[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#316581: project: db.debian.org not accepting key in keyring

Package: project

 (Proposed solution at the end)

 I've been trying to update/change/add some information via the Mail
 Gateway to the developer's database.  Each time I get an error message
 from the gateway telling me that the key wasn't found.  The error
 message does not specify _which_ key wasn't found.  That alone is a
 bug, since it's a bad error message and is leaving the user with less
 information than before.

 Reading thru
 I guess that the function (method?) GPGCheckSig(Message) is doing
 something wrong.  From what I can understand:

       Res = GPGWriteFilter(GPGPath,GPGSigOptions,Message);

 that's calling gpg with --no-options --batch --no-default-keyring
 --secret-keyring /dev/null --always-trust --status-fd 3 {some keyring}
 --output - as the only options and feeding it the message extracted
 from my mail.  Doing that locally I see:

gpg: Signature made Thu Jun 30 06:53:16 2005 CST using RSA key ID 8404D500
[GNUPG:] SIG_ID ignST9aX/c8PLWfzpa4lCVsKJh0 2005-06-30 1120135996
[GNUPG:] GOODSIG 7198A8208404D500 Marcelo E. Magallon <mmagallo@debian.org>
gpg: Good signature from "Marcelo E. Magallon <mmagallo@debian.org>"
[GNUPG:] VALIDSIG 9D44CA6C99DFB718AAEAF1687198A8208404D500 2005-06-30 1120135996 0 4 0 1 2 01 4389F70092A2044E83520EFE7A81833366468D05

 The fingerprint is the data that comes along with VALIDSIG.  From the

         # ValidSig has the key finger print
	 if Split[1] == "VALIDSIG":
	    KeyFinger = Split[2];

 So it's using 9D44CA6C99DFB718AAEAF1687198A8208404D500 as the
 fingerprint.  That's the fingerprint of the 8404D500 subkey.

 The morale is I can't use subkeys to talk to the mail gateway.  Doing

 $ gpg --clearsign -u '66468D05!' < zone | mail change@db.debian.org

 Solves my problem.

 As a _minimum_ to consider this bug addressed, this information should
 be added to the documentation ("The mailgateway does not support
 messages signed with subkeys, you have to use the primary key, like
 this ..."), but that doesn't fix it.

 A message signed with the primary key produces:

[GNUPG:] VALIDSIG 4389F70092A2044E83520EFE7A81833366468D05 2005-07-02 1120269865 0 4 0 17 2 01 4389F70092A2044E83520EFE7A81833366468D05

 My guess is that you want the _last_ item on that line (the primary
 key's fingerprint) and not the one right after VALIDSIG, since the LDAP
 gateway only contains the primary fingerprints.

 So... I've read my share of Python for this year, I guess that should
 up my karma back to zero or perhaps even a bit above it...



Reply to: