Testing changes to qubes-gpg-split
18 views
Skip to first unread message
Thomas Kerin
May 20, 2016, 8:39:33 AM5/20/16
to qubes...@googlegroups.com
Hi all,
I have a question about the latest version of qubes-app-linux-split. I
was trying to modify pass (the unix password manager, which uses gpg and
git to store passwords) to use qubes-gpg-client-wrapper. It's just a
bash script, so I was hopeful about getting it working.
I ran into trouble because the gpg package in the repo (2.0.19-1+deb8u1)
doesn't yet support the output or compression options (it does on Github).
What would be the best way to recompile and test the newer split gpg
version if I need to make changes?
And how long would it take for the changes on github to make it into the
repositories?
A more general question, is what advice would you give on modifying a
package to specifically support Qubes? Testing for the presence of
environment variables and using qubes-gpg-client-wrapper if they're
found, or perhaps simply allowing an override for the GPG executable path?
Ideally the patch would be adopted by pass, so we don't have to maintain
another version.
Regards,
Thomas
I have a question about the latest version of qubes-app-linux-split. I
was trying to modify pass (the unix password manager, which uses gpg and
git to store passwords) to use qubes-gpg-client-wrapper. It's just a
bash script, so I was hopeful about getting it working.
I ran into trouble because the gpg package in the repo (2.0.19-1+deb8u1)
doesn't yet support the output or compression options (it does on Github).
What would be the best way to recompile and test the newer split gpg
version if I need to make changes?
And how long would it take for the changes on github to make it into the
repositories?
A more general question, is what advice would you give on modifying a
package to specifically support Qubes? Testing for the presence of
environment variables and using qubes-gpg-client-wrapper if they're
found, or perhaps simply allowing an override for the GPG executable path?
Ideally the patch would be adopted by pass, so we don't have to maintain
another version.
Regards,
Thomas
Marek Marczykowski-Górecki
May 20, 2016, 9:16:34 AM5/20/16
to Thomas Kerin, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, May 19, 2016 at 03:42:01PM +0100, Thomas Kerin wrote:
> Hi all,
>
> I have a question about the latest version of qubes-app-linux-split. I
> was trying to modify pass (the unix password manager, which uses gpg and
> git to store passwords) to use qubes-gpg-client-wrapper. It's just a
> bash script, so I was hopeful about getting it working.
>
> I ran into trouble because the gpg package in the repo (2.0.19-1+deb8u1)
> doesn't yet support the output or compression options (it does on Github).
2.0.20 is in testing repository and will be migrated to stable very
soon.
> What would be the best way to recompile and test the newer split gpg
> version if I need to make changes?
Generally, the official way to build qubes packages is to use Qubes
Builder:
https://www.qubes-os.org/doc/qubes-builder/
But in practice it may be an overkill for just testing new split gpg.
For some testing environment it is enough to download the sources (git
clone), make, sudo make install-vm (for VM files).
> And how long would it take for the changes on github to make it into the
> repositories?
If you look into ticket referenced from the change you are interested
in, there is notification in comment about uploading it to
testing/stable repostiory:
https://github.com/QubesOS/qubes-issues/issues/1940
> A more general question, is what advice would you give on modifying a
> package to specifically support Qubes? Testing for the presence of
> environment variables and using qubes-gpg-client-wrapper if they're
> found, or perhaps simply allowing an override for the GPG executable path?
In some VMs I have /usr/local/bin/gpg2 linked to
/usr/bin/qubes-gpg-client-wrapper, so it works out of the box. But
unfortunately not everything, as split gpg (intentionally) reject some
options.
> Ideally the patch would be adopted by pass, so we don't have to maintain
> another version.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXPw4nAAoJENuP0xzK19cseksH/1TmKgZNebe6tOfDQjv/wS6w
cIogCKDv0+ApD4QOXKMjvz9yaPAQXXr3SlWYdadG+P63WKfTT84zq6Qi3teRQpfB
0HapQniC+h1TMH0oWWlz1iOm9hYZr1xLubTO5N5G0wdXgEYY1V81jwXsa6N3EILa
xOAf4rNDSxWHoGCmNGewgAkOnEMmt41rTMHFJHlC4mzwxZt9GgyUrF1SAW1WzqIk
hps2nc4lMGn99H+8mNg2cUN6tAsPGJulEaP2K0ReImO2Cv5iKatBuRsq0NXM6IUZ
E2o0+e6wEhAHhed4e0fUyF4ItXMqEYtqopU47jaLHFvJxbR/MHjw5WG7kC+pGH4=
=G6Qh
-----END PGP SIGNATURE-----
Hash: SHA256
On Thu, May 19, 2016 at 03:42:01PM +0100, Thomas Kerin wrote:
> Hi all,
>
> I have a question about the latest version of qubes-app-linux-split. I
> was trying to modify pass (the unix password manager, which uses gpg and
> git to store passwords) to use qubes-gpg-client-wrapper. It's just a
> bash script, so I was hopeful about getting it working.
>
> I ran into trouble because the gpg package in the repo (2.0.19-1+deb8u1)
> doesn't yet support the output or compression options (it does on Github).
soon.
> What would be the best way to recompile and test the newer split gpg
> version if I need to make changes?
Builder:
https://www.qubes-os.org/doc/qubes-builder/
But in practice it may be an overkill for just testing new split gpg.
For some testing environment it is enough to download the sources (git
clone), make, sudo make install-vm (for VM files).
> And how long would it take for the changes on github to make it into the
> repositories?
in, there is notification in comment about uploading it to
testing/stable repostiory:
https://github.com/QubesOS/qubes-issues/issues/1940
> A more general question, is what advice would you give on modifying a
> package to specifically support Qubes? Testing for the presence of
> environment variables and using qubes-gpg-client-wrapper if they're
> found, or perhaps simply allowing an override for the GPG executable path?
/usr/bin/qubes-gpg-client-wrapper, so it works out of the box. But
unfortunately not everything, as split gpg (intentionally) reject some
options.
> Ideally the patch would be adopted by pass, so we don't have to maintain
> another version.
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXPw4nAAoJENuP0xzK19cseksH/1TmKgZNebe6tOfDQjv/wS6w
cIogCKDv0+ApD4QOXKMjvz9yaPAQXXr3SlWYdadG+P63WKfTT84zq6Qi3teRQpfB
0HapQniC+h1TMH0oWWlz1iOm9hYZr1xLubTO5N5G0wdXgEYY1V81jwXsa6N3EILa
xOAf4rNDSxWHoGCmNGewgAkOnEMmt41rTMHFJHlC4mzwxZt9GgyUrF1SAW1WzqIk
hps2nc4lMGn99H+8mNg2cUN6tAsPGJulEaP2K0ReImO2Cv5iKatBuRsq0NXM6IUZ
E2o0+e6wEhAHhed4e0fUyF4ItXMqEYtqopU47jaLHFvJxbR/MHjw5WG7kC+pGH4=
=G6Qh
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages