Package: gnupg2 Version: 2.1.4-2 Severity: normal Hi,
while continuing my work on gpg2-proofing apt-key (and hence apt) I noticed that the 2.1 branch (2.0 isn't effected) currently in experimental can't import (even if it has nothing to do) from a gpg2 created keyring, if the target is a gpg1 created one. Consider the following example: | ~$ export LANG=C.UTF-8 | ~$ export GNUPGHOME="/tmp/gpg2to1" | ~$ mkdir $GNUPGHOME; cd $GNUPGHOME | /tmp/gpg2to1$ gpg --no-options --no-default-keyring --keyring ~/.gnupg/pubring.gpg --export 76B9B739 | gpg --no-options --no-default-keyring --keyring ./gpg1.ring --import | gpg: WARNING: unsafe permissions on homedir `/tmp/gpg2to1' | gpg: WARNING: unsafe permissions on homedir `/tmp/gpg2to1' | gpg: keyring `/tmp/gpg2to1/secring.gpg' created | gpg: keyring `./gpg1.ring' created | gpg: /tmp/gpg2to1/trustdb.gpg: trustdb created | gpg: key 76B9B739: public key "David Kalnischkies <[email protected]>" imported | gpg: Total number processed: 1 | gpg: imported: 1 (RSA: 1) | gpg: no ultimately trusted keys found | /tmp/gpg2to1$ gpg2 --no-options --no-default-keyring --keyring ~/.gnupg/pubring.gpg --export 76B9B739 | gpg2 --no-options --no-default-keyring --keyring ./gpg2.ring --import | gpg: WARNING: unsafe permissions on homedir '/tmp/gpg2to1' | gpg: WARNING: unsafe permissions on homedir '/tmp/gpg2to1' | gpg: keybox './gpg2.ring' created | gpg: starting migration from earlier GnuPG versions | gpg: porting secret keys from '/tmp/gpg2to1/secring.gpg' to gpg-agent | gpg: migration succeeded | gpg: key 76B9B739: public key "David Kalnischkies <[email protected]>" imported | gpg: Total number processed: 1 | gpg: imported: 1 | gpg: no ultimately trusted keys found | /tmp/gpg2to1$ gpg2 --no-options --no-default-keyring --keyring gpg1.ring --import gpg2.ring | gpg: WARNING: unsafe permissions on homedir '/tmp/gpg2to1' | gpg: no valid OpenPGP data found. | gpg: Total number processed: 0 (exits with code 2 btw) Importing gpg1.ring into gpg2.ring works. As does --export | --import: | /tmp/gpg2to1$ gpg2 --no-options --no-default-keyring --keyring gpg2.ring --export | gpg2 --no-options --no-default-keyring --keyring gpg1.ring --import | gpg: WARNING: unsafe permissions on homedir '/tmp/gpg2to1' | gpg: WARNING: unsafe permissions on homedir '/tmp/gpg2to1' | gpg: key 76B9B739: "David Kalnischkies <[email protected]>" not changed | gpg: Total number processed: 1 | gpg: unchanged: 1 This is the same error as printed if I s#gpg2#gpg# btw which is kinda expected, but it would be handy if gpg could deal with gpg2 keyrings – especially as the gpg1.ring into gpg2.ring generates some very interesting output if done by gpg. If that would work (or at least reliably fail with a good message) this might even help your planed transition… Background information: apt tries to sidestep the existing 40 --keyring (and threatened 1 --keyring) limit by first merging all its fragmented key(ring)s shipped by *-archive-keyring packages (and hence might be created by other gpg versions) into one big keyring which is then used as keyring for whatever action is actually supposed to happen. This is all fine and dandy for read-only operations as most of apt-key operations are, but you can also add/remove/update keys and that is where it gets complicated as these actions apply on our big merged keyring and have to be split up and applied to the fragmented keys instead. Add and remove are simple list comparisons, but updated keys (new signatures or expire dates) are dealt with by "--import-options merge-only --import big.ring" and that is what fails here – even through it will be a glorified no-op 99,9% of the time in apt-key. Best regards David Kalnischkies Versions of packages gnupg2 depends on: ii dpkg 1.18.1 ii gnupg-agent 2.1.4-2 ii install-info 6.0.0.dfsg.1-2 ii libassuan0 2.2.1-1 ii libbz2-1.0 1.0.6-8 ii libc6 2.19-18 ii libgcrypt20 1.6.3-2 ii libgpg-error0 1.19-2 ii libksba8 1.3.3-1 ii libreadline6 6.3-8+b3 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages gnupg2 recommends: ii dirmngr 2.1.4-2
signature.asc
Description: Digital signature
