In T5848#155277, @bernhard wrote:As soon as I change the value and check the "dirmngr"file, it is overwriten with the "keyserver hkps://" value again.
(I hope only if you completely delete it, as it should keep any other value and write it to file.)
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Feb 21 2022
Feb 21 2022
hakan-int added a comment to T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
bernhard added a comment to T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
As soon as I change the value and check the "dirmngr"file, it is overwriten with the "keyserver hkps://" value again.
Hello.
@bernard has been so kind to try and help me with this exact issue over in the gpg4win forum, and it seems I'm not the only one who still has problems with the "broken" LE certificate chain and hkps://keyserver.ubuntu.com.
First observations regarding screen readers and the certificate table:
- The comment in the report that only the name (in the first column) is read may be an issue of the screen reader.
- Orca reads all table cells (because of the (default) settings "readFullRowInGUITable"). There is also a keyboard shortcut to "toggle the reading of tables, either by single cell or whole row". I expect that other screen readers have similar settings and toggle functionality.
- I don't think navigation by cell makes sense, because this is a read-only table, i.e. interaction with individual cells isn't possible.
hakan-int added a comment to T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
@bernhard when I close Kleopatra and stop the its task by the task manager, then the value remains. But as long as I do not change the default value to an other value in "Settings" -> "Configure Kleopatra". As soon as I change the value and check the "dirmngr"file, it is overwriten with the "keyserver hkps://" value again. I think, this is not the expected default value, is it?
• ikloecker committed rKLEOPATRAac6db170281c: Create the "New Tab" button before the tab widget (authored by • ikloecker).
Create the "New Tab" button before the tab widget
Create tab widget with new
• ikloecker committed rKLEOPATRA9b0a6e339013: Do not hide tab bar if there are less than 2 tabs (authored by • ikloecker).
Do not hide tab bar if there are less than 2 tabs
• ikloecker committed rKLEOPATRA99157fdd46bc: Do not keep layout as member (authored by • ikloecker).
Do not keep layout as member
GIT_SILENT: Modernize code
• ikloecker committed rKLEOPATRA7eb21f1c24c4: Improve accessibility of certificate filtering (authored by • ikloecker).
Improve accessibility of certificate filtering
• ikloecker committed rKLEOPATRA63d740686a4c: Make "Show not certified certificates" button accessible (authored by • ikloecker).
Make "Show not certified certificates" button accessible
bernhard added a comment to T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
@werner the main issue here, that Hakan has found a usability problem:
• werner committed rGa2db490de547: scd:p15: Used extended mode already for RSA 2048 (authored by • werner).
scd:p15: Used extended mode already for RSA 2048
po: Fix typo in German translation
• werner committed rGcff68fe35918: scd,w32: Print code pages with --show-configs (authored by • werner).
scd,w32: Print code pages with --show-configs
• werner committed rG597253ca171a: scd:p15: Used extended mode already for RSA 2048 (authored by • werner).
scd:p15: Used extended mode already for RSA 2048
• werner added a comment to T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
Actually all changes Kleopatra does go through gpgconf. Thus is is normal that gpgconf overwrites things.
hakan-int added a comment to T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
When I overwrite the default value "hkps://keyserver.ubuntu.com" with another value in "Settings" -> "Configure Kleopatra" once and click "Apply or OK" and delete this new value again, then Kleopatra does not insert the default value to the necessary place again.
• werner triaged T5849: "gpg --logger-fd 1" doesn't override log-file in gpg.conf as Normal priority.
Feel free to ask me by PM if you run into problems (wk at gnupg.org). Two of my colleagues are Vim users and thus have an interest in a well working plugin :-). Thanks.
Feb 20 2022
Feb 20 2022
Thanks! This plugin has been around for a long time, and this is one aspect I inherited from the original code. I'll look into reworking it to use the status output.
• werner added a comment to T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
Try with hkp:// - I assume that you are missing the new Lets Encrypt CA certificates
Why are you using the log output for scripting? This is not its intended use. You need to use --status-fd. Log output is purely for human consumption it not a stable API. BTW, --fixed-list-mode has gone ages ago but it does not harm.
Feb 18 2022
Feb 18 2022
hakan-int added a comment to T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
The user who made the first report about this issue, it could help: Forum Wald
bernhard added a comment to T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
We (@hakan-int and myself) saw the problematic behaviour in one setting. It was a VM where Gpg4win had been installed, deinstalled and reinstalled again. We still try to find out how to reliably recreate the situation and what is the difference between a working and a non-working case.
bernhard renamed T5848: Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions) from Default Settings of OpenPGP-Keyserver does not work to Searching for public keys with default setting for OpenPGP-Keyserver does not work (under some conditions).
I suspected that it would be listed by gpg --dump-options, but I didn't think about autocompletion cleverly using it. I apologize.
How does the user know about the feature in the first place, other than reading the source code or searching the executable for "hidden" command-line flags?
• ikloecker added a comment to T5832: Kleopatra: Make OpenPGP certificate generation (with default settings) accessible.
