On 2016-09-01 16:11:03, Antoine Beaupré wrote:
> On 2016-09-01 15:28:10, Daniel Kahn Gillmor wrote:
>>> Or should we copy all secret key material to the temporary keyring and
>>> let gpg deal with it its own way?
>>
>> yuck, i really don't like copying secret key material if we can avoid
>> it.
>
> we do copy the first secret key right now. it felt better than operating
> directly on the main keyring.
actually, this is incorrect: we use --secret-keyring to access the real
keyring.
note, btw, that this may mean monkeysign will fail in weird ways with
gpg 2.1, because we explicitely use secring.gpg... not sure how to
handle this better.
we do look at the secret keys to find the first working one, and then
export the *public* part of that key to the temporary keyring. maybe
this is the part that fails, because then default-key cannot find the
public part of the key we have chosen.
in this case, the fix would be to copy *all* public parts of *all* the
secret keys we have, regardless of whether it's the chosen one.
a.
--
Seul a un caractère scientifique ce qui peut être réfuté. Ce qui n'est
pas réfutable relève de la magie ou de la mystique.
- Karl Popper
