Mailing List Archive

GnuPG 2.2 on elder Debian & Ubuntu distros
Hello!

As a number of GNU distributions are still around and maintained,
the questions comes up: How does someone get packages
for GnuPG 2.2?

Right now I focus on deb based systems:

Debian Jessie, Stretch
Ubuntu LTS 12.04, 14.06, 16.04

There is a difference in packaging as
Jessie and Ubuntu LTS still have gnupg and gnupg2
while
Stretch (and Ubuntu 17.04) already have done the jump to 2.1.x
replacing GnuPG 1.4.x in the gnupg package.

So how would a good packaging for these systems work?
(Intevation has a potential customer that is interested in a packaging for
Ubuntu 12.04 LTS for instance.)
Is somebody already working on it?

Build instructions for 2.2.1 could help other users as well.
Here is one I've found for some Ubuntu versions:
https://gist.github.com/vt0r/a2f8c0bcb1400131ff51

== potential advantages of GnuPG 2.2
* GnuPG 2.0.x is running out of support
https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000413.html
| the 2.0.x series which will reach end-of-life on 2017-12-31
* ECC support
* (for some public agencies) GnuPG 2.2/Gpg4win aims for an approval to handle
governmental documents that are classified 'restricted' ('VS-NUR F?R DEN
DIENSTGEBRAUCH') by the German Federal Office for Information Security (BSI).
https://wiki.gnupg.org/Gpg4vsnfd2015


Best Regards,
Bernhard

--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On 2017-10-27 at 16:06 +0200, Bernhard Reiter wrote:
> As a number of GNU distributions are still around and maintained,
> the questions comes up: How does someone get packages
> for GnuPG 2.2?
>
> Right now I focus on deb based systems:
>
> Debian Jessie, Stretch
> Ubuntu LTS 12.04, 14.06, 16.04

Because the package repo verification uses PGP and other bits of system
tooling have certain expectations of GnuPG as-installed, I have taken
the stance of "leave the system installs alone". Instead, I use
`/opt/gnupg` and I install everything under there.

I then use Vagrant to build for various different OS/distribution
releases.

Thus at <https://public-packages.pennock.tech/> I have packages for 4 of
the 5 releases you mention (amd64-only). I install the `optgnupg-gnupg`
package and I end up with:
ii optgnupg-gmp 6.1.2-pt2
ii optgnupg-gnupg 2.2.1-pt1
ii optgnupg-gnutls 3.5.15-pt2
ii optgnupg-libassuan 2.4.3-pt1
ii optgnupg-libgcrypt 1.8.1-pt1
ii optgnupg-libgpg-error 1.27-pt1
ii optgnupg-libksba 1.3.5-pt1
ii optgnupg-nettle 3.3-pt1
ii optgnupg-npth 1.5-pt1
ii optgnupg-pinentry 1.0.0-pt3

It's then just a matter of using `$PATH` for users so that I can use a
capable modern GnuPG for all my stuff, while leaving the system tooling
alone.

I'm using `aptly` for managing the apt repo setup.

There's a `swdb.lst` file (and associated signature) which tells you the
current versions of all the GnuPG software.

I have an "X depends on Y" config file which I can feed into tsort(1)
which currently produces this package dependency ordering:

libgpg-error npth gmp libassuan libksba libgcrypt nettle pinentry gnutls gnupg22

To help you get started, I've attached two JSON files which I use as
configuration for the builds, reading them should help see how things
fit together and what options are needed.

-Phil
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On Fri 2017-10-27 16:06:55 +0200, Bernhard Reiter wrote:
> There is a difference in packaging as
> Jessie and Ubuntu LTS still have gnupg and gnupg2
> while
> Stretch (and Ubuntu 17.04) already have done the jump to 2.1.x
> replacing GnuPG 1.4.x in the gnupg package.


I've looked into this for jessie, and i'm sad to say that there is
enough system integration work to make me want to spend my time
elsewhere.

A backport to stretch should be relatively easy to pull off.

The Jessie problems aren't necessarily problems with gpg itself -- it's
the ecosystem that has grown up around gpg, much of which is written as
though whatever idiosyncracies and corner cases the author encountered
with some particular version of gpg was exactly the way gpg should
behave, forever. So introducing 2.1 or 2.2 to jessie results in
breakage of a number of other packages (see the litany of Breaks: at [0]
for what is probably not even a full set; now think about all the other
packages which depend on the packages listed as broken).

In stretch, all of that has been cleaned up, which is why the backport
should be relatively easy.

And in future versions of debian, we can hopefully keep the cruft down
by providing upstream-maintained language bindings that are more
attractive than the weird side-projects that seem to have sprung up
around trying to automate a complex, multifaceted tool with long history
of configuration choices.

It is helpful to have GnuPG upstream be really clear about what is an
expected stable machine-readable interface (and about what is *not*
expected to be stable for mechanical interaction). So any contributions
that help to clarifying the formal API (even a "best minimal subset" of
it) would be a great positive contribution.

Sorry to not have better news for your Jessie and Ubuntu LTS systems :(
I'd love to be wrong!

--dkg

[0] https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git/tree/debian/control#n259
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Phil,

Am Freitag 27 Oktober 2017 18:24:45 schrieb Phil Pennock:
> Thus at https://public-packages.pennock.tech/ I have packages for 4 of
> the 5 releases you mention (amd64-only). I install the `optgnupg-gnupg`
> package

thanks I've tried your packages today on a GNU Stretch system
and got working Gnupg 2.2.5.

For the X11 based pinentries: You could recommend the needed minimum set of
X11 dependencies, to ease installation for people who want a graphical
pinentry.

> It's then just a matter of using `$PATH` for users so that I can use a
> capable modern GnuPG for all my stuff, while leaving the system tooling
> alone.

Your page is quite helpful, my suggestion is to add or link an example how to
set the path, e.g. sourcing a bash file like

::::::::::::::
setgnupg
::::::::::::::
base=/opt/gnupg

export LD_LIBRARY_PATH=$base/lib:$LD_LIBRARY_PATH
export MANPATH=$base/share/man:$MANPATH
export PATH=$base/bin:$PATH
::::::::::::::

Best Regards,
Bernhard

--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On Thu 2018-03-01 17:06:44 +0100, Bernhard Reiter wrote:
> thanks I've tried your packages today on a GNU Stretch system
> and got working Gnupg 2.2.5.

fwiw, if folks want GnuPG 2.2.5 on stretch, that should be a relatively
straightforward series of backports. we should be able to upload it
directly to stretch-backports, which would not only cover all the
architectures supported by stretch-backports, but also would be much
more straightforward to install for the end user.

this is not the case for debian jessie, which has many more packages in
the OS that *will* break if gpg moves from the 1.4.x version that
shipped in jessie to anything from the "modern" branch.

If folks want a backport of 2.2.5 to stretch specifically, please let me
know. I'd particularly be happy to guide any interested would-be debian
packager through the steps of creating a backport, and would be willing
to sponsor an upload if it's built sensibly and behaves reasonably.

--dkg
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Am Freitag 02 März 2018 03:57:02 schrieb Daniel Kahn Gillmor:
> On Thu 2018-03-01 17:06:44 +0100, Bernhard Reiter wrote:
> > thanks I've tried your packages today on a GNU Stretch system
> > and got working Gnupg 2.2.5.

> If folks want a backport of 2.2.5 to stretch specifically, please let me
> know.

Personally I think that having a backport of the current GnuPG to Stretch
would be helpful for spreading GnuPG as 2.2.5 has much better capabilities
for WKD.

Bernhard

--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On 2018-03-01 at 17:06 +0100, Bernhard Reiter wrote:
> Your page is quite helpful, my suggestion is to add or link an example how to
> set the path, e.g. sourcing a bash file like
>
> ::::::::::::::
> setgnupg
> ::::::::::::::
> base=/opt/gnupg
>
> export LD_LIBRARY_PATH=$base/lib:$LD_LIBRARY_PATH
> export MANPATH=$base/share/man:$MANPATH
> export PATH=$base/bin:$PATH
> ::::::::::::::

LD_LIBRARY_PATH is unneeded, because the executables have the RPATH
stamped into them.

