Bug#928894: [pkg-gnupg-maint] Bug#928894: custom keyring is not honoured

[Daniel Kahn Gillmor]

Control: tags 928894 + moreinfo

Hi Toni--

On Sun 2019-05-12 19:46:45 +0100, Toni wrote:
> --recv-keys does not seem to honour the keyring options, so the received
> key ends up in the wrong keyring:
>
> $ touch ~/mnt/tools/gitea-keys.gpg
> $ gpg  --no-default-keyring  --keyring ~/mnt/tools/gitea-keys.gpg --recv-keys 
> CC64B1DB67ABBEECAB24B6455FC346329753F4B0
> gpg: key 0x2D9AE806EC1592E2: 6 signatures not checked due to missing keys
> gpg: key 0x2D9AE806EC1592E2: public key "Teabot <tea...@gitea.io>" imported
> gpg: Total number processed: 1
> gpg:               imported: 1
> $ gpg --list-options show-keyring -k tea...@gitea.io
> gpg: please do a --check-trustdb
> Keyring: /home/toni/.gnupg/pubring.gpg
> --------------------------------------
> pub   rsa4096/0x2D9AE806EC1592E2 2018-06-24 [SC] [expires: 2020-06-23]
>       7C9E68152594688862D62AF62D9AE806EC1592E2
> uid                   [ unknown] Teabot <tea...@gitea.io>
> sub   rsa4096/0x1FBE01D7CBADB9A0 2018-06-24 [E] [expires: 2020-06-23]
> sub   rsa4096/0x5FC346329753F4B0 2018-06-24 [S] [expires: 2019-06-24]

I'm not sure that this demonstrates what you're describing.

Here is a run with gpg 2.2.15-1 that demonstrates the key being fetched
into the extra keyring:

0 dkg@alice:/tmp/cdtemp.AhkyjS$ export GNUPGHOME=$(pwd)
0 dkg@alice:/tmp/cdtemp.AhkyjS$ touch $(pwd)/extra.gpg
0 dkg@alice:/tmp/cdtemp.AhkyjS$ gpg --no-default-keyring --keyring 
$(pwd)/extra.gpg --recv-keys CC64B1DB67ABBEECAB24B6455FC346329753F4B0
gpg: key 2D9AE806EC1592E2: 6 signatures not checked due to missing keys
gpg: /tmp/cdtemp.AhkyjS/trustdb.gpg: trustdb created
gpg: key 2D9AE806EC1592E2: public key "Teabot <tea...@gitea.io>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
0 dkg@alice:/tmp/cdtemp.AhkyjS$ gpg --list-options show-keyring -k 
tea...@gitea.io
gpg: keybox '/tmp/cdtemp.AhkyjS/pubring.kbx' created
gpg: error reading key: No public key
2 dkg@alice:/tmp/cdtemp.AhkyjS$ ls -la
total 24
drwx------  4 dkg  dkg   160 May 12 18:48 .
drwxrwxrwt 28 root root 1420 May 12 18:47 ..
drwx------  2 dkg  dkg    60 May 12 18:48 crls.d
-rw-r--r--  1 dkg  dkg  6467 May 12 18:48 extra.gpg
-rw-r--r--  1 dkg  dkg  6467 May 12 18:48 extra.gpg~
drwx------  2 dkg  dkg    40 May 12 18:48 private-keys-v1.d
-rw-------  1 dkg  dkg    32 May 12 18:48 pubring.kbx
-rw-------  1 dkg  dkg  1200 May 12 18:48 trustdb.gpg
0 dkg@alice:/tmp/cdtemp.AhkyjS$ 

perhaps the teabot key was already in your default keyring before you
run the --recv-keys operation?  that would certainly explain the
behavior that you're seeing.

         --dkg

signature.asc
Description: PGP signature