portage-overlay

personal portage ebuild repository
git clone anongit@rnpnr.xyz:portage-overlay.git
Log | Files | Refs | Feed | README

Commit: 8deac113b18649e408732eb83eb2a263d431ce88
Parent: e4d7e5e53664eba89c7f64e4b7326f65860e991a
Author: Randy Palamar
Date:   Tue, 14 Nov 2023 21:26:42 -0700

app-crypt/gnupg: bump to 2.4.3

Diffstat:
Mapp-crypt/gnupg/Manifest | 4++--
Aapp-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch | 564+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aapp-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch | 28++++++++++++++++++++++++++++
Dapp-crypt/gnupg/gnupg-2.2.41.ebuild | 179-------------------------------------------------------------------------------
Aapp-crypt/gnupg/gnupg-2.4.3.ebuild | 174+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 768 insertions(+), 181 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest @@ -1,2 +1,2 @@ -DIST gnupg-2.2.41.tar.bz2 7313746 BLAKE2B 0be2965a646a8636a127f89329030860908b0bbc447381782527459aed85f5276c29e7a2c89f87cb715407d9f1aabbf3ae1765073764d05e422035e8d5962569 SHA512 f472e5058ea9881355f0c754a47acd0b5360c36e8976b8563dbc763a7cef792bf88227cc15fe5172d3e9bb9fc34d8448dd5c183949031e91a1997cc7f0f83b55 -DIST gnupg-2.2.41.tar.bz2.sig 119 BLAKE2B d9a9ab4d71ca759d634c606144a2602fce8bf4e3a7407908442ef6f251c5e01ef829b3d35d28f03b13a3a7099081484ee6c83a26a9fe2154aa0a00e8678c654c SHA512 467c94a876c57854d283447ca7e94bd72d95d9cbe45247f39d9a73d0b3c500388927c980f84afb1b9c02c3811f349582cb7ee36d967c4f0d8aae95ce07bed955 +DIST gnupg-2.4.3.tar.bz2 7351327 BLAKE2B b7f4f5e548ec6dfc89cf8792f507ee8642e8500692998cf8d2edc9f5d8002904d24a714b9caffabee6094707c4595e0f54197535135622a7a32aa772f5818f28 SHA512 193a9398445272ec3eb5b79e802efb7414f74bcfffc3db0bf72c0056e04228120c419ed91db168e5733a16a33e548bab5368dd9cf11ecd483825bce189341a1e +DIST gnupg-2.4.3.tar.bz2.sig 119 BLAKE2B 763c0569e5378e132de39e1583c19bae8912455bf7cd5a65bcfc88fa43be99fb6bbf8397192b3086db2f6f0f63fc25789f5e6ce98b2fe63cda3bf673b1c60a20 SHA512 7affff694d194c3befdfc865a7872c0883304ea704e3691eac328d802f12f4f82c2a93eaa1257d3e09b38494b38185f5b8cf35c964f0c3846bbb29b93727ffee diff --git a/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch b/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch @@ -0,0 +1,564 @@ +https://bugs.gentoo.org/907839 +https://dev.gnupg.org/T6481 +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2f872fa68c6576724b9dabee9fb0844266f55d0d + +From 2f872fa68c6576724b9dabee9fb0844266f55d0d Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka <gniibe@fsij.org> +Date: Wed, 24 May 2023 10:36:04 +0900 +Subject: [PATCH] gpg: Report BEGIN_* status before examining the input. + +* common/miscellaneous.c (is_openpgp_compressed_packet) +(is_file_compressed): Moved to ... +* common/iobuf.c: ... in this file. +(is_file_compressed): Change the argument to INP, the iobuf. +* common/util.h (is_file_compressed): Remove. +* common/iobuf.h (is_file_compressed): Add. +* g10/cipher-aead.c (write_header): Don't call write_status_printf +here. +(cipher_filter_aead): Call write_status_printf when called with +IOBUFCTRL_INIT. +* g10/cipher-cfb.c (write_header): Don't call write_status_printf +here. +(cipher_filter_cfb): Call write_status_printf when called with +IOBUFCTRL_INIT. +* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function, +after call of iobuf_push_filter. +(encrypt_crypt): Likewise. +* g10/sign.c (sign_file): Likewise. + +-- + +GnuPG-bug-id: 6481 +Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> +--- a/common/iobuf.c ++++ b/common/iobuf.c +@@ -3057,3 +3057,123 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial) + } + } + } ++ ++ ++/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed ++ * packet. LEN should be at least 6. */ ++static int ++is_openpgp_compressed_packet (const unsigned char *buf, size_t len) ++{ ++ int c, ctb, pkttype; ++ int lenbytes; ++ ++ ctb = *buf++; len--; ++ if (!