mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-02-07 16:51:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

app-crypt/gnupg: Sync with Gentoo

Browse Source 
It's from Gentoo commit 5d13f520cbffbd379192a3644046c6835826a6c3.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
This commit is contained in:
Krzesimir Nowak 2026-01-23 13:12:21 +01:00
parent 5611890b22
commit c2ede77c37
9 changed files with 22 additions and 848 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/Manifest vendored
View File

@ -1,8 +1,4 @@
DIST gnupg-2.2.45.tar.bz2 7447141 BLAKE2B 8fe2036325e31332166c0477ce9514152c8417a9f61b3edc43487340d5b52e6a4d4c2b104ca9fe7ce6893e6d2977e2cd9c9ccfb52c0b1ea18dae3304ec6ec7f3 SHA512 086bb2a96ff4a681451b357495c8b435229e6526e1121d8faee3cb2ecc9c14965c92c9b1ccbbf3a03f6c59c215cca85a5c4f740f2df7c008a9fa672b370bf33c
DIST gnupg-2.2.45.tar.bz2.sig 119 BLAKE2B 6656747b2d640a95c4172a221952fa75f7d03c231b7c6d40ea57b43a5bcfbceb800023ca2f352ca09325aaf186a7bf31fcfe7104129c5d6628f0e1256994df76 SHA512 181195a76eede8113bd8f2a7f5bc20674226f6327cf8263389e3d178c205ed2d817b28f2d3b504dd9f852f22fc283d2c14e809ba1c05cfe88b66103845ff114c
DIST gnupg-2.4.8.tar.bz2 8017685 BLAKE2B ab7126aac6c7bf323075c68084c963f75d93c729d8918b6ca10ef0a4466879636433c682a5437776d2ce9f5d432e1f66995dd94a4f44d7f184542f030087dbb2 SHA512 d7f07a258141a583bc8be18c0984d7dfe8508f12c624c053881ee63dfee11adcda8de216bcaaef9f5d24a1e217de70bf69ee2e3cc43b0da66a0e571ce9c4b436
DIST gnupg-2.4.8.tar.bz2.sig 119 BLAKE2B 4f94b2abc40b17cfab44f28fc2a2ae5246f8356141a3932a92b5adb78002c7064bb132a6529079bc14900036f90d9d318d7d01818999150e2c875b88a3fca265 SHA512 9fb54be4e99ecee6c7b649d6f0ef24a25e81c0af57e07ccdd512a1ea2ebf7558dd25518b7b78347e4a216167849e6285bb91ec23d0968966aba0784d45f02a06
DIST gnupg-2.5.12.tar.bz2 8225353 BLAKE2B cab3802d08acf96772071c42949c55e78734447a29d3088b7c08636282cf38f92fcf35ce6ded5df9a18b2725a27500980d1616f5d3850df05f9543a43453d5c0 SHA512 fa0510f24b844e2ee122543421e0ee47415cb5a1599c28abe2ec22830c378b50125e70289fd227bd6ca35bb3d6a40928955f42b44b24f657733b93c64d6d27d8
