On 05.10.18 17:34, Daniel Kahn Gillmor wrote: > In some obscure cases (e.g. race conditions), gpg-agent dies and isn't > available when enigmail tries to ask gnupg to import a secret key. > Enigmail seems to believe that the secret key was successfully imported > in that case, even though gpg failed to import the secret parts of the > key. > > I ran into this with some older versions of GnuPG (e.g. the > heavily-patched GnuPG 2.1.18 in debian stretch) during the enigmail test > suite (enigmail version 2.0.8), which does a lot of rapid creation and > tear-down of GnuPG homedirs. > > To detect this properly, the GnuPG status output indicates the issue in > IMPORT_RES, by indicating a difference between sec_read and sec_imported > (see the documentation for IMPORT_RES in GnuPG's DETAILS file). > Enigmail doesn't appear to compare these values when it does an import. > > here's an example of this failure from the test suite during such a race > condition, showing sec_read=1 and sec_imported=0 (apparently GnuPG also > returns a non-zero error code, but enigmail ignores it): > [...] > gpg: error building skey array: No such file or directory > gpg: Total number processed: 1 > gpg: imported: 1 > gpg: secret keys read: 1 > [GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0 > > 2018-10-04 20:44:21.856 [DEBUG] errorHandling.jsm: importOk: key imported: > 65537E212DC19025AD38EDB2781617319CE311C4 > ------------- > > When enigmail attempts to actually import a key, it ought to notice if > the secret part of the subkey is not imported, and to raise that as an > error to the rest of the codebase, so that (a) the test suite can fail > earlier, and (b) the user is aware that something they might have been > expecting from the import didn't actually happen. > > Sorry that i don't have a specific patch to propose here yet, but i'm > happy to review if you want to propose a patch.
I fixed this on the 2.0 and master branches. -Patrick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
