Sorry about that, I forgot to add GCC. I updated the original post with the needed information.

Ah well, Kleopatra has a GUI to set the keyserver - that is probably easier to use.

The keyserver network has been shutdown a couple of months ago. We can't do anything about it. The default in newer gpg versions has changed; you may put

Okay.

I tried to generate a tarball from master and I failed to build the hmac256 binary because the hmac256.h was not packaged into the dist tarball in master. If hmac256 should be standalone binary, I propose it should not need have a separate header file:

Alternative patch for Kleopatra:

diff --git a/src/uiserver/uiserver.cpp b/src/uiserver/uiserver.cpp
index d9746f0b..ab4d2ca7 100644
--- a/src/uiserver/uiserver.cpp
+++ b/src/uiserver/uiserver.cpp
@@ -23,6 +23,8 @@
 #include "kleopatra_debug.h"
 #include <KLocalizedString>

Not from understanding. libkleo adds high-level functionality that's useful for KDE applications, but out-of-scope for gpgme and its C++/Qt wrappers gpgme++ and qgpgme. I would use GpgME::dirInfo() directly in Kleopatra. It would make sense to add an overload of GpgME::dirInfo() that takes an enum, so that one does not have to use the low-level string names in Kleopatra. The downside is that a string-based interface can be extended easily. OTOH, deprecating values of a string-based interface is hard and after removing it the compiler won't complain.

We want to deprecate the whole UI-Server thing and thus I considered it better to provide the generic socket dir instead of adding support in libkleo for the uiserver socket. For the time being, doing this in Kleopatra sounds better to me. From my understanding. libkleo shall be an interface to gpgme++, right?

gpgme_get_dirinfo does already have support for "uiserver-socket" since about 7 years. I don't think a separate "socketdir" which requires a brand new gpgme makes much sense.

Since the migration to a new machine with lots of config changes this spring the redirect rules for bugs.gnupg.org were not properly adjusted and when running into an error, it seems that the admin back then ignored the problem and simply removed bugs.gnupg.org from dehydrated's list of domains. Thanks again for reporting. Should now work again.

Sorry for your troubles but we need to protect against spam - a tracker flooded with spam is useless.

Sorry, I don't know which software has version 12.0.0 and which git master this is. In case this is stock libksba, please tell us at least the last commit id. Note that we in general do not support arbitrary versions from the repos but only released versions .

For Kleopatra this patch

It will be useful to have support in libkleo:

While I'm still waiting for anyone to possibly answer my last 'Sat, Sep 18, 6:29 PM' question I've also added there the explanation behind that question... :-)

Thank you.

I see your point. I'd like to locate/identify where the change comes from.
I think that what you refer by "new libtool.m4" is actually macOS local change (I mean, not from libtool upstream, AFAIK).
Could you please point out the source of the change?

Please see T5587

That would work, however we might hit this issue with a new macOS release. Would it make more sense to update to what the new libtool.m4 is doing? Linker flags are the same, it only changes the way they detect macOS versions:

Here is James' writeup on the use https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html . For more details please consult the mailing lists and the commit messages.

I'm not really sure which version it worked with earlier. This yubikey setup is quite old now, and I've not signed keys recently. I think the last I signed were at least 2 yrs back, hence the very vague allusion to the setup working previously. Apologies, no definite answer there.

Tsss, requires to allow JS for Google.

I think that scenario with TPM emulation would be more generic.
What needs to be done to have TPM emulation? Can you point on some doc about that?

Ich you do not have a working TPM or emulation but the tpm libraries installed run configure with the option

--disable-tpm2d

LTO warnings are trashing LTO optimised binaries and that is definitelly gnupg code issiues.
Just check each two places where rowtines are defined and declared in header files.

Just FYI, see also how GnuTLS has proposed to implement the service indicator:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1465

That does indeed not look like something which could introduce a regression.

In T5411#149872, @aheinecke wrote:

Our windows explorer plugin keeps libgpg-error loaded when you install an upgrade. That is why our installer asks for a reboot at the end of the install. You have ignored the reboot and you then get the error.

We have another ticket T5012 for this issue.

Our windows explorer plugin keeps libgpg-error loaded when you install an upgrade. That is why our installer asks for a reboot at the end of the install. You have ignored the reboot and you then get the error.

I misunderstood as if we need to update libtool from upstream.

GnuPG 2.0 reached end-of-life nearly 4 years ago. See https://gnupg.org/download/index.html#end-of-life . Same for Gpg4win. They are not maintained and its use is very risky due to unfixed bugs. Please update to a recent version.

macOS has low priority for us and I do not want to risk any regression.

