gnome keyring & gpg agent

Dimitri John Ledkov dimitri.j.ledkov at intel.com
Fri May 15 11:03:49 CEST 2015


On 14 May 2015 at 19:34, Neal H. Walfield <neal at walfield.org> wrote:
> Hi Daniel,
>
> At Thu, 14 May 2015 09:36:17 -0400,
> Daniel Kahn Gillmor wrote:
>> But having a clearer/cleaner relationship between the released tarballs
>> and the upstream repo makes it easier for debian developers to
>> contribute back to upstream, and to pull narrowly-targeted changesets
>> from the upstream revision control if they're needed to fix identified
>> bugs before a new release comes out.
>
> The pieces are now basically in place to fix the GPG Agent / Gnome
> Keyring issue.  There are three minor issues:
>
>   - There are a couple of small deficiencies in the gnome3 pinentry
>     (e.g., no one button confirmation messages, but this is easily
>     worked around).  These deficiencies have more to do with
>     limitations in Gcr than with the Pinentry implementation.
>
>   - Gnome Keyring's maintainer hasn't yet ripped out the GPG Agent
>     support, but fully agrees with the changes so far.  (Of course,
>     the GPG Agent proxy can be trivially disabled since it is a
>     separate component.)
>
>   - To fully replace Gnome Keyring's GPG Agent Proxy, a couple of
>     minor changes had to be made to GPG.  These are so far only in
>     2.1, but I will backport them to 2.0 soon.
>
> Is it possible to fix this issue in Debian Stable (e.g., in the next
> point release)?
>
> So far, I've identified these requirements:
>
>   - Adding a new pinentry-gnome3 package with the yet-to-be-released
>     pinentry with Gnome3 support.
>
>   - An update to GPG with the relatively small change.
>
>   - An update to Gnome-Keyring that disables it GPG Agent proxy.
>
>   - Make Gnome Keyring depend on pinentry-gnome3.

Currently in Ubuntu we use gnupg 1.x as the default one, however I
would like to make a push to transition to 2.x by default.
I'll be switching gnupg2 package to 2.1 series soon in the development
release (Wily Werewolf 15.10).
Having a Gtk 3 compatible pin-entry was a blocker to switch from 1.x
to 2.x series by default.
I have already re-factored Gnome-Keyring GPG Agent to be as
stand-alone as possible in Ubuntu both current stable releases and
14.04 LTS, because many people already disable gnome-keyring's agents
(gpg, ssh, or both). I do it, cause I'm using gpg smartcard for both
gpg subkeys and ssh authentication and thus gnome-keyring is useless
for me.
If there are patches needed for 2.0.x i'm happy to cherry-pick them
for 14.04 LTS stable release update.

Getting the lot done in Ubuntu/Debian development releases will be
quick, and like provide ubuntu ppa with these changes. Stable updates
probably will take some more time.

-- 
Regards,

Dimitri.
Pura Vida!

https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.



More information about the Gnupg-devel mailing list