GNU bug report logs -
#52483
GnuPG 2.2.30 cannot do symmetric encryption
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Tue, 14 Dec 2021 16:47:02 UTC
Severity: normal
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 52483 in the body.
You can then email your comments to 52483 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Tue, 14 Dec 2021 16:47:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Tue, 14 Dec 2021 16:47:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Our GnuPG package is version 2.2.30, which includes this bug:
https://dev.gnupg.org/T5577
The effect of this bug is that symmetric encryption / decryption does
not work. The bug was fixed in 2.2.31 and 2.3.3.
Changing GnuPG will cause 2406 rebuilds. I think that's suboptimal but
it's the situation.
There is a gnupg-2.2.32 package, but it's hidden because it would break
emacs-pinentry:
https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/gnupg.scm?id=861ee6d908fefc47d765f81e33cdf6f84b6d50eb#n350
Here is a patch that unhides gnupg-2.2.32, updates it to 2.2.33, and
makes emacs-pinentry use that package variant.
If emacs-pinentry cannot use a current GnuPG, what should we do? And
maybe we don't need emacs-pinentry anymore?:
https://emacs.stackexchange.com/a/64721
[0001-gnu-GnuPG-Update-gnupg-2.2.32-to-2.2.33.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Tue, 14 Dec 2021 17:33:01 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Tue, Dec 14, 2021 at 11:46:12AM -0500, Leo Famulari wrote:
> Here is a patch that unhides gnupg-2.2.32, updates it to 2.2.33, and
> makes emacs-pinentry use that package variant.
After sending this patch, I noticed that gnupg-2.2.32 is also used by
qgpgme. This bug was noticed earlier, but misinterpreted.
Expect a v2 patch that uses 'gnupg-next' instead of gnupg-2.2.33, and
adjusts all users accordingly.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Tue, 14 Dec 2021 17:34:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 52483 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/gnupg.scm (gnupg-2.2.32): Replace with ...
(gnupg-next): ... new variable.
(qgpgme)[native-inputs]: Replace gnupg-2.2.32 with gnupg-next.
* gnu/packages/emacs-xyz.scm (emacs-pinentry)[propagated-inputs]: Use
gnupg-next.
---
gnu/packages/emacs-xyz.scm | 2 +-
gnu/packages/gnupg.scm | 18 ++++--------------
2 files changed, 5 insertions(+), 15 deletions(-)
diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index 32915fb6ed..b9818e92b9 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -21238,7 +21238,7 @@ (define-public emacs-pinentry
"1lf30q6r8nz5cjzclbb9bbymsk2y75nskvb55hnjdv93gr3j0sik"))))
(build-system emacs-build-system)
(propagated-inputs
- (list gnupg))
+ (list gnupg-next))
(home-page "https://elpa.gnu.org/packages/pinentry.html")
(synopsis "GnuPG Pinentry server implementation")
(description
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 665e9e3021..78dc1e2276 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -347,24 +347,17 @@ (define-public gnupg
(properties '((ftp-server . "ftp.gnupg.org")
(ftp-directory . "/gcrypt/gnupg")))))
-(define-public gnupg-2.2.32
+(define-public gnupg-next
(package
(inherit gnupg)
- (version "2.2.32")
-
- ;; Hide this version because packages like 'emacs-pinentry' propagate the
- ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
- ;; collision error.
- (properties `((hidden? . #t)
- ,@(package-properties gnupg)))
-
+ (version "2.2.33")
(source (origin
(inherit (package-source gnupg))
(uri (string-append "mirror://gnupg/gnupg/gnupg-" version
".tar.bz2"))
(sha256
(base32
- "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
+ "1qz403080hwba8j8vpnfkvh7clg1dbg74kdn1d0p0g84iip87246"))))))
(define-public gnupg-1
(package (inherit gnupg)
@@ -440,11 +433,8 @@ (define-public qgpgme
(chdir "lang/qt")
#t)))))
(native-inputs
- ;; Use GnuPG 2.2.32. With 2.2.30, 'testSymmetricEncryptDecrypt' in
- ;; t-encrypt.cpp fails because 'gpg' wrongfully ask for a passphrase do
- ;; decrypt the cypher text.
(modify-inputs (package-native-inputs gpgme)
- (replace "gnupg" gnupg-2.2.32)
+ (replace "gnupg" gnupg-next)
(prepend pkg-config)))
(inputs
(modify-inputs (package-inputs gpgme)
--
2.34.0
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Fri, 17 Dec 2021 17:33:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 52483 <at> debbugs.gnu.org (full text, mbox):
On Tue, Dec 14, 2021 at 12:33:39PM -0500, Leo Famulari wrote:
> -(define-public gnupg-2.2.32
> +(define-public gnupg-next
I noticed that this package variant omits the pinentry patch. In any
case, I'm testing a full upgrade of gnupg to 2.2.33 for the version-1.4.0
branch.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Sat, 18 Dec 2021 04:57:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 52483 <at> debbugs.gnu.org (full text, mbox):
Hi!
Leo Famulari <leo <at> famulari.name> writes:
> On Tue, Dec 14, 2021 at 12:33:39PM -0500, Leo Famulari wrote:
>> -(define-public gnupg-2.2.32
>> +(define-public gnupg-next
>
> I noticed that this package variant omits the pinentry patch. In any
> case, I'm testing a full upgrade of gnupg to 2.2.33 for the version-1.4.0
> branch.
I'm testing this:
--8<---------------cut here---------------start------------->8---
gnu: gnupg: Update to 2.3.3.
* gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
(gnupg-2.2.32): Delete variable.
(qgpgme)[native-inputs]: Use the regular gnupg package.
1 file changed, 4 insertions(+), 28 deletions(-)
gnu/packages/gnupg.scm | 32 ++++----------------------------
modified gnu/packages/gnupg.scm
@@ -279,15 +279,15 @@ (define-public npth
(define-public gnupg
(package
(name "gnupg")
- (version "2.2.30")
+ (version "2.3.3")
(source (origin
(method url-fetch)
- (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
+ (uri (string-append "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-" version
".tar.bz2"))
(patches (search-patches "gnupg-default-pinentry.patch"))
(sha256
(base32
- "1111ry31gaxv76miqsy6l0kwxwlx8sz0jk41jhyrjwx649p6sqyc"))))
+ "0dz9x0r5021bhk1kjh29m1q13xbslwb8yn9qzcp7b9m1lrnvi2ap"))))
(build-system gnu-build-system)
(native-inputs
(list pkg-config))
@@ -347,25 +347,6 @@ (define-public gnupg
(properties '((ftp-server . "ftp.gnupg.org")
(ftp-directory . "/gcrypt/gnupg")))))
-(define-public gnupg-2.2.32
- (package
- (inherit gnupg)
- (version "2.2.32")
-
- ;; Hide this version because packages like 'emacs-pinentry' propagate the
- ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
- ;; collision error.
- (properties `((hidden? . #t)
- ,@(package-properties gnupg)))
-
- (source (origin
- (inherit (package-source gnupg))
- (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
- ".tar.bz2"))
- (sha256
- (base32
- "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
-
(define-public gnupg-1
(package (inherit gnupg)
(version "1.4.23")
@@ -437,14 +418,9 @@ (define-public qgpgme
"lang/cpp/src/libgpgmepp.la")
(symlink (string-append gpgme "/lib/libgpgme.la")
"src/libgpgme.la"))
- (chdir "lang/qt")
- #t)))))
+ (chdir "lang/qt"))))))
(native-inputs
- ;; Use GnuPG 2.2.32. With 2.2.30, 'testSymmetricEncryptDecrypt' in
- ;; t-encrypt.cpp fails because 'gpg' wrongfully ask for a passphrase do
- ;; decrypt the cypher text.
(modify-inputs (package-native-inputs gpgme)
- (replace "gnupg" gnupg-2.2.32)
(prepend pkg-config)))
(inputs
(modify-inputs (package-inputs gpgme)
--8<---------------cut here---------------end--------------->8---
Maxim
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Sat, 18 Dec 2021 23:54:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 52483 <at> debbugs.gnu.org (full text, mbox):
On Fri, Dec 17, 2021 at 11:56:41PM -0500, Maxim Cournoyer wrote:
> I'm testing this:
>
> --8<---------------cut here---------------start------------->8---
> gnu: gnupg: Update to 2.3.3.
>
> * gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
> (gnupg-2.2.32): Delete variable.
