Debian Bug report logs - #735363
gnupg: Fatal error/non-zero exit code returned when --trust-model=always used

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: submit@bugs.debian.org

Subject: gnupg: Fatal error/non-zero exit code returned when --trust-model=always used

Date: Wed, 15 Jan 2014 00:29:11 +0000

Package: gnupg
Version: 1.4.16-1
Severity: important

As of 1.4.16-1, this fails:

$ gpg --trust-model=always --homedir /tmp/tmp.AXdUGWvlbz --gen-key
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keyring `/tmp/tmp.AXdUGWvlbz/secring.gpg' created
gpg: keyring `/tmp/tmp.AXdUGWvlbz/pubring.gpg' created
Please select what kind of key you want:
...

+++++
+++++
gpg: fatal: can't open `/tmp/tmp.AXdUGWvlbz/trustdb.gpg': No such file or directory
secmem usage: 2688/5920 bytes in 9/25 blocks of pool 6432/32768
$ echo $?
2

The problem is specific to --trust-model=always:

$ gpg --homedir /tmp/tmp.AXdUGWvlbz --gen-key
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keyring `/tmp/tmp.AXdUGWvlbz/secring.gpg' created
gpg: keyring `/tmp/tmp.AXdUGWvlbz/pubring.gpg' created
Please select what kind of key you want:
...

+++++
...+++++
gpg: /tmp/tmp.AXdUGWvlbz/trustdb.gpg: trustdb created
gpg: key 4C418E9D marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2014-01-15
pub   1024R/4C418E9D 2014-01-14 [expires: 2014-01-15]
      Key fingerprint = D144 037B 7ED8 2479 A5E3  FFF1 59D3 2D68 4C41 8E9D
uid                  dominic <dom@earth.li>
sub   1024R/BF4AA586 2014-01-14 [expires: 2014-01-15]

$ echo $?

This seems to be related to

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=498b9a95dc65c43240835d64cc92d8fb43014d53

as discussed in #725889 but it not exactly the same problem - maybe
more of the commands (gen-key, import) needs fixing too?

1.4.15-3 does not exhibit the problem.

The real world manifestation of this is in the request-tracker4 test
suite: see #735361. I can try and come up with a more exact test case
if needed - there are quite a few layers of perl in the way.

Thanks,
Dominic.

Message #12 received at 735363@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: 735363@bugs.debian.org, signing-party@packages.debian.org, gnupg-devel@gnupg.org

Subject: gpg --trust-model=always sometimes fails with fatal error as of 1.4.16

Date: Tue, 14 Jan 2014 23:11:02 -0500

[Message part 1 (text/plain, inline)]

Control: affects 735363 signing-party

re: http://bugs.debian.org/735363 -- "Fatal error/non-zero exit code
returned when --trust-model=always used"
(filed in debian against gpg 1.4.16)

caff (from debian's signing-party package) also fails with the recent
change to gnupg's behavior when --trust-model=always is set (the symptom
in caff is an endless stream of errors like:

Could not import 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 into temporary
gnupg.

Caff seems to be invoking gpg like this:

  /usr/bin/gpg --batch --no-tty --homedir /tmp/caff-0EE5BE979282D80B9F7540F1CCD2ED94D21739E9-dNk5a --status-fd 5 --no-auto-check-trustdb --trust-model=always --import

It seems i can replicate the problem with:

  PGPID=0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
  mkdir  -m 0700 -p /tmp/fake-gpg
  gpg --export $PGPID | gpg --trust-model=always --homedir /tmp/fake-gpg --import

but subsequent invocations of:

   gpg --export $PGPID | gpg --trust-model=always --homedir /tmp/fake-gpg --import

do not fail (presumably because they do not modify pubring.gpg, as the
first import was already actually imported successfully).

The change seems to be related to upstream's relatively recent change
2528178e7e2fac6454dd988121167305db7c71d9 (replicated below), which from
the comment log appears to try to address the issue, but maybe missed a
corner case.

Werner, perhaps you can comment on this?

commit 2528178e7e2fac6454dd988121167305db7c71d9
Author: Werner Koch <wk@gnupg.org>
Date:   Fri Oct 11 09:25:58 2013 +0200

    gpg: Do not require a trustdb with --always-trust.
    
    * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
    * g10/trustdb.c (trustdb_args): Add field no_trustdb.
    (init_trustdb): Set that field.
    (revalidation_mark):  Take care of a nonexistent trustdb file.
    (read_trust_options): Ditto.
    (get_ownertrust): Ditto.
    (get_min_ownertrust): Ditto.
    (update_ownertrust): Ditto.
    (update_min_ownertrust): Ditto.
    (clear_ownertrusts): Ditto.
    (cache_disabled_value): Ditto.
    (check_trustdb_stale): Ditto.
    (get_validity): Ditto.
    * g10/gpg.c (main): Do not create a trustdb with most commands for
    trust-model always.
    --
    
    This slightly changes the semantics of most commands in that they
    won't create a trustdb if --trust-model=always is used.  It just does
    not make sense to create a trustdb if there is no need for it.
    
