fix: replace x/crypto with protonmail's fork #21
Conversation
Signed-off-by: Carlos A Becker <[email protected]>
Signed-off-by: Carlos A Becker <[email protected]>
|
gently ping |
|
I do think it's desirable to have the option to use the forked library. However, the fork removed support for version 3 signature packets. Version 4 was first described in RFC 2440 back in 1998, and yet CentOS 8 still generating v3 signatures, and that's just the first thing I checked -- there's probably a lot more. I don't want to lose support for verifying still-supported OS packages. I'll see if it makes sense to clean up the API a bit so the caller has the option to use either library. |
|
Sorry for the long wait but I finally came up with an okay solution for this without breaking the API much. Give it a try and let me know if it does what you need: |
|
I've had a change of heart after learning that since approximately Fedora 39, RPM has started rejecting signatures created with x/crypto/openpgp due to an MPI conformance issue. So at this point I have little interest in clinging to it even for my use cases. A fix to use ProtonMail alone is now pushed to master but not yet tagged. There are a couple gotchas which I've noted in the README. Once I have it tested in relic I'll tag it as v0.4.0. |
|
Sorry I missed this notification and ended up not testing it. I can update to master and run the nfpm test suite if that helps you in any way 🙏 |
|
Released v0.4.0 with no further changes. |
according to godoc, x/crypto/openpgp is deprecated:
This PR replaces it with protonmail's fork. This is though, a breaking change, as the API of this lib was tied to openpgp's library, and although the names are the same, the underlying implementations may have changed (e.g.
EntityList).Discussing it with @erikgeiser , we see a couple of options: