Control: found -1 1.1
> monkeysign is using by default the most recent private key on your keyring for
> the signature. It will be nice if instead it uses the one configured on the
> gnupg config file (~/.gnupg/gpg.conf) as 'default-key'.
I can confirm this, with:
$ grep -E '^default-key\s+' ~/.gnupg/gpg.conf
default-key BACE15D2A57498FF
An (edited) debug log follows:
$ monkeysign -l --no-mail -d 0xD83A438B2F916605
command: ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options',
'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire',
'--armor', '--status-fd', '2', '--quiet', '--batch', '--fixed-list-mode',
'--no-tty', '--with-colons', '--use-agent', '--export', '0xD83A438B2F916605']
ret: 0 stdout: -----BEGIN PGP PUBLIC KEY BLOCK-----
[...]
-----END PGP PUBLIC KEY BLOCK-----
stderr:
command: ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options',
'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire',
'--status-fd', '2', '--quiet', '--batch', '--fixed-list-mode', '--no-tty',
'--with-colons', '--use-agent', '--secret-keyring',
'/home/intrigeri/.gnupg/secring.gpg', '--homedir', '/tmp/pygpg-i9u3Ka',
'--import']
ret: 0 stdout: stderr: [GNUPG:] IMPORTED D83A438B2F916605
jenkins.tails.boum.org artifact signing key
[GNUPG:] IMPORT_OK 1 AA653423DBE108660B183B17D83A438B2F916605
[GNUPG:] IMPORT_RES 1 0 1 1 0 0 0 0 0 0 0 0 0 0
skipped: [GNUPG:] IMPORTED D83A438B2F916605 jenkins.tails.boum.org artifact
signing key
FOUND: [GNUPG:] IMPORT_OK 1 AA653423DBE108660B183B17D83A438B2F916605
FOUND: [GNUPG:] IMPORT_RES 1 0 1 1 0 0 0 0 0 0 0 0 0 0
command: ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options',
'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire',
'--armor', '--status-fd', '2', '--quiet', '--batch', '--fixed-list-mode',
'--no-tty', '--with-colons', '--use-agent', '--list-secret-keys']
ret: 0 stdout: [...]
stderr:
command: ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options',
'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire',
'--armor', '--status-fd', '2', '--quiet', '--batch', '--fixed-list-mode',
'--no-tty', '--with-colons', '--use-agent', '--export',
'4C1532AFC8EBE96487A5D041FCEAF355D9E2FFBE']
ret: 0 stdout: -----BEGIN PGP PUBLIC KEY BLOCK-----
[...]
-----END PGP PUBLIC KEY BLOCK-----
stderr:
command: ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options',
'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire',
'--status-fd', '2', '--quiet', '--batch', '--fixed-list-mode', '--no-tty',
'--with-colons', '--use-agent', '--secret-keyring',
'/home/intrigeri/.gnupg/secring.gpg', '--homedir', '/tmp/pygpg-i9u3Ka',
'--import']
ret: 0 stdout: stderr: [GNUPG:] KEYEXPIRED 1221394308
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] IMPORTED FCEAF355D9E2FFBE intrigeri <intrig...@boum.org>
[GNUPG:] IMPORT_OK 1 4C1532AFC8EBE96487A5D041FCEAF355D9E2FFBE
[GNUPG:] KEYEXPIRED 1221394308
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 0 0 0 0 0
skipped: [GNUPG:] KEYEXPIRED 1221394308
skipped: [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
skipped: [GNUPG:] IMPORTED FCEAF355D9E2FFBE intrigeri <intrig...@boum.org>
FOUND: [GNUPG:] IMPORT_OK 1 4C1532AFC8EBE96487A5D041FCEAF355D9E2FFBE
skipped: [GNUPG:] KEYEXPIRED 1221394308
skipped: [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
FOUND: [GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 0 0 0 0 0
Preparing to sign with this key
pub [unknown] 1024R/D9E2FFBE 1153053826 [expiry: 1221394308]
Fingerprint = 4C15 32AF C8EB E964 87A5 D041 FCEA F355 D9E2 FFBE
uid 1 [unknown] intrigeri <intrig...@boum.org>
uid 2 [unknown] intrigeri <intrig...@squat.net>
sub 4096R/385DCA3B 1153054003
command: ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options',
'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire',
'--status-fd', '2', '--quiet', '--batch', '--fixed-list-mode', '--no-tty',
'--with-colons', '--use-agent', '--secret-keyring',
'/home/intrigeri/.gnupg/secring.gpg', '--homedir', '/tmp/pygpg-i9u3Ka',
'--list-keys', '0xD83A438B2F916605']
ret: 0 stdout: tru::1:1381048669:0:3:1:5
pub:-:4096:1:D83A438B2F916605:1379943025:1474551025::-:::scSC:
fpr:::::::::AA653423DBE108660B183B17D83A438B2F916605:
uid:-::::1379943025::209D3934CD8D5772C4E78325E81F885AB7BD00FF::jenkins.tails.boum.org
artifact signing key:
stderr:
Signing the following key
pub [unknown] 4096R/2F916605 1379943025 [expiry: 1474551025]
Fingerprint = AA65 3423 DBE1 0866 0B18 3B17 D83A 438B 2F91 6605
uid 1 [unknown] jenkins.tails.boum.org artifact signing key
Sign all identities? [y/N] y
Really sign key? [y/N] y
command: ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options',
'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire',
'--status-fd', '2', '--quiet', '--batch', '--fixed-list-mode', '--no-tty',
'--with-colons', '--use-agent', '--secret-keyring',
'/home/intrigeri/.gnupg/secring.gpg', '--homedir', '/tmp/pygpg-i9u3Ka',
'--sign-key', 'AA653423DBE108660B183B17D83A438B2F916605']
SKIPPED: gpg: no default secret key: secret key not available
Traceback (most recent call last):
File "/usr/bin/monkeysign", line 41, in <module>
u.main()
File "/usr/lib/python2.7/dist-packages/monkeysign/cli.py", line 69, in main
self.sign_key()
File "/usr/lib/python2.7/dist-packages/monkeysign/ui.py", line 296, in
sign_key
if not self.tmpkeyring.sign_key(pattern, alluids):
File "/usr/lib/python2.7/dist-packages/monkeysign/gpg.py", line 504, in
sign_key
raise GpgRuntimeError(self.context.returncode, _('unable to open key for
editing: %s') % self.context.stderr.decode('utf-8'))
monkeysign.gpg.GpgRuntimeError: [Errno 0] unable to open key for editing:
zsh: exit 1 LC_ALL=C monkeysign -l --no-mail -d 0xD83A438B2F916605
Note that the snipped output does include my currently valid key,
that's specified as default-key.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