    Signed-off-by: Werner Koch <wk@gnupg.org>
    (cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e)
    
    Resolved conflicts:
    	g10/gpg.c
    	g10/tdbio.h
    	g10/trustdb.c
     (indentation fixes)

diff --git a/NEWS b/NEWS
index ca4bfca..ad3471e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 Noteworthy changes in version 1.4.16 (unreleased)
 -------------------------------------------------
 
+ * Do not create a trustdb file if --trust-model=always is used.
+
 
 Noteworthy changes in version 1.4.15 (2013-10-04)
 -------------------------------------------------
diff --git a/g10/gpg.c b/g10/gpg.c
index b310308..ca120ab 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3318,14 +3318,12 @@ main (int argc, char **argv )
       case aFixTrustDB:
       case aExportOwnerTrust: rc = setup_trustdb( 0, trustdb_name ); break;
       case aListTrustDB: rc = setup_trustdb( argc? 1:0, trustdb_name ); break;
-      case aEncr:
-      case aEncrFiles:
-        /* No need to create the trust model if we are using the
+      default:
+          /* No need to create the trust model if we are using the
          * always trust model.  */
         rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
         break;
-      default: rc = setup_trustdb(1, trustdb_name ); break;
-    }
+      }
     if( rc )
 	log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
 
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 4f02ff9..f109dde 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -471,7 +471,7 @@ create_version_record (void)
 
 
 int
-tdbio_set_dbname( const char *new_dbname, int create )
+tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile)
 {
     char *fname;
     static int initialized = 0;
@@ -481,6 +481,8 @@ tdbio_set_dbname( const char *new_dbname, int create )
 	initialized = 1;
     }
 
+    *r_nofile = 0;
+
     if(new_dbname==NULL)
       fname=make_filename(opt.homedir,"trustdb" EXTSEP_S "gpg", NULL);
     else if (*new_dbname != DIRSEP_C )
@@ -499,7 +501,9 @@ tdbio_set_dbname( const char *new_dbname, int create )
 	    xfree(fname);
 	    return G10ERR_TRUSTDB;
 	}
-	if( create ) {
+	if (!create)
+          *r_nofile = 1;
+        else {
 	    FILE *fp;
 	    TRUSTREC rec;
 	    int rc;
diff --git a/g10/tdbio.h b/g10/tdbio.h
index 39e8cba..dd6e9d3 100644
--- a/g10/tdbio.h
+++ b/g10/tdbio.h
@@ -90,7 +90,7 @@ typedef struct trust_record TRUSTREC;
 
 /*-- tdbio.c --*/
 int tdbio_update_version_record(void);
-int tdbio_set_dbname( const char *new_dbname, int create );
+int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile);
 const char *tdbio_get_dbname(void);
 void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
 int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 24d675b..0bf92e4 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -48,7 +48,7 @@
 
 /*
  * A structure to store key identification as well as some stuff needed
- * for validation 
+ * for validation
  */
 struct key_item {
   struct key_item *next;
@@ -64,7 +64,7 @@ typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
 
 /*
  * Structure to keep track of keys, this is used as an array wherre
- * the item right after the last one has a keyblock set to NULL. 
+ * the item right after the last one has a keyblock set to NULL.
  * Maybe we can drop this thing and replace it by key_item
  */
 struct key_array {
@@ -77,6 +77,7 @@ static struct {
     int init;
     int level;
     char *dbname;
+    int no_trustdb;   /* Set if a trustdb file is not available.  */
 } trustdb_args;
 
 /* some globals */
@@ -96,7 +97,7 @@ static struct key_item *
 new_key_item (void)
 {
   struct key_item *k;
-  
+
   k = xmalloc_clear (sizeof *k);
   return k;
 }
@@ -118,11 +119,11 @@ release_key_items (struct key_item *k)
  * For fast keylook up we need a hash table.  Each byte of a KeyIDs
  * should be distributed equally over the 256 possible values (except
  * for v3 keyIDs but we consider them as not important here). So we
- * can just use 10 bits to index a table of 1024 key items. 
+ * can just use 10 bits to index a table of 1024 key items.
  * Possible optimization: Don not use key_items but other hash_table when the
- * duplicates lists gets too large. 
+ * duplicates lists gets too large.
  */
-static KeyHashTable 
+static KeyHashTable
 new_key_hash_table (void)
 {
   struct key_item **tbl;
@@ -143,7 +144,7 @@ release_key_hash_table (KeyHashTable tbl)
   xfree (tbl);
 }
 
-/* 
+/*
  * Returns: True if the keyID is in the given hash table
  */
 static int
@@ -168,7 +169,7 @@ add_key_hash_table (KeyHashTable tbl, u32 *kid)
   for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
     if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
       return; /* already in table */
-  
+
   kk = new_key_item ();
   kk->kid[0] = kid[0];
   kk->kid[1] = kid[1];
@@ -238,7 +239,7 @@ add_utk (u32 *kid)
 {
   struct key_item *k;
 
-  for (k = utk_list; k; k = k->next) 
+  for (k = utk_list; k; k = k->next)
     {
       if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
         {
@@ -273,15 +274,15 @@ verify_own_keys(void)
     return;
 
   /* scan the trustdb to find all ultimately trusted keys */
-  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ ) 
+  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
     {
-      if ( rec.rectype == RECTYPE_TRUST 
+      if ( rec.rectype == RECTYPE_TRUST
            && (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
         {
             byte *fpr = rec.r.trust.fingerprint;
             int fprlen;
             u32 kid[2];
-            
+
             /* Problem: We do only use fingerprints in the trustdb but
              * we need the keyID here to indetify the key; we can only
              * use that ugly hack to distinguish between 16 and 20
@@ -297,9 +298,9 @@ verify_own_keys(void)
     }
 
   /* Put any --trusted-key keys into the trustdb */
-  for (k = user_utk_list; k; k = k->next) 
+  for (k = user_utk_list; k; k = k->next)
     {
-      if ( add_utk (k->kid) ) 
+      if ( add_utk (k->kid) )
         { /* not yet in trustDB as ultimately trusted */
           PKT_public_key pk;
 
@@ -445,7 +446,7 @@ init_trustdb()
 
   if(level==0 || level==1)
     {
-      int rc = tdbio_set_dbname( dbname, !!level );
+      int rc = tdbio_set_dbname (dbname, !!level, &trustdb_args.no_trustdb);
       if( rc )
 	log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
     }
@@ -496,7 +497,7 @@ init_trustdb()
 static int
 trust_letter (unsigned int value)
 {
-  switch( (value & TRUST_MASK) ) 
+  switch( (value & TRUST_MASK) )
     {
     case TRUST_UNKNOWN:   return '-';
     case TRUST_EXPIRED:   return 'e';
@@ -545,7 +546,7 @@ uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
 const char *
 trust_value_to_string (unsigned int value)
 {
-  switch( (value & TRUST_MASK) ) 
+  switch( (value & TRUST_MASK) )
     {
     case TRUST_UNKNOWN:   return _("unknown");
     case TRUST_EXPIRED:   return _("expired");
@@ -614,7 +615,7 @@ check_trustdb ()
 
 
 /*
- * Recreate the WoT. 
+ * Recreate the WoT.
  */
 void
 update_trustdb()
@@ -631,6 +632,9 @@ void
 revalidation_mark (void)
 {
   init_trustdb();
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return;
+
   /* we simply set the time for the next check to 1 (far back in 1970)
    * so that a --update-trustdb will be scheduled */
   if (tdbio_write_nextcheck (1))
@@ -666,8 +670,10 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
   TRUSTREC opts;
 
   init_trustdb();
-
-  read_record(0,&opts,RECTYPE_VER);
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    memset (&opts, 0, sizeof opts);
+  else
+    read_record(0,&opts,RECTYPE_VER);
 
   if(trust_model)
     *trust_model=opts.r.ver.trust_model;
@@ -689,29 +695,29 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
  ***********  Ownertrust et al. ****************
  ***********************************************/
 
-static int 
+static int
 read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
 {
   int rc;
-  
+
   init_trustdb();
   rc = tdbio_search_trust_bypk (pk, rec);
   if (rc == -1)
     return -1; /* no record yet */
-  if (rc) 
+  if (rc)
     {
       log_error ("trustdb: searching trust record failed: %s\n",
                  g10_errstr (rc));
-      return rc; 
+      return rc;
     }
-      
+
   if (rec->rectype != RECTYPE_TRUST)
     {
       log_error ("trustdb: record %lu is not a trust record\n",
                  rec->recnum);
-      return G10ERR_TRUSTDB; 
-    }      
-  
+      return G10ERR_TRUSTDB;
+    }
+
   return 0;
 }
 
@@ -719,16 +725,19 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
  * Return the assigned ownertrust value for the given public key.
  * The key should be the primary key.
  */
-unsigned int 
+unsigned int
 get_ownertrust ( PKT_public_key *pk)
 {
   TRUSTREC rec;
   int rc;
-  
+
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return TRUST_UNKNOWN;
+
   rc = read_trust_record (pk, &rec);
   if (rc == -1)
     return TRUST_UNKNOWN; /* no record yet */
-  if (rc) 
+  if (rc)
     {
       tdbio_invalid ();
       return rc; /* actually never reached */
@@ -737,16 +746,19 @@ get_ownertrust ( PKT_public_key *pk)
   return rec.r.trust.ownertrust;
 }
 
-unsigned int 
+unsigned int
 get_min_ownertrust (PKT_public_key *pk)
 {
   TRUSTREC rec;
   int rc;
-  
+
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return TRUST_UNKNOWN;
+
   rc = read_trust_record (pk, &rec);
   if (rc == -1)
     return TRUST_UNKNOWN; /* no record yet */
-  if (rc) 
+  if (rc)
     {
       tdbio_invalid ();
       return rc; /* actually never reached */
@@ -809,7 +821,10 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
 {
   TRUSTREC rec;
   int rc;
-  
+
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return;
+
   rc = read_trust_record (pk, &rec);
   if (!rc)
     {
@@ -841,7 +856,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
       do_sync ();
       rc = 0;
     }
-  else 
+  else
     {
       tdbio_invalid ();
     }
@@ -854,6 +869,9 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
   TRUSTREC rec;
   int rc;
 
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return;
+
   pk = xmalloc_clear (sizeof *pk);
   rc = get_pubkey (pk, kid);
   if (rc)
@@ -895,7 +913,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
       do_sync ();
       rc = 0;
     }
-  else 
+  else
     {
       tdbio_invalid ();
     }
@@ -908,7 +926,10 @@ clear_ownertrusts (PKT_public_key *pk)
 {
   TRUSTREC rec;
   int rc;
-  
+
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return 0;
+
   rc = read_trust_record (pk, &rec);
   if (!rc)
     {
@@ -936,8 +957,8 @@ clear_ownertrusts (PKT_public_key *pk)
   return 0;
 }
 
-/* 
- * Note: Caller has to do a sync 
+/*
+ * Note: Caller has to do a sync
  */
 static void
 update_validity (PKT_public_key *pk, PKT_user_id *uid,
@@ -956,7 +977,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
       return;
     }
   if (rc == -1) /* no record yet - create a new one */
-    { 
+    {
       size_t dummy;
 
       rc = 0;
@@ -1011,6 +1032,8 @@ cache_disabled_value(PKT_public_key *pk)
     return (pk->is_disabled==2);
 
   init_trustdb();
+  if (trustdb_args.no_trustdb)
+    return 0;  /* No trustdb => not disabled.  */
 
   rc = read_trust_record (pk, &trec);
   if (rc && rc != -1)
@@ -1020,10 +1043,10 @@ cache_disabled_value(PKT_public_key *pk)
     }
   if (rc == -1) /* no record found, so assume not disabled */
     goto leave;
- 
+
   if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
     disabled=1;
- 
+
   /* Cache it for later so we don't need to look at the trustdb every
      time */
   if(disabled)
@@ -1041,6 +1064,9 @@ check_trustdb_stale(void)
   static int did_nextcheck=0;
 
   init_trustdb ();
+  if (trustdb_args.no_trustdb)
+    return;  /* No trustdb => can't be stale.  */
+
   if (!did_nextcheck
       && (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
     {
@@ -1051,7 +1077,7 @@ check_trustdb_stale(void)
       if ((scheduled && scheduled <= make_timestamp ())
 	  || pending_check_trustdb)
         {
-          if (opt.no_auto_check_trustdb) 
+          if (opt.no_auto_check_trustdb)
             {
               pending_check_trustdb = 1;
               log_info (_("please do a --check-trustdb\n"));
@@ -1068,7 +1094,7 @@ check_trustdb_stale(void)
 /*
  * Return the validity information for PK.  If the namehash is not
  * NULL, the validity of the corresponsing user ID is returned,
- * otherwise, a reasonable value for the entire key is returned. 
+ * otherwise, a reasonable value for the entire key is returned.
  */
 unsigned int
 get_validity (PKT_public_key *pk, PKT_user_id *uid)
@@ -1084,6 +1110,14 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
     namehash_from_uid(uid);
 
   init_trustdb ();
+
+  /* If we have no trustdb (which also means it has not been created)
+     and the trust-model is always, we don't know the validity -
+     return immediately.  If we won't do that the tdbio code would try
+     to open the trustdb and run into a fatal error.  */
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return TRUST_UNKNOWN;
+
   check_trustdb_stale();
 
   keyid_from_pk (pk, kid);
@@ -1097,7 +1131,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
           log_error ("error getting main key %s of subkey %s: %s\n",
                      tempkeystr, keystr(kid), g10_errstr(rc));
 	  xfree(tempkeystr);
-          validity = TRUST_UNKNOWN; 
+          validity = TRUST_UNKNOWN;
           goto leave;
 	}
     }
@@ -1120,7 +1154,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
     }
   if (rc == -1) /* no record found */
     {
-      validity = TRUST_UNKNOWN; 
+      validity = TRUST_UNKNOWN;
       goto leave;
     }
 
@@ -1153,7 +1187,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
 
       recno = vrec.r.valid.next;
     }
-  
+
   if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
     {
       validity |= TRUST_FLAG_DISABLED;
@@ -1172,7 +1206,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
    * I initially designed it that way */
   if (main_pk->has_expired || pk->has_expired)
     validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
-  
+
   if (pending_check_trustdb)
     validity |= TRUST_FLAG_PENDING_CHECK;
 
@@ -1307,7 +1341,7 @@ ask_ownertrust (u32 *kid,int minimum)
                  keystr(kid), g10_errstr(rc) );
       return TRUST_UNKNOWN;
     }
- 
+
   if(opt.force_ownertrust)
     {
       log_info("force trust for key %s to %s\n",
@@ -1380,7 +1414,7 @@ dump_key_array (int depth, struct key_array *keys)
             }
         }
     }
-}  
+}
 
 
 static void
@@ -1403,7 +1437,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
             status = TRUST_UNDEFINED;
           else
             status = 0;
-          
+
           if (status)
             {
               update_validity (keyblock->pkt->pkt.public_key,
@@ -1418,7 +1452,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
 
   if (any)
     do_sync ();
-}  
+}
 
 /*
  * check whether the signature sig is in the klist k
@@ -1450,7 +1484,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 {
   KBNODE node;
   PKT_signature *sig;
-  
+
   /* first check all signatures */
   for (node=uidnode->next; node; node = node->next)
     {
@@ -1483,7 +1517,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 	  continue;
 	}
       node->flag |= 1<<9;
-    }      
+    }
   /* reset the remaining flags */
   for (; node; node = node->next)
       node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
@@ -1531,7 +1565,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
              older: if signode was older then we don't want to take n
              as signode is nonrevocable.  If n was older then we're
              automatically fine. */
-	  
+
 	  if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
 	       !signode->pkt->pkt.signature->flags.revocable &&
 	       (signode->pkt->pkt.signature->expiredate==0 ||
@@ -1547,7 +1581,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
              n was older then we don't want to take signode as n is
              nonrevocable.  If signode was older then we're
              automatically fine. */
-	  
+
 	  if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
 		!signode->pkt->pkt.signature->flags.revocable &&
 		(signode->pkt->pkt.signature->expiredate==0 ||
@@ -1578,7 +1612,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 
       sig = signode->pkt->pkt.signature;
       if (IS_UID_SIG (sig))
-        { /* this seems to be a usable one which is not revoked. 
+        { /* this seems to be a usable one which is not revoked.
            * Just need to check whether there is an expiration time,
            * We do the expired certification after finding a suitable
            * certification, the assumption is that a signator does not
@@ -1587,7 +1621,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
            * different expiration time */
           const byte *p;
           u32 expire;
-                    
+
           p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
           expire = p? sig->timestamp + buffer_to_u32(p) : 0;
 
@@ -1674,7 +1708,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
       delete_kbnode(node);
       deleted++;
     }
-    
+
   return deleted;
 }
 
@@ -1931,7 +1965,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
             {
               if (uid->help_full_count >= opt.completes_needed
                   || uid->help_marginal_count >= opt.marginals_needed )
-                uidnode->flag |= 4; 
+                uidnode->flag |= 4;
               else if (uid->help_full_count || uid->help_marginal_count)
                 uidnode->flag |= 2;
               uidnode->flag |= 1;
@@ -1946,7 +1980,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
 
           issigned = 0;
 	  get_validity_counts(pk,uid);
-          mark_usable_uid_certs (kb, uidnode, main_kid, klist, 
+          mark_usable_uid_certs (kb, uidnode, main_kid, klist,
                                  curtime, next_expire);
         }
       else if (node->pkt->pkttype == PKT_SIGNATURE
@@ -1954,7 +1988,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
         {
 	  /* Note that we are only seeing unrevoked sigs here */
           PKT_signature *sig = node->pkt->pkt.signature;
-          
+
           kr = is_in_klist (klist, sig);
 	  /* If the trust_regexp does not match, it's as if the sig
              did not exist.  This is safe for non-trust sigs as well
@@ -2047,7 +2081,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
     {
       if (uid->help_full_count >= opt.completes_needed
 	  || uid->help_marginal_count >= opt.marginals_needed )
-        uidnode->flag |= 4; 
+        uidnode->flag |= 4;
       else if (uid->help_full_count || uid->help_marginal_count)
         uidnode->flag |= 2;
       uidnode->flag |= 1;
@@ -2070,7 +2104,7 @@ search_skipfnc (void *opaque, u32 *kid, PKT_user_id *dummy)
  * kllist.  The caller has to pass keydb handle so that we don't use
  * to create our own.  Returns either a key_array or NULL in case of
  * an error.  No results found are indicated by an empty array.
- * Caller hast to release the returned array.  
+ * Caller hast to release the returned array.
  */
 static struct key_array *
 validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
@@ -2081,11 +2115,11 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
   size_t nkeys, maxkeys;
   int rc;
   KEYDB_SEARCH_DESC desc;
-  
+
   maxkeys = 1000;
   keys = xmalloc ((maxkeys+1) * sizeof *keys);
   nkeys = 0;
-  
+
   rc = keydb_search_reset (hd);
   if (rc)
     {
@@ -2110,21 +2144,21 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
       xfree (keys);
       return NULL;
     }
-  
+
   desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
   do
     {
       PKT_public_key *pk;
-        
+
       rc = keydb_get_keyblock (hd, &keyblock);
-      if (rc) 
+      if (rc)
         {
           log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
           xfree (keys);
           return NULL;
         }
-      
-      if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY) 
+
+      if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
         {
           log_debug ("ooops: invalid pkttype %d encountered\n",
                      keyblock->pkt->pkttype);
@@ -2134,7 +2168,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
         }
 
       /* prepare the keyblock for further processing */
-      merge_keys_and_selfsig (keyblock); 
+      merge_keys_and_selfsig (keyblock);
       clear_kbnode_flags (keyblock);
       pk = keyblock->pkt->pkt.public_key;
       if (pk->has_expired || pk->is_revoked)
@@ -2171,9 +2205,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
 
       release_kbnode (keyblock);
       keyblock = NULL;
-    } 
+    }
   while ( !(rc = keydb_search (hd, &desc, 1)) );
-  if (rc && rc != -1) 
+  if (rc && rc != -1)
     {
       log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
       xfree (keys);
@@ -2182,7 +2216,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
 
   keys[nkeys].keyblock = NULL;
   return keys;
-} 
+}
 
 /* Caller must sync */
 static void
@@ -2192,7 +2226,7 @@ reset_trust_records(void)
   ulong recnum;
   int count = 0, nreset = 0;
 
-  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ ) 
+  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
     {
       if(rec.rectype==RECTYPE_TRUST)
 	{
@@ -2231,7 +2265,7 @@ reset_trust_records(void)
  * Step 2: loop max_cert_times
  * Step 3:   if OWNERTRUST of any key in klist is undefined
  *             ask user to assign ownertrust
- * Step 4:   Loop over all keys in the keyDB which are not marked seen 
+ * Step 4:   Loop over all keys in the keyDB which are not marked seen
  * Step 5:     if key is revoked or expired
  *                mark key as seen
  *                continue loop at Step 4
@@ -2243,7 +2277,7 @@ reset_trust_records(void)
  *             End Loop
  * Step 8:   Build a new klist from all fully trusted keys from step 6
  *           End Loop
- *         Ready  
+ *         Ready
  *
  */
 static int
@@ -2313,7 +2347,7 @@ validate_keys (int interactive)
       if ( pk->expiredate && pk->expiredate >= start_time
            && pk->expiredate < next_expire)
         next_expire = pk->expiredate;
-      
+
       release_kbnode (keyblock);
       do_sync ();
     }
@@ -2389,7 +2423,7 @@ validate_keys (int interactive)
       /* Find all keys which are signed by a key in kdlist */
       keys = validate_key_list (kdb, full_trust, klist,
 				start_time, &next_expire);
-      if (!keys) 
+      if (!keys)
         {
           log_error ("validate_key_list failed\n");
           rc = G10ERR_GENERAL;
@@ -2407,9 +2441,9 @@ validate_keys (int interactive)
           store_validation_status (depth, kar->keyblock, stored);
 
       log_info (_("depth: %d  valid: %3d  signed: %3d"
-                  "  trust: %d-, %dq, %dn, %dm, %df, %du\n"), 
+                  "  trust: %d-, %dq, %dn, %dm, %df, %du\n"),
                 depth, valids, key_count, ot_unknown, ot_undefined,
-                ot_never, ot_marginal, ot_full, ot_ultimate ); 
+                ot_never, ot_marginal, ot_full, ot_ultimate );
 
       /* Build a new kdlist from all fully valid keys in KEYS */
       if (klist != utk_list)
@@ -2471,10 +2505,10 @@ validate_keys (int interactive)
   if (!rc && !quit) /* mark trustDB as checked */
     {
       if (next_expire == 0xffffffff || next_expire < start_time )
-        tdbio_write_nextcheck (0); 
+        tdbio_write_nextcheck (0);
       else
         {
-          tdbio_write_nextcheck (next_expire); 
+          tdbio_write_nextcheck (next_expire);
           log_info (_("next trustdb check due at %s\n"),
                     strtimestamp (next_expire));
         }

[Message part 2 (application/pgp-signature, inline)]

Message #19 received at 735363@bugs.debian.org (full text, mbox, reply):

From: Werner Koch <wk@gnupg.org>

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Cc: 735363@bugs.debian.org, signing-party@packages.debian.org, gnupg-devel@gnupg.org

Subject: Re: gpg --trust-model=always sometimes fails with fatal error as of 1.4.16

Date: Wed, 15 Jan 2014 13:18:43 +0100

On Wed, 15 Jan 2014 05:11, dkg@fifthhorseman.net said:

> The change seems to be related to upstream's relatively recent change
> 2528178e7e2fac6454dd988121167305db7c71d9 (replicated below), which from
> the comment log appears to try to address the issue, but maybe missed a
> corner case.
>
> Werner, perhaps you can comment on this?

