bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 786 bytes --]

Our GnuPG package is version 2.2.30, which includes this bug:

https://dev.gnupg.org/T5577

The effect of this bug is that symmetric encryption / decryption does
not work. The bug was fixed in 2.2.31 and 2.3.3.

Changing GnuPG will cause 2406 rebuilds. I think that's suboptimal but
it's the situation.

There is a gnupg-2.2.32 package, but it's hidden because it would break
emacs-pinentry:

https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/gnupg.scm?id=861ee6d908fefc47d765f81e33cdf6f84b6d50eb#n350

Here is a patch that unhides gnupg-2.2.32, updates it to 2.2.33, and
makes emacs-pinentry use that package variant.

If emacs-pinentry cannot use a current GnuPG, what should we do? And
maybe we don't need emacs-pinentry anymore?:

https://emacs.stackexchange.com/a/64721

[-- Attachment #1.2: 0001-gnu-GnuPG-Update-gnupg-2.2.32-to-2.2.33.patch --]
[-- Type: text/plain, Size: 2319 bytes --]

From b80a537cb9529b2f186519684901fe2be9e0a0f0 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Tue, 14 Dec 2021 11:40:28 -0500
Subject: [PATCH] gnu: GnuPG: Update gnupg-2.2.32 to 2.2.33.

* gnu/packages/gnupg.scm (gnupg-2.2.32): Replace with ...
(gnupg-2.2.33): ... new variable.
* gnu/packages/emacs-xyz.scm (emacs-pinentry)[propagated-inputs]: Use
gnupg-2.2.33.
---
 gnu/packages/emacs-xyz.scm |  2 +-
 gnu/packages/gnupg.scm     | 13 +++----------
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index 32915fb6ed..5ce07645ce 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -21238,7 +21238,7 @@ (define-public emacs-pinentry
            "1lf30q6r8nz5cjzclbb9bbymsk2y75nskvb55hnjdv93gr3j0sik"))))
       (build-system emacs-build-system)
       (propagated-inputs
-       (list gnupg))
+       (list gnupg-2.2.33))
       (home-page "https://elpa.gnu.org/packages/pinentry.html")
       (synopsis "GnuPG Pinentry server implementation")
       (description
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 665e9e3021..fc7c1fbee0 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -347,24 +347,17 @@ (define-public gnupg
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/gnupg")))))
 
-(define-public gnupg-2.2.32
+(define-public gnupg-2.2.33
   (package
     (inherit gnupg)
-    (version "2.2.32")
-
-    ;; Hide this version because packages like 'emacs-pinentry' propagate the
-    ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
-    ;; collision error.
-    (properties `((hidden? . #t)
-                  ,@(package-properties gnupg)))
-
+    (version "2.2.33")
     (source (origin
               (inherit (package-source gnupg))
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
+                "1qz403080hwba8j8vpnfkvh7clg1dbg74kdn1d0p0g84iip87246"))))))
 
 (define-public gnupg-1
   (package (inherit gnupg)
-- 
2.34.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 413 bytes --]

On Tue, Dec 14, 2021 at 11:46:12AM -0500, Leo Famulari wrote:
> Here is a patch that unhides gnupg-2.2.32, updates it to 2.2.33, and
> makes emacs-pinentry use that package variant.

After sending this patch, I noticed that gnupg-2.2.32 is also used by
qgpgme. This bug was noticed earlier, but misinterpreted.

Expect a v2 patch that uses 'gnupg-next' instead of gnupg-2.2.33, and
adjusts all users accordingly.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#52483: [PATCH v2] gnu: GnuPG: Update gnupg-2.2.32 to 2.2.33.

[Leo Famulari]

* gnu/packages/gnupg.scm (gnupg-2.2.32): Replace with ...
(gnupg-next): ... new variable.
(qgpgme)[native-inputs]: Replace gnupg-2.2.32 with gnupg-next.
* gnu/packages/emacs-xyz.scm (emacs-pinentry)[propagated-inputs]: Use
gnupg-next.
---
 gnu/packages/emacs-xyz.scm |  2 +-
 gnu/packages/gnupg.scm     | 18 ++++--------------
 2 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index 32915fb6ed..b9818e92b9 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -21238,7 +21238,7 @@ (define-public emacs-pinentry
            "1lf30q6r8nz5cjzclbb9bbymsk2y75nskvb55hnjdv93gr3j0sik"))))
       (build-system emacs-build-system)
       (propagated-inputs
-       (list gnupg))
+       (list gnupg-next))
       (home-page "https://elpa.gnu.org/packages/pinentry.html")
       (synopsis "GnuPG Pinentry server implementation")
       (description
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 665e9e3021..78dc1e2276 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -347,24 +347,17 @@ (define-public gnupg
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/gnupg")))))
 
