Updated: 2.2.20

author: GoliathLabs 2020-05-12 14:50:15 +0200
committer: GoliathLabs 2020-05-12 14:50:15 +0200
commit: a30afac7bfb1bf3147bd22099509838be56b3e54 (patch)
tree: 3708179aa49f788a2186be51ebe3552d7d1f078c
parent: c5c619e316bc1d0953f6831ebd7abaeafda8b624 (diff)
download: aur-a30afac7bfb1bf3147bd22099509838be56b3e54.tar.gz
5 files changed, 121 insertions, 69 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 42e0ba386eca..716220510db8 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,39 +1,48 @@
-# Generated by mksrcinfo v8
-# Sun Jul 17 21:05:43 UTC 2016
 pkgbase = gnupg-largekeys
 	pkgdesc = Complete and free implementation of the OpenPGP standard
-	pkgver = 2.0.30
+	pkgver = 2.2.20
 	pkgrel = 1
-	url = http://www.gnupg.org/
-	install = install
+	url = https://www.gnupg.org/
+	install = gnupg.install
 	arch = i686
 	arch = x86_64
 	license = GPL
-	makedepends = curl
+	checkdepends = openssh
 	makedepends = libldap
 	makedepends = libusb-compat
-	depends = bzip2
-	depends = libksba
+	makedepends = pcsclite
+	depends = npth
+	depends = libgpg-error
 	depends = libgcrypt
-	depends = pth
+	depends = libksba
 	depends = libassuan
-	depends = readline
 	depends = pinentry
-	depends = dirmngr
-	optdepends = curl: gpg2keys_curl
+	depends = bzip2
+	depends = readline
+	depends = gnutls
+	depends = sqlite
 	optdepends = libldap: gpg2keys_ldap
 	optdepends = libusb-compat: scdaemon
-	provides = gnupg2=2.0.30
-	provides = gnupg=2.0.30
+	optdepends = pcsclite: scdaemon
+	provides = gnupg2=2.2.20
+	provides = gnupg=2.2.20
 	conflicts = gnupg2
 	conflicts = gnupg
 	replaces = gnupg2
 	replaces = gnupg
-	source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.30.tar.bz2
+	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2
+	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2.sig
 	source = gnupg2-large-keys.patch
-	source = install
-	sha256sums = e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71
-	sha256sums = 189c33de215b3a026175f9fbaa1dac82fdc30b6c9dbfa5aafa9027af401f6fc5
+	source = self-sigs-only.patch
+	source = gnupg.install
+	validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
+	validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959
+	validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06
+	validpgpkeys = 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
+	sha256sums = 04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30
+	sha256sums = SKIP
+	sha256sums = 78ff880f5ab363415a4bcdc704c8a4afecc39d6bac37f4ebe53bf2e8354c2d62
+	sha256sums = 0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218
 	sha256sums = ab1406c54804692dcc8144fc01a90ffd27250a3b53a89b0ab8a5cb2807fe6423
 
 pkgname = gnupg-largekeys
diff --git a/PKGBUILD b/PKGBUILD
index 70945a6a5115..e8e638644395 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,35 +1,40 @@
 # $Id$
-# Maintainer: Ido Rosen <ido@kernel.org>
+# Maintainer: Felix Golatofski <contact@xdfr.de>
+# Contributor: Ido Rosen <ido@kernel.org>
 # Contributor: Gaetan Bisson <bisson@archlinux.org>
 # Contributor: Tobias Powalowski <tpowa@archlinux.org>
 # Contributor: Andreas Radke <andyrtr@archlinux.org>
 # Contributor: Judd Vinet <jvinet@zeroflux.org>
-#
-# NOTE: To request changes to this package, please submit a pull request
-#       to the GitHub repository at https://github.com/ido/packages-archlinux
-#       Otherwise, open a GitHub issue.  Thank you! -Ido
-#
 
 pkgname=gnupg-largekeys
-pkgver=2.0.30
+pkgver=2.2.20
 pkgrel=1
 pkgdesc='Complete and free implementation of the OpenPGP standard'
-url='http://www.gnupg.org/'
+url='https://www.gnupg.org/'
 license=('GPL')
 arch=('i686' 'x86_64')
-optdepends=('curl: gpg2keys_curl'
-            'libldap: gpg2keys_ldap'
-            'libusb-compat: scdaemon')
-makedepends=('curl' 'libldap' 'libusb-compat')
-depends=('bzip2' 'libksba' 'libgcrypt' 'pth' 'libassuan' 'readline' 'pinentry' 'dirmngr')
-source=("ftp://ftp.gnupg.org/gcrypt/${pkgname%%-largekeys}/${pkgname%%-largekeys}-${pkgver}.tar.bz2"
+checkdepends=('openssh')
+makedepends=('libldap' 'libusb-compat' 'pcsclite')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+         'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite')
+optdepends=('libldap: gpg2keys_ldap'
+            'libusb-compat: scdaemon'
+            'pcsclite: scdaemon')
+validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
+              '46CC730865BB5C78EBABADCF04376F3EE0856959'
+              '031EC2536E580D8EA286A9F22071B08A33BD3F06'
+              '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28')
+source=("https://gnupg.org/ftp/gcrypt/${pkgname%%-largekeys}/${pkgname%%-largekeys}-${pkgver}.tar.bz2"{,.sig}
         'gnupg2-large-keys.patch'
-        'install')
-sha256sums=('e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71'
-            '189c33de215b3a026175f9fbaa1dac82fdc30b6c9dbfa5aafa9027af401f6fc5'
+	'self-sigs-only.patch'
+        'gnupg.install')
+sha256sums=('04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30'
+            'SKIP'
+            '78ff880f5ab363415a4bcdc704c8a4afecc39d6bac37f4ebe53bf2e8354c2d62'
+            '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218'
             'ab1406c54804692dcc8144fc01a90ffd27250a3b53a89b0ab8a5cb2807fe6423')
 
-install=install
+install=gnupg.install
 
 conflicts=('gnupg2' 'gnupg')
 provides=("gnupg2=${pkgver}" "gnupg=${pkgver}")
@@ -37,6 +42,8 @@ replaces=('gnupg2' 'gnupg')
 
 prepare() {
 	cd "${srcdir}/${pkgname%%-largekeys}-${pkgver}"
+	sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in
+	patch -R -p1 -i ../self-sigs-only.patch
 	patch -p1 -i ../gnupg2-large-keys.patch
 }
 
@@ -64,8 +71,11 @@ check() {
 package() {
 	cd "${srcdir}/${pkgname%%-largekeys}-${pkgver}"
 	make DESTDIR="${pkgdir}" install
-	ln -s gpg2 "${pkgdir}"/usr/bin/gpg
-	ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
-	ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
-	rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
+	ln -s gpg "${pkgdir}"/usr/bin/gpg2
+	ln -s gpgv "${pkgdir}"/usr/bin/gpgv2
+
+	cd doc/examples/systemd-user
+	for i in *.*; do
+		install -Dm644 "$i" "${pkgdir}/usr/lib/systemd/user/$i"
+	done
 }
diff --git a/install b/gnupg.install
index 31ccfdf18b21..31ccfdf18b21 100644
--- a/install
+++ b/gnupg.install
diff --git a/gnupg2-large-keys.patch b/gnupg2-large-keys.patch
index 4bcda13106cd..b96da7fe12e8 100644
--- a/gnupg2-large-keys.patch
+++ b/gnupg2-large-keys.patch
@@ -1,35 +1,12 @@
-diff --git a/configure b/configure
-index d974ec3..bda0b0f 100755
---- a/configure
-+++ b/configure
-@@ -5307,7 +5307,7 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $large_secmem" >&5
- $as_echo "$large_secmem" >&6; }
- if test "$large_secmem" = yes ; then
--   SECMEM_BUFFER_SIZE=65536
-+   SECMEM_BUFFER_SIZE=131072
- else
-    SECMEM_BUFFER_SIZE=32768
- fi
 diff --git a/g10/keygen.c b/g10/keygen.c
 index 560480d..7a89c05 100644
 --- a/g10/keygen.c
 +++ b/g10/keygen.c
-@@ -1429,7 +1429,7 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
-   PKT_secret_key *sk;
-   PKT_public_key *pk;
-   gcry_sexp_t s_parms, s_key;
+@@ -1644,7 +1644,7 @@
+   int err;
+   char *keyparms;
+   char nbitsstr[35];
 -  const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
 +  const unsigned maxsize = (opt.flags.large_rsa ? 65535 : 4096);
- 
-   assert (is_RSA(algo));
- 
-@@ -1798,7 +1798,7 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
- static unsigned
- ask_keysize (int algo, unsigned int primary_keysize)
- {
--  unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
-+  unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=65535;
-   int for_subkey = !!primary_keysize;
-   int autocomp = 0;
- 
+
+   log_assert (is_RSA(algo));
diff --git a/self-sigs-only.patch b/self-sigs-only.patch
new file mode 100644
index 000000000000..3d7406301474
--- /dev/null
+++ b/self-sigs-only.patch
@@ -0,0 +1,56 @@
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200)
+Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93
+
+gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+
+* g10/gpg.c (main): Change default.
+--
+
+Due to the DoS attack on the keyeservers we do not anymore default to
+import key signatures.  That makes the keyserver unsuable for getting
+keys for the WoT but it still allows to retriev keys - even if that
+takes long to download the large keyblocks.
+
+To revert to the old behavior add
+
+  keyserver-optiions  no-self-sigs-only,no-import-clean
+
+to gpg.conf.
+
+GnuPG-bug-id: 4607
+Signed-off-by: Werner Koch <wk@gnupg.org>
+---
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 8feab8218..9513a4e0f 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are:
+ 
+ @end table
+ 
++The default list of options is: "self-sigs-only, import-clean,
++repair-keys, repair-pks-subkey-bug, export-attributes,
++honor-pka-record".
++
++
+ @item --completes-needed @var{n}
+ @opindex compliant-needed
+ Number of completely trusted users to introduce a new
+diff --git a/g10/gpg.c b/g10/gpg.c
+index 66e47dde5..0bbe72394 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2424,7 +2424,9 @@ main (int argc, char **argv)
+     opt.import_options = IMPORT_REPAIR_KEYS;
+     opt.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+-					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);
++					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
++                                            | IMPORT_SELF_SIGS_ONLY
++                                            | IMPORT_CLEAN);
+     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+     opt.verify_options = (LIST_SHOW_UID_VALIDITY
author	GoliathLabs	2020-05-12 14:50:15 +0200
committer	GoliathLabs	2020-05-12 14:50:15 +0200
commit	a30afac7bfb1bf3147bd22099509838be56b3e54 (patch)
tree	3708179aa49f788a2186be51ebe3552d7d1f078c
parent	c5c619e316bc1d0953f6831ebd7abaeafda8b624 (diff)
download	aur-a30afac7bfb1bf3147bd22099509838be56b3e54.tar.gz