Dne 2.2.2016 v 12:00 Michael Schroeder napsal(a):
Well, the easiest way is to just use V3 if files_are_digests is used. I.e. force sig->version to 3 in gpg's write_signature_packets() function.
But the code is not there anymore. See "Removal of PGP-2 support": https://www.gnupg.org/faq/whats-new-in-2.1.html and the actual code of pgp2. While it is technically possible to return the code back to gpg2 and maintain it as part of files_are_digest patch, it would mean that the patch will be much bigger -> much harder to maintain.
I think the code was fixed in 2005. Dunno what version that was.
I investigated it a little bit and RHEL5 (rpm-4.4.2.3) and older are unable to work with v4, while RHEL6+ (rpm-4.8.0) can work with v4 signs. IIRC the SLES 12 use rpm-4.11.2 and SLES 11 use rpm-4.4.2.3. So until RHEL5 is outdated (31 March 2017) and SLES 11 is outdated (31 Mar 2019) we need to use v3 signs.
It makes sense to me start working on v4 support so we have some time for testing. And hopefully support v3 and v4 in parallel and in 3 years move to v4 only.
If you Michael can rebase files_are_digest to gnupg2 and return there v3 support then it would be awesome. In the mean time we will continue working on v4 support.
Mirek