[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#316581: marked as done (project: db.debian.org not accepting key in keyring)

Your message dated Fri, 18 Jan 2008 14:20:24 +0930
with message-id <1200631824.12887.10.camel@chianamo>
and subject line samosa has been upgraded to etch
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: project

 (Proposed solution at the end)

 I've been trying to update/change/add some information via the Mail
 Gateway to the developer's database.  Each time I get an error message
 from the gateway telling me that the key wasn't found.  The error
 message does not specify _which_ key wasn't found.  That alone is a
 bug, since it's a bad error message and is leaving the user with less
 information than before.

 Reading thru
 I guess that the function (method?) GPGCheckSig(Message) is doing
 something wrong.  From what I can understand:

       Res = GPGWriteFilter(GPGPath,GPGSigOptions,Message);

 that's calling gpg with --no-options --batch --no-default-keyring
 --secret-keyring /dev/null --always-trust --status-fd 3 {some keyring}
 --output - as the only options and feeding it the message extracted
 from my mail.  Doing that locally I see:

gpg: Signature made Thu Jun 30 06:53:16 2005 CST using RSA key ID 8404D500
[GNUPG:] SIG_ID ignST9aX/c8PLWfzpa4lCVsKJh0 2005-06-30 1120135996
[GNUPG:] GOODSIG 7198A8208404D500 Marcelo E. Magallon <mmagallo@debian.org>
gpg: Good signature from "Marcelo E. Magallon <mmagallo@debian.org>"
[GNUPG:] VALIDSIG 9D44CA6C99DFB718AAEAF1687198A8208404D500 2005-06-30 1120135996 0 4 0 1 2 01 4389F70092A2044E83520EFE7A81833366468D05

 The fingerprint is the data that comes along with VALIDSIG.  From the

         # ValidSig has the key finger print
	 if Split[1] == "VALIDSIG":
	    KeyFinger = Split[2];

 So it's using 9D44CA6C99DFB718AAEAF1687198A8208404D500 as the
 fingerprint.  That's the fingerprint of the 8404D500 subkey.

 The morale is I can't use subkeys to talk to the mail gateway.  Doing

 $ gpg --clearsign -u '66468D05!' < zone | mail change@db.debian.org

 Solves my problem.

 As a _minimum_ to consider this bug addressed, this information should
 be added to the documentation ("The mailgateway does not support
 messages signed with subkeys, you have to use the primary key, like
 this ..."), but that doesn't fix it.

 A message signed with the primary key produces:

[GNUPG:] VALIDSIG 4389F70092A2044E83520EFE7A81833366468D05 2005-07-02 1120269865 0 4 0 17 2 01 4389F70092A2044E83520EFE7A81833366468D05

 My guess is that you want the _last_ item on that line (the primary
 key's fingerprint) and not the one right after VALIDSIG, since the LDAP
 gateway only contains the primary fingerprints.

 So... I've read my share of Python for this year, I guess that should
 up my karma back to zero or perhaps even a bit above it...



--- End Message ---
--- Begin Message ---
According to [1], samosa is now running etch, so this should no longer
be an issue. If it is still an issue, please open a ticket in RT[2].

     1. http://db.debian.org/machines.cgi
     2. http://wiki.debian.org/rt.debian.org



Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---

Reply to: