mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-12-07 10:22:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

app-crypt/gnupg: update to 2.2.29

Browse Source 
Update app-crypt/gnupg to 2.2.29.
One of the key purposes for the update is to be able to use the new
default keyserver `keyserver.ubuntu.com`, which is provided by default
since 2.2.29. It is due to the shutdown of the SKS keyserver pools.

See also https://bugs.gentoo.org/811828 .
This commit is contained in:
Dongsu Park 2021-09-27 15:18:18 +02:00
parent 9f7e2623ff
commit 0c0f91e48d
5 changed files with 52 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/Manifest vendored
View File

@ -1 +1,5 @@
DIST gnupg-2.2.20.tar.bz2 6786913 BLAKE2B 43cf9402a26e67d6c7c2444eb2faaee3f06ea0bf6c07708a50834c5d7424db2f9c38e1f0046dd3a35082abc08d401b2951655e7e068f0873db297560b87d2667 SHA512 3e69f102366ec3415f439ab81aae2458182fa1a18dfb86565b1d9dc638f3fc4c179a5947f0042b7c5a813345676285a662793664a1803ea9ad8328f0548e0edc
DIST gnupg-2.2.16-scdaemon_shared-access.patch 2586 BLAKE2B 42fd5482c4e86751ce62836125997c2295c44bc5db0671a06460fd306b2ed93f290fb898fc1b1e463a863eddf9ab5f99ea3c90a55499ef45ca1ed6edf2854663 SHA512 38abaa4200114ae6b6f220fabc0a84a056761949c97bd0564557f4411a299b9a1939893555c27e26da2d8e8da4bc97a298fa7e68f1e80fe99c3f88cc329eaa84
DIST gnupg-2.2.27.tar.bz2 7191555 BLAKE2B d652aad382cf07cc458b29ff82718edd47457d8236dcbeee51f22d88503be141f009e9ea45b6dafe614115d9558fe371509579e58ce17a5f04540a31aa406ea3 SHA512 cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab
DIST gnupg-2.2.29.tar.bz2 7215986 BLAKE2B 04b777730b8fcbe8d93dfc8985aadd6bc7385ac2ac9684e6248cb3ae6d008daae5aa976ffa3bae27fe9e89bc2c4c1d4ae81dcaa259fb08d13f894f00f12072e9 SHA512 12645e230fc6aa4811420ef33def6baa590e847ecdf7e5f8b96eb49122e6406cbdba4595d0b52fa26700d5d5def67acb4ed7dfe7f778e496d4d21ccbef3c476b
DIST gnupg-2.2.31.tar.bz2 7212188 BLAKE2B 57a2b6c6ea491137a708e18a0119502621b7bdf0591818d19beb8b08a521a7dbf60472243e1723f53acbfb9a5de612b8e5040c45dc847bdda26012244edb11be SHA512 2f6fa200e08d6b8993b482e5825bea6083afc8686c4e1ae80386b36ae49e1c2d73066c508edaa359a7794cb26ba7a00f81555a906fa422d1117e41415cfa2fea
DIST gnupg-2.3.2.tar.bz2 7589445 BLAKE2B f7e35ed553ea89cdb073abb1432f67fa00bb625f6e686e534f96bca11d88f09ea272b3cb0d6706e4bce2c023f8c5b8d628742aa2f60752a2e605132cd32f62ed SHA512 2747cbe38546f500d165f024ebb2dc5be70fa68d20702af3f61e97db685eba94caf65307293137c76ea6cfcc189ed24aaee025c80cd33f26609e5fe512bdda73

32
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch vendored
View File

@ -1,32 +0,0 @@
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:43 +0200
Subject: gpg: accept subkeys with a good revocation but no self-sig during
import
* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
encounter a valid revocation signature. This allows import of subkey
revocation signatures, even in the absence of a corresponding subkey
binding signature.
--
This fixes the remaining test in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/import.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/g10/import.c b/g10/import.c
index f9acf95..9217911 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -3602,6 +3602,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self)
/* It's valid, so is it newer? */
if (sig->timestamp >= rsdate)
{
+ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */
if (rsnode)
{
/* Delete the last revocation sig since

106
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-allow-import-of-previously-known-keys-even-without-UI.patch vendored
View File

@ -1,106 +0,0 @@
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:42 +0200
Subject: gpg: allow import of previously known keys, even without UIDs
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
has no user id, as long as we already have a local variant of the cert
that matches the primary key.
--
This fixes two of the three broken tests in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/import.c | 44 +++++++++++---------------------------------
1 file changed, 11 insertions(+), 33 deletions(-)
diff --git a/g10/import.c b/g10/import.c
index 5d3162c..f9acf95 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl,
size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0;
- int any_filter = 0;
KEYDB_HANDLE hd = NULL;
if (r_valid)
@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl,
log_printf ("\n");
}
-
- if (!uidnode )
- {
- if (!silent)
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
- return 0;
- }
-
if (screener && screener (keyblock, screener_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -1907,17 +1898,10 @@ import_one_real (ctrl_t ctrl,
}
}
- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
- {
- if (!silent)
- {
- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if (!opt.quiet )
- log_info(_("this may be caused by a missing self-signature\n"));
- }
- stats->no_user_id++;
- return 0;
- }
+ /* Delete invalid parts, and note if we have any valid ones left.
+ * We will later abort import if this key is new but contains
+ * no valid uids. */
+ delete_inv_parts (ctrl, keyblock, keyid, options);
/* Get rid of deleted nodes. */
commit_kbnode (&keyblock);
@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl,
{
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock);
- any_filter = 1;
}
if (import_filter.drop_sig)
{
apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
commit_kbnode (&keyblock);
- any_filter = 1;
- }
-
- /* If we ran any filter we need to check that at least one user id
- * is left in the keyring. Note that we do not use log_error in
- * this case. */
- if (any_filter && !any_uid_left (keyblock))
- {
- if (!opt.quiet )
- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
- stats->no_user_id++;
- return 0;
}
/* The keyblock is valid and ready for real import. */
@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl,
err = 0;
stats->skipped_new_keys++;
}
+ else if (err && !any_uid_left (keyblock))
+ {
+ if (!silent)
+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
+ err = 0;
+ stats->no_user_id++;
+ }
else if (err) /* Insert this key. */
{
/* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */

79
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/gnupg-2.2.20.ebuild → sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/gnupg-2.2.29.ebuild vendored
View File

@ -1,7 +1,7 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
EAPI=8
inherit flag-o-matic systemd toolchain-funcs
@ -13,14 +13,13 @@ SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
# Existence of executables is checked during configuration.
DEPEND="!app-crypt/dirmngr
>=dev-libs/libassuan-2.5.0
>=dev-libs/libgcrypt-1.7.3
>=dev-libs/libgpg-error-1.28
DEPEND=">=dev-libs/libassuan-2.5.0
>=dev-libs/libgcrypt-1.8.0
>=dev-libs/libgpg-error-1.29
>=dev-libs/libksba-1.3.4
>=dev-libs/npth-1.2
>=net-misc/curl-7.10
@ -51,10 +50,6 @@ DOCS=(
PATCHES=(
"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
# Flatcar: the patches below are added only for Flatcar, to address the
# upstream gnupg issue https://dev.gnupg.org/T4393.
"${FILESDIR}/${PN}-allow-import-of-previously-known-keys-even-without-UI.patch"
"${FILESDIR}/${PN}-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch"
)
src_prepare() {
@ -71,19 +66,36 @@ src_prepare() {
}
src_configure() {
local myconf=()
local myconf=(
$(use_enable bzip2)
$(use_enable nls)
$(use_enable smartcard scdaemon)
$(use_enable ssl gnutls)
$(use_enable tofu)
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
$(use_enable wks-server wks-tools)
$(use_with ldap)
$(use_with readline)
--with-mailprog=/usr/libexec/sendmail
--disable-ntbtls
--enable-all-tests
--enable-gpg
--enable-gpgsm
--enable-large-secmem
CC_FOR_BUILD="$(tc-getBUILD_CC)"
GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
if use prefix && use usb; then
# bug #649598
append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
fi
if use elibc_SunOS || use elibc_AIX; then
myconf+=( --disable-symcryptrun )
else
myconf+=( --enable-symcryptrun )
fi
#bug 663142
if use user-socket; then
myconf+=( --enable-run-gnupg-user-socket )
@ -102,30 +114,7 @@ src_configure() {
# the build where the install guide previously make the user chose the
# logger & mta early in the install.
econf \
"${myconf[@]}" \
$(use_enable bzip2) \
$(use_enable nls) \
$(use_enable smartcard scdaemon) \
$(use_enable ssl gnutls) \
$(use_enable tofu) \
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') \
$(use_enable wks-server wks-tools) \
$(use_with ldap) \
$(use_with readline) \
--with-mailprog=/usr/libexec/sendmail \
--disable-ntbtls \
--enable-all-tests \
--enable-gpg \
--enable-gpgsm \
--enable-large-secmem \
CC_FOR_BUILD="$(tc-getBUILD_CC)" \
GPG_ERROR_CONFIG="${EROOT}/usr/bin/${CHOST}-gpg-error-config" \
KSBA_CONFIG="${EROOT}/usr/bin/ksba-config" \
LIBASSUAN_CONFIG="${EROOT}/usr/bin/libassuan-config" \
LIBGCRYPT_CONFIG="${EROOT}/usr/bin/${CHOST}-libgcrypt-config" \
NPTH_CONFIG="${EROOT}/usr/bin/npth-config" \
$("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
econf "${myconf[@]}"
}
src_compile() {
@ -161,9 +150,3 @@ src_install() {
systemd_douserunit doc/examples/systemd-user/*.{service,socket}
}
pkg_postinst() {
elog "See https://wiki.gentoo.org/wiki/GnuPG for documentation on gnupg"
elog
elog "If you wish to use 'gpg-wks-client --send', you must install an MTA!"
}

23
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/metadata.xml vendored
View File

@ -1,15 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>k_f@gentoo.org</email>
<name>Kristian Fiskerstrand</name>
<email>zlogene@gentoo.org</email>
<name>Mikle Kolyada</name>
</maintainer>
<maintainer type="person">
<email>polynomial-c@gentoo.org</email>
<name>Lars Wendler</name>
</maintainer>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<longdescription>
GnuPG is a complete and free implementation of the OpenPGP standard as
defined by RFC4880.
</longdescription>
<use>
<flag name="scd-shared-access">
Allow concurrent access to scdaemon by multiple apps from same
user. Useful if you want to use scdaemon with gnupg and for
example NitroKey.
</flag>
<flag name="smartcard">
Build scdaemon software. Enables usage of OpenPGP cards. For
other type of smartcards, try <pkg>app-crypt/gnupg-pkcs11-scd</pkg>.