Re: GnuPG 2.2.0 and replacement of GnuPG1
On 09/17/2017 02:12 PM, Brian Exelbierd wrote: On Thu, Sep 7, 2017, at 02:25 PM, Dominik 'Rathann' Mierzejewski wrote: On Sunday, 03 September 2017 at 13:45, Igor Gnatenko wrote: GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink from /usr/bin/gpg to /usr/bin/gpg2.. Is it time to retire gnupg (v1) ? hplip still requires gnupg. docker seems to as well ... regards, bex ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org We will change the docker requirement to be V2. We have no idea why it is set to V1, and upstream Docker is using v2. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On Thu, Sep 7, 2017, at 02:25 PM, Dominik 'Rathann' Mierzejewski wrote: > On Sunday, 03 September 2017 at 13:45, Igor Gnatenko wrote: > > GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink > > from /usr/bin/gpg to /usr/bin/gpg2.. > > > > Is it time to retire gnupg (v1) ? > > hplip still requires gnupg. docker seems to as well ... regards, bex ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On 07/09/17 14:25, Dominik 'Rathann' Mierzejewski wrote: > On Sunday, 03 September 2017 at 13:45, Igor Gnatenko wrote: >> GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink >> from /usr/bin/gpg to /usr/bin/gpg2.. >> >> Is it time to retire gnupg (v1) ? > > hplip still requires gnupg. I won't raise the banner on the barricades over this one, but I have been able (by tweaking the hplip.spec file somewhat) to build hplip-3.17.4-1 on RHEL7. Had to revert Python3 -> Python2 and ditched the GUI tools. And RHEL7 ships only gnupg2. That said, I don't know how broken my build is (all I know is that it works well enough for my printer, including network scan). But for all I know, it might be it is the GUI tools which depends on the gnupg stuff. -- kind regards, David Sommerseth signature.asc Description: OpenPGP digital signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
Till Maas venit, vidit, dixit 04.09.2017 18:24: > On Mon, Sep 04, 2017 at 08:56:31AM +0200, Remi Collet wrote: > >> gnupg v2 is a nightmare for "server", I maintain some PHP extensions and >> libraries which works perfectly against v1, and not against v2 > > Would it be ok for you to patch the libraries to use /usr/bin/gpg1 > instead? > >> And, AFAIK, v1 is still maintained. > > It is on life-support but not properly maintained. GPG2 uses a better > file format for private keys that GPG1 does not understand. Therefore > GPG2 allows for example to merge GPG subkeys for private keys. If one > relies on GPG2. Also the GPG agent for GPG2 seems to be better than the > GPG1 agent. AFAIK there is no benefit for anyone to still use GPG1 over > GPG2 except for not updating code now. For me it only causes problems > when I accidentally use GPG1 instead of GPG2 because the gpg command > points to GPG1. Also I remember that there might be issues with GPG > signing GIT commits since it defaults to using the gpg command instead > of using the gpg2 command. It uses gpg if present, and gpg2 if gpg is not present; also gpg.program can be set in global config to force a specific program. Note that Git uses "gpg" in a way that works with both versions (as far as the commandline is concerned). So, the only problem for Git is when gpg(1) is installed along with gpg2 and users expect Git to "magically" use gpg2 when they prefer that (key store, agent set-up). > Eventually GPG1 will die anyhow. Also the default library gpgme supports > GPG2 correctly and it would be better for code to use GPG via gpgme > instead of writing own wrappers as an extension/library anyhow IMHO. > > Kind regards > Till > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On Sunday, 03 September 2017 at 13:45, Igor Gnatenko wrote: > GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink > from /usr/bin/gpg to /usr/bin/gpg2.. > > Is it time to retire gnupg (v1) ? hplip still requires gnupg. Regards, Dominik -- Fedora https://getfedora.org | RPMFusion http://rpmfusion.org There should be a science of discontent. People