From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: GnuPG Date: Mon, 29 Mar 2021 22:14:10 +0100 Message-ID: In-Reply-To: <1848d958-f436-30a1-eb43-6d26af940c14@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0598017945083075338==" List-Id: --===============0598017945083075338== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, > On 29 Mar 2021, at 21:51, Adolf Belka wrote: >=20 > Hi Michael, >=20 > On 29/03/2021 22:22, Michael Tremer wrote: >> Hello, >> As far as I know we do not use any exotic functionality. >> The main (and maybe even only) user is pakfire, if that works we are fine.= If that breaks, we are a bit screwed :) > Understand. At the worst we just stay where we are on the 1.4 classic branc= h. > Based on the input from Peter I did some searching and may have found some = command line options related to the pinentry aspect that disable it. Pinentry will probably be required to be there as a build and runtime depende= ncy, but we are not using it. > I will try to build and if successful, I will install the built iso and see= how pakfire works for addon installs. If it works okay then I will provide a= patch for wider review and testing. If it doesn't then I will leave things a= s they are for now. Importing the keys and validating the packages should not have changed. If it= did, a couple of command line switch updates will do it. So we should be abl= e to tackle this :) -Michael > Thanks and regards, > Adolf. >> -Michael >>> On 27 Mar 2021, at 21:39, Adolf Belka wrote: >>>=20 >>> Hi Peter, >>>=20 >>> On 27/03/2021 21:11, Peter M=C3=BCller wrote: >>>> Hello Adolf, >>>> hello development folks, >>>> sorry for my tardy reply. >>> No problems. I know you have been and are very busy people. >>>>> Is IPFire using the 1.4 Branch because there is some historic requireme= nt for the older insecure keys. >>>> (Assuming this was a question:) To my knowledge, we do not have key mate= rial in operation that would not >>>> be supported by GnuPG 2.x - the "classic" branch simply is more lightwei= ght than the 2.x branch. >>>> The last time I looked at this, GnuPG 2.x required some flavour of the "= pinentry" helper for entering >>>> passphrases, and won't compile without. Since there is no manual interac= tion on a firewall, "pinentry" >>>> is useless, but I was unable to work out how to omit it in GnuPG 2.x . >>> Thanks for the heads up on this. >>>> Things could have been changed, meanwhile. Perhaps this is now possible,= so if you have some spare time >>>> to look at this, go ahead. :-) >>> I will give it a try. The worst that can happen is that I can't get it wo= rking and we stay with the status quo which is working currently. >>>> Thank you very much in advance for your efforts - and all your patches o= f the last weeks. >>> I am glad to help where I can.I know I can't help you with the real core = stuff, my capabilities aren't sufficient but I can generally help with provid= ing update patches on anything that I find has newer versions. >>>=20 >>> Regards, >>> Adolf >>>=20 >>>> Thanks, and best regards, >>>> Peter M=C3=BCller --===============0598017945083075338==--