[PR PATCH] gnupg: adopt, update to 2.3.7.

[PR PATCH] gnupg: adopt, update to 2.3.7.

[jcgruenhage]

[-- Attachment #1: Type: text/plain, Size: 1231 bytes --]

There is a new pull request by jcgruenhage against master on the void-packages repository

https://github.com/jcgruenhage/void-packages gnupg-2.3.7_1
https://github.com/void-linux/void-packages/pull/38021

gnupg: adopt, update to 2.3.7.
<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **briefly**

<!--
#### New package
- This new package conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/38021.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-gnupg-2.3.7_1-38021.patch --]
[-- Type: text/x-diff, Size: 1273 bytes --]

From ffda56d33e5ef81ae329de7ceb24afd4123e5e66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Christian=20Gr=C3=BCnhage?=
 <jan.christian@gruenhage.xyz>
Date: Tue, 12 Jul 2022 13:31:47 +0200
Subject: [PATCH] gnupg: adopt, update to 2.3.7.

---
 srcpkgs/gnupg/template | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/srcpkgs/gnupg/template b/srcpkgs/gnupg/template
index 77767cf0a22a..f16d68e0c541 100644
--- a/srcpkgs/gnupg/template
+++ b/srcpkgs/gnupg/template
@@ -1,6 +1,6 @@
 # Template file for 'gnupg'
 pkgname=gnupg
-version=2.2.35
+version=2.3.7
 revision=1
 build_style=gnu-configure
 configure_args="$(vopt_enable ldap)
@@ -14,11 +14,11 @@ makedepends="bzip2-devel gnutls-devel libassuan-devel libcurl-devel
  libgcrypt-devel"
 depends="pinentry"
 short_desc="GNU Privacy Guard (2.x)"
-maintainer="Orphaned <orphan@voidlinux.org>"
+maintainer="Jan Christian Grünhage <jan.christian@gruenhage.xyz>"
 license="GPL-3.0-or-later"
 homepage="https://www.gnupg.org/"
 distfiles="https://gnupg.org/ftp/gcrypt/gnupg/gnupg-${version}.tar.bz2"
-checksum=340bc255938971e6e729b3d9956fa2ef4db8215d77693bf300df2bb302498690
+checksum=ee163a5fb9ec99ffc1b18e65faef8d086800c5713d15a672ab57d3799da83669
 build_options="ldap"
 build_options_default="ldap"
 

Re: [PR PATCH] [Merged]: gnupg: adopt, update to 2.3.7.

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 2715 bytes --]

There's a merged pull request on the void-packages repository

gnupg: adopt, update to 2.3.7.
https://github.com/void-linux/void-packages/pull/38021

Description:
## Test/Stable/LTS/Legacy?!

GnuPG has a few different development branches, and they do change their mind sometimes about what those are. They used to say this:

> We are pleased to announce the availability of a new GnuPG release:
> version 2.3.0.  This release marks the start of public testing releases
> eventually leading to a new stable version 2.4.

Source: https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html

But with 2.3.3, they changed their mind:

> Three different series of GnuPG are actively maintained:
> 
> - Version 2.3 is the current stable version with a lot of new features
>   compared to 2.2.  This announcement is about the latest release of
>   this series.
> 
> - Version 2.2 is our LTS (long term support) version and guaranteed to
>   be maintained at least until the end of 2024.
>   See https://gnupg.org/download/index.html#end-of-life
> 
> - Version 1.4 is only maintained to allow decryption of very old data
>   which is, for security reasons, not anymore possible with other GnuPG
>   versions.

Source: https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000466.html

I'd say packaging stable instead of LTS is fine, and if someone really needs LTS then we should have a separate LTS package instead.

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **briefly**

So, considering this is a bit of a bigger change I selected `briefly` here, but I did do quite a bit of testing on my machine, and I've not noticed any breakage yet. Encryption/decryption still works, I can still authenticate to servers via ssh, with the key residing on a yubikey being accessed through gnupg-agent, everything good.

<!--
#### New package
- This new package conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->

Re: gnupg: adopt, update to 2.3.7.

[vigoux]

[-- Attachment #1: Type: text/plain, Size: 697 bytes --]

New comment by vigoux on void-packages repository

https://github.com/void-linux/void-packages/pull/38021#issuecomment-1189886222

Comment:
Hi, since I updated GPG I am now getting an error on my machine when using my yubikey (and scdaemon in ccid mode).

After looking at scdaemon logs, here is what I get:
```
2022-07-20 08:31:23 scdaemon[1849] detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00'
2022-07-20 08:31:23 scdaemon[1849] DBG: Curve with OID not supported:  2b240303020801010d
2022-07-20 08:31:23 scdaemon[1849] error selecting additional app 'openpgp': Card Error - skipped
```

Any idea about how I can fix that ? For the record, everything worked marvelously well before.

Re: gnupg: adopt, update to 2.3.7.

[vigoux]

[-- Attachment #1: Type: text/plain, Size: 1515 bytes --]

New comment by vigoux on void-packages repository

https://github.com/void-linux/void-packages/pull/38021#issuecomment-1189886222

Comment:
Hi, since I updated GPG I am now getting an error on my machine when using my yubikey (and scdaemon in ccid mode).

After looking at scdaemon logs, here is what I get:
```
2022-07-20 08:31:23 scdaemon[1849] detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00'
2022-07-20 08:31:23 scdaemon[1849] DBG: Curve with OID not supported:  2b240303020801010d
2022-07-20 08:31:23 scdaemon[1849] error selecting additional app 'openpgp': Card Error - skipped
```

Any idea about how I can fix that ? For the record, everything worked marvelously well before.

EDIT: For the record, here are the description of the three keys I have on my yubikey:
```
sub   rsa4096 2020-11-02 [S] [expire : 2022-11-02]
sub   ed25519 2021-12-03 [A] [expire : 2022-12-03]
sub   brainpoolP512r1 2021-12-08 [E] [expire : 2022-12-08]
```

And after using `gpg-card`, I get the following:
```
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Card type ........: yubikey
Card firmware ....: 5.4.3
Serial number ....: <redacted>
Application type .: PIV
Version ..........: 1.0
Displayed s/n ....: <redacted>
PIN retry counter : [error] [error] -
PIV authentication: [none]
      keyref .....: PIV.9A
Card authenticat. : [none]
      keyref .....: PIV.9E
Digital signature : [none]
      keyref .....: PIV.9C
Key management ...: [none]
      keyref .....: PIV.9D
```

Re: gnupg: adopt, update to 2.3.7.

[vigoux]

[-- Attachment #1: Type: text/plain, Size: 1765 bytes --]

New comment by vigoux on void-packages repository

https://github.com/void-linux/void-packages/pull/38021#issuecomment-1189886222

Comment:
Hi, since I updated GPG I am now getting an error on my machine when using my yubikey (and scdaemon in ccid mode).

After looking at scdaemon logs, here is what I get:
```
2022-07-20 08:31:23 scdaemon[1849] detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00'
2022-07-20 08:31:23 scdaemon[1849] DBG: Curve with OID not supported:  2b240303020801010d
2022-07-20 08:31:23 scdaemon[1849] error selecting additional app 'openpgp': Card Error - skipped
```

Any idea about how I can fix that ? For the record, everything worked marvelously well before.

EDIT: For the record, here are the description of the three keys I have on my yubikey:
```
sub   rsa4096 2020-11-02 [S] [expire : 2022-11-02]
sub   ed25519 2021-12-03 [A] [expire : 2022-12-03]
sub   brainpoolP512r1 2021-12-08 [E] [expire : 2022-12-08]
```

And after using `gpg-card`, I get the following:
```
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Card type ........: yubikey
Card firmware ....: 5.4.3
Serial number ....: <redacted>
Application type .: PIV
Version ..........: 1.0
Displayed s/n ....: <redacted>
PIN retry counter : [error] [error] -
PIV authentication: [none]
      keyref .....: PIV.9A
Card authenticat. : [none]
      keyref .....: PIV.9E
Digital signature : [none]
      keyref .....: PIV.9C
Key management ...: [none]
      keyref .....: PIV.9D
```

EDIT2: after more digging, it seems that the yubikey is not detected correctly, here is the output of `gpg2 --card-status`:
```
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Application ID ...: FF7F00
Application type .: Unknown
```

Re: gnupg: adopt, update to 2.3.7.

[jcgruenhage]

[-- Attachment #1: Type: text/plain, Size: 282 bytes --]

New comment by jcgruenhage on void-packages repository

https://github.com/void-linux/void-packages/pull/38021#issuecomment-1190060187

Comment:
ftr, the issue reported above is being fixed in https://github.com/void-linux/void-packages/pull/38150, as a second follow-up to this PR