[arch-commits] Commit in gnupg/repos (10 files)
Gaetan Bisson
bisson at archlinux.org
Thu Nov 13 05:48:56 UTC 2014
Date: Thursday, November 13, 2014 @ 06:48:56
Author: bisson
Revision: 226169
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
gnupg/repos/testing-i686/PKGBUILD
(from rev 226168, gnupg/trunk/PKGBUILD)
gnupg/repos/testing-i686/install
(from rev 226168, gnupg/trunk/install)
gnupg/repos/testing-i686/refresh-keys.patch
(from rev 226168, gnupg/trunk/refresh-keys.patch)
gnupg/repos/testing-x86_64/PKGBUILD
(from rev 226168, gnupg/trunk/PKGBUILD)
gnupg/repos/testing-x86_64/install
(from rev 226168, gnupg/trunk/install)
gnupg/repos/testing-x86_64/refresh-keys.patch
(from rev 226168, gnupg/trunk/refresh-keys.patch)
Deleted:
gnupg/repos/testing-i686/PKGBUILD
gnupg/repos/testing-i686/install
gnupg/repos/testing-x86_64/PKGBUILD
gnupg/repos/testing-x86_64/install
-----------------------------------+
/PKGBUILD | 126 +++++++++++++++++++
/install | 40 ++++++
testing-i686/PKGBUILD | 56 --------
testing-i686/install | 20 ---
testing-i686/refresh-keys.patch | 238 ++++++++++++++++++++++++++++++++++++
testing-x86_64/PKGBUILD | 56 --------
testing-x86_64/install | 20 ---
testing-x86_64/refresh-keys.patch | 238 ++++++++++++++++++++++++++++++++++++
8 files changed, 642 insertions(+), 152 deletions(-)
Deleted: testing-i686/PKGBUILD
===================================================================
--- testing-i686/PKGBUILD 2014-11-13 05:48:09 UTC (rev 226168)
+++ testing-i686/PKGBUILD 2014-11-13 05:48:56 UTC (rev 226169)
@@ -1,56 +0,0 @@
-# $Id$
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Tobias Powalowski <tpowa at archlinux.org>
-# Contributor: Andreas Radke <andyrtr at archlinux.org>
-# Contributor: Judd Vinet <jvinet at zeroflux.org>
-
-pkgname=gnupg
-pkgver=2.1.0
-pkgrel=2
-pkgdesc='Complete and free implementation of the OpenPGP standard'
-url='http://www.gnupg.org/'
-license=('GPL')
-arch=('i686' 'x86_64')
-optdepends=('curl: gpg2keys_curl'
- 'libldap: gpg2keys_ldap'
- 'libusb-compat: scdaemon')
-makedepends=('curl' 'libldap' 'libusb-compat')
-depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
- 'pinentry' 'bzip2' 'readline')
-source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig})
-sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP')
-
-install=install
-
-conflicts=('dirmngr' 'gnupg2')
-provides=('dirmngr' "gnupg2=${pkgver}")
-replaces=('dirmngr' 'gnupg2')
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- ./configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --sbindir=/usr/bin \
- --libexecdir=/usr/lib/gnupg \
- --enable-maintainer-mode \
- --enable-standard-socket \
- --enable-symcryptrun \
- --enable-gpgtar \
-
- make
-}
-
-check() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make check
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
- ln -s gpg2 "${pkgdir}"/usr/bin/gpg
- ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
- ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
- rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
-}
Copied: gnupg/repos/testing-i686/PKGBUILD (from rev 226168, gnupg/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2014-11-13 05:48:56 UTC (rev 226169)
@@ -0,0 +1,63 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Tobias Powalowski <tpowa at archlinux.org>
+# Contributor: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: Judd Vinet <jvinet at zeroflux.org>
+
+pkgname=gnupg
+pkgver=2.1.0
+pkgrel=3
+pkgdesc='Complete and free implementation of the OpenPGP standard'
+url='http://www.gnupg.org/'
+license=('GPL')
+arch=('i686' 'x86_64')
+optdepends=('curl: gpg2keys_curl'
+ 'libldap: gpg2keys_ldap'
+ 'libusb-compat: scdaemon')
+makedepends=('curl' 'libldap' 'libusb-compat')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+ 'pinentry' 'bzip2' 'readline')
+source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+ 'refresh-keys.patch')
+sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP'
+ '246bea8776882f4c0293685482558f6ead1cf902')
+
+install=install
+
+conflicts=('dirmngr' 'gnupg2')
+provides=('dirmngr' "gnupg2=${pkgver}")
+replaces=('dirmngr' 'gnupg2')
+
+prepare() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -p1 -i ../refresh-keys.patch
+}
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --sbindir=/usr/bin \
+ --libexecdir=/usr/lib/gnupg \
+ --enable-maintainer-mode \
+ --enable-standard-socket \
+ --enable-symcryptrun \
+ --enable-gpgtar \
+
+ make
+}
+
+check() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make check
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+ ln -s gpg2 "${pkgdir}"/usr/bin/gpg
+ ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
+ ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
+ rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
+}
Deleted: testing-i686/install
===================================================================
--- testing-i686/install 2014-11-13 05:48:09 UTC (rev 226168)
+++ testing-i686/install 2014-11-13 05:48:56 UTC (rev 226169)
@@ -1,20 +0,0 @@
-info_dir=/usr/share/info
-info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
-
-post_install() {
- [ -x usr/bin/install-info ] || return 0
- for f in ${info_files[@]}; do
- usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
- done
-}
-
-post_upgrade() {
- post_install $1
-}
-
-pre_remove() {
- [ -x usr/bin/install-info ] || return 0
- for f in ${info_files[@]}; do
- usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
- done
-}
Copied: gnupg/repos/testing-i686/install (from rev 226168, gnupg/trunk/install)
===================================================================
--- testing-i686/install (rev 0)
+++ testing-i686/install 2014-11-13 05:48:56 UTC (rev 226169)
@@ -0,0 +1,20 @@
+info_dir=/usr/share/info
+info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
+
+post_install() {
+ [ -x usr/bin/install-info ] || return 0
+ for f in ${info_files[@]}; do
+ usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+ done
+}
+
+post_upgrade() {
+ post_install $1
+}
+
+pre_remove() {
+ [ -x usr/bin/install-info ] || return 0
+ for f in ${info_files[@]}; do
+ usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+ done
+}
Copied: gnupg/repos/testing-i686/refresh-keys.patch (from rev 226168, gnupg/trunk/refresh-keys.patch)
===================================================================
--- testing-i686/refresh-keys.patch (rev 0)
+++ testing-i686/refresh-keys.patch 2014-11-13 05:48:56 UTC (rev 226169)
@@ -0,0 +1,238 @@
+From eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 12 Nov 2014 12:14:32 +0100
+Subject: [PATCH] gpg: Fix regression in --refresh-keys
+
+* g10/keyserver.c (keyserver_get): Factor all code out to ...
+(keyserver_get_chunk): new. Extimate line length.
+(keyserver_get): Split up requests into chunks.
+--
+
+Note that refreshing all keys still requires way to much memory
+because we build an in-memory list of all keys first. It is required
+to first get a list of all keys to avoid conflicts while updating the
+key store in the process of receiving keys. A better strategy would
+be a background process and tracking the last update in the key store.
+
+GnuPG-bug-id: 1755
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+ g10/call-dirmngr.c | 2 +-
+ g10/keyserver.c | 107 ++++++++++++++++++++++++++++++++++++++++++----------
+ 2 files changed, 89 insertions(+), 20 deletions(-)
+
+diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
+index 5bddbbe..71f5324 100644
+--- a/g10/call-dirmngr.c
++++ b/g10/call-dirmngr.c
+@@ -429,7 +429,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
+ error an error code is returned and NULL stored at R_FP.
