Page MenuHome GnuPG
Create Task
Maniphest T2312

GnuPG 2.1 migration fails due to permissions but appears to succeed
Closed, ResolvedPublic
Actions

Description

over in https://bugs.launchpad.net/bugs/1565963, we have a documented situation
where ~/.gnupg/private-keys-v1.d is not executable for the user, and as a
result, the migration process fails.

Even worse, it appears to succeed, because ~/.gnupg/.gpg-v21-migrated is created.

This means that subsequent use of GnuPG 2.1 simply can't find the secret keys,
even though they're available in ~/.gnupg/secring.gpg

Please see further discussion over here:

https://lists.gnupg.org/pipermail/gnupg-devel/2016-April/030977.html

Revisions and Commits

rG GnuPG
rG7de9ed521e51 agent: Keep some permissions of private-keys-v1.d.
rG8ed85ef3de9c agent: Keep some permissions of private-keys-v1.d.

Related Objects

Event Timeline

dkg added a project: Bug Report.Apr 12 2016, 1:04 AM
dkg added a subscriber: dkg.
werner added a subscriber: werner.Apr 15 2016, 8:39 AM

gpg-agent should fix the permission of private-keys-v1.d/.

werner added a project: gnupg.Apr 15 2016, 8:39 AM
justus claimed this task.Apr 20 2016, 11:39 AM
justus added a subscriber: justus.
justus closed this task as Resolved.Apr 20 2016, 3:05 PM

Fixed in f8adf1a.

werner reopened this task as Open.Sep 9 2020, 7:41 PM

The fix we have there has the problem that it forcefully changes the permissions. Consider the case that for example that group access was provided which will currently be reset with each start of gpg-agent.

werner added a commit: rG8ed85ef3de9c: agent: Keep some permissions of private-keys-v1.d..Sep 9 2020, 8:36 PM
werner added a comment.Sep 9 2020, 8:37 PM

That keeps the group permissions of an existing directory. Needs to be backported to 2.2

werner added a commit: rG7de9ed521e51: agent: Keep some permissions of private-keys-v1.d..Sep 10 2020, 7:47 AM
werner closed this task as Resolved.Sep 10 2020, 7:50 AM

It should be possible to apply the patch rG7de9ed521e516879a72ec6ff6400aed4bdce5920
for 2.2 also to older 2.1 or 2.2 versions,

werner mentioned this in T5052: Release GnuPG 2.2.24.Nov 17 2020, 9:33 AM
larskanis added a subscriber: larskanis.Jun 11 2021, 12:43 PM

Thank you Werner for fixing this! We just came across the group permission issue in a multi-user environment and all we had to do was to upgrade to gnupg >=2.2.24.