GnuPG upstream changed some of its behavior on the 2.4 branch to use its
own, non-standardized format for keys and encrypted data by default.
This affects in particular the way that keys are generated, and
algorithm capability flags within now signal the ability to use GnuPG's
own AEAD encryption format.
Notably, these formats are not compatible with other implementations of
OpenPGP. It is based on a draft spec that is specific to GnuPG
(draft-koch-openpgp-2015-rfc4880bis), and not compatible with the format
that is on track to be standardized as upcoming OpenPGP version 6.
The political circumstances that led to this issue are complex (and a
bit dumb), but in the end GnuPG emitting incompatible packets is
certainly in noone's interest. This patch is a revert of a GnuPG
upstream commit as it is applied by Fedora, I suggest we follow suit
until the situation becomes more clear.
See also: https://src.fedoraproject.org/rpms/gnupg2/pull-request/15
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper
this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
Since version 2.3, GnuPG no longer falls back to other access methods if
its built-in CCID driver fails to access smartcards, including yubikeys.
The built-in CCID driver fails on macOS.
The upstream developers recommend disabling CCID support in this case:
If it works and the distribution doesn't offer appropriate USB
configuration, I think that it's good for the distribution to use
--disable-ccid-driver for building GnuPG.
Cite: https://dev.gnupg.org/T5415
See also: https://dev.gnupg.org/T5409Fixes#155629
pcsclite pulls in a lot of dependencies, including spidermonkey, which is
nearly or completely impossible to build on 32-bit architectures. PC/SC support
is not commonly used, so provide a flag to allow users to disable it and
significantly reduce the closure size.
Workaround build failure on -fno-common toolchains like upstream
gcc-10. Otherwise build fails as:
ld: ../util/libutil.a(estream-printf.o):/build/gnupg-1.4.23/util/../include/memory.h💯 multiple definition of
`memory_debug_mode'; gpgsplit.o:/build/gnupg-1.4.23/tools/../include/memory.h💯 first defined here
Emacs + nix-mode highlights this file just fine without this comment
for me, so I assume the problem in nix-mode has been fixed in the five
years since this comment was added.