[arch-commits] Commit in gnupg/repos (9 files)
Gaëtan Bisson
bisson at archlinux.org
Fri Jun 5 08:01:41 UTC 2020
Date: Friday, June 5, 2020 @ 08:01:39
Author: bisson
Revision: 388332
db-move: moved gnupg from [testing] to [core] (x86_64)
Added:
gnupg/repos/core-x86_64/PKGBUILD
(from rev 388331, gnupg/repos/testing-x86_64/PKGBUILD)
gnupg/repos/core-x86_64/avoid-beta-warning.patch
(from rev 388331, gnupg/repos/testing-x86_64/avoid-beta-warning.patch)
gnupg/repos/core-x86_64/do-not-rebuild-defsincdate.patch
(from rev 388331, gnupg/repos/testing-x86_64/do-not-rebuild-defsincdate.patch)
gnupg/repos/core-x86_64/drop-import-clean.patch
(from rev 388331, gnupg/repos/testing-x86_64/drop-import-clean.patch)
gnupg/repos/core-x86_64/install
(from rev 388331, gnupg/repos/testing-x86_64/install)
Deleted:
gnupg/repos/core-x86_64/PKGBUILD
gnupg/repos/core-x86_64/install
gnupg/repos/core-x86_64/self-sigs-only.patch
gnupg/repos/testing-x86_64/
----------------------------------------------+
/PKGBUILD | 76 +++++++++++++++++++++++++
/install | 31 ++++++++++
core-x86_64/PKGBUILD | 69 ----------------------
core-x86_64/avoid-beta-warning.patch | 56 ++++++++++++++++++
core-x86_64/do-not-rebuild-defsincdate.patch | 41 +++++++++++++
core-x86_64/drop-import-clean.patch | 54 +++++++++++++++++
core-x86_64/install | 31 ----------
core-x86_64/self-sigs-only.patch | 56 ------------------
8 files changed, 258 insertions(+), 156 deletions(-)
Deleted: core-x86_64/PKGBUILD
===================================================================
--- core-x86_64/PKGBUILD 2020-06-05 08:01:02 UTC (rev 388331)
+++ core-x86_64/PKGBUILD 2020-06-05 08:01:39 UTC (rev 388332)
@@ -1,69 +0,0 @@
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Tobias Powalowski <tpowa at archlinux.org>
-# Contributor: Andreas Radke <andyrtr at archlinux.org>
-# Contributor: Judd Vinet <jvinet at zeroflux.org>
-
-pkgname=gnupg
-pkgver=2.2.20
-pkgrel=2
-pkgdesc='Complete and free implementation of the OpenPGP standard'
-url='https://www.gnupg.org/'
-license=('GPL')
-arch=('x86_64')
-checkdepends=('openssh')
-makedepends=('libldap' 'libusb-compat' 'pcsclite')
-depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
- 'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite')
-optdepends=('libldap: gpg2keys_ldap'
- 'libusb-compat: scdaemon'
- 'pcsclite: scdaemon')
-validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
- '46CC730865BB5C78EBABADCF04376F3EE0856959'
- '031EC2536E580D8EA286A9F22071B08A33BD3F06'
- '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28')
-source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
- 'self-sigs-only.patch')
-sha256sums=('04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30'
- 'SKIP'
- '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218')
-
-install=install
-
-prepare() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in
- patch -R -p1 -i ../self-sigs-only.patch
-
- # remove to ensure this is built for reproducibility
- rm doc/gnupg.info*
-}
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- ./configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --sbindir=/usr/bin \
- --libexecdir=/usr/lib/gnupg \
- --enable-maintainer-mode \
- --enable-symcryptrun \
-
- make
-}
-
-check() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make check
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
- ln -s gpg "${pkgdir}"/usr/bin/gpg2
- ln -s gpgv "${pkgdir}"/usr/bin/gpgv2
-
- cd doc/examples/systemd-user
- for i in *.*; do
- install -Dm644 "$i" "${pkgdir}/usr/lib/systemd/user/$i"
- done
-}
Copied: gnupg/repos/core-x86_64/PKGBUILD (from rev 388331, gnupg/repos/testing-x86_64/PKGBUILD)
===================================================================
--- core-x86_64/PKGBUILD (rev 0)
+++ core-x86_64/PKGBUILD 2020-06-05 08:01:39 UTC (rev 388332)
@@ -0,0 +1,76 @@
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Tobias Powalowski <tpowa at archlinux.org>
+# Contributor: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: Judd Vinet <jvinet at zeroflux.org>
+
+pkgname=gnupg
+pkgver=2.2.20
+pkgrel=4
+pkgdesc='Complete and free implementation of the OpenPGP standard'
+url='https://www.gnupg.org/'
+license=('GPL')
+arch=('x86_64')
+checkdepends=('openssh')
+makedepends=('libldap' 'libusb-compat' 'pcsclite')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+ 'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite')
+optdepends=('libldap: gpg2keys_ldap'
+ 'libusb-compat: scdaemon'
+ 'pcsclite: scdaemon')
+validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
+ '46CC730865BB5C78EBABADCF04376F3EE0856959'
+ '031EC2536E580D8EA286A9F22071B08A33BD3F06'
+ '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28')
+source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+ 'drop-import-clean.patch'
+ 'avoid-beta-warning.patch'
+ 'do-not-rebuild-defsincdate.patch')
+sha256sums=('04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30'
+ 'SKIP'
+ '02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc'
+ '22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d'
+ '01fee1b04358e5dce76894214bb263e9a75cf408eb1277fad5b751ab3d45b87a')
+
+install=install
+
+prepare() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -p1 -i ../avoid-beta-warning.patch
+ patch -p1 -i ../drop-import-clean.patch
+
+ # improve reproducibility
+ patch -p1 -i ../do-not-rebuild-defsincdate.patch
+ rm doc/gnupg.info*
+
+ ./autogen.sh
+}
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --sbindir=/usr/bin \
+ --libexecdir=/usr/lib/gnupg \
+ --enable-maintainer-mode \
+ --enable-symcryptrun \
+
+ make
+}
+
+check() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make check
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+ ln -s gpg "${pkgdir}"/usr/bin/gpg2
+ ln -s gpgv "${pkgdir}"/usr/bin/gpgv2
+
+ cd doc/examples/systemd-user
+ for i in *.*; do
+ install -Dm644 "$i" "${pkgdir}/usr/lib/systemd/user/$i"
+ done
+}
Copied: gnupg/repos/core-x86_64/avoid-beta-warning.patch (from rev 388331, gnupg/repos/testing-x86_64/avoid-beta-warning.patch)
===================================================================
--- core-x86_64/avoid-beta-warning.patch (rev 0)
+++ core-x86_64/avoid-beta-warning.patch 2020-06-05 08:01:39 UTC (rev 388332)
@@ -0,0 +1,56 @@
+From 114ab3037de3b0f9b35cf023b64c8a9b76070065 Mon Sep 17 00:00:00 2001
+From: Debian GnuPG Maintainers <pkg-gnupg-maint at lists.alioth.debian.org>
+Date: Tue, 14 Apr 2015 10:02:31 -0400
+Subject: [PATCH 6/7] avoid beta warning
+
+avoid self-describing as a beta
+
+Using autoreconf against the source as distributed in tarball form
+invariably results in a package that thinks it's a "beta" package,
+which produces the "THIS IS A DEVELOPMENT VERSION" warning string.
+
+since we use dh_autoreconf, i need this patch to avoid producing
+builds that announce themselves as DEVELOPMENT VERSIONs.
+
+See discussion at:
+
+ http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
+---
+ autogen.sh | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/autogen.sh b/autogen.sh
+index b23855061..9b86d3ff9 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -229,24 +229,24 @@ if [ "$myhost" = "find-version" ]; then
+ esac
+
+ beta=no
+- if [ -e .git ]; then
++ if false; then
+ ingit=yes
+ tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
+ tmp=$(echo "$tmp" | sed s/^"$package"//)
+ if [ -n "$tmp" ]; then
+ tmp=$(echo "$tmp" | sed s/^"$package"// \
+ | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
+ else
+ tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
+ | awk -F- '$4!=0{print"-beta"$4}')
+ fi
+ [ -n "$tmp" ] && beta=yes
+ rev=$(git rev-parse --short HEAD | tr -d '\n\r')
+ rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
+ else
+ ingit=no
+- beta=yes
+- tmp="-unknown"
++ beta=no
++ tmp=""
+ rev="0000000"
+ rvd="0"
+ fi
+--
+2.27.0
+
Copied: gnupg/repos/core-x86_64/do-not-rebuild-defsincdate.patch (from rev 388331, gnupg/repos/testing-x86_64/do-not-rebuild-defsincdate.patch)
===================================================================
--- core-x86_64/do-not-rebuild-defsincdate.patch (rev 0)
+++ core-x86_64/do-not-rebuild-defsincdate.patch 2020-06-05 08:01:39 UTC (rev 388332)
@@ -0,0 +1,41 @@
+From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
+Date: Mon, 29 Aug 2016 12:34:42 -0400
+Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file)
+
+upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am
+tries to rewrite doc/defsincdate if it notices that any of the files
+have been modified more recently, and it does so assuming that we're
+running from a git repo.
+
+However, we'd rather ship the documents cleanly without regenerating
+defsincdate -- we don't have a git repo available (debian builds from
+upstream tarballs) and any changes to the texinfo files (e.g. from
+debian/patches/) might result in different dates on the files than we
+expect after they're applied by dpkg or quilt or whatever, which makes
+the datestamp unreproducible.
+---
+ doc/Makefile.am | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/doc/Makefile.am b/doc/Makefile.am
+index d47d83ede..c0a81b0b9 100644
+--- a/doc/Makefile.am
++++ b/doc/Makefile.am
+@@ -177,13 +177,6 @@ $(myman_pages) gnupg.7 : yat2m-stamp defs.inc
+
+ dist-hook: defsincdate
+
+-defsincdate: $(gnupg_TEXINFOS)
+- : >defsincdate ; \
+- if test -e $(top_srcdir)/.git; then \
+- (cd $(srcdir) && git log -1 --format='%ct' \
+- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \
+- fi
+-
+ defs.inc : defsincdate Makefile mkdefsinc
+ incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
+ ./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \
+--
+2.27.0
+
Copied: gnupg/repos/core-x86_64/drop-import-clean.patch (from rev 388331, gnupg/repos/testing-x86_64/drop-import-clean.patch)
===================================================================
--- core-x86_64/drop-import-clean.patch (rev 0)
+++ core-x86_64/drop-import-clean.patch 2020-06-05 08:01:39 UTC (rev 388332)
@@ -0,0 +1,54 @@
+From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
+Date: Mon, 15 Jul 2019 16:24:35 -0400
+Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import
+ options
+
+* g10/gpg.c (main): drop IMPORT_CLEAN from the
+default opt.keyserver_options.import_options
+* doc/gpg.texi: reflect this change in the documentation
+
+Given that SELF_SIGS_ONLY is already set, it's not clear what
+additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN
+means that receiving an OpenPGP certificate from a keyserver will
+potentially delete data that is otherwise held in the local keyring,
+which is surprising to users who expect retrieval from the keyservers
+to be purely additive.
+
+GnuPG-Bug-Id: 4628
+Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
+---
+ doc/gpg.texi | 2 +-
+ g10/gpg.c | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 4870441d4..551459a74 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are:
+
+ @end table
+
+-The default list of options is: "self-sigs-only, import-clean,
++The default list of options is: "self-sigs-only,
+ repair-keys, repair-pks-subkey-bug, export-attributes,
+ honor-pka-record".
+
+diff --git a/g10/gpg.c b/g10/gpg.c
+index 68cc22041..fa2bcfa5e 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2397,8 +2397,7 @@ main (int argc, char **argv)
+ opt.export_options = EXPORT_ATTRIBUTES;
+ opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+ | IMPORT_REPAIR_PKS_SUBKEY_BUG
+- | IMPORT_SELF_SIGS_ONLY
+- | IMPORT_CLEAN);
++ | IMPORT_SELF_SIGS_ONLY);
+ opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+ opt.verify_options = (LIST_SHOW_UID_VALIDITY
+--
+2.27.0
+
Deleted: core-x86_64/install
===================================================================
--- core-x86_64/install 2020-06-05 08:01:02 UTC (rev 388331)
+++ core-x86_64/install 2020-06-05 08:01:39 UTC (rev 388332)
@@ -1,31 +0,0 @@
-_global_units() {
- _units=(dirmngr.socket gpg-agent.socket gpg-agent-{browser,extra,ssh}.socket)
- _dir=/etc/systemd/user/sockets.target.wants
-
- case $1 in
- enable)
- mkdir -p $_dir
- for _u in "${_units[@]}"; do
- ln -sf /usr/lib/systemd/user/$_u $_dir/$_u
- done
- ;;
- disable)
- for _u in "${_units[@]}"; do
- rm -f $_dir/$_u
- done
- rmdir -p --ignore-fail-on-non-empty $_dir
- ;;
- esac
-}
-
-post_install() {
- # See FS#42798 and FS#47371
- dirmngr </dev/null &>/dev/null
-
- # Let systemd supervise daemons by default
- _global_units enable
-}
-
-pre_remove() {
- _global_units disable
-}
Copied: gnupg/repos/core-x86_64/install (from rev 388331, gnupg/repos/testing-x86_64/install)
===================================================================
--- core-x86_64/install (rev 0)
+++ core-x86_64/install 2020-06-05 08:01:39 UTC (rev 388332)
@@ -0,0 +1,31 @@
+_global_units() {
+ _units=(dirmngr.socket gpg-agent.socket gpg-agent-{browser,extra,ssh}.socket)
+ _dir=/etc/systemd/user/sockets.target.wants
+
+ case $1 in
+ enable)
+ mkdir -p $_dir
+ for _u in "${_units[@]}"; do
+ ln -sf /usr/lib/systemd/user/$_u $_dir/$_u
+ done
+ ;;
+ disable)
+ for _u in "${_units[@]}"; do
+ rm -f $_dir/$_u
+ done
+ rmdir -p --ignore-fail-on-non-empty $_dir
+ ;;
+ esac
+}
+
+post_install() {
+ # See FS#42798 and FS#47371
+ dirmngr </dev/null &>/dev/null
+
+ # Let systemd supervise daemons by default
+ _global_units enable
+}
+
+pre_remove() {
+ _global_units disable
+}
Deleted: core-x86_64/self-sigs-only.patch
===================================================================
--- core-x86_64/self-sigs-only.patch 2020-06-05 08:01:02 UTC (rev 388331)
+++ core-x86_64/self-sigs-only.patch 2020-06-05 08:01:39 UTC (rev 388332)
@@ -1,56 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200)
-Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
-X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93
-
-gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
-
-* g10/gpg.c (main): Change default.
---
-
-Due to the DoS attack on the keyeservers we do not anymore default to
-import key signatures. That makes the keyserver unsuable for getting
-keys for the WoT but it still allows to retriev keys - even if that
-takes long to download the large keyblocks.
-
-To revert to the old behavior add
-
- keyserver-optiions no-self-sigs-only,no-import-clean
-
-to gpg.conf.
-
-GnuPG-bug-id: 4607
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index 8feab8218..9513a4e0f 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are:
-
- @end table
-
-+The default list of options is: "self-sigs-only, import-clean,
-+repair-keys, repair-pks-subkey-bug, export-attributes,
-+honor-pka-record".
-+
-+
- @item --completes-needed @var{n}
- @opindex compliant-needed
- Number of completely trusted users to introduce a new
-diff --git a/g10/gpg.c b/g10/gpg.c
-index 66e47dde5..0bbe72394 100644
---- a/g10/gpg.c
-+++ b/g10/gpg.c
-@@ -2424,7 +2424,9 @@ main (int argc, char **argv)
- opt.import_options = IMPORT_REPAIR_KEYS;
- opt.export_options = EXPORT_ATTRIBUTES;
- opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
-- | IMPORT_REPAIR_PKS_SUBKEY_BUG);
-+ | IMPORT_REPAIR_PKS_SUBKEY_BUG
-+ | IMPORT_SELF_SIGS_ONLY
-+ | IMPORT_CLEAN);
- opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
- opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
- opt.verify_options = (LIST_SHOW_UID_VALIDITY
More information about the arch-commits
mailing list