Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
gpgme - same version now wants gnupg-2 rather than gnupg
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
jonathan183
Guru
Guru


Joined: 13 Dec 2011
Posts: 318

PostPosted: Sun Dec 17, 2017 10:45 pm    Post subject: gpgme - same version now wants gnupg-2 rather than gnupg Reply with quote

For some reason gpgme-1.8.0 appears to have developed a dependence on gnupg-2 rather than gnupg. This happened at some point between 9 December 2017 and 16 December 2017.
I am using gnupg rather than gnupg-2, the change in gpgme results in an attempt to pull in gnupg-2 plus agent etc which I do not want.
Code:
emerge-webrsync --revert=20171209
then copying gpgme to my local overlay followed by
Code:
emerge -1 gpgme
returns previous behaviour on my system ... why do these changes happen with no revision to versions especially since the previous ebuild works ?

Since the change log does not appear to be visible anymore with rsync ... it does not appear to be straightforward to work out why someone has made this change. Not sure if this a bug or not ...
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1791

PostPosted: Sun Dec 17, 2017 11:49 pm    Post subject: Reply with quote

Well, going through the portage log (the portage tree is now in git, and that's where the log is maintained; you can view the log easily enough through the portage tree from the site on your browser).
Anyways, the log says the change was done, due to this Bug 640858 - app-crypt/gpgme-1.10.0 : checking for GPG Error - version >= 1.24... yes (1.27) .

In short, at the bottom of the comments indicated that gnupg-1.4.21 is soon to be given last rites and masked for removal. So I would say, this is the intention, by shifting everything away from the old version prior to removing that version of gnupg.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22756

PostPosted: Sun Dec 17, 2017 11:56 pm    Post subject: Reply with quote

Speaking generally, with no context beyond what was posted in this thread:

The ebuild was likely changed without a revision bump specifically because the previous ebuild worked for the people who had installed it, and the change brought no value to people who already had a working install. That rationale is typically used to justify fixing issues that broke the build for some configurations, and ran fine for others.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Dec 18, 2017 12:45 am    Post subject: Reply with quote

ct85711 wrote:
In short, at the bottom of the comments indicated that gnupg-1.4.21 is soon to be given last rites and masked for removal. So I would say, this is the intention, by shifting everything away from the old version prior to removing that version of gnupg.

ct85711, et al ... that would make sense if gnupg-1 were in fact discontinued, but that isn't the case, the 1.x series is still being developed, as shown by the maintainance release (1.4.22) from 2017-07-19 (fixing CVE-2017-7526).

IMO, this is another case of developers doing shoddy fixes, there is nothing wrong with gnupg-1 and if gpgme actually requires 2.x then it should DEPEND on it (you know, the standard method for dealing with such issues). Dropping <app-crypt/gnupg-2.x just because some other package happens to have some issue is basically dumb, and can only be explained by the fact that the developer(s) involved in its removal don't use gnupg-1 ... and so think no one should be.

best ... khay
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1791

PostPosted: Mon Dec 18, 2017 1:21 am    Post subject: Reply with quote

I can not say about what the devs does is correct or not, I am just going by what they put in the bug report I linked to; more of Comments 8 & 9 saying in short:

Quote:
Maybe a good reason to mask 1.4 in the gentoo repo and get ready to remove it altogether.


Quote:
Yes, can you please? we do not need it around any more.


This to me sounds like, they (the devs) are getting ready to mask gnupg-1.4 for removal... Going by this bug was just closed on the 13th; I am assuming they are verifying this won't break any other package and/or haven't got around to masking it yet. Now if and/or when they do mask/remove it, I don't know how long until it happens.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 9315

PostPosted: Mon Dec 18, 2017 1:46 am    Post subject: Reply with quote

khayyam wrote:
IMO, this is another case of developers doing shoddy fixes, there is nothing wrong with gnupg-1 and if gpgme actually requires 2.x then it should DEPEND on it (you know, the standard method for dealing with such issues). Dropping <app-crypt/gnupg-2.x just because some other package happens to have some issue is basically dumb, and can only be explained by the fact that the developer(s) involved in its removal don't use gnupg-1 ... and so think no one should be.


