Simon Josefsson wrote: > Thanks for the upgrade! If anyone except me was greeted by the > following strange error after the upgrade: > > jas@kaka:~/src/gnulib$ git pull > sign_and_send_pubkey: signing failed for ED25519 "cardno:FFFE42315277" from > agent: agent refused operation > j...@git.sv.gnu.org's password: > > The reason is that you are running a too old GnuPG version. Alas > Trisquel 11 (and therefor Ubuntu 22.04) is shipping this old version, so > many may be affected. See bug report here: https://dev.gnupg.org/T5931
I am completely confused because here are the versions of note here. vcs2 - Trisquel 9 (Ubuntu 18.04) - gpg (GnuPG) 2.2.4 - OpenSSH_7.6p1 vcs3 - Trisquel 11 (Ubuntu 22.04) - gpg (GnuPG) 2.2.27 - OpenSSH_8.9p1 Meaning that git was using the even older versions. This upgrade would have both your Trisquel 11 client and the Trisquel 11 server using the same versions. That confuses me why using the same versions is causing a problem. > One way to work around this is to insert this into your ~/.ssh/config: > > Host git.sv.gnu.org > # https://dev.gnupg.org/T5931 > # KexAlgorithms -sntrup761x25519-sha...@openssh.com > PubkeyAuthentication=unbound > > As you can see another workaround is to disable sntrup761x2559, but it > is a security tradeoff which option to disable. Thank you for including this workaround, though I am confused how using Trisquel 11 clients talking to a Trisquel 11 server cause this problem when Trisquel 11 clients talking to a Trisquel 9 server did not. > Of course, upgrading GnuPG is better, but for those of us to chose to > stay on Trisquel 11 the above may be a simpler way forward. For the other reasons posted in the other email I have reverted this change switching the DNS back to vcs2 until those other issues are resolved. That relieves the immediate stress of this gpg problem needing to be solved urgently. The new vcs3 server remains online of course and DNS can be overridden locally to force testing to it. I do not have time to read the bug T5931 you linked at this moment due to needing to run now immediately to change the oil in an airplane! Life and time is what keeps everything from happening all at once. Upon returning from that task I will read https://dev.gnupg.org/T5931 in detail and try to understand this problem in full. Thank you for reporting this! Bob