IIRC, I did this change to help popularity-contest.  It is quite
possible that missed a case.  I don't think that I can go after it this
week.  Thus I'd appreciate if someone could dig into it.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Message #30 received at 735363@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: GnuPG development <gnupg-devel@gnupg.org>

Cc: 735363@bugs.debian.org, Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Subject: [PATCH] init trustdb before trying to clear it

Date: Mon, 20 Jan 2014 22:15:21 -0500

This avoids failure when importing with --always-trust on gpg 1.4.16,
as reported in http://bugs.debian.org/735363
---
 g10/trustdb.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 0bf92e4..828b90f 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -927,6 +927,8 @@ clear_ownertrusts (PKT_public_key *pk)
   TRUSTREC rec;
   int rc;
 
+  init_trustdb();
+
   if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
     return 0;
 
-- 
1.8.5.2

Message #35 received at 735363@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Cc: GnuPG development <gnupg-devel@gnupg.org>, 735363@bugs.debian.org

Subject: Re: [PATCH] init trustdb before trying to clear it

Date: Tue, 28 Jan 2014 19:41:32 +0000

Control: tags -1 + patch

On Mon, Jan 20, 2014 at 10:15:21PM -0500, Daniel Kahn Gillmor wrote:
> This avoids failure when importing with --always-trust on gpg 1.4.16,
> as reported in http://bugs.debian.org/735363
> ---
>  g10/trustdb.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/g10/trustdb.c b/g10/trustdb.c
> index 0bf92e4..828b90f 100644
> --- a/g10/trustdb.c
> +++ b/g10/trustdb.c
> @@ -927,6 +927,8 @@ clear_ownertrusts (PKT_public_key *pk)
>    TRUSTREC rec;
>    int rc;
>  
> +  init_trustdb();
> +
>    if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
>      return 0;

I can confirm that this patch fixes the failures seen building
request-tracker4. However, I am not in a position to assert its
correctness - so it would be excellent if someone more familiar with
the code could do so! And if the package maintainer desires, I can 
help with an NMU.

Cheers,
Dominic.

Message #44 received at 735363@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: 735363@bugs.debian.org

Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Subject: Re: [PATCH] init trustdb before trying to clear it

Date: Sat, 15 Feb 2014 18:07:47 +0000

Control: severity -1 critical
Justification: makes unrelated software on the system break

On Tue, Jan 28, 2014 at 07:41:31PM +0000, Dominic Hargreaves wrote:
> Control: tags -1 + patch
> 
> On Mon, Jan 20, 2014 at 10:15:21PM -0500, Daniel Kahn Gillmor wrote:
> > This avoids failure when importing with --always-trust on gpg 1.4.16,
> > as reported in http://bugs.debian.org/735363
> > ---
> >  g10/trustdb.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/g10/trustdb.c b/g10/trustdb.c
> > index 0bf92e4..828b90f 100644
> > --- a/g10/trustdb.c
> > +++ b/g10/trustdb.c
> > @@ -927,6 +927,8 @@ clear_ownertrusts (PKT_public_key *pk)
> >    TRUSTREC rec;
> >    int rc;
> >  
> > +  init_trustdb();
> > +
> >    if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
> >      return 0;
> 
> I can confirm that this patch fixes the failures seen building
> request-tracker4. However, I am not in a position to assert its
> correctness - so it would be excellent if someone more familiar with
> the code could do so! And if the package maintainer desires, I can 
> help with an NMU.

On reflection, I'm upgrading the severity of this bug, since it's
blocking RC (FTBFS) bugs on multiple other packages.

Could someone familiar with gnupg's internals check Daniel's patch,
please (or Daniel do you feel confident to upload this without
further review?)

Thanks,
Dominic.

Message #51 received at 735363@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: Dominic Hargreaves <dom@earth.li>, 735363@bugs.debian.org

Subject: Re: [PATCH] init trustdb before trying to clear it

Date: Mon, 17 Feb 2014 13:43:42 -0500

[Message part 1 (text/plain, inline)]

On 02/15/2014 01:07 PM, Dominic Hargreaves wrote:
> Control: severity -1 critical
> Justification: makes unrelated software on the system break
 [...]
> On reflection, I'm upgrading the severity of this bug, since it's
> blocking RC (FTBFS) bugs on multiple other packages.

I think this is the right thing to do for #735363.  thanks for doing it,
Dominic.

> Could someone familiar with gnupg's internals check Daniel's patch,
> please (or Daniel do you feel confident to upload this without
> further review?)

I've been running with this patch since January 20th, and it works fine
for me.  I'm attaching the debdiff here.

I'm uploading it to DELAYED/2 now, in case the package maintainers want
to try to resolve this some other way.

