setting verbose when instantiating GPG class causes failure

[brianredbeard]

This is on Fedora 20 which ships gnupg version 1.4.8

$ gpg --version
gpg (GnuPG) 1.4.18
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

In the following example you can see that when attempting to set verbose="basic" that it causes the output to be mangled, as per the "can opened signed data" line.

>>> gpg = gnupg.GPG(homedir='/tmp/coreosVTMr_5', verbose="basic")
>>> vfy = gpg.verify_file('/tmp/coreosVTMr_5/coreos_developer_container.bin.bz2.DIGESTS', sig_file='/tmp/coreosVTMr_5/coreos_developer_container.bin.bz2.DIGESTS.sig')
>>> vfy.stderr
u"gpg: can't open signed data `--debug-all'\ngpg: can't hash datafile: file open error\n"
>>> gpg = gnupg.GPG(homedir='/tmp/coreosVTMr_5')
>>> vfy = gpg.verify_file('/tmp/coreosVTMr_5/coreos_developer_container.bin.bz2.DIGESTS', sig_file='/tmp/coreosVTMr_5/coreos_developer_container.bin.bz2.DIGESTS.sig')
>>> vfy.stderr
u'gpg: Signature made Thu Oct 16 17:32:43 2014 PDT using RSA key ID E5676EFC\n[GNUPG:] KEYEXPIRED 1410042310\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\n[GNUPG:] KEYEXPIRED 1410042310\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\n[GNUPG:] BADSIG A5A96635E5676EFC CoreOS Buildbot (Offical Builds) <buildbot@coreos.com>\ngpg: BAD signature from "CoreOS Buildbot (Offical Builds) <buildbot@coreos.com>"\n'

[brianredbeard]

Digging further and adding some extra statements to _open_subprocess I was able to determine it's because it's adding the debug flags last (which in the case of calling verify_file means that debug flags after --verify gets weird):

>>> gpg = gnupg.GPG(homedir='/tmp/coreosVTMr_5', verbose="basic")
Command: /usr/bin/gpg --no-options --no-emit-version --no-tty --status-fd 2 --homedir /tmp/coreosVTMr_5 --no-default-keyring --keyring /tmp/coreosVTMr_5/pubring.gpg --secret-keyring /tmp/coreosVTMr_5/secring.gpg --no-use-agent --list-config --with-colons --debug-all --debug-level=basic
>>> vfy = gpg.verify_file('/tmp/coreosVTMr_5/coreos_developer_container.bin.bz2.DIGESTS', sig_file='/tmp/coreosVTMr_5/coreos_developer_container.bin.bz2.DIGESTS.sig')
Command: /usr/bin/gpg --no-options --no-emit-version --no-tty --status-fd 2 --homedir /tmp/coreosVTMr_5 --no-default-keyring --keyring /tmp/coreosVTMr_5/pubring.gpg --secret-keyring /tmp/coreosVTMr_5/secring.gpg --no-use-agent --verify /tmp/coreosVTMr_5/coreos_developer_container.bin.bz2.DIGESTS.sig - --debug-all --debug-level=basic

[isislovecruft]

@brianredbeard Thanks for reporting this, and for the extra debugging! I think the easiest fix would be to do as you suggest and move the block in _make_args() in gnupg/_meta.py which add the verbose flags to be be just above the previous block which adds the options for a particular command.

[isislovecruft]

I believe this issue has been fixed in my fix/76-verbose-flag-order branch. It'll be available in python-gnupg-1.3.3.

@brianredbeard Please feel free to reopen this issue if you run into it again.