> (qgpgme)[native-inputs]: Use the regular gnupg package.
Okay. Make sure to also adjust emacs-pinentry.
I tested with GnuPG 2.2.23 by building all packages that depend directly
on GnuPG. There were no new failures on x86_64-linux when using GnuPG
2.2.32.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Sun, 19 Dec 2021 01:33:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 52483 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> If emacs-pinentry cannot use a current GnuPG, what should we do? And
> maybe we don't need emacs-pinentry anymore?:
>
> https://emacs.stackexchange.com/a/64721
>
I don't think emacs-pinentry is needed, because adding
"allow-emacs-pinentry" to gpg-agent.conf worked (for me) (at least)
since several years in (guix) emacs w/o using emacs-pinentry (or other
emacs customization).
---
Wir kommen nackt auf diese Welt und atmen ein.
Wir atmen aus und verlassen diese Welt mit leeren Händen.
und dazwischen gestalten wir unser Leben.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Sun, 19 Dec 2021 20:26:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 52483 <at> debbugs.gnu.org (full text, mbox):
Hi Leo,
Leo Famulari <leo <at> famulari.name> writes:
> On Fri, Dec 17, 2021 at 11:56:41PM -0500, Maxim Cournoyer wrote:
>> I'm testing this:
>>
>> --8<---------------cut here---------------start------------->8---
>> gnu: gnupg: Update to 2.3.3.
>>
>> * gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
>> (gnupg-2.2.32): Delete variable.
>> (qgpgme)[native-inputs]: Use the regular gnupg package.
>
> Okay. Make sure to also adjust emacs-pinentry.
>
> I tested with GnuPG 2.2.23 by building all packages that depend directly
> on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> 2.2.32.
I ended up sticking with 2.2.33, since this is the current "LTS"
release. Unfortunately it fails 3 new tests of python-gnupg, and its
author think it is a regression in GnuPG itself [0].
[0] https://github.com/vsajip/python-gnupg/issues/163
We'll see what upstream has to say about it.
Thank you,
Maxim
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Sun, 19 Dec 2021 20:34:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 52483 <at> debbugs.gnu.org (full text, mbox):
On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> I ended up sticking with 2.2.33, since this is the current "LTS"
> release. Unfortunately it fails 3 new tests of python-gnupg, and its
> author think it is a regression in GnuPG itself [0].
>
> [0] https://github.com/vsajip/python-gnupg/issues/163
Right, this is why I used 2.2.32.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Sun, 19 Dec 2021 20:37:02 GMT)
Full text and
rfc822 format available.
Message #32 received at 52483 <at> debbugs.gnu.org (full text, mbox):
On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > 2.2.32.
I see that my message was confusing, with mixed up version numbers.
There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
variable, and remove emacs-pinentry, since everyone is saying that it's
no longer useful.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#52483
; Package
guix
.
(Thu, 23 Dec 2021 00:02:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 52483 <at> debbugs.gnu.org (full text, mbox):
On Sun, Dec 19, 2021 at 03:36:25PM -0500, Leo Famulari wrote:
> On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > > 2.2.32.
>
> I see that my message was confusing, with mixed up version numbers.
> There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
> I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
> variable, and remove emacs-pinentry, since everyone is saying that it's
> no longer useful.
Here are patches for this: <https://issues.guix.gnu.org/52744>
Reply sent
to
Leo Famulari <leo <at> famulari.name>
:
You have taken responsibility.
(Sun, 26 Dec 2021 22:47:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>
:
bug acknowledged by developer.
(Sun, 26 Dec 2021 22:47:01 GMT)
Full text and
rfc822 format available.
Message #40 received at 52483-done <at> debbugs.gnu.org (full text, mbox):
On Sun, Dec 19, 2021 at 03:36:25PM -0500, Leo Famulari wrote:
> On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > > 2.2.32.
>
> I see that my message was confusing, with mixed up version numbers.
> There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
> I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
> variable, and remove emacs-pinentry, since everyone is saying that it's
> no longer useful.
I pushed commit d03aa942d, which makes GnuPG 2.2.32 available in the UI.
I didn't remove emacs-pinentry... that's something that Emacs users
should decide how to handle.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Mon, 24 Jan 2022 12:24:12 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 63 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.