who is the target audience of gpgme-tool?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Dec 12 23:17:18 CET 2014


I notice that as of gpgme 1.5.2, the tarball now installs the gpgme-tool
binary.  i'm wondering who the target audience of this binary is.

it's not well documented outside the source, but the source
(src/gpgme-tool.c) says:

static char doc[] = "GPGME Tool -- Assuan server exposing GPGME operations";
static char args_doc[] = "COMMAND [OPTIONS...]";

static struct argp_option options[] = {
  { "server", 's', 0, 0, "Server mode" },
  { "gpg-binary", 501, "FILE", 0, "Use FILE for the GPG backend" },
  { 0 }
};

Is primarily intended for developers?  should it be available for anyone
who happens to have libgpgme installed?  should it be installable even
if you are trying to avoid having developer tools installed?  (i'm
asking this because i'm looking at the debian packaging).

in debian, libgpgme11 is "multiarch", which means that different
architectures are co-installable on the same machine.  (e.g. i386
libraries alongside amd64 libraries)

But executable binaries are not co-installable in the same way, so
deploying /usr/bin/gpgme-tool in the same package with libgpgme.so.11
would break the multiarch nature of the library package.

The choices i see for debian packaging are:

 0) don't ship gpgme-tool in any debian binary package

 1) ship gpgme-tool in libgpgme11-dev (the -dev package isn't multiarch)

 2) create a new gpgme-tool binary package that just ships
    /usr/bin/gpgme-tool and Depends: libgpgme11

If it's likely that the only people who will ever need gpgme-tool are
developers or people who are doing serious debugging, i'm inclined to
say we should choose option (1) above.

Any preference?

         --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20141212/cb3991d5/attachment.sig>


More information about the Gnupg-devel mailing list