Bug 172971 - Review Request: pgp-tools
Review Request: pgp-tools
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dmitry Butskoy
David Lawrence
http://domsch.com/linux/fedora/extras...
: Regression
Depends On:
Blocks: FE-ACCEPT
  Show dependency treegraph
 
Reported: 2005-11-11 13:21 EST by Matt Domsch
Modified: 2013-09-12 12:36 EDT (History)
2 users (show)

See Also:
Fixed In Version: 0.4.4-3.20051123svn
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-11-29 14:17:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Suggested changes for the spec-file (3.23 KB, patch)
2005-11-24 08:33 EST, Dmitry Butskoy
no flags Details | Diff

  None (edit)
Description Matt Domsch 2005-11-11 13:21:23 EST
Spec Name or Url: http://domsch.com/linux/fedora/extras/pgp-tools/pgp-tools.spec
SRPM Name or Url: http://domsch.com/linux/fedora/extras/pgp-tools/pgp-tools-0.4.4-1.src.rpm

Description:
This is a collection of several projects relating to OpenPGP.
* caff: CA - Fire and Forget signs and mails a key
* pgp-clean: removes all non-self signatures from key
* pgp-fixkey: removes broken packets from keys
* gpg-mailkeys: simply mail out a signed key to its owner
* gpg-key2ps: generate PostScript file with fingerprint paper strips
* gpglist: show who signed which of your UIDs
* gpgsigs: annotates list of GnuPG keys with already done signatures
* keylookup: ncurses wrapper around gpg --search

In particular, caff has become the most accepted and simplest way to sign keys following a keysigning party.
Comment 1 Need Real Name 2005-11-11 14:27:29 EST
Any chance of this making Core?
Comment 2 Dmitry Butskoy 2005-11-24 08:32:10 EST
Remarks & nitpicks:

- remove leading "A" from Summary.
- IMHO Group should be Applications/System (the same as for gnupg)
- it is better to simplify License field (assume BSD,GPL is enough)
- Source0 is not full URL. If it is impossible to obtain the tarball at some 
Internet location, write a comment how to obtain this tarball by svn ...
- use "/usr/sbin/sendmail" instead of "sendmail" for Requires tag:
/usr/sbin/sendmail is actually needed, and it can be provided by different mail
packages (sendmail, postfix, exim, etc.)
- license file for GPL looks messy (extra text present). May be just use
"keylookup/COPYING" instead?
- use macros instead of hardcoded path (/usr/bin, /usr/share/man)
- %install and pre-%doc-preparing can be made more easily
- only "debian/copyright" seems to be actually useful from the debian/ subdirectory




Comment 3 Dmitry Butskoy 2005-11-24 08:33:08 EST
Created attachment 121452 [details]
Suggested changes for the spec-file
Comment 4 Matt Domsch 2005-11-28 15:10:35 EST
Changes applied, updated checkout from subversion, added comment about how to
get source from subversion, and modified name per PackageNamingGuidelines for
post-release packages.

http://domsch.com/linux/fedora/extras/pgp-tools/pgp-tools.spec
http://domsch.com/linux/fedora/extras/pgp-tools/pgp-tools-0.4.4-2.20051123svn.src.rpm
Comment 5 Dmitry Butskoy 2005-11-29 07:59:18 EST
> modified name per PackageNamingGuidelines
OK

- caff: ??? yet no idea how to check this

- gpg-key2ps: works (it would be useful to have an option to print US Dollars
too :-))

- gpg-mailkeys: works

- gpglist: works

- gpgsigs: ??? yet no idea how to check this

- keylookup: does NOT work. 'gpg --search ...' works, but keylookup does not work :(

- pgp-clean: does NOT work. Produces:
"Can't locate GnuPG/Interface.pm in @INC" ...

- pgp-fixkey: does NOT work. The same as above:
"Can't locate GnuPG/Interface.pm in @INC" ...

Perhaps some "Requires" are needed for pgp-{clean|fixkey}.

Could you any idea how I can easily test "caff" and "gpgsign" ?
Comment 6 Matt Domsch 2005-11-29 08:15:18 EST
pgp-clean and pgp-fixkey work for me, as I've got the perl-GnuPG-Interface 
package installed, which the pgp-tools package lists as an rpm Requires auto-
generated.  keylookup works for me too, after fixing the permissions on files 
in ~/.gnupg/* so that gpg didn't complain.  These are all on x86_64 FC4.

gpgsigs needs recode, which I missed as a dependency.  I'll fix that.

I'll see about test processes for caff and gpgsigs.
Comment 7 Dmitry Butskoy 2005-11-29 08:33:44 EST
> which the pgp-tools package lists as an rpm Requires auto-generated.
Oops. Sorry. :)

> keylookup works for me too, after fixing the permissions on files 
> in ~/.gnupg/* so that gpg didn't complain.
Hmmm. My gpg say nothing bad when I do 'gpg --search'.
What is your permissions exactly?
Comment 8 Matt Domsch 2005-11-29 08:38:10 EST
~/.gnupg 0700
~/.gnupg/* 0600
Comment 9 Matt Domsch 2005-11-29 09:54:33 EST
to test caff, I generated a new key, and used caff to sign it.  (I didn't push 
the test key to the keyservers, but manually imported it into caff's 
keyring).  This worked as expected.

