action #101358
closed[security] test fails in gpg - gpg: key generation failed: Unknown elliptic curve
100%
Description
Observation¶
openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-extra_tests_textmode@64bit fails in
gpg
gpg2 was updated to branch 2.3.x
Marking issue as urgent - as this currently blocks TW snapshots (and releasing with untested/unsuccessful gpg2 does not sound tempting)
Test suite description¶
Maintainer: slindomansilla@suse.de.
Mainly post-installation console extra tests.
Reproducible¶
Fails since (at least) Build 20210920
Expected result¶
Last good: 20210920 (or more recent)
Further details¶
Always latest result in this scenario: latest
Updated by maritawerner over 2 years ago
- Subject changed from test fails in gpg - gpg: key generation failed: Unknown elliptic curve to [qe-core] test fails in gpg - gpg: key generation failed: Unknown elliptic curve
Updated by szarate over 2 years ago
- Subject changed from [qe-core] test fails in gpg - gpg: key generation failed: Unknown elliptic curve to [qe-core][security] test fails in gpg - gpg: key generation failed: Unknown elliptic curve
- Priority changed from Urgent to High
So,
GnuPG 2.3 also delivers on a new gpg-card tool as a front-end for all types of supported smart cards, ed25519/cv25519 as default public key algorithms, support for v5 keys and signatures, basic ECC support for GPGSM, greater support for more card readers and tokens, and a variety of other enhancements throughout.
Which is fine, because indeed, http://phobos.qa.suse.de/tests/3857596#step/gpg/18 shows that eliptic curves are being used to generate keypairs, reverting the batch file to use RSA for key and subkey seems to work.
Generating the keys manually does work (user ends up with new ed25519/cv25519 keypair), signing, verifying, etc. Calling
gpg --quick-gen-key 'Test <test@example.net>' future-default also works, but I didn't find a way to specify key lenghts and so on
I'm aiming at a bug here... I just don't know exactly where, could be somewhere in the --batch form of gpg?
Updated by bchou over 2 years ago
Sorry I missed the poo last week.
I just quick check the gpg test in SLE15 SP4, and I did not find the problem as mentioned.
https://openqa.suse.de/tests/7585050#step/gpg/9
Looks like it is TW-specific problem. May I know the problem is still showing out continuously?
I though the call trace problem is more like a bug?
https://openqa.opensuse.org/tests/1983128#step/gpg/12
Updated by szarate over 2 years ago
Hi Ben!
Yes, it's TW specific until it gpg gets updated in SLES.
The call trace you're seeing, is the result sysrq being sent.
The actual error is:
gpg: Note: RFC4880bis features are enabled.
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: key generation failed: Unknown elliptic curve
What the test needs is adaptation to the new behavior (so that new default is tested, but also rsa keys?) (I don't know if eliptic curves can have different sizes for instance). See my comment above
Updated by tjyrinki_suse over 2 years ago
- Subject changed from [qe-core][security] test fails in gpg - gpg: key generation failed: Unknown elliptic curve to [security] test fails in gpg - gpg: key generation failed: Unknown elliptic curve
(QE Security has been looking at it)
Updated by okurz about 2 years ago
This ticket was set to "High" priority but was not updated within the SLO period for "High" tickets (30 days) as described on https://progress.opensuse.org/projects/openqatests/wiki/Wiki#SLOs-service-level-objectives. Please consider picking up this ticket within the next 30 days or just set the ticket to the next lower priority of "Normal" (SLO: updated within 365 days).
Updated by bchou about 2 years ago
Sorry for missing this ticket somehow. I check the issue was still reproduced in TW.
https://openqa.opensuse.org/tests/2143132#step/gpg/18
gpg: Note: RFC4880bis features are enabled.
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: key generation failed: Unknown elliptic curve
I will do it within the next 30 days. Thanks.
Updated by bchou about 2 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
- Estimated time set to 8.00 h
https://openqa.opensuse.org/tests/2222284#step/gpg/12
I think the issue was fixed in TW lately.