Date: Monday, May 9, 2022 @ 10:06:16 Author: dvzrv Revision: 444882 upgpkg: gnupg 2.2.35-2: Rebuild to add fix for the use of keys in an automated environment.
The use-case of automated signatures has been broken (see https://dev.gnupg.org/T5953). Apply (upstream merged) patch to revert the broken feature addition. Add AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD as additional valid signing key. The 2.2.35 tarball is signed by both the new key and Werner Koch's 6DAA6E64A76D2840571B4902528897B826403ADA. Extend the license array to state all used licenses and install any non-common license files. Modified: gnupg/trunk/PKGBUILD ----------+ PKGBUILD | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-05-09 10:04:14 UTC (rev 444881) +++ PKGBUILD 2022-05-09 10:06:16 UTC (rev 444882) @@ -7,10 +7,10 @@ pkgname=gnupg pkgver=2.2.35 -pkgrel=1 +pkgrel=2 pkgdesc='Complete and free implementation of the OpenPGP standard' url='https://www.gnupg.org/' -license=('GPL') +license=(BSD custom CC0 GPL2 GPL3 LGPL3 LGPL2.1 MIT) arch=('x86_64') checkdepends=('openssh') makedepends=('libldap' 'libusb-compat' 'pcsclite') @@ -26,14 +26,17 @@ '031EC2536E580D8EA286A9F22071B08A33BD3F06' # NIIBE Yutaka (GnuPG Release Key) <gni...@fsij.org> '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28' # Andre Heinecke (Release Signing Key) '6DAA6E64A76D2840571B4902528897B826403ADA' # Werner Koch (dist signing 2020) + 'AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD' # Niibe Yutaka (GnuPG Release Key) ) source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig} 'gnupg-2.2.35-scd-dont-inhibit-ssh-authentication.patch::https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=patch;h=e8fb8e2b3e66d5ea8a3dc90afdc14611abf2c3da' - 'drop-import-clean.patch' + 'gnupg-2.2.35-revert_14de7b1e5904e78fcbe413a82d0f19b750bd8830.patch::https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=patch;h=3192939a10df17cb9666773ed8888627f6d16b8d' + 'drop-import-clean.patch' 'avoid-beta-warning.patch') sha256sums=('340bc255938971e6e729b3d9956fa2ef4db8215d77693bf300df2bb302498690' 'SKIP' '1b7611a24e813429e56a7d0855c59d33109cb1b59b3586a3dd35935909a493e5' + '00aa4897f11900f67e161f538c5322f2f9e65dc5675a760fd298d43d33a259d7' '02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc' '22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d') @@ -47,6 +50,9 @@ # https://bugs.archlinux.org/task/74423 # https://dev.gnupg.org/T5935 patch -p1 -i ../gnupg-2.2.35-scd-dont-inhibit-ssh-authentication.patch + # fix issues with signatures in an automated environment (e.g. archlinux-keyring): + # https://dev.gnupg.org/T5953 + patch -Np1 -i ../gnupg-2.2.35-revert_14de7b1e5904e78fcbe413a82d0f19b750bd8830.patch # improve reproducibility rm doc/gnupg.info* @@ -78,6 +84,7 @@ ln -s gpgv "${pkgdir}"/usr/bin/gpgv2 install -Dm 644 doc/examples/systemd-user/*.* -t "${pkgdir}/usr/lib/systemd/user" + install -Dm 644 COPYING.{CC0,other} -t "${pkgdir}/usr/share/licenses/$pkgname/" } # vim: ts=2 sw=2 noet: