First commit

5 files changed, 236 insertions, 0 deletions

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..fcdc6616eb7b
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,45 @@
+pkgbase = gnupg-scdaemon-shared-access
+	pkgdesc = Complete and free implementation of the OpenPGP standard
+	pkgver = 2.2.11
+	pkgrel = 1
+	url = https://www.gnupg.org/
+	install = install
+	arch = x86_64
+	license = GPL
+	checkdepends = openssh
+	makedepends = libldap
+	makedepends = libusb-compat
+	makedepends = pcsclite
+	depends = npth
+	depends = libgpg-error
+	depends = libgcrypt
+	depends = libksba
+	depends = libassuan
+	depends = pinentry
+	depends = bzip2
+	depends = readline
+	depends = gnutls
+	depends = sqlite
+	optdepends = libldap: gpg2keys_ldap
+	optdepends = libusb-compat: scdaemon
+	optdepends = pcsclite: scdaemon
+	provides = gnupg
+	provides = dirmngr
+	provides = gnupg=2.2.11
+	provides = gnupg2=2.2.11
+	conflicts = gnupg
+	conflicts = dirmngr
+	conflicts = gnupg2
+	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.11.tar.bz2
+	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.11.tar.bz2.sig
+	source = scdaemon_shared-access.patch
+	validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
+	validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959
+	validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06
+	validpgpkeys = D238EA65D64C67ED4C3073F28A861B1C7EFD60D9
+	sha256sums = 496c3e123ef53f35436ddccca58e82acaa901ca4e21174e77386c0cea0c49cd9
+	sha256sums = SKIP
+	sha256sums = 877ca0b8abcb6d1263bf40f3e9aa66b754a9957943ae2de591dfa42a1b21b7cf
+
+pkgname = gnupg-scdaemon-shared-access
+
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000000..40fa6d694805
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+pkg
+src
+*tar*
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..95542c63db9d
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,71 @@
+# Maintainer: Arti Zirk <arti.zirk@gmail.com>
+# Contributor: Gaetan Bisson <bisson@archlinux.org>
+# Contributor: Tobias Powalowski <tpowa@archlinux.org>
+# Contributor: Andreas Radke <andyrtr@archlinux.org>
+# Contributor: Judd Vinet <jvinet@zeroflux.org>
+
+_pkgname=gnupg
+pkgname=gnupg-scdaemon-shared-access
+pkgver=2.2.11
+pkgrel=1
+pkgdesc='Complete and free implementation of the OpenPGP standard'
+url='https://www.gnupg.org/'
+license=('GPL')
+arch=('x86_64')
+checkdepends=('openssh')
+makedepends=('libldap' 'libusb-compat' 'pcsclite')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+         'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite')
+optdepends=('libldap: gpg2keys_ldap'
+            'libusb-compat: scdaemon'
+            'pcsclite: scdaemon')
+validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
+              '46CC730865BB5C78EBABADCF04376F3EE0856959'
+              '031EC2536E580D8EA286A9F22071B08A33BD3F06'
+              'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9')
+source=("https://gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig}
+        "scdaemon_shared-access.patch")
+sha256sums=('496c3e123ef53f35436ddccca58e82acaa901ca4e21174e77386c0cea0c49cd9'
+            'SKIP'
+            '877ca0b8abcb6d1263bf40f3e9aa66b754a9957943ae2de591dfa42a1b21b7cf')
+
+install=install
+
+conflicts=('gnupg' 'dirmngr' 'gnupg2')
+provides=('gnupg' 'dirmngr' "gnupg=${pkgver}" "gnupg2=${pkgver}")
+
+prepare() {
+	cd "${srcdir}/${_pkgname}-${pkgver}"
+	sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in
+	patch -p1 -t -N < "${srcdir}/scdaemon_shared-access.patch"
+}
+
+build() {
+	cd "${srcdir}/${_pkgname}-${pkgver}"
+	./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--sbindir=/usr/bin \
+		--libexecdir=/usr/lib/gnupg \
+		--enable-maintainer-mode \
+		--enable-symcryptrun \
+
+	make
+}
+
+check() {
+	cd "${srcdir}/${_pkgname}-${pkgver}"
+	make check
+}
+
+package() {
+	cd "${srcdir}/${_pkgname}-${pkgver}"
+	make DESTDIR="${pkgdir}" install
+	ln -s gpg "${pkgdir}"/usr/bin/gpg2
+	ln -s gpgv "${pkgdir}"/usr/bin/gpgv2
+
+	cd doc/examples/systemd-user
+	for i in *.*; do
+		install -Dm644 "$i" "${pkgdir}/usr/lib/systemd/user/$i"
+	done
+}
diff --git a/install b/install
new file mode 100644
index 000000000000..95cb351edc4d
--- /dev/null
+++ b/install
@@ -0,0 +1,41 @@
+_global_units() {
+	_units=(dirmngr.socket gpg-agent.socket gpg-agent-{browser,extra,ssh}.socket)
+	_dir=/etc/systemd/user/sockets.target.wants
+
+	case $1 in
+		enable)
+			mkdir -p $_dir
+			for _u in "${_units[@]}"; do
+				ln -sf /usr/lib/systemd/user/$_u $_dir/$_u
+			done
+			;;
+		disable)
+			for _u in "${_units[@]}"; do
+				rm -f $_dir/$_u
+			done
+			rmdir -p --ignore-fail-on-non-empty $_dir
+			;;
+	esac
+}
+
+post_install() {
+	# See FS#42798 and FS#47371
+	dirmngr </dev/null &>/dev/null
+
+	# Let systemd supervise daemons by default
+	_global_units enable
+}
+
+post_upgrade() {
+	if (( $(vercmp $2 2.1.13-1) < 0 )); then
+		echo "==> Please kill running gpg-agent and dirmngr processes before using this release."
+	fi
+
+	if (( $(vercmp $2 2.1.21-3) < 0 )); then
+		_global_units enable
+	fi
+}
+
+pre_remove() {
+	_global_units disable
+}
diff --git a/scdaemon_shared-access.patch b/scdaemon_shared-access.patch
new file mode 100644
index 000000000000..36e772b874be
--- /dev/null
+++ b/scdaemon_shared-access.patch
@@ -0,0 +1,76 @@
+# Patch from GPGTools/MacGPG2 repo
+# https://github.com/GPGTools/MacGPG2/blob/dev/patches/gnupg/scdaemon_shared-access.patch
+# Add the option "shared-access" to scdaemon.
+# If set, pcsc_connect is called with PCSC_SHARE_SHARED instead of PCSC_SHARE_EXCLUSIVE.
+
+
+--- a/scd/apdu.c
++++ b/scd/apdu.c
+@@ -793,7 +793,7 @@ connect_pcsc_card (int slot)
+
+   err = pcsc_connect (reader_table[slot].pcsc.context,
+                       reader_table[slot].rdrname,
+-                      PCSC_SHARE_EXCLUSIVE,
++                      opt.shared_access ? PCSC_SHARE_SHARED : PCSC_SHARE_EXCLUSIVE,
+                       PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
+                       &reader_table[slot].pcsc.card,
+                       &reader_table[slot].pcsc.protocol);
+--- a/scd/scdaemon.c
++++ b/scd/scdaemon.c
+@@ -99,6 +99,7 @@ enum cmd_and_opt_values
+   oDenyAdmin,
+   oDisableApplication,
+   oEnablePinpadVarlen,
++  oSharedAccess,
+   oListenBacklog
+ };
+
+@@ -157,6 +158,8 @@ static ARGPARSE_OPTS opts[] = {
+                 N_("use variable length input for pinpad")),
+   ARGPARSE_s_s (oHomedir,    "homedir",      "@"),
+
++  ARGPARSE_s_n (oSharedAccess, "shared-access", N_("use PCSC_SHARE_SHARED for pcsc_connect")),
++
+   ARGPARSE_end ()
+ };
+
+@@ -597,6 +598,8 @@ main (int argc, char **argv )
+
+         case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break;
+
++        case oSharedAccess: opt.shared_access = 1; break;
++
+         default:
+           pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
+           break;
+@@ -695,6 +695,7 @@ main (int argc, char **argv )
+       es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE );
+       es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0);
+       es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE );
++      es_printf ("shared-access:%lu:\n", GC_OPT_FLAG_NONE );
+
+       scd_exit (0);
+     }
+--- a/scd/scdaemon.h
++++ b/scd/scdaemon.h
+@@ -62,6 +62,8 @@ struct
+   strlist_t disabled_applications;  /* Card applications we do not
+                                        want to use. */
+   unsigned long card_timeout; /* Disconnect after N seconds of inactivity.  */
++
++  int shared_access;
+ } opt;
+
+
+--- a/tools/gpgconf-comp.c
++++ b/tools/gpgconf-comp.c
+@@ -648,6 +648,9 @@ static gc_option_t gc_options_scdaemon[] =
+    { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+      "gnupg", "|N|disconnect the card after N seconds of inactivity",
+      GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
++   { "shared-access", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
++     "gnupg", "use PCSC_SHARE_SHARED for pcsc_connect",
++     GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
+
+    { "Debug",
+      GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,