cloud-init
cloud-init copied to clipboard
canonical
Integration tests fail for gpg 2.4.4
Bug report
When running integration tests on Ubuntu 24.04 images containing gpg 2.4.4 (up from 2.2.40 on previous releases), TestApt integrations tests:
- test_ppa_source
- test_signed_by
- test_key
- test_keyserver
All fail with assert TEST_PPA_KEY in self.get_keys(class_client).
Steps to reproduce the problem
Create a VM with gpg 2.4.4 (Ubuntu 24.04 dailies after 20240227 all cause it) and the following userdata:
#cloud-config
bootcmd:
- rm -f /etc/apt/sources.list /etc/apt/sources.list.d/ubuntu.sources
apt:
conf: |
APT {
Get {
Assume-Yes "true";
Fix-Broken "true";
}
}
primary:
- arches: [default]
uri: http://badarchive.ubuntu.com/ubuntu
security:
- arches: [default]
uri: http://badsecurity.ubuntu.com/ubuntu
sources_list: |
deb $MIRROR $RELEASE main restricted
deb-src $MIRROR $RELEASE main restricted
deb $PRIMARY $RELEASE universe restricted
deb-src $PRIMARY $RELEASE universe restricted
deb $SECURITY $RELEASE-security multiverse
deb-src $SECURITY $RELEASE-security multiverse
sources:
test_keyserver:
keyid: 110E21D8B0E2A1F0243AF6820856F197B892ACEA
keyserver: keyserver.ubuntu.com
source: "deb http://ppa.launchpad.net/canonical-kernel-team/ppa/ubuntu $RELEASE main"
test_ppa:
keyid: 441614D8
keyserver: keyserver.ubuntu.com
source: "ppa:simplestreams-dev/trunk"
test_signed_by:
keyid: A2EB2DEC0BD7519B7B38BE38376A290EC8068B11
keyserver: keyserver.ubuntu.com
source: "deb [signed-by=$KEY_FILE] http://ppa.launchpad.net/juju/stable/ubuntu $RELEASE main"
test_bad_key:
key: ""
source: "deb $MIRROR $RELEASE main"
test_key:
source: "deb http://ppa.launchpad.net/cloud-init-dev/test-archive/ubuntu $RELEASE main"
key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQINBFbZRUIBEAC+A0PIKYBP9kLC4hQtRrffRS11uLo8/BdtmOdrlW0hpPHzCfKnjR3tvSEI
lqPHG1QrrjAXKZDnZMRz+h/px7lUztvytGzHPSJd5ARUzAyjyRezUhoJ3VSCxrPqx62avuWf
RfoJaIeHfDehL5/dTVkyiWxfVZ369ZX6JN2AgLsQTeybTQ75+2z0xPrrhnGmgh6g0qTYcAaq
M5ONOGiqeSBX/Smjh6ALy5XkhUiFGLsI7Yluf6XSICY/x7gd6RAfgSIQrUTNMoS1sqhT4aot
+xvOfQy8ySkfAK4NddXql6E/+ZqTmBY/Lr0YklFBy8jGT+UysfiIznPMIwbmgq5Li7BtDDtX
b8Uyi4edPpjtextezfXYn4NVIpPL5dPZS/FXh4HpzyH0pYCfrH4QDGA7i52AGmhpiOFjJMo6
N33sdjZHOH/2Vyp+QZaQnsdUAi1N4M6c33tQbpIScn1SY+El8z5JDA4PBzkw8HpLCi1gGoa6
V4kfbWqXXbGAJFkLkP/vc4+pY9axOlmCkJg7xCPwhI75y1cONgovhz+BEXOzolh5KZuGbGbj
xe0wva5DLBeIg7EQFf+99pOS7Syby3Xpm6ZbswEFV0cllK4jf/QMjtfInxobuMoI0GV0bE5l
WlRtPCK5FnbHwxi0wPNzB/5fwzJ77r6HgPrR0OkT0lWmbUyoOQARAQABtC1MYXVuY2hwYWQg
UFBBIGZvciBjbG91ZCBpbml0IGRldmVsb3BtZW50IHRlYW2JAjgEEwECACIFAlbZRUICGwMG
CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAg9Bvvk0wTfHfcP/REK5N2s1JYc69qEa9ZN
o6oi+A7l6AYw+ZY88O5TJe7F9otv5VXCIKSUT0Vsepjgf0mtXAgf/sb2lsJn/jp7tzgov3YH
vSrkTkRydz8xcA87gwQKePuvTLxQpftF4flrBxgSueIn5O/tPrBOxLz7EVYBc78SKg9aj9L2
yUp+YuNevlwfZCTYeBb9r3FHaab2HcgkwqYch66+nKYfwiLuQ9NzXXm0Wn0JcEQ6pWvJscbj
C9BdawWovfvMK5/YLfI6Btm7F4mIpQBdhSOUp/YXKmdvHpmwxMCN2QhqYK49SM7qE9aUDbJL
arppSEBtlCLWhRBZYLTUna+BkuQ1bHz4St++XTR49Qd7vDERALpApDjB2dxPfMiBzCMwQQyq
uy13exU8o2ETLg+dZSLfDTzrBNsBFmXlw8WW17nTISYdKeGKL+QdlUjpzdwUMMzHhAO8SmMH
zjeSlDSRMXBJFAFSbCl7EwmMKa3yVX0zInT91fNllZ3iatAmtVdqVH/BFQfTIMH2ET7A8WzJ
ZzVSuMRhqoKdr5AMcHuJGPUoVkVJHQA+NNvEiXSysF3faL7jmKapmUwrhpYYX2H8pf+VMu2e
cLflKTI28dl+ZQ4Pl/aVsxrti/pzhdYy05Sn5ddtySyIkvo8L1cU5MWpbvSlFPkTstBUDLBf
pb0uBy+g0oxJQg15
=uy53
-----END PGP PUBLIC KEY BLOCK-----
test_write:
keyid: A2EB2DEC0BD7519B7B38BE38376A290EC8068B11
keyserver: keyserver.ubuntu.com
source: "deb [signed-by=$KEY_FILE] http://ppa.launchpad.net/juju/stable/ubuntu $RELEASE main"
append: false
test_write.list:
keyid: A2EB2DEC0BD7519B7B38BE38376A290EC8068B11
keyserver: keyserver.ubuntu.com
source: "deb [signed-by=$KEY_FILE] http://ppa.launchpad.net/juju/devel/ubuntu $RELEASE main"
append: false
test_append:
keyid: A2EB2DEC0BD7519B7B38BE38376A290EC8068B11
keyserver: keyserver.ubuntu.com
source: "deb [signed-by=$KEY_FILE] http://ppa.launchpad.net/juju/stable/ubuntu $RELEASE main"
test_append.list:
keyid: A2EB2DEC0BD7519B7B38BE38376A290EC8068B11
keyserver: keyserver.ubuntu.com
source: "deb [signed-by=$KEY_FILE] http://ppa.launchpad.net/juju/devel/ubuntu $RELEASE main"
apt_pipelining: os
SSH into the VM and run:
$ gpg --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/test_keyserver.gpg
This returns no output. On earlier versions of gpg we would see the key printed, e.g.
$ gpg --with-fingerprint --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/test_keyserver.gpg
/etc/apt/trusted.gpg.d/test_keyserver.gpg
-----------------------------------------
pub rsa1024 2010-12-01 [SC]
110E 21D8 B0E2 A1F0 243A F682 0856 F197 B892 ACEArr
uid [ unknown] Launchpad PPA for Canonical Kernel Team
Environment details
- Cloud-init version: 24.1 [probably impacts earlier versions too but this is what I was testing with]
- Operating System Distribution: Ubuntu 24.04 later than 20240229
- Cloud provider, platform or installer type: GCE, AWS
Additional Details
The underlying issue appears to be related to gpg2 using keybox as the default format. When gpg is called for the first time it initializes ~/.gnupg including a config file that specifies the use of keybox. If I run rm .gnupg/common.conf and then rerun the list keys command, it works as it did in prior versions.
Confirmed with the following procedure on lxd noble images with builddate 20240220:
test script
#/bin/sh
set -ex
lxc launch ubuntu-daily:noble nn
lxc exec nn -- cat /etc/cloud/build.info
lxc exec nn -- dpkg -l gnupg
lxc exec nn -- gpg --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
lxc exec nn -- apt-get update
lxc exec nn -- apt install -y gnupg
echo Keys are listed without .gnupg/commons.conf use-keyboxd
lxc exec nn -- gpg --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
cat > common.conf <<EOF
use-keyboxd
EOF
echo Keys NOT listed when .gnupg/common.conf contains use-keyboxd
lxc file push common.conf nn/root/.gnupg/
lxc exec nn -- gpg --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
test output
+ lxc launch ubuntu-daily:noble nn
Creating nn
Starting nn
+ lxc exec nn -- cat /etc/cloud/build.info
build_name: server
serial: 20240220
+ lxc exec nn -- dpkg -l gnupg
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-=================-============-=============================>
ii gnupg 2.2.40-1.1ubuntu1 all GNU privacy guard - a free PG>
+ lxc exec nn -- gpg --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub rsa4096 2018-09-17 [SC]
F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>
+ lxc exec nn -- apt-get update -q
+ lxc exec nn -- apt install -y gnupg
Reading package lists... Done
...
Setting up gnupg (2.4.4-2ubuntu7) ...
+ echo Keys are listed without .gnupg/commons.conf use-keyboxd
Keys are listed without .gnupg/commons.conf use-keyboxd
+ lxc exec nn -- gpg --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub rsa4096 2018-09-17 [SC]
F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>
+ cat
+ echo Keys NOT listed when .gnupg/common.conf contains use-keyboxd
Keys NOT listed when .gnupg/common.conf contains use-keyboxd
+ lxc file push common.conf nn/root/.gnupg/
+ lxc exec nn -- gpg --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
debug-level 9 with use-keyboxd
root@nn:~# gpg --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg --debug-level 9
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust ipc clock lookup extprog
gpg: enabled compatibility flags:
gpg: DBG: [no clock] start
gpg: using pgp trust model
gpg: DBG: [no clock] keydb_new
gpg: DBG: chan_4 <- # Home: /root/.gnupg
gpg: DBG: chan_4 <- # Config: [none]
gpg: DBG: chan_4 <- OK Keyboxd 2.4.4 at your service
gpg: DBG: connection to the keyboxd established
gpg: DBG: chan_4 -> GETINFO version
gpg: DBG: chan_4 <- D 2.4.4
gpg: DBG: chan_4 <- OK
gpg: DBG: [no clock] keydb_search_reset
gpg: DBG: keydb_search_reset (hd=0x000055a2b802a100)
gpg: DBG: [no clock] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: FIRST
gpg: DBG: chan_4 -> SEARCH --openpgp
gpg: DBG: chan_4 <- ERR 134217755 Not found <Keybox>
gpg: DBG: [no clock] keydb_search leave (not found)
gpg: DBG: [no clock] keydb_release
gpg: DBG: [no clock] close_context (found)
gpg: DBG: chan_4 -> BYE
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/65536 bytes in 0 blocks
debug-level 9 without use-keyboxd
root@nn:~# gpg --with-fingerprint --list-keys --keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg --debug-level 9
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust ipc clock lookup extprog
gpg: enabled compatibility flags:
gpg: DBG: [no clock] start
gpg: using pgp trust model
gpg: DBG: [no clock] keydb_new
gpg: DBG: [no clock] keydb_search_reset
gpg: DBG: keydb_search_reset (hd=0x00005562905573d0)
gpg: DBG: [no clock] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: FIRST
gpg: DBG: internal_keydb_search: searching keybox (resource 0 of 2)
gpg: DBG: internal_keydb_search: searched keybox (resource 0 of 2) => EOF
gpg: DBG: internal_keydb_search: searching keyring (resource 1 of 2)
gpg: DBG: keyring_search: need_uid = 0; need_words = 0; need_keyid = 0; need_fpr = 0; any_skip = 0
gpg: DBG: fd_cache_open (/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg) not cached
gpg: DBG: iobuf-1.0: open '/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg' desc=file_filter(fd) fd=5
gpg: DBG: keyring_search: initializing offset table. (need_keyid: 0 => 1)
gpg: DBG: keyring_search: searching from start of resource.
gpg: DBG: iobuf-1.0: underflow: buffer size: 65536; still buffered: 0 => space for 65536 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (65536 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=0 (ok), read 1167 bytes
gpg: DBG: parse_packet(iob=1): type=6 length=525 (search.../../g10/keyring.c.1111)
gpg: DBG: keyring_search: packet starting at offset 0 matched descriptor 0
gpg: DBG: keyring_search: returning success
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=6
gpg: DBG: internal_keydb_search: searched keyring (resource 1 of 2) => Success
gpg: DBG: [no clock] keydb_search leave (found)
gpg: DBG: [no clock] keydb_get_keyblock enter
gpg: DBG: fd_cache_open (/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg) not cached
gpg: DBG: iobuf-2.0: open '/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg' desc=file_filter(fd) fd=6
gpg: DBG: iobuf-2.0: underflow: buffer size: 65536; still buffered: 0 => space for 65536 bytes
gpg: DBG: iobuf-2.0: underflow: A->FILTER (65536 bytes)
gpg: DBG: iobuf-2.0: A->FILTER() returned rc=0 (ok), read 1167 bytes
gpg: DBG: parse_packet(iob=2): type=6 length=525 (parse.../../g10/keyring.c.415)
gpg: DBG: parse_packet(iob=2): type=13 length=66 (parse.../../g10/keyring.c.415)
gpg: DBG: parse_packet(iob=2): type=2 length=568 (parse.../../g10/keyring.c.415)
gpg: DBG: iobuf-2.0: underflow: buffer size: 65536; still buffered: 0 => space for 65536 bytes
gpg: DBG: iobuf-2.0: underflow: A->FILTER (65536 bytes)
gpg: DBG: iobuf-2.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg: close fd/handle 6
gpg: DBG: fd_cache_close (/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg) new slot created
gpg: DBG: iobuf-2.0: close '?'
gpg: DBG: [no clock] keydb_get_keyblock leave
gpg: DBG: rsa_verify data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffff003051300d0609608648016503040203050004402c \
gpg: DBG: 7354448c83bceb4a5ebeda7c54e4be33b0f5714efad61f8c8c64a2ff5cf06e33 \
gpg: DBG: a16ffa1a20ba916fef5261a05796bec6dddad57e827dc9f9e0ece417857bc9
gpg: DBG: rsa_verify sig:+a4b6727c73ff959aa0239602b7f983a5076de38281ce43066d210ae1436565af \
gpg: DBG: e36eda19e8b708fb8bc340c62c25d977273976a13c9af8cc94e9a600a2a58f5b \
gpg: DBG: 868374d809b4168d63de32704f65b9058246685c9effe8207b6d6461b75b07ce \
gpg: DBG: 9b752d367e4980f03b027af10469ec345a665f58e908946deba1ab60d4713a1f \
gpg: DBG: 55b0716e1adc90de19b5e2ef9befe71bd9bf722a2973ae8bc11764c6a7c9df60 \
gpg: DBG: b2abed534b955a2090c6ec35b3886f8a6eeeaa08333840d960dcb1fba75e02ad \
gpg: DBG: 1c406dce25be885182c578790aac21c74592e558e473cf8f62bc4eaa58e924de \
gpg: DBG: f068746a9ac6d5157c64a6b2dca48ca67c95d5f00a9f87ccf5bca22f3400a2f0 \
gpg: DBG: b42d9f4c30cb2b012ff8e40bc2dc810a4928632c59f55f57510a23baffb8e664 \
gpg: DBG: 4a19b40a79de191ff12301b22efc85536b06e999c1f21d040d6fdb6f8b638c50 \
gpg: DBG: 2bcab85c2a11700f46fa9bf353d6155bb7119c36591a5d2ec0ec3bcfd3e44011 \
gpg: DBG: 792852a3583cf87c293e2baf98b46a68bc629e90605bf08ec403a529bcf82a03 \
gpg: DBG: f41d234b752013f4374e9141cb357d4680404b73e831b2e73911851e29192667 \
gpg: DBG: f9d1444fb3dd02310af38cbb05d638b7e5358dc488bc18f417607b2f044bef11 \
gpg: DBG: a94a920a8bf7a40172ecd75edbbc51da0af99460dec9569d46326545c6121dc7 \
gpg: DBG: a0859b77f11bc42335be6d7ab7bf62a2beb8e81c5e7cb5525c2d094ce5ad268f
gpg: DBG: rsa_verify n:+effc6c72b71fcb7125d8b8cd0cc0aa236c1c9ef35b341b59c4c7e973e95014a4 \
gpg: DBG: 85199db92a7570470be770ac64bf09e78bb808cf44b53c028c44fe38ef655a7c \
gpg: DBG: c4518458761d925a97199fe025f3f97777c8501b591d910997c07c9bda4c1dff \
gpg: DBG: c041076c0be6338b3486e6de4c867a2dc34e382d7b5d104931dade89cf4386ae \
gpg: DBG: 1fb9228c6a5fba598aae82bf5f41a216948a828c769ec44ba4587cdee897a1d2 \
gpg: DBG: 2c596b317b557e1fe28e937d8f766154655e442f2428742c2793e421b9afc418 \
gpg: DBG: 9487b48999f654c7421084d31a0c75df75900636d9e1cf335179bd45a8d2d256 \
gpg: DBG: 4ad2fcf9ec010ccc846d410e6d9539217ae2379b2977df16a3392d74504dea93 \
gpg: DBG: 2ec8d46dbaea47ab3f1823bc505ee37d48fa23bb5a2f2826b073bf243e23a4a4 \
gpg: DBG: 42d206e95017da889c8bbee7a9c77916a2a2f7b0dd0b865308f34f9f03b193be \
gpg: DBG: 83b1e2da6a565ce513a4da8d8bbe8df5b74293854b97b010c74bdba873c6c660 \
gpg: DBG: fe0799bd36c0adc3fe3ac24a46686fe24368e80c9dc8743fdd957f7f75fd993d \
gpg: DBG: ff48f2db25aba6920a7763377ab793de06ef99424fe637958d36e6a284d115ee \
gpg: DBG: 595bd5986f634171bbd05577f04d974af3bb1a77ac88a70764d7d920a0ef0139 \
gpg: DBG: c579305ee43fd9e4c3134bf41e51a7b64b998c6a300d99311d9412c5954ecdd6 \
gpg: DBG: 42455697fd61052e929ad80429c39449ad0e2867f39f89f5f22733f6ee8d37c1
gpg: DBG: rsa_verify e:+010001
gpg: DBG: rsa_verify cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG: ffffffffffffffffffffff003051300d0609608648016503040203050004402c \
gpg: DBG: 7354448c83bceb4a5ebeda7c54e4be33b0f5714efad61f8c8c64a2ff5cf06e33 \
gpg: DBG: a16ffa1a20ba916fef5261a05796bec6dddad57e827dc9f9e0ece417857bc9
gpg: DBG: rsa_verify => Good
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: [no clock] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: NEXT
gpg: DBG: internal_keydb_search: searching keyring (resource 1 of 2)
gpg: DBG: keyring_search: need_uid = 0; need_words = 0; need_keyid = 0; need_fpr = 0; any_skip = 0
gpg: DBG: keyring_search: initializing offset table. (need_keyid: 0 => 1)
gpg: DBG: keyring_search: not searching from start of resource.
gpg: DBG: iobuf-1.0: underflow: buffer size: 65536; still buffered: 0 => space for 65536 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (65536 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg: close fd/handle 5
gpg: DBG: fd_cache_close (/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg) new slot created
gpg: DBG: keyring_search: no matches (EOF)
gpg: DBG: internal_keydb_search: searched keyring (resource 1 of 2) => EOF
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub rsa4096 2018-09-17 [SC]
F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>
gpg: DBG: [no clock] keydb_search leave (not found)
gpg: DBG: [no clock] keydb_release
gpg: DBG: iobuf-1.0: close '?'
gpg: DBG: [no clock] stop
gpg: keydb: handles=1 locks=0 parse=0 get=1
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=1 found=1 not=1 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=1 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/65536 bytes in 0 blocks
OK I haven't played with keyboxd yet, it's a bit new and fancy (and IMO useless), but this seems to be documented in the gpg(1) manual page under the --keyring option:
Note that if the option use-keyboxd is enabled in ‘common.conf’, no keyrings are used at all and keys are all maintained by the keyboxd process in its own database.
I'm not sure this makes a whole lot of sense for your tests to use the host configuration; when doing stuff with gpg in a program, you should usually:
- setup a temporary directory to act as the home directory (GNUPGHOME)
- pass
--no-options --no-default-keyring --homedir $GNUPGHOMEto gpg, probably--no-auto-check-trustdb --trust-model alwaystoo - When done, run
gpgconf --kill allwithGNUPGHOMEset and then delete the directory
See apt-key for example or I believe livecd-rootfs too
gnupg2 patched in https://launchpad.net/ubuntu/+source/gnupg2/2.4.4-2ubuntu9 to no longer write common.conf on fresh installs. But please ensure your test suite doesn't rely on host config and home dirs.