As for testing gpgsigs, here's what I did, this worked as expected.

$ gpg --list-keys pgp-tools-test > /tmp/to-sign
$  gpgsigs 92F0FC09 /tmp/to-sign /tmp/signed
Running --list-sigs, this will take a while .
Annotating /tmp/to-sign, writing into /tmp/signed
[mdomsch@pws370 ~]$ cat /tmp/signed
pub   1024D/50765F1F 2005-11-29
(S) uid                  Fedora pgp-tools test key <pgp-tools-test@domsch.com>
sub   2048g/457DBB5A 2005-11-29

Legend:
(S) signed with 92F0FC09
Comment 10 Matt Domsch 2005-11-29 10:21:26 EST
Requires: perl(Locale::Recode) added for gpgsigs.

http://domsch.com/linux/fedora/extras/pgp-tools/pgp-tools.spec
http://domsch.com/linux/fedora/extras/pgp-tools/pgp-tools-0.4.4-
2.20051123svn.src.rpm
Comment 11 Dmitry Butskoy 2005-11-29 10:47:43 EST
keylookup still is an issue for me:

> ~/.gnupg 0700
> ~/.gnupg/* 0600
the same


[buc@buc buc]$ gpg --keyserver=pgp.mit.edu --search dmitry@butskoy.name
gpg: searching for "dmitry@butskoy.name" from HKP server pgp.mit.edu
Keys 1-1 of 1 for "dmitry@butskoy.name"
(1)     Dmitry Butskoy (buc) <dmitry@butskoy.name>
          1024 bit DSA key 4F33DE20, created 2005-08-03
Enter number(s), N)ext, or Q)uit > q
[buc@buc buc]$
[buc@buc buc]$ keylookup --keyserver=pgp.mit.edu dmitry@butskoy.name
gpg: searching for "dmitry@butskoy.name" from HKP server pgp.mit.edu
GnuPG did not find any keys matching your search string.
[buc@buc buc]$

i.e. gpg works, keylookup not...


pgp-clean: invokes "gpg" which read stdin (according to strace(1) tracing), but
nothing happen...

pgp-fixkey: seems to work

gpgsign: works

caff: seems to work


Comment 12 Matt Domsch 2005-11-29 10:56:06 EST
For me:
$ keyserver --keyserver=pgp.mit.edu dmitry@butskoy.name
(insert pretty ncurses screenshot showing me your key)

local problem?
Comment 13 Matt Domsch 2005-11-29 10:58:28 EST
$ pgp-clean 92F0FC09 
outputs to stdout my armored key, stripped of sigs.
Comment 14 Dmitry Butskoy 2005-11-29 11:07:34 EST
> (insert pretty ncurses screenshot showing me your key)
It is from "keylookup" to you, or from you to me? :)

> pgp-clean 92F0FC09 
import your key, invoke "pgp-clean 92F0FC09", the same silence results.

My distro is FC3.

Maybe something is missed in Requires (like for Locale::Recode) ?
Comment 15 Dmitry Butskoy 2005-11-29 11:19:15 EST
Actually, keylookup invokes "gpg" as this:

gpg --keyserver=pgp.mit.edu --command-fd=0 --batch --no-tty --with-colons
--fixed-list-mode --search dmitry@butskoy.name

(and then type Ctrl-D)

For me it outputs:
gpg: searching for "dmitry@butskoy.name" from HKP server pgp.mit.edu
Keys 1-1 of 1 for "dmitry@butskoy.name"
(1)     Dmitry Butskoy (buc) <dmitry@butskoy.name>
          1024 bit DSA key 4F33DE20, created 2005-08-03
Q


What "gpg" outputs exactly with the same cmdline for you?
Comment 16 Matt Domsch 2005-11-29 11:59:20 EST
$ gpg --keyserver=pgp.mit.edu --command-fd=0 --batch --no-tty --with-colons --
fixed-list-mode --search dmitry@butskoy.name
gpg: searching for "dmitry@butskoy.name" from hkp server pgp.mit.edu
pub:4F33DE20:17:1024:1123156023::
uid:Dmitry Butskoy (buc) <dmitry@butskoy.name>
Q

I think this is because FC3 has gnupg 1.2, and FC4 has gnupg 1.4.  perl-GnuPG-
Interface had to have patch on the FC3 branch to deal with this.  I'm inclined 
not to put pgp-tools on FC3 and ignore this. :-)
Comment 17 Dmitry Butskoy 2005-11-29 12:04:58 EST
OK

MUST/SHOULD items OK
Works (assume) fine.

APPROVED!

Comment 18 Matt Domsch 2005-11-29 14:17:31 EST
Builds for FC-4 and devel branches complete.  Closing.
Comment 19 Jochen Schmitt 2013-09-12 12:24:12 EDT
Package Change Request
======================
Package Name: pgp-tools
New Branches: el-5, el-6
Owners: s4504kr
Comment 20 Jon Ciesla 2013-09-12 12:36:02 EDT
EL branches already exist.

Note You need to log in before you can comment on or make changes to this bug.