2

I'm currently trying to set up a small (partial) ubuntu mirror. Doing this, I stumbled across gpgv. And as I need gpgv for verifying the signatures of the mirror files, I tried importing the ubuntu keyring files into my keyring via:

gpg --no-default-keyring --keyring trustedkeys.gpg --import /usr/share/keyrings/ubuntu-archive-keyring.gpg

When I then run gpgv, I am granted with an error:

gpgv: can't allocate lock for '/home/sync_user/.gnupg/trustedkeys.gpg'

However, when I just cp /usr/share/keyrings/ubuntu-archive-keyring.gpg ~/.gnupg/trustedkeys.gpg and run gpgv, there is no error message.

Even if I have the exact same permissions etc, the error persists in the first but not in the second case:

  1. Imported keys:
sync_user@machine:~/.gnupg$ ls -lah
total 20K
drwx------ 2 sync_user sync_user 4.0K Aug 22 12:01 .
drwxr-xr-x 6 sync_user sync_user 4.0K Aug 21 16:59 ..
-rw------- 1 sync_user sync_user 1.2K Aug 22 11:55 trustdb.gpg
-rw-r--r-- 1 sync_user sync_user 7.8K Aug 22 11:55 trustedkeys.gpg
  1. Copied keyring:
sync_user@machine:~/.gnupg$ ls -lah
total 20K
drwx------ 2 sync_user sync_user 4.0K Aug 22 12:01 .
drwxr-xr-x 6 sync_user sync_user 4.0K Aug 21 16:59 ..
-rw------- 1 sync_user sync_user 1.2K Aug 22 11:55 trustdb.gpg
-rw-r--r-- 1 sync_user sync_user 7.3K Aug 22 12:03 trustedkeys.gpg

Another note: this happens exactly the same with different users on the same machine and on other machines. I have tried it with ubuntu 20.04 and an arch linux install - same results.

The gpgv --versions are: gpgv (GnuPG) 2.2.19 libgcrypt 1.8.5 on ubuntu and gpgv (GnuPG) 2.2.21 libgcrypt 1.8.6 on arch.

Does anyone have an idea where this behavior could be rooted in?

I would be thankful for every comment.

Improve this question
1
  • I am having the exact same issue. Any time I build a key ring by importing keys I can list the keys from the new key ring with gpg --list-keys just fine but gpgv chokes when trying to use that key ring with with same can't allocate lock error.
    – kyp4
    Commented Oct 2, 2020 at 21:00

2 Answers 2

Reset to default
2

I found that there is no error if I do a touch of the file before the import.

So, like touch ~/.gnupg/trustedkeys.kbx and then gpg --export <key id> | gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.kbx --import

Improve this answer
0

Touching the file did not work for me.

I ran gpgv under strace, though, and saw this:

11857 close(3)                          = 0                          
11857 access("/var/cache/debmirror/.gnupg/trustedkeys.kbx", F_OK) = 0  
11857 access("/var/cache/debmirror/.gnupg/trustedkeys.kbx", R_OK) = 0  
11857 access("/var/cache/debmirror/.gnupg/trustedkeys.kbx", W_OK) = 0  
11857 write(2, "gpgv: can't allocate lock for '/"..., 74) = 74  
11857 write(2, "'\n", 2)                = 2  
11857 openat(AT_FDCWD, "Release.gpg", O_RDONLY) = 3  
11857 read(3, "-----BEGIN PGP SIGNATURE-----\n\ni"..., 8192) = 1760  
11857 read(3, "", 8192)                 = 0  
11857 openat(AT_FDCWD, "Release", O_RDONLY) = 4  
11857 read(4, "Origin: Debian\nLabel: Debian\nSui"..., 8192) = 8192  
11857 read(4, "\n 345032ae178d52433929ef4b76962a"..., 8192) = 8192

From this, I inferred that it was complaining not about what it could not do, but about what it could.

Removing write permissions from the file eliminated the (misleading) "error" message ... which also did not prevent the program from continuing.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .