mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-12 07:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

app-crypt/gnupg: Sync with Gentoo

Browse Source 
It's from Gentoo commit d987187cc95abbca02949ae2d94a84963fe5f74a.
This commit is contained in:
Flatcar Buildbot 2024-03-04 07:55:54 +00:00 committed by Krzesimir Nowak
parent f475b073f6
commit 9bc092945a
11 changed files with 200 additions and 1173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/Manifest vendored
View File

@ -1,8 +1,4 @@
DIST gnupg-2.2.41.tar.bz2 7313746 BLAKE2B 0be2965a646a8636a127f89329030860908b0bbc447381782527459aed85f5276c29e7a2c89f87cb715407d9f1aabbf3ae1765073764d05e422035e8d5962569 SHA512 f472e5058ea9881355f0c754a47acd0b5360c36e8976b8563dbc763a7cef792bf88227cc15fe5172d3e9bb9fc34d8448dd5c183949031e91a1997cc7f0f83b55
DIST gnupg-2.2.41.tar.bz2.sig 238 BLAKE2B 7a4dc8dd4b3da77f6684325f46e3e3b1aeac6fcd8382e3148da1a01a5c5a9e14c1352fb28b61e500388d647e1103b8f78ad49e467e01b732c4a13eb849859b98 SHA512 ac6edd35c6b02a02d6c8a4468332213f20159f972aa2f7fd25c6841c662b3d84db5230330d540e0785ddaff080daf8dd250292104ff47560ad59c11803aabefa
DIST gnupg-2.2.42.tar.bz2 7434291 BLAKE2B 5f7f01f31949e5258d638fbff81fa641e5c167e6eaf32c55eb187d4a31b31cd4fe6e51c622e74d8544c4f95c75484e15117f26a8cf26055ff6813d75e54f2b8a SHA512 9c59d034f428d42323b5520e1a8984acc1505ba1d96d90f00e17b24aa91660b2dc64e1a3ceb044c56f39b4c402a77c7e0b226c65218c23c094781b4ef51e2eb5
DIST gnupg-2.2.42.tar.bz2.sig 238 BLAKE2B 251ad0a832042ceb93b0edfda8652104bfb463e291322f22f0ab0d9b35606c3589be7a6f3e9e2aac8f6ac368a7d11840ab83b29997587dc65685de9f2dec3fee SHA512 7073bfc920c571680a1de57b4e6cd83cde24ccb3b5f592602b0c32fd762eef497027b08745044c9f41130ca99bb7ec77222568c2d0a1099d3c1c15137e0221d7
DIST gnupg-2.4.3.tar.bz2 7351327 BLAKE2B b7f4f5e548ec6dfc89cf8792f507ee8642e8500692998cf8d2edc9f5d8002904d24a714b9caffabee6094707c4595e0f54197535135622a7a32aa772f5818f28 SHA512 193a9398445272ec3eb5b79e802efb7414f74bcfffc3db0bf72c0056e04228120c419ed91db168e5733a16a33e548bab5368dd9cf11ecd483825bce189341a1e
DIST gnupg-2.4.3.tar.bz2.sig 119 BLAKE2B 763c0569e5378e132de39e1583c19bae8912455bf7cd5a65bcfc88fa43be99fb6bbf8397192b3086db2f6f0f63fc25789f5e6ce98b2fe63cda3bf673b1c60a20 SHA512 7affff694d194c3befdfc865a7872c0883304ea704e3691eac328d802f12f4f82c2a93eaa1257d3e09b38494b38185f5b8cf35c964f0c3846bbb29b93727ffee
DIST gnupg-2.4.4.tar.bz2 7886036 BLAKE2B 02661e89f0358be09fa3e71e7235b764a7dbda62a48a0c8c7a4e6c9919c3b37d54ead50b930af58f8f2fdb87861b849d3f3751e95cbedf46bdfd76caa90c4db4 SHA512 3d1a3b08d1ce2319d238d8be96591e418ede1dc0b4ede33a4cc2fe40e9c56d5bbc27b1984736d8a786e7f292ddbc836846a8bdb4bf89f064e953c37cb54b94ef
DIST gnupg-2.4.4.tar.bz2.sig 237 BLAKE2B 6ee5878c36fbec747a6d84a268903749d862aab50dd7f9a389aabbf7b94dec1c424615f520b5f4a6d44e02093e8d9ad0b08d0c6cf6fd8886d8c174ce9faac99c SHA512 3ae7b6833576df851901a7619459b514bb82faeed350c864a57a782719d21f694d9ced5a3445c81dfa584a0302f87fedc660b08ea97bb8b861e76d7c5b46d07f

156
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.2.42-dirmngr-proxy.patch vendored Normal file
View File

@ -0,0 +1,156 @@
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=d6c428699db7aa20f8b6ca9fe83197a0314b7e91
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c33c4fdf10b7ed9e03f2afe988d93f3085b727aa
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=41c022072599bc3f12f659e962653548cd86fa3a
From d6c428699db7aa20f8b6ca9fe83197a0314b7e91 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 15 Feb 2024 15:38:34 +0900
Subject: [PATCH] dirmngr: Fix proxy with TLS.
* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
available regardless of USE_TLS.
(send_request): Remove USE_TLS.
--
Since quite some time building w/o TLS won't work.
GnuPG-bug-id: 6997
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2498,9 +2498,7 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
}
-
/* Use the CONNECT method to proxy our TLS stream. */
-#ifdef USE_TLS
static gpg_error_t
run_proxy_connect (http_t hd, proxy_info_t proxy,
const char *httphost, const char *server,
@@ -2709,7 +2707,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
xfree (tmpstr);
return err;
}
-#endif /*USE_TLS*/
/* Make a request string using a standard proxy. On success the
@@ -2866,7 +2863,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
goto leave;
}
-#if USE_TLS
if (use_http_proxy && hd->uri->use_tls)
{
err = run_proxy_connect (hd, proxy, httphost, server, port);
@@ -2878,7 +2874,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
* clear the flag to indicate this. */
use_http_proxy = 0;
}
-#endif /* USE_TLS */
#if HTTP_USE_NTBTLS
err = run_ntbtls_handshake (hd);
--
2.30.2
From c33c4fdf10b7ed9e03f2afe988d93f3085b727aa Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 16 Feb 2024 11:31:37 +0900
Subject: [PATCH] dirmngr: Fix the regression of use of proxy for TLS
connection.
* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
causes resource leak of FP_WRITE.
Don't try to read response body to fix the hang.
--
GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2520,6 +2520,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
* RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
*/
auth_basic = !!proxy->uri->auth;
+ hd->keep_alive = 0;
/* For basic authentication we need to send just one request. */
if (auth_basic
@@ -2541,13 +2542,12 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
httphost ? httphost : server,
port,
authhdr ? authhdr : "",
- auth_basic? "" : "Connection: keep-alive\r\n");
+ hd->keep_alive? "Connection: keep-alive\r\n" : "");
if (!request)
{
err = gpg_error_from_syserror ();
goto leave;
}
- hd->keep_alive = !auth_basic; /* We may need to send more requests. */
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_with_string (request, "http.c:proxy:request:");
@@ -2574,16 +2574,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
if (err)
goto leave;
- {
- unsigned long count = 0;
-
- while (es_getc (hd->fp_read) != EOF)
- count++;
- if (opt_debug)
- log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
- count);
- }
-
/* Reset state. */
es_clearerr (hd->fp_read);
((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
--
2.30.2
From 41c022072599bc3f12f659e962653548cd86fa3a Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 16 Feb 2024 16:24:26 +0900
Subject: [PATCH] dirmngr: Fix keep-alive flag handling.
* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
Authentication. Fix resource leak of FP_WRITE.
--
GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2520,7 +2520,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
* RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
*/
auth_basic = !!proxy->uri->auth;
- hd->keep_alive = 0;
+ hd->keep_alive = !auth_basic; /* We may need to send more requests. */
/* For basic authentication we need to send just one request. */
if (auth_basic
@@ -2684,6 +2684,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
}
leave:
+ if (hd->keep_alive)
+ {
+ es_fclose (hd->fp_write);
+ hd->fp_write = NULL;
+ /* The close has released the cookie and thus we better set it
+ * to NULL. */
+ hd->write_cookie = NULL;
+ }
/* Restore flags, destroy stream, reset state. */
hd->flags = saved_flags;
es_fclose (hd->fp_read);
--
2.30.2

39
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.2.42-gpgme-tests.patch vendored Normal file
View File

@ -0,0 +1,39 @@
https://bugs.gentoo.org/924386
https://dev.gnupg.org/T7003
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f50c543326c2eea6b40f548d61cf3a66a077bf54
From f50c543326c2eea6b40f548d61cf3a66a077bf54 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 1 Mar 2024 13:59:43 +0900
Subject: [PATCH] agent: Allow simple KEYINFO command when restricted.
* agent/command.c (cmd_keyinfo): Only forbid list command.
--
GnuPG-bug-id: 7003
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--- a/agent/command.c
+++ b/agent/command.c
@@ -1282,9 +1282,6 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
char hexgrip[41];
int disabled, ttl, confirm, is_ssh;
- if (ctrl->restricted)
- return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
-
if (has_option (line, "--ssh-list"))
list_mode = 2;
else
@@ -1333,6 +1330,9 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
char *dirname;
gnupg_dirent_t dir_entry;
+ if (ctrl->restricted)
+ return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+
dirname = make_filename_try (gnupg_homedir (),
GNUPG_PRIVATE_KEYS_DIR, NULL);
if (!dirname)
--
2.30.2

564
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch vendored
View File

@ -1,564 +0,0 @@
https://bugs.gentoo.org/907839
https://dev.gnupg.org/T6481
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2f872fa68c6576724b9dabee9fb0844266f55d0d
From 2f872fa68c6576724b9dabee9fb0844266f55d0d Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 24 May 2023 10:36:04 +0900
Subject: [PATCH] gpg: Report BEGIN_* status before examining the input.
* common/miscellaneous.c (is_openpgp_compressed_packet)
(is_file_compressed): Moved to ...
* common/iobuf.c: ... in this file.
(is_file_compressed): Change the argument to INP, the iobuf.
* common/util.h (is_file_compressed): Remove.
* common/iobuf.h (is_file_compressed): Add.
* g10/cipher-aead.c (write_header): Don't call write_status_printf
here.
(cipher_filter_aead): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/cipher-cfb.c (write_header): Don't call write_status_printf
here.
(cipher_filter_cfb): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
after call of iobuf_push_filter.
(encrypt_crypt): Likewise.
* g10/sign.c (sign_file): Likewise.
--
GnuPG-bug-id: 6481
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -3057,3 +3057,123 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
}
}
}
+
+
+/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
+ * packet. LEN should be at least 6. */
+static int
+is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
+{
+ int c, ctb, pkttype;
+ int lenbytes;
+
+ ctb = *buf++; len--;
+ if (!(ctb & 0x80))
+ return 0; /* Invalid packet. */
+
+ if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */
+ {
+ pkttype = (ctb & 0x3f);
+ if (!len)
+ return 0; /* Expected first length octet missing. */
+ c = *buf++; len--;
+ if (c < 192)
+ ;
+ else if (c < 224)
+ {
+ if (!len)
+ return 0; /* Expected second length octet missing. */
+ }
+ else if (c == 255)
+ {
+ if (len < 4)
+ return 0; /* Expected length octets missing */
+ }
+ }
+ else /* Old style CTB. */
+ {
+ pkttype = (ctb>>2)&0xf;
+ lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
+ if (len < lenbytes)
+ return 0; /* Not enough length bytes. */
+ }
+
+ return (pkttype == 8);
+}
+
+
+/*
+ * Check if the file is compressed, by peeking the iobuf. You need to
+ * pass the iobuf with INP. Returns true if the buffer seems to be
+ * compressed.
+ */
+int
+is_file_compressed (iobuf_t inp)
+{
+ int i;
+ char buf[32];
+ int buflen;
+
+ struct magic_compress_s
+ {
+ byte len;
+ byte extchk;
+ byte magic[5];
+ } magic[] =
+ {
+ { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
+ { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
+ { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
+ { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
+ { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
+ { 5, 2, { 0x89, 'P','N','G', 0x0d} } /* Likely PNG */
+ };
+
+ if (!inp)
+ return 0;
+
+ for ( ; inp->chain; inp = inp->chain )
+ ;
+
+ buflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof buf, buf);
+ if (buflen < 0)
+ {
+ buflen = 0;
+ log_debug ("peeking at input failed\n");
+ }
+
+ if ( buflen < 6 )
+ {
+ return 0; /* Too short to check - assume uncompressed. */
+ }
+
+ for ( i = 0; i < DIM (magic); i++ )
+ {
+ if (!memcmp( buf, magic[i].magic, magic[i].len))
+ {
+ switch (magic[i].extchk)
+ {
+ case 0:
+ return 1; /* Is compressed. */
+ case 1:
+ if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
+ return 1; /* JFIF: this likely a compressed JPEG. */
+ break;
+ case 2:
+ if (buflen > 8
+ && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
+ return 1; /* This is a PNG. */
+ break;
+ default:
+ break;
+ }
+ }
+ }
+
+ if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
+ {
+ return 1; /* Already compressed. */
+ }
+
+ return 0; /* Not detected as compressed. */
+}
--- a/common/iobuf.h
+++ b/common/iobuf.h
@@ -629,6 +629,9 @@ void iobuf_set_partial_body_length_mode (iobuf_t a, size_t len);
from the following filter (which may or may not return EOF). */
void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial);
+/* Check if the file is compressed, by peeking the iobuf. */
+int is_file_compressed (iobuf_t inp);
+
#define iobuf_where(a) "[don't know]"
/* Each time a filter is allocated (via iobuf_alloc()), a
--- a/common/miscellaneous.c
+++ b/common/miscellaneous.c
@@ -415,112 +415,6 @@ decode_c_string (const char *src)
}
-/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
- * packet. LEN should be at least 6. */
-static int
-is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
-{
- int c, ctb, pkttype;
- int lenbytes;
-
- ctb = *buf++; len--;
- if (!(ctb & 0x80))
- return 0; /* Invalid packet. */
-
- if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */
- {
- pkttype = (ctb & 0x3f);
- if (!len)
- return 0; /* Expected first length octet missing. */
- c = *buf++; len--;
- if (c < 192)
- ;
- else if (c < 224)
- {
- if (!len)
- return 0; /* Expected second length octet missing. */
- }
- else if (c == 255)
- {
- if (len < 4)
- return 0; /* Expected length octets missing */
- }
- }
- else /* Old style CTB. */
- {
- pkttype = (ctb>>2)&0xf;
- lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
- if (len < lenbytes)
- return 0; /* Not enough length bytes. */
- }
-
- return (pkttype == 8);
-}
-
-
-
-/*
- * Check if the file is compressed. You need to pass the first bytes
- * of the file as (BUF,BUFLEN). Returns true if the buffer seems to
- * be compressed.
- */
-int
-is_file_compressed (const byte *buf, unsigned int buflen)
-{
- int i;
-
- struct magic_compress_s
- {
- byte len;
- byte extchk;
- byte magic[5];
- } magic[] =
- {
- { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
- { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
- { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
- { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
- { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
- { 5, 2, { 0x89, 'P','N','G', 0x0d} } /* Likely PNG */
- };
-
- if ( buflen < 6 )
- {
- return 0; /* Too short to check - assume uncompressed. */
- }
-
- for ( i = 0; i < DIM (magic); i++ )
- {
- if (!memcmp( buf, magic[i].magic, magic[i].len))
- {
- switch (magic[i].extchk)
- {
- case 0:
- return 1; /* Is compressed. */
- case 1:
- if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
- return 1; /* JFIF: this likely a compressed JPEG. */
- break;
- case 2:
- if (buflen > 8
- && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
- return 1; /* This is a PNG. */
- break;
- default:
- break;
- }
- }
- }
-
- if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
- {
- return 1; /* Already compressed. */
- }
-
- return 0; /* Not detected as compressed. */
-}
-
-
/* Try match against each substring of multistr, delimited by | */
int
match_multistr (const char *multistr,const char *match)
--- a/common/util.h
+++ b/common/util.h
@@ -360,8 +360,6 @@ char *try_make_printable_string (const void *p, size_t n, int delim);
char *make_printable_string (const void *p, size_t n, int delim);
char *decode_c_string (const char *src);
-int is_file_compressed (const byte *buf, unsigned int buflen);
-
int match_multistr (const char *multistr,const char *match);
int gnupg_compare_version (const char *a, const char *b);
--- a/g10/cipher-aead.c
+++ b/g10/cipher-aead.c
@@ -174,8 +174,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
log_debug ("aead packet: len=%lu extralen=%d\n",
(unsigned long)ed.len, ed.extralen);
- write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
- cfx->dek->algo, ed.aead_algo);
print_cipher_algo_note (cfx->dek->algo);
if (build_packet( a, &pkt))
@@ -488,6 +486,11 @@ cipher_filter_aead (void *opaque, int control,
{
mem2str (buf, "cipher_filter_aead", *ret_len);
}
+ else if (control == IOBUFCTRL_INIT)
+ {
+ write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
+ cfx->dek->algo, cfx->dek->use_aead);
+ }
return rc;
}
--- a/g10/cipher-cfb.c
+++ b/g10/cipher-cfb.c
@@ -72,9 +72,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
}
- write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
- ed.mdc_method, cfx->dek->algo);
-
init_packet (&pkt);
pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
pkt.pkt.encrypted = &ed;
@@ -182,6 +179,12 @@ cipher_filter_cfb (void *opaque, int control,
{
mem2str (buf, "cipher_filter_cfb", *ret_len);
}
+ else if (control == IOBUFCTRL_INIT)
+ {
+ write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
+ cfx->dek->use_mdc ? DIGEST_ALGO_SHA1 : 0,
+ cfx->dek->algo);
+ }
return rc;
}
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -410,8 +410,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
text_filter_context_t tfx;
progress_filter_context_t *pfx;
int do_compress = !!default_compress_algo();
- char peekbuf[32];
- int peekbuflen;
if (!gnupg_rng_is_compliant (opt.compliance))
{
@@ -448,14 +446,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
return rc;
}
- peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
- if (peekbuflen < 0)
- {
- peekbuflen = 0;
- if (DBG_FILTER)
- log_debug ("peeking at input failed\n");
- }
-
handle_progress (pfx, inp, filename);
if (opt.textmode)
@@ -517,17 +507,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
/**/ : "CFB");
}
- if (do_compress
- && cfx.dek
- && (cfx.dek->use_mdc || cfx.dek->use_aead)
- && !opt.explicit_compress_option
- && is_file_compressed (peekbuf, peekbuflen))
- {
- if (opt.verbose)
- log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
- do_compress = 0;
- }
