I am using GnuPG 1.2.4 and everything seems to work fine as long as /usr/bin/gpg ist not setuid. The documentation suggests setting it to setuid: http://www.gnupg.org/(en)/documentation/faqs.html#q6.1 If I do a "chmod u+s /usr/bin/gpg" it completely stops working, none of the actions that I tried worked. For example: not setuid: $ /usr/bin/gpg --list-keys [output of all the keys] setuid: $ /usr/bin/gpg --list-keys gpg: can't open `/home/phil/.gnupg/pubring.gpg' gpg: keydb_search_first failed: file open error not setuid: $ /usr/bin/gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xC9C40C31 gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpgkeys: WARNING: this is an *experimental* HKP interface! gpg: key C9C40C31: duplicated user ID detected - merged gpg: key C9C40C31: "Justin R. Miller <incanus@codesorcery.net>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 setuid: $ /usr/bin/gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xC9C40C31 gpg: Ohhhh jeeee: ... this is a bug (exec.c:335:exec_write) secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 Aborted If needed, I can supply the exact error-messages for all the actions like --export and --import. I compiled the original 1.2.4 from gnupg.org and this version works just fine even when setuid so I guess the Gentoo-version is messed up. Reproducible: Always Steps to Reproduce: 1. chmod u+s /usr/bin/gpg 2. gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xC9C40C31 Actual Results: GnuPG is giving the error message: gpg: Ohhhh jeeee: ... this is a bug (exec.c:335:exec_write) secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 Aborted Expected Results: GnuPG should have received the key from the keyserver.
Does gnupg-1.2.6 fix this?
Yes, 1.2.6 fixes the problem. But still, the upstream 1.2.4 works perfectly so the Gentoo-ebuild does something wrong, doesn't it? I would like to understand this problem, so thanks for any explanation. Regards, Phil
I cannot see any significat ebuild difference between 1.2.4 and 1.2.6. Tavis want to make 1.2.6 stable? I think 1.2.6 should also have the "~ppc ~mips ~alpha ~hppa ~amd64 ~ia64 ~ppc64" KEYWORDS because version 1.2.4 does. Standard rules for version bump.
gnupg-1.2.6 was marked as stable in between