Control: notfound 733028 0.9.9.1~ubuntu3 Control: found 733028 0.7.25.1 (The BTS doesn't like ubuntu versions so remove this – the found version is the one introducing support for multiple keyrings)
On Tue, Dec 24, 2013 at 01:28:43AM -0500, a k'wala wrote: > I asked about the "resource limit" message on the gnupg-users mailing > list... > http://www.mail-archive.com/gnupg-users@gnupg.org/msg23300.html > Based on Werner Koch's (the dev) answer... > http://www.mail-archive.com/gnupg-users@gnupg.org/msg23302.html > ...the secure apt related programs might be making gpg use more than the > maximum number of keyrings that it can handle. Thanks for asking upstream! I didn't know about a limit for gpg(v)'s --keyring option. To tell the truth, I didn't expect one and the documentation doesn't suggest a limit either… At least I "understand" now why gpg2 kills the usage of multiple --keyring options alltogether. *sign* The idea was to use apt-key less and so not requiring gnupg, but just basic file operations and gpgv. Looks like we are not going to win this uphill battle. So: "If you can't win against your enemy, make him your best friend." Back to the drawing board… > 2. > Deleting a key ('apt-key del <keyID>'), or removing a repository (e.g., > using Synaptic), removes the key from its keyring in > /etc/apt/trusted.gpg.d/ but leaves the empty keyring in the location. After > I removed the empty keyring files, the "resource limit" message did not > appear and 'apt-get update' did not complain about "NO_PUBKEY." So, once > GnuPG's maximum number of keyrings is reached, one has to manually remove > the empty keyring files, in addition to removing package repositories, in > order to avoid the "NO_PUBKEY" scenario. I did a bunch of changes to apt-key in 0.9.10, so at least this problem of empty keyrings pilling up in trusted.gpg.d shouldn't be one anymore; apt postinst isn't dealing with old cruft at the moment though. Best season's greetings David Kalnischkies
signature.asc
Description: Digital signature
