Home GnuPG

Load the secret keyring before the public one.


Load the secret keyring before the public one.

* src/keylist.c (gpa_keylist_init): Forcefully load the secret
keyring before attempting to load the public keys.

Gpa loads the private keyring in a kind of "lazy mode", in that
the private keyring is only loaded the first time Gpa needs to
lookup a private key. This normally happens during the loading
of the public keyring, since for each public key Gpa must lookup
in the private keyring to check whether a private counterpart is

The result is that a Gpg process is spawn to list the secret keys
while another Gpg process is still listing the public keys. If
the trust model happens to be TOFU or TOFU+PGP, this can cause
some problems with regard to the locking of the TOFU database.

To avoid that, this patch makes sure the private keyring is
actively and synchronously loaded before we fetch the public keys
(no more lazy loading).

  • GnuPG-bug-id: T3748
  • Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>


gouttegdAuthored on Mar 29 2018, 2:52 PM
wernerCommitted on Apr 16 2018, 7:31 AM
rGPA69c777580bb9: Use the new gpgme_op_interact interface.
T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp