Page MenuHome GnuPG

gpgme does not report errors from gpg
Closed, ResolvedPublic

Description

Note: this bug report is for gpgme 1.0.2. I haven't checked it in 1.1.2, but I
want you to know anyway.

When gpg is misconfigured, like say

>grep XXX .gnupg/options
trusted-key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

, gnupg does not handle this sanely but reports no error but just
returns no data.

The following code outputs "Huh?" in such situations
(with both the stable version and a vanilla unstable version
compiled on stable):

assert( gpgme_data_new_from_file(&sig, filename, 1) == 0 );
assert( gpgme_data_new(&plain) == 0);
if( gpgme_op_verify(context,sig,NULL,plain) == 0 ) {

plain_data = gpgme_data_release_and_get_mem(plain,&plain_len);
if( plain_data == NULL ) {
        fprintf(stderr, "Huh?");
}

}

(Debian bug #389235)

Event Timeline

Thanks for reporting this. There are a couple such issues where gnupg does not
issue an error message, and thus the operation will silently fail in GPGME as
well. In the past there used to be some heuristics in place which tried to
catch such situations, but they were causing other problems, so they were not
much of an improvement, and for 1.x I removed most of them.

Also see the TODO file, under "Operations", for more of these kind of failures.

Setting the status to deferred, as there is little we can do about it until GPG
reports more errors.

Actually, gpg can not do much if configuration options can't be parsed. GPGME
does not see the exit code due to the double-fork approach.

The best way to fix this, I guess, is to check the configuration's validity with
gpg-conf before doing anything else. Unfortunately, the gpg-conf interface in
GPGME probably does not handle error scenarios yet well, either. But
conceptually, gpg-conf is in a better position to handle this and report such
problems than gpg is.

marcus added a subscriber: werner.

The exit code alone is not sufficient to return a useful error status. Thus
Marcus is right that we can't do much and gpgconf should be used to validate the
configuration.

In theory it would be possible for gpgme to run gpg with --gpgconf-test to see
whether the gpg.conf is okay but it still won't catch all error cases.

werner claimed this task.
werner removed a project: Stalled.