Control: notfound 733028 0.9.9.1~ubuntu3
Control: found 733028 0.7.25.1
(The BTS doesn't like ubuntu versions so remove this – the found
version is the one introducing support for multiple keyrings)
On Tue, Dec 24, 2013 at 01:28:43AM -0500, a k'wala wrote:
> I asked about the "resource limit" message on the gnupg-users mailing
> list...
> http://www.mail-archive.com/gnupg-users@gnupg.org/msg23300.html
> Based on Werner Koch's (the dev) answer...
> http://www.mail-archive.com/gnupg-users@gnupg.org/msg23302.html
> ...the secure apt related programs might be making gpg use more than the
> maximum number of keyrings that it can handle.
Thanks for asking upstream!
I didn't know about a limit for gpg(v)'s --keyring option.
To tell the truth, I didn't expect one and the documentation doesn't
suggest a limit either…
At least I "understand" now why gpg2 kills the usage of multiple
--keyring options alltogether. *sign*
The idea was to use apt-key less and so not requiring gnupg,
but just basic file operations and gpgv.
Looks like we are not going to win this uphill battle.
So: "If you can't win against your enemy, make him your best friend."
Back to the drawing board…
> 2.
> Deleting a key ('apt-key del <keyID>'), or removing a repository (e.g.,
> using Synaptic), removes the key from its keyring in
> /etc/apt/trusted.gpg.d/ but leaves the empty keyring in the location. After
> I removed the empty keyring files, the "resource limit" message did not
> appear and 'apt-get update' did not complain about "NO_PUBKEY." So, once
> GnuPG's maximum number of keyrings is reached, one has to manually remove
> the empty keyring files, in addition to removing package repositories, in
> order to avoid the "NO_PUBKEY" scenario.
I did a bunch of changes to apt-key in 0.9.10, so at least this problem
of empty keyrings pilling up in trusted.gpg.d shouldn't be one anymore;
apt postinst isn't dealing with old cruft at the moment though.
Best season's greetings
David Kalnischkies
Attachment:
signature.asc
Description: Digital signature