gosop fails on keyrings with too many keys

[guillemj]

Was trying gosop for an unrelated issue, I noticed that it cannot handle the current Debian keyring.

With the current version in Debian unstable, that is gosop 0.1.0, when running the following command:

$ cat dupload_2.10.3.dsc | gosop inline-verify guillem.asc
[verified-output]

I get the verified contents, and the command exits with 0. When running instead the following command:

$ cat dupload_2.10.3.dsc | gosop inline-verify /usr/share/keyrings/debian-keyring.gpg 
inline-verify: gopenpgp: the key contains too many entities

And exits with code 99.

[lubux]

Hi 👋 Thanks for your input. The current gosop version does not support multiple keys per file. We might fix it in a future version.

[dkg]

looks like this is still the case in gosop 1.0.0 :cry: That makes it difficult to use in some common distro contexts (see https://bugs.debian.org/1087749).

[dkg]

I'd argue that this also makes gosop non-compliant with sopv 1.0, since the sopv subset assumes that the basic datatypes are functioning as expected.

I'll try to clarify that in the next revision of the sop spec, since i think maybe it wasn't particularly clear before.

The sop spec should also probably ship a non-surprising test suite for full sopv compliance too, so implementers can confirm.