Removed bundled gpg from the Linux standalone build and OSX dmg

Because gpg now always wants to use gpg-agent, and shipping such a daemon in those is not a good idea.
2019-03-18 16:31:07 -04:00 · 2019-03-18 16:31:07 -04:00 · 258e8f8f29
commit 258e8f8f29
parent c96e623343
4 changed files with 35 additions and 8 deletions
--- a/Build/BundledPrograms.hs
+++ b/Build/BundledPrograms.hs
@ -24,14 +24,6 @@ bundledPrograms = preferredBundledPrograms ++ extraBundledPrograms
 -}
 extraBundledPrograms :: [FilePath]
 extraBundledPrograms = catMaybes
-	-- The system gpg is probably better, because it may better
-	-- integrate with the system gpg-agent, etc.
-	-- On Windows, gpg is bundled with git for windows.
-#ifndef mingw32_HOST_OS
-	[ BuildInfo.gpg
-#else
-	[
-#endif
 #ifndef darwin_HOST_OS
 #ifndef mingw32_HOST_OS
 	-- OS X has ssh installed by default.
--- a/3
+++ b/3
@ -31,6 +31,9 @@ git-annex (7.20190220) UNRELEASED; urgency=medium
    re-run git-annex init.)
  * fsck: Detect situations where annex.thin has caused data loss
    to the content of locked files.
+  * Removed bundled gpg from the Linux standalone build and OSX dmg,
+    because gpg now always wants to use gpg-agent, and shipping such a daemon
+    in those is not a good idea.

 -- Joey Hess <id@joeyh.name>  Wed, 20 Feb 2019 14:20:59 -0400

--- a/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent.mdwn
+++ b/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent.mdwn
@ -2,3 +2,4 @@ In the sandbox environment used by git-annex standalone, the gpg binary exists,

 If I want to use my own gpg version (compatible with my own gpg-agent), is it safe to just delete all files named 'gpg' from the git-annex.linux directory?

+> [[fixed|done]] --[[Joey]]
--- a/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent/comment_3_2c93bb456d7884a5cadd57b240ee42f7._comment
+++ b/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent/comment_3_2c93bb456d7884a5cadd57b240ee42f7._comment
@ -0,0 +1,31 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2019-03-18T20:03:29Z"
+ content="""
+If I move gpg-agent out of path and presumably reproduce the problem,
+I get this output from the test suite:
+
+	    crypto:                                               gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
+	gpg: can't connect to the agent: No such file or directory
+	gpg: error getting the KEK: No agent running
+	FAIL
+	      Exception: user error (gpg ["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--import","-q"] exited 2)
+
+Which is the kind of information I was asking for.
+
+[[!commit aee9adbadc2f17c5b5394fc2fde6c57c26917024]] has some relevant info.
+I tried making git-annex not pass --use-agent, but it still tries
+to use the agent:
+
+	    crypto:                                               gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
+	gpg: can't connect to the agent: No such file or directory
+	gpg: error getting the KEK: No agent running
+	FAIL
+	      Exception: user error (gpg ["--quiet","--trust-model","always","--import","-q"] exited 2)
+	    preferred content:                                    wanted . ok
+
+I guess the easist thing would be to drop gpg fraom the standalone bundle.
+Including gpg-agent in there seems like a bad idea; it's a daemon that
+other gpg versions than the bundled one might try to talk to.
+"""]]