diff options
author | GoliathLabs | 2020-05-12 14:50:15 +0200 |
---|---|---|
committer | GoliathLabs | 2020-05-12 14:50:15 +0200 |
commit | a30afac7bfb1bf3147bd22099509838be56b3e54 (patch) | |
tree | 3708179aa49f788a2186be51ebe3552d7d1f078c | |
parent | c5c619e316bc1d0953f6831ebd7abaeafda8b624 (diff) | |
download | aur-a30afac7bfb1bf3147bd22099509838be56b3e54.tar.gz |
Updated: 2.2.20
-rw-r--r-- | .SRCINFO | 45 | ||||
-rw-r--r-- | PKGBUILD | 54 | ||||
-rw-r--r-- | gnupg.install (renamed from install) | 0 | ||||
-rw-r--r-- | gnupg2-large-keys.patch | 35 | ||||
-rw-r--r-- | self-sigs-only.patch | 56 |
5 files changed, 121 insertions, 69 deletions
@@ -1,39 +1,48 @@ -# Generated by mksrcinfo v8 -# Sun Jul 17 21:05:43 UTC 2016 pkgbase = gnupg-largekeys pkgdesc = Complete and free implementation of the OpenPGP standard - pkgver = 2.0.30 + pkgver = 2.2.20 pkgrel = 1 - url = http://www.gnupg.org/ - install = install + url = https://www.gnupg.org/ + install = gnupg.install arch = i686 arch = x86_64 license = GPL - makedepends = curl + checkdepends = openssh makedepends = libldap makedepends = libusb-compat - depends = bzip2 - depends = libksba + makedepends = pcsclite + depends = npth + depends = libgpg-error depends = libgcrypt - depends = pth + depends = libksba depends = libassuan - depends = readline depends = pinentry - depends = dirmngr - optdepends = curl: gpg2keys_curl + depends = bzip2 + depends = readline + depends = gnutls + depends = sqlite optdepends = libldap: gpg2keys_ldap optdepends = libusb-compat: scdaemon - provides = gnupg2=2.0.30 - provides = gnupg=2.0.30 + optdepends = pcsclite: scdaemon + provides = gnupg2=2.2.20 + provides = gnupg=2.2.20 conflicts = gnupg2 conflicts = gnupg replaces = gnupg2 replaces = gnupg - source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.30.tar.bz2 + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2 + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2.sig source = gnupg2-large-keys.patch - source = install - sha256sums = e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 - sha256sums = 189c33de215b3a026175f9fbaa1dac82fdc30b6c9dbfa5aafa9027af401f6fc5 + source = self-sigs-only.patch + source = gnupg.install + validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 + validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959 + validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06 + validpgpkeys = 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 + sha256sums = 04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30 + sha256sums = SKIP + sha256sums = 78ff880f5ab363415a4bcdc704c8a4afecc39d6bac37f4ebe53bf2e8354c2d62 + sha256sums = 0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218 sha256sums = ab1406c54804692dcc8144fc01a90ffd27250a3b53a89b0ab8a5cb2807fe6423 pkgname = gnupg-largekeys @@ -1,35 +1,40 @@ # $Id$ -# Maintainer: Ido Rosen <ido@kernel.org> +# Maintainer: Felix Golatofski <contact@xdfr.de> +# Contributor: Ido Rosen <ido@kernel.org> # Contributor: Gaetan Bisson <bisson@archlinux.org> # Contributor: Tobias Powalowski <tpowa@archlinux.org> # Contributor: Andreas Radke <andyrtr@archlinux.org> # Contributor: Judd Vinet <jvinet@zeroflux.org> -# -# NOTE: To request changes to this package, please submit a pull request -# to the GitHub repository at https://github.com/ido/packages-archlinux -# Otherwise, open a GitHub issue. Thank you! -Ido -# pkgname=gnupg-largekeys -pkgver=2.0.30 +pkgver=2.2.20 pkgrel=1 pkgdesc='Complete and free implementation of the OpenPGP standard' -url='http://www.gnupg.org/' +url='https://www.gnupg.org/' license=('GPL') arch=('i686' 'x86_64') -optdepends=('curl: gpg2keys_curl' - 'libldap: gpg2keys_ldap' - 'libusb-compat: scdaemon') -makedepends=('curl' 'libldap' 'libusb-compat') -depends=('bzip2' 'libksba' 'libgcrypt' 'pth' 'libassuan' 'readline' 'pinentry' 'dirmngr') -source=("ftp://ftp.gnupg.org/gcrypt/${pkgname%%-largekeys}/${pkgname%%-largekeys}-${pkgver}.tar.bz2" +checkdepends=('openssh') +makedepends=('libldap' 'libusb-compat' 'pcsclite') +depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' + 'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite') +optdepends=('libldap: gpg2keys_ldap' + 'libusb-compat: scdaemon' + 'pcsclite: scdaemon') +validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' + '46CC730865BB5C78EBABADCF04376F3EE0856959' + '031EC2536E580D8EA286A9F22071B08A33BD3F06' + '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28') +source=("https://gnupg.org/ftp/gcrypt/${pkgname%%-largekeys}/${pkgname%%-largekeys}-${pkgver}.tar.bz2"{,.sig} 'gnupg2-large-keys.patch' - 