Page MenuHome GnuPG

GnuPG 2.1 migration fails due to permissions but appears to succeed
Closed, ResolvedPublic

Description

over in https://bugs.launchpad.net/bugs/1565963, we have a documented situation
where ~/.gnupg/private-keys-v1.d is not executable for the user, and as a
result, the migration process fails.

Even worse, it appears to succeed, because ~/.gnupg/.gpg-v21-migrated is created.

This means that subsequent use of GnuPG 2.1 simply can't find the secret keys,
even though they're available in ~/.gnupg/secring.gpg

Please see further discussion over here:

https://lists.gnupg.org/pipermail/gnupg-devel/2016-April/030977.html

Event Timeline

gpg-agent should fix the permission of private-keys-v1.d/.

The fix we have there has the problem that it forcefully changes the permissions. Consider the case that for example that group access was provided which will currently be reset with each start of gpg-agent.

That keeps the group permissions of an existing directory. Needs to be backported to 2.2

It should be possible to apply the patch rG7de9ed521e516879a72ec6ff6400aed4bdce5920
for 2.2 also to older 2.1 or 2.2 versions,

Thank you Werner for fixing this! We just came across the group permission issue in a multi-user environment and all we had to do was to upgrade to gnupg >=2.2.24.