diff options
| author | Arti Zirk | 2020-07-13 11:17:04 +0300 |
|---|---|---|
| committer | Arti Zirk | 2020-07-13 11:20:35 +0300 |
| commit | 3c189d6b48f9fe287b860a34802563411445a4fc (patch) | |
| tree | 54498a4eb095b6b3bbd42eae5c3355218e31c3eb | |
| parent | d442071bddadcf391a3567ffed570b494577a2cb (diff) | |
| download | aur-3c189d6b48f9fe287b860a34802563411445a4fc.tar.gz | |
Bump version and sync with ABS
| -rw-r--r-- | .SRCINFO | 20 | ||||
| -rw-r--r-- | PKGBUILD | 24 | ||||
| -rw-r--r-- | avoid-beta-warning.patch | 56 | ||||
| -rw-r--r-- | do-not-rebuild-defsincdate.patch | 43 | ||||
| -rw-r--r-- | drop-import-clean.patch | 54 | ||||
| -rw-r--r-- | self-sigs-only.patch | 56 |
6 files changed, 182 insertions, 71 deletions
@@ -1,6 +1,6 @@ pkgbase = gnupg-scdaemon-shared-access pkgdesc = This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access - pkgver = 2.2.20 + pkgver = 2.2.21 pkgrel = 1 url = https://www.gnupg.org/ install = install @@ -25,22 +25,26 @@ pkgbase = gnupg-scdaemon-shared-access optdepends = pcsclite: scdaemon provides = gnupg provides = dirmngr - provides = gnupg=2.2.20 - provides = gnupg2=2.2.20 + provides = gnupg=2.2.21 + provides = gnupg2=2.2.21 conflicts = gnupg conflicts = dirmngr conflicts = gnupg2 - source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2 - source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2.sig - source = self-sigs-only.patch + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.21.tar.bz2 + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.21.tar.bz2.sig + source = drop-import-clean.patch + source = avoid-beta-warning.patch + source = do-not-rebuild-defsincdate.patch source = scdaemon_shared-access.patch validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959 validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06 validpgpkeys = D238EA65D64C67ED4C3073F28A861B1C7EFD60D9 - sha256sums = 04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30 + sha256sums = 61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec sha256sums = SKIP - sha256sums = 0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218 + sha256sums = 02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc + sha256sums = 22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d + sha256sums = bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee sha256sums = aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc pkgname = gnupg-scdaemon-shared-access @@ -6,7 +6,7 @@ _pkgname=gnupg pkgname=gnupg-scdaemon-shared-access -pkgver=2.2.20 +pkgver=2.2.21 pkgrel=1 pkgdesc='This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access' url='https://www.gnupg.org/' @@ -24,11 +24,15 @@ validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' '031EC2536E580D8EA286A9F22071B08A33BD3F06' 'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9') source=("https://gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig} - "self-sigs-only.patch" + 'drop-import-clean.patch' + 'avoid-beta-warning.patch' + 'do-not-rebuild-defsincdate.patch' "scdaemon_shared-access.patch") -sha256sums=('04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30' +sha256sums=('61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec' 'SKIP' - '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218' + '02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc' + '22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d' + 'bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee' 'aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc') install=install @@ -38,9 +42,15 @@ provides=('gnupg' 'dirmngr' "gnupg=${pkgver}" "gnupg2=${pkgver}") prepare() { cd "${srcdir}/${_pkgname}-${pkgver}" - sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in - patch -R -p1 -i ../self-sigs-only.patch - patch -p1 -t -N < "${srcdir}/scdaemon_shared-access.patch" + patch -p1 -i ../scdaemon_shared-access.patch + patch -p1 -i ../avoid-beta-warning.patch + patch -p1 -i ../drop-import-clean.patch + + # improve reproducibility + patch -p1 -i ../do-not-rebuild-defsincdate.patch + rm doc/gnupg.info* + + ./autogen.sh } build() { diff --git a/avoid-beta-warning.patch b/avoid-beta-warning.patch new file mode 100644 index 000000000000..569fc0911c2e --- /dev/null +++ b/avoid-beta-warning.patch @@ -0,0 +1,56 @@ +From 114ab3037de3b0f9b35cf023b64c8a9b76070065 Mon Sep 17 00:00:00 2001 +From: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org> +Date: Tue, 14 Apr 2015 10:02:31 -0400 +Subject: [PATCH 6/7] avoid beta warning + +avoid self-describing as a beta + +Using autoreconf against the source as distributed in tarball form +invariably results in a package that thinks it's a "beta" package, +which produces the "THIS IS A DEVELOPMENT VERSION" warning string. + +since we use dh_autoreconf, i need this patch to avoid producing +builds that announce themselves as DEVELOPMENT VERSIONs. + +See discussion at: + + http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html +--- + autogen.sh | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/autogen.sh b/autogen.sh +index b23855061..9b86d3ff9 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -229,24 +229,24 @@ if [ "$myhost" = "find-version" ]; then + esac + + beta=no +- if [ -e .git ]; then ++ if false; then + ingit=yes + tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null) + tmp=$(echo "$tmp" | sed s/^"$package"//) + if [ -n "$tmp" ]; then + tmp=$(echo "$tmp" | sed s/^"$package"// \ + | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}') + else + tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \ + | awk -F- '$4!=0{print"-beta"$4}') + fi + [ -n "$tmp" ] && beta=yes + rev=$(git rev-parse --short HEAD | tr -d '\n\r') + rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null))) + else + ingit=no +- beta=yes +- tmp="-unknown" ++ beta=no ++ tmp="" + rev="0000000" + rvd="0" + fi +-- +2.27.0 + diff --git a/do-not-rebuild-defsincdate.patch b/do-not-rebuild-defsincdate.patch new file mode 100644 index 000000000000..cf465942d944 --- /dev/null +++ b/do-not-rebuild-defsincdate.patch @@ -0,0 +1,43 @@ +From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Mon, 29 Aug 2016 12:34:42 -0400 +Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file) + +upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am +tries to rewrite doc/defsincdate if it notices that any of the files +have been modified more recently, and it does so assuming that we're +running from a git repo. + +However, we'd rather ship the documents cleanly without regenerating +defsincdate -- we don't have a git repo available (debian builds from +upstream tarballs) and any changes to the texinfo files (e.g. from +debian/patches/) might result in different dates on the files than we +expect after they're applied by dpkg or quilt or whatever, which makes +the datestamp unreproducible. +--- + doc/Makefile.am | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/doc/Makefile.am b/doc/Makefile.am +index d47d83ede..c0a81b0b9 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -177,15 +177,6 @@ + + dist-hook: defsincdate + +-defsincdate: $(gnupg_TEXINFOS) +- : >defsincdate ; \ +- if test -e $(top_srcdir)/.git; then \ +- (cd $(srcdir) && git log -1 --format='%ct' \ +- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \ +- elif test x"$SOURCE_DATE_EPOCH" != x; then \ +- echo "$SOURCE_DATE_EPOCH" >>defsincdate ; \ +- fi +- + defs.inc : defsincdate Makefile mkdefsinc + incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ + ./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \ +-- +2.27.0 + diff --git a/drop-import-clean.patch b/drop-import-clean.patch new file mode 100644 index 000000000000..526a3ff27900 --- /dev/null +++ b/drop-import-clean.patch @@ -0,0 +1,54 @@ +From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Mon, 15 Jul 2019 16:24:35 -0400 +Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import + options + +* g10/gpg.c (main): drop IMPORT_CLEAN from the +default opt.keyserver_options.import_options +* doc/gpg.texi: reflect this change in the documentation + +Given that SELF_SIGS_ONLY is already set, it's not clear what +additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN +means that receiving an OpenPGP certificate from a keyserver will +potentially delete data that is otherwise held in the local keyring, +which is surprising to users who expect retrieval from the keyservers +to be purely additive. + +GnuPG-Bug-Id: 4628 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + doc/gpg.texi | 2 +- + g10/gpg.c | 3 +-- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 4870441d4..551459a74 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are: + + @end table + +-The default list of options is: "self-sigs-only, import-clean, ++The default list of options is: "self-sigs-only, + repair-keys, repair-pks-subkey-bug, export-attributes, + honor-pka-record". + +diff --git a/g10/gpg.c b/g10/gpg.c +index 68cc22041..fa2bcfa5e 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2397,8 +2397,7 @@ main (int argc, char **argv) + opt.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS + | IMPORT_REPAIR_PKS_SUBKEY_BUG +- | IMPORT_SELF_SIGS_ONLY +- | IMPORT_CLEAN); ++ | IMPORT_SELF_SIGS_ONLY); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY +-- +2.27.0 + diff --git a/self-sigs-only.patch b/self-sigs-only.patch deleted file mode 100644 index 3d7406301474..000000000000 --- a/self-sigs-only.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: Werner Koch <wk@gnupg.org> -Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200) -Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. -X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93 - -gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. - -* g10/gpg.c (main): Change default. --- - -Due to the DoS attack on the keyeservers we do not anymore default to -import key signatures. That makes the keyserver unsuable for getting -keys for the WoT but it still allows to retriev keys - even if that -takes long to download the large keyblocks. - -To revert to the old behavior add - - keyserver-optiions no-self-sigs-only,no-import-clean - -to gpg.conf. - -GnuPG-bug-id: 4607 -Signed-off-by: Werner Koch <wk@gnupg.org> ---- - -diff --git a/doc/gpg.texi b/doc/gpg.texi -index 8feab8218..9513a4e0f 100644 ---- a/doc/gpg.texi -+++ b/doc/gpg.texi -@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are: - - @end table - -+The default list of options is: "self-sigs-only, import-clean, -+repair-keys, repair-pks-subkey-bug, export-attributes, -+honor-pka-record". -+ -+ - @item --completes-needed @var{n} - @opindex compliant-needed - Number of completely trusted users to introduce a new -diff --git a/g10/gpg.c b/g10/gpg.c -index 66e47dde5..0bbe72394 100644 ---- a/g10/gpg.c -+++ b/g10/gpg.c -@@ -2424,7 +2424,9 @@ main (int argc, char **argv) - opt.import_options = IMPORT_REPAIR_KEYS; - opt.export_options = EXPORT_ATTRIBUTES; - opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS -- | IMPORT_REPAIR_PKS_SUBKEY_BUG); -+ | IMPORT_REPAIR_PKS_SUBKEY_BUG -+ | IMPORT_SELF_SIGS_ONLY -+ | IMPORT_CLEAN); - opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; - opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; - opt.verify_options = (LIST_SHOW_UID_VALIDITY |