'install') -sha256sums=('e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71' - '189c33de215b3a026175f9fbaa1dac82fdc30b6c9dbfa5aafa9027af401f6fc5' + 'self-sigs-only.patch' + 'gnupg.install') +sha256sums=('04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30' + 'SKIP' + '78ff880f5ab363415a4bcdc704c8a4afecc39d6bac37f4ebe53bf2e8354c2d62' + '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218' 'ab1406c54804692dcc8144fc01a90ffd27250a3b53a89b0ab8a5cb2807fe6423') -install=install +install=gnupg.install conflicts=('gnupg2' 'gnupg') provides=("gnupg2=${pkgver}" "gnupg=${pkgver}") @@ -37,6 +42,8 @@ replaces=('gnupg2' 'gnupg') prepare() { cd "${srcdir}/${pkgname%%-largekeys}-${pkgver}" + sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in + patch -R -p1 -i ../self-sigs-only.patch patch -p1 -i ../gnupg2-large-keys.patch } @@ -64,8 +71,11 @@ check() { package() { cd "${srcdir}/${pkgname%%-largekeys}-${pkgver}" make DESTDIR="${pkgdir}" install - ln -s gpg2 "${pkgdir}"/usr/bin/gpg - ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv - ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz - rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059 + ln -s gpg "${pkgdir}"/usr/bin/gpg2 + ln -s gpgv "${pkgdir}"/usr/bin/gpgv2 + + cd doc/examples/systemd-user + for i in *.*; do + install -Dm644 "$i" "${pkgdir}/usr/lib/systemd/user/$i" + done } diff --git a/install b/gnupg.install index 31ccfdf18b21..31ccfdf18b21 100644 --- a/install +++ b/gnupg.install diff --git a/gnupg2-large-keys.patch b/gnupg2-large-keys.patch index 4bcda13106cd..b96da7fe12e8 100644 --- a/gnupg2-large-keys.patch +++ b/gnupg2-large-keys.patch @@ -1,35 +1,12 @@ -diff --git a/configure b/configure -index d974ec3..bda0b0f 100755 ---- a/configure -+++ b/configure -@@ -5307,7 +5307,7 @@ fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $large_secmem" >&5 - $as_echo "$large_secmem" >&6; } - if test "$large_secmem" = yes ; then -- SECMEM_BUFFER_SIZE=65536 -+ SECMEM_BUFFER_SIZE=131072 - else - SECMEM_BUFFER_SIZE=32768 - fi diff --git a/g10/keygen.c b/g10/keygen.c index 560480d..7a89c05 100644 --- a/g10/keygen.c +++ b/g10/keygen.c -@@ -1429,7 +1429,7 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, - PKT_secret_key *sk; - PKT_public_key *pk; - gcry_sexp_t s_parms, s_key; +@@ -1644,7 +1644,7 @@ + int err; + char *keyparms; + char nbitsstr[35]; - const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096); + const unsigned maxsize = (opt.flags.large_rsa ? 65535 : 4096); - - assert (is_RSA(algo)); - -@@ -1798,7 +1798,7 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage) - static unsigned - ask_keysize (int algo, unsigned int primary_keysize) - { -- unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096; -+ unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=65535; - int for_subkey = !!primary_keysize; - int autocomp = 0; - + + log_assert (is_RSA(algo)); diff --git a/self-sigs-only.patch b/self-sigs-only.patch new file mode 100644 index 000000000000..3d7406301474 --- /dev/null +++ b/self-sigs-only.patch @@ -0,0 +1,56 @@ +From: Werner Koch <wk@gnupg.org> +Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200) +Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93 + +gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. + +* g10/gpg.c (main): Change default. +-- + +Due to the DoS attack on the keyeservers we do not anymore default to +import key signatures. That makes the keyserver unsuable for getting +keys for the WoT but it still allows to retriev keys - even if that +takes long to download the large keyblocks. + +To revert to the old behavior add + + keyserver-optiions no-self-sigs-only,no-import-clean + +to gpg.conf. + +GnuPG-bug-id: 4607 +Signed-off-by: Werner Koch <wk@gnupg.org> +--- + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 8feab8218..9513a4e0f 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are: + + @end table + ++The default list of options is: "self-sigs-only, import-clean, ++repair-keys, repair-pks-subkey-bug, export-attributes, ++honor-pka-record". ++ ++ + @item --completes-needed @var{n} + @opindex compliant-needed + Number of completely trusted users to introduce a new +diff --git a/g10/gpg.c b/g10/gpg.c +index 66e47dde5..0bbe72394 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2424,7 +2424,9 @@ main (int argc, char **argv) + opt.import_options = IMPORT_REPAIR_KEYS; + opt.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS +- | IMPORT_REPAIR_PKS_SUBKEY_BUG); ++ | IMPORT_REPAIR_PKS_SUBKEY_BUG ++ | IMPORT_SELF_SIGS_ONLY ++ | IMPORT_CLEAN); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY |