Page MenuHomePureOS Tracker

gnupg doesn't /seem/ to have standard config files
Closed, InvalidPublic


I say seem in italics because, I guess, they must be somewhere, but they are not:
~/.gnupg/gpg.conf (as per man gpg) as I would expect and are on my Debian 10 install
~/.gnupg/dirmngr.conf (as suggested here)

$ uname -a
Linux xyz-hppavilionnotebook 5.10.0-8-amd64 #1 SMP Debian 5.10.46-2 (2021-07-20) x86_64 GNU/Linux
$ gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.8.8
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/xyz/.gnupg
Supported algorithms:
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Event Timeline

morgan created this task.Jul 27 2021, 05:07

Correct, gnupg by design has built-in defaults and no system-wide configuration.
What is the issue you have with that?

morgan added a comment.Aug 11 2021, 05:15

I'm not sure I understand the relevance of the answer to the question?
The question was: why are the defaults not reflected here:

~/.gnupg/gpg.conf (as per man gpg) as I would expect and are on my Debian 10 install
~/.gnupg/dirmngr.conf (as suggested here)

Those aren't 'system-wide' locations.

Also, I'm not sure I understand the effective difference between 'built-in defaults' and 'system-wide' configurations - gnupg is installed 'system-wide' so if it has 'built-in defaults' then those defaults are 'system-wide'.

Right, I clearly misunderstood what is the issue you are reporting here.
Can you please help clarify what is broken about gnupg.
If nothing is broken about gnupg then what else is the issue?
I mean, this is an issue tracker (not e.g. a helpdesk or a chat forum).

morgan added a comment.Aug 19 2021, 06:56

man gpg says:

       gpg features a bunch of options to control the exact behaviour and to change the default configuration.

       Long options can be put in an options file (default "~/.gnupg/gpg.conf"). Short option names will not work - for example,
       "armor" is a valid option for the options file, while "a" is not. Do not write the 2 dashes, but simply the name  of  the
       option  and  any required arguments. Lines with a hash ('#') as the first non-white-space character are ignored. Commands
       may be put in this file too, but that is not generally useful as the command will execute automatically with every execu‐
       tion of gpg.

There is no default gpg.conf at ~/.gnupg/gpg.conf on my fresh install, or anywhere else that I can find.

jonas.smedegaard closed this task as Invalid.Aug 19 2021, 07:20

Correct, no gpg.conf file exist after a fresh install.

That man page states a default _location_ that the program will look for configuration.

I am closing this as a non-issue.
If you feel that it is wrong to close it - that I am missing what is really the issue here, then please try harder to describe what it is you find an issue. We want to take issues seriously, but that really requires that we understand what the issues are.

morgan added a comment.EditedAug 19 2021, 08:04

Phew, this file exists on the gnupg implementation in Debian, CentOS and Fedora, at least - those are all fairly standard implementations of gnu/linux (although arguable implementations of two standards).

How can one change defaults if they are not provided - is PureOS seriously expecting its (desktop orientated) users to build their own default gpg.conf from the man page in order ... to change the default configuration.? When none of the above standards do?

The manpage goes on to say:

How to change the configuration

       These options are used to change the configuration and are usually found in the option file.

So, while not 'mandatory', options are 'usually' found in the 'option file' and the default 'option file' is at ~/.gnupg/gpg.conf.

So, if PureOS insists on being unusual, the question becomes - why is PureOS unusual in this particular way?

The gnupg package in PureOS is the exact same as the gnupg package in Debian.
If the issue here is that you find the PureOS initial configuration of gnupg inferior to that of Debian, then you are mistaken.

morgan added a comment.Aug 19 2021, 09:06

No, that is not the issue here. The issue here is:

So, if PureOS insists on being unusual, the question becomes - why is PureOS unusual in this particular way?

I refer to the man page, from that the usual implementation envisioned by the developers clearly provides for a default configuration at ~/.gnupg/gpg.conf

So, the issue is:

So, if PureOS insists on being unusual, the question becomes - why is PureOS unusual in this particular way?

Is the answer perhaps: 'because that's what Debian does'?

If that's is the case - is there a way to output the system's default configuration to a config file so that the default configuration can be changed as per the man page?

When you enter a new $HOME then maybe (unusually!) it came with furniture preinstalled but if it comes with personal items like toothpaste preinstalled, then you should not trust it.

GnuPG configuration file does *not* exist in a fresh system. On PureOS, on Debian, on Ubuntu, on Fedora, or on any other sane system.
Found some system where it is preinstalled? Then that is a system you should *not* trust to use GnuPG.

Dislike how the man page is confusing about that matter? Please discuss that with Werner Koch, the author of GnuPG, who wrote that man page.
At some places he is slightly more clear - like here (the phrase "you really shouldn’t need to":

morgan added a comment.Aug 20 2021, 05:22

Hmm, okay - I've just checked my little local CentOS server and indeed, it doesn't have a gpg.conf (or any conf) under ~/.gnupg. My apologies.

But, attached is my ~/.gnupg/gpg.conf file - [F851494] - where did it come from? I certainly didn't write it myself, but I have changed a few preferences. I've come from Fedora (where I'd been since FC1) via Debian to here.

Any suggestions where I can obtain a clean gpg.conf file for another machine I've recently set up for a friend?

Sorry, this is not a helpdesk.
In my understanding, the builtin default values are nowadays sensible for general use.