We have plenty of stable(!) gnupg versions in tree, if you can't come up with a compelling reason why gnupg-1 should be kept in tree other than a smug comment, then off it goes.

Code:
$ eshowkw app-crypt/gnupg
Keywords for app-crypt/gnupg:
            |                                 |   u   | 
            | a a         p   a     n r     s |   n   | 
            | l m   h i   p   r m m i i s   p | e u s | r
            | p d a p a p c x m i 6 o s 3   a | a s l | e
            | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p
            | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o
------------+---------------------------------+-------+-------
  1.4.21    | + + + + + + + + o ~ o o o ~ ~ + | 5 # 0 | gentoo
  2.1.15    | + + + + + + + + + ~ + o o + + + | 5 o   | gentoo
  2.1.20-r1 | + + + + + + + + + ~ ~ o o ~ ~ + | 6 o   | gentoo
   2.2.0    | + + + + + + + + ~ ~ ~ o o ~ ~ ~ | 6 o   | gentoo
   2.2.1    | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 #   | gentoo
[I]2.2.3    | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 o   | gentoo
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22756

PostPosted: Mon Dec 18, 2017 4:45 am    Post subject: Reply with quote

Upstream changed several obvious user-visible behaviours in gnupg-2. Some people object to this, preferring how it worked in gnupg-1.4. I can't say whether that's a good enough reason to keep the 1.x line, but it's definitely not the case that upgrading to 2.x is free of undesirable quirks.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Dec 18, 2017 9:05 am    Post subject: Reply with quote

asturm wrote:
We have plenty of stable(!) gnupg versions in tree, if you can't come up with a compelling reason why gnupg-1 should be kept in tree other than a smug comment, then off it goes.

astrum ... ok, for one: as shown above, it's supported by upstream! How's that for "smug"?
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Mon Dec 18, 2017 9:34 pm    Post subject: Reply with quote

This smells a bit like gentoo's bungled blood crusade to purge the tree of GTK2 support a few years back... while the software using it actually worked fine (and still does today - GTK3 still isn't safe to write themes for, so nobody does).

asturm wrote:
We have plenty of stable(!) gnupg versions in tree, if you can't come up with a compelling reason why gnupg-1 should be kept in tree other than a smug comment, then off it goes.

Does the ebuild for gpg2 patch back in the PGP2 support that has been removed? Data loss is a pretty compelling reason.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 9315

PostPosted: Mon Dec 18, 2017 10:34 pm    Post subject: Reply with quote

khayyam wrote:
as shown above, it's supported by upstream! How's that for "smug"?

That's not reason enough; plenty of software is supported upstream and we don't package it - it still needs someone to take care of it. You can turn a hypothetical last-rites thread into a bikeshed and maybe you succeed in that it is not dropped; but then you likely end up with a bitrotting old ebuild because no dev is left using or testing it.

Ant P. wrote:
Data loss is a pretty compelling reason.

Sure that is.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Tue Dec 19, 2017 12:20 am    Post subject: Reply with quote

asturm wrote:
khayyam wrote:
as shown above, it's supported by upstream! How's that for "smug"?

That's not reason enough; plenty of software is supported upstream and we don't package it - it still needs someone to take care of it.

astrum ... it's plenty reason, and others have provided additional reasons. Having supplied it you're now trying to make it seem as though maintaining that one ebuild is some huge task, and that there is some deeper issue involved, this is complete nonsense. Stop acting as though "developers" are doing something for us users, and that the entire burden of "support", Q&A, etc, is born by them ... it's a familiar trope, and serves no other purpose than to make developers seem somehow superior to the community they serve. Such a package should be maintained because it provides choice, and given the fact that upstream maintain it (even if only for fixes, CVE's, etc), it makes little sense not to do similar if some benefit to the community can be had.

asturm wrote:
You can turn a hypothetical last-rites thread into a bikeshed and maybe you succeed in that it is not dropped; but then you likely end up with a bitrotting old ebuild because no dev is left using or testing it.

We can add it to the list, there are no end of packages, useflag combinations, etc, etc, etc, that are never tested, so what is your point here? By throwing in the term "bitrot" you are attempting to make the issue seem critical, and/or requiring action, when the package is maintained upstream, and there is very little work, or action, required. If in the unlikely event that some action is required then you can hope, as per standard practice, users report it, and that action can be taken, but that certainly isn't the case so far, the package is bumped as and when new releases are made upstream, as happened on 2017-07-19. So, there isn't a lot that is being asked here, the solution is a no brainer.

best ... khay
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 9315

PostPosted: Tue Dec 19, 2017 12:44 am    Post subject: Reply with quote

khayyam wrote:
it's plenty reason

Nope.
khayyam wrote:
Having supplied it you're now trying to make it seem as though maintaining that one ebuild is some huge task

Wrong, talking in general. Just multiply 'that one ebuild' by the hundreds. I can't possibly talk about gnupg specifically because I've never looked at it.
khayyam wrote:
Stop acting as though "developers" are doing something for us users, and that the entire burden of "support", Q&A, etc, is born by them ... it's a familiar trope, and serves no other purpose than to make developers seem somehow superior to the community they serve.

Drivel.
khayyam wrote:
Such a package should be maintained because it provides choice, and given the fact that upstream maintain it (even if only for fixes, CVE's, etc), it makes little sense not to do similar if some benefit to the community can be had.

I did not deny that it should be maintained if there is a compelling reason. Mere existence is not.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Tue Dec 19, 2017 1:57 am    Post subject: Reply with quote

asturm wrote:
khayyam wrote:
it's plenty reason, and others have provided additional reasons.

Nope.

astrum ... you're proving to be a disingenuous, and dishonest, interlocutor, with your selective quoting (fixed in the above).

asturm wrote:
khayyam wrote:
Having supplied it you're now trying to make it seem as though maintaining that one ebuild is some huge task

Wrong, talking in general. Just multiply 'that one ebuild' by the hundreds. I can't possibly talk about gnupg specifically because I've never looked at it.

You asked for "a" reason, I provided "one", I could provide more but I see little point "discussing" it with you.

asturm wrote:
khayyam wrote:
Stop acting as though "developers" are doing something for us users, and that the entire burden of "support", Q&A, etc, is born by them ... it's a familiar trope, and serves no other purpose than to make developers seem somehow superior to the community they serve.

Drivel.

That is ironic, given the arguments (sic) you've used so far in this thread. Stating something is "drivel" is a great retort, but it doesn't constitute an argument.

asturm wrote:
khayyam wrote:
Such a package should be maintained because it provides choice, and given the fact that upstream maintain it (even if only for fixes, CVE's, etc), it makes little sense not to do similar if some benefit to the community can be had.

I did not deny that it should be maintained if there is a compelling reason. Mere existence is not.

No, you were just asking for "a" reason, both Hu, and Ant P. provided them, that is disengeniousness at it's core. Now you still need "a compelling reason" because you are effectively lording over what such a reason might involve, and throwing in all manor of distractions in the form of "bitrot", the work involved, etc. In short, trolling.


Last edited by khayyam on Tue Dec 19, 2017 2:04 am; edited 1 time in total
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 9315

PostPosted: Tue Dec 19, 2017 2:01 am    Post subject: Reply with quote

You're just a waste of time.
Back to top
View user's profile Send private message
jonathan183
Guru
Guru


Joined: 13 Dec 2011
Posts: 318

PostPosted: Wed Dec 20, 2017 9:59 pm    Post subject: Reply with quote

I think I first masked gnupg-2 a few years ago because claws-mail would behave quite oddly with gnupg-2 (I think it used to prompt for the password in a virtual console 8O ) ... I'll stick with gnupg-1 for the moment but based on that bug can expect to be forced at some point to switch to gnupg-2.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum