Quantcast

sharing a keybox between 2.1.20 and 2.1.18 : "skipped packet of type 12 in keybox" (and a proposed patch for 2.1.18)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

sharing a keybox between 2.1.20 and 2.1.18 : "skipped packet of type 12 in keybox" (and a proposed patch for 2.1.18)

Daniel Kahn Gillmor-7
Hi folks--

Revision a8895c99a7d0750132477d80cd66caaf3a709113 ("gpg: Revamp reading
and writing of ring trust packets.") introduces an important overhaul of
the keybox format by stashing ring trust information directly in the
keybox.  It was first released in 2.1.20.

Debian is likely to ship 2.1.18 in stretch (plus a bunch of bugfix
patches that i've cherry-picked from the development since 2.1.18).  In
debian experimental, i've got 2.1.20, and i plan to keep it up-to-date
with the latest upstream release.

What i've discovered is that if i use 2.1.20 on even a relatively small
keybox, and then i revert to 2.1.18, 2.1.18 spews out dozens of lines
like:

    gpg: skipped packet of type 12 in keybox

(packet type 12 is the "trust packet")

While i don't think there's any explicit problem with 2.1.18 operating
on such a keybox, the warnings are definitely distracting and annoying.
Furthermore, there doesn't seem to be any way to clean these trust
packets from a keybox that has been updated from 2.1.20.

It's certainly possible that someone will briefly try out GnuPG 2.1.20
in the future and then revert back to debian stable (2.1.18); or that
they'll use the same homedir for two installations.  I want to make sure
that one system doesn't cause the other one to spew a lot to stderr.

So for debian, i'm currently aiming to apply the following patch to the
2.1.18 series to avoid seeing these warnings.  If anyone sees a problem
with this approach, or sees a better way to resolve this concern, please
let me know!

    --dkg


From 312ff538f0ebd2058f946e2dab0590d60b85ef62 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <[hidden email]>
Date: Fri, 5 May 2017 22:37:23 -0400
Subject: [PATCH] gpg: Avoid spurious warnings about trust packets.

* g10/keydb.c (parse_keyblock_image): Do not emit a warning when
skipping a trust packet.

--

2.1.20 and later store trust packets in the keybox.  If an older
version (like 2.1.18) ends up accessing a keybox that 2.1.20 or later
has used, it produces many spurious warnings like:

    gpg: skipped packet of type 12 in keybox

This is a temporary cleanup to avoid these specific warnings; it can
be dropped when moving to 2.1.20 or later.

Signed-off-by: Daniel Kahn Gillmor <[hidden email]>
Gbp-Pq: Topic avoid-spurious-warnings
---
 g10/keydb.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/g10/keydb.c b/g10/keydb.c
index aab90e380..81dd32ec9 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1205,8 +1205,9 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
         default:
           /* Note that can't allow ring trust packets here and some of
              the other GPG specific packets don't make sense either.  */
-          log_error ("skipped packet of type %d in keybox\n",
-                     (int)pkt->pkttype);
+          if (pkt->pkttype != PKT_RING_TRUST)
+            log_error ("skipped packet of type %d in keybox\n",
+                       (int)pkt->pkttype);
           free_packet(pkt);
           init_packet(pkt);
           continue;
--
2.11.0


_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: sharing a keybox between 2.1.20 and 2.1.18 : "skipped packet of type 12 in keybox" (and a proposed patch for 2.1.18)

Werner Koch
On Sat,  6 May 2017 05:14, [hidden email] said:

> Revision a8895c99a7d0750132477d80cd66caaf3a709113 ("gpg: Revamp reading
> and writing of ring trust packets.") introduces an important overhaul of
> the keybox format by stashing ring trust information directly in the
> keybox.  It was first released in 2.1.20.

Actually we always handled them in keyring files and that part of the
patch adds them to keybox files - where they are useless without the
other changes.

> So for debian, i'm currently aiming to apply the following patch to the
> 2.1.18 series to avoid seeing these warnings.  If anyone sees a problem
> with this approach, or sees a better way to resolve this concern, please

I see no problems.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

attachment0 (233 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: sharing a keybox between 2.1.20 and 2.1.18 : "skipped packet of type 12 in keybox" (and a proposed patch for 2.1.18)

Daniel Kahn Gillmor-7
On Mon 2017-05-08 12:37:58 +0200, Werner Koch wrote:

> On Sat,  6 May 2017 05:14, [hidden email] said:
>
>> Revision a8895c99a7d0750132477d80cd66caaf3a709113 ("gpg: Revamp reading
>> and writing of ring trust packets.") introduces an important overhaul of
>> the keybox format by stashing ring trust information directly in the
>> keybox.  It was first released in 2.1.20.
>
> Actually we always handled them in keyring files and that part of the
> patch adds them to keybox files - where they are useless without the
> other changes.
>
>> So for debian, i'm currently aiming to apply the following patch to the
>> 2.1.18 series to avoid seeing these warnings.  If anyone sees a problem
>> with this approach, or sees a better way to resolve this concern, please
>
> I see no problems.

Thanks for the review, Werner!

       --dkg

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Loading...