Re: gnupload and gpg2
On Sat, May 19, 2018 at 4:14 PM, Bruno Haiblewrote: > Hi Jim, > >> The only thing I would have done differently would be to add >> "FIXME-2020" or similar to your comment > > Why 2020? I wrote: > > Ubuntu 2016.04 (which is supported until April 2021, > that is, 3 years from now), has `gpg --version` = 1.x. > > So, if it's supported until April 2021, you can assume some users will use > it until 2025. In order to not gratuitously hurt these users, I would suggest > keep this code until at least 2025. Hi Bruno, This is a tool by which one uploads signed tarballs to (usually) GNU servers, presumably for mass distribution. As such, I think we are justified in holding packagers/uploaders to a higher standard. At the very least, we should feel justified in expecting that an uploader run on a reasonably secure system: i.e., one that is still being maintained. That said, you're welcome to change the comment however you'd like. Thanks for all your help, Jim
Re: gnupload and gpg2
On Sat, May 19, 2018 at 4:02 AM, Bruno Haiblewrote: > There was no comment from Jim. So I pushed this: > > 2018-05-19 Bruno Haible > > gnupload: Fix "gpg-agent is not available in this session" error. > * build-aux/gnupload (GPG): Pick the right GNUPG executable to use. > > diff --git a/build-aux/gnupload b/build-aux/gnupload > index 2a0bfa3..0d92923 100755 > --- a/build-aux/gnupload > +++ b/build-aux/gnupload > @@ -24,7 +24,31 @@ scriptversion=2018-03-07.03; # UTC > > set -e > > -GPG='gpg --batch --no-tty' > +GPG=gpg > +# Choose the proper version of gpg, so as to avoid a > +# "gpg-agent is not available in this session" error > +# when gpg-agent is version 2 but gpg is still version 1. > +# This code can go away once all major distributions ship gpg version 2 > +# as /usr/bin/gpg. > +gpg_agent_version=`(gpg-agent --version) 2>/dev/null | sed -e '2,$d' -e > 's/^[^0-9]*//'` > +case "$gpg_agent_version" in > + 2.*) > +gpg_version=`(gpg --version) 2>/dev/null | sed -e '2,$d' -e > 's/^[^0-9]*//'` > +case "$gpg_version" in > + 1.*) > +if (type gpg2) >/dev/null 2>/dev/null; then > + # gpg2 is present. > + GPG=gpg2 > +else > + # gpg2 is missing. Ubuntu users should install the package > 'gnupg2'. > + echo "WARNING: Using 'gpg', which is too old. You should install > 'gpg2'." 1>&2 > +fi > +;; > +esac > +;; > +esac > + > +GPG="${GPG} --batch --no-tty" > conffile=.gnuploadrc > to= > dry_run=false Thanks for addressing that and for dealing with my non-response. The only thing I would have done differently would be to add "FIXME-2020" or similar to your comment, so that when we grep for things likely to benefit from a change, we'll find this, along with an easy-to-check year indicator. So I've just pushed a change to do that: -# This code can go away once all major distributions ship gpg version 2 -# as /usr/bin/gpg. +# FIXME-2020: remove, once all major distros ship gpg version 2 as /usr/bin/gpg
Re: gnupload and gpg2
There was no comment from Jim. So I pushed this: 2018-05-19 Bruno Haiblegnupload: Fix "gpg-agent is not available in this session" error. * build-aux/gnupload (GPG): Pick the right GNUPG executable to use. diff --git a/build-aux/gnupload b/build-aux/gnupload index 2a0bfa3..0d92923 100755 --- a/build-aux/gnupload +++ b/build-aux/gnupload @@ -24,7 +24,31 @@ scriptversion=2018-03-07.03; # UTC set -e -GPG='gpg --batch --no-tty' +GPG=gpg +# Choose the proper version of gpg, so as to avoid a +# "gpg-agent is not available in this session" error +# when gpg-agent is version 2 but gpg is still version 1. +# This code can go away once all major distributions ship gpg version 2 +# as /usr/bin/gpg. +gpg_agent_version=`(gpg-agent --version) 2>/dev/null | sed -e '2,$d' -e 's/^[^0-9]*//'` +case "$gpg_agent_version" in + 2.*) +gpg_version=`(gpg --version) 2>/dev/null | sed -e '2,$d' -e 's/^[^0-9]*//'` +case "$gpg_version" in + 1.*) +if (type gpg2) >/dev/null 2>/dev/null; then + # gpg2 is present. + GPG=gpg2 +else + # gpg2 is missing. Ubuntu users should install the package 'gnupg2'. + echo "WARNING: Using 'gpg', which is too old. You should install 'gpg2'." 1>&2 +fi +;; +esac +;; +esac + +GPG="${GPG} --batch --no-tty" conffile=.gnuploadrc to= dry_run=false
Re: gnupload and gpg2
Paul Eggert wrote: > Maybe not bother to invoke gpg --version unless gpg_agent_version is 2? Sure, that's a small speedup. Will do. > Also, no need for the sed. Something like this perhaps: > >case "`(gpg-agent --version) 2>/dev/null`" in > *'(GnuPG) 2.'*) >case "`(gpg --version) 2>/dev/null`" in > *'(GnuPG) 1.'*) >... I wouldn't like to do this, for two reasons: * The output of "gpg --version" contains other stuff, that may change without notice. I can't predict which substrings this stuff may contain, five years from now. * The HP-UX shell behaves weirdly if the expansion of the 'case' argument is longer than ca. 100 or 128 characters. Saw this once, years ago, and since then I always made sure to use only small strings in 'case'. So, I cannot tell whether the problem is still visible (on HP-UX or on other deficient systems that may use a similar version of sh). Bruno
Re: gnupload and gpg2
The patch's basic idea looks good; thanks. On 05/17/2018 01:46 PM, Bruno Haible wrote: +gpg_version=`(gpg --version) 2>/dev/null | sed -e '2,$d' -e 's/^[^0-9]*//'` +gpg_agent_version=`(gpg-agent --version) 2>/dev/null | sed -e '2,$d' -e 's/^[^0-9]*//'` +case "$gpg_agent_version" in + 2.*) +case "$gpg_version" in + 1.*) Maybe not bother to invoke gpg --version unless gpg_agent_version is 2? Also, no need for the sed. Something like this perhaps: case "`(gpg-agent --version) 2>/dev/null`" in *'(GnuPG) 2.'*) case "`(gpg --version) 2>/dev/null`" in *'(GnuPG) 1.'*) ...