1 |
commit: 0e19c5dd1d374ec4a07c9dfed5759df0dcf05c94 |
2 |
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Mar 6 22:33:50 2017 +0000 |
4 |
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Mar 6 22:34:06 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e19c5dd |
7 |
|
8 |
app-crypt/gnupg: Fix broken ssh without smartcard USE flag |
9 |
|
10 |
Gentoo-Bug: 611544 |
11 |
|
12 |
Package-Manager: Portage-2.3.3, Repoman-2.3.1 |
13 |
|
14 |
.../gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch | 85 ++++++++++++++ |
15 |
app-crypt/gnupg/gnupg-2.1.19-r1.ebuild | 124 +++++++++++++++++++++ |
16 |
2 files changed, 209 insertions(+) |
17 |
|
18 |
diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..14d5444f3a0 |
21 |
--- /dev/null |
22 |
+++ b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch |
23 |
@@ -0,0 +1,85 @@ |
24 |
+From 4ce4f2f683a17be3ddb93729f3f25014a97934ad Mon Sep 17 00:00:00 2001 |
25 |
+From: NIIBE Yutaka <gniibe@××××.org> |
26 |
+Date: Mon, 6 Mar 2017 10:26:11 +0900 |
27 |
+Subject: [PATCH 1/1] agent: For SSH, robustly handling scdaemon's errors. |
28 |
+ |
29 |
+* agent/command-ssh.c (card_key_list): Return 0 when |
30 |
+agent_card_serialno returns an error. |
31 |
+(ssh_handler_request_identities): Handle errors for card listing |
32 |
+and proceed to other cases. |
33 |
+-- |
34 |
+ |
35 |
+GnuPG-bug-id: 2980 |
36 |
+ |
37 |
+Signed-off-by: NIIBE Yutaka <gniibe@××××.org> |
38 |
+--- |
39 |
+ agent/command-ssh.c | 19 +++++++++---------- |
40 |
+ 1 file changed, 9 insertions(+), 10 deletions(-) |
41 |
+ |
42 |
+diff --git a/agent/command-ssh.c b/agent/command-ssh.c |
43 |
+index 79b8f85..3ab41cf 100644 |
44 |
+--- a/agent/command-ssh.c |
45 |
++++ b/agent/command-ssh.c |
46 |
+@@ -2393,13 +2393,12 @@ card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result) |
47 |
+ err = agent_card_serialno (ctrl, r_serialno, NULL); |
48 |
+ if (err) |
49 |
+ { |
50 |
+- if (gpg_err_code (err) == GPG_ERR_ENODEV) |
51 |
+- return 0; /* Nothing available. */ |
52 |
+- |
53 |
+- if (opt.verbose) |
54 |
++ if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose) |
55 |
+ log_info (_("error getting serial number of card: %s\n"), |
56 |
+ gpg_strerror (err)); |
57 |
+- return err; |
58 |
++ |
59 |
++ /* Nothing available. */ |
60 |
++ return 0; |
61 |
+ } |
62 |
+ |
63 |
+ err = agent_card_cardlist (ctrl, result); |
64 |
+@@ -2568,7 +2567,6 @@ ssh_handler_request_identities (ctrl_t ctrl, |
65 |
+ gpg_error_t err; |
66 |
+ int ret; |
67 |
+ ssh_control_file_t cf = NULL; |
68 |
+- char *cardsn; |
69 |
+ gpg_error_t ret_err; |
70 |
+ |
71 |
+ (void)request; |
72 |
+@@ -2601,21 +2599,21 @@ ssh_handler_request_identities (ctrl_t ctrl, |
73 |
+ if (opt.verbose) |
74 |
+ log_info (_("error getting list of cards: %s\n"), |
75 |
+ gpg_strerror (err)); |
76 |
+- goto out; |
77 |
++ goto scd_out; |
78 |
+ } |
79 |
+ |
80 |
+ for (sl = card_list; sl; sl = sl->next) |
81 |
+ { |
82 |
+ char *serialno0; |
83 |
++ char *cardsn; |
84 |
++ |
85 |
+ err = agent_card_serialno (ctrl, &serialno0, sl->d); |
86 |
+ if (err) |
87 |
+ { |
88 |
+ if (opt.verbose) |
89 |
+ log_info (_("error getting serial number of card: %s\n"), |
90 |
+ gpg_strerror (err)); |
91 |
+- xfree (serialno); |
92 |
+- free_strlist (card_list); |
93 |
+- goto out; |
94 |
++ continue; |
95 |
+ } |
96 |
+ |
97 |
+ xfree (serialno0); |
98 |
+@@ -2640,6 +2638,7 @@ ssh_handler_request_identities (ctrl_t ctrl, |
99 |
+ free_strlist (card_list); |
100 |
+ } |
101 |
+ |
102 |
++ scd_out: |
103 |
+ /* Then look at all the registered and non-disabled keys. */ |
104 |
+ err = open_control_file (&cf, 0); |
105 |
+ if (err) |
106 |
+-- |
107 |
+2.8.0.rc3 |
108 |
+ |
109 |
|
110 |
diff --git a/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild |
111 |
new file mode 100644 |
112 |
index 00000000000..05ee0b7cbce |
113 |
--- /dev/null |
114 |
+++ b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild |
115 |
@@ -0,0 +1,124 @@ |