need hard times and oppression to develop psychic muscles. -- from "Collected Sayings of Muad'Dib" by the Princess Irulan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, 2017-09-04 at 18:15 +0200, Till Maas wrote: > On Sun, Sep 03, 2017 at 01:45:40PM +0200, Igor Gnatenko wrote: > > GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat > > symlink > > from /usr/bin/gpg to /usr/bin/gpg2.. > > > > Is it time to retire gnupg (v1) ? > > It would be great if we could make gpg2 as the default (add symlink > from > /usr/bin/gpg to /usr/bin/gpg2) and move gpg1 to /usr/bin/gpg1. Debian > beat us to this. I was also thinking about proposing this as a new > Systemwide Change. Would you be willing to co-own this feature with > me? Sure! Let's talk over IRC one day and agree on further steps 😉 > > Kind regards > Till > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org - -- - -Igor Gnatenko -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEhLFO09aHZVqO+CM6aVcUvRu8X0wFAlmtnREACgkQaVcUvRu8 X0xnNg/+KHZn17qIUByj7IJ32llVH/97CdTpp96MNy4UjtBAUuCBoh3sl1m9THZj ZEUNjRV0H3FpgG65DAQf4cUGJLU1S/o1iGeczaiv1vsd1EC7MHwbo3LSnddSeXPh etXzJqwpAR9vCGfICf0/3UnUmep1BJrNlztPWp8v3m4WWwE+/XoCbRRwugTCxxmy NhUV+EHa2TVRCwtWqDwm7bOfh4KiK3XOZiktryUFnySOTBku4i2damU6jpdKiaME 2t5093Os66RtqFTAEh+XaK5gyuTjaQ27qUomMDHj87YFxx6e1jJ7+vJ3nEPxvFqs YNlnSTor7H75IdeXquUwkbViJ90RVi0r9LSS6hmk/THRmWnDvcvDnXgT8+b1RnTd h0rMaaXG/dMtwbdf4QCKZekbT6emzZyCt8HyzkkIkG0KqOwWlT84atOFpazsb7VD ownPplLaeDuCkjwkjaamXfFkrBDuO+C5LVFQ01J0fLdCvzikXHskxlX+JtLLZByg lhGZNBrYhWmyhQIp9o9lEmQRsVdHeOLRke7vMDVHVryD0XgRpb3jAFsvIbJ65RoA SoAT9XHGYEynfLNFizhBMdFWcHfX6b8yNFV7VbODfUHe2TnieMc1oBYLwqEqF1CI IBtChqxsUR8/DjdglFGkjJLNZqnLWpfqb1atvlGym6ImR0FpKg0= =CkjG -END PGP SIGNATURE- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On Mon, Sep 04, 2017 at 06:23:27PM +0200, Roberto Ragusa wrote: > On 09/04/2017 06:13 PM, Till Maas wrote: > > You need to add --batch to the command line: > > $ LANG=C date|gpg2 --batch --passphrase aaa -ca | gpg2 --batch > > --passphrase aaa > > gpg: AES encrypted data > > gpg: encrypted with 1 passphrase > > Mon Sep 4 18:12:56 CEST 2017 > > You are right, but existing scripts do not expect this, > especially if they are calling "gpg" and getting gpg2. Is there are a specific script you are wondering about? Then we can fix that. The scripts need to be changed eventually anyhow and using above command line works with gpg1 as well. Btw. on current Debian systems and RHEL/CentOS 7 systems it is already gpg2, therefore the scripts cannot expect this in general anymore anyhow. Kind regards Till ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On Mon, Sep 04, 2017 at 08:56:31AM +0200, Remi Collet wrote: > gnupg v2 is a nightmare for "server", I maintain some PHP extensions and > libraries which works perfectly against v1, and not against v2 Would it be ok for you to patch the libraries to use /usr/bin/gpg1 instead? > And, AFAIK, v1 is still maintained. It is on life-support but not properly maintained. GPG2 uses a better file format for private keys that GPG1 does not understand. Therefore GPG2 allows for example to merge GPG subkeys for private keys. If one relies on GPG2. Also the GPG agent for GPG2 seems to be better than the GPG1 agent. AFAIK there is no benefit for anyone to still use GPG1 over GPG2 except for not updating code now. For me it only causes problems when I accidentally use GPG1 instead of GPG2 because the gpg command points to GPG1. Also I remember that there might be issues with GPG signing GIT commits since it defaults to using the gpg command instead of using the gpg2 command. Eventually GPG1 will die anyhow. Also the default library gpgme supports GPG2 correctly and it would be better for code to use GPG via gpgme instead of writing own wrappers as an extension/library anyhow IMHO. Kind regards Till ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On 09/04/2017 06:13 PM, Till Maas wrote: > On Mon, Sep 04, 2017 at 09:23:05AM +0200, Roberto Ragusa wrote: > >> $ date|gpg2 --passphrase aaa -ca >> >> This shows a popup asking me for a passphrase, while it works >> perfectly on gpg v1. > > You need to add --batch to the command line: > $ LANG=C date|gpg2 --batch --passphrase aaa -ca | gpg2 --batch --passphrase > aaa > gpg: AES encrypted data > gpg: encrypted with 1 passphrase > Mon Sep 4 18:12:56 CEST 2017 You are right, but existing scripts do not expect this, especially if they are calling "gpg" and getting gpg2. -- Roberto Ragusamail at robertoragusa.it ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On Sun, Sep 03, 2017 at 01:45:40PM +0200, Igor Gnatenko wrote: > GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink > from /usr/bin/gpg to /usr/bin/gpg2.. > > Is it time to retire gnupg (v1) ? It would be great if we could make gpg2 as the default (add symlink from /usr/bin/gpg to /usr/bin/gpg2) and move gpg1 to /usr/bin/gpg1. Debian beat us to this. I was also thinking about proposing this as a new Systemwide Change. Would you be willing to co-own this feature with me? Kind regards Till ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On Mon, Sep 04, 2017 at 09:23:05AM +0200, Roberto Ragusa wrote: > $ date|gpg2 --passphrase aaa -ca > > This shows a popup asking me for a passphrase, while it works > perfectly on gpg v1. You need to add --batch to the command line: $ LANG=C date|gpg2 --batch --passphrase aaa -ca | gpg2 --batch --passphrase aaa gpg: AES encrypted data gpg: encrypted with 1 passphrase Mon Sep 4 18:12:56 CEST 2017 Kind regards Till ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On Sun, 2017-09-03 at 13:45 +0200, Igor Gnatenko wrote: > GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat > symlink > from /usr/bin/gpg to /usr/bin/gpg2.. > > Is it time to retire gnupg (v1) ? I really do not care. If the gpg v1 is still maintained upstream and there is somebody willing to maintain the Fedora package, I think we can keep the situation as is. This does not apply to RHEL/CentOS where we already ship gpg2 with the compat symlinks. -- Tomáš Mráz Red Hat No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] * Google and NSA associates, this message is none of your business. * Please leave it alone, and consider whether your actions are * authorized by the contract with Red Hat, or by the US constitution. * If you feel you're being encouraged to disregard the limits built * into them, remember Edward Snowden and Wikileaks. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On 09/04/2017 08:56 AM, Remi Collet wrote: > gnupg v2 is a nightmare for "server", I maintain some PHP extensions and > libraries which works perfectly against v1, and not against v2 > > And, AFAIK, v1 is still maintained. $ date|gpg2 --passphrase aaa -ca This shows a popup asking me for a passphrase, while it works perfectly on gpg v1. ??? -- Roberto Ragusamail at robertoragusa.it ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
Le 03/09/2017 à 13:45, Igor Gnatenko a écrit : > GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink > from /usr/bin/gpg to /usr/bin/gpg2.. > > Is it time to retire gnupg (v1) ? -1 gnupg v2 is a nightmare for "server", I maintain some PHP extensions and libraries which works perfectly against v1, and not against v2 And, AFAIK, v1 is still maintained. Remi > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
Please see the thread from a year or so ago (The last time this came up): https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/LK4OC43LQROZV7NKXADBD3B2BKABOXOD/#LK4OC43LQROZV7NKXADBD3B2BKABOXOD Basically at that time the gnupg1 maintainer said it's still supported upstream and they intended to do so until it wasn't. Has this changed? I see a commit as recent as a month ago on the 1.4.x branch, so I suspect not. kevin signature.asc Description: OpenPGP digital signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
+1 On Sun, Sep 3, 2017, 07:57 Igor Gnatenko wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink > from /usr/bin/gpg to /usr/bin/gpg2.. > > Is it time to retire gnupg (v1) ? > - -- > - -Igor Gnatenko > -BEGIN PGP SIGNATURE- > > iQIzBAEBCAAdFiEEhLFO09aHZVqO+CM6aVcUvRu8X0wFAlmr62QACgkQaVcUvRu8 > X0wFIhAAtq6sNg1Xi7tL0s6GpMaC12T5iHg6ijRa1a+Mh8dca1yE4MnWYsrdEW9t > B6iTRnNgSeMwcBpwfYpzaA+NMDe0DvpK23VKQLPWy7DnO8TZKDODTedMJKZtZ5pf > xcUo4LQLZ5P2wMDudzSFyRHU/ZA8CwYHhPL4UL515+z8eCjI3Lcl0jR7QmJnUbtG > pUW0wZGe0ToW9shasVm2DAqAK51VI6GDruDd56a/tXSnla7difB9mxJkN1hUAvgo > 1HWrjGlhgkL+X/FT6uUbMnel0IClpo8lnmppq0kbfQVygN+jqsXqJ2xlnuUUtmlH > FX87iOaDuieTS4qHkCqrH0yerE6CNZLnTKOTdpv6ThzMbtTJaP5+3YLaINgpzVbm > o38BTy/SumwbQRd53N8gttKa4KZYvdDcVBKJBLTsYE+KQFpawMn3b17znPqBGMYp > Yx5IqWED1uXJ/pT9oHxDG9zN+xaPVAJkChvi6Z0tdvpJoqiNqjjQbypoRRXl/zKj > R/ll3ag9MJ2u+2Ah1g9glSoIInx9KCSDHjrT4674PRdms3+1onyK2NkCgzJIfHPa > z+kkECbmyDf1BYQWLYohAKhNzi0U6ghaaFcy9iZ2B8PYysVGTSM6kJ4RWks4mG8G > RKDHrx+Ebs77My8jH/tqH2Uv8Z9RJFJGaLwJJ2xpIN+qAv5k5Lg= > =kUyQ > -END PGP SIGNATURE- > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On Sun, Sep 03, 2017 at 02:24:22PM +0200, Björn 'besser82' Esser wrote: > Am 03.09.2017 um 13:45 schrieb Igor Gnatenko: > >-BEGIN PGP SIGNED MESSAGE- > >Hash: SHA256 > > > >GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink > > from /usr/bin/gpg to /usr/bin/gpg2.. > > > >Is it time to retire gnupg (v1) ? > >- -- - -Igor Gnatenko > > Well, if %{_bindir}/gpg2 is guaranteed to be interface compatible > with GnuPGv1, I'm +1 for kicking (and replacing) GnuPGv1. The command line syntax is not compatible. There is a subset of compatibility, which is how we made virt-builder work interchangably with both, but as soon as you want to do anything advanced you need to know if you're using gpg1 or gpg2. (BTW another small complication to catch the unwary is that "gpgv2" is not "GPG Version 2", but GPG in Verification-only mode, version 2.) Having said all of that, GPG 1 is obsolete. The only use would be supporting PGP 2 messages, which seem to date from the early-mid 1990s. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
On Sun, Sep 3, 2017 at 7:45 AM, Igor Gnatenko wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink > from /usr/bin/gpg to /usr/bin/gpg2.. > > Is it time to retire gnupg (v1) ? IIRC, we've been doing this in Fedora ourselves since 2008 (and RHEL hasn't shipped gpg1 since RHEL 5), so we should just go ahead and do it. AFAIK, the only thing that matters that uses GPGv1 is sigul, but I think Patrick Uiterwijk has or is porting it to gpg2. -- 真実はいつも一つ!/ Always, there's only one truth! ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: GnuPG 2.2.0 and replacement of GnuPG1
Am 03.09.2017 um 13:45 schrieb Igor Gnatenko: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink from /usr/bin/gpg to /usr/bin/gpg2.. Is it time to retire gnupg (v1) ? - -- - -Igor Gnatenko Well, if %{_bindir}/gpg2 is guaranteed to be interface compatible with GnuPGv1, I'm +1 for kicking (and replacing) GnuPGv1. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
GnuPG 2.2.0 and replacement of GnuPG1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 GnuPG 2.2.0 has --enable-gpg-is-gpg2 which would install compat symlink from /usr/bin/gpg to /usr/bin/gpg2.. Is it time to retire gnupg (v1) ? - -- - -Igor Gnatenko -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEhLFO09aHZVqO+CM6aVcUvRu8X0wFAlmr62QACgkQaVcUvRu8 X0wFIhAAtq6sNg1Xi7tL0s6GpMaC12T5iHg6ijRa1a+Mh8dca1yE4MnWYsrdEW9t B6iTRnNgSeMwcBpwfYpzaA+NMDe0DvpK23VKQLPWy7DnO8TZKDODTedMJKZtZ5pf xcUo4LQLZ5P2wMDudzSFyRHU/ZA8CwYHhPL4UL515+z8eCjI3Lcl0jR7QmJnUbtG pUW0wZGe0ToW9shasVm2DAqAK51VI6GDruDd56a/tXSnla7difB9mxJkN1hUAvgo 1HWrjGlhgkL+X/FT6uUbMnel0IClpo8lnmppq0kbfQVygN+jqsXqJ2xlnuUUtmlH FX87iOaDuieTS4qHkCqrH0yerE6CNZLnTKOTdpv6ThzMbtTJaP5+3YLaINgpzVbm o38BTy/SumwbQRd53N8gttKa4KZYvdDcVBKJBLTsYE+KQFpawMn3b17znPqBGMYp Yx5IqWED1uXJ/pT9oHxDG9zN+xaPVAJkChvi6Z0tdvpJoqiNqjjQbypoRRXl/zKj R/ll3ag9MJ2u+2Ah1g9glSoIInx9KCSDHjrT4674PRdms3+1onyK2NkCgzJIfHPa z+kkECbmyDf1BYQWLYohAKhNzi0U6ghaaFcy9iZ2B8PYysVGTSM6kJ4RWks4mG8G RKDHrx+Ebs77My8jH/tqH2Uv8Z9RJFJGaLwJJ2xpIN+qAv5k5Lg= =kUyQ -END PGP SIGNATURE- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org