Bump version and sync with ABS

7 months ago · 3c189d6b48
--- a/.SRCINFO
+++ b/.SRCINFO
@ -1,6 +1,6 @@
 pkgbase = gnupg-scdaemon-shared-access
 	pkgdesc = This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access
 	pkgver = 2.2.20
 	pkgver = 2.2.21
 	pkgrel = 1
 	url = https://www.gnupg.org/
 	install = install
@ -25,22 +25,26 @@ pkgbase = gnupg-scdaemon-shared-access
 	optdepends = pcsclite: scdaemon
 	provides = gnupg
 	provides = dirmngr
 	provides = gnupg=2.2.20
 	provides = gnupg2=2.2.20
 	provides = gnupg=2.2.21
 	provides = gnupg2=2.2.21
 	conflicts = gnupg
 	conflicts = dirmngr
 	conflicts = gnupg2
 	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2
 	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2.sig
 	source = self-sigs-only.patch
 	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.21.tar.bz2
 	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.21.tar.bz2.sig
 	source = drop-import-clean.patch
 	source = avoid-beta-warning.patch
 	source = do-not-rebuild-defsincdate.patch
 	source = scdaemon_shared-access.patch
 	validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
 	validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959
 	validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06
 	validpgpkeys = D238EA65D64C67ED4C3073F28A861B1C7EFD60D9
 	sha256sums = 04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30
 	sha256sums = 61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec
 	sha256sums = SKIP
 	sha256sums = 0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218
 	sha256sums = 02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc
 	sha256sums = 22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d
 	sha256sums = bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee
 	sha256sums = aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc

 pkgname = gnupg-scdaemon-shared-access
--- a/+ 17
+++ b/+ 17
@ -6,7 +6,7 @@

 _pkgname=gnupg
 pkgname=gnupg-scdaemon-shared-access
 pkgver=2.2.20
 pkgver=2.2.21
 pkgrel=1
 pkgdesc='This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access'
 url='https://www.gnupg.org/'
@ -24,11 +24,15 @@ validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
              '031EC2536E580D8EA286A9F22071B08A33BD3F06'
              'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9')
 source=("https://gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig}
        "self-sigs-only.patch"
        'drop-import-clean.patch'
        'avoid-beta-warning.patch'
        'do-not-rebuild-defsincdate.patch'
        "scdaemon_shared-access.patch")
 sha256sums=('04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30'
 sha256sums=('61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec'
            'SKIP'
            '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218'
            '02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc'
            '22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d'
            'bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee'
            'aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc')

 install=install
@ -38,9 +42,15 @@ provides=('gnupg' 'dirmngr' "gnupg=${pkgver}" "gnupg2=${pkgver}")

 prepare() {
 	cd "${srcdir}/${_pkgname}-${pkgver}"
 	sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in
 	patch -R -p1 -i ../self-sigs-only.patch
 	patch -p1 -t -N < "${srcdir}/scdaemon_shared-access.patch"
 	patch -p1 -i ../scdaemon_shared-access.patch
 	patch -p1 -i ../avoid-beta-warning.patch
 	patch -p1 -i ../drop-import-clean.patch

 	# improve reproducibility
 	patch -p1 -i ../do-not-rebuild-defsincdate.patch
 	rm doc/gnupg.info*

 	./autogen.sh
 }

 build() {
--- a/avoid-beta-warning.patch
+++ b/avoid-beta-warning.patch
@ -0,0 +1,56 @@
 From 114ab3037de3b0f9b35cf023b64c8a9b76070065 Mon Sep 17 00:00:00 2001
 From: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
 Date: Tue, 14 Apr 2015 10:02:31 -0400
 Subject: [PATCH 6/7] avoid beta warning

 avoid self-describing as a beta

 Using autoreconf against the source as distributed in tarball form
 invariably results in a package that thinks it's a "beta" package,
 which produces the "THIS IS A DEVELOPMENT VERSION" warning string.

 since we use dh_autoreconf, i need this patch to avoid producing
 builds that announce themselves as DEVELOPMENT VERSIONs.

 See discussion at:

 http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
 ---
 autogen.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

 diff --git a/autogen.sh b/autogen.sh
 index b23855061..9b86d3ff9 100755
 --- a/autogen.sh
 +++ b/autogen.sh
@@ -229,24 +229,24 @@ if [ "$myhost" = "find-version" ]; then
     esac
 
     beta=no
 -    if [ -e .git ]; then
 +    if false; then
       ingit=yes
       tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
       tmp=$(echo "$tmp" | sed s/^"$package"//)
       if [ -n "$tmp" ]; then
           tmp=$(echo "$tmp" | sed s/^"$package"//  \
                 | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
       else
           tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
                 | awk -F- '$4!=0{print"-beta"$4}')
       fi
       [ -n "$tmp" ] && beta=yes
       rev=$(git rev-parse --short HEAD | tr -d '\n\r')
       rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
     else
       ingit=no
 -      beta=yes
 -      tmp="-unknown"
 +      beta=no
 +      tmp=""
       rev="0000000"
       rvd="0"
     fi
 -- 
 2.27.0

--- a/do-not-rebuild-defsincdate.patch
+++ b/do-not-rebuild-defsincdate.patch
@ -0,0 +1,43 @@
 From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001
 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Date: Mon, 29 Aug 2016 12:34:42 -0400
 Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file)

 upstream ships doc/defsincdate in its tarballs.  but doc/Makefile.am
 tries to rewrite doc/defsincdate if it notices that any of the files
 have been modified more recently, and it does so assuming that we're
 running from a git repo.

 However, we'd rather ship the documents cleanly without regenerating
 defsincdate -- we don't have a git repo available (debian builds from
 upstream tarballs) and any changes to the texinfo files (e.g. from
 debian/patches/) might result in different dates on the files than we
 expect after they're applied by dpkg or quilt or whatever, which makes
 the datestamp unreproducible.
 ---
 doc/Makefile.am | 7 -------
 1 file changed, 7 deletions(-)

 diff --git a/doc/Makefile.am b/doc/Makefile.am
 index d47d83ede..c0a81b0b9 100644
 --- a/doc/Makefile.am
 +++ b/doc/Makefile.am
@@ -177,15 +177,6 @@
 
 dist-hook: defsincdate
 
 -defsincdate: $(gnupg_TEXINFOS)
 -	: >defsincdate ; \
 -	if test -e $(top_srcdir)/.git; then \
 -	  (cd $(srcdir) && git log -1 --format='%ct' \
 -               -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \
 -        elif test x"$SOURCE_DATE_EPOCH" != x; then   \
 -	   echo "$SOURCE_DATE_EPOCH" >>defsincdate ; \
 -	fi
 -
 defs.inc : defsincdate Makefile mkdefsinc
 	incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
 	./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \
 -- 
 2.27.0

--- a/drop-import-clean.patch
+++ b/drop-import-clean.patch
@ -0,0 +1,54 @@
 From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001
 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Date: Mon, 15 Jul 2019 16:24:35 -0400
 Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import
 options

 * g10/gpg.c (main): drop IMPORT_CLEAN from the
 default opt.keyserver_options.import_options
 * doc/gpg.texi: reflect this change in the documentation

 Given that SELF_SIGS_ONLY is already set, it's not clear what
 additional benefit IMPORT_CLEAN provides.  Furthermore, IMPORT_CLEAN
 means that receiving an OpenPGP certificate from a keyserver will
 potentially delete data that is otherwise held in the local keyring,
 which is surprising to users who expect retrieval from the keyservers
 to be purely additive.

 GnuPG-Bug-Id: 4628
 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 ---
 doc/gpg.texi | 2 +-
 g10/gpg.c    | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

 diff --git a/doc/gpg.texi b/doc/gpg.texi
 index 4870441d4..551459a74 100644
 --- a/doc/gpg.texi
 +++ b/doc/gpg.texi
@@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are:
 
 @end table
 
 -The default list of options is: "self-sigs-only, import-clean,
 +The default list of options is: "self-sigs-only,
 repair-keys, repair-pks-subkey-bug, export-attributes,
 honor-pka-record".
 
 diff --git a/g10/gpg.c b/g10/gpg.c
 index 68cc22041..fa2bcfa5e 100644
 --- a/g10/gpg.c
 +++ b/g10/gpg.c
@@ -2397,8 +2397,7 @@ main (int argc, char **argv)
     opt.export_options = EXPORT_ATTRIBUTES;
     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
 -                                            | IMPORT_SELF_SIGS_ONLY
 -                                            | IMPORT_CLEAN);
 +                                            | IMPORT_SELF_SIGS_ONLY);
     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
     opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
     opt.verify_options = (LIST_SHOW_UID_VALIDITY
 -- 
 2.27.0

--- a/self-sigs-only.patch
+++ b/self-sigs-only.patch
@ -1,56 +0,0 @@
 From: Werner Koch <wk@gnupg.org>
 Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200)
 Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
 X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93

 gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.

 * g10/gpg.c (main): Change default.
 --

 Due to the DoS attack on the keyeservers we do not anymore default to
 import key signatures.  That makes the keyserver unsuable for getting
 keys for the WoT but it still allows to retriev keys - even if that
 takes long to download the large keyblocks.

 To revert to the old behavior add

  keyserver-optiions  no-self-sigs-only,no-import-clean

 to gpg.conf.

 GnuPG-bug-id: 4607
 Signed-off-by: Werner Koch <wk@gnupg.org>
 ---

 diff --git a/doc/gpg.texi b/doc/gpg.texi
 index 8feab8218..9513a4e0f 100644
 --- a/doc/gpg.texi
 +++ b/doc/gpg.texi
@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are:
 
 @end table
 
 +The default list of options is: "self-sigs-only, import-clean,
 +repair-keys, repair-pks-subkey-bug, export-attributes,
 +honor-pka-record".
 +
 +
 @item --completes-needed @var{n}
 @opindex compliant-needed
 Number of completely trusted users to introduce a new
 diff --git a/g10/gpg.c b/g10/gpg.c
 index 66e47dde5..0bbe72394 100644
 --- a/g10/gpg.c
 +++ b/g10/gpg.c
@@ -2424,7 +2424,9 @@ main (int argc, char **argv)
     opt.import_options = IMPORT_REPAIR_KEYS;
     opt.export_options = EXPORT_ATTRIBUTES;
     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
 -					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);
 +					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
 +                                            | IMPORT_SELF_SIGS_ONLY
 +                                            | IMPORT_CLEAN);
     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
     opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
     opt.verify_options = (LIST_SHOW_UID_VALIDITY