small bugs and a small fix (1.4.1rc2 cvs)

Stephan Beyer s-beyer at gmx.net
Tue Feb 22 05:21:33 CET 2005 

Hi,

after switching to 1.4.0 I noticed some smaller bugs which have not been
fixed yet.



1) --sign-key

When signing a key with --sign-key, gpg asks `Really sign all user IDs?
(y/N)'. Type `n' and 1.4.0 prints the hint to select the uids, but
interprets `n' as a `No, I don't want to sign the key at all.' and exits.
1.2.x `returns' to the --edit-key-Command-prompt instead.

I took a look over the source and *thought* about possible solutions:
 a) In 1.4.0 the `sign_mode' variable is replaced by a preselected
    commands-list (first sign, then save). We could remove the "save"
    command, but that would lead to a very unintuitive usage: the user
    has to save and exit _manually_.
 b) Add the `sign_mode' variable (see 1.2.x) and everything would be
    as nice as in good old times again...
 c) Remove --sign-key at all and tell the user to use something like
     --edit-key uid N sign save
 d) Add a function which iterates over the user IDs and asks whether the
    user wants to sign it.

Well, I disliked a and c. And although d is less interactive than b, it's
more intuitive. So I wrote a small patch for the current HEAD cvs(1.4.1rc2),
downloadable at:
        http://noxa.de/~sbeyer/tmp/gnupg--sign-key.diff
        http://noxa.de/~sbeyer/tmp/gnupg--sign-key.diff.sig
( cd gnupgsourcedir && patch -p1 < ../gnupg--sign-key.diff )

What do you think about it?
The patch introduces choose_uids() in keyedit.c. I disliked the `keyword'
stuff, because I do not really know what it is used for, so I didn't test,
whether I implemented it in a useful way.



2) --keyserver x-hkp://keyserver.kjsl.com:80 --search-key xxx

This (see keyserver above) is the only patched PKS keyserver I know, which
is running on port 80. That means, I can (and do) use it behind a firewall
that dislikes accessing, for example, SKS servers on port 11371.
--search on this server was no problem until I upgraded to GnuPG 1.4.0.

`Funny' is, that I tried to fix the problem, but got banned from the
keyserver after some trial&error. I mailed Jason Harris (the owner?) and
explained what happened, but haven't got a reply yet.



not real bugs:

3) --delete-key name(s)

If <name> is matching on more than one key, I am only asked if the first
match should really be deleted. First, I didn't understand the `bug',
because I thought gpg behaves in another way:
 1. it expands the names list to all possible matches, removes duplicates,
etc
 2. it processes (--delete-key, --list-key) the expanded list, item by item
This means, I thought that --delete-key and --list-key work in an
equivalent way, except that the last operation is different (delete or
list)...

Then I took a look into the source / used the gdb debugger and was shocked,
because do_delete_key() in delkey.c and list_one() in keylist.c are totally
different. :\ I did not really try to fix it, because I could always use a
name which produces an exact match (fingerprint) and so it isn't a real
problem.



4) Be patient!

My first experience with GnuPG 1.4.0 was this: nothing happens at all. So I
kept my ~/.gnupg directory minimal: minimal secring, minimal pubring, no
trustdb - and it worked! Soon I noticed that it's the trustdb, which makes
gpg apparently do nothing (and according to `top' doing nothing eats almost
100% CPU). Of course, the same procedure as before: a look into the source
and I saw that it really does something.
keyring.c's keyring_rebuild_cache was the bad guy. I first thought that it
loops infinitely on my 14MB pubring (or 6MB pubring on another machine) -
maybe it generates a `ring list' and then iterates over it. But my first
thoughts weren't true. It's a usual loop, just a bit inefficient. So I
started gpg --check-trustdb and it finished after 19 minutes. Since then,
it came always to a fast end, luckily.

Why do I tell you that? It annoyed me... I thought that GnuPG 1.4. was
broken and I was the only one noticing that. Maybe it should tell the
people, that it rebuilds the cache / checks the trustdb and that this could
take a while... It does, but not outside the source ;)


Well, sorry for bad English. The only thing I did in the last 3 days was
sleeping, eating and scrolling over GnuPG source code ;) I hope it wasn't
worthless.

best regards,
Stephan Beyer

-- 
Stephan Beyer, 0xFCC5040F

Lassen Sie Ihren Gedanken freien Lauf... z.B. per FreeSMS
GMX bietet bis zu 100 FreeSMS/Monat: http://www.gmx.net/de/go/mail

More information about the Gnupg-devel mailing list