Re: A note on updating security/gnupg20 -> gnupg

2018-01-07 Thread Adam Weinberger 

On 7 Jan, 2018, at 7:33, David Wolfskill  wrote:

I had been using security/gnupg20 with mail/mutt, based on a
misunderstanding on my part (back when the security/gnupg20 port was
created).

Now that security/gnupg20 has been expired and removed, I had motivation
to look into the situation in more detail; I found that security/gnupg
(now at 2.2.4) works fine with mail/mutt -- if I made a change (in
~/.muttrc) to the way gpg is invoked.  E.g., I changed:

set pgp_decrypt_command="gpg2 --passphrase-fd 0 --no-verbose --batch  
--output - %f"


to

pgp_decrypt_command="gpg2 %?p?--passphrase-fd 0 --pinentry-mode=loopback?  
--no-verbose --batch --output - %f"


The salient differences appear to be the insertion of "%?p?" before
"--passphrase-fd 0" and the insertion of "--pinentry-mode=loopback?".


The changes to ~/.muttrc appear to have been sufficient (in my case) for
mutt to be able to use security/gnupg (vs. security/gnupg20) for
encryption and decryption of PGP-compatible email messages.


Finally, on the actual replacement: I did this on three systems; on two
of those, I update ports via portmaster; on the other, I update them
from a locally-built repository (via "pkg upgrade").

For the systems using portmaster, "portmaster -o security/gnupg
gnupg20-2.0.30_2" worked well.   (My thanks to Doug Barton and Stefan
Esser!)

When I ran "pkg upgrade" on the system I update that way, there was
no indication that the status of security/gnupg* had changed since
the previous update (one week ago -- shortly before the removal of
security/gnupg20).  I ended up performing "pkg delete security/gnupg20",
followed by "pkg install security/gnupg" -- which worked.  (I had
previously updated the list of packages to build on my build machine,
to replace security/gnupg20 by security/gnupg.)

My concern about that last point is that if I were only updating ports
via "pkg upgrade", I would not have known that security/gnupg20 no
longer existed (well, unless I read the svn-ports-head list, or polled
the svn log for ports/security/Makefile -- or some other
similarly-unlikely activity for someone updating via packages only).

Perhaps I'm overlooking something.


In any case: If you use mutt with security/gnupg20 and migrate to
security/gnupg, and find that you cannot decrypt encrypted messages any
more, you should check your ~/.muttrc: you probably need to change the
"gpg" (or "gpg2") invocations; in my experience, that is a necessary and
sufficient change to make encryption and decryption work again.

Peace,
david


I can't speak much to the pkg upgrade process, but the switch should happen
pretty transparently.

As for the mutt invocation, I've added your muttrc line to ports/UPDATING.
I strongly recommend using security/gpgme instead unless you specifically
need gpg called in a nonstandard way.

# Adam


--
Adam Weinberger
ad...@adamw.org
http://www.adamw.org

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

A note on updating security/gnupg20 -> gnupg

2018-01-07 Thread David Wolfskill 
I had been using security/gnupg20 with mail/mutt, based on a
misunderstanding on my part (back when the security/gnupg20 port was
created).

Now that security/gnupg20 has been expired and removed, I had motivation
to look into the situation in more detail; I found that security/gnupg
(now at 2.2.4) works fine with mail/mutt -- if I made a change (in
~/.muttrc) to the way gpg is invoked.  E.g., I changed:

set pgp_decrypt_command="gpg2 --passphrase-fd 0 --no-verbose --batch --output - 
%f"

to

pgp_decrypt_command="gpg2 %?p?--passphrase-fd 0 --pinentry-mode=loopback? 
--no-verbose --batch --output - %f"

The salient differences appear to be the insertion of "%?p?" before
"--passphrase-fd 0" and the insertion of "--pinentry-mode=loopback?".


The changes to ~/.muttrc appear to have been sufficient (in my case) for
mutt to be able to use security/gnupg (vs. security/gnupg20) for
encryption and decryption of PGP-compatible email messages.


Finally, on the actual replacement: I did this on three systems; on two
of those, I update ports via portmaster; on the other, I update them
from a locally-built repository (via "pkg upgrade").

For the systems using portmaster, "portmaster -o security/gnupg
gnupg20-2.0.30_2" worked well.   (My thanks to Doug Barton and Stefan
Esser!)

When I ran "pkg upgrade" on the system I update that way, there was
no indication that the status of security/gnupg* had changed since
the previous update (one week ago -- shortly before the removal of
security/gnupg20).  I ended up performing "pkg delete security/gnupg20",
followed by "pkg install security/gnupg" -- which worked.  (I had
previously updated the list of packages to build on my build machine,
to replace security/gnupg20 by security/gnupg.)

My concern about that last point is that if I were only updating ports
via "pkg upgrade", I would not have known that security/gnupg20 no
longer existed (well, unless I read the svn-ports-head list, or polled
the svn log for ports/security/Makefile -- or some other
similarly-unlikely activity for someone updating via packages only).

Perhaps I'm overlooking something.


In any case: If you use mutt with security/gnupg20 and migrate to
security/gnupg, and find that you cannot decrypt encrypted messages any
more, you should check your ~/.muttrc: you probably need to change the
"gpg" (or "gpg2") invocations; in my experience, that is a necessary and
sufficient change to make encryption and decryption work again.

Peace,
david
-- 
David H. Wolfskill  da...@catwhisker.org
A "Birther" calls himself a "a very stable genius" -- same level of truth? 

See http://www.catwhisker.org/~david/publickey.gpg for my public key.


signature.asc
Description: PGP signature