How to set gpg2 as default implementation of gpg on debian?
My debian installation came with gpg 1.4.12, while I would like to be running 2.0.19.
The former comes in the package gnupg
and the latter gnupg2
. They can coexist peacefully as far as I know, but I would really like to use gpg2
as the default provider of gpg
. I know debian has update-alternatives
which is used for setting defaults, but I can't find any mention of gpg
or gnupg
in it.
How can I set this up?
Answer
update-alternatives
only works if a package explicitly uses the alternatives system. gnupg and gnupg2 don't.
Background
Usually the reason is that the user-interface differs too much so that scripts using the one tool won't work anymore if suddenly the other tools runs instead. A typical example here is markdown
. Each markdown
implementation in Debian has quite different commandline options, hence the alternatives system is not in use there.
gpg
's and gpg2
's commandline options don't seem to differ much, but maybe the output on certain actions or exit codes differ significantly at some places.
One thing where they differ and which is important for minimal installations and installation media, are their dependencies. While the gnupg
package is of priority "standard" (i.e. installed in a standard installation) and a dependency of the package apt
, the package gnupg2
pulls in quite some more libraries which are currently only of priority "optional".
There are two open bug reports in Debian, one against each package (#561540 against gnupg and #483724 against gnupg2), requesting the use of the alternatives system for gnupg
and gnupg2
.
Currently one of these bug reports is tagged wontfix
, but the tag is said to be "for now" and there are some hints what needs to be taken care of in case the alternatives system will be used (or gnupg2
will become the default) in the future.
How To, In Case You Really Want
If you really want gpg2
to be called if you called gpg
, I recommend to add an according alias in your shell, e.g. with alias gpg=gpg2
for bourne-shell compatible shells. Shouldn't do much harm, but will only work if called from the commandline.
If you really want to have /usr/bin/gpg
to be gnupg2, you can do that with dpkg-divert
, e.g. rename gpg
to gpg1
and then gpg2
to gpg
. Files renamed with dpkg-divert
will keep their new name even after updates of the according packages.
But be warned: APT requires and uses gpg
and may not expect it to actually be gpg2
. So you may break parts of your system if you use dpkg-divert
that way. (Shell aliases for non-root users are fine with regards to that.)
There will be a new answer to that question very soon: Use Debian 9 Stretch (to be released in like 2 years or so ;-) or newer.
Background: At DebConf15 the Debian GnuPG Package Maintainers announced that in the future, GnuPG 2.x will be /usr/bin/gpg
in Debian and the GnuPG 1.x command will be renamed to /usr/bin/gpg1
.
You still won't be able to switch /usr/bin/gpg
to another GnuPG version to your likes (see my other answer for the reason behind this), but at least GnuPG 2.x will be the default implementation in the near future in Debian Unstable and Debian Testing and very soon in Debian Experimental.