[pkg-gnupg-maint] experimental: making gnupg "modern" in debian

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Apr 1 17:20:29 UTC 2016 

Hey all--

I've done a bit of maintenance of the existing packaging for gnupg and
gnupg2, and pushed a new release of gnupg 1.4.20-5 (to unstable) and
gnupg2 2.1.11-6+exp4 (to experimental).

gnupg2 is getting updates in experimental right now because of its
dependency on an experimental version of gcrypt to get win32 bindings.

These updates have been in preparation for larger change: an
experimental transition that we discussed at debconf last year: to have
the gnupg2 2.1 sources provide /usr/bin/gpg, and have the gnupg 1.4
sources move out of the way, over to /usr/bin/gpg1.

On top of the releases i just made, i also pushed a branch in each of
the packaging repos:

  gnupg/experimental-move-to-gnupg1
  gnupg/experimental-move-to-gnupg

The idea is to cut a release from both of these branches and upload them
into experimental concurrently.  I'm hoping to do that in the next week,
so i'd love any feedback people want to give about the branches listed
above.

Here's what will change:

 * the gnupg source package drops all of its older binary packages and
   starts producing gnupg1, gnupg1-curl, and gpgv1, which ship things
   like /usr/bin/gpg1 and /usr/bin/gpgv1; these are small packages which
   will allow people who really need gpg1 for some reason (e.g. an
   OpenPGP v3 key that is still in active use) to have access to it.

 * the gnupg2 source package provides gnupg and gpgv (which ship
   /usr/bin/gpg and /usr/bin/gpgv), and starts producing arch:all
   transitional packages gnupg2 and gpgv2 that just provide symlinks
   pointing to the main executables and manpages

 * gpgsplit, gpg-zip, and lspgpot are now all shipped in the new gnupg
   binary package from gnupg2 sources, instead of from the gnupg
   sources.  their debian-specific manpages have been moved over from
   the gnupg repo.

 * i've also added NEWS and README.Debian to the gnupg binary package
   explaining the transition; and i've written a helper script for folks
   who want to leave gpg1 behind by converting their pubring to a
   keybox; this is shipping at:
   /usr/bin/migrate-pubring-from-classic-gpg

 * the source package names will stay the same for now.  This might get
   confusing in the future, but the current change is already confusing
   enough.  If people are comfortable with the current situation, we can
   think about the consequences of renaming the source packages (and
   moving the git repos, etc) as well.  Perhaps we would only need to
   rename the gnupg source package to gnupg1 ?

Anyway, i'm running these updates locally now, in the hopes of shaking
out bugs before i upload them into experimental.

If anyone has concerns about this approach, or wants to contribute more
patches and cleanup, that would be great.

Any contributions of simple autopkgtest scripts would be welcome too!

Let me know what you think,

    --dkg

PS:

0 dkg at alice:~$ gpg --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
0 dkg at alice:~$ gpg1 --version
gpg (GnuPG) 1.4.20
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
0 dkg at alice:~$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160401/93f7fd01/attachment.sig>

More information about the pkg-gnupg-maint mailing list