* Re: [PR PATCH] [Merged]: gnupg: adopt, update to 2.3.7.
2022-07-12 11:32 [PR PATCH] gnupg: adopt, update to 2.3.7 jcgruenhage
@ 2022-07-12 14:34 ` leahneukirchen
2022-07-20 6:36 ` vigoux
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: leahneukirchen @ 2022-07-12 14:34 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 2715 bytes --]
There's a merged pull request on the void-packages repository
gnupg: adopt, update to 2.3.7.
https://github.com/void-linux/void-packages/pull/38021
Description:
## Test/Stable/LTS/Legacy?!
GnuPG has a few different development branches, and they do change their mind sometimes about what those are. They used to say this:
> We are pleased to announce the availability of a new GnuPG release:
> version 2.3.0. This release marks the start of public testing releases
> eventually leading to a new stable version 2.4.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html
But with 2.3.3, they changed their mind:
> Three different series of GnuPG are actively maintained:
>
> - Version 2.3 is the current stable version with a lot of new features
> compared to 2.2. This announcement is about the latest release of
> this series.
>
> - Version 2.2 is our LTS (long term support) version and guaranteed to
> be maintained at least until the end of 2024.
> See https://gnupg.org/download/index.html#end-of-life
>
> - Version 1.4 is only maintained to allow decryption of very old data
> which is, for security reasons, not anymore possible with other GnuPG
> versions.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000466.html
I'd say packaging stable instead of LTS is fine, and if someone really needs LTS then we should have a separate LTS package instead.
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **briefly**
So, considering this is a bit of a bigger change I selected `briefly` here, but I did do quite a bit of testing on my machine, and I've not noticed any breakage yet. Encryption/decryption still works, I can still authenticate to servers via ssh, with the key residing on a yubikey being accessed through gnupg-agent, everything good.
<!--
#### New package
- This new package conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: gnupg: adopt, update to 2.3.7.
2022-07-12 11:32 [PR PATCH] gnupg: adopt, update to 2.3.7 jcgruenhage
2022-07-12 14:34 ` [PR PATCH] [Merged]: " leahneukirchen
@ 2022-07-20 6:36 ` vigoux
2022-07-20 6:46 ` vigoux
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: vigoux @ 2022-07-20 6:36 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 697 bytes --]
New comment by vigoux on void-packages repository
https://github.com/void-linux/void-packages/pull/38021#issuecomment-1189886222
Comment:
Hi, since I updated GPG I am now getting an error on my machine when using my yubikey (and scdaemon in ccid mode).
After looking at scdaemon logs, here is what I get:
```
2022-07-20 08:31:23 scdaemon[1849] detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00'
2022-07-20 08:31:23 scdaemon[1849] DBG: Curve with OID not supported: 2b240303020801010d
2022-07-20 08:31:23 scdaemon[1849] error selecting additional app 'openpgp': Card Error - skipped
```
Any idea about how I can fix that ? For the record, everything worked marvelously well before.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: gnupg: adopt, update to 2.3.7.
2022-07-12 11:32 [PR PATCH] gnupg: adopt, update to 2.3.7 jcgruenhage
2022-07-12 14:34 ` [PR PATCH] [Merged]: " leahneukirchen
2022-07-20 6:36 ` vigoux
@ 2022-07-20 6:46 ` vigoux
2022-07-20 7:53 ` vigoux
2022-07-20 9:42 ` jcgruenhage
4 siblings, 0 replies; 6+ messages in thread
From: vigoux @ 2022-07-20 6:46 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1515 bytes --]
New comment by vigoux on void-packages repository
https://github.com/void-linux/void-packages/pull/38021#issuecomment-1189886222
Comment:
Hi, since I updated GPG I am now getting an error on my machine when using my yubikey (and scdaemon in ccid mode).
After looking at scdaemon logs, here is what I get:
```
2022-07-20 08:31:23 scdaemon[1849] detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00'
2022-07-20 08:31:23 scdaemon[1849] DBG: Curve with OID not supported: 2b240303020801010d
2022-07-20 08:31:23 scdaemon[1849] error selecting additional app 'openpgp': Card Error - skipped
```
Any idea about how I can fix that ? For the record, everything worked marvelously well before.
EDIT: For the record, here are the description of the three keys I have on my yubikey:
```
sub rsa4096 2020-11-02 [S] [expire : 2022-11-02]
sub ed25519 2021-12-03 [A] [expire : 2022-12-03]
sub brainpoolP512r1 2021-12-08 [E] [expire : 2022-12-08]
```
And after using `gpg-card`, I get the following:
```
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Card type ........: yubikey
Card firmware ....: 5.4.3
Serial number ....: <redacted>
Application type .: PIV
Version ..........: 1.0
Displayed s/n ....: <redacted>
PIN retry counter : [error] [error] -
PIV authentication: [none]
keyref .....: PIV.9A
Card authenticat. : [none]
keyref .....: PIV.9E
Digital signature : [none]
keyref .....: PIV.9C
Key management ...: [none]
keyref .....: PIV.9D
```
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: gnupg: adopt, update to 2.3.7.
2022-07-12 11:32 [PR PATCH] gnupg: adopt, update to 2.3.7 jcgruenhage
` (2 preceding siblings ...)
2022-07-20 6:46 ` vigoux
@ 2022-07-20 7:53 ` vigoux
2022-07-20 9:42 ` jcgruenhage
4 siblings, 0 replies; 6+ messages in thread
From: vigoux @ 2022-07-20 7:53 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1765 bytes --]
New comment by vigoux on void-packages repository
https://github.com/void-linux/void-packages/pull/38021#issuecomment-1189886222
Comment:
Hi, since I updated GPG I am now getting an error on my machine when using my yubikey (and scdaemon in ccid mode).
After looking at scdaemon logs, here is what I get:
```
2022-07-20 08:31:23 scdaemon[1849] detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00'
2022-07-20 08:31:23 scdaemon[1849] DBG: Curve with OID not supported: 2b240303020801010d
2022-07-20 08:31:23 scdaemon[1849] error selecting additional app 'openpgp': Card Error - skipped
```
Any idea about how I can fix that ? For the record, everything worked marvelously well before.
EDIT: For the record, here are the description of the three keys I have on my yubikey:
```
sub rsa4096 2020-11-02 [S] [expire : 2022-11-02]
sub ed25519 2021-12-03 [A] [expire : 2022-12-03]
sub brainpoolP512r1 2021-12-08 [E] [expire : 2022-12-08]
```
And after using `gpg-card`, I get the following:
```
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Card type ........: yubikey
Card firmware ....: 5.4.3
Serial number ....: <redacted>
Application type .: PIV
Version ..........: 1.0
Displayed s/n ....: <redacted>
PIN retry counter : [error] [error] -
PIV authentication: [none]
keyref .....: PIV.9A
Card authenticat. : [none]
keyref .....: PIV.9E
Digital signature : [none]
keyref .....: PIV.9C
Key management ...: [none]
keyref .....: PIV.9D
```
EDIT2: after more digging, it seems that the yubikey is not detected correctly, here is the output of `gpg2 --card-status`:
```
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Application ID ...: FF7F00
Application type .: Unknown
```
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: gnupg: adopt, update to 2.3.7.
2022-07-12 11:32 [PR PATCH] gnupg: adopt, update to 2.3.7 jcgruenhage
` (3 preceding siblings ...)
2022-07-20 7:53 ` vigoux
@ 2022-07-20 9:42 ` jcgruenhage
4 siblings, 0 replies; 6+ messages in thread
From: jcgruenhage @ 2022-07-20 9:42 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 282 bytes --]
New comment by jcgruenhage on void-packages repository
https://github.com/void-linux/void-packages/pull/38021#issuecomment-1190060187
Comment:
ftr, the issue reported above is being fixed in https://github.com/void-linux/void-packages/pull/38150, as a second follow-up to this PR
^ permalink raw reply [flat|nested] 6+ messages in thread