a better gpg client
I think dnf5 uses sequoria lib.
But I have not heard that gnupg is planned to be replaced.
I think it’s unlikely for as long as a drop-in replacement for gpg CLI doesn’t exist. Sequoia has one but afaict it does not support interacting with GnuPG keyring directly, so any migrations will require export-import steps.
Sequoia-PGP is not a 1:1 drop-in replacement for all things GnuPG. But there are some use cases where Fedora already uses the sequoia-openpgp library:
- rpm-sequoia for OpenPGP signature verification for RPM packages
- dnf5 uses rpm-sequoia via rpm too (for similar purposes)
- RPM 6 supports using both gnupg and sq for signing packages
And using Sequoia-PGP for even more use cases is planned and / or is already being implemented.
1 Like
If you’re willing to migrate and don’t expect to keep using both tools (i.e. need both tools to have the same contents in their keyrings / certificate stores), then you don’t need to do this. sq will import the GnuPG keyring via gpg-agent on first use.
2 Likes
Yes fedora has switched to for there server side tasks why not switch from old gnupg to new sequoia…
I think fedora 43 should be having sequoia as a default pgp provider
I am switching to but i have to do it manually aa it is a ostree system
Because it will break apps that use gnupg, like the pass command.
Have you tried? The almost-drop-in replacements provided by sequoia-chameleon-gnupg should work for most purposes (including in applications that use gpg via the gpgme library).
No I have not tried, but I am not the person wanting to replace gnupg.
If you haven’t tried it, then please refrain from making absolute statements like this one:
I was requesting to switch to sq as it is written in rust and fully memory safe.
And just like how yum and dnf work though dnf uses in fedora you can still use yum commends i would request for a solution in which we switch to sequoia from gnupg.
Chameleon would solve the initial hurdle.
1 Like
For what it’s worth, I’ve been testing this setup (replacing the gpg and gpgv commands with the reimplementations from the Chameleon) and it’s been working just fine.
(This still requires some non-upstream patches in a small number of packages, but I’m planning to propose those changes in the near future.)
1 Like
Thanks i would love to test let me know if you need to.
To make sq default in fedora.
1 Like
I’m a bit late to the party, but stumbled over this thread while by chance updating myself on the current state of play - is there a ‘how to’ anywhere describing the procedures to effect a swap from gnupg to sq on fedora - I actually started my investigation after executing:
$ sudo dnf swap thunderbird-librnp-rnp sequoia-octopus-librnp
?
There’s a summary I wrote for the Sequoia PGP project blog:
https://sequoia-pgp.org/blog/2024/12/13/202412-sequoia-fedora/
The information there is still up-to-date.
describing the procedures to effect a swap from
gnupgtosqon fedora
This is a bit of an over-similfication. You can’t (currently) completely remove GnuPG and replace it with tools from Sequoia PGP (though that might be possible in the future). You can currently only replace certain things.
Note that swapping thunderbird-librnp-rnp and sequoia-octopus-librnp actually has nothing to do with GnuPG 
Thunderbird includes a copy of libRNP, which is an implementation of OpenPGP that is independent of both GnuPG and Sequoia PGP.
Very many thanks @decathorpe (correct reply button this time…)