Date: Thursday, July 11, 2019 @ 16:55:33
Author: bisson
Revision: 357761
archrelease: copy trunk to testing-x86_64
Added:
gnupg/repos/testing-x86_64/PKGBUILD
(from rev 357760, gnupg/trunk/PKGBUILD)
gnupg/repos/testing-x86_64/install
(from rev 357760, gnupg/trunk/install)
gnupg/repos/testing-x86_64/self-sigs-only.patch
(from rev 357760, gnupg/trunk/self-sigs-only.patch)
Deleted:
gnupg/repos/testing-x86_64/PKGBUILD
gnupg/repos/testing-x86_64/install
----------------------+
PKGBUILD | 129 +++++++++++++++++++++++++------------------------
install | 62 +++++++++++------------
self-sigs-only.patch | 56 +++++++++++++++++++++
3 files changed, 153 insertions(+), 94 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2019-07-11 16:55:22 UTC (rev 357760)
+++ PKGBUILD 2019-07-11 16:55:33 UTC (rev 357761)
@@ -1,63 +0,0 @@
-# Maintainer: Gaetan Bisson <bis...@archlinux.org>
-# Contributor: Tobias Powalowski <tp...@archlinux.org>
-# Contributor: Andreas Radke <andy...@archlinux.org>
-# Contributor: Judd Vinet <jvi...@zeroflux.org>
-
-pkgname=gnupg
-pkgver=2.2.17
-pkgrel=1
-pkgdesc='Complete and free implementation of the OpenPGP standard'
-url='https://www.gnupg.org/'
-license=('GPL')
-arch=('x86_64')
-checkdepends=('openssh')
-makedepends=('libldap' 'libusb-compat' 'pcsclite')
-depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
- 'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite')
-optdepends=('libldap: gpg2keys_ldap'
- 'libusb-compat: scdaemon'
- 'pcsclite: scdaemon')
-validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
- '46CC730865BB5C78EBABADCF04376F3EE0856959'
- '031EC2536E580D8EA286A9F22071B08A33BD3F06'
- '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28')
-source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig})
-sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514'
- 'SKIP')
-
-install=install
-
-prepare() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i
tools/Makefile.in
-}
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- ./configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --sbindir=/usr/bin \
- --libexecdir=/usr/lib/gnupg \
- --enable-maintainer-mode \
- --enable-symcryptrun \
-
- make
-}
-
-check() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make check
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
- ln -s gpg "${pkgdir}"/usr/bin/gpg2
- ln -s gpgv "${pkgdir}"/usr/bin/gpgv2
-
- cd doc/examples/systemd-user
- for i in *.*; do
- install -Dm644 "$i" "${pkgdir}/usr/lib/systemd/user/$i"
- done
-}
Copied: gnupg/repos/testing-x86_64/PKGBUILD (from rev 357760,
gnupg/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2019-07-11 16:55:33 UTC (rev 357761)
@@ -0,0 +1,66 @@
+# Maintainer: Gaetan Bisson <bis...@archlinux.org>
+# Contributor: Tobias Powalowski <tp...@archlinux.org>
+# Contributor: Andreas Radke <andy...@archlinux.org>
+# Contributor: Judd Vinet <jvi...@zeroflux.org>
+
+pkgname=gnupg
+pkgver=2.2.17
+pkgrel=2
+pkgdesc='Complete and free implementation of the OpenPGP standard'
+url='https://www.gnupg.org/'
+license=('GPL')
+arch=('x86_64')
+checkdepends=('openssh')
+makedepends=('libldap' 'libusb-compat' 'pcsclite')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+ 'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite')
+optdepends=('libldap: gpg2keys_ldap'
+ 'libusb-compat: scdaemon'
+ 'pcsclite: scdaemon')
+validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
+ '46CC730865BB5C78EBABADCF04376F3EE0856959'
+ '031EC2536E580D8EA286A9F22071B08A33BD3F06'
+ '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28')
+source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+ 'self-sigs-only.patch')
+sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514'
+ 'SKIP'
+ '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218')
+
+install=install
+
+prepare() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i
tools/Makefile.in
+ patch -R -p1 -i ../self-sigs-only.patch
+}
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --sbindir=/usr/bin \
+ --libexecdir=/usr/lib/gnupg \
+ --enable-maintainer-mode \
+ --enable-symcryptrun \
+
+ make
+}
+
+check() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make check
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+ ln -s gpg "${pkgdir}"/usr/bin/gpg2
+ ln -s gpgv "${pkgdir}"/usr/bin/gpgv2
+
+ cd doc/examples/systemd-user
+ for i in *.*; do
+ install -Dm644 "$i" "${pkgdir}/usr/lib/systemd/user/$i"
+ done
+}
Deleted: install
===================================================================
--- install 2019-07-11 16:55:22 UTC (rev 357760)
+++ install 2019-07-11 16:55:33 UTC (rev 357761)
@@ -1,31 +0,0 @@
-_global_units() {
- _units=(dirmngr.socket gpg-agent.socket
gpg-agent-{browser,extra,ssh}.socket)
- _dir=/etc/systemd/user/sockets.target.wants
-
- case $1 in
- enable)
- mkdir -p $_dir
- for _u in "${_units[@]}"; do
- ln -sf /usr/lib/systemd/user/$_u $_dir/$_u
- done
- ;;
- disable)
- for _u in "${_units[@]}"; do
- rm -f $_dir/$_u
- done
- rmdir -p --ignore-fail-on-non-empty $_dir
- ;;
- esac
-}
-
-post_install() {
- # See FS#42798 and FS#47371
- dirmngr </dev/null &>/dev/null
-
- # Let systemd supervise daemons by default
- _global_units enable
-}
-
-pre_remove() {
- _global_units disable
-}
Copied: gnupg/repos/testing-x86_64/install (from rev 357760,
gnupg/trunk/install)
===================================================================
--- install (rev 0)
+++ install 2019-07-11 16:55:33 UTC (rev 357761)
@@ -0,0 +1,31 @@
+_global_units() {
+ _units=(dirmngr.socket gpg-agent.socket
gpg-agent-{browser,extra,ssh}.socket)
+ _dir=/etc/systemd/user/sockets.target.wants
+
+ case $1 in
+ enable)
+ mkdir -p $_dir
+ for _u in "${_units[@]}"; do
+ ln -sf /usr/lib/systemd/user/$_u $_dir/$_u
+ done
+ ;;
+ disable)
+ for _u in "${_units[@]}"; do
+ rm -f $_dir/$_u
+ done
+ rmdir -p --ignore-fail-on-non-empty $_dir
+ ;;
+ esac
+}
+
+post_install() {
+ # See FS#42798 and FS#47371
+ dirmngr </dev/null &>/dev/null
+
+ # Let systemd supervise daemons by default
+ _global_units enable
+}
+
+pre_remove() {
+ _global_units disable
+}
Copied: gnupg/repos/testing-x86_64/self-sigs-only.patch (from rev 357760,
gnupg/trunk/self-sigs-only.patch)
===================================================================
--- self-sigs-only.patch (rev 0)
+++ self-sigs-only.patch 2019-07-11 16:55:33 UTC (rev 357761)
@@ -0,0 +1,56 @@
+From: Werner Koch <w...@gnupg.org>
+Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200)
+Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+X-Git-Url:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93
+
+gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+
+* g10/gpg.c (main): Change default.
+--
+
+Due to the DoS attack on the keyeservers we do not anymore default to
+import key signatures. That makes the keyserver unsuable for getting
+keys for the WoT but it still allows to retriev keys - even if that
+takes long to download the large keyblocks.
+
+To revert to the old behavior add
+
+ keyserver-optiions no-self-sigs-only,no-import-clean
+
+to gpg.conf.
+
+GnuPG-bug-id: 4607
+Signed-off-by: Werner Koch <w...@gnupg.org>
+---
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 8feab8218..9513a4e0f 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common
options are:
+
+ @end table
+
++The default list of options is: "self-sigs-only, import-clean,
++repair-keys, repair-pks-subkey-bug, export-attributes,
++honor-pka-record".
++
++
+ @item --completes-needed @var{n}
+ @opindex compliant-needed
+ Number of completely trusted users to introduce a new
+diff --git a/g10/gpg.c b/g10/gpg.c
+index 66e47dde5..0bbe72394 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2424,7 +2424,9 @@ main (int argc, char **argv)
+ opt.import_options = IMPORT_REPAIR_KEYS;
+ opt.export_options = EXPORT_ATTRIBUTES;
+ opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+- | IMPORT_REPAIR_PKS_SUBKEY_BUG);
++ | IMPORT_REPAIR_PKS_SUBKEY_BUG
++ | IMPORT_SELF_SIGS_ONLY
++ | IMPORT_CLEAN);
+ opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+ opt.verify_options = (LIST_SHOW_UID_VALIDITY
