From owner-freebsd-ports@FreeBSD.ORG Sun May 24 18:13:24 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 38814BEF for ; Sun, 24 May 2015 18:13:24 +0000 (UTC) Received: from albert.catwhisker.org (mx.catwhisker.org [198.144.209.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CD2F51156 for ; Sun, 24 May 2015 18:13:23 +0000 (UTC) Received: from albert.catwhisker.org (localhost [127.0.0.1]) by albert.catwhisker.org (8.14.9/8.14.9) with ESMTP id t4OIDLwU002140 for ; Sun, 24 May 2015 11:13:21 -0700 (PDT) (envelope-from david@albert.catwhisker.org) Received: (from david@localhost) by albert.catwhisker.org (8.14.9/8.14.9/Submit) id t4OIDLjr002139 for freebsd-ports@freebsd.org; Sun, 24 May 2015 11:13:21 -0700 (PDT) (envelope-from david) Date: Sun, 24 May 2015 11:13:21 -0700 From: David Wolfskill To: freebsd-ports@freebsd.org Subject: Any guidance for gnupg-2.0 -> gnupg-2.1 (archived encrypted email)? Message-ID: <20150524181321.GB1214@albert.catwhisker.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="CUfgB8w4ZwR/yMy5" Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 May 2015 18:13:24 -0000 --CUfgB8w4ZwR/yMy5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable For the most part, I am fairly aggressive about ensuring that the FreeBSD systems I use day-to-day are running a recent STABLE snapshot, and that installed ports are also out-of-date by no more than a week. Last November, I encountered a reason to deviate from that: When security/gnupg became gnupg-2.1, I found that gnupg-2.1 was unable to decrypt some (well, any, in my experience) archived encrypted email messages. For me, that is a show-stopper; I was relieved to find that I could switch to security/gnupg20 and restore the previous functionality. (Thank you, kuriyama@, for keeping security/gnupg20 available!) For most pruposes, this fallback works OK. But there are a couple of issues: * I'm relying on code that isn't being maintained. And at some point, it won't work any more. Or I'll find that I "need" to run the new(er) version for some other reason. * There exists at least one port that I have installed (emulators/pipelight) that is constructed in such a way that it requires security/gnupg -- though as far as I can tell, security/gnupg20 would satisfy the actual requirement for a functioning ${LOCALBASE}/bin/gpg2: g1-254(10.1-S)[1] pkg which /usr/local/bin/gpg2 /usr/local/bin/gpg2 was installed by package gnupg20-2.0.27 g1-254(10.1-S)[2] pkg info -o gnupg20-2.0.27 gnupg20-2.0.27 security/gnupg20 -- I'd submit a PR w/patch if a had a clue how to get pipelight & portmaster to just use the already-installed executable. For the latter issue, my current (ugly!) evasive maneuver is to run: portmaster -o security/gnupg `pkg info gnupg\*` before updating emulators/pipelight, and: portmaster -o security/gnupg20 `pkg info gnupg\*` afterward. This isn't the sort of thing I'd care to hold up as an exemplar of the FreeBSD experience. :-} I waited for a while, in the hope that the folks at gnupg.org would realize the magnitude of the issue and address it, with at least some sort of guide for those who found themselves in such a position -- I expect that there are more than just a few others who are in a similar state of having encrypted archived data that gnupg-2.1 will not decrypt -- but reading things like , and particularly , left me a bit discouraged on that front. So I came to freebsd-ports@, where I'm hoping that there are some clueful folks who are also a bit more, shall we say, sensitive to things like "POLA" and "backwards compatibility" -- as well as history -- to ask if anyone else has figured out a better way to cope, or found a write-up of same (and would be willing to share). FWIW, the bulk of the encrypted data I have archived is email messages; usually, these are also signed. And some were written by other folks, and I'd like to preserve both my ability to read the messages and the evidence that they were signed by their auhors. Thanks in advance; I'm happy to summarize private responses. Peace, david --=20 David H. Wolfskill david@catwhisker.org Those who murder in the name of God or prophet are blasphemous cowards. See http://www.catwhisker.org/~david/publickey.gpg for my public key. --CUfgB8w4ZwR/yMy5 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJVYhTBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4RThEMDY4QTIxMjc1MDZFRDIzODYzRTc4 QTY3RjlDOERFRjQxOTNCAAoJEIpn+cje9Bk7qbAP/ir2+lh/aZMYDBJpWLFKgmXn 2eWsO2DOBMypnTrufXQbpWAsL/JjTK4Vr0jtdyAehYeVQqhXAvo36HBb1jeoM4/G uaLqZcP3oj0ENFQ9J6LQbNsQ7+2pDzqFQfAQSLbzQ2n3Ij5C25u34Bd8qofsgjXB w/9vfvtd98P8NrLO880cMY/oqS3prDWpipVxoeZADlDR6neQuYIlT+ll7LkgLEar cYKFxBJfRtDKQVBjHojy45RG7QdKUcMpifDC24jn7BXxYbD0jedAYKQvrodYOVxo 1xAASH7Ywq/JYc6FCniomkP1A1rAEh26eorBAyjEUTszYVW8KXQuO/A2GSfpNNIv WtsWVe8PAGl2JG9w4bvZ8VGs2O+c7DxHPEnwDoPC7zgozrOkzK67TRhRNZ5Dp5hT D5e9fv4lHK7KiYtaVc80DDgWlq3cypXuWi0YGD1WTsASNffu2K23zkWr6cGbriLN T8YcbskefqOXAGCJgdoKJnKK/cS6hzVb1zt7GdhcsYYqWZTk12O66BvAUInZmavj HLR1BQYLLg09ZTKiFxSSVbfYfhzFUVKNTG/j0HH81VsSzFWYBFXtbFVIezIYCLSV 1HOqCK9jKUqJwxEq16/mbV0fqOxYXxjQ5VnIhDeFB2SC8CzCdOlkn5mBglXiy2Ck RSrB1jw80JY3izLarlWJ =EBzC -----END PGP SIGNATURE----- --CUfgB8w4ZwR/yMy5--