Re: gnupload and gpg2

2018-05-19 Thread Jim Meyering 
On Sat, May 19, 2018 at 4:14 PM, Bruno Haible  wrote:
> Hi Jim,
>
>> The only thing I would have done differently would be to add
>> "FIXME-2020" or similar to your comment
>
> Why 2020? I wrote:
>
>   Ubuntu 2016.04 (which is supported until April 2021,
>   that is, 3 years from now), has `gpg --version` = 1.x.
>
> So, if it's supported until April 2021, you can assume some users will use
> it until 2025. In order to not gratuitously hurt these users, I would suggest
> keep this code until at least 2025.

Hi Bruno,

This is a tool by which one uploads signed tarballs to (usually) GNU
servers, presumably for mass distribution. As such, I think we are
justified in holding packagers/uploaders to a higher standard. At the
very least, we should feel justified in expecting that an uploader run
on a reasonably secure system: i.e., one that is still being
maintained.

That said, you're welcome to change the comment however you'd like.

Thanks for all your help,
Jim

Re: gnupload and gpg2

2018-05-19 Thread Jim Meyering 
On Sat, May 19, 2018 at 4:02 AM, Bruno Haible  wrote:
> There was no comment from Jim. So I pushed this:
>
> 2018-05-19  Bruno Haible  
>
> gnupload: Fix "gpg-agent is not available in this session" error.
> * build-aux/gnupload (GPG): Pick the right GNUPG executable to use.
>
> diff --git a/build-aux/gnupload b/build-aux/gnupload
> index 2a0bfa3..0d92923 100755
> --- a/build-aux/gnupload
> +++ b/build-aux/gnupload
> @@ -24,7 +24,31 @@ scriptversion=2018-03-07.03; # UTC
>
>  set -e
>
> -GPG='gpg --batch --no-tty'
> +GPG=gpg
> +# Choose the proper version of gpg, so as to avoid a
> +# "gpg-agent is not available in this session" error
> +# when gpg-agent is version 2 but gpg is still version 1.
> +# This code can go away once all major distributions ship gpg version 2
> +# as /usr/bin/gpg.
> +gpg_agent_version=`(gpg-agent --version) 2>/dev/null | sed -e '2,$d' -e 
> 's/^[^0-9]*//'`
> +case "$gpg_agent_version" in
> +  2.*)
> +gpg_version=`(gpg --version) 2>/dev/null | sed -e '2,$d' -e 
> 's/^[^0-9]*//'`
> +case "$gpg_version" in
> +  1.*)
> +if (type gpg2) >/dev/null 2>/dev/null; then
> +  # gpg2 is present.
> +  GPG=gpg2
> +else
> +  # gpg2 is missing. Ubuntu users should install the package 
> 'gnupg2'.
> +  echo "WARNING: Using 'gpg', which is too old. You should install 
> 'gpg2'." 1>&2
> +fi
> +;;
> +esac
> +;;
> +esac
> +
> +GPG="${GPG} --batch --no-tty"
>  conffile=.gnuploadrc
>  to=
>  dry_run=false

Thanks for addressing that and for dealing with my non-response.
The only thing I would have done differently would be to add
"FIXME-2020" or similar to your comment, so that when we grep for
things likely to benefit from a change, we'll find this, along with an
easy-to-check year indicator.

So I've just pushed a change to do that:

-# This code can go away once all major distributions ship gpg version 2
-# as /usr/bin/gpg.
+# FIXME-2020: remove, once all major distros ship gpg version 2 as /usr/bin/gpg

Re: gnupload and gpg2

2018-05-19 Thread Bruno Haible 
There was no comment from Jim. So I pushed this:


2018-05-19  Bruno Haible  

gnupload: Fix "gpg-agent is not available in this session" error.
* build-aux/gnupload (GPG): Pick the right GNUPG executable to use.

diff --git a/build-aux/gnupload b/build-aux/gnupload
index 2a0bfa3..0d92923 100755
--- a/build-aux/gnupload
+++ b/build-aux/gnupload
@@ -24,7 +24,31 @@ scriptversion=2018-03-07.03; # UTC
 
 set -e
 
-GPG='gpg --batch --no-tty'
+GPG=gpg
+# Choose the proper version of gpg, so as to avoid a
+# "gpg-agent is not available in this session" error
+# when gpg-agent is version 2 but gpg is still version 1.
+# This code can go away once all major distributions ship gpg version 2
+# as /usr/bin/gpg.
+gpg_agent_version=`(gpg-agent --version) 2>/dev/null | sed -e '2,$d' -e 
's/^[^0-9]*//'`
+case "$gpg_agent_version" in
+  2.*)
+gpg_version=`(gpg --version) 2>/dev/null | sed -e '2,$d' -e 's/^[^0-9]*//'`
+case "$gpg_version" in
+  1.*)
+if (type gpg2) >/dev/null 2>/dev/null; then
+  # gpg2 is present.
+  GPG=gpg2
+else
+  # gpg2 is missing. Ubuntu users should install the package 'gnupg2'.
+  echo "WARNING: Using 'gpg', which is too old. You should install 
'gpg2'." 1>&2
+fi
+;;
+esac
+;;
+esac
+
+GPG="${GPG} --batch --no-tty"
 conffile=.gnuploadrc
 to=
 dry_run=false

Re: gnupload and gpg2

2018-05-17 Thread Bruno Haible 
Paul Eggert wrote:
> Maybe not bother to invoke gpg --version unless gpg_agent_version is 2? 

Sure, that's a small speedup. Will do.

> Also, no need for the sed. Something like this perhaps:
> 
>case "`(gpg-agent --version) 2>/dev/null`" in
>  *'(GnuPG) 2.'*)
>case "`(gpg --version) 2>/dev/null`" in
>  *'(GnuPG) 1.'*)
>...

I wouldn't like to do this, for two reasons:

  * The output of "gpg --version" contains other stuff, that may change
without notice. I can't predict which substrings this stuff may contain,
five years from now.

  * The HP-UX shell behaves weirdly if the expansion of the 'case' argument
is longer than ca. 100 or 128 characters. Saw this once, years ago, and
since then I always made sure to use only small strings in 'case'.
So, I cannot tell whether the problem is still visible (on HP-UX or
on other deficient systems that may use a similar version of sh).

Bruno

Re: gnupload and gpg2

2018-05-17 Thread Paul Eggert 

The patch's basic idea looks good; thanks.

On 05/17/2018 01:46 PM, Bruno Haible wrote:

+gpg_version=`(gpg --version) 2>/dev/null | sed -e '2,$d' -e 's/^[^0-9]*//'`
+gpg_agent_version=`(gpg-agent --version) 2>/dev/null | sed -e '2,$d' -e 
's/^[^0-9]*//'`
+case "$gpg_agent_version" in
+  2.*)
+case "$gpg_version" in
+  1.*)


Maybe not bother to invoke gpg --version unless gpg_agent_version is 2? 
Also, no need for the sed. Something like this perhaps:


  case "`(gpg-agent --version) 2>/dev/null`" in
    *'(GnuPG) 2.'*)
  case "`(gpg --version) 2>/dev/null`" in
    *'(GnuPG) 1.'*)
  ...