Date: Thursday, July 11, 2019 @ 16:55:33 Author: bisson Revision: 357761
archrelease: copy trunk to testing-x86_64 Added: gnupg/repos/testing-x86_64/PKGBUILD (from rev 357760, gnupg/trunk/PKGBUILD) gnupg/repos/testing-x86_64/install (from rev 357760, gnupg/trunk/install) gnupg/repos/testing-x86_64/self-sigs-only.patch (from rev 357760, gnupg/trunk/self-sigs-only.patch) Deleted: gnupg/repos/testing-x86_64/PKGBUILD gnupg/repos/testing-x86_64/install ----------------------+ PKGBUILD | 129 +++++++++++++++++++++++++------------------------ install | 62 +++++++++++------------ self-sigs-only.patch | 56 +++++++++++++++++++++ 3 files changed, 153 insertions(+), 94 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2019-07-11 16:55:22 UTC (rev 357760) +++ PKGBUILD 2019-07-11 16:55:33 UTC (rev 357761) @@ -1,63 +0,0 @@ -# Maintainer: Gaetan Bisson <bis...@archlinux.org> -# Contributor: Tobias Powalowski <tp...@archlinux.org> -# Contributor: Andreas Radke <andy...@archlinux.org> -# Contributor: Judd Vinet <jvi...@zeroflux.org> - -pkgname=gnupg -pkgver=2.2.17 -pkgrel=1 -pkgdesc='Complete and free implementation of the OpenPGP standard' -url='https://www.gnupg.org/' -license=('GPL') -arch=('x86_64') -checkdepends=('openssh') -makedepends=('libldap' 'libusb-compat' 'pcsclite') -depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' - 'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite') -optdepends=('libldap: gpg2keys_ldap' - 'libusb-compat: scdaemon' - 'pcsclite: scdaemon') -validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' - '46CC730865BB5C78EBABADCF04376F3EE0856959' - '031EC2536E580D8EA286A9F22071B08A33BD3F06' - '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28') -source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}) -sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514' - 'SKIP') - -install=install - -prepare() { - cd "${srcdir}/${pkgname}-${pkgver}" - sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in -} - -build() { - cd "${srcdir}/${pkgname}-${pkgver}" - ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --sbindir=/usr/bin \ - --libexecdir=/usr/lib/gnupg \ - --enable-maintainer-mode \ - --enable-symcryptrun \ - - make -} - -check() { - cd "${srcdir}/${pkgname}-${pkgver}" - make check -} - -package() { - cd "${srcdir}/${pkgname}-${pkgver}" - make DESTDIR="${pkgdir}" install - ln -s gpg "${pkgdir}"/usr/bin/gpg2 - ln -s gpgv "${pkgdir}"/usr/bin/gpgv2 - - cd doc/examples/systemd-user - for i in *.*; do - install -Dm644 "$i" "${pkgdir}/usr/lib/systemd/user/$i" - done -} Copied: gnupg/repos/testing-x86_64/PKGBUILD (from rev 357760, gnupg/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2019-07-11 16:55:33 UTC (rev 357761) @@ -0,0 +1,66 @@ +# Maintainer: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Tobias Powalowski <tp...@archlinux.org> +# Contributor: Andreas Radke <andy...@archlinux.org> +# Contributor: Judd Vinet <jvi...@zeroflux.org> + +pkgname=gnupg +pkgver=2.2.17 +pkgrel=2 +pkgdesc='Complete and free implementation of the OpenPGP standard' +url='https://www.gnupg.org/' +license=('GPL') +arch=('x86_64') +checkdepends=('openssh') +makedepends=('libldap' 'libusb-compat' 'pcsclite') +depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' + 'pinentry' 'bzip2' 'readline' 'gnutls' 'sqlite') +optdepends=('libldap: gpg2keys_ldap' + 'libusb-compat: scdaemon' + 'pcsclite: scdaemon') +validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' + '46CC730865BB5C78EBABADCF04376F3EE0856959' + '031EC2536E580D8EA286A9F22071B08A33BD3F06' + '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28') +source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig} + 'self-sigs-only.patch') +sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514' + 'SKIP' + '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218') + +install=install + +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in + patch -R -p1 -i ../self-sigs-only.patch +} + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib/gnupg \ + --enable-maintainer-mode \ + --enable-symcryptrun \ + + make +} + +check() { + cd "${srcdir}/${pkgname}-${pkgver}" + make check +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + ln -s gpg "${pkgdir}"/usr/bin/gpg2 + ln -s gpgv "${pkgdir}"/usr/bin/gpgv2 + + cd doc/examples/systemd-user + for i in *.*; do + install -Dm644 "$i" "${pkgdir}/usr/lib/systemd/user/$i" + done +} Deleted: install =================================================================== --- install 2019-07-11 16:55:22 UTC (rev 357760) +++ install 2019-07-11 16:55:33 UTC (rev 357761) @@ -1,31 +0,0 @@ -_global_units() { - _units=(dirmngr.socket gpg-agent.socket gpg-agent-{browser,extra,ssh}.socket) - _dir=/etc/systemd/user/sockets.target.wants - - case $1 in - enable) - mkdir -p $_dir - for _u in "${_units[@]}"; do - ln -sf /usr/lib/systemd/user/$_u $_dir/$_u - done - ;; - disable) - for _u in "${_units[@]}"; do - rm -f $_dir/$_u - done - rmdir -p --ignore-fail-on-non-empty $_dir - ;; - esac -} - -post_install() { - # See FS#42798 and FS#47371 - dirmngr </dev/null &>/dev/null - - # Let systemd supervise daemons by default - _global_units enable -} - -pre_remove() { - _global_units disable -} Copied: gnupg/repos/testing-x86_64/install (from rev 357760, gnupg/trunk/install) =================================================================== --- install (rev 0) +++ install 2019-07-11 16:55:33 UTC (rev 357761) @@ -0,0 +1,31 @@ +_global_units() { + _units=(dirmngr.socket gpg-agent.socket gpg-agent-{browser,extra,ssh}.socket) + _dir=/etc/systemd/user/sockets.target.wants + + case $1 in + enable) + mkdir -p $_dir + for _u in "${_units[@]}"; do + ln -sf /usr/lib/systemd/user/$_u $_dir/$_u + done + ;; + disable) + for _u in "${_units[@]}"; do + rm -f $_dir/$_u + done + rmdir -p --ignore-fail-on-non-empty $_dir + ;; + esac +} + +post_install() { + # See FS#42798 and FS#47371 + dirmngr </dev/null &>/dev/null + + # Let systemd supervise daemons by default + _global_units enable +} + +pre_remove() { + _global_units disable +} Copied: gnupg/repos/testing-x86_64/self-sigs-only.patch (from rev 357760, gnupg/trunk/self-sigs-only.patch) =================================================================== --- self-sigs-only.patch (rev 0) +++ self-sigs-only.patch 2019-07-11 16:55:33 UTC (rev 357761) @@ -0,0 +1,56 @@ +From: Werner Koch <w...@gnupg.org> +Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200) +Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93 + +gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. + +* g10/gpg.c (main): Change default. +-- + +Due to the DoS attack on the keyeservers we do not anymore default to +import key signatures. That makes the keyserver unsuable for getting +keys for the WoT but it still allows to retriev keys - even if that +takes long to download the large keyblocks. + +To revert to the old behavior add + + keyserver-optiions no-self-sigs-only,no-import-clean + +to gpg.conf. + +GnuPG-bug-id: 4607 +Signed-off-by: Werner Koch <w...@gnupg.org> +--- + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 8feab8218..9513a4e0f 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are: + + @end table + ++The default list of options is: "self-sigs-only, import-clean, ++repair-keys, repair-pks-subkey-bug, export-attributes, ++honor-pka-record". ++ ++ + @item --completes-needed @var{n} + @opindex compliant-needed + Number of completely trusted users to introduce a new +diff --git a/g10/gpg.c b/g10/gpg.c +index 66e47dde5..0bbe72394 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2424,7 +2424,9 @@ main (int argc, char **argv) + opt.import_options = IMPORT_REPAIR_KEYS; + opt.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS +- | IMPORT_REPAIR_PKS_SUBKEY_BUG); ++ | IMPORT_REPAIR_PKS_SUBKEY_BUG ++ | IMPORT_SELF_SIGS_ONLY ++ | IMPORT_CLEAN); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY