Page MenuHome GnuPG
Create Task
Maniphest T1718

Errors during 2.1 migration but gnupg reports migration succeeded.
Closed, ResolvedPublic
Actions

Description

Happend by accident. I started gpg2.1 in an environment where the agent running
still was from 2.0 so this was caused by a setup error.

gpg2 --sign foo
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/home/aheinecke/.gnupg/secring.gpg' to gpg-agent
gpg: error getting the KEK: Unknown IPC command
gpg: error getting the KEK: Unknown IPC command
gpg: error getting the KEK: Unknown IPC command
gpg: error getting the KEK: Unknown IPC command
gpg: error getting the KEK: Unknown IPC command
gpg: error getting the KEK: Unknown IPC command
gpg: migration succeeded
gpg: no default secret key: No secret key
gpg: signing failed: No secret key

Nothing bad happened. The secret key is still there. But I thought to report it
even as it is a setup error as I think the error handling should be improved so
that it does not print "migration succeeded" in case it failed.

As we all know some weird things might be listening on the gpg-agent socket ;-)

Details

Version
2.1.0-beta835

Related Objects

Event Timeline

aheinecke added projects: gnupg (gpg21), gnupg, Bug Report.Sep 19 2014, 3:51 PM
aheinecke set Version to 2.1.0-beta835.
aheinecke added subscribers: werner, aheinecke.
aheinecke added a comment.Sep 19 2014, 7:47 PM

D252: 507_0001-Check-gpg-agent-version-before-2.1-migration.patch

aheinecke added a comment.Sep 19 2014, 7:47 PM

Had a go at this myself. I've attached a patch that checks the gpg-agent version
before migration.

Output when an old version is found:




gpg: NOTE: THIS IS A DEVELOPMENT VERSION!

gpg: It is only intended for test purposes and should NOT be

gpg: used in a production environment or with production keys!

gpg: starting migration from earlier GnuPG versions

gpg: error: GnuPG agent version "2.0.22" is too old. 

gpg: Please start an updated GnuPG agent.

gpg: migration aborted



Output when gnome-keyring running around:



gpg: NOTE: THIS IS A DEVELOPMENT VERSION!

gpg: It is only intended for test purposes and should NOT be

gpg: used in a production environment or with production keys!

gpg: starting migration from earlier GnuPG versions

gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent.

gpg: WARNING: GnuPG will not work properly - please configure that tool to not

interfere with the GnuPG system!

gpg: error: GnuPG agent unusable. Please check that a GnuPG agent can be started.

gpg: migration aborted

gpg: no default secret key: No secret key

gpg: signing failed: No secret key



The error message should also occur in case gpg-agent can not be started at all.

It happens when "GETINFO version" errors. So its generic.
aheinecke added a subscriber: dkg.Sep 19 2014, 7:47 PM
aheinecke mentioned this in T1729: when upgrading to 2.1, should detect a <2.1 gpg-agent and respond appropriately.Mar 30 2017, 7:14 PM
 werner added a comment.Oct 3 2014, 1:03 PM
Thanks applied.
 werner closed this task as Resolved.Oct 3 2014, 1:03 PM