Reintegrate changes from upstream; update to 2.2.23

author: Thai Chung 2020-11-04 00:16:26 +0100
committer: Thai Chung 2020-11-04 00:16:26 +0100
commit: fd5760b42dc0d3fe3cccc4c7744418a5a79eccbd (patch)
tree: d58a345643279818c185cf81a0fc59d94f550a31
parent: 9ebebbfe765116ac842f82ce9056752f391d11dd (diff)
download: aur-gnupg-large-rsa.tar.gz
8 files changed, 276 insertions, 48 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 36119c82314e..3cddd2d88e18 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = gnupg-large-rsa
 	pkgdesc = Complete and free implementation of the OpenPGP standard - with fixes to make large RSA keys really work (and even bigger keys)
-	pkgver = 2.2.17
+	pkgver = 2.2.23
 	pkgrel = 2
 	url = http://www.gnupg.org/
 	install = install
@@ -9,6 +9,7 @@ pkgbase = gnupg-large-rsa
 	license = GPL
 	makedepends = libldap
 	makedepends = libusb-compat
+	makedepends = pcsclite
 	depends = npth
 	depends = libgpg-error
 	depends = libgcrypt
@@ -17,29 +18,39 @@ pkgbase = gnupg-large-rsa
 	depends = pinentry
 	depends = bzip2
 	depends = readline
+	depends = libreadline.so
 	depends = gnutls
 	depends = sqlite
+	depends = zlib
+	depends = glibc
 	optdepends = libldap: gpg2keys_ldap
 	optdepends = libusb-compat: scdaemon
+	optdepends = pcsclite
 	provides = dirmngr
-	provides = gnupg2=2.2.17
-	provides = gnupg=2.2.17
+	provides = gnupg2=2.2.23
+	provides = gnupg=2.2.23
 	conflicts = dirmngr
 	conflicts = gnupg2
 	conflicts = gnupg
 	replaces = dirmngr
 	replaces = gnupg2
 	replaces = gnupg
-	source = https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2
-	source = https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2.sig
+	source = https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.23.tar.bz2
+	source = https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.23.tar.bz2.sig
 	source = gnupg-large-rsa.patch
+	source = drop-import-clean.patch
+	source = avoid-beta-warning.patch
+	source = do-not-rebuild-defsincdate.patch
 	validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
 	validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959
 	validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06
 	validpgpkeys = D238EA65D64C67ED4C3073F28A861B1C7EFD60D9
-	sha256sums = afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514
+	sha256sums = 10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c
 	sha256sums = SKIP
-	sha256sums = c144a2dd23e5177e72733b42735a0dd002c8bdae20c9f7776b30f3319d9402aa
+	sha256sums = b4570a8d828971f11e9ab6671aba6ba6c72b98833af583ebc25a826f64bbc956
+	sha256sums = 02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc
+	sha256sums = 22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d
+	sha256sums = bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee
 
 pkgname = gnupg-large-rsa
 
diff --git a/PKGBUILD b/PKGBUILD
index ce9cf48450cf..7539742e64b0 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,4 +1,6 @@
 # Maintainer: “0xReki” <mail@0xreki.de>
+# Contributor: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Contributor: Lukas Fleischer <lfleischer@archlinux.org>
 # Contributor: Gaetan Bisson <bisson@archlinux.org>
 # Contributor: Tobias Powalowski <tpowa@archlinux.org>
 # Contributor: Andreas Radke <andyrtr@archlinux.org>
@@ -6,30 +8,56 @@
 
 pkgname=gnupg-large-rsa
 _pkgname=gnupg
-pkgver=2.2.17
+pkgver=2.2.23
 pkgrel=2
 pkgdesc='Complete and free implementation of the OpenPGP standard - with fixes to make large RSA keys really work (and even bigger keys)'
 url='http://www.gnupg.org/'
 license=('GPL')
 arch=('i686' 'x86_64')
-optdepends=('libldap: gpg2keys_ldap'
-            'libusb-compat: scdaemon')
-makedepends=('libldap' 'libusb-compat')
-depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
-         'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite')
+optdepends=(
+    'libldap: gpg2keys_ldap'
+    'libusb-compat: scdaemon'
+    'pcsclite'
+)
+makedepends=(
+    'libldap'
+    'libusb-compat'
+    'pcsclite'
+)
+depends=(
+    'npth'
+    'libgpg-error'
+    'libgcrypt'
+    'libksba'
+    'libassuan'
+    'pinentry'
+    'bzip2'
+    'readline'
+    'libreadline.so'
+    'gnutls'
+    'sqlite'
+    'zlib'
+    'glibc'
+)
 validpgpkeys=(
-              'D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
-              '46CC730865BB5C78EBABADCF04376F3EE0856959'
-              '031EC2536E580D8EA286A9F22071B08A33BD3F06'
-              'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9'
+    'D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
+    '46CC730865BB5C78EBABADCF04376F3EE0856959'
+    '031EC2536E580D8EA286A9F22071B08A33BD3F06'
+    'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9'
 )
-source=("https://www.gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig} 
-        "${pkgname}.patch"
+source=(
+    "https://www.gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig} 
+    "${pkgname}.patch"
+    'drop-import-clean.patch'
+    'avoid-beta-warning.patch'
+    'do-not-rebuild-defsincdate.patch'
 )
-sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514'
+sha256sums=('10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c'
             'SKIP'
-            'c144a2dd23e5177e72733b42735a0dd002c8bdae20c9f7776b30f3319d9402aa'
-)
+            'b4570a8d828971f11e9ab6671aba6ba6c72b98833af583ebc25a826f64bbc956'
+            '02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc'
+            '22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d'
+            'bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee')
 
 install=install
 
@@ -39,9 +67,17 @@ replaces=('dirmngr' 'gnupg2' 'gnupg')
 
 prepare() {
     cd "${srcdir}/${_pkgname}-${pkgver}"
-    patch -p1 -i ${srcdir}/${pkgname}.patch 
 
-    sed '/noinst_SCRIPTS = gpg-zip/c bin_SCRIPTS += gpg-zip' -i tools/Makefile.in
+    # Upstream patches:
+    # https://github.com/archlinux/svntogit-packages/tree/packages/gnupg/trunk
+    patch -p1 -i ../avoid-beta-warning.patch
+    patch -p1 -i ../drop-import-clean.patch
+    patch -p1 -i ../do-not-rebuild-defsincdate.patch
+    rm doc/gnupg.info*
+
+    patch -p1 -i ../${pkgname}.patch 
+
+    ./autogen.sh
 }
 
