Bugzilla – Bug 153535
gpg has no default config file, also problems adding extentions, also some of gpg-related utils 've no man pages.
Last modified: 2006-03-01 10:23:40 UTC
I'm rarely using gpg.. More then 1.5 years ago I used it last time. %) Now got to mail some stuff securely.. Well, it worked w/ my old options OK, except I failed in getting to work an idea extention I had in my configs: ==============cut===================== ----------------- [ 05:04:01, olli@skylab, ~/.gnupg ] $ wget --quiet ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz ----------------- [ 05:04:14, olli@skylab, ~/.gnupg ] $ gzip -d idea.c.gz gzip: idea.c already exists; do you wish to overwrite (y or n)? y ----------------- [ 05:04:27, olli@skylab, ~/.gnupg ] $ grep gcc idea.c gcc -Wall -O2 -shared -fPIC -o idea idea.c gcc -Wall -O2 -shared -fPIC -DBIG_ENDIAN_HOST -o idea idea.c mingw32 gcc -c idea.c ; \ mingw32 gcc -mdll -Wl,--base-file -Wl,temp.base \ mingw32 gcc -mdll -o idea.dll temp.o idea.o ; \ ----------------- [ 05:05:08, olli@skylab, ~/.gnupg ] $ gcc -Wall -O2 -shared -fPIC -o idea idea.c ----------------- [ 05:05:25, olli@skylab, ~/.gnupg ] $ grep load gpg.conf load-extension ~olli/.gnupg/idea ----------------- [ 05:06:08, olli@skylab, ~/.gnupg ] $ gpg --version | grep invalid gpg: invalid module `~olli/.gnupg/idea': ~olli/.gnupg/idea: cannot open shared object file: No such file or directory ----------------- [ 05:07:15, olli@skylab, ~/.gnupg ] $ ls -l ~olli/.gnupg/idea -rwxr-xr-x 1 olli wheel 9406 2006-02-25 05:05 /home/olli/.gnupg/idea ----------------- [ 05:07:31, olli@skylab, ~/.gnupg ] $ ==============cut===================== Though not very important now. Just curiouse - anyone 've this extention working? Well, since I've used it a couple of time ago I was interested what's new & ran 'man 1 gpg'. Found that there're lots of options that are not used by default & the ordinary user may be unaware of. Think it 'd be good to supply some defaults for SuSE users? Currently there's nothing. ----------------- [ 05:11:58, olli@skylab, ~ ] $ ls -al /etc/skel/ | grep .gnupg ----------------- [ 05:12:25, olli@skylab, ~ ] $ ==============cut===================== So, if interested I may suggest my config. And about mans: ==============cut===================== ----------------- [ 05:14:20, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # rpm -ql gpg2-1.9.18-2 | grep bin/ /usr/bin/gpg-agent /usr/bin/gpg-connect-agent /usr/bin/gpg2 /usr/bin/gpgconf /usr/bin/gpgkey2ssh /usr/bin/gpgsm /usr/bin/gpgsm-gencert.sh /usr/bin/gpgv2 /usr/bin/kbxutil /usr/bin/scdaemon /usr/bin/watchgnupg /usr/sbin/addgnupghome ----------------- [ 05:14:29, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos gpg-agent keychain (1) - re-use ssh-agent and/or gpg-agent between logins ----------------- [ 05:14:42, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos gpg-connect-agent gpg-connect-agent: nothing appropriate. ----------------- [ 05:17:43, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos gpg2 gpg2: nothing appropriate. ----------------- [ 05:17:49, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos gpgconf gpgconf: nothing appropriate. ----------------- [ 05:17:56, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos gpgkey2ssh gpgkey2ssh: nothing appropriate. ----------------- [ 05:18:06, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos gpgsm gpgsm: nothing appropriate. ----------------- [ 05:18:11, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos kbxutil kbxutil: nothing appropriate. ----------------- [ 05:18:21, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos scdaemon scdaemon: nothing appropriate. ----------------- [ 05:18:31, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos watchgnupg watchgnupg: nothing appropriate. ----------------- [ 05:19:25, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos addgnupghome addgnupghome: nothing appropriate. ----------------- [ 05:19:42, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # apropos gpg gpgv (1) - signature verification tool gpg.ru (1) - инструмент для шифрования и цифровой подписи keychain (1) - re-use ssh-agent and/or gpg-agent between logins gpg (1) - encryption and signing tool ----------------- [ 05:19:47, root@skylab, /usr/src/2Install/CURRENT/ZoneMinder-1.22.0 ] # ==============cut===================== Yes, there's /usr/share/doc/packages/gpg2/README, that helps. Though mans are better, IMO.
well.. at the end of man I've: /usr[/local]/share/gnupg/options.skel Skeleton options file That's enough to give a link for any user. Though I've more options set: $ grep -v ^\$ /home/olli/.gnupg/gpg.conf | grep -v ^\#| wc -l 41 Closing that part of questions - defaults are there & are system wide.
Idea is patented in some parts of the world and therefore not redistributable. I like the default settings, and personally have only a few options in my $HOME/.gnupg/options: default-key <<keyid>> keyserver wwwkeys.de.pgp.net encrypt-to <<keyid>> no-secmem-warning rfc1991 But some of them are unintended to use by a default user, and the rest is a user specific (and therefore also not good for a global config file). So, which options do you think we should added in a global config file?
1. About IDEA - I know about legal issues. Though I had it working w/ old gpg a few years ago. %) Now it doesn't. Even doing things from how to as is. Though it's not supported by Novell, thus should be discussed within gpg devel mailing list, probably? 2. My gpg.conf is avaliable within https://bugzilla.novell.com/show_bug.cgi?id=153565 As for me the following would be nice in defaults: -----cut------ # armor by default armor # verbose by default verbose # set to treat as binary no-textmode # interactive: prompt on each overwrite interactive # see man keyserver-options include-revoked,include-disabled,no-honor-keyserver-url,include-subkeys,verbose,no-auto-key-retriv e # no even that infoleak . =) set-filename ThisReplacesFileName # no adverts no-greeting # show fingerprint always with-fingerprint -----cut------ Some of above may be already defaults though. The key search (keyserver-options ) may be left commented, since there're advantages and disadvantages of getting all keys, but not only currently valid. Mine gpg.conf may be left as a sample for people, though only after clearing situation w/ 's2' things noted in bug #153565 , since I may be wrong w/ somth.
If IDEA was included, then it was done by chance, without checking the legal situation. We cannot add it, as long as the patent exists. Sorry. The given config seems in my point of view not good for every user under any circumstances. They contain some pitfalls, by which scripts/GUIs might break when enabled. Thanks for your input, but we cannot add them. ==> closing this gnupg topic (bugzilla entry) with INVALID
okay, idea: agree. as about suggestions: any of lines could trouble some of other apps? Even 'with-fingerprint' and 'no-greeting'? :?
Sure. 'greeting' might be an indication (assertion) for a program that subprocess 'gpg' is running. Same with 'fingerprint': enabled might be an unexpected output for another process. There exists tools (scripts), which do such processing, e.g. mail user agents, YaST, and others.