* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2016-05-19 21:06 Kristian Fiskerstrand
0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2016-05-19 21:06 UTC (permalink / raw
To: gentoo-commits
commit: eb73332ccf12be2ec981ddb7e27f20790e13a92c
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Thu May 19 21:04:12 2016 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Thu May 19 21:06:36 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb73332c
app-crypt/gnupg: New upstream version 2.1.12
Fixes;
Gentoo-Bug: 573930
Gentoo-Bug: 575798
Gentoo-Bug: 581966
Package-Manager: portage-2.2.28
app-crypt/gnupg/Manifest | 1 +
.../files/gnupg-2.1-fix-gentoo-dash-issue.patch | 12 ++
.../gnupg-2.1.12-fix-signature-checking.patch | 50 +++++++
app-crypt/gnupg/gnupg-2.1.12.ebuild | 159 +++++++++++++++++++++
4 files changed, 222 insertions(+)
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 1e455b3..3c18723 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -6,4 +6,5 @@ DIST gnupg-2.0.29.tar.bz2 4416251 SHA256 68ed6b386ba78425b05a60e8ee22785ff0fef19
DIST gnupg-2.0.30.tar.bz2 4414652 SHA256 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 SHA512 e60a57f7dc74b44f884fd50d5a9c51cef7df8c098644ebab9ef7d945a40b0e4a285d0dc80b10fe39d8e4c2cc9d6cbbe800a0ddae54883180dc755fe47ced3314 WHIRLPOOL 007315882becc1204edf6833a13610284ce7e1c73429fc3b4170c35ba61c645299f811f01b1bc0506b1cf94ce0de23af4cea33f51cf97397ec61caa15ce3ac6c
DIST gnupg-2.1.10.tar.bz2 5173253 SHA256 93bd58d81771a4fa488566e5d2e13b1fd7afc86789401eb41731882abfd26cf9 SHA512 ceea93a7e7d30e07839bcc52d4246fd5be1ec81a8c4d4d62059e2b0c0e58fab07a1531016f82bcc506340653d66c73541dd3f5897df7691abeb4068d94957003 WHIRLPOOL 01f92f6020b79b373d4d6879cc39913c575c67a52c1bd425770322de0ce5a9fbd796d800cbb41a15553fd30a6c8f85a794e0b4c09420a2b49f6cb0542cdb52fb
DIST gnupg-2.1.11.tar.bz2 5224007 SHA256 b7b0fb2c8c5d47d7ec916d4a1097c0ddcb94a12bb1c0ac424ad86b1ee316b61a SHA512 b39f3fb461ad879b1909808434c4b03dab4d1d79aa674fbc88e3d50960184c0c25a840206ff32b760672f1b2153253f4d7a88eb726d8662f629fa04b6739ad31 WHIRLPOOL 486d623e73172a6d7dc7a6e4a5b411e70e0002a960f0398833377b8e8d79e5456a73f945db7c8bbca6ff7fd33fbfb49ca587e3a393094ce0a16d86cd906f7f09
+DIST gnupg-2.1.12.tar.bz2 5510723 SHA256 ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506 SHA512 fdf24d4980ba4011840fd2316a856db2bf50e531071c2bfb899af2b4f5580a9f2992f85a451670a7121d04b608bfb147cefdca1c6f6eb55bc23ecfe5052639e6 WHIRLPOOL ee5a748afee3aa4f8318c1bc1bcbd09232a71853291211f3c5cd8cc44fb70d126185ae9c13086247cd22a9b13c2102f4fa0553e25496c5152f2ce34dc2505d10
DIST gnupg-2.1.9.tar.bz2 4925167 SHA256 1cb7633a57190beb66f9249cb7446603229b273d4d89331b75c652fa4a29f7b6 SHA512 c19b8cac42b7060caada230b77f36a0b0ed0a05efd519818c5b4057ef0fcb16602f2f3ade2409de2ef353a9e2acc3e5fa106a4449c6929a36a599a82194c0ee0 WHIRLPOOL 105b83e82330a00084a0e9f3d96c8788ac2c9e7831beea0ea42786df4e378dc9e8f2c1a31f12af9c53d363aa71810cd231afdf8f20eab424fea5f59b103033a9
diff --git a/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
new file mode 100644
index 0000000..6878ef1
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
@@ -0,0 +1,12 @@
+diff -Naur tests.old/openpgp/mds.test tests/openpgp/mds.test
+--- tests.old/openpgp/mds.test 2016-05-03 13:13:11.373313389 +0200
++++ tests/openpgp/mds.test 2016-05-03 13:13:31.886755059 +0200
+@@ -63,7 +63,7 @@
+
+ [ "$failed" != "" ] && error "$failed failed for empty string"
+
+-echo_n "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
++printf "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
+ if have_hash_algo "MD5"; then
+ test_one ":1:" "C3FCD3D76192E4007DFB496CCA67E13B"
+ fi
diff --git a/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
new file mode 100644
index 0000000..debf0bb
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
@@ -0,0 +1,50 @@
+From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 11 May 2016 19:27:03 +0900
+Subject: [PATCH 1/1] g10: Fix signature checking.
+
+* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
+walk_kbnode.
+
+--
+
+Thanks to Vincent Brillault (Feandil).
+
+GnuPG-bug-id: 2351
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ g10/sig-check.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index 290f19a..7000b48 100644
+--- a/g10/sig-check.c
++++ b/g10/sig-check.c
+@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
+ *is_selfsig = 1;
+ }
+ else
+- /* See if one of the subkeys was the signer (although this is
+- extremely unlikely). */
+ {
+ kbnode_t ctx = NULL;
+ kbnode_t n;
+
+- while ((n = walk_kbnode (kb, &ctx, PKT_PUBLIC_SUBKEY)))
++ /* See if one of the subkeys was the signer (although this
++ is extremely unlikely). */
++ while ((n = walk_kbnode (kb, &ctx, 0)))
+ {
+- PKT_public_key *subk = n->pkt->pkt.public_key;
++ PKT_public_key *subk;
++
++ if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY)
++ continue;
++
++ subk = n->pkt->pkt.public_key;
+ if (sig->keyid[0] == subk->keyid[0]
+ && sig->keyid[1] == subk->keyid[1])
+ /* Issued by a subkey. */
+--
+2.8.0.rc3
+
diff --git a/app-crypt/gnupg/gnupg-2.1.12.ebuild b/app-crypt/gnupg/gnupg-2.1.12.ebuild
new file mode 100644
index 0000000..8f95a20
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.12.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux smartcard tofu tools usb"
+
+COMMON_DEPEND_LIBS="
+ dev-libs/npth
+ >=dev-libs/libassuan-2.4.1
+ >=dev-libs/libgcrypt-1.6.2[threads]
+ >=dev-libs/libgpg-error-1.21
+ >=dev-libs/libksba-1.2.0
+ >=net-misc/curl-7.10
+ gnutls? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+ ldap? ( net-nds/openldap )
+ bzip2? ( app-arch/bzip2 )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:0 ) )
+ tofu? ( >=dev-db/sqlite-3.7 )
+ "
+COMMON_DEPEND_BINS="app-crypt/pinentry
+ !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ nls? ( sys-devel/gettext )
+ doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ selinux? ( sec-policy/selinux-gpg )
+ nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-fix-signature-checking.patch" \
+ "${FILESDIR}/${PN}-2.1-fix-gentoo-dash-issue.patch"
+ epatch_user
+}
+
+src_configure() {
+ local myconf=()
+
+ if use smartcard; then
+ myconf+=(
+ --enable-scdaemon
+ $(use_enable usb ccid-driver)
+ )
+ else
+ myconf+=( --disable-scdaemon )
+ fi
+
+ if use elibc_SunOS || use elibc_AIX; then
+ myconf+=( --disable-symcryptrun )
+ else
+ myconf+=( --enable-symcryptrun )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ econf \
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" \
+ --enable-gpg \
+ --enable-gpgsm \
+ --enable-large-secmem \
+ --without-adns \
+ "${myconf[@]}" \
+ $(use_enable bzip2) \
+ $(use_enable gnutls) \
+ $(use_with ldap) \
+ $(use_enable nls) \
+ $(use_with readline) \
+ $(use_enable tofu) \
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+ default
+
+ if use doc; then
+ cd doc
+ emake html
+ fi
+}
+
+src_install() {
+ default
+
+ use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
+
+ emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
+ # The help*txt files are read from the datadir by GnuPG directly.
+ # They do not work if compressed or moved!
+ #rm "${ED}"/usr/share/gnupg/help* || die
+
+ dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
+ doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
+
+ dosym gpg2 /usr/bin/gpg
+ dosym gpgv2 /usr/bin/gpgv
+ echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+ echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+ if use doc; then
+ dohtml doc/gnupg.html/* doc/*.png
+ fi
+}
+
+pkg_postinst() {
+ elog "If you wish to view images emerge:"
+ elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
+ elog "Remember to use photo-viewer option in configuration file to activate"
+ elog "the right viewer."
+ elog
+
+ if use smartcard; then
+ elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
+ use usb && elog " - a CCID-compatible reader, used directly through libusb;"
+ elog " - sys-apps/pcsc-lite and a compatible reader device;"
+ elog " - dev-libs/openct and a compatible reader device;"
+ elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
+ elog ""
+ elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
+ elog "app-crypt/ccid first."
+ fi
+
+ ewarn "Please remember to restart gpg-agent if a different version"
+ ewarn "of the agent is currently used. If you are unsure of the gpg"
+ ewarn "agent you are using please run 'killall gpg-agent',"
+ ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
+
+ if [[ -n ${REPLACING_VERSIONS} ]]; then
+ elog "If upgrading from a version prior than 2.1 you might have to re-import"
+ elog "secret keys after restarting the gpg-agent as the new version is using"
+ elog "a new storage mechanism."
+ elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
+ fi
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-03-02 10:06 Fabian Groffen
0 siblings, 0 replies; 18+ messages in thread
From: Fabian Groffen @ 2017-03-02 10:06 UTC (permalink / raw
To: gentoo-commits
commit: 83e4182537a4a1950cab2da490403c848ebd4edd
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 2 10:06:13 2017 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Thu Mar 2 10:06:40 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83e41825
app-crypt/gnupg: fix compilation on Solaris
Package-Manager: Portage-2.3.4-prefix, Repoman-2.3.2
.../gnupg/files/gnupg-2.1.19-solaris-ucred.patch | 19 +++++++++++++++++++
app-crypt/gnupg/gnupg-2.1.19.ebuild | 1 +
2 files changed, 20 insertions(+)
diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch b/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch
new file mode 100644
index 00000000000..aefce5e8256
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch
@@ -0,0 +1,19 @@
+command-ssh: include ucred.h
+
+In order to use ucred() when HAVE_SO_PEERCRED is defined, ucred.h needs
+to be included on Solaris.
+
+https://bugs.gnupg.org/gnupg/issue2981
+
+--- a/agent/command-ssh.c
++++ b/agent/command-ssh.c
+@@ -40,6 +40,9 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <assert.h>
++#ifdef HAVE_UCRED_H
++#include <ucred.h>
++#endif
+
+ #include "agent.h"
+
diff --git a/app-crypt/gnupg/gnupg-2.1.19.ebuild b/app-crypt/gnupg/gnupg-2.1.19.ebuild
index ad3a2fa22ba..9eb3471d66f 100644
--- a/app-crypt/gnupg/gnupg-2.1.19.ebuild
+++ b/app-crypt/gnupg/gnupg-2.1.19.ebuild
@@ -54,6 +54,7 @@ DOCS=(
PATCHES=(
"${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+ "${FILESDIR}"/${P}-solaris-ucred.patch
)
src_configure() {
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-03-06 22:34 Kristian Fiskerstrand
0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-03-06 22:34 UTC (permalink / raw
To: gentoo-commits
commit: 0e19c5dd1d374ec4a07c9dfed5759df0dcf05c94
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 6 22:33:50 2017 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Mon Mar 6 22:34:06 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e19c5dd
app-crypt/gnupg: Fix broken ssh without smartcard USE flag
Gentoo-Bug: 611544
Package-Manager: Portage-2.3.3, Repoman-2.3.1
.../gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch | 85 ++++++++++++++
app-crypt/gnupg/gnupg-2.1.19-r1.ebuild | 124 +++++++++++++++++++++
2 files changed, 209 insertions(+)
diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch
new file mode 100644
index 00000000000..14d5444f3a0
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch
@@ -0,0 +1,85 @@
+From 4ce4f2f683a17be3ddb93729f3f25014a97934ad Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Mon, 6 Mar 2017 10:26:11 +0900
+Subject: [PATCH 1/1] agent: For SSH, robustly handling scdaemon's errors.
+
+* agent/command-ssh.c (card_key_list): Return 0 when
+agent_card_serialno returns an error.
+(ssh_handler_request_identities): Handle errors for card listing
+and proceed to other cases.
