Description of problem: It seems that if user adam create project foo and user bob create project foo, then they share the same gpg key. See https://copr-be.cloud.fedoraproject.org/results/nb/keepassx/pubkey.gpg https://copr-be.cloud.fedoraproject.org/results/nielsenb/keepassx/pubkey.gpg Both are binary equivalent and both are for user "nielsenb_keepassx (None) <nielsenb#keepassx.org>" Version-Release number of selected component (if applicable): Copr as of today How reproducible: Steps to Reproduce: 1. create project adam/foo 2. wait few minutes till the gpg is created 3. create project bob/foo Actual results: gpg keys are same Expected results: gpg keys are not same Additional info:
Notes for myself: The code reside on keygen in files: keygen/src/copr_keygen/logic.py in functions user_exists() and create_new_key() The interresting parts of log are on debug level. Se we should enable debug on dev instance and reproduce it there.
I believe, this is the problem: [root@copr-keygen-dev gnupg][STG]# gpg2 --homedir . --list-keys frostyx#libreoffice.org gpg: WARNING: unsafe ownership on homedir '.' pub rsa2048/EBD2355E 2016-04-27 [SCEA] [expires: 2021-04-26] uid [ultimate] frostyx_libreoffice (None) <frostyx#libreoffice.org> [root@copr-keygen-dev gnupg][STG]# gpg2 --homedir . --list-keys rostyx#libreoffice.org gpg: WARNING: unsafe ownership on homedir '.' pub rsa2048/EBD2355E 2016-04-27 [SCEA] [expires: 2021-04-26] uid [ultimate] frostyx_libreoffice (None) <frostyx#libreoffice.org> For 'rostyx#libreoffice.org', it finds a key of frostyx#libreoffice.org. It works similarly e.g. for gpg2 --export rostyx#libreoffice.org. It will export the key for user frostyx (and project libreoffice).
For exact matching, left and right angle brackets are needed around "email" (e.g. gpg2 --list-keys <email>). This has been missed in keygen/src/copr_keygen/logic.py.
Fixed in commit c485d9c
Package including this fix has been deployed on production instance of Copr.