116 |
+# Copyright 1999-2017 Gentoo Foundation |
117 |
+# Distributed under the terms of the GNU General Public License v2 |
118 |
+ |
119 |
+EAPI="6" |
120 |
+ |
121 |
+inherit eutils flag-o-matic toolchain-funcs |
122 |
+ |
123 |
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" |
124 |
+HOMEPAGE="http://www.gnupg.org/" |
125 |
+LICENSE="GPL-3" |
126 |
+ |
127 |
+MY_P="${P/_/-}" |
128 |
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" |
129 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
130 |
+ |
131 |
+SLOT="0" |
132 |
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server" |
133 |
+ |
134 |
+COMMON_DEPEND_LIBS=" |
135 |
+ >=dev-libs/npth-1.2 |
136 |
+ >=dev-libs/libassuan-2.4.3 |
137 |
+ >=dev-libs/libgcrypt-1.7.3 |
138 |
+ >=dev-libs/libgpg-error-1.24 |
139 |
+ >=dev-libs/libksba-1.3.4 |
140 |
+ >=net-misc/curl-7.10 |
141 |
+ gnutls? ( >=net-libs/gnutls-3.0:0= ) |
142 |
+ sys-libs/zlib |
143 |
+ ldap? ( net-nds/openldap ) |
144 |
+ bzip2? ( app-arch/bzip2 ) |
145 |
+ readline? ( sys-libs/readline:0= ) |
146 |
+ smartcard? ( usb? ( virtual/libusb:0 ) ) |
147 |
+ tofu? ( >=dev-db/sqlite-3.7 ) |
148 |
+ " |
149 |
+COMMON_DEPEND_BINS="app-crypt/pinentry |
150 |
+ !app-crypt/dirmngr" |
151 |
+ |
152 |
+# Existence of executables is checked during configuration. |
153 |
+DEPEND="${COMMON_DEPEND_LIBS} |
154 |
+ ${COMMON_DEPEND_BINS} |
155 |
+ nls? ( sys-devel/gettext ) |
156 |
+ doc? ( sys-apps/texinfo )" |
157 |
+ |
158 |
+RDEPEND="${COMMON_DEPEND_LIBS} |
159 |
+ ${COMMON_DEPEND_BINS} |
160 |
+ selinux? ( sec-policy/selinux-gpg ) |
161 |
+ nls? ( virtual/libintl )" |
162 |
+ |
163 |
+S="${WORKDIR}/${MY_P}" |
164 |
+ |
165 |
+DOCS=( |
166 |
+ ChangeLog NEWS README THANKS TODO VERSION |
167 |
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER |
168 |
+) |
169 |
+ |
170 |
+PATCHES=( |
171 |
+ "${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch" |
172 |
+ "${FILESDIR}"/${P}-solaris-ucred.patch |
173 |
+ "${FILESDIR}"/${P}-ssh-no-scdaemon.patch |
174 |
+) |
175 |
+ |
176 |
+src_configure() { |
177 |
+ local myconf=() |
178 |
+ |
179 |
+ if use smartcard; then |
180 |
+ myconf+=( |
181 |
+ --enable-scdaemon |
182 |
+ $(use_enable usb ccid-driver) |
183 |
+ ) |
184 |
+ else |
185 |
+ myconf+=( --disable-scdaemon ) |
186 |
+ fi |
187 |
+ |
188 |
+ if use elibc_SunOS || use elibc_AIX; then |
189 |
+ myconf+=( --disable-symcryptrun ) |
190 |
+ else |
191 |
+ myconf+=( --enable-symcryptrun ) |
192 |
+ fi |
193 |
+ |
194 |
+ # glib fails and picks up clang's internal stdint.h causing weird errors |
195 |
+ [[ ${CC} == *clang ]] && \ |
196 |
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h |
197 |
+ |
198 |
+ econf \ |
199 |
+ "${myconf[@]}" \ |
200 |
+ $(use_enable bzip2) \ |
201 |
+ $(use_enable gnutls) \ |
202 |
+ $(use_enable nls) \ |
203 |
+ $(use_enable tofu) \ |
204 |
+ $(use_enable wks-server wks-tools) \ |
205 |
+ $(use_with ldap) \ |
206 |
+ $(use_with readline) \ |
207 |
+ --enable-gpg \ |
208 |
+ --enable-gpgsm \ |
209 |
+ --enable-large-secmem \ |
210 |
+ --enable-tools \ |
211 |
+ CC_FOR_BUILD="$(tc-getBUILD_CC)" |
212 |
+} |
213 |
+ |
214 |
+src_compile() { |
215 |
+ default |
216 |
+ |
217 |
+ use doc && emake -C doc html |
218 |
+} |
219 |
+ |
220 |
+src_install() { |
221 |
+ default |
222 |
+ |
223 |
+ use tools && |
224 |
+ dobin \ |
225 |
+ tools/{convert-from-106,gpg-check-pattern} \ |
226 |
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \ |
227 |
+ tools/make-dns-cert |
228 |
+ emake DESTDIR="${ED}" -f doc/Makefile uninstall-nobase_dist_docDATA |
229 |
+ |
230 |
+ dosym gpg2 /usr/bin/gpg |
231 |
+ dosym gpgv2 /usr/bin/gpgv |
232 |
+ echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1 |
233 |
+ echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1 |
234 |
+ |
235 |
+ dodir /etc/env.d |
236 |
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg |
237 |
+ |
238 |
+ use doc && dodoc doc/gnupg.html/* doc/*.png |
239 |
+} |