Browse Source

Bump version and sync with ABS

master
Arti Zirk 4 months ago
parent
commit
3c189d6b48
6 changed files with 182 additions and 71 deletions
  1. +12
    -8
      .SRCINFO
  2. +17
    -7
      PKGBUILD
  3. +56
    -0
      avoid-beta-warning.patch
  4. +43
    -0
      do-not-rebuild-defsincdate.patch
  5. +54
    -0
      drop-import-clean.patch
  6. +0
    -56
      self-sigs-only.patch

+ 12
- 8
.SRCINFO View File

@@ -1,6 +1,6 @@
pkgbase = gnupg-scdaemon-shared-access
pkgdesc = This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access
pkgver = 2.2.20
pkgver = 2.2.21
pkgrel = 1
url = https://www.gnupg.org/
install = install
@@ -25,22 +25,26 @@ pkgbase = gnupg-scdaemon-shared-access
optdepends = pcsclite: scdaemon
provides = gnupg
provides = dirmngr
provides = gnupg=2.2.20
provides = gnupg2=2.2.20
provides = gnupg=2.2.21
provides = gnupg2=2.2.21
conflicts = gnupg
conflicts = dirmngr
conflicts = gnupg2
source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2
source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.20.tar.bz2.sig
source = self-sigs-only.patch
source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.21.tar.bz2
source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.21.tar.bz2.sig
source = drop-import-clean.patch
source = avoid-beta-warning.patch
source = do-not-rebuild-defsincdate.patch
source = scdaemon_shared-access.patch
validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959
validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06
validpgpkeys = D238EA65D64C67ED4C3073F28A861B1C7EFD60D9
sha256sums = 04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30
sha256sums = 61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec
sha256sums = SKIP
sha256sums = 0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218
sha256sums = 02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc
sha256sums = 22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d
sha256sums = bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee
sha256sums = aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc

pkgname = gnupg-scdaemon-shared-access


+ 17
- 7
PKGBUILD View File

@@ -6,7 +6,7 @@

_pkgname=gnupg
pkgname=gnupg-scdaemon-shared-access
pkgver=2.2.20
pkgver=2.2.21
pkgrel=1
pkgdesc='This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access'
url='https://www.gnupg.org/'
@@ -24,11 +24,15 @@ validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
'031EC2536E580D8EA286A9F22071B08A33BD3F06'
'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9')
source=("https://gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig}
"self-sigs-only.patch"
'drop-import-clean.patch'
'avoid-beta-warning.patch'
'do-not-rebuild-defsincdate.patch'
"scdaemon_shared-access.patch")
sha256sums=('04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30'
sha256sums=('61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec'
'SKIP'
'0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218'
'02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc'
'22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d'
'bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee'
'aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc')

install=install
@@ -38,9 +42,15 @@ provides=('gnupg' 'dirmngr' "gnupg=${pkgver}" "gnupg2=${pkgver}")

prepare() {
cd "${srcdir}/${_pkgname}-${pkgver}"
sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in
patch -R -p1 -i ../self-sigs-only.patch
patch -p1 -t -N < "${srcdir}/scdaemon_shared-access.patch"
patch -p1 -i ../scdaemon_shared-access.patch
patch -p1 -i ../avoid-beta-warning.patch
patch -p1 -i ../drop-import-clean.patch

# improve reproducibility
patch -p1 -i ../do-not-rebuild-defsincdate.patch
rm doc/gnupg.info*

./autogen.sh
}

build() {


+ 56
- 0
avoid-beta-warning.patch View File

@@ -0,0 +1,56 @@
From 114ab3037de3b0f9b35cf023b64c8a9b76070065 Mon Sep 17 00:00:00 2001
From: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Date: Tue, 14 Apr 2015 10:02:31 -0400
Subject: [PATCH 6/7] avoid beta warning

avoid self-describing as a beta

Using autoreconf against the source as distributed in tarball form
invariably results in a package that thinks it's a "beta" package,
which produces the "THIS IS A DEVELOPMENT VERSION" warning string.

since we use dh_autoreconf, i need this patch to avoid producing
builds that announce themselves as DEVELOPMENT VERSIONs.

See discussion at:

http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
---
autogen.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/autogen.sh b/autogen.sh
index b23855061..9b86d3ff9 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -229,24 +229,24 @@ if [ "$myhost" = "find-version" ]; then
esac
beta=no
- if [ -e .git ]; then
+ if false; then
ingit=yes
tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
tmp=$(echo "$tmp" | sed s/^"$package"//)
if [ -n "$tmp" ]; then
tmp=$(echo "$tmp" | sed s/^"$package"// \
| awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
else
tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
| awk -F- '$4!=0{print"-beta"$4}')
fi
[ -n "$tmp" ] && beta=yes
rev=$(git rev-parse --short HEAD | tr -d '\n\r')
rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
else
ingit=no
- beta=yes
- tmp="-unknown"
+ beta=no
+ tmp=""
rev="0000000"
rvd="0"
fi
--
2.27.0


+ 43
- 0
do-not-rebuild-defsincdate.patch View File

@@ -0,0 +1,43 @@
From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 29 Aug 2016 12:34:42 -0400
Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file)

upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am
tries to rewrite doc/defsincdate if it notices that any of the files
have been modified more recently, and it does so assuming that we're
running from a git repo.

However, we'd rather ship the documents cleanly without regenerating
defsincdate -- we don't have a git repo available (debian builds from
upstream tarballs) and any changes to the texinfo files (e.g. from
debian/patches/) might result in different dates on the files than we
expect after they're applied by dpkg or quilt or whatever, which makes
the datestamp unreproducible.
---
doc/Makefile.am | 7 -------
1 file changed, 7 deletions(-)

diff --git a/doc/Makefile.am b/doc/Makefile.am
index d47d83ede..c0a81b0b9 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -177,15 +177,6 @@
dist-hook: defsincdate
-defsincdate: $(gnupg_TEXINFOS)
- : >defsincdate ; \
- if test -e $(top_srcdir)/.git; then \
- (cd $(srcdir) && git log -1 --format='%ct' \
- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \
- elif test x"$SOURCE_DATE_EPOCH" != x; then \
- echo "$SOURCE_DATE_EPOCH" >>defsincdate ; \
- fi
-
defs.inc : defsincdate Makefile mkdefsinc
incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \
--
2.27.0


+ 54
- 0
drop-import-clean.patch View File

@@ -0,0 +1,54 @@
From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 15 Jul 2019 16:24:35 -0400
Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import
options

* g10/gpg.c (main): drop IMPORT_CLEAN from the
default opt.keyserver_options.import_options
* doc/gpg.texi: reflect this change in the documentation

Given that SELF_SIGS_ONLY is already set, it's not clear what
additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN
means that receiving an OpenPGP certificate from a keyserver will
potentially delete data that is otherwise held in the local keyring,
which is surprising to users who expect retrieval from the keyservers
to be purely additive.

GnuPG-Bug-Id: 4628
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
doc/gpg.texi | 2 +-
g10/gpg.c | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 4870441d4..551459a74 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are:
@end table
-The default list of options is: "self-sigs-only, import-clean,
+The default list of options is: "self-sigs-only,
repair-keys, repair-pks-subkey-bug, export-attributes,
honor-pka-record".
diff --git a/g10/gpg.c b/g10/gpg.c
index 68cc22041..fa2bcfa5e 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2397,8 +2397,7 @@ main (int argc, char **argv)
opt.export_options = EXPORT_ATTRIBUTES;
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
| IMPORT_REPAIR_PKS_SUBKEY_BUG
- | IMPORT_SELF_SIGS_ONLY
- | IMPORT_CLEAN);
+ | IMPORT_SELF_SIGS_ONLY);
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
opt.verify_options = (LIST_SHOW_UID_VALIDITY
--
2.27.0


+ 0
- 56
self-sigs-only.patch View File

@@ -1,56 +0,0 @@
From: Werner Koch <wk@gnupg.org>
Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200)
Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93

gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.

* g10/gpg.c (main): Change default.
--

Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures. That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.

To revert to the old behavior add

keyserver-optiions no-self-sigs-only,no-import-clean

to gpg.conf.

GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
---

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 8feab8218..9513a4e0f 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are:
@end table
+The default list of options is: "self-sigs-only, import-clean,
+repair-keys, repair-pks-subkey-bug, export-attributes,
+honor-pka-record".
+
+
@item --completes-needed @var{n}
@opindex compliant-needed
Number of completely trusted users to introduce a new
diff --git a/g10/gpg.c b/g10/gpg.c
index 66e47dde5..0bbe72394 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2424,7 +2424,9 @@ main (int argc, char **argv)
opt.import_options = IMPORT_REPAIR_KEYS;
opt.export_options = EXPORT_ATTRIBUTES;
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
- | IMPORT_REPAIR_PKS_SUBKEY_BUG);
+ | IMPORT_REPAIR_PKS_SUBKEY_BUG
+ | IMPORT_SELF_SIGS_ONLY
+ | IMPORT_CLEAN);
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
opt.verify_options = (LIST_SHOW_UID_VALIDITY

Loading…
Cancel
Save