% readelf -d $(which gpg) | grep RPATH
0x000000000000000f (RPATH) Library rpath: [/opt/gnupg/lib]

You _shouldn't_ need to set MANPATH explicitly on any modern man(1)
system, because they have facilities to translate $PATH to $MANPATH
accordingly. On a Trusty VM, even without anything explicit for
/opt/gnupg listed in /etc/manpath.config, if I run:

unset MANPATH
manpath

then I see the inferred MANPATH which is used by default, and it
contains a correct entry for PATH.

Thus the _only_ step needed is to update $PATH.

My personal stance is that if someone doesn't know how to update PATH,
then that's fine and reasonable, but that someone at such a skill level
has no business installing replacement cryptographic commands from
sources which they are highly unlikely to be able to adequately assess.

-Phil

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Phil,

Am Freitag 09 M?rz 2018 04:55:53 schrieb Phil Pennock:
> On 2018-03-01 at 17:06 +0100, Bernhard Reiter wrote:
> > Your page is quite helpful, my suggestion is to add or link an example
> > how to set the path, e.g. sourcing a bash file like

> LD_LIBRARY_PATH is unneeded, because the executables have the RPATH
> stamped into them.


> You _shouldn't_ need to set MANPATH explicitly on any modern man(1)
> system,

> Thus the _only_ step needed is to update $PATH.

thanks for these hints! While I do have some adminstration knowledge, I did
not research both points. (Just trying out stuff. I've seen that manpath got
more complicated in GNU systems a while ago, but this was not the right time
to learn more about it.)

> My personal stance is that if someone doesn't know how to update PATH,
> then that's fine and reasonable, but that someone at such a skill level
> has no business installing replacement cryptographic commands from
> sources which they are highly unlikely to be able to adequately assess.

My suggestion is about comfort and knowledge sharing,
it is just easier to have your statement about LD_LIBRARY_PATH been
unnecessary seen in an example script and it is less thinking even for
experienced people when they see the example.

Some people may know more GnuPG, but less about Debian or Ubuntu and being
able to judge a new cryptographic command is okay for them. (In this case I
believe I am an example, but of course I know how to set PATH.)

Best Regards,
Bernhard

--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Phil,

Am Freitag 27 Oktober 2017 18:24:45 schrieb Phil Pennock:
> Thus at <https://public-packages.pennock.tech/> I have packages

thanks again for those packages, I'll use them for test sometimes!

Just noticed that with Package: optgnupg-gnupg Version: 2.2.6-pt1
gpg and gpg-connect-agent somehow start the old gpg-agent.

My $PATH is
/opt/gnupg/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

pkill -5 gpg-agent
gpg --version | head -1
# gpg (GnuPG) 2.2.6
gpg-connect-agent --version | head -1
# gpg-connect-agent (GnuPG) 2.2.6
echo "getinfo version" | gpg-connect-agent -v
D 2.1.18

should be 2.2.6.

Best Regards,
Bernhard
ps.: I've used the email address given in the package for testing. ;)

--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On 2018-04-16 at 10:17 +0200, Bernhard Reiter wrote:
> Just noticed that with Package: optgnupg-gnupg Version: 2.2.6-pt1
> gpg and gpg-connect-agent somehow start the old gpg-agent.

Following up to list: systemd is configured to start specific instances
of gpg-agent.

Text added to <https://public-packages.pennock.tech/>:

Users of systemd will have to weigh their options carefully, and
consider editing /usr/lib/systemd/user/gpg-agent.service to change the
paths to the binaries, then run systemctl daemon-reload and log out
and back in again, otherwise gpg will launch the wrong gpg-agent.

-Phil

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On Mon 2018-04-16 12:28:48 -0400, Phil Pennock wrote:
> On 2018-04-16 at 10:17 +0200, Bernhard Reiter wrote:
>> Just noticed that with Package: optgnupg-gnupg Version: 2.2.6-pt1
>> gpg and gpg-connect-agent somehow start the old gpg-agent.
>
> Following up to list: systemd is configured to start specific instances
> of gpg-agent.
>
> Text added to <https://public-packages.pennock.tech/>:
>
> Users of systemd will have to weigh their options carefully, and
> consider editing /usr/lib/systemd/user/gpg-agent.service to change the
> paths to the binaries, then run systemctl daemon-reload and log out
> and back in again, otherwise gpg will launch the wrong gpg-agent.

please don't encourage anyone to edit /usr/lib/systemd/user/* by hand.
use the override mechanism as described in the "Example 2. Overriding
vendor settings" section in systemd.unit(5), or in the "edit" section of
systemctl(1).