(ctb & 0x80)) ++ return 0; /* Invalid packet. */ ++ ++ if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */ ++ { ++ pkttype = (ctb & 0x3f); ++ if (!len) ++ return 0; /* Expected first length octet missing. */ ++ c = *buf++; len--; ++ if (c < 192) ++ ; ++ else if (c < 224) ++ { ++ if (!len) ++ return 0; /* Expected second length octet missing. */ ++ } ++ else if (c == 255) ++ { ++ if (len < 4) ++ return 0; /* Expected length octets missing */ ++ } ++ } ++ else /* Old style CTB. */ ++ { ++ pkttype = (ctb>>2)&0xf; ++ lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3)); ++ if (len < lenbytes) ++ return 0; /* Not enough length bytes. */ ++ } ++ ++ return (pkttype == 8); ++} ++ ++ ++/* ++ * Check if the file is compressed, by peeking the iobuf. You need to ++ * pass the iobuf with INP. Returns true if the buffer seems to be ++ * compressed. ++ */ ++int ++is_file_compressed (iobuf_t inp) ++{ ++ int i; ++ char buf[32]; ++ int buflen; ++ ++ struct magic_compress_s ++ { ++ byte len; ++ byte extchk; ++ byte magic[5]; ++ } magic[] = ++ { ++ { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */ ++ { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */ ++ { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */ ++ { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */ ++ { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */ ++ { 5, 2, { 0x89, 'P','N','G', 0x0d} } /* Likely PNG */ ++ }; ++ ++ if (!inp) ++ return 0; ++ ++ for ( ; inp->chain; inp = inp->chain ) ++ ; ++ ++ buflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof buf, buf); ++ if (buflen < 0) ++ { ++ buflen = 0; ++ log_debug ("peeking at input failed\n"); ++ } ++ ++ if ( buflen < 6 ) ++ { ++ return 0; /* Too short to check - assume uncompressed. */ ++ } ++ ++ for ( i = 0; i < DIM (magic); i++ ) ++ { ++ if (!memcmp( buf, magic[i].magic, magic[i].len)) ++ { ++ switch (magic[i].extchk) ++ { ++ case 0: ++ return 1; /* Is compressed. */ ++ case 1: ++ if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5)) ++ return 1; /* JFIF: this likely a compressed JPEG. */ ++ break; ++ case 2: ++ if (buflen > 8 ++ && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a) ++ return 1; /* This is a PNG. */ ++ break; ++ default: ++ break; ++ } ++ } ++ } ++ ++ if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen)) ++ { ++ return 1; /* Already compressed. */ ++ } ++ ++ return 0; /* Not detected as compressed. */ ++} +--- a/common/iobuf.h ++++ b/common/iobuf.h +@@ -629,6 +629,9 @@ void iobuf_set_partial_body_length_mode (iobuf_t a, size_t len); + from the following filter (which may or may not return EOF). */ + void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial); + ++/* Check if the file is compressed, by peeking the iobuf. */ ++int is_file_compressed (iobuf_t inp); ++ + #define iobuf_where(a) "[don't know]" + + /* Each time a filter is allocated (via iobuf_alloc()), a +--- a/common/miscellaneous.c ++++ b/common/miscellaneous.c +@@ -415,112 +415,6 @@ decode_c_string (const char *src) + } + + +-/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed +- * packet. LEN should be at least 6. */ +-static int +-is_openpgp_compressed_packet (const unsigned char *buf, size_t len) +-{ +- int c, ctb, pkttype; +- int lenbytes; +- +- ctb = *buf++; len--; +- if (!(ctb & 0x80)) +- return 0; /* Invalid packet. */ +- +- if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */ +- { +- pkttype = (ctb & 0x3f); +- if (!len) +- return 0; /* Expected first length octet missing. */ +- c = *buf++; len--; +- if (c < 192) +- ; +- else if (c < 224) +- { +- if (!len) +- return 0; /* Expected second length octet missing. */ +- } +- else if (c == 255) +- { +- if (len < 4) +- return 0; /* Expected length octets missing */ +- } +- } +- else /* Old style CTB. */ +- { +- pkttype = (ctb>>2)&0xf; +- lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3)); +- if (len < lenbytes) +- return 0; /* Not enough length bytes. */ +- } +- +- return (pkttype == 8); +-} +- +- +- +-/* +- * Check if the file is compressed. You need to pass the first bytes +- * of the file as (BUF,BUFLEN). Returns true if the buffer seems to +- * be