[Bug 1565963] Re: gpg secret keys not migrated after upgrade to gnupg 2.1
dkg
dkg at fifthhorseman.net
Fri Apr 8 23:37:04 UTC 2016
Over on https://bugs.launchpad.net/bugs/1565963, Timo Aaltonen has found
a repeatable scenario where the secret keyring has not been successfully
migrated properly when switching over to gnupg 2.1:
On Fri 2016-04-08 12:35:05 -0300, Timo Aaltonen <tjaalton at ubuntu.com> wrote:
> :: tjaalton at wilson:~/.gnupg> ls -al
> total 1092
> drwx------ 3 tjaalton tjaalton 4096 huhti 8 18:21 .
> drwxr-xr-x 42 tjaalton tjaalton 4096 huhti 8 18:25 ..
> -rw------- 1 tjaalton tjaalton 8081 maali 20 2015 gpg.conf
> -rw-rw-r-- 1 tjaalton tjaalton 0 huhti 8 00:09 .gpg-v21-migrated
> drw------- 2 tjaalton tjaalton 4096 maali 20 2015 private-keys-v1.d
> -rw------- 1 tjaalton tjaalton 1669 maali 20 2015 public.key
> -rw------- 1 tjaalton tjaalton 517605 maali 20 2015 pubring.gpg
> -rw------- 1 tjaalton tjaalton 600 maali 17 22:44 random_seed
> -rw------- 1 tjaalton tjaalton 7322 maali 20 2015 secring.gpg
> srwxrwxr-x 1 tjaalton tjaalton 0 huhti 8 00:37 S.gpg-agent
> -rw------- 1 tjaalton tjaalton 4520 maali 20 2015 trustdb.gpg
>
> don't see anything wrong there
It's a little unusual to have ~/.gnupg/private-keys-v1.d not be u+x, as
that would imply that the directory isn't listable. This is probably
causing problems for the gpg-agent.
When i test with this setup, i can verify that the migration doeesn't
happen properly, although .gpg-v21-migrated gets created anyway.
from a new user account, with gpg1 as 1.4.20 and gpg2 as 2.1.11, i ran
the following three commands:
gpg1 --gen-key
mkdir -m 0600 ~/.gnupg/private-keys-v1.d
gpg2 --list-secret-keys
The final command returns an error code of 2 and produces these messages
to the terminal:
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/home/demouser/.gnupg/secring.gpg' to gpg-agent
gpg: key C93913FC/C93913FC: error sending to agent: Permission denied
gpg: error building skey array: Permission denied
gpg: migration succeeded
I have no idea how this directory got the u+x bit cleared, but maybe
that's something that either:
a) gpg-agent could clean up on its own, or
b) should cause gpg-agent to not create the .gpg-v21-migrated marker
file
wdyt?
--dkg
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1565963
Title:
gpg secret keys not migrated after upgrade to gnupg 2.1
Status in gnupg2 package in Ubuntu:
Confirmed
Bug description:
After upgrading to gnupg 2.1 I can no longer see my keys in seahorse
(Passwords and Keys in apps scope in unity) and evolution cannot find
my gpg keys. Someone said this might be related to
https://www.gnupg.org/faq/whats-new-in-2.1.html#autostart and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796931
Reading the Debian bug I see someone mentioned that running this might help:
$ gpg2 --import < ./.gnupg/secring.gpg
I did that and gpg2 went through each of my private keys to import
them. When done I logged out and back in and seahorse saw my keys. I'm
not sure why gpg2 didn't prompt me before.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1565963/+subscriptions
More information about the foundations-bugs
mailing list