GnuPG support for pgpverify

Marco d'Itri md at Linux.IT
Mon May 7 20:10:02 UTC 2001


On May 06, Russ Allbery <rra at stanford.edu> wrote:

 >I've sent the following patch to tale, letting him know it's the merger of
 >Marco d'Itri's work with the current pgpverify script; as soon as it's
 >approved upstream for a new version of pgpverify, I'll check it into INN's
 >source tree.  It adds native support for GnuPG based on the current
 >gpgverify script.

 >Once this change is in, I'll modify configure to search for gpgv first
 >when trying to find a PGP binary.  pgpverify with this patch decides what
 >flavor of PGP it's talking to by seeing if the command is gpgv or not.
I think it's confusing, gpgv has a very different API than the usual pgp
or gpg commands, so I really think it should have his own variable name.

 >Marco (and other packagers), should I also leave gpgverify in the tree for
 >Linux distributions or the like where you don't even have to think about
 >traditoinal PGP or Perl 4 support, or is it more hassle than it's worth to
 >worry about two versions?
I think it's better to distribute gpgverify too, it's way simpler to
understand/debug/modify and I still hope the old cruft in pgpverify will
be ripped of someday. :-)

 > # written April 1996, tale at isc.org (David C Lawrence)
 >-# Version 1.13.1, 16 Feb 2001
 >+# Version 1.14, 6 May 2001
Please don't forget credits. :-)

 >+# GnuPG users should point this at gpgv or the pgpgpg wrapper.
They are not the same thing and even use different configuration files
and default keyrings. Please let pgpgpg die, it's not needed.

 >+# If you keep your keyring somewhere that is not the default used by pgp,
 >+# uncomment the next line and set appropriately.  If you have INN and the
 >+# script is able to successfully include your innshellvars.pl file, this
 >+# will be set to $inn::newsetc/pgp if that directory exists unless you set
 >+# it explicitly.
 >+# $keyring = '/path/to/your/pgp/config';
You may want to add that gpg will use a file named pubring.gpg found in
the $keyring directory.

 >+if (! $keyring && $inn'newsetc) {
 >+  $keyring = $inn'newsetc . '/pgp' if -d $inn'newsetc . '/pgp';
 >+}
This is bad, please revert it to the original code:

$keyring = ($inn'newsetc ? $inn'newsetc . '/pgp/' : '') .  'pubring.gpg';

when gpgv can't find the keyring it creates a new one named
~/.gnupg/trustedkeys.gpg, and this is most likely not what a news
admin wants.

-- 
ciao,
Marco


More information about the inn-workers mailing list