Re: tofu: Missing entry in the bindings table for new key

2017-01-24 Thread Justus Winter 
Hi!

Luis Ressel  writes:

> [ Unknown signature status ]
> On Tue, 24 Jan 2017 11:53:55 +0100
> Justus Winter  wrote:
>
>> Can you please describe in detail what you were doing so that we can
>> recreate the problem?  You can create a throwaway environment for
>> experimentation by setting the environment variable GNUPGHOME to a
>> temporary directory, like so (assuming a Bourne-like shell):
>
> This was easier to reproduce than I expected. I've attached the
> transcript of a shell session demonstrating the problem. Manually
> calling "gpg --tofu-policy good $KEYID" fixes the issue.

Thanks for the nice report.  I have been able to reproduce it and have
created https://bugs.gnupg.org/gnupg/issue2929 for it.

> I'm using gpg 2.1.17; I haven't checked yesterday's release yet.

It is affecting master as well.


(: Justus


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: tofu: Missing entry in the bindings table for new key

2017-01-24 Thread Justus Winter 
Hi,

Luis Ressel  writes:

> Hello,
>
> I created a new key today. When I tried to verify a signature made by
> this key, I got the error message
>
> gpg: Signature made Sat Jan 21 01:07:59 2017 CET
> gpg:using RSA key DEADBEEF
> gpg: Good signature from "foo " [ultimate]
> gpg: aka "foo " [ultimate]
> gpg: error updating TOFU database: NOT NULL constraint failed: 
> signatures.binding
> gpg: TOFU: error registering signature: General error
>
> Apparently no entry for my key/userid had been recorded in the bindings
> table. I was of course able to fix this by calling
> "gpg --tofu-policy good DEADBEEF", but it still looks like a bug to me.
> Any ideas how this could happen?
>
> Potentially relevant facts:
> * The new key's userid collides with that of my old key.
> * I'm using the setting "tofu-default-policy unknown".

Can you please describe in detail what you were doing so that we can
recreate the problem?  You can create a throwaway environment for
experimentation by setting the environment variable GNUPGHOME to a
temporary directory, like so (assuming a Bourne-like shell):

  $ export GNUPGHOME=$(mktemp -d)
  $ gpg -k
  [nothing]

Note that you need to copy your gnupg configuration over, or at least
configure the trust model.

Thanks,
Justus


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: tofu: Missing entry in the bindings table for new key

2017-01-24 Thread Luis Ressel 
On Tue, 24 Jan 2017 11:53:55 +0100
Justus Winter  wrote:

> Can you please describe in detail what you were doing so that we can
> recreate the problem?  You can create a throwaway environment for
> experimentation by setting the environment variable GNUPGHOME to a
> temporary directory, like so (assuming a Bourne-like shell):

This was easier to reproduce than I expected. I've attached the
transcript of a shell session demonstrating the problem. Manually
calling "gpg --tofu-policy good $KEYID" fixes the issue.

I'm using gpg 2.1.17; I haven't checked yesterday's release yet.

HTH,
Luis
$ ls $GNUPGHOME
gpg.conf

$ cat $GNUPGHOME/gpg.conf
trust-model tofu+pgp

$ cat key
%no-protection
%transient-key
Key-Type: RSA
Key-Length: 1024
Name-Real: foo bar
Name-Email: foo...@example.org

$ gpg --batch --gen-key < key
gpg: key 6FA38940B689B96C marked as ultimately trusted
gpg: directory '/home/aranea/.tmp-gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as 
'/home/aranea/.tmp-gnupg/openpgp-revocs.d/CFAE0B4B50808667BABDBF966FA38940B689B96C.rev'

$ touch foo

$ gpg --sign foo

$ gpg --verify foo.gpg
gpg: Signature made Tue Jan 24 12:22:04 2017 CET
gpg:using RSA key CFAE0B4B50808667BABDBF966FA38940B689B96C
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: tofu+pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Good signature from "foo bar " [ultimate]
gpg: error updating TOFU database: NOT NULL constraint failed: 
signatures.binding
gpg: TOFU: error registering signature: General error


pgpnJanCqEW_z.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users