[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

["Sam James" <sam@gentoo.org>]

commit:     427c50c7e83f2a469b3ce8ba91294142f66155ac
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 14 18:59:55 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Oct 14 19:04:15 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=427c50c7

app-crypt/gnupg: add 2.2.40

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/Manifest                           |   2 +
 .../files/gnupg-2.2.40-fix-no-ldap-build.patch     |  36 +++++
 app-crypt/gnupg/gnupg-2.2.40.ebuild                | 166 +++++++++++++++++++++
 3 files changed, 204 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index fdb506e83ca5..c9cfff783a16 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,4 +1,6 @@
 DIST gnupg-2.2.39.tar.bz2 7290098 BLAKE2B a9e31830f3ef9ec6d8d461a85fcbe4b91bcac9607d3b5f13f5edc0c54505afb6c6c119cd397023b1378d96c7d0f15c0d60da1d15721e9a18eb3ea8c7b69fba83 SHA512 73f881c12c82010aeaada500517ff39ab22b27ff21b1248bc2228b60a2d75385a44a53c5cfadb8f6b84ef22ad9db0105096b6620fb689560809b324019713940
 DIST gnupg-2.2.39.tar.bz2.sig 119 BLAKE2B 584d7d36671670ac507948257e9c6be556ed2a2d3c0100bb2746edfe96df5ee1d4c6172fe0cae39d85fc290097bc5f6e1b351debc8ec2f5cc78047354fbed016 SHA512 6f7d7c2d1fae706b03c735cf453976c3aebef3f23659426f39a88c63d979f4d873ae09280d75dee9000805468d2a7f49d348609061939000f7cedf34ec5c6019
+DIST gnupg-2.2.40.tar.bz2 7301631 BLAKE2B c9a077e28b22888573bdd12029205eb5f79a463a297e400a623bc86a39eeb6454cd884d05bd96734998613c695f2c9dcc68963c7275b89938ac38ddc7ba1e229 SHA512 4c2f5fbf37ba6fbad0045aad23129186963010c673ea0b81801adc4f98efe14d6c7228e22815b6b26307c1fe5bb51cd088aa6a0f06a9325d3c021849ef81c594
+DIST gnupg-2.2.40.tar.bz2.sig 119 BLAKE2B baaffad8203169fca54be031b3c77f818ecf973c73b9389cb3cbcd8217ae8a6018f0d3d4d2d5b6f0611f7643b78467f91902add3107e9538273607c6ba3a49bf SHA512 fccc06c709450d58e64716c505cd79556edac440462613c47c6ec78714355425c045418946b4b4b2a5c79e33e0e75b20f0699ae6de9921add4877fd6c8cc2d64
 DIST gnupg-2.3.7.tar.bz2 7599853 BLAKE2B 3e9e33c8357222f42cc0e2af538e9f1f1f0453f35d790aaadf47ce9df24229efa91457b6014b34f19084448a3a6603c82e7d07714b89a68c6a84a08af6fa0e02 SHA512 c7fe169050ef17051cdaac9ad476e7ea792483baad1208fc359d568fa9e138d920ecaa2cd9cae73b20f5472a7d8ca6540a62062ff7a06055cc656b0eb4b917b9
 DIST gnupg-2.3.7.tar.bz2.sig 119 BLAKE2B c2652adf203bc828ed0aaf778542e990028156c16b435cd35aa6fe57ca0a5b798087c98e16589685c8ab9b8b92e16c3f7d4da56a4b1209b9adf2c24ea548ae6e SHA512 0257034b3e7ac390dadb151c656ff59822dacedaddca4ad6b5980b3e03a468ada47553e6a1fcff6a12c64ae2f9c15b245df855cd424b010041df8daaaab9a1b8

diff --git a/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
new file mode 100644
index 000000000000..3ab9c0cba902
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
@@ -0,0 +1,36 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7011286ce6e1fb56c2989fdafbd11b931c489faa
+
+From 7011286ce6e1fb56c2989fdafbd11b931c489faa Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 14 Oct 2022 09:58:41 +0900
+Subject: [PATCH] dirmngr: Fix build with no LDAP support.
+
+* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize.
+
+--
+
+GnuPG-bug-id: 6239
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/server.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/dirmngr/server.c b/dirmngr/server.c
+index 04ebfd317..98f354300 100644
+--- a/dirmngr/server.c
++++ b/dirmngr/server.c
+@@ -3137,8 +3137,10 @@ start_command_handler (assuan_fd_t fd, unsigned int session_id)
+                ctrl->refcount);
+   else
+     {
++#if USE_LDAP
+       ks_ldap_free_state (ctrl->ks_get_state);
+       ctrl->ks_get_state = NULL;
++#endif
+       release_ctrl_ocsp_certs (ctrl);
+       xfree (ctrl->server_local);
+       dirmngr_deinit_default_ctrl (ctrl);
+-- 
+2.11.0
+
+

diff --git a/app-crypt/gnupg/gnupg-2.2.40.ebuild b/app-crypt/gnupg/gnupg-2.2.40.ebuild
new file mode 100644
index 000000000000..aad9c21dbc70
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.40.ebuild
@@ -0,0 +1,166 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND=">=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.8.0:=
+	>=dev-libs/libgpg-error-1.29
+	>=dev-libs/libksba-1.3.5
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	ssl? ( >=net-libs/gnutls-3.0:0= )
+	tofu? ( >=dev-db/sqlite-3.7 )"
+
+RDEPEND="${DEPEND}
+	app-crypt/pinentry
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-fix-no-ldap-build.patch
+)
+
+src_prepare() {
+	default
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+src_configure() {
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+		--with-mailprog=/usr/libexec/sendmail
+		--disable-ntbtls
+		--enable-gpg
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+	# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+	# by wks-client & wks-server; and if it's autodetected but not not exist at
+	# build time, then then 'gpg-wks-client --send' functionality will not
+	# work. This has an unwanted side-effect in stage3 builds: there was a
+	# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+	# the build where the install guide previously make the user chose the
+	# logger & mta early in the install.
+
+	econf "${myconf[@]}"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_test() {
+	# bug #638574
+	use tofu && export TESTFLAGS=--parallel
+
+	default
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+
+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}