--dkg

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Am Dienstag 17 April 2018 00:42:13 schrieb Daniel Kahn Gillmor:
> On Mon 2018-04-16 12:28:48 -0400, Phil Pennock wrote:
> > Text added to <https://public-packages.pennock.tech/>:
> >
> > Users of systemd will have to weigh their options carefully, and
> > consider editing /usr/lib/systemd/user/gpg-agent.service to change the
> > paths to the binaries, then run systemctl daemon-reload and log out
> > and back in again, otherwise gpg will launch the wrong gpg-agent.

Phil,
thanks for analysis and improvement of instructions. Works here.

> please don't encourage anyone to edit /usr/lib/systemd/user/* by hand.
> use the override mechanism as described in the "Example 2. Overriding
> vendor settings" section in systemd.unit(5), or in the "edit" section of
> systemctl(1).

Daniel,
thanks for the pointer. Is there a way to override this systemd
setting as user? As least systemd starts something for a users and this user
may want to have this changed.

Otherwise someone who wants to run a different GnuPG will have to build their
own packages and patch them to use a different socket under user control.
(This would be the solution for packages like Phil's I guess.)

And it seems to be a bug in the original Debian package 2.1.18-8~deb9u1 (as
'--agent-program FILE' is not honored anymore (which stands in contrast to the
documentation in info gnupg).

Best Regards,
Bernhard

--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On 2018-04-16 at 15:42 -0700, Daniel Kahn Gillmor wrote:
> please don't encourage anyone to edit /usr/lib/systemd/user/* by hand.
> use the override mechanism as described in the "Example 2. Overriding
> vendor settings" section in systemd.unit(5), or in the "edit" section of
> systemctl(1).

Noted. Will review those sources and edit.

I'm primarily a FreeBSD user and strictly limit how much I go near
taking anything systemd away from upstream-maintained defaults.

Thanks,
-Phil

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On 2018-04-17 at 09:25 +0200, Bernhard Reiter wrote:
> Am Dienstag 17 April 2018 00:42:13 schrieb Daniel Kahn Gillmor:
> > please don't encourage anyone to edit /usr/lib/systemd/user/* by hand.
> > use the override mechanism as described in the "Example 2. Overriding
> > vendor settings" section in systemd.unit(5), or in the "edit" section of
> > systemctl(1).
>
> Daniel,
> thanks for the pointer. Is there a way to override this systemd
> setting as user? As least systemd starts something for a users and this user
> may want to have this changed.

Yes, that's exactly what is described in the documentation which Daniel
linked to.

> And it seems to be a bug in the original Debian package 2.1.18-8~deb9u1 (as
> '--agent-program FILE' is not honored anymore (which stands in contrast to the
> documentation in info gnupg).

It's more of a problem of the interaction between systemd socket
activation and GnuPG configuration: two things trying to achieve the
same ends, via different methods. Handling this better would require
more extensive surgery of GnuPG and I don't think it's reasonable to
expect Daniel as the OS package maintainer, to do such work. He's got
enough moving pieces to take care of already.

Daniel, I'm sorry, I didn't intend to create support burden for you by
making my own packages publicly available. I do appreciate the
feedback: I should have remembered that systemd has overlay files etc.

Bernhard: the documentation on the website for my packages now has
correct information for safely overriding these settings, both for all
users and for one particular user. I've tested both approaches on
Debian Stretch in a VM, they work for me.

-Phil

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Am Dienstag, 17. April 2018, 19:32:00 CEST schrieb Phil Pennock:
> > thanks for the pointer. Is there a way to override this systemd
> > setting as user?

> Yes, that's exactly what is described in the documentation which Daniel
> linked to.

I skimmed the sections he mentioned and
had missed the part referring to the paths.