+
+ The pattern may only use search specification which a keyserver can
+- use to retriev keys. Because we know the format of the pattern we
++ use to retrieve keys. Because we know the format of the pattern we
+ don't need to escape the patterns before sending them to the
+ server.
+
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 1b2e128..5bc1eba 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -1567,17 +1567,16 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
+ return err;
+ }
+
+-
+-
+-/* Retrieve a key from a keyserver. The search pattern are in
+- (DESC,NDESC). Allowed search modes are keyid, fingerprint, and
+- exact searches. KEYSERVER gives an optional override keyserver. If
+- (R_FPR,R_FPRLEN) are not NULL, the may retrun the fingerprint of
+- one imported key. */
++/* Helper for keyserver_get. Here we only receive a chunk of the
++ description to be processed in one batch. This is required due to
++ the limited number of patterns the dirmngr interface (KS_GET) can
++ grok and to limit the amount of temporary required memory. */
+ static gpg_error_t
+-keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+- struct keyserver_spec *keyserver,
+- unsigned char **r_fpr, size_t *r_fprlen)
++keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++ int *r_ndesc_used,
++ void *stats_handle,
++ struct keyserver_spec *keyserver,
++ unsigned char **r_fpr, size_t *r_fprlen)
+
+ {
+ gpg_error_t err = 0;
+@@ -1585,12 +1584,26 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ int idx, npat;
+ estream_t datastream;
+ char *source = NULL;
++ size_t linelen; /* Estimated linelen for KS_GET. */
++ size_t n;
++
++#define MAX_KS_GET_LINELEN 950 /* Somewhat lower than the real limit. */
++
++ *r_ndesc_used = 0;
+
+ /* Create an array filled with a search pattern for each key. The
+ array is delimited by a NULL entry. */
+ pattern = xtrycalloc (ndesc+1, sizeof *pattern);
+ if (!pattern)
+ return gpg_error_from_syserror ();
++
++ /* Note that we break the loop as soon as our estimation of the to
++ be used line length reaches the limit. But we do this only if we
++ have processed at leas one search requests so that an overlong
++ single request will be rejected only later by gpg_dirmngr_ks_get
++ but we are sure that R_NDESC_USED has been updated. This avoids
++ a possible indefinite loop. */
++ linelen = 9; /* "KS_GET --" */
+ for (npat=idx=0; idx < ndesc; idx++)
+ {
+ int quiet = 0;
+@@ -1598,7 +1611,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
+ || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+- pattern[npat] = xtrymalloc (2+2*20+1);
++ n = 1+2+2*20;
++ if (idx && linelen + n > MAX_KS_GET_LINELEN)
++ break; /* Declare end of this chunk. */
++ linelen += n;
++
++ pattern[npat] = xtrymalloc (n);
+ if (!pattern[npat])
+ err = gpg_error_from_syserror ();
+ else
+@@ -1612,6 +1630,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
++ n = 1+2+16;
++ if (idx && linelen + n > MAX_KS_GET_LINELEN)
++ break; /* Declare end of this chunk. */
++ linelen += n;
++
+ pattern[npat] = xtryasprintf ("0x%08lX%08lX",
+ (ulong)desc[idx].u.kid[0],
+ (ulong)desc[idx].u.kid[1]);
+@@ -1622,6 +1645,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
++ n = 1+2+8;
++ if (idx && linelen + n > MAX_KS_GET_LINELEN)
++ break; /* Declare end of this chunk. */
++ linelen += n;
++
+ pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
+ if (!pattern[npat])
+ err = gpg_error_from_syserror ();
+@@ -1630,11 +1658,17 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
+ {
+- /* The Dirmngr uses also classify_user_id to detect the type
++ /* The Dirmngr also uses classify_user_id to detect the type
+ of the search string. By adding the '=' prefix we force
+ Dirmngr's KS_GET to consider this an exact search string.
+ (In gpg 1.4 and gpg 2.0 the keyserver helpers used the
+ KS_GETNAME command to indicate this.) */
++
++ n = 1+1+strlen (desc[idx].u.name);
++ if (idx && linelen + n > MAX_KS_GET_LINELEN)
++ break; /* Declare end of this chunk. */
++ linelen += n;
++
+ pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
+ if (!pattern[npat])
+ err = gpg_error_from_syserror ();
+@@ -1669,6 +1703,9 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ }
+
++ /* Remember now many of search items were considered. Note that
++ this is different from NPAT. */
++ *r_ndesc_used = idx;
+
+ err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source);
+ for (idx=0; idx < npat; idx++)
+@@ -1679,11 +1716,8 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+
+ if (!err)
+ {
+- void *stats_handle;
+ struct ks_retrieval_screener_arg_s screenerarg;
+
+- stats_handle = import_new_stats_handle();
+-
+ /* FIXME: Check whether this comment should be moved to dirmngr.
+
+ Slurp up all the key data. In the future, it might be nice
+@@ -1697,15 +1731,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ keyservers. */
+
+ screenerarg.desc = desc;
+- screenerarg.ndesc = ndesc;
++ screenerarg.ndesc = *r_ndesc_used;
+ import_keys_es_stream (ctrl, datastream, stats_handle,
+ r_fpr, r_fprlen,
+ (opt.keyserver_options.import_options
+ | IMPORT_NO_SECKEY),
+ keyserver_retrieval_screener, &screenerarg);
+-
+- import_print_stats (stats_handle);
+- import_release_stats_handle (stats_handle);
+ }
+ es_fclose (datastream);
+ xfree (source);
+@@ -1714,6 +1745,44 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+
+
++/* Retrieve a key from a keyserver. The search pattern are in
++ (DESC,NDESC). Allowed search modes are keyid, fingerprint, and
++ exact searches. KEYSERVER gives an optional override keyserver. If
++ (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a
++ single imported key. */
++static gpg_error_t
++keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++ struct keyserver_spec *keyserver,
++ unsigned char **r_fpr, size_t *r_fprlen)
++{
++ gpg_error_t err;
++ void *stats_handle;
++ int ndesc_used;
++ int any_good = 0;
++
++ stats_handle = import_new_stats_handle();
++
++ for (;;)
++ {
++ err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
++ keyserver, r_fpr, r_fprlen);
++ if (!err)
++ any_good = 1;
++ if (err || ndesc_used >= ndesc)
++ break; /* Error or all processed. */
++ /* Prepare for the next chunk. */
++ desc += ndesc_used;
++ ndesc -= ndesc_used;
++ }
++
++ if (any_good)
++ import_print_stats (stats_handle);
++
++ import_release_stats_handle (stats_handle);
++ return err;
++}
++
++
+ /* Send all keys specified by KEYSPECS to the KEYSERVERS. */
+ static gpg_error_t
+ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
+--
+1.7.10.4
+
Deleted: testing-x86_64/PKGBUILD
===================================================================
--- testing-x86_64/PKGBUILD 2014-11-13 05:48:09 UTC (rev 226168)
+++ testing-x86_64/PKGBUILD 2014-11-13 05:48:56 UTC (rev 226169)
@@ -1,56 +0,0 @@
-# $Id$
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Tobias Powalowski <tpowa at archlinux.org>
-# Contributor: Andreas Radke <andyrtr at archlinux.org>
-# Contributor: Judd Vinet <jvinet at zeroflux.org>
-
-pkgname=gnupg
-pkgver=2.1.0
-pkgrel=2
-pkgdesc='Complete and free implementation of the OpenPGP standard'
-url='http://www.gnupg.org/'
-license=('GPL')
-arch=('i686' 'x86_64')
-optdepends=('curl: gpg2keys_curl'
- 'libldap: gpg2keys_ldap'
- 'libusb-compat: scdaemon')
-makedepends=('curl' 'libldap' 'libusb-compat')
-depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
- 'pinentry' 'bzip2' 'readline')
-source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig})
-sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP')
-
-install=install
-
-conflicts=('dirmngr' 'gnupg2')
-provides=('dirmngr' "gnupg2=${pkgver}")
-replaces=('dirmngr' 'gnupg2')
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- ./configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --sbindir=/usr/bin \
- --libexecdir=/usr/lib/gnupg \
- --enable-maintainer-mode \
