Page MenuHome GnuPG

gpgvProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Yesterday

werner closed T7209: gpgv(1) manpage is ambiguous about argument list as Resolved.
Tue, Jul 23, 3:08 PM · Documentation, gpgv

Sun, Jul 21

dkg created T7209: gpgv(1) manpage is ambiguous about argument list.
Sun, Jul 21, 4:52 PM · Documentation, gpgv

Mar 18 2024

werner moved T6811: gpgv: Read-only trustedkeys.kbx should not be compressed from WiP to QA on the gnupg22 board.
Mar 18 2024, 4:22 PM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report

Mar 7 2024

werner moved T6811: gpgv: Read-only trustedkeys.kbx should not be compressed from QA to gnupg-2.4.5 on the gnupg24 board.
Mar 7 2024, 3:26 PM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report
werner moved T6946: gpgv: Help automatic reject too short keys from QA to gnupg-2.4.5 on the gnupg24 board.
Mar 7 2024, 3:25 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv

Feb 28 2024

jak added a comment to T6946: gpgv: Help automatic reject too short keys.

So after taking this down to where it was only patching status.h and mainproc.c to add a write_status_output() I realized the whole issue is down to status-codes.h not being updated automatically if you apply a patch to status.h in a released version.

Feb 28 2024, 1:33 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv
jak added a comment to T6946: gpgv: Help automatic reject too short keys.

Having looked at the build log again after applying the patch, I see the first test failing is

Feb 28 2024, 12:29 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv

Feb 16 2024

gniibe reassigned T6811: gpgv: Read-only trustedkeys.kbx should not be compressed from gniibe to werner.
Feb 16 2024, 3:45 AM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report

Feb 13 2024

jak added a comment to T6946: gpgv: Help automatic reject too short keys.

So I cherry-picked this onto 2.4.4 and I ended up with a failing build due to failed tests (it built fine without the patch)

Feb 13 2024, 11:35 AM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv

Feb 10 2024

werner changed the status of T6946: gpgv: Help automatic reject too short keys from Open to Testing.

We check the actual used signature and the corresponding (sub)key. Whether you trust this key is a different thing and we are not able to check that. Note that the same subkey may be used with different primary keys. The whole point of gpgv is to that you pass a list of trusted keys - actually this makes this new option superfluous but in gpg it makes sense. It was easy to add it to gpgv, though.

Feb 10 2024, 2:31 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv

Feb 5 2024

Angel added a comment to T6946: gpgv: Help automatic reject too short keys.

Do note there could be subkeys as well.

Feb 5 2024, 1:59 AM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv

Jan 19 2024

aheinecke added a comment to T6946: gpgv: Help automatic reject too short keys.

The min-rsa option was introduced due because the de-vs compliance allowed 2048 bit until the end of 2023 and we used a trick in our configuration file to switch that relaxed handling off with this year. I don't think that the --ciompliance option is really useful becuase it would also disallow ed25519.

A better option would be an --assert-algo option similar to the --assert-signer which we already have in gpg.

Jan 19 2024, 8:53 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv
werner triaged T6946: gpgv: Help automatic reject too short keys as Normal priority.

I noticed the Debian bug and was about to answer but a feature request is also a good thing.

Jan 19 2024, 12:27 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv

Jan 18 2024

jak added a comment to T6946: gpgv: Help automatic reject too short keys.

For what it's worth when I filed the Debian bug I mistakenly believed min-rsa-key-length in gpg would do that but it only applies to de-vs compliance profile and is *silently* ignored otherwise.

Jan 18 2024, 9:09 AM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv
svuorela updated subscribers of T6946: gpgv: Help automatic reject too short keys.
Jan 18 2024, 9:05 AM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv
svuorela created T6946: gpgv: Help automatic reject too short keys.
Jan 18 2024, 9:03 AM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv

Jan 5 2024

werner moved T6811: gpgv: Read-only trustedkeys.kbx should not be compressed from Backlog to QA on the gnupg24 board.
Jan 5 2024, 12:06 PM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report

Jan 2 2024

gniibe added a comment to T6811: gpgv: Read-only trustedkeys.kbx should not be compressed.
Jan 2 2024, 7:55 AM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report

Dec 29 2023

werner edited projects for T6811: gpgv: Read-only trustedkeys.kbx should not be compressed, added: gnupg22; removed backport.
Dec 29 2023, 2:09 PM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report
gniibe added a project to T6811: gpgv: Read-only trustedkeys.kbx should not be compressed: backport.

Bug is in 2.2, too.

Dec 29 2023, 3:04 AM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report
gniibe renamed T6811: gpgv: Read-only trustedkeys.kbx should not be compressed from gpgv does not correctly fallback to trustedkeys.kbx to gpgv: Read-only trustedkeys.kbx should not be compressed.
Dec 29 2023, 3:04 AM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report
gniibe changed the status of T6811: gpgv: Read-only trustedkeys.kbx should not be compressed from Open to Testing.

Fixed in rG591a53d716aa: gpg: Don't call keybox_compress when KEYDB_RESOURCE_FLAG_READONLY..

Dec 29 2023, 3:03 AM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report
gniibe added a comment to T6811: gpgv: Read-only trustedkeys.kbx should not be compressed.

I found that the warning is emitted when it tries to call keybox_compress.
It should not be called when it's READONLY (which gpgv specifies).

Dec 29 2023, 2:56 AM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report

Nov 13 2023

werner renamed T6811: gpgv: Read-only trustedkeys.kbx should not be compressed from gpgv prints out a warning that it cannot allocate a lock to gpgv does not correctly fallback to trustedkeys.kbx.
Nov 13 2023, 8:43 AM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report
werner triaged T6811: gpgv: Read-only trustedkeys.kbx should not be compressed as Normal priority.

Problem seems to be that there is no ~/trustedkeys.gpg file and that the fallback to the kbx file does not anymore work. I can replicate that with 2.40 and 2.4.4-beta.

Nov 13 2023, 8:43 AM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report

Aug 13 2021

werner changed the edit policy for gpgv.
Aug 13 2021, 11:04 PM

Jul 4 2019

werner triaged T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not as Low priority.

Because we use dot-locking in GnuPG and copy-update-write for keyrings. Granted: For gpgv this is not required but the code is identical to the gpg code and adding new code does not make much sense. After all gpgv is a stripped down version of gpg I once wrote for Debian. I see your use case but tehre are other ways to do this and thus anthing here has low priority.

Jul 4 2019, 8:41 AM · gpgv, Bug Report

Jul 3 2019

dkg added a comment to T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not.

out of curiosity, why does gpgv need the name of the file?

Jul 3 2019, 9:30 PM · gpgv, Bug Report
dkg renamed T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not from gpgv --enable-special-filenames does not appear to work for keyrings passed as file descriptors to gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not.
Jul 3 2019, 9:17 PM · gpgv, Bug Report
dkg reopened T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not as "Open".

In that case, you can treat this ticket as a bug in the documentation, which still needs to be resolved.

Jul 3 2019, 9:07 PM · gpgv, Bug Report
werner closed T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not as Invalid.

We need random access and the name of the file. Thus a file descriptor is not sufficient.

Jul 3 2019, 9:06 PM · gpgv, Bug Report
dkg created T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not.
Jul 3 2019, 9:02 PM · gpgv, Bug Report

Mar 7 2019

werner closed T4386: Improve documentation about gpgv keyring selection as Resolved.

Applied to 2.2 and master. Thanks.

Mar 7 2019, 7:56 AM · gpgv

Mar 3 2019

dkg created T4386: Improve documentation about gpgv keyring selection.
Mar 3 2019, 4:28 PM · gpgv

Oct 22 2018

werner closed T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities as Resolved.
Oct 22 2018, 7:32 PM · gpgv, gnupg, Bug Report

Oct 8 2018

werner added a comment to T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities.

Editor fault. The browser's editor is not like Emacs and here o my laptop the backspace key does not work as intended. I guess I was about to write ".. a back signature's usage flag".

Oct 8 2018, 11:49 PM · gpgv, gnupg, Bug Report
dkg added a comment to T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities.

what does "back signature's usage tool" mean? can we make an addition to the test suite that ensures that bad signatures will be rejected?

Oct 8 2018, 5:07 PM · gpgv, gnupg, Bug Report
werner reopened T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities as "Testing".

The fix was not fully correct because it considered a back signature's usage tool.

Oct 8 2018, 4:26 PM · gpgv, gnupg, Bug Report

Jul 12 2018

werner closed T4036: gnupg 2.2.9 release, a subtask of T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities, as Resolved.
Jul 12 2018, 4:54 PM · gpgv, gnupg, Bug Report

Jul 4 2018

werner added a subtask for T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities: T4036: gnupg 2.2.9 release.
Jul 4 2018, 9:16 AM · gpgv, gnupg, Bug Report
werner closed T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities as Resolved.

Fix will also go into 2.2.9

Jul 4 2018, 9:10 AM · gpgv, gnupg, Bug Report

Jun 9 2018

dkg created T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities.
Jun 9 2018, 12:33 AM · gpgv, gnupg, Bug Report

Sep 13 2017

werner closed T3404: gpgv warns about "--compliance=gnupg mode" but does not support --compliance=gnupg as an argument as Resolved.

The new unified compliance checker was not initialized. Fixed in the 2.2 branch.

Sep 13 2017, 9:23 AM · gnupg (gpg22), gpgv, Bug Report

Sep 12 2017

werner triaged T3404: gpgv warns about "--compliance=gnupg mode" but does not support --compliance=gnupg as an argument as Normal priority.
Sep 12 2017, 9:27 AM · gnupg (gpg22), gpgv, Bug Report

Sep 9 2017

dkg created T3404: gpgv warns about "--compliance=gnupg mode" but does not support --compliance=gnupg as an argument.
Sep 9 2017, 7:20 PM · gnupg (gpg22), gpgv, Bug Report

Aug 21 2017

justus triaged T3350: gpgv should emit a status line with full issuer fingerprint, if it is present in the key. as Wishlist priority.
Aug 21 2017, 11:33 AM · gpgv, Feature Request

Aug 15 2017

guillem added a comment to T3350: gpgv should emit a status line with full issuer fingerprint, if it is present in the key..

As part of switching debsig-verify from using --list-packets to gpg with --list-keys --with-colons and gpgv, it would be helpful to eventually be able to get the fingerprint instead of the keyid. This is needed because debsig-verify uses the keyid to select which one of its policy files it has to load, to apply for the subsequent actual verification of the .deb package.

Aug 15 2017, 8:12 PM · gpgv, Feature Request
dkg created T3350: gpgv should emit a status line with full issuer fingerprint, if it is present in the key..
Aug 15 2017, 6:30 PM · gpgv, Feature Request

Jun 19 2017

justus closed T3210: assertion failure in compliance.c when using gpgv as Resolved.

Fixed in 6e23416fe61d4130918f2d1bf6e1f98d102c4610.

Jun 19 2017, 11:08 AM · gpgv, Bug Report
justus claimed T3210: assertion failure in compliance.c when using gpgv.
Jun 19 2017, 10:08 AM · gpgv, Bug Report