GnuPG 2.2.30 cannot do symmetric encryption

DoneSubmitted by Leo Famulari.
Details
3 participants
  • Leo Famulari
  • Maxim Cournoyer
  • Michael Rohleder
Owner
unassigned
Severity
normal
L
L
Leo Famulari wrote on 14 Dec 2021 17:46
(address . bug-guix@gnu.org)
YbjKVHCCHa8OvKqS@jasmine.lan
Our GnuPG package is version 2.2.30, which includes this bug:


The effect of this bug is that symmetric encryption / decryption does
not work. The bug was fixed in 2.2.31 and 2.3.3.

Changing GnuPG will cause 2406 rebuilds. I think that's suboptimal but
it's the situation.

There is a gnupg-2.2.32 package, but it's hidden because it would break
emacs-pinentry:


Here is a patch that unhides gnupg-2.2.32, updates it to 2.2.33, and
makes emacs-pinentry use that package variant.

If emacs-pinentry cannot use a current GnuPG, what should we do? And
maybe we don't need emacs-pinentry anymore?:

From b80a537cb9529b2f186519684901fe2be9e0a0f0 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Tue, 14 Dec 2021 11:40:28 -0500
Subject: [PATCH] gnu: GnuPG: Update gnupg-2.2.32 to 2.2.33.

* gnu/packages/gnupg.scm (gnupg-2.2.32): Replace with ...
(gnupg-2.2.33): ... new variable.
* gnu/packages/emacs-xyz.scm (emacs-pinentry)[propagated-inputs]: Use
gnupg-2.2.33.
---
gnu/packages/emacs-xyz.scm | 2 +-
gnu/packages/gnupg.scm | 13 +++----------
2 files changed, 4 insertions(+), 11 deletions(-)

Toggle diff (47 lines)
diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index 32915fb6ed..5ce07645ce 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -21238,7 +21238,7 @@ (define-public emacs-pinentry
            "1lf30q6r8nz5cjzclbb9bbymsk2y75nskvb55hnjdv93gr3j0sik"))))
       (build-system emacs-build-system)
       (propagated-inputs
-       (list gnupg))
+       (list gnupg-2.2.33))
       (home-page "https://elpa.gnu.org/packages/pinentry.html")
       (synopsis "GnuPG Pinentry server implementation")
       (description
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 665e9e3021..fc7c1fbee0 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -347,24 +347,17 @@ (define-public gnupg
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/gnupg")))))
 
-(define-public gnupg-2.2.32
+(define-public gnupg-2.2.33
   (package
     (inherit gnupg)
-    (version "2.2.32")
-
-    ;; Hide this version because packages like 'emacs-pinentry' propagate the
-    ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
-    ;; collision error.
-    (properties `((hidden? . #t)
-                  ,@(package-properties gnupg)))
-
+    (version "2.2.33")
     (source (origin
               (inherit (package-source gnupg))
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
+                "1qz403080hwba8j8vpnfkvh7clg1dbg74kdn1d0p0g84iip87246"))))))
 
 (define-public gnupg-1
   (package (inherit gnupg)
-- 
2.34.0
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmG4ylEACgkQJkb6MLrK
fwgIoA/8CrX2kBUogCw4iu9Oq38/YcUeCLFv7SHyoZ9UqtmuDxTMini6sg4j4GcV
Fx0NdYdHuhYvrJHmNus+0jqIHa1+BJ5YzEsGKwYldEY458FeQCYVh2fJqhzu0mMi
MVBTa7ciHN5SpC8Bu73G2WRnUkJM7m8AoiOJP8KJjUZ1TCD2DHUdAAh6yrfuH3+0
cbYB52y/ld2KTkn/JkhmmSrh3xMjWweahIKQCaSYzleN/sLTw2CkMi8OZJB/4ERX
BQXFGQ9wNTUD5cxHDK3sqvYa9FQs00Gu7gelsTGzvWphhWq+cCOBuDzeNxwdIyDT
0E5f0uwpDzgnqQQEPlNrtOhF5nAYkBZKiAQAGOf+aPRUPpXPk+OHXV5ImSiIoW6x
BP5gZZDqswO0AgBoUipKtaklC9HZFH2vZD1qTfr5Ak+5DjZM1oaGML7QWQYY6bur
34GeM0OfHHrnZQSKKxMU9id3beLjjk/dlG8qLJBFXBNo21YeXdvgDLZaB9MY2Lek
qfVzdTk8OfzrR4MrO8STsCuYy+xKTEi23fkXw/cE/HrQO4MS3u4ADYEBQzjFcgc8
82uRn9r0wN7tesCC4sywlvTjCtfOOUMdHgeLNTgLZLF09dUCXRi96gF4yDHj5/QF
EmU61mw0Ru8JiDOisahx4i5sRZ0M1e491d+z4bkbrAcfZ9kaRQs=
=rqWB
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 14 Dec 2021 18:32
(address . bug-guix@gnu.org)
YbjVL1eB8/uHrpHJ@jasmine.lan
On Tue, Dec 14, 2021 at 11:46:12AM -0500, Leo Famulari wrote:
Toggle quote (3 lines)
> Here is a patch that unhides gnupg-2.2.32, updates it to 2.2.33, and
> makes emacs-pinentry use that package variant.

After sending this patch, I noticed that gnupg-2.2.32 is also used by
qgpgme. This bug was noticed earlier, but misinterpreted.

Expect a v2 patch that uses 'gnupg-next' instead of gnupg-2.2.33, and
adjusts all users accordingly.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmG41SwACgkQJkb6MLrK
fwhNBxAA1uUiwq7QU6o5Nn44+QGILw/JHDvBD2mFEdoz/VFOU3EsNiYW5oRIlGYf
+7gtKcnehOuZ27Ojg1IN99xm2vr/R+V49rQHZt1eRUc/pCVSu8Gy2AAnqXbAlpyW
PY7kQbCqfFGjMpbq6b0rNxqUaPJZUd6/Jhmqp6a1/G9inPz+n3JeGBtC/kcl+5k4
Tp927thw+ZSS7OZX3HEI2OUYewgyXg8tRpg14BkQBm50sDQrJEXOhOD2TLoP62Ld
8T+SZNIHy68Mzgr1XqNeXAZxkL5vTNUYJYrCE0IPdYZEm+r/PXVVWejd+JDFcyl/
Xu8kNbme9i7QrPIlyr0m8gb0RRbVi5PWPHO6MLqT+A7jfIgjRaPw0B3yDbET8Vcr
gtHP5FLkKa0FMvb6vPQtmBqKrLN3GS5omxanmMJn/Jv06IZDezYoBOg+Xrtdygrr
UN1T4KHvwaI6mU9yJh2O7lJJ9pCrv9L8srkubg4CWGyLk84GufUcIQo+DyzpeEu+
NKs3GscPUEZ2hiekDZvWPnNT4olHvA4MI6G8CNsjKr9U1NRekUmQs5dQPgqeuuFa
0b36HIqd7mcZexghmK8cTdLohWpmouHAqlq5sT/uwdRwfoGejJ+onU8/WxHgsjdF
885WtUALCaeHFfAaYXEfFYHweUmwz0xSxBeLxu1ajGzNWt0RwMw=
=BbfP
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 14 Dec 2021 18:33
[PATCH v2] gnu: GnuPG: Update gnupg-2.2.32 to 2.2.33.
(address . 52483@debbugs.gnu.org)
acf8ec40385cddea40b097479adbc62bcb870095.1639503219.git.leo@famulari.name
* gnu/packages/gnupg.scm (gnupg-2.2.32): Replace with ...
(gnupg-next): ... new variable.
(qgpgme)[native-inputs]: Replace gnupg-2.2.32 with gnupg-next.
* gnu/packages/emacs-xyz.scm (emacs-pinentry)[propagated-inputs]: Use
gnupg-next.
---
gnu/packages/emacs-xyz.scm | 2 +-
gnu/packages/gnupg.scm | 18 ++++--------------
2 files changed, 5 insertions(+), 15 deletions(-)

Toggle diff (60 lines)
diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index 32915fb6ed..b9818e92b9 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -21238,7 +21238,7 @@ (define-public emacs-pinentry
            "1lf30q6r8nz5cjzclbb9bbymsk2y75nskvb55hnjdv93gr3j0sik"))))
       (build-system emacs-build-system)
       (propagated-inputs
-       (list gnupg))
+       (list gnupg-next))
       (home-page "https://elpa.gnu.org/packages/pinentry.html")
       (synopsis "GnuPG Pinentry server implementation")
       (description
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 665e9e3021..78dc1e2276 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -347,24 +347,17 @@ (define-public gnupg
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/gnupg")))))
 
-(define-public gnupg-2.2.32
+(define-public gnupg-next
   (package
     (inherit gnupg)
-    (version "2.2.32")
-
-    ;; Hide this version because packages like 'emacs-pinentry' propagate the
-    ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
-    ;; collision error.
-    (properties `((hidden? . #t)
-                  ,@(package-properties gnupg)))
-
+    (version "2.2.33")
     (source (origin
               (inherit (package-source gnupg))
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
+                "1qz403080hwba8j8vpnfkvh7clg1dbg74kdn1d0p0g84iip87246"))))))
 
 (define-public gnupg-1
   (package (inherit gnupg)
@@ -440,11 +433,8 @@ (define-public qgpgme
              (chdir "lang/qt")
              #t)))))
     (native-inputs
-     ;; Use GnuPG 2.2.32.  With 2.2.30, 'testSymmetricEncryptDecrypt' in
-     ;; t-encrypt.cpp fails because 'gpg' wrongfully ask for a passphrase do
-     ;; decrypt the cypher text.
      (modify-inputs (package-native-inputs gpgme)
-       (replace "gnupg" gnupg-2.2.32)
+       (replace "gnupg" gnupg-next)
        (prepend pkg-config)))
     (inputs
      (modify-inputs (package-inputs gpgme)
-- 
2.34.0
L
L
Leo Famulari wrote on 17 Dec 2021 18:32
(address . 52483@debbugs.gnu.org)
YbzJmrStLCG2GCpn@jasmine.lan
On Tue, Dec 14, 2021 at 12:33:39PM -0500, Leo Famulari wrote:
Toggle quote (3 lines)
> -(define-public gnupg-2.2.32
> +(define-public gnupg-next

I noticed that this package variant omits the pinentry patch. In any
case, I'm testing a full upgrade of gnupg to 2.2.33 for the version-1.4.0
branch.
M
M
Maxim Cournoyer wrote on 18 Dec 2021 05:56
Re: bug#52483: GnuPG 2.2.30 cannot do symmetric encryption
(name . Leo Famulari)(address . leo@famulari.name)(address . 52483@debbugs.gnu.org)
87mtky4ik6.fsf_-_@gmail.com
Hi!

Leo Famulari <leo@famulari.name> writes:

Toggle quote (8 lines)
> On Tue, Dec 14, 2021 at 12:33:39PM -0500, Leo Famulari wrote:
>> -(define-public gnupg-2.2.32
>> +(define-public gnupg-next
>
> I noticed that this package variant omits the pinentry patch. In any
> case, I'm testing a full upgrade of gnupg to 2.2.33 for the version-1.4.0
> branch.

I'm testing this:

Toggle snippet (73 lines)
gnu: gnupg: Update to 2.3.3.

* gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
(gnupg-2.2.32): Delete variable.
(qgpgme)[native-inputs]: Use the regular gnupg package.

1 file changed, 4 insertions(+), 28 deletions(-)
gnu/packages/gnupg.scm | 32 ++++----------------------------

modified gnu/packages/gnupg.scm
@@ -279,15 +279,15 @@ (define-public npth
(define-public gnupg
(package
(name "gnupg")
- (version "2.2.30")
+ (version "2.3.3")
(source (origin
(method url-fetch)
- (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
+ (uri (string-append "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-" version
".tar.bz2"))
(patches (search-patches "gnupg-default-pinentry.patch"))
(sha256
(base32
- "1111ry31gaxv76miqsy6l0kwxwlx8sz0jk41jhyrjwx649p6sqyc"))))
+ "0dz9x0r5021bhk1kjh29m1q13xbslwb8yn9qzcp7b9m1lrnvi2ap"))))
(build-system gnu-build-system)
(native-inputs
(list pkg-config))
@@ -347,25 +347,6 @@ (define-public gnupg
(properties '((ftp-server . "ftp.gnupg.org")
(ftp-directory . "/gcrypt/gnupg")))))
-(define-public gnupg-2.2.32
- (package
- (inherit gnupg)
- (version "2.2.32")
-
- ;; Hide this version because packages like 'emacs-pinentry' propagate the
- ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
- ;; collision error.
- (properties `((hidden? . #t)
- ,@(package-properties gnupg)))
-
- (source (origin
- (inherit (package-source gnupg))
- (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
- ".tar.bz2"))
- (sha256
- (base32
- "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
-
(define-public gnupg-1
(package (inherit gnupg)
(version "1.4.23")
@@ -437,14 +418,9 @@ (define-public qgpgme
"lang/cpp/src/libgpgmepp.la")
(symlink (string-append gpgme "/lib/libgpgme.la")
"src/libgpgme.la"))
- (chdir "lang/qt")
- #t)))))
+ (chdir "lang/qt"))))))
(native-inputs
- ;; Use GnuPG 2.2.32. With 2.2.30, 'testSymmetricEncryptDecrypt' in
- ;; t-encrypt.cpp fails because 'gpg' wrongfully ask for a passphrase do
- ;; decrypt the cypher text.
(modify-inputs (package-native-inputs gpgme)
- (replace "gnupg" gnupg-2.2.32)
(prepend pkg-config)))
(inputs
(modify-inputs (package-inputs gpgme)

Maxim
L
L
Leo Famulari wrote on 19 Dec 2021 00:53
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 52483@debbugs.gnu.org)
Yb50XTFDq95dwz4s@jasmine.lan
On Fri, Dec 17, 2021 at 11:56:41PM -0500, Maxim Cournoyer wrote:
Toggle quote (9 lines)
> I'm testing this:
>
> --8<---------------cut here---------------start------------->8---
> gnu: gnupg: Update to 2.3.3.
>
> * gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
> (gnupg-2.2.32): Delete variable.
> (qgpgme)[native-inputs]: Use the regular gnupg package.

Okay. Make sure to also adjust emacs-pinentry.

I tested with GnuPG 2.2.23 by building all packages that depend directly
on GnuPG. There were no new failures on x86_64-linux when using GnuPG
2.2.32.
M
M
Michael Rohleder wrote on 19 Dec 2021 02:32
(name . Leo Famulari)(address . leo@famulari.name)(address . 52483@debbugs.gnu.org)
875yrlbcqo.fsf@rohleder.de
Leo Famulari <leo@famulari.name> writes:
Toggle quote (6 lines)
> If emacs-pinentry cannot use a current GnuPG, what should we do? And
> maybe we don't need emacs-pinentry anymore?:
>
> https://emacs.stackexchange.com/a/64721
>

I don't think emacs-pinentry is needed, because adding
"allow-emacs-pinentry" to gpg-agent.conf worked (for me) (at least)
since several years in (guix) emacs w/o using emacs-pinentry (or other
emacs customization).

---
Wir kommen nackt auf diese Welt und atmen ein.
Wir atmen aus und verlassen diese Welt mit leeren Händen.
und dazwischen gestalten wir unser Leben.
-----BEGIN PGP SIGNATURE-----

