On Sun 2018-10-21 20:00:02 -0400, Joey Hess wrote:
> joey@darkstar:~/.impass>impass add
> Traceback (most recent call last):
> File "/usr/lib/python3/dist-packages/impass/db.py", line 105, in _decryptDB
> data, _, vfy = self._gpg.decrypt(f, verify=[k])
> File "/usr/lib/python3/dist-packages/gpg/core.py", line 454, in decrypt
> raise e
> File "/usr/lib/python3/dist-packages/gpg/core.py", line 452, in decrypt
> results=results)
> gpg.errors.MissingSignatures: E85A5F63B31D24C1EBF0D81CC910D9222512E3C7
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
> File "/usr/bin/impass", line 11, in <module>
> load_entry_point('impass==0.12', 'console_scripts', 'impass')()
> File "/usr/lib/python3/dist-packages/impass/__main__.py", line 594, in main
> func(args)
> File "/usr/lib/python3/dist-packages/impass/__main__.py", line 201, in add
> db = open_db(keyid, create=True)
> File "/usr/lib/python3/dist-packages/impass/__main__.py", line 51, in
> open_db
> db = Database(DBPATH, keyid)
> File "/usr/lib/python3/dist-packages/impass/db.py", line 57, in __init__
> cleardata = self._decryptDB(self._dbpath)
> File "/usr/lib/python3/dist-packages/impass/db.py", line 112, in _decryptDB
> data, _, _ = self._gpg.decrypt(try2, verify=False)
> File "/usr/lib/python3/dist-packages/gpg/core.py", line 431, in decrypt
> for s in verify_result.signatures):
> AttributeError: 'NoneType' object has no attribute 'signatures'
>
> E85A5F63B31D24C1EBF0D81CC910D9222512E3C7 is my gpg key, and the db is signed
> by a subkey of that key.
ugh, this is a mess of an error message.
> Apparently the problem is due to the warning; editing the key and
> setting it to ultimately trusted avoided the crash, but
>
> a) impass used to work despite that (it displated a red warning in the gui),
> and has for some reason stopped working due to a dependency upgrade,
> I think from python3-gpg 1.11.1-1 to 1.12.0-4
> b) this crash makes the problem nearly impossible to understand
right, i think the impass policy is supposed to be as documented in
impass(1):
SIGNATURES
During decryption, OpenPGP signatures on the db file are checked for
validity. If any of them are found to not be valid, a warning message
will be written to stderr.
Instead, we're seeing crashes here (and in #912092) due to some change
in gpgme, i think.
i think impass ought to have some tests that can ensure that flaws in
the signature checking just produce errors to stderr, instead of crashes
and backtraces.
--dkg
signature.asc
Description: PGP signature

