keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
899 stars 37 forks source link

keybase-installer failing "Too many keys" #1033

Open chrissearle opened 10 years ago

chrissearle commented 10 years ago
$ keybase-installer 
info: Made temporary directory: /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install__Fq2qprn_9V_pJ63bUyghA
info: Using keyset version v1
info: Fetching URL https://dist.keybase.io/sig/files/1/index.asc
info: cleaning up tmpdir /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install__Fq2qprn_9V_pJ63bUyghA
error: too many keys found: 224

Any ideas what next?

maxtaco commented 10 years ago

Weird, haven't seen this one before. You can nuke ~/.keybase-installer and try again...

chrissearle commented 10 years ago

Same I'm afraid

~  » rm -rf .keybase-installer
~  » keybase-installer        
info: Made temporary directory: /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_8YpXad36K_EV-75hVM1B0A
info: Creating permanent keyring dir: /Users/chris/.keybase-installer/keyring
info: Using keyset version v1
info: Fetching URL https://dist.keybase.io/sig/files/1/index.asc
info: cleaning up tmpdir /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_8YpXad36K_EV-75hVM1B0A
error: too many keys found: 224
maxtaco commented 10 years ago

Can you run with -d and paste in the output? Thanks.

chrissearle commented 10 years ago
debug: + cmd.run 0.1.22
debug: ++ Installer::run
debug: +++ Installer::test_gpg
debug: --- Installer::test_gpg -> OK
debug: +++ Installer::test_npm
debug: --- Installer::test_npm -> OK
debug: +++ Installer::test_npm_install
debug: ||| Testing install directory: /usr/local
debug: ||| Writing temporary file, to see if install will work: /usr/local/.keybase_test_install_577368365c1a3a2f527f
debug: ||| Unlinking file: /usr/local/.keybase_test_install_577368365c1a3a2f527f
debug: --- Installer::test_npm_install
info: Made temporary directory: /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw
debug: +++ Make new permanent keychain
debug: ||| mkdir_p parent /Users/chris/.keybase-installer
info: Creating permanent keyring dir: /Users/chris/.keybase-installer/keyring
debug: --- Made new permanent keychain
debug: +++ Make/check empty pubring /Users/chris/.keybase-installer/keyring/pubring.gpg
debug: ||| Made a new one
debug: --- Made/check empty pubring -> true
debug: +++ Make/check empty secring /Users/chris/.keybase-installer/keyring/secring.gpg
debug: ||| Made a new one
debug: --- Made/check empty secring -> true
debug: +++ Make/check empty trustdb /Users/chris/.keybase-installer/keyring/trustdb.gpg
debug: ||| Made a new one
debug: --- Made/check empty trustdb -> true
debug: || Call to gpg: { args: [ '-k', '--with-fingerprint', '--with-colons' ],
debug:   quiet: true }
debug: || Mutate GPG args; new args: --no-default-keyring --keyring /Users/chris/.keybase-installer/keyring/pubring.gpg --secret-keyring /Users/chris/.keybase-installer/keyring/secring.gpg --trustdb-name /Users/chris/.keybase-installer/keyring/trustdb.gpg -k --with-fingerprint --with-colons
debug: +++ KeySetup::run
debug: ++++ KeySetup::find_keyset null
debug: +++++ KeySetup::find_latest_key code@null
debug: ||||| Load key code@keybase.io/47484E50656D16C7 from keyring /Users/chris/.keybase-installer/keyring (secret=undefined)
debug: ||||| Call to gpg: { args: 
debug:    [ '--export',
debug:      '--export-options',
debug:      'export-local-sigs',
debug:      '-a',
debug:      '47484E50656D16C7' ] }
debug: ||||| Mutate GPG args; new args: --no-default-keyring --keyring /Users/chris/.keybase-installer/keyring/pubring.gpg --secret-keyring /Users/chris/.keybase-installer/keyring/secring.gpg --trustdb-name /Users/chris/.keybase-installer/keyring/trustdb.gpg --export --export-options export-local-sigs -a 47484E50656D16C7
debug: ++++++ lookup UID
debug: |||||| Mutate GPG args; new args: --no-default-keyring --keyring /Users/chris/.keybase-installer/keyring/pubring.gpg --secret-keyring /Users/chris/.keybase-installer/keyring/secring.gpg --trustdb-name /Users/chris/.keybase-installer/keyring/trustdb.gpg -k --with-colons 222B85B0F90BE2D24CFEB93F47484E50656D16C7
debug:  - Map 47484E50656D16C7 -> [object Object] via gpg
debug: ------ looked up UID
