[arch-commits] Commit in gnupg/repos (14 files)

Gaetan Bisson bisson at archlinux.org
Tue Nov 25 01:56:18 UTC 2014


    Date: Tuesday, November 25, 2014 @ 02:56:18
  Author: bisson
Revision: 227074

db-move: moved gnupg from [testing] to [core] (i686, x86_64)

Added:
  gnupg/repos/core-i686/PKGBUILD
    (from rev 227072, gnupg/repos/testing-i686/PKGBUILD)
  gnupg/repos/core-i686/install
    (from rev 227072, gnupg/repos/testing-i686/install)
  gnupg/repos/core-i686/refresh-keys.patch
    (from rev 227072, gnupg/repos/testing-i686/refresh-keys.patch)
  gnupg/repos/core-x86_64/PKGBUILD
    (from rev 227072, gnupg/repos/testing-x86_64/PKGBUILD)
  gnupg/repos/core-x86_64/install
    (from rev 227072, gnupg/repos/testing-x86_64/install)
  gnupg/repos/core-x86_64/refresh-keys.patch
    (from rev 227072, gnupg/repos/testing-x86_64/refresh-keys.patch)
Deleted:
  gnupg/repos/core-i686/PKGBUILD
  gnupg/repos/core-i686/PKGBUILD.21
  gnupg/repos/core-i686/install
  gnupg/repos/core-x86_64/PKGBUILD
  gnupg/repos/core-x86_64/PKGBUILD.21
  gnupg/repos/core-x86_64/install
  gnupg/repos/testing-i686/
  gnupg/repos/testing-x86_64/

--------------------------------+
 /PKGBUILD                      |  124 ++++++++++++++++++++
 /install                       |   50 ++++++++
 core-i686/PKGBUILD             |   55 ---------
 core-i686/PKGBUILD.21          |   57 ---------
 core-i686/install              |   20 ---
 core-i686/refresh-keys.patch   |  238 +++++++++++++++++++++++++++++++++++++++
 core-x86_64/PKGBUILD           |   55 ---------
 core-x86_64/PKGBUILD.21        |   57 ---------
 core-x86_64/install            |   20 ---
 core-x86_64/refresh-keys.patch |  238 +++++++++++++++++++++++++++++++++++++++
 10 files changed, 650 insertions(+), 264 deletions(-)

Deleted: core-i686/PKGBUILD
===================================================================
--- core-i686/PKGBUILD	2014-11-25 01:56:16 UTC (rev 227073)
+++ core-i686/PKGBUILD	2014-11-25 01:56:18 UTC (rev 227074)
@@ -1,55 +0,0 @@
-# $Id$
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Tobias Powalowski <tpowa at archlinux.org>
-# Contributor: Andreas Radke <andyrtr at archlinux.org>
-# Contributor: Judd Vinet <jvinet at zeroflux.org>
-
-pkgname=gnupg
-pkgver=2.0.26
-pkgrel=1
-pkgdesc='Complete and free implementation of the OpenPGP standard'
-url='http://www.gnupg.org/'
-license=('GPL')
-arch=('i686' 'x86_64')
-optdepends=('curl: gpg2keys_curl'
-            'libldap: gpg2keys_ldap'
-            'libusb-compat: scdaemon')
-makedepends=('curl' 'libldap' 'libusb-compat')
-depends=('bzip2' 'libksba' 'libgcrypt' 'pth' 'libassuan' 'readline' 'pinentry' 'dirmngr')
-source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig})
-sha1sums=('3ff5b38152c919724fd09cf2f17df704272ba192' 'SKIP')
-
-install=install
-
-conflicts=('gnupg2')
-provides=("gnupg2=${pkgver}")
-replaces=('gnupg2')
-
-build() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-	./configure \
-		--prefix=/usr \
-		--sysconfdir=/etc \
-		--sbindir=/usr/bin \
-		--libexecdir=/usr/lib/gnupg \
-		--enable-maintainer-mode \
-		--enable-standard-socket \
-		--enable-symcryptrun \
-		--enable-gpgtar \
-
-	make
-}
-
-check() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-	make check
-}
-
-package() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-	make DESTDIR="${pkgdir}" install
-	ln -s gpg2 "${pkgdir}"/usr/bin/gpg
-	ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
-	ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
-	rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
-}

