Bug 198449 - [NEW PORT] security/gpg4usb: GUI frontent for GnuPG
Summary: [NEW PORT] security/gpg4usb: GUI frontent for GnuPG
Status: Closed Not Accepted
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Yuri Victorovich
URL:
Keywords: needs-qa, patch
Depends on:
Blocks: 200929
  Show dependency treegraph
 
Reported: 2015-03-09 11:45 UTC by Yuri Victorovich
Modified: 2018-11-06 05:03 UTC (History)
4 users (show)

See Also:


Attachments
shar archive adding security/gpg4usb (9.79 KB, application/shar)
2015-03-09 11:46 UTC, Yuri Victorovich
no flags Details
patch adding USE_SVNREPO feature (2.60 KB, patch)
2015-03-09 11:47 UTC, Yuri Victorovich
no flags Details | Diff
poudriere log (114.14 KB, text/plain)
2015-03-09 11:48 UTC, Yuri Victorovich
no flags Details
poudriere log (113.41 KB, text/plain)
2015-03-09 12:12 UTC, Yuri Victorovich
no flags Details
patch (9.82 KB, text/plain)
2015-03-09 12:12 UTC, Yuri Victorovich
no flags Details
patch adding USE_SVNREPO feature (2.06 KB, patch)
2015-03-11 00:02 UTC, Yuri Victorovich
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yuri Victorovich freebsd_committer 2015-03-09 11:45:51 UTC
Please find attached the following files:
* security-gpg4usb.shar adding this port itself
* USE_SVNREPO.patch patch adding new feature USE_SVNREPO
* poudriere log for security/gpg4usb

gpg4usb is pretty popular app, with very good reviews. Many people, who prefer GUI frontends, will find it very useful.

gpg4usb, unlike most other packages, doesn't distribute source tarballs, and only offers their source code through the public subversion repository. In order to allow FreeBSD ports work with such setup, I implemented the new generic feature USE_SVNREPO. It allows port system to check out the specific revision from the subversion repository, create the tarball locally, and proceed from there like usual.
Comment 1 Yuri Victorovich freebsd_committer 2015-03-09 11:46:47 UTC
Created attachment 154050 [details]
shar archive adding security/gpg4usb
Comment 2 Yuri Victorovich freebsd_committer 2015-03-09 11:47:44 UTC
Created attachment 154051 [details]
patch adding USE_SVNREPO feature
Comment 3 Yuri Victorovich freebsd_committer 2015-03-09 11:48:47 UTC
Created attachment 154052 [details]
poudriere log
Comment 4 Yuri Victorovich freebsd_committer 2015-03-09 12:12:21 UTC
Created attachment 154058 [details]
poudriere log
Comment 5 Yuri Victorovich freebsd_committer 2015-03-09 12:12:50 UTC
Created attachment 154059 [details]
patch
Comment 6 Yuri Victorovich freebsd_committer 2015-03-11 00:02:17 UTC
Created attachment 154173 [details]
patch adding USE_SVNREPO feature
Comment 7 Xin LI freebsd_committer 2015-06-17 04:17:35 UTC
Hi,

I'd like to request for additional feature for USE_SVNREPO -- can you make it work in a way that it would prefer using non-svn checkouts unless certain FORCE_* variable is defined?  Ideally, we want the distfile be mirrored/cached so that not all installs hit the upstream svn server, and svn would only be used as a last resort.

Also I think it's probably a good idea to make this more generic framework so in the future, other SCM's can be easily added.
Comment 8 Yuri Victorovich freebsd_committer 2015-06-17 06:13:40 UTC
It looks like gpg4usb is in the process of moving to GitHub, so this isn't a good use case for USE_SVNREPO any more.

Xin LI,

I implemented your suggestion to generalize it for different SCMs, and split it into another bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200929

Your second suggestion is pending implementation.

Yuri
Comment 9 VK freebsd_triage 2016-05-23 01:01:36 UTC
Hi guys, what's the status of this? Is this still a valid new port submission?
Comment 10 Yuri Victorovich freebsd_committer 2016-05-23 02:13:04 UTC
Let me review it.
Comment 11 Richard Gallamore freebsd_committer 2017-06-11 00:11:28 UTC
This project moved from svn to github, this needs to be changed.
https://github.com/gpg4usb/gpg4usb
Comment 12 Ben McGinnes 2018-11-06 04:53:04 UTC
Please do not add GPG4USB to FreeBSD.

While it was a popular adaptation in some niche areas a few years ago, that is clearly no longer the case due to the following known issues:

 1. The last stable release was in January, 2016.
 2. The last update to the project repository on github, where it migrated to, was in January, 2018.
 3. It only supports GnuPG 1.4.x which, as of May this year, no longer receives any updates save for the most critical security updates.
 4. GnuPG 1.4.x supports deprecated OpenPGP key formats which are susceptible to a number of security flaws.
 5. GnuPG 1.4.x does not provide support for elliptic curves.
 6. GnuPG 1.4.x is only maintained for backwards compatibility or archive retrieval purposes, it is not intended for current use and including GPG4USB here would potentially imply that it can.
 7. GPG4USB may be in breach of license with the manner of their use of GPGME as they appear to have modified GPGME itself and are themselves using the GPLv3, but we have yet to see what those modifications actually are or were.
 8. GPG4USB is definitely susceptible to a number of known security issues and which have been known for at least a couple of years or more.  They've also been fixed.
    
 9. A fairly recent case raised by an end user who was unaware that GPG4USB was not part of the GnuPG Project goes into a little greater detail here:

    https://dev.gnupg.org/T3963

The only other reference to this project on the GnuPG bug tracker is an unrelated matter with more to do with Unicode adoption by Microsoft or, perhaps more accurately, the incompleteness of it.

Anyway, in the interests of end user security, the GNU Privacy Guard would greatly appreciate it if you let this project die.
Comment 13 Yuri Victorovich freebsd_committer 2018-11-06 05:03:36 UTC
Ok, thanks for this information.