Re: Upgrading/changing from PGP to GnuPG for nl.*

Hi Adri,

I've added some small improvements in version 1.9 of 'signcontrol':

That sounds gound.  Hopefully it will be helpful to other news admins who will set it up in the future.

So, this is what I have now in my version of the code of 'signcontrol':
    } elsif ($pgpstyle eq 'GPG') {
         if ($pgphomedir) {
     # we need a way to add some extra arguments
     @command = ($pgp, qw/--detach-sign --armor --textmode -u/, $keyid,
                 qw/--debug-level advanced/,
                 qw/--homedir/, $pgphomedir,
qw/--force-v3-sigs/);
         } else {
     @command = ($pgp, qw/--detach-sign --armor --textmode -u/, $keyid,
                 qw/--force-v3-sigs --pgp2/);
         }
   } else {

Looking at the flags used by signcontrol.py, it also has:
   --emit-version --no-comments --no-escape-from-lines --no-throw-keyids
You may wish to also use them.  At least the first one (--emit-version) solves one of your subsequent question.

| To solve the problem, you need to enable loopback pinentry mode. Add this to ~/.gnupg/gpg.conf:
|
| use-agent
| pinentry-mode loopback
|
| And add this to ~/.gnupg/gpg-agent.conf, creating the file if it doesn't already exist:
|
| allow-loopback-pinentry
|
| Then restart the agent with echo RELOADAGENT | gpg-connect-agent and you should be good to go!

Indeed, this is a necessary setup if you run the script non interactively.  Maybe you'll also need:
   --no-tty --passphrase "xxx"
Matija Nalis, the former administrator of hr.* (Croatia), once asked for these flags.  I don't know whether they are still required by current GnuPG versions.

X-Info: https://ftp.isc.org/pub/pgpcontrol/README.html
https://ftp.isc.org/pub/pgpcontrol/README

You may want to keep one, and replace the other one with the URL of the website of the hierarchy.

Did I do this correctly?

I think so.

The URL-part isn't correct yet; this is what I have now in my control.ctl:
 ## NL (Netherlands)
# Contact: nl-admin@stack.nl
# URL: http://nl.news-admin.org/info/nladmin.html
# Admin group: nl.newsgroups
# Key fingerprint: 45 20 0B D5 A1 21 EA 7C  EF B2 95 6C 25 75 4D 27
# *PGP*   See comment at top of file.
newgroup:*:nl.*:drop
rmgroup:*:nl.*:drop
checkgroups:nl-admin@stack.nl:nl.*:verify-nl.newsgroups
newgroup:nl-admin@stack.nl:nl.*:verify-nl.newsgroups
rmgroup:nl-admin@stack.nl:nl.*:verify-nl.newsgroups

The official control.ctl entry will then need being updated with these new information (stack.nl instead of nic.surfnet.nl).
Also, the new key fingerprint is:
   66FB E84C 80E3 72D4 547F  E921 D2F2 595D DA5A C504

BTW, I'm running C News. :-)

For C News, from what I heard, it uses a file named controlperm.  Does it also handle the control.ctl syntax?  Do you confirm a valid syntax for controlperm would now be:
nl any n nq
nl any r nq
nl nl-admin@stack.nl c pv nl.newsgroups
nl nl-admin@stack.nl n pv nl.newsgroups
nl nl-admin@stack.nl r pv nl.newsgroups

Hopefully I've done all this correctly.

The technical part is now done.
What will now takes (a long) time is the update of the configuration of news servers carrying nl.*.  It may be worthwhile contacting the news admins of the most used servers for article postings in the nl.* hierarchy.
It is what we did for the fr.* hierarchy, after having done some stats about that (from the Path header fields of posts in fr.*).
--
Julien ÉLIE
« Omnia uincit Amor et nos cedamus Amori. » (Virgile)