public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [RFC] gnupg-2 stable plans
Date: Wed, 12 Dec 2007 20:46:09 -0800	[thread overview]
Message-ID: <20071213044609.GK14557@curie-int.orbis-terrarum.net> (raw)
In-Reply-To: <1197471836.22498.6.camel@wlt.obsidian-studios.com>


[-- Attachment #1.1: Type: text/plain, Size: 3823 bytes --]

On Wed, Dec 12, 2007 at 10:03:56AM -0500, William L. Thomson Jr. wrote:
> On Wed, 2007-12-12 at 14:30 +0200, Alon Bar-Lev wrote:
> > Slotting makes logic if there is some advantage of having both slots
> > installed at the same machine,
> Guess it's never been clear to you in upstream announcement that gnupg-1
> BENEFITS from gnupg-2 co-existing. Again go back and read the
> announcement.
> >  as gnupg-2 does all gnupg-1 does,
> It does NOT, do a comparison of command line args.
See the attached diff between the argument parsing.
I warned you last time, that it wasn't commandline argumnents, but
configure file arguments. Per bug
http://bugs.gentoo.org/show_bug.cgi?id=159505, upstream has decreed that
nobody should use 'gpg-agent-info' in the configuration file, and
instead, should use either the --gpg-agent-info argument to gpg, or set
the GPG_AGENT_INFO environment variable.

Upstream Seahorse did get this resolved, per bug
http://bugs.gentoo.org/show_bug.cgi?id=164523, which is why GPG2 can go
stable now. Evolution and Thunderbird resolved their issues as well,
which were much less of a problem, as they only used GPG - not tried to
be a gpg-agent replacement like Seahorse.

> > there
> > is no point in slotting, forcing users to mess with eselect in order
> > to resolve the dependency of other packages with gnupg.
> You keep bringing up eselect when there is NO need. Apps that are
> designed for gnupg2 call gpg2 or link to the -2 version of the .so.
> Done, and NO need for eselect. That BS has flown, been sold, or bought
> for over a year now :)
That is bull, and as the crypto herd, we raised it before.

> Try again with some more BS reasons not to slot :)
The most common way for applications to use GPG is via libgpgme
http://tinderbox.dev.gentoo.org/misc/rindex/app-crypt/gpgme for the
large list, KDE is there, so is GNOME [via seahorse]). It's a sucky
library IMO, but it's widely used. The core problem with it, is that it
execs the GPG binary, and that the location binary chosen for execution
is compiled into the library at build-time.

That is, if you have /usr/bin/gpg and /usr/bin/gpg2, you can compile it
against exactly one of them. If you have it built against GPG1, and
happen to need some functionality that is only present in GPG2 (eg
SHA-224 message hashes), you need to recompile gpgme to use gpg2, but
then you run into trouble with your complaint.

Or you could have an eselect module for each non-root user to choose
which GPG they wanted, or you could just avoid the entire issue and
recommend that everybody upgrades to GPG2.

> > You can always mask >=gnupg-2 if you want the 1.X series on embedded
> > devices.
> Which I have done for my desktop use for >6 months now. Masking to use a
> current version of a package version that will continue to be maintained
> in the same slot as a newer version is quite stupid. IMHO.
I think that GnuPG is going to end up with the following case:
- Pick ANY _one_ supported major version of GnuPG, and stick with it.
We used to support 1.2 and 1.4 (not slotted, just one-of). Upstream
GnuPG stopped 1.2 support, and now we support 1.4 and 2.0.

The attached diff shows the difference in the command-line options
supported by GPG-1.4.x vs. GPG-2.0.x.
- The smartcard reader stuff CCID/CT/*SC has moved to be external.
- The list-ownertrust, pipemode, shm-coproc were 1.2 features, marked as
  deprecated in 1.4, and removed in 2.0.

You'll be fine until some GPG-using package wants a feature specific to
GPG2, and then you can either complain at the authors of that app, or
suck it up and upgrade.

-- 
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #1.2: gnupg-1.4.7-2.0.7-commandline-arguments.patch --]
[-- Type: text/plain, Size: 5283 bytes --]

This is a comparision between the commandline arguments supported by GnuPG
v1.4.7 and v2.0.7. It was produced by grabbing the 'ARGPARSE_OPTS opts' block
from the g10/gpg.c file in each tarball, joining lines where a single option
spanned multiple lines, then sorting and diffing.

Created-by: Robin H. Johnson <robbat2@gentoo.org>

--- gpg1-opts	2007-12-12 18:38:40.000000000 -0800
+++ gpg2-opts	2007-12-12 18:38:44.000000000 -0800
@@ -50,7 +50,6 @@
     { aListKeys, "list-key", 0, "@" }, /* alias */
     { aListKeys, "list-keys", 256, N_("list keys")},
     { aListKeys, "list-public-keys", 256, "@" },
-    { aListOwnerTrust, "list-ownertrust", 256, "@"}, /* deprecated */
     { aListPackets, "list-packets",256, "@"},
     { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
     { aListSigs, "list-sig", 0, "@" }, /* alias */
@@ -58,7 +57,6 @@
     { aListTrustDB, "list-trustdb",0 , "@"},
     /* { aListTrustPath, "list-trust-path",0, "@"}, */
     { aLSignKey, "lsign-key"  ,256, N_("sign a key locally")},
-    { aPipeMode,  "pipemode", 0, "@" },
     { aPrimegen, "gen-prime" , 256, "@" },
     { aPrintMD,  "print-md" , 256, N_("|algo [files]|print message digests")},
     { aPrintMDs, "print-mds" , 256, "@"}, /* old */
@@ -67,6 +65,7 @@
     { aRefreshKeys, "refresh-keys", 256, N_("update all keys from a keyserver")},
     { aSearchKeys, "search-keys" , 256, N_("search for keys on a key server") },
     { aSendKeys, "send-keys"     , 256, N_("export keys to a key server") },
+    { aServer,   "server",      256, N_("run in server mode")},
     { aSignKey,  "sign-key"   ,256, N_("sign a key")},
     { aSign, "sign",      256, N_("|[file]|make a signature")},
     { aStore, "store",     256, "@"},
@@ -74,6 +73,7 @@
     { aUpdateTrustDB, "update-trustdb",0 , N_("update the trust database")},
     { aVerifyFiles, "verify-files" , 256, "@" },
     { aVerify, "verify"   , 256, N_("verify a signature")},
+    { oAgentProgram, "agent-program", 2 , "@" },
     { oAllowFreeformUID, "allow-freeform-uid", 0, "@" },
     { oAllowMultipleMessages, "allow-multiple-messages", 0, "@"},
     { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"},
@@ -109,10 +109,9 @@
     { oCompressLevel, "compress-level", 1, "@" },
     { oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
     { oCompressSigs, "compress-sigs",0, "@"},
-    { octapiDriver, "ctapi-driver",  2, "@"},
     { oDebugAll, "debug-all" ,0, "@"},
-    { oDebugCCIDDriver, "debug-ccid-driver", 0, "@"},
     { oDebug, "debug"     ,4|16, "@"},
+    { oDebugLevel, "debug-level" ,2, "@"},
     { oDefaultComment, "default-comment", 0, "@" },
     { oDefaultKey, "default-key", 2, "@"},
     { oDefaultKeyserverURL,  "default-keyserver-url", 2, "@"},
@@ -124,7 +123,6 @@
     { oDefRecipientSelf, "default-recipient-self", 0, "@"},
     { oDefSigExpire, "default-sig-expire", 2, "@"},
     { oDigestAlgo, "digest-algo", 2, "@"},
-    { oDisableCCID, "disable-ccid", 0, "@"},
     { oDisableCipherAlgo,  "disable-cipher-algo", 2, "@" },
     { oDisableDSA2, "disable-dsa2", 0, "@"},
     { oDisableMDC, "disable-mdc", 0, "@"},
@@ -172,7 +170,6 @@
     { oKeyring, "keyring", 2, "@"},
     { oKeyServer, "keyserver", 2, "@"},
     { oKeyServerOptions, "keyserver-options",2,"@"},
-    { oKOption, NULL,	 0, "@"},
     { oLCctype,    "lc-ctype",    2, "@" },
     { oLCmessages, "lc-messages", 2, "@" },
     { oLimitCardInsertTries, "limit-card-insert-tries", 1, "@"},
@@ -185,7 +182,7 @@
     { oLockNever, "lock-never", 0, "@" },
     { oLockOnce, "lock-once", 0, "@" },
     { oLoggerFD, "logger-fd",1, "@" },
-    { oLoggerFile, "logger-file",2, "@" },
+    { oLoggerFile, "log-file",2, "@" },
     { oMangleDosFilenames, "mangle-dos-filenames", 0, "@" },
     { oMarginalsNeeded, "marginals-needed", 1, "@"},
     { oMaxCertDepth,	"max-cert-depth", 1, "@" },
@@ -257,7 +254,6 @@
     { oPasswdFile, "passphrase-file",2, "@" },
     { oPasswd, "passphrase",2, "@" },
     { oPasswdRepeat, "passphrase-repeat", 1, "@"},
-    { opcscDriver, "pcsc-driver",    2, "@"},
     { oPersonalCipherPreferences,  "personal-cipher-preferences", 2, "@"},
     { oPersonalCipherPreferences, "personal-cipher-prefs", 2, "@"},
     { oPersonalCompressPreferences,  "personal-compress-preferences", 2, "@"},
@@ -271,9 +267,8 @@
     { oPhotoViewer,  "photo-viewer", 2, "@" },
     { oPreservePermissions, "preserve-permissions", 0, "@"},
     { oPrimaryKeyring, "primary-keyring",2, "@" },
-    { oQuickRandom, "quick-random", 0, "@"},
+    { oQuickRandom, "debug-quick-random", 0, "@"},
     { oQuiet,	"quiet",   0, "@"},
-    { oReaderPort, "reader-port",    2, "@"},
     { oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")},
     { oRecipient, "remote-user", 2, "@"},  /* old option name */
     { oRecipient, "user", 2, "@" },
@@ -283,7 +278,6 @@
     { oRFC1991, "rfc1991",   0, "@"},
     { oRFC2440, "rfc2440", 0, "@" },
     { oRFC2440Text, "rfc2440-text", 0, "@"},
-    { oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
     { oS2KCipher, "s2k-cipher-algo", 2, "@"},
     { oS2KCount, "s2k-count", 1, "@"},
     { oS2KDigest, "s2k-digest-algo", 2, "@"},

[-- Attachment #2: Type: application/pgp-signature, Size: 321 bytes --]

  reply	other threads:[~2007-12-13  4:48 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-12-08 13:49 [gentoo-dev] [RFC] gnupg-2 stable plans Alon Bar-Lev
2007-12-09  7:21 ` Donnie Berkholz
2007-12-11 20:49   ` Alon Bar-Lev
2007-12-11 23:14     ` Donnie Berkholz
2007-12-12  5:10       ` Alon Bar-Lev
2007-12-12  4:37 ` William L. Thomson Jr.
2007-12-12  5:07   ` Alon Bar-Lev
2007-12-12  9:10     ` Jan Kundrát
2007-12-12 12:26       ` Alon Bar-Lev
2007-12-12 15:08         ` William L. Thomson Jr.
2007-12-12 15:55           ` Santiago M. Mola
2007-12-12 16:11           ` Doug Klima
2007-12-12 16:51             ` William L. Thomson Jr.
2007-12-12 15:17         ` Jan Kundrát
2007-12-12 10:15     ` Mart Raudsepp
2007-12-12 12:30       ` Alon Bar-Lev
2007-12-12 15:03         ` William L. Thomson Jr.
2007-12-13  4:46           ` Robin H. Johnson [this message]
2007-12-13  5:57             ` William L. Thomson Jr.
2007-12-13 17:28 ` [gentoo-dev] " Alon Bar-Lev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071213044609.GK14557@curie-int.orbis-terrarum.net \
    --to=robbat2@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox