[PATCH gpa] Load the secret keyring before the public one.

Damien Goutte-Gattat dgouttegattat at incenp.org
Mon Feb 19 10:59:46 CET 2018

* src/keylist.c (gpa_keylist_init): Forcefully load the secret
keyring before attempting to load the public keys.

Gpa loads the private keyring in a kind of "lazy mode", in that
the private keyring is only loaded the first time Gpa needs to
lookup a private key. This normally happens during the loading
of the public keyring, since for each public key Gpa must lookup
in the private keyring to check whether a private counterpart is

The result is that a Gpg process is spawn to list the secret keys
while another Gpg process is still listing the public keys. If
the trust model happens to be TOFU or TOFU+PGP, this can cause
some problems with regard to the locking of the TOFU database.

To avoid that, this patch makes sure the private keyring is
actively and synchronously loaded before we fetch the public keys
(no more lazy loading).

GnuPG-bug-id: 3748
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
 src/keylist.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/keylist.c b/src/keylist.c
index 442da08..2c8e7e8 100644
--- a/src/keylist.c
+++ b/src/keylist.c
@@ -231,7 +231,16 @@ gpa_keylist_init (GTypeInstance *instance, void *class_ptr)
-      /* Initialize from the global keytable.  */
+      /* Initialize from the global keytable.
+       *
+       * We must forcefully load the secret keytable first to
+       * prevent concurrent access to the TOFU database. */
+      gpa_keytable_force_reload (gpa_keytable_get_secret_instance (),
+                                 NULL, (GpaKeyTableEndFunc) gtk_main_quit,
+                                 NULL);
+      gtk_main ();
+      /* Now we can load the public keyring. */
       gpa_keytable_list_keys (gpa_keytable_get_public_instance(),
                               gpa_keylist_next, gpa_keylist_end, list);

More information about the Gnupg-devel mailing list