> > And it seems to be a bug in the original Debian package 2.1.18-8~deb9u1
> > (as
> > '--agent-program FILE' is not honored anymore (which stands in contrast to
> > the documentation in info gnupg).
>
> It's more of a problem of the interaction between systemd socket
> activation and GnuPG configuration: two things trying to achieve the
> same ends, via different methods.

The defect is in the original package (indepentently to Phil's opt-gnupg).
What advantage has starting via systemd socket, as gpg also starts an agent,
if necessary?

> Bernhard: the documentation on the website for my packages now has
> correct information for safely overriding these settings

I've tried configurating this for one user and it worked, thanks again.
Best,
Bernhard

--
www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Phil,

Am Freitag 27 Oktober 2017 18:24:45 schrieb Phil Pennock:
> Thus at <https://public-packages.pennock.tech/> I have packages

thanks again for those packages, I'll still use them for test sometimes!

Just missed a gpgme package, to see how gpgme-json does, which is needed to
couple Mailvelope to GnuPG [1]. ;)

Best Regards,
Bernhard

[1] https://www.mailvelope.com/en/blog/mailvelope-3.0 announcement


--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On 2019-01-10 at 09:29 +0100, Bernhard Reiter wrote:
> Am Freitag 27 Oktober 2017 18:24:45 schrieb Phil Pennock:
> > Thus at <https://public-packages.pennock.tech/> I have packages
>
> thanks again for those packages, I'll still use them for test sometimes!

Good to know. :)

> Just missed a gpgme package, to see how gpgme-json does, which is needed to
> couple Mailvelope to GnuPG [1]. ;)

I'm a little reluctant to provide gpgme packages, because (1) I don't
use it myself, so would be unlikely to notice failures, and (2) the
combination of languages and dependencies can explode quite quickly. Do
you pull in QT as a dependency always, or skip QT? Node.js?

I recommend just installing gpgme yourself with the required
dependencies for your use-case. Perhaps work from speedo.mk and build
more packages too, migrating to have everything under your local
control. My packages are convenient for some use-cases, but I'm also
one person who might get hit by a bus. They'll get you able to make
progress and move forward with "current GnuPG ecosystem, installed out
of the way of the system, ASAP".

I think that gpgme with the various integration options, considered
across multiple OSes, is a step too far for me to be comfortable trying
to maintain unless and until I have a use-case for my own systems.

-Phil

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Am Freitag 11 Januar 2019 00:04:47 schrieb Phil Pennock:
> I recommend just installing gpgme yourself with the required
> dependencies for your use-case.

Maybe that would be a good statement to add to your page (if somebody else
wonders).

> I think that gpgme with the various integration options, considered
> across multiple OSes, is a step too far for me to be comfortable trying
> to maintain unless and until I have a use-case for my own systems.

Thanks for the response and for having a clear and good understanding of what
you can and want to provide! To me it makes good sense.

Still, as you have intended, I believe your packages are a helpful addition to
the GnuPG packaging ecosystem, so thanks again.

Cheers,
Bernhard

--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Hi Bernhard--

On Thu 2019-01-10 09:29:37 +0100, Bernhard Reiter wrote:
> Just missed a gpgme package, to see how gpgme-json does, which is needed to
> couple Mailvelope to GnuPG [1]. ;)

That would be great to have! I welcome followup on
https://bugs.debian.org/911189

Suggestions or patches are welcome -- i'd be very happy to have more
people actively contributing to the debian packaging for gpgme.

all the best,

--dkg
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Am Donnerstag 10 Januar 2019 09:29:37 schrieb Bernhard Reiter:
> Am Freitag 27 Oktober 2017 18:24:45 schrieb Phil Pennock:
> > Thus at <https://public-packages.pennock.tech/> I have packages
>
> thanks again for those packages, I'll still use them for test sometimes!

Note that since August there are current gnupg 2.2 packages
in Debian Stretch backports, see
https://tracker.debian.org/pkg/gnupg2

Still missing Jessie and Ubuntu
https://packages.ubuntu.com/search?keywords=gnupg&searchon=names&suite=all&section=all
but at least Ubuntu has 2.2.4 in 18.04LTS.

Regards,
Bernhard

--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On 01/02/2019 13:29, Bernhard Reiter wrote:

> Still missing Jessie and Ubuntu

I don't know about Ubuntu, but it can't go into jessie-backports because
backports can't go ahead of what the /next/ stable version has.

(That obviously doesn't mean somebody couldn't provide packages for
jessie, just that it won't go into the official jessie-backports).

> but at least Ubuntu has 2.2.4 in 18.04LTS.

Yes, it's nice that the LTS has 2.2.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On Fri 2019-02-01 15:42:01 +0100, Peter Lebbing wrote:
> On 01/02/2019 13:29, Bernhard Reiter wrote:
>
>> Still missing Jessie and Ubuntu
>
> I don't know about Ubuntu, but it can't go into jessie-backports because
> backports can't go ahead of what the /next/ stable version has.
>
> (That obviously doesn't mean somebody couldn't provide packages for
> jessie, just that it won't go into the official jessie-backports).

please see this depressing thread on the debian-lts mailing list about
the unlikelihood of getting gnupg itself fixed in jessie:

https://lists.debian.org/debian-lts/2019/01/msg00050.html

--dkg

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Phil,

Am Freitag 27 Oktober 2017 18:24:45 schrieb Phil Pennock:
> Thus at <https://public-packages.pennock.tech/> I have packages

again thanks for them!

Wanted to try the latest way to test for WKD support
gpg-wks-client --supported

Noticed that gpg-wkd-client is not packaged?

Best Regards,
Bernhard


--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On Tue 2019-03-19 12:03:48 +0100, Bernhard Reiter wrote:
> Wanted to try the latest way to test for WKD support
> gpg-wks-client --supported
>
> Noticed that gpg-wkd-client is not packaged?

What is gpg-wkd-client? do you mean gpg-wks-client?

I note that gpg-wks-client is available in stretch-backports, thanks to
work by Roger Shimizu (in cc here).

--dkg

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
On 2019-03-19 at 12:03 +0100, Bernhard Reiter wrote:
> > Thus at <https://public-packages.pennock.tech/> I have packages

> Wanted to try the latest way to test for WKD support
> gpg-wks-client --supported
>
> Noticed that gpg-wkd-client is not packaged?

GnuPG places this into `libexec` rather than `bin` or `sbin`. I don't
mess with those relative paths. I preserve the upstream package's idea
of where things should go, rather than distribution guidelines. Using
an `/opt/` namespace makes this something I'm willing to defend: I
package the upstream with as few changes as possible.

Thus: /opt/gnupg/libexec/gpg-wks-client

-Phil

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Am Mittwoch 20 M?rz 2019 12:22:11 schrieb Daniel Kahn Gillmor:
> What is gpg-wkd-client? do you mean gpg-wks-client?

Yes, sorry!

Am Mittwoch 20 M?rz 2019 17:21:46 schrieb Phil Pennock:
> GnuPG places this into `libexec` rather than `bin` or `sbin`.

Werner, is this still the best place? Given that many other binaries are also
quite low level?

> Thus: /opt/gnupg/libexec/gpg-wks-client

Thanks for the pointer, I did search for it in the packages, but obviously
made a mistake!

Bernhard


--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Hi,

On Thursday 21 March 2019 09:17:47 CET Bernhard Reiter wrote:
> Werner, is this still the best place? Given that many other binaries are
also
> quite low level?

Uhm the libexec thing is on me.
gpg-wks-client and gpg-wks-server were very low level at first and only
intended to be used by higher level applications. So I found libexec to be the
right place.

gpg-wks-client gained more usefulness. So I now think that we should install
it to /usr/bin. I guess we will change that in master for GnuPG 2.3.

On Windows the gpg-wks-client is already installed under bin and in the PATH.


Regards,
Andre

--
GnuPG.com - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.

GnuPG e.V., Rochusstr. 44, D-40479 D?sseldorf. VR 11482 D?sseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke. Mail: board@gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-2104-4938799
Re: GnuPG 2.2 on elder Debian & Ubuntu distros [ In reply to ]
Phil,

Am Freitag 27 Oktober 2017 18:24:45 schrieb Phil Pennock:
> Thus at <https://public-packages.pennock.tech/> I have packages

still cool!

I've added them to https://wiki.gnupg.org/PlatformNotes now. :)

Best Regards,
Bernhard


--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner