public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2021-06-12 22:37 Lars Wendler
  0 siblings, 0 replies; 18+ messages in thread
From: Lars Wendler @ 2021-06-12 22:37 UTC (permalink / raw
  To: gentoo-commits

commit:     16b8804428d68538b75e21a597ab687830787097
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 12 22:35:44 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jun 12 22:37:03 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16b88044

app-crypt/gnupg: Fixed build with USE="-ldap"

Removed "scd-shared-access" USE flag as this finally went into a release

Closes: https://bugs.gentoo.org/795669
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 .../gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch    | 36 ++++++++++++++++++++++
 app-crypt/gnupg/gnupg-2.2.28.ebuild                | 13 ++------
 2 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch b/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch
new file mode 100644
index 00000000000..86e83de8ec3
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch
@@ -0,0 +1,36 @@
+From c8b2162c0e7eb42b74811b7ed225fa0f56be4083 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 11 Jun 2021 10:30:02 +0900
+Subject: [PATCH] dirmngir: Fix build with --disable-ldap.
+
+* dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
+Conditionalize.
+
+--
+
+Reported-by: Phil Pennock
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/dirmngr.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
+index 04fe9e238..6a818cabc 100644
+--- a/dirmngr/dirmngr.c
++++ b/dirmngr/dirmngr.c
+@@ -736,6 +736,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+     case oRecursiveResolver: enable_recursive_resolver (1); break;
+ 
+     case oLDAPServer:
++#if USE_LDAP
+       {
+         ldap_server_t server;
+         char *p;
+@@ -757,6 +758,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+             opt.ldapservers = server;
+           }
+       }
++#endif
+       break;
+ 
+     case oKeyServer:

diff --git a/app-crypt/gnupg/gnupg-2.2.28.ebuild b/app-crypt/gnupg/gnupg-2.2.28.ebuild
index f03938727e3..0f4396fc399 100644
--- a/app-crypt/gnupg/gnupg-2.2.28.ebuild
+++ b/app-crypt/gnupg/gnupg-2.2.28.ebuild
@@ -9,13 +9,12 @@ MY_P="${P/_/-}"
 
 DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
 HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2
-	scd-shared-access? ( https://raw.githubusercontent.com/GPGTools/MacGPG2/5ca182f54b7b6cd635d1c0a4713953834489fdd9/patches/gnupg/scdaemon_shared-access.patch -> ${PN}-2.2.16-scdaemon_shared-access.patch )"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
 
 LICENSE="GPL-3"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline scd-shared-access selinux +smartcard ssl tofu tools usb user-socket wks-server"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
 
 # Existence of executables is checked during configuration.
 DEPEND=">=dev-libs/libassuan-2.5.0
@@ -51,18 +50,12 @@ DOCS=(
 
 PATCHES=(
 	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	"${FILESDIR}/${P}-dirmngr_ldap.patch" #795669
 )
 
 src_prepare() {
 	default
 
-	# Made optional because it's a non-official patch
-	if use scd-shared-access ; then
-		# Patch taken from
-		# https://github.com/GPGTools/MacGPG2/tree/dev/patches/gnupg
-		eapply "${DISTDIR}/${PN}-2.2.16-scdaemon_shared-access.patch"
-	fi
-
 	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
 	# idea borrowed from libdbus, see
 	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2024-02-18 10:13 Sam James
  0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2024-02-18 10:13 UTC (permalink / raw
  To: gentoo-commits

commit:     45ed86aa273d9bb10f4856de72616d889f43f016
Author:     Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Fri Feb 16 04:29:49 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 10:12:32 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45ed86aa

app-crypt/gnupg: fix dirmngr behind a proxy

Adapted from upstream patches:
https://dev.gnupg.org/rG04cbc3074aa98660b513a80f623a7e9f0702c7c9
https://dev.gnupg.org/rG848546b05ab0ff6abd47724ecfab73bf32dd4c01

Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Closes: https://bugs.gentoo.org/924606
Bug: https://bugs.gentoo.org/835949
Closes: https://github.com/gentoo/gentoo/pull/35368
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch    |  91 ++++++++++
 app-crypt/gnupg/gnupg-2.4.4-r1.ebuild              | 197 +++++++++++++++++++++
 2 files changed, 288 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
new file mode 100644
index 000000000000..ebfaddb78e03
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
@@ -0,0 +1,91 @@
+diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c
+--- gnupg-2.4.4.orig/dirmngr/http.c	2024-01-25 03:06:42.000000000 -0700
++++ gnupg-2.4.4/dirmngr/http.c	2024-02-15 21:10:28.849074727 -0700
+@@ -2362,7 +2362,6 @@
+  * NULL, decode the string and use this as input from teh server.  On
+  * success the final output token is stored at PROXY->OUTTOKEN and
+  * OUTTOKLEN.  IF the authentication succeeded OUTTOKLEN is zero. */
+-#ifdef USE_TLS
+ static gpg_error_t
+ proxy_get_token (proxy_info_t proxy, const char *inputstring)
+ {
+@@ -2530,11 +2529,9 @@
+ 
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+-#endif /*USE_TLS*/
+ 
+ 
+ /* Use the CONNECT method to proxy our TLS stream.  */
+-#ifdef USE_TLS
+ static gpg_error_t
+ run_proxy_connect (http_t hd, proxy_info_t proxy,
+                    const char *httphost, const char *server,
+@@ -2556,6 +2553,7 @@
+    * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
+    */
+   auth_basic = !!proxy->uri->auth;
++  hd->keep_alive = 0;
+ 
+   /* For basic authentication we need to send just one request.  */
+   if (auth_basic
+@@ -2577,16 +2575,15 @@
+                          httphost ? httphost : server,
+                          port,
+                          authhdr ? authhdr : "",
+-                         auth_basic? "" : "Connection: keep-alive\r\n");
++                         hd->keep_alive? "Connection: keep-alive\r\n" : "");
+   if (!request)
+     {
+       err = gpg_error_from_syserror ();
+       goto leave;
+     }
+-  hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
+ 
+   if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
+-    log_debug_with_string (request, "http.c:proxy:request:");
++    log_debug_string (request, "http.c:proxy:request:");
+ 
+   if (!hd->fp_write)
+     {
+@@ -2610,16 +2607,6 @@
+   if (err)
+     goto leave;
+ 
+-  {
+-    unsigned long count = 0;
+-
+-    while (es_getc (hd->fp_read) != EOF)
+-      count++;
+-    if (opt_debug)
+-      log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
+-                 count);
+-  }
+-
+   /* Reset state.  */
+   es_clearerr (hd->fp_read);
+   ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
+@@ -2743,7 +2730,6 @@
+   xfree (tmpstr);
+   return err;
+ }
+-#endif /*USE_TLS*/
+ 
+ 
+ /* Make a request string using a standard proxy.  On success the
+@@ -2903,7 +2889,6 @@
+       goto leave;
+     }
+ 
+-#if USE_TLS
+   if (use_http_proxy && hd->uri->use_tls)
+     {
+       err = run_proxy_connect (hd, proxy, httphost, server, port);
+@@ -2915,7 +2900,6 @@
+        * clear the flag to indicate this.  */
+       use_http_proxy = 0;
+     }
+-#endif	/* USE_TLS */
+ 
+ #if HTTP_USE_NTBTLS
+   err = run_ntbtls_handshake (hd);

diff --git a/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild
new file mode 100644
index 000000000000..768489c6bf9f
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.46
+	>=dev-libs/libksba-1.6.3
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.2:0= )
+"
+RDEPEND="
+	${DEPEND}
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+PDEPEND="
+	app-crypt/pinentry
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-dirmngr-proxy.patch #924606
+)
+
+src_prepare() {
+	default
+
+	GNUPG_SYSTEMD_UNITS=(
+		dirmngr.service
+		dirmngr.socket
+		gpg-agent-browser.socket
+		gpg-agent-extra.socket
+		gpg-agent.service
+		gpg-agent.socket
+		gpg-agent-ssh.socket
+	)
+
+	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i "${T}"/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	# Upstream don't support LTO, bug #854222.
+	filter-lto
+
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+	use doc && dodoc doc/*.png
+
+	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+	dodoc "${FILESDIR}"/README-systemd
+	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2024-01-29  9:49 Sam James
  0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2024-01-29  9:49 UTC (permalink / raw
  To: gentoo-commits

commit:     794b312233b33ce315807bb305e0db42d530dfe7
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 29 09:48:36 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan 29 09:48:47 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794b3122

app-crypt/gnupg: backport insecure smartcard backup fix to 2.2.x

Bug: https://bugs.gentoo.org/923248
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../gnupg-2.2.42-bug923248-insecure-backup.patch   | 292 +++++++++++++++++++++
 app-crypt/gnupg/gnupg-2.2.42-r2.ebuild             | 182 +++++++++++++
 2 files changed, 474 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch b/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch
new file mode 100644
index 000000000000..76d6d94c40b1
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch
@@ -0,0 +1,292 @@
+https://bugs.gentoo.org/923248
+https://dev.gnupg.org/T6944
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=3b69d8bf7146b8d10737d0cfea9c97affc60ad73
+
+From 3b69d8bf7146b8d10737d0cfea9c97affc60ad73 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Wed, 24 Jan 2024 11:29:24 +0100
+Subject: [PATCH] gpg: Fix leftover unprotected card backup key.
+
+* agent/command.c (cmd_learn): Add option --reallyforce.
+* agent/findkey.c (agent_write_private_key): Implement reallyforce.
+Also add arg reallyforce and pass it along the call chain.
+
+* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
+special force value.
+* g10/keygen.c (card_store_key_with_backup): Use that force value.
+--
+
+This was a regression in 2.2.42.  We took the easy path to fix it by
+getting the behaviour back to what we did prior to 2.2.42.  With GnuPG
+2.4.4 we use an entire different and safer approach by introducing an
+ephemeral private key store.
+
+GnuPG-bug-id: 6944
+--- a/agent/agent.h
++++ b/agent/agent.h
+@@ -422,7 +422,8 @@ void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
+ gpg_error_t agent_modify_description (const char *in, const char *comment,
+                                       const gcry_sexp_t key, char **result);
+ int agent_write_private_key (const unsigned char *grip,
+-                             const void *buffer, size_t length, int force,
++                             const void *buffer, size_t length,
++                             int force, int reallyforce,
+                              const char *serialno, const char *keyref,
+                              const char *dispserialno, time_t timestamp);
+ gpg_error_t agent_key_from_file (ctrl_t ctrl,
+@@ -548,6 +549,7 @@ gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,
+ gpg_error_t agent_write_shadow_key (const unsigned char *grip,
+                                     const char *serialno, const char *keyid,
+                                     const unsigned char *pkbuf, int force,
++                                    int reallyforce,
+                                     const char *dispserialno);
+ 
+ 
+@@ -628,7 +630,8 @@ void agent_card_killscd (void);
+ 
+ 
+ /*-- learncard.c --*/
+-int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force);
++int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context,
++                        int force, int reallyforce);
+ 
+ 
+ /*-- cvt-openpgp.c --*/
+--- a/agent/command-ssh.c
++++ b/agent/command-ssh.c
+@@ -2499,7 +2499,7 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
+ 
+       /* (Shadow)-key is not available in our key storage.  */
+       agent_card_getattr (ctrl, "$DISPSERIALNO", &dispserialno);
+-      err = agent_write_shadow_key (grip, serialno, authkeyid, pkbuf, 0,
++      err = agent_write_shadow_key (grip, serialno, authkeyid, pkbuf, 0, 0,
+                                     dispserialno);
+       xfree (dispserialno);
+       if (err)
+@@ -3159,7 +3159,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
+ 
+   /* Store this key to our key storage.  We do not store a creation
+    * timestamp because we simply do not know.  */
+-  err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0,
++  err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0, 0,
+                                  NULL, NULL, NULL, 0);
+   if (err)
+     goto out;
+--- a/agent/command.c
++++ b/agent/command.c
+@@ -1042,7 +1042,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
+       /* Shadow-key is or is not available in our key storage.  In
+        * any case we need to check whether we need to update with
+        * a new display-s/n or whatever.  */
+-      rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0,
++      rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0, 0,
+                                    dispserialno);
+       if (rc)
+         goto leave;
+@@ -1855,16 +1855,18 @@ cmd_learn (assuan_context_t ctx, char *line)
+ {
+   ctrl_t ctrl = assuan_get_pointer (ctx);
+   gpg_error_t err;
+-  int send, sendinfo, force;
++  int send, sendinfo, force, reallyforce;
+ 
+   send = has_option (line, "--send");
+   sendinfo = send? 1 : has_option (line, "--sendinfo");
+   force = has_option (line, "--force");
++  reallyforce = has_option (line, "--reallyforce");
+ 
+   if (ctrl->restricted)
+     return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+ 
+-  err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL, force);
++  err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL,
++                            force, reallyforce);
+   return leave_cmd (ctx, err);
+ }
+ 
+@@ -2427,11 +2429,11 @@ cmd_import_key (assuan_context_t ctx, char *line)
+       err = agent_protect (key, passphrase, &finalkey, &finalkeylen,
+                            ctrl->s2k_count);
+       if (!err)
+-        err = agent_write_private_key (grip, finalkey, finalkeylen, force,
++        err = agent_write_private_key (grip, finalkey, finalkeylen, force, 0,
+                                        NULL, NULL, NULL, opt_timestamp);
+     }
+   else
+-    err = agent_write_private_key (grip, key, realkeylen, force,
++    err = agent_write_private_key (grip, key, realkeylen, force, 0,
+                                    NULL, NULL, NULL, opt_timestamp);
+ 
+  leave:
+--- a/agent/cvt-openpgp.c
++++ b/agent/cvt-openpgp.c
+@@ -1070,7 +1070,7 @@ convert_from_openpgp_native (ctrl_t ctrl,
+                               &protectedkey, &protectedkeylen,
+                               ctrl->s2k_count))
+             agent_write_private_key (grip, protectedkey, protectedkeylen,
+-                                     1/*force*/, NULL, NULL, NULL, 0);
++                                     1/*force*/, 0, NULL, NULL, NULL, 0);
+           xfree (protectedkey);
+         }
+       else
+@@ -1079,7 +1079,7 @@ convert_from_openpgp_native (ctrl_t ctrl,
+           agent_write_private_key (grip,
+                                    *r_key,
+                                    gcry_sexp_canon_len (*r_key, 0, NULL,NULL),
+-                                   1/*force*/, NULL, NULL, NULL, 0);
++                                   1/*force*/, 0, NULL, NULL, NULL, 0);
+         }
+     }
+ 
+--- a/agent/findkey.c
++++ b/agent/findkey.c
+@@ -82,7 +82,8 @@ fname_from_keygrip (const unsigned char *grip, int for_new)
+  * recorded as creation date.  */
+ int
+ agent_write_private_key (const unsigned char *grip,
+-                         const void *buffer, size_t length, int force,
++                         const void *buffer, size_t length,
++                         int force, int reallyforce,
+                          const char *serialno, const char *keyref,
+                          const char *dispserialno,
+                          time_t timestamp)
+@@ -165,10 +166,13 @@ agent_write_private_key (const unsigned char *grip,
+   /* Check that we do not update a regular key with a shadow key.  */
+   if (is_regular && gpg_err_code (is_shadowed_key (key)) == GPG_ERR_TRUE)
+     {
+-      log_info ("updating regular key file '%s'"
+-                " by a shadow key inhibited\n", oldfname);
+-      err = 0;  /* Simply ignore the error.  */
+-      goto leave;
++      if (!reallyforce)
++        {
++          log_info ("updating regular key file '%s'"
++                    " by a shadow key inhibited\n", oldfname);
++          err = 0;  /* Simply ignore the error.  */
++          goto leave;
++        }
+     }
+   /* Check that we update a regular key only in force mode.  */
+   if (is_regular && !force)
+@@ -1704,12 +1708,13 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
+  * Shadow key is created by an S-expression public key in PKBUF and
+  * card's SERIALNO and the IDSTRING.  With FORCE passed as true an
+  * existing key with the given GRIP will get overwritten. If
+- * DISPSERIALNO is not NULL the human readable s/n will also be
+- * recorded in the key file.   */
++ * REALLYFORCE is also true, even a private key will be overwritten by
++ * a shadown key.  If DISPSERIALNO is not NULL the human readable s/n
++ * will also be recorded in the key file.  */
+ gpg_error_t
+ agent_write_shadow_key (const unsigned char *grip,
+                         const char *serialno, const char *keyid,
+-                        const unsigned char *pkbuf, int force,
++                        const unsigned char *pkbuf, int force, int reallyforce,
+                         const char *dispserialno)
+ {
+   gpg_error_t err;
+@@ -1737,7 +1742,7 @@ agent_write_shadow_key (const unsigned char *grip,
+     }
+ 
+   len = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
+-  err = agent_write_private_key (grip, shdkey, len, force,
++  err = agent_write_private_key (grip, shdkey, len, force, reallyforce,
+                                  serialno, keyid, dispserialno, 0);
+   xfree (shdkey);
+   if (err)
+--- a/agent/genkey.c
++++ b/agent/genkey.c
+@@ -69,7 +69,7 @@ store_key (gcry_sexp_t private, const char *passphrase, int force,
+       buf = p;
+     }
+ 
+-  rc = agent_write_private_key (grip, buf, len, force,
++  rc = agent_write_private_key (grip, buf, len, force, 0,
+                                 NULL, NULL, NULL, timestamp);
+   xfree (buf);
+   return rc;
+--- a/agent/learncard.c
++++ b/agent/learncard.c
+@@ -297,9 +297,12 @@ send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context)
+ }
+ 
+ /* Perform the learn operation.  If ASSUAN_CONTEXT is not NULL and
+-   SEND is true all new certificates are send back via Assuan.  */
++   SEND is true all new certificates are send back via Assuan.  If
++   REALLYFORCE is true a private key will be overwritten by a stub
++   key. */
+ int
+-agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force)
++agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context,
++                    int force, int reallyforce)
+ {
+   int rc;
+   struct kpinfo_cb_parm_s parm;
+@@ -414,7 +417,7 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force)
+ 
+         agent_card_getattr (ctrl, "$DISPSERIALNO", &dispserialno);
+         rc = agent_write_shadow_key (grip, serialno, item->id, pubkey,
+-                                     force, dispserialno);
++                                     force, reallyforce, dispserialno);
+         xfree (dispserialno);
+       }
+       xfree (pubkey);
+--- a/agent/protect-tool.c
++++ b/agent/protect-tool.c
+@@ -807,13 +807,15 @@ agent_askpin (ctrl_t ctrl,
+  * to stdout. */
+ int
+ agent_write_private_key (const unsigned char *grip,
+-                         const void *buffer, size_t length, int force,
++                         const void *buffer, size_t length,
++                         int force, int reallyforce,
+                          const char *serialno, const char *keyref,
+                          const char *dispserialno, time_t timestamp)
+ {
+   char hexgrip[40+4+1];
+   char *p;
+ 
++  (void)reallyforce;
+   (void)force;
+   (void)timestamp;
+   (void)serialno;
+--- a/g10/call-agent.c
++++ b/g10/call-agent.c
+@@ -745,6 +745,11 @@ learn_status_cb (void *opaque, const char *line)
+  *  card-util.c
+  *  keyedit_menu
+  *  card_store_key_with_backup  (Woth force to remove secret key data)
++ *
++ * If force has the value 2 the --reallyforce option is also used.
++ * This is to make sure the sshadow key overwrites the private key.
++ * Note that this option is gnupg 2.2 specific because since 2.4.4 an
++ * ephemeral private key store is used instead.
+  */
+ int
+ agent_scd_learn (struct agent_card_info_s *info, int force)
+@@ -764,6 +769,7 @@ agent_scd_learn (struct agent_card_info_s *info, int force)
+ 
+   parm.ctx = agent_ctx;
+   rc = assuan_transact (agent_ctx,
++                        force == 2? "LEARN --sendinfo --force --reallyforce" :
+                         force ? "LEARN --sendinfo --force" : "LEARN --sendinfo",
+                         dummy_data_cb, NULL, default_inq_cb, &parm,
+                         learn_status_cb, info);
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -5201,8 +5201,11 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
+   if (err)
+     log_error ("writing card key to backup file: %s\n", gpg_strerror (err));
+   else
+-    /* Remove secret key data in agent side.  */
+-    agent_scd_learn (NULL, 1);
++    {
++      /* Remove secret key data in agent side.  We use force 2 here to
++       * allow overwriting of the temporary private key.  */
++      agent_scd_learn (NULL, 2);
++    }
+ 
+  leave:
+   xfree (ecdh_param_str);
+-- 
+2.30.2

diff --git a/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild b/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild
new file mode 100644
index 000000000000..b46257fafc93
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.8.0:=
+	>=dev-libs/libgpg-error-1.38
+	>=dev-libs/libksba-1.3.5
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	ssl? ( >=net-libs/gnutls-3.0:= )
+	tofu? ( >=dev-db/sqlite-3.7 )
+"
+RDEPEND="
+	${DEPEND}
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+PDEPEND="
+	app-crypt/pinentry
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${PN}-2.2.42-bug923248-insecure-backup.patch
+)
+
+src_prepare() {
+	default
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	# Upstream don't support LTO, bug #854222.
+	filter-lto
+
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpg
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin \
+		tools/{gpg-zip,gpgconf,gpgsplit,gpg-check-pattern} \
+		tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+
+	use doc && dodoc doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2022-10-14 19:04 Sam James
  0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2022-10-14 19:04 UTC (permalink / raw
  To: gentoo-commits

commit:     427c50c7e83f2a469b3ce8ba91294142f66155ac
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 14 18:59:55 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Oct 14 19:04:15 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=427c50c7

app-crypt/gnupg: add 2.2.40

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |   2 +
 .../files/gnupg-2.2.40-fix-no-ldap-build.patch     |  36 +++++
 app-crypt/gnupg/gnupg-2.2.40.ebuild                | 166 +++++++++++++++++++++
 3 files changed, 204 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index fdb506e83ca5..c9cfff783a16 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,4 +1,6 @@
 DIST gnupg-2.2.39.tar.bz2 7290098 BLAKE2B a9e31830f3ef9ec6d8d461a85fcbe4b91bcac9607d3b5f13f5edc0c54505afb6c6c119cd397023b1378d96c7d0f15c0d60da1d15721e9a18eb3ea8c7b69fba83 SHA512 73f881c12c82010aeaada500517ff39ab22b27ff21b1248bc2228b60a2d75385a44a53c5cfadb8f6b84ef22ad9db0105096b6620fb689560809b324019713940
 DIST gnupg-2.2.39.tar.bz2.sig 119 BLAKE2B 584d7d36671670ac507948257e9c6be556ed2a2d3c0100bb2746edfe96df5ee1d4c6172fe0cae39d85fc290097bc5f6e1b351debc8ec2f5cc78047354fbed016 SHA512 6f7d7c2d1fae706b03c735cf453976c3aebef3f23659426f39a88c63d979f4d873ae09280d75dee9000805468d2a7f49d348609061939000f7cedf34ec5c6019
+DIST gnupg-2.2.40.tar.bz2 7301631 BLAKE2B c9a077e28b22888573bdd12029205eb5f79a463a297e400a623bc86a39eeb6454cd884d05bd96734998613c695f2c9dcc68963c7275b89938ac38ddc7ba1e229 SHA512 4c2f5fbf37ba6fbad0045aad23129186963010c673ea0b81801adc4f98efe14d6c7228e22815b6b26307c1fe5bb51cd088aa6a0f06a9325d3c021849ef81c594
+DIST gnupg-2.2.40.tar.bz2.sig 119 BLAKE2B baaffad8203169fca54be031b3c77f818ecf973c73b9389cb3cbcd8217ae8a6018f0d3d4d2d5b6f0611f7643b78467f91902add3107e9538273607c6ba3a49bf SHA512 fccc06c709450d58e64716c505cd79556edac440462613c47c6ec78714355425c045418946b4b4b2a5c79e33e0e75b20f0699ae6de9921add4877fd6c8cc2d64
 DIST gnupg-2.3.7.tar.bz2 7599853 BLAKE2B 3e9e33c8357222f42cc0e2af538e9f1f1f0453f35d790aaadf47ce9df24229efa91457b6014b34f19084448a3a6603c82e7d07714b89a68c6a84a08af6fa0e02 SHA512 c7fe169050ef17051cdaac9ad476e7ea792483baad1208fc359d568fa9e138d920ecaa2cd9cae73b20f5472a7d8ca6540a62062ff7a06055cc656b0eb4b917b9
 DIST gnupg-2.3.7.tar.bz2.sig 119 BLAKE2B c2652adf203bc828ed0aaf778542e990028156c16b435cd35aa6fe57ca0a5b798087c98e16589685c8ab9b8b92e16c3f7d4da56a4b1209b9adf2c24ea548ae6e SHA512 0257034b3e7ac390dadb151c656ff59822dacedaddca4ad6b5980b3e03a468ada47553e6a1fcff6a12c64ae2f9c15b245df855cd424b010041df8daaaab9a1b8

diff --git a/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
new file mode 100644
index 000000000000..3ab9c0cba902
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
@@ -0,0 +1,36 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7011286ce6e1fb56c2989fdafbd11b931c489faa
+
+From 7011286ce6e1fb56c2989fdafbd11b931c489faa Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 14 Oct 2022 09:58:41 +0900
+Subject: [PATCH] dirmngr: Fix build with no LDAP support.
+
+* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize.
+
+--
+
+GnuPG-bug-id: 6239
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/server.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/dirmngr/server.c b/dirmngr/server.c
+index 04ebfd317..98f354300 100644
+--- a/dirmngr/server.c
++++ b/dirmngr/server.c
+@@ -3137,8 +3137,10 @@ start_command_handler (assuan_fd_t fd, unsigned int session_id)
+                ctrl->refcount);
+   else
+     {
++#if USE_LDAP
+       ks_ldap_free_state (ctrl->ks_get_state);
+       ctrl->ks_get_state = NULL;
++#endif
+       release_ctrl_ocsp_certs (ctrl);
+       xfree (ctrl->server_local);
+       dirmngr_deinit_default_ctrl (ctrl);
+-- 
+2.11.0
+
+

diff --git a/app-crypt/gnupg/gnupg-2.2.40.ebuild b/app-crypt/gnupg/gnupg-2.2.40.ebuild
new file mode 100644
index 000000000000..aad9c21dbc70
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.40.ebuild
@@ -0,0 +1,166 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND=">=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.8.0:=
+	>=dev-libs/libgpg-error-1.29
+	>=dev-libs/libksba-1.3.5
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+	tofu? ( >=dev-db/sqlite-3.7 )"
+
+RDEPEND="${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-fix-no-ldap-build.patch
+)
+
+src_prepare() {
+	default
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+src_configure() {
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+		--with-mailprog=/usr/libexec/sendmail
+		--disable-ntbtls
+		--enable-gpg
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+	# by wks-client & wks-server; and if it's autodetected but not not exist at
+	# build time, then then 'gpg-wks-client --send' functionality will not
+	# work. This has an unwanted side-effect in stage3 builds: there was a
+	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+	# the build where the install guide previously make the user chose the
+	# logger & mta early in the install.
+
+	econf "${myconf[@]}"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_test() {
+	# bug #638574
+	use tofu && export TESTFLAGS=--parallel
+
+	default
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2022-04-25 15:46 Sam James
  0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2022-04-25 15:46 UTC (permalink / raw
  To: gentoo-commits

commit:     e67bb84b2c008c569b7e1113260b3ca029b266bb
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 25 15:45:11 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 25 15:45:56 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e67bb84b

app-crypt/gnupg: backport 2.3.5 hang fix

Closes: https://bugs.gentoo.org/840746
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/gnupg-2.3.5-fix-buffering-hang.patch     |  52 +++++++
 app-crypt/gnupg/gnupg-2.3.5-r2.ebuild              | 162 +++++++++++++++++++++
 2 files changed, 214 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch b/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch
new file mode 100644
index 000000000000..3ff8d2afcf6f
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch
@@ -0,0 +1,52 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=2fc91e15c6bebb203162cc8445e68ee4ff934885;hp=2848fe4c84e5ee20ccd90f0ef4c9f78c6801e1f6
+https://bugs.gentoo.org/840746
+
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Mon, 25 Apr 2022 17:37:32 +0900
+Subject: [PATCH 1/1] common:iobuf: Exclude cases with
+ IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP.
+
+* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
+(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.
+
+--
+
+GnuPG-bug-id: 5941
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/common/iobuf.c
++++ b/common/iobuf.c
+@@ -2177,7 +2177,8 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
+   a->e_d.len = 0;
+ 
+   /* Hint for how full to fill iobuf internal drain buffer. */
+-  a->e_d.preferred = (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
++  a->e_d.preferred = (a->use != IOBUF_INPUT_TEMP)
++    && (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
+ 
+   n = 0;
+   do
+@@ -2200,7 +2201,7 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
+ 	   underflow to read more data into the filter's internal
+ 	   buffer.  */
+ 	{
+-	  if (buf && n < buflen)
++	  if (a->use != IOBUF_INPUT_TEMP && buf && n < buflen)
+ 	    {
+ 	      /* Setup external drain buffer for faster moving of data
+ 	       * (avoid memcpy). */
+@@ -2328,11 +2329,13 @@ iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen)
+   a->e_d.len = 0;
+ 
+   /* Hint for how full to fill iobuf internal drain buffer. */
+-  a->e_d.preferred = (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
++  a->e_d.preferred = (a->use != IOBUF_OUTPUT_TEMP)
++    && (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
+ 
+   do
+     {
+-      if (a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
++      if ((a->use != IOBUF_OUTPUT_TEMP)
++	  && a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
+ 	{
+ 	  /* Setup external drain buffer for faster moving of data
+ 	    * (avoid memcpy). */

diff --git a/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild b/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild
new file mode 100644
index 000000000000..d32419deb726
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND=">=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.41
+	>=dev-libs/libksba-1.3.4
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+"
+
+RDEPEND="${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-fix-buffering-hang.patch
+)
+
+src_prepare() {
+	default
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+src_configure() {
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+		--with-mailprog=/usr/libexec/sendmail
+		--disable-ntbtls
+		--enable-all-tests
+		--enable-gpgsm
+		--enable-large-secmem
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
+	fi
+
+	#bug 663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+	# by wks-client & wks-server; and if it's autodetected but not not exist at
+	# build time, then then 'gpg-wks-client --send' functionality will not
+	# work. This has an unwanted side-effect in stage3 builds: there was a
+	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+	# the build where the install guide previously make the user chose the
+	# logger & mta early in the install.
+
+	econf "${myconf[@]}"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_test() {
+	#Bug: 638574
+	use tofu && export TESTFLAGS=--parallel
+	default
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2021-09-07 15:20 David Seifert
  0 siblings, 0 replies; 18+ messages in thread
From: David Seifert @ 2021-09-07 15:20 UTC (permalink / raw
  To: gentoo-commits

commit:     358af1feef453a02aa73ef5c281fe509bcb6ffde
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  7 15:20:04 2021 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Tue Sep  7 15:20:04 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=358af1fe

app-crypt/gnupg: fix USE=tofu

Bug: https://dev.gnupg.org/T5588
Acked-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Signed-off-by: David Seifert <soap <AT> gentoo.org>

 .../gnupg/files/gnupg-2.3.0-sqlite_check.patch     | 62 ----------------------
 app-crypt/gnupg/gnupg-2.3.2.ebuild                 | 17 +++---
 2 files changed, 6 insertions(+), 73 deletions(-)

diff --git a/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch b/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch
deleted file mode 100644
index dd529da7a7c..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 58aa0e8547a29e147f3d9d1792117d96bc00ffda Mon Sep 17 00:00:00 2001
-From: Lars Wendler <polynomial-c@gentoo.org>
-Date: Thu, 8 Apr 2021 11:05:36 +0200
-Subject: [PATCH] gnupg: configure.ac: Fix sqlite3 detection
-
-or else --disable-sqlite has no effect and linking later fails with:
-
-  keyboxd-backend-sqlite.o: in function `show_sqlstmt.part.0':
-  backend-sqlite.c:(.text+0x42): undefined reference to `sqlite3_expanded_sql'
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
----
- configure.ac | 23 ++++++++++++-----------
- 1 file changed, 12 insertions(+), 11 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 9cf0c6a7f..d46469cbb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -969,18 +969,20 @@ AC_ARG_ENABLE(sqlite,
-                                [disable the use of SQLITE]),
-               try_sqlite=$enableval, try_sqlite=yes)
- 
--if test x"$use_tofu" = xyes ; then
--  if test x"$try_sqlite" = xyes ; then
-+AS_IF([test x"$try_sqlite" = xyes], [
-     PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= $NEED_SQLITE_VERSION],
-                                  [have_sqlite=yes],
-                                  [have_sqlite=no])
--  fi
--  if test "$have_sqlite" = "yes"; then
--    :
--    AC_SUBST([SQLITE3_CFLAGS])
--    AC_SUBST([SQLITE3_LIBS])
--  else
--    use_tofu=no
-+    AS_IF([test "$have_sqlite" = "yes"], [
-+        AC_SUBST([SQLITE3_CFLAGS])
-+        AC_SUBST([SQLITE3_LIBS])
-+    ])
-+    ])
-+
-+AS_IF([test "$have_sqlite" != "yes"], [
-+    AS_IF([test x"$use_tofu" = xyes], [
-+	use_tofu=no
-+    ])
-     build_keyboxd=no
-     tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
-     AC_MSG_WARN([[
-@@ -988,8 +990,7 @@ if test x"$use_tofu" = xyes ; then
- *** Building without SQLite support - TOFU and Keyboxd disabled
- ***
- *** $tmp]])
--  fi
--fi
-+])
- 
- AM_CONDITIONAL(SQLITE3, test "$have_sqlite" = "yes")
- 
--- 
-2.31.1
-

diff --git a/app-crypt/gnupg/gnupg-2.3.2.ebuild b/app-crypt/gnupg/gnupg-2.3.2.ebuild
index 3576669b399..9e1c1de7266 100644
--- a/app-crypt/gnupg/gnupg-2.3.2.ebuild
+++ b/app-crypt/gnupg/gnupg-2.3.2.ebuild
@@ -3,18 +3,19 @@
 
 EAPI=8
 
-inherit autotools flag-o-matic systemd toolchain-funcs
+inherit flag-o-matic systemd toolchain-funcs
 
 MY_P="${P/_/-}"
 
 DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
 HOMEPAGE="https://gnupg.org/"
 SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+S="${WORKDIR}/${MY_P}"
 
 LICENSE="GPL-3"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard sqlite ssl tofu tools usb user-socket wks-server"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
 
 # Existence of executables is checked during configuration.
 DEPEND=">=dev-libs/libassuan-2.5.0
@@ -27,7 +28,7 @@ DEPEND=">=dev-libs/libassuan-2.5.0
 	ldap? ( net-nds/openldap )
 	readline? ( sys-libs/readline:0= )
 	smartcard? ( usb? ( virtual/libusb:1 ) )
-	sqlite? ( >=dev-db/sqlite-3.27 )
+	tofu? ( >=dev-db/sqlite-3.27 )
 	ssl? ( >=net-libs/gnutls-3.0:0= )
 	sys-libs/zlib
 "
@@ -42,10 +43,6 @@ BDEPEND="virtual/pkgconfig
 	doc? ( sys-apps/texinfo )
 	nls? ( sys-devel/gettext )"
 
-S="${WORKDIR}/${MY_P}"
-
-REQUIRED_USE="tofu? ( sqlite )"
-
 DOCS=(
 	ChangeLog NEWS README THANKS TODO VERSION
 	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
@@ -53,14 +50,11 @@ DOCS=(
 
 PATCHES=(
 	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-	"${FILESDIR}/${PN}-2.3.0-sqlite_check.patch"
 )
 
 src_prepare() {
 	default
 
-	eautoreconf
-
 	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
 	# idea borrowed from libdbus, see
 	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
@@ -76,9 +70,10 @@ src_configure() {
 		$(use_enable bzip2)
 		$(use_enable nls)
 		$(use_enable smartcard scdaemon)
-		$(use_enable sqlite)
 		$(use_enable ssl gnutls)
 		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
 		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
 		$(use_enable wks-server wks-tools)
 		$(use_with ldap)


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2021-02-07 14:26 Mikle Kolyada
  0 siblings, 0 replies; 18+ messages in thread
From: Mikle Kolyada @ 2021-02-07 14:26 UTC (permalink / raw
  To: gentoo-commits

commit:     810410a8c6b411bd8b1ac60ceb28d37af27256b1
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Feb  7 14:26:17 2021 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Feb  7 14:26:53 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=810410a8

app-crypt/gnupg: Drop old

Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |   2 -
 ...20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch |  35 -----
 app-crypt/gnupg/gnupg-2.2.20-r2.ebuild             | 159 --------------------
 app-crypt/gnupg/gnupg-2.2.26.ebuild                | 160 ---------------------
 4 files changed, 356 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 263c8a5752d..4f8d716e719 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,5 +1,3 @@
 DIST gnupg-2.2.16-scdaemon_shared-access.patch 2586 BLAKE2B 42fd5482c4e86751ce62836125997c2295c44bc5db0671a06460fd306b2ed93f290fb898fc1b1e463a863eddf9ab5f99ea3c90a55499ef45ca1ed6edf2854663 SHA512 38abaa4200114ae6b6f220fabc0a84a056761949c97bd0564557f4411a299b9a1939893555c27e26da2d8e8da4bc97a298fa7e68f1e80fe99c3f88cc329eaa84
-DIST gnupg-2.2.20.tar.bz2 6786913 BLAKE2B 43cf9402a26e67d6c7c2444eb2faaee3f06ea0bf6c07708a50834c5d7424db2f9c38e1f0046dd3a35082abc08d401b2951655e7e068f0873db297560b87d2667 SHA512 3e69f102366ec3415f439ab81aae2458182fa1a18dfb86565b1d9dc638f3fc4c179a5947f0042b7c5a813345676285a662793664a1803ea9ad8328f0548e0edc
 DIST gnupg-2.2.25.tar.bz2 7195857 BLAKE2B c930edf9259a0e1c508af8d76a86f979860adfe2c525020b37d3741679200f96483f0ad8bc1f72e2dbf7fe77696cd04d4272a2ee23e4c4abe1ed6ba88b95f365 SHA512 ab1d7cc9d8be3e7189bc4bea431b9d5db313cbd1739823950f32fbb611b2f4374889f444efbf43ce1fbf498b9865d7e6e953cd4c86d58fd688f63923c434ea2c
-DIST gnupg-2.2.26.tar.bz2 7189254 BLAKE2B f51dd18f6fe327573769d1581ab49bfbca6a56973f6115a68d11e79f52f4b9bdd717ff027800cd1d52fca56abcffa80ee025b49a6af3914f60decdad1e1585ba SHA512 5e9482e126c32c836064b125a18b109f0d3c96892474d3fb47dd791350cccefc56f9a5dfbd54504716487a93d9f71de2493bdfef92e29964b5bfe28b0053c265
 DIST gnupg-2.2.27.tar.bz2 7191555 BLAKE2B d652aad382cf07cc458b29ff82718edd47457d8236dcbeee51f22d88503be141f009e9ea45b6dafe614115d9558fe371509579e58ce17a5f04540a31aa406ea3 SHA512 cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab

diff --git a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
deleted file mode 100644
index 14a1913b3a0..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 109d16e8f644da97ed9c00e6f9010a53097f587a Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Mon, 13 Jul 2020 10:00:58 +0900
-Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server.
-
-* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
-
---
-
-GnuPG-bug-id: 4977
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- dirmngr/http.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index f26675f9b..50b9b732b 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -3005,6 +3005,15 @@ connect_server (ctrl_t ctrl, const char *server, unsigned short port,
-           sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
-           if (sock == ASSUAN_INVALID_FD)
-             {
-+              if (errno == EAFNOSUPPORT)
-+                {
-+                  if (ai->family == AF_INET)
-+                    v4_valid = 0;
-+                  if (ai->family == AF_INET6)
-+                    v6_valid = 0;
-+                  continue;
-+                }
-+
-               err = gpg_err_make (default_errsource,
-                                   gpg_err_code_from_syserror ());
-               log_error ("error creating socket: %s\n", gpg_strerror (err));

diff --git a/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild b/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild
deleted file mode 100644
index 25d0a11c431..00000000000
--- a/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild
+++ /dev/null
@@ -1,159 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.7.3
-	>=dev-libs/libgpg-error-1.28
-	>=dev-libs/libksba-1.3.4
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-	"${FILESDIR}/${PN}-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch"
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=()
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	if use elibc_SunOS; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	#bug 663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable nls) \
-		$(use_enable smartcard scdaemon) \
-		$(use_enable ssl gnutls) \
-		$(use_enable tofu) \
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') \
-		$(use_enable wks-server wks-tools) \
-		$(use_with ldap) \
-		$(use_with readline) \
-		--with-mailprog=/usr/libexec/sendmail \
-		--disable-ntbtls \
-		--enable-all-tests \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)" \
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config" \
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config" \
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config" \
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config" \
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config" \
-		$("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	#Bug: 638574
-	use tofu && export TESTFLAGS=--parallel
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}

diff --git a/app-crypt/gnupg/gnupg-2.2.26.ebuild b/app-crypt/gnupg/gnupg-2.2.26.ebuild
deleted file mode 100644
index f03938727e3..00000000000
--- a/app-crypt/gnupg/gnupg-2.2.26.ebuild
+++ /dev/null
@@ -1,160 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2
-	scd-shared-access? ( https://raw.githubusercontent.com/GPGTools/MacGPG2/5ca182f54b7b6cd635d1c0a4713953834489fdd9/patches/gnupg/scdaemon_shared-access.patch -> ${PN}-2.2.16-scdaemon_shared-access.patch )"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline scd-shared-access selinux +smartcard ssl tofu tools usb user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.8.0
-	>=dev-libs/libgpg-error-1.29
-	>=dev-libs/libksba-1.3.4
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-)
-
-src_prepare() {
-	default
-
-	# Made optional because it's a non-official patch
-	if use scd-shared-access ; then
-		# Patch taken from
-		# https://github.com/GPGTools/MacGPG2/tree/dev/patches/gnupg
-		eapply "${DISTDIR}/${PN}-2.2.16-scdaemon_shared-access.patch"
-	fi
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable tofu)
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-		--with-mailprog=/usr/libexec/sendmail
-		--disable-ntbtls
-		--enable-all-tests
-		--enable-gpg
-		--enable-gpgsm
-		--enable-large-secmem
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	#bug 663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf "${myconf[@]}"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	#Bug: 638574
-	use tofu && export TESTFLAGS=--parallel
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2020-09-03 20:11 Mikle Kolyada
  0 siblings, 0 replies; 18+ messages in thread
From: Mikle Kolyada @ 2020-09-03 20:11 UTC (permalink / raw
  To: gentoo-commits

commit:     47d9576076ddd37b4fe05550969b8b9e029dc9da
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Thu Sep  3 20:10:50 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Thu Sep  3 20:10:50 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47d95760

app-crypt/gnupg: Drop old

Package-Manager: Portage-3.0.4, Repoman-2.3.23
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |   2 -
 .../gnupg/files/gnupg-2.2.22-card-status.patch     |  20 ---
 app-crypt/gnupg/gnupg-2.2.21.ebuild                | 165 ---------------------
 app-crypt/gnupg/gnupg-2.2.22-r1.ebuild             | 165 ---------------------
 4 files changed, 352 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 57c6cc33249..a1bd0368bda 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,4 +1,2 @@
 DIST gnupg-2.2.20.tar.bz2 6786913 BLAKE2B 43cf9402a26e67d6c7c2444eb2faaee3f06ea0bf6c07708a50834c5d7424db2f9c38e1f0046dd3a35082abc08d401b2951655e7e068f0873db297560b87d2667 SHA512 3e69f102366ec3415f439ab81aae2458182fa1a18dfb86565b1d9dc638f3fc4c179a5947f0042b7c5a813345676285a662793664a1803ea9ad8328f0548e0edc
-DIST gnupg-2.2.21.tar.bz2 6813160 BLAKE2B b4708fd34c23dec8ec5be0740a502d155b649b4c88a89e5cc6f3cb99a15f7c6e31c50247ccacfedad55600dac3e7f91a8567424d335ab5e537082261dc98aceb SHA512 b4eac75253d4a1cac341c8a1ba7bb275e849a88d5377035497777c7bcd49b5a4c91b77000311695eb7d4083856975b2b2d14518f24ab94846027280bd8c301f9
-DIST gnupg-2.2.22.tar.bz2 7098444 BLAKE2B b5f306485032acadc852f4f71f2e968795843faacd5dda24ed2b20df78a3d38a364c2feade7ef8389a203e8b037fbb92129207cbc6d60b89cfb0945dded56a97 SHA512 3e5a8bb91c122f97acee2a93e3233db89bff9b96c6ec052c95bd2fe7e46c79a8afaac536c05675a7129e332272d62c677722a12cb05386b54a8d12ef82b6c5fa
 DIST gnupg-2.2.23.tar.bz2 7099806 BLAKE2B 0b9c1f5c8931399cfd9d95f107f91869733c4a986476ea43631b4265b1a5c26cfb8c9bb24ef6a295af7aa803749caaedde26365f6f50a7c946c1f86c867d855d SHA512 736b39628f7e4adc650b3f9937c81f27e9ad41e77f5345dc54262c91c1cf7004243fa7f932313bcde955e0e9b3f1afc639bac18023ae878b1d26e3c5a3cabb90

diff --git a/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch b/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch
deleted file mode 100644
index 1a01e5ddbc5..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 8a1d30d5b..ccc360fc8 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -2357,10 +2357,15 @@ verify_chv2 (app_t app,
-   int rc;
-   char *pinvalue;
-   int pinlen;
-+  int i;
- 
-   if (app->did_chv2)
-     return 0;  /* We already verified CHV2.  */
- 
-+  /* Make sure we have load the public keys.  */
-+  for (i = 0; i < 3; i++)
-+    get_public_key (app, i);
-+
-   if (app->app_local->pk[1].key || app->app_local->pk[2].key)
-     {
-       rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue, &pinlen);

diff --git a/app-crypt/gnupg/gnupg-2.2.21.ebuild b/app-crypt/gnupg/gnupg-2.2.21.ebuild
deleted file mode 100644
index e41bbd94151..00000000000
--- a/app-crypt/gnupg/gnupg-2.2.21.ebuild
+++ /dev/null
@@ -1,165 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.7.3
-	>=dev-libs/libgpg-error-1.28
-	>=dev-libs/libksba-1.3.4
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-	"${FILESDIR}/${PN}-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch"
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=()
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	#bug 663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable nls) \
-		$(use_enable smartcard scdaemon) \
-		$(use_enable ssl gnutls) \
-		$(use_enable tofu) \
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') \
-		$(use_enable wks-server wks-tools) \
-		$(use_with ldap) \
-		$(use_with readline) \
-		--with-mailprog=/usr/libexec/sendmail \
-		--disable-ntbtls \
-		--enable-all-tests \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)" \
-		GPG_ERROR_CONFIG="${EROOT}/usr/bin/${CHOST}-gpg-error-config" \
-		KSBA_CONFIG="${EROOT}/usr/bin/ksba-config" \
-		LIBASSUAN_CONFIG="${EROOT}/usr/bin/libassuan-config" \
-		LIBGCRYPT_CONFIG="${EROOT}/usr/bin/${CHOST}-libgcrypt-config" \
-		NPTH_CONFIG="${EROOT}/usr/bin/npth-config" \
-		$("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	#Bug: 638574
-	use tofu && export TESTFLAGS=--parallel
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}
-
-pkg_postinst() {
-	elog "See https://wiki.gentoo.org/wiki/GnuPG for documentation on gnupg"
-	elog
-	elog "If you wish to use 'gpg-wks-client --send', you must install an MTA!"
-}

diff --git a/app-crypt/gnupg/gnupg-2.2.22-r1.ebuild b/app-crypt/gnupg/gnupg-2.2.22-r1.ebuild
deleted file mode 100644
index 3cd4a08ed40..00000000000
--- a/app-crypt/gnupg/gnupg-2.2.22-r1.ebuild
+++ /dev/null
@@ -1,165 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND=">=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.7.3
-	>=dev-libs/libgpg-error-1.29
-	>=dev-libs/libksba-1.3.4
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-	app-crypt/pinentry
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-	"${FILESDIR}/${P}-card-status.patch"
-)
-
-src_prepare() {
-	default
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
-}
-
-src_configure() {
-	local myconf=()
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	#bug 663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-	# by wks-client & wks-server; and if it's autodetected but not not exist at
-	# build time, then then 'gpg-wks-client --send' functionality will not
-	# work. This has an unwanted side-effect in stage3 builds: there was a
-	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-	# the build where the install guide previously make the user chose the
-	# logger & mta early in the install.
-
-	econf \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable nls) \
-		$(use_enable smartcard scdaemon) \
-		$(use_enable ssl gnutls) \
-		$(use_enable tofu) \
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') \
-		$(use_enable wks-server wks-tools) \
-		$(use_with ldap) \
-		$(use_with readline) \
-		--with-mailprog=/usr/libexec/sendmail \
-		--disable-ntbtls \
-		--enable-all-tests \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)" \
-		GPG_ERROR_CONFIG="${EROOT}/usr/bin/${CHOST}-gpg-error-config" \
-		KSBA_CONFIG="${EROOT}/usr/bin/ksba-config" \
-		LIBASSUAN_CONFIG="${EROOT}/usr/bin/libassuan-config" \
-		LIBGCRYPT_CONFIG="${EROOT}/usr/bin/${CHOST}-libgcrypt-config" \
-		NPTH_CONFIG="${EROOT}/usr/bin/npth-config" \
-		$("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_test() {
-	#Bug: 638574
-	use tofu && export TESTFLAGS=--parallel
-	default
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}
-
-pkg_postinst() {
-	elog "See https://wiki.gentoo.org/wiki/GnuPG for documentation on gnupg"
-	elog
-	elog "If you wish to use 'gpg-wks-client --send', you must install an MTA!"
-}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2020-08-14 23:58 Thomas Deutschmann
  0 siblings, 0 replies; 18+ messages in thread
From: Thomas Deutschmann @ 2020-08-14 23:58 UTC (permalink / raw
  To: gentoo-commits

