Rocco, et al -- ...and then Rocco Rutte said... % % Hi,
Hi! % % * David T-G [2002-06-06 00:22:02 CEST] wrote: % % > I had the same problem recently and we traced it to the ... % % Wow, just to be curious, your solution is? To not declare my default keyring in my list of keyrings, since gpg would find it and then be told to find it, thereby corrupting the trustdb it was holding and thus forcing the bad exit. It got a little hairier with the move to 1.0.7, because the only way to get gpg to put keys where I wanted them (the catch-all ring) was to do some reordering. One of these days I'll come up with a gpg wrapper that generates the gawdawful command line (because temp options files suck) that will be necessary to have all of the keyrings available and yet drop a key into a particular ring (like when I'm reading mutt-users and want received keys to drop right into the mutt ring), or perhaps only for receiving so maybe I'd turn off auto-receive and then force a get-key (but auto-receive is so convenient, and once the work is done for one case it's done for all, so ...), but for now I'm happy enough that they go into the catch-all ring again (even if new keys that *I* generate do, too!). So the relevant parts of my options file now look about like # # I want to know what ring show-keyring # # if you want keys to land anywhere else, you can't have a default no-default-keyring # # keyrings to use (in search order) ### dumps into first one found(??) keyring pubring.catch-all-keys.gpg secret-keyring secring.catch-all-keys.gpg keyring pubring.gpg secret-keyring secring.gpg keyring pubring.davidtg-old-keys.gpg secret-keyring secring.davidtg-old-keys.gpg ... keyring pubring.mutt.gpg secret-keyring secring.mutt.gpg keyring pubring.misclists.gpg secret-keyring secring.misclists.gpg # # new for 1.0.7 to get keys automatically like it always did in 1.0.6 keyserver-options auto-key-retrieve Note that I have to list my catch-all ring first, and then I have to list the "default" ring since I said no-default in order to get catch-all to be the "drop zone". It used to DWIM with no mention of the default ring (in fact, that was the source of the exit code problem, and so I pulled the spurious references and all was well) and catch-all at the bottom. Oh, yeah; the auto-key-retrieve bit isn't specific to rings but was a change in 1.0.7 and caused some troubles for folks on this list before. IMHO there were enough changes going on that this should have been 1.1.0 or some such; a *lot* of people happily upgraded to 1.0.7 and then found themselves seriously screwed up. Yeah, we all should have read every single line of the README and Changes files because obviously a quick gloss wasn't enough, but obviously we didn't. But I'm not part of the gnupg devel team, so I have no idea how or why they pick their numbers. % % I remember that discussion and the effects quite well, and % in my case it only happens with messages which have inline % instead of MIME-declared pgp signatures. I don't see any % reason why GnuPG should return another exit status. That certainly is odd. I have even less input on that than on my trustdb problem :-) but wish you luck. % % And, what is why I gave up thinking GnuPG is the reason is % the manpage: Well, maybe and maybe not. Have you checked your exit code? % % ,----[ gpg(1) ]- % | RETURN VALUE % | The program returns 0 if everything was fine, 1 if at % | least a signature was bad, and other error codes for fatal % | errors. % `- % % Mutt reports a non-verified signature if PGP's or GnuPG's % return code was non-zero. According to the manpage, at least % a signature has to bad to make this happen. But the % signatures are okay. Well, yes, but it says "at least a signature ...". In my case, the problem was the corrupted trustdb caused by a double-read of a secret ring (which I know I would never have found on my own!). It might be nice if mutt reported back gpg's exit code, but since '1' can mean many things it isn't a silver bullet. % % I already gave up on this issue, but maybe I'll spend some % time using check_pgp_traditional instead of a procmail rule. That works pretty well for me; I no longer have the procmail rule in place. I traded some private email with a fellow who was using it and I said "beware; it can cause problems" and he replied that he had never had any difficulties -- and then very soon after asked if I had jinxed him because he suddenly had two :-) % % Cheers, Rocco HTH & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
msg28656/pgp00000.pgp
Description: PGP signature