- --enable-standard-socket \
- --enable-symcryptrun \
- --enable-gpgtar \
-
- make
-}
-
-check() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make check
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
- ln -s gpg2 "${pkgdir}"/usr/bin/gpg
- ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
- ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
- rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
-}
Copied: gnupg/repos/testing-x86_64/PKGBUILD (from rev 226168, gnupg/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2014-11-13 05:48:56 UTC (rev 226169)
@@ -0,0 +1,63 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Tobias Powalowski <tpowa at archlinux.org>
+# Contributor: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: Judd Vinet <jvinet at zeroflux.org>
+
+pkgname=gnupg
+pkgver=2.1.0
+pkgrel=3
+pkgdesc='Complete and free implementation of the OpenPGP standard'
+url='http://www.gnupg.org/'
+license=('GPL')
+arch=('i686' 'x86_64')
+optdepends=('curl: gpg2keys_curl'
+ 'libldap: gpg2keys_ldap'
+ 'libusb-compat: scdaemon')
+makedepends=('curl' 'libldap' 'libusb-compat')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+ 'pinentry' 'bzip2' 'readline')
+source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+ 'refresh-keys.patch')
+sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP'
+ '246bea8776882f4c0293685482558f6ead1cf902')
+
+install=install
+
+conflicts=('dirmngr' 'gnupg2')
+provides=('dirmngr' "gnupg2=${pkgver}")
+replaces=('dirmngr' 'gnupg2')
+
+prepare() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -p1 -i ../refresh-keys.patch
+}
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --sbindir=/usr/bin \
+ --libexecdir=/usr/lib/gnupg \
+ --enable-maintainer-mode \
+ --enable-standard-socket \
+ --enable-symcryptrun \
+ --enable-gpgtar \
+
+ make
+}
+
+check() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make check
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+ ln -s gpg2 "${pkgdir}"/usr/bin/gpg
+ ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
+ ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
+ rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
+}
Deleted: testing-x86_64/install
===================================================================
--- testing-x86_64/install 2014-11-13 05:48:09 UTC (rev 226168)
+++ testing-x86_64/install 2014-11-13 05:48:56 UTC (rev 226169)
@@ -1,20 +0,0 @@
-info_dir=/usr/share/info
-info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
-
-post_install() {
- [ -x usr/bin/install-info ] || return 0
- for f in ${info_files[@]}; do
- usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
- done
-}
-
-post_upgrade() {
- post_install $1
-}
-
-pre_remove() {
- [ -x usr/bin/install-info ] || return 0
- for f in ${info_files[@]}; do
- usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
- done
-}
Copied: gnupg/repos/testing-x86_64/install (from rev 226168, gnupg/trunk/install)
===================================================================
--- testing-x86_64/install (rev 0)
+++ testing-x86_64/install 2014-11-13 05:48:56 UTC (rev 226169)
@@ -0,0 +1,20 @@
+info_dir=/usr/share/info
+info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
+
+post_install() {
+ [ -x usr/bin/install-info ] || return 0
+ for f in ${info_files[@]}; do
+ usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+ done
+}
+
+post_upgrade() {
+ post_install $1
+}
+
+pre_remove() {
+ [ -x usr/bin/install-info ] || return 0
+ for f in ${info_files[@]}; do
+ usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+ done
+}
Copied: gnupg/repos/testing-x86_64/refresh-keys.patch (from rev 226168, gnupg/trunk/refresh-keys.patch)
===================================================================
--- testing-x86_64/refresh-keys.patch (rev 0)
+++ testing-x86_64/refresh-keys.patch 2014-11-13 05:48:56 UTC (rev 226169)
@@ -0,0 +1,238 @@
+From eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 12 Nov 2014 12:14:32 +0100
+Subject: [PATCH] gpg: Fix regression in --refresh-keys
+
+* g10/keyserver.c (keyserver_get): Factor all code out to ...
+(keyserver_get_chunk): new. Extimate line length.
+(keyserver_get): Split up requests into chunks.
+--
+
+Note that refreshing all keys still requires way to much memory
+because we build an in-memory list of all keys first. It is required
+to first get a list of all keys to avoid conflicts while updating the
+key store in the process of receiving keys. A better strategy would
+be a background process and tracking the last update in the key store.
+
+GnuPG-bug-id: 1755
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+ g10/call-dirmngr.c | 2 +-
+ g10/keyserver.c | 107 ++++++++++++++++++++++++++++++++++++++++++----------
+ 2 files changed, 89 insertions(+), 20 deletions(-)
+
+diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
+index 5bddbbe..71f5324 100644
+--- a/g10/call-dirmngr.c
++++ b/g10/call-dirmngr.c
+@@ -429,7 +429,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
+ error an error code is returned and NULL stored at R_FP.
+
+ The pattern may only use search specification which a keyserver can
+- use to retriev keys. Because we know the format of the pattern we
++ use to retrieve keys. Because we know the format of the pattern we
+ don't need to escape the patterns before sending them to the
+ server.
+
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 1b2e128..5bc1eba 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -1567,17 +1567,16 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
+ return err;
+ }
+
+-
+-
+-/* Retrieve a key from a keyserver. The search pattern are in
+- (DESC,NDESC). Allowed search modes are keyid, fingerprint, and
+- exact searches. KEYSERVER gives an optional override keyserver. If
+- (R_FPR,R_FPRLEN) are not NULL, the may retrun the fingerprint of
+- one imported key. */
++/* Helper for keyserver_get. Here we only receive a chunk of the
++ description to be processed in one batch. This is required due to
++ the limited number of patterns the dirmngr interface (KS_GET) can
++ grok and to limit the amount of temporary required memory. */
+ static gpg_error_t
+-keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+- struct keyserver_spec *keyserver,
+- unsigned char **r_fpr, size_t *r_fprlen)
++keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++ int *r_ndesc_used,
++ void *stats_handle,
++ struct keyserver_spec *keyserver,
++ unsigned char **r_fpr, size_t *r_fprlen)
+
+ {
+ gpg_error_t err = 0;
+@@ -1585,12 +1584,26 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ int idx, npat;
+ estream_t datastream;
+ char *source = NULL;
++ size_t linelen; /* Estimated linelen for KS_GET. */
++ size_t n;
++
++#define MAX_KS_GET_LINELEN 950 /* Somewhat lower than the real limit. */
++
++ *r_ndesc_used = 0;
+
+ /* Create an array filled with a search pattern for each key. The
+ array is delimited by a NULL entry. */
+ pattern = xtrycalloc (ndesc+1, sizeof *pattern);
+ if (!pattern)
+ return gpg_error_from_syserror ();
++
++ /* Note that we break the loop as soon as our estimation of the to
++ be used line length reaches the limit. But we do this only if we
++ have processed at leas one search requests so that an overlong
++ single request will be rejected only later by gpg_dirmngr_ks_get
++ but we are sure that R_NDESC_USED has been updated. This avoids
++ a possible indefinite loop. */
++ linelen = 9; /* "KS_GET --" */
+ for (npat=idx=0; idx < ndesc; idx++)
+ {
+ int quiet = 0;
+@@ -1598,7 +1611,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
+ || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+- pattern[npat] = xtrymalloc (2+2*20+1);
++ n = 1+2+2*20;
++ if (idx && linelen + n > MAX_KS_GET_LINELEN)
++ break; /* Declare end of this chunk. */
++ linelen += n;
++
++ pattern[npat] = xtrymalloc (n);
+ if (!pattern[npat])
+ err = gpg_error_from_syserror ();
+ else
+@@ -1612,6 +1630,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
++ n = 1+2+16;
++ if (idx && linelen + n > MAX_KS_GET_LINELEN)
++ break; /* Declare end of this chunk. */
++ linelen += n;
++
+ pattern[npat] = xtryasprintf ("0x%08lX%08lX",
+ (ulong)desc[idx].u.kid[0],
+ (ulong)desc[idx].u.kid[1]);
+@@ -1622,6 +1645,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
++ n = 1+2+8;
++ if (idx && linelen + n > MAX_KS_GET_LINELEN)
++ break; /* Declare end of this chunk. */
++ linelen += n;
++
+ pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
+ if (!pattern[npat])
+ err = gpg_error_from_syserror ();
+@@ -1630,11 +1658,17 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
+ {
+- /* The Dirmngr uses also classify_user_id to detect the type
++ /* The Dirmngr also uses classify_user_id to detect the type
+ of the search string. By adding the '=' prefix we force
+ Dirmngr's KS_GET to consider this an exact search string.
+ (In gpg 1.4 and gpg 2.0 the keyserver helpers used the
+ KS_GETNAME command to indicate this.) */
++
++ n = 1+1+strlen (desc[idx].u.name);
++ if (idx && linelen + n > MAX_KS_GET_LINELEN)
++ break; /* Declare end of this chunk. */
++ linelen += n;
++
+ pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
+ if (!pattern[npat])
+ err = gpg_error_from_syserror ();
+@@ -1669,6 +1703,9 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ }
+
++ /* Remember now many of search items were considered. Note that
++ this is different from NPAT. */
++ *r_ndesc_used = idx;
+
+ err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source);
+ for (idx=0; idx < npat; idx++)
+@@ -1679,11 +1716,8 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+
+ if (!err)
+ {
+- void *stats_handle;
+ struct ks_retrieval_screener_arg_s screenerarg;
+
+- stats_handle = import_new_stats_handle();
+-
+ /* FIXME: Check whether this comment should be moved to dirmngr.
+
+ Slurp up all the key data. In the future, it might be nice
+@@ -1697,15 +1731,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ keyservers. */
+
+ screenerarg.desc = desc;
+- screenerarg.ndesc = ndesc;
++ screenerarg.ndesc = *r_ndesc_used;
+ import_keys_es_stream (ctrl, datastream, stats_handle,
+ r_fpr, r_fprlen,
+ (opt.keyserver_options.import_options
+ | IMPORT_NO_SECKEY),
+ keyserver_retrieval_screener, &screenerarg);
+-
+- import_print_stats (stats_handle);
+- import_release_stats_handle (stats_handle);
+ }
+ es_fclose (datastream);
+ xfree (source);
+@@ -1714,6 +1745,44 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+
+
++/* Retrieve a key from a keyserver. The search pattern are in
++ (DESC,NDESC). Allowed search modes are keyid, fingerprint, and
++ exact searches. KEYSERVER gives an optional override keyserver. If
++ (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a
++ single imported key. */
++static gpg_error_t
++keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++ struct keyserver_spec *keyserver,
++ unsigned char **r_fpr, size_t *r_fprlen)
++{
++ gpg_error_t err;
++ void *stats_handle;
++ int ndesc_used;
++ int any_good = 0;
++
++ stats_handle = import_new_stats_handle();
++
++ for (;;)
++ {
++ err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
++ keyserver, r_fpr, r_fprlen);
++ if (!err)
++ any_good = 1;
++ if (err || ndesc_used >= ndesc)
++ break; /* Error or all processed. */
++ /* Prepare for the next chunk. */
++ desc += ndesc_used;
++ ndesc -= ndesc_used;
++ }
++
++ if (any_good)
++ import_print_stats (stats_handle);
++
++ import_release_stats_handle (stats_handle);
++ return err;
++}
++
++
+ /* Send all keys specified by KEYSPECS to the KEYSERVERS. */
+ static gpg_error_t
+ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
+--
+1.7.10.4
+
More information about the arch-commits
mailing list