	--dkg

[735363.debdiff (text/plain, inline)]

diff -Nru gnupg-1.4.16/debian/changelog gnupg-1.4.16/debian/changelog
--- gnupg-1.4.16/debian/changelog	2014-01-07 05:23:50.000000000 -0500
+++ gnupg-1.4.16/debian/changelog	2014-01-20 22:17:40.000000000 -0500
@@ -1,3 +1,10 @@
+gnupg (1.4.16-1.1) unstable; urgency=low
+
+  * Non-Maintainer Upload.
+  * Initialize trustdb before clearing it (Closes: #735363)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Mon, 20 Jan 2014 22:16:55 -0500
+
 gnupg (1.4.16-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru gnupg-1.4.16/debian/patches/init-trustdb-before-clearing.patch gnupg-1.4.16/debian/patches/init-trustdb-before-clearing.patch
--- gnupg-1.4.16/debian/patches/init-trustdb-before-clearing.patch	1969-12-31 19:00:00.000000000 -0500
+++ gnupg-1.4.16/debian/patches/init-trustdb-before-clearing.patch	2014-01-20 22:16:40.000000000 -0500
@@ -0,0 +1,22 @@
+commit 0807b8afd37720681a785ee396e349e0d2d3fc23
+Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date:   Mon Jan 20 22:12:38 2014 -0500
+
+    init trustdb before trying to clear it
+    
+    This avoids failure when importing with --always-trust on gpg 1.4.16,
+    as reported in http://bugs.debian.org/735363
+
+diff --git a/g10/trustdb.c b/g10/trustdb.c
+index 0bf92e4..828b90f 100644
+--- a/g10/trustdb.c
++++ b/g10/trustdb.c
+@@ -927,6 +927,8 @@ clear_ownertrusts (PKT_public_key *pk)
+   TRUSTREC rec;
+   int rc;
+ 
++  init_trustdb();
++
+   if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+     return 0;
+ 
diff -Nru gnupg-1.4.16/debian/patches/series gnupg-1.4.16/debian/patches/series
--- gnupg-1.4.16/debian/patches/series	2014-01-07 03:40:45.000000000 -0500
+++ gnupg-1.4.16/debian/patches/series	2014-01-20 22:16:52.000000000 -0500
@@ -0,0 +1 @@
+init-trustdb-before-clearing.patch

[signature.asc (application/pgp-signature, attachment)]

Message #56 received at 735363@bugs.debian.org (full text, mbox, reply):

From: "Thijs Kinkhorst" <thijs@debian.org>

To: "Daniel Kahn Gillmor" <dkg@fifthhorseman.net>, 735363@bugs.debian.org

Cc: "Dominic Hargreaves" <dom@earth.li>, wk@gnupg.org

Subject: Re: [Pkg-gnupg-maint] Bug#735363: [PATCH] init trustdb before trying to clear it

Date: Tue, 18 Feb 2014 09:47:58 +0100

On Mon, February 17, 2014 19:43, Daniel Kahn Gillmor wrote:
> On 02/15/2014 01:07 PM, Dominic Hargreaves wrote:
>> Control: severity -1 critical
>> Justification: makes unrelated software on the system break
>  [...]
>> On reflection, I'm upgrading the severity of this bug, since it's
>> blocking RC (FTBFS) bugs on multiple other packages.
>
> I think this is the right thing to do for #735363.  thanks for doing it,
> Dominic.
>
>> Could someone familiar with gnupg's internals check Daniel's patch,
>> please (or Daniel do you feel confident to upload this without
>> further review?)
>
> I've been running with this patch since January 20th, and it works fine
> for me.  I'm attaching the debdiff here.
>
> I'm uploading it to DELAYED/2 now, in case the package maintainers want
> to try to resolve this some other way.

I do not object against this upload but would like to know if Werner would
approve of the patch. Werner?


Cheers,
Thijs

Message #61 received at 735363@bugs.debian.org (full text, mbox, reply):

From: Werner Koch <wk@gnupg.org>

To: "Thijs Kinkhorst" <thijs@debian.org>

Cc: "Daniel Kahn Gillmor" <dkg@fifthhorseman.net>, 735363@bugs.debian.org, "Dominic Hargreaves" <dom@earth.li>

Subject: Re: [Pkg-gnupg-maint] Bug#735363: [PATCH] init trustdb before trying to clear it

Date: Tue, 18 Feb 2014 20:30:28 +0100

On Tue, 18 Feb 2014 09:47, thijs@debian.org said:

> I do not object against this upload but would like to know if Werner would
> approve of the patch. Werner?

The patch is quite obvious.  IIRC, it has also been posted to the BTS or
the ML.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Message #66 received at 735363-close@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: 735363-close@bugs.debian.org

