To reproduce the hang, a loop will suffice (usually happens within the first 15 times, once it needed 50 runs):

There's no other configuration, this happens with a clean gnupghome with one smime cert + root cert and the above gpgsm.conf (output on stdin/stderr):

Current state needs to be tested

@ikloecker: Is this fixed?

Current state needs to be tested as soon as T7509: gpg4win: Make the AppImage build work with the new Docker-based build script is resolved

@werner: Is this resolved?

We need to test the current state

I also tested to add the qual flag to the root cert in the global trusted.txt, as using qualified.txt is considered legacy, but still the same behavior

The first time Okular was included is gpg4win-4.2.0:

See here for how it should look like:

• https://invent.kde.org/graphics/okular/-/merge_requests/1120
• https://invent.kde.org/graphics/okular/-/merge_requests/1121

I see. I added the root cert to C:\ProgramData\GNU\etc\gnupg\qualified.txt and the usage of the signing certs does include a qualified signature in Kleopatra now. Still I don't see any highlight/filter in Okular:

The "ca" root cert is not on the ldap, if that matters

In T8048#211860, @ikloecker wrote:

some other certificates, but I guess those are from other tests

It also happens on CLI:

• gpg4win 5.0.0 @ win11

Note: This does not happen on vsd-3.3.4

gpgme.log (vsd 3.3.4):

In T8039#211727, @timegrid wrote:

I wonder where the information of the previously installed components comes from, if not from the MementoSection_SEC_kleopatra fields.

I searched the whole registry and found, that if browser integration is installed, this key still lives in WOW6432Node: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gpg4win

Oh, surpisingly it's the other way around: if the information is given in the registry key, all components are preselected. If the key is missing (browser integration installed), only the installed components are preselected. I wonder where the information of the previously installed components comes from, if not from the MementoSection_SEC_kleopatra fields.

Another possibility would be to just add a revoked column (expiration date is already shown) to keep closer to the ldap schema.

Without browser integrations installed, the preselection works fine though.
Probably this happens, because the info in the registry is missing as soon as browser integration is installed, see T8038: NSIS: Updating line omitted if browser integration is installed

should properly uninstall the existing installation.

see also T8039: NSIS: Preselection of installed components on reinstall only works with browser integration installed

On gpg4win-5.0.0 @ win11 I created a bunch of smime certs:

• For each keyusage
  • keyEncipherment, dataEncipherment
  • digitalSignature
  • nonRepudiation
  • digitalSignature, nonRepudiation
• Alice's certs with different names, Bob's certs with same name for each key

Is this is good enough or should the import cert list also inherit the layout (with or without additional columns) from the currently active tab?

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Another correction: I'm quite sure, that changing the width worked for a while (until i created that new tab), but I can't reproduce this anymore (even after deleting kleopatrastaterc). Now the import list again seems to have it's own memory (changing width in the import list will be kept on the next import)

Correction: On import, the width of the last created tab (not the current one) will be used, but additional columns won't be added.

In gpg4win-5.0.0-beta479 @ win11

• I can confirm, that a new tab will inherit the layout from the currently active tab
• On import
  • The layout of the main tab is kept
  • The import cert table has it's own layout though (default columns/widths) - should this be different?
    

Mostly looks good to me on gpg4win-5.0.0-beta479 @ win11.

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Was anything changed? What to test here?

Thanks, looks good to me:

• Saving to c:\windows
  
• Saving with removed signing key
  

On gpg4win-5.0.0-beta479 @ win11 the registry settings are not read due to the organization name not set.

Importing the same files via cli does work:

Screenshots of different imports:

gpgme.log (import of kyber team key with signing key):

gpgme.log (import of normal non team key kyber cert):

The behaviour might have changed a bit because of the ldap: prefix i use now, or i have missed this case the last time:
Given some cert on the "download" server, I can find it, if dirmngr.conf contains only the "download" server, or if the "download" server is listed first:

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

I assume, that testing the functionality is the only thing I can do here.

Looks good to me on gpg4win-5.0.0-beta479 @ win11

Tested with gpg4win-5.0.0-beta479 @ win11

@tfry tested this, and it seems fine.

Looks good to me on gpg4win-5.0.0-beta479 @ win11.

Ebo was also able to reproduce it like this:

Looks good to me on gpg4win-5.0.0-beta479 @ win11.
Both without and with DeviceInfoWatcher (via configuration as shown in https://dev.gnupg.org/T7045#186162 ):

• Removal of smart card -> smart card is removed in smart card view
• Insertion of smart card + gpg-card -> smart card is added in smart card view