GPGkeys: subkeys are not imported/used

[Torstein-Eide]

• Gitea version (or commit ref): 1.13.0
• Git version: 2.25.1
• Operating system: Ubuntu 20.04
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes
    • https://try.gitea.io/torsteintest/test/commit/dcfd271a2e0e9740cd562cf238421f8f63847025
    • https://github.com/Eideen/test1/commits/master
  • No
  • Not relevant
• Log gist:

Description

If you add subkey to a master GPG keyring, the subkey is not picked up by Gitea, this give error "WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS."

To comparison Github correctly sees all keys.

gpg --list-secret-keys --keyid-format LONG
/home/torstein/.gnupg/pubring.kbx
---------------------------------
sec   rsa4096/44196C77FBD6EF95 2020-07-02 [SC] [utgår: 2025-07-01]
      DD88FD4E5E767E7BF8414CF444196C77FBD6EF95
uid                [  fullst.] Torstein Eide (github) <1884894+Eideen@users.noreply.github.com>
uid                [  fullst.] alt <work mail>
uid                [  fullst.] alt3 <...@gmail.com>
ssb   rsa4096/29351BDD6590C2C3 2020-07-02 [E] [utgår: 2025-07-01]
ssb   rsa4096/2A457BC93D9A1F44 2020-07-03 [S]
ssb   rsa4096/AF31EBDABBF1C86B 2020-07-03 [E]

[zeripath]

Hmm I was sure I'd fixed this recently...

When did you add that key to the database?

I'll take another look though

[Torstein-Eide]

I test adding the before and after adding doing the commit.

[zeripath]

Interesting when I add this key on my local testing service this works.

[zeripath]

That is the key obtained from https://github.com/Eideen.gpg

[Torstein-Eide]

Interesting when I add this key on my local testing service this works.

I have test now with master, and 12.1 on my local service, and i get the same result. where is maked as SUSPICIOUS.

Is there any other settings related PGP?

That is the key obtained from https://github.com/Eideen.gpg

that key is correct.

[zeripath]

Have you set the email address as per the key?

[zeripath]

The user has to have the email address of at least one of the key's email addresses listed as theirs.

[zeripath]

In that given that that key only has "1884894+eideen@users.noreply.github.com" as an email address you must add that as at least a secondary email address to the user.

[Torstein-Eide]

I test it again with a new key and only using one email.

I work if the main key.

/home/torstein/.gnupg/pubring.kbx
---------------------------------
sec   rsa4096/51BB0AFBAA3C45CC 2020-07-05 [SC]
      E19FF5319D2076A7792BCC4751BB0AFBAA3C45CC
uid                [  fullst.] Torstein Eide <...@gmail.com>
ssb   rsa4096/07869FDB3DB88711 2020-07-05 [E]

but when i add a new ssb key it gives error

/home/torstein/.gnupg/pubring.kbx
---------------------------------
sec   rsa4096/51BB0AFBAA3C45CC 2020-07-05 [SC]
      E19FF5319D2076A7792BCC4751BB0AFBAA3C45CC
uid                [  fullst.] Torstein Eide <...@gmail.com>
ssb   rsa4096/07869FDB3DB88711 2020-07-05 [E]
ssb   rsa4096/1CF209566DC957DE 2020-07-05 [S] [utgår: 2071-01-08]

[zeripath]

An example would be useful - if only so I can test this.

[Torstein-Eide]

An example would be useful - if only so I can test this.

https://try.gitea.io/torsteintest/test2/commits/branch/master

[zeripath]

[zeripath]

The key attached to https://try.gitea.io/torsteintest.gpg still has the 1884894+eideen@users.noreply.github.com email address

[Torstein-Eide]

public key for second test

https://pastebin.com/uQa9jsH4

[zeripath]

OK I've replicated - Thanks for bearing with this.

[zeripath]

Figured it out - the problem is that the email checking is attached to the primary key not the subkey.