gpg: Take care to use pubring.kbx if it has ever been used.

* kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp. * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header flag. * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp and set header flag. * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static and add arg for_openpgp. (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the former keybox_new. * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the openpgp header flags. * g10/keydb.c (rt_from_file): New. Factored out and extended from keydb_add_resource. (keydb_add_resource): Switch to the kbx file if it has the openpgp flag set. * kbx/keybox-dump.c (dump_header_blob): Print header flags. -- The problem was reported by dkg on gnupg-devel (2014-10-07): I just discovered a new problem, though, which will affect people on systems that have gpg and gpg2 coinstalled: 0) create a new keyring with gpg2, and use it exclusively with gpg2 for a while. 1) somehow (accidentally?) use gpg (1.4.x) again -- this creates ~/.gnupg/pubring.gpg 2) future runs of gpg2 now only look at pubring.gpg and ignore pubring.kbx -- the keys you had accumulated in the keybox are no longer listed in the output of gpg2 --list-keys Note that gpgsm has always used pubring.kbx and thus this file might already be there but without gpg ever inserted a key. The new flag in the KBX header gives us an indication whether a KBX file has ever been written by gpg >= 2.1. If that is the case we will use it instead of the default pubring.gpg. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2014-10-09 19:10:32 +02:00 · 2014-10-09 19:10:32 +02:00 · ec332d58ef
commit ec332d58ef
parent d8c01d826f
9 changed files with 153 additions and 49 deletions
--- a/kbx/keybox-init.c
+++ b/kbx/keybox-init.c
@ -77,15 +77,10 @@ keybox_is_writable (void *token)



-/* Create a new handle for the resource associated with TOKEN.  SECRET
-   is just a cross-check.
-
-   The returned handle must be released using keybox_release (). */
-KEYBOX_HANDLE
-keybox_new (void *token, int secret)
+static KEYBOX_HANDLE
+do_keybox_new (KB_NAME resource, int secret, int for_openpgp)
 {
  KEYBOX_HANDLE hd;
-  KB_NAME resource = token;
  int idx;

  assert (resource && !resource->secret == !secret);
@ -94,6 +89,7 @@ keybox_new (void *token, int secret)
    {
      hd->kb = resource;
      hd->secret = !!secret;
+      hd->for_openpgp = for_openpgp;
      if (!resource->handle_table)
        {
          resource->handle_table_size = 3;
@ -135,6 +131,30 @@ keybox_new (void *token, int secret)
  return hd;
 }

+
+/* Create a new handle for the resource associated with TOKEN.  SECRET
+   is just a cross-check.  This is the OpenPGP version.  The returned
+   handle must be released using keybox_release.  */
+KEYBOX_HANDLE
+keybox_new_openpgp (void *token, int secret)
+{
+  KB_NAME resource = token;
+
+  return do_keybox_new (resource, secret, 1);
+}
+
+/* Create a new handle for the resource associated with TOKEN.  SECRET
+   is just a cross-check.  This is the X.509 version.  The returned
+   handle must be released using keybox_release.  */
+KEYBOX_HANDLE
+keybox_new_x509 (void *token, int secret)
+{
+  KB_NAME resource = token;
+
+  return do_keybox_new (resource, secret, 0);
+}
+
+
 void
 keybox_release (KEYBOX_HANDLE hd)
 {