 build() {
@@ -66,6 +102,8 @@ check() {
 package() {
     cd "${srcdir}/${_pkgname}-${pkgver}"
     make DESTDIR="${pkgdir}" install
-	ln -s gpg "${pkgdir}"/usr/bin/gpg2
-	ln -s gpgv "${pkgdir}"/usr/bin/gpgv2
+    ln -s gpg "${pkgdir}"/usr/bin/gpg2
+    ln -s gpgv "${pkgdir}"/usr/bin/gpgv2
+
+    install -Dm 644 doc/examples/systemd-user/*.* -t "${pkgdir}/usr/lib/systemd/user"
 }
diff --git a/avoid-beta-warning.patch b/avoid-beta-warning.patch
new file mode 100644
index 000000000000..569fc0911c2e
--- /dev/null
+++ b/avoid-beta-warning.patch
@@ -0,0 +1,56 @@
+From 114ab3037de3b0f9b35cf023b64c8a9b76070065 Mon Sep 17 00:00:00 2001
+From: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
+Date: Tue, 14 Apr 2015 10:02:31 -0400
+Subject: [PATCH 6/7] avoid beta warning
+
+avoid self-describing as a beta
+
+Using autoreconf against the source as distributed in tarball form
+invariably results in a package that thinks it's a "beta" package,
+which produces the "THIS IS A DEVELOPMENT VERSION" warning string.
+
+since we use dh_autoreconf, i need this patch to avoid producing
+builds that announce themselves as DEVELOPMENT VERSIONs.
+
+See discussion at:
+
+ http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
+---
+ autogen.sh | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/autogen.sh b/autogen.sh
+index b23855061..9b86d3ff9 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -229,24 +229,24 @@ if [ "$myhost" = "find-version" ]; then
+     esac
+ 
+     beta=no
+-    if [ -e .git ]; then
++    if false; then
+       ingit=yes
+       tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
+       tmp=$(echo "$tmp" | sed s/^"$package"//)
+       if [ -n "$tmp" ]; then
+           tmp=$(echo "$tmp" | sed s/^"$package"//  \
+                 | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
+       else
+           tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
+                 | awk -F- '$4!=0{print"-beta"$4}')
+       fi
+       [ -n "$tmp" ] && beta=yes
+       rev=$(git rev-parse --short HEAD | tr -d '\n\r')
+       rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
+     else
+       ingit=no
+-      beta=yes
+-      tmp="-unknown"
++      beta=no
++      tmp=""
+       rev="0000000"
+       rvd="0"
+     fi
+-- 
+2.27.0
+
diff --git a/do-not-rebuild-defsincdate.patch b/do-not-rebuild-defsincdate.patch
new file mode 100644
index 000000000000..cf465942d944
--- /dev/null
+++ b/do-not-rebuild-defsincdate.patch
@@ -0,0 +1,43 @@
+From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Mon, 29 Aug 2016 12:34:42 -0400
+Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file)
+
+upstream ships doc/defsincdate in its tarballs.  but doc/Makefile.am
+tries to rewrite doc/defsincdate if it notices that any of the files
+have been modified more recently, and it does so assuming that we're
+running from a git repo.
+
+However, we'd rather ship the documents cleanly without regenerating
+defsincdate -- we don't have a git repo available (debian builds from
+upstream tarballs) and any changes to the texinfo files (e.g. from
+debian/patches/) might result in different dates on the files than we
+expect after they're applied by dpkg or quilt or whatever, which makes
+the datestamp unreproducible.
+---
+ doc/Makefile.am | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/doc/Makefile.am b/doc/Makefile.am
+index d47d83ede..c0a81b0b9 100644
+--- a/doc/Makefile.am
++++ b/doc/Makefile.am
+@@ -177,15 +177,6 @@
+ 
+ dist-hook: defsincdate
+ 
+-defsincdate: $(gnupg_TEXINFOS)
+-	: >defsincdate ; \
+-	if test -e $(top_srcdir)/.git; then \
+-	  (cd $(srcdir) && git log -1 --format='%ct' \
+-               -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \
+-        elif test x"$SOURCE_DATE_EPOCH" != x; then   \
+-	   echo "$SOURCE_DATE_EPOCH" >>defsincdate ; \
+-	fi
+-
+ defs.inc : defsincdate Makefile mkdefsinc
+ 	incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
+ 	./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \
+-- 
+2.27.0
+
diff --git a/drop-import-clean.patch b/drop-import-clean.patch
new file mode 100644
index 000000000000..526a3ff27900
--- /dev/null
+++ b/drop-import-clean.patch
@@ -0,0 +1,54 @@
+From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Mon, 15 Jul 2019 16:24:35 -0400
+Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import
+ options
+
+* g10/gpg.c (main): drop IMPORT_CLEAN from the
+default opt.keyserver_options.import_options
+* doc/gpg.texi: reflect this change in the documentation
+
+Given that SELF_SIGS_ONLY is already set, it's not clear what
+additional benefit IMPORT_CLEAN provides.  Furthermore, IMPORT_CLEAN
+means that receiving an OpenPGP certificate from a keyserver will
+potentially delete data that is otherwise held in the local keyring,
+which is surprising to users who expect retrieval from the keyservers
+to be purely additive.
+
+GnuPG-Bug-Id: 4628
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ doc/gpg.texi | 2 +-
+ g10/gpg.c    | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 4870441d4..551459a74 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are:
+ 
+ @end table
+ 
+-The default list of options is: "self-sigs-only, import-clean,
++The default list of options is: "self-sigs-only,
+ repair-keys, repair-pks-subkey-bug, export-attributes,
+ honor-pka-record".
+ 
+diff --git a/g10/gpg.c b/g10/gpg.c
+index 68cc22041..fa2bcfa5e 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2397,8 +2397,7 @@ main (int argc, char **argv)
+     opt.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+ 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
+-                                            | IMPORT_SELF_SIGS_ONLY
+-                                            | IMPORT_CLEAN);
++                                            | IMPORT_SELF_SIGS_ONLY);
+     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+     opt.verify_options = (LIST_SHOW_UID_VALIDITY
+-- 
+2.27.0
+
diff --git a/gnupg-large-rsa.patch b/gnupg-large-rsa.patch
index d164921e0f2e..cd0a2f8c40f9 100644
--- a/gnupg-large-rsa.patch
+++ b/gnupg-large-rsa.patch
@@ -1,7 +1,23 @@
-diff -aur old/g10/keygen.c new/g10/keygen.c
---- old/g10/keygen.c	2019-02-27 14:33:09.533386670 +0100
-+++ new/g10/keygen.c	2019-02-27 14:38:40.627816221 +0100
-@@ -1639,7 +1639,7 @@
+* Increase Secure Memory Size
+* Increase Key Size for RSA
+
+diff -aur a/configure b/configure
+--- a/configure	2020-09-03 17:16:56.000000000 +0200
++++ b/configure	2020-11-04 00:05:58.165589557 +0100
+@@ -5566,7 +5566,7 @@
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $large_secmem" >&5
+ $as_echo "$large_secmem" >&6; }
+ if test "$large_secmem" = yes ; then
+-   SECMEM_BUFFER_SIZE=65536
++   SECMEM_BUFFER_SIZE=100663296
+ else
+    SECMEM_BUFFER_SIZE=32768
+ fi
+
+diff -aur a/g10/keygen.c b/g10/keygen.c
+--- a/g10/keygen.c	2020-08-25 13:05:44.000000000 +0200
++++ b/g10/keygen.c	2020-11-04 00:05:58.165589557 +0100
+@@ -1643,7 +1643,7 @@
    int err;
    char *keyparms;
    char nbitsstr[35];
@@ -10,7 +26,7 @@ diff -aur old/g10/keygen.c new/g10/keygen.c
  
    log_assert (is_RSA(algo));
  
-@@ -2114,6 +2114,12 @@
+@@ -2260,6 +2260,12 @@
        def=255;
        break;
  
@@ -23,3 +39,4 @@ diff -aur old/g10/keygen.c new/g10/keygen.c
      default:
        *min = opt.compliance == CO_DE_VS ? 2048: 1024;
        *max = 4096;
+
diff --git a/install b/install
index 5b2169f0e384..1f19b99feb2d 100644
--- a/install
+++ b/install
@@ -1,10 +1,31 @@
+_global_units() {
+	_units=(dirmngr.socket gpg-agent.socket gpg-agent-{browser,extra,ssh}.socket)
+	_dir=/etc/systemd/user/sockets.target.wants
+
+	case $1 in
+		enable)
+			mkdir -p $_dir
+			for _u in "${_units[@]}"; do
+				ln -sf /usr/lib/systemd/user/$_u $_dir/$_u
+			done
+			;;
+		disable)
+			for _u in "${_units[@]}"; do
+				rm -f $_dir/$_u
+			done
+			rmdir -p --ignore-fail-on-non-empty $_dir
+			;;
+	esac
+}
+
 post_install() {
 	# See FS#42798 and FS#47371
-	dirmngr </dev/null &>/dev/null || true
+	dirmngr </dev/null &>/dev/null
+
+	# Let systemd supervise daemons by default
+	_global_units enable
 }
 
-post_upgrade() {
-	if [[ $(vercmp $2 2.1.13-1) = -1 ]]; then
-		echo "==> Please kill running gpg-agent and dirmngr processes before using this release."
-	fi
+pre_remove() {
+	_global_units disable
 }
diff --git a/req_usage.patch b/req_usage.patch
deleted file mode 100644
index 93d693574444..000000000000
--- a/req_usage.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Naur old/g10/getkey.c new/g10/getkey.c
---- old/g10/getkey.c	2018-02-21 23:42:42.000000000 -1000
-+++ new/g10/getkey.c	2018-04-05 10:15:14.642119429 -1000
-@@ -1810,6 +1810,8 @@
-       ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
- 	: KEYDB_SEARCH_MODE_FPR20;
-       memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
-+      if (pk)
-+        ctx.req_usage = pk->req_usage;
-       rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
-       if (!rc && pk)
- 	pk_from_block (pk, kb, found_key);
author	Thai Chung	2020-11-04 00:16:26 +0100
committer	Thai Chung	2020-11-04 00:16:26 +0100
commit	fd5760b42dc0d3fe3cccc4c7744418a5a79eccbd (patch)
tree	d58a345643279818c185cf81a0fc59d94f550a31
parent	9ebebbfe765116ac842f82ce9056752f391d11dd (diff)
download	aur-gnupg-large-rsa.tar.gz