gpg 2.0.27 is updating the trustdb constantly, and taking minutes to do it

Werner Koch wk at
Sat Mar 28 11:48:22 CET 2015

On Fri, 27 Mar 2015 17:07, jcea at said:

> My problem is that any change to the pubring, like downloading a new
> key, refreshing, adding a new local signature with "--lsign", etc., will
> force a trustdb update (in the next execution. For instance, decrypting

A new key signature may chnage rthe entire WoT thus it needs to be
re-computed.  I have


in my gpg.conf and 

  30   1 * * *   /usr/local/bin/gpg --batch --check-trustdb 2>/dev/null

in my crontab.  Thus tehre will be only one re-computation a day.

> As I said, my pubring.gpg is 34MB long. With gnupg 1.4.x it would take a
> few seconds only.

Which 1.4 version is this?

> PS: Bonus: how to get rid of
> """
> gpg: DBG: armor-keys-failed (KEY 0x010D6F3A BEGIN

Sorry for this.  It has already been fixed in the repo, see below.



--8<---------------cut here---------------start------------->8---
commit 936416690e6c889505d84fe96983a66983beae5e
Author: Werner Koch <wk at>
Date:   Thu Feb 26 09:38:58 2015 +0100

    gpg: Remove left-over debug message.
    * g10/armor.c (check_input): Remove log_debug.

	Modified   g10/armor.c
diff --git a/g10/armor.c b/g10/armor.c
index 6c0013d..de1726d 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -534,9 +534,6 @@ check_input( armor_filter_context_t *afx, IOBUF a )
             /* This is probably input from a keyserver helper and we
                have not yet seen an error line.  */
             afx->key_failed_code = parse_key_failed_line (line+4, len-4);
-            log_debug ("armor-keys-failed (%.*s) ->%d\n",
-                       (int)len, line,
-                       afx->key_failed_code);
 	if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) {
 	    hdr_line = i;
--8<---------------cut here---------------end--------------->8---

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list