Re: cygport upgrade to use gnupg2/gpg2 if available
On 25/06/2024 01:09, Brian Inglis via Cygwin-apps wrote: On 2024-06-24 16:23, Marco Atzeri via Cygwin-apps wrote: On 26/11/2023 15:40, Jon Turney via Cygwin-apps wrote: On 21/11/2023 06:58, ASSI via Cygwin-apps wrote: Brian Inglis via Cygwin-apps writes: But yeah, I think gpg2 obsoleting gpg, with compatibility symlinks is probably the right thing to do. I will implement this in the next 2.4.5 the current test version seems also able to correctly contact keyservers. That was a problem on latest gpg2 package Yay! At last. That has been frustrating as I have been tweaking my keyserver configs in the hopes of getting the latest keys accepted for my package sources, other downloads, and scripts. I might be able to update and willing to adopt libxslt if all our gpg updates hang together. test version for gnupg2-2.4.5-1 libksba-1.6.7-1 are also up. If you can also test Regards Marco
Re: cygport upgrade to use gnupg2/gpg2 if available
On 2024-06-24 16:23, Marco Atzeri via Cygwin-apps wrote: On 26/11/2023 15:40, Jon Turney via Cygwin-apps wrote: On 21/11/2023 06:58, ASSI via Cygwin-apps wrote: Brian Inglis via Cygwin-apps writes: After applying the attached patches, which add support for the newer gpg2 from gnupg2 if installed, the attached log second chunk shows the new keys verified by gpg2 added to lib/src_prep.cygpart ___gpg_verify(). Similar code has been added to lib/pkg_pkg.cygpart __pkg_srcpkg() for check and definition and __gpg_sign() for use in gpg signing of Cygwin patches and files. We should just switch to gpg2 an require that, there is no point in trying to use GPG 1.x anymore. https://repo.or.cz/cygport/rpm-style.git/commitdiff/84279e484726a68cc8f08e7c9126bef13d9510d7 I think this is the correct patch, so I'll probably apply this. But yeah, I think gpg2 obsoleting gpg, with compatibility symlinks is probably the right thing to do. I will implement this in the next 2.4.5 the current test version seems also able to correctly contact keyservers. That was a problem on latest gpg2 package Yay! At last. That has been frustrating as I have been tweaking my keyserver configs in the hopes of getting the latest keys accepted for my package sources, other downloads, and scripts. I might be able to update and willing to adopt libxslt if all our gpg updates hang together. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry
Re: cygport upgrade to use gnupg2/gpg2 if available
On 26/11/2023 15:40, Jon Turney via Cygwin-apps wrote: On 21/11/2023 06:58, ASSI via Cygwin-apps wrote: Brian Inglis via Cygwin-apps writes: After applying the attached patches, which add support for the newer gpg2 from gnupg2 if installed, the attached log second chunk shows the new keys verified by gpg2 added to lib/src_prep.cygpart ___gpg_verify(). Similar code has been added to lib/pkg_pkg.cygpart __pkg_srcpkg() for check and definition and __gpg_sign() for use in gpg signing of Cygwin patches and files. We should just switch to gpg2 an require that, there is no point in trying to use GPG 1.x anymore. https://repo.or.cz/cygport/rpm-style.git/commitdiff/84279e484726a68cc8f08e7c9126bef13d9510d7 I think this is the correct patch, so I'll probably apply this. But yeah, I think gpg2 obsoleting gpg, with compatibility symlinks is probably the right thing to do. I will implement this in the next 2.4.5 the current test version seems also able to correctly contact keyservers. That was a problem on latest gpg2 package Regards Marco
Re: cygport upgrade to use gnupg2/gpg2 if available
On 21/11/2023 06:58, ASSI via Cygwin-apps wrote: Brian Inglis via Cygwin-apps writes: After applying the attached patches, which add support for the newer gpg2 from gnupg2 if installed, the attached log second chunk shows the new keys verified by gpg2 added to lib/src_prep.cygpart ___gpg_verify(). Similar code has been added to lib/pkg_pkg.cygpart __pkg_srcpkg() for check and definition and __gpg_sign() for use in gpg signing of Cygwin patches and files. We should just switch to gpg2 an require that, there is no point in trying to use GPG 1.x anymore. https://repo.or.cz/cygport/rpm-style.git/commitdiff/84279e484726a68cc8f08e7c9126bef13d9510d7 I think this is the correct patch, so I'll probably apply this. But yeah, I think gpg2 obsoleting gpg, with compatibility symlinks is probably the right thing to do.
Re: cygport upgrade to use gnupg2/gpg2 if available
On 2023-11-24 14:29, Marco Atzeri via Cygwin-apps wrote: On 21.11.2023 07:58, ASSI via Cygwin-apps wrote: Brian Inglis via Cygwin-apps writes: After applying the attached patches, which add support for the newer gpg2 from gnupg2 if installed, the attached log second chunk shows the new keys verified by gpg2 added to lib/src_prep.cygpart ___gpg_verify(). Similar code has been added to lib/pkg_pkg.cygpart __pkg_srcpkg() for check and definition and __gpg_sign() for use in gpg signing of Cygwin patches and files. We should just switch to gpg2 an require that, there is no point in trying to use GPG 1.x anymore. https://repo.or.cz/cygport/rpm-style.git/commitdiff/84279e484726a68cc8f08e7c9126bef13d9510d7 ++1? should I just retire gpg 1.x and stop having gpg2 as different binary name ? Or obsolete 1 with 2 and add compatibility symlinks or scripts? Keep names separate so easy to check. $ for i in /usr/bin/gpg* ; do echo -n $i " : " ; cygcheck -f $i ; done /usr/bin/gpg.exe : gnupg-1.4.23-1 /usr/bin/gpg2.exe : gnupg2-2.2.35-2 /usr/bin/gpg-agent.exe : gnupg2-2.2.35-2 /usr/bin/gpgconf.exe : gnupg2-2.2.35-2 /usr/bin/gpg-connect-agent.exe : gnupg2-2.2.35-2 /usr/bin/gpg-error.exe : libgpg-error-devel-1.47-1 /usr/bin/gpgme-config : libgpgme-devel-1.9.0-1 /usr/bin/gpgme-tool.exe : libgpgme-devel-1.9.0-1 /usr/bin/gpgparsemail.exe : gnupg2-2.2.35-2 /usr/bin/gpgrt-config : libgpg-error-devel-1.47-1 /usr/bin/gpgscm.exe : gnupg2-2.2.35-2 /usr/bin/gpgsm.exe : gnupg2-2.2.35-2 /usr/bin/gpgsplit.exe : gnupg-1.4.23-1 gnupg2-2.2.35-2 /usr/bin/gpgtar.exe : gnupg2-2.2.35-2 /usr/bin/gpgv.exe : gnupg-1.4.23-1 /usr/bin/gpgv2.exe : gnupg2-2.2.35-2 /usr/bin/gpg-wks-server.exe : gnupg2-2.2.35-2 /usr/bin/gpg-zip : gnupg-1.4.23-1 gpg-zip is only in 1, gpgsplit is in 1 *AND* 2, but likely 2 is installed over 1, and a lot of new stuff is in 2: $ cygcheck -l gnupg | grep bin/ /usr/bin/gpg-zip /usr/bin/gpg.exe /usr/bin/gpgsplit.exe /usr/bin/gpgv.exe $ cygcheck -l gnupg2 | grep bin/ /usr/bin/dirmngr-client.exe /usr/bin/dirmngr.exe /usr/bin/gpg-agent.exe /usr/bin/gpg-connect-agent.exe /usr/bin/gpg-wks-server.exe /usr/bin/gpg2.exe /usr/bin/gpgconf.exe /usr/bin/gpgparsemail.exe /usr/bin/gpgscm.exe /usr/bin/gpgsm.exe /usr/bin/gpgsplit.exe /usr/bin/gpgtar.exe /usr/bin/gpgv2.exe /usr/bin/kbxutil.exe /usr/bin/watchgnupg.exe /usr/sbin/addgnupghome /usr/sbin/applygnupgdefaults -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry
Re: cygport upgrade to use gnupg2/gpg2 if available
On 21.11.2023 07:58, ASSI via Cygwin-apps wrote: Brian Inglis via Cygwin-apps writes: After applying the attached patches, which add support for the newer gpg2 from gnupg2 if installed, the attached log second chunk shows the new keys verified by gpg2 added to lib/src_prep.cygpart ___gpg_verify(). Similar code has been added to lib/pkg_pkg.cygpart __pkg_srcpkg() for check and definition and __gpg_sign() for use in gpg signing of Cygwin patches and files. We should just switch to gpg2 an require that, there is no point in trying to use GPG 1.x anymore. https://repo.or.cz/cygport/rpm-style.git/commitdiff/84279e484726a68cc8f08e7c9126bef13d9510d7 Regards, Achim. should I just retire gpg 1.x and stop having gpg2 as different binary name ? $ for i in /usr/bin/gpg* ; do echo -n $i " : " ; cygcheck -f $i ; done /usr/bin/gpg.exe : gnupg-1.4.23-1 /usr/bin/gpg2.exe : gnupg2-2.2.35-2 /usr/bin/gpg-agent.exe : gnupg2-2.2.35-2 /usr/bin/gpgconf.exe : gnupg2-2.2.35-2 /usr/bin/gpg-connect-agent.exe : gnupg2-2.2.35-2 /usr/bin/gpg-error.exe : libgpg-error-devel-1.47-1 /usr/bin/gpgme-config : libgpgme-devel-1.9.0-1 /usr/bin/gpgme-tool.exe : libgpgme-devel-1.9.0-1 /usr/bin/gpgparsemail.exe : gnupg2-2.2.35-2 /usr/bin/gpgrt-config : libgpg-error-devel-1.47-1 /usr/bin/gpgscm.exe : gnupg2-2.2.35-2 /usr/bin/gpgsm.exe : gnupg2-2.2.35-2 /usr/bin/gpgsplit.exe : gnupg-1.4.23-1 gnupg2-2.2.35-2 /usr/bin/gpgtar.exe : gnupg2-2.2.35-2 /usr/bin/gpgv.exe : gnupg-1.4.23-1 /usr/bin/gpgv2.exe : gnupg2-2.2.35-2 /usr/bin/gpg-wks-server.exe : gnupg2-2.2.35-2 /usr/bin/gpg-zip : gnupg-1.4.23-1
Re: cygport upgrade to use gnupg2/gpg2 if available
Brian Inglis via Cygwin-apps writes: > After applying the attached patches, which add support for the newer > gpg2 from gnupg2 if installed, the attached log second chunk shows the > new keys verified by gpg2 added to lib/src_prep.cygpart > ___gpg_verify(). > > Similar code has been added to lib/pkg_pkg.cygpart __pkg_srcpkg() for > check and definition and __gpg_sign() for use in gpg signing of Cygwin > patches and files. We should just switch to gpg2 an require that, there is no point in trying to use GPG 1.x anymore. https://repo.or.cz/cygport/rpm-style.git/commitdiff/84279e484726a68cc8f08e7c9126bef13d9510d7 Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada
Re: cygport upgrade to use gnupg2/gpg2 if available
On 2023-11-20 21:51, Brian Inglis via Cygwin-apps wrote: The attached log first chunk shows that new downloads especially GnuPG and GNU packages may be signed with keys not recognized by old gnupg/gpg. After applying the attached patches, which add support for the newer gpg2 from gnupg2 if installed, the attached log second chunk shows the new keys verified by gpg2 added to lib/src_prep.cygpart ___gpg_verify(). Similar code has been added to lib/pkg_pkg.cygpart __pkg_srcpkg() for check and definition and __gpg_sign() for use in gpg signing of Cygwin patches and files. Not sure what previous lib/src_prep.cygpart patch was generated from, but patch from correct sources is attached. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry--- /usr/share/cygport/lib/src_prep.cygpart.orig2023-08-07 09:46:31.0 -0600 +++ /usr/share/cygport/lib/src_prep.cygpart 2023-11-20 23:15:36.349253300 -0700 @@ -181,12 +181,14 @@ __gpg_verify() { local _filetype=${2}; local _sigext=${3:-sig}; - if ! check_prog gpg + if check_prog gpg2; then GPG=gpg2; else GPG=gpg; fi + + if ! check_prog $GPG then # display notice only once if ! defined _gpg_not_found_ then - inform "gnupg must be installed in order to check signatures."; + inform "gnupg2 or gnupg must be installed in order to check signatures."; _gpg_not_found_=1 fi @@ -196,7 +198,7 @@ __gpg_verify() { if [ -f ${_file}.${_sigext} ] then inform "${_filetype} signature follows:"; - gpg --verify ${_file}.${_sigext} ${_file} || true; + $GPG --verify ${_file}.${_sigext} ${_file} || true; fi }
cygport upgrade to use gnupg2/gpg2 if available
Hi folks, The attached log first chunk shows that new downloads especially GnuPG and GNU packages may be signed with keys not recognized by old gnupg/gpg. After applying the attached patches, which add support for the newer gpg2 from gnupg2 if installed, the attached log second chunk shows the new keys verified by gpg2 added to lib/src_prep.cygpart ___gpg_verify(). Similar code has been added to lib/pkg_pkg.cygpart __pkg_srcpkg() for check and definition and __gpg_sign() for use in gpg signing of Cygwin patches and files. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry>>> Preparing gpgme-1.23.1-1.x86_64 *** Info: SOURCE 1 signature follows: gpg: Signature made 2023 Oct 27 Fri 06:41:07 MDT using ? key ID 26403ADA gpg: Can't check signature: unknown pubkey algorithm gpg: Signature made 2023 Nov 14 Tue 17:50:43 MST using ? key ID 19C6C8BD gpg: Can't check signature: unknown pubkey algorithm >>> Preparing gpgme-1.23.1-1.x86_64 *** Info: SOURCE 1 signature follows: gpg: Signature made 2023 Oct 27 Fri 06:41:07 MDT gpg:using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA gpg: Good signature from "Werner Koch (dist signing 2020)" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA gpg: Signature made 2023 Nov 14 Tue 17:50:43 MST gpg:using EDDSA key AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD gpg: Good signature from "Niibe Yutaka (GnuPG Release Key)" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD --- /usr/share/cygport/lib/pkg_pkg.cygpart.orig 2023-03-08 06:07:57.0 -0700 +++ /usr/share/cygport/lib/pkg_pkg.cygpart 2023-11-19 21:13:16.879391200 -0700 @@ -505,7 +505,7 @@ __gpg_sign() { echo "${2} signature needs to be updated"; rm -f ${1}.sig; # we 'check_prog gpg' in __pkg_srcpkg() - gpg --detach-sign ${1}; + $GPG --detach-sign ${1}; } __squeeze_whitespace() { @@ -563,7 +563,9 @@ __pkg_srcpkg() { if __arg_bool SIG then - if check_prog gpg + if check_prog gpg2; then GPG=gpg2; else GPG=gpg; fi + + if check_prog $GPG then __gpg_sign ${spkgdir}/${cygportfile} "CYGPORT SCRIPT"; @@ -583,14 +585,15 @@ __pkg_srcpkg() { __gpg_sign ${spkgdir}/${src_patchfile} "SOURCE PATCH"; fi else - inform "gnupg must be installed in order to make signatures."; + inform "gnupg2 or gnupg must be installed in order to make signatures."; fi fi cd ${spkgdir%/*}; mkdir -p ${distdir}/${PN}; - __tar ${distdir}/${PN}/${PF}-src.tar.${TAR_COMPRESSION_EXT} ${spkgdir##*/}/ || error "Source package creation failed" + __tar ${distdir}/${PN}/${PF}-src.tar.${TAR_COMPRESSION_EXT} ${spkgdir##*/}/ \ + || error "Source package creation failed" echo; # source package hint --- /usr/share/cygport/lib/src_prep.cygpart.orig2023-11-19 18:51:13.284177300 -0700 +++ /usr/share/cygport/lib/src_prep.cygpart 2023-11-19 21:00:35.754036900 -0700 @@ -181,12 +181,14 @@ __gpg_verify() { local _filetype=${2}; local _sigext=${3:-sig}; - if ! check_prog gpg && ! check_prog gpg2 + if check_prog gpg2; then GPG=gpg2; else GPG=gpg; fi + + if ! check_prog $GPG then # display notice only once if ! defined _gpg_not_found_ then - inform "gnupg or gnupg2 must be installed in order to check signatures."; + inform "gnupg2 or gnupg must be installed in order to check signatures."; _gpg_not_found_=1 fi @@ -195,7 +197,6 @@ __gpg_verify() { if [ -f ${_file}.${_sigext} ] then - [ check_prog gpg2 ] && GPG=gpg2 || GPG=gpg inform "${_filetype} signature follows:"; $GPG --verify ${_file}.${_sigext} ${_file} || true; fi