Generating a new OpenPGP certificate with default settings should now be possible:
- with keyboard only (tab order should be okay now)
- with high contrast color scheme and/or inverted color scheme (tested with Breeze Dark)
Improve some UI texts
There is another hacker working on finishing it. I only provided the framework.
@werner will have to answer why he added the unfinished code. My guess is that he wanted to prevent it from being lost on his computer. I would probably have deactivated the code as long as it's unfinished.
For the next release T5842 (so with a higher priority) I have picked
• aheinecke edited parent tasks for T5846: Kleopatra: File operation resultlistwidget accessibility (contrast), added: T5824: Kleopatra: Full accessibility support; removed: T5845: Kleopatra: Accessibility for file encryption.
• aheinecke added a parent task for T5841: Kleopatra: Make keylist / keytreeview accessible: T5842: Gpg4win LTS 3.1.22.
• aheinecke added a parent task for T5845: Kleopatra: Accessibility for file encryption: T5842: Gpg4win LTS 3.1.22.
• aheinecke triaged T5846: Kleopatra: File operation resultlistwidget accessibility (contrast) as Normal priority.
• aheinecke triaged T5844: Kleopatra: Make certify accessible (certificate import) as Normal priority.
• aheinecke added a parent task for T5843: Kleopatra: Make certificate details accessible: T5824: Kleopatra: Full accessibility support.
Yes. Sorry about that. We had multiple issues where attachments were hidden and not shown as attachments because they had a content-id but that content-id was not referenced in a way that outlook shows.
For our internal tests this boils down to testing:
- with keyboard only
- for people using a screenreader
- with 400 % magnification
- with high contrast color scheme
- with inverted color scheme
My direct problem is to silence warnings for newer GCC.
What is the problem here? Some compiler warning about fully legal code?
• gniibe committed rG05fdaa173752: sm: Fix use of value NONE in gnupg_isotime_t type. (authored by • gniibe).
sm: Fix use of value NONE in gnupg_isotime_t type.
Feb 17 2022
Feb 17 2022
Ah! Sorry! Is there any reason the command-line flag made it to a release? How should the user know that the feature does not work, other than reading the bugtracker and source code?
You are trying to use unfinished code. See https://dev.gnupg.org/rGafe5fcda52e88438c7a7278117b2e03f510a9c1c. It's not really surprising that unfinished code doesn't work.
• ikloecker committed rKLEOPATRAa359c2d96be0: Allow screenreaders to read description of protocol choice buttons (authored by • ikloecker).
Allow screenreaders to read description of protocol choice buttons
Klausi1239 added a comment to T5839: GNUPGEX Explorer File Encryption Tar Archive long Filename Bug.
I tested encrypt two txt files with filename 1 and 2.txt and insert text: test 1 and test 2. Tararchive has been created successfull. Than i tested this Two txt files with a long name. See attached txt files, i send it already to you. Now by the first test Archive.tar.gpg.yqoirl with 0 Bytes was created.
Second test, the other archive.tar.gpg with 0 Bytes was created and gpgex hang.
It seems you have replaced the scdaemon module from GnuPG by a 3rd party module (which exhibits a version number 0.10.0) - this is not supported and you will of course run into errors.
• werner triaged T5839: GNUPGEX Explorer File Encryption Tar Archive long Filename Bug as Normal priority.
What you uploaded are files with a length of zero bytes. That is not valid data. The hang should not happen of course.
irl added a comment to T5837: gpg-card: Authenticate to PIV applet with non-3DES card management key.
In T5837#155062, @werner wrote:Setting the management key has been implemented only for Yubikeys. So for Gemalto this won't work.
• werner added a comment to T5837: gpg-card: Authenticate to PIV applet with non-3DES card management key.
Setting the management key has been implemented only for Yubikeys. So for Gemalto this won't work.
• ikloecker committed rMad3aabdd8a64: qt: Fix ABI compatibility with 1.16.0 (authored by • ikloecker).
qt: Fix ABI compatibility with 1.16.0
I have tested it. When I try it with public keyserver it has of course problematic results when vandalized keys like werners are hit but its great that even if I abort at that point I nicely see the results of the other imports.
• aheinecke added a comment to T5836: Kleopatra: Optionally, delete private key locally after moving a key to a smartcard.
It should not really hurt to query the scdaemon again after an import. We can do this in the background and users wont have to notice it in the general case where imports from others happen.
In https://wald.intevation.org/forum/forum.php?thread_id=2395&forum_id=21&group_id=11 "Kim Nilsson on 2022-02-15 16:48" reports that
• werner added a comment to rC3c8b6c4a9cad: fips: Fix gen-note-integrity.sh script not to use cmp utility..
I wonder why a platform has no cmp but comes with printf, which is a modern POSIX extension to Unix.
• gniibe committed rGf064d972e388: tests: Remove a test case with "quiet" option with gpgconf. (authored by • gniibe).
tests: Remove a test case with "quiet" option with gpgconf.
scd: Use lock_slot for apdu_send_direct.
• gniibe added a project to T5831: Backport (f808012a) scd: Use lock_slot for apdu_send_direct. to GnuPG 2.2: Restricted Project.
Thank you for your suggestion.