Hi, On Wed, 02 Sep 2015 at 22:20:03 +0200, Eduard Bloch wrote: > * Guilhem Moulin [Tue, Sep 01 2015, 10:43:19PM]: >> On Tue, 01 Sep 2015 at 22:11:23 +0200, Eduard Bloch wrote: > But I saw no trustdb check when caff is working...
caff doesn't create a trust database because it doesn't rely on the WoT or any other trust model. All calls to gpg have the --trust-model=always option. The --no-auto-check-trustdb flag is merely added to prevent gpg from emitting a warning. > This makes me wonder, I see --no-auto-check-trustdb in your gpg options... > maybe this is the > key? It needs to update trustdb prior to migration but it's forbidden. Then this should be forwarded to upstream GnuPG. --trust-model=always should skip any operation on the trust database, including trust value updates. Actually if gpg has never been called with another trust model on that $GNUPGHOME (which should be the case if you never call gpg manually on ‘~/.caff/gnupghome’) the trustdb shouldn't even been created. > So I hacked caff and removed the option but this did not change anything. > Maybe it's not allowed together with --batch? I don't know. No it's not. > Anyhow, after little RTFM, I think that a possible workaround for this > problem in caff should be calling this always when caff starts: > gpg2 --batch --check-trustdb --homedir ... > It shouldn't do anything if no update is needed. I checked that: > restored broken dir, reproduced mentioned problem, called the command, > watched the update finished, called caff again, and it worked just fine. Yes it does something: if a there was no ‘~/.caff/gnupghome/trustdb.gpg’ file then it is created. IMHO it's a quite ugly hack to involve a trust database operation since caff has never relied on a trust model. I'll rather forward the issue to GnuPG. Your test shows that gpg2 is able to perform the keyring migration (with --trust-model=always) on a fresh ‘~/.caff/gnupghome’, ie, when no trust database exists. So this should only be an issue if you have been fiddling around with ‘gpg --homedir ~/.caff/gnupghome’ manually, right? Cheers, -- Guilhem.
signature.asc
Description: Digital signature