About merging our local changes.

We have our own changes for ltmain.sh and libtool.m4.

And update from automake 1.16:

It's better to update the set of files from libtool:

build-aux/ltmain.sh
m4/libtool.m4
m4/ltoptions.m4
m4/ltsugar.m4
m4/ltversion.m4
m4/lt~obsolete.m4

Our libtool was 2.4.2 + Debian patches + our local changes.
Debian patches are:
https://salsa.debian.org/mckinstry/libtool/-/blob/debian/master/debian/patches/link_all_deplibs.patch
https://salsa.debian.org/mckinstry/libtool/-/blob/debian/master/debian/patches/netbsdelf.patch

I had the same issue opening GPA or Kleopatra going from 3.1.14 to 3.1.16 on Windows 10. I don't have Outlook installed.

1. >>gpg2 --version

gpg (GnuPG) 2.0.30 (Gpg4win 2.3.3)
libgcrypt 1.6.6

@amit: Do you say it used to work with GnuPG 2.2.27 or did it worked with an older version?

Which gpg version?
Which Python library? (gnupg is pretty generic)
How does the Python library call gpg?
Are you aware that gpg uses utf8 and not Windows Unicode?

When you sign data, then the signing subkey is used

ssb>  rsa4096/0xEB0B4DFC657EF670 2016-04-01 [S]

Just noting that the logs were captured by enabling debug logs for the agent:

eval $(gpg-agent --daemon --debug-all --log-file /var/tmp/gpgagent.log)

Thanks for clarification, indeed attempt to decrypt data returns an error afterwards.

Well, while importing you get the warning:

Yes, for migration from GnuPG 2.0 reasons, a batch import delays the key checking (i.e. converting from OpenPGP to GnuPG internal format) to the first use. Thus you don't see an error immediately. But if you encrypt something , you won't be able to decrypt it again:

Thanks, Werner.
During further work on this got another issue:

FWIW: I tested it with a freshly created card and thus keys. When hitting the "create OpenPGP Key " button, a warning was shown that a key already exists, I selected the do-anyway thing but the created keys had different fingerprints then. Thus the creation time was not taken in account. I recall that I implemented this for gpg-card and thus only for 2.3 - it is just quite likely that it does not work for 2.2.

I thought that I had tested this with some 2.2.x version of gpg. But if it doesn't work with 2.2.31, then I probably didn't and just relied on the release notes.

Hmm, I had removed a stretch there because I thought that a stretch in the middle of the dialog looks bad. Usually, vertical stretches are added just before the button row.

Thanks. Applied with a minor change: The string is now in a new third field.

Thanks for reporting. However, many gcc warnings produce a lot of false positives. Thus to be useful all the warnings need to be scrutinized. Let's do this for one example

OK, while I'll be awaiting for anyone to possibly answer my last T5593 'Sat, Sep 18, 6:29 PM' question, just for sake of completeness I've also been able to check that inside registry (HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Gpg4win\kleopatra\Capabilities) Kleopatra icon has correct expected value so ApplicationIcon (REG_SZ) = 'C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe,0' (N.B. preceding text string into registry is obviously unquoted ). ;-D

OK, while I'll be awaiting for anyone to possibly answer my last 'Sat, Sep 18, 6:29 PM' question that I decided to re-update today, just for sake of completeness I've also been able to check more inside registry but details will only go inside T5605 since only pertinent there ;-D

Because of T3458 and other references to PATH I found in the past (see past references I added previously into this bug), could anyone please be so kind to confirm me if am I right to assume that under normal conditions (so with no PATH related errors like 'PATH env variable too big' I reported here) after proper end of 'gpg4win-3.1.16.exe' installation only following (unquoted) path string 'C:\Program Files (x86)\Gpg4win\bin;' would have been added at beginning of PATH system environment variable ?
Or if not, would new path rather have 'C:\Program Files (x86)\Gpg4win\bin;C:\Program Files (x86)\GnuPG\bin;' (always unquoted) prepended at beginning of PATH system environment variable ?
P.S. Please note that I'm only asking this to then try to properly manually set PATH system environment variable accordingly and then see if my (current) 2nd 'gpg4win-3.1.16.exe' installation can still work correctly as expected or not... ;-D

Woops, I also forgot to say that only Kleopatra icon I found on my desktop has this problem. Original folder path of Kleopatra.lnk shortcut I have on my Desktop is C:\Users\Public\Desktop.
While 'Kleopatra.lnk_' I uploaded after renaming its extension as 'lnk_' was just another copy of it I temporarily put on my own Desktop only for uploading.