Trouble installing Version 2.1 on Debian Jessie

Peter Lebbing peter at
Sun Apr 30 20:04:24 CEST 2017

On 30/04/17 06:03, Rex Kneisley wrote:
> I should use experimental.

As others said, I'd use the packages from stretch/testing, as they have
already percolated down that far.

> Created an apt preferences file
> /etc/apt/preferences.d/my_preferences
> [...]
> sudo apt install -t experimental gnupg2 gnupg-agent dirmngr gpgsm gpgv2 scdaemon

Perhaps your pinning in apt-preferences is interfering with the -t
option, because I think the -t option should promote dependencies to be
downloaded from the specified suite as well.

(Do you mean "apt-get" instead of "apt", by the way?)

What I do when I seem to get the wrong results regarding dependencies,
is just select all the specific versions of dependencies I want manually
with aptitude's visual mode. It helps tremendously to set the following
option in aptitude:

Options -> Preferences -> "The display format for the status line":
%d %t

That way it shows what suite a package version belongs to in the status
line. The config file version of this is:

$ cat ~/.aptitude/config
aptitude::UI::Package-Status-Format "%d %t";

The available versions of a package are right at the bottom of the
package information in aptitude.

Anyway, if you install GnuPG 2.1 from stretch/sid/experimental, it will
*replace* your GnuPG 1.4. But packages using GnuPG 1.4 in Debian jessie
do not expect this to be the case, and might malfunction. Another option
is to install my backport of GnuPG 2.1 which comes in the place of GnuPG
2.0 instead. I've put it on GitLab here:
My is a bit alarming, I know, but I don't want to be
responsible for goofs. I tried my best, and to the best of my knowledge
it is in fine shape. I use it myself. You could look at the differences
compared to the Git repository at:
to check it for yourself (my tag dbbp/2.1.19-3-dbbp8+1 is based on
debian/2.1.19-3 from upstream; this similarity will generally be the
case). [1] As you can see, I'm a bit behind, but not much.

It is your decision to use it or not. I'm just providing it as a way for
people to avoid the chore of doing the changes themselves. The changes
that there are can be reviewed quickly. (It's a pity the quilt patch
files are so chatty in their irrelevant differences.)

Anyway. While this means that packages depending on 1.4 can keep using
it, it also means you'll have both 1.4 and 2.1 installed. Try to avoid
actually using both versions for yourself. The keystores can go out of
sync and confuse you. So if a system package (like apt itself or some
system daemon) uses GnuPG 1.4, that's fine. But if your e-mail plugin
uses GnuPG 1.4, you'll probably get confused.



[1] If you've got the git repository locally:

$ git diff debian/2.1.9-3 dbbp/2.1.19-3-dbbp8+1

Furthermore, note both tags are signed:

$ git tag -v debian/2.1.19-3 dbbp/2.1.19-3-dbbp8+1
object 372c9126144cb0e80613a317f46479a872f93b0a
type commit
tag debian/2.1.19-3
tagger Daniel Kahn Gillmor <dkg at> 1490114759 -0400

gnupg2 Debian release 2.1.19-3
gpg: Signature made Tue 21 Mar 2017 17:45:59 CET
gpg:                using RSA key 38276051EA477FA3E49539321498ADC6C1923237
gpg:                issuer "dkg at"
gpg: Good signature from "Daniel Kahn Gillmor <dkg at>"
gpg:                 aka "Daniel Kahn Gillmor <dkg at>" [full]
gpg:                 aka "Daniel Kahn Gillmor <dkg at>" [full]
gpg:                 aka "[jpeg image of size 3515]" [never]
gpg:                 aka "Daniel Kahn Gillmor <dkg at>" [full]
object 4d66ca8885602e78b96a14f5e2a7fcb7f9bdead9
type commit
tag dbbp/2.1.19-3-dbbp8+1
tagger Peter Lebbing <peter at> 1493556629 +0200

gnupg2 jessie backport 2.1.19-3~dbbp8+1
gpg: Signature made Sun 30 Apr 2017 14:50:48 CEST
gpg:                using RSA key 65008DC220AAE2A2574D6CD5969E018FDE6CDCA1
gpg:                issuer "peter at"
gpg: Good signature from "Peter Lebbing <peter at>"

However, it remains for you to establish trust in these signatures,
otherwise it's like "someone on the internet said it, so it must be true".

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170430/28e9918e/attachment.sig>

More information about the Gnupg-users mailing list