commit:     f880165f3ad8531f8b185108094f46a47c9e2fb4
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 23:57:39 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 23:57:55 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f880165f

app-crypt/gnupg: fix dirmngr for non-IPv6 enabled hosts

Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 ...20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch | 35 ++++++++++++++++++++++
 ...{gnupg-2.2.20.ebuild => gnupg-2.2.20-r1.ebuild} |  1 +
 2 files changed, 36 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
new file mode 100644
index 00000000000..14a1913b3a0
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
@@ -0,0 +1,35 @@
+From 109d16e8f644da97ed9c00e6f9010a53097f587a Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Mon, 13 Jul 2020 10:00:58 +0900
+Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server.
+
+* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
+
+--
+
+GnuPG-bug-id: 4977
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/http.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index f26675f9b..50b9b732b 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -3005,6 +3005,15 @@ connect_server (ctrl_t ctrl, const char *server, unsigned short port,
+           sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
+           if (sock == ASSUAN_INVALID_FD)
+             {
++              if (errno == EAFNOSUPPORT)
++                {
++                  if (ai->family == AF_INET)
++                    v4_valid = 0;
++                  if (ai->family == AF_INET6)
++                    v6_valid = 0;
++                  continue;
++                }
++
+               err = gpg_err_make (default_errsource,
+                                   gpg_err_code_from_syserror ());
+               log_error ("error creating socket: %s\n", gpg_strerror (err));

diff --git a/app-crypt/gnupg/gnupg-2.2.20.ebuild b/app-crypt/gnupg/gnupg-2.2.20-r1.ebuild
similarity index 98%
rename from app-crypt/gnupg/gnupg-2.2.20.ebuild
rename to app-crypt/gnupg/gnupg-2.2.20-r1.ebuild
index 35dc9274af9..ec52f664069 100644
--- a/app-crypt/gnupg/gnupg-2.2.20.ebuild
+++ b/app-crypt/gnupg/gnupg-2.2.20-r1.ebuild
@@ -51,6 +51,7 @@ DOCS=(
 
 PATCHES=(
 	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	"${FILESDIR}/${PN}-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch"
 )
 
 src_prepare() {


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2019-04-09 17:50 Robin H. Johnson
  0 siblings, 0 replies; 18+ messages in thread
From: Robin H. Johnson @ 2019-04-09 17:50 UTC (permalink / raw
  To: gentoo-commits

commit:     4b084d956b9bc167ec1887cb7717573b5a4f077d
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  9 17:49:17 2019 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Apr  9 17:50:20 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b084d95

app-crypt/gnupg: bump

Also adds one-line delta patch for --quiet in --send-key, submitted to
upstream for inclusion.

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |   1 +
 .../gnupg/files/gnupg-2.2.14-quiet-sending.patch   |  34 +++++
 app-crypt/gnupg/gnupg-2.2.15.ebuild                | 137 +++++++++++++++++++++
 3 files changed, 172 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index d9d42130a4f..ffc0c9cfd34 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 BLAKE2B 0c26c9c3aeae2bf2eafa858bc3bd15cc2702bc
 DIST gnupg-2.2.10.tar.bz2 6659484 BLAKE2B d0270ca40bd70fe113fa4283c307d7d04370beec77ffba0abb7862defdab2d5a82b1508284961e30e7d0aab82bffdf09fe796741603e843a062073f179f0bfc2 SHA512 a4477828f268fa69125cf1822f8a721e67f8f4008bd9817b701989393bd93689aac8fee1f4d34d918911d53afabdcbb1c84d40e8a4489d7a29b5a769d330fddd
 DIST gnupg-2.2.12.tar.bz2 6682303 BLAKE2B 8470ab8bf386d3524ce57ef1a1f6ac74d8cf2d7c35062b95c668b37586603c8e0817e410f4a0a807256e42896c11116897b7118b29e471184b2fa871ad4ba048 SHA512 30de9757bb60a5cb6bf0dc2c8da5f4742c54affec3fcd0bcbf66f28f2812149afec5db70dcb6ba592101de4bdc479d1ba0b47c53c8b8d4765ddff32fa51c26c8
 DIST gnupg-2.2.14.tar.bz2 6707735 BLAKE2B feedb1c776e8d43e43905e8a8c1487bd88e8effc59e94baf308cb29a5feea5d9c666c78b50147d65a259dc89af241c2a2bf07a72c417617e5238e0fdbbc2b17f SHA512 9d5216dee085efe6de300579d8fb773a5a55df639d5a435708611a974df522dd60dc995fbfcaad98065475dbeb731bbba19ecc3273e78b9b45fccff640dde69b
+DIST gnupg-2.2.15.tar.bz2 6705912 BLAKE2B 145bd174cb74c6a1180de76a6d46b40d2434ced61bb9aa3eaddeb0079cd05634529c9b062e475d3ca9d35b3af3b62b39a79ef0efbb476cb9ebb9e2099ad13ae0 SHA512 7c6f0092d384fd71fc7a1c905ce23ae98df42ce131ee09fc190c275f9c8d0912be344b0782244cccb5b3938322ef3cfff8ed1ec7e949e761478b8c5110dde36a

diff --git a/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch b/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch
new file mode 100644
index 00000000000..1f7a561d3f7
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch
@@ -0,0 +1,34 @@
+From d8db73615e68d1c549b3ed50057a49d84a31b334 Mon Sep 17 00:00:00 2001
+From: "Robin H. Johnson" <robbat2@gentoo.org>
+Date: Tue, 9 Apr 2019 10:27:11 -0700
+Subject: [PATCH] g10: support --quiet for --send-key
+
+The --recv-key command supports --quiet, but --send-key does not.
+Add support for it for parity and better scripting.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+---
+ g10/keyserver.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 66900f7a9..e5fc011c0 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -1814,9 +1814,10 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
+         log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
+       else
+         {
+-          log_info (_("sending key %s to %s\n"),
+-                    keystr (keyblock->pkt->pkt.public_key->keyid),
+-                    ksurl?ksurl:"[?]");
++	  if (!opt.quiet)
++            log_info (_("sending key %s to %s\n"),
++                      keystr (keyblock->pkt->pkt.public_key->keyid),
++                      ksurl?ksurl:"[?]");
+ 
+           err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
+           release_kbnode (keyblock);
+-- 
+2.21.0
+

diff --git a/app-crypt/gnupg/gnupg-2.2.15.ebuild b/app-crypt/gnupg/gnupg-2.2.15.ebuild
new file mode 100644
index 00000000000..1c68f3982ce
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.15.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic systemd toolchain-funcs
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
+
+# Existence of executables is checked during configuration.
+DEPEND="!app-crypt/dirmngr
+	>=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.7.3
+	>=dev-libs/libgpg-error-1.28
+	>=dev-libs/libksba-1.3.4
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	tofu? ( >=dev-db/sqlite-3.7 )
+	virtual/mta"
+
+RDEPEND="${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )"
+
+BDEPEND="virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	"${FILESDIR}/${PN}-2.2.14-quiet-sending.patch"
+)
+
+src_configure() {
+	local myconf=()
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	#bug 663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable nls) \
+		$(use_enable smartcard scdaemon) \
+		$(use_enable ssl gnutls) \
+		$(use_enable tofu) \
+		$(use_enable usb ccid-driver) \
+		$(use_enable wks-server wks-tools) \
+		$(use_with ldap) \
+		$(use_with readline) \
+		--disable-ntbtls \
+		--enable-all-tests \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)" \
+		GPG_ERROR_CONFIG="${EROOT}/usr/bin/${CHOST}-gpg-error-config" \
+		KSBA_CONFIG="${EROOT}/usr/bin/ksba-config" \
+		LIBASSUAN_CONFIG="${EROOT}/usr/bin/libassuan-config" \
+		LIBGCRYPT_CONFIG="${EROOT}/usr/bin/${CHOST}-libgcrypt-config" \
+		NPTH_CONFIG="${EROOT}/usr/bin/npth-config" \
+		$("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_test() {
+	#Bug: 638574
+	use tofu && export TESTFLAGS=--parallel
+	default
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-09-19  8:17 Kristian Fiskerstrand
  0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-09-19  8:17 UTC (permalink / raw
  To: gentoo-commits

commit:     20305658504c61cf1357b235226bc5c66e97752d
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 19 08:16:18 2017 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Tue Sep 19 08:17:08 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20305658

app-crypt/gnupg: New upstream version 2.2.1

Cherry-pick patch from master to allow for parallel tests
with tofu disabled

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 app-crypt/gnupg/Manifest                           |   1 +
 .../gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch   |  85 ++++++++++++++
 app-crypt/gnupg/gnupg-2.2.1.ebuild                 | 129 +++++++++++++++++++++
 3 files changed, 215 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index fb6e09fc21f..548961ab9fe 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
 DIST gnupg-2.2.0.tar.bz2 6532475 SHA256 d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6 SHA512 8ab7c4183d2ec2e6b62066e3cbcba95babaa0ae22da47feab716698792d26495f072d50e8ec612b8d26147636bb316320c78940184373b3f4cb6ec411933361b WHIRLPOOL c918b6a7e40ff170e1ff3b77978cb7f0d9298a3410204677955dc167b114a1f85d32deaca4f006c2bd621f532379ca9631b96913bf660394a82ab4ee0bbbaecb
+DIST gnupg-2.2.1.tar.bz2 6537959 SHA256 34d70cd65b9c95f3f2f90a9f5c1e0b6a0fe039a8d685e2d66d69c33d1cbf62fb SHA512 fcda7ea360d9928bf9e410afe3806ee0692dd533443b0c0e050605a9e2e37ec16f3c60a30b30ab137155327bc1f5d2107f1e792582e3ad245b47bf39a1a61a8f WHIRLPOOL 032d26c79aebcda3529f7cfcdec467e1058d19fa939eae48fd086e7c9f585a7b02dc9e6fb04a342fab845b9eb0d51c3bc2cca4a4d9677683a23bdd5c479b4eba

diff --git a/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch b/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch
new file mode 100644
index 00000000000..6a2c18e9b63
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch
@@ -0,0 +1,85 @@
+From eeb3da6eb717ed6a1a1069a7611eb37503e8672d Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Tue, 19 Sep 2017 12:28:43 +0900
+Subject: [PATCH 2/3] common: Fix gnupg_wait_processes.
+
+* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
+even if we already see an error.
+
+--
+
+The value stored by waitpid for exit code is encoded;  It requires
+decoded by WEXITSTATUS macro, regardless of an error.
+
+For example, when one of processes is already exited and another is
+still running, it resulted wrong value of in r_exitcodes[n].
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ common/exechelp-posix.c | 50 +++++++++++++++++++++++++------------------------
+ 1 file changed, 26 insertions(+), 24 deletions(-)
+
+diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
+index 7237993a2..3acf74ad6 100644
+--- a/common/exechelp-posix.c
++++ b/common/exechelp-posix.c
+@@ -784,30 +784,32 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count,
+         }
+     }
+ 
+-  if (ec == 0)
+-    for (i = 0; i < count; i++)
+-      {
+-        if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
+-          {
+-            log_error (_("error running '%s': probably not installed\n"),
+-                       pgmnames[i]);
+-            ec = GPG_ERR_CONFIGURATION;
+-          }
+-        else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
+-          {
+-            if (dummy)
+-              log_error (_("error running '%s': exit status %d\n"),
+-                         pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
+-            else
+-              r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
+-            ec = GPG_ERR_GENERAL;
+-          }
+-        else if (!WIFEXITED (r_exitcodes[i]))
+-          {
+-            log_error (_("error running '%s': terminated\n"), pgmnames[i]);
+-            ec = GPG_ERR_GENERAL;
+-          }
+-      }
++  for (i = 0; i < count; i++)
++    {
++      if (r_exitcodes[i] == -1)
++        continue;
++
++      if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
++        {
++          log_error (_("error running '%s': probably not installed\n"),
++                     pgmnames[i]);
++          ec = GPG_ERR_CONFIGURATION;
++        }
++      else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
++        {
++          if (dummy)
++            log_error (_("error running '%s': exit status %d\n"),
++                       pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
++          else
++            r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
++          ec = GPG_ERR_GENERAL;
++        }
++      else if (!WIFEXITED (r_exitcodes[i]))
++        {
++          log_error (_("error running '%s': terminated\n"), pgmnames[i]);
++          ec = GPG_ERR_GENERAL;
++        }
++    }
+ 
+   xfree (dummy);
+   return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
+-- 
+2.13.5
+

diff --git a/app-crypt/gnupg/gnupg-2.2.1.ebuild b/app-crypt/gnupg/gnupg-2.2.1.ebuild
new file mode 100644
index 00000000000..0cdc74c459b
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.1.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit systemd toolchain-funcs
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+	>=dev-libs/npth-1.2
+	>=dev-libs/libassuan-2.4.3
+	>=dev-libs/libgcrypt-1.7.3
+	>=dev-libs/libgpg-error-1.24
+	>=dev-libs/libksba-1.3.4
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+	!app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	"${FILESDIR}/${P}-fix-gnupg-wait.patch"
+)
+
+src_configure() {
+	local myconf=()
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_enable nls) \
+		$(use_enable tofu) \
+		$(use_enable wks-server wks-tools) \
+		$(use_with ldap) \
+		$(use_with readline) \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		--enable-all-tests \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_test() {
+	export TESTFLAGS=--parallel
+	default
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-09-16 11:13 Kristian Fiskerstrand
  0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-09-16 11:13 UTC (permalink / raw
  To: gentoo-commits

commit:     c8b7f9b5493547c2df4936df7fdab818bb69e1c3
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 16 11:12:47 2017 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Sat Sep 16 11:12:58 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8b7f9b5

app-crypt/gnupg: Cleanup 2.1.23

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 app-crypt/gnupg/Manifest                           |   1 -
 ....1.23-gpg-default-to-no-auto-key-retrieve.patch |  71 ------------
 app-crypt/gnupg/gnupg-2.1.23-r1.ebuild             | 124 ---------------------
 3 files changed, 196 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 8243dab73fe..fb6e09fc21f 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,5 +1,4 @@
 DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 SHA512 619e0fbc10310c7e55d129027e2945791fe91a0884b1d6f53acb4b2e380d1c6e71d1a516a59876182c5c70a4227d44a74ceda018c343b5291fa9a5d6de77c984 WHIRLPOOL eb596be347dd90be93d381fe405e50f5808160b546705493bc9d817d521ea236a2374648e6c2cab396f54bba74de4caf2b92e894df3a17aa339f014ef8cc8802
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
-DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412 WHIRLPOOL deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14
 DIST gnupg-2.2.0.tar.bz2 6532475 SHA256 d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6 SHA512 8ab7c4183d2ec2e6b62066e3cbcba95babaa0ae22da47feab716698792d26495f072d50e8ec612b8d26147636bb316320c78940184373b3f4cb6ec411933361b WHIRLPOOL c918b6a7e40ff170e1ff3b77978cb7f0d9298a3410204677955dc167b114a1f85d32deaca4f006c2bd621f532379ca9631b96913bf660394a82ab4ee0bbbaecb

diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
deleted file mode 100644
index 4cc414d18e3..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Fri, 11 Aug 2017 02:26:52 -0400
-Subject: [PATCH] gpg: default to --no-auto-key-retrieve.
-
-* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
-default keyserver options.
-* doc/gpg.texi: document this change.
---
-
-This is a partial reversion of
-7e1fe791d188b078398bf83c9af992cb1bd2a4b3.  Werner and i discussed it
-earlier today, and came to the conclusion that:
-
- * the risk of metadata leakage represented by a default
-   --auto-key-retrieve, both in e-mail (as a "web bug") and in other
-   contexts where GnuPG is used to verified signatures, is quite high.
-
- * the advantages of --auto-key-retrieve (in terms of signature
-   verification) can sometimes be achieved in other ways, such as when
-   a signed message includes a copy of its own key.
-
- * when those other ways are not useful, a graphical, user-facing
-   application can still offer the user the opportunity to choose to
-   fetch the key; or it can apply its own policy about when to set
-   --auto-key-retrieve, without needing to affect the defaults.
-
-Note that --auto-key-retrieve is specifically about signature
-verification.  Decisions about how and whether to look up a key during
-message encryption are governed by --auto-key-locate.  This change
-does not touch the --auto-key-locate default of "local,wkd".  The user
-deliberately asking gpg to encrypt to an e-mail address is a different
-scenario than having an incoming e-mail trigger a potentially unique
-network request.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
----
- doc/gpg.texi | 2 +-
- g10/gpg.c    | 3 +--
- 2 files changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index c71126a97..b6a9b2d70 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -1792,7 +1792,7 @@ list.  The default is "local,wkd".
- @opindex no-auto-key-retrieve
- These options enable or disable the automatic retrieving of keys from
- a keyserver when verifying signatures made by keys that are not on the
--local keyring.  The default is @option{--auto-key-retrieve}.
-+local keyring.  The default is @option{--no-auto-key-retrieve}.
- 
- If the method "wkd" is included in the list of methods given to
- @option{auto-key-locate}, the signer's user ID is part of the
-diff --git a/g10/gpg.c b/g10/gpg.c
-index c721cdc4a..c9fa7ae5b 100644
---- a/g10/gpg.c
-+++ b/g10/gpg.c
-@@ -2366,8 +2366,7 @@ main (int argc, char **argv)
-     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
- 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);
-     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
--    opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
--                                     | KEYSERVER_AUTO_KEY_RETRIEVE);
-+    opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
-     opt.verify_options = (LIST_SHOW_UID_VALIDITY
-                           | VERIFY_SHOW_POLICY_URLS
-                           | VERIFY_SHOW_STD_NOTATIONS
--- 
-2.13.0
-

diff --git a/app-crypt/gnupg/gnupg-2.1.23-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.23-r1.ebuild
deleted file mode 100644
index 48711663f92..00000000000
--- a/app-crypt/gnupg/gnupg-2.1.23-r1.ebuild
+++ /dev/null
@@ -1,124 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="http://www.gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
-
-COMMON_DEPEND_LIBS="
-	>=dev-libs/npth-1.2
-	>=dev-libs/libassuan-2.4.3
-	>=dev-libs/libgcrypt-1.7.3
-	>=dev-libs/libgpg-error-1.24
-	>=dev-libs/libksba-1.3.4
-	>=net-misc/curl-7.10
-	gnutls? ( >=net-libs/gnutls-3.0:0= )
-	sys-libs/zlib
-	ldap? ( net-nds/openldap )
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	tofu? ( >=dev-db/sqlite-3.7 )
-	"
-COMMON_DEPEND_BINS="app-crypt/pinentry
-	!app-crypt/dirmngr"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-	"${FILESDIR}/${P}-gpg-default-to-no-auto-key-retrieve.patch"
-)
-
-src_configure() {
-	local myconf=()
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	[[ ${CC} == *clang ]] && \
-		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
-
-	econf \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable gnutls) \
-		$(use_enable nls) \
-		$(use_enable tofu) \
-		$(use_enable wks-server wks-tools) \
-		$(use_with ldap) \
-		$(use_with readline) \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-large-secmem \
-		--enable-all-tests \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-src_install() {
-	default
-
-	use tools &&
-		dobin \
-			tools/{convert-from-106,gpg-check-pattern} \
-			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
-			tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/* doc/*.png
-
-	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
-}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-08-11 16:50 Kristian Fiskerstrand
  0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-08-11 16:50 UTC (permalink / raw
  To: gentoo-commits

commit:     a12f7eafa84c6cb0cf6d643c55ef027f33b8147e
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 11 16:15:46 2017 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Fri Aug 11 16:48:26 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a12f7eaf

app-crypt/gnupg: New upstream version 2.1.23

Reverting to default of no --auto-key-retrieve as this has information
leak potential that should not be enabled in default configuration. The
change is also reverted upstream

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 app-crypt/gnupg/Manifest                           |   1 +
 ....1.23-gpg-default-to-no-auto-key-retrieve.patch |  71 ++++++++++++
 app-crypt/gnupg/gnupg-2.1.23.ebuild                | 124 +++++++++++++++++++++
 3 files changed, 196 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 77cdbd2968f..07c1872aeaf 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
 DIST gnupg-2.1.22.tar.bz2 6530433 SHA256 46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7 SHA512 d2ccbf32716a701df9e4ad5c19b682daf1a02b0bf8a1751a32af6db0c9284a4ee7df91310bed1a2087911a9964cb7b7f2ca9dad32a880ed1e1465d8048605e16 WHIRLPOOL 3a87914898e2f164f7effa67e0e8f5ccb48aed0e9e4d65559d73783478ee509f7876ef7ef77ec9c43de2611a8a2ecdcbfbd443ab5de119203b20e316473e4e75
+DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412 WHIRLPOOL deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14

diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
new file mode 100644
index 00000000000..4cc414d18e3
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
@@ -0,0 +1,71 @@
+From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Fri, 11 Aug 2017 02:26:52 -0400
+Subject: [PATCH] gpg: default to --no-auto-key-retrieve.
+
+* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
+default keyserver options.
+* doc/gpg.texi: document this change.
+--
+
+This is a partial reversion of
+7e1fe791d188b078398bf83c9af992cb1bd2a4b3.  Werner and i discussed it
+earlier today, and came to the conclusion that:
+
+ * the risk of metadata leakage represented by a default
+   --auto-key-retrieve, both in e-mail (as a "web bug") and in other
+   contexts where GnuPG is used to verified signatures, is quite high.
+
+ * the advantages of --auto-key-retrieve (in terms of signature
+   verification) can sometimes be achieved in other ways, such as when
+   a signed message includes a copy of its own key.
+
+ * when those other ways are not useful, a graphical, user-facing
+   application can still offer the user the opportunity to choose to
+   fetch the key; or it can apply its own policy about when to set
+   --auto-key-retrieve, without needing to affect the defaults.
+
+Note that --auto-key-retrieve is specifically about signature
+verification.  Decisions about how and whether to look up a key during
+message encryption are governed by --auto-key-locate.  This change
+does not touch the --auto-key-locate default of "local,wkd".  The user
+deliberately asking gpg to encrypt to an e-mail address is a different
+scenario than having an incoming e-mail trigger a potentially unique
+network request.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ doc/gpg.texi | 2 +-
+ g10/gpg.c    | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index c71126a97..b6a9b2d70 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1792,7 +1792,7 @@ list.  The default is "local,wkd".
+ @opindex no-auto-key-retrieve
+ These options enable or disable the automatic retrieving of keys from
+ a keyserver when verifying signatures made by keys that are not on the
+-local keyring.  The default is @option{--auto-key-retrieve}.
++local keyring.  The default is @option{--no-auto-key-retrieve}.
+ 
+ If the method "wkd" is included in the list of methods given to
+ @option{auto-key-locate}, the signer's user ID is part of the
+diff --git a/g10/gpg.c b/g10/gpg.c
+index c721cdc4a..c9fa7ae5b 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2366,8 +2366,7 @@ main (int argc, char **argv)
+     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+ 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);
+     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+-    opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
+-                                     | KEYSERVER_AUTO_KEY_RETRIEVE);
++    opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+     opt.verify_options = (LIST_SHOW_UID_VALIDITY
+                           | VERIFY_SHOW_POLICY_URLS
+                           | VERIFY_SHOW_STD_NOTATIONS
+-- 
+2.13.0
+

diff --git a/app-crypt/gnupg/gnupg-2.1.23.ebuild b/app-crypt/gnupg/gnupg-2.1.23.ebuild
new file mode 100644
index 00000000000..9564b859cdf
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.23.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit systemd toolchain-funcs
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+	>=dev-libs/npth-1.2
+	>=dev-libs/libassuan-2.4.3
+	>=dev-libs/libgcrypt-1.7.3
+	>=dev-libs/libgpg-error-1.24
+	>=dev-libs/libksba-1.3.4
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+	!app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	"${FILESDIR}/${P}-gpg-default-to-no-auto-key-retrieve.patch"
+)
+
+src_configure() {
+	local myconf=()
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_enable nls) \
+		$(use_enable tofu) \
+		$(use_enable wks-server wks-tools) \
+		$(use_with ldap) \
+		$(use_with readline) \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		--enable-all-tests \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1 || die
+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-05-09 13:03 Kristian Fiskerstrand
  0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-05-09 13:03 UTC (permalink / raw
  To: gentoo-commits

commit:     68d406d2de327f13ad3906d50c458c9727f7e024
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Tue May  9 12:59:22 2017 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Tue May  9 12:59:57 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68d406d2

app-crypt/gnupg: Fix regression from 2.1.19

Gentoo-Bug: 616336

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 .../gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch    |  27 +++++
 ...g-Properly-account-for-ring-trust-packets.patch |  86 +++++++++++++++
 app-crypt/gnupg/gnupg-2.1.20-r1.ebuild             | 122 +++++++++++++++++++++
 3 files changed, 235 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
new file mode 100644
index 00000000000..292fc264ac8
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
@@ -0,0 +1,27 @@
+From 692208fd6c1547cc7dd2062a1d1c9499bc0a8be4 Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@g10code.com>
+Date: Mon, 8 May 2017 13:52:39 +0200
+Subject: [PATCH] gpg: Fix typo.
+
+--
+Signed-off-by: Justus Winter <justus@g10code.com>
+---
+ g10/packet.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/packet.h b/g10/packet.h
+index a10495c..d42510d 100644
+--- a/g10/packet.h
++++ b/g10/packet.h
+@@ -623,7 +623,7 @@ struct parse_packet_ctx_s
+   iobuf_t inp;       /* The input stream with the packets.  */
+   struct packet_struct last_pkt; /* The last parsed packet.  */
+   int free_last_pkt; /* Indicates that LAST_PKT must be freed.  */
+-  int skip_meta;     /* Skip right trust packets.  */
++  int skip_meta;     /* Skip ring trust packets.  */
+ };
+ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+ 
+-- 
+2.10.2
+

diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
new file mode 100644
index 00000000000..58568db47d2
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
@@ -0,0 +1,86 @@
+From 22739433e98be80e46fe7d01d52a9627c1aebaae Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@g10code.com>
+Date: Mon, 8 May 2017 14:24:00 +0200
+Subject: [PATCH] gpg: Properly account for ring trust packets.
+
+* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
+instead of counting ourself.
+* g10/packet.h (struct parse_packet_ctx_s): New field
+'n_parsed_packets'.
+(init_parse_packet): Initialize new field.
+* g10/parse-packet.c (parse): Count packets.
+--
+
+The 'keyring' keystore depends on the number of packets for delete and
+update operations.  With the rework of the ring trust packets, the
+trust packets were no longer properly accounted for leading to keyring
+corruptions.
+
+The 'keybox' store was not affected.
+
+GnuPG-bug-id: 3123
+GnuPG-bug-id: 3135
+GnuPG-bug-id: 3144
+Fixes-commit: a8895c99a7d0750132477d80cd66caaf3a709113
+Signed-off-by: Justus Winter <justus@g10code.com>
+---
+ g10/keyring.c      | 4 ++--
+ g10/packet.h       | 2 ++
+ g10/parse-packet.c | 3 +++
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/g10/keyring.c b/g10/keyring.c
+index e223f0f..50f1b82 100644
+--- a/g10/keyring.c
++++ b/g10/keyring.c
+@@ -409,11 +409,11 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
+     pkt = xmalloc (sizeof *pkt);
+     init_packet (pkt);
+     init_parse_packet (&parsectx, a);
+-    hd->found.n_packets = 0;;
++    hd->found.n_packets = 0;
+     lastnode = NULL;
+     save_mode = set_packet_list_mode(0);
+     while ((rc=parse_packet (&parsectx, pkt)) != -1) {
+-        hd->found.n_packets++;
++        hd->found.n_packets = parsectx.n_parsed_packets;
+         if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
+ 	    free_packet (pkt, &parsectx);
+ 	    init_packet (pkt);
+diff --git a/g10/packet.h b/g10/packet.h
+index d42510d..cf2121c 100644
+--- a/g10/packet.h
++++ b/g10/packet.h
+@@ -624,6 +624,7 @@ struct parse_packet_ctx_s
+   struct packet_struct last_pkt; /* The last parsed packet.  */
+   int free_last_pkt; /* Indicates that LAST_PKT must be freed.  */
+   int skip_meta;     /* Skip ring trust packets.  */
++  unsigned int n_parsed_packets;	/* Number of parsed packets.  */
+ };
+ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+ 
+@@ -633,6 +634,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+     (a)->last_pkt.pkt.generic= NULL;\
+     (a)->free_last_pkt = 0;         \
+     (a)->skip_meta = 0;             \
++    (a)->n_parsed_packets = 0;      \
+   } while (0)
+ 
+ #define deinit_parse_packet(a) do { \
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+index fa44f83..dbb7af8 100644
+--- a/g10/parse-packet.c
++++ b/g10/parse-packet.c
+@@ -764,6 +764,9 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos,
+                 partial? (new_ctb ? " partial" : " indeterminate") :"",
+                 new_ctb? " new-ctb":"");
+ 
++  /* Count it.  */
++  ctx->n_parsed_packets++;
++
+   pkt->pkttype = pkttype;
+   rc = GPG_ERR_UNKNOWN_PACKET;	/* default error */
+   switch (pkttype)
+-- 
+2.10.2
+

diff --git a/app-crypt/gnupg/gnupg-2.1.20-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.20-r1.ebuild
new file mode 100644
index 00000000000..0eb7d7538aa
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.20-r1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+LICENSE="GPL-3"
+
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+SLOT="0"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+	>=dev-libs/npth-1.2
+	>=dev-libs/libassuan-2.4.3
+	>=dev-libs/libgcrypt-1.7.3
+	>=dev-libs/libgpg-error-1.24
+	>=dev-libs/libksba-1.3.4
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+	!app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}/${P}-gpg-Fix-typo.patch"
+	"${FILESDIR}/${P}-gpg-Properly-account-for-ring-trust-packets.patch"
+	"${FILESDIR}/${P}-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+)
+
+src_configure() {
+	local myconf=()
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_enable nls) \
+		$(use_enable tofu) \
+		$(use_enable wks-server wks-tools) \
+		$(use_with ldap) \
+		$(use_with readline) \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg2 /usr/bin/gpg
+	dosym gpgv2 /usr/bin/gpgv
+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-04-03 21:09 Alon Bar-Lev
  0 siblings, 0 replies; 18+ messages in thread
From: Alon Bar-Lev @ 2017-04-03 21:09 UTC (permalink / raw
  To: gentoo-commits

commit:     b95dfb460fcfa4e34b412d81336cd2316cdd0e2d
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Mon Apr  3 21:09:23 2017 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Mon Apr  3 21:09:41 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b95dfb46

app-crypt/gnupg: version bump

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-crypt/gnupg/Manifest                           |   1 +
 ...shorter-socket-path-lengts-to-improve-tes.patch |  33 ++++++
 app-crypt/gnupg/gnupg-2.1.20.ebuild                | 120 +++++++++++++++++++++
 3 files changed, 154 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 5604c65f8f2..77390597d02 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
 DIST gnupg-2.1.18.tar.bz2 6308666 SHA256 d04c6fab7e5562ce4b915b22020e34d4c1a256847690cf149842264fc7cef994 SHA512 b8357f0a883a33c2e4f6ab5a8f5ddb171c899b7a2899e8ce4cac232938fe1dffb789a54980dfc4b758c4cb47f11f1fc570fea905244735048dfc6f06b3353baf WHIRLPOOL c5f132beb3b454146747fe14cd12576fb4d9a9adb8cfd80fcae4482b111672fd38e412dba72caa75af717069d7182a99c7f30ea03dc9adf190f5aa1f01748247
 DIST gnupg-2.1.19.tar.bz2 6404836 SHA256 46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0 SHA512 c6d0a2cb7f1f7ce851729559edab08d2356dffe00ee836fc1d71eb4c4e34b566e214a0352934d2985fb0183b9e7ecc1221422d258f3bd467e735c0a5c8a3d0ca WHIRLPOOL 3fd482da52b2d4e6c2b2b8427df6b68fe9df9e49dd53b91d74757b14b7c59ab5697c7f2309283c0d05774c1d405574796a4d0267b9cf85d61aec8b4095addd97
+DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624

diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
new file mode 100644
index 00000000000..dd75e3a5e96
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
@@ -0,0 +1,33 @@
+From e3bdb7d17264b8d5bd9abab97c96d9c4a50e4f61 Mon Sep 17 00:00:00 2001
+From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
+Date: Mon, 3 Apr 2017 23:44:56 +0300
+Subject: [PATCH] gpgscm: Use shorter socket path lengts to improve test
+ reliability
+
+--
+As socket lengths are normally restricted to 108 characters
+(UNIX_PATH_MAX variable in /usr/include/linux/un.h), using 42 characters
+by default easily results in errors.
+---
+ tests/gpgscm/tests.scm | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm
+index 592b36f..f54a387 100644
+--- a/tests/gpgscm/tests.scm
++++ b/tests/gpgscm/tests.scm
+@@ -273,9 +273,9 @@
+   (canonical-path (_mkdtemp (if (null? components)
+ 				(path-join
+ 				 (get-temp-path)
+-				 (string-append "gpgscm-" (get-isotime) "-"
++				 (string-append "gscm"
+ 						(basename-suffix *scriptname* ".scm")
+-						"-XXXXXX"))
++						"XXXXXX"))
+ 				(apply path-join components)))))
+ 
+ ;; Make a temporary directory and remove it at interpreter shutdown.
+-- 
+2.10.2
+

diff --git a/app-crypt/gnupg/gnupg-2.1.20.ebuild b/app-crypt/gnupg/gnupg-2.1.20.ebuild
new file mode 100644
index 00000000000..86bb2664662
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.20.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+LICENSE="GPL-3"
+
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+SLOT="0"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+	>=dev-libs/npth-1.2
+	>=dev-libs/libassuan-2.4.3
+	>=dev-libs/libgcrypt-1.7.3
+	>=dev-libs/libgpg-error-1.24
+	>=dev-libs/libksba-1.3.4
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+	!app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}/${P}-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+)
+
+src_configure() {
+	local myconf=()
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_enable nls) \
+		$(use_enable tofu) \
+		$(use_enable wks-server wks-tools) \
+		$(use_with ldap) \
+		$(use_with readline) \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg2 /usr/bin/gpg
+	dosym gpgv2 /usr/bin/gpgv
+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-03-06 22:34 Kristian Fiskerstrand
  0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2017-03-06 22:34 UTC (permalink / raw
  To: gentoo-commits

commit:     0e19c5dd1d374ec4a07c9dfed5759df0dcf05c94
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Mon Mar  6 22:33:50 2017 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Mon Mar  6 22:34:06 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e19c5dd

app-crypt/gnupg: Fix broken ssh without smartcard USE flag

Gentoo-Bug: 611544

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 .../gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch |  85 ++++++++++++++
 app-crypt/gnupg/gnupg-2.1.19-r1.ebuild             | 124 +++++++++++++++++++++
 2 files changed, 209 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch
new file mode 100644
index 00000000000..14d5444f3a0
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch
@@ -0,0 +1,85 @@
+From 4ce4f2f683a17be3ddb93729f3f25014a97934ad Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Mon, 6 Mar 2017 10:26:11 +0900
+Subject: [PATCH 1/1] agent: For SSH, robustly handling scdaemon's errors.
+
+* agent/command-ssh.c (card_key_list): Return 0 when
+agent_card_serialno returns an error.
+(ssh_handler_request_identities): Handle errors for card listing
+and proceed to other cases.
+--
+
+GnuPG-bug-id: 2980
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ agent/command-ssh.c | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/agent/command-ssh.c b/agent/command-ssh.c
+index 79b8f85..3ab41cf 100644
+--- a/agent/command-ssh.c
++++ b/agent/command-ssh.c
+@@ -2393,13 +2393,12 @@ card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result)
+   err = agent_card_serialno (ctrl, r_serialno, NULL);
+   if (err)
+     {
+-      if (gpg_err_code (err) == GPG_ERR_ENODEV)
+-        return 0;               /* Nothing available.  */
+-
+-      if (opt.verbose)
++      if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose)
+         log_info (_("error getting serial number of card: %s\n"),
+                   gpg_strerror (err));
+-      return err;
++
++      /* Nothing available.  */
++      return 0;
+     }
+ 
+   err = agent_card_cardlist (ctrl, result);
+@@ -2568,7 +2567,6 @@ ssh_handler_request_identities (ctrl_t ctrl,
+   gpg_error_t err;
+   int ret;
+   ssh_control_file_t cf = NULL;
+-  char *cardsn;
+   gpg_error_t ret_err;
+ 
+   (void)request;
+@@ -2601,21 +2599,21 @@ ssh_handler_request_identities (ctrl_t ctrl,
+           if (opt.verbose)
+             log_info (_("error getting list of cards: %s\n"),
+                       gpg_strerror (err));
+-          goto out;
++          goto scd_out;
+         }
+ 
+       for (sl = card_list; sl; sl = sl->next)
+         {
+           char *serialno0;
++          char *cardsn;
++
+           err = agent_card_serialno (ctrl, &serialno0, sl->d);
+           if (err)
+             {
+               if (opt.verbose)
+                 log_info (_("error getting serial number of card: %s\n"),
+                           gpg_strerror (err));
+-              xfree (serialno);
+-              free_strlist (card_list);
+-              goto out;
++              continue;
+             }
+ 
+           xfree (serialno0);
+@@ -2640,6 +2638,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
+       free_strlist (card_list);
+     }
+ 
++ scd_out:
+   /* Then look at all the registered and non-disabled keys. */
+   err = open_control_file (&cf, 0);
+   if (err)
+-- 
+2.8.0.rc3
+

diff --git a/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
new file mode 100644
index 00000000000..05ee0b7cbce
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+LICENSE="GPL-3"
+
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+SLOT="0"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+	>=dev-libs/npth-1.2
+	>=dev-libs/libassuan-2.4.3
+	>=dev-libs/libgcrypt-1.7.3
+	>=dev-libs/libgpg-error-1.24
+	>=dev-libs/libksba-1.3.4
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+	!app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	"${FILESDIR}"/${P}-solaris-ucred.patch
+	"${FILESDIR}"/${P}-ssh-no-scdaemon.patch
+)
+
+src_configure() {
+	local myconf=()
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_enable nls) \
+		$(use_enable tofu) \
+		$(use_enable wks-server wks-tools) \
+		$(use_with ldap) \
+		$(use_with readline) \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		--enable-tools \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+	emake DESTDIR="${ED}" -f doc/Makefile uninstall-nobase_dist_docDATA
+
+	dosym gpg2 /usr/bin/gpg
+	dosym gpgv2 /usr/bin/gpgv
+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2017-03-02 10:06 Fabian Groffen
  0 siblings, 0 replies; 18+ messages in thread
From: Fabian Groffen @ 2017-03-02 10:06 UTC (permalink / raw
  To: gentoo-commits

commit:     83e4182537a4a1950cab2da490403c848ebd4edd
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Thu Mar  2 10:06:13 2017 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Thu Mar  2 10:06:40 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83e41825

app-crypt/gnupg: fix compilation on Solaris

Package-Manager: Portage-2.3.4-prefix, Repoman-2.3.2

 .../gnupg/files/gnupg-2.1.19-solaris-ucred.patch      | 19 +++++++++++++++++++
 app-crypt/gnupg/gnupg-2.1.19.ebuild                   |  1 +
 2 files changed, 20 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch b/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch
new file mode 100644
index 00000000000..aefce5e8256
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch
@@ -0,0 +1,19 @@
+command-ssh: include ucred.h
+
+In order to use ucred() when HAVE_SO_PEERCRED is defined, ucred.h needs
+to be included on Solaris.
+
+https://bugs.gnupg.org/gnupg/issue2981
+
+--- a/agent/command-ssh.c
++++ b/agent/command-ssh.c
+@@ -40,6 +40,9 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <assert.h>
++#ifdef HAVE_UCRED_H
++#include <ucred.h>
++#endif
+ 
+ #include "agent.h"
+ 

diff --git a/app-crypt/gnupg/gnupg-2.1.19.ebuild b/app-crypt/gnupg/gnupg-2.1.19.ebuild
index ad3a2fa22ba..9eb3471d66f 100644
--- a/app-crypt/gnupg/gnupg-2.1.19.ebuild
+++ b/app-crypt/gnupg/gnupg-2.1.19.ebuild
@@ -54,6 +54,7 @@ DOCS=(
 
 PATCHES=(
 	"${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+	"${FILESDIR}"/${P}-solaris-ucred.patch
 )
 
 src_configure() {


^ permalink raw reply related	[flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
@ 2016-05-19 21:06 Kristian Fiskerstrand
  0 siblings, 0 replies; 18+ messages in thread
From: Kristian Fiskerstrand @ 2016-05-19 21:06 UTC (permalink / raw
  To: gentoo-commits

commit:     eb73332ccf12be2ec981ddb7e27f20790e13a92c
Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Thu May 19 21:04:12 2016 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Thu May 19 21:06:36 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb73332c

app-crypt/gnupg: New upstream version 2.1.12

Fixes;
Gentoo-Bug: 573930
Gentoo-Bug: 575798
Gentoo-Bug: 581966

Package-Manager: portage-2.2.28

 app-crypt/gnupg/Manifest                           |   1 +
 .../files/gnupg-2.1-fix-gentoo-dash-issue.patch    |  12 ++
 .../gnupg-2.1.12-fix-signature-checking.patch      |  50 +++++++
 app-crypt/gnupg/gnupg-2.1.12.ebuild                | 159 +++++++++++++++++++++
 4 files changed, 222 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 1e455b3..3c18723 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -6,4 +6,5 @@ DIST gnupg-2.0.29.tar.bz2 4416251 SHA256 68ed6b386ba78425b05a60e8ee22785ff0fef19
 DIST gnupg-2.0.30.tar.bz2 4414652 SHA256 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 SHA512 e60a57f7dc74b44f884fd50d5a9c51cef7df8c098644ebab9ef7d945a40b0e4a285d0dc80b10fe39d8e4c2cc9d6cbbe800a0ddae54883180dc755fe47ced3314 WHIRLPOOL 007315882becc1204edf6833a13610284ce7e1c73429fc3b4170c35ba61c645299f811f01b1bc0506b1cf94ce0de23af4cea33f51cf97397ec61caa15ce3ac6c
 DIST gnupg-2.1.10.tar.bz2 5173253 SHA256 93bd58d81771a4fa488566e5d2e13b1fd7afc86789401eb41731882abfd26cf9 SHA512 ceea93a7e7d30e07839bcc52d4246fd5be1ec81a8c4d4d62059e2b0c0e58fab07a1531016f82bcc506340653d66c73541dd3f5897df7691abeb4068d94957003 WHIRLPOOL 01f92f6020b79b373d4d6879cc39913c575c67a52c1bd425770322de0ce5a9fbd796d800cbb41a15553fd30a6c8f85a794e0b4c09420a2b49f6cb0542cdb52fb
 DIST gnupg-2.1.11.tar.bz2 5224007 SHA256 b7b0fb2c8c5d47d7ec916d4a1097c0ddcb94a12bb1c0ac424ad86b1ee316b61a SHA512 b39f3fb461ad879b1909808434c4b03dab4d1d79aa674fbc88e3d50960184c0c25a840206ff32b760672f1b2153253f4d7a88eb726d8662f629fa04b6739ad31 WHIRLPOOL 486d623e73172a6d7dc7a6e4a5b411e70e0002a960f0398833377b8e8d79e5456a73f945db7c8bbca6ff7fd33fbfb49ca587e3a393094ce0a16d86cd906f7f09
+DIST gnupg-2.1.12.tar.bz2 5510723 SHA256 ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506 SHA512 fdf24d4980ba4011840fd2316a856db2bf50e531071c2bfb899af2b4f5580a9f2992f85a451670a7121d04b608bfb147cefdca1c6f6eb55bc23ecfe5052639e6 WHIRLPOOL ee5a748afee3aa4f8318c1bc1bcbd09232a71853291211f3c5cd8cc44fb70d126185ae9c13086247cd22a9b13c2102f4fa0553e25496c5152f2ce34dc2505d10
 DIST gnupg-2.1.9.tar.bz2 4925167 SHA256 1cb7633a57190beb66f9249cb7446603229b273d4d89331b75c652fa4a29f7b6 SHA512 c19b8cac42b7060caada230b77f36a0b0ed0a05efd519818c5b4057ef0fcb16602f2f3ade2409de2ef353a9e2acc3e5fa106a4449c6929a36a599a82194c0ee0 WHIRLPOOL 105b83e82330a00084a0e9f3d96c8788ac2c9e7831beea0ea42786df4e378dc9e8f2c1a31f12af9c53d363aa71810cd231afdf8f20eab424fea5f59b103033a9

diff --git a/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
new file mode 100644
index 0000000..6878ef1
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
@@ -0,0 +1,12 @@
+diff -Naur tests.old/openpgp/mds.test tests/openpgp/mds.test
+--- tests.old/openpgp/mds.test	2016-05-03 13:13:11.373313389 +0200
++++ tests/openpgp/mds.test	2016-05-03 13:13:31.886755059 +0200
+@@ -63,7 +63,7 @@
+ 
+ [ "$failed" != "" ] && error "$failed failed for empty string"
+ 
+-echo_n "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
++printf "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
+ if have_hash_algo "MD5"; then
+   test_one ":1:"    "C3FCD3D76192E4007DFB496CCA67E13B"
+ fi

diff --git a/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
new file mode 100644
index 0000000..debf0bb
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
@@ -0,0 +1,50 @@
+From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 11 May 2016 19:27:03 +0900
+Subject: [PATCH 1/1] g10: Fix signature checking.
+
+* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
+walk_kbnode.
+
+--
+
+Thanks to Vincent Brillault (Feandil).
+
+GnuPG-bug-id: 2351
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ g10/sig-check.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index 290f19a..7000b48 100644
+--- a/g10/sig-check.c
++++ b/g10/sig-check.c
+@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
+             *is_selfsig = 1;
+         }
+       else
+-        /* See if one of the subkeys was the signer (although this is
+-           extremely unlikely).  */
+         {
+           kbnode_t ctx = NULL;
+           kbnode_t n;
+ 
+-          while ((n = walk_kbnode (kb, &ctx, PKT_PUBLIC_SUBKEY)))
++          /* See if one of the subkeys was the signer (although this
++             is extremely unlikely).  */
++          while ((n = walk_kbnode (kb, &ctx, 0)))
+             {
+-              PKT_public_key *subk = n->pkt->pkt.public_key;
++              PKT_public_key *subk;
++
++              if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY)
++                continue;
++
++              subk = n->pkt->pkt.public_key;
+               if (sig->keyid[0] == subk->keyid[0]
+                   && sig->keyid[1] == subk->keyid[1])
+                 /* Issued by a subkey.  */
+-- 
+2.8.0.rc3
+

diff --git a/app-crypt/gnupg/gnupg-2.1.12.ebuild b/app-crypt/gnupg/gnupg-2.1.12.ebuild
new file mode 100644
index 0000000..8f95a20
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.12.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux smartcard tofu tools usb"
+
+COMMON_DEPEND_LIBS="
+	dev-libs/npth
+	>=dev-libs/libassuan-2.4.1
+	>=dev-libs/libgcrypt-1.6.2[threads]
+	>=dev-libs/libgpg-error-1.21
+	>=dev-libs/libksba-1.2.0
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+		   !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-fix-signature-checking.patch" \
+		"${FILESDIR}/${PN}-2.1-fix-gentoo-dash-issue.patch"
+	epatch_user
+}
+
+src_configure() {
+	local myconf=()
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		--without-adns \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_with ldap) \
+		$(use_enable nls) \
+		$(use_with readline) \
+		$(use_enable tofu) \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	if use doc; then
+		cd doc
+		emake html
+	fi
+}
+
+src_install() {
+	default
+
+	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
+		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
+
+	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
+	# The help*txt files are read from the datadir by GnuPG directly.
+	# They do not work if compressed or moved!
+	#rm "${ED}"/usr/share/gnupg/help* || die
+
+	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
+		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
+
+	dosym gpg2 /usr/bin/gpg
+	dosym gpgv2 /usr/bin/gpgv
+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+	if use doc; then
+		dohtml doc/gnupg.html/* doc/*.png
+	fi
+}
+
+pkg_postinst() {
+	elog "If you wish to view images emerge:"
+	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
+	elog "Remember to use photo-viewer option in configuration file to activate"
+	elog "the right viewer."
+	elog
+
+	if use smartcard; then
+		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
+		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
+		elog " - sys-apps/pcsc-lite and a compatible reader device;"
+		elog " - dev-libs/openct and a compatible reader device;"
+		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
+		elog ""
+		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
+		elog "app-crypt/ccid first."
+	fi
+
+	ewarn "Please remember to restart gpg-agent if a different version"
+	ewarn "of the agent is currently used. If you are unsure of the gpg"
+	ewarn "agent you are using please run 'killall gpg-agent',"
+	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
+
+	if [[ -n ${REPLACING_VERSIONS} ]]; then
+		elog "If upgrading from a version prior than 2.1 you might have to re-import"
+		elog "secret keys after restarting the gpg-agent as the new version is using"
+		elog "a new storage mechanism."
+		elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
+	fi
+}


^ permalink raw reply related	[flat|nested] 18+ messages in thread

end of thread, other threads:[~2024-02-18 10:13 UTC | newest]

Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-06-12 22:37 [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/ Lars Wendler
  -- strict thread matches above, loose matches on Subject: below --
2024-02-18 10:13 Sam James
2024-01-29  9:49 Sam James
2022-10-14 19:04 Sam James
2022-04-25 15:46 Sam James
2021-09-07 15:20 David Seifert
2021-02-07 14:26 Mikle Kolyada
2020-09-03 20:11 Mikle Kolyada
2020-08-14 23:58 Thomas Deutschmann
2019-04-09 17:50 Robin H. Johnson
2017-09-19  8:17 Kristian Fiskerstrand
2017-09-16 11:13 Kristian Fiskerstrand
2017-08-11 16:50 Kristian Fiskerstrand
2017-05-09 13:03 Kristian Fiskerstrand
2017-04-03 21:09 Alon Bar-Lev
2017-03-06 22:34 Kristian Fiskerstrand
2017-03-02 10:06 Fabian Groffen
2016-05-19 21:06 Kristian Fiskerstrand

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox