GnuPG race causes misordered uids?
Marcus Brinkmann
Marcus.Brinkmann at ruhr-uni-bochum.de
Mon May 5 21:40:02 CEST 2003
On Mon, May 05, 2003 at 01:28:09PM -0400, David Shaw wrote:
> On Mon, May 05, 2003 at 06:16:52PM +0200, Marcus Brinkmann wrote:
> > On Mon, May 05, 2003 at 09:50:23AM -0400, David Shaw wrote:
> > > Just to make sure I understand the problem. Given a key with more
> > > than one uid, one of which is marked primary, if I do this:
> > >
> > > gpg --fixed-list-mode --with-fingerprint --with-colons --list-keys (thekey)
> > >
> > > over and over, sometimes the primary key is not first?
> >
> > I wish I could say that. I did only see it in GPGME, not from the command
> > line, although GPGME calls something like the above (it has
> > --with-fingerprint twice, and uses a status fd of course).
> >
> > > Is the primary uid marked primary (i.e. a primary subpacket is in the
> > > self-sig), or is the primary just the newest uid ?
> >
> > I don't know how to find that out.
>
> Can you point me towards the sample file that showed the problem?
Just compile gpgme from CVS, and then go into tests/gpg.
Then run the keylisting tests:
GNUPGHOME=. ./t-keylist
GNUPGHOME=. ./t-keylist-sig
I amnot sure if the way the keyring is generated even leads to a
deterministic order of user IDs. But when I had the order as is in the
file, and just run the test (without rebuilding the keyring and everything),
I saw the buggy behaviour.
> Hmm. The function that sorts uids doesn't actually get the system
> time - it just uses the timestamps inside the self-sigs. It's
> possible that you could get a given uid first, then after a while a
> different uid first (say, if the first uid expired or something), but
> if you get them to alternate, that's something strange.
Ok, I was thinking that it shouldn't use the system time anyway. So, there
is definitely something very strange going on. I will try harder to find a
reproducible test case, but it is not easy.
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus at gnu.org
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
Marcus.Brinkmann at ruhr-uni-bochum.de
http://www.marcus-brinkmann.de/
More information about the Gnupg-devel
mailing list