Copied: gnupg/repos/core-i686/PKGBUILD (from rev 227072, gnupg/repos/testing-i686/PKGBUILD)
===================================================================
--- core-i686/PKGBUILD	                        (rev 0)
+++ core-i686/PKGBUILD	2014-11-25 01:56:18 UTC (rev 227074)
@@ -0,0 +1,62 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Tobias Powalowski <tpowa at archlinux.org>
+# Contributor: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: Judd Vinet <jvinet at zeroflux.org>
+
+pkgname=gnupg
+pkgver=2.1.0
+pkgrel=4
+pkgdesc='Complete and free implementation of the OpenPGP standard'
+url='http://www.gnupg.org/'
+license=('GPL')
+arch=('i686' 'x86_64')
+optdepends=('curl: gpg2keys_curl'
+            'libldap: gpg2keys_ldap'
+            'libusb-compat: scdaemon')
+makedepends=('curl' 'libldap' 'libusb-compat')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+         'pinentry' 'bzip2' 'readline')
+source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+        'refresh-keys.patch')
+sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP'
+          '246bea8776882f4c0293685482558f6ead1cf902')
+
+install=install
+
+conflicts=('dirmngr' 'gnupg2')
+provides=('dirmngr' "gnupg2=${pkgver}")
+replaces=('dirmngr' 'gnupg2')
+
+prepare() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	patch -p1 -i ../refresh-keys.patch
+}
+
+build() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--sbindir=/usr/bin \
+		--libexecdir=/usr/lib/gnupg \
+		--enable-maintainer-mode \
+		--enable-symcryptrun \
+		--enable-gpgtar \
+
+	make
+}
+
+check() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make check
+}
+
+package() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make DESTDIR="${pkgdir}" install
+	ln -s gpg2 "${pkgdir}"/usr/bin/gpg
+	ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
+	ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
+	rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
+}

Deleted: core-i686/PKGBUILD.21
===================================================================
--- core-i686/PKGBUILD.21	2014-11-25 01:56:16 UTC (rev 227073)
+++ core-i686/PKGBUILD.21	2014-11-25 01:56:18 UTC (rev 227074)
@@ -1,57 +0,0 @@
-# $Id: PKGBUILD 215944 2014-07-01 06:16:40Z bisson $
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Tobias Powalowski <tpowa at archlinux.org>
-# Contributor: Andreas Radke <andyrtr at archlinux.org>
-# Contributor: Judd Vinet <jvinet at zeroflux.org>
-
-pkgname=gnupg
-_pkgver=2.1.0-beta751
-pkgver=${_pkgver/-/.}
-pkgrel=1
-pkgdesc='Complete and free implementation of the OpenPGP standard'
-url='http://www.gnupg.org/'
-license=('GPL')
-arch=('i686' 'x86_64')
-optdepends=('curl: gpg2keys_curl'
-            'libldap: gpg2keys_ldap'
-            'libusb-compat: scdaemon')
-makedepends=('curl' 'libldap' 'libusb-compat')
-depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
-         'pinentry' 'bzip2' 'readline')
-source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/unstable/${pkgname}-${_pkgver}.tar.bz2"{,.sig})
-sha1sums=('3d6dd8a377775780626428d98dba80dbbc5c27ac' 'SKIP')
-
-install=install
-
-conflicts=('dirmngr' 'gnupg2')
-provides=('dirmngr' "gnupg2=${pkgver}")
-replaces=('dirmngr' 'dirmngr')
-
-build() {
-	cd "${srcdir}/${pkgname}-${_pkgver}"
-	./configure \
-		--prefix=/usr \
-		--sysconfdir=/etc \
-		--sbindir=/usr/bin \
-		--libexecdir=/usr/lib/gnupg \
-		--enable-maintainer-mode \
-		--enable-standard-socket \
-		--enable-symcryptrun \
-		--enable-gpgtar \
-
-	make
-}
-
-check() {
-	cd "${srcdir}/${pkgname}-${_pkgver}"
-	make check
-}
-
-package() {
-	cd "${srcdir}/${pkgname}-${_pkgver}"
-	make DESTDIR="${pkgdir}" install
-	ln -s gpg2 "${pkgdir}"/usr/bin/gpg
-	ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
-	ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
-	rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
-}