DIST gnupg-2.5.12.tar.bz2.sig 266 BLAKE2B b52d3f2d3af94061c5210ede10b074d871e9782ae92974a58480e6e0cfa29e5d6622b67b24989bb757e96a0cbb8ff9df2d15b69ecc5b5c531880920f45907b9f SHA512 ff141f5dc30cd81494c8a50f86b673fe9c0fc74d344fb868f922285851929ed863b66fe52e973d0ab869391394e7fe6a0efc83b7b2383f28771a1cd6ca62be3b
DIST gnupg-2.5.13.tar.bz2 8227840 BLAKE2B d898a86d2c13a8daa4dc4ab96376610768710bfa719d4e21d77c97d41e377305aa606df20bab1ac8d9553783e67afe2c42970374f3be19128686a781fcc13f1f SHA512 76f355bae2b600935996a33597577f60e332c274ce72cfff936ef0435b0990b6c811942ad9ec58c2f0e518814b43ff1e301058ef2797b178404d2b3eb91dbaf9
DIST gnupg-2.5.13.tar.bz2.sig 119 BLAKE2B 12a9a4a6d2a1cc8f38acf64e6c6d975e813a759d4de5ca6755fdc237c54b2497a60f355a2accf75623ea765a9238bfbf3b4bf58844a3d6059880b11deac51f01 SHA512 59a9f07cbc97272b87f43c7aba323616b7bcc6b5217e5a373a75ec24bdfc70e76d137ec4be57012298447fc3e21ff834a8600a8730de0e5539c731151379fffd
DIST gnupg-2.4.9.tar.bz2 8086407 BLAKE2B 5bbd278c570d3e389ab26dd37e1adac6c1b19f9bd369ebf30d75f48d0ab901c6f5fe4e4713b763f57b9e74efab654186ebff1a968348b0b9f70c82618b4b3b62 SHA512 4638016b390a0024fa0cbe14181c43a81991e4275043855397ef099b927985d175d32452fc15b06485623b9292662dd6da464b2e5def8b77b2e4e48a072ab521
DIST gnupg-2.4.9.tar.bz2.sig 147 BLAKE2B fbf956c0659d9e2a5df9ceb6911ebea8591fd1b647d81e0f324b688271493519d7d25025d9d8d7906e706f57031429c8d8a3ba79c8ab7e300631137ebb38eedf SHA512 03328ba7de3faab1aab025784ef16cc04dd34d2cc09db2c513b7e38836b8036e04d2bb3c71aa64769b5a40a7a877373ee2d11b6e2bf8b67938216277dcd18a6f
DIST gnupg-2.5.16.tar.bz2 8304335 BLAKE2B 722c90ac88b2eeacb150dc6fa5f4d83b5577d0285871cd7d336463d25aabd1087cdca103a23b251b2067de6c3046615d9fcb552721ceef4826f4dd3e96c5525a SHA512 0a48628e9e7f8050022e5204bf9febd1f2db6ee9d55b573207884fc2ef2825d814015851141ba6851bd4466f0cc0827123e5f474003c054f3af55f4bd1440bf7
DIST gnupg-2.5.16.tar.bz2.sig 119 BLAKE2B 5ef9b298b49049cd5cdb1bcc03cd09ad96015cd34060249fccff6d3ab4a0b950a545d631c05818484c52166ae89825f6def928787051f3eed010e8300945160e SHA512 295d37ecf4c1f5fc4531cd0a0901ecbacd521a744991b086e14573e1b5198e55476367767bc708b4eec38aac32a30c03265d13c0c5bd9c79c8254e408ef58aec

