@ -0,0 +1,56 @@ | |||
From 114ab3037de3b0f9b35cf023b64c8a9b76070065 Mon Sep 17 00:00:00 2001 | |||
From: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org> | |||
Date: Tue, 14 Apr 2015 10:02:31 -0400 | |||
Subject: [PATCH 6/7] avoid beta warning | |||
avoid self-describing as a beta | |||
Using autoreconf against the source as distributed in tarball form | |||
invariably results in a package that thinks it's a "beta" package, | |||
which produces the "THIS IS A DEVELOPMENT VERSION" warning string. | |||
since we use dh_autoreconf, i need this patch to avoid producing | |||
builds that announce themselves as DEVELOPMENT VERSIONs. | |||
See discussion at: | |||
http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html | |||
--- | |||
autogen.sh | 6 +++--- | |||
1 file changed, 3 insertions(+), 3 deletions(-) | |||
diff --git a/autogen.sh b/autogen.sh | |||
index b23855061..9b86d3ff9 100755 | |||
--- a/autogen.sh | |||
+++ b/autogen.sh | |||
@@ -229,24 +229,24 @@ if [ "$myhost" = "find-version" ]; then | |||
esac | |||
beta=no | |||
- if [ -e .git ]; then | |||
+ if false; then | |||
ingit=yes | |||
tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null) | |||
tmp=$(echo "$tmp" | sed s/^"$package"//) | |||
if [ -n "$tmp" ]; then | |||
tmp=$(echo "$tmp" | sed s/^"$package"// \ | |||
| awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}') | |||
else | |||
tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \ | |||
| awk -F- '$4!=0{print"-beta"$4}') | |||
fi | |||
[ -n "$tmp" ] && beta=yes | |||
rev=$(git rev-parse --short HEAD | tr -d '\n\r') | |||
rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null))) | |||
else | |||
ingit=no | |||
- beta=yes | |||
- tmp="-unknown" | |||
+ beta=no | |||
+ tmp="" | |||
rev="0000000" | |||
rvd="0" | |||
fi | |||
-- | |||
2.27.0 | |||
@ -0,0 +1,43 @@ | |||
From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001 | |||
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> | |||
Date: Mon, 29 Aug 2016 12:34:42 -0400 | |||
Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file) | |||
upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am | |||
tries to rewrite doc/defsincdate if it notices that any of the files | |||
have been modified more recently, and it does so assuming that we're | |||
running from a git repo. | |||
However, we'd rather ship the documents cleanly without regenerating | |||
defsincdate -- we don't have a git repo available (debian builds from | |||
upstream tarballs) and any changes to the texinfo files (e.g. from | |||
debian/patches/) might result in different dates on the files than we | |||
expect after they're applied by dpkg or quilt or whatever, which makes | |||
the datestamp unreproducible. | |||
--- | |||
doc/Makefile.am | 7 ------- | |||
1 file changed, 7 deletions(-) | |||
diff --git a/doc/Makefile.am b/doc/Makefile.am | |||
index d47d83ede..c0a81b0b9 100644 | |||
--- a/doc/Makefile.am | |||
+++ b/doc/Makefile.am | |||
@@ -177,15 +177,6 @@ | |||
dist-hook: defsincdate | |||
-defsincdate: $(gnupg_TEXINFOS) | |||
- : >defsincdate ; \ | |||
- if test -e $(top_srcdir)/.git; then \ | |||
- (cd $(srcdir) && git log -1 --format='%ct' \ | |||
- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \ | |||
- elif test x"$SOURCE_DATE_EPOCH" != x; then \ | |||
- echo "$SOURCE_DATE_EPOCH" >>defsincdate ; \ | |||
- fi | |||
- | |||
defs.inc : defsincdate Makefile mkdefsinc | |||
incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ | |||
./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \ | |||
-- | |||
2.27.0 | |||
@ -0,0 +1,54 @@ | |||
From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001 | |||
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> | |||
Date: Mon, 15 Jul 2019 16:24:35 -0400 | |||
Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import | |||
options | |||
* g10/gpg.c (main): drop IMPORT_CLEAN from the | |||
default opt.keyserver_options.import_options | |||
* doc/gpg.texi: reflect this change in the documentation | |||
Given that SELF_SIGS_ONLY is already set, it's not clear what | |||
additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN | |||
means that receiving an OpenPGP certificate from a keyserver will | |||
potentially delete data that is otherwise held in the local keyring, | |||
which is surprising to users who expect retrieval from the keyservers | |||
to be purely additive. | |||
GnuPG-Bug-Id: 4628 | |||
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> | |||
--- | |||
doc/gpg.texi | 2 +- | |||
g10/gpg.c | 3 +-- | |||
2 files changed, 2 insertions(+), 3 deletions(-) | |||
diff --git a/doc/gpg.texi b/doc/gpg.texi | |||
index 4870441d4..551459a74 100644 | |||
--- a/doc/gpg.texi | |||
+++ b/doc/gpg.texi | |||
@@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are: | |||
@end table | |||
-The default list of options is: "self-sigs-only, import-clean, | |||
+The default list of options is: "self-sigs-only, | |||
repair-keys, repair-pks-subkey-bug, export-attributes, | |||
honor-pka-record". | |||
diff --git a/g10/gpg.c b/g10/gpg.c | |||
index 68cc22041..fa2bcfa5e 100644 | |||
--- a/g10/gpg.c | |||
+++ b/g10/gpg.c | |||
@@ -2397,8 +2397,7 @@ main (int argc, char **argv) | |||
opt.export_options = EXPORT_ATTRIBUTES; | |||
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS | |||
| IMPORT_REPAIR_PKS_SUBKEY_BUG | |||
- | IMPORT_SELF_SIGS_ONLY | |||
- | IMPORT_CLEAN); | |||
+ | IMPORT_SELF_SIGS_ONLY); | |||
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; | |||
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; | |||
opt.verify_options = (LIST_SHOW_UID_VALIDITY | |||
-- | |||
2.27.0 | |||
@ -1,56 +0,0 @@ | |||
From: Werner Koch <wk@gnupg.org> | |||
Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200) | |||
Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. | |||
X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93 | |||
gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. | |||
* g10/gpg.c (main): Change default. | |||
-- | |||
Due to the DoS attack on the keyeservers we do not anymore default to | |||
import key signatures. That makes the keyserver unsuable for getting | |||
keys for the WoT but it still allows to retriev keys - even if that | |||
takes long to download the large keyblocks. | |||
To revert to the old behavior add | |||
keyserver-optiions no-self-sigs-only,no-import-clean | |||
to gpg.conf. | |||
GnuPG-bug-id: 4607 | |||
Signed-off-by: Werner Koch <wk@gnupg.org> | |||
--- | |||
diff --git a/doc/gpg.texi b/doc/gpg.texi | |||
index 8feab8218..9513a4e0f 100644 | |||
--- a/doc/gpg.texi | |||
+++ b/doc/gpg.texi | |||
@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are: | |||
@end table | |||
+The default list of options is: "self-sigs-only, import-clean, | |||
+repair-keys, repair-pks-subkey-bug, export-attributes, | |||
+honor-pka-record". | |||
+ | |||
+ | |||
@item --completes-needed @var{n} | |||
@opindex compliant-needed | |||
Number of completely trusted users to introduce a new | |||
diff --git a/g10/gpg.c b/g10/gpg.c | |||
index 66e47dde5..0bbe72394 100644 | |||
--- a/g10/gpg.c | |||
+++ b/g10/gpg.c | |||
@@ -2424,7 +2424,9 @@ main (int argc, char **argv) | |||
opt.import_options = IMPORT_REPAIR_KEYS; | |||
opt.export_options = EXPORT_ATTRIBUTES; | |||
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS | |||
- | IMPORT_REPAIR_PKS_SUBKEY_BUG); | |||
+ | IMPORT_REPAIR_PKS_SUBKEY_BUG | |||
+ | IMPORT_SELF_SIGS_ONLY | |||
+ | IMPORT_CLEAN); | |||
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; | |||
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; | |||
opt.verify_options = (LIST_SHOW_UID_VALIDITY |