gnome keyring & gpg agent
Dimitri John Ledkov
dimitri.j.ledkov at intel.com
Fri May 15 11:03:49 CEST 2015
On 14 May 2015 at 19:34, Neal H. Walfield <neal at walfield.org> wrote:
> Hi Daniel,
> At Thu, 14 May 2015 09:36:17 -0400,
> Daniel Kahn Gillmor wrote:
>> But having a clearer/cleaner relationship between the released tarballs
>> and the upstream repo makes it easier for debian developers to
>> contribute back to upstream, and to pull narrowly-targeted changesets
>> from the upstream revision control if they're needed to fix identified
>> bugs before a new release comes out.
> The pieces are now basically in place to fix the GPG Agent / Gnome
> Keyring issue. There are three minor issues:
> - There are a couple of small deficiencies in the gnome3 pinentry
> (e.g., no one button confirmation messages, but this is easily
> worked around). These deficiencies have more to do with
> limitations in Gcr than with the Pinentry implementation.
> - Gnome Keyring's maintainer hasn't yet ripped out the GPG Agent
> support, but fully agrees with the changes so far. (Of course,
> the GPG Agent proxy can be trivially disabled since it is a
> separate component.)
> - To fully replace Gnome Keyring's GPG Agent Proxy, a couple of
> minor changes had to be made to GPG. These are so far only in
> 2.1, but I will backport them to 2.0 soon.
> Is it possible to fix this issue in Debian Stable (e.g., in the next
> point release)?
> So far, I've identified these requirements:
> - Adding a new pinentry-gnome3 package with the yet-to-be-released
> pinentry with Gnome3 support.
> - An update to GPG with the relatively small change.
> - An update to Gnome-Keyring that disables it GPG Agent proxy.
> - Make Gnome Keyring depend on pinentry-gnome3.
Currently in Ubuntu we use gnupg 1.x as the default one, however I
would like to make a push to transition to 2.x by default.
I'll be switching gnupg2 package to 2.1 series soon in the development
release (Wily Werewolf 15.10).
Having a Gtk 3 compatible pin-entry was a blocker to switch from 1.x
to 2.x series by default.
I have already re-factored Gnome-Keyring GPG Agent to be as
stand-alone as possible in Ubuntu both current stable releases and
14.04 LTS, because many people already disable gnome-keyring's agents
(gpg, ssh, or both). I do it, cause I'm using gpg smartcard for both
gpg subkeys and ssh authentication and thus gnome-keyring is useless
If there are patches needed for 2.0.x i'm happy to cherry-pick them
for 14.04 LTS stable release update.
Getting the lot done in Ubuntu/Debian development releases will be
quick, and like provide ubuntu ppa with these changes. Stable updates
probably will take some more time.
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
More information about the Gnupg-devel