http://bugzilla.opensuse.org/show_bug.cgi?id=914625 --- Comment #3 from Neil Rickert --- Created attachment 620792 --> http://bugzilla.opensuse.org/attachment.cgi?id=620792&action=edit A transcript showing output similar to what was requested, but for gpg-2.1.0 For this attachment, I logged into an older factory install (snapshot 20150103) that I am not fully maintaining. I mounted the home directory from the broken system, and set GNUPGHOME in my environment to be sure that I was using the same gpg keyring as for the previous transcript. I show the output from similar commands. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=914625 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |CONFIRMED URL| |http://bugs.g10code.com/gnu | |pg/issue1793 Found By|--- |Community User Summary|gpg-2.1.1 is broken and |GnuPG (gpg2-2.1.1) invalid |unusable. This breaks |packet read error when |kdewallet (if gpg |reading keyrings |encryption is used) | --- Comment #5 from Andreas Stieger --- Hello, (In reply to Neil Rickert from comment #4)

The output shown in my first attachment (using gnupg-2.1.1) can only be described as broken and useless.

Thank you for providing the information. I have updated the bug summary to be more specific and to the technical point. The specific relevant message part:

gpg --list-keys suse gpg: keydb_search failed: Invalid packet gpg: Oops: keyid_from_fingerprint: no pubkey gpg: keydb_search failed: Invalid packet gpg: error reading key: Invalid packet

The issue is known upstream: http://bugs.g10code.com/gnupg/issue1793 Related?: http://bugs.g10code.com/gnupg/issue1816 Upstream commit claimed to introduce the regression: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=94a54425144e4... Legacy key packet parsing seems to be under active development (last 2d as of writing): http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=09e8f35d3808d... http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6f3d11d8837b0... A workaround mentioned is to import the public and secret keyrings into a new environment and copy the trust database as follows: mv .gnupg to .gnupg.old gpg --import .gnupg.old/pubring.gpg gpg --import .gnupg.old/secring.gpg cp .gnupg.old/trustdb.gpg .gnupg -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=914625 --- Comment #10 from Neil Rickert --- I have not yet done anything upstream. I did do some more testing. With 2.1.2: gpg --list-keys ### this works (lists the keys) gpg --list-keys suse ### this fails gpg --list-keys wk@gnupg.org ### this also fails, though there are no older legacy keys in my keyring for that address. It seems that I can list all keys, but cannot select particular keys. Opening kdewallet fails, presumably because it needs a particular key. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=914625 --- Comment #13 from Neil Rickert --- Werner Koch suggested a patch (for issue 1847) I'm not really setup for building a patched gpg at present. I guess I can download sources. But it will be a few days before I can find time. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=914625 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |IN_PROGRESS Flags| |needinfo?(nrickert@ameritec | |h.net) --- Comment #15 from Andreas Stieger --- Dear reporter, please test if packages with this patch applied resolve your issue: https://software.opensuse.org/download.html?project=home%3AAndreasStieger%3Abranches%3ABase%3ASystem&package=gpg2 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=914625 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #17 from Andreas Stieger --- (In reply to Neil Rickert from comment #16)

The latest patch does improve things. But there are still problems.

gpg --list-keys suse ### this now works gpg --list-keys rickert ### this now works.

Good, this will resolve this issue. Pushing to Base:System -> Factory -> Tumbleweed.

However, I still have failures with opening kdewallet:

--- Error when attempting to decrypt the wallet kdewallet using GPG. If you're using a SmartCard, please ensure it's inserted then try again.

GPG error was Decryption failed ---

My kdewallet encryption uses this key: pub dsa1024/46B1EFE1 1999-07-05 uid [ full ] Neil W Rickert sub elg2048/1F38684E 1999-07-05

As far as I know, that key should be fine. There are some pgp2 signatures on that key, and perhaps that causes the problem.

To me, this kdewallet problem is the main problem. When people upgrade from opensuse 13.2 to opensuse 13.3, some of them are going to find that they cannot access kdewallet.

Please report/clone this as a separate issue against KDE Factory / kde-maintainers to look into the kdewallet part. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=914625 http://bugzilla.opensuse.org/show_bug.cgi?id=914625#c19 René Krell changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |renda.krell@gmail.com Flags| |needinfo?(nrickert@ameritec | |h.net) --- Comment #19 from René Krell --- Hello Neil, did you get any response or is this problem solved for you upstream? I still get the "GPG error was Decryption failed" with kdewallet at the current Tumbleweed level 20150712. René -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=914625 http://bugzilla.opensuse.org/show_bug.cgi?id=914625#c20 Neil Rickert changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(nrickert@ameritec | |h.net) | --- Comment #20 from Neil Rickert --- Responding to comment 19: The last response was on March 3: "It might be related to a left overPGP-2 key in the trustdb. I need to investigate that closer." Since then, nothing. I've pretty much given up on this. I now have two keyrings ".gnupg.new" ".gnupg.old" I symlink to the old one in opensuse 13.2, and to the new one in Tumbleweed. It's pretty obvious that upstream doesn't want to do anything. And it is equally obvious that someone at opensuse agrees (and marks the bug as "resolved" when it isn't). The workaround is to rename ".gnupg" to ".gnupg.old", create a new, empty ".gnupg", and import the old keyring. That results in a new format keyring with none of the old pgp2 keys. I have linux Mint installed on one computer. That includes the latest gpg1 version, which can still handle pgp2 keys. I boot into to that if I want to look at my old web of trust. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=914625 http://bugzilla.opensuse.org/show_bug.cgi?id=914625#c22 --- Comment #22 from Andreas Stieger --- (In reply to Neil Rickert from comment #20)

It's pretty obvious that upstream doesn't want to do anything. And it is equally obvious that someone at opensuse agrees (and marks the bug as "resolved" when it isn't).

I set the bug as resolved-fixed after your positive feedback in comment #17, and I said so. Your feedback matches the bug summary and my understanding of the original issue. If you have evidence to the contrary on this very specific issue please reopen and provide information. You mentioned further problems which are still bothering you. However a bug tracker is not a helpdesk system. This is why I cut down the original issue to be clearly defined. And I asked you specifically to do this:

Please report/clone this as a separate issue against KDE Factory / kde-maintainers to look into the kdewallet part.

I am not aware of you having done that. This first bug is resolved, and acknowledge that multi-bug problem is not. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=914625 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |UPSTREAM -- You are receiving this mail because: You are on the CC list for the bug.