On 2010/11/12 10:54, David Coppa wrote: > > Having the new toy in my hands has led to a revised patch for > security/gnupg2:
here's a diff which applies to -current, basically the same + fix a typo in comment. I've checked the manpages and groff is still needed. ok with me. Index: Makefile =================================================================== RCS file: /cvs/ports/security/gnupg2/Makefile,v retrieving revision 1.6 diff -u -p -r1.6 Makefile --- Makefile 11 Nov 2010 18:34:59 -0000 1.6 +++ Makefile 12 Nov 2010 10:14:30 -0000 @@ -1,8 +1,9 @@ -# $OpenBSD: Makefile,v 1.6 2010/11/11 18:34:59 espie Exp $ +# $OpenBSD: Makefile,v 1.5 2010/10/18 21:41:45 espie Exp $ COMMENT = gnu privacy guard - a free PGP replacement DISTNAME = gnupg-2.0.16 +REVISION = 0 CATEGORIES = security MASTER_SITES = ftp://ftp.gnupg.org/gcrypt/gnupg/ \ @@ -14,36 +15,26 @@ MASTER_SITES = ftp://ftp.gnupg.org/gcry ftp://pgp.iijlab.net/pub/pgp/gnupg/ \ ftp://ring.aist.go.jp/pub/net/gnupg/gnupg/ - HOMEPAGE = http://www.gnupg.org/ MAINTAINER = Pierre-Emmanuel Andre <p...@openbsd.org> -# GPLv3 +# GPLv3+ PERMIT_PACKAGE_CDROM = Yes PERMIT_PACKAGE_FTP = Yes -PERMIT_DISTFILES_CDROM= Yes +PERMIT_DISTFILES_CDROM =Yes PERMIT_DISTFILES_FTP = Yes +WANTLIB += assuan bz2 c crypto curl gcrypt gpg-error +WANTLIB += idn ksba pth readline ssl termcap usb z + EXTRACT_SUFX = .tar.bz2 MODULES = devel/gettext -WANTLIB = c crypto z readline ssl termcap gpg-error idn - FLAVORS = ldap FLAVOR ?= -USE_GROFF = Yes -.if ${FLAVOR:L:Mldap} -CONFIGURE_ARGS+= --enable-ldap -LIB_DEPENDS+= ::databases/openldap -WANTLIB += ldap.>=8 -.else -CONFIGURE_ARGS+= --disable-ldap -.endif - -WANTLIB += usb bz2 assuan gcrypt ksba curl.>=6 pth LIB_DEPENDS = ::devel/libusb \ ::archivers/bzip2 \ ::security/libassuan \ @@ -52,19 +43,28 @@ LIB_DEPENDS = ::devel/libusb \ ::net/curl \ ::devel/pth +.if ${FLAVOR:L:Mldap} +CONFIGURE_ARGS += --enable-ldap +WANTLIB += ldap +LIB_DEPENDS += ::databases/openldap +.else +CONFIGURE_ARGS += --disable-ldap +.endif + RUN_DEPENDS = ::security/pinentry # gpg-agent must be installed to run the regress tests -REGRESS_DEPENDS = ${PKGNAME}::${BUILD_PKGPATH} +REGRESS_DEPENDS = :${PKGNAME}:${BUILD_PKGPATH} USE_GMAKE = Yes +USE_GROFF = Yes CONFIGURE_STYLE = gnu CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include" \ LDFLAGS="-L${LOCALBASE}/lib" CONFIGURE_ARGS = docdir=${LOCALBASE}/share/doc/gnupg2 -# Avoid conflit with gnupg-1.x +# Avoid conflict with gnupg-1.x post-install: @mv ${PREFIX}/man/man1/gpg-zip.1 ${PREFIX}/man/man1/gpg2-zip.1 Index: patches/patch-g10_call-agent_c =================================================================== RCS file: patches/patch-g10_call-agent_c diff -N patches/patch-g10_call-agent_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-g10_call-agent_c 12 Nov 2010 10:14:30 -0000 @@ -0,0 +1,42 @@ +$OpenBSD$ + +Patch from upstream: allow more hash algorithms when using scdaemon. +Needed to use SHA2-family of functions with OpenPGPv2 cards, that do +support them. + +--- g10/call-agent.c.orig Wed Feb 17 09:55:45 2010 ++++ g10/call-agent.c Wed Nov 3 14:59:39 2010 +@@ -892,6 +892,23 @@ membuf_data_cb (void *opaque, const void *buffer, size + return 0; + } + ++ ++static const char * ++hash_algo_option (int algo) ++{ ++ switch (algo) ++ { ++ case GCRY_MD_RMD160: return "--hash=rmd160 "; ++ case GCRY_MD_SHA1 : return "--hash=sha1 "; ++ case GCRY_MD_SHA224: return "--hash=sha224 "; ++ case GCRY_MD_SHA256: return "--hash=sha256 "; ++ case GCRY_MD_SHA384: return "--hash=sha384 "; ++ case GCRY_MD_SHA512: return "--hash=sha512 "; ++ case GCRY_MD_MD5 : return "--hash=md5 "; ++ default: return ""; ++ } ++} ++ + /* Send a sign command to the scdaemon via gpg-agent's pass thru + mechanism. */ + int +@@ -938,8 +955,7 @@ agent_scd_pksign (const char *serialno, int hashalgo, + else + #endif + snprintf (line, DIM(line)-1, "SCD PKSIGN %s%s", +- hashalgo == GCRY_MD_RMD160? "--hash=rmd160 " : "", +- serialno); ++ hash_algo_option (hashalgo), serialno); + line[DIM(line)-1] = 0; + rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data, + default_inq_cb, NULL, NULL, NULL); Index: patches/patch-scd_apdu_c =================================================================== RCS file: patches/patch-scd_apdu_c diff -N patches/patch-scd_apdu_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-scd_apdu_c 12 Nov 2010 10:14:30 -0000 @@ -0,0 +1,29 @@ +$OpenBSD$ + +The pcsc backend does not work due to problems with our current +threading implementation: one has to use a card reader supported +by GnuPG's internal CCID driver. + +--- scd/apdu.c.orig Wed Mar 17 13:11:30 2010 ++++ scd/apdu.c Fri Nov 12 08:30:02 2010 +@@ -66,7 +66,8 @@ + /* Due to conflicting use of threading libraries we usually can't link + against libpcsclite. Instead we use a wrapper program. */ + #ifdef USE_GNU_PTH +-#if !defined(HAVE_W32_SYSTEM) && !defined(__CYGWIN__) ++/* XXX */ ++#if !defined(HAVE_W32_SYSTEM) && !defined(__CYGWIN__) && !defined(__OpenBSD__) + #define NEED_PCSC_WRAPPER 1 + #endif + #endif +@@ -2388,6 +2389,10 @@ apdu_open_reader (const char *portstr, int *r_no_servi + /* No ctAPI configured, so lets try the PC/SC API */ + if (!pcsc_api_loaded) + { ++ /* XXX */ ++#ifdef __OpenBSD__ ++ return -1; ++#endif + #ifndef NEED_PCSC_WRAPPER + void *handle; + Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/gnupg2/pkg/PLIST,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 PLIST --- pkg/PLIST 8 Jul 2010 16:57:54 -0000 1.1.1.1 +++ pkg/PLIST 12 Nov 2010 10:14:30 -0000 @@ -13,7 +13,7 @@ bin/gpgsm-gencert.sh @bin bin/scdaemon @bin bin/watchgnupg @info info/gnupg.info -...@bin libexec/gnupg-pcsc-wrapper +...@comment libexec/gnupg-pcsc-wrapper @bin libexec/gpg-check-pattern @bin libexec/gpg-preset-passphrase @bin libexec/gpg-protect-tool