Deleted: core-i686/install
===================================================================
--- core-i686/install	2014-11-25 01:56:16 UTC (rev 227073)
+++ core-i686/install	2014-11-25 01:56:18 UTC (rev 227074)
@@ -1,20 +0,0 @@
-info_dir=/usr/share/info
-info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
-
-post_install() {
-  [ -x usr/bin/install-info ] || return 0
-  for f in ${info_files[@]}; do
-    usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
-  done
-}
-
-post_upgrade() {
-  post_install $1
-}
-
-pre_remove() {
-  [ -x usr/bin/install-info ] || return 0
-  for f in ${info_files[@]}; do
-    usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
-  done
-}

Copied: gnupg/repos/core-i686/install (from rev 227072, gnupg/repos/testing-i686/install)
===================================================================
--- core-i686/install	                        (rev 0)
+++ core-i686/install	2014-11-25 01:56:18 UTC (rev 227074)
@@ -0,0 +1,25 @@
+info_dir=/usr/share/info
+info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
+
+post_install() {
+	[ -x usr/bin/install-info ] || return 0
+	for f in ${info_files[@]}; do
+		usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+	done
+}
+
+pre_remove() {
+	[ -x usr/bin/install-info ] || return 0
+	for f in ${info_files[@]}; do
+		usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+	done
+}
+
+post_upgrade() {
+	post_install
+
+	# Fix upgrade to 2.1; see FS#42798
+	[ $(vercmp $2 2.1.0-4) = -1 ] &&
+	dirmngr </dev/null &>/dev/null ||
+	return 0
+}

