Re: tofu: Missing entry in the bindings table for new key
Hi! Luis Resselwrites: > [ Unknown signature status ] > On Tue, 24 Jan 2017 11:53:55 +0100 > Justus Winter wrote: > >> Can you please describe in detail what you were doing so that we can >> recreate the problem? You can create a throwaway environment for >> experimentation by setting the environment variable GNUPGHOME to a >> temporary directory, like so (assuming a Bourne-like shell): > > This was easier to reproduce than I expected. I've attached the > transcript of a shell session demonstrating the problem. Manually > calling "gpg --tofu-policy good $KEYID" fixes the issue. Thanks for the nice report. I have been able to reproduce it and have created https://bugs.gnupg.org/gnupg/issue2929 for it. > I'm using gpg 2.1.17; I haven't checked yesterday's release yet. It is affecting master as well. (: Justus signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: tofu: Missing entry in the bindings table for new key
Hi, Luis Resselwrites: > Hello, > > I created a new key today. When I tried to verify a signature made by > this key, I got the error message > > gpg: Signature made Sat Jan 21 01:07:59 2017 CET > gpg:using RSA key DEADBEEF > gpg: Good signature from "foo " [ultimate] > gpg: aka "foo " [ultimate] > gpg: error updating TOFU database: NOT NULL constraint failed: > signatures.binding > gpg: TOFU: error registering signature: General error > > Apparently no entry for my key/userid had been recorded in the bindings > table. I was of course able to fix this by calling > "gpg --tofu-policy good DEADBEEF", but it still looks like a bug to me. > Any ideas how this could happen? > > Potentially relevant facts: > * The new key's userid collides with that of my old key. > * I'm using the setting "tofu-default-policy unknown". Can you please describe in detail what you were doing so that we can recreate the problem? You can create a throwaway environment for experimentation by setting the environment variable GNUPGHOME to a temporary directory, like so (assuming a Bourne-like shell): $ export GNUPGHOME=$(mktemp -d) $ gpg -k [nothing] Note that you need to copy your gnupg configuration over, or at least configure the trust model. Thanks, Justus signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: tofu: Missing entry in the bindings table for new key
On Tue, 24 Jan 2017 11:53:55 +0100 Justus Winterwrote: > Can you please describe in detail what you were doing so that we can > recreate the problem? You can create a throwaway environment for > experimentation by setting the environment variable GNUPGHOME to a > temporary directory, like so (assuming a Bourne-like shell): This was easier to reproduce than I expected. I've attached the transcript of a shell session demonstrating the problem. Manually calling "gpg --tofu-policy good $KEYID" fixes the issue. I'm using gpg 2.1.17; I haven't checked yesterday's release yet. HTH, Luis $ ls $GNUPGHOME gpg.conf $ cat $GNUPGHOME/gpg.conf trust-model tofu+pgp $ cat key %no-protection %transient-key Key-Type: RSA Key-Length: 1024 Name-Real: foo bar Name-Email: foo...@example.org $ gpg --batch --gen-key < key gpg: key 6FA38940B689B96C marked as ultimately trusted gpg: directory '/home/aranea/.tmp-gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/aranea/.tmp-gnupg/openpgp-revocs.d/CFAE0B4B50808667BABDBF966FA38940B689B96C.rev' $ touch foo $ gpg --sign foo $ gpg --verify foo.gpg gpg: Signature made Tue Jan 24 12:22:04 2017 CET gpg:using RSA key CFAE0B4B50808667BABDBF966FA38940B689B96C gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: tofu+pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: Good signature from "foo bar " [ultimate] gpg: error updating TOFU database: NOT NULL constraint failed: signatures.binding gpg: TOFU: error registering signature: General error pgpnJanCqEW_z.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users