-(define-public gnupg-2.2.32
+(define-public gnupg-next
   (package
     (inherit gnupg)
-    (version "2.2.32")
-
-    ;; Hide this version because packages like 'emacs-pinentry' propagate the
-    ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
-    ;; collision error.
-    (properties `((hidden? . #t)
-                  ,@(package-properties gnupg)))
-
+    (version "2.2.33")
     (source (origin
               (inherit (package-source gnupg))
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
+                "1qz403080hwba8j8vpnfkvh7clg1dbg74kdn1d0p0g84iip87246"))))))
 
 (define-public gnupg-1
   (package (inherit gnupg)
@@ -440,11 +433,8 @@ (define-public qgpgme
              (chdir "lang/qt")
              #t)))))
     (native-inputs
-     ;; Use GnuPG 2.2.32.  With 2.2.30, 'testSymmetricEncryptDecrypt' in
-     ;; t-encrypt.cpp fails because 'gpg' wrongfully ask for a passphrase do
-     ;; decrypt the cypher text.
      (modify-inputs (package-native-inputs gpgme)
-       (replace "gnupg" gnupg-2.2.32)
+       (replace "gnupg" gnupg-next)
        (prepend pkg-config)))
     (inputs
      (modify-inputs (package-inputs gpgme)
-- 
2.34.0

bug#52483: [PATCH v2] gnu: GnuPG: Update gnupg-2.2.32 to 2.2.33.

[Leo Famulari]

On Tue, Dec 14, 2021 at 12:33:39PM -0500, Leo Famulari wrote:
> -(define-public gnupg-2.2.32
> +(define-public gnupg-next

I noticed that this package variant omits the pinentry patch. In any
case, I'm testing a full upgrade of gnupg to 2.2.33 for the version-1.4.0
branch.

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Maxim Cournoyer]

Hi!

Leo Famulari <leo@famulari.name> writes:

> On Tue, Dec 14, 2021 at 12:33:39PM -0500, Leo Famulari wrote:
>> -(define-public gnupg-2.2.32
>> +(define-public gnupg-next
>
> I noticed that this package variant omits the pinentry patch. In any
> case, I'm testing a full upgrade of gnupg to 2.2.33 for the version-1.4.0
> branch.

I'm testing this:

--8<---------------cut here---------------start------------->8---
gnu: gnupg: Update to 2.3.3.

* gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
(gnupg-2.2.32): Delete variable.
(qgpgme)[native-inputs]: Use the regular gnupg package.

1 file changed, 4 insertions(+), 28 deletions(-)
gnu/packages/gnupg.scm | 32 ++++----------------------------

modified   gnu/packages/gnupg.scm
@@ -279,15 +279,15 @@ (define-public npth
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.2.30")
+    (version "2.3.3")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
+              (uri (string-append "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (patches (search-patches "gnupg-default-pinentry.patch"))
               (sha256
                (base32
-                "1111ry31gaxv76miqsy6l0kwxwlx8sz0jk41jhyrjwx649p6sqyc"))))
+                "0dz9x0r5021bhk1kjh29m1q13xbslwb8yn9qzcp7b9m1lrnvi2ap"))))
     (build-system gnu-build-system)
     (native-inputs
      (list pkg-config))
@@ -347,25 +347,6 @@ (define-public gnupg
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/gnupg")))))
 
-(define-public gnupg-2.2.32
-  (package
-    (inherit gnupg)
-    (version "2.2.32")
-
-    ;; Hide this version because packages like 'emacs-pinentry' propagate the
-    ;; default GnuPG and "guix install gnupg emacs-pinentry" would fail with a
-    ;; collision error.
-    (properties `((hidden? . #t)
-                  ,@(package-properties gnupg)))
-
-    (source (origin
-              (inherit (package-source gnupg))
-              (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
-                                  ".tar.bz2"))
-              (sha256
-               (base32
-                "0506gv54z10c96z5821z9p0ksibk1pfilsmag39ffqrcz0sinmxj"))))))
-
 (define-public gnupg-1
   (package (inherit gnupg)
     (version "1.4.23")
@@ -437,14 +418,9 @@ (define-public qgpgme
                         "lang/cpp/src/libgpgmepp.la")
                (symlink (string-append gpgme "/lib/libgpgme.la")
                         "src/libgpgme.la"))
-             (chdir "lang/qt")
-             #t)))))
+             (chdir "lang/qt"))))))
     (native-inputs
-     ;; Use GnuPG 2.2.32.  With 2.2.30, 'testSymmetricEncryptDecrypt' in
-     ;; t-encrypt.cpp fails because 'gpg' wrongfully ask for a passphrase do
-     ;; decrypt the cypher text.
      (modify-inputs (package-native-inputs gpgme)
-       (replace "gnupg" gnupg-2.2.32)
        (prepend pkg-config)))
     (inputs
      (modify-inputs (package-inputs gpgme)
--8<---------------cut here---------------end--------------->8---

Maxim

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Leo Famulari]

On Fri, Dec 17, 2021 at 11:56:41PM -0500, Maxim Cournoyer wrote:
> I'm testing this:
> 
> --8<---------------cut here---------------start------------->8---
> gnu: gnupg: Update to 2.3.3.
> 
> * gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
> (gnupg-2.2.32): Delete variable.
> (qgpgme)[native-inputs]: Use the regular gnupg package.

Okay. Make sure to also adjust emacs-pinentry.

I tested with GnuPG 2.2.23 by building all packages that depend directly
on GnuPG. There were no new failures on x86_64-linux when using GnuPG
2.2.32.

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Michael Rohleder]

[-- Attachment #1: Type: text/plain, Size: 591 bytes --]

Leo Famulari <leo@famulari.name> writes:
> If emacs-pinentry cannot use a current GnuPG, what should we do? And
> maybe we don't need emacs-pinentry anymore?:
>
> https://emacs.stackexchange.com/a/64721
>

I don't think emacs-pinentry is needed, because adding
"allow-emacs-pinentry" to gpg-agent.conf worked (for me) (at least)
since several years in (guix) emacs w/o using emacs-pinentry (or other
emacs customization).

---
Wir kommen nackt auf diese Welt und atmen ein.
Wir atmen aus und verlassen diese Welt mit leeren Händen.
und dazwischen gestalten wir unser Leben.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 511 bytes --]

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Maxim Cournoyer]

Hi Leo,

Leo Famulari <leo@famulari.name> writes:

> On Fri, Dec 17, 2021 at 11:56:41PM -0500, Maxim Cournoyer wrote:
>> I'm testing this:
>> 
>> --8<---------------cut here---------------start------------->8---
>> gnu: gnupg: Update to 2.3.3.
>> 
>> * gnu/packages/gnupg.scm (gnupg): Update to 2.3.3.
>> (gnupg-2.2.32): Delete variable.
>> (qgpgme)[native-inputs]: Use the regular gnupg package.
>
> Okay. Make sure to also adjust emacs-pinentry.
>
> I tested with GnuPG 2.2.23 by building all packages that depend directly
> on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> 2.2.32.

I ended up sticking with 2.2.33, since this is the current "LTS"
release.  Unfortunately it fails 3 new tests of python-gnupg, and its
author think it is a regression in GnuPG itself [0].

[0]  https://github.com/vsajip/python-gnupg/issues/163

We'll see what upstream has to say about it.

Thank you,

Maxim

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Leo Famulari]

On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> I ended up sticking with 2.2.33, since this is the current "LTS"
> release.  Unfortunately it fails 3 new tests of python-gnupg, and its
> author think it is a regression in GnuPG itself [0].
> 
> [0]  https://github.com/vsajip/python-gnupg/issues/163

Right, this is why I used 2.2.32.

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Leo Famulari]

On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > 2.2.32.

I see that my message was confusing, with mixed up version numbers.
There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
variable, and remove emacs-pinentry, since everyone is saying that it's
no longer useful.

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Leo Famulari]

On Sun, Dec 19, 2021 at 03:36:25PM -0500, Leo Famulari wrote:
> On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > > 2.2.32.
> 
> I see that my message was confusing, with mixed up version numbers.
> There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
> I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
> variable, and remove emacs-pinentry, since everyone is saying that it's
> no longer useful.

Here are patches for this: <https://issues.guix.gnu.org/52744>

bug#52483: GnuPG 2.2.30 cannot do symmetric encryption

[Leo Famulari]

On Sun, Dec 19, 2021 at 03:36:25PM -0500, Leo Famulari wrote:
> On Sun, Dec 19, 2021 at 03:25:42PM -0500, Maxim Cournoyer wrote:
> > > I tested with GnuPG 2.2.23 by building all packages that depend directly
> > > on GnuPG. There were no new failures on x86_64-linux when using GnuPG
> > > 2.2.32.
> 
> I see that my message was confusing, with mixed up version numbers.
> There's no regressions on x86_64 with 2.2.32. Since it fixes this bug,
> I'd like to make it available soon. Maybe we can unhide the gnupg-2.2.32
> variable, and remove emacs-pinentry, since everyone is saying that it's
> no longer useful.

I pushed commit d03aa942d, which makes GnuPG 2.2.32 available in the UI.
I didn't remove emacs-pinentry... that's something that Emacs users
should decide how to handle.