subject:"Bug#814027\: \[pkg\-gnupg\-maint\] Bug#814027\: Provide gpgv\-udeb from gnupg 1.4 on armel for stretch\?"

Bug#814027: [pkg-gnupg-maint] Bug#814027: Provide gpgv-udeb from gnupg 1.4 on armel for stretch?

2016-02-16 Thread Martin Michlmayr

* Daniel Kahn Gillmor  [2016-02-16 01:34]:
> As for the libgcrypt-udeb dependency, isn't its size amortized by
> cryptsetup's dependency on it as well?

The dependencies for cryptsetup can be loaded over the network, so
size doesn't matter as much.

But for the netboot image (which downloads components over the
network), we have to include gpgv in the actual debian-installer
ramdisk because we need to verify the APT signature before we can
download anything.

On an ARM device I'm trying to support, we only have 4 MB space
for the ramdisk.

> is it possible to reduce the size of libgcrypt20-udeb itself?
> Alternately, we could try building gpgv-udeb with static linkage and see
> if that lets us cull unused parts of gcrypt to make the overall package
> smaller.

Yeah, we can definitely try that.

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#814027: [pkg-gnupg-maint] Bug#814027: Provide gpgv-udeb from gnupg 1.4 on armel for stretch?

2016-02-15 Thread Daniel Kahn Gillmor

Hi Martin--

On Sun 2016-02-07 12:23:06 -0500, Martin Michlmayr wrote:
> I'm trying to support a device in debian-installer which only has 4MB
> space in flash to hold the installer ramdisk.  This just broke due to:
>
> gnupg2 (2.1.11-5) unstable; urgency=medium
>
>   * taking over gpgv-udeb from gnupg 1.4 packaging
>
> The new gpgv-udeb pulls in libgcrypt20-udeb and libgpg-error0-udeb.
> The former in particular is huge.
>
> I assume libgcrypt20 is not optional for gnugpg v2.

That's right, GnuPG 2.x depends explicitly on libgcrypt.  GnuPG 2.1.x
(the "modern" branch) is the only place where GnuPG supports more modern
cryptography (including elliptic curves) and is where the bulk of the
active work on GnuPG is taking place upstream.  I'd really prefer it if
stretch was dependent on 2.1.x and only 2.1.x (1.4.x will stick around
as gnupg1 for those people who really need support for bad old stuff
like PGPv3 keys)

As for the libgcrypt-udeb dependency, isn't its size amortized by
cryptsetup's dependency on it as well?

> I'm wondering... is there any way to continue providing gpgv-udeb from
> gnupg 1.4 on armel for stretch?  I don't mind dropping support for
> this device after stretch but it would be nice to support it in
> stretch.  Unfortunately, I cannot think of anything else to drop from
> the ramdisk.  Let me know what you think.  If providing support from
> gnupg 1.4 for stretch on armel is too much of a hassle, I guess I'll
> have to drop support now.

is it possible to reduce the size of libgcrypt20-udeb itself?
Alternately, we could try building gpgv-udeb with static linkage and see
if that lets us cull unused parts of gcrypt to make the overall package
smaller.

One last option would be to make and ship a gpgv1-udeb that could be
adopted by particularly constrained platforms.

--dkg

Bug#814027: [pkg-gnupg-maint] Bug#814027: Provide gpgv-udeb from gnupg 1.4 on armel for stretch?

Bug#814027: [pkg-gnupg-maint] Bug#814027: Provide gpgv-udeb from gnupg 1.4 on armel for stretch?

2 matches

Site Navigation

Mail list logo

Footer information