Application deadlock when using GnuPG, gpgsm, and Scute

Simon Josefsson simon at josefsson.org
Tue Apr 11 15:13:12 CEST 2023 

vuori <vuori at notcom.org> writes:

> On Tue, Apr 11, 2023 at 10:50:39AM +0200, Simon Josefsson via Gnupg-users wrote:
>> Are there well-maintained debian packages for GnuPG 2.4 anywhere?  I
>> recently ran into yet another bug that has been fixed in later versions
>> that Debian/Trisquel doesn't ship, so wondered this recently as well.
>> 
>> I've seen some work here:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022702#10
>> 
>> If nobody has done this, is there interest in providing such packages?
>
> I was wondering about this a while ago. A PPA or similar external repo
> would be very convenient if the Debian situation can't be sorted out,
> since there are several post-2.2 features I'd like to use.

Thanks to the wonders of git packaging and gitlab shared runners, it
only took an hour or so to build bullseye packages for 2.2.40 and 2.4.0
via gitlab.  See how to test the packages below.  This uses upstream
gnupg2, libgcrypt, libksba, libgpg-error from salsa with no changes,
built using the latest tag that is also in unstable+testing but on
bullseye images.  For v2.4, only the gnupg2 package was rebuilt on the
tmp-ametzler-v2.4 branch suggesting that it works.

Of course, this is work in progress...  See
https://gitlab.com/debdistutils/packages/cicd-config for background.

I'm sure we could finalize this into stable URLs and sign the apt
repository using a GnuPG key if people find this interesting.  I would
find packages for Trisquel aramo useful myself, I'm not sure the
bullseye packages work directly.

/Simon

To install version 2.2.40 follow this:

```
podman run -it --rm debian:bullseye
apt-get update
apt-get dist-upgrade -u -y
apt-get install -y ca-certificates
echo "deb [trusted=yes] https://gitlab.com/debdistutils/packages/libgpg-error/-/jobs/4092717327/artifacts/raw/aptly bullseye main" > /etc/apt/sources.list.d/libgpg-error.list
echo "deb [trusted=yes] https://gitlab.com/debdistutils/packages/gnupg2/-/jobs/4092793555/artifacts/raw/aptly bullseye main" > /etc/apt/sources.list.d/gnupg2.list
apt-get update
apt-get install -y gnupg2
gpg --version
```

The expected output after all the installation noise should be:

```
gpg (GnuPG) 2.2.40
libgcrypt 1.8.8
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
```

To install version 2.4.0 follow this:

```
podman run -it --rm debian:bullseye
apt-get update
apt-get dist-upgrade -u -y
apt-get install -y ca-certificates
echo "deb [trusted=yes] https://gitlab.com/debdistutils/packages/libgpg-error/-/jobs/4092717327/artifacts/raw/aptly bullseye main" > /etc/apt/sources.list.d/libgpg-error.list
echo "deb [trusted=yes] https://gitlab.com/debdistutils/packages/libgcrypt/-/jobs/4093099318/artifacts/raw/aptly bullseye main" > /etc/apt/sources.list.d/libgcrypt.list
echo "deb [trusted=yes] https://gitlab.com/debdistutils/packages/libksba/-/jobs/4092985161/artifacts/raw/aptly bullseye main" > /etc/apt/sources.list.d/libksba.list
echo "deb [trusted=yes] https://gitlab.com/debdistutils/packages/gnupg2/-/jobs/4093118295/artifacts/raw/aptly bullseye main" > /etc/apt/sources.list.d/gnupg2.list
apt-get update
apt-get install -y gnupg2
gpg --version
```

The expected output after all the installation noise should be:

```
gpg (GnuPG) 2.4.0
libgcrypt 1.10.1
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
```
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230411/eb9bb74c/attachment-0001.sig>

More information about the Gnupg-users mailing list