Page MenuHome GnuPG
Create Task
Maniphest T7805

Permission denied on batch deletion of mixed (openpgp+smime) certs
Testing, HighPublic
Actions

Description

If multiple certs of mixed protocols (openpgp and smime) are deleted, most of the time (not every time) a "Permission Denied" error occurs for the smime certs:

To reproduce (in a clean gnupghome):

  1. Import the testcerts
    • Edward_Tester_0xB5297489_SECRET.asc (openpgp)
    • ted.tester@demo.gnupg.com-sign.p12 (smime; without root cert)
  2. Select both certs and delete them => The error occurs and the smime certs remain in list. Another try to delete them will work

debugview:

80	21.137109	6660	kleopatra.exe	org.kde.pim.libkleo: errorAsString gettext_use_utf8(-1) returns 1
81	21.137173	6660	kleopatra.exe	org.kde.pim.libkleo: errorAsString error: "Permission denied"
82	21.137277	6660	kleopatra.exe	org.kde.pim.libkleo: errorAsString error (percent-encoded): "Permission%20denied"

gpgme.log:

2025-09-05 13:21:15 gpgme[3904.18cc] _gpgme_io_select: check: fds=0x0118fd08 select OK [ r0x1 ]
2025-09-05 13:21:15 gpgme[3904.18cc]   _gpgme_io_select: leave: result=1
2025-09-05 13:21:15 gpgme[3904.18cc]   _gpgme_run_io_cb: call: item=0x0adf5da8 handler (0x05a9b0c0, 1)
2025-09-05 13:21:15 gpgme[3904.18cc]   _gpgme_io_read: enter: fd=0x0000000c buffer=0x0627a380, count=1002
2025-09-05 13:21:15 gpgme[3904.18cc]     gpgme:find_reader: enter: fd=0x0000000c 
2025-09-05 13:21:15 gpgme[3904.18cc]     gpgme:find_reader: leave: rd=0x0aec61e8
2025-09-05 13:21:15 gpgme[3904.18cc]   _gpgme_io_read: check: ERR 134250497 Permission denied <Keybox><LF>
2025-09-05 13:21:15 gpgme[3904.18cc]   _gpgme_io_read: leave: result=41
2025-09-05 13:21:15 gpgme[3904.18cc] chan_0x0000000c <- ERR 134250497 Permission denied <Keybox>\n
2025-09-05 13:21:15 gpgme[3904.18cc]   gpgme:status_handler: call: gpgsm=0x05a9b0c0 fd 0x1: ERR line - mapped to: Permission denied
2025-09-05 13:21:15 gpgme[3904.18cc]   _gpgme_cancel_with_err: enter: ctx=0x04066200 ctx_err=134250497, op_err=0
2025-09-05 13:21:15 gpgme[3904.18cc]     _gpgme_io_close: enter: fd=0x00000001 
2025-09-05 13:21:15 gpgme[3904.18cc]     _gpgme_io_close: check: fd=0x00000001 hdd=0x0adf5e68 dupfrom=12
2025-09-05 13:21:15 gpgme[3904.18cc]     _gpgme_io_close: check: fd=0x00000001 destroying reader 0x0aec61e8
2025-09-05 13:21:15 gpgme[3904.18cc]       gpgme:destroy_reader: call: ctx=0x0aec61e8 hdd=0x0adf5e68 refcount now 1
2025-09-05 13:21:15 gpgme[3904.18cc]       _gpgme_remove_io_cb: call: data=0x0adf5d00 setting fd 0x1 (item=0x0adf5da8) done
2025-09-05 13:21:15 gpgme[3904.18cc]       _gpgme_io_close: enter: fd=0x00000002 
2025-09-05 13:21:15 gpgme[3904.18cc]       _gpgme_io_close: check: fd=0x00000002 hdd=0x0adf5928 dupfrom=-1
2025-09-05 13:21:15 gpgme[3904.18cc]       _gpgme_io_close: check: fd=0x00000002 destroying reader 0x0aeb1380
2025-09-05 13:21:15 gpgme[3904.18cc]         gpgme:destroy_reader: call: ctx=0x0aeb1380 hdd=0x0adf5928 close triggered

gpgsm.log

2025-09-05 13:21:15 gpgsm[7136] enabled debug flags: x509 mpi ipc
2025-09-05 13:21:15 gpgsm[7136] enabled compatibility flags:
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> # Home: C:\Users\g10\AppData\Roaming\gnupg
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> # Config: C:/Users/g10/AppData/Roaming/gnupg/gpgsm.conf
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> # DirmngrInfo: C:\Users\g10\AppData\Local\gnupg\S.dirmngr
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> OK GNU Privacy Guard's S/M server 2.2.47 ready, process 7136
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 <- OPTION ttyname=/dev/tty
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> OK
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 <- OPTION enable-audit-log=1
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> OK
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 <- OPTION allow-pinentry-notify
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> OK
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 <- OPTION offline=0
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> OK
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 <- DELKEYS 7C6A4442C88AA009D1B82BD267F99891C2311DD2
2025-09-05 13:21:15 gpgsm[7136] Fehler beim Löschen des Zertifikats "7C6A4442C88AA009D1B82BD267F99891C2311DD2": Permission denied
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> ERR 134250497 Permission denied <Keybox>
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 <- BYE
2025-09-05 13:21:15 gpgsm[7136] DBG: chan_0x00000278 -> OK closing connection

Details

Version
vsd-3.3.2 & vsd-3.3.90.8 @ win10

Related Objects
Search...

Event Timeline

timegrid created this task.Sep 5 2025, 1:47 PM
werner added a subscriber: werner.Sep 16 2025, 1:26 PM

Can you please repeat this with gpg4win-5-beta using the keyboxd and also using the pubring.kbx (i.e. w/o use-keyboxd in common.conf)?

timegrid added a comment.Sep 22 2025, 1:27 PM

Using gpg4win-5.0.0-beta369 @ win10 I can't reproduce it with use-keyboxd, but without use-keyboxd:

gpgme.log

gpgme_log.txt59 KBDownload

gpgsm.log

gpgsm_log.txt1 KBDownload

ebo renamed this task from Kleopatra: Permission denied on batch deletion of mixed (openpgp+smime) certs to Permission denied on batch deletion of mixed (openpgp+smime) certs.Thu, Oct 9, 10:58 AM
ebo added a project: gnupg.
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Oct 13, 7:51 AM
gniibe claimed this task.Mon, Oct 13, 7:53 AM
timegrid added a comment.Mon, Oct 13, 10:10 AM

I can't reproduce this in vsd-3.3.90.19 @ win10 anymore.
Probably the fixes in https://dev.gnupg.org/T7827 or https://dev.gnupg.org/T7855 solved this, too.

gniibe added a comment.Tue, Oct 14, 3:39 AM

@timegrid Thank you for your confirmation.

In 2.2, it was fixed by: rG7962eca3a023: gpgsm: Change delete and store certificate locking glitches.

We need to fix this for master (2.5.x, to be 2.6). That is, file handle should be closed before the release of lock.

gniibe added a comment.Wed, Oct 15, 9:36 AM

I'm fixing this issue under T7855. So, I move this ticket as a child of T7855.

gniibe triaged this task as High priority.Wed, Oct 15, 9:36 AM
gniibe added a parent task: T7855: keybox/keydb locking issue in 2.6 .
gniibe changed the task status from Open to Testing.Tue, Oct 21, 6:50 AM

This issue should be fixed in 2.6, too.