Re: [bug-gsrc] GSRC Release blocker: GnuPG 2.1.1

[Brandon Invergo]

A follow-up on this:

> Could anyone else please confirm that using gpg 2.1.1 breaks sig
> checking for them?

(first of all, it should be any gnupg 2.1.x that breaks, not just
2.1.1)

As far as I can tell, the problem is related to the new keybox format
used by gnupg 2.1 for storing public keys [1].  I was having major
problems using gpg in general until I converted my public keyring to the
keybox format.  However, the gpg-keyring files belonging to each package
in GSRC are still causing problems for me:

    [checksig] Checking GPG signature ccaudio2-2.1.5.tar.gz
    gpgv --keyring ./gpg-keyring download/ccaudio2-2.1.5.tar.gz.sig
    gpgv: no signed data
    gpgv: can't hash datafile: No data
    ../../gar.lib.mk:237: recipe for target 
'checksig-ccaudio2-2.1.5.tar.gz.sig' failed
    make: *** [checksig-ccaudio2-2.1.5.tar.gz.sig] Error 2

I'm sure there's a way to convert all of the gpg-keyring files to the
new format, but then only people using gnupg 2.1 will be able to check
signatures.

I am open to suggestions as to how to handle this.  The simplest
solution for now is that I can leave everything as-is and just install
gpg1 in order to handle this older format while doing maintenance on
GSRC.  But if anyone has any other ideas, I'd like to hear them.

Thanks,
Brandon

Footnotes: 
[1]  https://gnupg.org/faq/whats-new-in-2.1.html#keybox

-- 
Brandon Invergo
http://brandon.invergo.net

signature.asc
Description: PGP signature