1359521 – Crash on GPG key import because of gpgme

Bug 1359521 - Crash on GPG key import because of gpgme

Summary: Crash on GPG key import because of gpgme

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gnupg2
Sub Component:
Version:	25
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Igor Gnatenko
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (6):	1360476 1360642 1361787 1361807 1361866 1386356 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-07-24 16:29 UTC by Egor Zakharov
Modified:	2016-10-18 18:29 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-28 23:53:10 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Egor Zakharov 2016-07-24 16:29:27 UTC

Description of problem:
dnf crashes on GPG key import with gpgme reporting "General error".

Version-Release number of selected component (if applicable):
1.1.9-2.fc24

How reproducible:
Unknown

Steps to Reproduce:
1. Remove one of the repository GPG signing keys from rpm keyring or use repository which key was'nt imported yet.
2. Try to install/update something from repository, which key was'nt imported
3. Agree with importing this key

Actual results:
dnf crashes with gpgme reporting "General error"

Expected results:
dnf imports GPG key and continue installing/updating packages.

Additional info:

Traceback: << EOF
Importing GPG key 0x81B46521:
 Userid     : "Fedora (24) <fedora-24-primary>"
 Fingerprint: 5048 BDBB A5E7 76E5 47B0 9CCC 73BD E983 81B4 6521
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-24-x86_64
Is this ok [y/N]: y
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/dnf/repo.py", line 226, in perform
    return super(_Handle, self).perform(result)
  File "/usr/lib64/python3.5/site-packages/librepo/__init__.py", line 1506, in perform
    _librepo.Handle.perform(self, result)
librepo.LibrepoException: (25, 'repomd.xml GPG signature verification error: Bad GPG signature', 'Bad GPG signature')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/dnf/repo.py", line 592, in _handle_load
    return self._handle_load_with_pubring(handle)
  File "/usr/lib/python3.5/site-packages/dnf/repo.py", line 610, in _handle_load_with_pubring
    return self._handle_load_core(handle)
  File "/usr/lib/python3.5/site-packages/dnf/repo.py", line 603, in _handle_load_core
    result = handle.perform()
  File "/usr/lib/python3.5/site-packages/dnf/repo.py", line 230, in perform
    raise _DetailedLibrepoError(exc, source)
dnf.repo._DetailedLibrepoError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/bin/dnf", line 58, in <module>
    main.user_main(sys.argv[1:], exit_code=True)
  File "/usr/lib/python3.5/site-packages/dnf/cli/main.py", line 174, in user_main
    errcode = main(args)
  File "/usr/lib/python3.5/site-packages/dnf/cli/main.py", line 60, in main
    return _main(base, args)
  File "/usr/lib/python3.5/site-packages/dnf/cli/main.py", line 112, in _main
    cli.run()
  File "/usr/lib/python3.5/site-packages/dnf/cli/cli.py", line 1095, in run
    self._process_demands()
  File "/usr/lib/python3.5/site-packages/dnf/cli/cli.py", line 810, in _process_demands
    load_available_repos=lar)
  File "/usr/lib/python3.5/site-packages/dnf/base.py", line 239, in fill_sack
    self._add_repo_to_sack(r)
  File "/usr/lib/python3.5/site-packages/dnf/base.py", line 111, in _add_repo_to_sack
    repo.load()
  File "/usr/lib/python3.5/site-packages/dnf/repo.py", line 835, in load
    self._handle_load(handle)
  File "/usr/lib/python3.5/site-packages/dnf/repo.py", line 597, in _handle_load
    dnf.crypto.import_repo_keys(self)
  File "/usr/lib/python3.5/site-packages/dnf/crypto.py", line 62, in import_repo_keys
    make_ro_copy=False)
  File "/usr/lib/python3.5/site-packages/dnf/yum/misc.py", line 318, in import_key_to_pubring
    return True
  File "/usr/lib64/python3.5/contextlib.py", line 77, in __exit__
    self.gen.throw(type, value, traceback)
  File "/usr/lib/python3.5/site-packages/dnf/crypto.py", line 95, in pubring_dir
    yield
  File "/usr/lib/python3.5/site-packages/dnf/yum/misc.py", line 293, in import_key_to_pubring
    gpgme.editutil.edit_trust(ctx, k, gpgme.VALIDITY_ULTIMATE)
  File "/usr/lib64/python3.5/site-packages/gpgme/editutil.py", line 75, in wrapper
    ctx.edit(key, edit_callback, output)
gpgme.GpgmeError: (32, 1, 'General error')
EOF

Version of dnf and gpgme packages: << EOF
$ rpm -q dnf gpgme pygpgme gnupg2
dnf-1.1.9-2.fc24.noarch
gpgme-1.4.3-7.fc24.x86_64
pygpgme-0.3-15.fc24.x86_64
gnupg2-2.1.13-1.fc24.x86_64 
EOF

Comment 1 Igor Gnatenko 2016-07-24 16:40:08 UTC

https://bugs.gnupg.org/gnupg/issue2421

Comment 2 Igor Gnatenko 2016-07-24 20:52:45 UTC

Bisected...
ff71521d9698c7c5df94831a1398e948213af433 is the first bad commit
commit ff71521d9698c7c5df94831a1398e948213af433
Author: Werner Koch <wk>
Date:   Fri May 13 16:24:59 2016 +0200

    gpg: Emit new status line KEY_CONSIDERED.
    
    * common/status.h (STATUS_KEY_CONSIDERED): New.
    * g10/getkey.c: Include status.h.
    (LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
    (finish_lookup): Add arg R_FLAGS.  Count expired and revoked keys and
    set flag.  Check a requested usage before checking for expiraion or
    revocation.
    (print_status_key_considered): New.
    (lookup): Print new status.
    
    Signed-off-by: Werner Koch <wk>

:040000 040000 33853092f4376553defb24e39a31bdcbc13c51d2
7da8083e3f39b2fabfe0c3beab0b9f43a2a2cc32 M	common
:040000 040000 468469de2419e59efddd718b7b24d5a8cead3005
d2c77b1e1bbab29cd506b29dc359d44c841dbc99 M	doc
:040000 040000 044148a54b854a31a0f6ad6605a50a57cc46dfcd
e229f5d63dc27377a7fa1d50ff512a040a389f1f M	g10



Probably need to backport this to gpgme:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=315fb73d4a774e2c699ac1804f5377559b4d0027

Tried to backport it, but test-suite of pygpgme still fails. No idea what else to do.

As new version of gnupg2 already hit stable setting urgent prio.

Comment 3 Igor Gnatenko 2016-07-25 09:53:55 UTC

https://pagure.io/pygpgme/pull-request/1

but one test is still failing.

Comment 4 Fedora Update System 2016-07-25 11:15:31 UTC

gpgme-1.6.0-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-198d93bc53

Comment 5 Fedora Update System 2016-07-25 11:15:43 UTC

gpgme-1.6.0-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-198d93bc53

Comment 6 Fedora Update System 2016-07-25 11:47:24 UTC

gpgme-1.6.0-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-33b89975fe

Comment 7 Fedora Update System 2016-07-25 11:47:32 UTC

gpgme-1.6.0-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-33b89975fe

Comment 8 Egor Zakharov 2016-07-25 18:06:31 UTC

(In reply to Fedora Update System from comment #7)
> gpgme-1.6.0-3.fc23 has been submitted as an update to Fedora 23.
> https://bodhi.fedoraproject.org/updates/FEDORA-2016-33b89975fe

Quoting myself from bodhi comments:
>Checked for rhbz#1359521 by removing all keys from rpm. Now dnf imports GPG keys correctly, with this version of gpgme.

Comment 9 Jan Kurik 2016-07-26 04:20:46 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.

Comment 10 Igor Gnatenko 2016-07-27 05:49:52 UTC

*** Bug 1360476 has been marked as a duplicate of this bug. ***

Comment 11 Igor Gnatenko 2016-07-27 09:06:13 UTC

*** Bug 1360642 has been marked as a duplicate of this bug. ***

Comment 12 Fedora Update System 2016-07-28 04:19:19 UTC

gpgme-1.6.0-3.fc23, python-pygpgme-0.3-18.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-33b89975fe

Comment 13 Fedora Update System 2016-07-28 06:01:51 UTC

gpgme-1.6.0-3.fc24, python-pygpgme-0.3-18.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-198d93bc53

Comment 14 Fedora Update System 2016-07-28 23:53:04 UTC

gpgme-1.6.0-3.fc24, python-pygpgme-0.3-18.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 15 Igor Gnatenko 2016-07-30 12:52:41 UTC

*** Bug 1361787 has been marked as a duplicate of this bug. ***

Comment 16 Igor Gnatenko 2016-07-31 12:29:04 UTC

*** Bug 1361866 has been marked as a duplicate of this bug. ***

Comment 17 Michal Luscon 2016-08-01 11:59:52 UTC

*** Bug 1361807 has been marked as a duplicate of this bug. ***

Comment 18 Fedora Update System 2016-08-12 01:24:15 UTC

gpgme-1.6.0-3.fc23, python-pygpgme-0.3-18.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 19 Igor Gnatenko 2016-10-18 18:29:17 UTC

*** Bug 1386356 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.