A follow-up on this: > Could anyone else please confirm that using gpg 2.1.1 breaks sig > checking for them?
(first of all, it should be any gnupg 2.1.x that breaks, not just
2.1.1)
As far as I can tell, the problem is related to the new keybox format
used by gnupg 2.1 for storing public keys [1]. I was having major
problems using gpg in general until I converted my public keyring to the
keybox format. However, the gpg-keyring files belonging to each package
in GSRC are still causing problems for me:
[checksig] Checking GPG signature ccaudio2-2.1.5.tar.gz
gpgv --keyring ./gpg-keyring download/ccaudio2-2.1.5.tar.gz.sig
gpgv: no signed data
gpgv: can't hash datafile: No data
../../gar.lib.mk:237: recipe for target
'checksig-ccaudio2-2.1.5.tar.gz.sig' failed
make: *** [checksig-ccaudio2-2.1.5.tar.gz.sig] Error 2
I'm sure there's a way to convert all of the gpg-keyring files to the
new format, but then only people using gnupg 2.1 will be able to check
signatures.
I am open to suggestions as to how to handle this. The simplest
solution for now is that I can leave everything as-is and just install
gpg1 in order to handle this older format while doing maintenance on
GSRC. But if anyone has any other ideas, I'd like to hear them.
Thanks,
Brandon
Footnotes:
[1] https://gnupg.org/faq/whats-new-in-2.1.html#keybox
--
Brandon Invergo
http://brandon.invergo.net
signature.asc
Description: PGP signature
