[2012-03-16 10:07:03 +0200] Ionut Biru:

gpg2 --card-status gpg: selecting openpgp failed: Unsupported certificate gpg: OpenPGP card not available: Unsupported certificate

I think is because I used gpg1 when I generated the key

If I google those error messages, I find different answers. Have you looked at these? It would be a real shame to stick with gnupg-1 only for this reason. And I thought those cards were supposed to be supported by GPG devs... -- Gaetan

On 03/16/2012 11:18 AM, Gaetan Bisson wrote:

[2012-03-16 10:07:03 +0200] Ionut Biru:

...

gpg2 --card-status gpg: selecting openpgp failed: Unsupported certificate gpg: OpenPGP card not available: Unsupported certificate

I think is because I used gpg1 when I generated the key

If I google those error messages, I find different answers. Have you looked at these? It would be a real shame to stick with gnupg-1 only for this reason. And I thought those cards were supposed to be supported by GPG devs...

found it. http://www.opensc-project.org/opensc/wiki/OpenPGP Linux (and Gnome) I had to unset GPG_AGENT. WTF -- Ionuț

On Fri, Mar 16, 2012 at 5:06 AM, Thomas Bächler wrote:

Am 16.03.2012 10:54, schrieb Ionut Biru:

...

On 03/16/2012 11:18 AM, Gaetan Bisson wrote:

...

[2012-03-16 10:07:03 +0200] Ionut Biru:

...

 gpg2 --card-status gpg: selecting openpgp failed: Unsupported certificate gpg: OpenPGP card not available: Unsupported certificate

I think is because I used gpg1 when I generated the key

If I google those error messages, I find different answers. Have you looked at these? It would be a real shame to stick with gnupg-1 only for this reason. And I thought those cards were supposed to be supported by GPG devs...

found it. http://www.opensc-project.org/opensc/wiki/OpenPGP Linux (and Gnome)

I had to unset GPG_AGENT. WTF

That sounds like a problem we should try to solve after we make the transition, as it sounds like it might be related to having two different gnupg implementations that potentially conflict.

I have gpg and gpg2 installed but have been exclusively using gpg2 for both my card and normal private keys without issue. I'm definitely in support of dropping gpg1. However, calling it an "old branch" is a bit of a misnomer, as upstream just released a version of it in the last month or so. 1.4 vs 2.x have very different architectures and 2.x is much more componentized. -Dan

On Sun, Mar 18, 2012 at 8:00 AM, Allan McRae wrote:

Now...  has anyone proposing this actually done the work and noted which configure options get disabled when building gpgme against only one of gnupg or gnupg2.  I remember there was differences when I was looking into this for the same request made back in 2010 (https://bugs.archlinux.org/task/22110).  I can not remember the results, but I remember there was a difference.

I tried building it only against gnupg2, and as far as I could tell it made no difference. If I understood correctly building against gnupg1 means that we don't get support for gpgms (at least). Dropping gnupg2 does not sound like a good idea, as that means people would have to build a second verision of gpgme to get gnupg2 features. Furthermore, if we drop gnupg1, we could eventually drop it from the repos all together, which would not be the case for gnup2 as it has more features people might need. As to the stability, I don't know much about this. It seems that upstream needs to clarify their communication, in the release announcement of 2.0.18 they refer to it as "stable" and make no suggestions that version 1 should be better in this regard: "We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.18. [...] GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.11) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support." Cheers, Tom

[2012-03-19 08:20:34 +1000] Allan McRae:

I think thet gnupg1 is more suited to what _ALL_ Arch systems use gpgme for. The simple verification of package signatures.

Well, linux-2.6.27.62 would also be sufficient to run Arch. But we only package modern stable upstream releases, and certain users actually make use of their modern features. -- Gaetan

On 03/19/2012 07:43 AM, Allan McRae wrote:

On 19/03/12 14:52, Gaetan Bisson wrote:

...

[2012-03-19 08:20:34 +1000] Allan McRae:

...

I think thet gnupg1 is more suited to what _ALL_ Arch systems use gpgme for. The simple verification of package signatures.

Well, linux-2.6.27.62 would also be sufficient to run Arch. But we only package modern stable upstream releases, and certain users actually make use of their modern features.

As I pointed out before, whether gnupg2 is a stable version or an "unstable development version" (http://www.gnupg.org/download/release_notes.en.html) is up for debate. If that gets changed by upstream, then I will have no objection to dropping gnupg1.

Allan

did any of you actually asked upstream about this? :D -- Ionuț

On Mon, Mar 19, 2012 at 10:21 AM, Gaetan Bisson wrote:

[2012-03-19 10:40:58 +0200] Ionut Biru:

...

did any of you actually asked upstream about this? :D

I did this morning:

       http://lists.gnupg.org/pipermail/gnupg-devel/2012-March/026641.html

Let's see what happens...

For those not subscribed, this was the answer: http://lists.gnupg.org/pipermail/gnupg-devel/2012-March/026643.html Cheers, Tom

[2012-03-19 13:09:29 +0100] Thomas Bächler:

you always need a gpg-agent with 2.0, which will break on headless systems.

What do you mean? I'm running gpg-agent fine on a headless system. -- Gaetan

[2012-03-19 16:44:42 +0100] Thomas Bächler:

This let me believe that you cannot use gnupg 2.x without an agent and a pinentry program.

You are correct but that is no issue on headless systems. Pinentry is a problem to run gpg unattended; is that what you were thinking of? At any rate, those few people that want to run gpg unattended will be able to build gnupg1 from AUR, wait for version 2.1, or hack a script that emulates a pinentry program but gives a predetermined passphrase. Cheers. -- Gaetan