GNU bug report logs - #52483
GnuPG 2.2.30 cannot do symmetric encryption

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 14 Dec 2021 16:47:02 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 52483 in the body.
You can then email your comments to 52483 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Tue, 14 Dec 2021 16:47:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Tue, 14 Dec 2021 16:47:03 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: GnuPG 2.2.30 cannot do symmetric encryption
Date: Tue, 14 Dec 2021 11:46:12 -0500
[Message part 1 (text/plain, inline)]
Our GnuPG package is version 2.2.30, which includes this bug:

https://dev.gnupg.org/T5577

The effect of this bug is that symmetric encryption / decryption does
not work. The bug was fixed in 2.2.31 and 2.3.3.

Changing GnuPG will cause 2406 rebuilds. I think that's suboptimal but
it's the situation.

There is a gnupg-2.2.32 package, but it's hidden because it would break
emacs-pinentry:

https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/gnupg.scm?id=861ee6d908fefc47d765f81e33cdf6f84b6d50eb#n350

Here is a patch that unhides gnupg-2.2.32, updates it to 2.2.33, and
makes emacs-pinentry use that package variant.

If emacs-pinentry cannot use a current GnuPG, what should we do? And
maybe we don't need emacs-pinentry anymore?:

https://emacs.stackexchange.com/a/64721
[0001-gnu-GnuPG-Update-gnupg-2.2.32-to-2.2.33.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Tue, 14 Dec 2021 17:33:01 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: Re: GnuPG 2.2.30 cannot do symmetric encryption
Date: Tue, 14 Dec 2021 12:32:31 -0500
[Message part 1 (text/plain, inline)]
On Tue, Dec 14, 2021 at 11:46:12AM -0500, Leo Famulari wrote:
> Here is a patch that unhides gnupg-2.2.32, updates it to 2.2.33, and
> makes emacs-pinentry use that package variant.

After sending this patch, I noticed that gnupg-2.2.32 is also used by
qgpgme. This bug was noticed earlier, but misinterpreted.

Expect a v2 patch that uses 'gnupg-next' instead of gnupg-2.2.33, and
adjusts all users accordingly.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Tue, 14 Dec 2021 17:34:02 GMT) Full text and rfc822 format available.

Message #11 received at 52483 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: 52483 <at> debbugs.gnu.org
Subject: [PATCH v2] gnu: GnuPG: Update gnupg-2.2.32 to 2.2.33.
Date: Tue, 14 Dec 2021 12:33:39 -0500
* gnu/packages/gnupg.scm (gnupg-2.2.32): Replace with ...
(gnupg-next): ... new variable.
(qgpgme)[native-inputs]: Replace gnupg-2.2.32 with gnupg-next.
* gnu/packages/emacs-xyz.scm (emacs-pinentry)[propagated-inputs]: Use
gnupg-next.
---
 gnu/packages/emacs-xyz.scm |  2 +-
 gnu/packages/gnupg.scm     | 18 ++++--------------
 2 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index 32915fb6ed..b9818e92b9 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -21238,7 +21238,7 @@ (define-public emacs-pinentry
            "1lf30q6r8nz5cjzclbb9bbymsk2y75nskvb55hnjdv93gr3j0sik"))))
       (build-system emacs-build-system)
       (propagated-inputs
-       (list gnupg))
+       (list gnupg-next))
       (home-page "https://elpa.gnu.org/packages/pinentry.html")
       (synopsis "GnuPG Pinentry server implementation")
       (description
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 665e9e3021..78dc1e2276 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -347,24 +347,17 @@ (define-public gnupg
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/gnupg")))))
 
-(define-public gnupg-2.2.32
+(define-public gnupg-next
   (package
     (inherit gnupg)
-    (version "2.2.32")
-
-    ;; Hide this version because packages like 'emacs-pinentry' propagate the
-    ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
-    ;; collision error.
-    (properties `((hidden? . #t)
-                  ,@(package-properties gnupg)))
-
+    (version "2.2.33")
     (source (origin
               (inherit (package-source gnupg))
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
+                "1qz403080hwba8j8vpnfkvh7clg1dbg74kdn1d0p0g84iip87246"))))))
 
 (define-public gnupg-1
   (package (inherit gnupg)
@@ -440,11 +433,8 @@ (define-public qgpgme
              (chdir "lang/qt")
              #t)))))
     (native-inputs
-     ;; Use GnuPG 2.2.32.  With 2.2.30, 'testSymmetricEncryptDecrypt' in
-     ;; t-encrypt.cpp fails because 'gpg' wrongfully ask for a passphrase do
-     ;; decrypt the cypher text.
      (modify-inputs (package-native-inputs gpgme)
-       (replace "gnupg" gnupg-2.2.32)
+       (replace "gnupg" gnupg-next)
        (prepend pkg-config)))
     (inputs
      (modify-inputs (package-inputs gpgme)
-- 
2.34.0





Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Fri, 17 Dec 2021 17:33:01 GMT) Full text and rfc822 format available.

