[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/ - gentoo-commits

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
Date:	Fri, 11 Aug 2017 16:50:30
Message-Id:	`1502470106.a12f7eafa84c6cb0cf6d643c55ef027f33b8147e.k_f@gentoo`

1

commit:     a12f7eafa84c6cb0cf6d643c55ef027f33b8147e

2

Author:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>

3

AuthorDate: Fri Aug 11 16:15:46 2017 +0000

4

Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>

5

CommitDate: Fri Aug 11 16:48:26 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a12f7eaf

7

8

app-crypt/gnupg: New upstream version 2.1.23

9

10

Reverting to default of no --auto-key-retrieve as this has information

11

leak potential that should not be enabled in default configuration. The

12

change is also reverted upstream

13

14

Package-Manager: Portage-2.3.6, Repoman-2.3.1

15

16

 app-crypt/gnupg/Manifest                           |   1 +

17

 ....1.23-gpg-default-to-no-auto-key-retrieve.patch |  71 ++++++++++++

18

 app-crypt/gnupg/gnupg-2.1.23.ebuild                | 124 +++++++++++++++++++++

19

 3 files changed, 196 insertions(+)

20

21

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest

22

index 77cdbd2968f..07c1872aeaf 100644

23

--- a/app-crypt/gnupg/Manifest

24

+++ b/app-crypt/gnupg/Manifest

25

@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786

26

 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151

27

 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624

28

 DIST gnupg-2.1.22.tar.bz2 6530433 SHA256 46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7 SHA512 d2ccbf32716a701df9e4ad5c19b682daf1a02b0bf8a1751a32af6db0c9284a4ee7df91310bed1a2087911a9964cb7b7f2ca9dad32a880ed1e1465d8048605e16 WHIRLPOOL 3a87914898e2f164f7effa67e0e8f5ccb48aed0e9e4d65559d73783478ee509f7876ef7ef77ec9c43de2611a8a2ecdcbfbd443ab5de119203b20e316473e4e75

29

+DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412 WHIRLPOOL deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14

30

31

diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch

32

new file mode 100644

33

index 00000000000..4cc414d18e3

34

--- /dev/null

35

+++ b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch

36

@@ -0,0 +1,71 @@

37

+From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001

38

+From: Daniel Kahn Gillmor <dkg@×××××××××××××.net>

39

+Date: Fri, 11 Aug 2017 02:26:52 -0400

40

+Subject: [PATCH] gpg: default to --no-auto-key-retrieve.

41

+

42

+* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the

43

+default keyserver options.

44

+* doc/gpg.texi: document this change.

45

+--

46

+

47

+This is a partial reversion of

48

+7e1fe791d188b078398bf83c9af992cb1bd2a4b3.  Werner and i discussed it

49

+earlier today, and came to the conclusion that:

50

+

51

+ * the risk of metadata leakage represented by a default

52

+   --auto-key-retrieve, both in e-mail (as a "web bug") and in other

53

+   contexts where GnuPG is used to verified signatures, is quite high.

54

+

55

+ * the advantages of --auto-key-retrieve (in terms of signature

56

+   verification) can sometimes be achieved in other ways, such as when

57

+   a signed message includes a copy of its own key.

58

+

59

+ * when those other ways are not useful, a graphical, user-facing

60

+   application can still offer the user the opportunity to choose to

61

+   fetch the key; or it can apply its own policy about when to set

62

+   --auto-key-retrieve, without needing to affect the defaults.

63

+

64

+Note that --auto-key-retrieve is specifically about signature

65

+verification.  Decisions about how and whether to look up a key during

66

+message encryption are governed by --auto-key-locate.  This change

67

+does not touch the --auto-key-locate default of "local,wkd".  The user

68

+deliberately asking gpg to encrypt to an e-mail address is a different

69

+scenario than having an incoming e-mail trigger a potentially unique

70

+network request.

71

+

72

+Signed-off-by: Daniel Kahn Gillmor <dkg@×××××××××××××.net>

73

+---

74

+ doc/gpg.texi | 2 +-

75

+ g10/gpg.c    | 3 +--

76

+ 2 files changed, 2 insertions(+), 3 deletions(-)

77

+

78

+diff --git a/doc/gpg.texi b/doc/gpg.texi

79

+index c71126a97..b6a9b2d70 100644

80

+--- a/doc/gpg.texi

81

++++ b/doc/gpg.texi

82

+@@ -1792,7 +1792,7 @@ list.  The default is "local,wkd".

83

+ @opindex no-auto-key-retrieve

84

+ These options enable or disable the automatic retrieving of keys from

85

+ a keyserver when verifying signatures made by keys that are not on the

86

+-local keyring.  The default is @option{--auto-key-retrieve}.

87

++local keyring.  The default is @option{--no-auto-key-retrieve}.

88

+

89

+ If the method "wkd" is included in the list of methods given to

90

+ @option{auto-key-locate}, the signer's user ID is part of the

91

+diff --git a/g10/gpg.c b/g10/gpg.c

92

+index c721cdc4a..c9fa7ae5b 100644

93

+--- a/g10/gpg.c

94

++++ b/g10/gpg.c

95

+@@ -2366,8 +2366,7 @@ main (int argc, char **argv)

96

+     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS

97

+ 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);

98

+     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;

99

+-    opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD

100

+-                                     | KEYSERVER_AUTO_KEY_RETRIEVE);

101

++    opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;

102

+     opt.verify_options = (LIST_SHOW_UID_VALIDITY

103

+                           | VERIFY_SHOW_POLICY_URLS

104

+                           | VERIFY_SHOW_STD_NOTATIONS

105

+--

106

+2.13.0

107

+

108

109

diff --git a/app-crypt/gnupg/gnupg-2.1.23.ebuild b/app-crypt/gnupg/gnupg-2.1.23.ebuild

110

new file mode 100644

111

index 00000000000..9564b859cdf

112

--- /dev/null

113

+++ b/app-crypt/gnupg/gnupg-2.1.23.ebuild

114

@@ -0,0 +1,124 @@

115

+# Copyright 1999-2017 Gentoo Foundation

116

+# Distributed under the terms of the GNU General Public License v2

117

+

118

+EAPI="6"

119

+

120

+inherit systemd toolchain-funcs

121

+

122

+MY_P="${P/_/-}"

123

+

124

+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"

125

+HOMEPAGE="http://www.gnupg.org/"

126

+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"

127

+

128

+LICENSE="GPL-3"

129

+SLOT="0"

130

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"

131

+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"

132

+

133

+COMMON_DEPEND_LIBS="

134

+	>=dev-libs/npth-1.2

135

+	>=dev-libs/libassuan-2.4.3

136

+	>=dev-libs/libgcrypt-1.7.3

137

+	>=dev-libs/libgpg-error-1.24

138

+	>=dev-libs/libksba-1.3.4

139

+	>=net-misc/curl-7.10

140

+	gnutls? ( >=net-libs/gnutls-3.0:0= )

141

+	sys-libs/zlib

142

+	ldap? ( net-nds/openldap )

143

+	bzip2? ( app-arch/bzip2 )

144

+	readline? ( sys-libs/readline:0= )

145

+	smartcard? ( usb? ( virtual/libusb:0 ) )

146

+	tofu? ( >=dev-db/sqlite-3.7 )

147

+	"

148

+COMMON_DEPEND_BINS="app-crypt/pinentry

149

+	!app-crypt/dirmngr"

150

+

151

+# Existence of executables is checked during configuration.

152

+DEPEND="${COMMON_DEPEND_LIBS}

153

+	${COMMON_DEPEND_BINS}

154

+	nls? ( sys-devel/gettext )

155

+	doc? ( sys-apps/texinfo )"

156

+

157

+RDEPEND="${COMMON_DEPEND_LIBS}

158

+	${COMMON_DEPEND_BINS}

159

+	selinux? ( sec-policy/selinux-gpg )

160

+	nls? ( virtual/libintl )"

161

+

162

+S="${WORKDIR}/${MY_P}"

163

+

164

+DOCS=(

165

+	ChangeLog NEWS README THANKS TODO VERSION

166

+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER

167

+)

