1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1054989: Bug #1054989: various tests: gpg: WARNING: "--secret-keyri

    From Diederik de Haas@21:1/5 to Nicholas D Steeves on Fri Mar 21 13:40:03 2025
    --2c191e8b24386cf45d5afd73040ea6d1a8dddb461eb2abc63753adc18a34 Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain; charset=UTF-8

    On Sun Oct 29, 2023 at 1:31 AM CEST, Nicholas D Steeves wrote:
    Package: devscripts
    Version: 2.23.6
    Severity: normal

    While creating a local bpo of devscripts 2.23.6 I noticed many
    warnings like this:

    gpg: WARNING: "--secret-keyring" is an obsolete option - it has no effect

    in the build log. They are also visible on autobuilders

    I noticed these warnings in Salsa's CI too, so did a bit of digging.

    https://dev.gnupg.org/T2749 "gpg --secret-keyring is silently ignored"
    Caused the issue to no longer be *silently* ignored, hence the warning.

    Later in that bug report was a mention to the GnuPG 2.1 release notes: https://www.gnupg.org/download/release_notes.html#gnupg-2.1.0
    which is a massive list, but this page is more useful: https://www.gnupg.org/faq/whats-new-in-2.1.html and then especially: https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring

    Quoting some relevant parts:

    gpg used to keep the public key pairs in two files: pubring.gpg and
    secring.gpg. The only difference is that secring stored in addition to
    the public part also the private part of the key pair. The secret
    keyring thus contained only the keys for which a private key is
    available, that is the user’s key.

    The design of GnuPG-2 demands that only the gpg-agent has control over
    the private parts of the keys ...

    With GnuPG 2.1 this changed and gpg now also delegates all private key
    operations to the gpg-agent. Thus there is no more code in the gpg
    binary for handling private keys.

    The commit which now trigger that gpg warning was:
    e841bf5ba5b8 ("test_uscan_mangle: test signature")

    But unfortunately it doesn't describe what it intended to do with those
    test, which may be needed in order to (properly) rewrite that test code.

    I don't know how to fix it, but hopefully this additional info is still
    useful.

    Cheers,
    Diederik

    --2c191e8b24386cf45d5afd73040ea6d1a8dddb461eb2abc63753adc18a34
    Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZ91ZkgAKCRDXblvOeH7b bpzbAP9PqRypDu1dw3n5GP5z58wAfp+k5KJNeptIGfaRATEZeQEAr9ceNXWpqg05 uPP2wNmBRZmz3JeQ9zk+l3YI3TieLQQ=/fvg
    -----END PGP SIGNATURE-----

    --2c191e8b24386cf45d5afd73040ea6d1a8dddb461eb2abc63753adc18a34--

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)