% make -Ctests/openpgp check XTESTS=shell.scm
...-M0LDGj % echo trust-model tofu+pgp >> gpg.conf
...-M0LDGj % gpg2 --quick-generate-key foo@example.org
gpg: keybox '/tmp/gpgscm-20170124T124733-run-tests-M0LDGj/pubring.kbx' created
gpg: /tmp/gpgscm-20170124T124733-run-tests-M0LDGj/trustdb.gpg: trustdb created
gpg: key C924BC641AB636D7 marked as ultimately trusted
gpg: directory '/tmp/gpgscm-20170124T124733-run-tests-M0LDGj/openpgp-revocs.d'
created
gpg: revocation certificate stored as
'/tmp/gpgscm-20170124T124733-run-tests-M0LDGj/openpgp-revocs.d/5EB62490879A1C2EE9CF7E38C924BC641AB636D7.rev'
...-M0LDGj % gpg2 --sign gpg.conf
...-M0LDGj % gpg2 --verify gpg.conf.gpg
gpg: Signature made Tue Jan 24 13:47:52 2017 CET
gpg: using RSA key 5EB62490879A1C2EE9CF7E38C924BC641AB636D7
gpg: please do a --check-trustdb
gpg: Good signature from "foo@example.org" [ultimate]
gpg: error updating TOFU database: NOT NULL constraint failed: signatures.binding
gpg: TOFU: error registering signature: General error
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5EB6 2490 879A 1C2E E9CF 7E38 C924 BC64 1AB6 36D7
Description
Description
Details
Details
- External Link
- https://lists.gnupg.org/pipermail/gnupg-users/2017-January/057498.html
- Version
- master
Related Objects
Related Objects
Event Timeline
Comment Actions
The underlying problem is that bindings for ultimately trusted keys were not
registered with the TOFU data.
Comment Actions
So I believe that if we have a test that demonstrates this problem, then it is
safe to set the status to resolved.