[mutt] 01/01: debian-specific/828751-pinentry-gpg2-support.patch: enable gpgme by default, delegating all crypto to gnupg (Closes: 96144, 828751, 824832).
Antonio Radici
antonio at moszumanska.debian.org
Wed Sep 7 20:19:23 UTC 2016
This is an automated email from the git hooks/post-receive script.
antonio pushed a commit to branch master
in repository mutt.
commit 1828cdbb8b8aa2796753c61177b9aa107eedee90
Author: Antonio Radici <antonio at debian.org>
Date: Wed Sep 7 21:18:23 2016 +0100
debian-specific/828751-pinentry-gpg2-support.patch: enable gpgme by default, delegating all crypto to gnupg (Closes: 96144, 828751, 824832).
---
debian/NEWS | 17 +++++++
debian/changelog | 3 ++
.../828751-pinentry-gpg2-support.patch | 53 ++++++++++++++++++++++
debian/patches/series | 1 +
4 files changed, 74 insertions(+)
diff --git a/debian/NEWS b/debian/NEWS
index b48fa87..eb5bdbc 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,20 @@
+mutt (1.7.0-2) unstable; urgency=medium
+
+ Starting from this version, we enable 'crypt_use_gpgme=yes' by default.
+ The GPGME delegates all crypto support to gnupg, which is designed to hold
+ your crypto data securely.
+
+ The drawbacks is that only S/MIME is supported and inline signature are not
+ supported anymore. If you need to sign your email with inline signatures
+ please use 'set crypt_use_gpgme=no' in your .muttrc.
+
+ To solve #828751 we also had to add '--pinentry-mode loopback' to all commands
+ in gpg.rc, that breaks compatibility with gpg v1, if you are still using gpg
+ v1 please remove that option from the invocations of the command in
+ /etc/Muttrc.d/gpg.rc
+
+ -- Antonio Radici <antonio at debian.org> Wed, 07 Sep 2016 21:02:51 +0100
+
mutt (1.6.2-1) unstable; urgency=medium
The mutt package now incorporates the NeoMutt patchset, which includes a
diff --git a/debian/changelog b/debian/changelog
index b9740ef..faba39f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -20,8 +20,11 @@ mutt (1.7.0-2) UNRELEASED; urgency=medium
+ neomutt-devel/836812-user-agent-temp-fix.patch: hardcode the NeoMutt
version, it will be fixed in the next NeoMutt release (Closes: 836812).
(Closes: 569038, 774746, 423931, 599136, 618425).
+ + debian-specific/828751-pinentry-gpg2-support.patch: enable gpgme by
+ default, delegating all crypto to gnupg (Closes: 96144, 828751, 824832).
* debian/extra/rc/notmuch.rc: restored the notmuch keybindings
(Closes: 836148).
+ * debian/NEWS: added information about GPGME being enabled by default.
-- Antonio Radici <antonio at debian.org> Mon, 29 Aug 2016 21:27:08 +0100
diff --git a/debian/patches/debian-specific/828751-pinentry-gpg2-support.patch b/debian/patches/debian-specific/828751-pinentry-gpg2-support.patch
new file mode 100644
index 0000000..7644b19
--- /dev/null
+++ b/debian/patches/debian-specific/828751-pinentry-gpg2-support.patch
@@ -0,0 +1,53 @@
+This patch enables gpgme by default on the Debian version of mutt starting from
+1.7.0-2. More explanations are in NEWS.Debian.
+
+--- a/contrib/gpg.rc
++++ b/contrib/gpg.rc
+@@ -30,21 +30,31 @@
+ # in some localiaztion environments, generates 8bit data in that header, thereby
+ # breaking PGP/MIME.
+
++# Note from the Debian mutt maintainers: starting from 1.7.0-2 GPGME is enabled
++# by default. More info in NEWS.Debian.
++# THe pgp_* commands are left here for people who disable gpgme in their
++# ~/.muttrc
++set crypt_use_gpgme=yes
++
++# Note from the Debian mutt maintainers: the addition of
++# "--pinentry-mode loopback" breaks gpgv1 compatiblity, if you need to use gpgv1
++# remove that statement.
++
+ # decode application/pgp
+-set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
++set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --pinentry-mode loopback --no-verbose --quiet --batch --output - %f"
+
+ # verify a pgp/mime signature
+ set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
+
+ # decrypt a pgp/mime attachment
+-set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
++set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --pinentry-mode loopback --no-verbose --quiet --batch --output - %f"
+
+ # create a pgp/mime signed attachment
+-# set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
+-set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
++# set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --pinentry-mode loopback --armor --detach-sign --textmode %?a?-u %a? %f"
++set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --pinentry-mode loopback --armor --detach-sign --textmode %?a?-u %a? %f"
+
+ # create a application/pgp signed (old-style) message
+-# set pgp_clearsign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"
++# set pgp_clearsign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --pinentry-mode loopback --armor --textmode --clearsign %?a?-u %a? %f"
+ set pgp_clearsign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"
+
+ # create a pgp/mime encrypted attachment
+@@ -52,8 +62,8 @@
+ set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
+
+ # create a pgp/mime encrypted and signed attachment
+-# set pgp_encrypt_sign_command="pgpewrap gpg-2comp %?p?--passphrase-fd 0? -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
+-set pgp_encrypt_sign_command="pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
++# set pgp_encrypt_sign_command="pgpewrap gpg-2comp %?p?--passphrase-fd 0? --pinentry-mode loopback -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
++set pgp_encrypt_sign_command="pgpewrap gpg %?p?--passphrase-fd 0? --pinentry-mode loopback --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
+
+ # import a key into the public key ring
+ set pgp_import_command="gpg --no-verbose --import %f"
diff --git a/debian/patches/series b/debian/patches/series
index a3b5931..789b423 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,6 +10,7 @@ debian-specific/dont_document_not_present_features.patch
debian-specific/document_debian_defaults.patch
debian-specific/467432-write_bcc.patch
debian-specific/566076-build_doc_adjustments.patch
+debian-specific/828751-pinentry-gpg2-support.patch
misc/gpg.rc-paths.patch
misc/smime.rc.patch
upstream/528233-readonly-open.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mutt/mutt.git
More information about the pkg-mutt-commits
mailing list