168

+

169

+PATCHES=(

170

+	"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"

171

+	"${FILESDIR}/${P}-gpg-default-to-no-auto-key-retrieve.patch"

172

+)

173

+

174

+src_configure() {

175

+	local myconf=()

176

+

177

+	if use smartcard; then

178

+		myconf+=(

179

+			--enable-scdaemon

180

+			$(use_enable usb ccid-driver)

181

+		)

182

+	else

183

+		myconf+=( --disable-scdaemon )

184

+	fi

185

+

186

+	if use elibc_SunOS || use elibc_AIX; then

187

+		myconf+=( --disable-symcryptrun )

188

+	else

189

+		myconf+=( --enable-symcryptrun )

190

+	fi

191

+

192

+	# glib fails and picks up clang's internal stdint.h causing weird errors

193

+	[[ ${CC} == *clang ]] && \

194

+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h

195

+

196

+	econf \

197

+		"${myconf[@]}" \

198

+		$(use_enable bzip2) \

199

+		$(use_enable gnutls) \

200

+		$(use_enable nls) \

201

+		$(use_enable tofu) \

202

+		$(use_enable wks-server wks-tools) \

203

+		$(use_with ldap) \

204

+		$(use_with readline) \

205

+		--enable-gpg \

206

+		--enable-gpgsm \

207

+		--enable-large-secmem \

208

+		--enable-all-tests \

209

+		CC_FOR_BUILD="$(tc-getBUILD_CC)"