Copied: gnupg/repos/core-i686/refresh-keys.patch (from rev 227072, gnupg/repos/testing-i686/refresh-keys.patch)
===================================================================
--- core-i686/refresh-keys.patch	                        (rev 0)
+++ core-i686/refresh-keys.patch	2014-11-25 01:56:18 UTC (rev 227074)
@@ -0,0 +1,238 @@
+From eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 12 Nov 2014 12:14:32 +0100
+Subject: [PATCH] gpg: Fix regression in --refresh-keys
+
+* g10/keyserver.c (keyserver_get): Factor all code out to ...
+(keyserver_get_chunk): new.  Extimate line length.
+(keyserver_get): Split up requests into chunks.
+--
+
+Note that refreshing all keys still requires way to much memory
+because we build an in-memory list of all keys first.  It is required
+to first get a list of all keys to avoid conflicts while updating the
+key store in the process of receiving keys.  A better strategy would
+be a background process and tracking the last update in the key store.
+
+GnuPG-bug-id: 1755
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+ g10/call-dirmngr.c |    2 +-
+ g10/keyserver.c    |  107 ++++++++++++++++++++++++++++++++++++++++++----------
+ 2 files changed, 89 insertions(+), 20 deletions(-)
+
+diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
+index 5bddbbe..71f5324 100644
+--- a/g10/call-dirmngr.c
++++ b/g10/call-dirmngr.c
+@@ -429,7 +429,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
+    error an error code is returned and NULL stored at R_FP.
+ 
+    The pattern may only use search specification which a keyserver can
+-   use to retriev keys.  Because we know the format of the pattern we
++   use to retrieve keys.  Because we know the format of the pattern we
+    don't need to escape the patterns before sending them to the
+    server.
+ 
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 1b2e128..5bc1eba 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -1567,17 +1567,16 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
+   return err;
+ }
+ 
+-
+-
+-/* Retrieve a key from a keyserver.  The search pattern are in
+-   (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
+-   exact searches.  KEYSERVER gives an optional override keyserver. If
+-   (R_FPR,R_FPRLEN) are not NULL, the may retrun the fingerprint of
+-   one imported key.  */
++/* Helper for keyserver_get.  Here we only receive a chunk of the
++   description to be processed in one batch.  This is required due to
++   the limited number of patterns the dirmngr interface (KS_GET) can
++   grok and to limit the amount of temporary required memory.  */
+ static gpg_error_t
+-keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+-               struct keyserver_spec *keyserver,
+-               unsigned char **r_fpr, size_t *r_fprlen)
++keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++                     int *r_ndesc_used,
++                     void *stats_handle,
++                     struct keyserver_spec *keyserver,
++                     unsigned char **r_fpr, size_t *r_fprlen)
+ 
+ {
+   gpg_error_t err = 0;
+@@ -1585,12 +1584,26 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+   int idx, npat;
+   estream_t datastream;
+   char *source = NULL;
++  size_t linelen;  /* Estimated linelen for KS_GET.  */
++  size_t n;
++
++#define MAX_KS_GET_LINELEN 950  /* Somewhat lower than the real limit.  */
++
++  *r_ndesc_used = 0;
+ 
+   /* Create an array filled with a search pattern for each key.  The
+      array is delimited by a NULL entry.  */
+   pattern = xtrycalloc (ndesc+1, sizeof *pattern);
+   if (!pattern)
+     return gpg_error_from_syserror ();
++
++  /* Note that we break the loop as soon as our estimation of the to
++     be used line length reaches the limit.  But we do this only if we
++     have processed at leas one search requests so that an overlong
++     single request will be rejected only later by gpg_dirmngr_ks_get
++     but we are sure that R_NDESC_USED has been updated.  This avoids
++     a possible indefinite loop.  */
++  linelen = 9; /* "KS_GET --" */
+   for (npat=idx=0; idx < ndesc; idx++)
+     {
+       int quiet = 0;
+@@ -1598,7 +1611,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+       if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
+           || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
+         {
+-          pattern[npat] = xtrymalloc (2+2*20+1);
++          n = 1+2+2*20;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
++          pattern[npat] = xtrymalloc (n);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+           else
+@@ -1612,6 +1630,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
+         {
++          n = 1+2+16;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = xtryasprintf ("0x%08lX%08lX",
+                                         (ulong)desc[idx].u.kid[0],
+                                         (ulong)desc[idx].u.kid[1]);
+@@ -1622,6 +1645,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+         {
++          n = 1+2+8;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+@@ -1630,11 +1658,17 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
+         {
+-          /* The Dirmngr uses also classify_user_id to detect the type
++          /* The Dirmngr also uses classify_user_id to detect the type
+              of the search string.  By adding the '=' prefix we force
+              Dirmngr's KS_GET to consider this an exact search string.
+              (In gpg 1.4 and gpg 2.0 the keyserver helpers used the
+              KS_GETNAME command to indicate this.)  */
++
++          n = 1+1+strlen (desc[idx].u.name);
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+@@ -1669,6 +1703,9 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+     }
+ 
++  /* Remember now many of search items were considered.  Note that
++     this is different from NPAT.  */
++  *r_ndesc_used = idx;
+ 
+   err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source);
+   for (idx=0; idx < npat; idx++)
+@@ -1679,11 +1716,8 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ 
+   if (!err)
+     {
+-      void *stats_handle;
+       struct ks_retrieval_screener_arg_s screenerarg;
+ 
+-      stats_handle = import_new_stats_handle();
+-
+       /* FIXME: Check whether this comment should be moved to dirmngr.
+ 
+          Slurp up all the key data.  In the future, it might be nice
+@@ -1697,15 +1731,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+          keyservers. */
+ 
+       screenerarg.desc = desc;
+-      screenerarg.ndesc = ndesc;
++      screenerarg.ndesc = *r_ndesc_used;
+       import_keys_es_stream (ctrl, datastream, stats_handle,
+                              r_fpr, r_fprlen,
+                              (opt.keyserver_options.import_options
+                               | IMPORT_NO_SECKEY),
+                              keyserver_retrieval_screener, &screenerarg);
+-
+-      import_print_stats (stats_handle);
+-      import_release_stats_handle (stats_handle);
+     }
+   es_fclose (datastream);
+   xfree (source);
+@@ -1714,6 +1745,44 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ 
+ 
++/* Retrieve a key from a keyserver.  The search pattern are in
++   (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
++   exact searches.  KEYSERVER gives an optional override keyserver. If
++   (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a
++   single imported key.  */
++static gpg_error_t
++keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++               struct keyserver_spec *keyserver,
++               unsigned char **r_fpr, size_t *r_fprlen)
++{
++  gpg_error_t err;
++  void *stats_handle;
++  int ndesc_used;
++  int any_good = 0;
++
++  stats_handle = import_new_stats_handle();
++
++  for (;;)
++    {
++      err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
++                                 keyserver, r_fpr, r_fprlen);
++      if (!err)
++        any_good = 1;
++      if (err || ndesc_used >= ndesc)
++        break; /* Error or all processed.  */
++      /* Prepare for the next chunk.  */
++      desc += ndesc_used;
++      ndesc -= ndesc_used;
++    }
++
++  if (any_good)
++    import_print_stats (stats_handle);
++
++  import_release_stats_handle (stats_handle);
++  return err;
++}
++
++
+ /* Send all keys specified by KEYSPECS to the KEYSERVERS.  */
+ static gpg_error_t
+ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
+-- 
+1.7.10.4
+

