[gnome-keysign: 1/5] gpgmeh: Select usable private keys only

[Tobias Mueller <tobiasmue src gnome org>]

commit f597b92e385bb3d584cef2c81c7bcb99b9d4a7ff
Author: Tobias Mueller <muelli cryptobitch de>
Date:   Mon Sep 2 12:29:03 2019 +0200

    gpgmeh: Select usable private keys only
    
    There was a silly bug in the logic for selecting which keys to use.
    This caused a bug in that the other private keys were not used for
    producing a signature. This is so weird. Why would more keys prevent
    other keys from working correctly? GnuPG seems to behave weird there.
    In the case that I was debugging, it seelcted seven private keys out of
    which four were expired. No signature was produced, at all. For unknown
    reasons. The log indicated that GnuPG dropped four keys, but it didn't
    indicate that the remaining three were not used.
    
    INFO:root:Returning None for 'KEY_CONSIDERED' 'XXX 0' foo
    
    INFO:keysign.gpgmeh:edit_cb: 'GET_LINE' 'keyedit.prompt' 'None'
    INFO:keysign.gpgmeh:edit_cb data: 'uid 0'
    INFO:root:Returning None for 'GOT_IT' ''
    INFO:keysign.gpgmeh:edit_cb: 'GET_LINE' 'keyedit.prompt' 'None'
    INFO:keysign.gpgmeh:edit_cb data: 'sign'
    INFO:root:Returning None for 'GOT_IT' ''
    INFO:keysign.gpgmeh:edit_cb: 'GET_BOOL' 'keyedit.sign_all.okay' 'None'
    INFO:keysign.gpgmeh:edit_cb data: 'Y'
    INFO:root:Returning None for 'GOT_IT' ''
    INFO:root:Returning None for 'KEY_CONSIDERED' 'F98D03D7DC630399AAA6F43826B3F39189C397F6 0'
    
    ^^^ Note how it says key considered for this (fine) key
    
    INFO:root:Returning None for 'KEYEXPIRED' '1494349781'
    INFO:root:Returning None for 'KEY_CONSIDERED' 'FF52DA33C025B1E0B91092FC1C3419BF1BF98D6D 1'
    INFO:keysign.gpgmeh:edit_cb: 'INV_SGNR' '9 1C3419BF1BF98D6D' 'None'
    WARNING:keysign.gpgmeh:INV_SGNR: '9 1C3419BF1BF98D6D'
    
    ^^^ This key is indeed expired.
    
    INFO:keysign.gpgmeh:edit_cb data: None
    INFO:root:Returning None for 'KEYEXPIRED' '1519815600'
    INFO:root:Returning None for 'KEY_CONSIDERED' 'F289F7BA977DF4143AE9FDFBF70A02906C301813 1'
    INFO:keysign.gpgmeh:edit_cb: 'INV_SGNR' '9 F70A02906C301813' 'None'
    WARNING:keysign.gpgmeh:INV_SGNR: '9 F70A02906C301813'
    
    ^^^ This key, too, is expired
    
    INFO:keysign.gpgmeh:edit_cb data: None
    INFO:root:Returning None for 'KEYEXPIRED' '1475744330'
    INFO:root:Returning None for 'KEYEXPIRED' '1475744330'
    INFO:root:Returning None for 'KEYEXPIRED' '1474325854'
    INFO:root:Returning None for 'KEYEXPIRED' '1475744330'
    INFO:root:Returning None for 'KEY_CONSIDERED' 'FE29AF0908214E1991B264F389EB0E0AB963D6CA 1'
    INFO:keysign.gpgmeh:edit_cb: 'INV_SGNR' '9 89EB0E0AB963D6CA' 'None'
    WARNING:keysign.gpgmeh:INV_SGNR: '9 89EB0E0AB963D6CA'
    
    ^^^ This key, too, is expired.
    
    INFO:keysign.gpgmeh:edit_cb data: None
    INFO:root:Returning None for 'KEY_CONSIDERED' '056446F077321A691C6714EA8A014674C93742FD 0'
    
    ^^^ This is the second good key
    
    INFO:root:Returning None for 'KEY_CONSIDERED' '24A8848C8270DC645DF174021E8E55FB911F6D97 0'
    
    ^^^ And the third
    
    INFO:root:Returning None for 'KEYEXPIRED' '1562404291'
    INFO:root:Returning None for 'KEYEXPIRED' '1562404291'
    INFO:root:Returning None for 'KEYEXPIRED' '1562404291'
    INFO:root:Returning None for 'KEY_CONSIDERED' '610CB25237B370E9EB2108E89CEE1B6B059B598E 1'
    INFO:keysign.gpgmeh:edit_cb: 'INV_SGNR' '9 9CEE1B6B059B598E' 'None'
    WARNING:keysign.gpgmeh:INV_SGNR: '9 9CEE1B6B059B598E'
    
    ^^^ Here is another expired key
    
    INFO:keysign.gpgmeh:edit_cb data: None
    INFO:keysign.gpgmeh:edit_cb: 'GET_LINE' 'keyedit.prompt' 'None'
    INFO:keysign.gpgmeh:edit_cb data: 'save'
    
    So.. it saved fine, but it has not produced any signature whatsoever.
    That's so strange.
    
    With this change, we finally produce the signatures, but I can't explain why it works better.

 keysign/gpgmeh.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
---
diff --git a/keysign/gpgmeh.py b/keysign/gpgmeh.py
index b6274c4..b1019fb 100755
--- a/keysign/gpgmeh.py
+++ b/keysign/gpgmeh.py
@@ -469,8 +469,9 @@ def sign_keydata_and_encrypt(keydata, error_cb=None, homedir=None):
     ctx = TempContextWithAgent(oldctx)
     # We're trying to sign with all available secret keys
     available_secret_keys = [key for key in ctx.keylist(secret=True)
-        if not key.disabled or key.revoked or key.invalid or key.expired]
-    log.debug('Setting available sec keys to: %r', available_secret_keys)
+        if not (key.disabled or key.revoked or key.invalid or key.expired)]
+    log.debug('Setting available sec keys to (%d): %r',
+        len(available_secret_keys), available_secret_keys)
     ctx.signers = available_secret_keys
 
     ctx.op_import(minimise_key(keydata))