Page MenuHome GnuPG
Create Task
Maniphest T4017

`gpg --show-keys` can modify the keyring (it is not actually the same as `--dry-run --import-options import-show --import`)
Closed, ResolvedPublic
Actions

Description

in particular, when reviewing a file with a revocation certificate, --show-keys actually imports it:

mkdir -m 0700 a b
gpg --homedir $(pwd)/a --yes --batch --passphrase abc123 --pinentry-mode loopback --quick-gen-key 'this is a test'
gpg --homedir a --export | gpg --homedir b --import
gpg --homedir b --list-keys
sed 's/^:-----/-----/' < a/openpgp-revocs.d/*.rev | gpg --homedir b --with-colons --show-keys
gpg --homedir b --list-keys

the above command shows the key as revoked in the second run.

however, if i use the following instead of the --show-keys invocation:

sed 's/^:-----/-----/' < a/openpgp-revocs.d/*.rev | gpg --homedir b --with-colons --dry-run --import-options import-show --import

then the keyring is unchanged.

Details

Version
2.2.8

Revisions and Commits

rG GnuPG
rGfe621cc64b13 gpg: Do not import revocations with --show-keys.
rGe8f439e05474 gpg: Do not import revocations with --show-keys.

Related Objects

Event Timeline

dkg created this task.Jun 11 2018, 11:10 PM
dkg mentioned this in T4018: gpg --with-colons --show-keys does not show revocation certificates.Jun 11 2018, 11:34 PM
dkg added a comment.Jun 12 2018, 1:00 AM

I note that --import-options show-only --import has the same effect as --show-keys -- that is, the revocation cert is imported. so the error is in the import-options code itself. I'll push a fix-T4017 branch shortly with a proposed correction.

dkg added a comment.Jun 12 2018, 1:02 AM

see e051c279216ecd4ec9a48e13ccc695f5ab667b2a

werner claimed this task.Jun 12 2018, 8:24 AM
werner triaged this task as High priority.
werner added projects: gnupg, backport.Jun 12 2018, 8:46 AM

Thanks for reporting and your patch. However, I used a different way to solve this bug.

dkg added a comment.Jun 12 2018, 9:05 AM

thanks for looking into this so quickly. where is your patch? i don't see it on the master branch yet.

werner added a commit: rGe8f439e05474: gpg: Do not import revocations with --show-keys..Jun 12 2018, 9:05 AM
werner added a commit: rGfe621cc64b13: gpg: Do not import revocations with --show-keys..
werner closed this task as Resolved.Jun 12 2018, 9:08 AM
werner removed a project: backport.