Bug#494040: gpgv: Unintelligible behaviour and error messages.
Patch by upstream attached. SVN rev. 4981. # 2009-04-03 Werner Koch w...@g10code.com # # * gpgv.c (main): Pass readonly flag to keydb_add_resource. # * keydb.c (keydb_add_resource): Add arg READONLY. # Index: g10/gpgv.c === --- g10/gpgv.c (Revision 4980) +++ g10/gpgv.c (Revision 4981) @@ -178,9 +178,9 @@ set_packet_list_mode(1); if( !nrings ) /* no keyring given: use default one */ -keydb_add_resource (trustedkeys EXTSEP_S gpg, 0, 0); +keydb_add_resource (trustedkeys EXTSEP_S gpg, 8, 0); for(sl = nrings; sl; sl = sl-next ) -keydb_add_resource (sl-d, 0, 0 ); +keydb_add_resource (sl-d, 8, 0 ); FREE_STRLIST(nrings); Index: g10/keydb.c === --- g10/keydb.c (Revision 4980) +++ g10/keydb.c (Revision 4981) @@ -196,6 +196,7 @@ * Flag 1 == force * Flag 2 == mark resource as primary * Flag 4 == This is a default resources + * Flag 8 == Readonly */ int keydb_add_resource (const char *url, int flags, int secret) @@ -204,10 +205,14 @@ const char *resname = url; char *filename = NULL; int force=(flags1); +int readonly=!!(flags8); int rc = 0; KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE; void *token; +if (readonly) + force = 0; + /* Do we have an URL? * gnupg-ring:filename := this is a plain keyring * filename := See what is is, but create as plain keyring. @@ -235,7 +240,7 @@ else filename = xstrdup (resname); -if (!force) +if (!force !readonly) force = secret? !any_secret : !any_public; /* see whether we can determine the filetype */
Bug#494040: gpgv: Unintelligible (behaviour and) error messages.
On Wed, 6 Aug 2008 22:59, [EMAIL PROTECTED] said: | [EMAIL PROTECTED]:~$ gpgv /tmp/blender_2.46+dfsg-3.dsc | gpgv: keyblock resource `/home/kibi/.gnupg/trustedkeys.gpg': general error Do you mean the error message which probably should be file not found? | gpgv: Signature made Mon Jul 14 04:59:40 2008 CEST using DSA key ID 747935DD | gpgv: Can't check signature: public key not found Pretty please ask upstream to output a more intelligible message, which could explain why the public keyring isn't found, why this is considered (at least pusling reported so) a feature not to use the public keyring etc., because it's everything but self-explaining to me. The man page says: gpgv assumes that all keys in the keyring are trustworthy. By default it uses a keyring named trustedkeys.gpg which is assumed to be in the home directory as defined by GnuPG or set by an option or an environment variable. An option may be used to specify another keyring or even multiple keyrings. To state it more clearly: gpv does not know about secring.gpg or pubring.gpg, it uses its every own name for the keyring because it assumes that all tehse keys are trusted (like the debian keyring). Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494040: gpgv: Unintelligible (behaviour and) error messages.
Werner Koch [EMAIL PROTECTED] (07/08/2008): Do you mean the error message which probably should be file not found? Indeed. A missing file doesn't really qualify as a “general error” to me. The man page says: gpgv assumes that all keys in the keyring are trustworthy. By default it uses a keyring named trustedkeys.gpg which is assumed to be in the home directory as defined by GnuPG or set by an option or an environment variable. An option may be used to specify another keyring or even multiple keyrings. To state it more clearly: gpv does not know about secring.gpg or pubring.gpg, it uses its every own name for the keyring because it assumes that all tehse keys are trusted (like the debian keyring). I don't understand why, when the point is about verifying signatures (as stated in the whatis entry). Why does it have to assume they are trustworthy and then to use its very own keyring? I'd assume as a first guess that the point is about answering two questions: “is that a correct signature?” and “which key was used?”. Mraw, KiBi. signature.asc Description: Digital signature
Bug#494040: gpgv: Unintelligible (behaviour and) error messages.
On Thu, 7 Aug 2008 09:32, [EMAIL PROTECTED] said: I don't understand why, when the point is about verifying signatures (as stated in the whatis entry). Why does it have to assume they are trustworthy and then to use its very own keyring? I'd assume as a first You need to know whether the key is really the key of the person or entity stated in the user ID of the key. gpg uses a couple of alternative mechanisms for this, the default is the Web of Trust. On request by Debian I once implemented gpgv to have a simple and straightforward mechsnism, only usable for verifying signatures. gpgv works on a set of keys which have been compiled from another database of trusted users and are all seen as valid, i.e. belonging to the person claimed in the UID. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494040: gpgv: Unintelligible (behaviour and) error messages.
Package: gpgv Version: 1.4.9-2 Severity: important (Happens also in -3) Once upon a time, gpgv was said to be a nice and quick way to check whether a signature is valid. | [EMAIL PROTECTED]:~$ rm .gnupg/ -rf | [EMAIL PROTECTED]:~$ wget -q | http://ftp.de.debian.org/debian/pool/main/b/blender/blender_2.46+dfsg-3.dsc -P /tmp | [EMAIL PROTECTED]:~$ gpg --keyserver hkp://keyring.debian.org --recv-keys 0x747935DD | gpg: directory `/home/kibi/.gnupg' created | gpg: new configuration file `/home/kibi/.gnupg/gpg.conf' created | gpg: WARNING: options in `/home/kibi/.gnupg/gpg.conf' are not yet active during this run | gpg: keyring `/home/kibi/.gnupg/secring.gpg' created | gpg: keyring `/home/kibi/.gnupg/pubring.gpg' created | gpg: requesting key 747935DD from hkp server keyring.debian.org | gpg: /home/kibi/.gnupg/trustdb.gpg: trustdb created | gpg: key 747935DD: public key Cyril Brulebois [EMAIL PROTECTED] imported | gpg: no ultimately trusted keys found | gpg: Total number processed: 1 | gpg: imported: 1 | [EMAIL PROTECTED]:~$ gpgv /tmp/blender_2.46+dfsg-3.dsc | gpgv: keyblock resource `/home/kibi/.gnupg/trustedkeys.gpg': general error | gpgv: Signature made Mon Jul 14 04:59:40 2008 CEST using DSA key ID 747935DD | gpgv: Can't check signature: public key not found Pretty please ask upstream to output a more intelligible message, which could explain why the public keyring isn't found, why this is considered (at least pusling reported so) a feature not to use the public keyring etc., because it's everything but self-explaining to me. Mraw, KiBi. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: powerpc (ppc) Kernel: Linux 2.6.25-2-powerpc Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gpgv depends on: ii libc6 2.7-10GNU C Library: Shared libraries ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime gpgv recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494040: gpgv: Unintelligible (behaviour and) error messages.
retitle 494040 gpgv: Unintelligible behaviour and error messages. thanks (I initially meant to report 2 bugs but that's basically the same one.) Cyril Brulebois [EMAIL PROTECTED] (06/08/2008): | [EMAIL PROTECTED]:~$ gpgv /tmp/blender_2.46+dfsg-3.dsc | gpgv: keyblock resource `/home/kibi/.gnupg/trustedkeys.gpg': general error | gpgv: Signature made Mon Jul 14 04:59:40 2008 CEST using DSA key ID 747935DD | gpgv: Can't check signature: public key not found Pretty please ask upstream to output a more intelligible message, which could explain why the public keyring isn't found, why this is considered (at least pusling reported so) a feature not to use the public keyring etc., because it's everything but self-explaining to me. Especially when one has the approriate private key and when this key is ultimately trusted, it seems pretty much stupid not to accept that signature as valid by default. Note that I know about the different keyrings, and I find that utterly silly. Mraw, KiBi. signature.asc Description: Digital signature