compressed. +- */ +-int +-is_file_compressed (const byte *buf, unsigned int buflen) +-{ +- int i; +- +- struct magic_compress_s +- { +- byte len; +- byte extchk; +- byte magic[5]; +- } magic[] = +- { +- { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */ +- { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */ +- { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */ +- { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */ +- { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */ +- { 5, 2, { 0x89, 'P','N','G', 0x0d} } /* Likely PNG */ +- }; +- +- if ( buflen < 6 ) +- { +- return 0; /* Too short to check - assume uncompressed. */ +- } +- +- for ( i = 0; i < DIM (magic); i++ ) +- { +- if (!memcmp( buf, magic[i].magic, magic[i].len)) +- { +- switch (magic[i].extchk) +- { +- case 0: +- return 1; /* Is compressed. */ +- case 1: +- if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5)) +- return 1; /* JFIF: this likely a compressed JPEG. */ +- break; +- case 2: +- if (buflen > 8 +- && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a) +- return 1; /* This is a PNG. */ +- break; +- default: +- break; +- } +- } +- } +- +- if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen)) +- { +- return 1; /* Already compressed. */ +- } +- +- return 0; /* Not detected as compressed. */ +-} +- +- + /* Try match against each substring of multistr, delimited by | */ + int + match_multistr (const char *multistr,const char *match) +--- a/common/util.h ++++ b/common/util.h +@@ -360,8 +360,6 @@ char *try_make_printable_string (const void *p, size_t n, int delim); + char *make_printable_string (const void *p, size_t n, int delim); + char *decode_c_string (const char *src); + +-int is_file_compressed (const byte *buf, unsigned int buflen); +- + int match_multistr (const char *multistr,const char *match); + + int gnupg_compare_version (const char *a, const char *b); +--- a/g10/cipher-aead.c ++++ b/g10/cipher-aead.c +@@ -174,8 +174,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a) + log_debug ("aead packet: len=%lu extralen=%d\n", + (unsigned long)ed.len, ed.extralen); + +- write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d", +- cfx->dek->algo, ed.aead_algo); + print_cipher_algo_note (cfx->dek->algo); + + if (build_packet( a, &pkt)) +@@ -488,6 +486,11 @@ cipher_filter_aead (void *opaque, int control, + { + mem2str (buf, "cipher_filter_aead", *ret_len); + } ++ else if (control == IOBUFCTRL_INIT) ++ { ++ write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d", ++ cfx->dek->algo, cfx->dek->use_aead); ++ } + + return rc; + } +--- a/g10/cipher-cfb.c ++++ b/g10/cipher-cfb.c +@@ -72,9 +72,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a) + log_info (_("Hint: Do not use option %s\n"), "--rfc2440"); + } + +- write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d", +- ed.mdc_method, cfx->dek->algo); +- + init_packet (&pkt); + pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; + pkt.pkt.encrypted = &ed; +@@ -182,6 +179,12 @@ cipher_filter_cfb (void *opaque, int control, + { + mem2str (buf, "cipher_filter_cfb", *ret_len); + } ++ else if (control == IOBUFCTRL_INIT) ++ { ++ write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d", ++ cfx->dek->use_mdc ? DIGEST_ALGO_SHA1 : 0, ++ cfx->dek->algo); ++ } + + return rc; + } +--- a/g10/encrypt.c ++++ b/g10/encrypt.c +@@ -410,8 +410,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey) + text_filter_context_t tfx; + progress_filter_context_t *pfx; + int do_compress = !!default_compress_algo(); +- char peekbuf[32]; +- int peekbuflen; + + if (!gnupg_rng_is_compliant (opt.compliance)) + { +@@ -448,14 +446,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey) + return rc; + } + +- peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf); +- if (peekbuflen < 0) +- { +- peekbuflen = 0; +- if (DBG_FILTER) +- log_debug ("peeking at input failed\n"); +- } +- + handle_progress (pfx, inp, filename); + + if (opt.textmode) +@@ -517,17 +507,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey) + /**/ : "CFB"); + } + +- if (do_compress +- && cfx.dek +- && (cfx.dek->use_mdc || cfx.dek->use_aead) +- && !opt.explicit_compress_option +- && is_file_compressed (peekbuf, peekbuflen)) +- { +- if (opt.verbose) +- log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]"); +- do_compress = 0; +- } +- + if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out ))) + { + iobuf_cancel (inp); +@@ -598,6 +577,24 @@ encrypt_simple (const char *filename, int mode, int use_seskey) + else + filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */ + ++ /* Register the cipher filter. */ ++ if (mode) ++ iobuf_push_filter (out, ++ cfx.dek->use_aead? cipher_filter_aead ++ /**/ : cipher_filter_cfb, ++ &cfx ); ++ ++ if (do_compress ++ && cfx.dek ++ && (cfx.dek->use_mdc || cfx.dek->use_aead) ++ && !opt.explicit_compress_option ++ && is_file_compressed (inp)) ++ { ++ if (opt.verbose) ++ log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]"); ++ do_compress = 0; ++ } ++ + if (!opt.no_literal) + { + /* Note that PT has been initialized above in !no_literal mode. */ +@@ -617,13 +614,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey) + pkt.pkt.generic = NULL; + } + +- /* Register the cipher filter. */ +- if (mode) +- iobuf_push_filter (out, +- cfx.dek->use_aead? cipher_filter_aead +- /**/ : cipher_filter_cfb, +- &cfx ); +- + /* Register the compress filter. */ + if ( do_compress ) + { +@@ -783,7 +773,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, + PKT_plaintext *pt = NULL; + DEK *symkey_dek = NULL; + STRING2KEY *symkey_s2k = NULL; +- int rc = 0, rc2 = 0; ++ int rc = 0; + u32 filesize; + cipher_filter_context_t cfx; + armor_filter_context_t *afx = NULL; +@@ -792,8 +782,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, + progress_filter_context_t *pfx; + PK_LIST pk_list; + int do_compress; +- char peekbuf[32]; +- int peekbuflen; + + if (filefd != -1 && filename) + return gpg_error (GPG_ERR_INV_ARG); /* Both given. */ +@@ -866,14 +854,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, + if (opt.verbose) + log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp)); + +- peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf); +- if (peekbuflen < 0) +- { +- peekbuflen = 0; +- if (DBG_FILTER) +- log_debug ("peeking at input failed\n"); +- } +- + handle_progress (pfx, inp, filename); + + if (opt.textmode) +@@ -900,25 +880,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, + if (!cfx.dek->use_aead) + cfx.dek->use_mdc = !!use_mdc (pk_list, cfx.dek->algo); + +- /* Only do the is-file-already-compressed check if we are using a +- * MDC or AEAD. This forces compressed files to be re-compressed if +- * we do not have a MDC to give some protection against chosen +- * ciphertext attacks. */ +- if (do_compress +- && (cfx.dek->use_mdc || cfx.dek->use_aead) +- && !opt.explicit_compress_option +- && is_file_compressed (peekbuf, peekbuflen)) +- { +- if (opt.verbose) +- log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]"); +- do_compress = 0; +- } +- if (rc2) +- { +- rc = rc2; +- goto leave; +- } +- + make_session_key (cfx.dek); + if (DBG_CRYPTO) + log_printhex (cfx.dek->key, cfx.dek->keylen, "DEK is: "); +@@ -960,6 +921,26 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, + else + filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */ + ++ /* Register the cipher filter. */ ++ iobuf_push_filter (out, ++ cfx.dek->use_aead? cipher_filter_aead ++ /**/ : cipher_filter_cfb, ++ &cfx); ++ ++ /* Only do the is-file-already-compressed check if we are using a ++ * MDC or AEAD. This forces compressed files to be re-compressed if ++ * we do not have a MDC to give some protection against chosen ++ * ciphertext attacks. */ ++ if (do_compress ++ && (cfx.dek->use_mdc || cfx.dek->use_aead) ++ && !opt.explicit_compress_option ++ && is_file_compressed (inp)) ++ { ++ if (opt.verbose) ++ log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]"); ++ do_compress = 0; ++ } ++ + if (!opt.no_literal) + { + pt->timestamp = make_timestamp(); +@@ -974,12 +955,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, + else + cfx.datalen = filesize && !do_compress ? filesize : 0; + +- /* Register the cipher filter. */ +- iobuf_push_filter (out, +- cfx.dek->use_aead? cipher_filter_aead +- /**/ : cipher_filter_cfb, +- &cfx); +- + /* Register the compress filter. */ + if (do_compress) + { +--- a/g10/sign.c ++++ b/g10/sign.c +@@ -1035,9 +1035,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, + int multifile = 0; + u32 duration=0; + pt_extra_hash_data_t extrahash = NULL; +- char peekbuf[32]; +- int peekbuflen = 0; +- + + pfx = new_progress_context (); + afx = new_armor_context (); +@@ -1096,14 +1093,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, + goto leave; + } + +- peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf); +- if (peekbuflen < 0) +- { +- peekbuflen = 0; +- if (DBG_FILTER) +- log_debug ("peeking at input failed\n"); +- } +- + handle_progress (pfx, inp, fname); + } + +@@ -1261,7 +1250,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, + int compr_algo = opt.compress_algo; + + if (!opt.explicit_compress_option +- && is_file_compressed (peekbuf, peekbuflen)) ++ && is_file_compressed (inp)) + { + if (opt.verbose) + log_info(_("'%s' already compressed\n"), fname? fname: "[stdin]"); +-- +2.11.0 diff --git a/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch b/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch @@ -0,0 +1,28 @@ +https://dev.gnupg.org/T6579 +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dc13361524c1477b2106c7385f2059f9ea111b84 + +From dc13361524c1477b2106c7385f2059f9ea111b84 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka <gniibe@fsij.org> +Date: Wed, 5 Jul 2023 09:29:54 +0900 +Subject: [PATCH] dirmngr: Enable the call of ks_ldap_help_variables when + USE_LDAP. + +* dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize. + +-- + +Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> +--- a/dirmngr/server.c ++++ b/dirmngr/server.c +@@ -2776,7 +2776,9 @@ cmd_ad_query (assuan_context_t ctx, char *line) + + if (opt_help) + { ++#if USE_LDAP + ks_ldap_help_variables (ctrl); ++#endif + err = 0; + goto leave; + } +-- +2.11.0 diff --git a/app-crypt/gnupg/gnupg-2.2.41.ebuild b/app-crypt/gnupg/gnupg-2.2.41.ebuild @@ -1,179 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# Maintainers should: -# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/ -# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159 -# (find the one for the current release then subscribe to it + -# any subsequent ones linked within so you're covered for a while.) - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc -# in-source builds are not supported: https://dev.gnupg.org/T6313#166339 -inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig - -MY_P="${P/_/-}" - -DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" -HOMEPAGE="https://gnupg.org/" -SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" -SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )" -S="${WORKDIR}/${MY_P}" - -LICENSE="GPL-3+" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server" -RESTRICT="!test? ( test )" - -# Existence of executables is checked during configuration. -# Note: On each bump, update dep bounds on each version from configure.ac! -DEPEND=" - >=dev-libs/libassuan-2.5.0 - >=dev-libs/libgcrypt-1.8.0:= - >=dev-libs/libgpg-error-1.29 - >=dev-libs/libksba-1.3.5 - >=dev-libs/npth-1.2 - >=net-misc/curl-7.10 - sys-libs/zlib - bzip2? ( app-arch/bzip2 ) - ldap? ( net-nds/openldap:= ) - readline? ( sys-libs/readline:= ) - smartcard? ( usb? ( virtual/libusb:1 ) ) - ssl? ( >=net-libs/gnutls-3.0:= ) - tofu? ( >=dev-db/sqlite-3.7 ) -" -RDEPEND=" - ${DEPEND} - || ( - app-crypt/pinentry - app-crypt/pinentry-dmenu - ) - nls? ( virtual/libintl ) - selinux? ( sec-policy/selinux-gpg ) - wks-server? ( virtual/mta ) -" -BDEPEND=" - virtual/pkgconfig - doc? ( sys-apps/texinfo ) - nls? ( sys-devel/gettext ) - verify-sig? ( sec-keys/openpgp-keys-gnupg ) -" - -DOCS=( - ChangeLog NEWS README THANKS TODO VERSION - doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER -) - -PATCHES=( - "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch -) - -src_prepare() { - default - - # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode, - # idea borrowed from libdbus, see - # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6 - # - # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl', - # which in turn requires discovery in Autoconf, something that upstream deeply resents. - sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \ - -i doc/examples/systemd-user/gpg-agent-ssh.socket || die -} - -my_src_configure() { - local myconf=( - $(use_enable bzip2) - $(use_enable nls) - $(use_enable smartcard scdaemon) - $(use_enable ssl gnutls) - $(use_enable test all-tests) - $(use_enable test tests) - $(use_enable tofu) - $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') - $(use_enable wks-server wks-tools) - $(use_with ldap) - $(use_with readline) - - # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist. - # As of GnuPG 2.3, the mailprog substitution is used for the binary called - # by wks-client & wks-server; and if it's autodetected but not not exist at - # build time, then then 'gpg-wks-client --send' functionality will not - # work. This has an unwanted side-effect in stage3 builds: there was a - # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating - # the build where the install guide previously make the user chose the - # logger & mta early in the install. - --with-mailprog=/usr/libexec/sendmail - - --disable-ntbtls - --enable-gpg - --enable-gpgsm - --enable-large-secmem - - CC_FOR_BUILD="$(tc-getBUILD_CC)" - GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config" - KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config" - LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config" - LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config" - NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config" - - $("${S}/configure" --help | grep -o -- '--without-.*-prefix') - ) - - if use prefix && use usb; then - # bug #649598 - append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0" - fi - - # bug #663142 - if use user-socket; then - myconf+=( --enable-run-gnupg-user-socket ) - fi - - # glib fails and picks up clang's internal stdint.h causing weird errors - tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h - - econf "${myconf[@]}" -} - -my_src_compile() { - default - - use doc && emake -C doc html -} - -my_src_test() { - export TESTFLAGS="--parallel=$(makeopts_jobs)" - - default -} - -my_src_install() { - emake DESTDIR="${D}" install - - use tools && dobin \ - tools/{gpg-zip,gpgconf,gpgsplit,gpg-check-pattern} \ - tools/make-dns-cert - - dosym gpg /usr/bin/gpg2 - dosym gpgv /usr/bin/gpgv2 - echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die - echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die - - dodir /etc/env.d - echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die - - use doc && dodoc doc/gnupg.html/* -} - -my_src_install_all() { - einstalldocs - - use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot} - - use doc && dodoc doc/*.png - - systemd_douserunit doc/examples/systemd-user/*.{service,socket} -} diff --git a/app-crypt/gnupg/gnupg-2.4.3.ebuild b/app-crypt/gnupg/gnupg-2.4.3.ebuild @@ -0,0 +1,174 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Maintainers should: +# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/ +# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159 +# (find the one for the current release then subscribe to it + +# any subsequent ones linked within so you're covered for a while.) + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc +# in-source builds are not supported: https://dev.gnupg.org/T6313#166339 +inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig + +MY_P="${P/_/-}" + +DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" +HOMEPAGE="https://gnupg.org/" +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" +SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server" +RESTRICT="!test? ( test )" +REQUIRED_USE="test? ( tofu )" + +# Existence of executables is checked during configuration. +# Note: On each bump, update dep bounds on each version from configure.ac! +DEPEND=" + >=dev-libs/libassuan-2.5.0 + >=dev-libs/libgcrypt-1.9.1:= + >=dev-libs/libgpg-error-1.46 + >=dev-libs/libksba-1.6.3 + >=dev-libs/npth-1.2 + >=net-misc/curl-7.10 + sys-libs/zlib + bzip2? ( app-arch/bzip2 ) + ldap? ( net-nds/openldap:= ) + readline? ( sys-libs/readline:0= ) + smartcard? ( usb? ( virtual/libusb:1 ) ) + tofu? ( >=dev-db/sqlite-3.27 ) + tpm? ( >=app-crypt/tpm2-tss-2.4.0:= ) + ssl? ( >=net-libs/gnutls-3.0:0= ) +" +RDEPEND=" + ${DEPEND} + || ( + app-crypt/pinentry + app-crypt/pinentry-dmenu + ) + nls? ( virtual/libintl ) + selinux? ( sec-policy/selinux-gpg ) + wks-server? ( virtual/mta ) +" +BDEPEND=" + virtual/pkgconfig + doc? ( sys-apps/texinfo ) + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-gnupg ) +" + +DOCS=( + ChangeLog NEWS README THANKS TODO VERSION + doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER +) + +PATCHES=( + "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch + "${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch + "${FILESDIR}"/${P}-no-ldap.patch +) + +src_prepare() { + default +} + +my_src_configure() { + # Upstream don't support LTO, bug #854222. + filter-lto + + local myconf=( + $(use_enable bzip2) + $(use_enable nls) + $(use_enable smartcard scdaemon) + $(use_enable ssl gnutls) + $(use_enable test all-tests) + $(use_enable test tests) + $(use_enable tofu) + $(use_enable tofu keyboxd) + $(use_enable tofu sqlite) + $(usex tpm '--with-tss=intel' '--disable-tpm2d') + $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') + $(use_enable wks-server wks-tools) + $(use_with ldap) + $(use_with readline) + + # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist. + # As of GnuPG 2.3, the mailprog substitution is used for the binary called + # by wks-client & wks-server; and if it's autodetected but not not exist at + # build time, then then 'gpg-wks-client --send' functionality will not + # work. This has an unwanted side-effect in stage3 builds: there was a + # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating + # the build where the install guide previously make the user chose the + # logger & mta early in the install. + --with-mailprog=/usr/libexec/sendmail + + --disable-ntbtls + --enable-gpgsm + --enable-large-secmem + + CC_FOR_BUILD="$(tc-getBUILD_CC)" + GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config" + KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config" + LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config" + LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config" + NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config" + + $("${S}/configure" --help | grep -o -- '--without-.*-prefix') + ) + + if use prefix && use usb; then + # bug #649598 + append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0" + fi + + # bug #663142 + if use user-socket; then + myconf+=( --enable-run-gnupg-user-socket ) + fi + + # glib fails and picks up clang's internal stdint.h causing weird errors + tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h + + econf "${myconf[@]}" +} + +my_src_compile() { + default + + use doc && emake -C doc html +} + +my_src_test() { + export TESTFLAGS="--parallel=$(makeopts_jobs)" + + default +} + +my_src_install() { + emake DESTDIR="${D}" install + + use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert + + dosym gpg /usr/bin/gpg2 + dosym gpgv /usr/bin/gpgv2 + echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die + echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die + + dodir /etc/env.d + echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die + + use doc && dodoc doc/gnupg.html/* +} + +my_src_install_all() { + einstalldocs + + use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot} + use doc && dodoc doc/*.png +}