Bug#706745: libgnupg-perl: verify() chokes when using "trust-model always"
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat May 4 07:49:48 UTC 2013
Package: libgnupg-perl
Version: 0.19-1
Severity: normal
When using "--trust-model always" arguments to gpg, no TRUST_* status
lines are emitted (stderr always gets "gpg: WARNING: Using untrusted
key!" under this --trust-model).
As a result, verify() from perl's GnuPG module chokes with:
Use of uninitialized value $cmd in pattern match (m//) at /usr/share/perl5/GnuPG.pm line 674, <GEN1> line 3.
protocol error: expected TRUST* at /usr/share/perl5/GnuPG.pm line 159
GnuPG::abort_gnupg('GnuPG=HASH(0xfd2c00)', 'protocol error: expected TRUST*') called at /usr/share/perl5/GnuPG.pm line 674
GnuPG::check_sig('GnuPG=HASH(0xfd2c00)') called at /usr/share/perl5/GnuPG.pm line 707
GnuPG::verify('GnuPG=HASH(0xfd2c00)', 'signature', 'test.txt.asc', 'file', 'test.txt') called at ./vfy.pl line 15
Rather than choking, I think it should acknowledge that there is no
trust information available.
Regards,
--dkg
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.8-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgnupg-perl depends on:
ii gnupg 1.4.12-7.1
ii perl 5.14.2-21
libgnupg-perl recommends no packages.
libgnupg-perl suggests no packages.
-- debconf-show failed
More information about the pkg-perl-maintainers
mailing list