FreePG maintains a shared patchset for GnuPG downstream packagers to track, maintain, and apply commonly-used patches for GnuPG that have been refused by upstream.

Rationale

It is common for GnuPG downstream distributions to apply patches to change default policies and disable (or re-enable) support for various features. This results in duplication of effort, and an inconsistent experience for the end user. FreePG is intended to assist these downstreams to co-ordinate their patching efforts.

The project goals are:

1. Minimise divergence from the IETF OpenPGP specification
2. Support reading of LibrePGP artifacts for compatibility
3. Fix security issues that remain unresolved upstream
4. Support the maintenance needs of downstream distributions

Usage

The FreePG project builds binaries for the purposes of testing, but does not distribute them or recommend their use in production. End users should consult their preferred downstream distribution for official binaries.

FreePG-patched versions of GnuPG are distributed by the following downstreams:

• Arch
• Debian
• Fedora
• NixOS
• Ubuntu

Linux distributions which share packages with the above will also distribute the FreePG patches. Note however that downstreams may apply their own patches in addition to FreePG, and/or omit some FreePG patches. Please contact the individual distributors for information about which particular patches they support.

Compatibility

By default, FreePG-patched GnuPG will only produce OpenPGP-compatible artifacts. To recover the upstream default behaviour, including generation of LibrePGP artifacts, either:

• supply the --gnupg command line flag
• add compliance gnupg to your gpg.conf file

See GnuPG’s compliance options for more details. FreePG sets GnuPG’s default compliance mode to “openpgp”, and fixes several bugs in that compliance mode.

Contributing

The patches are maintained in the freepg/gnupg GitLab repository.