gabriel rosenkoetter on Thu, 27 Feb 2003 13:01:08 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] GnuPG 1.2.1 trustdb checks for every pubkey import?


On Thu, Feb 27, 2003 at 12:47:34AM -0500, David Shaw wrote:
> Try running "gpg --no-sig-cache --rebuild-keydb-caches".  It'll take a
> long time.  I suspect you have some uncached signatures and/or
> uncached Elgamal signatures (worse) on your keyring.

This ended in near catastrophe after processing the entire keyring:

gpg: 1428 keys checked (48768 signatures)
gpg: renaming `/home/gr/.gnupg/pubring.gpg.tmp' to `/home/gr/.gnupg/pubring.gpg' failed: No such file or directory
gpg: failed to rebuild keyring cache: file rename error
gpg --no-sig-cache --rebuild-keydb-caches  10351.18s user 2349.33s system 79% cpu 4:25:10.07 total

In that time, reading mail in mutt caused another key to be added
to the public keyring. I'm a little unclear on how that resulted
in this particular error, though clearly modifying a file that's
being processed *could* be bad news, it looks like gpg was producing
the new keyring in pubring.gpg.tmp... but that file doesn't exist
any more at all.

An attempt to sign a message at that time produced this error
message:

gpg: key 0CF9091A: secret key without public key - skipped
gpg: skipped `0x0CF9091A': secret key not available
gpg: signing failed: secret key not available

I was left with a 0-size pubring.gpg and an apparently sane
pubring.gpg~, which I've copied back to pubring.gpg after backing it
up.

How screwed am I now? Is there something I should be doing to verify
the structure of my pubring?

I'm going to restart the rebuild having removed auto-key-retrieve
from my .gnupg/gpg.conf's keyserver-options.

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgpHRdshU4AlF.pgp
Description: PGP signature