From: Daniel Kahn Gillmor Date: Mon, 15 Sep 2008 01:41:18 +0000 (-0400) Subject: documenting trouble with two keyring arrangement. X-Git-Tag: monkeysphere_0.16-1~41 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=86d072e02c75f1c0e84d4f5c51c2e034fa84de21;p=monkeysphere.git documenting trouble with two keyring arrangement. --- diff --git a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn new file mode 100644 index 0000000..65268c5 --- /dev/null +++ b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn @@ -0,0 +1,24 @@ +[[meta title="Problems with root-owned gpg keyrings"]] + +`/var/lib/monkeysphere/gnupg-host/` is root-owned, and the public +keyring in that directory is controlled by the superuser. + +We currently expect the `monkeysphere` user to read from (but not +write to) that keyring. But using a keyring in a directory that you +don't control appears to trigger [a subtle bug in +gpg](http://bugs.debian.org/361539) that has been unresolved for quite +a long time. + +With some of the new error checking i'm doing in +`monkeysphere-server`, typical operations that involve both keyrings +as the non-privileged user can fail with an error message like: + + gpg: failed to rebuild keyring cache: file open error + +Running the relevant operation a second time as the same user usually +lets things go through without a failure, but this seems like it would +be hiding a bug, rather than getting it fixed correctly. + +Are there other ways we can deal with this problem? + +--dkg