Date: Sun, 24 May 2015 11:13:21 -0700 From: David Wolfskill <david@catwhisker.org> To: freebsd-ports@freebsd.org Subject: Any guidance for gnupg-2.0 -> gnupg-2.1 (archived encrypted email)? Message-ID: <20150524181321.GB1214@albert.catwhisker.org>
next in thread | raw e-mail | index | archive | help
--CUfgB8w4ZwR/yMy5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
For the most part, I am fairly aggressive about ensuring that the
FreeBSD systems I use day-to-day are running a recent STABLE snapshot,
and that installed ports are also out-of-date by no more than a week.
Last November, I encountered a reason to deviate from that: When
security/gnupg became gnupg-2.1, I found that gnupg-2.1 was unable to
decrypt some (well, any, in my experience) archived encrypted email
messages.
For me, that is a show-stopper; I was relieved to find that I could
switch to security/gnupg20 and restore the previous functionality.
(Thank you, kuriyama@, for keeping security/gnupg20 available!)
For most pruposes, this fallback works OK. But there are a couple of
issues:
* I'm relying on code that isn't being maintained. And at some point,
it won't work any more. Or I'll find that I "need" to run the new(er)
version for some other reason.
* There exists at least one port that I have installed
(emulators/pipelight) that is constructed in such a way that it
requires security/gnupg -- though as far as I can tell,
security/gnupg20 would satisfy the actual requirement for a
functioning ${LOCALBASE}/bin/gpg2:
g1-254(10.1-S)[1] pkg which /usr/local/bin/gpg2
/usr/local/bin/gpg2 was installed by package gnupg20-2.0.27
g1-254(10.1-S)[2] pkg info -o gnupg20-2.0.27
gnupg20-2.0.27 security/gnupg20
-- I'd submit a PR w/patch if a had a clue how to get pipelight
& portmaster to just use the already-installed executable.
For the latter issue, my current (ugly!) evasive maneuver is to run:
portmaster -o security/gnupg `pkg info gnupg\*`
before updating emulators/pipelight, and:
portmaster -o security/gnupg20 `pkg info gnupg\*`
afterward. This isn't the sort of thing I'd care to hold up as
an exemplar of the FreeBSD experience. :-}
I waited for a while, in the hope that the folks at gnupg.org would
realize the magnitude of the issue and address it, with at least
some sort of guide for those who found themselves in such a position
-- I expect that there are more than just a few others who are in
a similar state of having encrypted archived data that gnupg-2.1
will not decrypt -- but reading things like
<https://www.gnupg.org/faq/whats-new-in-2.1.html>, and particularly
<https://www.gnupg.org/faq/whats-new-in-2.1.html#nopgp2>, left me
a bit discouraged on that front.
So I came to freebsd-ports@, where I'm hoping that there are some
clueful folks who are also a bit more, shall we say, sensitive to things
like "POLA" and "backwards compatibility" -- as well as history -- to
ask if anyone else has figured out a better way to cope, or found a
write-up of same (and would be willing to share).
FWIW, the bulk of the encrypted data I have archived is email messages;
usually, these are also signed. And some were written by other folks,
and I'd like to preserve both my ability to read the messages and the
evidence that they were signed by their auhors.
Thanks in advance; I'm happy to summarize private responses.
Peace,
david
--=20
David H. Wolfskill david@catwhisker.org
Those who murder in the name of God or prophet are blasphemous cowards.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
--CUfgB8w4ZwR/yMy5
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJVYhTBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4RThEMDY4QTIxMjc1MDZFRDIzODYzRTc4
QTY3RjlDOERFRjQxOTNCAAoJEIpn+cje9Bk7qbAP/ir2+lh/aZMYDBJpWLFKgmXn
2eWsO2DOBMypnTrufXQbpWAsL/JjTK4Vr0jtdyAehYeVQqhXAvo36HBb1jeoM4/G
uaLqZcP3oj0ENFQ9J6LQbNsQ7+2pDzqFQfAQSLbzQ2n3Ij5C25u34Bd8qofsgjXB
w/9vfvtd98P8NrLO880cMY/oqS3prDWpipVxoeZADlDR6neQuYIlT+ll7LkgLEar
cYKFxBJfRtDKQVBjHojy45RG7QdKUcMpifDC24jn7BXxYbD0jedAYKQvrodYOVxo
1xAASH7Ywq/JYc6FCniomkP1A1rAEh26eorBAyjEUTszYVW8KXQuO/A2GSfpNNIv
WtsWVe8PAGl2JG9w4bvZ8VGs2O+c7DxHPEnwDoPC7zgozrOkzK67TRhRNZ5Dp5hT
D5e9fv4lHK7KiYtaVc80DDgWlq3cypXuWi0YGD1WTsASNffu2K23zkWr6cGbriLN
T8YcbskefqOXAGCJgdoKJnKK/cS6hzVb1zt7GdhcsYYqWZTk12O66BvAUInZmavj
HLR1BQYLLg09ZTKiFxSSVbfYfhzFUVKNTG/j0HH81VsSzFWYBFXtbFVIezIYCLSV
1HOqCK9jKUqJwxEq16/mbV0fqOxYXxjQ5VnIhDeFB2SC8CzCdOlkn5mBglXiy2Ck
RSrB1jw80JY3izLarlWJ
=EBzC
-----END PGP SIGNATURE-----
--CUfgB8w4ZwR/yMy5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150524181321.GB1214>