gpg is required by several parts of GnuPG. Tracking dependencies for it for the esoteric case of not building it does not make any sense. Thus the option will be removed from from master.

What do you think about a special case for the homedir "/dev/null" ? We use this device as a specila value at other places too. I have often seen "/nonexistent" in /etc/passwd but there is no standard for this. However, /dev/null is well defined.

Actually before the fingerprint, which is a general argument and not an argument to -k. Thus

"gpg -d" decrypts data why do you think you can decrypt or verify it again?

You can't and you shall not.

$ gpg --homedir /notexistent -dv <1.msg --override-session-key 7:D6E1027D58A0CB047C41EA881A137197 --status-fd 2 
gpg: keyblock resource '/notexistent/pubring.kbx': No such file or directory
[GNUPG:] ERROR add_keyblock_resource 33587281
gpg: public key is 7F3B7ED4319BCCA8
[GNUPG:] ENC_TO 7F3B7ED4319BCCA8 18 0
[GNUPG:] ERROR keydb_search 33554445
gpg: encrypted with ECDH key, ID 7F3B7ED4319BCCA8

Indeed, this makes gpg return 2. The reason is that the first error message uses log_error which sets a flag to have gpg return 2. Now, changing this to log_info may produce problems for applications which expect that gpg errors out for a bad homedir.

Oh I see you did the Right Thing which back then I was too lazy to do. Thanks.

1 - How that key pair was seeded ? For Instance.

I would consider this feature request. Right now you can do this by providing an empty keyring.

I am pretty sure that older cards required this behaviour. It might have been a workaround for a bug in scdaemon, though - I am not sure. So we should test this with all available card versions.

Right, this differs. GnuPG is now installed at a well known location. Actually the Gpg4win installer includes the standard GnuPG installer and it is possible to update just GnuPG without a need to update the entire gpg4win.
This avoid multiple installs of GnuPG with all its problems.

I close this for now. If you run into problems with 2.2.2 again, please re-open this bug.

Thanks for the list

Using an npth function is not good because we want to come up with a reasonable iteration count. Allowing npth to switch threads would not be good. The Linux specific solution in /D450 looks like a good solution but it needs some testing.

The obvious fix to unlock and relock the pinentry during the callback would have the problem that instead of the confirmation request a pinentry from another connection may pop up. That would be quite confusing.

I moved most of the output to the debug category. Everything elese does not make much sense. I also fixed the stats printed for each reordered/fixed key to be prefixed with the keyid so all info is on one line. -q should fully silence them.

The trust-model=direct does not care about signatures or user ids. It simply checks the user assigned _ownertrust_ to decide whether a key is valid:

Just tried this but can't replicate it:

$ ../g10/gpg -dv <1.msg --override-session-key 7:D6E1027D58A0CB047C41EA881A137197 --status-fd 2 
gpg: public key is 7F3B7ED4319BCCA8
[GNUPG:] ENC_TO 7F3B7ED4319BCCA8 18 0
gpg: encrypted with ECDH key, ID 7F3B7ED4319BCCA8
[GNUPG:] BEGIN_DECRYPTION
gpg: AES encrypted data
[GNUPG:] DECRYPTION_INFO 2 7
gpg: original file name=''
[GNUPG:] PLAINTEXT 62 1508859245 
[GNUPG:] PLAINTEXT_LENGTH 68
"Well hello there Charlie Brown, you blockhead."
                -- Lucy Van Pelt
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION
$ echo $?
0
$ gpg -k 7F3B7ED4319BCCA8
gpg: error reading key: No public key

gpg-agent sometimes pops up confirmation dialogs. This can't yet be handled with the loopback pinentry. Try gpg option --batch.

Is this still a problem with 2.2.1? IIRC, we fixed a few DNS things.

What I use to force the old keyring format is to export a public key to a file and rename that to pubring.gpg. And of course delete the pubring.kbx.

Won't we fixed for 1.4 and 2.0 (which is too close to EOL). Has been fixed for master; see T2359.

This can be triggered if --max-passphrase-days has been set.

In 2.2.2 you will see "Secret sibkeys are available" and commands which require the primary key are disabled.

We could signal an error. However, that would break existing behaviour and can only be done for 2.3.

The rest looks technically okay. My French is too limited to say anything about the translation, though.

gpgme does not known about return codes because it uses a double fork approach. However, certain staus lines could have the same effect.

In rD075b9032092e903a31374c20d9d6184083c0f175#49208, @aa wrote:

Nice tabulation, are you guys COBOL programmers now ?

Can you please try again with the standard shell (and not the power shell)?

Please look in the status bar of your desktop. You should see a (blinking) tab for the Pinentry. Unfortunately it is not always possible to get the Pinentry into the foreground and Windows will instead show it in the status bar.

DCO = Developer's Certificate of Origin. See gnupg/doc/HACKING under "** License Policy" .

The long term goal is to replace sshcontrol by aflag in the extended private key format. This would instantly solve the bug. Thus closing.

Let's move that to master.

We can't change that anymore. So the question is how and whether to fix it. Right now gpgconf --list-dirs has no need to ask gpg-agent for the actual socket and it would be a catch-22 anyway. Thus to fix this we need to parse the gpg-agent.conf in gpg.conf directly.

We can later decide whether to backport this to 2.2