-
if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
{
iobuf_cancel (inp);
@@ -598,6 +577,24 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
else
filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
+ /* Register the cipher filter. */
+ if (mode)
+ iobuf_push_filter (out,
+ cfx.dek->use_aead? cipher_filter_aead
+ /**/ : cipher_filter_cfb,
+ &cfx );
+
+ if (do_compress
+ && cfx.dek
+ && (cfx.dek->use_mdc || cfx.dek->use_aead)
+ && !opt.explicit_compress_option
+ && is_file_compressed (inp))
+ {
+ if (opt.verbose)
+ log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
+ do_compress = 0;
+ }
+
if (!opt.no_literal)
{
/* Note that PT has been initialized above in !no_literal mode. */
@@ -617,13 +614,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
pkt.pkt.generic = NULL;
}
- /* Register the cipher filter. */
- if (mode)
- iobuf_push_filter (out,
- cfx.dek->use_aead? cipher_filter_aead
- /**/ : cipher_filter_cfb,
- &cfx );
-
/* Register the compress filter. */
if ( do_compress )
{
@@ -783,7 +773,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
PKT_plaintext *pt = NULL;
DEK *symkey_dek = NULL;
STRING2KEY *symkey_s2k = NULL;
- int rc = 0, rc2 = 0;
+ int rc = 0;
u32 filesize;
cipher_filter_context_t cfx;
armor_filter_context_t *afx = NULL;
@@ -792,8 +782,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
progress_filter_context_t *pfx;
PK_LIST pk_list;
int do_compress;
- char peekbuf[32];
- int peekbuflen;
if (filefd != -1 && filename)
return gpg_error (GPG_ERR_INV_ARG); /* Both given. */
@@ -866,14 +854,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
if (opt.verbose)
log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp));
- peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
- if (peekbuflen < 0)
- {
- peekbuflen = 0;
- if (DBG_FILTER)
- log_debug ("peeking at input failed\n");
- }
-
handle_progress (pfx, inp, filename);
if (opt.textmode)
@@ -900,25 +880,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
if (!cfx.dek->use_aead)
cfx.dek->use_mdc = !!use_mdc (pk_list, cfx.dek->algo);
- /* Only do the is-file-already-compressed check if we are using a
- * MDC or AEAD. This forces compressed files to be re-compressed if
- * we do not have a MDC to give some protection against chosen
- * ciphertext attacks. */
- if (do_compress
- && (cfx.dek->use_mdc || cfx.dek->use_aead)
- && !opt.explicit_compress_option
- && is_file_compressed (peekbuf, peekbuflen))
- {
- if (opt.verbose)
- log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
- do_compress = 0;
- }
- if (rc2)
- {
- rc = rc2;
- goto leave;
- }
-
make_session_key (cfx.dek);
if (DBG_CRYPTO)
log_printhex (cfx.dek->key, cfx.dek->keylen, "DEK is: ");
@@ -960,6 +921,26 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
else
filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
+ /* Register the cipher filter. */
+ iobuf_push_filter (out,
+ cfx.dek->use_aead? cipher_filter_aead
+ /**/ : cipher_filter_cfb,
+ &cfx);
+
+ /* Only do the is-file-already-compressed check if we are using a
+ * MDC or AEAD. This forces compressed files to be re-compressed if
+ * we do not have a MDC to give some protection against chosen
+ * ciphertext attacks. */
+ if (do_compress
+ && (cfx.dek->use_mdc || cfx.dek->use_aead)
+ && !opt.explicit_compress_option
+ && is_file_compressed (inp))
+ {
+ if (opt.verbose)
+ log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
+ do_compress = 0;
+ }
+
if (!opt.no_literal)
{
pt->timestamp = make_timestamp();
@@ -974,12 +955,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
else
cfx.datalen = filesize && !do_compress ? filesize : 0;
- /* Register the cipher filter. */
- iobuf_push_filter (out,
- cfx.dek->use_aead? cipher_filter_aead
- /**/ : cipher_filter_cfb,
- &cfx);
-
/* Register the compress filter. */
if (do_compress)
{
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1035,9 +1035,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
int multifile = 0;
u32 duration=0;
pt_extra_hash_data_t extrahash = NULL;
- char peekbuf[32];
- int peekbuflen = 0;
-
pfx = new_progress_context ();
afx = new_armor_context ();
@@ -1096,14 +1093,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
goto leave;
}
- peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
- if (peekbuflen < 0)
- {
- peekbuflen = 0;
- if (DBG_FILTER)
- log_debug ("peeking at input failed\n");
- }
-
handle_progress (pfx, inp, fname);
}
@@ -1261,7 +1250,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
int compr_algo = opt.compress_algo;
if (!opt.explicit_compress_option
- && is_file_compressed (peekbuf, peekbuflen))
+ && is_file_compressed (inp))
{
if (opt.verbose)
log_info(_("'%s' already compressed\n"), fname? fname: "[stdin]");
--
2.11.0