Deleted: core-x86_64/PKGBUILD
===================================================================
--- core-x86_64/PKGBUILD	2014-11-25 01:56:16 UTC (rev 227073)
+++ core-x86_64/PKGBUILD	2014-11-25 01:56:18 UTC (rev 227074)
@@ -1,55 +0,0 @@
-# $Id$
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Tobias Powalowski <tpowa at archlinux.org>
-# Contributor: Andreas Radke <andyrtr at archlinux.org>
-# Contributor: Judd Vinet <jvinet at zeroflux.org>
-
-pkgname=gnupg
-pkgver=2.0.26
-pkgrel=1
-pkgdesc='Complete and free implementation of the OpenPGP standard'
-url='http://www.gnupg.org/'
-license=('GPL')
-arch=('i686' 'x86_64')
-optdepends=('curl: gpg2keys_curl'
-            'libldap: gpg2keys_ldap'
-            'libusb-compat: scdaemon')
-makedepends=('curl' 'libldap' 'libusb-compat')
-depends=('bzip2' 'libksba' 'libgcrypt' 'pth' 'libassuan' 'readline' 'pinentry' 'dirmngr')
-source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig})
-sha1sums=('3ff5b38152c919724fd09cf2f17df704272ba192' 'SKIP')
-
-install=install
-
-conflicts=('gnupg2')
-provides=("gnupg2=${pkgver}")
-replaces=('gnupg2')
-
-build() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-	./configure \
-		--prefix=/usr \
-		--sysconfdir=/etc \
-		--sbindir=/usr/bin \
-		--libexecdir=/usr/lib/gnupg \
-		--enable-maintainer-mode \
-		--enable-standard-socket \
-		--enable-symcryptrun \
-		--enable-gpgtar \
-
-	make
-}
-
-check() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-	make check
-}
-
-package() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-	make DESTDIR="${pkgdir}" install
-	ln -s gpg2 "${pkgdir}"/usr/bin/gpg
-	ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
-	ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
-	rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
-}

Copied: gnupg/repos/core-x86_64/PKGBUILD (from rev 227072, gnupg/repos/testing-x86_64/PKGBUILD)
===================================================================
--- core-x86_64/PKGBUILD	                        (rev 0)
+++ core-x86_64/PKGBUILD	2014-11-25 01:56:18 UTC (rev 227074)
@@ -0,0 +1,62 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Tobias Powalowski <tpowa at archlinux.org>
+# Contributor: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: Judd Vinet <jvinet at zeroflux.org>
+
+pkgname=gnupg
+pkgver=2.1.0
+pkgrel=4
+pkgdesc='Complete and free implementation of the OpenPGP standard'
+url='http://www.gnupg.org/'
+license=('GPL')
+arch=('i686' 'x86_64')
+optdepends=('curl: gpg2keys_curl'
+            'libldap: gpg2keys_ldap'
+            'libusb-compat: scdaemon')
+makedepends=('curl' 'libldap' 'libusb-compat')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+         'pinentry' 'bzip2' 'readline')
+source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+        'refresh-keys.patch')
+sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP'
+          '246bea8776882f4c0293685482558f6ead1cf902')
+
+install=install
+
+conflicts=('dirmngr' 'gnupg2')
+provides=('dirmngr' "gnupg2=${pkgver}")
+replaces=('dirmngr' 'gnupg2')
+
+prepare() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	patch -p1 -i ../refresh-keys.patch
+}
+
+build() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--sbindir=/usr/bin \
+		--libexecdir=/usr/lib/gnupg \
+		--enable-maintainer-mode \
+		--enable-symcryptrun \
+		--enable-gpgtar \
+
+	make
+}
+
+check() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make check
+}
+
+package() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make DESTDIR="${pkgdir}" install
+	ln -s gpg2 "${pkgdir}"/usr/bin/gpg
+	ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
+	ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
+	rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
+}