iQFFBAEBCAAvFiEEdV4t5dDVhcUueCgwfHr/vv7yyyUFAmG+i78RHG1pa2VAcm9o
bGVkZXIuZGUACgkQfHr/vv7yyyXdegf7B2ghPt9jAkWEECnhsTx3hzkWV/ClDplb
xWX7s7hMqFqf0yVw5ab3vNGoQg4fRaTUwflK/W/rfEFaZw6Sewa7uW/3M+EBD+lq
uikXoeNOeaZCUedatBa0dOJy3/vOsHa0Up6KktiL+BvTDGrku8rJT3Bfs57tvOmS
xYGLF+plXfWi9FwtVc9MhGRS36DnZDyA5v9pj9weA3JE3cCiE4RN6RQMTxECHkko
ytxnyRgH/8OwV+beGyVtA0KoYLQNUdcnJxa3p4czpy3OEO0JhHDTT8JSi8UVzblU
BJDhYIoxWVTB1bJBCSfydcmeSBWNnqTPioAZBixus09fROSh9DDNYg==
=CqSh
-----END PGP SIGNATURE-----

M
M
Maxim Cournoyer wrote on 19 Dec 2021 21:25
(name . Leo Famulari)(address . leo@famulari.name)(address . 52483@debbugs.gnu.org)
874k744a0p.fsf@gmail.com
Hi Leo,

Leo Famulari <leo@famulari.name> writes:

Toggle quote (16 lines)
> On Fri, Dec 17, 2021 at 11:56:41PM -0500, Maxim Cournoyer wrote:
>> I'm testing this:
>>
>> --8<---------------cut here---------------start------------->8---
>> gnu: gnupg: Update to 2.3.3.
>>
>> * gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
>> (gnupg-2.2.32): Delete variable.
>> (qgpgme)[native-inputs]: Use the regular gnupg package.
>
> Okay. Make sure to also adjust emacs-pinentry.
>
> I tested with GnuPG 2.2.23 by building all packages that depend directly
> on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> 2.2.32.

I ended up sticking with 2.2.33, since this is the current "LTS"
release. Unfortunately it fails 3 new tests of python-gnupg, and its
author think it is a regression in GnuPG itself [0].


We'll see what upstream has to say about it.

Thank you,

Maxim
L
L
Leo Famulari wrote on 19 Dec 2021 21:33
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 52483@debbugs.gnu.org)
Yb+XDLIBmabb5d7S@jasmine.lan
On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
Toggle quote (6 lines)
> I ended up sticking with 2.2.33, since this is the current "LTS"
> release. Unfortunately it fails 3 new tests of python-gnupg, and its
> author think it is a regression in GnuPG itself [0].
>
> [0] https://github.com/vsajip/python-gnupg/issues/163

Right, this is why I used 2.2.32.
L
L
Leo Famulari wrote on 19 Dec 2021 21:36
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 52483@debbugs.gnu.org)
Yb+XyR/XFKpKLr0s@jasmine.lan
On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
Toggle quote (4 lines)
> > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > 2.2.32.

I see that my message was confusing, with mixed up version numbers.
There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
variable, and remove emacs-pinentry, since everyone is saying that it's
no longer useful.
L
L
Leo Famulari wrote on 23 Dec 2021 01:01
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 52483@debbugs.gnu.org)
YcO8S9asaKAK6/fe@jasmine.lan
On Sun, Dec 19, 2021 at 03:36:25PM -0500, Leo Famulari wrote:
Toggle quote (11 lines)
> On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > > 2.2.32.
>
> I see that my message was confusing, with mixed up version numbers.
> There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
> I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
> variable, and remove emacs-pinentry, since everyone is saying that it's
> no longer useful.

Here are patches for this: https://issues.guix.gnu.org/52744
L
L
Leo Famulari wrote on 26 Dec 2021 23:46
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 52483-done@debbugs.gnu.org)
Ycjw0XsEQZEwC06M@jasmine.lan
On Sun, Dec 19, 2021 at 03:36:25PM -0500, Leo Famulari wrote:
Toggle quote (11 lines)
> On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > > 2.2.32.
>
> I see that my message was confusing, with mixed up version numbers.
> There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
> I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
> variable, and remove emacs-pinentry, since everyone is saying that it's
> no longer useful.

I pushed commit d03aa942d, which makes GnuPG 2.2.32 available in the UI.
I didn't remove emacs-pinentry... that's something that Emacs users
should decide how to handle.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 52483@debbugs.gnu.org