28
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch vendored
View File

@ -1,28 +0,0 @@
https://dev.gnupg.org/T6579
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dc13361524c1477b2106c7385f2059f9ea111b84
From dc13361524c1477b2106c7385f2059f9ea111b84 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 5 Jul 2023 09:29:54 +0900
Subject: [PATCH] dirmngr: Enable the call of ks_ldap_help_variables when
USE_LDAP.
* dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2776,7 +2776,9 @@ cmd_ad_query (assuan_context_t ctx, char *line)
if (opt_help)
{
+#if USE_LDAP
ks_ldap_help_variables (ctrl);
+#endif
err = 0;
goto leave;
}
--
2.11.0

179
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.41.ebuild vendored
View File

@ -1,179 +0,0 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should:
# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
# (find the one for the current release then subscribe to it +
# any subsequent ones linked within so you're covered for a while.)
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
MY_P="${P/_/-}"
DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="https://gnupg.org/"
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
# Existence of executables is checked during configuration.
# Note: On each bump, update dep bounds on each version from configure.ac!
DEPEND="
>=dev-libs/libassuan-2.5.0
>=dev-libs/libgcrypt-1.8.0:=
>=dev-libs/libgpg-error-1.38
>=dev-libs/libksba-1.3.5
>=dev-libs/npth-1.2
>=net-misc/curl-7.10
sys-libs/zlib
bzip2? ( app-arch/bzip2 )
ldap? ( net-nds/openldap:= )
readline? ( sys-libs/readline:= )
smartcard? ( usb? ( virtual/libusb:1 ) )
ssl? ( >=net-libs/gnutls-3.0:= )
tofu? ( >=dev-db/sqlite-3.7 )
"
RDEPEND="
${DEPEND}
app-crypt/pinentry
nls? ( virtual/libintl )
selinux? ( sec-policy/selinux-gpg )
wks-server? ( virtual/mta )
"
BDEPEND="
virtual/pkgconfig
doc? ( sys-apps/texinfo )
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-gnupg )
"
DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
)
PATCHES=(
"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
)
src_prepare() {
default
# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
#
# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
# which in turn requires discovery in Autoconf, something that upstream deeply resents.
sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
}
my_src_configure() {
# Upstream don't support LTO, bug #854222.
filter-lto
local myconf=(
$(use_enable bzip2)
$(use_enable nls)
$(use_enable smartcard scdaemon)
$(use_enable ssl gnutls)
$(use_enable test all-tests)
$(use_enable test tests)
$(use_enable tofu)
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
$(use_enable wks-server wks-tools)
$(use_with ldap)
$(use_with readline)
# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
# As of GnuPG 2.3, the mailprog substitution is used for the binary called
# by wks-client & wks-server; and if it's autodetected but not not exist at
# build time, then then 'gpg-wks-client --send' functionality will not
# work. This has an unwanted side-effect in stage3 builds: there was a
# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
# the build where the install guide previously make the user chose the
# logger & mta early in the install.
--with-mailprog=/usr/libexec/sendmail
--disable-ntbtls
--enable-gpg
--enable-gpgsm
--enable-large-secmem
CC_FOR_BUILD="$(tc-getBUILD_CC)"
GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
if use prefix && use usb; then
# bug #649598
append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
fi
# bug #663142
if use user-socket; then
myconf+=( --enable-run-gnupg-user-socket )
fi
# glib fails and picks up clang's internal stdint.h causing weird errors
tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
econf "${myconf[@]}"
}
my_src_compile() {
default
use doc && emake -C doc html
}
my_src_test() {
export TESTFLAGS="--parallel=$(makeopts_jobs)"
default
}
my_src_install() {
emake DESTDIR="${D}" install
use tools && dobin \
tools/{gpg-zip,gpgconf,gpgsplit,gpg-check-pattern} \
tools/make-dns-cert
dosym gpg /usr/bin/gpg2
dosym gpgv /usr/bin/gpgv2
echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
use doc && dodoc doc/gnupg.html/*
}
my_src_install_all() {
einstalldocs
use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
use doc && dodoc doc/*.png
systemd_douserunit doc/examples/systemd-user/*.{service,socket}
}