210

+}

211

+

212

+src_compile() {

213

+	default

214

+

215

+	use doc && emake -C doc html

216

+}

217

+

218

+src_install() {

219

+	default

220

+

221

+	use tools &&

222

+		dobin \

223

+			tools/{convert-from-106,gpg-check-pattern} \

224

+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \

225

+			tools/make-dns-cert

226

+

227

+	dosym gpg /usr/bin/gpg2

228

+	dosym gpgv /usr/bin/gpgv2

229

+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1 || die

230

+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1 || die

231

+

232

+	dodir /etc/env.d

233

+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die

234

+

235

+	use doc && dodoc doc/gnupg.html/* doc/*.png

236

+

237

+	systemd_douserunit doc/examples/systemd-user/*.{service,socket}

238

+}

1	commit: a12f7eafa84c6cb0cf6d643c55ef027f33b8147e
2	Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
3	AuthorDate: Fri Aug 11 16:15:46 2017 +0000
4	Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
5	CommitDate: Fri Aug 11 16:48:26 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a12f7eaf
7
8	app-crypt/gnupg: New upstream version 2.1.23
9
10	Reverting to default of no --auto-key-retrieve as this has information
11	leak potential that should not be enabled in default configuration. The
12	change is also reverted upstream
13
14	Package-Manager: Portage-2.3.6, Repoman-2.3.1
15
16	app-crypt/gnupg/Manifest \| 1 +
17	....1.23-gpg-default-to-no-auto-key-retrieve.patch \| 71 ++++++++++++
18	app-crypt/gnupg/gnupg-2.1.23.ebuild \| 124 +++++++++++++++++++++
19	3 files changed, 196 insertions(+)
20
21	diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
22	index 77cdbd2968f..07c1872aeaf 100644
23	--- a/app-crypt/gnupg/Manifest
24	+++ b/app-crypt/gnupg/Manifest
25	@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786
26	DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
27	DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
28	DIST gnupg-2.1.22.tar.bz2 6530433 SHA256 46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7 SHA512 d2ccbf32716a701df9e4ad5c19b682daf1a02b0bf8a1751a32af6db0c9284a4ee7df91310bed1a2087911a9964cb7b7f2ca9dad32a880ed1e1465d8048605e16 WHIRLPOOL 3a87914898e2f164f7effa67e0e8f5ccb48aed0e9e4d65559d73783478ee509f7876ef7ef77ec9c43de2611a8a2ecdcbfbd443ab5de119203b20e316473e4e75
29	+DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412 WHIRLPOOL deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14
30
31	diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
32	new file mode 100644
33	index 00000000000..4cc414d18e3
34	--- /dev/null
35	+++ b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
36	@@ -0,0 +1,71 @@
37	+From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001
38	+From: Daniel Kahn Gillmor <dkg@×××××××××××××.net>
39	+Date: Fri, 11 Aug 2017 02:26:52 -0400
40	+Subject: [PATCH] gpg: default to --no-auto-key-retrieve.
41	+
42	+* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
43	+default keyserver options.
44	+* doc/gpg.texi: document this change.
45	+--
46	+
47	+This is a partial reversion of
48	+7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it
49	+earlier today, and came to the conclusion that:
50	+
51	+ * the risk of metadata leakage represented by a default
52	+ --auto-key-retrieve, both in e-mail (as a "web bug") and in other
53	+ contexts where GnuPG is used to verified signatures, is quite high.
54	+
55	+ * the advantages of --auto-key-retrieve (in terms of signature
56	+ verification) can sometimes be achieved in other ways, such as when
57	+ a signed message includes a copy of its own key.
58	+
59	+ * when those other ways are not useful, a graphical, user-facing
60	+ application can still offer the user the opportunity to choose to
61	+ fetch the key; or it can apply its own policy about when to set
62	+ --auto-key-retrieve, without needing to affect the defaults.
63	+
64	+Note that --auto-key-retrieve is specifically about signature
65	+verification. Decisions about how and whether to look up a key during
66	+message encryption are governed by --auto-key-locate. This change
67	+does not touch the --auto-key-locate default of "local,wkd". The user
68	+deliberately asking gpg to encrypt to an e-mail address is a different
69	+scenario than having an incoming e-mail trigger a potentially unique
70	+network request.
71	+
72	+Signed-off-by: Daniel Kahn Gillmor <dkg@×××××××××××××.net>
73	+---
74	+ doc/gpg.texi \| 2 +-
75	+ g10/gpg.c \| 3 +--
76	+ 2 files changed, 2 insertions(+), 3 deletions(-)
77	+
78	+diff --git a/doc/gpg.texi b/doc/gpg.texi
79	+index c71126a97..b6a9b2d70 100644
80	+--- a/doc/gpg.texi
81	++++ b/doc/gpg.texi
82	+@@ -1792,7 +1792,7 @@ list. The default is "local,wkd".
83	+ @opindex no-auto-key-retrieve