Subject: Bug#735363: fixed in gnupg 1.4.16-1.1

Date: Wed, 19 Feb 2014 19:03:48 +0000

Source: gnupg
Source-Version: 1.4.16-1.1

We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 735363@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <dkg@fifthhorseman.net> (supplier of updated gnupg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jan 2014 22:16:55 -0500
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32
Architecture: source all amd64
Version: 1.4.16-1.1
Distribution: unstable
Urgency: low
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Description: 
 gnupg      - GNU privacy guard - a free PGP replacement
 gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
 gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
 gpgv       - GNU privacy guard - signature verification tool
 gpgv-udeb  - minimal signature verification tool (udeb)
 gpgv-win32 - GNU privacy guard - signature verification tool (win32 build)
Closes: 735363
Changes: 
 gnupg (1.4.16-1.1) unstable; urgency=low
 .
   * Non-Maintainer Upload.
   * Initialize trustdb before clearing it (Closes: #735363)
Checksums-Sha1: 
 f5a651eb550ad6c8ef350644a38c945275ba1ed7 2437 gnupg_1.4.16-1.1.dsc
 0903aa4b07fa513ee0a893cbac7d99b3b69b950c 28285 gnupg_1.4.16-1.1.debian.tar.gz
 e7916163e59944a27da86c9880b9c4d51b26982a 490426 gpgv-win32_1.4.16-1.1_all.deb
 50a6955b618897ee30a24d4c1d8560db8c4f3c33 1129014 gnupg_1.4.16-1.1_amd64.deb
 59a96fc8b9e63e437dba9efdc90f908ebba9c0b2 61652 gnupg-curl_1.4.16-1.1_amd64.deb
 1eb37bf284887e62750a495840c16a6c2e787cb9 202942 gpgv_1.4.16-1.1_amd64.deb
 dd138a16274d11b3d7b902956b8b8f04492a240b 354306 gnupg-udeb_1.4.16-1.1_amd64.udeb
 aa6900b5ef446ad842f94b6af1f695bec1fc1ece 131000 gpgv-udeb_1.4.16-1.1_amd64.udeb
Checksums-Sha256: 
 4f0b6cd90c96a5408914bd91ad0261503b37e5428173f700f9431b30a048906b 2437 gnupg_1.4.16-1.1.dsc
 19aae0aa591add4e9c1a6ea98e72879ff928fb1dfe8a636a8d8a64e4ff2fe19e 28285 gnupg_1.4.16-1.1.debian.tar.gz
 86734870607e0deccf8919a54392e00d2278fcbff0ca0ddc082ddb01ebbe2716 490426 gpgv-win32_1.4.16-1.1_all.deb
 261529273fab725d4aad0114b177d66b9abc86a6d7be79f020fe1c232d723abc 1129014 gnupg_1.4.16-1.1_amd64.deb
 0880763f2e037a52d072e69655de55c671d45816c0901203b0521bb7ef6523bc 61652 gnupg-curl_1.4.16-1.1_amd64.deb
 6a2408a9b1bc8a0a55d8d6e8c609a9a6c52ace02937947a4d4e8115710a3a25b 202942 gpgv_1.4.16-1.1_amd64.deb
 f23606129e34d8b57e3174654455a075bc9f5b0b5d587b2bf4c6135274bf0e6c 354306 gnupg-udeb_1.4.16-1.1_amd64.udeb
 ce9cb1ad1267b4b893da29357729f9aff0e51df15ad0fcf84f5ed935e99ab9a6 131000 gpgv-udeb_1.4.16-1.1_amd64.udeb
Files: 
 99674a7c0d8a12fdbbdb2f1b7f161b6b 2437 utils important gnupg_1.4.16-1.1.dsc
 06017b5d752c85d5c41e4c4dabcb303f 28285 utils important gnupg_1.4.16-1.1.debian.tar.gz
 55417a33e38fede03964f2986bf42dc9 490426 utils extra gpgv-win32_1.4.16-1.1_all.deb
 58ff396f606eeb197f953ceda01db2f7 1129014 utils important gnupg_1.4.16-1.1_amd64.deb
 400036e240838386c1c23c4e356abb47 61652 utils optional gnupg-curl_1.4.16-1.1_amd64.deb
 2511d3e8ca9cd53ad6dc5757bac38322 202942 utils important gpgv_1.4.16-1.1_amd64.deb
 2c0eb028d6d8b6a438c5a23c6ee723f8 354306 debian-installer extra gnupg-udeb_1.4.16-1.1_amd64.udeb
 6f087322c82795ce6650e5c5bf50d18e 131000 debian-installer extra gpgv-udeb_1.4.16-1.1_amd64.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJTAlgzXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcNxQQAIHC55Sjov8IB/erRoGQ4VsC
L+FJ/SpzOvzaDgQzw026cD440tqr4lBsHWl/gnqRwzl2F2CGx+Ylg0HIryJECJVJ
EZHizTh5xi0BCxp5/DINwVMO2IObCywQublXx46VmTM6KHStg0UujTGuSvDgmRcc
dw95LzeBz9aeKbzMro63VUG8d3H83LPg+0TVqF9YOjlZ8mGGNVWBO0Mww2DNZud6
B14ddOxj/M9HrBn8QTk2e5qypUVyj2iSE1jh0PJBPKQTpTyLfL9IlLpmRuSZrpnU
ux2pkHVk/fFyaiuKDcoKs4i6a+x3XPXnz56BKJVGYa0wq1Zgrv3B4cpzgihGqp7D
Q4TahPe3mYUux5Kv/rRfk/l9VX3395AdN8hlHmrko5crbnuo2fbMMN3vj3sqocJ2
uiXwhTlO+RECy9fACwGYc079/cvmcwV3y1t2ohEeOQWXAJKzEu9h3+5CIwDjRQlQ
iOyUdb2/zU33Rzdm5u3qj1Q7oeu02YJSSNg7puq+kNvpiS+Ri3P/WXuLOR7k9MvD
1l+CJ91Oqnk9lnDftwITTnBGHz7NORHqOApWsrEGioEzDLQd4l3hg71bC5f6U3Js
bDTrhvUoPtVYTAkTLKKdAxLYbXehmPOUlJ4Up4FfPyk7LXDaDJlCrXJivdPwn7hw
V/N3lS+6xT+havBm+XGn
=d+7O
-----END PGP SIGNATURE-----

Message #71 received at 735363@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: Werner Koch <wk@gnupg.org>

Cc: "Daniel Kahn Gillmor" <dkg@fifthhorseman.net>, 735363@bugs.debian.org, "Dominic Hargreaves" <dom@earth.li>

Subject: Re: [Pkg-gnupg-maint] Bug#735363: [PATCH] init trustdb before trying to clear it

Date: Sat, 22 Feb 2014 18:38:36 +0100

[Message part 1 (text/plain, inline)]

Op dinsdag 18 februari 2014 20:30:28 schreef Werner Koch:
> On Tue, 18 Feb 2014 09:47, thijs@debian.org said:
> > I do not object against this upload but would like to know if Werner
> > would approve of the patch. Werner?
> 
> The patch is quite obvious.  IIRC, it has also been posted to the BTS or
> the ML.

Yes, indeed. Just checking to be sure, as I'd rather only carry patches in 
Debian's GnuPG that will at some point be applied upstream.


Thanks,
Thijs

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.