gnupg22+ vs netpgpverify status

To: tech-pkg%pkgsrc.org@localhost
Subject: gnupg22+ vs netpgpverify status
From: Jonathan Perkin <jperkin%mnx.io@localhost>
Date: Wed, 4 Sep 2024 18:37:28 +0100

Related to the libassuan upgrade, does anyone know of the current statusof support for gnupg 2.2+ keys in netpgpverify? This is one of thereasons why I still need to build my own version of gnupg20 (which isnow going to be a lot more difficult after the upgrade).

Essentially packages signed using GnuPG 2.2 or newer can no longer beverified by netpgpverify, something changed in the format of the keys,so you just get e.g.

pkg_add: unable to verify signature: Signature key id 8918e8130c2627d6 not found

even though:

  pub   rsa4096 2022-06-29 [SC]
        59C22B295D7A6D8918E8130C2627D6EF6BD79CFC
  uid           [ultimate] MNX Cloud Package Signing (trunk) <pkgsrc+trunk%smartos.org@localhost>

Thanks,

--
Jonathan Perkin   -   mnx.io   -   pkgsrc.smartos.org
Open Source Complete Cloud   www.tritondatacenter.com

Follow-Ups:
- Re: gnupg22+ vs netpgpverify status
  - From: Taylor R Campbell

Prev by Date: Re: gdt stepping down from pkgsrc-pmc
Next by Date: Re: gnupg22+ vs netpgpverify status
Previous by Thread: gdt stepping down from pkgsrc-pmc
Next by Thread: Re: gnupg22+ vs netpgpverify status
Indexes:

Home | Main Index | Thread Index | Old Index