debug: ----- KeySetup::find_latest_key code@null -> undefined / 1 / 222B85B0F90BE2D24CFEB93F47484E50656D16C7
debug: +++++ KeySetup::find_latest_key index@1
debug: ||||| Load key index@keybase.io/199A25A57F9E8BFA from keyring /Users/chris/.keybase-installer/keyring (secret=undefined)
debug: ||||| Call to gpg: { args: 
debug:    [ '--export',
debug:      '--export-options',
debug:      'export-local-sigs',
debug:      '-a',
debug:      '199A25A57F9E8BFA' ] }
debug: ||||| Mutate GPG args; new args: --no-default-keyring --keyring /Users/chris/.keybase-installer/keyring/pubring.gpg --secret-keyring /Users/chris/.keybase-installer/keyring/secring.gpg --trustdb-name /Users/chris/.keybase-installer/keyring/trustdb.gpg --export --export-options export-local-sigs -a 199A25A57F9E8BFA
debug: ++++++ lookup UID
debug: |||||| Mutate GPG args; new args: --no-default-keyring --keyring /Users/chris/.keybase-installer/keyring/pubring.gpg --secret-keyring /Users/chris/.keybase-installer/keyring/secring.gpg --trustdb-name /Users/chris/.keybase-installer/keyring/trustdb.gpg -k --with-colons 50356E55ADBC1310C156B7F5199A25A57F9E8BFA
debug:  - Map 199A25A57F9E8BFA -> [object Object] via gpg
debug: ------ looked up UID
debug: ----- KeySetup::find_latest_key index@1 -> undefined / 1 / 50356E55ADBC1310C156B7F5199A25A57F9E8BFA
info: Using keyset version v1
debug: ---- KeySetup::find_keys true @ version 1
debug: --- KeySetup::run (found=true)
debug: +++ GetIndex::run
info: Fetching URL https://dist.keybase.io/sig/files/1/index.asc
debug:  * fetched -> 200
debug: ++++ oneshot verify
debug: |||| Call to gpg: { args: [ '-a', '--export', '50356E55ADBC1310C156B7F5199A25A57F9E8BFA' ] }
debug: |||| Mutate GPG args; new args: --no-default-keyring --keyring /Users/chris/.keybase-installer/keyring/pubring.gpg --secret-keyring /Users/chris/.keybase-installer/keyring/secring.gpg --trustdb-name /Users/chris/.keybase-installer/keyring/trustdb.gpg -a --export 50356E55ADBC1310C156B7F5199A25A57F9E8BFA
debug: +++++ Make new temporary keychain
debug: ||||| mkdir_p parent /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw
debug: ||||| making directory /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM
debug: ----- Made new temporary keychain
debug: +++++ Make/check empty pubring /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM/pubring.gpg
debug: ||||| Made a new one
debug: ----- Made/check empty pubring -> true
debug: +++++ Make/check empty secring /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM/secring.gpg
debug: ||||| Made a new one
debug: ----- Made/check empty secring -> true
debug: +++++ Make/check empty trustdb /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM/trustdb.gpg
debug: ||||| Made a new one
debug: ----- Made/check empty trustdb -> true
debug: |||| Call to gpg: { args: [ '--import' ],
debug:   stdin: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 47 50 20 50 55 42 4c 49 43 20 4b 45 59 20 42 4c 4f 43 4b 2d 2d 2d 2d 2d 0a 56 65 72 73 69 6f 6e 3a 20 47 6e 75 50 47 ...>,
debug:   quiet: true,
debug:   secret: undefined }
debug: |||| Mutate GPG args; new args: --no-default-keyring --keyring /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM/pubring.gpg --secret-keyring /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM/secring.gpg --trustdb-name /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM/trustdb.gpg --import
debug: |||| Call to gpg: { args: [ '--with-colons', '--fingerprint' ] }
debug: |||| Mutate GPG args; new args: --no-default-keyring --keyring /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM/pubring.gpg --secret-keyring /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM/secring.gpg --trustdb-name /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM/trustdb.gpg --with-colons --fingerprint
debug: |||| nuking temporary kerying: /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw/f37MpEzk1COWSgCM4BeM
debug: |||| oneshot clean
debug: +++++ cleanup /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw
info: cleaning up tmpdir /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw
debug: ----- cleanup /var/folders/_k/hynwrnmx6x7f9s1k1q9d5bgr0000gp/T/keybase_install_JwIZgkQ_HwjYCbtkbztvXw -> OK
error: too many keys found: 224
maxtaco commented 10 years ago

Do you have anything interesting in your ~/.gnupg/gpg.conf file? That's likely the issue...

chrissearle commented 10 years ago

Ah - interesting.

Could be.

I use

homedir /path/to/shared/drive/.gnupg secret-keyring /path/to/shared/drive/.gnupg/secring.gpg primary-keyring /path/to/shared/drive/.gnupg/pubring.gpg trustdb-name /path/to/shared/drive/.gnupg/trustdb.gpg

So that all machines at home use the same db's - since I use the same account on them.

chrissearle commented 10 years ago

I should mention the rest of the lines I have too really :)

no-greeting
personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
default-key <MY-MAIN-KEY-ID>
charset utf8
keyserver x-hkp://pool.sks-keyservers.net
keyserver-options auto-key-retrieve
maxtaco commented 10 years ago

Oh right, I remember this issue. Try with the -O flag:

keybase-installer -O
chrissearle commented 10 years ago

That worked but then keybase login gave:

Your keybase username or email: <my email address used for keybase username>
Your keybase login passphrase: **************
- run scrypt [==================================] 100%
info: Made directory '/Users/chris/.cache/keybase'
info: Updated file: /Users/chris/.cache/keybase/session.json
info: Made directory '/Users/chris/.config/keybase'
info: Updated file: /Users/chris/.config/keybase/config.json
info: Creating temporary keyring dir: /Users/chris/.cache/keybase/tmp_keyrings
warn: When checking chrissearle: VerifyError: merkle root: signature verification failed
warn: Likely this is a bug or transient error; but the server could be compromised
maxtaco commented 10 years ago

Same thing, give the login command (and all others) the -O flag.

You can remember this preference with this:

   keybase config no_gpg_options true
chrissearle commented 10 years ago

Yep - that's it. Thanks :)

chrissearle commented 10 years ago

Hmm - just made me wonder. If I set no_gpg_options to true - doesn't this break things like keybase track bringing the key into my pubring (since it won't know where my pubring is) ?

maxtaco commented 10 years ago

Yeah, likely. Shoot.

chrissearle commented 10 years ago

Do we know what settings do/do not cause problems in gpg.conf ?

chrissearle commented 10 years ago

It's a shame that it doesn't honour the whole gpg.conf file if gpg itself can - what does keybase do that causes gpg to choke on its config - or - what is keybase assuming in the results that fail (incorrect assumption) ?

maxtaco commented 10 years ago

Yeah, I spent a lot of time wrestling with this about 3 months ago. It's the keyring specification. If you specify one on the command line (as our client does) and one in the gpg.conf file, it uses both. There's no way to disable this (annoying) behavior.

Keybase uses "one-shot-keyrings" that import a key, verify against it, and then tear it down, to make sure that the right key is being used to verify the signature in question. With gpg.conf files that specify keyrings, we get two keys that come back rather than one, which confuses our checks.

Now, I came up with this scheme before I knew about the error-fd= option that can solve this problem in a different way, so the client might be up for a rewrite. But I haven't gotten around to it...

chrissearle commented 10 years ago

OK

I wonder - I could probably remove

homedir secret-keyring primary-keyring trustdb-name

if I set GNUPGHOME instead in my shell init. That would likely play nicer?

I think it would be good to support this - but the env var is probably enough for me to get along with