sharing a keybox between 2.1.20 and 2.1.18 : "skipped packet of type 12 in keybox" (and a proposed patch for 2.1.18)

Daniel Kahn Gillmor dkg at
Sat May 6 05:14:43 CEST 2017

Hi folks--

Revision a8895c99a7d0750132477d80cd66caaf3a709113 ("gpg: Revamp reading
and writing of ring trust packets.") introduces an important overhaul of
the keybox format by stashing ring trust information directly in the
keybox.  It was first released in 2.1.20.

Debian is likely to ship 2.1.18 in stretch (plus a bunch of bugfix
patches that i've cherry-picked from the development since 2.1.18).  In
debian experimental, i've got 2.1.20, and i plan to keep it up-to-date
with the latest upstream release.

What i've discovered is that if i use 2.1.20 on even a relatively small
keybox, and then i revert to 2.1.18, 2.1.18 spews out dozens of lines

    gpg: skipped packet of type 12 in keybox

(packet type 12 is the "trust packet")

While i don't think there's any explicit problem with 2.1.18 operating
on such a keybox, the warnings are definitely distracting and annoying.
Furthermore, there doesn't seem to be any way to clean these trust
packets from a keybox that has been updated from 2.1.20.

It's certainly possible that someone will briefly try out GnuPG 2.1.20
in the future and then revert back to debian stable (2.1.18); or that
they'll use the same homedir for two installations.  I want to make sure
that one system doesn't cause the other one to spew a lot to stderr.

So for debian, i'm currently aiming to apply the following patch to the
2.1.18 series to avoid seeing these warnings.  If anyone sees a problem
with this approach, or sees a better way to resolve this concern, please
let me know!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-gpg-Avoid-spurious-warnings-about-trust-packets.patch
Type: text/x-diff
Size: 1548 bytes
Desc: not available
URL: </pipermail/attachments/20170505/033afdad/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170505/033afdad/attachment.sig>

More information about the Gnupg-devel mailing list