Bug#540165: marked as done ([caff] Use of local-user keyids not listed as keyids in ~/.caffrc should display a warning.)

[Debian Bug Tracking System]

Your message dated Thu, 08 Oct 2009 18:49:03 +0000
with message-id <e1mvy2x-0004xq...@ries.debian.org>
and subject line Bug#540165: fixed in signing-party 1.1.2-1
has caused the Debian Bug report #540165,
regarding [caff] Use of local-user keyids not listed as keyids in ~/.caffrc 
should display a warning.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
540165: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540165
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: signing-party
Version: 1.1.1-1
Severity: normal
File: /usr/bin/caff

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, passing two key ids to caff via -u did not work. It called gpg for
each key to sign, as expected, but the resulting mails only contained
the signatures of the first key:

$ caff -u 4743206C,F0FBF51F --key-file debconf9-before.gpg B12525C4
[INFO] Importing key F628EB934743206C from your normal GnuPGHome.
[INFO] Importing keys from debconf9-before.gpg
[INFO] fetching keys, this will take a while...
[INFO] Sign the following keys according to your policy, then exit gpg with 
'save' after signing each key
gpg --local-user 4743206C --homedir=/home/jojo/.caff/gnupghome --secret-keyring 
/home/jojo/.gnupg/secring.gpg --no-auto-check-trustdb --trust-model=always 
--edit FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4 sign
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  4096R/B12525C4  erzeugt: 2009-05-10  verfällt: niemals     Aufruf: SC  
sub  4096R/E075ECFF  erzeugt: 2009-05-10  verfällt: niemals     Aufruf: E   
[  unbek.] (1). Joerg Jaspert <jo...@spi-inc.org>
[  unbek.] (2)  Joerg Jaspert <jo...@debian.org>
[  unbek.] (3)  Joerg Jaspert <jo...@ganneff.de>
[  unbek.] (4)  Joerg Jaspert <jo...@debconf.org>

Wirklich alle User-IDs beglaubigen? y

pub  4096R/B12525C4  erzeugt: 2009-05-10  verfällt: niemals     Aufruf: SC  
 Haupt-Fingerabdruck  = FBFA BDB5 41B5 DC95 5BD9  BA6E DB16 CF5B B125 25C4

     Joerg Jaspert <jo...@spi-inc.org>
     Joerg Jaspert <jo...@debian.org>
     Joerg Jaspert <jo...@ganneff.de>
     Joerg Jaspert <jo...@debconf.org>

Sind Sie wirklich sicher, daß Sie vorstehenden Schlüssel mit Ihrem
Schlüssel "Joachim Breitner <m...@joachim-breitner.de>" (4743206C) beglaubigen 
wollen

Wirklich unterschreiben? (j/N) j

Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.
Benutzer: "Joachim Breitner <m...@joachim-breitner.de>"
1024-Bit DSA Schlüssel, ID 4743206C, erzeugt 2002-08-27


Befehl> save
gpg --local-user F0FBF51F --homedir=/home/jojo/.caff/gnupghome --secret-keyring 
/home/jojo/.gnupg/secring.gpg --no-auto-check-trustdb --trust-model=always 
--edit FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4 sign
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  4096R/B12525C4  erzeugt: 2009-05-10  verfällt: niemals     Aufruf: SC  
sub  4096R/E075ECFF  erzeugt: 2009-05-10  verfällt: niemals     Aufruf: E   
[  unbek.] (1). Joerg Jaspert <jo...@spi-inc.org>
[  unbek.] (2)  Joerg Jaspert <jo...@debian.org>
[  unbek.] (3)  Joerg Jaspert <jo...@ganneff.de>
[  unbek.] (4)  Joerg Jaspert <jo...@debconf.org>

Wirklich alle User-IDs beglaubigen? y

pub  4096R/B12525C4  erzeugt: 2009-05-10  verfällt: niemals     Aufruf: SC  
 Haupt-Fingerabdruck  = FBFA BDB5 41B5 DC95 5BD9  BA6E DB16 CF5B B125 25C4

     Joerg Jaspert <jo...@spi-inc.org>
     Joerg Jaspert <jo...@debian.org>
     Joerg Jaspert <jo...@ganneff.de>
     Joerg Jaspert <jo...@debconf.org>

Sind Sie wirklich sicher, daß Sie vorstehenden Schlüssel mit Ihrem
Schlüssel "Joachim Breitner <m...@joachim-breitner.de>" (F0FBF51F) beglaubigen 
wollen

Wirklich unterschreiben? (j/N) y

Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.
Benutzer: "Joachim Breitner <m...@joachim-breitner.de>"
4096-Bit RSA Schlüssel, ID F0FBF51F, erzeugt 2009-07-10


Befehl> save
[INFO] DB16CF5BB12525C4 1 Joerg Jaspert <jo...@spi-inc.org> done.
[INFO] DB16CF5BB12525C4 2 Joerg Jaspert <jo...@debian.org> done.
[INFO] DB16CF5BB12525C4 3 Joerg Jaspert <jo...@ganneff.de> done.
[INFO] DB16CF5BB12525C4 4 Joerg Jaspert <jo...@debconf.org> done.
[INFO] key FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4 done.
Mail signature for Joerg Jaspert <jo...@spi-inc.org> to 'jo...@spi-inc.org'? 
[Y/n] 
Mail signature for Joerg Jaspert <jo...@debian.org> to 'jo...@debian.org'? 
[Y/n] 
Mail signature for Joerg Jaspert <jo...@ganneff.de> to 'jo...@ganneff.de'? 
[Y/n] 
Mail signature for Joerg Jaspert <jo...@debconf.org> to 'jo...@debconf.org'? 
[Y/n] 


But:

$ cd ~/.caff/keys/2009-08-06
$ gpg --no-default-keyring --keyring /tmp/keyring --import 
DB16CF5BB12525C4.key.1.Joerg\ Jaspert\ \<joe...@spi-inc.org\>.asc 
gpg: Schlüsselbund `/tmp/keyring' erstellt
gpg: Schlüssel B12525C4: Öffentlicher Schlüssel "Joerg Jaspert 
<jo...@spi-inc.org>" importiert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:                              importiert: 1  (RSA: 1)
$ gpg --no-default-keyring --keyring /tmp/keyring --list-sigs
gpg: Bitte ein --check-trustdb durchführen
/tmp/keyring
- ------------
pub   4096R/B12525C4 2009-05-10
uid                  Joerg Jaspert <jo...@spi-inc.org>
sig 3   P    B12525C4 2009-05-10  Joerg Jaspert <jo...@spi-inc.org>
sig          4743206C 2009-08-06  [User-ID nicht gefunden]


Greetings,
Joachim


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp6rrYACgkQ9ijrk0dDIGxkEgCgkI+mNkI4GaYGO3el1Ol1wdg9
TXsAoLmy2xqjwLwDGejOkJWI3RiJbE82
=Iro4
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: signing-party
Source-Version: 1.1.2-1

We believe that the bug you reported is fixed in the latest version of
signing-party, which is due to be installed in the Debian FTP archive:

keyanalyze_1.1.2-1_all.deb
  to pool/main/s/signing-party/keyanalyze_1.1.2-1_all.deb
signing-party_1.1.2-1.diff.gz
  to pool/main/s/signing-party/signing-party_1.1.2-1.diff.gz
signing-party_1.1.2-1.dsc
  to pool/main/s/signing-party/signing-party_1.1.2-1.dsc
signing-party_1.1.2-1_i386.deb
  to pool/main/s/signing-party/signing-party_1.1.2-1_i386.deb
signing-party_1.1.2.orig.tar.gz
  to pool/main/s/signing-party/signing-party_1.1.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 540...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Franck Joncourt <franck.m...@dthconnex.com> (supplier of updated signing-party 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 24 Sep 2009 19:29:07 +0200
Source: signing-party
Binary: signing-party keyanalyze
Architecture: source i386 all
Version: 1.1.2-1
Distribution: unstable
Urgency: low
Maintainer: Thijs Kinkhorst <th...@debian.org>
Changed-By: Franck Joncourt <franck.m...@dthconnex.com>
Description: 
 keyanalyze - transitional package to pull in signing-party
 signing-party - Various OpenPGP related tools
Closes: 533747 540165 542478 545186
Changes: 
 signing-party (1.1.2-1) unstable; urgency=low
 .
   * gpgsigs:
     + Added patch from Roland Rosenfeld to support RIPEMD160 checksum.
       (Closes: #533747).
     + Updated man page to mention support for SHA256 and RIPEMD160 checksum.
     + Made removal of nonexistent photos quiet by the use of the force option.
     + Updated generated tex file in latex mode so that it uses the grffile
       package. This allows pdflatex to process our tex file assuming the photos
       are previously converted to PDF. (Closes: #542478)
     + Added texlive-latex-recommended as a suggested package in debian/control.
       It contains the grffile latex package.
   * caff: Updated check for the local-user keyids.
     + Moved the current check to a new function get_local_user_keys().
     + Warned the user if a local-user keyid is not listed as a keyid in
       ./caffrc. (Closes: #540165).
   * gpgdir: New upstream release.
   * gpg-mailkeys:
     + The charset for the text of the message is deduced from the charset used
       by ~/.gpg-mailkeysrc and ~/.signature.
       The text message is encoded in quoted printable and thus it requires a
       new dependency on qprint in debian/control. (Closes: #545186)
     + Mentionned both the .gpg-mailkeysrc and .signature files in the manpage.
   * debian.control: added ${misc:Depends} as Depends for the keyanalyze
     package.
   * Bumped Standards-Version up to 3.8.3 (no changes).
Checksums-Sha1: 
 40ca7818a39cb01e1fa832769971106c59a72515 1611 signing-party_1.1.2-1.dsc
 353a260510c7c12df80441145a85db8d93574291 223410 signing-party_1.1.2.orig.tar.gz
 b589a2d1afb2b79d507f49c30a5029ffa1a19eb9 12950 signing-party_1.1.2-1.diff.gz
 a159c11947ca1ee3157b80dda8a1f013158cd6c8 158552 signing-party_1.1.2-1_i386.deb
 a21af4023a7a3eded8877935f79b3876158569a7 9966 keyanalyze_1.1.2-1_all.deb
Checksums-Sha256: 
 e4a16d601bd44aeb619f3f49a5ca56ee9a51139ae8efb67e0719bfbae6689504 1611 
signing-party_1.1.2-1.dsc
 fc1fa51bd7499bcb23efbbd6e990b4604b2ead3a8fee432d13c9480b155a0f74 223410 
signing-party_1.1.2.orig.tar.gz
 e665bac06edfe8adfecfbe1834b77c253779096459e915ce73c2fff4e21e3f89 12950 
signing-party_1.1.2-1.diff.gz
 cc85ece347adad6e60a52e5b5cf58c3cd1814021abf6995a9a42aea9a6ce1cac 158552 
signing-party_1.1.2-1_i386.deb
 cdc7741cecf6c43e094684bd5b9ddbd6ec0a4f39ce353d70c2f0a0b68471e285 9966 
keyanalyze_1.1.2-1_all.deb
Files: 
 6a57686b0803b9f4227677868c34569e 1611 misc extra signing-party_1.1.2-1.dsc
 0e67bd43e3db40a6f002b98e9e5f3604 223410 misc extra 
signing-party_1.1.2.orig.tar.gz
 29e9848879828e15da1fe54dbf9127dc 12950 misc extra signing-party_1.1.2-1.diff.gz
 34a1ab104df3be0441cad2d1a44c1d96 158552 misc extra 
signing-party_1.1.2-1_i386.deb
 aabe6c30834605a7a9b02ff84f537c52 9966 utils optional keyanalyze_1.1.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJKzjAIAAoJECIIoQCMVaAccYsH/iTZkhuvB1Fw76DdqknrI7JP
vKiOu8dvGSinbnE0bi8nZUkkYb/5OkAdJ5LEolrs7KyEpwzVcyoSV/ZfFQKUIhg+
e2Ao2N9uj7MfonVDKB5erAneWQdLuuNJkbyGqThjwEFPFYEcCl+8rIyy+xBc5+Yl
mWc6/CgiRMrH6eGzW+9bJXiBrlEU17xvkhu5TbzCPlaRcL6iO0C8im4KMPbnbthC
ZjRCnwMBn7ytShdL1dptz95tlw5PS3mOnRtj+ZIJxgumGl8FDkHJ0cDuLUyNb4I7
NQAFXcY2Uj9ctzArVgdOiyqHQADFXUJducic7BB/8yYTdQl0frqDV01JPCA1Gqs=
=P8KN
-----END PGP SIGNATURE-----

--- End Message ---