Bug 196382

Summary: security/gnupg breaks keyring on 2.1.1
Product: Ports & Packages Reporter: Jens Grassel <freebsd-ports>
Component: Individual Port(s)Assignee: Adam Weinberger <adamw>
Status: Closed Overcome By Events    
Severity: Affects Only Me CC: al.aleemabdul, cbsadwords55, cordisus123, info, jenniferbauer143, martin, yusuf.mats
Priority: --- Flags: bugzilla: maintainer-feedback? (kuriyama)
Version: Latest   
Hardware: Any   
OS: Any   

Description Jens Grassel 2014-12-30 16:17:11 UTC
Hi,

I just upgraded to gnupg 2.1.1 from ports and it breaks. :-(
Upon every operation I get the following error message:

gpg: keydb_search failed: invalid packet

A downgrade to gnupg-2.1.0_1 fixed this for now. I tried this on two 10.1 boxes using gnupg from ports and got the same result.

If I delete my keydb, it works. But that doesn't seem such a great idea. ;)

Any ideas?
Comment 1 Bugzilla Automation freebsd_committer 2014-12-30 16:17:11 UTC
Auto-assigned to maintainer kuriyama@FreeBSD.org
Comment 2 Jens Grassel 2014-12-30 16:29:34 UTC
It seems that some of my keys are the problem.

I just exported my private keys using gpg 2.1.0, created a fresh keyring with gpg 2.1.1 and re-imported the private keys. That works so far. Maybe the keyring is just too old (I use gpg since 1998 ;-)).

I'll try to move the important keys that way.

Regards.
Comment 3 martin 2015-01-03 16:32:54 UTC
Same problem here.

On re-import of my keyring, I noticed that there are about 40 PGP-2 keys that haven't been imported. Maybe that's why the seamless migration does not work properly.

What I understand is, why does gnupg-2.1 ask for passphrases for each secret key? Import of secret keys always worked without such things.
Comment 4 Andriy Gapon freebsd_committer 2015-01-26 12:16:07 UTC
The following recipe is based on information found here:
- https://wiki.archlinux.org/index.php/GnuPG#.22Lost.22_Keys.2C_Uprading_to_gnupg_version_2.1
- http://jo-ke.name/wp/?p=111
- https://bugs.archlinux.org/task/43173

Please exercise caution!

$ gpg --export-ownertrust > otrust.txt
$ mv ~/.gnupg ~/.gnupg.old
$ mkdir ~/.gnupg
$ chmod 700 ~/.gnupg
$ gpg --import ~/.gnupg.old/pubring.gpg
$ gpg --import-ownertrust otrust.txt
$ gpg --import ~/.gnupg.old/secring.gpg
Comment 5 martin 2015-02-20 20:57:53 UTC
(In reply to Andriy Gapon from comment #4)

I've used a very similar method, after looking for hints on the web. Fact is no one expects a breakage caused by a minor update. Such a breakage should be announced with a big warning.

It would be even better when a new port "gnupg21" had been created in this case or at least, a pkg-message would appear with hints how to convert the keyring.

What I want to say is that I didn't like this change, because I have valuable things encrypted and it gave me a small shock. My first reaction was to look for backups, because I thought my keyring was broken.

Now everything is fine again, thanks.
Comment 6 Adam Weinberger freebsd_committer 2017-02-13 04:57:31 UTC
I'm not opposed to adding a pkg-message about this. Do any of you feel like producing some pkg-message text for this?
Comment 7 jenniferbauer 2017-03-09 14:12:03 UTC
I have the same kind of problem . Finally some of my friends tried to help me and fixed it. Hope this will be one of the post many of the people will get the answer for their doubts. For the best ERP in Dubai you can choose http://adeptsol.com/
Comment 8 Adam Weinberger freebsd_committer 2017-05-15 22:58:42 UTC
Jens, do you still see this error, especially after today's 2.1.21 update?
Comment 9 Jens Grassel 2017-05-16 15:34:45 UTC
(In reply to Adam Weinberger from comment #8)

Since I re-created my keyring as mentioned I haven't had any problems.

Regards
Comment 10 Adam Weinberger freebsd_committer 2017-05-16 15:37:36 UTC
Thanks, Jens. I'm going to close out this PR, and when gnupg 2.2 comes around I'll aim to include a more helpful message about the upgrade.
Comment 11 John Phill 2017-11-28 11:50:55 UTC
MARKED AS SPAM
Comment 12 John Diggle 2018-04-14 10:39:22 UTC
MARKED AS SPAM
Comment 13 Abdul 2018-08-21 09:47:45 UTC
MARKED AS SPAM
Comment 14 yomats 2018-12-18 08:33:48 UTC
MARKED AS SPAM
Comment 15 Brainsphere 2019-02-05 13:58:32 UTC
MARKED AS SPAM