Deleted: core-x86_64/PKGBUILD.21
===================================================================
--- core-x86_64/PKGBUILD.21	2014-11-25 01:56:16 UTC (rev 227073)
+++ core-x86_64/PKGBUILD.21	2014-11-25 01:56:18 UTC (rev 227074)
@@ -1,57 +0,0 @@
-# $Id: PKGBUILD 215944 2014-07-01 06:16:40Z bisson $
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Tobias Powalowski <tpowa at archlinux.org>
-# Contributor: Andreas Radke <andyrtr at archlinux.org>
-# Contributor: Judd Vinet <jvinet at zeroflux.org>
-
-pkgname=gnupg
-_pkgver=2.1.0-beta751
-pkgver=${_pkgver/-/.}
-pkgrel=1
-pkgdesc='Complete and free implementation of the OpenPGP standard'
-url='http://www.gnupg.org/'
-license=('GPL')
-arch=('i686' 'x86_64')
-optdepends=('curl: gpg2keys_curl'
-            'libldap: gpg2keys_ldap'
-            'libusb-compat: scdaemon')
-makedepends=('curl' 'libldap' 'libusb-compat')
-depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
-         'pinentry' 'bzip2' 'readline')
-source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/unstable/${pkgname}-${_pkgver}.tar.bz2"{,.sig})
-sha1sums=('3d6dd8a377775780626428d98dba80dbbc5c27ac' 'SKIP')
-
-install=install
-
-conflicts=('dirmngr' 'gnupg2')
-provides=('dirmngr' "gnupg2=${pkgver}")
-replaces=('dirmngr' 'dirmngr')
-
-build() {
-	cd "${srcdir}/${pkgname}-${_pkgver}"
-	./configure \
-		--prefix=/usr \
-		--sysconfdir=/etc \
-		--sbindir=/usr/bin \
-		--libexecdir=/usr/lib/gnupg \
-		--enable-maintainer-mode \
-		--enable-standard-socket \
-		--enable-symcryptrun \
-		--enable-gpgtar \
-
-	make
-}
-
-check() {
-	cd "${srcdir}/${pkgname}-${_pkgver}"
-	make check
-}
-
-package() {
-	cd "${srcdir}/${pkgname}-${_pkgver}"
-	make DESTDIR="${pkgdir}" install
-	ln -s gpg2 "${pkgdir}"/usr/bin/gpg
-	ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
-	ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
-	rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
-}

Deleted: core-x86_64/install
===================================================================
--- core-x86_64/install	2014-11-25 01:56:16 UTC (rev 227073)
+++ core-x86_64/install	2014-11-25 01:56:18 UTC (rev 227074)
@@ -1,20 +0,0 @@
-info_dir=/usr/share/info
-info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
-
-post_install() {
-  [ -x usr/bin/install-info ] || return 0
-  for f in ${info_files[@]}; do
-    usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
-  done
-}
-
-post_upgrade() {
-  post_install $1
-}
-
-pre_remove() {
-  [ -x usr/bin/install-info ] || return 0
-  for f in ${info_files[@]}; do
-    usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
-  done
-}

Copied: gnupg/repos/core-x86_64/install (from rev 227072, gnupg/repos/testing-x86_64/install)
===================================================================
--- core-x86_64/install	                        (rev 0)
+++ core-x86_64/install	2014-11-25 01:56:18 UTC (rev 227074)
@@ -0,0 +1,25 @@
+info_dir=/usr/share/info
+info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
+
+post_install() {
+	[ -x usr/bin/install-info ] || return 0
+	for f in ${info_files[@]}; do
+		usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+	done
+}
+
+pre_remove() {
+	[ -x usr/bin/install-info ] || return 0
+	for f in ${info_files[@]}; do
+		usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+	done
+}
+
+post_upgrade() {
+	post_install
+
+	# Fix upgrade to 2.1; see FS#42798
+	[ $(vercmp $2 2.1.0-4) = -1 ] &&
+	dirmngr </dev/null &>/dev/null ||
+	return 0
+}

Copied: gnupg/repos/core-x86_64/refresh-keys.patch (from rev 227072, gnupg/repos/testing-x86_64/refresh-keys.patch)
===================================================================
--- core-x86_64/refresh-keys.patch	                        (rev 0)
+++ core-x86_64/refresh-keys.patch	2014-11-25 01:56:18 UTC (rev 227074)
@@ -0,0 +1,238 @@
+From eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 12 Nov 2014 12:14:32 +0100
+Subject: [PATCH] gpg: Fix regression in --refresh-keys
+
+* g10/keyserver.c (keyserver_get): Factor all code out to ...
+(keyserver_get_chunk): new.  Extimate line length.
+(keyserver_get): Split up requests into chunks.
+--
+
+Note that refreshing all keys still requires way to much memory
+because we build an in-memory list of all keys first.  It is required
+to first get a list of all keys to avoid conflicts while updating the
+key store in the process of receiving keys.  A better strategy would
+be a background process and tracking the last update in the key store.
+
+GnuPG-bug-id: 1755
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+ g10/call-dirmngr.c |    2 +-
+ g10/keyserver.c    |  107 ++++++++++++++++++++++++++++++++++++++++++----------
+ 2 files changed, 89 insertions(+), 20 deletions(-)
+
+diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
+index 5bddbbe..71f5324 100644
+--- a/g10/call-dirmngr.c
++++ b/g10/call-dirmngr.c
+@@ -429,7 +429,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
+    error an error code is returned and NULL stored at R_FP.
+ 
+    The pattern may only use search specification which a keyserver can
+-   use to retriev keys.  Because we know the format of the pattern we
++   use to retrieve keys.  Because we know the format of the pattern we
+    don't need to escape the patterns before sending them to the
+    server.
+ 
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 1b2e128..5bc1eba 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -1567,17 +1567,16 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
+   return err;
+ }
+ 
+-
+-
+-/* Retrieve a key from a keyserver.  The search pattern are in
+-   (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
+-   exact searches.  KEYSERVER gives an optional override keyserver. If
+-   (R_FPR,R_FPRLEN) are not NULL, the may retrun the fingerprint of
+-   one imported key.  */
++/* Helper for keyserver_get.  Here we only receive a chunk of the
++   description to be processed in one batch.  This is required due to
++   the limited number of patterns the dirmngr interface (KS_GET) can
++   grok and to limit the amount of temporary required memory.  */
+ static gpg_error_t
+-keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+-               struct keyserver_spec *keyserver,
+-               unsigned char **r_fpr, size_t *r_fprlen)
++keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++                     int *r_ndesc_used,
++                     void *stats_handle,
++                     struct keyserver_spec *keyserver,
++                     unsigned char **r_fpr, size_t *r_fprlen)
+ 
+ {
+   gpg_error_t err = 0;
+@@ -1585,12 +1584,26 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+   int idx, npat;
+   estream_t datastream;
+   char *source = NULL;
++  size_t linelen;  /* Estimated linelen for KS_GET.  */
++  size_t n;
++
++#define MAX_KS_GET_LINELEN 950  /* Somewhat lower than the real limit.  */
++
++  *r_ndesc_used = 0;
+ 
+   /* Create an array filled with a search pattern for each key.  The
+      array is delimited by a NULL entry.  */
+   pattern = xtrycalloc (ndesc+1, sizeof *pattern);
+   if (!pattern)
+     return gpg_error_from_syserror ();
++
++  /* Note that we break the loop as soon as our estimation of the to
++     be used line length reaches the limit.  But we do this only if we
++     have processed at leas one search requests so that an overlong
++     single request will be rejected only later by gpg_dirmngr_ks_get
++     but we are sure that R_NDESC_USED has been updated.  This avoids
++     a possible indefinite loop.  */
++  linelen = 9; /* "KS_GET --" */
+   for (npat=idx=0; idx < ndesc; idx++)
+     {
+       int quiet = 0;
+@@ -1598,7 +1611,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+       if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
+           || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
+         {
+-          pattern[npat] = xtrymalloc (2+2*20+1);
++          n = 1+2+2*20;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
++          pattern[npat] = xtrymalloc (n);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+           else
+@@ -1612,6 +1630,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
+         {
++          n = 1+2+16;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = xtryasprintf ("0x%08lX%08lX",
+                                         (ulong)desc[idx].u.kid[0],
+                                         (ulong)desc[idx].u.kid[1]);
+@@ -1622,6 +1645,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+         {
++          n = 1+2+8;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+@@ -1630,11 +1658,17 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
+         {
+-          /* The Dirmngr uses also classify_user_id to detect the type
++          /* The Dirmngr also uses classify_user_id to detect the type
+              of the search string.  By adding the '=' prefix we force
+              Dirmngr's KS_GET to consider this an exact search string.
+              (In gpg 1.4 and gpg 2.0 the keyserver helpers used the
+              KS_GETNAME command to indicate this.)  */
++
++          n = 1+1+strlen (desc[idx].u.name);
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+@@ -1669,6 +1703,9 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+     }
+ 
++  /* Remember now many of search items were considered.  Note that
++     this is different from NPAT.  */
++  *r_ndesc_used = idx;
+ 
+   err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source);
+   for (idx=0; idx < npat; idx++)
+@@ -1679,11 +1716,8 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ 
+   if (!err)
+     {
+-      void *stats_handle;
+       struct ks_retrieval_screener_arg_s screenerarg;
+ 
+-      stats_handle = import_new_stats_handle();
+-
+       /* FIXME: Check whether this comment should be moved to dirmngr.
+ 
+          Slurp up all the key data.  In the future, it might be nice
+@@ -1697,15 +1731,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+          keyservers. */
+ 
+       screenerarg.desc = desc;
+-      screenerarg.ndesc = ndesc;
++      screenerarg.ndesc = *r_ndesc_used;
+       import_keys_es_stream (ctrl, datastream, stats_handle,
+                              r_fpr, r_fprlen,
+                              (opt.keyserver_options.import_options
+                               | IMPORT_NO_SECKEY),
+                              keyserver_retrieval_screener, &screenerarg);
+-
+-      import_print_stats (stats_handle);
+-      import_release_stats_handle (stats_handle);
+     }
+   es_fclose (datastream);
+   xfree (source);
+@@ -1714,6 +1745,44 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ 
+ 
++/* Retrieve a key from a keyserver.  The search pattern are in
++   (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
++   exact searches.  KEYSERVER gives an optional override keyserver. If
++   (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a
++   single imported key.  */
++static gpg_error_t
++keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++               struct keyserver_spec *keyserver,
++               unsigned char **r_fpr, size_t *r_fprlen)
++{
++  gpg_error_t err;
++  void *stats_handle;
++  int ndesc_used;
++  int any_good = 0;
++
++  stats_handle = import_new_stats_handle();
++
++  for (;;)
++    {
++      err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
++                                 keyserver, r_fpr, r_fprlen);
++      if (!err)
++        any_good = 1;
++      if (err || ndesc_used >= ndesc)
++        break; /* Error or all processed.  */
++      /* Prepare for the next chunk.  */
++      desc += ndesc_used;
++      ndesc -= ndesc_used;
++    }
++
++  if (any_good)
++    import_print_stats (stats_handle);
++
++  import_release_stats_handle (stats_handle);
++  return err;
++}
++
++
+ /* Send all keys specified by KEYSPECS to the KEYSERVERS.  */
+ static gpg_error_t
+ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
+-- 
+1.7.10.4
+


More information about the arch-commits mailing list