keyring search regression in master

NIIBE Yutaka gniibe at fsij.org
Fri Nov 13 05:47:33 CET 2015


On 11/12/2015 04:54 PM, Werner Koch wrote:
> The real problem is that there are several error messages - one is
> sufficient to let gpg exit with a failure and git won't continue.  There
> are 2 different kinds of errors:
> 
>   gpg: Error: the key specification '0xE3FDFF218E45B72B' is ambiguous.
> 
> This is the keyid I specified on the command line.  Let's check it:
> 
>   $ ../g10/gpg2 -k 0xE3FDFF218E45B72B
>   [...]
>   gpg: Error: the key specification '1E42B367' is ambiguous.
>   gpg: (check argument of option '--encrypt-to')
>   gpg: error reading key block for '1E42B367': Unknown system error.
>   gpg: Warning: value '1E42B367' for --default-key should be a long keyid or a fingerprint.
>   gpg: Error: the key specification '1E42B367' is ambiguous.
>   gpg: (check argument of option '--default-key')
>   gpg: error reading key block for '1E42B367': Unknown system error.
>   gpg: please do a --check-trustdb
>   pub   ed25519/E3FDFF218E45B72B 2015-02-18 [expires: 2025-02-15]
>   uid                 [ultimate] Werner Koch (wheatstone commit signing)
>   
> (and -k shows the same result).
> What is the ambiguity here?
> 
> The other two error messages are identical one for --encrypt-to and one
> for --default-key:
> 
>   gpg: Error: the key specification '1E42B367' is ambiguous.
> 
> Let's check it:
> 
>   $ ../g10/gpg2 -k 1E42B367
>   [...]
>   gpg: Error: the key specification '1E42B367' is ambiguous.
>   gpg: (check argument of option '--encrypt-to')
>   gpg: error reading key block for '1E42B367': Unknown system error.
>   gpg: Warning: value '1E42B367' for --default-key should be a long keyid or a fingerprint.
>   gpg: Error: the key specification '1E42B367' is ambiguous.
>   gpg: (check argument of option '--default-key')
>   gpg: error reading key block for '1E42B367': Unknown system error.
>   gpg: please do a --check-trustdb
>   pub   dsa2048/F2AD85AC1E42B367 2007-12-31 [expires: 2018-12-31]
>   uid                 [ unknown] Werner Koch <wk at gnupg.org>
>   uid                 [ unknown] Werner Koch <wk at g10code.com>
>   uid                 [ unknown] Werner Koch <werner at eifzilla.de>
>   sub   dsa1024/4F0540D577F95F95 2011-11-02
>   sub   rsa2048/1E0FE11D664D7444 2014-01-02 [expires: 2016-12-31]
> 
> Also not ambiguous.

It is not reproducible here.  Reading the code, I can't find error
return path from keybox_search (if we assume the condition keybox data
is correct).

Any case, I think that the following would make sense; it should only
proceed on the success of keydb_search.  When it's other than success,
it's not ambiguous.

diff --git a/g10/gpg.c b/g10/gpg.c
index 36e6542..46a7fb9 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2196,8 +2196,7 @@ check_user_ids (strlist_t *sp,

       /* Continue the search.  */
       err = keydb_search (hd, &desc, 1, NULL);
-      if (! (gpg_err_code (err) == GPG_ERR_NOT_FOUND
-             || gpg_err_code (err) == GPG_ERR_EOF))
+      if (! err)
         {
           char fingerprint_bin2[MAX_FINGERPRINT_LEN];
           size_t fingerprint_bin2_len = sizeof (fingerprint_bin2);
-- 



More information about the Gnupg-devel mailing list