[pkg-gnupg-maint] Backport of GnuPG 2.1

Luca Capello luca.capello at infomaniak.com
Wed Mar 1 22:23:59 UTC 2017 

block 822974 by 834281
thanks

Hi Daniel,

On Wed, 08 Feb 2017 18:58:20 -0500, Daniel Kahn Gillmor wrote:
> On Wed 2017-02-08 15:05:09 -0500, Luca Capello wrote:
> 
> >> Daniel, what do you think about adding the jessie-backports branches I
> >> have locally to the corresponding Git repositories on Alioth?
> 
> I think this is a great idea.  gcrypt isn't in the pkg-gnupg git
> repos -- i don't know how Andreas wants to handle that.  But if you've
> got patch series you want to propose for the pkg-gnupg repos, please
> point me at them, either by sending them to this bug report, or by
> pointing me to some other git repos (personal repos on alioth are also
> fine), i can review and import them.

Anything that involves `git format-patch` is missing the OpenPGP
signatures for the commits/tags and this is a no-op, sorry ;-)

I am discussing at work to temporarily open up to the external world the
"needed" repositories hosted on our internal GitLab instance, so I will
be back soon with the links.

> > I will work on the GnuPG 2.1 backports ASAP and report back.
> 
> very much appreciated, thanks!  happy to chat on IRC if you run into any
> trouble.

Done:

--8<---------------cut here---------------start------------->8---
gnupg2 (2.1.18-3~bpo8+1) jessie-backports; urgency=medium

  * Rebuild for jessie-backports.
  * debian/clean:
    - remove build-gpgv-win32.
  * debian/control:
    + add myself to Uploaders:.
    - remove Build-Depends-Indep: and gpgv-win32 binary package,
      no libz-mingw-w64-dev.
    - remove gpgv-static binary package, -pie errors with gcc4.9.
  * debian/gbp.conf:
    + add debian-branch=jessie-backports.
  * debian/rules:
    - remove mingw-related variable and override_dh_auto_build-indep.
    - remove gpgv-static-related variable and commands.

 -- Luca Capello <luca.capello at infomaniak.com>  Tue, 28 Feb 2017 21:05:34 +0100

--8<---------------cut here---------------end--------------->8---

Some notes:

* 2.1.18-6, the current version in sid, has (still) not migrated.

* I wanted to reduce to a minimum the delta WRT to stretch.

* building the gpgv-win32 binary package is IMHO useless, AFAIK it is
  used only by the Windows' d-i and I would prefer the stretch version
  of the latter to be tested instead.

* any try to build the gpgv-static binary package ended with the same
  failure:

    /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.9/crtbeginT.o:
     relocation R_X86_64_32 against `__TMC_END__' can not be used when
     making a shared object; recompile with -fPIC
    /usr/lib/gcc/x86_64-linux-gnu/4.9/crtbeginT.o:
     error adding symbols: Bad value
    collect2: error: ld returned 1 exit status

  "any try" (obviously) means playing with the GPGV_STATIC_HARDENING
  variable:

    <https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git/tree/debian/rules?h=debian/2.1.18-3#n17>
     
    cd build-gpgv-static/g10 && /usr/bin/make LDFLAGS="$LDFLAGS "-pie" -static" gpgv
    cd build-gpgv-static/g10 && /usr/bin/make LDFLAGS="$LDFLAGS -static" gpgv
    cd build-gpgv-static/g10 && /usr/bin/make LDFLAGS="$LDFLAGS "-fPIC" -static" gpgv

  In the end, I decided to completely remove the gpg-static binary
  package, NEW since stretch and AFAIK only used on non-Debian-native
  GNU/Linux OSes.

* now the stage is for the Breaks: packages needing a jessie-backports
  as well:

  - debsig-verify (<< 0.15)
    => I have not used it yet

  - libgnupg-interface-perl (<< 0.52-3)
    => done (a simple rebuild to be uploaded soon, Debian Perl Group
       Bcc:ed, BTS updated), Depends: for signing-party and fixed to
       support GnuPG 2.1 by yourself:

         <https://bugs.debian.org/834281>
       
  - libmail-gnupg-perl (<= 0.22-1)
    => I have not used it yet

  - monkeysphere (<< 0.38~)
    => I have not used it yet, even if it was on my ToCheck list for SSH
       via OpenPGP A subkeys, but GnuPG 2.1 natively does the trick,
       even for on-disk subkeys.

  - php-crypt-gpg (<= 1.4.1-1)
    => I have not used it yet
    
  - python-apt (<= 1.1.0~beta4)
    => Depends: for apt-listchanges and debsecan

  - python3-apt (<= 1.1.0~beta4)
    => Depends: for gdebi and unattended-upgrade
  
  - python-gnupg (<< 0.3.8-3)
    => I have not used it yet

* I have not tested yet the binary packages because of the python*-apt
  Breaks: on all my machines, but I will soon set up a test chroot for
  that.

Thx, bye,
Gismo / Luca

-- 
Luca Capello
Administrateur GNU/Linux

Infomaniak Network SA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20170301/8a69200b/attachment.sig>

More information about the Pkg-gnutls-maint mailing list