Over on https://bugs.launchpad.net/bugs/1565963, Timo Aaltonen has found
a repeatable scenario where the secret keyring has not been successfully
migrated properly when switching over to gnupg 2.1:
It's a little unusual to have ~/.gnupg/private-keys-v1.d not be u+x, as
that would imply that the directory isn't listable. This is probably
causing problems for the gpg-agent.
When i test with this setup, i can verify that the migration doeesn't
happen properly, although .gpg-v21-migrated gets created anyway.
from a new user account, with gpg1 as 1.4.20 and gpg2 as 2.1.11, i ran
the following three commands:
Over on https:/ /bugs.launchpad .net/bugs/ 1565963, Timo Aaltonen has found
a repeatable scenario where the secret keyring has not been successfully
migrated properly when switching over to gnupg 2.1:
On Fri 2016-04-08 12:35:05 -0300, Timo Aaltonen <email address hidden> wrote: wilson: ~/.gnupg> ls -al
> :: tjaalton@
> total 1092
> drwx------ 3 tjaalton tjaalton 4096 huhti 8 18:21 .
> drwxr-xr-x 42 tjaalton tjaalton 4096 huhti 8 18:25 ..
> -rw------- 1 tjaalton tjaalton 8081 maali 20 2015 gpg.conf
> -rw-rw-r-- 1 tjaalton tjaalton 0 huhti 8 00:09 .gpg-v21-migrated
> drw------- 2 tjaalton tjaalton 4096 maali 20 2015 private-keys-v1.d
> -rw------- 1 tjaalton tjaalton 1669 maali 20 2015 public.key
> -rw------- 1 tjaalton tjaalton 517605 maali 20 2015 pubring.gpg
> -rw------- 1 tjaalton tjaalton 600 maali 17 22:44 random_seed
> -rw------- 1 tjaalton tjaalton 7322 maali 20 2015 secring.gpg
> srwxrwxr-x 1 tjaalton tjaalton 0 huhti 8 00:37 S.gpg-agent
> -rw------- 1 tjaalton tjaalton 4520 maali 20 2015 trustdb.gpg
>
> don't see anything wrong there
It's a little unusual to have ~/.gnupg/ private- keys-v1. d not be u+x, as
that would imply that the directory isn't listable. This is probably
causing problems for the gpg-agent.
When i test with this setup, i can verify that the migration doeesn't
happen properly, although .gpg-v21-migrated gets created anyway.
from a new user account, with gpg1 as 1.4.20 and gpg2 as 2.1.11, i ran
the following three commands:
gpg1 --gen-key private- keys-v1. d
mkdir -m 0600 ~/.gnupg/
gpg2 --list-secret-keys
The final command returns an error code of 2 and produces these messages
to the terminal:
gpg: starting migration from earlier GnuPG versions demouser/ .gnupg/ secring. gpg' to gpg-agent
gpg: porting secret keys from '/home/
gpg: key C93913FC/C93913FC: error sending to agent: Permission denied
gpg: error building skey array: Permission denied
gpg: migration succeeded
I have no idea how this directory got the u+x bit cleared, but maybe
that's something that either:
a) gpg-agent could clean up on its own, or
b) should cause gpg-agent to not create the .gpg-v21-migrated marker file
wdyt?
--dkg