From owner-freebsd-ports@freebsd.org Sun Jan 7 14:33:36 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2DEABE6FF4B for ; Sun, 7 Jan 2018 14:33:36 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from mx.catwhisker.org (mx.catwhisker.org [198.144.209.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0019868BBE for ; Sun, 7 Jan 2018 14:33:35 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from albert.catwhisker.org (localhost [127.0.0.1]) by albert.catwhisker.org (8.15.2/8.15.2) with ESMTP id w07EXX5h003223 for ; Sun, 7 Jan 2018 14:33:33 GMT (envelope-from david@albert.catwhisker.org) Received: (from david@localhost) by albert.catwhisker.org (8.15.2/8.15.2/Submit) id w07EXXTS003222 for freebsd-ports@freebsd.org; Sun, 7 Jan 2018 06:33:33 -0800 (PST) (envelope-from david) Date: Sun, 7 Jan 2018 06:33:33 -0800 From: David Wolfskill To: freebsd-ports@freebsd.org Subject: A note on updating security/gnupg20 -> gnupg Message-ID: <20180107143333.GK1148@albert.catwhisker.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="XjbSsFHOHxvQpKib" Content-Disposition: inline User-Agent: Mutt/1.9.2 (2017-12-15) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 14:33:36 -0000 --XjbSsFHOHxvQpKib Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I had been using security/gnupg20 with mail/mutt, based on a misunderstanding on my part (back when the security/gnupg20 port was created). Now that security/gnupg20 has been expired and removed, I had motivation to look into the situation in more detail; I found that security/gnupg (now at 2.2.4) works fine with mail/mutt -- if I made a change (in ~/.muttrc) to the way gpg is invoked. E.g., I changed: set pgp_decrypt_command=3D"gpg2 --passphrase-fd 0 --no-verbose --batch --ou= tput - %f" to pgp_decrypt_command=3D"gpg2 %?p?--passphrase-fd 0 --pinentry-mode=3Dloopbac= k? --no-verbose --batch --output - %f" The salient differences appear to be the insertion of "%?p?" before "--passphrase-fd 0" and the insertion of "--pinentry-mode=3Dloopback?". The changes to ~/.muttrc appear to have been sufficient (in my case) for mutt to be able to use security/gnupg (vs. security/gnupg20) for encryption and decryption of PGP-compatible email messages. Finally, on the actual replacement: I did this on three systems; on two of those, I update ports via portmaster; on the other, I update them =66rom a locally-built repository (via "pkg upgrade"). For the systems using portmaster, "portmaster -o security/gnupg gnupg20-2.0.30_2" worked well. (My thanks to Doug Barton and Stefan Esser!) When I ran "pkg upgrade" on the system I update that way, there was no indication that the status of security/gnupg* had changed since the previous update (one week ago -- shortly before the removal of security/gnupg20). I ended up performing "pkg delete security/gnupg20", followed by "pkg install security/gnupg" -- which worked. (I had previously updated the list of packages to build on my build machine, to replace security/gnupg20 by security/gnupg.) My concern about that last point is that if I were only updating ports via "pkg upgrade", I would not have known that security/gnupg20 no longer existed (well, unless I read the svn-ports-head list, or polled the svn log for ports/security/Makefile -- or some other similarly-unlikely activity for someone updating via packages only). Perhaps I'm overlooking something. In any case: If you use mutt with security/gnupg20 and migrate to security/gnupg, and find that you cannot decrypt encrypted messages any more, you should check your ~/.muttrc: you probably need to change the "gpg" (or "gpg2") invocations; in my experience, that is a necessary and sufficient change to make encryption and decryption work again. Peace, david --=20 David H. Wolfskill david@catwhisker.org A "Birther" calls himself a "a very stable genius" -- same level of truth?= =20 See http://www.catwhisker.org/~david/publickey.gpg for my public key. --XjbSsFHOHxvQpKib Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEzLfO+ReoAfQwZNd7FTnMQKBJ7hcFAlpSL71fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEND QjdDRUY5MTdBODAxRjQzMDY0RDc3QjE1MzlDQzQwQTA0OUVFMTcACgkQFTnMQKBJ 7hcfvgf7B+tNi+Jy0lAryjmuekj3lgosFZl+d5vdTIbM0pUY4RvbFm1yqcRO9E/h QNd79hy00VepT7SOsxC4qys+6CDCTTIhnz9BrzlO0haCOvje+bumx0ACAT9hO+gb wzdara/IjQzuTGKbFtuRf0f0hq1GLcmciJ6fUYoB/PhgSfbRDqwh7IVnvxNVZD7u sZCpz5VXKWuuEaLVDNFyHO1wTz1Pe33Z8ibQxR2UZ9QManeS7YaoxhO8JLK2bxGn 1eTPFcH1CrPT6Zs0duyF6c+LvZN4B9OKHLHBBvSm6dqBq9KOGdo8SZOJgXTX2UXu xOC0v6Bqv5OF7fEgs0PPbbt0yzroHA== =v7/n -----END PGP SIGNATURE----- --XjbSsFHOHxvQpKib--