30
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.2.45-fix-status-output-LISTTRUSTED.patch vendored
View File

@ -1,30 +0,0 @@
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2ca38bee7a63c0f7185ca1dbf13da1cbc4933563
From 2ca38bee7a63c0f7185ca1dbf13da1cbc4933563 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 31 Oct 2024 11:47:55 +0900
Subject: [PATCH] agent: Fix status output for LISTTRUSTED.
* agent/trustlist.c (istrusted_internal): When LISTMODE is enabled,
TRUSTLISTFPR status output should be done.
--
GnuPG-bug-id: 7363
Fixes-commit: 4fa82eec43e8d205fa336113f6ea554923fd6986
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@@ -485,8 +485,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int listmode, int *r_disabled,
in a locked state. */
if (already_locked)
;
- else if (ti->flags.relax || ti->flags.cm || ti->flags.qual
- || ti->flags.de_vs)
+ else if (listmode || ti->flags.relax || ti->flags.cm
+ || ti->flags.qual || ti->flags.de_vs)
{
unlock_trusttable ();
locked = 0;
--
2.30.2

196
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch vendored
View File

@ -1,196 +0,0 @@
https://lwn.net/Articles/953797/
https://security.stackexchange.com/questions/275883/should-one-really-disable-aead-for-recent-gnupg-created-pgp-keys
https://lists.gnupg.org/pipermail/librepgp-discuss/2023/000001.html
https://bugs.gentoo.org/926186
From 1e4f1550996334d2a631a5d769e937d29ace47bb Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 9 Feb 2023 16:38:58 +0100
Subject: [PATCH gnupg] Revert the introduction of the RFC4880bis draft into
defaults
This reverts commit 4583f4fe2 (gpg: Merge --rfc4880bis features into
--gnupg, 2022-10-31).
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -247,6 +247,7 @@ enum cmd_and_opt_values
oGnuPG,
oRFC2440,
oRFC4880,
+ oRFC4880bis,
oOpenPGP,
oPGP7,
oPGP8,
@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
ARGPARSE_s_n (oPGP7, "pgp6", "@"),
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
ARGPARSE_s_s (oNoop, "aead-algo", "@"),
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option compliance_options[] =
{
{ "gnupg", oGnuPG },
{ "openpgp", oOpenPGP },
- { "rfc4880bis", oGnuPG },
+ { "rfc4880bis", oRFC4880bis },
{ "rfc4880", oRFC4880 },
{ "rfc2440", oRFC2440 },
{ "pgp6", oPGP7 },
@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option compliance_options[] =
static void
set_compliance_option (enum cmd_and_opt_values option)
{
+ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */
+
switch (option)
{
+ case oRFC4880bis:
+ opt.flags.rfc4880bis = 1;
+ opt.compliance = CO_RFC4880;
+ opt.flags.dsa2 = 1;
+ opt.flags.require_cross_cert = 1;
+ opt.rfc2440_text = 0;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.escape_from = 1;
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
+ opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
+ break;
case oOpenPGP:
case oRFC4880:
/* This is effectively the same as RFC2440, but with
@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_values option)
case oPGP8: opt.compliance = CO_PGP8; break;
case oGnuPG:
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
break;
case oDE_VS:
@@ -2491,6 +2513,7 @@ main (int argc, char **argv)
opt.emit_version = 0;
opt.weak_digests = NULL;
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
/* Check special options given on the command line. */
orig_argc = argc;
@@ -3033,6 +3056,7 @@ main (int argc, char **argv)
case oOpenPGP:
case oRFC2440:
case oRFC4880:
+ case oRFC4880bis:
case oPGP7:
case oPGP8:
case oGnuPG:
@@ -3862,6 +3886,11 @@ main (int argc, char **argv)
if( may_coredump && !opt.quiet )
log_info(_("WARNING: program may create a core file!\n"));
+ if (!opt.flags.rfc4880bis)
+ {
+ opt.mimemode = 0; /* This will use text mode instead. */
+ }
+
if (eyes_only) {
if (opt.set_filename)
log_info(_("WARNING: %s overrides %s\n"),
@@ -4078,7 +4107,7 @@ main (int argc, char **argv)
/* Check our chosen algorithms against the list of legal
algorithms. */
- if(!GNUPG)
+ if(!GNUPG && !opt.flags.rfc4880bis)
{
const char *badalg=NULL;
preftype_t badtype=PREFTYPE_NONE;
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string,int personal)
strcat(dummy_string,"S7 ");
strcat(dummy_string,"S2 "); /* 3DES */
- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
strcat(dummy_string,"A2 ");
if (personal)
@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
/* Make sure that the MDC feature flag is set if needed. */
add_feature_mdc (sig,mdc_available);
add_feature_aead (sig, aead_available);
- add_feature_v5 (sig, 1);
+ add_feature_v5 (sig, opt.flags.rfc4880bis);
add_keyserver_modify (sig,ks_modify);
keygen_add_keyserver_url(sig,NULL);
@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
}
}
else if (!ascii_strcasecmp (s, "v5"))
- keyversion = 5;
+ {
+ if (opt.flags.rfc4880bis)
+ keyversion = 5;
+ }
else if (!ascii_strcasecmp (s, "v4"))
keyversion = 4;
else
@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
* ecdsa := Use algorithm ECDSA.
* eddsa := Use algorithm EdDSA.
* ecdh := Use algorithm ECDH.
- * v5 := Create version 5 key
+ * v5 := Create version 5 key (requires option --rfc4880bis)
*
* There are several defaults and fallbacks depending on the
* algorithm. PART can be used to select which part of STRING is
@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
}
}
- if ((keywords[i].key == pVERSION
- || keywords[i].key == pSUBVERSION))
- ; /* Ignore version. */
+ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
+ || keywords[i].key == pSUBVERSION))
+ ; /* Ignore version unless --rfc4880bis is active. */
else
{
r = xmalloc_clear( sizeof *r + strlen( value ) );
@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
para = r;
}
- r = xmalloc_clear (sizeof *r + 20);
- r->key = for_subkey? pSUBVERSION : pVERSION;
- snprintf (r->u.value, 20, "%d", version);
- r->next = para;
- para = r;
+ if (opt.flags.rfc4880bis)
+ {
+ r = xmalloc_clear (sizeof *r + 20);
+ r->key = for_subkey? pSUBVERSION : pVERSION;
+ snprintf (r->u.value, 20, "%d", version);
+ r->next = para;
+ para = r;
+ }
if (keytime)
{

181
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.45-r1.ebuild vendored
View File

@ -1,181 +0,0 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should:
# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
# (find the one for the current release then subscribe to it +
# any subsequent ones linked within so you're covered for a while.)
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
MY_P="${P/_/-}"
DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="https://gnupg.org/"
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
# Existence of executables is checked during configuration.
# Note: On each bump, update dep bounds on each version from configure.ac!
DEPEND="
>=dev-libs/libassuan-2.5.0:=
>=dev-libs/libgcrypt-1.8.0:=
>=dev-libs/libgpg-error-1.38
>=dev-libs/libksba-1.4.0
>=dev-libs/npth-1.2
virtual/zlib:=
bzip2? ( app-arch/bzip2 )
ldap? ( net-nds/openldap:= )
readline? ( sys-libs/readline:= )
smartcard? ( usb? ( virtual/libusb:1 ) )
ssl? ( >=net-libs/gnutls-3.0:= )
tofu? ( >=dev-db/sqlite-3.7 )
"
RDEPEND="
${DEPEND}
nls? ( virtual/libintl )
selinux? ( sec-policy/selinux-gpg )
wks-server? ( virtual/mta )
"
PDEPEND="
app-crypt/pinentry
"
BDEPEND="
virtual/pkgconfig
doc? ( sys-apps/texinfo )
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-gnupg )
"
DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
)
PATCHES=(
"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
"${FILESDIR}"/${PN}-2.2.45-fix-status-output-LISTTRUSTED.patch
)
src_prepare() {
default
# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
#
# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
# which in turn requires discovery in Autoconf, something that upstream deeply resents.
sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
}
my_src_configure() {
# Upstream don't support LTO, bug #854222.
filter-lto
local myconf=(
$(use_enable bzip2)
$(use_enable nls)
$(use_enable smartcard scdaemon)
$(use_enable ssl gnutls)
$(use_enable test all-tests)
$(use_enable test tests)
$(use_enable tofu)
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
$(use_enable wks-server wks-tools)
$(use_with ldap)
$(use_with readline)
# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
# As of GnuPG 2.3, the mailprog substitution is used for the binary called
# by wks-client & wks-server; and if it's autodetected but not not exist at
# build time, then then 'gpg-wks-client --send' functionality will not
# work. This has an unwanted side-effect in stage3 builds: there was a
# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
# the build where the install guide previously make the user chose the
# logger & mta early in the install.
--with-mailprog=/usr/libexec/sendmail
--disable-ntbtls
--enable-gpg
--enable-gpgsm
--enable-large-secmem
CC_FOR_BUILD="$(tc-getBUILD_CC)"
GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
if use prefix && use usb; then
# bug #649598
append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
fi
# bug #663142
if use user-socket; then
myconf+=( --enable-run-gnupg-user-socket )
fi
# glib fails and picks up clang's internal stdint.h causing weird errors
tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
econf "${myconf[@]}"
}
my_src_compile() {
default
use doc && emake -C doc html
}
my_src_test() {
export TESTFLAGS="--parallel=$(makeopts_jobs)"
default
}
my_src_install() {
emake DESTDIR="${D}" install
use tools && dobin \
tools/{gpg-zip,gpgconf,gpgsplit,gpg-check-pattern} \
tools/make-dns-cert
dosym gpg /usr/bin/gpg2
dosym gpgv /usr/bin/gpgv2
echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
use doc && dodoc doc/gnupg.html/*
}
my_src_install_all() {
einstalldocs
use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
use doc && dodoc doc/*.png
systemd_douserunit doc/examples/systemd-user/*.{service,socket}
}

217
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.8-r1.ebuild vendored
View File

@ -1,217 +0,0 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should:
# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
# (find the one for the current release then subscribe to it +
# any subsequent ones linked within so you're covered for a while.)
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
MY_P="${P/_/-}"
DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="https://gnupg.org/"
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="+alternatives bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
REQUIRED_USE="test? ( tofu )"
# Existence of executables is checked during configuration.
# Note: On each bump, update dep bounds on each version from configure.ac!
DEPEND="
>=dev-libs/libassuan-2.5.0:=
>=dev-libs/libgcrypt-1.9.1:=
>=dev-libs/libgpg-error-1.46
>=dev-libs/libksba-1.6.3
>=dev-libs/npth-1.2
virtual/zlib:=
bzip2? ( app-arch/bzip2 )
ldap? ( net-nds/openldap:= )
readline? ( sys-libs/readline:0= )
smartcard? ( usb? ( virtual/libusb:1 ) )
tofu? ( >=dev-db/sqlite-3.27 )
tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
ssl? ( >=net-libs/gnutls-3.2:0= )
"
RDEPEND="
${DEPEND}
nls? ( virtual/libintl )
selinux? ( sec-policy/selinux-gpg )
wks-server? ( virtual/mta )
"
PDEPEND="
app-crypt/pinentry
alternatives? (
app-alternatives/gpg[-freepg(-)]
)
"
BDEPEND="
virtual/pkgconfig
doc? ( sys-apps/texinfo )
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-gnupg )
"
DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
)
PATCHES=(
"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
)
src_prepare() {
default
GNUPG_SYSTEMD_UNITS=(
dirmngr.service
dirmngr.socket
gpg-agent-browser.socket
gpg-agent-extra.socket
gpg-agent.service
gpg-agent.socket
gpg-agent-ssh.socket
)
cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
#
# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
# which in turn requires discovery in Autoconf, something that upstream deeply resents.
sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-i "${T}"/gpg-agent-ssh.socket || die
}
my_src_configure() {
# Upstream don't support LTO, bug #854222.
filter-lto
local myconf=(
$(use_enable bzip2)
$(use_enable nls)
$(use_enable smartcard scdaemon)
$(use_enable ssl gnutls)
$(use_enable test all-tests)
$(use_enable test tests)
$(use_enable tofu)
$(use_enable tofu keyboxd)
$(use_enable tofu sqlite)
$(usex tpm '--with-tss=intel' '--disable-tpm2d')
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
$(use_enable wks-server wks-tools)
$(use_with ldap)
$(use_with readline)
# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
# As of GnuPG 2.3, the mailprog substitution is used for the binary called
# by wks-client & wks-server; and if it's autodetected but not not exist at
# build time, then then 'gpg-wks-client --send' functionality will not
# work. This has an unwanted side-effect in stage3 builds: there was a
# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
# the build where the install guide previously make the user chose the
# logger & mta early in the install.
--with-mailprog=/usr/libexec/sendmail
--disable-ntbtls
--enable-gpgsm
--enable-large-secmem
CC_FOR_BUILD="$(tc-getBUILD_CC)"
GPGRT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpgrt-config"
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
if use prefix && use usb; then
# bug #649598
append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
fi
if [[ ${CHOST} == *-solaris* ]] ; then
# https://dev.gnupg.org/T7368
append-cppflags -D_XOPEN_SOURCE=500
fi
# bug #663142
if use user-socket; then
myconf+=( --enable-run-gnupg-user-socket )
fi
# glib fails and picks up clang's internal stdint.h causing weird errors
tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
econf "${myconf[@]}"
}
my_src_compile() {
default
use doc && emake -C doc html
}
my_src_test() {
export TESTFLAGS="--parallel=$(makeopts_jobs)"
default
}
my_src_install() {
emake DESTDIR="${D}" install
use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
if use alternatives; then
# rename for app-alternatives/gpg
mv "${ED}"/usr/bin/gpg{,-reference} || die
mv "${ED}"/usr/bin/gpgv{,-reference} || die
else
dosym gpg /usr/bin/gpg2
dosym gpgv /usr/bin/gpgv2
fi
echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
use doc && dodoc doc/gnupg.html/*
}
my_src_install_all() {
einstalldocs
use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
use doc && dodoc doc/*.png
# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
dodoc "${FILESDIR}"/README-systemd
systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
}
pkg_postinst() {
# If /usr/bin/gpg and /usr/bin/gpgv do not exist, provide them.
if [[ ! -e ${EROOT}/usr/bin/gpg ]]; then
ln -sf -- gpg-reference "${EROOT}"/usr/bin/gpg || die
fi
if [[ ! -e ${EROOT}/usr/bin/gpgv ]]; then
ln -sf -- gpgv-reference "${EROOT}"/usr/bin/gpgv || die
fi
}

4
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.8-r2.ebuild → sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.9.ebuild vendored
View File

@ -23,7 +23,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~x64-macos ~x64-solaris"
IUSE="+alternatives bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
REQUIRED_USE="test? ( tofu )"
@ -33,7 +33,7 @@ REQUIRED_USE="test? ( tofu )"
DEPEND="
>=dev-libs/libassuan-2.5.0:=
>=dev-libs/libgcrypt-1.9.1:=
>=dev-libs/libgpg-error-1.46
>=dev-libs/libgpg-error-1.48
>=dev-libs/libksba-1.6.3
>=dev-libs/npth-1.2
virtual/zlib:=

200
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.5.12-r1.ebuild vendored
View File

@ -1,200 +0,0 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should:
# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
# (find the one for the current release then subscribe to it +
# any subsequent ones linked within so you're covered for a while.)
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
MY_P="${P/_/-}"
DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="https://gnupg.org/"
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
REQUIRED_USE="test? ( tofu )"
# Existence of executables is checked during configuration.
# Note: On each bump, update dep bounds on each version from configure.ac!
DEPEND="
>=dev-libs/libassuan-3.0.0:=
>=dev-libs/libgcrypt-1.11.0:=
>=dev-libs/libgpg-error-1.51
>=dev-libs/libksba-1.6.3
>=dev-libs/npth-1.2
virtual/zlib:=
bzip2? ( app-arch/bzip2 )
ldap? ( net-nds/openldap:= )
readline? ( sys-libs/readline:0= )
smartcard? ( usb? ( virtual/libusb:1 ) )
tofu? ( >=dev-db/sqlite-3.27 )
tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
ssl? ( >=net-libs/gnutls-3.2:0= )
"
RDEPEND="
${DEPEND}
nls? ( virtual/libintl )
selinux? ( sec-policy/selinux-gpg )
wks-server? ( virtual/mta )
"
PDEPEND="
app-crypt/pinentry
"
BDEPEND="
virtual/pkgconfig
doc? ( sys-apps/texinfo )
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-gnupg )
"
DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
)
PATCHES=(
"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
)
src_prepare() {
default
GNUPG_SYSTEMD_UNITS=(
dirmngr.service
dirmngr.socket
gpg-agent-browser.socket
gpg-agent-extra.socket
gpg-agent.service
gpg-agent.socket
gpg-agent-ssh.socket
)
cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
#
# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
# which in turn requires discovery in Autoconf, something that upstream deeply resents.
sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-i "${T}"/gpg-agent-ssh.socket || die
# Since 2.5.3, --supervised is called --deprecated-supervised. See
# https://dev.gnupg.org/rGa019a0fcd8dfb9d1eae5bc991fdd54b7cf55641e
sed -i "s/--supervised/--deprecated-supervised/g" "${T}"/*.service || die
}
my_src_configure() {
# Upstream don't support LTO, bug #854222.
filter-lto
local myconf=(
$(use_enable bzip2)
$(use_enable nls)
$(use_enable smartcard scdaemon)
$(use_enable ssl gnutls)
$(use_enable test all-tests)
$(use_enable test tests)
$(use_enable tofu)
$(use_enable tofu keyboxd)
$(use_enable tofu sqlite)
$(usex tpm '--with-tss=intel' '--disable-tpm2d')
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
$(use_enable wks-server wks-tools)
$(use_with ldap)
$(use_with readline)
# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
# As of GnuPG 2.3, the mailprog substitution is used for the binary called
# by wks-client & wks-server; and if it's autodetected but not not exist at
# build time, then then 'gpg-wks-client --send' functionality will not
# work. This has an unwanted side-effect in stage3 builds: there was a
# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
# the build where the install guide previously make the user chose the
# logger & mta early in the install.
--with-mailprog=/usr/libexec/sendmail
--disable-ntbtls
--enable-gpgsm
--enable-large-secmem
CC_FOR_BUILD="$(tc-getBUILD_CC)"
GPGRT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpgrt-config"
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
if use prefix && use usb; then
# bug #649598
append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
fi
if [[ ${CHOST} == *-solaris* ]] ; then
# https://dev.gnupg.org/T7368
export ac_cv_should_define__xopen_source=yes
fi
# bug #663142
if use user-socket; then
myconf+=( --enable-run-gnupg-user-socket )
fi
# glib fails and picks up clang's internal stdint.h causing weird errors
tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
econf "${myconf[@]}"
}
my_src_compile() {
default
use doc && emake -C doc html
}
my_src_test() {
export TESTFLAGS="--parallel=$(makeopts_jobs)"
default
}
my_src_install() {
emake DESTDIR="${D}" install
use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
dosym gpg /usr/bin/gpg2
dosym gpgv /usr/bin/gpgv2
echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
use doc && dodoc doc/gnupg.html/*
}
my_src_install_all() {
einstalldocs
use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
use doc && dodoc doc/*.png
# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
dodoc "${FILESDIR}"/README-systemd
systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
}

13
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.5.13-r2.ebuild → sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.5.16-r1.ebuild vendored
View File

@ -23,7 +23,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~x64-macos ~x64-solaris"
IUSE="+alternatives bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
REQUIRED_USE="test? ( tofu )"
@ -31,7 +31,7 @@ REQUIRED_USE="test? ( tofu )"
# Existence of executables is checked during configuration.
# Note: On each bump, update dep bounds on each version from configure.ac!
DEPEND="
>=dev-libs/libassuan-3.0.0:=
>=dev-libs/libassuan-3.0.0-r1:=
>=dev-libs/libgcrypt-1.11.0:=
>=dev-libs/libgpg-error-1.56
>=dev-libs/libksba-1.6.3
@ -148,8 +148,10 @@ my_src_configure() {
fi
if [[ ${CHOST} == *-solaris* ]] ; then
# https://dev.gnupg.org/T7368
export ac_cv_should_define__xopen_source=yes
# these somehow are treated as fatal, but Solaris has different
# types for getpeername with socket_t
append-flags -Wno-incompatible-pointer-types
append-flags -Wno-unused-label
fi
# bug #663142
@ -193,9 +195,6 @@ my_src_install() {
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
fi
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
use doc && dodoc doc/gnupg.html/*
}

17
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.5.13-r1.ebuild → sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.5.16.ebuild vendored
View File

@ -23,7 +23,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~x64-macos ~x64-solaris"
IUSE="+alternatives bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
RESTRICT="!test? ( test )"
REQUIRED_USE="test? ( tofu )"
@ -31,7 +31,7 @@ REQUIRED_USE="test? ( tofu )"
# Existence of executables is checked during configuration.
# Note: On each bump, update dep bounds on each version from configure.ac!
DEPEND="
>=dev-libs/libassuan-3.0.0:=
>=dev-libs/libassuan-3.0.0-r1:=
>=dev-libs/libgcrypt-1.11.0:=
>=dev-libs/libgpg-error-1.56
>=dev-libs/libksba-1.6.3
@ -148,8 +148,10 @@ my_src_configure() {
fi
if [[ ${CHOST} == *-solaris* ]] ; then
# https://dev.gnupg.org/T7368
export ac_cv_should_define__xopen_source=yes
# these somehow are treated as fatal, but Solaris has different
# types for getpeername with socket_t
append-flags -Wno-incompatible-pointer-types
append-flags -Wno-unused-label
fi
# bug #663142
@ -184,14 +186,15 @@ my_src_install() {
# rename for app-alternatives/gpg
mv "${ED}"/usr/bin/gpg{,-reference} || die
mv "${ED}"/usr/bin/gpgv{,-reference} || die
mv "${ED}"/usr/share/man/man1/gpg{,-reference}.1 || die
mv "${ED}"/usr/share/man/man1/gpgv{,-reference}.1 || die
else
dosym gpg /usr/bin/gpg2
dosym gpgv /usr/bin/gpgv2
echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
fi
echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die