public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2020-09-01  9:41 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-09-01  9:41 UTC (permalink / raw
  To: gentoo-commits

commit:     eecfafdf8668a17309be1b1e5441b489c310e33a
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  1 09:40:50 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Sep  1 09:41:47 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eecfafdf

app-crypt/gnupg: fix smart card autodetection

Closes: https://bugs.gentoo.org/739630q
Package-Manager: Portage-3.0.4, Repoman-2.3.23
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch | 20 ++++++++++++++++++++
 .../{gnupg-2.2.22.ebuild => gnupg-2.2.22-r1.ebuild}  |  1 +
 2 files changed, 21 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch b/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch
new file mode 100644
index 00000000000..1a01e5ddbc5
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch
@@ -0,0 +1,20 @@
+diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
+index 8a1d30d5b..ccc360fc8 100644
+--- a/scd/app-openpgp.c
++++ b/scd/app-openpgp.c
+@@ -2357,10 +2357,15 @@ verify_chv2 (app_t app,
+   int rc;
+   char *pinvalue;
+   int pinlen;
++  int i;
+ 
+   if (app->did_chv2)
+     return 0;  /* We already verified CHV2.  */
+ 
++  /* Make sure we have load the public keys.  */
++  for (i = 0; i < 3; i++)
++    get_public_key (app, i);
++
+   if (app->app_local->pk[1].key || app->app_local->pk[2].key)
+     {
+       rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue, &pinlen);

diff --git a/app-crypt/gnupg/gnupg-2.2.22.ebuild b/app-crypt/gnupg/gnupg-2.2.22-r1.ebuild
similarity index 99%
rename from app-crypt/gnupg/gnupg-2.2.22.ebuild
rename to app-crypt/gnupg/gnupg-2.2.22-r1.ebuild
index 71679032de6..3cd4a08ed40 100644
--- a/app-crypt/gnupg/gnupg-2.2.22.ebuild
+++ b/app-crypt/gnupg/gnupg-2.2.22-r1.ebuild
@@ -50,6 +50,7 @@ DOCS=(
 
 PATCHES=(
 	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	"${FILESDIR}/${P}-card-status.patch"
 )
 
 src_prepare() {


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2024-11-03  9:04 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2024-11-03  9:04 UTC (permalink / raw
  To: gentoo-commits

commit:     529953360a192b6d34ff867a2856f19d918c1df4
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov  3 09:03:09 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov  3 09:03:47 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52995336

app-crypt/gnupg: fix implicit func decl (on musl) for 2.4.6

Closes: https://bugs.gentoo.org/942467
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/files/gnupg-2.4.6-c99.patch        | 28 ++++++++++++++++++++++
 .../{gnupg-2.4.6.ebuild => gnupg-2.4.6-r1.ebuild}  |  1 +
 2 files changed, 29 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.4.6-c99.patch b/app-crypt/gnupg/files/gnupg-2.4.6-c99.patch
new file mode 100644
index 000000000000..35c9b33edd9f
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.4.6-c99.patch
@@ -0,0 +1,28 @@
+https://bugs.gentoo.org/942467
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c0cb0175c9e6e8d6a3bdd2e40f85fa730fa325af
+
+From c0cb0175c9e6e8d6a3bdd2e40f85fa730fa325af Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Tue, 9 Jul 2024 10:48:02 +0900
+Subject: [PATCH] scd: Add <unistd.h> for read(2) / write(2) .
+
+* scd/app.c: Include <unistd.h>.
+
+--
+
+Reported-by: David Bohman
+GnuPG-bug-id: 7193
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+(cherry picked from commit 1d5cfa9b7fd22e1c46eeed5fa9fed2af6f81d34f)
+--- a/scd/app.c
++++ b/scd/app.c
+@@ -22,6 +22,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <unistd.h>
+ #include <npth.h>
+ 
+ #ifndef HAVE_W32_SYSTEM
+-- 
+2.30.2

diff --git a/app-crypt/gnupg/gnupg-2.4.6.ebuild b/app-crypt/gnupg/gnupg-2.4.6-r1.ebuild
similarity index 99%
rename from app-crypt/gnupg/gnupg-2.4.6.ebuild
rename to app-crypt/gnupg/gnupg-2.4.6-r1.ebuild
index efcb0ec1ad03..a9d778121bd4 100644
--- a/app-crypt/gnupg/gnupg-2.4.6.ebuild
+++ b/app-crypt/gnupg/gnupg-2.4.6-r1.ebuild
@@ -70,6 +70,7 @@ DOCS=(
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
 	"${FILESDIR}"/${PN}-2.4.5-revert-rfc4880bis.patch # bug #926186
+	"${FILESDIR}"/${PN}-2.4.6-c99.patch
 )
 
 src_prepare() {


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2024-11-03  9:04 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2024-11-03  9:04 UTC (permalink / raw
  To: gentoo-commits

commit:     01c6851d604d78a0cc79fbccc312aa01e84d6ab5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov  3 08:59:31 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov  3 09:03:46 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01c6851d

app-crypt/gnupg: add 2.2.45

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |   2 +
 ...nupg-2.2.45-fix-status-output-LISTTRUSTED.patch |  30 ++++
 app-crypt/gnupg/gnupg-2.2.45.ebuild                | 182 +++++++++++++++++++++
 3 files changed, 214 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index fd6fef515693..93fb19144c58 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,6 +2,8 @@ DIST gnupg-2.2.42.tar.bz2 7434291 BLAKE2B 5f7f01f31949e5258d638fbff81fa641e5c167
 DIST gnupg-2.2.42.tar.bz2.sig 238 BLAKE2B 251ad0a832042ceb93b0edfda8652104bfb463e291322f22f0ab0d9b35606c3589be7a6f3e9e2aac8f6ac368a7d11840ab83b29997587dc65685de9f2dec3fee SHA512 7073bfc920c571680a1de57b4e6cd83cde24ccb3b5f592602b0c32fd762eef497027b08745044c9f41130ca99bb7ec77222568c2d0a1099d3c1c15137e0221d7
 DIST gnupg-2.2.43.tar.bz2 7435426 BLAKE2B ddf5c89d317e6ce8d1a5348f0ef81ffa1c61c995ddb312b28410f04502b01eae307cd943bee7182d28d4efccac394c91053f8e33756b00166bf66b2bf4a791a7 SHA512 0d2e733b6659c116c043db5252de4de33d6a70c16172d1fe9b779ba413ba9fcb64bbfdcc4686d0e87904561fc62d1aa765144e0586957a500287c175ee37bd49
 DIST gnupg-2.2.43.tar.bz2.sig 119 BLAKE2B 38fd3790f5065d67d6b5323ef7abbb79facf00e5b9daba98e5078302fc3887423173ba434c7eff1e64faecef88d87aab9c057c570d6e96e8d0808f07f32d8fa1 SHA512 47c5354869b1825e56fa4276826fcde1ee41c70aab9b411686cf2733f4d1df9c006049e49e066b22e475bd37b337f9ffc97f8bbca0c62c0f32296909464a0643
+DIST gnupg-2.2.45.tar.bz2 7447141 BLAKE2B 8fe2036325e31332166c0477ce9514152c8417a9f61b3edc43487340d5b52e6a4d4c2b104ca9fe7ce6893e6d2977e2cd9c9ccfb52c0b1ea18dae3304ec6ec7f3 SHA512 086bb2a96ff4a681451b357495c8b435229e6526e1121d8faee3cb2ecc9c14965c92c9b1ccbbf3a03f6c59c215cca85a5c4f740f2df7c008a9fa672b370bf33c
+DIST gnupg-2.2.45.tar.bz2.sig 119 BLAKE2B 6656747b2d640a95c4172a221952fa75f7d03c231b7c6d40ea57b43a5bcfbceb800023ca2f352ca09325aaf186a7bf31fcfe7104129c5d6628f0e1256994df76 SHA512 181195a76eede8113bd8f2a7f5bc20674226f6327cf8263389e3d178c205ed2d817b28f2d3b504dd9f852f22fc283d2c14e809ba1c05cfe88b66103845ff114c
 DIST gnupg-2.4.5.tar.bz2 7889060 BLAKE2B a8b80cd4dfbb377066efb5c9f1b6cdc6d0cd1b18358c962781b5c06de1545117b13038a4655ae627c36bfd2e5fee127692df8729d6b23e1b31051ab6d897b733 SHA512 4d54744f09399c5899144d0cb5fdc2756e45b058db41b9ea9df3be03e80b914509e16ef35aa0248e7561185b80f7a5f9fd6afcab8ccff75ff82ed555448a38ff
 DIST gnupg-2.4.5.tar.bz2.sig 238 BLAKE2B b236e7d62f49c8385f4fb81389bf10715d9c0a0cb5c0b4c20fb6ff1465d05a3c3657061284db23af988a1ca16c9fa393af3ce5cbd27934501eb41a4f448fff0a SHA512 5a06970e499d1eb5213b142a8a182e46f5f21b7cb32785a9e5069378797c124e151ce74727382003820042d60fd7a2f909143f44aa9ef282605875e1cab04aef
 DIST gnupg-2.4.6.tar.bz2 8011304 BLAKE2B 3b0deb3da1ec404e8f0aa50c424c7072727f933228de732d661a17ca15785b7430700e7b88afba69538f9794863cb218c90ae3d43469541fb9152fbabd3bc909 SHA512 192ae6cb18547e9c5fc4263dc968b548c1ce563ceb8cc2e651b264d4e5afa1cd99a2c1cdd80906faf5e0b0ca99cef76e003b1f7e73238f311a74a1de6c35b5cb

diff --git a/app-crypt/gnupg/files/gnupg-2.2.45-fix-status-output-LISTTRUSTED.patch b/app-crypt/gnupg/files/gnupg-2.2.45-fix-status-output-LISTTRUSTED.patch
new file mode 100644
index 000000000000..f34810d2792a
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.45-fix-status-output-LISTTRUSTED.patch
@@ -0,0 +1,30 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2ca38bee7a63c0f7185ca1dbf13da1cbc4933563
+
+From 2ca38bee7a63c0f7185ca1dbf13da1cbc4933563 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Thu, 31 Oct 2024 11:47:55 +0900
+Subject: [PATCH] agent: Fix status output for LISTTRUSTED.
+
+* agent/trustlist.c (istrusted_internal): When LISTMODE is enabled,
+TRUSTLISTFPR status output should be done.
+
+--
+
+GnuPG-bug-id: 7363
+Fixes-commit: 4fa82eec43e8d205fa336113f6ea554923fd6986
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/agent/trustlist.c
++++ b/agent/trustlist.c
+@@ -485,8 +485,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int listmode, int *r_disabled,
+                in a locked state.  */
+             if (already_locked)
+               ;
+-            else if (ti->flags.relax || ti->flags.cm || ti->flags.qual
+-                     || ti->flags.de_vs)
++            else if (listmode || ti->flags.relax || ti->flags.cm
++                     || ti->flags.qual || ti->flags.de_vs)
+               {
+                 unlock_trusttable ();
+                 locked = 0;
+-- 
+2.30.2

diff --git a/app-crypt/gnupg/gnupg-2.2.45.ebuild b/app-crypt/gnupg/gnupg-2.2.45.ebuild
new file mode 100644
index 000000000000..6ff933b65347
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.45.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0:=
+	>=dev-libs/libgcrypt-1.8.0:=
+	>=dev-libs/libgpg-error-1.38
+	>=dev-libs/libksba-1.4.0
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	ssl? ( >=net-libs/gnutls-3.0:= )
+	tofu? ( >=dev-db/sqlite-3.7 )
+"
+RDEPEND="
+	${DEPEND}
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+PDEPEND="
+	app-crypt/pinentry
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${PN}-2.2.45-fix-status-output-LISTTRUSTED.patch
+)
+
+src_prepare() {
+	default
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	# Upstream don't support LTO, bug #854222.
+	filter-lto
+
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpg
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin \
+		tools/{gpg-zip,gpgconf,gpgsplit,gpg-check-pattern} \
+		tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+
+	use doc && dodoc doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2024-06-24  4:00 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2024-06-24  4:00 UTC (permalink / raw
  To: gentoo-commits

commit:     fc2b8743fef9c5bd8cd79a0a0f92f083e246cd00
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 24 03:56:52 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jun 24 03:58:04 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc2b8743

app-crypt/gnupg: revert rfc4880bis default for now

Revert a new default which creates keys incompatible with other OpenPGP
implementations. This is what other distros such as Fedora and Arch.

See https://lwn.net/Articles/953797/.

Closes: https://bugs.gentoo.org/926186
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/gnupg-2.4.5-revert-rfc4880bis.patch      | 196 +++++++++++++++++++++
 app-crypt/gnupg/gnupg-2.4.5-r2.ebuild              | 193 ++++++++++++++++++++
 2 files changed, 389 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch b/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch
new file mode 100644
index 000000000000..57c00966d542
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch
@@ -0,0 +1,196 @@
+https://lwn.net/Articles/953797/
+https://security.stackexchange.com/questions/275883/should-one-really-disable-aead-for-recent-gnupg-created-pgp-keys
+https://lists.gnupg.org/pipermail/librepgp-discuss/2023/000001.html
+https://bugs.gentoo.org/926186
+
+From 1e4f1550996334d2a631a5d769e937d29ace47bb Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 9 Feb 2023 16:38:58 +0100
+Subject: [PATCH gnupg] Revert the introduction of the RFC4880bis draft into
+ defaults
+
+This reverts commit 4583f4fe2 (gpg: Merge --rfc4880bis features into
+--gnupg, 2022-10-31).
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -247,6 +247,7 @@ enum cmd_and_opt_values
+     oGnuPG,
+     oRFC2440,
+     oRFC4880,
++    oRFC4880bis,
+     oOpenPGP,
+     oPGP7,
+     oPGP8,
+@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
+   ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
+   ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
++  ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
+   ARGPARSE_s_n (oPGP7, "pgp6", "@"),
+   ARGPARSE_s_n (oPGP7, "pgp7", "@"),
+@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
+   ARGPARSE_s_s (oNoop, "aead-algo", "@"),
+   ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
+-  ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
+ 
+ 
+@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option compliance_options[] =
+   {
+     { "gnupg",      oGnuPG },
+     { "openpgp",    oOpenPGP },
+-    { "rfc4880bis", oGnuPG },
++    { "rfc4880bis", oRFC4880bis },
+     { "rfc4880",    oRFC4880 },
+     { "rfc2440",    oRFC2440 },
+     { "pgp6",       oPGP7 },
+@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option compliance_options[] =
+ static void
+ set_compliance_option (enum cmd_and_opt_values option)
+ {
++  opt.flags.rfc4880bis = 0;  /* Clear because it is initially set.  */
++
+   switch (option)
+     {
++    case oRFC4880bis:
++      opt.flags.rfc4880bis = 1;
++      opt.compliance = CO_RFC4880;
++      opt.flags.dsa2 = 1;
++      opt.flags.require_cross_cert = 1;
++      opt.rfc2440_text = 0;
++      opt.allow_non_selfsigned_uid = 1;
++      opt.allow_freeform_uid = 1;
++      opt.escape_from = 1;
++      opt.not_dash_escaped = 0;
++      opt.def_cipher_algo = 0;
++      opt.def_digest_algo = 0;
++      opt.cert_digest_algo = 0;
++      opt.compress_algo = -1;
++      opt.s2k_mode = 3; /* iterated+salted */
++      opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
++      opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
++      break;
+     case oOpenPGP:
+     case oRFC4880:
+       /* This is effectively the same as RFC2440, but with
+@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_values option)
+     case oPGP8:  opt.compliance = CO_PGP8;  break;
+     case oGnuPG:
+       opt.compliance = CO_GNUPG;
++      opt.flags.rfc4880bis = 1;
+       break;
+ 
+     case oDE_VS:
+@@ -2491,6 +2513,7 @@ main (int argc, char **argv)
+     opt.emit_version = 0;
+     opt.weak_digests = NULL;
+     opt.compliance = CO_GNUPG;
++    opt.flags.rfc4880bis = 1;
+ 
+     /* Check special options given on the command line.  */
+     orig_argc = argc;
+@@ -3033,6 +3056,7 @@ main (int argc, char **argv)
+           case oOpenPGP:
+           case oRFC2440:
+           case oRFC4880:
++          case oRFC4880bis:
+           case oPGP7:
+           case oPGP8:
+           case oGnuPG:
+@@ -3862,6 +3886,11 @@ main (int argc, char **argv)
+     if( may_coredump && !opt.quiet )
+ 	log_info(_("WARNING: program may create a core file!\n"));
+ 
++    if (!opt.flags.rfc4880bis)
++      {
++        opt.mimemode = 0; /* This will use text mode instead.  */
++      }
++
+     if (eyes_only) {
+       if (opt.set_filename)
+ 	  log_info(_("WARNING: %s overrides %s\n"),
+@@ -4078,7 +4107,7 @@ main (int argc, char **argv)
+     /* Check our chosen algorithms against the list of legal
+        algorithms. */
+ 
+-    if(!GNUPG)
++    if(!GNUPG && !opt.flags.rfc4880bis)
+       {
+ 	const char *badalg=NULL;
+ 	preftype_t badtype=PREFTYPE_NONE;
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string,int personal)
+ 	      strcat(dummy_string,"S7 ");
+ 	    strcat(dummy_string,"S2 "); /* 3DES */
+ 
+-            if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
++            if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ 	      strcat(dummy_string,"A2 ");
+ 
+             if (personal)
+@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
+   /* Make sure that the MDC feature flag is set if needed.  */
+   add_feature_mdc (sig,mdc_available);
+   add_feature_aead (sig, aead_available);
+-  add_feature_v5 (sig, 1);
++  add_feature_v5 (sig, opt.flags.rfc4880bis);
+   add_keyserver_modify (sig,ks_modify);
+   keygen_add_keyserver_url(sig,NULL);
+ 
+@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
+                 }
+             }
+           else if (!ascii_strcasecmp (s, "v5"))
+-            keyversion = 5;
++            {
++              if (opt.flags.rfc4880bis)
++                keyversion = 5;
++            }
+           else if (!ascii_strcasecmp (s, "v4"))
+             keyversion = 4;
+           else
+@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
+  *   ecdsa := Use algorithm ECDSA.
+  *   eddsa := Use algorithm EdDSA.
+  *   ecdh  := Use algorithm ECDH.
+- *   v5    := Create version 5 key
++ *   v5    := Create version 5 key (requires option --rfc4880bis)
+  *
+  * There are several defaults and fallbacks depending on the
+  * algorithm.  PART can be used to select which part of STRING is
+@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
+ 	    }
+ 	}
+ 
+-        if ((keywords[i].key == pVERSION
+-             || keywords[i].key == pSUBVERSION))
+-          ; /* Ignore version.  */
++        if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
++                                      || keywords[i].key == pSUBVERSION))
++          ; /* Ignore version unless --rfc4880bis is active.  */
+         else
+           {
+             r = xmalloc_clear( sizeof *r + strlen( value ) );
+@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
+       para = r;
+     }
+ 
+-  r = xmalloc_clear (sizeof *r + 20);
+-  r->key = for_subkey? pSUBVERSION : pVERSION;
+-  snprintf (r->u.value, 20, "%d", version);
+-  r->next = para;
+-  para = r;
++  if (opt.flags.rfc4880bis)
++    {
++      r = xmalloc_clear (sizeof *r + 20);
++      r->key = for_subkey? pSUBVERSION : pVERSION;
++      snprintf (r->u.value, 20, "%d", version);
++      r->next = para;
++      para = r;
++    }
+ 
+   if (keytime)
+     {

diff --git a/app-crypt/gnupg/gnupg-2.4.5-r2.ebuild b/app-crypt/gnupg/gnupg-2.4.5-r2.ebuild
new file mode 100644
index 000000000000..5b2191cfb0b7
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.5-r2.ebuild
@@ -0,0 +1,193 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0:=
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.46
+	>=dev-libs/libksba-1.6.3
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.2:0= )
+"
+RDEPEND="
+	${DEPEND}
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+PDEPEND="
+	app-crypt/pinentry
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${PN}-2.4.5-revert-rfc4880bis.patch # bug #926186
+)
+
+src_prepare() {
+	default
+
+	GNUPG_SYSTEMD_UNITS=(
+		dirmngr.service
+		dirmngr.socket
+		gpg-agent-browser.socket
+		gpg-agent-extra.socket
+		gpg-agent.service
+		gpg-agent.socket
+		gpg-agent-ssh.socket
+	)
+
+	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i "${T}"/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	# Upstream don't support LTO, bug #854222.
+	filter-lto
+
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		ac_cv_path_GPGRT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpgrt-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+	use doc && dodoc doc/*.png
+
+	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+	dodoc "${FILESDIR}"/README-systemd
+	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2024-03-04  3:08 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2024-03-04  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     d987187cc95abbca02949ae2d94a84963fe5f74a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar  4 03:08:13 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar  4 03:08:13 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d987187c

app-crypt/gnupg: backport fix for gpgme tests

Closes: https://bugs.gentoo.org/924386
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../gnupg/files/gnupg-2.2.42-dirmngr-proxy.patch   | 156 +++++++++++++++++
 .../gnupg/files/gnupg-2.2.42-gpgme-tests.patch     |  39 +++++
 app-crypt/gnupg/gnupg-2.2.42-r3.ebuild             | 184 +++++++++++++++++++++
 3 files changed, 379 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.2.42-dirmngr-proxy.patch b/app-crypt/gnupg/files/gnupg-2.2.42-dirmngr-proxy.patch
new file mode 100644
index 000000000000..21be675adef4
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.42-dirmngr-proxy.patch
@@ -0,0 +1,156 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=d6c428699db7aa20f8b6ca9fe83197a0314b7e91
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c33c4fdf10b7ed9e03f2afe988d93f3085b727aa
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=41c022072599bc3f12f659e962653548cd86fa3a
+
+From d6c428699db7aa20f8b6ca9fe83197a0314b7e91 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Thu, 15 Feb 2024 15:38:34 +0900
+Subject: [PATCH] dirmngr: Fix proxy with TLS.
+
+* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
+available regardless of USE_TLS.
+(send_request): Remove USE_TLS.
+
+--
+
+Since quite some time building w/o TLS won't work.
+
+GnuPG-bug-id: 6997
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2498,9 +2498,7 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
+ }
+ 
+ 
+-
+ /* Use the CONNECT method to proxy our TLS stream.  */
+-#ifdef USE_TLS
+ static gpg_error_t
+ run_proxy_connect (http_t hd, proxy_info_t proxy,
+                    const char *httphost, const char *server,
+@@ -2709,7 +2707,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+   xfree (tmpstr);
+   return err;
+ }
+-#endif /*USE_TLS*/
+ 
+ 
+ /* Make a request string using a standard proxy.  On success the
+@@ -2866,7 +2863,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
+       goto leave;
+     }
+ 
+-#if USE_TLS
+   if (use_http_proxy && hd->uri->use_tls)
+     {
+       err = run_proxy_connect (hd, proxy, httphost, server, port);
+@@ -2878,7 +2874,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
+        * clear the flag to indicate this.  */
+       use_http_proxy = 0;
+     }
+-#endif	/* USE_TLS */
+ 
+ #if HTTP_USE_NTBTLS
+   err = run_ntbtls_handshake (hd);
+-- 
+2.30.2
+
+From c33c4fdf10b7ed9e03f2afe988d93f3085b727aa Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 16 Feb 2024 11:31:37 +0900
+Subject: [PATCH] dirmngr: Fix the regression of use of proxy for TLS
+ connection.
+
+* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
+causes resource leak of FP_WRITE.
+Don't try to read response body to fix the hang.
+
+--
+
+GnuPG-bug-id: 6997
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2520,6 +2520,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+    * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
+    */
+   auth_basic = !!proxy->uri->auth;
++  hd->keep_alive = 0;
+ 
+   /* For basic authentication we need to send just one request.  */
+   if (auth_basic
+@@ -2541,13 +2542,12 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+                          httphost ? httphost : server,
+                          port,
+                          authhdr ? authhdr : "",
+-                         auth_basic? "" : "Connection: keep-alive\r\n");
++                         hd->keep_alive? "Connection: keep-alive\r\n" : "");
+   if (!request)
+     {
+       err = gpg_error_from_syserror ();
+       goto leave;
+     }
+-  hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
+ 
+   if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
+     log_debug_with_string (request, "http.c:proxy:request:");
+@@ -2574,16 +2574,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+   if (err)
+     goto leave;
+ 
+-  {
+-    unsigned long count = 0;
+-
+-    while (es_getc (hd->fp_read) != EOF)
+-      count++;
+-    if (opt_debug)
+-      log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
+-                 count);
+-  }
+-
+   /* Reset state.  */
+   es_clearerr (hd->fp_read);
+   ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
+-- 
+2.30.2
+
+From 41c022072599bc3f12f659e962653548cd86fa3a Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 16 Feb 2024 16:24:26 +0900
+Subject: [PATCH] dirmngr: Fix keep-alive flag handling.
+
+* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
+Authentication.  Fix resource leak of FP_WRITE.
+
+--
+
+GnuPG-bug-id: 6997
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2520,7 +2520,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+    * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
+    */
+   auth_basic = !!proxy->uri->auth;
+-  hd->keep_alive = 0;
++  hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
+ 
+   /* For basic authentication we need to send just one request.  */
+   if (auth_basic
+@@ -2684,6 +2684,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+     }
+ 
+  leave:
++  if (hd->keep_alive)
++    {
++      es_fclose (hd->fp_write);
++      hd->fp_write = NULL;
++      /* The close has released the cookie and thus we better set it
++       * to NULL.  */
++      hd->write_cookie = NULL;
++    }
+   /* Restore flags, destroy stream, reset state.  */
+   hd->flags = saved_flags;
+   es_fclose (hd->fp_read);
+-- 
+2.30.2

diff --git a/app-crypt/gnupg/files/gnupg-2.2.42-gpgme-tests.patch b/app-crypt/gnupg/files/gnupg-2.2.42-gpgme-tests.patch
new file mode 100644
index 000000000000..f10154b303e5
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.42-gpgme-tests.patch
@@ -0,0 +1,39 @@
+https://bugs.gentoo.org/924386
+https://dev.gnupg.org/T7003
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f50c543326c2eea6b40f548d61cf3a66a077bf54
+
+From f50c543326c2eea6b40f548d61cf3a66a077bf54 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 1 Mar 2024 13:59:43 +0900
+Subject: [PATCH] agent: Allow simple KEYINFO command when restricted.
+
+* agent/command.c (cmd_keyinfo): Only forbid list command.
+
+--
+
+GnuPG-bug-id: 7003
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/agent/command.c
++++ b/agent/command.c
+@@ -1282,9 +1282,6 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
+   char hexgrip[41];
+   int disabled, ttl, confirm, is_ssh;
+ 
+-  if (ctrl->restricted)
+-    return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+-
+   if (has_option (line, "--ssh-list"))
+     list_mode = 2;
+   else
+@@ -1333,6 +1330,9 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
+       char *dirname;
+       gnupg_dirent_t dir_entry;
+ 
++      if (ctrl->restricted)
++        return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
++
+       dirname = make_filename_try (gnupg_homedir (),
+                                    GNUPG_PRIVATE_KEYS_DIR, NULL);
+       if (!dirname)
+-- 
+2.30.2

