Re: Reá: Reá: Stalled when gpg is updating the thrusted database



Am 26.02.04 13:52 schrieb(en) Jean-Luc Coulon (f5ibh):
> If the trussted database is triggered "outside" balsa, I get the message  
> "GnuPG is rebuilding the trust database and is currently unavailable."  
> and everything goes fine.

That's the only thing I could check here, by manually creating the lock  
file...

> If it is balsa itself that triggers the event, it is unavailable for  
> "some" (quite long) time and then I've the previous message until gpg  
> work is done.

Unfortunately I can only guess what's happening here... can you explain a  
little more what "when balsa triggers the event" means (just start balsa,  
verify a signature, if so, was the key in the key ring, was the message  
verified after balsa came back to life, ...)?

When the update is triggered by a crypto operation (like verify, sign,  
etc.) balsa should hang until the update is complete. Maybe just launching  
gpg for whatever operation (e.g. the check upon startup if it's present)  
is already a sufficient trigger.

Of course I am interested in a clean solution for this problem, but for  
the time being, it might be helpful for you to disable the automatic  
update in the ~/.gnupg/gpg.conf (or old style ~/.gnupg/options) file using  
"no-auto-check-trustdb". "man gpg" says about this:

: If  GnuPG  feels  that its information about the Web-of-Trust
: has to be updated, it automatically runs the  --check-trustdb
: command  internally.   This  may be a time consuming process.
: --no-auto-check-trustdb disables this option.

You could then add a cron job which calls "gpg --check-trustdb --batch",  
e.g. in cron.daily, or (maybe better) add it to the X11 login script (I  
remember that on SuSE systems there is an entry to launch ssh-agent).  
Again quoting the man page:

: Do trust database maintenance without user interaction.  From
: time  to  time  the  trust  database  must be updated so that
: expired keys or signatures and the resulting changes  in  the
: Web-of-Trust  can be tracked.  Normally, GnuPG will calculate
: when this is required and do it  automatically  unless  --no-
: auto-check-trustdb is set.  This command can be used to force
: a trust database check at any time.  The processing is  iden-
: tical  to  that  of --update-trustdb but it skips keys with a
: not yet defined "ownertrust".
:
: For use with cron jobs, this command  can  be  used  together
: with  --batch  in which case the trust database check is done
: only if a check is needed.  To force a run even in batch mode
: add the option --yes.

Cheers,

	Albrecht.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Albrecht Dre▀  -  Johanna-Kirchner-Stra▀e 13  -  D-53123 Bonn (Germany)
       Phone (+49) 228 6199571  -  mailto:albrecht.dress@arcor.de
_________________________________________________________________________

PGP signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]