Efficent batch fetching with verification?

Peter Lebbing peter at digitalbrains.com
Fri Nov 3 12:50:06 CET 2017

On 03/11/17 06:20, Robin H. Johnson wrote:
> Presently, the code is effectively this:
> ...cat-list-of-fingerprints... | xargs gpg --recv
> This has the downside of causing many exec
I just tried this and a list of 1319 fingerprints caused one single call
to "gpg --recv FPR1 FPR2 FPR3 ... FPR1319". I don't understand why my
gpg is then doing trust database calculations every so many keys, so
what I ended up doing was:

$ cat list-of-fingerprints | xargs strace -ff -o gpgtrace -e
trace=process gpg --no-auto-check-trustdb --recv

And this ran happily until killed by me, fetching and updating keys,
with just a single execve, no spawns.

Anyway, I didn't look any further, but what is exec'ing much here then?
Which version of GnuPG are you using? I'm using the Debian stretch
provided 2.1.18 with a systemd supervised dirmngr. I can't readily think
of which process would be starting often here... am I completey
forgetting about something? :-)


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171103/9b627656/attachment.sig>

More information about the Gnupg-users mailing list