Compiling Recent GnuPG on SailfishOS

Platform Development
1

I am trying to compile a recent version of GnuPG on my Xperia X with SFOS 4.2. The shipped version is not compatible with recent versions (decrypting something encrypted with a newer version yields gpg: Ohhhh jeeee: mpi larger than packet, whatever that means…). This prevents syncing and using of e.g. pass databases, etc…

I managed to build all the libraries GnuPG needs (libassuan, libgpg-error, libksba, npth), but libgcrypt doesn’t want to cooperate. This is the output of make:

make  all-recursive
make[1]: Entering directory '/home/nemo/code/libgcrypt-1.9.4'
Making all in compat
make[2]: Entering directory '/home/nemo/code/libgcrypt-1.9.4/compat'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/nemo/code/libgcrypt-1.9.4/compat'
Making all in mpi
make[2]: Entering directory '/home/nemo/code/libgcrypt-1.9.4/mpi'
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I..  -I../src -I../src  -Wa,--noexecstack -g -O2 -MT mpih-add1-asm.lo -MD -MP -MF .deps/mpih-add1-asm.Tpo -c -o mpih-add1-asm.lo mpih-add1-asm.S
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -Wa,--noexecstack -g -O2 -MT mpih-add1-asm.lo -MD -MP -MF .deps/mpih-add1-asm.Tpo -c mpih-add1-asm.S  -fPIC -DPIC -o .libs/mpih-add1-asm.o
mpih-add1-asm.S: Assembler messages:
mpih-add1-asm.S:41: Error: ARM register expected -- `and w5,w3,#3'
mpih-add1-asm.S:42: Error: ARM register expected -- `adds xzr,xzr,xzr'
mpih-add1-asm.S:44: Error: selected processor does not support `cbz w5,.Large_loop' in ARM mode
mpih-add1-asm.S:47: Error: ARM register expected -- `ldr x4,[x1],#8'
mpih-add1-asm.S:48: Error: ARM register expected -- `sub w3,w3,#1'
mpih-add1-asm.S:49: Error: ARM register expected -- `ldr x11,[x2],#8'
mpih-add1-asm.S:50: Error: ARM register expected -- `and w5,w3,#3'
mpih-add1-asm.S:51: Error: ARM register expected -- `adcs x4,x4,x11'
mpih-add1-asm.S:52: Error: ARM register expected -- `str x4,[x0],#8'
mpih-add1-asm.S:53: Error: selected processor does not support `cbz w3,.Lend' in ARM mode
mpih-add1-asm.S:54: Error: selected processor does not support `cbnz w5,.Loop' in ARM mode
mpih-add1-asm.S:57: Error: bad instruction `ldp x4,x6,[x1],#16'
mpih-add1-asm.S:58: Error: bad instruction `ldp x5,x7,[x2],#16'
mpih-add1-asm.S:59: Error: bad instruction `ldp x8,x10,[x1],#16'
mpih-add1-asm.S:60: Error: bad instruction `ldp x9,x11,[x2],#16'
mpih-add1-asm.S:61: Error: ARM register expected -- `sub w3,w3,#4'
mpih-add1-asm.S:62: Error: ARM register expected -- `adcs x4,x4,x5'
mpih-add1-asm.S:63: Error: ARM register expected -- `adcs x6,x6,x7'
mpih-add1-asm.S:64: Error: ARM register expected -- `adcs x8,x8,x9'
mpih-add1-asm.S:65: Error: ARM register expected -- `adcs x10,x10,x11'
mpih-add1-asm.S:66: Error: bad instruction `stp x4,x6,[x0],#16'
mpih-add1-asm.S:67: Error: bad instruction `stp x8,x10,[x0],#16'
mpih-add1-asm.S:68: Error: selected processor does not support `cbnz w3,.Large_loop' in ARM mode
mpih-add1-asm.S:71: Error: ARM register expected -- `adc x0,xzr,xzr'
mpih-add1-asm.S:72: Error: bad instruction `ret'
make[2]: *** [Makefile:630: mpih-add1-asm.lo] Error 1
make[2]: Leaving directory '/home/nemo/code/libgcrypt-1.9.4/mpi'
make[1]: *** [Makefile:501: all-recursive] Error 1
make[1]: Leaving directory '/home/nemo/code/libgcrypt-1.9.4'
make: *** [Makefile:433: all] Error 2

According to ./configure ... of gnupg, this is the only library it needs to go on to make.

Interesrtingly, the error in libgcrypt appears in the mpi subdirectory, same as the error message Ohhhh jeeee: mpi larger than packet when using the system gpg. I hope this doesn’t indicate that the processor of the Xperia X can’t do something that’s needed…

Any ideas?

Cheers,

Yann

2

Are you compiling on device ?

There is an on-going effort to get the latest GnuPG. I’m proposing a PR in system libgcrypt to upgrade to 1.9.4, see https://github.com/sailfishos/libgcrypt/pull/2 It’s compiling well in SDK.

2 Likes
3

Does that mean we’re going to see some improvements in the gpg support for the email app?

1 Like
4

Sorry for the late reply, didn’t recieve an email.

Yes I am and I solved it by using the enough-up-to-date libgcrypt shipped with SailfishOS 4.3 now on my new Xperia 10 and manually compiling all the other dependencies with the LTS version of GnuPG. It works now with a bit of LD_LIBRARY_PATH magic so I can finally use pass under SailfishOS! :tada:

2 Likes
5

You mean as asked for in 2013 with some actual progress in 2019 (git.merproject.org is gone, but read the comment thread).
To me it does not look like any further progress is being made.

BTW, I assume it is OpenPGP support as in RFC2440 / RFC4880 you intended to address.
GnuPG (“gpg”) is just an implementation.

See also S/MIME support in E-Mail - together.jolla.com

1 Like
6

Right. I gave up hopes for native email encryption with OpenPGP in SailfishOS. For now, I’m happy if I can use gpg from the command-line to en-/decrypt stuff (like for pass), which a manually compiled, recent GnuPG facilitates.

7

Does that mean we’re going to see some improvements in the gpg support for the email app?

Do you mean, improvements like mail encryption and decryption ? Not yet, but having a modern GnuPG stack would help.

About the possibility to officially get up-to-date GnuPG stack on device, this is not a possibility anymore : / Now, I don’t want to start a troll, mainly because there is nothing much that we can do about it, but I suggest reading of :

2 Likes
8

Very interesting read. Thank you.

1 Like
9

so pep is probably also no go? pEp.foundation/pEpEngine: p≡p engine - CI/CD: https://pep-security.lu/gitlab/cid/mirrors/pepengine/-/pipelines - pEpEngine - p≡p Gitea
?

EDIT: Notes about other licensed implementations:

Not a contender (lesser gpl v3)

Cost? IPWorks OpenPGP | OpenPGP Library | nsoftware found it. IPWorks OpenPGP 2020 Qt Edition | Purchasing Options

1 Like
10

Very interesting, thank you @poetaster . I didn’t think about using alternatives. That’s a good idea to keep in mind. But at the moment, I would prefer to stick with GnuPG because it’s what is used on my desktop and in many other places. So it’s easy to find helps on forums, but also to read sources of implementation done by other projects (GnuPG plugin for Claws greatly helped me at that time).

That being said, these other implementations definitely deserve a look.

11

Yeah, I’m also a gnupg fan (also use claws-mail!). I have applications in a variety of (primarily server) contexts, all of which use gnupg. But I thought I’d make some notes with other alternatives since I’ve had to help users wit pEp installations recently (thunderbird, I believe). If I find the time I’ll do some experiments.

12

Libgcrypt and some other core components of the GnuPG framework will stay (L)GPLv2+.
But unfortunately only that, much of the GnuPG framework has been changed to GPLv3 many years ago.

13

Indeed, I’ve proposed PRs to upgrade the lowest level components :

And there is also Pth that has been replaced by nPth. It will have to be moved to chum. I’ve a spec ready for it, see https://github.com/dcaliste/npth

There is also an upgrade of gawk that would be handy (but not necessary, invocation line in GnuPG build system can be patched to use the old version 3 options). It seems that Jolla is working on it, at least they have a branch with version 5, if not a PR yet (https://github.com/sailfishos/gawk/tree/update). But this update requires to update autoconf, for which they also have a branch (https://github.com/sailfishos/autoconf/tree/update). And it may also require to update gettext, for which I’m proposing a PR : https://github.com/sailfishos/gettext/pull/1

So things are moving a bit.

6 Likes
14

@dcaliste I cannot seem to send you an email currently (it bounces with “550 too many errors from your IP”). Are you available for a meeting today at the usual time? Sorry for the late notice, but I didn’t notice that the email I sent yesterday had bounced, until just now…