--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: [PATCH] apt: support either gnupg 1 or 2.
- From: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
- Date: Mon, 3 Nov 2014 13:30:10 +0000
- Message-id: <1415021410-32605-1-git-send-email-dimitri.j.ledkov@intel.com>
Package: apt
Version: 1.0.9.3
Signed-off-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
---
apt-pkg/contrib/gpgv.cc | 6 +++++-
cmdline/apt-key.in | 10 ++++++++--
debian/control | 2 +-
doc/examples/configure-index | 2 +-
4 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index f24dd96..ea8f03a 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -43,7 +43,11 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
int const &statusfd, int fd[2])
{
#define EINTERNAL 111
- std::string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
+ std::string gpgv_bin = "/usr/bin/gpgv2";
+ if (FileExists(gpgv_bin) == false) {
+ gpgv_bin = "/usr/bin/gpgv";
+ }
+ std::string const gpgvpath = _config->Find("Dir::Bin::gpg", gpgv_bin);
// FIXME: remove support for deprecated APT::GPGV setting
std::string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
std::string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts");
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 0774cf4..b811e58 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -3,7 +3,13 @@
set -e
unset GREP_OPTIONS
-GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
+if type gpg2 2>/dev/null 1>/dev/null; then
+ gpg_bin=gpg2
+else
+ gpg_bin=gpg
+fi
+
+GPG_CMD="$gpg_bin --ignore-time-conflict --no-options --no-default-keyring"
# gpg needs (in different versions more or less) files to function correctly,
# so we give it its own homedir and generate some valid content for it
@@ -306,7 +312,7 @@ if [ -z "$command" ]; then
fi
shift
-if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
+if [ "$command" != "help" ] && ! which $gpg_bin >/dev/null 2>&1; then
echo >&2 "Warning: gnupg does not seem to be installed."
echo >&2 "Warning: apt-key requires gnupg for most operations."
echo >&2
diff --git a/debian/control b/debian/control
index 0437aa7..a179094 100644
--- a/debian/control
+++ b/debian/control
@@ -18,7 +18,7 @@ XS-Testsuite: autopkgtest
Package: apt
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gnupg
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gnupg | gnupg2, gpgv | gpgv2
Replaces: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~)
Breaks: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~)
Conflicts: python-apt (<< 0.7.93.2~)
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 56e7e1a..66e6461 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -347,7 +347,7 @@ Dir "/"
Bin {
methods "/usr/lib/apt/methods/";
gzip "/bin/gzip";
- gpg "/usr/bin/gpgv";
+ gpg "/usr/bin/gpgv2";
dpkg "/usr/bin/dpkg";
dpkg-source "/usr/bin/dpkg-source";
dpkg-buildpackage "/usr/bin/dpkg-buildpackage";
--
2.1.0
--- End Message ---
--- Begin Message ---
- To: 767914-done@bugs.debian.org
- Subject: Re: Bug#767914: [PATCH] apt: support either gnupg 1 or 2.
- From: Julian Andres Klode <jak@debian.org>
- Date: Thu, 13 Aug 2015 21:12:05 +0200
- Message-id: <20150813211106.GA25455@debian.org>
- In-reply-to: <20141103170106.GA9239@crossbow>
- References: <1415021410-32605-1-git-send-email-dimitri.j.ledkov@intel.com> <20141103170106.GA9239@crossbow>
On Mon, Nov 03, 2014 at 06:01:06PM +0100, David Kalnischkies wrote:
> On Mon, Nov 03, 2014 at 01:30:10PM +0000, Dimitri John Ledkov wrote:
> > Package: apt
> > Version: 1.0.9.3
>
> Check out 1.1~exp4 (and above) which should support gnupg2 already.
>
> The problem with supporting gnupg2 is mainly that upstream is suggesting
> some very disruptive future changes and even with oldschool gnupg we
> hit some roadblocks. While we can "survive" the later, the earlier is
> a big threat if a future upgrade of gnupg2 makes apt unusable…
>
> As an example: gnupg accepts at most 40 keyrings at the moment and
> upstream is discussing to drop support for multiple --keyring entirely.
> (It is mentioned briefly e.g. here:
> http://lists.gnupg.org/pipermail/gnupg-users/2013-August/047180.html )
>
>
> We decided (or well, I did and nobody disagreed so far) that we can't
> continue with our gnupg-elimination and instead have to bite the bullet
> and make it our dear friend to solve all those problems.
>
>
> > diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
> > index f24dd96..ea8f03a 100644
> > --- a/apt-pkg/contrib/gpgv.cc
> > +++ b/apt-pkg/contrib/gpgv.cc
> > @@ -43,7 +43,11 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
> > int const &statusfd, int fd[2])
> > {
> > #define EINTERNAL 111
> > - std::string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
> > + std::string gpgv_bin = "/usr/bin/gpgv2";
> > + if (FileExists(gpgv_bin) == false) {
> > + gpgv_bin = "/usr/bin/gpgv";
> > + }
> > + std::string const gpgvpath = _config->Find("Dir::Bin::gpg", gpgv_bin);
> > // FIXME: remove support for deprecated APT::GPGV setting
> > std::string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
> > std::string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts");
>
> Huh, I didn't realize there is a gpgv2. Could you implement support for
> it in apt-key? We default to gnupg{,2} if we have no gpgv available for
> the moment, but this has a slightly different output (which is visible
> in apt-cdrom add operations) [I doubt there is anyone really caring
> about it, but it can't hurt, so why not…].
>
This should be fixed in recent experimental releases.
--
Julian Andres Klode - Debian Developer, Ubuntu Member
See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
Be friendly, do not top-post, and follow RFC 1855 "Netiquette".
- If you don't I might ignore you.
--- End Message ---