Add LTS version of GnuPG and update libgcrypt to latest LTS version #215109
Conversation
ofborg
bot
added
8.has: clean-up
ofborg
bot
added
10.rebuild-darwin: 1-10
peti
left a comment
peti
left a comment
There was a problem hiding this comment.
I am for it. I would use the latest version by default, but offer the LTS version for those who want it, just like this PR does. 👍
|
Would you happen to have any additional context you could share on the state of the patches as mentioned in the **👋 Call for help** [above](#215109 (comment)) by any chance?
No, I'm afraid not.
|
|
The |
afh
force-pushed
the
gnupg-libgcrypt-lts
branch
2 times, most recently
from
17f1e44 to
e3f62fb
Compare
|
Thanks for bringing this to my attention, @doronbehar. It seems I'm suffering from a severe case of Monday-morning 🧠 today 😅. |
afh
force-pushed
the
gnupg-libgcrypt-lts
branch
from
e3f62fb to
bd7af21
Compare
afh
force-pushed
the
gnupg-libgcrypt-lts
branch
3 times, most recently
from
8db05ef to
b573b04
Compare
|
@trofi and @winterqt you've been so very helpful in moving forward with other PRs (#194099, #215699), mind lending a hand here to get the right people involved to get 👀 on this PR? The main question to resolve is what should happen with the patches that do not apply (cleanly)? Once that is resolved I feel the PR is ready for review. |
I am not familiar with
Generally if there are no known problems with latest version and there are no packages that rely on outdated versions I would suggest not to provide outdated versions. Especially for security packages. Upstream should know better when to release. |
|
Thanks for your helpful comments, @trofi, and apologies for taking so long to reply. |
Can you have a look at |
ofborg
bot
added
10.rebuild-darwin: 101-500
afh
force-pushed
the
gnupg-libgcrypt-lts
branch
from
6ab6bae to
858391d
Compare
|
Finally got around to inspect the patches, @trofi. Obsoleted patches have been removed, other patches have been updated to apply cleanly. I'm happy to remove the |
That sounds great! Could this removal be applied for the non LTS Gnupg? |
|
Yes, it can, @doronbehar, and I pushed an appropriate change for the removal. For reference here are links to the upstream source showing the comment and commented code: |
|
Thought I had marked this PR as ready for review already. Apologies for the delay. |
doronbehar
left a comment
doronbehar
left a comment
There was a problem hiding this comment.
Maybe we should rename the files in both gnupg/ and in libgcrypt/ as default.nix and lts.nix?
Besides that, looks good to me and I approve and encourage the changes, especially the cleanup commits (libgcrypt update & patch cleanup).
|
Thanks for the review, @doronbehar. Glad to hear you approve and encourage the suggested changes. 🙂 @trofi suggested to "[a]void the suffixes like libgcrypt-lts. Using versioned ones like libgcrypt_1_8 where needed should be enough." Trofi's comment was about directed at package names; not sure how much of a difference that makes regarding the package filenames. |
|
I think this is a matter of taste and the maintainers (who unfortunately don't share their voice here) should decide on those details. |
I don't feel strongly about the filenames. Using the packages version number in the filename seems to be common practice, but the current scheme works fine, too. No big deal. I'm fine with the PR as it is. |
|
@doronbehar, @trofi, @peti the maintainers have been unresponsive here, do any of you have merge rights to possibly get this in for the 23.05 release? |
|
Oh, isn't 5000+ rebuilds a bit too much for |
|
32000 rebuilds, no less. Backing out. |
| , guiSupport ? stdenv.isDarwin, pinentry | ||
| }: | ||
|
|
||
| with lib; |
There was a problem hiding this comment.
with lib should not be over the entire file
There was a problem hiding this comment.
with lib should not be over the entire file
I think it's a left over from the copy pasted nix files, but indeed they all shouldn't use with lib; like this.
|
Thanks everyone for chiming in. I'll work on the requested changes and will issue a new PR with Update: See #226006 |
6 participants
Description of changes
In Brief:
gnupg-ltsandlibgcrypt-tlspackage namesgnupg-ltsdepend onlibgcrypt-tlsℹ️ Updating libgcrypt from 1.5.x to 1.8.x seemed okay to me as I did not quickly find any packages depending on it.
In Detail:
The latest change of the GnuPG package (see PR #207071) has been met with both acclaim and some uncertainty.
Folks were uncertain whether NixOS should only provide the latest version or additionally offer an LTS version. The GnuPG 2.2.27 package was was replaced by the GnuPG 2.3.3 package (see 1ee8f77).
A quick investigation shows that several distributions chose the GnuPG LTS version as the default (see my comment on #207071).
@mweinelt's comment mentioning "some interoperability concerns voiced on the distributions@ list, where gnugp with 2.4.0 is incompatible with openpgp implementations following the proposed(?) IETF standard [see draft-ietf-openpgp-crypto-refresh]" inspired me to try and (re-)introduce an LTS version of GnuPG and libgcrypt, the result of which is this PR.
✅
👋 Call for help:Folks familiar with both or either of the packages, please chime in with additional context that may have been lost and whether the patches that are commented out can be removed or need to be updated.Until the above call for help has been resolved I believe this PR should continue to be a draft.Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)nixos/doc/manual/md-to-db.shto update generated release notes