with --tofu-default-policy=ask, Assertion "conflict_set" in get_trust failed (../../g10/tofu.c:2787)
Closed, ResolvedPublic


Using the attached example.key, we see a bug when doing --fingerprint with the
tofu database is present and "--tofu-default-policy ask":

export GNUPGHOME=$(mktemp -d)
gpg --import < example.key
gpg --trust-model tofu+pgp --tofu-default-policy ask --fingerprint

results in:

gpg: Ohhhh jeeee: Assertion "conflict_set" in get_trust failed

This is https://bugs.debian.org/854829


External Link
dkg added a subscriber: dkg.Feb 14 2017, 4:21 PM

dkg set External Link to https://bugs.debian.org/854829.
dkg set Version to 2.1.18.
dkg added a comment.Feb 14 2017, 4:40 PM

I note that even if i drop the "--trust-model tofu+pgp" and subsequently invoke
just "gpg --tofu-default-policy ask --fingerprint" i get the same crash.

however, if i just execute that in a fresh homedir without ever having set
"--trust-model tofu+pgp" i don't get a crash. so there is some sort of state
being set up that is then tickling the assertion later.

werner assigned this task to neal.Feb 14 2017, 9:28 PM
werner added a subscriber: neal.
werner raised the priority of this task from Normal to Unbreak Now!.Mar 15 2017, 4:37 PM
werner added a subscriber: werner.

Neal, this is still not fixed in 2.1.19.

neal added a comment.Mar 16 2017, 8:56 AM

Thanks for reporting this. I can reproduce it and will hopefully have a good
fix soon.

neal added a comment.Mar 17 2017, 2:49 PM

This should be fixed in b1106b4 . The problem had to do with an incorrect
assumption that a key with policy 'ask' necessarily had at least one conflict.
This assumption may not hold if --tofu-default-policy is set to ask.
Thankfully, the assertion caught this.

werner closed this task as Resolved.Apr 3 2017, 10:46 PM

Fix is in 2.1.20