84	+ These options enable or disable the automatic retrieving of keys from
85	+ a keyserver when verifying signatures made by keys that are not on the
86	+-local keyring. The default is @option{--auto-key-retrieve}.
87	++local keyring. The default is @option{--no-auto-key-retrieve}.
88	+
89	+ If the method "wkd" is included in the list of methods given to
90	+ @option{auto-key-locate}, the signer's user ID is part of the
91	+diff --git a/g10/gpg.c b/g10/gpg.c
92	+index c721cdc4a..c9fa7ae5b 100644
93	+--- a/g10/gpg.c
94	++++ b/g10/gpg.c
95	+@@ -2366,8 +2366,7 @@ main (int argc, char **argv)
96	+ opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
97	+ \| IMPORT_REPAIR_PKS_SUBKEY_BUG);
98	+ opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
99	+- opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
100	+- \| KEYSERVER_AUTO_KEY_RETRIEVE);
101	++ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
102	+ opt.verify_options = (LIST_SHOW_UID_VALIDITY
103	+ \| VERIFY_SHOW_POLICY_URLS
104	+ \| VERIFY_SHOW_STD_NOTATIONS
105	+--
106	+2.13.0
107	+
108
109	diff --git a/app-crypt/gnupg/gnupg-2.1.23.ebuild b/app-crypt/gnupg/gnupg-2.1.23.ebuild
110	new file mode 100644
111	index 00000000000..9564b859cdf
112	--- /dev/null
113	+++ b/app-crypt/gnupg/gnupg-2.1.23.ebuild
114	@@ -0,0 +1,124 @@
115	+# Copyright 1999-2017 Gentoo Foundation
116	+# Distributed under the terms of the GNU General Public License v2
117	+
118	+EAPI="6"
119	+
120	+inherit systemd toolchain-funcs
121	+
122	+MY_P="${P/_/-}"
123	+
124	+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
125	+HOMEPAGE="http://www.gnupg.org/"
126	+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
127	+
128	+LICENSE="GPL-3"
129	+SLOT="0"
130	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
131	+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
132	+
133	+COMMON_DEPEND_LIBS="
134	+ >=dev-libs/npth-1.2
135	+ >=dev-libs/libassuan-2.4.3
136	+ >=dev-libs/libgcrypt-1.7.3
137	+ >=dev-libs/libgpg-error-1.24
138	+ >=dev-libs/libksba-1.3.4
139	+ >=net-misc/curl-7.10
140	+ gnutls? ( >=net-libs/gnutls-3.0:0= )
141	+ sys-libs/zlib
142	+ ldap? ( net-nds/openldap )
143	+ bzip2? ( app-arch/bzip2 )
144	+ readline? ( sys-libs/readline:0= )
145	+ smartcard? ( usb? ( virtual/libusb:0 ) )
146	+ tofu? ( >=dev-db/sqlite-3.7 )
147	+ "
148	+COMMON_DEPEND_BINS="app-crypt/pinentry
149	+ !app-crypt/dirmngr"
150	+
151	+# Existence of executables is checked during configuration.
152	+DEPEND="${COMMON_DEPEND_LIBS}
153	+ ${COMMON_DEPEND_BINS}
154	+ nls? ( sys-devel/gettext )
155	+ doc? ( sys-apps/texinfo )"
156	+
157	+RDEPEND="${COMMON_DEPEND_LIBS}
158	+ ${COMMON_DEPEND_BINS}
159	+ selinux? ( sec-policy/selinux-gpg )
160	+ nls? ( virtual/libintl )"
161	+
162	+S="${WORKDIR}/${MY_P}"
163	+
164	+DOCS=(
165	+ ChangeLog NEWS README THANKS TODO VERSION
166	+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
167	+)
168	+
169	+PATCHES=(
170	+ "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
171	+ "${FILESDIR}/${P}-gpg-default-to-no-auto-key-retrieve.patch"
172	+)
173	+
174	+src_configure() {
175	+ local myconf=()
176	+
177	+ if use smartcard; then
178	+ myconf+=(
179	+ --enable-scdaemon
180	+ $(use_enable usb ccid-driver)
181	+ )
182	+ else
183	+ myconf+=( --disable-scdaemon )
184	+ fi
185	+
186	+ if use elibc_SunOS \|\| use elibc_AIX; then
187	+ myconf+=( --disable-symcryptrun )
188	+ else
189	+ myconf+=( --enable-symcryptrun )
190	+ fi
191	+
192	+ # glib fails and picks up clang's internal stdint.h causing weird errors
193	+ [[ ${CC} == *clang ]] && \
194	+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
195	+
196	+ econf \
197	+ "${myconf[@]}" \
198	+ $(use_enable bzip2) \
199	+ $(use_enable gnutls) \
200	+ $(use_enable nls) \
201	+ $(use_enable tofu) \
202	+ $(use_enable wks-server wks-tools) \
203	+ $(use_with ldap) \
204	+ $(use_with readline) \
205	+ --enable-gpg \
206	+ --enable-gpgsm \
207	+ --enable-large-secmem \
208	+ --enable-all-tests \
209	+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
210	+}
211	+
212	+src_compile() {
213	+ default
214	+
215	+ use doc && emake -C doc html
216	+}
217	+
218	+src_install() {
219	+ default
220	+
221	+ use tools &&
222	+ dobin \
223	+ tools/{convert-from-106,gpg-check-pattern} \
224	+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
225	+ tools/make-dns-cert
226	+
227	+ dosym gpg /usr/bin/gpg2
228	+ dosym gpgv /usr/bin/gpgv2
229	+ echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1 \|\| die
230	+ echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1 \|\| die
231	+
232	+ dodir /etc/env.d
233	+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg \|\| die
234	+
235	+ use doc && dodoc doc/gnupg.html/* doc/*.png
236	+
237	+ systemd_douserunit doc/examples/systemd-user/*.{service,socket}
238	+}

Gentoo Archives: gentoo-commits