Debian Bug report logs - #1054989
various tests: gpg: WARNING: "--secret-keyring" is an obsolete option - it has no effect

version graph

Package: devscripts; Maintainer for devscripts is Devscripts Maintainers <[email protected]>; Source for devscripts is src:devscripts (PTS, buildd, popcon).

Reported by: Nicholas D Steeves <[email protected]>

Date: Sat, 28 Oct 2023 23:33:02 UTC

Severity: normal

Found in version devscripts/2.23.6

Full log

Message #10 received at [email protected] (full text, mbox, reply):

Received: (at 1054989) by bugs.debian.org; 21 Mar 2025 12:27:35 +0000
From [email protected] Fri Mar 21 12:27:35 2025
X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
	(2021-04-09) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-12.1 required=4.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,HAS_BUG_NUMBER,
	PGPSIGNATURE,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no
	version=3.4.6-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 29; hammy, 149; neutral, 102; spammy,
	1. spammytokens:0.944-+--H*r:bugs.debian.org
	hammytokens:0.000-+--H*ct:pgp-sha256, 0.000-+--H*ct:application,
	0.000-+--H*ct:protocol, 0.000-+--H*ct:micalg, 0.000-+--H*ct:signed
Return-path: <[email protected]>
Received: from out-178.mta1.migadu.com ([2001:41d0:203:375::b2]:35502)
	by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.94.2)
	(envelope-from <[email protected]>)
	id 1tvbTI-000IlJ-Cp
	for [email protected]; Fri, 21 Mar 2025 12:27:35 +0000
Mime-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cknow.org; s=key1;
	t=1742559641;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=w/mfazz8DtIR7h05O8bavxpMY9C9989M8i4HqnqUqOw=;
	b=0RLlFGgcmWjDn5P4r3Fid5si9yknpXT3Zt/tEDJoo9gf0npoLaIQb4loicUOEbikEZ0UCN
	qN7FMHi6fwxbO7HsCarQwUDTuI5euTI9Wih3Uz3pMv/jbNaLo9Cf0trrCYLTYbdo41RSZ4
	l5qlaXP8gxb6fnldxjqbbuzu/hieUwqmrzIRhiueNsspzudw/+tKKuEEl6ZFb9CxagBOw4
	6q6kHhV56rZskACppibHpDRk/+TBILN7Fs04PztB0FDTEWCYSPPeTqXBFuwpCLkb1KOQ8Z
	7umwDh0rTkcyiDWqIbY/sbLY+yddOqCekKyLUkocgkacLdSSai7ianD4ktASpw==
Content-Type: multipart/signed;
 boundary=2c191e8b24386cf45d5afd73040ea6d1a8dddb461eb2abc63753adc18a34;
 micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Fri, 21 Mar 2025 13:20:30 +0100
Message-Id: <[email protected]>
Subject: Re: Bug #1054989: various tests: gpg: WARNING: "--secret-keyring"
 is an obsolete option - it has no effect
X-Report-Abuse: Please report any abuse attempt to [email protected] and include these headers.
From: "Diederik de Haas" <[email protected]>
To: "Nicholas D Steeves" <[email protected]>, <[email protected]>
References: <169853587393.322156.8516607256826106330.reportbug@digitalmercury.freeddns.org>
In-Reply-To: <169853587393.322156.8516607256826106330.reportbug@digitalmercury.freeddns.org>
X-Migadu-Flow: FLOW_OUT
X-Greylist: delayed 403 seconds by postgrey-1.36 at buxtehude; Fri, 21 Mar 2025 12:27:32 UTC

[Message part 1 (text/plain, inline)]
On Sun Oct 29, 2023 at 1:31 AM CEST, Nicholas D Steeves wrote:
> Package: devscripts
> Version: 2.23.6
> Severity: normal
>
> While creating a local bpo of devscripts 2.23.6 I noticed many
> warnings like this:
>
>   gpg: WARNING: "--secret-keyring" is an obsolete option - it has no effect
>
> in the build log.  They are also visible on autobuilders

I noticed these warnings in Salsa's CI too, so did a bit of digging.

https://dev.gnupg.org/T2749 "gpg --secret-keyring is silently ignored"
Caused the issue to no longer be *silently* ignored, hence the warning.

Later in that bug report was a mention to the GnuPG 2.1 release notes:
https://www.gnupg.org/download/release_notes.html#gnupg-2.1.0
which is a massive list, but this page is more useful:
https://www.gnupg.org/faq/whats-new-in-2.1.html and then especially:
https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring

Quoting some relevant parts:

  gpg used to keep the public key pairs in two files: pubring.gpg and
  secring.gpg. The only difference is that secring stored in addition to
  the public part also the private part of the key pair. The secret
  keyring thus contained only the keys for which a private key is
  available, that is the user’s key.

  The design of GnuPG-2 demands that only the gpg-agent has control over
  the private parts of the keys ...

  With GnuPG 2.1 this changed and gpg now also delegates all private key
  operations to the gpg-agent. Thus there is no more code in the gpg
  binary for handling private keys.

The commit which now trigger that gpg warning was:
e841bf5ba5b8 ("test_uscan_mangle: test signature")

But unfortunately it doesn't describe what it intended to do with those
test, which may be needed in order to (properly) rewrite that test code.

I don't know how to fix it, but hopefully this additional info is still
useful.

Cheers,
  Diederik

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Thu May 15 06:39:49 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.