XPost: news.software.nntp

Hi The Doctor,

Nov 22 01:00:03 gallifrey nocem[29276]: Article
<ujkce3$ta8$1@rasp.pasdenom.info>: /usr/local/bin/gpg exited with status 2 >>

$gpg = '/usr/local/bin/gpg';

I wonder if Julien should adjust this accordingly.

There's no universal path to where binaries are installed, so it cannot
just be hard-coded. When configuring the package, INN tries to find the appropriate installed binary, if any. Naturally, if you install GnuPG
after INN, it won't have set it up right.

Regarding <ujkce3$ta8$1@rasp.pasdenom.info> signed with the nonobot key,
it should normally work with both GnuPG 1 and GnuPG 2.
I am really unsure the problem comes from that.

Are you certain you have properly imported its key following the
instructions of the manual page? (https://www.eyrie.org/~eagle/software/inn/docs/perl-nocem.html)

Is it listed in your <pathetc>/pgp/ncmring.gpg keyring?

% gpg --list-keys --primary-keyring /home/news/etc/pgp/ncmring.gpg

pub rsa3072 2021-12-03 [SC]
8A90C13AE047AC7306BB2E4721EDE4D6D4455599
uid [ inconnue] nono le petit robot (nocem) <robot@pasdenom.info>
sub rsa3072 2021-12-03 [E]

--
Julien ÉLIE

« – Nous parlerons quand l'interprète dormira. [Bong !]
– Il dort. On peut parler. » (Astérix)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

Julien ÉLIE <iulius@nom-de-mon-site.com.invalid> writes:

There's no universal path to where binaries are installed, so it
cannot just be hard-coded. When configuring the package, INN tries to
find the appropriate installed binary, if any. Naturally, if you
install GnuPG after INN, it won't have set it up right.

I think it would be better if there was runtime configuration
controlling the gpg command to use and any options required
(e.g. --allow-weak-digest-algos), rather than trying to work it out in configure.

Figuring out details like program paths and supported options at
configure time works very badly if there’s a packaging step involved
before deployment.

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

Hi Richard,

There's no universal path to where binaries are installed, so it
cannot just be hard-coded. When configuring the package, INN tries to
find the appropriate installed binary, if any. Naturally, if you
install GnuPG after INN, it won't have set it up right.

I think it would be better if there was runtime configuration
controlling the gpg command to use and any options required
(e.g. --allow-weak-digest-algos), rather than trying to work it out in configure.

That's a good idea. Do you mean flags to pass to perl-nocem? For
instance by setting up the channel feed this way:

nocem!\
:!*,news.lists.filters\
:Tc,Wf,Ap:/usr/lib/news/bin/perl-nocem -c "/usr/bin/gpg" -o
"--verify --allow-weak-digest-algos" -k "/etc/news/pgp/ncmring.gpg" -l "/var/log/news/perl-nocem.log" -v

When the flags are not set, the current defaults would be used.

-c would also work with gpgv (naturally, "--verify
--allow-weak-digest-algos" would then have to be removed from -o).
Using -l would enable logging to the given file, and at debug level if
-v is also given.

--
Julien ÉLIE

« Ma devise : une bonne sieste et au lit. » (Jean-Jacques Peroni)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

In article <uk2sn3$355iq$1@news.trigofacile.com>,
Julien à LIE <iulius@nom-de-mon-site.com.invalid> wrote:

Hi Richard,

There's no universal path to where binaries are installed, so it
cannot just be hard-coded. When configuring the package, INN tries to
find the appropriate installed binary, if any. Naturally, if you
install GnuPG after INN, it won't have set it up right.

I think it would be better if there was runtime configuration
controlling the gpg command to use and any options required
(e.g. --allow-weak-digest-algos), rather than trying to work it out in
configure.

That's a good idea. Do you mean flags to pass to perl-nocem? For
instance by setting up the channel feed this way:

nocem!\
:!*,news.lists.filters\
:Tc,Wf,Ap:/usr/lib/news/bin/perl-nocem -c "/usr/bin/gpg" -o
"--verify --allow-weak-digest-algos" -k "/etc/news/pgp/ncmring.gpg" -l >"/var/log/news/perl-nocem.log" -v

When the flags are not set, the current defaults would be used.

-c would also work with gpgv (naturally, "--verify
--allow-weak-digest-algos" would then have to be removed from -o).
Using -l would enable logging to the given file, and at debug level if
-v is also given.

Is this available now?

--
Julien ÉLIE

« Ma devise : une bonne sieste et au lit. » (Jean-Jacques Peroni)

--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen Merry Christmas 2023 and Happy New year 2024 Beware https://mindspring.com

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

Hi The Doctor,

perl-nocem -c "/usr/bin/gpg" -o "--verify --allow-weak-digest-algos"
-k "/etc/news/pgp/ncmring.gpg" -l "/var/log/news/perl-nocem.log" -v

Is this available now?

Not yet. It was just a proposal.
I can implement these flags in December if they appear to be useful.
(I'll keep you informed.)

Meanwhile, haven't you tried to modify <pathlib>/perl/INN/Config.pm to
change the path to gpg?

--
Julien ÉLIE

« – Par Thor !
– Par Odin !
– Par exemple ! » (Astérix)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

Julien ÉLIE <iulius@nom-de-mon-site.com.invalid> writes:

There's no universal path to where binaries are installed, so it
cannot just be hard-coded. When configuring the package, INN tries to
find the appropriate installed binary, if any. Naturally, if you
install GnuPG after INN, it won't have set it up right.

I think it would be better if there was runtime configuration
controlling the gpg command to use and any options required
(e.g. --allow-weak-digest-algos), rather than trying to work it out in
configure.

That's a good idea. Do you mean flags to pass to perl-nocem? For
instance by setting up the channel feed this way:

I was thinking of pgpverify but it applies to anything in INN that uses
pgp.

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

Hi Richard,

I think it would be better if there was runtime configuration
controlling the gpg command to use and any options required
(e.g. --allow-weak-digest-algos), rather than trying to work it out in
configure.

That's a good idea. Do you mean flags to pass to perl-nocem? For
instance by setting up the channel feed this way:

I was thinking of pgpverify but it applies to anything in INN that uses
pgp.

pgpverify is only used for control articles (it is called by
controlchan); perl-nocem does the verification on its own.

Looking again at this thread, I am unsure adding more runtime
configuration would solve the problem. I would like to understand more
the use cases behind that.

Regarding the path to the GnuPG binaries, there's already the
possibility to override them without touching shipped files.
I remember having added a long time ago the possibility to modify the
variables set by INN::Config. If an executable Perl script named innshellvars.pl.local is present in <pathetc>, it will be run.

So one could force in <pathetc>/innshellvars.pl.local:

$gpgv = '/usr/local/bin/gpgv2';
$gpg = '/usr/local/bin/gpg2';

and GnuPG 2 will be used.
The Doctor, could you please try that and confirm NoCeM notices now work
for you? Otherwise, something else should be fixed first. I really
doubt the problem comes from the version of GnuPG as nono's notices from pasdenom.info are signed with a PGP key compatible with GnuPG 1.



And regarding the possibility to control the options given to GnuPG, why
an end user should change the defaults which are working? Do you have different options in mind that should be used? (One may break pgpverify
if for instance he removes --status-fd=1 or --logger-fd=1 from the
passed options.)
Packaged versions of INN should already have the right options (tested
by their maintainers, in coherence with the GnuPG version(s) in the distribution). Anyway, if a new version of GnuPG changes things, it
could be a bug to fix in pgpverify or perl-nocem as for instance the
GnuPG output may change and no longer be rightly parsable. This cannot
be handled with options so the underlying problem will still be here and
not solved...

--
Julien ÉLIE

« Le mariage et la mort sont tous les deux souhaitables : l'un promet le
bonheur, l'autre le garantit. » (Mark Twain)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

Hi,
Julien ÉLIE a tapoté :

Hi The Doctor,

perl-nocem -c "/usr/bin/gpg" -o "--verify --allow-weak-digest-algos"
-k "/etc/news/pgp/ncmring.gpg" -l "/var/log/news/perl-nocem.log" -v

Is this available now?

This logging doesn't work on INN 2.7.1.

Not yet. It was just a proposal.
I can implement these flags in December if they appear to be useful.
(I'll keep you informed.)

It will be useful!

--
Stéphane
Sorry for my bad English

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)