We tested with Kleopatra:

• Only gpg4win 4.2 is affected (the current version) but 4.1 is not affected.
• No vsd version is affected.

FWIW, I am already working on this.

Currently, there is no support for gpg-agent to keep private key not on disk, but only on memory of gpg-agent. Given the situation,
I think that it is good to:

Example output:

Tested with 2.4.4 beta and the problem shows only up with the parameter file but not when using --expert-full-gen-key or --quick-gen-key. The problem seems to be that the v5 flag is not enforced when using the parameter file. Thus the key is created as v4 key despite that we want to use v5 for the new x448 keys. It is not a severe bug becuase the key will work anyway using software supporting X448. Will of course be fixed for 2.4.4.

Interesting. I need to look closer at it. I scheduled it for 2.4 but it won't be in the forthcoming 2.4.4. There are still other interesting things on the short list (e.g. timestamping support) but we may do that only in 2.6.

Thanks for the report. It comes right in time for the next release. It might already be fixed due to a lot of changes in the pkcs#12 parser.

Thanks for the report. This is the fun with different code pathes. Obviously the v5 fingerprint needs to be used for the pre-made revocation.

Now you can untar and run

The extra option --debug-allow-pin-logging was implemented with commit rGe43bd2a7a78.

Better don't remove your entire ~/.gnupg - removing the *.lock files after gpgconf -K all is sufficient.

This is due to the changed format of the VERSION file.

https://github.com/vorburger/vorburger.ch-Notes/blob/develop/security/gpg-hangs-on-hostname-change.md

thats great news! I will test the keyword with Archlinux's Builds System (and Fakeroot) as soon as possible!

I sued the done column because we have not assigned it to any milestone.

Fixed a long time ago.

Hope so too. If there was a docker image or something I would gladly test it, otherwise I'll report back as soon as a release is out

We can't test this but assume that the fix for T6752 is sufficient here.

With rG239c1fdc28dcd0dc7aa5341be7c966da2231642a we now have a socketdir keyword for gpgconf.ctl. man gpgconf and look for that file. Will be released with 2.4.4.

I applied your patch and also fixed another possible problem.

Bug is in 2.2, too.

Fixed in rG591a53d716aa: gpg: Don't call keybox_compress when KEYDB_RESOURCE_FLAG_READONLY..

I found that the warning is emitted when it tries to call keybox_compress.
It should not be called when it's READONLY (which gpgv specifies).

Fixed in rG2be53b214d1c: tools: Fix argparse table of gpgconf..
It would be good to apply this to 2.2, so, adding "backport" tag.

I'd say we should not do anything about this. Stale lock files are a general problem but can be solved using admin tasks. We may provide a tool to cleanup things on request.

Okay, now we have pass the warnings down to gpg and gpgsm so the problem will be easier to analyze. We also stop trying after 10 seconds. Sample error messages:

We were hoping before christmas. But it is unlikely due to some other stuff we had to do. Early Jan. Definitely a priority for us right now to get it out.

@werner Any news on when will 2.4.4 will land? I cannot figure out how to build the project from source, and I couldn't adapt the Fedora packaging to build it either. I would like to have a way to finally sign my git commits.

We could also use this for T6874: Kleopatra subkey management improvements

Nope, The gpgconf --kill keyboxd hangs too, if I see right, while waiting for agent:

$ strace gpgconf --kill keyboxd
[...]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f2d74fe2a10) = 3244
wait4(3244, 0x7ffc9836e364, 0, NULL)    = ? ERESTARTSYS (To be restarted if SA_RESTART is set)

See also T6465

is now hidden in VS-Desktop-3.1.90.287-Beta

Testing in 2.4 will not be easy because it requires code modification just for testing. However, de-vs is not supported by 2.4 and the greater plan is to get 2.6 approved for de-vs.

works in VS-Desktop-3.1.90.277-Beta

Sorry @ebo tested this on Windows with 2.2. I myself should have tested it since the test is trivial and only took me about 30 seconds to type. Similar to T6701 this should have never reached the QA stage. I am including myself now that we have someone for QA that I test my own changes less. We need to talk / think about that in our whole team. We developers should test more before sending an issue into QA.

The same happens when the pinentry is canceled, i.e. General Error is reported although in this case the dialog should simply be closed (because the user canceled the operation).