summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristian Fiskerstrand <k_f@gentoo.org>2016-10-27 20:32:23 +0200
committerKristian Fiskerstrand <k_f@gentoo.org>2016-10-27 20:32:35 +0200
commitfe22cb8017a704994d88377896fbd0dd3b3c3ced (patch)
tree125304f5325ca815b57630bf95ca126be0d93055 /app-crypt
parentnet-libs/nodejs: Bump (diff)
downloadgentoo-fe22cb8017a704994d88377896fbd0dd3b3c3ced.tar.gz
gentoo-fe22cb8017a704994d88377896fbd0dd3b3c3ced.tar.bz2
gentoo-fe22cb8017a704994d88377896fbd0dd3b3c3ced.zip
app-crypt/gnupg: Add use flag system-cert-store
System cert store is not used by default in GnuPG 2.1 for hkps:// requests to keyservers. Adding a use flag system-cert-store that changes this behavior, matching upstream behavior for KS_FETCH. Gentoo-Bug: 597934 Package-Manager: portage-2.3.2
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/gnupg/gnupg-2.1.15-r1.ebuild166
-rw-r--r--app-crypt/gnupg/metadata.xml3
2 files changed, 169 insertions, 0 deletions
diff --git a/app-crypt/gnupg/gnupg-2.1.15-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.15-r1.ebuild
new file mode 100644
index 000000000000..d40610d96c7a
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.15-r1.ebuild
@@ -0,0 +1,166 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux smartcard system-cert-store tofu tools usb"
+
+COMMON_DEPEND_LIBS="
+ >=dev-libs/npth-1.2
+ >=dev-libs/libassuan-2.4.3
+ >=dev-libs/libgcrypt-1.7.3
+ >=dev-libs/libgpg-error-1.24
+ >=dev-libs/libksba-1.3.4
+ >=net-misc/curl-7.10
+ gnutls? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+ ldap? ( net-nds/openldap )
+ bzip2? ( app-arch/bzip2 )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:0 ) )
+ tofu? ( >=dev-db/sqlite-3.7 )
+ "
+COMMON_DEPEND_BINS="app-crypt/pinentry
+ !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ nls? ( sys-devel/gettext )
+ doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ selinux? ( sec-policy/selinux-gpg )
+ nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ # System cert store is disabled by default in GnuPG 2.1
+ # This provides use of gnutls system cert store for hkps://
+ # Gentoo-Bug: 597934
+ if use system-cert-store; then
+ sed -i 's/HTTP_FLAG_TRUST_DEF/HTTP_FLAG_TRUST_SYS/g' \
+ "${S}/dirmngr/ks-engine-hkp.c" || die
+ einfo "Using system TLS certificate store"
+ fi
+ epatch_user
+}
+
+src_configure() {
+ local myconf=()
+
+ if use smartcard; then
+ myconf+=(
+ --enable-scdaemon
+ $(use_enable usb ccid-driver)
+ )
+ else
+ myconf+=( --disable-scdaemon )
+ fi
+
+ if use elibc_SunOS || use elibc_AIX; then
+ myconf+=( --disable-symcryptrun )
+ else
+ myconf+=( --enable-symcryptrun )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ econf \
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" \
+ --enable-gpg \
+ --enable-gpgsm \
+ --enable-large-secmem \
+ --without-adns \
+ "${myconf[@]}" \
+ $(use_enable bzip2) \
+ $(use_enable gnutls) \
+ $(use_with ldap) \
+ $(use_enable nls) \
+ $(use_with readline) \
+ $(use_enable tofu) \
+ $(use_enable tools wks-tools) \
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+ default
+
+ if use doc; then
+ cd doc
+ emake html
+ fi
+}
+
+src_install() {
+ default
+
+ use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
+
+ emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
+ # The help*txt files are read from the datadir by GnuPG directly.
+ # They do not work if compressed or moved!
+ #rm "${ED}"/usr/share/gnupg/help* || die
+
+ dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
+ doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
+
+ dosym gpg2 /usr/bin/gpg
+ dosym gpgv2 /usr/bin/gpgv
+ echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+ echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+ if use doc; then
+ dohtml doc/gnupg.html/* doc/*.png
+ fi
+}
+
+pkg_postinst() {
+ elog "If you wish to view images emerge:"
+ elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
+ elog "Remember to use photo-viewer option in configuration file to activate"
+ elog "the right viewer."
+ elog
+
+ if use smartcard; then
+ elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
+ use usb && elog " - a CCID-compatible reader, used directly through libusb;"
+ elog " - sys-apps/pcsc-lite and a compatible reader device;"
+ elog " - dev-libs/openct and a compatible reader device;"
+ elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
+ elog ""
+ elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
+ elog "app-crypt/ccid first."
+ fi
+
+ ewarn "Please remember to restart gpg-agent if a different version"
+ ewarn "of the agent is currently used. If you are unsure of the gpg"
+ ewarn "agent you are using please run 'killall gpg-agent',"
+ ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
+
+ if [[ -n ${REPLACING_VERSIONS} ]]; then
+ elog "If upgrading from a version prior than 2.1 you might have to re-import"
+ elog "secret keys after restarting the gpg-agent as the new version is using"
+ elog "a new storage mechanism."
+ elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
+ fi
+}
diff --git a/app-crypt/gnupg/metadata.xml b/app-crypt/gnupg/metadata.xml
index d91e57009b61..5d621ecd4ca0 100644
--- a/app-crypt/gnupg/metadata.xml
+++ b/app-crypt/gnupg/metadata.xml
@@ -21,6 +21,9 @@
Bring in <pkg>dev-libs/libusb</pkg> as a dependency; enable
scdaemon.
</flag>
+ <flag name="system-cert-store">
+ Use gnutls system TLS cert store for hkps access
+ </flag>
<flag name="usb">
Build direct CCID access for scdaemon; requires
<pkg>dev-libs/libusb</pkg>.