Page MenuHome GnuPG
Create Task
Maniphest T6811

gpgv: Read-only trustedkeys.kbx should not be compressed
Testing, NormalPublic
Actions

Description

Someone blogged that the following happens with gpg version 2.2.27-3ubuntu2.1:

$ gpgv </dev/null
gpgv: can't allocate lock for '/home/XXX/.gnupg/trustedkeys.gpg'
gpgv: verify signatures failed: Unknown system error

For details see https://www.osso.nl/blog/2023/gpgv-can-t-allocate-lock-for/
I haven't cited more text from the blog because it's copyrighted and not licensed under a permissive license.

Revisions and Commits

rG GnuPG
rG591a53d716aa gpg: Don't call keybox_compress when KEYDB_RESOURCE_FLAG_READONLY.

Related Objects

Event Timeline

ikloecker created this task.Nov 11 2023, 11:01 PM
werner edited projects, added Support; removed Bug Report.Nov 12 2023, 1:19 PM
werner added a subscriber: werner.

That version of gpg is too old that I will look at it.

ikloecker added a comment.EditedNov 12 2023, 6:16 PM

The same happens with a very recent 2.4:

$ gpgv --version
gpgv (GnuPG) 2.4.4-beta56
libgcrypt 1.11.0
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

$ cp /home/XXX/.gnupg/pubring.kbx /home/XXX/.gnupg/trustedkeys.kbx

$ gpgv </dev/null
gpgv: can't allocate lock for '/home/XXX/.gnupg/trustedkeys.kbx'
gpgv: verify signatures failed: Unknown system error
werner triaged this task as Normal priority.Nov 13 2023, 8:43 AM
werner edited projects, added Bug Report, gnupg24, gpgv; removed Support.

Problem seems to be that there is no ~/trustedkeys.gpg file and that the fallback to the kbx file does not anymore work. I can replicate that with 2.40 and 2.4.4-beta.

werner renamed this task from gpgv prints out a warning that it cannot allocate a lock to gpgv does not correctly fallback to trustedkeys.kbx.Nov 13 2023, 8:43 AM
gniibe added a subscriber: gniibe.Dec 29 2023, 2:56 AM

I found that the warning is emitted when it tries to call keybox_compress.
It should not be called when it's READONLY (which gpgv specifies).

gniibe changed the task status from Open to Testing.Dec 29 2023, 3:03 AM
gniibe claimed this task.

Fixed in rG591a53d716aa: gpg: Don't call keybox_compress when KEYDB_RESOURCE_FLAG_READONLY..

gniibe added a commit: rG591a53d716aa: gpg: Don't call keybox_compress when KEYDB_RESOURCE_FLAG_READONLY..Dec 29 2023, 3:03 AM
gniibe renamed this task from gpgv does not correctly fallback to trustedkeys.kbx to gpgv: Read-only trustedkeys.kbx should not be compressed.Dec 29 2023, 3:04 AM
gniibe added a project: backport.

Bug is in 2.2, too.

werner edited projects, added gnupg22; removed backport.Dec 29 2023, 2:09 PM
gniibe added a comment.Jan 2 2024, 7:55 AM
This comment was removed by gniibe.
werner moved this task from Backlog to QA on the gnupg24 board.Jan 5 2024, 12:06 PM
werner mentioned this in T6578: Release GnuPG 2.4.4.Jan 25 2024, 11:37 AM
gniibe reassigned this task from gniibe to werner.Feb 16 2024, 3:45 AM
gniibe moved this task from Backlog to WiP on the gnupg22 board.
werner moved this task from QA to gnupg-2.4.5 on the gnupg24 board.Mar 7 2024, 3:26 PM
werner edited projects, added gnupg24 (gnupg-2.4.5); removed gnupg24.
werner moved this task from WiP to QA on the gnupg22 board.Mar 18 2024, 4:22 PM