+--
+
+GnuPG-bug-id: 2980
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ agent/command-ssh.c | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/agent/command-ssh.c b/agent/command-ssh.c
+index 79b8f85..3ab41cf 100644
+--- a/agent/command-ssh.c
++++ b/agent/command-ssh.c
+@@ -2393,13 +2393,12 @@ card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result)
+ err = agent_card_serialno (ctrl, r_serialno, NULL);
+ if (err)
+ {
+- if (gpg_err_code (err) == GPG_ERR_ENODEV)
+- return 0; /* Nothing available. */
+-
+- if (opt.verbose)
++ if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose)
+ log_info (_("error getting serial number of card: %s\n"),
+ gpg_strerror (err));
+- return err;
++
++ /* Nothing available. */
++ return 0;
+ }
+
+ err = agent_card_cardlist (ctrl, result);
+@@ -2568,7 +2567,6 @@ ssh_handler_request_identities (ctrl_t ctrl,
+ gpg_error_t err;
+ int ret;
+ ssh_control_file_t cf = NULL;
+- char *cardsn;
+ gpg_error_t ret_err;
+
+ (void)request;
+@@ -2601,21 +2599,21 @@ ssh_handler_request_identities (ctrl_t ctrl,
+ if (opt.verbose)
+ log_info (_("error getting list of cards: %s\n"),
+ gpg_strerror (err));
+- goto out;
++ goto scd_out;
+ }
+
+ for (sl = card_list; sl; sl = sl->next)
+ {
+ char *serialno0;
++ char *cardsn;
++
+ err = agent_card_serialno (ctrl, &serialno0, sl->d);
+ if (err)
+ {
+ if (opt.verbose)
+ log_info (_("error getting serial number of card: %s\n"),
+ gpg_strerror (err));
+- xfree (serialno);
+- free_strlist (card_list);
+- goto out;
++ continue;
+ }
+
+ xfree (serialno0);
+@@ -2640,6 +2638,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
+ free_strlist (card_list);
+ }
+
++ scd_out:
+ /* Then look at all the registered and non-disabled keys. */
+ err = open_control_file (&cf, 0);
+ if (err)
+--
+2.8.0.rc3
+
diff --git a/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
new file mode 100644
index 00000000000..05ee0b7cbce
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+LICENSE="GPL-3"
+
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+SLOT="0"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+ >=dev-libs/npth-1.2
+ >=dev-libs/libassuan-2.4.3
+ >=dev-libs/libgcrypt-1.7.3
+ >=dev-libs/libgpg-error-1.24
+ >=dev-libs/libksba-1.3.4
+ >=net-misc/curl-7.10
+ gnutls? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+ ldap? ( net-nds/openldap )
+ bzip2? ( app-arch/bzip2 )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:0 ) )
+ tofu? ( >=dev-db/sqlite-3.7 )
+ "
+COMMON_DEPEND_BINS="app-crypt/pinentry
+ !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ nls? ( sys-devel/gettext )
+ doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ selinux? ( sec-policy/selinux-gpg )
+ nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+ "${FILESDIR}"/${P}-solaris-ucred.patch
+ "${FILESDIR}"/${P}-ssh-no-scdaemon.patch
+)
+
+src_configure() {
+ local myconf=()
+
+ if use smartcard; then
+ myconf+=(
+ --enable-scdaemon
+ $(use_enable usb ccid-driver)
+ )
+ else
+ myconf+=( --disable-scdaemon )
+ fi
+
+ if use elibc_SunOS || use elibc_AIX; then
+ myconf+=( --disable-symcryptrun )
+ else
+ myconf+=( --enable-symcryptrun )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ econf \
+ "${myconf[@]}" \
+ $(use_enable bzip2) \
+ $(use_enable gnutls) \
+ $(use_enable nls) \
+ $(use_enable tofu) \
+ $(use_enable wks-server wks-tools) \
+ $(use_with ldap) \
+ $(use_with readline) \
+ --enable-gpg \
+ --enable-gpgsm \
+ --enable-large-secmem \
+ --enable-tools \
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+src_install() {
+ default
+
+ use tools &&
+ dobin \
+ tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+ tools/make-dns-cert
+ emake DESTDIR="${ED}" -f doc/Makefile uninstall-nobase_dist_docDATA
+
+ dosym gpg2 /usr/bin/gpg
+ dosym gpgv2 /usr/bin/gpgv
+ echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+ echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+ use doc && dodoc doc/gnupg.html/* doc/*.png
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-04-03 21:09 Alon Bar-Lev
0 siblings, 0 replies; 18+ messages in thread
From: Alon Bar-Lev @ 2017-04-03 21:09 UTC (permalink / raw
To: gentoo-commits
commit: b95dfb460fcfa4e34b412d81336cd2316cdd0e2d
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 3 21:09:23 2017 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Mon Apr 3 21:09:41 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b95dfb46
app-crypt/gnupg: version bump
Package-Manager: Portage-2.3.3, Repoman-2.3.1
app-crypt/gnupg/Manifest | 1 +
...shorter-socket-path-lengts-to-improve-tes.patch | 33 ++++++
app-crypt/gnupg/gnupg-2.1.20.ebuild | 120 +++++++++++++++++++++
3 files changed, 154 insertions(+)
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 5604c65f8f2..77390597d02 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786
DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
DIST gnupg-2.1.18.tar.bz2 6308666 SHA256 d04c6fab7e5562ce4b915b22020e34d4c1a256847690cf149842264fc7cef994 SHA512 b8357f0a883a33c2e4f6ab5a8f5ddb171c899b7a2899e8ce4cac232938fe1dffb789a54980dfc4b758c4cb47f11f1fc570fea905244735048dfc6f06b3353baf WHIRLPOOL c5f132beb3b454146747fe14cd12576fb4d9a9adb8cfd80fcae4482b111672fd38e412dba72caa75af717069d7182a99c7f30ea03dc9adf190f5aa1f01748247
DIST gnupg-2.1.19.tar.bz2 6404836 SHA256 46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0 SHA512 c6d0a2cb7f1f7ce851729559edab08d2356dffe00ee836fc1d71eb4c4e34b566e214a0352934d2985fb0183b9e7ecc1221422d258f3bd467e735c0a5c8a3d0ca WHIRLPOOL 3fd482da52b2d4e6c2b2b8427df6b68fe9df9e49dd53b91d74757b14b7c59ab5697c7f2309283c0d05774c1d405574796a4d0267b9cf85d61aec8b4095addd97
+DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
new file mode 100644
index 00000000000..dd75e3a5e96
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
@@ -0,0 +1,33 @@
+From e3bdb7d17264b8d5bd9abab97c96d9c4a50e4f61 Mon Sep 17 00:00:00 2001
+From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
+Date: Mon, 3 Apr 2017 23:44:56 +0300
+Subject: [PATCH] gpgscm: Use shorter socket path lengts to improve test
+ reliability
+
+--
+As socket lengths are normally restricted to 108 characters
+(UNIX_PATH_MAX variable in /usr/include/linux/un.h), using 42 characters
+by default easily results in errors.
+---
+ tests/gpgscm/tests.scm | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm
+index 592b36f..f54a387 100644
+--- a/tests/gpgscm/tests.scm
++++ b/tests/gpgscm/tests.scm
+@@ -273,9 +273,9 @@
+ (canonical-path (_mkdtemp (if (null? components)
+ (path-join
+ (get-temp-path)
+- (string-append "gpgscm-" (get-isotime) "-"
++ (string-append "gscm"
+ (basename-suffix *scriptname* ".scm")
+- "-XXXXXX"))
++ "XXXXXX"))
+ (apply path-join components)))))
+
+ ;; Make a temporary directory and remove it at interpreter shutdown.
+--
+2.10.2
+
diff --git a/app-crypt/gnupg/gnupg-2.1.20.ebuild b/app-crypt/gnupg/gnupg-2.1.20.ebuild
new file mode 100644
index 00000000000..86bb2664662
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.20.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+LICENSE="GPL-3"
+
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+SLOT="0"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+ >=dev-libs/npth-1.2
+ >=dev-libs/libassuan-2.4.3
+ >=dev-libs/libgcrypt-1.7.3
+ >=dev-libs/libgpg-error-1.24
+ >=dev-libs/libksba-1.3.4
+ >=net-misc/curl-7.10
+ gnutls? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+ ldap? ( net-nds/openldap )
+ bzip2? ( app-arch/bzip2 )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:0 ) )
+ tofu? ( >=dev-db/sqlite-3.7 )
+ "
+COMMON_DEPEND_BINS="app-crypt/pinentry
+ !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ nls? ( sys-devel/gettext )
+ doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ selinux? ( sec-policy/selinux-gpg )
+ nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}/${P}-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+)
+
+src_configure() {
+ local myconf=()
+
+ if use smartcard; then
+ myconf+=(
+ --enable-scdaemon
+ $(use_enable usb ccid-driver)
+ )
+ else
+ myconf+=( --disable-scdaemon )
+ fi
+
+ if use elibc_SunOS || use elibc_AIX; then
+ myconf+=( --disable-symcryptrun )
+ else
+ myconf+=( --enable-symcryptrun )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ econf \
+ "${myconf[@]}" \
+ $(use_enable bzip2) \
+ $(use_enable gnutls) \
+ $(use_enable nls) \
+ $(use_enable tofu) \
+ $(use_enable wks-server wks-tools) \
+ $(use_with ldap) \
+ $(use_with readline) \
+ --enable-gpg \
+ --enable-gpgsm \
+ --enable-large-secmem \
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+src_install() {
+ default
+
+ use tools &&
+ dobin \
+ tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+ tools/make-dns-cert
+
+ dosym gpg2 /usr/bin/gpg
+ dosym gpgv2 /usr/bin/gpgv
+ echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+ echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+ use doc && dodoc doc/gnupg.html/* doc/*.png
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-05-09 13:03 Kristian Fiskerstrand
0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-05-09 13:03 UTC (permalink / raw
To: gentoo-commits
commit: 68d406d2de327f13ad3906d50c458c9727f7e024
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Tue May 9 12:59:22 2017 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Tue May 9 12:59:57 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68d406d2
app-crypt/gnupg: Fix regression from 2.1.19
Gentoo-Bug: 616336
Package-Manager: Portage-2.3.3, Repoman-2.3.1
.../gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch | 27 +++++
...g-Properly-account-for-ring-trust-packets.patch | 86 +++++++++++++++
app-crypt/gnupg/gnupg-2.1.20-r1.ebuild | 122 +++++++++++++++++++++
3 files changed, 235 insertions(+)
diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
new file mode 100644
index 00000000000..292fc264ac8
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
@@ -0,0 +1,27 @@
+From 692208fd6c1547cc7dd2062a1d1c9499bc0a8be4 Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@g10code.com>
+Date: Mon, 8 May 2017 13:52:39 +0200
+Subject: [PATCH] gpg: Fix typo.
+
+--
+Signed-off-by: Justus Winter <justus@g10code.com>
+---
+ g10/packet.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/packet.h b/g10/packet.h
+index a10495c..d42510d 100644
+--- a/g10/packet.h
++++ b/g10/packet.h
+@@ -623,7 +623,7 @@ struct parse_packet_ctx_s
+ iobuf_t inp; /* The input stream with the packets. */
+ struct packet_struct last_pkt; /* The last parsed packet. */
+ int free_last_pkt; /* Indicates that LAST_PKT must be freed. */
+- int skip_meta; /* Skip right trust packets. */
++ int skip_meta; /* Skip ring trust packets. */
+ };
+ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+
+--
+2.10.2
+
diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
new file mode 100644
index 00000000000..58568db47d2
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
@@ -0,0 +1,86 @@
+From 22739433e98be80e46fe7d01d52a9627c1aebaae Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@g10code.com>
+Date: Mon, 8 May 2017 14:24:00 +0200
+Subject: [PATCH] gpg: Properly account for ring trust packets.
+
+* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
+instead of counting ourself.
+* g10/packet.h (struct parse_packet_ctx_s): New field
+'n_parsed_packets'.
+(init_parse_packet): Initialize new field.
+* g10/parse-packet.c (parse): Count packets.
+--
+
+The 'keyring' keystore depends on the number of packets for delete and
+update operations. With the rework of the ring trust packets, the
+trust packets were no longer properly accounted for leading to keyring
+corruptions.
+
+The 'keybox' store was not affected.
+
+GnuPG-bug-id: 3123
+GnuPG-bug-id: 3135
+GnuPG-bug-id: 3144
+Fixes-commit: a8895c99a7d0750132477d80cd66caaf3a709113
+Signed-off-by: Justus Winter <justus@g10code.com>
+---
+ g10/keyring.c | 4 ++--
+ g10/packet.h | 2 ++
+ g10/parse-packet.c | 3 +++
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/g10/keyring.c b/g10/keyring.c
+index e223f0f..50f1b82 100644
+--- a/g10/keyring.c
++++ b/g10/keyring.c
+@@ -409,11 +409,11 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
+ pkt = xmalloc (sizeof *pkt);
+ init_packet (pkt);
+ init_parse_packet (&parsectx, a);
+- hd->found.n_packets = 0;;
++ hd->found.n_packets = 0;
+ lastnode = NULL;
+ save_mode = set_packet_list_mode(0);
+ while ((rc=parse_packet (&parsectx, pkt)) != -1) {
+- hd->found.n_packets++;
++ hd->found.n_packets = parsectx.n_parsed_packets;
+ if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
+ free_packet (pkt, &parsectx);
+ init_packet (pkt);
+diff --git a/g10/packet.h b/g10/packet.h
+index d42510d..cf2121c 100644
+--- a/g10/packet.h
++++ b/g10/packet.h
+@@ -624,6 +624,7 @@ struct parse_packet_ctx_s
+ struct packet_struct last_pkt; /* The last parsed packet. */
+ int free_last_pkt; /* Indicates that LAST_PKT must be freed. */
+ int skip_meta; /* Skip ring trust packets. */
++ unsigned int n_parsed_packets; /* Number of parsed packets. */
+ };
+ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+
+@@ -633,6 +634,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+ (a)->last_pkt.pkt.generic= NULL;\
+ (a)->free_last_pkt = 0; \
+ (a)->skip_meta = 0; \
++ (a)->n_parsed_packets = 0; \
+ } while (0)
+
+ #define deinit_parse_packet(a) do { \
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+index fa44f83..dbb7af8 100644
+--- a/g10/parse-packet.c
++++ b/g10/parse-packet.c
+@@ -764,6 +764,9 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos,
+ partial? (new_ctb ? " partial" : " indeterminate") :"",
+ new_ctb? " new-ctb":"");
+
++ /* Count it. */
++ ctx->n_parsed_packets++;
++
+ pkt->pkttype = pkttype;
+ rc = GPG_ERR_UNKNOWN_PACKET; /* default error */
+ switch (pkttype)
+--
+2.10.2
+
diff --git a/app-crypt/gnupg/gnupg-2.1.20-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.20-r1.ebuild
new file mode 100644
index 00000000000..0eb7d7538aa
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.20-r1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+LICENSE="GPL-3"
+
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+SLOT="0"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+ >=dev-libs/npth-1.2
+ >=dev-libs/libassuan-2.4.3
+ >=dev-libs/libgcrypt-1.7.3
+ >=dev-libs/libgpg-error-1.24
+ >=dev-libs/libksba-1.3.4
+ >=net-misc/curl-7.10
+ gnutls? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+ ldap? ( net-nds/openldap )
+ bzip2? ( app-arch/bzip2 )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:0 ) )
+ tofu? ( >=dev-db/sqlite-3.7 )
+ "
+COMMON_DEPEND_BINS="app-crypt/pinentry
+ !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ nls? ( sys-devel/gettext )
+ doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ selinux? ( sec-policy/selinux-gpg )
+ nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}/${P}-gpg-Fix-typo.patch"
+ "${FILESDIR}/${P}-gpg-Properly-account-for-ring-trust-packets.patch"
+ "${FILESDIR}/${P}-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+)
+
+src_configure() {
+ local myconf=()
+
+ if use smartcard; then
+ myconf+=(
+ --enable-scdaemon
+ $(use_enable usb ccid-driver)
+ )
+ else
+ myconf+=( --disable-scdaemon )
+ fi
+
+ if use elibc_SunOS || use elibc_AIX; then
+ myconf+=( --disable-symcryptrun )
+ else
+ myconf+=( --enable-symcryptrun )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ econf \
+ "${myconf[@]}" \
+ $(use_enable bzip2) \
+ $(use_enable gnutls) \
+ $(use_enable nls) \
+ $(use_enable tofu) \
+ $(use_enable wks-server wks-tools) \
+ $(use_with ldap) \
+ $(use_with readline) \
+ --enable-gpg \
+ --enable-gpgsm \
+ --enable-large-secmem \
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+src_install() {
+ default
+
+ use tools &&
+ dobin \
+ tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+ tools/make-dns-cert
+
+ dosym gpg2 /usr/bin/gpg
+ dosym gpgv2 /usr/bin/gpgv
+ echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+ echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+ use doc && dodoc doc/gnupg.html/* doc/*.png
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-08-11 16:50 Kristian Fiskerstrand
0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-08-11 16:50 UTC (permalink / raw
To: gentoo-commits
commit: a12f7eafa84c6cb0cf6d643c55ef027f33b8147e
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 11 16:15:46 2017 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Fri Aug 11 16:48:26 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a12f7eaf
app-crypt/gnupg: New upstream version 2.1.23
Reverting to default of no --auto-key-retrieve as this has information
leak potential that should not be enabled in default configuration. The
change is also reverted upstream
Package-Manager: Portage-2.3.6, Repoman-2.3.1
app-crypt/gnupg/Manifest | 1 +
....1.23-gpg-default-to-no-auto-key-retrieve.patch | 71 ++++++++++++
app-crypt/gnupg/gnupg-2.1.23.ebuild | 124 +++++++++++++++++++++
3 files changed, 196 insertions(+)
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 77cdbd2968f..07c1872aeaf 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786
DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
DIST gnupg-2.1.22.tar.bz2 6530433 SHA256 46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7 SHA512 d2ccbf32716a701df9e4ad5c19b682daf1a02b0bf8a1751a32af6db0c9284a4ee7df91310bed1a2087911a9964cb7b7f2ca9dad32a880ed1e1465d8048605e16 WHIRLPOOL 3a87914898e2f164f7effa67e0e8f5ccb48aed0e9e4d65559d73783478ee509f7876ef7ef77ec9c43de2611a8a2ecdcbfbd443ab5de119203b20e316473e4e75
+DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412 WHIRLPOOL deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14
diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
new file mode 100644
index 00000000000..4cc414d18e3
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
@@ -0,0 +1,71 @@
+From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Fri, 11 Aug 2017 02:26:52 -0400
+Subject: [PATCH] gpg: default to --no-auto-key-retrieve.
+
+* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
+default keyserver options.
+* doc/gpg.texi: document this change.
+--
+
+This is a partial reversion of
+7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it
+earlier today, and came to the conclusion that:
+
+ * the risk of metadata leakage represented by a default
+ --auto-key-retrieve, both in e-mail (as a "web bug") and in other
+ contexts where GnuPG is used to verified signatures, is quite high.
+
+ * the advantages of --auto-key-retrieve (in terms of signature
+ verification) can sometimes be achieved in other ways, such as when
+ a signed message includes a copy of its own key.
+
+ * when those other ways are not useful, a graphical, user-facing
+ application can still offer the user the opportunity to choose to
+ fetch the key; or it can apply its own policy about when to set
+ --auto-key-retrieve, without needing to affect the defaults.
+
+Note that --auto-key-retrieve is specifically about signature
+verification. Decisions about how and whether to look up a key during
+message encryption are governed by --auto-key-locate. This change
+does not touch the --auto-key-locate default of "local,wkd". The user
+deliberately asking gpg to encrypt to an e-mail address is a different
+scenario than having an incoming e-mail trigger a potentially unique
+network request.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ doc/gpg.texi | 2 +-
+ g10/gpg.c | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index c71126a97..b6a9b2d70 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1792,7 +1792,7 @@ list. The default is "local,wkd".
+ @opindex no-auto-key-retrieve
+ These options enable or disable the automatic retrieving of keys from
+ a keyserver when verifying signatures made by keys that are not on the
+-local keyring. The default is @option{--auto-key-retrieve}.
++local keyring. The default is @option{--no-auto-key-retrieve}.
+
+ If the method "wkd" is included in the list of methods given to
+ @option{auto-key-locate}, the signer's user ID is part of the
+diff --git a/g10/gpg.c b/g10/gpg.c
+index c721cdc4a..c9fa7ae5b 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2366,8 +2366,7 @@ main (int argc, char **argv)
+ opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+ | IMPORT_REPAIR_PKS_SUBKEY_BUG);
+ opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+- opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
+- | KEYSERVER_AUTO_KEY_RETRIEVE);
++ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+ opt.verify_options = (LIST_SHOW_UID_VALIDITY
+ | VERIFY_SHOW_POLICY_URLS
+ | VERIFY_SHOW_STD_NOTATIONS
+--
+2.13.0
+
diff --git a/app-crypt/gnupg/gnupg-2.1.23.ebuild b/app-crypt/gnupg/gnupg-2.1.23.ebuild
new file mode 100644
index 00000000000..9564b859cdf
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.23.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit systemd toolchain-funcs
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+ >=dev-libs/npth-1.2
+ >=dev-libs/libassuan-2.4.3
+ >=dev-libs/libgcrypt-1.7.3
+ >=dev-libs/libgpg-error-1.24
+ >=dev-libs/libksba-1.3.4
+ >=net-misc/curl-7.10
+ gnutls? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+ ldap? ( net-nds/openldap )
+ bzip2? ( app-arch/bzip2 )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:0 ) )
+ tofu? ( >=dev-db/sqlite-3.7 )
+ "
+COMMON_DEPEND_BINS="app-crypt/pinentry
+ !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ nls? ( sys-devel/gettext )
+ doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ selinux? ( sec-policy/selinux-gpg )
+ nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+ "${FILESDIR}/${P}-gpg-default-to-no-auto-key-retrieve.patch"
+)
+
+src_configure() {
+ local myconf=()
+
+ if use smartcard; then
+ myconf+=(
+ --enable-scdaemon
+ $(use_enable usb ccid-driver)
+ )
+ else
+ myconf+=( --disable-scdaemon )
+ fi
+
+ if use elibc_SunOS || use elibc_AIX; then
+ myconf+=( --disable-symcryptrun )
+ else
+ myconf+=( --enable-symcryptrun )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ econf \
+ "${myconf[@]}" \
+ $(use_enable bzip2) \
+ $(use_enable gnutls) \
+ $(use_enable nls) \
+ $(use_enable tofu) \
+ $(use_enable wks-server wks-tools) \
+ $(use_with ldap) \
+ $(use_with readline) \
+ --enable-gpg \
+ --enable-gpgsm \
+ --enable-large-secmem \
+ --enable-all-tests \
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+src_install() {
+ default
+
+ use tools &&
+ dobin \
+ tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+ tools/make-dns-cert
+
+ dosym gpg /usr/bin/gpg2
+ dosym gpgv /usr/bin/gpgv2
+ echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1 || die
+ echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1 || die
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+ use doc && dodoc doc/gnupg.html/* doc/*.png
+
+ systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-09-16 11:13 Kristian Fiskerstrand
0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-09-16 11:13 UTC (permalink / raw
To: gentoo-commits
commit: c8b7f9b5493547c2df4936df7fdab818bb69e1c3
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 16 11:12:47 2017 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Sat Sep 16 11:12:58 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8b7f9b5
app-crypt/gnupg: Cleanup 2.1.23
Package-Manager: Portage-2.3.6, Repoman-2.3.1
app-crypt/gnupg/Manifest | 1 -
....1.23-gpg-default-to-no-auto-key-retrieve.patch | 71 ------------
app-crypt/gnupg/gnupg-2.1.23-r1.ebuild | 124 ---------------------
3 files changed, 196 deletions(-)
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 8243dab73fe..fb6e09fc21f 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,5 +1,4 @@
DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 SHA512 619e0fbc10310c7e55d129027e2945791fe91a0884b1d6f53acb4b2e380d1c6e71d1a516a59876182c5c70a4227d44a74ceda018c343b5291fa9a5d6de77c984 WHIRLPOOL eb596be347dd90be93d381fe405e50f5808160b546705493bc9d817d521ea236a2374648e6c2cab396f54bba74de4caf2b92e894df3a17aa339f014ef8cc8802
DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
-DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412 WHIRLPOOL deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14
DIST gnupg-2.2.0.tar.bz2 6532475 SHA256 d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6 SHA512 8ab7c4183d2ec2e6b62066e3cbcba95babaa0ae22da47feab716698792d26495f072d50e8ec612b8d26147636bb316320c78940184373b3f4cb6ec411933361b WHIRLPOOL c918b6a7e40ff170e1ff3b77978cb7f0d9298a3410204677955dc167b114a1f85d32deaca4f006c2bd621f532379ca9631b96913bf660394a82ab4ee0bbbaecb
diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
deleted file mode 100644
index 4cc414d18e3..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Fri, 11 Aug 2017 02:26:52 -0400
-Subject: [PATCH] gpg: default to --no-auto-key-retrieve.
-
-* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
-default keyserver options.
-* doc/gpg.texi: document this change.
---
-
-This is a partial reversion of
-7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it
-earlier today, and came to the conclusion that:
-
- * the risk of metadata leakage represented by a default
- --auto-key-retrieve, both in e-mail (as a "web bug") and in other
- contexts where GnuPG is used to verified signatures, is quite high.
-
- * the advantages of --auto-key-retrieve (in terms of signature
- verification) can sometimes be achieved in other ways, such as when
- a signed message includes a copy of its own key.
-
- * when those other ways are not useful, a graphical, user-facing
- application can still offer the user the opportunity to choose to
- fetch the key; or it can apply its own policy about when to set
- --auto-key-retrieve, without needing to affect the defaults.
-
-Note that --auto-key-retrieve is specifically about signature
-verification. Decisions about how and whether to look up a key during
-message encryption are governed by --auto-key-locate. This change
-does not touch the --auto-key-locate default of "local,wkd". The user
-deliberately asking gpg to encrypt to an e-mail address is a different
-scenario than having an incoming e-mail trigger a potentially unique
-network request.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
----
- doc/gpg.texi | 2 +-
- g10/gpg.c | 3 +--
- 2 files changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index c71126a97..b6a9b2d70 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -1792,7 +1792,7 @@ list. The default is "local,wkd".
- @opindex no-auto-key-retrieve
- These options enable or disable the automatic retrieving of keys from
- a keyserver when verifying signatures made by keys that are not on the
--local keyring. The default is @option{--auto-key-retrieve}.
-+local keyring. The default is @option{--no-auto-key-retrieve}.
-
- If the method "wkd" is included in the list of methods given to
- @option{auto-key-locate}, the signer's user ID is part of the
-diff --git a/g10/gpg.c b/g10/gpg.c
-index c721cdc4a..c9fa7ae5b 100644
---- a/g10/gpg.c
-+++ b/g10/gpg.c
-@@ -2366,8 +2366,7 @@ main (int argc, char **argv)
- opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
- | IMPORT_REPAIR_PKS_SUBKEY_BUG);
- opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
-- opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
-- | KEYSERVER_AUTO_KEY_RETRIEVE);
-+ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
- opt.verify_options = (LIST_SHOW_UID_VALIDITY
- | VERIFY_SHOW_POLICY_URLS
- | VERIFY_SHOW_STD_NOTATIONS
---
-2.13.0
-
diff --git a/app-crypt/gnupg/gnupg-2.1.23-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.23-r1.ebuild
deleted file mode 100644
index 48711663f92..00000000000
--- a/app-crypt/gnupg/gnupg-2.1.23-r1.ebuild
+++ /dev/null
@@ -1,124 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
-
-COMMON_DEPEND_LIBS="
- >=dev-libs/npth-1.2
- >=dev-libs/libassuan-2.4.3
- >=dev-libs/libgcrypt-1.7.3
- >=dev-libs/libgpg-error-1.24
- >=dev-libs/libksba-1.3.4
- >=net-misc/curl-7.10
- gnutls? ( >=net-libs/gnutls-3.0:0= )
- sys-libs/zlib
- ldap? ( net-nds/openldap )
- bzip2? ( app-arch/bzip2 )
- readline? ( sys-libs/readline:0= )
- smartcard? ( usb? ( virtual/libusb:0 ) )
- tofu? ( >=dev-db/sqlite-3.7 )
- "
-COMMON_DEPEND_BINS="app-crypt/pinentry
- !app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
- ${COMMON_DEPEND_BINS}
- nls? ( sys-devel/gettext )
- doc? ( sys-apps/texinfo )"
-
-RDEPEND="${COMMON_DEPEND_LIBS}
- ${COMMON_DEPEND_BINS}
- selinux? ( sec-policy/selinux-gpg )
- nls? ( virtual/libintl )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
- ChangeLog NEWS README THANKS TODO VERSION
- doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
- "${FILESDIR}/${P}-gpg-default-to-no-auto-key-retrieve.patch"
-)
-
-src_configure() {
- local myconf=()
-
- if use smartcard; then
- myconf+=(
- --enable-scdaemon
- $(use_enable usb ccid-driver)
- )
- else
- myconf+=( --disable-scdaemon )
- fi
-
- if use elibc_SunOS || use elibc_AIX; then
- myconf+=( --disable-symcryptrun )
- else
- myconf+=( --enable-symcryptrun )
- fi
-
- # glib fails and picks up clang's internal stdint.h causing weird errors
- [[ ${CC} == *clang ]] && \
- export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
- econf \
- "${myconf[@]}" \
- $(use_enable bzip2) \
- $(use_enable gnutls) \
- $(use_enable nls) \
- $(use_enable tofu) \
- $(use_enable wks-server wks-tools) \
- $(use_with ldap) \
- $(use_with readline) \
- --enable-gpg \
- --enable-gpgsm \
- --enable-large-secmem \
- --enable-all-tests \
- CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
- default
-
- use doc && emake -C doc html
-}
-
-src_install() {
- default
-
- use tools &&
- dobin \
- tools/{convert-from-106,gpg-check-pattern} \
- tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
- tools/make-dns-cert
-
- dosym gpg /usr/bin/gpg2
- dosym gpgv /usr/bin/gpgv2
- echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
- echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
- dodir /etc/env.d
- echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
- use doc && dodoc doc/gnupg.html/* doc/*.png
-
- systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-09-19 8:17 Kristian Fiskerstrand
0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-09-19 8:17 UTC (permalink / raw
To: gentoo-commits
commit: 20305658504c61cf1357b235226bc5c66e97752d
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 19 08:16:18 2017 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Tue Sep 19 08:17:08 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20305658
app-crypt/gnupg: New upstream version 2.2.1
Cherry-pick patch from master to allow for parallel tests
with tofu disabled
Package-Manager: Portage-2.3.6, Repoman-2.3.1
app-crypt/gnupg/Manifest | 1 +
.../gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch | 85 ++++++++++++++
app-crypt/gnupg/gnupg-2.2.1.ebuild | 129 +++++++++++++++++++++
3 files changed, 215 insertions(+)
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index fb6e09fc21f..548961ab9fe 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786
DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
DIST gnupg-2.2.0.tar.bz2 6532475 SHA256 d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6 SHA512 8ab7c4183d2ec2e6b62066e3cbcba95babaa0ae22da47feab716698792d26495f072d50e8ec612b8d26147636bb316320c78940184373b3f4cb6ec411933361b WHIRLPOOL c918b6a7e40ff170e1ff3b77978cb7f0d9298a3410204677955dc167b114a1f85d32deaca4f006c2bd621f532379ca9631b96913bf660394a82ab4ee0bbbaecb
+DIST gnupg-2.2.1.tar.bz2 6537959 SHA256 34d70cd65b9c95f3f2f90a9f5c1e0b6a0fe039a8d685e2d66d69c33d1cbf62fb SHA512 fcda7ea360d9928bf9e410afe3806ee0692dd533443b0c0e050605a9e2e37ec16f3c60a30b30ab137155327bc1f5d2107f1e792582e3ad245b47bf39a1a61a8f WHIRLPOOL 032d26c79aebcda3529f7cfcdec467e1058d19fa939eae48fd086e7c9f585a7b02dc9e6fb04a342fab845b9eb0d51c3bc2cca4a4d9677683a23bdd5c479b4eba
diff --git a/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch b/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch
new file mode 100644
index 00000000000..6a2c18e9b63
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch
@@ -0,0 +1,85 @@
+From eeb3da6eb717ed6a1a1069a7611eb37503e8672d Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Tue, 19 Sep 2017 12:28:43 +0900
+Subject: [PATCH 2/3] common: Fix gnupg_wait_processes.
+
+* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
+even if we already see an error.
+
+--
+
+The value stored by waitpid for exit code is encoded; It requires
+decoded by WEXITSTATUS macro, regardless of an error.
+
+For example, when one of processes is already exited and another is
+still running, it resulted wrong value of in r_exitcodes[n].
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ common/exechelp-posix.c | 50 +++++++++++++++++++++++++------------------------
+ 1 file changed, 26 insertions(+), 24 deletions(-)
+
+diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
+index 7237993a2..3acf74ad6 100644
+--- a/common/exechelp-posix.c
++++ b/common/exechelp-posix.c
+@@ -784,30 +784,32 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count,
+ }
+ }
+
+- if (ec == 0)
+- for (i = 0; i < count; i++)
+- {
+- if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
+- {
+- log_error (_("error running '%s': probably not installed\n"),
+- pgmnames[i]);
+- ec = GPG_ERR_CONFIGURATION;
+- }
+- else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
+- {
+- if (dummy)
+- log_error (_("error running '%s': exit status %d\n"),
+- pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
+- else
+- r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
+- ec = GPG_ERR_GENERAL;
+- }
+- else if (!WIFEXITED (r_exitcodes[i]))
+- {
+- log_error (_("error running '%s': terminated\n"), pgmnames[i]);
+- ec = GPG_ERR_GENERAL;
+- }
+- }
++ for (i = 0; i < count; i++)
++ {
++ if (r_exitcodes[i] == -1)
++ continue;
++
++ if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
++ {
++ log_error (_("error running '%s': probably not installed\n"),
++ pgmnames[i]);
++ ec = GPG_ERR_CONFIGURATION;
++ }
++ else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
++ {
++ if (dummy)
++ log_error (_("error running '%s': exit status %d\n"),
++ pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
++ else
++ r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
++ ec = GPG_ERR_GENERAL;
++ }
++ else if (!WIFEXITED (r_exitcodes[i]))
++ {
++ log_error (_("error running '%s': terminated\n"), pgmnames[i]);
++ ec = GPG_ERR_GENERAL;
++ }
++ }
+
+ xfree (dummy);
+ return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
+--
+2.13.5
+
diff --git a/app-crypt/gnupg/gnupg-2.2.1.ebuild b/app-crypt/gnupg/gnupg-2.2.1.ebuild
new file mode 100644
index 00000000000..0cdc74c459b
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.1.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit systemd toolchain-funcs
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+ >=dev-libs/npth-1.2
+ >=dev-libs/libassuan-2.4.3
+ >=dev-libs/libgcrypt-1.7.3
+ >=dev-libs/libgpg-error-1.24
+ >=dev-libs/libksba-1.3.4
+ >=net-misc/curl-7.10
+ gnutls? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+ ldap? ( net-nds/openldap )
+ bzip2? ( app-arch/bzip2 )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:0 ) )
+ tofu? ( >=dev-db/sqlite-3.7 )
+ "
+COMMON_DEPEND_BINS="app-crypt/pinentry
+ !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ nls? ( sys-devel/gettext )
+ doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ selinux? ( sec-policy/selinux-gpg )
+ nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+ "${FILESDIR}/${P}-fix-gnupg-wait.patch"
+)
+
+src_configure() {
+ local myconf=()
+
+ if use smartcard; then
+ myconf+=(
+ --enable-scdaemon
+ $(use_enable usb ccid-driver)
+ )
+ else
+ myconf+=( --disable-scdaemon )
+ fi
+
+ if use elibc_SunOS || use elibc_AIX; then
+ myconf+=( --disable-symcryptrun )
+ else
+ myconf+=( --enable-symcryptrun )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ econf \
+ "${myconf[@]}" \
+ $(use_enable bzip2) \
+ $(use_enable gnutls) \
+ $(use_enable nls) \
+ $(use_enable tofu) \
+ $(use_enable wks-server wks-tools) \
+ $(use_with ldap) \
+ $(use_with readline) \
+ --enable-gpg \
+ --enable-gpgsm \
+ --enable-large-secmem \
+ --enable-all-tests \
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+src_test() {
+ export TESTFLAGS=--parallel
+ default
+}
+
+src_install() {
+ default
+
+ use tools &&
+ dobin \
+ tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+ tools/make-dns-cert
+
+ dosym gpg /usr/bin/gpg2
+ dosym gpgv /usr/bin/gpgv2
+ echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+ echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+ use doc && dodoc doc/gnupg.html/* doc/*.png
+
+ systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2019-04-09 17:50 Robin H. Johnson
0 siblings, 0 replies; 18+ messages in thread
From: Robin H. Johnson @ 2019-04-09 17:50 UTC (permalink / raw
To: gentoo-commits
commit: 4b084d956b9bc167ec1887cb7717573b5a4f077d
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 9 17:49:17 2019 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Apr 9 17:50:20 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b084d95
app-crypt/gnupg: bump
Also adds one-line delta patch for --quiet in --send-key, submitted to
upstream for inclusion.
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
app-crypt/gnupg/Manifest | 1 +
.../gnupg/files/gnupg-2.2.14-quiet-sending.patch | 34 +++++
app-crypt/gnupg/gnupg-2.2.15.ebuild | 137 +++++++++++++++++++++
3 files changed, 172 insertions(+)
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index d9d42130a4f..ffc0c9cfd34 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 BLAKE2B 0c26c9c3aeae2bf2eafa858bc3bd15cc2702bc
DIST gnupg-2.2.10.tar.bz2 6659484 BLAKE2B d0270ca40bd70fe113fa4283c307d7d04370beec77ffba0abb7862defdab2d5a82b1508284961e30e7d0aab82bffdf09fe796741603e843a062073f179f0bfc2 SHA512 a4477828f268fa69125cf1822f8a721e67f8f4008bd9817b701989393bd93689aac8fee1f4d34d918911d53afabdcbb1c84d40e8a4489d7a29b5a769d330fddd
DIST gnupg-2.2.12.tar.bz2 6682303 BLAKE2B 8470ab8bf386d3524ce57ef1a1f6ac74d8cf2d7c35062b95c668b37586603c8e0817e410f4a0a807256e42896c11116897b7118b29e471184b2fa871ad4ba048 SHA512 30de9757bb60a5cb6bf0dc2c8da5f4742c54affec3fcd0bcbf66f28f2812149afec5db70dcb6ba592101de4bdc479d1ba0b47c53c8b8d4765ddff32fa51c26c8
DIST gnupg-2.2.14.tar.bz2 6707735 BLAKE2B feedb1c776e8d43e43905e8a8c1487bd88e8effc59e94baf308cb29a5feea5d9c666c78b50147d65a259dc89af241c2a2bf07a72c417617e5238e0fdbbc2b17f SHA512 9d5216dee085efe6de300579d8fb773a5a55df639d5a435708611a974df522dd60dc995fbfcaad98065475dbeb731bbba19ecc3273e78b9b45fccff640dde69b
+DIST gnupg-2.2.15.tar.bz2 6705912 BLAKE2B 145bd174cb74c6a1180de76a6d46b40d2434ced61bb9aa3eaddeb0079cd05634529c9b062e475d3ca9d35b3af3b62b39a79ef0efbb476cb9ebb9e2099ad13ae0 SHA512 7c6f0092d384fd71fc7a1c905ce23ae98df42ce131ee09fc190c275f9c8d0912be344b0782244cccb5b3938322ef3cfff8ed1ec7e949e761478b8c5110dde36a
diff --git a/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch b/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch
new file mode 100644
index 00000000000..1f7a561d3f7
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch
@@ -0,0 +1,34 @@
+From d8db73615e68d1c549b3ed50057a49d84a31b334 Mon Sep 17 00:00:00 2001
+From: "Robin H. Johnson" <robbat2@gentoo.org>
+Date: Tue, 9 Apr 2019 10:27:11 -0700
+Subject: [PATCH] g10: support --quiet for --send-key
+
+The --recv-key command supports --quiet, but --send-key does not.
+Add support for it for parity and better scripting.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+---
+ g10/keyserver.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 66900f7a9..e5fc011c0 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -1814,9 +1814,10 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
+ log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
+ else
+ {
+- log_info (_("sending key %s to %s\n"),
+- keystr (keyblock->pkt->pkt.public_key->keyid),
+- ksurl?ksurl:"[?]");
++ if (!opt.quiet)
++ log_info (_("sending key %s to %s\n"),
++ keystr (keyblock->pkt->pkt.public_key->keyid),
++ ksurl?ksurl:"[?]");
+
+ err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
+ release_kbnode (keyblock);
+--
+2.21.0
+
diff --git a/app-crypt/gnupg/gnupg-2.2.15.ebuild b/app-crypt/gnupg/gnupg-2.2.15.ebuild
new file mode 100644
index 00000000000..1c68f3982ce
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.15.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic systemd toolchain-funcs
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
+
+# Existence of executables is checked during configuration.
+DEPEND="!app-crypt/dirmngr
+ >=dev-libs/libassuan-2.5.0
+ >=dev-libs/libgcrypt-1.7.3
+ >=dev-libs/libgpg-error-1.28
+ >=dev-libs/libksba-1.3.4
+ >=dev-libs/npth-1.2
+ >=net-misc/curl-7.10
+ bzip2? ( app-arch/bzip2 )
+ ldap? ( net-nds/openldap )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:1 ) )
+ ssl? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+ tofu? ( >=dev-db/sqlite-3.7 )
+ virtual/mta"
+
+RDEPEND="${DEPEND}
+ app-crypt/pinentry
+ nls? ( virtual/libintl )
+ selinux? ( sec-policy/selinux-gpg )"
+
+BDEPEND="virtual/pkgconfig
+ doc? ( sys-apps/texinfo )
+ nls? ( sys-devel/gettext )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+ "${FILESDIR}/${PN}-2.2.14-quiet-sending.patch"
+)
+
+src_configure() {
+ local myconf=()
+
+ if use prefix && use usb; then
+ # bug #649598
+ append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
+ fi
+
+ if use elibc_SunOS || use elibc_AIX; then
+ myconf+=( --disable-symcryptrun )
+ else
+ myconf+=( --enable-symcryptrun )
+ fi
+
+ #bug 663142
+ if use user-socket; then
+ myconf+=( --enable-run-gnupg-user-socket )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ econf \
+ "${myconf[@]}" \
+ $(use_enable bzip2) \
+ $(use_enable nls) \
+ $(use_enable smartcard scdaemon) \
+ $(use_enable ssl gnutls) \
+ $(use_enable tofu) \
+ $(use_enable usb ccid-driver) \
+ $(use_enable wks-server wks-tools) \
+ $(use_with ldap) \
+ $(use_with readline) \
+ --disable-ntbtls \
+ --enable-all-tests \
+ --enable-gpg \
+ --enable-gpgsm \
+ --enable-large-secmem \
+ CC_FOR_BUILD="$(tc-getBUILD_CC)" \
+ GPG_ERROR_CONFIG="${EROOT}/usr/bin/${CHOST}-gpg-error-config" \
+ KSBA_CONFIG="${EROOT}/usr/bin/ksba-config" \
+ LIBASSUAN_CONFIG="${EROOT}/usr/bin/libassuan-config" \
+ LIBGCRYPT_CONFIG="${EROOT}/usr/bin/${CHOST}-libgcrypt-config" \
+ NPTH_CONFIG="${EROOT}/usr/bin/npth-config" \
+ $("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+src_test() {
+ #Bug: 638574
+ use tofu && export TESTFLAGS=--parallel
+ default
+}
+
+src_install() {
+ default
+
+ use tools &&
+ dobin \
+ tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+ tools/make-dns-cert
+
+ dosym gpg /usr/bin/gpg2
+ dosym gpgv /usr/bin/gpgv2
+ echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+ echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+ use doc && dodoc doc/gnupg.html/* doc/*.png
+
+ systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2020-08-14 23:58 Thomas Deutschmann
0 siblings, 0 replies; 18+ messages in thread
From: Thomas Deutschmann @ 2020-08-14 23:58 UTC (permalink / raw
To: gentoo-commits
commit: f880165f3ad8531f8b185108094f46a47c9e2fb4
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 23:57:39 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 23:57:55 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f880165f
app-crypt/gnupg: fix dirmngr for non-IPv6 enabled hosts
Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
...20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch | 35 ++++++++++++++++++++++
...{gnupg-2.2.20.ebuild => gnupg-2.2.20-r1.ebuild} | 1 +
2 files changed, 36 insertions(+)
diff --git a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
new file mode 100644
index 00000000000..14a1913b3a0
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
@@ -0,0 +1,35 @@
+From 109d16e8f644da97ed9c00e6f9010a53097f587a Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Mon, 13 Jul 2020 10:00:58 +0900
+Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server.
+
+* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
+
+--
+
+GnuPG-bug-id: 4977
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/http.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index f26675f9b..50b9b732b 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -3005,6 +3005,15 @@ connect_server (ctrl_t ctrl, const char *server, unsigned short port,
+ sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
+ if (sock == ASSUAN_INVALID_FD)
+ {
++ if (errno == EAFNOSUPPORT)
++ {
++ if (ai->family == AF_INET)
++ v4_valid = 0;
++ if (ai->family == AF_INET6)
++ v6_valid = 0;
++ continue;
++ }
++
+ err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ log_error ("error creating socket: %s\n", gpg_strerror (err));
diff --git a/app-crypt/gnupg/gnupg-2.2.20.ebuild b/app-crypt/gnupg/gnupg-2.2.20-r1.ebuild
similarity index 98%
rename from app-crypt/gnupg/gnupg-2.2.20.ebuild
rename to app-crypt/gnupg/gnupg-2.2.20-r1.ebuild
index 35dc9274af9..ec52f664069 100644
--- a/app-crypt/gnupg/gnupg-2.2.20.ebuild
+++ b/app-crypt/gnupg/gnupg-2.2.20-r1.ebuild
@@ -51,6 +51,7 @@ DOCS=(
PATCHES=(
"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+ "${FILESDIR}/${PN}-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch"
)
src_prepare() {
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2020-09-03 20:11 Mikle Kolyada
0 siblings, 0 replies; 18+ messages in thread
From: Mikle Kolyada @ 2020-09-03 20:11 UTC (permalink / raw
To: gentoo-commits
commit: 47d9576076ddd37b4fe05550969b8b9e029dc9da
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 3 20:10:50 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Thu Sep 3 20:10:50 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47d95760
app-crypt/gnupg: Drop old
Package-Manager: Portage-3.0.4, Repoman-2.3.23
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
app-crypt/gnupg/Manifest | 2 -
.../gnupg/files/gnupg-2.2.22-card-status.patch | 20 ---
app-crypt/gnupg/gnupg-2.2.21.ebuild | 165 ---------------------
app-crypt/gnupg/gnupg-2.2.22-r1.ebuild | 165 ---------------------
4 files changed, 352 deletions(-)
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 57c6cc33249..a1bd0368bda 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,4 +1,2 @@
DIST gnupg-2.2.20.tar.bz2 6786913 BLAKE2B 43cf9402a26e67d6c7c2444eb2faaee3f06ea0bf6c07708a50834c5d7424db2f9c38e1f0046dd3a35082abc08d401b2951655e7e068f0873db297560b87d2667 SHA512 3e69f102366ec3415f439ab81aae2458182fa1a18dfb86565b1d9dc638f3fc4c179a5947f0042b7c5a813345676285a662793664a1803ea9ad8328f0548e0edc
-DIST gnupg-2.2.21.tar.bz2 6813160 BLAKE2B b4708fd34c23dec8ec5be0740a502d155b649b4c88a89e5cc6f3cb99a15f7c6e31c50247ccacfedad55600dac3e7f91a8567424d335ab5e537082261dc98aceb SHA512 b4eac75253d4a1cac341c8a1ba7bb275e849a88d5377035497777c7bcd49b5a4c91b77000311695eb7d4083856975b2b2d14518f24ab94846027280bd8c301f9
-DIST gnupg-2.2.22.tar.bz2 7098444 BLAKE2B b5f306485032acadc852f4f71f2e968795843faacd5dda24ed2b20df78a3d38a364c2feade7ef8389a203e8b037fbb92129207cbc6d60b89cfb0945dded56a97 SHA512 3e5a8bb91c122f97acee2a93e3233db89bff9b96c6ec052c95bd2fe7e46c79a8afaac536c05675a7129e332272d62c677722a12cb05386b54a8d12ef82b6c5fa
DIST gnupg-2.2.23.tar.bz2 7099806 BLAKE2B 0b9c1f5c8931399cfd9d95f107f91869733c4a986476ea43631b4265b1a5c26cfb8c9bb24ef6a295af7aa803749caaedde26365f6f50a7c946c1f86c867d855d SHA512 736b39628f7e4adc650b3f9937c81f27e9ad41e77f5345dc54262c91c1cf7004243fa7f932313bcde955e0e9b3f1afc639bac18023ae878b1d26e3c5a3cabb90
diff --git a/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch b/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch
deleted file mode 100644
index 1a01e5ddbc5..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 8a1d30d5b..ccc360fc8 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -2357,10 +2357,15 @@ verify_chv2 (app_t app,
- int rc;
- char *pinvalue;
- int pinlen;
-+ int i;
-
- if (app->did_chv2)
- return 0; /* We already verified CHV2. */
-
-+ /* Make sure we have load the public keys. */
-+ for (i = 0; i < 3; i++)
-+ get_public_key (app, i);
-+
- if (app->app_local->pk[1].key || app->app_local->pk[2].key)
- {
- rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue, &pinlen);
diff --git a/app-crypt/gnupg/gnupg-2.2.21.ebuild b/app-crypt/gnupg/gnupg-2.2.21.ebuild
deleted file mode 100644
index e41bbd94151..00000000000
--- a/app-crypt/gnupg/gnupg-2.2.21.ebuild
+++ /dev/null
@@ -1,165 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND=">=dev-libs/libassuan-2.5.0
- >=dev-libs/libgcrypt-1.7.3
- >=dev-libs/libgpg-error-1.28
- >=dev-libs/libksba-1.3.4
- >=dev-libs/npth-1.2
- >=net-misc/curl-7.10
- bzip2? ( app-arch/bzip2 )
- ldap? ( net-nds/openldap )
- readline? ( sys-libs/readline:0= )
- smartcard? ( usb? ( virtual/libusb:1 ) )
- ssl? ( >=net-libs/gnutls-3.0:0= )
- sys-libs/zlib
- tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
- app-crypt/pinentry
- nls? ( virtual/libintl )
- selinux? ( sec-policy/selinux-gpg )
- wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
- doc? ( sys-apps/texinfo )
- nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
- ChangeLog NEWS README THANKS TODO VERSION
- doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
- "${FILESDIR}/${PN}-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch"
-)
-
-src_prepare() {
- default
-
- # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
- # idea borrowed from libdbus, see
- # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
- #
- # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
- # which in turn requires discovery in Autoconf, something that upstream deeply resents.
- sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
- -i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
- local myconf=()
-
- if use prefix && use usb; then
- # bug #649598
- append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
- fi
-
- if use elibc_SunOS || use elibc_AIX; then
- myconf+=( --disable-symcryptrun )
- else
- myconf+=( --enable-symcryptrun )
- fi
-
- #bug 663142
- if use user-socket; then
- myconf+=( --enable-run-gnupg-user-socket )
- fi
-
- # glib fails and picks up clang's internal stdint.h causing weird errors
- [[ ${CC} == *clang ]] && \
- export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
- # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
- # As of GnuPG 2.3, the mailprog substitution is used for the binary called
- # by wks-client & wks-server; and if it's autodetected but not not exist at
- # build time, then then 'gpg-wks-client --send' functionality will not
- # work. This has an unwanted side-effect in stage3 builds: there was a
- # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
- # the build where the install guide previously make the user chose the
- # logger & mta early in the install.
-
- econf \
- "${myconf[@]}" \
- $(use_enable bzip2) \
- $(use_enable nls) \
- $(use_enable smartcard scdaemon) \
- $(use_enable ssl gnutls) \
- $(use_enable tofu) \
- $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') \
- $(use_enable wks-server wks-tools) \
- $(use_with ldap) \
- $(use_with readline) \
- --with-mailprog=/usr/libexec/sendmail \
- --disable-ntbtls \
- --enable-all-tests \
- --enable-gpg \
- --enable-gpgsm \
- --enable-large-secmem \
- CC_FOR_BUILD="$(tc-getBUILD_CC)" \
- GPG_ERROR_CONFIG="${EROOT}/usr/bin/${CHOST}-gpg-error-config" \
- KSBA_CONFIG="${EROOT}/usr/bin/ksba-config" \
- LIBASSUAN_CONFIG="${EROOT}/usr/bin/libassuan-config" \
- LIBGCRYPT_CONFIG="${EROOT}/usr/bin/${CHOST}-libgcrypt-config" \
- NPTH_CONFIG="${EROOT}/usr/bin/npth-config" \
- $("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-src_compile() {
- default
-
- use doc && emake -C doc html
-}
-
-src_test() {
- #Bug: 638574
- use tofu && export TESTFLAGS=--parallel
- default
-}
-
-src_install() {
- default
-
- use tools &&
- dobin \
- tools/{convert-from-106,gpg-check-pattern} \
- tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
- tools/make-dns-cert
-
- dosym gpg /usr/bin/gpg2
- dosym gpgv /usr/bin/gpgv2
- echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
- echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
- dodir /etc/env.d
- echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
- use doc && dodoc doc/gnupg.html/* doc/*.png
-
- systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}
-
-pkg_postinst() {
- elog "See https://wiki.gentoo.org/wiki/GnuPG for documentation on gnupg"
- elog
- elog "If you wish to use 'gpg-wks-client --send', you must install an MTA!"
-}
diff --git a/app-crypt/gnupg/gnupg-2.2.22-r1.ebuild b/app-crypt/gnupg/gnupg-2.2.22-r1.ebuild
deleted file mode 100644
index 3cd4a08ed40..00000000000
--- a/app-crypt/gnupg/gnupg-2.2.22-r1.ebuild
+++ /dev/null
@@ -1,165 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND=">=dev-libs/libassuan-2.5.0
- >=dev-libs/libgcrypt-1.7.3
- >=dev-libs/libgpg-error-1.29
- >=dev-libs/libksba-1.3.4
- >=dev-libs/npth-1.2
- >=net-misc/curl-7.10
- bzip2? ( app-arch/bzip2 )
- ldap? ( net-nds/openldap )
- readline? ( sys-libs/readline:0= )
- smartcard? ( usb? ( virtual/libusb:1 ) )
- ssl? ( >=net-libs/gnutls-3.0:0= )
- sys-libs/zlib
- tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
- app-crypt/pinentry
- nls? ( virtual/libintl )
- selinux? ( sec-policy/selinux-gpg )
- wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
- doc? ( sys-apps/texinfo )
- nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
- ChangeLog NEWS README THANKS TODO VERSION
- doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
- "${FILESDIR}/${P}-card-status.patch"
-)
-
-src_prepare() {
- default
-
- # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
- # idea borrowed from libdbus, see
- # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
- #
- # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
- # which in turn requires discovery in Autoconf, something that upstream deeply resents.
- sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
- -i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
- local myconf=()
-
- if use prefix && use usb; then
- # bug #649598
- append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
- fi
-
- if use elibc_SunOS || use elibc_AIX; then
- myconf+=( --disable-symcryptrun )
- else
- myconf+=( --enable-symcryptrun )
- fi
-
- #bug 663142
- if use user-socket; then
- myconf+=( --enable-run-gnupg-user-socket )
- fi
-
- # glib fails and picks up clang's internal stdint.h causing weird errors
- [[ ${CC} == *clang ]] && \
- export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
- # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
- # As of GnuPG 2.3, the mailprog substitution is used for the binary called
- # by wks-client & wks-server; and if it's autodetected but not not exist at
- # build time, then then 'gpg-wks-client --send' functionality will not
- # work. This has an unwanted side-effect in stage3 builds: there was a
- # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
- # the build where the install guide previously make the user chose the
- # logger & mta early in the install.
-
- econf \
- "${myconf[@]}" \
- $(use_enable bzip2) \
- $(use_enable nls) \
- $(use_enable smartcard scdaemon) \
- $(use_enable ssl gnutls) \
- $(use_enable tofu) \
- $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') \
- $(use_enable wks-server wks-tools) \
- $(use_with ldap) \
- $(use_with readline) \
- --with-mailprog=/usr/libexec/sendmail \
- --disable-ntbtls \
- --enable-all-tests \
- --enable-gpg \
- --enable-gpgsm \
- --enable-large-secmem \
- CC_FOR_BUILD="$(tc-getBUILD_CC)" \
- GPG_ERROR_CONFIG="${EROOT}/usr/bin/${CHOST}-gpg-error-config" \
- KSBA_CONFIG="${EROOT}/usr/bin/ksba-config" \
- LIBASSUAN_CONFIG="${EROOT}/usr/bin/libassuan-config" \
- LIBGCRYPT_CONFIG="${EROOT}/usr/bin/${CHOST}-libgcrypt-config" \
- NPTH_CONFIG="${EROOT}/usr/bin/npth-config" \
- $("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-src_compile() {
- default
-
- use doc && emake -C doc html
-}
-
-src_test() {
- #Bug: 638574
- use tofu && export TESTFLAGS=--parallel
- default
-}
-
-src_install() {
- default
-
- use tools &&
- dobin \
- tools/{convert-from-106,gpg-check-pattern} \
- tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
- tools/make-dns-cert
-
- dosym gpg /usr/bin/gpg2
- dosym gpgv /usr/bin/gpgv2
- echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
- echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
- dodir /etc/env.d
- echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
- use doc && dodoc doc/gnupg.html/* doc/*.png
-
- systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}
-
-pkg_postinst() {
- elog "See https://wiki.gentoo.org/wiki/GnuPG for documentation on gnupg"
- elog
- elog "If you wish to use 'gpg-wks-client --send', you must install an MTA!"
-}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2021-02-07 14:26 Mikle Kolyada
0 siblings, 0 replies; 18+ messages in thread
From: Mikle Kolyada @ 2021-02-07 14:26 UTC (permalink / raw
To: gentoo-commits
commit: 810410a8c6b411bd8b1ac60ceb28d37af27256b1
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 7 14:26:17 2021 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Feb 7 14:26:53 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=810410a8
app-crypt/gnupg: Drop old
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
app-crypt/gnupg/Manifest | 2 -
...20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch | 35 -----
app-crypt/gnupg/gnupg-2.2.20-r2.ebuild | 159 --------------------
app-crypt/gnupg/gnupg-2.2.26.ebuild | 160 ---------------------
4 files changed, 356 deletions(-)
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 263c8a5752d..4f8d716e719 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,5 +1,3 @@
DIST gnupg-2.2.16-scdaemon_shared-access.patch 2586 BLAKE2B 42fd5482c4e86751ce62836125997c2295c44bc5db0671a06460fd306b2ed93f290fb898fc1b1e463a863eddf9ab5f99ea3c90a55499ef45ca1ed6edf2854663 SHA512 38abaa4200114ae6b6f220fabc0a84a056761949c97bd0564557f4411a299b9a1939893555c27e26da2d8e8da4bc97a298fa7e68f1e80fe99c3f88cc329eaa84
-DIST gnupg-2.2.20.tar.bz2 6786913 BLAKE2B 43cf9402a26e67d6c7c2444eb2faaee3f06ea0bf6c07708a50834c5d7424db2f9c38e1f0046dd3a35082abc08d401b2951655e7e068f0873db297560b87d2667 SHA512 3e69f102366ec3415f439ab81aae2458182fa1a18dfb86565b1d9dc638f3fc4c179a5947f0042b7c5a813345676285a662793664a1803ea9ad8328f0548e0edc
DIST gnupg-2.2.25.tar.bz2 7195857 BLAKE2B c930edf9259a0e1c508af8d76a86f979860adfe2c525020b37d3741679200f96483f0ad8bc1f72e2dbf7fe77696cd04d4272a2ee23e4c4abe1ed6ba88b95f365 SHA512 ab1d7cc9d8be3e7189bc4bea431b9d5db313cbd1739823950f32fbb611b2f4374889f444efbf43ce1fbf498b9865d7e6e953cd4c86d58fd688f63923c434ea2c
-DIST gnupg-2.2.26.tar.bz2 7189254 BLAKE2B f51dd18f6fe327573769d1581ab49bfbca6a56973f6115a68d11e79f52f4b9bdd717ff027800cd1d52fca56abcffa80ee025b49a6af3914f60decdad1e1585ba SHA512 5e9482e126c32c836064b125a18b109f0d3c96892474d3fb47dd791350cccefc56f9a5dfbd54504716487a93d9f71de2493bdfef92e29964b5bfe28b0053c265
DIST gnupg-2.2.27.tar.bz2 7191555 BLAKE2B d652aad382cf07cc458b29ff82718edd47457d8236dcbeee51f22d88503be141f009e9ea45b6dafe614115d9558fe371509579e58ce17a5f04540a31aa406ea3 SHA512 cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab
diff --git a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
deleted file mode 100644
index 14a1913b3a0..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 109d16e8f644da97ed9c00e6f9010a53097f587a Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Mon, 13 Jul 2020 10:00:58 +0900
-Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server.
-
-* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
-
---
-
-GnuPG-bug-id: 4977
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- dirmngr/http.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index f26675f9b..50b9b732b 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -3005,6 +3005,15 @@ connect_server (ctrl_t ctrl, const char *server, unsigned short port,
- sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
- if (sock == ASSUAN_INVALID_FD)
- {
-+ if (errno == EAFNOSUPPORT)
-+ {
-+ if (ai->family == AF_INET)
-+ v4_valid = 0;
-+ if (ai->family == AF_INET6)
-+ v6_valid = 0;
-+ continue;
-+ }
-+
- err = gpg_err_make (default_errsource,
- gpg_err_code_from_syserror ());
- log_error ("error creating socket: %s\n", gpg_strerror (err));
diff --git a/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild b/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild
deleted file mode 100644
index 25d0a11c431..00000000000
--- a/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild
+++ /dev/null
@@ -1,159 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND=">=dev-libs/libassuan-2.5.0
- >=dev-libs/libgcrypt-1.7.3
- >=dev-libs/libgpg-error-1.28
- >=dev-libs/libksba-1.3.4
- >=dev-libs/npth-1.2
- >=net-misc/curl-7.10
- bzip2? ( app-arch/bzip2 )
- ldap? ( net-nds/openldap )
- readline? ( sys-libs/readline:0= )
- smartcard? ( usb? ( virtual/libusb:1 ) )
- ssl? ( >=net-libs/gnutls-3.0:0= )
- sys-libs/zlib
- tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
- app-crypt/pinentry
- nls? ( virtual/libintl )
- selinux? ( sec-policy/selinux-gpg )
- wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
- doc? ( sys-apps/texinfo )
- nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
- ChangeLog NEWS README THANKS TODO VERSION
- doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
- "${FILESDIR}/${PN}-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch"
-)
-
-src_prepare() {
- default
-
- # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
- # idea borrowed from libdbus, see
- # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
- #
- # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
- # which in turn requires discovery in Autoconf, something that upstream deeply resents.
- sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
- -i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
- local myconf=()
-
- if use prefix && use usb; then
- # bug #649598
- append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
- fi
-
- if use elibc_SunOS; then
- myconf+=( --disable-symcryptrun )
- else
- myconf+=( --enable-symcryptrun )
- fi
-
- #bug 663142
- if use user-socket; then
- myconf+=( --enable-run-gnupg-user-socket )
- fi
-
- # glib fails and picks up clang's internal stdint.h causing weird errors
- [[ ${CC} == *clang ]] && \
- export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
- # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
- # As of GnuPG 2.3, the mailprog substitution is used for the binary called
- # by wks-client & wks-server; and if it's autodetected but not not exist at
- # build time, then then 'gpg-wks-client --send' functionality will not
- # work. This has an unwanted side-effect in stage3 builds: there was a
- # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
- # the build where the install guide previously make the user chose the
- # logger & mta early in the install.
-
- econf \
- "${myconf[@]}" \
- $(use_enable bzip2) \
- $(use_enable nls) \
- $(use_enable smartcard scdaemon) \
- $(use_enable ssl gnutls) \
- $(use_enable tofu) \
- $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') \
- $(use_enable wks-server wks-tools) \
- $(use_with ldap) \
- $(use_with readline) \
- --with-mailprog=/usr/libexec/sendmail \
- --disable-ntbtls \
- --enable-all-tests \
- --enable-gpg \
- --enable-gpgsm \
- --enable-large-secmem \
- CC_FOR_BUILD="$(tc-getBUILD_CC)" \
- GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config" \
- KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config" \
- LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config" \
- LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config" \
- NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config" \
- $("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-src_compile() {
- default
-
- use doc && emake -C doc html
-}
-
-src_test() {
- #Bug: 638574
- use tofu && export TESTFLAGS=--parallel
- default
-}
-
-src_install() {
- default
-
- use tools &&
- dobin \
- tools/{convert-from-106,gpg-check-pattern} \
- tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
- tools/make-dns-cert
-
- dosym gpg /usr/bin/gpg2
- dosym gpgv /usr/bin/gpgv2
- echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
- echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
- dodir /etc/env.d
- echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
- use doc && dodoc doc/gnupg.html/* doc/*.png
-
- systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}
diff --git a/app-crypt/gnupg/gnupg-2.2.26.ebuild b/app-crypt/gnupg/gnupg-2.2.26.ebuild
deleted file mode 100644
index f03938727e3..00000000000
--- a/app-crypt/gnupg/gnupg-2.2.26.ebuild
+++ /dev/null
@@ -1,160 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2
- scd-shared-access? ( https://raw.githubusercontent.com/GPGTools/MacGPG2/5ca182f54b7b6cd635d1c0a4713953834489fdd9/patches/gnupg/scdaemon_shared-access.patch -> ${PN}-2.2.16-scdaemon_shared-access.patch )"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline scd-shared-access selinux +smartcard ssl tofu tools usb user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND=">=dev-libs/libassuan-2.5.0
- >=dev-libs/libgcrypt-1.8.0
- >=dev-libs/libgpg-error-1.29
- >=dev-libs/libksba-1.3.4
- >=dev-libs/npth-1.2
- >=net-misc/curl-7.10
- bzip2? ( app-arch/bzip2 )
- ldap? ( net-nds/openldap )
- readline? ( sys-libs/readline:0= )
- smartcard? ( usb? ( virtual/libusb:1 ) )
- ssl? ( >=net-libs/gnutls-3.0:0= )
- sys-libs/zlib
- tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
- app-crypt/pinentry
- nls? ( virtual/libintl )
- selinux? ( sec-policy/selinux-gpg )
- wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
- doc? ( sys-apps/texinfo )
- nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
- ChangeLog NEWS README THANKS TODO VERSION
- doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-)
-
-src_prepare() {
- default
-
- # Made optional because it's a non-official patch
- if use scd-shared-access ; then
- # Patch taken from
- # https://github.com/GPGTools/MacGPG2/tree/dev/patches/gnupg
- eapply "${DISTDIR}/${PN}-2.2.16-scdaemon_shared-access.patch"
- fi
-
- # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
- # idea borrowed from libdbus, see
- # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
- #
- # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
- # which in turn requires discovery in Autoconf, something that upstream deeply resents.
- sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
- -i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
- local myconf=(
- $(use_enable bzip2)
- $(use_enable nls)
- $(use_enable smartcard scdaemon)
- $(use_enable ssl gnutls)
- $(use_enable tofu)
- $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
- $(use_enable wks-server wks-tools)
- $(use_with ldap)
- $(use_with readline)
- --with-mailprog=/usr/libexec/sendmail
- --disable-ntbtls
- --enable-all-tests
- --enable-gpg
- --enable-gpgsm
- --enable-large-secmem
- CC_FOR_BUILD="$(tc-getBUILD_CC)"
- GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
- KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
- LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
- LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
- NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
- $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
- )
-
- if use prefix && use usb; then
- # bug #649598
- append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
- fi
-
- #bug 663142
- if use user-socket; then
- myconf+=( --enable-run-gnupg-user-socket )
- fi
-
- # glib fails and picks up clang's internal stdint.h causing weird errors
- [[ ${CC} == *clang ]] && \
- export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
- # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
- # As of GnuPG 2.3, the mailprog substitution is used for the binary called
- # by wks-client & wks-server; and if it's autodetected but not not exist at
- # build time, then then 'gpg-wks-client --send' functionality will not
- # work. This has an unwanted side-effect in stage3 builds: there was a
- # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
- # the build where the install guide previously make the user chose the
- # logger & mta early in the install.
-
- econf "${myconf[@]}"
-}
-
-src_compile() {
- default
-
- use doc && emake -C doc html
-}
-
-src_test() {
- #Bug: 638574
- use tofu && export TESTFLAGS=--parallel
- default
-}
-
-src_install() {
- default
-
- use tools &&
- dobin \
- tools/{convert-from-106,gpg-check-pattern} \
- tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
- tools/make-dns-cert
-
- dosym gpg /usr/bin/gpg2
- dosym gpgv /usr/bin/gpgv2
- echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
- echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
- dodir /etc/env.d
- echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
- use doc && dodoc doc/gnupg.html/* doc/*.png
-
- systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2021-06-12 22:37 Lars Wendler
0 siblings, 0 replies; 18+ messages in thread
From: Lars Wendler @ 2021-06-12 22:37 UTC (permalink / raw
To: gentoo-commits
commit: 16b8804428d68538b75e21a597ab687830787097
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 12 22:35:44 2021 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jun 12 22:37:03 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16b88044
app-crypt/gnupg: Fixed build with USE="-ldap"
Removed "scd-shared-access" USE flag as this finally went into a release
Closes: https://bugs.gentoo.org/795669
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
.../gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch | 36 ++++++++++++++++++++++
app-crypt/gnupg/gnupg-2.2.28.ebuild | 13 ++------
2 files changed, 39 insertions(+), 10 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch b/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch
new file mode 100644
index 00000000000..86e83de8ec3
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch
@@ -0,0 +1,36 @@
+From c8b2162c0e7eb42b74811b7ed225fa0f56be4083 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 11 Jun 2021 10:30:02 +0900
+Subject: [PATCH] dirmngir: Fix build with --disable-ldap.
+
+* dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
+Conditionalize.
+
+--
+
+Reported-by: Phil Pennock
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/dirmngr.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
+index 04fe9e238..6a818cabc 100644
+--- a/dirmngr/dirmngr.c
++++ b/dirmngr/dirmngr.c
+@@ -736,6 +736,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+ case oRecursiveResolver: enable_recursive_resolver (1); break;
+
+ case oLDAPServer:
++#if USE_LDAP
+ {
+ ldap_server_t server;
+ char *p;
+@@ -757,6 +758,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+ opt.ldapservers = server;
+ }
+ }
++#endif
+ break;
+
+ case oKeyServer:
diff --git a/app-crypt/gnupg/gnupg-2.2.28.ebuild b/app-crypt/gnupg/gnupg-2.2.28.ebuild
index f03938727e3..0f4396fc399 100644
--- a/app-crypt/gnupg/gnupg-2.2.28.ebuild
+++ b/app-crypt/gnupg/gnupg-2.2.28.ebuild
@@ -9,13 +9,12 @@ MY_P="${P/_/-}"
DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2
- scd-shared-access? ( https://raw.githubusercontent.com/GPGTools/MacGPG2/5ca182f54b7b6cd635d1c0a4713953834489fdd9/patches/gnupg/scdaemon_shared-access.patch -> ${PN}-2.2.16-scdaemon_shared-access.patch )"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline scd-shared-access selinux +smartcard ssl tofu tools usb user-socket wks-server"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
# Existence of executables is checked during configuration.
DEPEND=">=dev-libs/libassuan-2.5.0
@@ -51,18 +50,12 @@ DOCS=(
PATCHES=(
"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+ "${FILESDIR}/${P}-dirmngr_ldap.patch" #795669
)
src_prepare() {
default
- # Made optional because it's a non-official patch
- if use scd-shared-access ; then
- # Patch taken from
- # https://github.com/GPGTools/MacGPG2/tree/dev/patches/gnupg
- eapply "${DISTDIR}/${PN}-2.2.16-scdaemon_shared-access.patch"
- fi
-
# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2021-09-07 15:20 David Seifert
0 siblings, 0 replies; 18+ messages in thread
From: David Seifert @ 2021-09-07 15:20 UTC (permalink / raw
To: gentoo-commits
commit: 358af1feef453a02aa73ef5c281fe509bcb6ffde
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 7 15:20:04 2021 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Tue Sep 7 15:20:04 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=358af1fe
app-crypt/gnupg: fix USE=tofu
Bug: https://dev.gnupg.org/T5588
Acked-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Signed-off-by: David Seifert <soap <AT> gentoo.org>
.../gnupg/files/gnupg-2.3.0-sqlite_check.patch | 62 ----------------------
app-crypt/gnupg/gnupg-2.3.2.ebuild | 17 +++---
2 files changed, 6 insertions(+), 73 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch b/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch
deleted file mode 100644
index dd529da7a7c..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 58aa0e8547a29e147f3d9d1792117d96bc00ffda Mon Sep 17 00:00:00 2001
-From: Lars Wendler <polynomial-c@gentoo.org>
-Date: Thu, 8 Apr 2021 11:05:36 +0200
-Subject: [PATCH] gnupg: configure.ac: Fix sqlite3 detection
-
-or else --disable-sqlite has no effect and linking later fails with:
-
- keyboxd-backend-sqlite.o: in function `show_sqlstmt.part.0':
- backend-sqlite.c:(.text+0x42): undefined reference to `sqlite3_expanded_sql'
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
----
- configure.ac | 23 ++++++++++++-----------
- 1 file changed, 12 insertions(+), 11 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 9cf0c6a7f..d46469cbb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -969,18 +969,20 @@ AC_ARG_ENABLE(sqlite,
- [disable the use of SQLITE]),
- try_sqlite=$enableval, try_sqlite=yes)
-
--if test x"$use_tofu" = xyes ; then
-- if test x"$try_sqlite" = xyes ; then
-+AS_IF([test x"$try_sqlite" = xyes], [
- PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= $NEED_SQLITE_VERSION],
- [have_sqlite=yes],
- [have_sqlite=no])
-- fi
-- if test "$have_sqlite" = "yes"; then
-- :
-- AC_SUBST([SQLITE3_CFLAGS])
-- AC_SUBST([SQLITE3_LIBS])
-- else
-- use_tofu=no
-+ AS_IF([test "$have_sqlite" = "yes"], [
-+ AC_SUBST([SQLITE3_CFLAGS])
-+ AC_SUBST([SQLITE3_LIBS])
-+ ])
-+ ])
-+
-+AS_IF([test "$have_sqlite" != "yes"], [
-+ AS_IF([test x"$use_tofu" = xyes], [
-+ use_tofu=no
-+ ])
- build_keyboxd=no
- tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
- AC_MSG_WARN([[
-@@ -988,8 +990,7 @@ if test x"$use_tofu" = xyes ; then
- *** Building without SQLite support - TOFU and Keyboxd disabled
- ***
- *** $tmp]])
-- fi
--fi
-+])
-
- AM_CONDITIONAL(SQLITE3, test "$have_sqlite" = "yes")
-
---
-2.31.1
-
diff --git a/app-crypt/gnupg/gnupg-2.3.2.ebuild b/app-crypt/gnupg/gnupg-2.3.2.ebuild
index 3576669b399..9e1c1de7266 100644
--- a/app-crypt/gnupg/gnupg-2.3.2.ebuild
+++ b/app-crypt/gnupg/gnupg-2.3.2.ebuild
@@ -3,18 +3,19 @@
EAPI=8
-inherit autotools flag-o-matic systemd toolchain-funcs
+inherit flag-o-matic systemd toolchain-funcs
MY_P="${P/_/-}"
DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="https://gnupg.org/"
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard sqlite ssl tofu tools usb user-socket wks-server"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
# Existence of executables is checked during configuration.
DEPEND=">=dev-libs/libassuan-2.5.0
@@ -27,7 +28,7 @@ DEPEND=">=dev-libs/libassuan-2.5.0
ldap? ( net-nds/openldap )
readline? ( sys-libs/readline:0= )
smartcard? ( usb? ( virtual/libusb:1 ) )
- sqlite? ( >=dev-db/sqlite-3.27 )
+ tofu? ( >=dev-db/sqlite-3.27 )
ssl? ( >=net-libs/gnutls-3.0:0= )
sys-libs/zlib
"
@@ -42,10 +43,6 @@ BDEPEND="virtual/pkgconfig
doc? ( sys-apps/texinfo )
nls? ( sys-devel/gettext )"
-S="${WORKDIR}/${MY_P}"
-
-REQUIRED_USE="tofu? ( sqlite )"
-
DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
@@ -53,14 +50,11 @@ DOCS=(
PATCHES=(
"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
- "${FILESDIR}/${PN}-2.3.0-sqlite_check.patch"
)
src_prepare() {
default
- eautoreconf
-
# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
@@ -76,9 +70,10 @@ src_configure() {
$(use_enable bzip2)
$(use_enable nls)
$(use_enable smartcard scdaemon)
- $(use_enable sqlite)
$(use_enable ssl gnutls)
$(use_enable tofu)
+ $(use_enable tofu keyboxd)
+ $(use_enable tofu sqlite)
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
$(use_enable wks-server wks-tools)
$(use_with ldap)
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2022-04-25 15:46 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2022-04-25 15:46 UTC (permalink / raw
To: gentoo-commits
commit: e67bb84b2c008c569b7e1113260b3ca029b266bb
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 25 15:45:11 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 25 15:45:56 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e67bb84b
app-crypt/gnupg: backport 2.3.5 hang fix
Closes: https://bugs.gentoo.org/840746
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/gnupg-2.3.5-fix-buffering-hang.patch | 52 +++++++
app-crypt/gnupg/gnupg-2.3.5-r2.ebuild | 162 +++++++++++++++++++++
2 files changed, 214 insertions(+)
diff --git a/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch b/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch
new file mode 100644
index 000000000000..3ff8d2afcf6f
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch
@@ -0,0 +1,52 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=2fc91e15c6bebb203162cc8445e68ee4ff934885;hp=2848fe4c84e5ee20ccd90f0ef4c9f78c6801e1f6
+https://bugs.gentoo.org/840746
+
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Mon, 25 Apr 2022 17:37:32 +0900
+Subject: [PATCH 1/1] common:iobuf: Exclude cases with
+ IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP.
+
+* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
+(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.
+
+--
+
+GnuPG-bug-id: 5941
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/common/iobuf.c
++++ b/common/iobuf.c
+@@ -2177,7 +2177,8 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
+ a->e_d.len = 0;
+
+ /* Hint for how full to fill iobuf internal drain buffer. */
+- a->e_d.preferred = (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
++ a->e_d.preferred = (a->use != IOBUF_INPUT_TEMP)
++ && (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
+
+ n = 0;
+ do
+@@ -2200,7 +2201,7 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
+ underflow to read more data into the filter's internal
+ buffer. */
+ {
+- if (buf && n < buflen)
++ if (a->use != IOBUF_INPUT_TEMP && buf && n < buflen)
+ {
+ /* Setup external drain buffer for faster moving of data
+ * (avoid memcpy). */
+@@ -2328,11 +2329,13 @@ iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen)
+ a->e_d.len = 0;
+
+ /* Hint for how full to fill iobuf internal drain buffer. */
+- a->e_d.preferred = (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
++ a->e_d.preferred = (a->use != IOBUF_OUTPUT_TEMP)
++ && (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
+
+ do
+ {
+- if (a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
++ if ((a->use != IOBUF_OUTPUT_TEMP)
++ && a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
+ {
+ /* Setup external drain buffer for faster moving of data
+ * (avoid memcpy). */
diff --git a/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild b/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild
new file mode 100644
index 000000000000..d32419deb726
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND=">=dev-libs/libassuan-2.5.0
+ >=dev-libs/libgcrypt-1.9.1:=
+ >=dev-libs/libgpg-error-1.41
+ >=dev-libs/libksba-1.3.4
+ >=dev-libs/npth-1.2
+ >=net-misc/curl-7.10
+ bzip2? ( app-arch/bzip2 )
+ ldap? ( net-nds/openldap:= )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:1 ) )
+ tofu? ( >=dev-db/sqlite-3.27 )
+ tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+ ssl? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+"
+
+RDEPEND="${DEPEND}
+ app-crypt/pinentry
+ nls? ( virtual/libintl )
+ selinux? ( sec-policy/selinux-gpg )
+ wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+ doc? ( sys-apps/texinfo )
+ nls? ( sys-devel/gettext )
+ verify-sig? ( sec-keys/openpgp-keys-gnupg )"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+ "${FILESDIR}"/${P}-fix-buffering-hang.patch
+)
+
+src_prepare() {
+ default
+
+ # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+ # idea borrowed from libdbus, see
+ # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+ #
+ # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+ # which in turn requires discovery in Autoconf, something that upstream deeply resents.
+ sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+ -i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+src_configure() {
+ local myconf=(
+ $(use_enable bzip2)
+ $(use_enable nls)
+ $(use_enable smartcard scdaemon)
+ $(use_enable ssl gnutls)
+ $(use_enable tofu)
+ $(use_enable tofu keyboxd)
+ $(use_enable tofu sqlite)
+ $(usex tpm '--with-tss=intel' '--disable-tpm2d')
+ $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+ $(use_enable wks-server wks-tools)
+ $(use_with ldap)
+ $(use_with readline)
+ --with-mailprog=/usr/libexec/sendmail
+ --disable-ntbtls
+ --enable-all-tests
+ --enable-gpgsm
+ --enable-large-secmem
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+ GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+ KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+ LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+ LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+ NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+ )
+
+ if use prefix && use usb; then
+ # bug #649598
+ append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
+ fi
+
+ #bug 663142
+ if use user-socket; then
+ myconf+=( --enable-run-gnupg-user-socket )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+ # As of GnuPG 2.3, the mailprog substitution is used for the binary called
+ # by wks-client & wks-server; and if it's autodetected but not not exist at
+ # build time, then then 'gpg-wks-client --send' functionality will not
+ # work. This has an unwanted side-effect in stage3 builds: there was a
+ # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+ # the build where the install guide previously make the user chose the
+ # logger & mta early in the install.
+
+ econf "${myconf[@]}"
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+src_test() {
+ #Bug: 638574
+ use tofu && export TESTFLAGS=--parallel
+ default
+}
+
+src_install() {
+ default
+
+ use tools &&
+ dobin \
+ tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+ tools/make-dns-cert
+
+ dosym gpg /usr/bin/gpg2
+ dosym gpgv /usr/bin/gpgv2
+ echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+ echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+ use doc && dodoc doc/gnupg.html/* doc/*.png
+
+ systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2022-10-14 19:04 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2022-10-14 19:04 UTC (permalink / raw
To: gentoo-commits
commit: 427c50c7e83f2a469b3ce8ba91294142f66155ac
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 14 18:59:55 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Oct 14 19:04:15 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=427c50c7
app-crypt/gnupg: add 2.2.40
Signed-off-by: Sam James <sam <AT> gentoo.org>
app-crypt/gnupg/Manifest | 2 +
.../files/gnupg-2.2.40-fix-no-ldap-build.patch | 36 +++++
app-crypt/gnupg/gnupg-2.2.40.ebuild | 166 +++++++++++++++++++++
3 files changed, 204 insertions(+)
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index fdb506e83ca5..c9cfff783a16 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,4 +1,6 @@
DIST gnupg-2.2.39.tar.bz2 7290098 BLAKE2B a9e31830f3ef9ec6d8d461a85fcbe4b91bcac9607d3b5f13f5edc0c54505afb6c6c119cd397023b1378d96c7d0f15c0d60da1d15721e9a18eb3ea8c7b69fba83 SHA512 73f881c12c82010aeaada500517ff39ab22b27ff21b1248bc2228b60a2d75385a44a53c5cfadb8f6b84ef22ad9db0105096b6620fb689560809b324019713940
DIST gnupg-2.2.39.tar.bz2.sig 119 BLAKE2B 584d7d36671670ac507948257e9c6be556ed2a2d3c0100bb2746edfe96df5ee1d4c6172fe0cae39d85fc290097bc5f6e1b351debc8ec2f5cc78047354fbed016 SHA512 6f7d7c2d1fae706b03c735cf453976c3aebef3f23659426f39a88c63d979f4d873ae09280d75dee9000805468d2a7f49d348609061939000f7cedf34ec5c6019
+DIST gnupg-2.2.40.tar.bz2 7301631 BLAKE2B c9a077e28b22888573bdd12029205eb5f79a463a297e400a623bc86a39eeb6454cd884d05bd96734998613c695f2c9dcc68963c7275b89938ac38ddc7ba1e229 SHA512 4c2f5fbf37ba6fbad0045aad23129186963010c673ea0b81801adc4f98efe14d6c7228e22815b6b26307c1fe5bb51cd088aa6a0f06a9325d3c021849ef81c594
+DIST gnupg-2.2.40.tar.bz2.sig 119 BLAKE2B baaffad8203169fca54be031b3c77f818ecf973c73b9389cb3cbcd8217ae8a6018f0d3d4d2d5b6f0611f7643b78467f91902add3107e9538273607c6ba3a49bf SHA512 fccc06c709450d58e64716c505cd79556edac440462613c47c6ec78714355425c045418946b4b4b2a5c79e33e0e75b20f0699ae6de9921add4877fd6c8cc2d64
DIST gnupg-2.3.7.tar.bz2 7599853 BLAKE2B 3e9e33c8357222f42cc0e2af538e9f1f1f0453f35d790aaadf47ce9df24229efa91457b6014b34f19084448a3a6603c82e7d07714b89a68c6a84a08af6fa0e02 SHA512 c7fe169050ef17051cdaac9ad476e7ea792483baad1208fc359d568fa9e138d920ecaa2cd9cae73b20f5472a7d8ca6540a62062ff7a06055cc656b0eb4b917b9
DIST gnupg-2.3.7.tar.bz2.sig 119 BLAKE2B c2652adf203bc828ed0aaf778542e990028156c16b435cd35aa6fe57ca0a5b798087c98e16589685c8ab9b8b92e16c3f7d4da56a4b1209b9adf2c24ea548ae6e SHA512 0257034b3e7ac390dadb151c656ff59822dacedaddca4ad6b5980b3e03a468ada47553e6a1fcff6a12c64ae2f9c15b245df855cd424b010041df8daaaab9a1b8
diff --git a/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
new file mode 100644
index 000000000000..3ab9c0cba902
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
@@ -0,0 +1,36 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7011286ce6e1fb56c2989fdafbd11b931c489faa
+
+From 7011286ce6e1fb56c2989fdafbd11b931c489faa Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 14 Oct 2022 09:58:41 +0900
+Subject: [PATCH] dirmngr: Fix build with no LDAP support.
+
+* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize.
+
+--
+
+GnuPG-bug-id: 6239
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/server.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/dirmngr/server.c b/dirmngr/server.c
+index 04ebfd317..98f354300 100644
+--- a/dirmngr/server.c
++++ b/dirmngr/server.c
+@@ -3137,8 +3137,10 @@ start_command_handler (assuan_fd_t fd, unsigned int session_id)
+ ctrl->refcount);
+ else
+ {
++#if USE_LDAP
+ ks_ldap_free_state (ctrl->ks_get_state);
+ ctrl->ks_get_state = NULL;
++#endif
+ release_ctrl_ocsp_certs (ctrl);
+ xfree (ctrl->server_local);
+ dirmngr_deinit_default_ctrl (ctrl);
+--
+2.11.0
+
+
diff --git a/app-crypt/gnupg/gnupg-2.2.40.ebuild b/app-crypt/gnupg/gnupg-2.2.40.ebuild
new file mode 100644
index 000000000000..aad9c21dbc70
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.40.ebuild
@@ -0,0 +1,166 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND=">=dev-libs/libassuan-2.5.0
+ >=dev-libs/libgcrypt-1.8.0:=
+ >=dev-libs/libgpg-error-1.29
+ >=dev-libs/libksba-1.3.5
+ >=dev-libs/npth-1.2
+ >=net-misc/curl-7.10
+ sys-libs/zlib
+ bzip2? ( app-arch/bzip2 )
+ ldap? ( net-nds/openldap:= )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:1 ) )
+ ssl? ( >=net-libs/gnutls-3.0:0= )
+ tofu? ( >=dev-db/sqlite-3.7 )"
+
+RDEPEND="${DEPEND}
+ app-crypt/pinentry
+ nls? ( virtual/libintl )
+ selinux? ( sec-policy/selinux-gpg )
+ wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+ doc? ( sys-apps/texinfo )
+ nls? ( sys-devel/gettext )
+ verify-sig? ( sec-keys/openpgp-keys-gnupg )"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+ "${FILESDIR}"/${P}-fix-no-ldap-build.patch
+)
+
+src_prepare() {
+ default
+
+ # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+ # idea borrowed from libdbus, see
+ # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+ #
+ # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+ # which in turn requires discovery in Autoconf, something that upstream deeply resents.
+ sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+ -i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+src_configure() {
+ local myconf=(
+ $(use_enable bzip2)
+ $(use_enable nls)
+ $(use_enable smartcard scdaemon)
+ $(use_enable ssl gnutls)
+ $(use_enable test all-tests)
+ $(use_enable test tests)
+ $(use_enable tofu)
+ $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+ $(use_enable wks-server wks-tools)
+ $(use_with ldap)
+ $(use_with readline)
+ --with-mailprog=/usr/libexec/sendmail
+ --disable-ntbtls
+ --enable-gpg
+ --enable-gpgsm
+ --enable-large-secmem
+
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+ GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+ KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+ LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+ LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+ NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+ )
+
+ if use prefix && use usb; then
+ # bug #649598
+ append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
+ fi
+
+ # bug #663142
+ if use user-socket; then
+ myconf+=( --enable-run-gnupg-user-socket )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+ # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+ # As of GnuPG 2.3, the mailprog substitution is used for the binary called
+ # by wks-client & wks-server; and if it's autodetected but not not exist at
+ # build time, then then 'gpg-wks-client --send' functionality will not
+ # work. This has an unwanted side-effect in stage3 builds: there was a
+ # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+ # the build where the install guide previously make the user chose the
+ # logger & mta early in the install.
+
+ econf "${myconf[@]}"
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+src_test() {
+ # bug #638574
+ use tofu && export TESTFLAGS=--parallel
+
+ default
+}
+
+src_install() {
+ default
+
+ use tools &&
+ dobin \
+ tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+ tools/make-dns-cert
+
+ dosym gpg /usr/bin/gpg2
+ dosym gpgv /usr/bin/gpgv2
+ echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+ echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+ use doc && dodoc doc/gnupg.html/* doc/*.png
+
+ systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2024-01-29 9:49 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2024-01-29 9:49 UTC (permalink / raw
To: gentoo-commits
commit: 794b312233b33ce315807bb305e0db42d530dfe7
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 29 09:48:36 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan 29 09:48:47 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794b3122
app-crypt/gnupg: backport insecure smartcard backup fix to 2.2.x
Bug: https://bugs.gentoo.org/923248
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../gnupg-2.2.42-bug923248-insecure-backup.patch | 292 +++++++++++++++++++++
app-crypt/gnupg/gnupg-2.2.42-r2.ebuild | 182 +++++++++++++
2 files changed, 474 insertions(+)
diff --git a/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch b/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch
new file mode 100644
index 000000000000..76d6d94c40b1
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch
@@ -0,0 +1,292 @@
+https://bugs.gentoo.org/923248
+https://dev.gnupg.org/T6944
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=3b69d8bf7146b8d10737d0cfea9c97affc60ad73
+
+From 3b69d8bf7146b8d10737d0cfea9c97affc60ad73 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Wed, 24 Jan 2024 11:29:24 +0100
+Subject: [PATCH] gpg: Fix leftover unprotected card backup key.
+
+* agent/command.c (cmd_learn): Add option --reallyforce.
+* agent/findkey.c (agent_write_private_key): Implement reallyforce.
+Also add arg reallyforce and pass it along the call chain.
+
+* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
+special force value.
+* g10/keygen.c (card_store_key_with_backup): Use that force value.
+--
+
+This was a regression in 2.2.42. We took the easy path to fix it by
+getting the behaviour back to what we did prior to 2.2.42. With GnuPG
+2.4.4 we use an entire different and safer approach by introducing an
+ephemeral private key store.
+
+GnuPG-bug-id: 6944
+--- a/agent/agent.h
++++ b/agent/agent.h
+@@ -422,7 +422,8 @@ void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
+ gpg_error_t agent_modify_description (const char *in, const char *comment,
+ const gcry_sexp_t key, char **result);
+ int agent_write_private_key (const unsigned char *grip,
+- const void *buffer, size_t length, int force,
++ const void *buffer, size_t length,
++ int force, int reallyforce,
+ const char *serialno, const char *keyref,
+ const char *dispserialno, time_t timestamp);
+ gpg_error_t agent_key_from_file (ctrl_t ctrl,
+@@ -548,6 +549,7 @@ gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,
+ gpg_error_t agent_write_shadow_key (const unsigned char *grip,
+ const char *serialno, const char *keyid,
+ const unsigned char *pkbuf, int force,
++ int reallyforce,
+ const char *dispserialno);
+
+
+@@ -628,7 +630,8 @@ void agent_card_killscd (void);
+
+
+ /*-- learncard.c --*/
+-int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force);
++int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context,
++ int force, int reallyforce);
+
+
+ /*-- cvt-openpgp.c --*/
+--- a/agent/command-ssh.c
++++ b/agent/command-ssh.c
+@@ -2499,7 +2499,7 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
+
+ /* (Shadow)-key is not available in our key storage. */
+ agent_card_getattr (ctrl, "$DISPSERIALNO", &dispserialno);
+- err = agent_write_shadow_key (grip, serialno, authkeyid, pkbuf, 0,
++ err = agent_write_shadow_key (grip, serialno, authkeyid, pkbuf, 0, 0,
+ dispserialno);
+ xfree (dispserialno);
+ if (err)
+@@ -3159,7 +3159,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
+
+ /* Store this key to our key storage. We do not store a creation
+ * timestamp because we simply do not know. */
+- err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0,
++ err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0, 0,
+ NULL, NULL, NULL, 0);
+ if (err)
+ goto out;
+--- a/agent/command.c
++++ b/agent/command.c
+@@ -1042,7 +1042,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
+ /* Shadow-key is or is not available in our key storage. In
+ * any case we need to check whether we need to update with
+ * a new display-s/n or whatever. */
+- rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0,
++ rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0, 0,
+ dispserialno);
+ if (rc)
+ goto leave;
+@@ -1855,16 +1855,18 @@ cmd_learn (assuan_context_t ctx, char *line)
+ {
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ gpg_error_t err;
+- int send, sendinfo, force;
++ int send, sendinfo, force, reallyforce;
+
+ send = has_option (line, "--send");
+ sendinfo = send? 1 : has_option (line, "--sendinfo");
+ force = has_option (line, "--force");
++ reallyforce = has_option (line, "--reallyforce");
+
+ if (ctrl->restricted)
+ return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+
+- err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL, force);
++ err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL,
++ force, reallyforce);
+ return leave_cmd (ctx, err);
+ }
+
+@@ -2427,11 +2429,11 @@ cmd_import_key (assuan_context_t ctx, char *line)
+ err = agent_protect (key, passphrase, &finalkey, &finalkeylen,
+ ctrl->s2k_count);
+ if (!err)
+- err = agent_write_private_key (grip, finalkey, finalkeylen, force,
++ err = agent_write_private_key (grip, finalkey, finalkeylen, force, 0,
+ NULL, NULL, NULL, opt_timestamp);
+ }
+ else
+- err = agent_write_private_key (grip, key, realkeylen, force,
++ err = agent_write_private_key (grip, key, realkeylen, force, 0,
+ NULL, NULL, NULL, opt_timestamp);
+
+ leave:
+--- a/agent/cvt-openpgp.c
++++ b/agent/cvt-openpgp.c
+@@ -1070,7 +1070,7 @@ convert_from_openpgp_native (ctrl_t ctrl,
+ &protectedkey, &protectedkeylen,
+ ctrl->s2k_count))
+ agent_write_private_key (grip, protectedkey, protectedkeylen,
+- 1/*force*/, NULL, NULL, NULL, 0);
++ 1/*force*/, 0, NULL, NULL, NULL, 0);
+ xfree (protectedkey);
+ }
+ else
+@@ -1079,7 +1079,7 @@ convert_from_openpgp_native (ctrl_t ctrl,
+ agent_write_private_key (grip,
+ *r_key,
+ gcry_sexp_canon_len (*r_key, 0, NULL,NULL),
+- 1/*force*/, NULL, NULL, NULL, 0);
++ 1/*force*/, 0, NULL, NULL, NULL, 0);
+ }
+ }
+
+--- a/agent/findkey.c
++++ b/agent/findkey.c
+@@ -82,7 +82,8 @@ fname_from_keygrip (const unsigned char *grip, int for_new)
+ * recorded as creation date. */
+ int
+ agent_write_private_key (const unsigned char *grip,
+- const void *buffer, size_t length, int force,
++ const void *buffer, size_t length,
++ int force, int reallyforce,
+ const char *serialno, const char *keyref,
+ const char *dispserialno,
+ time_t timestamp)
+@@ -165,10 +166,13 @@ agent_write_private_key (const unsigned char *grip,
+ /* Check that we do not update a regular key with a shadow key. */
+ if (is_regular && gpg_err_code (is_shadowed_key (key)) == GPG_ERR_TRUE)
+ {
+- log_info ("updating regular key file '%s'"
+- " by a shadow key inhibited\n", oldfname);
+- err = 0; /* Simply ignore the error. */
+- goto leave;
++ if (!reallyforce)
++ {
++ log_info ("updating regular key file '%s'"
++ " by a shadow key inhibited\n", oldfname);
++ err = 0; /* Simply ignore the error. */
++ goto leave;
++ }
+ }
+ /* Check that we update a regular key only in force mode. */
+ if (is_regular && !force)
+@@ -1704,12 +1708,13 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
+ * Shadow key is created by an S-expression public key in PKBUF and
+ * card's SERIALNO and the IDSTRING. With FORCE passed as true an
+ * existing key with the given GRIP will get overwritten. If
+- * DISPSERIALNO is not NULL the human readable s/n will also be
+- * recorded in the key file. */
++ * REALLYFORCE is also true, even a private key will be overwritten by
++ * a shadown key. If DISPSERIALNO is not NULL the human readable s/n
++ * will also be recorded in the key file. */
+ gpg_error_t
+ agent_write_shadow_key (const unsigned char *grip,
+ const char *serialno, const char *keyid,
+- const unsigned char *pkbuf, int force,
++ const unsigned char *pkbuf, int force, int reallyforce,
+ const char *dispserialno)
+ {
+ gpg_error_t err;
+@@ -1737,7 +1742,7 @@ agent_write_shadow_key (const unsigned char *grip,
+ }
+
+ len = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
+- err = agent_write_private_key (grip, shdkey, len, force,
++ err = agent_write_private_key (grip, shdkey, len, force, reallyforce,
+ serialno, keyid, dispserialno, 0);
+ xfree (shdkey);
+ if (err)
+--- a/agent/genkey.c
++++ b/agent/genkey.c
+@@ -69,7 +69,7 @@ store_key (gcry_sexp_t private, const char *passphrase, int force,
+ buf = p;
+ }
+
+- rc = agent_write_private_key (grip, buf, len, force,
++ rc = agent_write_private_key (grip, buf, len, force, 0,
+ NULL, NULL, NULL, timestamp);
+ xfree (buf);
+ return rc;
+--- a/agent/learncard.c
++++ b/agent/learncard.c
+@@ -297,9 +297,12 @@ send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context)
+ }
+
+ /* Perform the learn operation. If ASSUAN_CONTEXT is not NULL and
+- SEND is true all new certificates are send back via Assuan. */
++ SEND is true all new certificates are send back via Assuan. If
++ REALLYFORCE is true a private key will be overwritten by a stub
++ key. */
+ int
+-agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force)
++agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context,
++ int force, int reallyforce)
+ {
+ int rc;
+ struct kpinfo_cb_parm_s parm;
+@@ -414,7 +417,7 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force)
+
+ agent_card_getattr (ctrl, "$DISPSERIALNO", &dispserialno);
+ rc = agent_write_shadow_key (grip, serialno, item->id, pubkey,
+- force, dispserialno);
++ force, reallyforce, dispserialno);
+ xfree (dispserialno);
+ }
+ xfree (pubkey);
+--- a/agent/protect-tool.c
++++ b/agent/protect-tool.c
+@@ -807,13 +807,15 @@ agent_askpin (ctrl_t ctrl,
+ * to stdout. */
+ int
+ agent_write_private_key (const unsigned char *grip,
+- const void *buffer, size_t length, int force,
++ const void *buffer, size_t length,
++ int force, int reallyforce,
+ const char *serialno, const char *keyref,
+ const char *dispserialno, time_t timestamp)
+ {
+ char hexgrip[40+4+1];
+ char *p;
+
++ (void)reallyforce;
+ (void)force;
+ (void)timestamp;
+ (void)serialno;
+--- a/g10/call-agent.c
++++ b/g10/call-agent.c
+@@ -745,6 +745,11 @@ learn_status_cb (void *opaque, const char *line)
+ * card-util.c
+ * keyedit_menu
+ * card_store_key_with_backup (Woth force to remove secret key data)
++ *
++ * If force has the value 2 the --reallyforce option is also used.
++ * This is to make sure the sshadow key overwrites the private key.
++ * Note that this option is gnupg 2.2 specific because since 2.4.4 an
++ * ephemeral private key store is used instead.
+ */
+ int
+ agent_scd_learn (struct agent_card_info_s *info, int force)
+@@ -764,6 +769,7 @@ agent_scd_learn (struct agent_card_info_s *info, int force)
+
+ parm.ctx = agent_ctx;
+ rc = assuan_transact (agent_ctx,
++ force == 2? "LEARN --sendinfo --force --reallyforce" :
+ force ? "LEARN --sendinfo --force" : "LEARN --sendinfo",
+ dummy_data_cb, NULL, default_inq_cb, &parm,
+ learn_status_cb, info);
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -5201,8 +5201,11 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
+ if (err)
+ log_error ("writing card key to backup file: %s\n", gpg_strerror (err));
+ else
+- /* Remove secret key data in agent side. */
+- agent_scd_learn (NULL, 1);
++ {
++ /* Remove secret key data in agent side. We use force 2 here to
++ * allow overwriting of the temporary private key. */
++ agent_scd_learn (NULL, 2);
++ }
+
+ leave:
+ xfree (ecdh_param_str);
+--
+2.30.2
diff --git a/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild b/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild
new file mode 100644
index 000000000000..b46257fafc93
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+ >=dev-libs/libassuan-2.5.0
+ >=dev-libs/libgcrypt-1.8.0:=
+ >=dev-libs/libgpg-error-1.38
+ >=dev-libs/libksba-1.3.5
+ >=dev-libs/npth-1.2
+ >=net-misc/curl-7.10
+ sys-libs/zlib
+ bzip2? ( app-arch/bzip2 )
+ ldap? ( net-nds/openldap:= )
+ readline? ( sys-libs/readline:= )
+ smartcard? ( usb? ( virtual/libusb:1 ) )
+ ssl? ( >=net-libs/gnutls-3.0:= )
+ tofu? ( >=dev-db/sqlite-3.7 )
+"
+RDEPEND="
+ ${DEPEND}
+ nls? ( virtual/libintl )
+ selinux? ( sec-policy/selinux-gpg )
+ wks-server? ( virtual/mta )
+"
+PDEPEND="
+ app-crypt/pinentry
+"
+BDEPEND="
+ virtual/pkgconfig
+ doc? ( sys-apps/texinfo )
+ nls? ( sys-devel/gettext )
+ verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+ "${FILESDIR}"/${PN}-2.2.42-bug923248-insecure-backup.patch
+)
+
+src_prepare() {
+ default
+
+ # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+ # idea borrowed from libdbus, see
+ # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+ #
+ # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+ # which in turn requires discovery in Autoconf, something that upstream deeply resents.
+ sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+ -i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+ # Upstream don't support LTO, bug #854222.
+ filter-lto
+
+ local myconf=(
+ $(use_enable bzip2)
+ $(use_enable nls)
+ $(use_enable smartcard scdaemon)
+ $(use_enable ssl gnutls)
+ $(use_enable test all-tests)
+ $(use_enable test tests)
+ $(use_enable tofu)
+ $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+ $(use_enable wks-server wks-tools)
+ $(use_with ldap)
+ $(use_with readline)
+
+ # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+ # As of GnuPG 2.3, the mailprog substitution is used for the binary called
+ # by wks-client & wks-server; and if it's autodetected but not not exist at
+ # build time, then then 'gpg-wks-client --send' functionality will not
+ # work. This has an unwanted side-effect in stage3 builds: there was a
+ # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+ # the build where the install guide previously make the user chose the
+ # logger & mta early in the install.
+ --with-mailprog=/usr/libexec/sendmail
+
+ --disable-ntbtls
+ --enable-gpg
+ --enable-gpgsm
+ --enable-large-secmem
+
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+ GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+ KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+ LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+ LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+ NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+ )
+
+ if use prefix && use usb; then
+ # bug #649598
+ append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+ fi
+
+ # bug #663142
+ if use user-socket; then
+ myconf+=( --enable-run-gnupg-user-socket )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+ econf "${myconf[@]}"
+}
+
+my_src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+my_src_test() {
+ export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+ default
+}
+
+my_src_install() {
+ emake DESTDIR="${D}" install
+
+ use tools && dobin \
+ tools/{gpg-zip,gpgconf,gpgsplit,gpg-check-pattern} \
+ tools/make-dns-cert
+
+ dosym gpg /usr/bin/gpg2
+ dosym gpgv /usr/bin/gpgv2
+ echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+ echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+ use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+ einstalldocs
+
+ use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+
+ use doc && dodoc doc/*.png
+
+ systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2024-02-18 10:13 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2024-02-18 10:13 UTC (permalink / raw
To: gentoo-commits
commit: 45ed86aa273d9bb10f4856de72616d889f43f016
Author: Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Fri Feb 16 04:29:49 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 10:12:32 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45ed86aa
app-crypt/gnupg: fix dirmngr behind a proxy
Adapted from upstream patches:
https://dev.gnupg.org/rG04cbc3074aa98660b513a80f623a7e9f0702c7c9
https://dev.gnupg.org/rG848546b05ab0ff6abd47724ecfab73bf32dd4c01
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Closes: https://bugs.gentoo.org/924606
Bug: https://bugs.gentoo.org/835949
Closes: https://github.com/gentoo/gentoo/pull/35368
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch | 91 ++++++++++
app-crypt/gnupg/gnupg-2.4.4-r1.ebuild | 197 +++++++++++++++++++++
2 files changed, 288 insertions(+)
diff --git a/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
new file mode 100644
index 000000000000..ebfaddb78e03
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
@@ -0,0 +1,91 @@
+diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c
+--- gnupg-2.4.4.orig/dirmngr/http.c 2024-01-25 03:06:42.000000000 -0700
++++ gnupg-2.4.4/dirmngr/http.c 2024-02-15 21:10:28.849074727 -0700
+@@ -2362,7 +2362,6 @@
+ * NULL, decode the string and use this as input from teh server. On
+ * success the final output token is stored at PROXY->OUTTOKEN and
+ * OUTTOKLEN. IF the authentication succeeded OUTTOKLEN is zero. */
+-#ifdef USE_TLS
+ static gpg_error_t
+ proxy_get_token (proxy_info_t proxy, const char *inputstring)
+ {
+@@ -2530,11 +2529,9 @@
+
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+-#endif /*USE_TLS*/
+
+
+ /* Use the CONNECT method to proxy our TLS stream. */
+-#ifdef USE_TLS
+ static gpg_error_t
+ run_proxy_connect (http_t hd, proxy_info_t proxy,
+ const char *httphost, const char *server,
+@@ -2556,6 +2553,7 @@
+ * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
+ */
+ auth_basic = !!proxy->uri->auth;
++ hd->keep_alive = 0;
+
+ /* For basic authentication we need to send just one request. */
+ if (auth_basic
+@@ -2577,16 +2575,15 @@
+ httphost ? httphost : server,
+ port,
+ authhdr ? authhdr : "",
+- auth_basic? "" : "Connection: keep-alive\r\n");
++ hd->keep_alive? "Connection: keep-alive\r\n" : "");
+ if (!request)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+- hd->keep_alive = !auth_basic; /* We may need to send more requests. */
+
+ if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
+- log_debug_with_string (request, "http.c:proxy:request:");
++ log_debug_string (request, "http.c:proxy:request:");
+
+ if (!hd->fp_write)
+ {
+@@ -2610,16 +2607,6 @@
+ if (err)
+ goto leave;
+
+- {
+- unsigned long count = 0;
+-
+- while (es_getc (hd->fp_read) != EOF)
+- count++;
+- if (opt_debug)
+- log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
+- count);
+- }
+-
+ /* Reset state. */
+ es_clearerr (hd->fp_read);
+ ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
+@@ -2743,7 +2730,6 @@
+ xfree (tmpstr);
+ return err;
+ }
+-#endif /*USE_TLS*/
+
+
+ /* Make a request string using a standard proxy. On success the
+@@ -2903,7 +2889,6 @@
+ goto leave;
+ }
+
+-#if USE_TLS
+ if (use_http_proxy && hd->uri->use_tls)
+ {
+ err = run_proxy_connect (hd, proxy, httphost, server, port);
+@@ -2915,7 +2900,6 @@
+ * clear the flag to indicate this. */
+ use_http_proxy = 0;
+ }
+-#endif /* USE_TLS */
+
+ #if HTTP_USE_NTBTLS
+ err = run_ntbtls_handshake (hd);
diff --git a/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild
new file mode 100644
index 000000000000..768489c6bf9f
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+ >=dev-libs/libassuan-2.5.0
+ >=dev-libs/libgcrypt-1.9.1:=
+ >=dev-libs/libgpg-error-1.46
+ >=dev-libs/libksba-1.6.3
+ >=dev-libs/npth-1.2
+ >=net-misc/curl-7.10
+ sys-libs/zlib
+ bzip2? ( app-arch/bzip2 )
+ ldap? ( net-nds/openldap:= )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:1 ) )
+ tofu? ( >=dev-db/sqlite-3.27 )
+ tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+ ssl? ( >=net-libs/gnutls-3.2:0= )
+"
+RDEPEND="
+ ${DEPEND}
+ nls? ( virtual/libintl )
+ selinux? ( sec-policy/selinux-gpg )
+ wks-server? ( virtual/mta )
+"
+PDEPEND="
+ app-crypt/pinentry
+"
+BDEPEND="
+ virtual/pkgconfig
+ doc? ( sys-apps/texinfo )
+ nls? ( sys-devel/gettext )
+ verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+ "${FILESDIR}"/${P}-dirmngr-proxy.patch #924606
+)
+
+src_prepare() {
+ default
+
+ GNUPG_SYSTEMD_UNITS=(
+ dirmngr.service
+ dirmngr.socket
+ gpg-agent-browser.socket
+ gpg-agent-extra.socket
+ gpg-agent.service
+ gpg-agent.socket
+ gpg-agent-ssh.socket
+ )
+
+ cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+
+ # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+ # idea borrowed from libdbus, see
+ # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+ #
+ # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+ # which in turn requires discovery in Autoconf, something that upstream deeply resents.
+ sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+ -i "${T}"/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+ # Upstream don't support LTO, bug #854222.
+ filter-lto
+
+ local myconf=(
+ $(use_enable bzip2)
+ $(use_enable nls)
+ $(use_enable smartcard scdaemon)
+ $(use_enable ssl gnutls)
+ $(use_enable test all-tests)
+ $(use_enable test tests)
+ $(use_enable tofu)
+ $(use_enable tofu keyboxd)
+ $(use_enable tofu sqlite)
+ $(usex tpm '--with-tss=intel' '--disable-tpm2d')
+ $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+ $(use_enable wks-server wks-tools)
+ $(use_with ldap)
+ $(use_with readline)
+
+ # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+ # As of GnuPG 2.3, the mailprog substitution is used for the binary called
+ # by wks-client & wks-server; and if it's autodetected but not not exist at
+ # build time, then then 'gpg-wks-client --send' functionality will not
+ # work. This has an unwanted side-effect in stage3 builds: there was a
+ # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+ # the build where the install guide previously make the user chose the
+ # logger & mta early in the install.
+ --with-mailprog=/usr/libexec/sendmail
+
+ --disable-ntbtls
+ --enable-gpgsm
+ --enable-large-secmem
+
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+ GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+ KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+ LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+ LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+ NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+ )
+
+ if use prefix && use usb; then
+ # bug #649598
+ append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+ fi
+
+ # bug #663142
+ if use user-socket; then
+ myconf+=( --enable-run-gnupg-user-socket )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+ econf "${myconf[@]}"
+}
+
+my_src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+my_src_test() {
+ export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+ default
+}
+
+my_src_install() {
+ emake DESTDIR="${D}" install
+
+ use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+
+ dosym gpg /usr/bin/gpg2
+ dosym gpgv /usr/bin/gpgv2
+ echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+ echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+ use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+ einstalldocs
+
+ use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+ use doc && dodoc doc/*.png
+
+ # Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+ dodoc "${FILESDIR}"/README-systemd
+ systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
+}
^ permalink raw reply related [flat|nested] 18+ messages in thread
end of thread, other threads:[~2024-02-18 10:13 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-05-09 13:03 [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/ Kristian Fiskerstrand
-- strict thread matches above, loose matches on Subject: below --
2024-02-18 10:13 Sam James
2024-01-29 9:49 Sam James
2022-10-14 19:04 Sam James
2022-04-25 15:46 Sam James
2021-09-07 15:20 David Seifert
2021-06-12 22:37 Lars Wendler
2021-02-07 14:26 Mikle Kolyada
2020-09-03 20:11 Mikle Kolyada
2020-08-14 23:58 Thomas Deutschmann
2019-04-09 17:50 Robin H. Johnson
2017-09-19 8:17 Kristian Fiskerstrand
2017-09-16 11:13 Kristian Fiskerstrand
2017-08-11 16:50 Kristian Fiskerstrand
2017-04-03 21:09 Alon Bar-Lev
2017-03-06 22:34 Kristian Fiskerstrand
2017-03-02 10:06 Fabian Groffen
2016-05-19 21:06 Kristian Fiskerstrand
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox