diff options
author | Thai Chung | 2020-11-04 00:16:26 +0100 |
---|---|---|
committer | Thai Chung | 2020-11-04 00:16:26 +0100 |
commit | fd5760b42dc0d3fe3cccc4c7744418a5a79eccbd (patch) | |
tree | d58a345643279818c185cf81a0fc59d94f550a31 | |
parent | 9ebebbfe765116ac842f82ce9056752f391d11dd (diff) | |
download | aur-gnupg-large-rsa.tar.gz |
Reintegrate changes from upstream; update to 2.2.23
-rw-r--r-- | .SRCINFO | 25 | ||||
-rw-r--r-- | PKGBUILD | 76 | ||||
-rw-r--r-- | avoid-beta-warning.patch | 56 | ||||
-rw-r--r-- | do-not-rebuild-defsincdate.patch | 43 | ||||
-rw-r--r-- | drop-import-clean.patch | 54 | ||||
-rw-r--r-- | gnupg-large-rsa.patch | 27 | ||||
-rw-r--r-- | install | 31 | ||||
-rw-r--r-- | req_usage.patch | 12 |
8 files changed, 276 insertions, 48 deletions
@@ -1,6 +1,6 @@ pkgbase = gnupg-large-rsa pkgdesc = Complete and free implementation of the OpenPGP standard - with fixes to make large RSA keys really work (and even bigger keys) - pkgver = 2.2.17 + pkgver = 2.2.23 pkgrel = 2 url = http://www.gnupg.org/ install = install @@ -9,6 +9,7 @@ pkgbase = gnupg-large-rsa license = GPL makedepends = libldap makedepends = libusb-compat + makedepends = pcsclite depends = npth depends = libgpg-error depends = libgcrypt @@ -17,29 +18,39 @@ pkgbase = gnupg-large-rsa depends = pinentry depends = bzip2 depends = readline + depends = libreadline.so depends = gnutls depends = sqlite + depends = zlib + depends = glibc optdepends = libldap: gpg2keys_ldap optdepends = libusb-compat: scdaemon + optdepends = pcsclite provides = dirmngr - provides = gnupg2=2.2.17 - provides = gnupg=2.2.17 + provides = gnupg2=2.2.23 + provides = gnupg=2.2.23 conflicts = dirmngr conflicts = gnupg2 conflicts = gnupg replaces = dirmngr replaces = gnupg2 replaces = gnupg - source = https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2 - source = https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2.sig + source = https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.23.tar.bz2 + source = https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.23.tar.bz2.sig source = gnupg-large-rsa.patch + source = drop-import-clean.patch + source = avoid-beta-warning.patch + source = do-not-rebuild-defsincdate.patch validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959 validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06 validpgpkeys = D238EA65D64C67ED4C3073F28A861B1C7EFD60D9 - sha256sums = afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514 + sha256sums = 10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c sha256sums = SKIP - sha256sums = c144a2dd23e5177e72733b42735a0dd002c8bdae20c9f7776b30f3319d9402aa + sha256sums = b4570a8d828971f11e9ab6671aba6ba6c72b98833af583ebc25a826f64bbc956 + sha256sums = 02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc + sha256sums = 22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d + sha256sums = bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee pkgname = gnupg-large-rsa @@ -1,4 +1,6 @@ # Maintainer: “0xReki” <mail@0xreki.de> +# Contributor: Levente Polyak <anthraxx[at]archlinux[dot]org> +# Contributor: Lukas Fleischer <lfleischer@archlinux.org> # Contributor: Gaetan Bisson <bisson@archlinux.org> # Contributor: Tobias Powalowski <tpowa@archlinux.org> # Contributor: Andreas Radke <andyrtr@archlinux.org> @@ -6,30 +8,56 @@ pkgname=gnupg-large-rsa _pkgname=gnupg -pkgver=2.2.17 +pkgver=2.2.23 pkgrel=2 pkgdesc='Complete and free implementation of the OpenPGP standard - with fixes to make large RSA keys really work (and even bigger keys)' url='http://www.gnupg.org/' license=('GPL') arch=('i686' 'x86_64') -optdepends=('libldap: gpg2keys_ldap' - 'libusb-compat: scdaemon') -makedepends=('libldap' 'libusb-compat') -depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' - 'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite') +optdepends=( + 'libldap: gpg2keys_ldap' + 'libusb-compat: scdaemon' + 'pcsclite' +) +makedepends=( + 'libldap' + 'libusb-compat' + 'pcsclite' +) +depends=( + 'npth' + 'libgpg-error' + 'libgcrypt' + 'libksba' + 'libassuan' + 'pinentry' + 'bzip2' + 'readline' + 'libreadline.so' + 'gnutls' + 'sqlite' + 'zlib' + 'glibc' +) validpgpkeys=( - 'D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' - '46CC730865BB5C78EBABADCF04376F3EE0856959' - '031EC2536E580D8EA286A9F22071B08A33BD3F06' - 'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9' + 'D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' + '46CC730865BB5C78EBABADCF04376F3EE0856959' + '031EC2536E580D8EA286A9F22071B08A33BD3F06' + 'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9' ) -source=("https://www.gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig} - "${pkgname}.patch" +source=( + "https://www.gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig} + "${pkgname}.patch" + 'drop-import-clean.patch' + 'avoid-beta-warning.patch' + 'do-not-rebuild-defsincdate.patch' ) -sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514' +sha256sums=('10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c' 'SKIP' - 'c144a2dd23e5177e72733b42735a0dd002c8bdae20c9f7776b30f3319d9402aa' -) + 'b4570a8d828971f11e9ab6671aba6ba6c72b98833af583ebc25a826f64bbc956' + '02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc' + '22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d' + 'bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee') install=install @@ -39,9 +67,17 @@ replaces=('dirmngr' 'gnupg2' 'gnupg') prepare() { cd "${srcdir}/${_pkgname}-${pkgver}" - patch -p1 -i ${srcdir}/${pkgname}.patch - sed '/noinst_SCRIPTS = gpg-zip/c bin_SCRIPTS += gpg-zip' -i tools/Makefile.in + # Upstream patches: + # https://github.com/archlinux/svntogit-packages/tree/packages/gnupg/trunk + patch -p1 -i ../avoid-beta-warning.patch + patch -p1 -i ../drop-import-clean.patch + patch -p1 -i ../do-not-rebuild-defsincdate.patch + rm doc/gnupg.info* + + patch -p1 -i ../${pkgname}.patch + + ./autogen.sh } build() { @@ -66,6 +102,8 @@ check() { package() { cd "${srcdir}/${_pkgname}-${pkgver}" make DESTDIR="${pkgdir}" install - ln -s gpg "${pkgdir}"/usr/bin/gpg2 - ln -s gpgv "${pkgdir}"/usr/bin/gpgv2 + ln -s gpg "${pkgdir}"/usr/bin/gpg2 + ln -s gpgv "${pkgdir}"/usr/bin/gpgv2 + + install -Dm 644 doc/examples/systemd-user/*.* -t "${pkgdir}/usr/lib/systemd/user" } diff --git a/avoid-beta-warning.patch b/avoid-beta-warning.patch new file mode 100644 index 000000000000..569fc0911c2e --- /dev/null +++ b/avoid-beta-warning.patch @@ -0,0 +1,56 @@ +From 114ab3037de3b0f9b35cf023b64c8a9b76070065 Mon Sep 17 00:00:00 2001 +From: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org> +Date: Tue, 14 Apr 2015 10:02:31 -0400 +Subject: [PATCH 6/7] avoid beta warning + +avoid self-describing as a beta + +Using autoreconf against the source as distributed in tarball form +invariably results in a package that thinks it's a "beta" package, +which produces the "THIS IS A DEVELOPMENT VERSION" warning string. + +since we use dh_autoreconf, i need this patch to avoid producing +builds that announce themselves as DEVELOPMENT VERSIONs. + +See discussion at: + + http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html +--- + autogen.sh | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/autogen.sh b/autogen.sh +index b23855061..9b86d3ff9 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -229,24 +229,24 @@ if [ "$myhost" = "find-version" ]; then + esac + + beta=no +- if [ -e .git ]; then ++ if false; then + ingit=yes + tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null) + tmp=$(echo "$tmp" | sed s/^"$package"//) + if [ -n "$tmp" ]; then + tmp=$(echo "$tmp" | sed s/^"$package"// \ + | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}') + else + tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \ + | awk -F- '$4!=0{print"-beta"$4}') + fi + [ -n "$tmp" ] && beta=yes + rev=$(git rev-parse --short HEAD | tr -d '\n\r') + rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null))) + else + ingit=no +- beta=yes +- tmp="-unknown" ++ beta=no ++ tmp="" + rev="0000000" + rvd="0" + fi +-- +2.27.0 + diff --git a/do-not-rebuild-defsincdate.patch b/do-not-rebuild-defsincdate.patch new file mode 100644 index 000000000000..cf465942d944 --- /dev/null +++ b/do-not-rebuild-defsincdate.patch @@ -0,0 +1,43 @@ +From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Mon, 29 Aug 2016 12:34:42 -0400 +Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file) + +upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am +tries to rewrite doc/defsincdate if it notices that any of the files +have been modified more recently, and it does so assuming that we're +running from a git repo. + +However, we'd rather ship the documents cleanly without regenerating +defsincdate -- we don't have a git repo available (debian builds from +upstream tarballs) and any changes to the texinfo files (e.g. from +debian/patches/) might result in different dates on the files than we +expect after they're applied by dpkg or quilt or whatever, which makes +the datestamp unreproducible. +--- + doc/Makefile.am | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/doc/Makefile.am b/doc/Makefile.am +index d47d83ede..c0a81b0b9 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -177,15 +177,6 @@ + + dist-hook: defsincdate + +-defsincdate: $(gnupg_TEXINFOS) +- : >defsincdate ; \ +- if test -e $(top_srcdir)/.git; then \ +- (cd $(srcdir) && git log -1 --format='%ct' \ +- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \ +- elif test x"$SOURCE_DATE_EPOCH" != x; then \ +- echo "$SOURCE_DATE_EPOCH" >>defsincdate ; \ +- fi +- + defs.inc : defsincdate Makefile mkdefsinc + incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ + ./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \ +-- +2.27.0 + diff --git a/drop-import-clean.patch b/drop-import-clean.patch new file mode 100644 index 000000000000..526a3ff27900 --- /dev/null +++ b/drop-import-clean.patch @@ -0,0 +1,54 @@ +From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Mon, 15 Jul 2019 16:24:35 -0400 +Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import + options + +* g10/gpg.c (main): drop IMPORT_CLEAN from the +default opt.keyserver_options.import_options +* doc/gpg.texi: reflect this change in the documentation + +Given that SELF_SIGS_ONLY is already set, it's not clear what +additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN +means that receiving an OpenPGP certificate from a keyserver will +potentially delete data that is otherwise held in the local keyring, +which is surprising to users who expect retrieval from the keyservers +to be purely additive. + +GnuPG-Bug-Id: 4628 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + doc/gpg.texi | 2 +- + g10/gpg.c | 3 +-- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 4870441d4..551459a74 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are: + + @end table + +-The default list of options is: "self-sigs-only, import-clean, ++The default list of options is: "self-sigs-only, + repair-keys, repair-pks-subkey-bug, export-attributes, + honor-pka-record". + +diff --git a/g10/gpg.c b/g10/gpg.c +index 68cc22041..fa2bcfa5e 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2397,8 +2397,7 @@ main (int argc, char **argv) + opt.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS + | IMPORT_REPAIR_PKS_SUBKEY_BUG +- | IMPORT_SELF_SIGS_ONLY +- | IMPORT_CLEAN); ++ | IMPORT_SELF_SIGS_ONLY); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY +-- +2.27.0 + diff --git a/gnupg-large-rsa.patch b/gnupg-large-rsa.patch index d164921e0f2e..cd0a2f8c40f9 100644 --- a/gnupg-large-rsa.patch +++ b/gnupg-large-rsa.patch @@ -1,7 +1,23 @@ -diff -aur old/g10/keygen.c new/g10/keygen.c ---- old/g10/keygen.c 2019-02-27 14:33:09.533386670 +0100 -+++ new/g10/keygen.c 2019-02-27 14:38:40.627816221 +0100 -@@ -1639,7 +1639,7 @@ +* Increase Secure Memory Size +* Increase Key Size for RSA + +diff -aur a/configure b/configure +--- a/configure 2020-09-03 17:16:56.000000000 +0200 ++++ b/configure 2020-11-04 00:05:58.165589557 +0100 +@@ -5566,7 +5566,7 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $large_secmem" >&5 + $as_echo "$large_secmem" >&6; } + if test "$large_secmem" = yes ; then +- SECMEM_BUFFER_SIZE=65536 ++ SECMEM_BUFFER_SIZE=100663296 + else + SECMEM_BUFFER_SIZE=32768 + fi + +diff -aur a/g10/keygen.c b/g10/keygen.c +--- a/g10/keygen.c 2020-08-25 13:05:44.000000000 +0200 ++++ b/g10/keygen.c 2020-11-04 00:05:58.165589557 +0100 +@@ -1643,7 +1643,7 @@ int err; char *keyparms; char nbitsstr[35]; @@ -10,7 +26,7 @@ diff -aur old/g10/keygen.c new/g10/keygen.c log_assert (is_RSA(algo)); -@@ -2114,6 +2114,12 @@ +@@ -2260,6 +2260,12 @@ def=255; break; @@ -23,3 +39,4 @@ diff -aur old/g10/keygen.c new/g10/keygen.c default: *min = opt.compliance == CO_DE_VS ? 2048: 1024; *max = 4096; + @@ -1,10 +1,31 @@ +_global_units() { + _units=(dirmngr.socket gpg-agent.socket gpg-agent-{browser,extra,ssh}.socket) + _dir=/etc/systemd/user/sockets.target.wants + + case $1 in + enable) + mkdir -p $_dir + for _u in "${_units[@]}"; do + ln -sf /usr/lib/systemd/user/$_u $_dir/$_u + done + ;; + disable) + for _u in "${_units[@]}"; do + rm -f $_dir/$_u + done + rmdir -p --ignore-fail-on-non-empty $_dir + ;; + esac +} + post_install() { # See FS#42798 and FS#47371 - dirmngr </dev/null &>/dev/null || true + dirmngr </dev/null &>/dev/null + + # Let systemd supervise daemons by default + _global_units enable } -post_upgrade() { - if [[ $(vercmp $2 2.1.13-1) = -1 ]]; then - echo "==> Please kill running gpg-agent and dirmngr processes before using this release." - fi +pre_remove() { + _global_units disable } diff --git a/req_usage.patch b/req_usage.patch deleted file mode 100644 index 93d693574444..000000000000 --- a/req_usage.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur old/g10/getkey.c new/g10/getkey.c ---- old/g10/getkey.c 2018-02-21 23:42:42.000000000 -1000 -+++ new/g10/getkey.c 2018-04-05 10:15:14.642119429 -1000 -@@ -1810,6 +1810,8 @@ - ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16 - : KEYDB_SEARCH_MODE_FPR20; - memcpy (ctx.items[0].u.fpr, fprint, fprint_len); -+ if (pk) -+ ctx.req_usage = pk->req_usage; - rc = lookup (ctrl, &ctx, 0, &kb, &found_key); - if (!rc && pk) - pk_from_block (pk, kb, found_key); |