Keybox daemon running
gpg: key DCC9EFBF77E11517: public key not found: Input/output error
gpg: error reading '[stdin]': Input/output error
gpg: import from '[stdin]' failed: Input/output error
gpg: Total number processed: 0
2 dkg at bob:~$
```

I'm not sure what the right solution is here; perhaps the simplest thing
would be to just ship the keyboxd binary (and socket activation, etc)
directly in the gpg package, and have that package Provides: keyboxd.

         --dkg


-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.6-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gpg depends on:
ii  gpgconf          2.4.7-3
ii  libassuan9       3.0.1-2
ii  libbz2-1.0       1.0.8-6
ii  libc6            2.40-6
ii  libgcrypt20      1.11.0-7
ii  libgpg-error0    1.51-3
ii  libnpth0t64      1.8-2
ii  libreadline8t64  8.2-6
ii  libsqlite3-0     3.46.1-1
ii  zlib1g           1:1.3.dfsg+really1.3.1-1+b1

Versions of packages gpg recommends:
ii  gnupg  2.4.7-3

gpg suggests no packages.

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20250207/97574d0b/attachment.sig>

More information about the pkg-gnupg-maint mailing list