Bug#760102: gnome keyring & gpg agent

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jun 5 20:57:40 CEST 2015


Control: clone 760102 -1
Control: reassign -1 seahorse
Control: tags -1 + patch
Control: retitle -1 build seahorse compatible with gpg2

On Fri 2015-06-05 13:25:42 -0400, Michael Biebl wrote:
> Am 05.06.2015 um 19:19 schrieb Daniel Kahn Gillmor:
>> Given that 1.4.7 is older than oldoldstable, you ought to be able to
>> drop the explicit gnupg dependency entirely from seahorse, iiuc.
>
> Well, assuming that seahorse does work properly with gnupg2.
> That's basically my question.

The seahorse source code seems to actually behave completely differently
depending on whether it is built with modern versions of any branch
(meaning: gpg >= 1.4.10, or gpg2 >= 2.0.12) versus older versions.  (see
pgp/seahorse-gpgme-key-op.h).  :(

This is not great engineering practice, because the version built
against isn't guaranteed to match the version that's running.

That said, even oldoldstable builds and runs "modern versions" by this
metric.

I just tested seahorse on a minimal-ish unstable gnome install, where i
did "dpkg --force-depend --purge gnupg".

Unfortunately, it looks like seahorse embeds the string "gpg" in it, so
it's looking for /usr/bin/gpg.

Running seahorse in this configuration produces lots of errors of this
form:

   operation-Message: couldn't initialize gnupg properly: Invalid crypto engine

The attached patch should resolve things for future versions of
seahorse, though, both on build-time detection and on runtime
flexibility.

(the attached patch touches both ./configure.ac and ./configure -- since
the package appears to be doing autoreconf, maybe the modifications to
./configure are unnecessary)

The only failures i'm now running into with seahorse like this are
failures due to gcr_importer hard-coding paths to gpg as well, so those
are bugs i'll file separately..

Regards,

        --dkg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-avoid-deps-on-a-certain-version-of-gpg.patch
Type: text/x-diff
Size: 3968 bytes
Desc: avoid dependencies on a certain version of gpg
URL: </pipermail/attachments/20150605/fe73dc82/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20150605/fe73dc82/attachment-0001.sig>


More information about the Gnupg-devel mailing list