gpg 2.0.27 is updating the trustdb constantly, and taking minutes to do it

Jesus Cea jcea at jcea.es
Fri Mar 27 17:07:44 CET 2015


I upgraded my GNUPG form 1.4.x to 2.0.27. I kept the configuration,
public and private keyrings. I have recreated the trustdb from scratch,
trying to solve this, with no success (using "--export-ownertrust").

My pubring.gpg is 34MB in size and I usually create local signatures via
--lsign".

My problem is that any change to the pubring, like downloading a new
key, refreshing, adding a new local signature with "--lsign", etc., will
force a trustdb update (in the next execution. For instance, decrypting
a private message). And that operation is VERY slow.

An example execution retrieving a new key from the keyservers:

"""
jcea at ubuntu:/tmp$ time gpg2 --recv-keys 010D6F3A
gpg: requesting key 010D6F3A from hkp server pgp.rediris.es
gpg: DBG: armor-keys-failed (KEY 0x010D6F3A BEGIN
) ->0
gpg: DBG: armor-keys-failed (KEY 0x010D6F3A END
) ->0
gpg: key 010D6F3A: public key "dirk astrath (mobile key)
<dirk.astrath at inovio.de>" imported
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:  21  signed:  96  trust: 0-, 0q, 0n, 0m, 0f, 21u
gpg: depth: 1  valid:  96  signed: 106  trust: 3-, 93q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2015-04-08
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

real	12m52.782s
user	9m27.720s
sys	1m43.040s
"""

13 minutes!!.

As I said, my pubring.gpg is 34MB long. With gnupg 1.4.x it would take a
few seconds only.

Doing a "strace" I can confirm gnupg reprocessing the entire pubring file.

Forcing a "trustdb" update takes ages too:

"""
jcea at ubuntu:/tmp$ time gpg2 --check-trustdb
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:  21  signed:  96  trust: 0-, 0q, 0n, 0m, 0f, 21u
gpg: depth: 1  valid:  96  signed: 106  trust: 3-, 93q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2015-04-08

real	2m39.769s
user	1m9.620s
sys	0m14.200s
"""

PS: Bonus: how to get rid of

"""
gpg: DBG: armor-keys-failed (KEY 0x010D6F3A BEGIN
) ->0
gpg: DBG: armor-keys-failed (KEY 0x010D6F3A END
) ->0
"""

-- 
Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
jcea at jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
jabber / xmpp:jcea at jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150327/bfa809a5/attachment-0001.sig>


More information about the Gnupg-users mailing list