Bug#787860: Bug#760102: gnome keyring & gpg agent

Michael Biebl biebl at debian.org
Fri Jun 5 19:33:35 UTC 2015


On Fri, 05 Jun 2015 14:57:40 -0400 Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On Fri 2015-06-05 13:25:42 -0400, Michael Biebl wrote:
> > Well, assuming that seahorse does work properly with gnupg2.
> > That's basically my question.
> 
> The seahorse source code seems to actually behave completely differently
> depending on whether it is built with modern versions of any branch
> (meaning: gpg >= 1.4.10, or gpg2 >= 2.0.12) versus older versions.  (see
> pgp/seahorse-gpgme-key-op.h).  :(

Right, I just had glanced quickly at configure.ac which indicated that
this is a compile time behaviour and not something which seahorse
determines during runtime.

> This is not great engineering practice, because the version built
> against isn't guaranteed to match the version that's running.

I agree.

> That said, even oldoldstable builds and runs "modern versions" by this
> metric.

Right, but since we build against gnupg by default, a hard depends atm
seems still warranted, and we can't drop it just yet.

> I just tested seahorse on a minimal-ish unstable gnome install, where i
> did "dpkg --force-depend --purge gnupg".
> 
> Unfortunately, it looks like seahorse embeds the string "gpg" in it, so
> it's looking for /usr/bin/gpg.
> 
> Running seahorse in this configuration produces lots of errors of this
> form:
> 
>    operation-Message: couldn't initialize gnupg properly: Invalid crypto engine
> 
> The attached patch should resolve things for future versions of
> seahorse, though, both on build-time detection and on runtime
> flexibility.

Since carrying patches downstream comes with a maintenance cost, we try
to avoid that as much as possible.
It thus would be great if you can forward this upstream, since this
doesn't look like a Debian specific issue.

> (the attached patch touches both ./configure.ac and ./configure -- since
> the package appears to be doing autoreconf, maybe the modifications to
> ./configure are unnecessary)
> 
> The only failures i'm now running into with seahorse like this are
> failures due to gcr_importer hard-coding paths to gpg as well, so those
> are bugs i'll file separately..

Same here, would be great if you can file them also upstream.


Thanks a lot Daniel, your efforts are really appreciated.

Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20150605/5ac9c677/attachment.sig>


More information about the pkg-gnome-maintainers mailing list