mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-23 07:21:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "app-crypt/gnupg: move from portage-stable and fix arm64 cross build."

Browse Source
This commit is contained in:
Alex Crawford 2016-09-30 16:17:23 -04:00 committed by GitHub
parent 32e99a8985
commit d358d69032
9 changed files with 1 additions and 413 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/Manifest vendored
View File

@ -1 +0,0 @@
DIST gnupg-2.0.26.tar.bz2 4303384 SHA256 7758e30dc382ae7a7167ed41b7f936aa50af5ea2d6fccdef663b5b750b65b8e0 SHA512 5dd23baaac764fd48abd235ed52a85a2c7fd68b98fcde45c0f294ddb3b5629e8b1bd894585fbed4e6a6cb2bc4a5552c098c3cf1a849fffa469424fd0a4fee726 WHIRLPOOL 8d9b30337957f6bfeddea29116d862ef0c0ddd06d59bc2799db236b91b2c6767aad6f37f2166fc431c5d9454eb41f49f3e261bc38d0e89361f0c467f4591cd5a

34
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch vendored
View File

@ -1,34 +0,0 @@
From c34486a64c223bcbfbb57d9abcf107d684b815b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
Date: Sun, 17 Apr 2011 01:34:39 +0200
Subject: [PATCH] gpgsm-gencert.sh: make sure not to abort after creating temp
file.
https://bugs.g10code.com/gnupg/issue1466
---
tools/gpgsm-gencert.sh | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh
index b209c8e..e7c812f 100755
--- a/tools/gpgsm-gencert.sh
+++ b/tools/gpgsm-gencert.sh
@@ -178,10 +178,10 @@ Key-Length: $KEY_LENGTH
Key-Usage: $KEY_USAGE
Name-DN: $NAME
EOF
-[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP"
-[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES"
-[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES"
-[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES"
+[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP" || true
+[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES" || true
+[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES" || true
+[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES" || true
) > "$file_parameter"
--
1.7.5.rc1

35
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Need-to-init-the-trustdb-for-import.patch vendored
View File

@ -1,35 +0,0 @@
From a2dcc5cc49c3e79d64bd1a2ad7a5bc4df5b073ee Mon Sep 17 00:00:00 2001
From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
Date: Wed, 13 Aug 2014 11:13:34 +0200
Subject: [PATCH] gpg: Need to init the trustdb for import.
* g10/trustdb.c (clear_ownertrusts): Init trustdb.
--
This was fixed in 1.4 branch in commit
23191d7851eae2217ecdac6484349849a24fd94a but was not applied to the
2.0 branch that exhibits the same problem. This is actually a hack
to fix a bug introduced with commit 2528178.
GnuPG-bug-id: 1622
---
g10/trustdb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/g10/trustdb.c b/g10/trustdb.c
index f96701a..7bfef25 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -923,6 +923,8 @@ clear_ownertrusts (PKT_public_key *pk)
TRUSTREC rec;
int rc;
+ init_trustdb();
+
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return 0;
--
1.8.5.5

20
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Pth-config-for-cross-build.patch vendored
View File

@ -1,20 +0,0 @@
--- a/m4/gnupg-pth.m4
+++ b/m4/gnupg-pth.m4
@@ -80,14 +80,15 @@
# PTH_CLFAGS and PTH_LIBS are AS_SUBST.
#
AC_DEFUN([GNUPG_PATH_PTH],
-[ AC_ARG_WITH(pth-prefix,
+[ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_ARG_WITH(pth-prefix,
AC_HELP_STRING([--with-pth-prefix=PFX],
[prefix where GNU Pth is installed]),
pth_config_prefix="$withval", pth_config_prefix="")
if test x$pth_config_prefix != x ; then
PTH_CONFIG="$pth_config_prefix/bin/pth-config"
fi
- AC_PATH_PROG(PTH_CONFIG, pth-config, no)
+ AC_PATH_TOOL(PTH_CONFIG, pth-config, no)
tmp=ifelse([$1], ,1.3.7,$1)
if test "$PTH_CONFIG" != "no"; then
GNUPG_PTH_VERSION_CHECK($tmp)

118
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch vendored
View File

@ -1,118 +0,0 @@
From ed8383c618e124cfa708c9ee87563fcdf2f4649c Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 19 Dec 2014 18:53:34 -0500
Subject: [PATCH] sm: Avoid double-free on iconv failure
* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
double-free of pwbuf.
--
Observed by Joshua Rogers <honey@internot.info>, who proposed a
slightly different fix.
Debian-Bug-Id: 773472
Added fix at a second place - wk.
---
sm/minip12.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/agent/minip12.c b/agent/minip12.c
index 01b91b7..ca4d248 100644
--- a/agent/minip12.c
+++ b/agent/minip12.c
@@ -2422,6 +2422,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
" requested charset '%s': %s\n",
charset, strerror (errno));
gcry_free (pwbuf);
+ pwbuf = NULL;
goto failure;
}
@@ -2436,6 +2437,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
" requested charset '%s': %s\n",
charset, strerror (errno));
gcry_free (pwbuf);
+ pwbuf = NULL;
jnlib_iconv_close (cd);
goto failure;
}
--
1.7.10.4
From b0b3803e8c2959dd67ca96debc54b5c6464f0d41 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 19 Dec 2014 18:07:55 -0500
Subject: [PATCH] scd: Avoid double-free on error condition in scd
* scd/command.c (cmd_readkey): avoid double-free of cert
--
When ksba_cert_new() fails, cert will be double-freed.
Debian-Bug-Id: 773471
Original patch changed by wk to do the free only at leave.
---
scd/command.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/scd/command.c b/scd/command.c
index dd4191f..1cc580a 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -804,10 +804,8 @@ cmd_readkey (assuan_context_t ctx, char *line)
rc = ksba_cert_new (&kc);
if (rc)
- {
- xfree (cert);
- goto leave;
- }
+ goto leave;
+
rc = ksba_cert_init_from_mem (kc, cert, ncert);
if (rc)
{
--
1.7.10.4
From abd5f6752d693b7f313c19604f0723ecec4d39a6 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 22 Dec 2014 12:16:46 +0100
Subject: [PATCH] dirmngr,gpgsm: Return NULL on fail
* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
* sm/gpgsm.c (parse_keyserver_line): Ditto.
--
Reported-by: Joshua Rogers <git@internot.info>
"If something inside the ldapserver_parse_one function failed,
'server' would be freed, then returned, leading to a
use-after-free. This code is likely copied from sm/gpgsm.c, which
was also susceptible to this bug."
Signed-off-by: Werner Koch <wk@gnupg.org>
---
dirmngr/ldapserver.c | 1 +
sm/gpgsm.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 3398d17..72bceb4 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -862,6 +862,7 @@ parse_keyserver_line (char *line,
{
log_info (_("%s:%u: skipping this line\n"), filename, lineno);
keyserver_list_free (server);
+ server = NULL;
}
return server;
--
1.7.10.4

167
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/gnupg-2.0.26-r4.ebuild vendored
View File

@ -1,167 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.26-r3.ebuild,v 1.12 2015/03/30 03:06:10 tgall Exp $
EAPI="5"
inherit eutils flag-o-matic toolchain-funcs autotools
DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
HOMEPAGE="http://www.gnupg.org/"
SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="bzip2 doc ldap nls mta readline static selinux smartcard tools usb"
COMMON_DEPEND_LIBS="
>=dev-libs/libassuan-2
>=dev-libs/libgcrypt-1.4:0=
>=dev-libs/libgpg-error-1.11
>=dev-libs/libksba-1.0.7
>=dev-libs/pth-1.3.7
>=net-misc/curl-7.10
sys-libs/zlib
bzip2? ( app-arch/bzip2 )
readline? ( sys-libs/readline )
smartcard? ( usb? ( virtual/libusb:0 ) )
ldap? ( net-nds/openldap )"
COMMON_DEPEND_BINS="app-crypt/pinentry"
# Existence of executables is checked during configuration.
DEPEND="${COMMON_DEPEND_LIBS}
${COMMON_DEPEND_BINS}
static? (
>=dev-libs/libassuan-2[static-libs]
>=dev-libs/libgcrypt-1.4:0=[static-libs]
>=dev-libs/libgpg-error-1.11[static-libs]
>=dev-libs/libksba-1.0.7[static-libs]
>=dev-libs/pth-1.3.7[static-libs]
>=net-misc/curl-7.10[static-libs]
sys-libs/zlib[static-libs]
bzip2? ( app-arch/bzip2[static-libs] )
)
nls? ( sys-devel/gettext )
doc? ( sys-apps/texinfo )"
RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
${COMMON_DEPEND_BINS}
mta? ( virtual/mta )
!<=app-crypt/gnupg-2.0.1
selinux? ( sec-policy/selinux-gpg )
nls? ( virtual/libintl )"
REQUIRED_USE="smartcard? ( !static )"
src_prepare() {
epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch"
epatch "${FILESDIR}/${P}-Need-to-init-the-trustdb-for-import.patch"
epatch "${FILESDIR}/${P}-misc-cve.patch"
epatch "${FILESDIR}/${P}-Pth-config-for-cross-build.patch"
epatch_user
eautoreconf
}
src_configure() {
local myconf=()
# 'USE=static' support was requested:
# gnupg1: bug #29299
# gnupg2: bug #159623
use static && append-ldflags -static
if use smartcard; then
myconf+=(
--enable-scdaemon
$(use_enable usb ccid-driver)
)
else
myconf+=( --disable-scdaemon )
fi
if use elibc_SunOS || use elibc_AIX; then
myconf+=( --disable-symcryptrun )
else
myconf+=( --enable-symcryptrun )
fi
econf \
--docdir="${EPREFIX}/usr/share/doc/${PF}" \
--enable-gpg \
--enable-gpgsm \
--enable-agent \
--without-adns \
"${myconf[@]}" \
$(use_enable bzip2) \
$(use_enable nls) \
$(use_enable mta mailto) \
$(use_enable ldap) \
$(use_with readline) \
CC_FOR_BUILD="$(tc-getBUILD_CC)"
}
src_compile() {
default
if use doc; then
cd doc
emake html
fi
}
src_install() {
default
use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
rm "${ED}"/usr/share/gnupg/help* || die
dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
dosym gpg2 /usr/bin/gpg
dosym gpgv2 /usr/bin/gpgv
dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp
dosym gpg2keys_finger /usr/libexec/gpgkeys_finger
dosym gpg2keys_curl /usr/libexec/gpgkeys_curl
if use ldap; then
dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap
fi
echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
if use doc; then
dohtml doc/gnupg.html/* doc/*.png
fi
}
pkg_postinst() {
elog "If you wish to view images emerge:"
elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
elog "Remember to use photo-viewer option in configuration file to activate"
elog "the right viewer."
elog
if use smartcard; then
elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
use usb && elog " - a CCID-compatible reader, used directly through libusb;"
elog " - sys-apps/pcsc-lite and a compatible reader device;"
elog " - dev-libs/openct and a compatible reader device;"
elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
elog ""
elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
elog "app-crypt/ccid first."
fi
ewarn "Please remember to restart gpg-agent if a different version"
ewarn "of the agent is currently used. If you are unsure of the gpg"
ewarn "agent you are using please run 'killall gpg-agent',"
ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
}

36
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/metadata.xml vendored
View File

@ -1,36 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>crypto@gentoo.org</email>
<name>Crypto</name>
</maintainer>
<longdescription>
GnuPG is a complete and free implementation of the OpenPGP standard as
defined by RFC4880.
</longdescription>
<use>
<flag name="smartcard">
Build scdaemon software. Enables usage of OpenPGP cards. For
other type of smartcards, try
<pkg>app-crypt/gnupg-pkcs11-scd</pkg>.
Bring in <pkg>dev-libs/libusb</pkg> as a dependency; enable
scdaemon.
</flag>
<flag name="usb">
Build direct CCID access for scdaemon; requires
<pkg>dev-libs/libusb</pkg>.
</flag>
<flag name="mta">
Build mta support using
<pkg>virtual/mta</pkg>.
</flag>
<flag name="tofu">
Enable support for Trust of First use trust model; requires
<pkg>dev-db/sqlite</pkg>.
</flag>
<flag name="tools">
Install extra tools.
</flag>
</use>
</pkgmetadata>

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords vendored
View File

@ -41,5 +41,3 @@
=sys-fs/quota-4.02 **
=sys-fs/xfsprogs-3.2.2-r1 **
=sys-process/lsof-4.89 ~arm64
=apps-crypt/gnupg-2.0.26-r4 ~arm64
=dev-libs/libksba-1.3.3 ~arm64

1
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.provided vendored
View File

@ -6,6 +6,7 @@ dev-lang/perl-5.12.4-r1
dev-libs/gobject-introspection-1.40.0-r1
sys-apps/kexec-tools-2.0.4-r1
dev-util/boost-build-1.55.0
app-crypt/gnupg-2.0.26-r3
# build errors
net-dns/bind-tools-9.10.1_p1