commit: 3169869c36db352a79b60deebe0dc67c68b408ae Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> AuthorDate: Sun Jan 28 23:26:51 2024 +0000 Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> CommitDate: Sun Jan 28 23:28:42 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3169869c
app-crypt/gnupg: bump Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org> app-crypt/gnupg/Manifest | 2 + app-crypt/gnupg/gnupg-2.4.4.ebuild | 198 +++++++++++++++++++++++++++++++++++++ 2 files changed, 200 insertions(+) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index 2a6a68880c4d..9af56207f15c 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -6,3 +6,5 @@ DIST gnupg-2.4.2.tar.bz2 7346587 BLAKE2B 7a5aecca25d87f5f531576c8db1629908d97381 DIST gnupg-2.4.2.tar.bz2.sig 119 BLAKE2B da10bc6d93e5bd96572d6e03b99595eb3f3a5e2e53767a235f9e28878a294e6f444c5cee3a44579f6593582e5c4d85e99e963f2eb7ad2d64aa3a54136c39ffef SHA512 d08cb718a8656efb922f2591ec295e678687fe5f3a26459498952d28f4eea4f8368ea896c2908f58e3d3d8ea49faf865a1c146dda1b24f15bf8d37dce3eac868 DIST gnupg-2.4.3.tar.bz2 7351327 BLAKE2B b7f4f5e548ec6dfc89cf8792f507ee8642e8500692998cf8d2edc9f5d8002904d24a714b9caffabee6094707c4595e0f54197535135622a7a32aa772f5818f28 SHA512 193a9398445272ec3eb5b79e802efb7414f74bcfffc3db0bf72c0056e04228120c419ed91db168e5733a16a33e548bab5368dd9cf11ecd483825bce189341a1e DIST gnupg-2.4.3.tar.bz2.sig 119 BLAKE2B 763c0569e5378e132de39e1583c19bae8912455bf7cd5a65bcfc88fa43be99fb6bbf8397192b3086db2f6f0f63fc25789f5e6ce98b2fe63cda3bf673b1c60a20 SHA512 7affff694d194c3befdfc865a7872c0883304ea704e3691eac328d802f12f4f82c2a93eaa1257d3e09b38494b38185f5b8cf35c964f0c3846bbb29b93727ffee +DIST gnupg-2.4.4.tar.bz2 7886036 BLAKE2B 02661e89f0358be09fa3e71e7235b764a7dbda62a48a0c8c7a4e6c9919c3b37d54ead50b930af58f8f2fdb87861b849d3f3751e95cbedf46bdfd76caa90c4db4 SHA512 3d1a3b08d1ce2319d238d8be96591e418ede1dc0b4ede33a4cc2fe40e9c56d5bbc27b1984736d8a786e7f292ddbc836846a8bdb4bf89f064e953c37cb54b94ef +DIST gnupg-2.4.4.tar.bz2.sig 237 BLAKE2B 6ee5878c36fbec747a6d84a268903749d862aab50dd7f9a389aabbf7b94dec1c424615f520b5f4a6d44e02093e8d9ad0b08d0c6cf6fd8886d8c174ce9faac99c SHA512 3ae7b6833576df851901a7619459b514bb82faeed350c864a57a782719d21f694d9ced5a3445c81dfa584a0302f87fedc660b08ea97bb8b861e76d7c5b46d07f diff --git a/app-crypt/gnupg/gnupg-2.4.4.ebuild b/app-crypt/gnupg/gnupg-2.4.4.ebuild new file mode 100644 index 000000000000..f01cb0b88152 --- /dev/null +++ b/app-crypt/gnupg/gnupg-2.4.4.ebuild @@ -0,0 +1,198 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Maintainers should: +# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/ +# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159 +# (find the one for the current release then subscribe to it + +# any subsequent ones linked within so you're covered for a while.) + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc +# in-source builds are not supported: https://dev.gnupg.org/T6313#166339 +inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig + +MY_P="${P/_/-}" + +DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" +HOMEPAGE="https://gnupg.org/"; +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" +SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server" +RESTRICT="!test? ( test )" +REQUIRED_USE="test? ( tofu )" + +# Existence of executables is checked during configuration. +# Note: On each bump, update dep bounds on each version from configure.ac! +DEPEND=" + >=dev-libs/libassuan-2.5.0 + >=dev-libs/libgcrypt-1.9.1:= + >=dev-libs/libgpg-error-1.46 + >=dev-libs/libksba-1.6.3 + >=dev-libs/npth-1.2 + >=net-misc/curl-7.10 + sys-libs/zlib + bzip2? ( app-arch/bzip2 ) + ldap? ( net-nds/openldap:= ) + readline? ( sys-libs/readline:0= ) + smartcard? ( usb? ( virtual/libusb:1 ) ) + tofu? ( >=dev-db/sqlite-3.27 ) + tpm? ( >=app-crypt/tpm2-tss-2.4.0:= ) + ssl? ( >=net-libs/gnutls-3.2:0= ) +" +RDEPEND=" + ${DEPEND} + nls? ( virtual/libintl ) + selinux? ( sec-policy/selinux-gpg ) + wks-server? ( virtual/mta ) +" +PDEPEND=" + app-crypt/pinentry +" +BDEPEND=" + virtual/pkgconfig + doc? ( sys-apps/texinfo ) + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-gnupg ) +" + +DOCS=( + ChangeLog NEWS README THANKS TODO VERSION + doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER +) + +PATCHES=( + "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch + #"${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch + #"${FILESDIR}"/${PN}-2.4.3-no-ldap.patch +) + +src_prepare() { + default + + GNUPG_SYSTEMD_UNITS=( + dirmngr.service + dirmngr.socket + gpg-agent-browser.socket + gpg-agent-extra.socket + gpg-agent.service + gpg-agent.socket + gpg-agent-ssh.socket + ) + + cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die + + # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode, + # idea borrowed from libdbus, see + # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6 + # + # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl', + # which in turn requires discovery in Autoconf, something that upstream deeply resents. + sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \ + -i "${T}"/gpg-agent-ssh.socket || die +} + +my_src_configure() { + # Upstream don't support LTO, bug #854222. + filter-lto + + local myconf=( + $(use_enable bzip2) + $(use_enable nls) + $(use_enable smartcard scdaemon) + $(use_enable ssl gnutls) + $(use_enable test all-tests) + $(use_enable test tests) + $(use_enable tofu) + $(use_enable tofu keyboxd) + $(use_enable tofu sqlite) + $(usex tpm '--with-tss=intel' '--disable-tpm2d') + $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver') + $(use_enable wks-server wks-tools) + $(use_with ldap) + $(use_with readline) + + # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist. + # As of GnuPG 2.3, the mailprog substitution is used for the binary called + # by wks-client & wks-server; and if it's autodetected but not not exist at + # build time, then then 'gpg-wks-client --send' functionality will not + # work. This has an unwanted side-effect in stage3 builds: there was a + # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating + # the build where the install guide previously make the user chose the + # logger & mta early in the install. + --with-mailprog=/usr/libexec/sendmail + + --disable-ntbtls + --enable-gpgsm + --enable-large-secmem + + CC_FOR_BUILD="$(tc-getBUILD_CC)" + GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config" + KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config" + LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config" + LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config" + NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config" + + $("${S}/configure" --help | grep -o -- '--without-.*-prefix') + ) + + if use prefix && use usb; then + # bug #649598 + append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0" + fi + + # bug #663142 + if use user-socket; then + myconf+=( --enable-run-gnupg-user-socket ) + fi + + # glib fails and picks up clang's internal stdint.h causing weird errors + tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h + + econf "${myconf[@]}" +} + +my_src_compile() { + default + + use doc && emake -C doc html +} + +my_src_test() { + export TESTFLAGS="--parallel=$(makeopts_jobs)" + + default +} + +my_src_install() { + emake DESTDIR="${D}" install + + use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert + + dosym gpg /usr/bin/gpg2 + dosym gpgv /usr/bin/gpgv2 + echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die + echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die + + dodir /etc/env.d + echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die + + use doc && dodoc doc/gnupg.html/* +} + +my_src_install_all() { + einstalldocs + + use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot} + use doc && dodoc doc/*.png + + # Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed. + dodoc "${FILESDIR}"/README-systemd + systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}" +}