diff --git a/app-crypt/gnupg/gnupg-2.2.42-r3.ebuild b/app-crypt/gnupg/gnupg-2.2.42-r3.ebuild
new file mode 100644
index 000000000000..dcb738d1d5ba
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.42-r3.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.8.0:=
+	>=dev-libs/libgpg-error-1.38
+	>=dev-libs/libksba-1.3.5
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	ssl? ( >=net-libs/gnutls-3.0:= )
+	tofu? ( >=dev-db/sqlite-3.7 )
+"
+RDEPEND="
+	${DEPEND}
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+PDEPEND="
+	app-crypt/pinentry
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-bug923248-insecure-backup.patch
+	"${FILESDIR}"/${P}-dirmngr-proxy.patch
+	"${FILESDIR}"/${P}-gpgme-tests.patch
+)
+
+src_prepare() {
+	default
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	# Upstream don't support LTO, bug #854222.
+	filter-lto
+
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpg
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin \
+		tools/{gpg-zip,gpgconf,gpgsplit,gpg-check-pattern} \
+		tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+
+	use doc && dodoc doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2024-03-04  3:02 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2024-03-04  3:02 UTC (permalink / raw
  To: gentoo-commits

commit:     5e78080cd2080248c2b0bb0492129984edf3870a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar  4 03:01:39 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar  4 03:01:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e78080c

app-crypt/gnupg: drop 2.4.3-r1, 2.4.4

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/Manifest                          |   2 -
 app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch | 564 ----------------------
 app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch   |  28 --
 app-crypt/gnupg/gnupg-2.4.3-r1.ebuild             | 198 --------
 app-crypt/gnupg/gnupg-2.4.4.ebuild                | 198 --------
 5 files changed, 990 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 8f3cf322eb30..49aeaaea809e 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,7 +2,5 @@ DIST gnupg-2.2.41.tar.bz2 7313746 BLAKE2B 0be2965a646a8636a127f89329030860908b0b
 DIST gnupg-2.2.41.tar.bz2.sig 238 BLAKE2B 7a4dc8dd4b3da77f6684325f46e3e3b1aeac6fcd8382e3148da1a01a5c5a9e14c1352fb28b61e500388d647e1103b8f78ad49e467e01b732c4a13eb849859b98 SHA512 ac6edd35c6b02a02d6c8a4468332213f20159f972aa2f7fd25c6841c662b3d84db5230330d540e0785ddaff080daf8dd250292104ff47560ad59c11803aabefa
 DIST gnupg-2.2.42.tar.bz2 7434291 BLAKE2B 5f7f01f31949e5258d638fbff81fa641e5c167e6eaf32c55eb187d4a31b31cd4fe6e51c622e74d8544c4f95c75484e15117f26a8cf26055ff6813d75e54f2b8a SHA512 9c59d034f428d42323b5520e1a8984acc1505ba1d96d90f00e17b24aa91660b2dc64e1a3ceb044c56f39b4c402a77c7e0b226c65218c23c094781b4ef51e2eb5
 DIST gnupg-2.2.42.tar.bz2.sig 238 BLAKE2B 251ad0a832042ceb93b0edfda8652104bfb463e291322f22f0ab0d9b35606c3589be7a6f3e9e2aac8f6ac368a7d11840ab83b29997587dc65685de9f2dec3fee SHA512 7073bfc920c571680a1de57b4e6cd83cde24ccb3b5f592602b0c32fd762eef497027b08745044c9f41130ca99bb7ec77222568c2d0a1099d3c1c15137e0221d7
-DIST gnupg-2.4.3.tar.bz2 7351327 BLAKE2B b7f4f5e548ec6dfc89cf8792f507ee8642e8500692998cf8d2edc9f5d8002904d24a714b9caffabee6094707c4595e0f54197535135622a7a32aa772f5818f28 SHA512 193a9398445272ec3eb5b79e802efb7414f74bcfffc3db0bf72c0056e04228120c419ed91db168e5733a16a33e548bab5368dd9cf11ecd483825bce189341a1e
-DIST gnupg-2.4.3.tar.bz2.sig 119 BLAKE2B 763c0569e5378e132de39e1583c19bae8912455bf7cd5a65bcfc88fa43be99fb6bbf8397192b3086db2f6f0f63fc25789f5e6ce98b2fe63cda3bf673b1c60a20 SHA512 7affff694d194c3befdfc865a7872c0883304ea704e3691eac328d802f12f4f82c2a93eaa1257d3e09b38494b38185f5b8cf35c964f0c3846bbb29b93727ffee
 DIST gnupg-2.4.4.tar.bz2 7886036 BLAKE2B 02661e89f0358be09fa3e71e7235b764a7dbda62a48a0c8c7a4e6c9919c3b37d54ead50b930af58f8f2fdb87861b849d3f3751e95cbedf46bdfd76caa90c4db4 SHA512 3d1a3b08d1ce2319d238d8be96591e418ede1dc0b4ede33a4cc2fe40e9c56d5bbc27b1984736d8a786e7f292ddbc836846a8bdb4bf89f064e953c37cb54b94ef
 DIST gnupg-2.4.4.tar.bz2.sig 237 BLAKE2B 6ee5878c36fbec747a6d84a268903749d862aab50dd7f9a389aabbf7b94dec1c424615f520b5f4a6d44e02093e8d9ad0b08d0c6cf6fd8886d8c174ce9faac99c SHA512 3ae7b6833576df851901a7619459b514bb82faeed350c864a57a782719d21f694d9ced5a3445c81dfa584a0302f87fedc660b08ea97bb8b861e76d7c5b46d07f

diff --git a/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch b/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch
deleted file mode 100644
index 2e9141ab579b..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch
+++ /dev/null
@@ -1,564 +0,0 @@
-https://bugs.gentoo.org/907839
-https://dev.gnupg.org/T6481
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2f872fa68c6576724b9dabee9fb0844266f55d0d
-
-From 2f872fa68c6576724b9dabee9fb0844266f55d0d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Wed, 24 May 2023 10:36:04 +0900
-Subject: [PATCH] gpg: Report BEGIN_* status before examining the input.
-
-* common/miscellaneous.c (is_openpgp_compressed_packet)
-(is_file_compressed): Moved to ...
-* common/iobuf.c: ... in this file.
-(is_file_compressed): Change the argument to INP, the iobuf.
-* common/util.h (is_file_compressed): Remove.
-* common/iobuf.h (is_file_compressed): Add.
-* g10/cipher-aead.c (write_header): Don't call write_status_printf
-here.
-(cipher_filter_aead): Call write_status_printf when called with
-IOBUFCTRL_INIT.
-* g10/cipher-cfb.c (write_header): Don't call write_status_printf
-here.
-(cipher_filter_cfb): Call write_status_printf when called with
-IOBUFCTRL_INIT.
-* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
-after call of iobuf_push_filter.
-(encrypt_crypt): Likewise.
-* g10/sign.c (sign_file): Likewise.
-
---
-
-GnuPG-bug-id: 6481
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---- a/common/iobuf.c
-+++ b/common/iobuf.c
-@@ -3057,3 +3057,123 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
- 	}
-     }
- }
-+
-+
-+/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
-+ * packet.  LEN should be at least 6.  */
-+static int
-+is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
-+{
-+  int c, ctb, pkttype;
-+  int lenbytes;
-+
-+  ctb = *buf++; len--;
-+  if (!(ctb & 0x80))
-+    return 0; /* Invalid packet.  */
-+
-+  if ((ctb & 0x40)) /* New style (OpenPGP) CTB.  */
-+    {
-+      pkttype = (ctb & 0x3f);
-+      if (!len)
-+        return 0; /* Expected first length octet missing.  */
-+      c = *buf++; len--;
-+      if (c < 192)
-+        ;
-+      else if (c < 224)
-+        {
-+          if (!len)
-+            return 0; /* Expected second length octet missing. */
-+        }
-+      else if (c == 255)
-+        {
-+          if (len < 4)
-+            return 0; /* Expected length octets missing */
-+        }
-+    }
-+  else /* Old style CTB.  */
-+    {
-+      pkttype = (ctb>>2)&0xf;
-+      lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
-+      if (len < lenbytes)
-+        return 0; /* Not enough length bytes.  */
-+    }
-+
-+  return (pkttype == 8);
-+}
-+
-+
-+/*
-+ * Check if the file is compressed, by peeking the iobuf.  You need to
-+ * pass the iobuf with INP.  Returns true if the buffer seems to be
-+ * compressed.
-+ */
-+int
-+is_file_compressed (iobuf_t inp)
-+{
-+  int i;
-+  char buf[32];
-+  int buflen;
-+
-+  struct magic_compress_s
-+  {
-+    byte len;
-+    byte extchk;
-+    byte magic[5];
-+  } magic[] =
-+      {
-+       { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
-+       { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
-+       { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
-+       { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
-+       { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
-+       { 5, 2, { 0x89, 'P','N','G', 0x0d} }  /* Likely PNG */
-+  };
-+
-+  if (!inp)
-+    return 0;
-+
-+  for ( ; inp->chain; inp = inp->chain )
-+    ;
-+
-+  buflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof buf, buf);
-+  if (buflen < 0)
-+    {
-+      buflen = 0;
-+      log_debug ("peeking at input failed\n");
-+    }
-+
-+  if ( buflen < 6 )
-+    {
-+      return 0;  /* Too short to check - assume uncompressed.  */
-+    }
-+
-+  for ( i = 0; i < DIM (magic); i++ )
-+    {
-+      if (!memcmp( buf, magic[i].magic, magic[i].len))
-+        {
-+          switch (magic[i].extchk)
-+            {
-+            case 0:
-+              return 1; /* Is compressed.  */
-+            case 1:
-+              if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
-+                return 1; /* JFIF: this likely a compressed JPEG.  */
-+              break;
-+            case 2:
-+              if (buflen > 8
-+                  && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
-+                return 1; /* This is a PNG.  */
-+              break;
-+            default:
-+              break;
-+            }
-+        }
-+    }
-+
-+  if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
-+    {
-+      return 1; /* Already compressed.  */
-+    }
-+
-+  return 0;  /* Not detected as compressed.  */
-+}
---- a/common/iobuf.h
-+++ b/common/iobuf.h
-@@ -629,6 +629,9 @@ void iobuf_set_partial_body_length_mode (iobuf_t a, size_t len);
-    from the following filter (which may or may not return EOF).  */
- void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial);
- 
-+/* Check if the file is compressed, by peeking the iobuf.  */
-+int is_file_compressed (iobuf_t inp);
-+
- #define iobuf_where(a)	"[don't know]"
- 
- /* Each time a filter is allocated (via iobuf_alloc()), a
---- a/common/miscellaneous.c
-+++ b/common/miscellaneous.c
-@@ -415,112 +415,6 @@ decode_c_string (const char *src)
- }
- 
- 
--/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
-- * packet.  LEN should be at least 6.  */
--static int
--is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
--{
--  int c, ctb, pkttype;
--  int lenbytes;
--
--  ctb = *buf++; len--;
--  if (!(ctb & 0x80))
--    return 0; /* Invalid packet.  */
--
--  if ((ctb & 0x40)) /* New style (OpenPGP) CTB.  */
--    {
--      pkttype = (ctb & 0x3f);
--      if (!len)
--        return 0; /* Expected first length octet missing.  */
--      c = *buf++; len--;
--      if (c < 192)
--        ;
--      else if (c < 224)
--        {
--          if (!len)
--            return 0; /* Expected second length octet missing. */
--        }
--      else if (c == 255)
--        {
--          if (len < 4)
--            return 0; /* Expected length octets missing */
--        }
--    }
--  else /* Old style CTB.  */
--    {
--      pkttype = (ctb>>2)&0xf;
--      lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
--      if (len < lenbytes)
--        return 0; /* Not enough length bytes.  */
--    }
--
--  return (pkttype == 8);
--}
--
--
--
--/*
-- * Check if the file is compressed.  You need to pass the first bytes
-- * of the file as (BUF,BUFLEN).  Returns true if the buffer seems to
-- * be compressed.
-- */
--int
--is_file_compressed (const byte *buf, unsigned int buflen)
--{
--  int i;
--
--  struct magic_compress_s
--  {
--    byte len;
--    byte extchk;
--    byte magic[5];
--  } magic[] =
--      {
--       { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
--       { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
--       { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
--       { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
--       { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
--       { 5, 2, { 0x89, 'P','N','G', 0x0d} }  /* Likely PNG */
--  };
--
--  if ( buflen < 6 )
--    {
--      return 0;  /* Too short to check - assume uncompressed.  */
--    }
--
--  for ( i = 0; i < DIM (magic); i++ )
--    {
--      if (!memcmp( buf, magic[i].magic, magic[i].len))
--        {
--          switch (magic[i].extchk)
--            {
--            case 0:
--              return 1; /* Is compressed.  */
--            case 1:
--              if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
--                return 1; /* JFIF: this likely a compressed JPEG.  */
--              break;
--            case 2:
--              if (buflen > 8
--                  && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
--                return 1; /* This is a PNG.  */
--              break;
--            default:
--              break;
--            }
--        }
--    }
--
--  if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
--    {
--      return 1; /* Already compressed.  */
--    }
--
--  return 0;  /* Not detected as compressed.  */
--}
--
--
- /* Try match against each substring of multistr, delimited by | */
- int
- match_multistr (const char *multistr,const char *match)
---- a/common/util.h
-+++ b/common/util.h
-@@ -360,8 +360,6 @@ char *try_make_printable_string (const void *p, size_t n, int delim);
- char *make_printable_string (const void *p, size_t n, int delim);
- char *decode_c_string (const char *src);
- 
--int is_file_compressed (const byte *buf, unsigned int buflen);
--
- int match_multistr (const char *multistr,const char *match);
- 
- int gnupg_compare_version (const char *a, const char *b);
---- a/g10/cipher-aead.c
-+++ b/g10/cipher-aead.c
-@@ -174,8 +174,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
-     log_debug ("aead packet: len=%lu extralen=%d\n",
-                (unsigned long)ed.len, ed.extralen);
- 
--  write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
--                       cfx->dek->algo, ed.aead_algo);
-   print_cipher_algo_note (cfx->dek->algo);
- 
-   if (build_packet( a, &pkt))
-@@ -488,6 +486,11 @@ cipher_filter_aead (void *opaque, int control,
-     {
-       mem2str (buf, "cipher_filter_aead", *ret_len);
-     }
-+  else if (control == IOBUFCTRL_INIT)
-+    {
-+      write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
-+                           cfx->dek->algo, cfx->dek->use_aead);
-+    }
- 
-   return rc;
- }
---- a/g10/cipher-cfb.c
-+++ b/g10/cipher-cfb.c
-@@ -72,9 +72,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
-       log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
-     }
- 
--  write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
--                       ed.mdc_method, cfx->dek->algo);
--
-   init_packet (&pkt);
-   pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
-   pkt.pkt.encrypted = &ed;
-@@ -182,6 +179,12 @@ cipher_filter_cfb (void *opaque, int control,
-     {
-       mem2str (buf, "cipher_filter_cfb", *ret_len);
-     }
-+  else if (control == IOBUFCTRL_INIT)
-+    {
-+      write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
-+                           cfx->dek->use_mdc ? DIGEST_ALGO_SHA1 : 0,
-+                           cfx->dek->algo);
-+    }
- 
-   return rc;
- }
---- a/g10/encrypt.c
-+++ b/g10/encrypt.c
-@@ -410,8 +410,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-   text_filter_context_t tfx;
-   progress_filter_context_t *pfx;
-   int do_compress = !!default_compress_algo();
--  char peekbuf[32];
--  int  peekbuflen;
- 
-   if (!gnupg_rng_is_compliant (opt.compliance))
-     {
-@@ -448,14 +446,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-       return rc;
-     }
- 
--  peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
--  if (peekbuflen < 0)
--    {
--      peekbuflen = 0;
--      if (DBG_FILTER)
--        log_debug ("peeking at input failed\n");
--    }
--
-   handle_progress (pfx, inp, filename);
- 
-   if (opt.textmode)
-@@ -517,17 +507,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-                  /**/             : "CFB");
-     }
- 
--  if (do_compress
--      && cfx.dek
--      && (cfx.dek->use_mdc || cfx.dek->use_aead)
--      && !opt.explicit_compress_option
--      && is_file_compressed (peekbuf, peekbuflen))
--    {
--      if (opt.verbose)
--        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
--      do_compress = 0;
--    }
--
-   if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
-     {
-       iobuf_cancel (inp);
-@@ -598,6 +577,24 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-   else
-     filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
- 
-+  /* Register the cipher filter. */
-+  if (mode)
-+    iobuf_push_filter (out,
-+                       cfx.dek->use_aead? cipher_filter_aead
-+                       /**/             : cipher_filter_cfb,
-+                       &cfx );
-+
-+  if (do_compress
-+      && cfx.dek
-+      && (cfx.dek->use_mdc || cfx.dek->use_aead)
-+      && !opt.explicit_compress_option
-+      && is_file_compressed (inp))
-+    {
-+      if (opt.verbose)
-+        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
-+      do_compress = 0;
-+    }
-+
-   if (!opt.no_literal)
-     {
-       /* Note that PT has been initialized above in !no_literal mode.  */
-@@ -617,13 +614,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-       pkt.pkt.generic = NULL;
-     }
- 
--  /* Register the cipher filter. */
--  if (mode)
--    iobuf_push_filter (out,
--                       cfx.dek->use_aead? cipher_filter_aead
--                       /**/             : cipher_filter_cfb,
--                       &cfx );
--
-   /* Register the compress filter. */
-   if ( do_compress )
-     {
-@@ -783,7 +773,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   PKT_plaintext *pt = NULL;
-   DEK *symkey_dek = NULL;
-   STRING2KEY *symkey_s2k = NULL;
--  int rc = 0, rc2 = 0;
-+  int rc = 0;
-   u32 filesize;
-   cipher_filter_context_t cfx;
-   armor_filter_context_t *afx = NULL;
-@@ -792,8 +782,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   progress_filter_context_t *pfx;
-   PK_LIST pk_list;
-   int do_compress;
--  char peekbuf[32];
--  int  peekbuflen;
- 
-   if (filefd != -1 && filename)
-     return gpg_error (GPG_ERR_INV_ARG);  /* Both given.  */
-@@ -866,14 +854,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   if (opt.verbose)
-     log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp));
- 
--  peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
--  if (peekbuflen < 0)
--    {
--      peekbuflen = 0;
--      if (DBG_FILTER)
--        log_debug ("peeking at input failed\n");
--    }
--
-   handle_progress (pfx, inp, filename);
- 
-   if (opt.textmode)
-@@ -900,25 +880,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   if (!cfx.dek->use_aead)
-     cfx.dek->use_mdc = !!use_mdc (pk_list, cfx.dek->algo);
- 
--  /* Only do the is-file-already-compressed check if we are using a
--   * MDC or AEAD.  This forces compressed files to be re-compressed if
--   * we do not have a MDC to give some protection against chosen
--   * ciphertext attacks. */
--  if (do_compress
--      && (cfx.dek->use_mdc || cfx.dek->use_aead)
--      && !opt.explicit_compress_option
--      && is_file_compressed (peekbuf, peekbuflen))
--    {
--      if (opt.verbose)
--        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
--      do_compress = 0;
--    }
--  if (rc2)
--    {
--      rc = rc2;
--      goto leave;
--    }
--
-   make_session_key (cfx.dek);
-   if (DBG_CRYPTO)
-     log_printhex (cfx.dek->key, cfx.dek->keylen, "DEK is: ");
-@@ -960,6 +921,26 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   else
-     filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
- 
-+  /* Register the cipher filter. */
-+  iobuf_push_filter (out,
-+                     cfx.dek->use_aead? cipher_filter_aead
-+                     /**/             : cipher_filter_cfb,
-+                     &cfx);
-+
-+  /* Only do the is-file-already-compressed check if we are using a
-+   * MDC or AEAD.  This forces compressed files to be re-compressed if
-+   * we do not have a MDC to give some protection against chosen
-+   * ciphertext attacks. */
-+  if (do_compress
-+      && (cfx.dek->use_mdc || cfx.dek->use_aead)
-+      && !opt.explicit_compress_option
-+      && is_file_compressed (inp))
-+    {
-+      if (opt.verbose)
-+        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
-+      do_compress = 0;
-+    }
-+
-   if (!opt.no_literal)
-     {
-       pt->timestamp = make_timestamp();
-@@ -974,12 +955,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   else
-     cfx.datalen = filesize && !do_compress ? filesize : 0;
- 
--  /* Register the cipher filter. */
--  iobuf_push_filter (out,
--                     cfx.dek->use_aead? cipher_filter_aead
--                     /**/             : cipher_filter_cfb,
--                     &cfx);
--
-   /* Register the compress filter. */
-   if (do_compress)
-     {
---- a/g10/sign.c
-+++ b/g10/sign.c
-@@ -1035,9 +1035,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
-   int multifile = 0;
-   u32 duration=0;
-   pt_extra_hash_data_t extrahash = NULL;
--  char peekbuf[32];
--  int  peekbuflen = 0;
--
- 
-   pfx = new_progress_context ();
-   afx = new_armor_context ();
-@@ -1096,14 +1093,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
-           goto leave;
- 	}
- 
--      peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
--      if (peekbuflen < 0)
--        {
--          peekbuflen = 0;
--          if (DBG_FILTER)
--            log_debug ("peeking at input failed\n");
--        }
--
-       handle_progress (pfx, inp, fname);
-     }
- 
-@@ -1261,7 +1250,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
-       int compr_algo = opt.compress_algo;
- 
-       if (!opt.explicit_compress_option
--          && is_file_compressed (peekbuf, peekbuflen))
-+          && is_file_compressed (inp))
-         {
-           if (opt.verbose)
-             log_info(_("'%s' already compressed\n"), fname? fname: "[stdin]");
--- 
-2.11.0

diff --git a/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch b/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch
deleted file mode 100644
index 06d4221488e9..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-https://dev.gnupg.org/T6579
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dc13361524c1477b2106c7385f2059f9ea111b84
-
-From dc13361524c1477b2106c7385f2059f9ea111b84 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Wed, 5 Jul 2023 09:29:54 +0900
-Subject: [PATCH] dirmngr: Enable the call of ks_ldap_help_variables when
- USE_LDAP.
-
-* dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize.
-
---
-
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -2776,7 +2776,9 @@ cmd_ad_query (assuan_context_t ctx, char *line)
- 
-   if (opt_help)
-     {
-+#if USE_LDAP
-       ks_ldap_help_variables (ctrl);
-+#endif
-       err = 0;
-       goto leave;
-     }
--- 
-2.11.0

diff --git a/app-crypt/gnupg/gnupg-2.4.3-r1.ebuild b/app-crypt/gnupg/gnupg-2.4.3-r1.ebuild
deleted file mode 100644
index 48e3b7e762e4..000000000000
--- a/app-crypt/gnupg/gnupg-2.4.3-r1.ebuild
+++ /dev/null
@@ -1,198 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should:
-# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
-# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
-# (find the one for the current release then subscribe to it +
-# any subsequent ones linked within so you're covered for a while.)
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
-# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
-inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="test? ( tofu )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND="
-	>=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.9.1:=
-	>=dev-libs/libgpg-error-1.46
-	>=dev-libs/libksba-1.6.3
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	tofu? ( >=dev-db/sqlite-3.27 )
-	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-"
-RDEPEND="
-	${DEPEND}
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )
-"
-PDEPEND="
-	app-crypt/pinentry
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )
-"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-	"${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch
-	"${FILESDIR}"/${P}-no-ldap.patch
-)
-
-src_prepare() {
-	default
-
-	GNUPG_SYSTEMD_UNITS=(
-		dirmngr.service
-		dirmngr.socket
-		gpg-agent-browser.socket
-		gpg-agent-extra.socket
-		gpg-agent.service
-		gpg-agent.socket
-		gpg-agent-ssh.socket
-	)
-
-	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i "${T}"/gpg-agent-ssh.socket || die
-}
-
-my_src_configure() {
-	# Upstream don't support LTO, bug #854222.
-	filter-lto
-
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use_enable tofu keyboxd)
-		$(use_enable tofu sqlite)
-		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-
-		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-		# by wks-client & wks-server; and if it's autodetected but not not exist at
-		# build time, then then 'gpg-wks-client --send' functionality will not
-		# work. This has an unwanted side-effect in stage3 builds: there was a
-		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-		# the build where the install guide previously make the user chose the
-		# logger & mta early in the install.
-		--with-mailprog=/usr/libexec/sendmail
-
-		--disable-ntbtls
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	econf "${myconf[@]}"
-}
-
-my_src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-my_src_test() {
-	export TESTFLAGS="--parallel=$(makeopts_jobs)"
-
-	default
-}
-
-my_src_install() {
-	emake DESTDIR="${D}" install
-
-	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/*
-}
-
-my_src_install_all() {
-	einstalldocs
-
-	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
-	use doc && dodoc doc/*.png
-
-	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
-	dodoc "${FILESDIR}"/README-systemd
-	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
-}

diff --git a/app-crypt/gnupg/gnupg-2.4.4.ebuild b/app-crypt/gnupg/gnupg-2.4.4.ebuild
deleted file mode 100644
index f01cb0b88152..000000000000
--- a/app-crypt/gnupg/gnupg-2.4.4.ebuild
+++ /dev/null
@@ -1,198 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should:
-# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
-# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
-# (find the one for the current release then subscribe to it +
-# any subsequent ones linked within so you're covered for a while.)
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
-# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
-inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="test? ( tofu )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND="
-	>=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.9.1:=
-	>=dev-libs/libgpg-error-1.46
-	>=dev-libs/libksba-1.6.3
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	tofu? ( >=dev-db/sqlite-3.27 )
-	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
-	ssl? ( >=net-libs/gnutls-3.2:0= )
-"
-RDEPEND="
-	${DEPEND}
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )
-"
-PDEPEND="
-	app-crypt/pinentry
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )
-"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-	#"${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch
-	#"${FILESDIR}"/${PN}-2.4.3-no-ldap.patch
-)
-
-src_prepare() {
-	default
-
-	GNUPG_SYSTEMD_UNITS=(
-		dirmngr.service
-		dirmngr.socket
-		gpg-agent-browser.socket
-		gpg-agent-extra.socket
-		gpg-agent.service
-		gpg-agent.socket
-		gpg-agent-ssh.socket
-	)
-
-	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i "${T}"/gpg-agent-ssh.socket || die
-}
-
-my_src_configure() {
-	# Upstream don't support LTO, bug #854222.
-	filter-lto
-
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use_enable tofu keyboxd)
-		$(use_enable tofu sqlite)
-		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-
-		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-		# by wks-client & wks-server; and if it's autodetected but not not exist at
-		# build time, then then 'gpg-wks-client --send' functionality will not
-		# work. This has an unwanted side-effect in stage3 builds: there was a
-		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-		# the build where the install guide previously make the user chose the
-		# logger & mta early in the install.
-		--with-mailprog=/usr/libexec/sendmail
-
-		--disable-ntbtls
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	econf "${myconf[@]}"
-}
-
-my_src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-my_src_test() {
-	export TESTFLAGS="--parallel=$(makeopts_jobs)"
-
-	default
-}
-
-my_src_install() {
-	emake DESTDIR="${D}" install
-
-	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/*
-}
-
-my_src_install_all() {
-	einstalldocs
-
-	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
-	use doc && dodoc doc/*.png
-
-	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
-	dodoc "${FILESDIR}"/README-systemd
-	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2023-07-06  0:06 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2023-07-06  0:06 UTC (permalink / raw
  To: gentoo-commits

commit:     4f6ffeb7d953292bfb94968960f83edbbdca4ec1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jul  6 00:03:14 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jul  6 00:03:14 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f6ffeb7

app-crypt/gnupg: add 2.4.3

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/Manifest                        |   2 +
 app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch |  28 ++++
 app-crypt/gnupg/gnupg-2.4.3.ebuild              | 193 ++++++++++++++++++++++++
 3 files changed, 223 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 5988bcdfce11..4d6957d09981 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,5 @@ DIST gnupg-2.2.41.tar.bz2 7313746 BLAKE2B 0be2965a646a8636a127f89329030860908b0b
 DIST gnupg-2.2.41.tar.bz2.sig 238 BLAKE2B 7a4dc8dd4b3da77f6684325f46e3e3b1aeac6fcd8382e3148da1a01a5c5a9e14c1352fb28b61e500388d647e1103b8f78ad49e467e01b732c4a13eb849859b98 SHA512 ac6edd35c6b02a02d6c8a4468332213f20159f972aa2f7fd25c6841c662b3d84db5230330d540e0785ddaff080daf8dd250292104ff47560ad59c11803aabefa
 DIST gnupg-2.4.2.tar.bz2 7346587 BLAKE2B 7a5aecca25d87f5f531576c8db1629908d97381bc75f69c228ebf7f06f2234ff847e631ad2b4ff35772e0905648b291e79816a4a274616fda5157bd6a88319a2 SHA512 64076146c735adeaf176dab432b13b1314bfb588eb97ba1081c26ae32647d2b099e62f02bb1c66ce672ff1146d1fb9a389cdd17e7b9c2ec674ff1dccb7f46a8e
 DIST gnupg-2.4.2.tar.bz2.sig 119 BLAKE2B da10bc6d93e5bd96572d6e03b99595eb3f3a5e2e53767a235f9e28878a294e6f444c5cee3a44579f6593582e5c4d85e99e963f2eb7ad2d64aa3a54136c39ffef SHA512 d08cb718a8656efb922f2591ec295e678687fe5f3a26459498952d28f4eea4f8368ea896c2908f58e3d3d8ea49faf865a1c146dda1b24f15bf8d37dce3eac868
+DIST gnupg-2.4.3.tar.bz2 7351327 BLAKE2B b7f4f5e548ec6dfc89cf8792f507ee8642e8500692998cf8d2edc9f5d8002904d24a714b9caffabee6094707c4595e0f54197535135622a7a32aa772f5818f28 SHA512 193a9398445272ec3eb5b79e802efb7414f74bcfffc3db0bf72c0056e04228120c419ed91db168e5733a16a33e548bab5368dd9cf11ecd483825bce189341a1e
+DIST gnupg-2.4.3.tar.bz2.sig 119 BLAKE2B 763c0569e5378e132de39e1583c19bae8912455bf7cd5a65bcfc88fa43be99fb6bbf8397192b3086db2f6f0f63fc25789f5e6ce98b2fe63cda3bf673b1c60a20 SHA512 7affff694d194c3befdfc865a7872c0883304ea704e3691eac328d802f12f4f82c2a93eaa1257d3e09b38494b38185f5b8cf35c964f0c3846bbb29b93727ffee

diff --git a/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch b/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch
new file mode 100644
index 000000000000..06d4221488e9
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch
@@ -0,0 +1,28 @@
+https://dev.gnupg.org/T6579
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dc13361524c1477b2106c7385f2059f9ea111b84
+
+From dc13361524c1477b2106c7385f2059f9ea111b84 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 5 Jul 2023 09:29:54 +0900
+Subject: [PATCH] dirmngr: Enable the call of ks_ldap_help_variables when
+ USE_LDAP.
+
+* dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize.
+
+--
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/dirmngr/server.c
++++ b/dirmngr/server.c
+@@ -2776,7 +2776,9 @@ cmd_ad_query (assuan_context_t ctx, char *line)
+ 
+   if (opt_help)
+     {
++#if USE_LDAP
+       ks_ldap_help_variables (ctrl);
++#endif
+       err = 0;
+       goto leave;
+     }
+-- 
+2.11.0

diff --git a/app-crypt/gnupg/gnupg-2.4.3.ebuild b/app-crypt/gnupg/gnupg-2.4.3.ebuild
new file mode 100644
index 000000000000..a8fed477d30e
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.3.ebuild
@@ -0,0 +1,193 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.46
+	>=dev-libs/libksba-1.6.3
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+"
+RDEPEND="
+	${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch
+	"${FILESDIR}"/${P}-no-ldap.patch
+)
+
+src_prepare() {
+	default
+
+	GNUPG_SYSTEMD_UNITS=(
+		dirmngr.service
+		dirmngr.socket
+		gpg-agent-browser.socket
+		gpg-agent-extra.socket
+		gpg-agent.service
+		gpg-agent.socket
+		gpg-agent-ssh.socket
+	)
+
+	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i "${T}"/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+	use doc && dodoc doc/*.png
+
+	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+	dodoc "${FILESDIR}"/README-systemd
+	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2023-06-10 21:02 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2023-06-10 21:02 UTC (permalink / raw
  To: gentoo-commits

commit:     45c04d8fcc0b0432990e1a3e2c6ae5e0d1c4032a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 10 21:01:44 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 10 21:01:52 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45c04d8f

app-crypt/gnupg: backport Emacs EPA fix

Closes: https://bugs.gentoo.org/907839
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch | 564 ++++++++++++++++++++++
 app-crypt/gnupg/gnupg-2.4.2-r1.ebuild             | 192 ++++++++
 2 files changed, 756 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch b/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch
new file mode 100644
index 000000000000..2e9141ab579b
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch
@@ -0,0 +1,564 @@
+https://bugs.gentoo.org/907839
+https://dev.gnupg.org/T6481
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2f872fa68c6576724b9dabee9fb0844266f55d0d
+
+From 2f872fa68c6576724b9dabee9fb0844266f55d0d Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 24 May 2023 10:36:04 +0900
+Subject: [PATCH] gpg: Report BEGIN_* status before examining the input.
+
+* common/miscellaneous.c (is_openpgp_compressed_packet)
+(is_file_compressed): Moved to ...
+* common/iobuf.c: ... in this file.
+(is_file_compressed): Change the argument to INP, the iobuf.
+* common/util.h (is_file_compressed): Remove.
+* common/iobuf.h (is_file_compressed): Add.
+* g10/cipher-aead.c (write_header): Don't call write_status_printf
+here.
+(cipher_filter_aead): Call write_status_printf when called with
+IOBUFCTRL_INIT.
+* g10/cipher-cfb.c (write_header): Don't call write_status_printf
+here.
+(cipher_filter_cfb): Call write_status_printf when called with
+IOBUFCTRL_INIT.
+* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
+after call of iobuf_push_filter.
+(encrypt_crypt): Likewise.
+* g10/sign.c (sign_file): Likewise.
+
+--
+
+GnuPG-bug-id: 6481
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/common/iobuf.c
++++ b/common/iobuf.c
+@@ -3057,3 +3057,123 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
+ 	}
+     }
+ }
++
++
++/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
++ * packet.  LEN should be at least 6.  */
++static int
++is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
++{
++  int c, ctb, pkttype;
++  int lenbytes;
++
++  ctb = *buf++; len--;
++  if (!(ctb & 0x80))
++    return 0; /* Invalid packet.  */
++
++  if ((ctb & 0x40)) /* New style (OpenPGP) CTB.  */
++    {
++      pkttype = (ctb & 0x3f);
++      if (!len)
++        return 0; /* Expected first length octet missing.  */
++      c = *buf++; len--;
++      if (c < 192)
++        ;
++      else if (c < 224)
++        {
++          if (!len)
++            return 0; /* Expected second length octet missing. */
++        }
++      else if (c == 255)
++        {
++          if (len < 4)
++            return 0; /* Expected length octets missing */
++        }
++    }
++  else /* Old style CTB.  */
++    {
++      pkttype = (ctb>>2)&0xf;
++      lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
++      if (len < lenbytes)
++        return 0; /* Not enough length bytes.  */
++    }
++
++  return (pkttype == 8);
++}
++
++
++/*
++ * Check if the file is compressed, by peeking the iobuf.  You need to
++ * pass the iobuf with INP.  Returns true if the buffer seems to be
++ * compressed.
++ */
++int
++is_file_compressed (iobuf_t inp)
++{
++  int i;
++  char buf[32];
++  int buflen;
++
++  struct magic_compress_s
++  {
++    byte len;
++    byte extchk;
++    byte magic[5];
++  } magic[] =
++      {
++       { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
++       { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
++       { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
++       { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
++       { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
++       { 5, 2, { 0x89, 'P','N','G', 0x0d} }  /* Likely PNG */
++  };
++
++  if (!inp)
++    return 0;
++
++  for ( ; inp->chain; inp = inp->chain )
++    ;
++
++  buflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof buf, buf);
++  if (buflen < 0)
++    {
++      buflen = 0;
++      log_debug ("peeking at input failed\n");
++    }
++
++  if ( buflen < 6 )
++    {
++      return 0;  /* Too short to check - assume uncompressed.  */
++    }
++
++  for ( i = 0; i < DIM (magic); i++ )
++    {
++      if (!memcmp( buf, magic[i].magic, magic[i].len))
++        {
++          switch (magic[i].extchk)
++            {
++            case 0:
++              return 1; /* Is compressed.  */
++            case 1:
++              if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
++                return 1; /* JFIF: this likely a compressed JPEG.  */
++              break;
++            case 2:
++              if (buflen > 8
++                  && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
++                return 1; /* This is a PNG.  */
++              break;
++            default:
++              break;
++            }
++        }
++    }
++
++  if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
++    {
++      return 1; /* Already compressed.  */
++    }
++
++  return 0;  /* Not detected as compressed.  */
++}
+--- a/common/iobuf.h
++++ b/common/iobuf.h
+@@ -629,6 +629,9 @@ void iobuf_set_partial_body_length_mode (iobuf_t a, size_t len);
+    from the following filter (which may or may not return EOF).  */
+ void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial);
+ 
++/* Check if the file is compressed, by peeking the iobuf.  */
++int is_file_compressed (iobuf_t inp);
++
+ #define iobuf_where(a)	"[don't know]"
+ 
+ /* Each time a filter is allocated (via iobuf_alloc()), a
+--- a/common/miscellaneous.c
++++ b/common/miscellaneous.c
+@@ -415,112 +415,6 @@ decode_c_string (const char *src)
+ }
+ 
+ 
+-/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
+- * packet.  LEN should be at least 6.  */
+-static int
+-is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
+-{
+-  int c, ctb, pkttype;
+-  int lenbytes;
+-
+-  ctb = *buf++; len--;
+-  if (!(ctb & 0x80))
+-    return 0; /* Invalid packet.  */
+-
+-  if ((ctb & 0x40)) /* New style (OpenPGP) CTB.  */
+-    {
+-      pkttype = (ctb & 0x3f);
+-      if (!len)
+-        return 0; /* Expected first length octet missing.  */
+-      c = *buf++; len--;
+-      if (c < 192)
+-        ;
+-      else if (c < 224)
+-        {
+-          if (!len)
+-            return 0; /* Expected second length octet missing. */
+-        }
+-      else if (c == 255)
+-        {
+-          if (len < 4)
+-            return 0; /* Expected length octets missing */
+-        }
+-    }
+-  else /* Old style CTB.  */
+-    {
+-      pkttype = (ctb>>2)&0xf;
+-      lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
+-      if (len < lenbytes)
+-        return 0; /* Not enough length bytes.  */
+-    }
+-
+-  return (pkttype == 8);
+-}
+-
+-
+-
+-/*
+- * Check if the file is compressed.  You need to pass the first bytes
+- * of the file as (BUF,BUFLEN).  Returns true if the buffer seems to
+- * be compressed.
+- */
+-int
+-is_file_compressed (const byte *buf, unsigned int buflen)
+-{
+-  int i;
+-
+-  struct magic_compress_s
+-  {
+-    byte len;
+-    byte extchk;
+-    byte magic[5];
+-  } magic[] =
+-      {
+-       { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
+-       { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
+-       { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
+-       { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
+-       { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
+-       { 5, 2, { 0x89, 'P','N','G', 0x0d} }  /* Likely PNG */
+-  };
+-
+-  if ( buflen < 6 )
+-    {
+-      return 0;  /* Too short to check - assume uncompressed.  */
+-    }
+-
+-  for ( i = 0; i < DIM (magic); i++ )
+-    {
+-      if (!memcmp( buf, magic[i].magic, magic[i].len))
+-        {
+-          switch (magic[i].extchk)
+-            {
+-            case 0:
+-              return 1; /* Is compressed.  */
+-            case 1:
+-              if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
+-                return 1; /* JFIF: this likely a compressed JPEG.  */
+-              break;
+-            case 2:
+-              if (buflen > 8
+-                  && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
+-                return 1; /* This is a PNG.  */
+-              break;
+-            default:
+-              break;
+-            }
+-        }
+-    }
+-
+-  if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
+-    {
+-      return 1; /* Already compressed.  */
+-    }
+-
+-  return 0;  /* Not detected as compressed.  */
+-}
+-
+-
+ /* Try match against each substring of multistr, delimited by | */
+ int
+ match_multistr (const char *multistr,const char *match)
+--- a/common/util.h
++++ b/common/util.h
+@@ -360,8 +360,6 @@ char *try_make_printable_string (const void *p, size_t n, int delim);
+ char *make_printable_string (const void *p, size_t n, int delim);
+ char *decode_c_string (const char *src);
+ 
+-int is_file_compressed (const byte *buf, unsigned int buflen);
+-
+ int match_multistr (const char *multistr,const char *match);
+ 
+ int gnupg_compare_version (const char *a, const char *b);
+--- a/g10/cipher-aead.c
++++ b/g10/cipher-aead.c
+@@ -174,8 +174,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
+     log_debug ("aead packet: len=%lu extralen=%d\n",
+                (unsigned long)ed.len, ed.extralen);
+ 
+-  write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
+-                       cfx->dek->algo, ed.aead_algo);
+   print_cipher_algo_note (cfx->dek->algo);
+ 
+   if (build_packet( a, &pkt))
+@@ -488,6 +486,11 @@ cipher_filter_aead (void *opaque, int control,
+     {
+       mem2str (buf, "cipher_filter_aead", *ret_len);
+     }
++  else if (control == IOBUFCTRL_INIT)
++    {
++      write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
++                           cfx->dek->algo, cfx->dek->use_aead);
++    }
+ 
+   return rc;
+ }
+--- a/g10/cipher-cfb.c
++++ b/g10/cipher-cfb.c
+@@ -72,9 +72,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
+       log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
+     }
+ 
+-  write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
+-                       ed.mdc_method, cfx->dek->algo);
+-
+   init_packet (&pkt);
+   pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
+   pkt.pkt.encrypted = &ed;
+@@ -182,6 +179,12 @@ cipher_filter_cfb (void *opaque, int control,
+     {
+       mem2str (buf, "cipher_filter_cfb", *ret_len);
+     }
++  else if (control == IOBUFCTRL_INIT)
++    {
++      write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
++                           cfx->dek->use_mdc ? DIGEST_ALGO_SHA1 : 0,
++                           cfx->dek->algo);
++    }
+ 
+   return rc;
+ }
+--- a/g10/encrypt.c
++++ b/g10/encrypt.c
+@@ -410,8 +410,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
+   text_filter_context_t tfx;
+   progress_filter_context_t *pfx;
+   int do_compress = !!default_compress_algo();
+-  char peekbuf[32];
+-  int  peekbuflen;
+ 
+   if (!gnupg_rng_is_compliant (opt.compliance))
+     {
+@@ -448,14 +446,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
+       return rc;
+     }
+ 
+-  peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
+-  if (peekbuflen < 0)
+-    {
+-      peekbuflen = 0;
+-      if (DBG_FILTER)
+-        log_debug ("peeking at input failed\n");
+-    }
+-
+   handle_progress (pfx, inp, filename);
+ 
+   if (opt.textmode)
+@@ -517,17 +507,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
+                  /**/             : "CFB");
+     }
+ 
+-  if (do_compress
+-      && cfx.dek
+-      && (cfx.dek->use_mdc || cfx.dek->use_aead)
+-      && !opt.explicit_compress_option
+-      && is_file_compressed (peekbuf, peekbuflen))
+-    {
+-      if (opt.verbose)
+-        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
+-      do_compress = 0;
+-    }
+-
+   if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
+     {
+       iobuf_cancel (inp);
+@@ -598,6 +577,24 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
+   else
+     filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
+ 
++  /* Register the cipher filter. */
++  if (mode)
++    iobuf_push_filter (out,
++                       cfx.dek->use_aead? cipher_filter_aead
++                       /**/             : cipher_filter_cfb,
++                       &cfx );
++
++  if (do_compress
++      && cfx.dek
++      && (cfx.dek->use_mdc || cfx.dek->use_aead)
++      && !opt.explicit_compress_option
++      && is_file_compressed (inp))
++    {
++      if (opt.verbose)
++        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
++      do_compress = 0;
++    }
++
+   if (!opt.no_literal)
+     {
+       /* Note that PT has been initialized above in !no_literal mode.  */
+@@ -617,13 +614,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
+       pkt.pkt.generic = NULL;
+     }
+ 
+-  /* Register the cipher filter. */
+-  if (mode)
+-    iobuf_push_filter (out,
+-                       cfx.dek->use_aead? cipher_filter_aead
+-                       /**/             : cipher_filter_cfb,
+-                       &cfx );
+-
+   /* Register the compress filter. */
+   if ( do_compress )
+     {
+@@ -783,7 +773,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
+   PKT_plaintext *pt = NULL;
+   DEK *symkey_dek = NULL;
+   STRING2KEY *symkey_s2k = NULL;
+-  int rc = 0, rc2 = 0;
++  int rc = 0;
+   u32 filesize;
+   cipher_filter_context_t cfx;
+   armor_filter_context_t *afx = NULL;
+@@ -792,8 +782,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
+   progress_filter_context_t *pfx;
+   PK_LIST pk_list;
+   int do_compress;
+-  char peekbuf[32];
+-  int  peekbuflen;
+ 
+   if (filefd != -1 && filename)
+     return gpg_error (GPG_ERR_INV_ARG);  /* Both given.  */
+@@ -866,14 +854,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
+   if (opt.verbose)
+     log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp));
+ 
+-  peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
+-  if (peekbuflen < 0)
+-    {
+-      peekbuflen = 0;
+-      if (DBG_FILTER)
+-        log_debug ("peeking at input failed\n");
+-    }
+-
+   handle_progress (pfx, inp, filename);
+ 
+   if (opt.textmode)
+@@ -900,25 +880,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
+   if (!cfx.dek->use_aead)
+     cfx.dek->use_mdc = !!use_mdc (pk_list, cfx.dek->algo);
+ 
+-  /* Only do the is-file-already-compressed check if we are using a
+-   * MDC or AEAD.  This forces compressed files to be re-compressed if
+-   * we do not have a MDC to give some protection against chosen
+-   * ciphertext attacks. */
+-  if (do_compress
+-      && (cfx.dek->use_mdc || cfx.dek->use_aead)
+-      && !opt.explicit_compress_option
+-      && is_file_compressed (peekbuf, peekbuflen))
+-    {
+-      if (opt.verbose)
+-        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
+-      do_compress = 0;
+-    }
+-  if (rc2)
+-    {
+-      rc = rc2;
+-      goto leave;
+-    }
+-
+   make_session_key (cfx.dek);
+   if (DBG_CRYPTO)
+     log_printhex (cfx.dek->key, cfx.dek->keylen, "DEK is: ");
+@@ -960,6 +921,26 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
+   else
+     filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
+ 
++  /* Register the cipher filter. */
++  iobuf_push_filter (out,
++                     cfx.dek->use_aead? cipher_filter_aead
++                     /**/             : cipher_filter_cfb,
++                     &cfx);
++
++  /* Only do the is-file-already-compressed check if we are using a
++   * MDC or AEAD.  This forces compressed files to be re-compressed if
++   * we do not have a MDC to give some protection against chosen
++   * ciphertext attacks. */
++  if (do_compress
++      && (cfx.dek->use_mdc || cfx.dek->use_aead)
++      && !opt.explicit_compress_option
++      && is_file_compressed (inp))
++    {
++      if (opt.verbose)
++        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
++      do_compress = 0;
++    }
++
+   if (!opt.no_literal)
+     {
+       pt->timestamp = make_timestamp();
+@@ -974,12 +955,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
+   else
+     cfx.datalen = filesize && !do_compress ? filesize : 0;
+ 
+-  /* Register the cipher filter. */
+-  iobuf_push_filter (out,
+-                     cfx.dek->use_aead? cipher_filter_aead
+-                     /**/             : cipher_filter_cfb,
+-                     &cfx);
+-
+   /* Register the compress filter. */
+   if (do_compress)
+     {
+--- a/g10/sign.c
++++ b/g10/sign.c
+@@ -1035,9 +1035,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
+   int multifile = 0;
+   u32 duration=0;
+   pt_extra_hash_data_t extrahash = NULL;
+-  char peekbuf[32];
+-  int  peekbuflen = 0;
+-
+ 
+   pfx = new_progress_context ();
+   afx = new_armor_context ();
+@@ -1096,14 +1093,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
+           goto leave;
+ 	}
+ 
+-      peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
+-      if (peekbuflen < 0)
+-        {
+-          peekbuflen = 0;
+-          if (DBG_FILTER)
+-            log_debug ("peeking at input failed\n");
+-        }
+-
+       handle_progress (pfx, inp, fname);
+     }
+ 
+@@ -1261,7 +1250,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
+       int compr_algo = opt.compress_algo;
+ 
+       if (!opt.explicit_compress_option
+-          && is_file_compressed (peekbuf, peekbuflen))
++          && is_file_compressed (inp))
+         {
+           if (opt.verbose)
+             log_info(_("'%s' already compressed\n"), fname? fname: "[stdin]");
+-- 
+2.11.0

diff --git a/app-crypt/gnupg/gnupg-2.4.2-r1.ebuild b/app-crypt/gnupg/gnupg-2.4.2-r1.ebuild
new file mode 100644
index 000000000000..6fd1932406ef
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.2-r1.ebuild
@@ -0,0 +1,192 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.46
+	>=dev-libs/libksba-1.6.3
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+"
+RDEPEND="
+	${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch
+)
+
+src_prepare() {
+	default
+
+	GNUPG_SYSTEMD_UNITS=(
+		dirmngr.service
+		dirmngr.socket
+		gpg-agent-browser.socket
+		gpg-agent-extra.socket
+		gpg-agent.service
+		gpg-agent.socket
+		gpg-agent-ssh.socket
+	)
+
+	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i "${T}"/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+	use doc && dodoc doc/*.png
+
+	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+	dodoc "${FILESDIR}"/README-systemd
+	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2023-05-23  4:13 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2023-05-23  4:13 UTC (permalink / raw
  To: gentoo-commits

commit:     432b7036cc18e57100696d0c505cc6abd1447582
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May 23 04:13:27 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 23 04:13:27 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=432b7036

app-crypt/gnupg: add 2.4.1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/Manifest                       |   2 +
 app-crypt/gnupg/files/README-systemd           |  67 +++++++++
 app-crypt/gnupg/files/dirmngr.service          |   8 ++
 app-crypt/gnupg/files/dirmngr.socket           |  11 ++
 app-crypt/gnupg/files/gpg-agent-browser.socket |  13 ++
 app-crypt/gnupg/files/gpg-agent-extra.socket   |  13 ++
 app-crypt/gnupg/files/gpg-agent-ssh.socket     |  13 ++
 app-crypt/gnupg/files/gpg-agent.service        |   8 ++
 app-crypt/gnupg/files/gpg-agent.socket         |  12 ++
 app-crypt/gnupg/gnupg-2.4.1.ebuild             | 191 +++++++++++++++++++++++++
 10 files changed, 338 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index a85a849bd427..a0b20cfe49cf 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -6,3 +6,5 @@ DIST gnupg-2.3.8.tar.bz2 7644926 BLAKE2B afb960adb877398363d92585d54bccc82c816f8
 DIST gnupg-2.3.8.tar.bz2.sig 238 BLAKE2B ea0442109ed6166635b622d352d7476396836b9b7671da3a44b17d04a7a0b9d8dc6e48434c379578466907854ae255d7541064a21eda1a43f96bedf963b699b9 SHA512 e9e6ef800f2ef78e637e7d06c340e0c2e0441a8d065dd7dee484171411be784e6f0e6def634405c5231a429f8d73a1946eba8b1d35d7563e372fe07923ddd4c8
 DIST gnupg-2.4.0.tar.bz2 7666935 BLAKE2B cc4bcd439a3283df5932c0c41873a3b85de07103d9164ec6dc44552fa0d8c5e5973d74dcd3ffd3d4cf0564c9dab66c6e2adbcd7b34bbc4b5faf0f1bf0f3836aa SHA512 094d631130d4dfe4421cc5e715eaec1888d0b4b764f1be9287be86cbc34430313211739d5481b34e9b59021d05cdbae8a87a1007031cc4dc6213045984a8559a
 DIST gnupg-2.4.0.tar.bz2.sig 238 BLAKE2B 745dda62b3e87507d7a64fb32036675038927dc9e8d1c4baadd9117c33d189a01d2cfcb362694f6ca4ef291b36828a9ee4c908ce1ac5f27109efd1fa66bcb662 SHA512 383c3ece4f34fc2a4f4f483ed67f821df9a96597de090b99c5e0f0cac3cf7a0d9422e469fb8b13cf472297c56e989a43463eac5045d167950fe58a38df96c893
+DIST gnupg-2.4.1.tar.bz2 7341338 BLAKE2B 6da4b1ed44f8110421ea465b50a08915231a26ee450c1b11326b9b777772b9ea304ea0c0881e967ca9c6054bc526445951176c50d9a2e24b038c04354c778e59 SHA512 4d6b30ec4b8d786508ec1ac5f3c5b0ddebdc4f60aa72eb5d6ecc185ff0e9f1f4798f80ae16a3d136052b91ec54978ec0b7969a11a6c2727f30b3b6efabbaf388
+DIST gnupg-2.4.1.tar.bz2.sig 238 BLAKE2B b832f8930827ddeacf4ca864279acfb5256427aaa9164ea1d9a98528c4a637d1288269c8fa6a19427b768294a9833dbe3eeb596abb1774864ca92001921f0b54 SHA512 2fead4f71876bf839cffc78def542b2cfd1b76ac207a06d8725dca7e20572969d9d72fc28b0c84345ee56cc57f5e3ff83e79be24eab1ee6db91680ae95447809

diff --git a/app-crypt/gnupg/files/README-systemd b/app-crypt/gnupg/files/README-systemd
new file mode 100644
index 000000000000..cc38fd66ab57
--- /dev/null
+++ b/app-crypt/gnupg/files/README-systemd
@@ -0,0 +1,67 @@
+Socket-activated dirmngr and gpg-agent with systemd
+===================================================
+
+When used on a GNU/Linux system supervised by systemd, you can ensure
+that the GnuPG daemons dirmngr and gpg-agent are launched
+automatically the first time they're needed, and shut down cleanly at
+session logout.  This is done by enabling user services via
+socket-activation.
+
+System distributors
+-------------------
+
+The *.service and *.socket files (from this directory) should be
+placed in /usr/lib/systemd/user/ alongside other user-session services
+and sockets.
+
+To enable socket-activated dirmngr for all accounts on the system,
+use:
+
+    systemctl --user --global enable dirmngr.socket
+
+To enable socket-activated gpg-agent for all accounts on the system,
+use:
+
+    systemctl --user --global enable gpg-agent.socket
+
+Additionally, you can enable socket-activated gpg-agent ssh-agent
+emulation for all accounts on the system with:
+
+    systemctl --user --global enable gpg-agent-ssh.socket
+
+You can also enable restricted ("--extra-socket"-style) gpg-agent
+sockets for all accounts on the system with:
+
+    systemctl --user --global enable gpg-agent-extra.socket
+
+Individual users
+----------------
+
+A user on a system with systemd where this has not been installed
+system-wide can place these files in ~/.config/systemd/user/ to make
+them available.
+
+If a given service isn't installed system-wide, or if it's installed
+system-wide but not globally enabled, individual users will still need
+to enable them.  For example, to enable socket-activated dirmngr for
+all future sessions:
+
+    systemctl --user enable dirmngr.socket
+
+To enable socket-activated gpg-agent with ssh support, do:
+
+    systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket
+
+These changes won't take effect until your next login after you've
+fully logged out (be sure to terminate any running daemons before
+logging out).
+
+If you'd rather try a socket-activated GnuPG daemon in an
+already-running session without logging out (with or without enabling
+it for all future sessions), kill any existing daemon and start the
+user socket directly.  For example, to set up socket-activated dirmgnr
+in the current session:
+
+    gpgconf --kill dirmngr
+    systemctl --user start dirmngr.socket
+

diff --git a/app-crypt/gnupg/files/dirmngr.service b/app-crypt/gnupg/files/dirmngr.service
new file mode 100644
index 000000000000..3c060cde5d87
--- /dev/null
+++ b/app-crypt/gnupg/files/dirmngr.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=GnuPG network certificate management daemon
+Documentation=man:dirmngr(8)
+Requires=dirmngr.socket
+
+[Service]
+ExecStart=/usr/bin/dirmngr --supervised
+ExecReload=/usr/bin/gpgconf --reload dirmngr

diff --git a/app-crypt/gnupg/files/dirmngr.socket b/app-crypt/gnupg/files/dirmngr.socket
new file mode 100644
index 000000000000..ebabf896ab43
--- /dev/null
+++ b/app-crypt/gnupg/files/dirmngr.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=GnuPG network certificate management daemon
+Documentation=man:dirmngr(8)
+
+[Socket]
+ListenStream=%t/gnupg/S.dirmngr
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target

diff --git a/app-crypt/gnupg/files/gpg-agent-browser.socket b/app-crypt/gnupg/files/gpg-agent-browser.socket
new file mode 100644
index 000000000000..bc8d344e1f2d
--- /dev/null
+++ b/app-crypt/gnupg/files/gpg-agent-browser.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache (access for web browsers)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.browser
+FileDescriptorName=browser
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target

diff --git a/app-crypt/gnupg/files/gpg-agent-extra.socket b/app-crypt/gnupg/files/gpg-agent-extra.socket
new file mode 100644
index 000000000000..5b87d09dfa2a
--- /dev/null
+++ b/app-crypt/gnupg/files/gpg-agent-extra.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache (restricted)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.extra
+FileDescriptorName=extra
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target

diff --git a/app-crypt/gnupg/files/gpg-agent-ssh.socket b/app-crypt/gnupg/files/gpg-agent-ssh.socket
new file mode 100644
index 000000000000..798c1d967595
--- /dev/null
+++ b/app-crypt/gnupg/files/gpg-agent-ssh.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent (ssh-agent emulation)
+Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.ssh
+FileDescriptorName=ssh
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target

diff --git a/app-crypt/gnupg/files/gpg-agent.service b/app-crypt/gnupg/files/gpg-agent.service
new file mode 100644
index 000000000000..a050fccdc527
--- /dev/null
+++ b/app-crypt/gnupg/files/gpg-agent.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache
+Documentation=man:gpg-agent(1)
+Requires=gpg-agent.socket
+
+[Service]
+ExecStart=/usr/bin/gpg-agent --supervised
+ExecReload=/usr/bin/gpgconf --reload gpg-agent

diff --git a/app-crypt/gnupg/files/gpg-agent.socket b/app-crypt/gnupg/files/gpg-agent.socket
new file mode 100644
index 000000000000..4257c2c80f18
--- /dev/null
+++ b/app-crypt/gnupg/files/gpg-agent.socket
@@ -0,0 +1,12 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent
+FileDescriptorName=std
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target

diff --git a/app-crypt/gnupg/gnupg-2.4.1.ebuild b/app-crypt/gnupg/gnupg-2.4.1.ebuild
new file mode 100644
index 000000000000..e515f99e699b
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.1.ebuild
@@ -0,0 +1,191 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.46
+	>=dev-libs/libksba-1.6.3
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+"
+RDEPEND="
+	${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+)
+
+src_prepare() {
+	default
+
+	GNUPG_SYSTEMD_UNITS=(
+		dirmngr.service
+		dirmngr.socket
+		gpg-agent-browser.socket
+		gpg-agent-extra.socket
+		gpg-agent.service
+		gpg-agent.socket
+		gpg-agent-ssh.socket
+	)
+
+	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i "${T}"/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+	use doc && dodoc doc/*.png
+
+	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+	dodoc "${FILESDIR}"/README-systemd
+	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2022-09-23  1:06 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-09-23  1:06 UTC (permalink / raw
  To: gentoo-commits

commit:     b4e5401ead897c9f4de51e39a0f7c98f98e5ea31
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 23 01:02:47 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Sep 23 01:02:47 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4e5401e

app-crypt/gnupg: drop versions

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |  10 --
 .../gnupg-2.2.35-status-messages-garbled.patch     |  45 ------
 .../gnupg-2.3.6-status-messages-garbled.patch      |  45 ------
 app-crypt/gnupg/gnupg-2.2.35-r1.ebuild             | 160 --------------------
 app-crypt/gnupg/gnupg-2.2.35.ebuild                | 159 --------------------
 app-crypt/gnupg/gnupg-2.2.36.ebuild                | 159 --------------------
 app-crypt/gnupg/gnupg-2.2.37.ebuild                | 159 --------------------
 app-crypt/gnupg/gnupg-2.2.38.ebuild                | 165 ---------------------
 app-crypt/gnupg/gnupg-2.3.6-r1.ebuild              | 165 ---------------------
 app-crypt/gnupg/gnupg-2.3.6.ebuild                 | 164 --------------------
 10 files changed, 1231 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 1ae533ed4a9a..fdb506e83ca5 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,14 +1,4 @@
-DIST gnupg-2.2.35.tar.bz2 7262687 BLAKE2B 18b5965151ded3b3f28d139824e14d7a6f1673c5192ec5f5a80366a6d5f2e04ed7fa035e2bff105e1752753584f992626ccc9ea8840c2bfa39ffe7ca39b81f7f SHA512 ad9f8d10890b7fafb15a7422e2cebaf0f85ce7cf5f880f4edd8d1dec46aa73c01f9096e601f6edd665f8684d1f5892634991a400e00b3185e6b201f549004d3e
-DIST gnupg-2.2.35.tar.bz2.sig 119 BLAKE2B d95323703c12c9474b21fa91ddb70d4d4d464c794223e21f6ae5d4de955f07a5cabde50612e977168ea6071c4b12be3262cbafe9bcaa8e9a0b009318c0ff6718 SHA512 9043894730520e974e7bc17e0f95419c319fbcd514f102faf644e2f5580e238719cecb8b5e778ecf20f9212ee2554206eb0686e8b5fce7f8c556146657660fe2
-DIST gnupg-2.2.36.tar.bz2 7273805 BLAKE2B 82f26f48380632ddffedacb5e7cff653aec7bea2cf90d88184e0ddeb4053bd2b0ed1ee7addeceb684ffcbf07ccc2cba699172d78e5ab023af2e3d777fbb702b0 SHA512 2d14000a0e8b36688d5e89372a1ef5f8a526b2724715377323d1f9abd23122aa9d0ab2c0988063c397f969afefbf205aedb7205915fd751c539336e680d8462a
-DIST gnupg-2.2.36.tar.bz2.sig 119 BLAKE2B ad6dc03c34f6c0d13080ef0bdea2db152c12ea4f129783ba1b0b7f237965b8eeec22b2e79fcf42657dafdd20cae558d781b07378bed78386979a0b4c4ef4a49b SHA512 4ad3f9041aa1fbffaab3cc4aa0df038a67dc8eb200492cdd96259dcf1e0005cb39d6e6245280f1a2a8d4db9f686381e2b0f5bb80c412edbdbcb3fc11dca044c5
-DIST gnupg-2.2.37.tar.bz2 7285172 BLAKE2B 40606f996aea3d26e28989466861bf486b8bf95e38d23377c0745b85f4817988f794fa07cbb1d5b8b7ae1da3c8bd5fcee5fabb1998b2fc1aa0b0e3ea4351575b SHA512 b56c47002948fd28fc9d5c23b46f5522e4210ed61c17f491c3b3fab5fab8893da33b1f8ff55a3bbef6367ff92b10c141c1f24d8350c37a0e756d2bdfbe86d7be
-DIST gnupg-2.2.37.tar.bz2.sig 119 BLAKE2B b5166f574a35223eeadf056d6bc3e8bcbd02fad766713afba28e20d4d431fcf123b5566527274923fede092c1e48efefd32b825644583f016bf3db119af03209 SHA512 8a1c34a5cd6afa3a263669922bc43217274f796634dc14b54558e1361f5e38680c6897e402a5289ccbe08c91efa3647bccd741fa09f3259174b8dabf86ecbc6f
-DIST gnupg-2.2.38.tar.bz2 7290509 BLAKE2B 249fd6502a1607d1881fd97e4a97a1a3557da26929b67424bafcf29b5ef1588c9295347c5be497a8485dd61755bfe40b4f0232e0f1f67d2517c69613c6080da1 SHA512 30483492e27c31db114c29e22eae1b9c54db9f02ade491f443a7748b42825fa3e52545286316b99217aed0b0af29f67ccecca2399c76554a086bcd49b35ad3e5
-DIST gnupg-2.2.38.tar.bz2.sig 119 BLAKE2B 9e7257a7326ccf107eff1f93b92f7e79ab31a2e58c12d4085a2106528c822df1737a127923c62a05fa199fa1d1e0ac900726808870d059871be6ab178849369e SHA512 e00ec552e1347ab26d37ad7830f599aa51e7620e9780250480192f83c67e319bf2d26f7198f49c553204ab96461c0a4aea1fa6ae57c83a91681f98c2596a9ab6
 DIST gnupg-2.2.39.tar.bz2 7290098 BLAKE2B a9e31830f3ef9ec6d8d461a85fcbe4b91bcac9607d3b5f13f5edc0c54505afb6c6c119cd397023b1378d96c7d0f15c0d60da1d15721e9a18eb3ea8c7b69fba83 SHA512 73f881c12c82010aeaada500517ff39ab22b27ff21b1248bc2228b60a2d75385a44a53c5cfadb8f6b84ef22ad9db0105096b6620fb689560809b324019713940
 DIST gnupg-2.2.39.tar.bz2.sig 119 BLAKE2B 584d7d36671670ac507948257e9c6be556ed2a2d3c0100bb2746edfe96df5ee1d4c6172fe0cae39d85fc290097bc5f6e1b351debc8ec2f5cc78047354fbed016 SHA512 6f7d7c2d1fae706b03c735cf453976c3aebef3f23659426f39a88c63d979f4d873ae09280d75dee9000805468d2a7f49d348609061939000f7cedf34ec5c6019
-DIST gnupg-2.3.6.tar.bz2 7604761 BLAKE2B 6cbc749156c50b6633c126cde621271c6c9682a04efea51fbc5a2e92ee56493e8348814391ee0c337adcb4de4dd23293b9592db78998626905038c859ac4af6e SHA512 4540e8d2be836b491918f4987ba301a73fcdc4539b1f9abf6112a74c2d39c0e5dc3f17511212bac1dd7fd0594feecd91f95ecf78d4b2c1e70e818342a1802b85
-DIST gnupg-2.3.6.tar.bz2.sig 119 BLAKE2B c7d4cdc81580b8b1e56c7bc83236d65c9d2c1bab2d210d14a0d3c58f635d656c9b449ef9596b9601027cb891bd437cc8f2a63eb3c17742c288531511984fba7f SHA512 85d155f9809c8d0f38723d8622c085e421531c016d19fcce2ae34dc9a4aeac0bc1895f7a094ee9cdf69a15b426fb0d72ee53319fe0a05665c92caa0e950c1797
 DIST gnupg-2.3.7.tar.bz2 7599853 BLAKE2B 3e9e33c8357222f42cc0e2af538e9f1f1f0453f35d790aaadf47ce9df24229efa91457b6014b34f19084448a3a6603c82e7d07714b89a68c6a84a08af6fa0e02 SHA512 c7fe169050ef17051cdaac9ad476e7ea792483baad1208fc359d568fa9e138d920ecaa2cd9cae73b20f5472a7d8ca6540a62062ff7a06055cc656b0eb4b917b9
 DIST gnupg-2.3.7.tar.bz2.sig 119 BLAKE2B c2652adf203bc828ed0aaf778542e990028156c16b435cd35aa6fe57ca0a5b798087c98e16589685c8ab9b8b92e16c3f7d4da56a4b1209b9adf2c24ea548ae6e SHA512 0257034b3e7ac390dadb151c656ff59822dacedaddca4ad6b5980b3e03a468ada47553e6a1fcff6a12c64ae2f9c15b245df855cd424b010041df8daaaab9a1b8

diff --git a/app-crypt/gnupg/files/gnupg-2.2.35-status-messages-garbled.patch b/app-crypt/gnupg/files/gnupg-2.2.35-status-messages-garbled.patch
deleted file mode 100644
index 23dbf00b1831..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.35-status-messages-garbled.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-https://bugs.gentoo.org/855395
-https://marc.info/?l=oss-security&m=165657063921408&w=2
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7b1db7192e6e4d0cfc439b23b13831837c85bc21
-
-From 7b1db7192e6e4d0cfc439b23b13831837c85bc21 Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Tue, 14 Jun 2022 11:33:27 +0200
-Subject: [PATCH] g10: Fix garbled status messages in NOTATION_DATA
-
-* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
---
-
-Depending on the escaping and line wrapping the computed remaining
-buffer length could be wrong.  Fixed by always using a break to
-terminate the escape detection loop.  Might have happened for all
-status lines which may wrap.
-
-GnuPG-bug-id: T6027
---- a/g10/cpr.c
-+++ b/g10/cpr.c
-@@ -328,20 +328,15 @@ write_status_text_and_buffer (int no, const char *string,
-             }
-           first = 0;
-         }
--      for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
-+      for (esc=0, s=buffer, n=len; n; s++, n--)
-         {
-           if (*s == '%' || *(const byte*)s <= lower_limit
-               || *(const byte*)s == 127 )
-             esc = 1;
-           if (wrap && ++count > wrap)
--            {
--              dowrap=1;
--              break;
--            }
--        }
--      if (esc)
--        {
--          s--; n++;
-+            dowrap=1;
-+          if (esc || dowrap)
-+            break;
-         }
-       if (s != buffer)
-         es_fwrite (buffer, s-buffer, 1, statusfp);

diff --git a/app-crypt/gnupg/files/gnupg-2.3.6-status-messages-garbled.patch b/app-crypt/gnupg/files/gnupg-2.3.6-status-messages-garbled.patch
deleted file mode 100644
index 4bac4fea0f0e..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.3.6-status-messages-garbled.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-https://bugs.gentoo.org/855395
-https://marc.info/?l=oss-security&m=165657063921408&w=2
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=34c649b3601383cd11dbc76221747ec16fd68e1b;hp=4dbef2addca8c76fb4953fd507bd800d2a19d3ec
-
-From 34c649b3601383cd11dbc76221747ec16fd68e1b Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Tue, 14 Jun 2022 11:33:27 +0200
-Subject: [PATCH 1/1] g10: Fix garbled status messages in NOTATION_DATA
-
-* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
---
-
-Depending on the escaping and line wrapping the computed remaining
-buffer length could be wrong.  Fixed by always using a break to
-terminate the escape detection loop.  Might have happened for all
-status lines which may wrap.
-
-GnuPG-bug-id: T6027
---- a/g10/cpr.c
-+++ b/g10/cpr.c
-@@ -372,20 +372,15 @@ write_status_text_and_buffer (int no, const char *string,
-             }
-           first = 0;
-         }
--      for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
-+      for (esc=0, s=buffer, n=len; n; s++, n--)
-         {
-           if (*s == '%' || *(const byte*)s <= lower_limit
-               || *(const byte*)s == 127 )
-             esc = 1;
-           if (wrap && ++count > wrap)
--            {
--              dowrap=1;
--              break;
--            }
--        }
--      if (esc)
--        {
--          s--; n++;
-+            dowrap=1;
-+          if (esc || dowrap)
-+            break;
-         }
-       if (s != buffer)
-         es_fwrite (buffer, s-buffer, 1, statusfp);

diff --git a/app-crypt/gnupg/gnupg-2.2.35-r1.ebuild b/app-crypt/gnupg/gnupg-2.2.35-r1.ebuild
deleted file mode 100644
index cc1044746b9d..000000000000
--- a/app-crypt/gnupg/gnupg-2.2.35-r1.ebuild
+++ /dev/null
@@ -1,160 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
-inherit flag-o-matic systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.8.0:=
-	>=dev-libs/libgpg-error-1.29
-	>=dev-libs/libksba-1.3.5
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-	"${FILESDIR}"/${P}-status-messages-garbled.patch
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-gpg
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	# bug #638574
-	use tofu && export TESTFLAGS=--parallel
-
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}

diff --git a/app-crypt/gnupg/gnupg-2.2.35.ebuild b/app-crypt/gnupg/gnupg-2.2.35.ebuild
deleted file mode 100644
index f27f0d8dab72..000000000000
--- a/app-crypt/gnupg/gnupg-2.2.35.ebuild
+++ /dev/null
@@ -1,159 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
-inherit flag-o-matic systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.8.0:=
-	>=dev-libs/libgpg-error-1.29
-	>=dev-libs/libksba-1.3.5
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-gpg
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	# bug #638574
-	use tofu && export TESTFLAGS=--parallel
-
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}

diff --git a/app-crypt/gnupg/gnupg-2.2.36.ebuild b/app-crypt/gnupg/gnupg-2.2.36.ebuild
deleted file mode 100644
index 6500ebd0e1fb..000000000000
--- a/app-crypt/gnupg/gnupg-2.2.36.ebuild
+++ /dev/null
@@ -1,159 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
-inherit flag-o-matic systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.8.0:=
-	>=dev-libs/libgpg-error-1.29
-	>=dev-libs/libksba-1.3.5
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-gpg
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	# bug #638574
-	use tofu && export TESTFLAGS=--parallel
-
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}

diff --git a/app-crypt/gnupg/gnupg-2.2.37.ebuild b/app-crypt/gnupg/gnupg-2.2.37.ebuild
deleted file mode 100644
index 6500ebd0e1fb..000000000000
--- a/app-crypt/gnupg/gnupg-2.2.37.ebuild
+++ /dev/null
@@ -1,159 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
-inherit flag-o-matic systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.8.0:=
-	>=dev-libs/libgpg-error-1.29
-	>=dev-libs/libksba-1.3.5
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-gpg
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	# bug #638574
-	use tofu && export TESTFLAGS=--parallel
-
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}

diff --git a/app-crypt/gnupg/gnupg-2.2.38.ebuild b/app-crypt/gnupg/gnupg-2.2.38.ebuild
deleted file mode 100644
index 29c399bdc9e6..000000000000
--- a/app-crypt/gnupg/gnupg-2.2.38.ebuild
+++ /dev/null
@@ -1,165 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should:
-# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
-# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
-# (find the one for the current release then subscribe to it +
-# any subsequent ones linked within so you're covered for a while.)
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
-inherit flag-o-matic systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.8.0:=
-	>=dev-libs/libgpg-error-1.29
-	>=dev-libs/libksba-1.3.5
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-gpg
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	# bug #638574
-	use tofu && export TESTFLAGS=--parallel
-
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}

diff --git a/app-crypt/gnupg/gnupg-2.3.6-r1.ebuild b/app-crypt/gnupg/gnupg-2.3.6-r1.ebuild
deleted file mode 100644
index c3371534dadc..000000000000
--- a/app-crypt/gnupg/gnupg-2.3.6-r1.ebuild
+++ /dev/null
@@ -1,165 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
-inherit flag-o-matic systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="test? ( tofu )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.9.1:=
-	>=dev-libs/libgpg-error-1.41
-	>=dev-libs/libksba-1.3.4
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	tofu? ( >=dev-db/sqlite-3.27 )
-	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-	"${FILESDIR}"/${P}-status-messages-garbled.patch
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use_enable tofu keyboxd)
-		$(use_enable tofu sqlite)
-		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	# bug #638574
-	use tofu && export TESTFLAGS=--parallel
-
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}

diff --git a/app-crypt/gnupg/gnupg-2.3.6.ebuild b/app-crypt/gnupg/gnupg-2.3.6.ebuild
deleted file mode 100644
index 9311b4498b77..000000000000
--- a/app-crypt/gnupg/gnupg-2.3.6.ebuild
+++ /dev/null
@@ -1,164 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
-inherit flag-o-matic systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="test? ( tofu )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.9.1:=
-	>=dev-libs/libgpg-error-1.41
-	>=dev-libs/libksba-1.3.4
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	tofu? ( >=dev-db/sqlite-3.27 )
-	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use_enable tofu keyboxd)
-		$(use_enable tofu sqlite)
-		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	# bug #638574
-	use tofu && export TESTFLAGS=--parallel
-
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2022-07-14  0:49 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-07-14  0:49 UTC (permalink / raw
  To: gentoo-commits

commit:     70a5cc46592ba76ffa08535b1c60f9cc59470e88
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 14 00:49:29 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 00:49:29 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70a5cc46

app-crypt/gnupg: backport yubikey fix

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/gnupg-2.3.7-yubikey-workaround-fix.patch | 53 ++++++++++++++++++++++
 .../{gnupg-2.3.7.ebuild => gnupg-2.3.7-r1.ebuild}  |  1 +
 2 files changed, 54 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch b/app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch
new file mode 100644
index 000000000000..94062c885b5b
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch
@@ -0,0 +1,53 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f34b9147eb3070bce80d53febaa564164cd6c977
+
+From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 13 Jul 2022 10:40:55 +0900
+Subject: [PATCH] scd:openpgp: Fix workaround for Yubikey heuristics.
+
+* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
+of firmware 5.4, too.
+
+--
+
+GnuPG-bug-id: 6070
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/scd/app-openpgp.c
++++ b/scd/app-openpgp.c
+@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno)
+       app->app_local->keyattr[keyno].ecc.algo = *buffer;
+       app->app_local->keyattr[keyno].ecc.flags = 0;
+ 
+-      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY
+-	  || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
+-        { /* Found "pubkey required"-byte for private key template.  */
+-          oidlen--;
+-          if (buffer[buflen-1] == 0xff)
+-            app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
++      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
++        {
++          /* Yubikey implementations vary.
++           * Firmware version 5.2 returns "pubkey required"-byte with
++           * 0x00, but after removal and second time insertion, it
++           * returns bogus value there.
++           * Firmware version 5.4 returns none.
++           */
++          curve = ecc_curve (buffer + 1, oidlen);
++          if (!curve)
++            curve = ecc_curve (buffer + 1, oidlen - 1);
++        }
++      else
++        {
++          if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
++            { /* Found "pubkey required"-byte for private key template.  */
++              oidlen--;
++              if (buffer[buflen-1] == 0xff)
++                app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
++            }
++          curve = ecc_curve (buffer + 1, oidlen);
+         }
+-
+-      curve = ecc_curve (buffer + 1, oidlen);
+ 
+       if (!curve)
+         {

diff --git a/app-crypt/gnupg/gnupg-2.3.7.ebuild b/app-crypt/gnupg/gnupg-2.3.7-r1.ebuild
similarity index 99%
rename from app-crypt/gnupg/gnupg-2.3.7.ebuild
rename to app-crypt/gnupg/gnupg-2.3.7-r1.ebuild
index 6f376da7aafd..54821c7edea1 100644
--- a/app-crypt/gnupg/gnupg-2.3.7.ebuild
+++ b/app-crypt/gnupg/gnupg-2.3.7-r1.ebuild
@@ -57,6 +57,7 @@ DOCS=(
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-yubikey-workaround-fix.patch
 )
 
 src_prepare() {


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2022-06-30 20:01 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-06-30 20:01 UTC (permalink / raw
  To: gentoo-commits

commit:     988fa70ca5731f8d4a1862d559603cbf13d569be
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 20:01:02 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 20:01:08 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=988fa70c

app-crypt/gnupg: backport signature status message fix

Bug: https://bugs.gentoo.org/855395
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../gnupg-2.2.35-status-messages-garbled.patch     |  45 ++++++
 .../gnupg-2.3.6-status-messages-garbled.patch      |  45 ++++++
 app-crypt/gnupg/gnupg-2.2.35-r1.ebuild             | 160 ++++++++++++++++++++
 app-crypt/gnupg/gnupg-2.3.6-r1.ebuild              | 165 +++++++++++++++++++++
 4 files changed, 415 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.2.35-status-messages-garbled.patch b/app-crypt/gnupg/files/gnupg-2.2.35-status-messages-garbled.patch
new file mode 100644
index 000000000000..23dbf00b1831
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.35-status-messages-garbled.patch
@@ -0,0 +1,45 @@
+https://bugs.gentoo.org/855395
+https://marc.info/?l=oss-security&m=165657063921408&w=2
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7b1db7192e6e4d0cfc439b23b13831837c85bc21
+
+From 7b1db7192e6e4d0cfc439b23b13831837c85bc21 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Tue, 14 Jun 2022 11:33:27 +0200
+Subject: [PATCH] g10: Fix garbled status messages in NOTATION_DATA
+
+* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
+--
+
+Depending on the escaping and line wrapping the computed remaining
+buffer length could be wrong.  Fixed by always using a break to
+terminate the escape detection loop.  Might have happened for all
+status lines which may wrap.
+
+GnuPG-bug-id: T6027
+--- a/g10/cpr.c
++++ b/g10/cpr.c
+@@ -328,20 +328,15 @@ write_status_text_and_buffer (int no, const char *string,
+             }
+           first = 0;
+         }
+-      for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
++      for (esc=0, s=buffer, n=len; n; s++, n--)
+         {
+           if (*s == '%' || *(const byte*)s <= lower_limit
+               || *(const byte*)s == 127 )
+             esc = 1;
+           if (wrap && ++count > wrap)
+-            {
+-              dowrap=1;
+-              break;
+-            }
+-        }
+-      if (esc)
+-        {
+-          s--; n++;
++            dowrap=1;
++          if (esc || dowrap)
++            break;
+         }
+       if (s != buffer)
+         es_fwrite (buffer, s-buffer, 1, statusfp);

diff --git a/app-crypt/gnupg/files/gnupg-2.3.6-status-messages-garbled.patch b/app-crypt/gnupg/files/gnupg-2.3.6-status-messages-garbled.patch
new file mode 100644
index 000000000000..4bac4fea0f0e
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.3.6-status-messages-garbled.patch
@@ -0,0 +1,45 @@
+https://bugs.gentoo.org/855395
+https://marc.info/?l=oss-security&m=165657063921408&w=2
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=34c649b3601383cd11dbc76221747ec16fd68e1b;hp=4dbef2addca8c76fb4953fd507bd800d2a19d3ec
+
+From 34c649b3601383cd11dbc76221747ec16fd68e1b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Tue, 14 Jun 2022 11:33:27 +0200
+Subject: [PATCH 1/1] g10: Fix garbled status messages in NOTATION_DATA
+
+* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
+--
+
+Depending on the escaping and line wrapping the computed remaining
+buffer length could be wrong.  Fixed by always using a break to
+terminate the escape detection loop.  Might have happened for all
+status lines which may wrap.
+
+GnuPG-bug-id: T6027
+--- a/g10/cpr.c
++++ b/g10/cpr.c
+@@ -372,20 +372,15 @@ write_status_text_and_buffer (int no, const char *string,
+             }
+           first = 0;
+         }
+-      for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
++      for (esc=0, s=buffer, n=len; n; s++, n--)
+         {
+           if (*s == '%' || *(const byte*)s <= lower_limit
+               || *(const byte*)s == 127 )
+             esc = 1;
+           if (wrap && ++count > wrap)
+-            {
+-              dowrap=1;
+-              break;
+-            }
+-        }
+-      if (esc)
+-        {
+-          s--; n++;
++            dowrap=1;
++          if (esc || dowrap)
++            break;
+         }
+       if (s != buffer)
+         es_fwrite (buffer, s-buffer, 1, statusfp);

diff --git a/app-crypt/gnupg/gnupg-2.2.35-r1.ebuild b/app-crypt/gnupg/gnupg-2.2.35-r1.ebuild
new file mode 100644
index 000000000000..8590dbbe4f97
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.35-r1.ebuild
@@ -0,0 +1,160 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND=">=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.8.0:=
+	>=dev-libs/libgpg-error-1.29
+	>=dev-libs/libksba-1.3.5
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+	tofu? ( >=dev-db/sqlite-3.7 )"
+
+RDEPEND="${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-status-messages-garbled.patch
+)
+
+src_prepare() {
+	default
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+src_configure() {
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+		--with-mailprog=/usr/libexec/sendmail
+		--disable-ntbtls
+		--enable-gpg
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+	# by wks-client & wks-server; and if it's autodetected but not not exist at
+	# build time, then then 'gpg-wks-client --send' functionality will not
+	# work. This has an unwanted side-effect in stage3 builds: there was a
+	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+	# the build where the install guide previously make the user chose the
+	# logger & mta early in the install.
+
+	econf "${myconf[@]}"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_test() {
+	# bug #638574
+	use tofu && export TESTFLAGS=--parallel
+
+	default
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}

diff --git a/app-crypt/gnupg/gnupg-2.3.6-r1.ebuild b/app-crypt/gnupg/gnupg-2.3.6-r1.ebuild
new file mode 100644
index 000000000000..c2540e9010b7
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.3.6-r1.ebuild
@@ -0,0 +1,165 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND=">=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.41
+	>=dev-libs/libksba-1.3.4
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+"
+
+RDEPEND="${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-status-messages-garbled.patch
+)
+
+src_prepare() {
+	default
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+src_configure() {
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+		--with-mailprog=/usr/libexec/sendmail
+		--disable-ntbtls
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+	# by wks-client & wks-server; and if it's autodetected but not not exist at
+	# build time, then then 'gpg-wks-client --send' functionality will not
+	# work. This has an unwanted side-effect in stage3 builds: there was a
+	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+	# the build where the install guide previously make the user chose the
+	# logger & mta early in the install.
+
+	econf "${myconf[@]}"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_test() {
+	# bug #638574
+	use tofu && export TESTFLAGS=--parallel
+
+	default
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2022-04-25 16:06 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-04-25 16:06 UTC (permalink / raw
  To: gentoo-commits

commit:     e6d5dc95e4eb2e7282b0faeb7908569cb2103134
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 25 16:05:50 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 25 16:05:55 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e6d5dc95

app-crypt/gnupg: drop 2.3.4-r3, 2.3.5-r1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |   2 -
 .../files/gnupg-2.3.5-fix-buffering-hang.patch     |  52 -------
 app-crypt/gnupg/gnupg-2.3.4-r3.ebuild              | 161 ---------------------
 app-crypt/gnupg/gnupg-2.3.5-r1.ebuild              | 161 ---------------------
 4 files changed, 376 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index da135ab95714..27fdcf84a943 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,7 +1,5 @@
 DIST gnupg-2.2.34.tar.bz2 7252882 BLAKE2B f42fd8c4019a051c9f087ae1806ce61c831e0aa552baf7372fd26f2e81d612b919590b698e512343644b68ba220f8f4f751cb66a7f4966df5ba7819563d5351a SHA512 2232e2df58a8470f152d5d91816e14017bcc702bf56c7ae6210f8f42069b2117172b9eabc8fcc1d1174aa7a1068ff444c98335f6c503c2e17137c76fe2602b8b
 DIST gnupg-2.2.34.tar.bz2.sig 119 BLAKE2B 38d384f215f02bb45ab7c77bb7ad434d9038d8ed19610210ebf84e43e1548c2e938f1f45a1047a9c161c3a88308b83c21fb2bc254a77e68fcf00c7f0cf72e5f9 SHA512 220436aa2387376d4af41ee84dbac9a9e4fda2904024d81da9af6f8c704700c5c6f9da98cfa7e4a9f188ad2739189b905473cfd88747978300829ec382771745
-DIST gnupg-2.3.4.tar.bz2 7589561 BLAKE2B 6e04a90a5ffac7d4701202e35071a48530ba86d8c64cab3ed1617df23358f4d564ddf6cdbc6c861890725344a19619e0f6791ccabd97b18b28dc4e6e01f7837b SHA512 a3cf1c759512ec561c6f01cec72d533fc099dccf8c03b3a3e4a930862ae4c6815ecb856edd41884a65f058b65553cb69519e53e134d652353a7a76144bd99758
-DIST gnupg-2.3.4.tar.bz2.sig 238 BLAKE2B e384c1528d015b4470eabfeffbe59db82cfc6522d739d6017f72f60a55959ded9cf031fec7b9b286f8020cdd429b2d07780205633d6fb459521ba96374fb3b3f SHA512 be43535068b1ad33458ad320e3ec37fad49341ebfb0846a2b21d2b87fd55696567df91abcea0b83e70ad1322832635279a4d0bf1f736ae6dd70e255c951bf0b3
 DIST gnupg-2.3.5.tar.bz2 7601772 BLAKE2B b1044d8a62636be1fe870fe73213ffdefefc4b4f99b4cb1abcbc85679fda8ec855c1ac11296e2a37c7aef9bf0eec401bd3aafe68154a22df780512deb5ed77f8 SHA512 dcaf6a72179cbc21263f27c994100fbd45687daaa63e3a9a9668e26c25f331516e8c7b656cdce6c646e5fe29f0ad2e20b72ac364f242524fb3ead4e96e89520d
 DIST gnupg-2.3.5.tar.bz2.sig 119 BLAKE2B 5377908e2ad968db06e870d17116827c9a332bd159aba2ff737131805b9f81d7ff44352ffb9af0006ec2d48934fcfc7af54965d948a8a043fe3a59b3600f8745 SHA512 f12e799274833a657317e997e85958cc450d57bb6a3a39a613d41de50953ab1363e0a38a4f4948f81f7da08dd00ccb2e141d6b2eb7f131ed2905d3c1666f7da2
 DIST gnupg-2.3.6.tar.bz2 7604761 BLAKE2B 6cbc749156c50b6633c126cde621271c6c9682a04efea51fbc5a2e92ee56493e8348814391ee0c337adcb4de4dd23293b9592db78998626905038c859ac4af6e SHA512 4540e8d2be836b491918f4987ba301a73fcdc4539b1f9abf6112a74c2d39c0e5dc3f17511212bac1dd7fd0594feecd91f95ecf78d4b2c1e70e818342a1802b85

diff --git a/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch b/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch
deleted file mode 100644
index 3ff8d2afcf6f..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=2fc91e15c6bebb203162cc8445e68ee4ff934885;hp=2848fe4c84e5ee20ccd90f0ef4c9f78c6801e1f6
-https://bugs.gentoo.org/840746
-
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Mon, 25 Apr 2022 17:37:32 +0900
-Subject: [PATCH 1/1] common:iobuf: Exclude cases with
- IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP.
-
-* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
-(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.
-
---
-
-GnuPG-bug-id: 5941
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---- a/common/iobuf.c
-+++ b/common/iobuf.c
-@@ -2177,7 +2177,8 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
-   a->e_d.len = 0;
- 
-   /* Hint for how full to fill iobuf internal drain buffer. */
--  a->e_d.preferred = (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
-+  a->e_d.preferred = (a->use != IOBUF_INPUT_TEMP)
-+    && (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
- 
-   n = 0;
-   do
-@@ -2200,7 +2201,7 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
- 	   underflow to read more data into the filter's internal
- 	   buffer.  */
- 	{
--	  if (buf && n < buflen)
-+	  if (a->use != IOBUF_INPUT_TEMP && buf && n < buflen)
- 	    {
- 	      /* Setup external drain buffer for faster moving of data
- 	       * (avoid memcpy). */
-@@ -2328,11 +2329,13 @@ iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen)
-   a->e_d.len = 0;
- 
-   /* Hint for how full to fill iobuf internal drain buffer. */
--  a->e_d.preferred = (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
-+  a->e_d.preferred = (a->use != IOBUF_OUTPUT_TEMP)
-+    && (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
- 
-   do
-     {
--      if (a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
-+      if ((a->use != IOBUF_OUTPUT_TEMP)
-+	  && a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
- 	{
- 	  /* Setup external drain buffer for faster moving of data
- 	    * (avoid memcpy). */

diff --git a/app-crypt/gnupg/gnupg-2.3.4-r3.ebuild b/app-crypt/gnupg/gnupg-2.3.4-r3.ebuild
deleted file mode 100644
index 0a3104b6851c..000000000000
--- a/app-crypt/gnupg/gnupg-2.3.4-r3.ebuild
+++ /dev/null
@@ -1,161 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
-inherit flag-o-matic systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="test? ( tofu )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.9.1:=
-	>=dev-libs/libgpg-error-1.41
-	>=dev-libs/libksba-1.3.4
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	tofu? ( >=dev-db/sqlite-3.27 )
-	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable tofu)
-		$(use_enable tofu keyboxd)
-		$(use_enable tofu sqlite)
-		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-all-tests
-		--enable-gpgsm
-		--enable-large-secmem
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	#bug 663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	#Bug: 638574
-	use tofu && export TESTFLAGS=--parallel
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}

diff --git a/app-crypt/gnupg/gnupg-2.3.5-r1.ebuild b/app-crypt/gnupg/gnupg-2.3.5-r1.ebuild
deleted file mode 100644
index 0a3104b6851c..000000000000
--- a/app-crypt/gnupg/gnupg-2.3.5-r1.ebuild
+++ /dev/null
@@ -1,161 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
-inherit flag-o-matic systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="test? ( tofu )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.9.1:=
-	>=dev-libs/libgpg-error-1.41
-	>=dev-libs/libksba-1.3.4
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	tofu? ( >=dev-db/sqlite-3.27 )
-	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable tofu)
-		$(use_enable tofu keyboxd)
-		$(use_enable tofu sqlite)
-		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-all-tests
-		--enable-gpgsm
-		--enable-large-secmem
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	#bug 663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	#Bug: 638574
-	use tofu && export TESTFLAGS=--parallel
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2021-04-08  9:21 Lars Wendler
  0 siblings, 0 replies; 26+ messages in thread
From: Lars Wendler @ 2021-04-08  9:21 UTC (permalink / raw
  To: gentoo-commits

commit:     efddb1f00fcee1b6d957755d6e76f71cb6d0c27c
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  8 09:15:45 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Apr  8 09:21:23 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efddb1f0

app-crypt/gnupg: Bump to version 2.3.0

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |   1 +
 .../gnupg/files/gnupg-2.3.0-sqlite_check.patch     |  62 ++++++++
 app-crypt/gnupg/gnupg-2.3.0.ebuild                 | 158 +++++++++++++++++++++
 3 files changed, 221 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 4f8d716e719..f4c3e9db0ff 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,3 +1,4 @@
 DIST gnupg-2.2.16-scdaemon_shared-access.patch 2586 BLAKE2B 42fd5482c4e86751ce62836125997c2295c44bc5db0671a06460fd306b2ed93f290fb898fc1b1e463a863eddf9ab5f99ea3c90a55499ef45ca1ed6edf2854663 SHA512 38abaa4200114ae6b6f220fabc0a84a056761949c97bd0564557f4411a299b9a1939893555c27e26da2d8e8da4bc97a298fa7e68f1e80fe99c3f88cc329eaa84
 DIST gnupg-2.2.25.tar.bz2 7195857 BLAKE2B c930edf9259a0e1c508af8d76a86f979860adfe2c525020b37d3741679200f96483f0ad8bc1f72e2dbf7fe77696cd04d4272a2ee23e4c4abe1ed6ba88b95f365 SHA512 ab1d7cc9d8be3e7189bc4bea431b9d5db313cbd1739823950f32fbb611b2f4374889f444efbf43ce1fbf498b9865d7e6e953cd4c86d58fd688f63923c434ea2c
 DIST gnupg-2.2.27.tar.bz2 7191555 BLAKE2B d652aad382cf07cc458b29ff82718edd47457d8236dcbeee51f22d88503be141f009e9ea45b6dafe614115d9558fe371509579e58ce17a5f04540a31aa406ea3 SHA512 cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab
+DIST gnupg-2.3.0.tar.bz2 7557228 BLAKE2B 10a1e37a7f6aa3d429905b3e048e69b8e321dd616e3a26b0f778c3bd9e8298562ade439f7e27b8605ed155e55a0939c35a7b8554f8a89eb33cdb724506126fdf SHA512 f8d2b31e9ae750b132ecb7b478be52cdb7628a5806967a2ee3be19d3e955c3f64214997b168b1ec00caa6830c26711f2ea8430cc6269d6b980b21239186ba29f

diff --git a/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch b/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch
new file mode 100644
index 00000000000..dd529da7a7c
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch
@@ -0,0 +1,62 @@
+From 58aa0e8547a29e147f3d9d1792117d96bc00ffda Mon Sep 17 00:00:00 2001
+From: Lars Wendler <polynomial-c@gentoo.org>
+Date: Thu, 8 Apr 2021 11:05:36 +0200
+Subject: [PATCH] gnupg: configure.ac: Fix sqlite3 detection
+
+or else --disable-sqlite has no effect and linking later fails with:
+
+  keyboxd-backend-sqlite.o: in function `show_sqlstmt.part.0':
+  backend-sqlite.c:(.text+0x42): undefined reference to `sqlite3_expanded_sql'
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+---
+ configure.ac | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 9cf0c6a7f..d46469cbb 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -969,18 +969,20 @@ AC_ARG_ENABLE(sqlite,
+                                [disable the use of SQLITE]),
+               try_sqlite=$enableval, try_sqlite=yes)
+ 
+-if test x"$use_tofu" = xyes ; then
+-  if test x"$try_sqlite" = xyes ; then
++AS_IF([test x"$try_sqlite" = xyes], [
+     PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= $NEED_SQLITE_VERSION],
+                                  [have_sqlite=yes],
+                                  [have_sqlite=no])
+-  fi
+-  if test "$have_sqlite" = "yes"; then
+-    :
+-    AC_SUBST([SQLITE3_CFLAGS])
+-    AC_SUBST([SQLITE3_LIBS])
+-  else
+-    use_tofu=no
++    AS_IF([test "$have_sqlite" = "yes"], [
++        AC_SUBST([SQLITE3_CFLAGS])
++        AC_SUBST([SQLITE3_LIBS])
++    ])
++    ])
++
++AS_IF([test "$have_sqlite" != "yes"], [
++    AS_IF([test x"$use_tofu" = xyes], [
++	use_tofu=no
++    ])
+     build_keyboxd=no
+     tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
+     AC_MSG_WARN([[
+@@ -988,8 +990,7 @@ if test x"$use_tofu" = xyes ; then
+ *** Building without SQLite support - TOFU and Keyboxd disabled
+ ***
+ *** $tmp]])
+-  fi
+-fi
++])
+ 
+ AM_CONDITIONAL(SQLITE3, test "$have_sqlite" = "yes")
+ 
+-- 
+2.31.1
+

diff --git a/app-crypt/gnupg/gnupg-2.3.0.ebuild b/app-crypt/gnupg/gnupg-2.3.0.ebuild
new file mode 100644
index 00000000000..e1137e00992
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.3.0.ebuild
@@ -0,0 +1,158 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic systemd toolchain-funcs
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard sqlite ssl tofu tools usb user-socket wks-server"
+
+# Existence of executables is checked during configuration.
+DEPEND=">=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.9.1
+	>=dev-libs/libgpg-error-1.29
+	>=dev-libs/libksba-1.3.4
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	sqlite? ( >=dev-db/sqlite-3.27 )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+"
+
+RDEPEND="${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )"
+
+S="${WORKDIR}/${MY_P}"
+
+REQUIRED_USE="tofu? ( sqlite )"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	#"${FILESDIR}/${PN}-2.3.0-sqlite_check.patch"
+)
+
+src_prepare() {
+	default
+
+	#eautoreconf
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+src_configure() {
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable sqlite)
+		$(use_enable ssl gnutls)
+		$(use_enable tofu)
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+		--with-mailprog=/usr/libexec/sendmail
+		--disable-ntbtls
+		--enable-all-tests
+		--enable-gpgsm
+		--enable-large-secmem
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
+	fi
+
+	#bug 663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+	# by wks-client & wks-server; and if it's autodetected but not not exist at
+	# build time, then then 'gpg-wks-client --send' functionality will not
+	# work. This has an unwanted side-effect in stage3 builds: there was a
+	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+	# the build where the install guide previously make the user chose the
+	# logger & mta early in the install.
+
+	econf "${myconf[@]}"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_test() {
+	#Bug: 638574
+	use tofu && export TESTFLAGS=--parallel
+	default
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2020-03-21 16:47 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-03-21 16:47 UTC (permalink / raw
  To: gentoo-commits

commit:     2b4fbec1e75fda231ad77cef9791632f931e7bee
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 21 16:46:42 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Mar 21 16:46:57 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b4fbec1

app-crypt/gnupg: Drop old

Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |   1 -
 .../gnupg/files/gnupg-2.2.14-quiet-sending.patch   |  34 -----
 app-crypt/gnupg/gnupg-2.2.17.ebuild                | 153 ---------------------
 3 files changed, 188 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index cb5dadf2d21..e38d8641c11 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,2 +1 @@
-DIST gnupg-2.2.17.tar.bz2 6717554 BLAKE2B ad052a0d1e970fe7748563a0ffa105d427e3d9299237f15ce93aa47b676cc1fbf0691cf2112dd5b55ba5fc9d2a6988f999415dd5026d44c5cb4bfef9f99189cd SHA512 a3cd094addac62b4b4ec1683005a2bec761ea2aacf6daf904316b1819f4f6a41f256a8d9452cf28cad71b3e68228465baa27ae0eb1fa734fa91542ef0f159c5d
 DIST gnupg-2.2.19.tar.bz2 6754972 BLAKE2B fc1b9afb398ef78a6d239c62fc88cba7148679b1b666ac39dbd9644847e99de1a683a7938bc112cb33adafe555472319dde4f64860071446a66cd79934f7d69c SHA512 d7700136ac9f0a8cf04b33da4023a42427fced648c2f90d76250c92904353b85fe728bdd89a713d847e8d38e5900c98d46075614492fdc3d1421f927a92f49dd

diff --git a/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch b/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch
deleted file mode 100644
index 1f7a561d3f7..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From d8db73615e68d1c549b3ed50057a49d84a31b334 Mon Sep 17 00:00:00 2001
-From: "Robin H. Johnson" <robbat2@gentoo.org>
-Date: Tue, 9 Apr 2019 10:27:11 -0700
-Subject: [PATCH] g10: support --quiet for --send-key
-
-The --recv-key command supports --quiet, but --send-key does not.
-Add support for it for parity and better scripting.
-
-Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
----
- g10/keyserver.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/g10/keyserver.c b/g10/keyserver.c
-index 66900f7a9..e5fc011c0 100644
---- a/g10/keyserver.c
-+++ b/g10/keyserver.c
-@@ -1814,9 +1814,10 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
-         log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
-       else
-         {
--          log_info (_("sending key %s to %s\n"),
--                    keystr (keyblock->pkt->pkt.public_key->keyid),
--                    ksurl?ksurl:"[?]");
-+	  if (!opt.quiet)
-+            log_info (_("sending key %s to %s\n"),
-+                      keystr (keyblock->pkt->pkt.public_key->keyid),
-+                      ksurl?ksurl:"[?]");
- 
-           err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
-           release_kbnode (keyblock);
--- 
-2.21.0
-

diff --git a/app-crypt/gnupg/gnupg-2.2.17.ebuild b/app-crypt/gnupg/gnupg-2.2.17.ebuild
deleted file mode 100644
index b121681e804..00000000000
--- a/app-crypt/gnupg/gnupg-2.2.17.ebuild
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND="!app-crypt/dirmngr
-	>=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.7.3
-	>=dev-libs/libgpg-error-1.28
-	>=dev-libs/libksba-1.3.4
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-	"${FILESDIR}/${PN}-2.2.14-quiet-sending.patch"
-)
-
-src_configure() {
-	local myconf=()
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	#bug 663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable nls) \
-		$(use_enable smartcard scdaemon) \
-		$(use_enable ssl gnutls) \
-		$(use_enable tofu) \
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') \
-		$(use_enable wks-server wks-tools) \
-		$(use_with ldap) \
-		$(use_with readline) \
-		--with-mailprog=/usr/libexec/sendmail \
-		--disable-ntbtls \
-		--enable-all-tests \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)" \
-		GPG_ERROR_CONFIG="${EROOT}/usr/bin/${CHOST}-gpg-error-config" \
-		KSBA_CONFIG="${EROOT}/usr/bin/ksba-config" \
-		LIBASSUAN_CONFIG="${EROOT}/usr/bin/libassuan-config" \
-		LIBGCRYPT_CONFIG="${EROOT}/usr/bin/${CHOST}-libgcrypt-config" \
-		NPTH_CONFIG="${EROOT}/usr/bin/npth-config" \
-		$("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	#Bug: 638574
-	use tofu && export TESTFLAGS=--parallel
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}
-
-pkg_postinst() {
-	elog "See https://wiki.gentoo.org/wiki/GnuPG for documentation on gnupg"
-	elog
-	elog "If you wish to use 'gpg-wks-client --send', you must install an MTA!"
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2018-02-07 20:44 Kristian Fiskerstrand
  0 siblings, 0 replies; 26+ messages in thread
From: Kristian Fiskerstrand @ 2018-02-07 20:44 UTC (permalink / raw
  To: gentoo-commits

commit:     b580348546711590c0152a8371e3cf00393b4720
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  7 20:42:38 2018 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Wed Feb  7 20:42:38 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5803485

app-crypt/gnupg: Add fix for missing IPv6 stack

Bug: https://bugs.gentoo.org/646194
Package-Manager: Portage-2.3.19, Repoman-2.3.6

 ...r-Handle-failures-related-to-missing-IPv6.patch |  31 +++++
 app-crypt/gnupg/gnupg-2.2.4-r2.ebuild              | 130 +++++++++++++++++++++
 2 files changed, 161 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.2.4-dirmngr-Handle-failures-related-to-missing-IPv6.patch b/app-crypt/gnupg/files/gnupg-2.2.4-dirmngr-Handle-failures-related-to-missing-IPv6.patch
new file mode 100644
index 00000000000..53843900b9f
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.4-dirmngr-Handle-failures-related-to-missing-IPv6.patch
@@ -0,0 +1,31 @@
+From b7f48a0095a5b010b94f8192f4adc1adf8697567 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
+Date: Wed, 31 Jan 2018 16:57:19 +0100
+Subject: [PATCH] dirmngr: Handle failures related to missing IPv6 gracefully
+
+Handle the two possible connect failures related to missing IPv6 support
+gracefully by marking the host dead and retrying with another one.
+If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL.
+If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT.
+This makes it possible to use dual-stack hkp servers on hosts not having
+IPv6 without random connection failures.
+---
+ dirmngr/ks-engine-hkp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
+index 4a0b08f4f..a9bb93666 100644
+--- a/dirmngr/ks-engine-hkp.c
++++ b/dirmngr/ks-engine-hkp.c
+@@ -1353,6 +1353,8 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request,
+     case GPG_ERR_UNKNOWN_HOST:
+     case GPG_ERR_NETWORK:
+     case GPG_ERR_EIO:  /* Sometimes used by estream cookie functions.  */
++    case GPG_ERR_EADDRNOTAVAIL:  /* e.g. when IPv6 is disabled */
++    case GPG_ERR_EAFNOSUPPORT:  /* e.g. when IPv6 is not compiled in */
+       if (mark_host_dead (request) && *tries_left)
+         retry = 1;
+       break;
+-- 
+2.16.1
+

diff --git a/app-crypt/gnupg/gnupg-2.2.4-r2.ebuild b/app-crypt/gnupg/gnupg-2.2.4-r2.ebuild
new file mode 100644
index 00000000000..73881ec3b1b
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.4-r2.ebuild
@@ -0,0 +1,130 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit systemd toolchain-funcs
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+	>=dev-libs/npth-1.2
+	>=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.7.3
+	>=dev-libs/libgpg-error-1.24
+	>=dev-libs/libksba-1.3.4
+	>=net-misc/curl-7.10
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+	!app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	"${FILESDIR}/${P}-dirmngr-Handle-failures-related-to-missing-IPv6.patch"
+)
+
+src_configure() {
+	local myconf=()
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable ssl gnutls) \
+		$(use_enable nls) \
+		$(use_enable tofu) \
+		$(use_enable wks-server wks-tools) \
+		$(use_with ldap) \
+		$(use_with readline) \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		--enable-all-tests \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_test() {
+	#Bug: 638574
+	use tofu && export TESTFLAGS=--parallel
+	default
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2017-03-18  3:12 Robin H. Johnson
  0 siblings, 0 replies; 26+ messages in thread
From: Robin H. Johnson @ 2017-03-18  3:12 UTC (permalink / raw
  To: gentoo-commits

commit:     fcaa447949816ba0dcedb15a0af8860dc3cb9972
Author:     Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 16 11:17:17 2017 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sat Mar 18 03:12:23 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcaa4479

app-crypt/gnupg: apply upstream patch around strlwr

Package-Manager: portage-2.3.3
(cherry picked from commit 628d928a0a249334c9887291a595b4fbe96b1014)
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 .../gnupg/files/gnupg-2.1.19-have_strlwr.patch     | 56 ++++++++++++++++++++++
 app-crypt/gnupg/gnupg-2.1.19-r1.ebuild             |  1 +
 2 files changed, 57 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-have_strlwr.patch b/app-crypt/gnupg/files/gnupg-2.1.19-have_strlwr.patch
new file mode 100644
index 00000000000..eae8d9ea3f9
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.19-have_strlwr.patch
@@ -0,0 +1,56 @@
+https://lists.gnupg.org/pipermail/gnupg-devel/2017-March/032668.html
+
+From c22a2a89d3bd3d08b3abb8e4e33df32b480338ec Mon Sep 17 00:00:00 2001
+From: Michael Haubenwallner <michael.haubenwallner@ssi-schaefer.com>
+Date: Tue, 7 Mar 2017 13:54:49 +0100
+Subject: [PATCH] gpgscm: Use system strlwr if available.
+
+* tests/gpgscm/scheme.c: Define local strlwr only when HAVE_STRLWR is
+not defined in config.h.
+* tests/gpgscm/scheme-config.h: Remove hack.
+
+Signed-off-by: Justus Winter <justus@g10code.com>
+---
+ tests/gpgscm/scheme-config.h | 4 ----
+ tests/gpgscm/scheme.c        | 6 +++++-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/tests/gpgscm/scheme-config.h b/tests/gpgscm/scheme-config.h
+index 2003498..15ca969 100644
+--- a/tests/gpgscm/scheme-config.h
++++ b/tests/gpgscm/scheme-config.h
+@@ -30,7 +30,3 @@
+ #define USE_PLIST		0
+ #define USE_INTERFACE		1
+ #define SHOW_ERROR_LINE		1
+-
+-#if __MINGW32__
+-# define USE_STRLWR 0
+-#endif /* __MINGW32__ */
+diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
+index b2ff721..af97c27 100644
+--- a/tests/gpgscm/scheme.c
++++ b/tests/gpgscm/scheme.c
+@@ -12,6 +12,10 @@
+  *
+  */
+ 
++#ifdef HAVE_CONFIG_H
++# include <config.h>
++#endif
++
+ #define _SCHEME_SOURCE
+ #include "scheme-private.h"
+ #ifndef WIN32
+@@ -88,7 +92,7 @@ static int stricmp(const char *s1, const char *s2)
+ }
+ #endif /* __APPLE__ */
+ 
+-#if USE_STRLWR
++#if USE_STRLWR && !defined(HAVE_STRLWR)
+ static const char *strlwr(char *s) {
+   const char *p=s;
+   while(*s) {
+-- 
+2.10.2
+

diff --git a/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
index 61ca2088ade..a9bfccac46f 100644
--- a/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
+++ b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
@@ -56,6 +56,7 @@ PATCHES=(
 	"${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
 	"${FILESDIR}"/${P}-solaris-ucred.patch
 	"${FILESDIR}"/${P}-ssh-no-scdaemon.patch
+	"${FILESDIR}"/${P}-have_strlwr.patch
 )
 
 src_configure() {


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2017-02-18 18:35 Alon Bar-Lev
  0 siblings, 0 replies; 26+ messages in thread
From: Alon Bar-Lev @ 2017-02-18 18:35 UTC (permalink / raw
  To: gentoo-commits

commit:     bc72eac70b254fbbd959b2534debf61625d599ef
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 18 01:17:05 2017 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Sat Feb 18 01:28:19 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc72eac7

app-crypt/gnupg: remove gnupg-2.0

Bug: 606604
Bug: 540016

Package-Manager: portage-2.3.3

 app-crypt/gnupg/Manifest                           |   1 -
 .../gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch   |  34 -----
 app-crypt/gnupg/gnupg-2.0.28.ebuild                | 167 ---------------------
 3 files changed, 202 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index c0aa7f45aa..98298c0afe 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,5 +1,4 @@
 DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 SHA512 619e0fbc10310c7e55d129027e2945791fe91a0884b1d6f53acb4b2e380d1c6e71d1a516a59876182c5c70a4227d44a74ceda018c343b5291fa9a5d6de77c984 WHIRLPOOL eb596be347dd90be93d381fe405e50f5808160b546705493bc9d817d521ea236a2374648e6c2cab396f54bba74de4caf2b92e894df3a17aa339f014ef8cc8802
-DIST gnupg-2.0.28.tar.bz2 4435779 SHA256 ce092ee4ab58fd19b9fb34a460c07b06c348f4360dd5dd4886d041eb521a534c SHA512 7e786fe0648d5ea453f9c7524fec4bd7d5eec26d28f723acf3cb2f7ec9c400c339f0926a179411876c3f8e08b06942dcec643dc930caf58239bbd4932f4bd3c1 WHIRLPOOL ccf7427e54a545914e89677618055a114b4c9dc4db48669a2fc726fced98475df4ed27c93bd180f1250d147111ee663c736cdf4e1d8afdc40ed967cdffd0eb66
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
 DIST gnupg-2.1.17.tar.bz2 5970042 SHA256 c5dc54db432209fa8f9bdb071c8fb60a765ff28e363150e30bdd4543160243cb SHA512 f826100be4f0480b9a2c68a51dd668e0fd551fd250a37dbe906fe5a89c658b4861a0567038bf687473de9901e268809c1b8d8c200008e082a3ace189d9829b9c WHIRLPOOL d70fa5ae0a90d5c9fa594d79cdb9bc1528b7db1a35d23ee7d3f047b4fb275d02bd8f5e6ccb0a798fedf539c8c384d3713295785183266de43fe3cb978c47916b
 DIST gnupg-2.1.18.tar.bz2 6308666 SHA256 d04c6fab7e5562ce4b915b22020e34d4c1a256847690cf149842264fc7cef994 SHA512 b8357f0a883a33c2e4f6ab5a8f5ddb171c899b7a2899e8ce4cac232938fe1dffb789a54980dfc4b758c4cb47f11f1fc570fea905244735048dfc6f06b3353baf WHIRLPOOL c5f132beb3b454146747fe14cd12576fb4d9a9adb8cfd80fcae4482b111672fd38e412dba72caa75af717069d7182a99c7f30ea03dc9adf190f5aa1f01748247

diff --git a/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch b/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
deleted file mode 100644
index 9506f81437..0000000000
--- a/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From c34486a64c223bcbfbb57d9abcf107d684b815b6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
-Date: Sun, 17 Apr 2011 01:34:39 +0200
-Subject: [PATCH] gpgsm-gencert.sh: make sure not to abort after creating temp
- file.
-
-https://bugs.g10code.com/gnupg/issue1466
-
----
- tools/gpgsm-gencert.sh |    8 ++++----
- 1 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh
-index b209c8e..e7c812f 100755
---- a/tools/gpgsm-gencert.sh
-+++ b/tools/gpgsm-gencert.sh
-@@ -178,10 +178,10 @@ Key-Length: $KEY_LENGTH
- Key-Usage: $KEY_USAGE
- Name-DN: $NAME
- EOF
--[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP"
--[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES"
--[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES"
--[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES"
-+[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP" || true
-+[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES" || true
-+[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES" || true
-+[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES" || true
- ) > "$file_parameter"
- 
- 
--- 
-1.7.5.rc1
-

diff --git a/app-crypt/gnupg/gnupg-2.0.28.ebuild b/app-crypt/gnupg/gnupg-2.0.28.ebuild
deleted file mode 100644
index c37715d24f..0000000000
--- a/app-crypt/gnupg/gnupg-2.0.28.ebuild
+++ /dev/null
@@ -1,167 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
-HOMEPAGE="http://www.gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
-# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls mta readline static selinux smartcard tools usb"
-
-COMMON_DEPEND_LIBS="
-	>=dev-libs/libassuan-2
-	>=dev-libs/libgcrypt-1.5:0=
-	>=dev-libs/libgpg-error-1.11
-	>=dev-libs/libksba-1.0.7
-	>=dev-libs/pth-1.3.7
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	ldap? ( net-nds/openldap )"
-COMMON_DEPEND_BINS="app-crypt/pinentry"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	static? (
-		>=dev-libs/libassuan-2[static-libs]
-		>=dev-libs/libgcrypt-1.4:0=[static-libs]
-		>=dev-libs/libgpg-error-1.11[static-libs]
-		>=dev-libs/libksba-1.0.7[static-libs]
-		>=dev-libs/pth-1.3.7[static-libs]
-		>=net-misc/curl-7.10[static-libs]
-		sys-libs/zlib[static-libs]
-		bzip2? ( app-arch/bzip2[static-libs] )
-	)
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
-	${COMMON_DEPEND_BINS}
-	mta? ( virtual/mta )
-	!<=app-crypt/gnupg-2.0.1
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-REQUIRED_USE="smartcard? ( !static )"
-
-src_prepare() {
-	epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch"
-	epatch_user
-}
-
-src_configure() {
-	local myconf=()
-
-	# 'USE=static' support was requested:
-	# gnupg1: bug #29299
-	# gnupg2: bug #159623
-	use static && append-ldflags -static
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-agent \
-		--enable-large-secmem \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable nls) \
-		$(use_enable mta mailto) \
-		$(use_enable ldap) \
-		$(use_with readline) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
-
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-	rm "${ED}"/usr/share/gnupg/help* || die
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp
-	dosym gpg2keys_finger /usr/libexec/gpgkeys_finger
-	dosym gpg2keys_curl /usr/libexec/gpgkeys_curl
-	if use ldap; then
-		dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap
-	fi
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}
-
-pkg_postinst() {
-	elog "If you wish to view images emerge:"
-	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
-	elog "Remember to use photo-viewer option in configuration file to activate"
-	elog "the right viewer."
-	elog
-
-	if use smartcard; then
-		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
-		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
-		elog " - sys-apps/pcsc-lite and a compatible reader device;"
-		elog " - dev-libs/openct and a compatible reader device;"
-		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
-		elog ""
-		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
-		elog "app-crypt/ccid first."
-	fi
-
-	ewarn "Please remember to restart gpg-agent if a different version"
-	ewarn "of the agent is currently used. If you are unsure of the gpg"
-	ewarn "agent you are using please run 'killall gpg-agent',"
-	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2017-02-18 18:35 Alon Bar-Lev
  0 siblings, 0 replies; 26+ messages in thread
From: Alon Bar-Lev @ 2017-02-18 18:35 UTC (permalink / raw
  To: gentoo-commits

commit:     36e0d20f280dc9e4b31b96f2f361927297ca6210
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 18 01:20:43 2017 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Sat Feb 18 01:28:20 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36e0d20f

app-crypt/gnupg: cleanup old

Package-Manager: portage-2.3.3

 app-crypt/gnupg/Manifest                           |   1 -
 ...ip-root-zone-suffix-from-libdns-cname-res.patch |  46 --------
 app-crypt/gnupg/gnupg-2.1.17-r1.ebuild             | 128 ---------------------
 app-crypt/gnupg/gnupg-2.1.17-r2.ebuild             | 124 --------------------
 4 files changed, 299 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 98298c0afe..7b6cc781ae 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,4 +1,3 @@
 DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 SHA512 619e0fbc10310c7e55d129027e2945791fe91a0884b1d6f53acb4b2e380d1c6e71d1a516a59876182c5c70a4227d44a74ceda018c343b5291fa9a5d6de77c984 WHIRLPOOL eb596be347dd90be93d381fe405e50f5808160b546705493bc9d817d521ea236a2374648e6c2cab396f54bba74de4caf2b92e894df3a17aa339f014ef8cc8802
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
-DIST gnupg-2.1.17.tar.bz2 5970042 SHA256 c5dc54db432209fa8f9bdb071c8fb60a765ff28e363150e30bdd4543160243cb SHA512 f826100be4f0480b9a2c68a51dd668e0fd551fd250a37dbe906fe5a89c658b4861a0567038bf687473de9901e268809c1b8d8c200008e082a3ace189d9829b9c WHIRLPOOL d70fa5ae0a90d5c9fa594d79cdb9bc1528b7db1a35d23ee7d3f047b4fb275d02bd8f5e6ccb0a798fedf539c8c384d3713295785183266de43fe3cb978c47916b
 DIST gnupg-2.1.18.tar.bz2 6308666 SHA256 d04c6fab7e5562ce4b915b22020e34d4c1a256847690cf149842264fc7cef994 SHA512 b8357f0a883a33c2e4f6ab5a8f5ddb171c899b7a2899e8ce4cac232938fe1dffb789a54980dfc4b758c4cb47f11f1fc570fea905244735048dfc6f06b3353baf WHIRLPOOL c5f132beb3b454146747fe14cd12576fb4d9a9adb8cfd80fcae4482b111672fd38e412dba72caa75af717069d7182a99c7f30ea03dc9adf190f5aa1f01748247

diff --git a/app-crypt/gnupg/files/gnupg-2.1.17-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch b/app-crypt/gnupg/files/gnupg-2.1.17-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
deleted file mode 100644
index 4b715028f6..0000000000
--- a/app-crypt/gnupg/files/gnupg-2.1.17-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From b200e636ab20d2aa93d9f71f3789db5a04af0a56 Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Mon, 2 Jan 2017 10:00:33 +0100
-Subject: [PATCH] dirmngr: Strip root zone suffix from libdns cname results.
-
-* dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
-(get_dns_cname_libdns): Ditto.
---
-
-Signed-off-by: Werner Koch <wk@gnupg.org>
----
- dirmngr/dns-stuff.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index a31b073..f2e1df9 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -732,6 +732,10 @@ resolve_name_libdns (const char *name, unsigned short port,
-               err = gpg_error_from_syserror ();
-               goto leave;
-             }
-+          /* Libdns appends the root zone part which is problematic
-+           * for most other functions - strip it.  */
-+          if (**r_canonname && (*r_canonname)[strlen (*r_canonname)-1] == '.')
-+            (*r_canonname)[strlen (*r_canonname)-1] = 0;
-         }
- 
-       dai = xtrymalloc (sizeof *dai + ent->ai_addrlen -1);
-@@ -1899,6 +1903,13 @@ get_dns_cname_libdns (const char *name, char **r_cname)
-   *r_cname = xtrystrdup (cname.host);
-   if (!*r_cname)
-     err = gpg_error_from_syserror ();
-+  else
-+    {
-+      /* Libdns appends the root zone part which is problematic
-+       * for most other functions - strip it.  */
-+      if (**r_cname && (*r_cname)[strlen (*r_cname)-1] == '.')
-+        (*r_cname)[strlen (*r_cname)-1] = 0;
-+    }
- 
-  leave:
-   dns_free (ans);
--- 
-2.8.1
-

diff --git a/app-crypt/gnupg/gnupg-2.1.17-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.17-r1.ebuild
deleted file mode 100644
index 091ec57b80..0000000000
--- a/app-crypt/gnupg/gnupg-2.1.17-r1.ebuild
+++ /dev/null
@@ -1,128 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-LICENSE="GPL-3"
-
-MY_P="${P/_/-}"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-
-SLOT="0"
-IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
-
-COMMON_DEPEND_LIBS="
-	>=dev-libs/npth-1.2
-	>=dev-libs/libassuan-2.4.3
-	>=dev-libs/libgcrypt-1.7.3
-	>=dev-libs/libgpg-error-1.24
-	>=dev-libs/libksba-1.3.4
-	>=net-misc/curl-7.10
-	gnutls? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	ldap? ( net-nds/openldap )
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	tofu? ( >=dev-db/sqlite-3.7 )
-	"
-COMMON_DEPEND_BINS="app-crypt/pinentry
-		   !app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	default
-	epatch "${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch" \
-		   "${FILESDIR}/${P}-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch"
-	epatch_user
-}
-
-src_configure() {
-	local myconf=()
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable gnutls) \
-		$(use_with ldap) \
-		$(use_enable nls) \
-		$(use_with readline) \
-		$(use_enable tofu) \
-		--enable-tools \
-		$(use_enable wks-server wks-tools) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-		tools/make-dns-cert
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}

diff --git a/app-crypt/gnupg/gnupg-2.1.17-r2.ebuild b/app-crypt/gnupg/gnupg-2.1.17-r2.ebuild
deleted file mode 100644
index dbfe09bce2..0000000000
--- a/app-crypt/gnupg/gnupg-2.1.17-r2.ebuild
+++ /dev/null
@@ -1,124 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-LICENSE="GPL-3"
-
-MY_P="${P/_/-}"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-
-SLOT="0"
-IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
-
-COMMON_DEPEND_LIBS="
-	>=dev-libs/npth-1.2
-	>=dev-libs/libassuan-2.4.3
-	>=dev-libs/libgcrypt-1.7.3
-	>=dev-libs/libgpg-error-1.24
-	>=dev-libs/libksba-1.3.4
-	>=net-misc/curl-7.10
-	gnutls? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	ldap? ( net-nds/openldap )
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	tofu? ( >=dev-db/sqlite-3.7 )
-	"
-COMMON_DEPEND_BINS="app-crypt/pinentry
-	!app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-	"${FILESDIR}/${P}-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch"
-)
-
-src_configure() {
-	local myconf=()
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable gnutls) \
-		$(use_enable nls) \
-		$(use_enable tofu) \
-		$(use_enable wks-server wks-tools) \
-		$(use_with ldap) \
-		$(use_with readline) \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		--enable-tools \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-	emake DESTDIR="${ED}" -f doc/Makefile uninstall-nobase_dist_docDATA
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2017-01-23 17:54 Alon Bar-Lev
  0 siblings, 0 replies; 26+ messages in thread
From: Alon Bar-Lev @ 2017-01-23 17:54 UTC (permalink / raw
  To: gentoo-commits

commit:     9761a47842983c0467fb7934a64ba31ef03f5ef6
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 23 17:19:54 2017 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Mon Jan 23 17:53:25 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9761a478

app-crypt/gnupg: cleanup

Bug: 606604

Package-Manager: portage-2.3.0

 app-crypt/gnupg/Manifest                           |   3 -
 .../gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch   |  34 -----
 app-crypt/gnupg/gnupg-2.0.28.ebuild                | 167 --------------------
 app-crypt/gnupg/gnupg-2.0.30.ebuild                | 170 ---------------------
 app-crypt/gnupg/gnupg-2.1.15.ebuild                |   2 +-
 app-crypt/gnupg/gnupg-2.1.16.ebuild                | 128 ----------------
 app-crypt/gnupg/gnupg-2.1.17-r1.ebuild             |   2 +-
 7 files changed, 2 insertions(+), 504 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 78fb10f..457703c 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,6 +1,3 @@
 DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 SHA512 619e0fbc10310c7e55d129027e2945791fe91a0884b1d6f53acb4b2e380d1c6e71d1a516a59876182c5c70a4227d44a74ceda018c343b5291fa9a5d6de77c984 WHIRLPOOL eb596be347dd90be93d381fe405e50f5808160b546705493bc9d817d521ea236a2374648e6c2cab396f54bba74de4caf2b92e894df3a17aa339f014ef8cc8802
-DIST gnupg-2.0.28.tar.bz2 4435779 SHA256 ce092ee4ab58fd19b9fb34a460c07b06c348f4360dd5dd4886d041eb521a534c SHA512 7e786fe0648d5ea453f9c7524fec4bd7d5eec26d28f723acf3cb2f7ec9c400c339f0926a179411876c3f8e08b06942dcec643dc930caf58239bbd4932f4bd3c1 WHIRLPOOL ccf7427e54a545914e89677618055a114b4c9dc4db48669a2fc726fced98475df4ed27c93bd180f1250d147111ee663c736cdf4e1d8afdc40ed967cdffd0eb66
-DIST gnupg-2.0.30.tar.bz2 4414652 SHA256 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 SHA512 e60a57f7dc74b44f884fd50d5a9c51cef7df8c098644ebab9ef7d945a40b0e4a285d0dc80b10fe39d8e4c2cc9d6cbbe800a0ddae54883180dc755fe47ced3314 WHIRLPOOL 007315882becc1204edf6833a13610284ce7e1c73429fc3b4170c35ba61c645299f811f01b1bc0506b1cf94ce0de23af4cea33f51cf97397ec61caa15ce3ac6c
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
-DIST gnupg-2.1.16.tar.bz2 5840687 SHA256 49b9a6a6787ad00d4d2d69d8c7ee8905923782583f06078a064a0c80531d8844 SHA512 dbac27106e7800e30f286c3fd83ffab85d2b0acf29d6715ce3e388bfbece2a7deb19ebfe897c445d7a3d6d63e01560b9461567566e936504bc5d6cabe1444af7 WHIRLPOOL e6fe2e39deb1ce5ba41c8d160721c64bc3846c2f5d42027a45d6d3e3bd45b6acba38c41923af1165312c9e993d63f28c6fd6616e6f659f6eb4e6d3899d42897b
 DIST gnupg-2.1.17.tar.bz2 5970042 SHA256 c5dc54db432209fa8f9bdb071c8fb60a765ff28e363150e30bdd4543160243cb SHA512 f826100be4f0480b9a2c68a51dd668e0fd551fd250a37dbe906fe5a89c658b4861a0567038bf687473de9901e268809c1b8d8c200008e082a3ace189d9829b9c WHIRLPOOL d70fa5ae0a90d5c9fa594d79cdb9bc1528b7db1a35d23ee7d3f047b4fb275d02bd8f5e6ccb0a798fedf539c8c384d3713295785183266de43fe3cb978c47916b

diff --git a/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch b/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
deleted file mode 100644
index 9506f81..00000000
--- a/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From c34486a64c223bcbfbb57d9abcf107d684b815b6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
-Date: Sun, 17 Apr 2011 01:34:39 +0200
-Subject: [PATCH] gpgsm-gencert.sh: make sure not to abort after creating temp
- file.
-
-https://bugs.g10code.com/gnupg/issue1466
-
----
- tools/gpgsm-gencert.sh |    8 ++++----
- 1 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh
-index b209c8e..e7c812f 100755
---- a/tools/gpgsm-gencert.sh
-+++ b/tools/gpgsm-gencert.sh
-@@ -178,10 +178,10 @@ Key-Length: $KEY_LENGTH
- Key-Usage: $KEY_USAGE
- Name-DN: $NAME
- EOF
--[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP"
--[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES"
--[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES"
--[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES"
-+[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP" || true
-+[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES" || true
-+[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES" || true
-+[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES" || true
- ) > "$file_parameter"
- 
- 
--- 
-1.7.5.rc1
-

diff --git a/app-crypt/gnupg/gnupg-2.0.28.ebuild b/app-crypt/gnupg/gnupg-2.0.28.ebuild
deleted file mode 100644
index 1dac44f..00000000
--- a/app-crypt/gnupg/gnupg-2.0.28.ebuild
+++ /dev/null
@@ -1,167 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
-HOMEPAGE="http://www.gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
-# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls mta readline static selinux smartcard tools usb"
-
-COMMON_DEPEND_LIBS="
-	>=dev-libs/libassuan-2
-	>=dev-libs/libgcrypt-1.5:0=
-	>=dev-libs/libgpg-error-1.11
-	>=dev-libs/libksba-1.0.7
-	>=dev-libs/pth-1.3.7
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	ldap? ( net-nds/openldap )"
-COMMON_DEPEND_BINS="app-crypt/pinentry"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	static? (
-		>=dev-libs/libassuan-2[static-libs]
-		>=dev-libs/libgcrypt-1.4:0=[static-libs]
-		>=dev-libs/libgpg-error-1.11[static-libs]
-		>=dev-libs/libksba-1.0.7[static-libs]
-		>=dev-libs/pth-1.3.7[static-libs]
-		>=net-misc/curl-7.10[static-libs]
-		sys-libs/zlib[static-libs]
-		bzip2? ( app-arch/bzip2[static-libs] )
-	)
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
-	${COMMON_DEPEND_BINS}
-	mta? ( virtual/mta )
-	!<=app-crypt/gnupg-2.0.1
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-REQUIRED_USE="smartcard? ( !static )"
-
-src_prepare() {
-	epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch"
-	epatch_user
-}
-
-src_configure() {
-	local myconf=()
-
-	# 'USE=static' support was requested:
-	# gnupg1: bug #29299
-	# gnupg2: bug #159623
-	use static && append-ldflags -static
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-agent \
-		--enable-large-secmem \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable nls) \
-		$(use_enable mta mailto) \
-		$(use_enable ldap) \
-		$(use_with readline) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
-
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-	rm "${ED}"/usr/share/gnupg/help* || die
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp
-	dosym gpg2keys_finger /usr/libexec/gpgkeys_finger
-	dosym gpg2keys_curl /usr/libexec/gpgkeys_curl
-	if use ldap; then
-		dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap
-	fi
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}
-
-pkg_postinst() {
-	elog "If you wish to view images emerge:"
-	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
-	elog "Remember to use photo-viewer option in configuration file to activate"
-	elog "the right viewer."
-	elog
-
-	if use smartcard; then
-		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
-		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
-		elog " - sys-apps/pcsc-lite and a compatible reader device;"
-		elog " - dev-libs/openct and a compatible reader device;"
-		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
-		elog ""
-		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
-		elog "app-crypt/ccid first."
-	fi
-
-	ewarn "Please remember to restart gpg-agent if a different version"
-	ewarn "of the agent is currently used. If you are unsure of the gpg"
-	ewarn "agent you are using please run 'killall gpg-agent',"
-	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-}

diff --git a/app-crypt/gnupg/gnupg-2.0.30.ebuild b/app-crypt/gnupg/gnupg-2.0.30.ebuild
deleted file mode 100644
index 267cac7..00000000
--- a/app-crypt/gnupg/gnupg-2.0.30.ebuild
+++ /dev/null
@@ -1,170 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
-HOMEPAGE="http://www.gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
-# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls mta readline static selinux smartcard tools usb"
-
-COMMON_DEPEND_LIBS="
-	>=dev-libs/libassuan-2
-	>=dev-libs/libgcrypt-1.5:0=
-	>=dev-libs/libgpg-error-1.19
-	>=dev-libs/libksba-1.0.7
-	>=dev-libs/pth-1.3.7
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	ldap? ( net-nds/openldap )"
-COMMON_DEPEND_BINS="app-crypt/pinentry"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	static? (
-		>=dev-libs/libassuan-2[static-libs]
-		>=dev-libs/libgcrypt-1.4:0=[static-libs]
-		>=dev-libs/libgpg-error-1.11[static-libs]
-		>=dev-libs/libksba-1.0.7[static-libs]
-		>=dev-libs/pth-1.3.7[static-libs]
-		>=net-misc/curl-7.10[static-libs]
-		sys-libs/zlib[static-libs]
-		bzip2? ( app-arch/bzip2[static-libs] )
-	)
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
-	${COMMON_DEPEND_BINS}
-	mta? ( virtual/mta )
-	!<=app-crypt/gnupg-2.0.1
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-REQUIRED_USE="smartcard? ( !static )"
-
-src_prepare() {
-	epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch"
-	epatch_user
-}
-
-src_configure() {
-	local myconf=()
-
-	# 'USE=static' support was requested:
-	# gnupg1: bug #29299
-	# gnupg2: bug #159623
-	use static && append-ldflags -static
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-agent \
-		--enable-large-secmem \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable nls) \
-		$(use_enable mta mailto) \
-		$(use_enable ldap) \
-		$(use_with readline) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
-
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-	# The help*txt files are read from the datadir by GnuPG directly.
-	# They do not work if compressed or moved!
-	#rm "${ED}"/usr/share/gnupg/help* || die
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp
-	dosym gpg2keys_finger /usr/libexec/gpgkeys_finger
-	dosym gpg2keys_curl /usr/libexec/gpgkeys_curl
-	if use ldap; then
-		dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap
-	fi
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}
-
-pkg_postinst() {
-	elog "If you wish to view images emerge:"
-	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
-	elog "Remember to use photo-viewer option in configuration file to activate"
-	elog "the right viewer."
-	elog
-
-	if use smartcard; then
-		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
-		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
-		elog " - sys-apps/pcsc-lite and a compatible reader device;"
-		elog " - dev-libs/openct and a compatible reader device;"
-		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
-		elog ""
-		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
-		elog "app-crypt/ccid first."
-	fi
-
-	ewarn "Please remember to restart gpg-agent if a different version"
-	ewarn "of the agent is currently used. If you are unsure of the gpg"
-	ewarn "agent you are using please run 'killall gpg-agent',"
-	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-}

diff --git a/app-crypt/gnupg/gnupg-2.1.15.ebuild b/app-crypt/gnupg/gnupg-2.1.15.ebuild
index 5fea708..8996799 100644
--- a/app-crypt/gnupg/gnupg-2.1.15.ebuild
+++ b/app-crypt/gnupg/gnupg-2.1.15.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
 
 LICENSE="GPL-3"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-linux ~x86-linux ~x86-fbsd ~x86-freebsd ~x86-macos"
 IUSE="bzip2 doc +gnutls ldap nls readline selinux smartcard tofu tools usb"
 
 COMMON_DEPEND_LIBS="

diff --git a/app-crypt/gnupg/gnupg-2.1.16.ebuild b/app-crypt/gnupg/gnupg-2.1.16.ebuild
deleted file mode 100644
index 62dc0e9..00000000
--- a/app-crypt/gnupg/gnupg-2.1.16.ebuild
+++ /dev/null
@@ -1,128 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-LICENSE="GPL-3"
-
-MY_P="${P/_/-}"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-
-SLOT="0"
-IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
-
-COMMON_DEPEND_LIBS="
-	>=dev-libs/npth-1.2
-	>=dev-libs/libassuan-2.4.3
-	>=dev-libs/libgcrypt-1.7.3
-	>=dev-libs/libgpg-error-1.24
-	>=dev-libs/libksba-1.3.4
-	>=net-misc/curl-7.10
-	gnutls? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	ldap? ( net-nds/openldap )
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	tofu? ( >=dev-db/sqlite-3.7 )
-	"
-COMMON_DEPEND_BINS="app-crypt/pinentry
-		   !app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	default
-	epatch "${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-	epatch_user
-}
-
-src_configure() {
-	local myconf=()
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable gnutls) \
-		$(use_with ldap) \
-		$(use_enable nls) \
-		$(use_with readline) \
-		$(use_enable tofu) \
-		--enable-tools \
-		$(use_enable wks-server wks-tools) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-		tools/make-dns-cert
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}

diff --git a/app-crypt/gnupg/gnupg-2.1.17-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.17-r1.ebuild
index d682e32..164b876 100644
--- a/app-crypt/gnupg/gnupg-2.1.17-r1.ebuild
+++ b/app-crypt/gnupg/gnupg-2.1.17-r1.ebuild
@@ -12,7 +12,7 @@ LICENSE="GPL-3"
 
 MY_P="${P/_/-}"
 SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-fbsd ~x86-freebsd ~x86-macos"
 
 SLOT="0"
 IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2017-01-04 12:43 Kristian Fiskerstrand
  0 siblings, 0 replies; 26+ messages in thread
From: Kristian Fiskerstrand @ 2017-01-04 12:43 UTC (permalink / raw
  To: gentoo-commits

commit:     25dbda5817c9281c11f214be4a7e24f3d1ff24ed
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Wed Jan  4 12:43:27 2017 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Wed Jan  4 12:43:42 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25dbda58

app-crypt/gnupg: Fix CNAME dns regression introduced in 2.1.17

Upstream patch to fix CNAME DNS regression introduced in released 2.1.17
relating to trailing dot in name.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 ...ip-root-zone-suffix-from-libdns-cname-res.patch | 46 ++++++++++++++++++++++
 ...{gnupg-2.1.17.ebuild => gnupg-2.1.17-r1.ebuild} |  6 +--
 2 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.17-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch b/app-crypt/gnupg/files/gnupg-2.1.17-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
new file mode 100644
index 00000000..4b71502
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.17-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
@@ -0,0 +1,46 @@
+From b200e636ab20d2aa93d9f71f3789db5a04af0a56 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Mon, 2 Jan 2017 10:00:33 +0100
+Subject: [PATCH] dirmngr: Strip root zone suffix from libdns cname results.
+
+* dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
+(get_dns_cname_libdns): Ditto.
+--
+
+Signed-off-by: Werner Koch <wk@gnupg.org>
+---
+ dirmngr/dns-stuff.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
+index a31b073..f2e1df9 100644
+--- a/dirmngr/dns-stuff.c
++++ b/dirmngr/dns-stuff.c
+@@ -732,6 +732,10 @@ resolve_name_libdns (const char *name, unsigned short port,
+               err = gpg_error_from_syserror ();
+               goto leave;
+             }
++          /* Libdns appends the root zone part which is problematic
++           * for most other functions - strip it.  */
++          if (**r_canonname && (*r_canonname)[strlen (*r_canonname)-1] == '.')
++            (*r_canonname)[strlen (*r_canonname)-1] = 0;
+         }
+ 
+       dai = xtrymalloc (sizeof *dai + ent->ai_addrlen -1);
+@@ -1899,6 +1903,13 @@ get_dns_cname_libdns (const char *name, char **r_cname)
+   *r_cname = xtrystrdup (cname.host);
+   if (!*r_cname)
+     err = gpg_error_from_syserror ();
++  else
++    {
++      /* Libdns appends the root zone part which is problematic
++       * for most other functions - strip it.  */
++      if (**r_cname && (*r_cname)[strlen (*r_cname)-1] == '.')
++        (*r_cname)[strlen (*r_cname)-1] = 0;
++    }
+ 
+  leave:
+   dns_free (ans);
+-- 
+2.8.1
+

diff --git a/app-crypt/gnupg/gnupg-2.1.17.ebuild b/app-crypt/gnupg/gnupg-2.1.17-r1.ebuild
similarity index 95%
rename from app-crypt/gnupg/gnupg-2.1.17.ebuild
rename to app-crypt/gnupg/gnupg-2.1.17-r1.ebuild
index 62dc0e9..d682e32 100644
--- a/app-crypt/gnupg/gnupg-2.1.17.ebuild
+++ b/app-crypt/gnupg/gnupg-2.1.17-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -50,7 +50,8 @@ S="${WORKDIR}/${MY_P}"
 
 src_prepare() {
 	default
-	epatch "${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	epatch "${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch" \
+		   "${FILESDIR}/${P}-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch"
 	epatch_user
 }
 
@@ -81,7 +82,6 @@ src_configure() {
 		--enable-gpg \
 		--enable-gpgsm \
 		--enable-large-secmem \
-		--without-adns \
 		"${myconf[@]}" \
 		$(use_enable bzip2) \
 		$(use_enable gnutls) \


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2016-11-22 18:31 Kristian Fiskerstrand
  0 siblings, 0 replies; 26+ messages in thread
From: Kristian Fiskerstrand @ 2016-11-22 18:31 UTC (permalink / raw
  To: gentoo-commits

commit:     40c193d57556e799c16e8cac356947a815b529c7
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 22 18:17:17 2016 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Tue Nov 22 18:31:18 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40c193d5

app-crypt/gnupg: Minor changes to 2.1.16

For now tools subdir always needs to be built, even though the use flag controls
whether some of the resulting binaries are installed or not, as e.g
gpg-connect-agent and gpg-wks-client is expected to be installed unconditionally.

Given that tools subdir is a cheap build, this doesn't constitute much of an
actual issue, but upstream is notified.

Gentoo-Bug: 600208

Add patch to mitigate test failure due to overlong socket path.

Package-Manager: portage-2.3.2

 ...shorter-socket-path-lengts-to-improve-tes.patch | 33 ++++++++++++++++++++++
 app-crypt/gnupg/gnupg-2.1.16.ebuild                |  5 ++--
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch b/app-crypt/gnupg/files/gnupg-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
new file mode 100644
index 00000000..7c79046
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
@@ -0,0 +1,33 @@
+From cf3778631f87ad03274ac94dcae7c7fbbd036913 Mon Sep 17 00:00:00 2001
+From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
+Date: Tue, 22 Nov 2016 10:07:33 +0100
+Subject: [PATCH] gpgscm: Use shorter socket path lengts to improve test
+ reliability
+
+--
+As socket lengths are normally restricted to 108 characters
+(UNIX_PATH_MAX variable in /usr/include/linux/un.h), using 42 characters
+by default easily results in errors.
+---
+ tests/gpgscm/tests.scm | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm
+index 72afa99..039ea86 100644
+--- a/tests/gpgscm/tests.scm
++++ b/tests/gpgscm/tests.scm
+@@ -268,9 +268,9 @@
+ (define (mkdtemp . components)
+   (_mkdtemp (if (null? components)
+ 		(path-join (getenv "TMP")
+-			   (string-append "gpgscm-" (get-isotime) "-"
++			   (string-append "gscm"
+ 					  (basename-suffix *scriptname* ".scm")
+-					  "-XXXXXX"))
++					  "XXXXXX"))
+ 		(apply path-join components))))
+ 
+ (macro (with-temporary-working-directory form)
+-- 
+2.7.3
+

diff --git a/app-crypt/gnupg/gnupg-2.1.16.ebuild b/app-crypt/gnupg/gnupg-2.1.16.ebuild
index 4fc5fd6..62dc0e9 100644
--- a/app-crypt/gnupg/gnupg-2.1.16.ebuild
+++ b/app-crypt/gnupg/gnupg-2.1.16.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
 
 SLOT="0"
-IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu +tools usb wks-server"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
 
 COMMON_DEPEND_LIBS="
 	>=dev-libs/npth-1.2
@@ -50,6 +50,7 @@ S="${WORKDIR}/${MY_P}"
 
 src_prepare() {
 	default
+	epatch "${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
 	epatch_user
 }
 
@@ -88,7 +89,7 @@ src_configure() {
 		$(use_enable nls) \
 		$(use_with readline) \
 		$(use_enable tofu) \
-		$(use_enable tools) \
+		--enable-tools \
 		$(use_enable wks-server wks-tools) \
 		CC_FOR_BUILD="$(tc-getBUILD_CC)"
 }


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2016-06-16 19:34 Kristian Fiskerstrand
  0 siblings, 0 replies; 26+ messages in thread
From: Kristian Fiskerstrand @ 2016-06-16 19:34 UTC (permalink / raw
  To: gentoo-commits

commit:     b6a95374cfaab386126963ae0dca5fcfbfcb6062
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 16 19:30:28 2016 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Thu Jun 16 19:31:52 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6a95374

app-crypt/gnupg: Clean up old modern versions

Clean up old versions from modern branch

Package-Manager: portage-2.3.0_rc1

 app-crypt/gnupg/Manifest                       |   1 -
 app-crypt/gnupg/files/gnupg-2.1.11-tests.patch | 136 -------------------
 app-crypt/gnupg/gnupg-2.1.11-r1.ebuild         | 175 -------------------------
 app-crypt/gnupg/gnupg-2.1.12.ebuild            | 159 ----------------------
 4 files changed, 471 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 2b7f69b..d0e513d 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -4,6 +4,5 @@ DIST gnupg-2.0.26.tar.bz2 4303384 SHA256 7758e30dc382ae7a7167ed41b7f936aa50af5ea
 DIST gnupg-2.0.28.tar.bz2 4435779 SHA256 ce092ee4ab58fd19b9fb34a460c07b06c348f4360dd5dd4886d041eb521a534c SHA512 7e786fe0648d5ea453f9c7524fec4bd7d5eec26d28f723acf3cb2f7ec9c400c339f0926a179411876c3f8e08b06942dcec643dc930caf58239bbd4932f4bd3c1 WHIRLPOOL ccf7427e54a545914e89677618055a114b4c9dc4db48669a2fc726fced98475df4ed27c93bd180f1250d147111ee663c736cdf4e1d8afdc40ed967cdffd0eb66
 DIST gnupg-2.0.29.tar.bz2 4416251 SHA256 68ed6b386ba78425b05a60e8ee22785ff0fef190bdc6f1c612f19a58819d4ac9 SHA512 23b452c740ab5c1e1e37337ae0583dd3b15df58a5bb5639c0c2aef1fb603e0a7d90a257ac99b0d9dfb68b81fa061c0c64e0bfd256c00d64e2f432192f5052f37 WHIRLPOOL f3d59a9453b4a65c726788c35b065ffc9cde0b746705080cd3491c73439786d791da29cf8f5bf1e5594a0e39cfaec214e346fe18ec3acf0b425dc396aa189f33
 DIST gnupg-2.0.30.tar.bz2 4414652 SHA256 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 SHA512 e60a57f7dc74b44f884fd50d5a9c51cef7df8c098644ebab9ef7d945a40b0e4a285d0dc80b10fe39d8e4c2cc9d6cbbe800a0ddae54883180dc755fe47ced3314 WHIRLPOOL 007315882becc1204edf6833a13610284ce7e1c73429fc3b4170c35ba61c645299f811f01b1bc0506b1cf94ce0de23af4cea33f51cf97397ec61caa15ce3ac6c
-DIST gnupg-2.1.11.tar.bz2 5224007 SHA256 b7b0fb2c8c5d47d7ec916d4a1097c0ddcb94a12bb1c0ac424ad86b1ee316b61a SHA512 b39f3fb461ad879b1909808434c4b03dab4d1d79aa674fbc88e3d50960184c0c25a840206ff32b760672f1b2153253f4d7a88eb726d8662f629fa04b6739ad31 WHIRLPOOL 486d623e73172a6d7dc7a6e4a5b411e70e0002a960f0398833377b8e8d79e5456a73f945db7c8bbca6ff7fd33fbfb49ca587e3a393094ce0a16d86cd906f7f09
 DIST gnupg-2.1.12.tar.bz2 5510723 SHA256 ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506 SHA512 fdf24d4980ba4011840fd2316a856db2bf50e531071c2bfb899af2b4f5580a9f2992f85a451670a7121d04b608bfb147cefdca1c6f6eb55bc23ecfe5052639e6 WHIRLPOOL ee5a748afee3aa4f8318c1bc1bcbd09232a71853291211f3c5cd8cc44fb70d126185ae9c13086247cd22a9b13c2102f4fa0553e25496c5152f2ce34dc2505d10
 DIST gnupg-2.1.13.tar.bz2 5545361 SHA256 4f9d83a6221daa60130fa79f0b1d37d6c20fffdd0320b640c7a597c5b6219675 SHA512 37b6271cdd68fc1d0ec848fa742932afbe8fc662597bcf20398585b51171e7abce40d99ab02f816160b34f7a8d1c60c6e43d8e0192ed107a521579b870b3ebd3 WHIRLPOOL 4b97e579bf988a2142bdb83420feef5e0549db0f0a17f2ee8b890e22cb54b38166459d25b05c7f9dcbb14dd5363bf08c24f377d09038884110e29dbbfeb9b73d

diff --git a/app-crypt/gnupg/files/gnupg-2.1.11-tests.patch b/app-crypt/gnupg/files/gnupg-2.1.11-tests.patch
deleted file mode 100644
index 216ea7d..0000000
--- a/app-crypt/gnupg/files/gnupg-2.1.11-tests.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-From acac103ba5772ae738ce5409d17feab80596cde6 Mon Sep 17 00:00:00 2001
-From: "Neal H. Walfield" <neal@g10code.com>
-Date: Fri, 12 Feb 2016 22:12:21 +0100
-Subject: [PATCH 1/1] common: Change simple_query to ignore status messages.
-
-* common/simple-pwquery.c (simple_query): Ignore status messages.
-
---
-Signed-off-by: Neal H. Walfield <neal@g10code.com>
-GnuPG-bug-id: 2229
----
- common/simple-pwquery.c | 95 ++++++++++++++++++++++++++++++++++---------------
- 1 file changed, 67 insertions(+), 28 deletions(-)
-
-diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
-index 90d04c0..b2d666c 100644
---- a/common/simple-pwquery.c
-+++ b/common/simple-pwquery.c
-@@ -618,6 +618,7 @@ simple_query (const char *query)
-   int fd = -1;
-   int nread;
-   char response[500];
-+  int have = 0;
-   int rc;
- 
-   rc = agent_open (&fd);
-@@ -628,40 +629,78 @@ simple_query (const char *query)
-   if (rc)
-     goto leave;
- 
--  /* get response */
--  nread = readline (fd, response, 499);
--  if (nread < 0)
--    {
--      rc = -nread;
--      goto leave;
--    }
--  if (nread < 3)
-+  while (1)
-     {
--      rc = SPWQ_PROTOCOL_ERROR;
--      goto leave;
--    }
-+      if (! have || ! strchr (response, '\n'))
-+        /* get response */
-+        {
-+          nread = readline (fd, &response[have],
-+                            sizeof (response) - 1 /* NUL */ - have);
-+          if (nread < 0)
-+            {
-+              rc = -nread;
-+              goto leave;
-+            }
-+          have += nread;
-+          if (have < 3)
-+            {
-+              rc = SPWQ_PROTOCOL_ERROR;
-+              goto leave;
-+            }
-+          response[have] = 0;
-+        }
- 
--  if (response[0] == 'O' && response[1] == 'K')
--    /* OK, do nothing.  */;
--  else if ((nread > 7 && !memcmp (response, "ERR 111", 7)
--            && (response[7] == ' ' || response[7] == '\n') )
--           || ((nread > 4 && !memcmp (response, "ERR ", 4)
--                && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) )
--    {
--      /* 111 is the old Assuan code for canceled which might still
--         be in use by old installations. 99 is GPG_ERR_CANCELED as
--         used by modern gpg-agents; 0xffff is used to mask out the
--         error source.  */
-+      if (response[0] == 'O' && response[1] == 'K')
-+        /* OK, do nothing.  */;
-+      else if ((nread > 7 && !memcmp (response, "ERR 111", 7)
-+                && (response[7] == ' ' || response[7] == '\n') )
-+               || ((nread > 4 && !memcmp (response, "ERR ", 4)
-+                    && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) )
-+        {
-+          /* 111 is the old Assuan code for canceled which might still
-+             be in use by old installations. 99 is GPG_ERR_CANCELED as
-+             used by modern gpg-agents; 0xffff is used to mask out the
-+             error source.  */
- #ifdef SPWQ_USE_LOGGING
--      log_info (_("canceled by user\n") );
-+          log_info (_("canceled by user\n") );
- #endif
--    }
--  else
--    {
-+        }
-+      else if (response[0] == 'S' && response[1] == ' ')
-+        {
-+          char *nextline;
-+          int consumed;
-+
-+          nextline = strchr (response, '\n');
-+          if (! nextline)
-+            /* Point to the NUL.  */
-+            nextline = &response[have];
-+          else
-+            /* Move past the \n.  */
-+            nextline ++;
-+
-+          consumed = (size_t) nextline - (size_t) response;
-+
-+          /* Skip any additional newlines.  */
-+          while (consumed < have && response[consumed] == '\n')
-+            consumed ++;
-+
-+          have -= consumed;
-+
-+          if (have)
-+            memmove (response, &response[consumed], have + 1);
-+
-+          continue;
-+        }
-+      else
-+        {
- #ifdef SPWQ_USE_LOGGING
--      log_error (_("problem with the agent\n"));
-+          log_error (_("problem with the agent (unexpected response \"%s\"\n"),
-+                     response);
- #endif
--      rc = SPWQ_ERR_RESPONSE;
-+          rc = SPWQ_ERR_RESPONSE;
-+        }
-+
-+      break;
-     }
- 
-  leave:
--- 
-2.1.4
-

diff --git a/app-crypt/gnupg/gnupg-2.1.11-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.11-r1.ebuild
deleted file mode 100644
index a37e3ad..0000000
--- a/app-crypt/gnupg/gnupg-2.1.11-r1.ebuild
+++ /dev/null
@@ -1,175 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-MY_P="${P/_/-}"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-IUSE="bzip2 doc +gnutls ldap nls readline static selinux smartcard tofu tools usb"
-
-COMMON_DEPEND_LIBS="
-	dev-libs/npth
-	>=dev-libs/libassuan-2.4.1
-	>=dev-libs/libgcrypt-1.6.2[threads]
-	>=dev-libs/libgpg-error-1.21
-	>=dev-libs/libksba-1.2.0
-	>=net-misc/curl-7.10
-	gnutls? ( >=net-libs/gnutls-3.0 )
-	sys-libs/zlib
-	ldap? ( net-nds/openldap )
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	tofu? ( >=dev-db/sqlite-3.7 )
-	"
-COMMON_DEPEND_BINS="app-crypt/pinentry
-		   !app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	static? (
-		>=dev-libs/libassuan-2[static-libs]
-		>=dev-libs/libgcrypt-1.6.2[static-libs]
-		>=dev-libs/libgpg-error-1.17[static-libs]
-		>=dev-libs/libksba-1.0.7[static-libs]
-		dev-libs/npth[static-libs]
-		>=net-misc/curl-7.10[static-libs]
-		sys-libs/zlib[static-libs]
-		bzip2? ( app-arch/bzip2[static-libs] )
-	)
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
-	${COMMON_DEPEND_BINS}
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-REQUIRED_USE="smartcard? ( !static )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	epatch "${FILESDIR}/${P}-tests.patch"
-	epatch_user
-}
-
-src_configure() {
-	local myconf=()
-
-	# 'USE=static' support was requested:
-	# gnupg1: bug #29299
-	# gnupg2: bug #159623
-	use static && append-ldflags -static
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable gnutls) \
-		$(use_with ldap) \
-		$(use_enable nls) \
-		$(use_with readline) \
-		$(use_enable tofu) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
-
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-	# The help*txt files are read from the datadir by GnuPG directly.
-	# They do not work if compressed or moved!
-	#rm "${ED}"/usr/share/gnupg/help* || die
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}
-
-pkg_postinst() {
-	elog "If you wish to view images emerge:"
-	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
-	elog "Remember to use photo-viewer option in configuration file to activate"
-	elog "the right viewer."
-	elog
-
-	if use smartcard; then
-		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
-		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
-		elog " - sys-apps/pcsc-lite and a compatible reader device;"
-		elog " - dev-libs/openct and a compatible reader device;"
-		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
-		elog ""
-		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
-		elog "app-crypt/ccid first."
-	fi
-
-	ewarn "Please remember to restart gpg-agent if a different version"
-	ewarn "of the agent is currently used. If you are unsure of the gpg"
-	ewarn "agent you are using please run 'killall gpg-agent',"
-	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-
-	if [[ -n ${REPLACING_VERSIONS} ]]; then
-		elog "If upgrading from a version prior than 2.1 you might have to re-import"
-		elog "secret keys after restarting the gpg-agent as the new version is using"
-		elog "a new storage mechanism."
-		elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
-	fi
-}

diff --git a/app-crypt/gnupg/gnupg-2.1.12.ebuild b/app-crypt/gnupg/gnupg-2.1.12.ebuild
deleted file mode 100644
index 4c4d4ec..0000000
--- a/app-crypt/gnupg/gnupg-2.1.12.ebuild
+++ /dev/null
@@ -1,159 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-MY_P="${P/_/-}"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="bzip2 doc +gnutls ldap nls readline selinux smartcard tofu tools usb"
-
-COMMON_DEPEND_LIBS="
-	dev-libs/npth
-	>=dev-libs/libassuan-2.4.1
-	>=dev-libs/libgcrypt-1.6.2[threads]
-	>=dev-libs/libgpg-error-1.21
-	>=dev-libs/libksba-1.2.0
-	>=net-misc/curl-7.10
-	gnutls? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	ldap? ( net-nds/openldap )
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	tofu? ( >=dev-db/sqlite-3.7 )
-	"
-COMMON_DEPEND_BINS="app-crypt/pinentry
-		   !app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	epatch "${FILESDIR}/${P}-fix-signature-checking.patch" \
-		"${FILESDIR}/${PN}-2.1-fix-gentoo-dash-issue.patch"
-	epatch_user
-}
-
-src_configure() {
-	local myconf=()
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable gnutls) \
-		$(use_with ldap) \
-		$(use_enable nls) \
-		$(use_with readline) \
-		$(use_enable tofu) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
-
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-	# The help*txt files are read from the datadir by GnuPG directly.
-	# They do not work if compressed or moved!
-	#rm "${ED}"/usr/share/gnupg/help* || die
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}
-
-pkg_postinst() {
-	elog "If you wish to view images emerge:"
-	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
-	elog "Remember to use photo-viewer option in configuration file to activate"
-	elog "the right viewer."
-	elog
-
-	if use smartcard; then
-		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
-		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
-		elog " - sys-apps/pcsc-lite and a compatible reader device;"
-		elog " - dev-libs/openct and a compatible reader device;"
-		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
-		elog ""
-		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
-		elog "app-crypt/ccid first."
-	fi
-
-	ewarn "Please remember to restart gpg-agent if a different version"
-	ewarn "of the agent is currently used. If you are unsure of the gpg"
-	ewarn "agent you are using please run 'killall gpg-agent',"
-	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-
-	if [[ -n ${REPLACING_VERSIONS} ]]; then
-		elog "If upgrading from a version prior than 2.1 you might have to re-import"
-		elog "secret keys after restarting the gpg-agent as the new version is using"
-		elog "a new storage mechanism."
-		elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
-	fi
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2016-05-19 21:16 Kristian Fiskerstrand
  0 siblings, 0 replies; 26+ messages in thread
From: Kristian Fiskerstrand @ 2016-05-19 21:16 UTC (permalink / raw
  To: gentoo-commits

commit:     88c1f9f779abf72b6091cd5f772dfcb29151e639
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Thu May 19 21:16:12 2016 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Thu May 19 21:16:12 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=88c1f9f7

app-crypt/gnupg: Cleanup old 2.1 versions

Package-Manager: portage-2.2.28

 app-crypt/gnupg/Manifest                           |   2 -
 .../gnupg/files/gnupg-2.1.10-pkg-config.patch      |  24 ---
 app-crypt/gnupg/gnupg-2.1.10-r1.ebuild             | 182 ---------------------
 app-crypt/gnupg/gnupg-2.1.11.ebuild                | 173 --------------------
 app-crypt/gnupg/gnupg-2.1.9-r1.ebuild              | 171 -------------------
 5 files changed, 552 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 3c18723..401aaf2 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -4,7 +4,5 @@ DIST gnupg-2.0.26.tar.bz2 4303384 SHA256 7758e30dc382ae7a7167ed41b7f936aa50af5ea
 DIST gnupg-2.0.28.tar.bz2 4435779 SHA256 ce092ee4ab58fd19b9fb34a460c07b06c348f4360dd5dd4886d041eb521a534c SHA512 7e786fe0648d5ea453f9c7524fec4bd7d5eec26d28f723acf3cb2f7ec9c400c339f0926a179411876c3f8e08b06942dcec643dc930caf58239bbd4932f4bd3c1 WHIRLPOOL ccf7427e54a545914e89677618055a114b4c9dc4db48669a2fc726fced98475df4ed27c93bd180f1250d147111ee663c736cdf4e1d8afdc40ed967cdffd0eb66
 DIST gnupg-2.0.29.tar.bz2 4416251 SHA256 68ed6b386ba78425b05a60e8ee22785ff0fef190bdc6f1c612f19a58819d4ac9 SHA512 23b452c740ab5c1e1e37337ae0583dd3b15df58a5bb5639c0c2aef1fb603e0a7d90a257ac99b0d9dfb68b81fa061c0c64e0bfd256c00d64e2f432192f5052f37 WHIRLPOOL f3d59a9453b4a65c726788c35b065ffc9cde0b746705080cd3491c73439786d791da29cf8f5bf1e5594a0e39cfaec214e346fe18ec3acf0b425dc396aa189f33
 DIST gnupg-2.0.30.tar.bz2 4414652 SHA256 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 SHA512 e60a57f7dc74b44f884fd50d5a9c51cef7df8c098644ebab9ef7d945a40b0e4a285d0dc80b10fe39d8e4c2cc9d6cbbe800a0ddae54883180dc755fe47ced3314 WHIRLPOOL 007315882becc1204edf6833a13610284ce7e1c73429fc3b4170c35ba61c645299f811f01b1bc0506b1cf94ce0de23af4cea33f51cf97397ec61caa15ce3ac6c
-DIST gnupg-2.1.10.tar.bz2 5173253 SHA256 93bd58d81771a4fa488566e5d2e13b1fd7afc86789401eb41731882abfd26cf9 SHA512 ceea93a7e7d30e07839bcc52d4246fd5be1ec81a8c4d4d62059e2b0c0e58fab07a1531016f82bcc506340653d66c73541dd3f5897df7691abeb4068d94957003 WHIRLPOOL 01f92f6020b79b373d4d6879cc39913c575c67a52c1bd425770322de0ce5a9fbd796d800cbb41a15553fd30a6c8f85a794e0b4c09420a2b49f6cb0542cdb52fb
 DIST gnupg-2.1.11.tar.bz2 5224007 SHA256 b7b0fb2c8c5d47d7ec916d4a1097c0ddcb94a12bb1c0ac424ad86b1ee316b61a SHA512 b39f3fb461ad879b1909808434c4b03dab4d1d79aa674fbc88e3d50960184c0c25a840206ff32b760672f1b2153253f4d7a88eb726d8662f629fa04b6739ad31 WHIRLPOOL 486d623e73172a6d7dc7a6e4a5b411e70e0002a960f0398833377b8e8d79e5456a73f945db7c8bbca6ff7fd33fbfb49ca587e3a393094ce0a16d86cd906f7f09
 DIST gnupg-2.1.12.tar.bz2 5510723 SHA256 ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506 SHA512 fdf24d4980ba4011840fd2316a856db2bf50e531071c2bfb899af2b4f5580a9f2992f85a451670a7121d04b608bfb147cefdca1c6f6eb55bc23ecfe5052639e6 WHIRLPOOL ee5a748afee3aa4f8318c1bc1bcbd09232a71853291211f3c5cd8cc44fb70d126185ae9c13086247cd22a9b13c2102f4fa0553e25496c5152f2ce34dc2505d10
-DIST gnupg-2.1.9.tar.bz2 4925167 SHA256 1cb7633a57190beb66f9249cb7446603229b273d4d89331b75c652fa4a29f7b6 SHA512 c19b8cac42b7060caada230b77f36a0b0ed0a05efd519818c5b4057ef0fcb16602f2f3ade2409de2ef353a9e2acc3e5fa106a4449c6929a36a599a82194c0ee0 WHIRLPOOL 105b83e82330a00084a0e9f3d96c8788ac2c9e7831beea0ea42786df4e378dc9e8f2c1a31f12af9c53d363aa71810cd231afdf8f20eab424fea5f59b103033a9

diff --git a/app-crypt/gnupg/files/gnupg-2.1.10-pkg-config.patch b/app-crypt/gnupg/files/gnupg-2.1.10-pkg-config.patch
deleted file mode 100644
index 3526c31..0000000
--- a/app-crypt/gnupg/files/gnupg-2.1.10-pkg-config.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff_plain;f=configure.ac;h=77487b23c36599b4a41272608d2c3569cfce655b;hp=5a75e5080e5f9649e6c100224f8f428884a5e49c;hb=af142854a73567836a0ca44ad62900469c23d531;hpb=06436882c31ed6339b2bef2b59d24a1a8ba751fd
-
-diff --git a/configure.ac b/configure.ac
-index 5a75e50..77487b2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -589,6 +589,7 @@ AC_ISC_POSIX
- AC_SYS_LARGEFILE
- GNUPG_CHECK_USTAR
- 
-+
- # We need to compile and run a program on the build machine.  A
- # comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
- # the AC archive is broken for autoconf 2.57.  Given that there is no
-@@ -604,6 +605,9 @@ fi
- AC_MSG_RESULT($CC_FOR_BUILD)
- AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
- 
-+# We need to call this macro because other pkg-config macros are
-+# not always used.
-+PKG_PROG_PKG_CONFIG
- 
- 
- try_gettext=yes

diff --git a/app-crypt/gnupg/gnupg-2.1.10-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.10-r1.ebuild
deleted file mode 100644
index 023e23c..0000000
--- a/app-crypt/gnupg/gnupg-2.1.10-r1.ebuild
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils autotools flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-MY_P="${P/_/-}"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-IUSE="bzip2 doc +gnutls ldap nls readline static selinux smartcard tofu tools usb"
-
-COMMON_DEPEND_LIBS="
-	dev-libs/npth
-	>=dev-libs/libassuan-2.4.1
-	>=dev-libs/libgcrypt-1.6.2[threads]
-	>=dev-libs/libgpg-error-1.17
-	>=dev-libs/libksba-1.2.0
-	>=net-misc/curl-7.10
-	gnutls? ( >=net-libs/gnutls-3.0 )
-	sys-libs/zlib
-	ldap? ( net-nds/openldap )
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	tofu? ( >=dev-db/sqlite-3.7 )
-	"
-COMMON_DEPEND_BINS="app-crypt/pinentry
-		   !app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	static? (
-		>=dev-libs/libassuan-2[static-libs]
-		>=dev-libs/libgcrypt-1.6.2[static-libs]
-		>=dev-libs/libgpg-error-1.17[static-libs]
-		>=dev-libs/libksba-1.0.7[static-libs]
-		dev-libs/npth[static-libs]
-		>=net-misc/curl-7.10[static-libs]
-		sys-libs/zlib[static-libs]
-		bzip2? ( app-arch/bzip2[static-libs] )
-	)
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
-	${COMMON_DEPEND_BINS}
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-REQUIRED_USE="smartcard? ( !static )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	epatch "${FILESDIR}/${P}-pkg-config.patch"
-	epatch_user
-	eautoreconf
-}
-
-src_configure() {
-	local myconf=()
-
-	# 'USE=static' support was requested:
-	# gnupg1: bug #29299
-	# gnupg2: bug #159623
-	use static && append-ldflags -static
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == clang ]] && export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable gnutls) \
-		$(use_with ldap) \
-		$(use_enable nls) \
-		$(use_with readline) \
-		$(use_enable tofu) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-
-		# The pkg-config patch specific to 2.1.10 is causing an eautoreconf 
-		# it shows up as being a developer version and with "unknown" suffix
-		# we remove this explicitly for the 2.1.10 release as it does not contain
-		# unstable code
-		sed -i "s/#define IS_DEVELOPMENT_VERSION 1//" config.h || die
-		sed -i "s/2.1.10-unknown/2.1.10/" config.h || die
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
-
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-	# The help*txt files are read from the datadir by GnuPG directly.
-	# They do not work if compressed or moved!
-	#rm "${ED}"/usr/share/gnupg/help* || die
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}
-
-pkg_postinst() {
-	elog "If you wish to view images emerge:"
-	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
-	elog "Remember to use photo-viewer option in configuration file to activate"
-	elog "the right viewer."
-	elog
-
-	if use smartcard; then
-		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
-		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
-		elog " - sys-apps/pcsc-lite and a compatible reader device;"
-		elog " - dev-libs/openct and a compatible reader device;"
-		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
-		elog ""
-		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
-		elog "app-crypt/ccid first."
-	fi
-
-	ewarn "Please remember to restart gpg-agent if a different version"
-	ewarn "of the agent is currently used. If you are unsure of the gpg"
-	ewarn "agent you are using please run 'killall gpg-agent',"
-	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-
-	if [[ -n ${REPLACING_VERSIONS} ]]; then
-		elog "If upgrading from a version prior than 2.1 you might have to re-import"
-		elog "secret keys after restarting the gpg-agent as the new version is using"
-		elog "a new storage mechanism."
-		elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
-	fi
-}

diff --git a/app-crypt/gnupg/gnupg-2.1.11.ebuild b/app-crypt/gnupg/gnupg-2.1.11.ebuild
deleted file mode 100644
index 4b96da9..0000000
--- a/app-crypt/gnupg/gnupg-2.1.11.ebuild
+++ /dev/null
@@ -1,173 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-MY_P="${P/_/-}"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-IUSE="bzip2 doc +gnutls ldap nls readline static selinux smartcard tofu tools usb"
-
-COMMON_DEPEND_LIBS="
-	dev-libs/npth
-	>=dev-libs/libassuan-2.4.1
-	>=dev-libs/libgcrypt-1.6.2[threads]
-	>=dev-libs/libgpg-error-1.21
-	>=dev-libs/libksba-1.2.0
-	>=net-misc/curl-7.10
-	gnutls? ( >=net-libs/gnutls-3.0 )
-	sys-libs/zlib
-	ldap? ( net-nds/openldap )
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	tofu? ( >=dev-db/sqlite-3.7 )
-	"
-COMMON_DEPEND_BINS="app-crypt/pinentry
-		   !app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	static? (
-		>=dev-libs/libassuan-2[static-libs]
-		>=dev-libs/libgcrypt-1.6.2[static-libs]
-		>=dev-libs/libgpg-error-1.17[static-libs]
-		>=dev-libs/libksba-1.0.7[static-libs]
-		dev-libs/npth[static-libs]
-		>=net-misc/curl-7.10[static-libs]
-		sys-libs/zlib[static-libs]
-		bzip2? ( app-arch/bzip2[static-libs] )
-	)
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
-	${COMMON_DEPEND_BINS}
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-REQUIRED_USE="smartcard? ( !static )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	epatch_user
-}
-
-src_configure() {
-	local myconf=()
-
-	# 'USE=static' support was requested:
-	# gnupg1: bug #29299
-	# gnupg2: bug #159623
-	use static && append-ldflags -static
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == clang ]] && export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable gnutls) \
-		$(use_with ldap) \
-		$(use_enable nls) \
-		$(use_with readline) \
-		$(use_enable tofu) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
-
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-	# The help*txt files are read from the datadir by GnuPG directly.
-	# They do not work if compressed or moved!
-	#rm "${ED}"/usr/share/gnupg/help* || die
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}
-
-pkg_postinst() {
-	elog "If you wish to view images emerge:"
-	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
-	elog "Remember to use photo-viewer option in configuration file to activate"
-	elog "the right viewer."
-	elog
-
-	if use smartcard; then
-		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
-		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
-		elog " - sys-apps/pcsc-lite and a compatible reader device;"
-		elog " - dev-libs/openct and a compatible reader device;"
-		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
-		elog ""
-		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
-		elog "app-crypt/ccid first."
-	fi
-
-	ewarn "Please remember to restart gpg-agent if a different version"
-	ewarn "of the agent is currently used. If you are unsure of the gpg"
-	ewarn "agent you are using please run 'killall gpg-agent',"
-	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-
-	if [[ -n ${REPLACING_VERSIONS} ]]; then
-		elog "If upgrading from a version prior than 2.1 you might have to re-import"
-		elog "secret keys after restarting the gpg-agent as the new version is using"
-		elog "a new storage mechanism."
-		elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
-	fi
-}

diff --git a/app-crypt/gnupg/gnupg-2.1.9-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.9-r1.ebuild
deleted file mode 100644
index c146f75..0000000
--- a/app-crypt/gnupg/gnupg-2.1.9-r1.ebuild
+++ /dev/null
@@ -1,171 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-MY_P="${P/_/-}"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-IUSE="bzip2 doc +gnutls ldap nls readline static selinux smartcard tools usb"
-
-COMMON_DEPEND_LIBS="
-	dev-libs/npth
-	>=dev-libs/libassuan-2
-	>=dev-libs/libgcrypt-1.6.2[threads]
-	>=dev-libs/libgpg-error-1.17
-	>=dev-libs/libksba-1.0.7
-	>=net-misc/curl-7.10
-	gnutls? ( >=net-libs/gnutls-3.0 )
-	sys-libs/zlib
-	ldap? ( net-nds/openldap )
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	"
-COMMON_DEPEND_BINS="app-crypt/pinentry
-		   !app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	static? (
-		>=dev-libs/libassuan-2[static-libs]
-		>=dev-libs/libgcrypt-1.6.2[static-libs]
-		>=dev-libs/libgpg-error-1.17[static-libs]
-		>=dev-libs/libksba-1.0.7[static-libs]
-		dev-libs/npth[static-libs]
-		>=net-misc/curl-7.10[static-libs]
-		sys-libs/zlib[static-libs]
-		bzip2? ( app-arch/bzip2[static-libs] )
-	)
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
-	${COMMON_DEPEND_BINS}
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-REQUIRED_USE="smartcard? ( !static )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	epatch_user
-}
-
-src_configure() {
-	local myconf=()
-
-	# 'USE=static' support was requested:
-	# gnupg1: bug #29299
-	# gnupg2: bug #159623
-	use static && append-ldflags -static
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == clang ]] && export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable gnutls) \
-		$(use_with ldap) \
-		$(use_enable nls) \
-		$(use_with readline) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
-
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-	# The help*txt files are read from the datadir by GnuPG directly.
-	# They do not work if compressed or moved!
-	#rm "${ED}"/usr/share/gnupg/help* || die
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}
-
-pkg_postinst() {
-	elog "If you wish to view images emerge:"
-	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
-	elog "Remember to use photo-viewer option in configuration file to activate"
-	elog "the right viewer."
-	elog
-
-	if use smartcard; then
-		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
-		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
-		elog " - sys-apps/pcsc-lite and a compatible reader device;"
-		elog " - dev-libs/openct and a compatible reader device;"
-		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
-		elog ""
-		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
-		elog "app-crypt/ccid first."
-	fi
-
-	ewarn "Please remember to restart gpg-agent if a different version"
-	ewarn "of the agent is currently used. If you are unsure of the gpg"
-	ewarn "agent you are using please run 'killall gpg-agent',"
-	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-
-	if [[ -n ${REPLACING_VERSIONS} ]]; then
-		elog "If upgrading from a version prior than 2.1 you might have to re-import"
-		elog "secret keys after restarting the gpg-agent as the new version is using"
-		elog "a new storage mechanism."
-		elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
-	fi
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2016-02-12 21:41 Kristian Fiskerstrand
  0 siblings, 0 replies; 26+ messages in thread
From: Kristian Fiskerstrand @ 2016-02-12 21:41 UTC (permalink / raw
  To: gentoo-commits

commit:     a991aaf0280fc6410f1e6f22989cc46b18224c26
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 12 21:47:36 2016 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Fri Feb 12 21:47:36 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a991aaf0

app-crypt/gnupg: Fix test failure in 2.1.11

Bug: 573398

Package-Manager: portage-2.2.27

 app-crypt/gnupg/files/gnupg-2.1.11-tests.patch | 136 +++++++++++++++++++
 app-crypt/gnupg/gnupg-2.1.11-r1.ebuild         | 174 +++++++++++++++++++++++++
 2 files changed, 310 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.11-tests.patch b/app-crypt/gnupg/files/gnupg-2.1.11-tests.patch
new file mode 100644
index 0000000..216ea7d
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.11-tests.patch
@@ -0,0 +1,136 @@
+From acac103ba5772ae738ce5409d17feab80596cde6 Mon Sep 17 00:00:00 2001
+From: "Neal H. Walfield" <neal@g10code.com>
+Date: Fri, 12 Feb 2016 22:12:21 +0100
+Subject: [PATCH 1/1] common: Change simple_query to ignore status messages.
+
+* common/simple-pwquery.c (simple_query): Ignore status messages.
+
+--
+Signed-off-by: Neal H. Walfield <neal@g10code.com>
+GnuPG-bug-id: 2229
+---
+ common/simple-pwquery.c | 95 ++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 67 insertions(+), 28 deletions(-)
+
+diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
+index 90d04c0..b2d666c 100644
+--- a/common/simple-pwquery.c
++++ b/common/simple-pwquery.c
+@@ -618,6 +618,7 @@ simple_query (const char *query)
+   int fd = -1;
+   int nread;
+   char response[500];
++  int have = 0;
+   int rc;
+ 
+   rc = agent_open (&fd);
+@@ -628,40 +629,78 @@ simple_query (const char *query)
+   if (rc)
+     goto leave;
+ 
+-  /* get response */
+-  nread = readline (fd, response, 499);
+-  if (nread < 0)
+-    {
+-      rc = -nread;
+-      goto leave;
+-    }
+-  if (nread < 3)
++  while (1)
+     {
+-      rc = SPWQ_PROTOCOL_ERROR;
+-      goto leave;
+-    }
++      if (! have || ! strchr (response, '\n'))
++        /* get response */
++        {
++          nread = readline (fd, &response[have],
++                            sizeof (response) - 1 /* NUL */ - have);
++          if (nread < 0)
++            {
++              rc = -nread;
++              goto leave;
++            }
++          have += nread;
++          if (have < 3)
++            {
++              rc = SPWQ_PROTOCOL_ERROR;
++              goto leave;
++            }
++          response[have] = 0;
++        }
+ 
+-  if (response[0] == 'O' && response[1] == 'K')
+-    /* OK, do nothing.  */;
+-  else if ((nread > 7 && !memcmp (response, "ERR 111", 7)
+-            && (response[7] == ' ' || response[7] == '\n') )
+-           || ((nread > 4 && !memcmp (response, "ERR ", 4)
+-                && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) )
+-    {
+-      /* 111 is the old Assuan code for canceled which might still
+-         be in use by old installations. 99 is GPG_ERR_CANCELED as
+-         used by modern gpg-agents; 0xffff is used to mask out the
+-         error source.  */
++      if (response[0] == 'O' && response[1] == 'K')
++        /* OK, do nothing.  */;
++      else if ((nread > 7 && !memcmp (response, "ERR 111", 7)
++                && (response[7] == ' ' || response[7] == '\n') )
++               || ((nread > 4 && !memcmp (response, "ERR ", 4)
++                    && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) )
++        {
++          /* 111 is the old Assuan code for canceled which might still
++             be in use by old installations. 99 is GPG_ERR_CANCELED as
++             used by modern gpg-agents; 0xffff is used to mask out the
++             error source.  */
+ #ifdef SPWQ_USE_LOGGING
+-      log_info (_("canceled by user\n") );
++          log_info (_("canceled by user\n") );
+ #endif
+-    }
+-  else
+-    {
++        }
++      else if (response[0] == 'S' && response[1] == ' ')
++        {
++          char *nextline;
++          int consumed;
++
++          nextline = strchr (response, '\n');
++          if (! nextline)
++            /* Point to the NUL.  */
++            nextline = &response[have];
++          else
++            /* Move past the \n.  */
++            nextline ++;
++
++          consumed = (size_t) nextline - (size_t) response;
++
++          /* Skip any additional newlines.  */
++          while (consumed < have && response[consumed] == '\n')
++            consumed ++;
++
++          have -= consumed;
++
++          if (have)
++            memmove (response, &response[consumed], have + 1);
++
++          continue;
++        }
++      else
++        {
+ #ifdef SPWQ_USE_LOGGING
+-      log_error (_("problem with the agent\n"));
++          log_error (_("problem with the agent (unexpected response \"%s\"\n"),
++                     response);
+ #endif
+-      rc = SPWQ_ERR_RESPONSE;
++          rc = SPWQ_ERR_RESPONSE;
++        }
++
++      break;
+     }
+ 
+  leave:
+-- 
+2.1.4
+

diff --git a/app-crypt/gnupg/gnupg-2.1.11-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.11-r1.ebuild
new file mode 100644
index 0000000..4b653de
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.11-r1.ebuild
@@ -0,0 +1,174 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="bzip2 doc +gnutls ldap nls readline static selinux smartcard tofu tools usb"
+
+COMMON_DEPEND_LIBS="
+	dev-libs/npth
+	>=dev-libs/libassuan-2.4.1
+	>=dev-libs/libgcrypt-1.6.2[threads]
+	>=dev-libs/libgpg-error-1.21
+	>=dev-libs/libksba-1.2.0
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0 )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+		   !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	static? (
+		>=dev-libs/libassuan-2[static-libs]
+		>=dev-libs/libgcrypt-1.6.2[static-libs]
+		>=dev-libs/libgpg-error-1.17[static-libs]
+		>=dev-libs/libksba-1.0.7[static-libs]
+		dev-libs/npth[static-libs]
+		>=net-misc/curl-7.10[static-libs]
+		sys-libs/zlib[static-libs]
+		bzip2? ( app-arch/bzip2[static-libs] )
+	)
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+REQUIRED_USE="smartcard? ( !static )"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-tests.patch"
+	epatch_user
+}
+
+src_configure() {
+	local myconf=()
+
+	# 'USE=static' support was requested:
+	# gnupg1: bug #29299
+	# gnupg2: bug #159623
+	use static && append-ldflags -static
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == clang ]] && export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		--without-adns \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_with ldap) \
+		$(use_enable nls) \
+		$(use_with readline) \
+		$(use_enable tofu) \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	if use doc; then
+		cd doc
+		emake html
+	fi
+}
+
+src_install() {
+	default
+
+	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
+		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
+
+	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
+	# The help*txt files are read from the datadir by GnuPG directly.
+	# They do not work if compressed or moved!
+	#rm "${ED}"/usr/share/gnupg/help* || die
+
+	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
+		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
+
+	dosym gpg2 /usr/bin/gpg
+	dosym gpgv2 /usr/bin/gpgv
+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+	if use doc; then
+		dohtml doc/gnupg.html/* doc/*.png
+	fi
+}
+
+pkg_postinst() {
+	elog "If you wish to view images emerge:"
+	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
+	elog "Remember to use photo-viewer option in configuration file to activate"
+	elog "the right viewer."
+	elog
+
+	if use smartcard; then
+		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
+		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
+		elog " - sys-apps/pcsc-lite and a compatible reader device;"
+		elog " - dev-libs/openct and a compatible reader device;"
+		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
+		elog ""
+		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
+		elog "app-crypt/ccid first."
+	fi
+
+	ewarn "Please remember to restart gpg-agent if a different version"
+	ewarn "of the agent is currently used. If you are unsure of the gpg"
+	ewarn "agent you are using please run 'killall gpg-agent',"
+	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
+
+	if [[ -n ${REPLACING_VERSIONS} ]]; then
+		elog "If upgrading from a version prior than 2.1 you might have to re-import"
+		elog "secret keys after restarting the gpg-agent as the new version is using"
+		elog "a new storage mechanism."
+		elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
+	fi
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
@ 2015-12-19 10:37 Kristian Fiskerstrand
  0 siblings, 0 replies; 26+ messages in thread
From: Kristian Fiskerstrand @ 2015-12-19 10:37 UTC (permalink / raw
  To: gentoo-commits

commit:     0e03adc0a22f6e026474ed7bb252b630dbb20716
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 19 10:32:08 2015 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Sat Dec 19 10:32:32 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e03adc0

app-crypt/gnupg-2.1.10-r1: Fix hkps support when TOFU is not enabled

Bug: 567822

Package-Manager: portage-2.2.20.1

 .../gnupg/files/gnupg-2.1.10-pkg-config.patch      |  24 +++
 app-crypt/gnupg/gnupg-2.1.10-r1.ebuild             | 182 +++++++++++++++++++++
 2 files changed, 206 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.10-pkg-config.patch b/app-crypt/gnupg/files/gnupg-2.1.10-pkg-config.patch
new file mode 100644
index 0000000..3526c31
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.10-pkg-config.patch
@@ -0,0 +1,24 @@
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff_plain;f=configure.ac;h=77487b23c36599b4a41272608d2c3569cfce655b;hp=5a75e5080e5f9649e6c100224f8f428884a5e49c;hb=af142854a73567836a0ca44ad62900469c23d531;hpb=06436882c31ed6339b2bef2b59d24a1a8ba751fd
+
+diff --git a/configure.ac b/configure.ac
+index 5a75e50..77487b2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -589,6 +589,7 @@ AC_ISC_POSIX
+ AC_SYS_LARGEFILE
+ GNUPG_CHECK_USTAR
+ 
++
+ # We need to compile and run a program on the build machine.  A
+ # comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
+ # the AC archive is broken for autoconf 2.57.  Given that there is no
+@@ -604,6 +605,9 @@ fi
+ AC_MSG_RESULT($CC_FOR_BUILD)
+ AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
+ 
++# We need to call this macro because other pkg-config macros are
++# not always used.
++PKG_PROG_PKG_CONFIG
+ 
+ 
+ try_gettext=yes

diff --git a/app-crypt/gnupg/gnupg-2.1.10-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.10-r1.ebuild
new file mode 100644
index 0000000..023e23c
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.10-r1.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="bzip2 doc +gnutls ldap nls readline static selinux smartcard tofu tools usb"
+
+COMMON_DEPEND_LIBS="
+	dev-libs/npth
+	>=dev-libs/libassuan-2.4.1
+	>=dev-libs/libgcrypt-1.6.2[threads]
+	>=dev-libs/libgpg-error-1.17
+	>=dev-libs/libksba-1.2.0
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0 )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+		   !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	static? (
+		>=dev-libs/libassuan-2[static-libs]
+		>=dev-libs/libgcrypt-1.6.2[static-libs]
+		>=dev-libs/libgpg-error-1.17[static-libs]
+		>=dev-libs/libksba-1.0.7[static-libs]
+		dev-libs/npth[static-libs]
+		>=net-misc/curl-7.10[static-libs]
+		sys-libs/zlib[static-libs]
+		bzip2? ( app-arch/bzip2[static-libs] )
+	)
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+REQUIRED_USE="smartcard? ( !static )"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-pkg-config.patch"
+	epatch_user
+	eautoreconf
+}
+
+src_configure() {
+	local myconf=()
+
+	# 'USE=static' support was requested:
+	# gnupg1: bug #29299
+	# gnupg2: bug #159623
+	use static && append-ldflags -static
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == clang ]] && export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		--without-adns \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_with ldap) \
+		$(use_enable nls) \
+		$(use_with readline) \
+		$(use_enable tofu) \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+
+		# The pkg-config patch specific to 2.1.10 is causing an eautoreconf 
+		# it shows up as being a developer version and with "unknown" suffix
+		# we remove this explicitly for the 2.1.10 release as it does not contain
+		# unstable code
+		sed -i "s/#define IS_DEVELOPMENT_VERSION 1//" config.h || die
+		sed -i "s/2.1.10-unknown/2.1.10/" config.h || die
+}
+
+src_compile() {
+	default
+
+	if use doc; then
+		cd doc
+		emake html
+	fi
+}
+
+src_install() {
+	default
+
+	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
+		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
+
+	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
+	# The help*txt files are read from the datadir by GnuPG directly.
+	# They do not work if compressed or moved!
+	#rm "${ED}"/usr/share/gnupg/help* || die
+
+	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
+		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
+
+	dosym gpg2 /usr/bin/gpg
+	dosym gpgv2 /usr/bin/gpgv
+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+	if use doc; then
+		dohtml doc/gnupg.html/* doc/*.png
+	fi
+}
+
+pkg_postinst() {
+	elog "If you wish to view images emerge:"
+	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
+	elog "Remember to use photo-viewer option in configuration file to activate"
+	elog "the right viewer."
+	elog
+
+	if use smartcard; then
+		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
+		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
+		elog " - sys-apps/pcsc-lite and a compatible reader device;"
+		elog " - dev-libs/openct and a compatible reader device;"
+		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
+		elog ""
+		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
+		elog "app-crypt/ccid first."
+	fi
+
+	ewarn "Please remember to restart gpg-agent if a different version"
+	ewarn "of the agent is currently used. If you are unsure of the gpg"
+	ewarn "agent you are using please run 'killall gpg-agent',"
+	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
+
+	if [[ -n ${REPLACING_VERSIONS} ]]; then
+		elog "If upgrading from a version prior than 2.1 you might have to re-import"
+		elog "secret keys after restarting the gpg-agent as the new version is using"
+		elog "a new storage mechanism."
+		elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
+	fi
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

end of thread, other threads:[~2024-11-03  9:04 UTC | newest]

Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-01  9:41 [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/ Mikle Kolyada
  -- strict thread matches above, loose matches on Subject: below --
2024-11-03  9:04 Sam James
2024-11-03  9:04 Sam James
2024-06-24  4:00 Sam James
2024-03-04  3:08 Sam James
2024-03-04  3:02 Sam James
2023-07-06  0:06 Sam James
2023-06-10 21:02 Sam James
2023-05-23  4:13 Sam James
2022-09-23  1:06 Sam James
2022-07-14  0:49 Sam James
2022-06-30 20:01 Sam James
2022-04-25 16:06 Sam James
2021-04-08  9:21 Lars Wendler
2020-03-21 16:47 Mikle Kolyada
2018-02-07 20:44 Kristian Fiskerstrand
2017-03-18  3:12 Robin H. Johnson
2017-02-18 18:35 Alon Bar-Lev
2017-02-18 18:35 Alon Bar-Lev
2017-01-23 17:54 Alon Bar-Lev
2017-01-04 12:43 Kristian Fiskerstrand
2016-11-22 18:31 Kristian Fiskerstrand
2016-06-16 19:34 Kristian Fiskerstrand
2016-05-19 21:16 Kristian Fiskerstrand
2016-02-12 21:41 Kristian Fiskerstrand
2015-12-19 10:37 Kristian Fiskerstrand

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox