Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GnuPG 2.0 and 2.1 incompatibilities #4888

Closed
peti opened this issue Nov 8, 2014 · 2 comments
Closed

GnuPG 2.0 and 2.1 incompatibilities #4888

peti opened this issue Nov 8, 2014 · 2 comments
Labels
0.kind: bug

Comments

@peti
Copy link
Member

peti commented Nov 8, 2014

Commit 850da18 from @wkennington updated the default version of the GNU Privacy Guard a.k.a. GPG to version 2.1. Unfortunately, this update broke the gpg-related tests of git-annex, http://hydra.cryp.to/build/237307/nixlog/1/raw, apparently because there is some subtle change in the behavior of the GPG 1.x compatibility layer (git-annex relies on gnupg1compat rather than using gpg2 directly).

To remedy that issue, I fixed gpg1compat to use version 2.0 in 4c84621. This is no good solution, unfortunately, because now people who rely on `gnupg1' end up having a version of GnuPG 2.0 in their profile that cannot talk to the gpg-agent from version 2.1, which happens to be the one that's installed in the system by default.

In it's current state, gpg1 does not work reliably in NIxOS. To work around this issue, I would suggest that we revert to version 2.0 until we've had time to figure out what exactly has changed between versions 2.1 and 2.0 and why this affects gpg1compat.
peti added a commit to peti/nixpkgs that referenced this issue Nov 9, 2014
@peti
Switch the default version of GNU Privacy Guard back to 2.0.
3b96e0c 
This patch effectively undoes @wkennington's update from 850da18. The problem
with GnuPG 2.1 is that its built-in 1.x compatibility differs from the one
provided in version 2.0, and these changes break 'gpg1compat in ways we don't
understand yet.

Commit 4c84621 attempted to remedy that issue by fixing gpg1compat to GPG 2.0,
but this caused further trouble because the GPG agent from versions 2.0 and 2.1
are incompatible, so users of the GPG 1.x interface (who were using GPG 2.0)
could not talk to their X session's agent (which comes from GPG 2.1).

The corresponding ticket is NixOS#4888.
@robberer
Copy link
Contributor

FYI: Another thing I came across, due to a broken clawsmail pgp, was that the handling of gpg-agent differs from version 2.0 . GnuPG 2.1 do not use GPG_AGENT_INFO anymore. Instead it search for the gpg-agent socket in ~/.gnupg/S.gpg-agent

https://gnupg.org/faq/whats-new-in-2.1.html

With GnuPG 2.1 the need of GPG_AGENT_INFO has been completely removed and the variable is ignored. Instead a fixed Unix domain socket named S.gpg-agent in the GnuPG home directory (by default ~/.gnupg) is used. The agent is also started on demand by all tools requiring services from the agent.

@rworkman
Copy link

For now at least, setting GPG_AGENT_INFO to $HOME/.gnupg/S.gpg-agent seems to make claws-mail work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@peti @rworkman @robberer