[pkg-gnupg-maint] Changes for GnuPG in debian
Bill Allombert
ballombe at debian.org
Thu Aug 4 21:16:32 UTC 2016
On Thu, Aug 04, 2016 at 02:57:51PM -0400, Daniel Kahn Gillmor wrote:
> > How will that work for popularity-contest ?
> > popularity-contest use gpg for encryption and not signature, and this
> > is not handled by gpgv.
>
> Thanks for the prompt followup! I just did a quick scan of
> popularity-contest and it looks to me like it all works smoothly with
> 2.1 providing /usr/bin/gpg.
>
> > Specifically in /etc/cron.daily/popularity-contest
> >
> > GPGHOME=`mktemp -d`
> > $GPG --batch --no-options --no-default-keyring --trust-model=always \
> > --homedir "$GPGHOME" --keyring $KEYRING --quiet \
> > --armor -o "$POPCONGPG" -r $POPCONKEY --encrypt "$POPCON"
> > rm -rf "$GPGHOME"
>
> This looks fine. If you're willing to Depends: gnupg (>= 2.1.14) in the
> future, you could change this to use "--recipient-file $KEYRING" instead
> of "--trust-model=always --keyring $KEYRING -r $POPCONKEY", but given
> that the current code works on all versions i'd recommend that you just
> keep it as it is.
Thanks, will do at some point.
> One proposed cleanup patch is attached (use fingerprints instead of
> keyids as a general best practice!), but shouldn't be immediately
> necessary or relevant to the upgrade.
There is only one key in the keyring. It would be simpler not to specify
a key at all, but I could not find a way to do it. Using fingerprint
is slightly worse.
Cheers,
--
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
More information about the pkg-gnupg-maint
mailing list