From 258e8f8f29dc822d582ddf116d03e0dc5d1f7654 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 18 Mar 2019 16:31:07 -0400 Subject: [PATCH] Removed bundled gpg from the Linux standalone build and OSX dmg Because gpg now always wants to use gpg-agent, and shipping such a daemon in those is not a good idea. --- Build/BundledPrograms.hs | 8 ----- CHANGELOG | 3 ++ ...dalone_provides_gpg_but_not_gpg-agent.mdwn | 1 + ..._2c93bb456d7884a5cadd57b240ee42f7._comment | 31 +++++++++++++++++++ 4 files changed, 35 insertions(+), 8 deletions(-) create mode 100644 doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent/comment_3_2c93bb456d7884a5cadd57b240ee42f7._comment diff --git a/Build/BundledPrograms.hs b/Build/BundledPrograms.hs index 77f24ad43a..6235f0b6b8 100644 --- a/Build/BundledPrograms.hs +++ b/Build/BundledPrograms.hs @@ -24,14 +24,6 @@ bundledPrograms = preferredBundledPrograms ++ extraBundledPrograms -} extraBundledPrograms :: [FilePath] extraBundledPrograms = catMaybes - -- The system gpg is probably better, because it may better - -- integrate with the system gpg-agent, etc. - -- On Windows, gpg is bundled with git for windows. -#ifndef mingw32_HOST_OS - [ BuildInfo.gpg -#else - [ -#endif #ifndef darwin_HOST_OS #ifndef mingw32_HOST_OS -- OS X has ssh installed by default. diff --git a/CHANGELOG b/CHANGELOG index a0726c378e..9ad9f1a6d3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -31,6 +31,9 @@ git-annex (7.20190220) UNRELEASED; urgency=medium re-run git-annex init.) * fsck: Detect situations where annex.thin has caused data loss to the content of locked files. + * Removed bundled gpg from the Linux standalone build and OSX dmg, + because gpg now always wants to use gpg-agent, and shipping such a daemon + in those is not a good idea. -- Joey Hess Wed, 20 Feb 2019 14:20:59 -0400 diff --git a/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent.mdwn b/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent.mdwn index b21ad2f9d2..eb619a93df 100644 --- a/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent.mdwn +++ b/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent.mdwn @@ -2,3 +2,4 @@ In the sandbox environment used by git-annex standalone, the gpg binary exists, If I want to use my own gpg version (compatible with my own gpg-agent), is it safe to just delete all files named 'gpg' from the git-annex.linux directory? +> [[fixed|done]] --[[Joey]] diff --git a/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent/comment_3_2c93bb456d7884a5cadd57b240ee42f7._comment b/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent/comment_3_2c93bb456d7884a5cadd57b240ee42f7._comment new file mode 100644 index 0000000000..35804fda91 --- /dev/null +++ b/doc/bugs/git-annex_standalone_provides_gpg_but_not_gpg-agent/comment_3_2c93bb456d7884a5cadd57b240ee42f7._comment @@ -0,0 +1,31 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 3""" + date="2019-03-18T20:03:29Z" + content=""" +If I move gpg-agent out of path and presumably reproduce the problem, +I get this output from the test suite: + + crypto: gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory + gpg: can't connect to the agent: No such file or directory + gpg: error getting the KEK: No agent running + FAIL + Exception: user error (gpg ["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--import","-q"] exited 2) + +Which is the kind of information I was asking for. + +[[!commit aee9adbadc2f17c5b5394fc2fde6c57c26917024]] has some relevant info. +I tried making git-annex not pass --use-agent, but it still tries +to use the agent: + + crypto: gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory + gpg: can't connect to the agent: No such file or directory + gpg: error getting the KEK: No agent running + FAIL + Exception: user error (gpg ["--quiet","--trust-model","always","--import","-q"] exited 2) + preferred content: wanted . ok + +I guess the easist thing would be to drop gpg fraom the standalone bundle. +Including gpg-agent in there seems like a bad idea; it's a daemon that +other gpg versions than the bundled one might try to talk to. +"""]]