On 2023-11-20 21:51, Brian Inglis via Cygwin-apps wrote:
The attached log first chunk shows that new downloads especially GnuPG and GNU
packages may be signed with keys not recognized by old gnupg/gpg.
After applying the attached patches, which add support for the newer gpg2 from
gnupg2 if installed, the attached log second chunk shows the new keys verified
by gpg2 added to lib/src_prep.cygpart ___gpg_verify().
Similar code has been added to lib/pkg_pkg.cygpart __pkg_srcpkg() for check and
definition and __gpg_sign() for use in gpg signing of Cygwin patches and files.
Not sure what previous lib/src_prep.cygpart patch was generated from, but patch
from correct sources is attached.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry--- /usr/share/cygport/lib/src_prep.cygpart.orig 2023-08-07
09:46:31.000000000 -0600
+++ /usr/share/cygport/lib/src_prep.cygpart 2023-11-20 23:15:36.349253300
-0700
@@ -181,12 +181,14 @@ __gpg_verify() {
local _filetype=${2};
local _sigext=${3:-sig};
- if ! check_prog gpg
+ if check_prog gpg2; then GPG=gpg2; else GPG=gpg; fi
+
+ if ! check_prog $GPG
then
# display notice only once
if ! defined _gpg_not_found_
then
- inform "gnupg must be installed in order to check
signatures.";
+ inform "gnupg2 or gnupg must be installed in order to
check signatures.";
_gpg_not_found_=1
fi
@@ -196,7 +198,7 @@ __gpg_verify() {
if [ -f ${_file}.${_sigext} ]
then
inform "${_filetype} signature follows:";
- gpg --verify ${_file}.${_sigext} ${_file} || true;
+ $GPG --verify ${_file}.${_sigext} ${_file} || true;
fi
}
