Page MenuHome GnuPG

`gpg --show-keys` can modify the keyring (it is not actually the same as `--dry-run --import-options import-show --import`)
Closed, ResolvedPublic


in particular, when reviewing a file with a revocation certificate, --show-keys actually imports it:

mkdir -m 0700 a b
gpg --homedir $(pwd)/a --yes --batch --passphrase abc123 --pinentry-mode loopback --quick-gen-key 'this is a test'
gpg --homedir a --export | gpg --homedir b --import
gpg --homedir b --list-keys
sed 's/^:-----/-----/' < a/openpgp-revocs.d/*.rev | gpg --homedir b --with-colons --show-keys
gpg --homedir b --list-keys

the above command shows the key as revoked in the second run.

however, if i use the following instead of the --show-keys invocation:

sed 's/^:-----/-----/' < a/openpgp-revocs.d/*.rev | gpg --homedir b --with-colons --dry-run --import-options import-show --import

then the keyring is unchanged.



Event Timeline

I note that --import-options show-only --import has the same effect as --show-keys -- that is, the revocation cert is imported. so the error is in the import-options code itself. I'll push a fix-T4017 branch shortly with a proposed correction.

werner triaged this task as High priority.

Thanks for reporting and your patch. However, I used a different way to solve this bug.

thanks for looking into this so quickly. where is your patch? i don't see it on the master branch yet.

werner removed a project: backport.