Message #14 received at 52483 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: 52483 <at> debbugs.gnu.org
Subject: Re: [PATCH v2] gnu: GnuPG: Update gnupg-2.2.32 to 2.2.33.
Date: Fri, 17 Dec 2021 12:32:10 -0500
On Tue, Dec 14, 2021 at 12:33:39PM -0500, Leo Famulari wrote:
> -(define-public gnupg-2.2.32
> +(define-public gnupg-next

I noticed that this package variant omits the pinentry patch. In any
case, I'm testing a full upgrade of gnupg to 2.2.33 for the version-1.4.0
branch.




Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Sat, 18 Dec 2021 04:57:01 GMT) Full text and rfc822 format available.

Message #17 received at 52483 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 52483 <at> debbugs.gnu.org
Subject: Re: bug#52483: GnuPG 2.2.30 cannot do symmetric encryption
Date: Fri, 17 Dec 2021 23:56:41 -0500
Hi!

Leo Famulari <leo <at> famulari.name> writes:

> On Tue, Dec 14, 2021 at 12:33:39PM -0500, Leo Famulari wrote:
>> -(define-public gnupg-2.2.32
>> +(define-public gnupg-next
>
> I noticed that this package variant omits the pinentry patch. In any
> case, I'm testing a full upgrade of gnupg to 2.2.33 for the version-1.4.0
> branch.

I'm testing this:

--8<---------------cut here---------------start------------->8---
gnu: gnupg: Update to 2.3.3.

* gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
(gnupg-2.2.32): Delete variable.
(qgpgme)[native-inputs]: Use the regular gnupg package.

1 file changed, 4 insertions(+), 28 deletions(-)
gnu/packages/gnupg.scm | 32 ++++----------------------------

modified   gnu/packages/gnupg.scm
@@ -279,15 +279,15 @@ (define-public npth
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.2.30")
+    (version "2.3.3")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
+              (uri (string-append "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (patches (search-patches "gnupg-default-pinentry.patch"))
               (sha256
                (base32
-                "1111ry31gaxv76miqsy6l0kwxwlx8sz0jk41jhyrjwx649p6sqyc"))))
+                "0dz9x0r5021bhk1kjh29m1q13xbslwb8yn9qzcp7b9m1lrnvi2ap"))))
     (build-system gnu-build-system)
     (native-inputs
      (list pkg-config))
@@ -347,25 +347,6 @@ (define-public gnupg
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/gnupg")))))
 
-(define-public gnupg-2.2.32
-  (package
-    (inherit gnupg)
-    (version "2.2.32")
-
-    ;; Hide this version because packages like 'emacs-pinentry' propagate the
-    ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
-    ;; collision error.
-    (properties `((hidden? . #t)
-                  ,@(package-properties gnupg)))
-
-    (source (origin
-              (inherit (package-source gnupg))
-              (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
-                                  ".tar.bz2"))
-              (sha256
-               (base32
-                "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
-
 (define-public gnupg-1
   (package (inherit gnupg)
     (version "1.4.23")
@@ -437,14 +418,9 @@ (define-public qgpgme
                         "lang/cpp/src/libgpgmepp.la")
                (symlink (string-append gpgme "/lib/libgpgme.la")
                         "src/libgpgme.la"))
-             (chdir "lang/qt")
-             #t)))))
+             (chdir "lang/qt"))))))
     (native-inputs
-     ;; Use GnuPG 2.2.32.  With 2.2.30, 'testSymmetricEncryptDecrypt' in
-     ;; t-encrypt.cpp fails because 'gpg' wrongfully ask for a passphrase do
-     ;; decrypt the cypher text.
      (modify-inputs (package-native-inputs gpgme)
-       (replace "gnupg" gnupg-2.2.32)
        (prepend pkg-config)))
     (inputs
      (modify-inputs (package-inputs gpgme)
--8<---------------cut here---------------end--------------->8---

Maxim




Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Sat, 18 Dec 2021 23:54:01 GMT) Full text and rfc822 format available.

Message #20 received at 52483 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 52483 <at> debbugs.gnu.org
Subject: Re: bug#52483: GnuPG 2.2.30 cannot do symmetric encryption
Date: Sat, 18 Dec 2021 18:53:01 -0500
On Fri, Dec 17, 2021 at 11:56:41PM -0500, Maxim Cournoyer wrote:
> I'm testing this:
> 
> --8<---------------cut here---------------start------------->8---
> gnu: gnupg: Update to 2.3.3.
> 
> * gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
> (gnupg-2.2.32): Delete variable.
> (qgpgme)[native-inputs]: Use the regular gnupg package.

Okay. Make sure to also adjust emacs-pinentry.

I tested with GnuPG 2.2.23 by building all packages that depend directly
on GnuPG. There were no new failures on x86_64-linux when using GnuPG
2.2.32.




Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Sun, 19 Dec 2021 01:33:02 GMT) Full text and rfc822 format available.

Message #23 received at 52483 <at> debbugs.gnu.org (full text, mbox):

From: Michael Rohleder <mike <at> rohleder.de>
To: Leo Famulari <leo <at> famulari.name>
Cc: 52483 <at> debbugs.gnu.org
Subject: Re: bug#52483: GnuPG 2.2.30 cannot do symmetric encryption
Date: Sun, 19 Dec 2021 02:32:47 +0100
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> If emacs-pinentry cannot use a current GnuPG, what should we do? And
> maybe we don't need emacs-pinentry anymore?:
>
> https://emacs.stackexchange.com/a/64721
>

I don't think emacs-pinentry is needed, because adding
"allow-emacs-pinentry" to gpg-agent.conf worked (for me) (at least)
since several years in (guix) emacs w/o using emacs-pinentry (or other
emacs customization).

---
Wir kommen nackt auf diese Welt und atmen ein.
Wir atmen aus und verlassen diese Welt mit leeren Händen.
und dazwischen gestalten wir unser Leben.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Sun, 19 Dec 2021 20:26:02 GMT) Full text and rfc822 format available.

Message #26 received at 52483 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 52483 <at> debbugs.gnu.org
Subject: Re: bug#52483: GnuPG 2.2.30 cannot do symmetric encryption
Date: Sun, 19 Dec 2021 15:25:42 -0500
Hi Leo,

Leo Famulari <leo <at> famulari.name> writes:

> On Fri, Dec 17, 2021 at 11:56:41PM -0500, Maxim Cournoyer wrote:
>> I'm testing this:
>> 
>> --8<---------------cut here---------------start------------->8---
>> gnu: gnupg: Update to 2.3.3.
>> 
>> * gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
>> (gnupg-2.2.32): Delete variable.
>> (qgpgme)[native-inputs]: Use the regular gnupg package.
>
> Okay. Make sure to also adjust emacs-pinentry.
>
> I tested with GnuPG 2.2.23 by building all packages that depend directly
> on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> 2.2.32.

I ended up sticking with 2.2.33, since this is the current "LTS"
release.  Unfortunately it fails 3 new tests of python-gnupg, and its
author think it is a regression in GnuPG itself [0].

[0]  https://github.com/vsajip/python-gnupg/issues/163

We'll see what upstream has to say about it.

Thank you,

Maxim




Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Sun, 19 Dec 2021 20:34:02 GMT) Full text and rfc822 format available.

Message #29 received at 52483 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 52483 <at> debbugs.gnu.org
Subject: Re: bug#52483: GnuPG 2.2.30 cannot do symmetric encryption
Date: Sun, 19 Dec 2021 15:33:16 -0500
On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> I ended up sticking with 2.2.33, since this is the current "LTS"
> release.  Unfortunately it fails 3 new tests of python-gnupg, and its
> author think it is a regression in GnuPG itself [0].
> 
> [0]  https://github.com/vsajip/python-gnupg/issues/163

Right, this is why I used 2.2.32.




Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Sun, 19 Dec 2021 20:37:02 GMT) Full text and rfc822 format available.

Message #32 received at 52483 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 52483 <at> debbugs.gnu.org
Subject: Re: bug#52483: GnuPG 2.2.30 cannot do symmetric encryption
Date: Sun, 19 Dec 2021 15:36:25 -0500
On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > 2.2.32.

I see that my message was confusing, with mixed up version numbers.
There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
variable, and remove emacs-pinentry, since everyone is saying that it's
no longer useful.




Information forwarded to bug-guix <at> gnu.org:
bug#52483; Package guix. (Thu, 23 Dec 2021 00:02:02 GMT) Full text and rfc822 format available.

Message #35 received at 52483 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 52483 <at> debbugs.gnu.org
Subject: Re: bug#52483: GnuPG 2.2.30 cannot do symmetric encryption
Date: Wed, 22 Dec 2021 19:01:15 -0500
On Sun, Dec 19, 2021 at 03:36:25PM -0500, Leo Famulari wrote:
> On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > > 2.2.32.
> 
> I see that my message was confusing, with mixed up version numbers.
> There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
> I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
> variable, and remove emacs-pinentry, since everyone is saying that it's
> no longer useful.

Here are patches for this: <https://issues.guix.gnu.org/52744>




Reply sent to Leo Famulari <leo <at> famulari.name>:
You have taken responsibility. (Sun, 26 Dec 2021 22:47:01 GMT) Full text and rfc822 format available.

Notification sent to Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer. (Sun, 26 Dec 2021 22:47:01 GMT) Full text and rfc822 format available.

Message #40 received at 52483-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 52483-done <at> debbugs.gnu.org
Subject: Re: bug#52483: GnuPG 2.2.30 cannot do symmetric encryption
Date: Sun, 26 Dec 2021 17:46:41 -0500
On Sun, Dec 19, 2021 at 03:36:25PM -0500, Leo Famulari wrote:
> On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > > 2.2.32.
> 
> I see that my message was confusing, with mixed up version numbers.
> There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
> I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
> variable, and remove emacs-pinentry, since everyone is saying that it's
> no longer useful.

I pushed commit d03aa942d, which makes GnuPG 2.2.32 available in the UI.
I didn't remove emacs-pinentry... that's something that Emacs users
should decide how to handle.




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 24 Jan 2022 12:24:12 GMT) Full text and rfc822 format available.

This bug report was last modified 2 years and 63 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.