[2014-12-01 13:33:18 +1000] Allan McRae:
On 01/12/14 13:22, Gaetan Bisson wrote:
[2014-12-01 12:14:34 +1000] Allan McRae:
With GnuPG 2.1, they have tightened up on keys without a passphrase. We don't have a passphrase on the root key in the pacman keyring... This means that things like adding keys (pacman-key --recv-key <keyid>) now fail.
Strange, --recv-key works fine here, running gnupg-2.1.0-6 on a pre-gnupg-2.1 pacman-keyring.
How about --lsign?
Right. It seems porting the pacman keyring from pre-2.1 to 2.1 mishandles the no-password case: signing anything with the resulting master key fails. We should be able to fix that by manually fiddling with the keyring, but I haven't found how yet. As you point out, recreating a fresh keyring with gnupg-2.1 is the easiest solution, though it will inconvenience users that have already imported and signed keys locally. I suggest we post a news item advising all users to do that. Cheers. -- Gaetan