Bug#767914: [PATCH] apt: support either gnupg 1 or 2.

To: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>, 767914@bugs.debian.org
Subject: Bug#767914: [PATCH] apt: support either gnupg 1 or 2.
From: David Kalnischkies <david@kalnischkies.de>
Date: Mon, 3 Nov 2014 18:01:06 +0100
Message-id: <[🔎] 20141103170106.GA9239@crossbow>
Reply-to: David Kalnischkies <david@kalnischkies.de>, 767914@bugs.debian.org
In-reply-to: <[🔎] 1415021410-32605-1-git-send-email-dimitri.j.ledkov@intel.com>
References: <[🔎] 1415021410-32605-1-git-send-email-dimitri.j.ledkov@intel.com>

On Mon, Nov 03, 2014 at 01:30:10PM +0000, Dimitri John Ledkov wrote:
> Package: apt
> Version: 1.0.9.3

Check out 1.1~exp4 (and above) which should support gnupg2 already.

The problem with supporting gnupg2 is mainly that upstream is suggesting
some very disruptive future changes and even with oldschool gnupg we
hit some roadblocks. While we can "survive" the later, the earlier is
a big threat if a future upgrade of gnupg2 makes apt unusable…

As an example: gnupg accepts at most 40 keyrings at the moment and
upstream is discussing to drop support for multiple --keyring entirely.
(It is mentioned briefly e.g. here:
http://lists.gnupg.org/pipermail/gnupg-users/2013-August/047180.html )

We decided (or well, I did and nobody disagreed so far) that we can't
continue with our gnupg-elimination and instead have to bite the bullet
and make it our dear friend to solve all those problems.

> diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
> index f24dd96..ea8f03a 100644
> --- a/apt-pkg/contrib/gpgv.cc
> +++ b/apt-pkg/contrib/gpgv.cc
> @@ -43,7 +43,11 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
>               int const &statusfd, int fd[2])
>  {
>     #define EINTERNAL 111
> -   std::string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
> +   std::string gpgv_bin = "/usr/bin/gpgv2";
> +   if (FileExists(gpgv_bin) == false) {
> +      gpgv_bin = "/usr/bin/gpgv";
> +   }
> +   std::string const gpgvpath = _config->Find("Dir::Bin::gpg", gpgv_bin);
>     // FIXME: remove support for deprecated APT::GPGV setting
>     std::string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
>     std::string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts");

Huh, I didn't realize there is a gpgv2. Could you implement support for
it in apt-key?  We default to gnupg{,2} if we have no gpgv available for
the moment, but this has a slightly different output (which is visible
in apt-cdrom add operations) [I doubt there is anyone really caring
about it, but it can't hurt, so why not…].

Best regards

David Kalnischkies

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#767914: [PATCH] apt: support either gnupg 1 or 2.
  - From: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>

Prev by Date: Bug#767914: [PATCH] apt: switch test-suite to gpg2.
Next by Date: www.Facebook.com Gefeliciteerd,
Previous by thread: Bug#767914: [PATCH] apt: support either gnupg 1 or 2.
Next by thread: Bug#767914: [PATCH] apt: switch test-suite to gpg2.
Index(es):
- Date
- Thread