2
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild vendored
View File

@ -23,7 +23,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
RESTRICT="!test? ( test )"

3
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r1.ebuild → sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r3.ebuild vendored
View File

@ -67,6 +67,9 @@ DOCS=(
PATCHES=(
"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
"${FILESDIR}"/${P}-bug923248-insecure-backup.patch
"${FILESDIR}"/${P}-dirmngr-proxy.patch
"${FILESDIR}"/${P}-gpgme-tests.patch
)
src_prepare() {

198
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.3-r1.ebuild vendored
View File

@ -1,198 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should:
# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
# (find the one for the current release then subscribe to it +
# any subsequent ones linked within so you're covered for a while.)
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
MY_P="${P/_/-}"
DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="https://gnupg.org/"
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
REQUIRED_USE="test? ( tofu )"
# Existence of executables is checked during configuration.
# Note: On each bump, update dep bounds on each version from configure.ac!
DEPEND="
>=dev-libs/libassuan-2.5.0
>=dev-libs/libgcrypt-1.9.1:=
>=dev-libs/libgpg-error-1.46
>=dev-libs/libksba-1.6.3
>=dev-libs/npth-1.2
>=net-misc/curl-7.10
sys-libs/zlib
bzip2? ( app-arch/bzip2 )
ldap? ( net-nds/openldap:= )
readline? ( sys-libs/readline:0= )
smartcard? ( usb? ( virtual/libusb:1 ) )
tofu? ( >=dev-db/sqlite-3.27 )
tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
ssl? ( >=net-libs/gnutls-3.0:0= )
"
RDEPEND="
${DEPEND}
nls? ( virtual/libintl )
selinux? ( sec-policy/selinux-gpg )
wks-server? ( virtual/mta )
"
PDEPEND="
app-crypt/pinentry
"
BDEPEND="
virtual/pkgconfig
doc? ( sys-apps/texinfo )
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-gnupg )
"
DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
)
PATCHES=(
"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
"${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch
"${FILESDIR}"/${P}-no-ldap.patch
)
src_prepare() {
default
GNUPG_SYSTEMD_UNITS=(
dirmngr.service
dirmngr.socket
gpg-agent-browser.socket
gpg-agent-extra.socket
gpg-agent.service
gpg-agent.socket
gpg-agent-ssh.socket
)
cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
#
# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
# which in turn requires discovery in Autoconf, something that upstream deeply resents.
sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-i "${T}"/gpg-agent-ssh.socket || die
}
my_src_configure() {
# Upstream don't support LTO, bug #854222.
filter-lto
local myconf=(
$(use_enable bzip2)
$(use_enable nls)
$(use_enable smartcard scdaemon)
$(use_enable ssl gnutls)
$(use_enable test all-tests)
$(use_enable test tests)
$(use_enable tofu)
$(use_enable tofu keyboxd)
$(use_enable tofu sqlite)
$(usex tpm '--with-tss=intel' '--disable-tpm2d')
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
$(use_enable wks-server wks-tools)
$(use_with ldap)
$(use_with readline)
# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
# As of GnuPG 2.3, the mailprog substitution is used for the binary called
# by wks-client & wks-server; and if it's autodetected but not not exist at
# build time, then then 'gpg-wks-client --send' functionality will not
# work. This has an unwanted side-effect in stage3 builds: there was a
# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
# the build where the install guide previously make the user chose the
# logger & mta early in the install.
--with-mailprog=/usr/libexec/sendmail
--disable-ntbtls
--enable-gpgsm
--enable-large-secmem
CC_FOR_BUILD="$(tc-getBUILD_CC)"
GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
if use prefix && use usb; then
# bug #649598
append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
fi
# bug #663142
if use user-socket; then
myconf+=( --enable-run-gnupg-user-socket )
fi
# glib fails and picks up clang's internal stdint.h causing weird errors
tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
econf "${myconf[@]}"
}
my_src_compile() {
default
use doc && emake -C doc html
}
my_src_test() {
export TESTFLAGS="--parallel=$(makeopts_jobs)"
default
}
my_src_install() {
emake DESTDIR="${D}" install
use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
dosym gpg /usr/bin/gpg2
dosym gpgv /usr/bin/gpgv2
echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
use doc && dodoc doc/gnupg.html/*
}
my_src_install_all() {
einstalldocs
use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
use doc && dodoc doc/*.png
# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
dodoc "${FILESDIR}"/README-systemd
systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
}

2
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild vendored
View File

@ -23,7 +23,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
REQUIRED_USE="test? ( tofu )"

198
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.4.ebuild vendored
View File

@ -1,198 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should:
# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
# (find the one for the current release then subscribe to it +
# any subsequent ones linked within so you're covered for a while.)
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
MY_P="${P/_/-}"
DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="https://gnupg.org/"
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
REQUIRED_USE="test? ( tofu )"
# Existence of executables is checked during configuration.
# Note: On each bump, update dep bounds on each version from configure.ac!
DEPEND="
>=dev-libs/libassuan-2.5.0
>=dev-libs/libgcrypt-1.9.1:=
>=dev-libs/libgpg-error-1.46
>=dev-libs/libksba-1.6.3
>=dev-libs/npth-1.2
>=net-misc/curl-7.10
sys-libs/zlib
bzip2? ( app-arch/bzip2 )
ldap? ( net-nds/openldap:= )
readline? ( sys-libs/readline:0= )
smartcard? ( usb? ( virtual/libusb:1 ) )
tofu? ( >=dev-db/sqlite-3.27 )
tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
ssl? ( >=net-libs/gnutls-3.2:0= )
"
RDEPEND="
${DEPEND}
nls? ( virtual/libintl )
selinux? ( sec-policy/selinux-gpg )
wks-server? ( virtual/mta )
"
PDEPEND="
app-crypt/pinentry
"
BDEPEND="
virtual/pkgconfig
doc? ( sys-apps/texinfo )
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-gnupg )
"
DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
)
PATCHES=(
"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
#"${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch
#"${FILESDIR}"/${PN}-2.4.3-no-ldap.patch
)
src_prepare() {
default
GNUPG_SYSTEMD_UNITS=(
dirmngr.service
dirmngr.socket
gpg-agent-browser.socket
gpg-agent-extra.socket
gpg-agent.service
gpg-agent.socket
gpg-agent-ssh.socket
)
cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
#
# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
# which in turn requires discovery in Autoconf, something that upstream deeply resents.
sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-i "${T}"/gpg-agent-ssh.socket || die
}
my_src_configure() {
# Upstream don't support LTO, bug #854222.
filter-lto
local myconf=(
$(use_enable bzip2)
$(use_enable nls)
$(use_enable smartcard scdaemon)
$(use_enable ssl gnutls)
$(use_enable test all-tests)
$(use_enable test tests)
$(use_enable tofu)
$(use_enable tofu keyboxd)
$(use_enable tofu sqlite)
$(usex tpm '--with-tss=intel' '--disable-tpm2d')
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
$(use_enable wks-server wks-tools)
$(use_with ldap)
$(use_with readline)
# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
# As of GnuPG 2.3, the mailprog substitution is used for the binary called
# by wks-client & wks-server; and if it's autodetected but not not exist at
# build time, then then 'gpg-wks-client --send' functionality will not
# work. This has an unwanted side-effect in stage3 builds: there was a
# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
# the build where the install guide previously make the user chose the
# logger & mta early in the install.
--with-mailprog=/usr/libexec/sendmail
--disable-ntbtls
--enable-gpgsm
--enable-large-secmem
CC_FOR_BUILD="$(tc-getBUILD_CC)"
GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
if use prefix && use usb; then
# bug #649598
append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
fi
# bug #663142
if use user-socket; then
myconf+=( --enable-run-gnupg-user-socket )
fi
# glib fails and picks up clang's internal stdint.h causing weird errors
tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
econf "${myconf[@]}"
}
my_src_compile() {
default
use doc && emake -C doc html
}
my_src_test() {
export TESTFLAGS="--parallel=$(makeopts_jobs)"
default
}
my_src_install() {
emake DESTDIR="${D}" install
use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
dosym gpg /usr/bin/gpg2
dosym gpgv /usr/bin/gpgv2
echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
use doc && dodoc doc/gnupg.html/*
}
my_src_install_all() {
einstalldocs
use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
use doc && dodoc doc/*.png
# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
dodoc "${FILESDIR}"/README-systemd
systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
}