From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-908406-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id EB085139400
for <garchives@archives.gentoo.org>; Thu, 27 Oct 2016 18:32:48 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 95A6FE0854;
Thu, 27 Oct 2016 18:32:45 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 6DBC2E0854
for <gentoo-commits@lists.gentoo.org>; Thu, 27 Oct 2016 18:32:45 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id CB8CF3412CB
for <gentoo-commits@lists.gentoo.org>; Thu, 27 Oct 2016 18:32:43 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id F1402244E
for <gentoo-commits@lists.gentoo.org>; Thu, 27 Oct 2016 18:32:41 +0000 (UTC)
From: "Kristian Fiskerstrand" <k_f@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Kristian Fiskerstrand" <k_f@gentoo.org>
Message-ID: <1477593155.fe22cb8017a704994d88377896fbd0dd3b3c3ced.k_f@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-crypt/gnupg/gnupg-2.1.15-r1.ebuild app-crypt/gnupg/metadata.xml
X-VCS-Directories: app-crypt/gnupg/
X-VCS-Committer: k_f
X-VCS-Committer-Name: Kristian Fiskerstrand
X-VCS-Revision: fe22cb8017a704994d88377896fbd0dd3b3c3ced
X-VCS-Branch: master
Date: Thu, 27 Oct 2016 18:32:41 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: a6b8a767-4d7c-46a8-b6d5-568431433690
X-Archives-Hash: 83edf3c6c8c3bf498de9682e2346e2b2
commit: fe22cb8017a704994d88377896fbd0dd3b3c3ced
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 27 18:32:23 2016 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Thu Oct 27 18:32:35 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe22cb80
app-crypt/gnupg: Add use flag system-cert-store
System cert store is not used by default in GnuPG 2.1 for hkps:// requests
to keyservers. Adding a use flag system-cert-store that changes this behavior,
matching upstream behavior for KS_FETCH.
Gentoo-Bug: 597934
Package-Manager: portage-2.3.2
app-crypt/gnupg/gnupg-2.1.15-r1.ebuild | 166 +++++++++++++++++++++++++++++++++
app-crypt/gnupg/metadata.xml | 3 +
2 files changed, 169 insertions(+)
diff --git a/app-crypt/gnupg/gnupg-2.1.15-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.15-r1.ebuild
new file mode 100644
index 00000000..d40610d
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.15-r1.ebuild
@@ -0,0 +1,166 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux smartcard system-cert-store tofu tools usb"
+
+COMMON_DEPEND_LIBS="
+ >=dev-libs/npth-1.2
+ >=dev-libs/libassuan-2.4.3
+ >=dev-libs/libgcrypt-1.7.3
+ >=dev-libs/libgpg-error-1.24
+ >=dev-libs/libksba-1.3.4
+ >=net-misc/curl-7.10
+ gnutls? ( >=net-libs/gnutls-3.0:0= )
+ sys-libs/zlib
+ ldap? ( net-nds/openldap )
+ bzip2? ( app-arch/bzip2 )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:0 ) )
+ tofu? ( >=dev-db/sqlite-3.7 )
+ "
+COMMON_DEPEND_BINS="app-crypt/pinentry
+ !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ nls? ( sys-devel/gettext )
+ doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+ ${COMMON_DEPEND_BINS}
+ selinux? ( sec-policy/selinux-gpg )
+ nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ # System cert store is disabled by default in GnuPG 2.1
+ # This provides use of gnutls system cert store for hkps://
+ # Gentoo-Bug: 597934
+ if use system-cert-store; then
+ sed -i 's/HTTP_FLAG_TRUST_DEF/HTTP_FLAG_TRUST_SYS/g' \
+ "${S}/dirmngr/ks-engine-hkp.c" || die
+ einfo "Using system TLS certificate store"
+ fi
+ epatch_user
+}
+
+src_configure() {
+ local myconf=()
+
+ if use smartcard; then
+ myconf+=(
+ --enable-scdaemon
+ $(use_enable usb ccid-driver)
+ )
+ else
+ myconf+=( --disable-scdaemon )
+ fi
+
+ if use elibc_SunOS || use elibc_AIX; then
+ myconf+=( --disable-symcryptrun )
+ else
+ myconf+=( --enable-symcryptrun )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ [[ ${CC} == *clang ]] && \
+ export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+ econf \
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" \
+ --enable-gpg \
+ --enable-gpgsm \
+ --enable-large-secmem \
+ --without-adns \
+ "${myconf[@]}" \
+ $(use_enable bzip2) \
+ $(use_enable gnutls) \
+ $(use_with ldap) \
+ $(use_enable nls) \
+ $(use_with readline) \
+ $(use_enable tofu) \
+ $(use_enable tools wks-tools) \
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+ default
+
+ if use doc; then
+ cd doc
+ emake html
+ fi
+}
+
+src_install() {
+ default
+
+ use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
+
+ emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
+ # The help*txt files are read from the datadir by GnuPG directly.
+ # They do not work if compressed or moved!
+ #rm "${ED}"/usr/share/gnupg/help* || die
+
+ dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
+ doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
+
+ dosym gpg2 /usr/bin/gpg
+ dosym gpgv2 /usr/bin/gpgv
+ echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+ echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+ if use doc; then
+ dohtml doc/gnupg.html/* doc/*.png
+ fi
+}
+
+pkg_postinst() {
+ elog "If you wish to view images emerge:"
+ elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
+ elog "Remember to use photo-viewer option in configuration file to activate"
+ elog "the right viewer."
+ elog
+
+ if use smartcard; then
+ elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
+ use usb && elog " - a CCID-compatible reader, used directly through libusb;"
+ elog " - sys-apps/pcsc-lite and a compatible reader device;"
+ elog " - dev-libs/openct and a compatible reader device;"
+ elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
+ elog ""
+ elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
+ elog "app-crypt/ccid first."
+ fi
+
+ ewarn "Please remember to restart gpg-agent if a different version"
+ ewarn "of the agent is currently used. If you are unsure of the gpg"
+ ewarn "agent you are using please run 'killall gpg-agent',"
+ ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
+
+ if [[ -n ${REPLACING_VERSIONS} ]]; then
+ elog "If upgrading from a version prior than 2.1 you might have to re-import"
+ elog "secret keys after restarting the gpg-agent as the new version is using"
+ elog "a new storage mechanism."
+ elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
+ fi
+}
diff --git a/app-crypt/gnupg/metadata.xml b/app-crypt/gnupg/metadata.xml
index d91e570..5d621ec 100644
--- a/app-crypt/gnupg/metadata.xml
+++ b/app-crypt/gnupg/metadata.xml
@@ -21,6 +21,9 @@
Bring in <pkg>dev-libs/libusb</pkg> as a dependency; enable
scdaemon.
</flag>
+ <flag name="system-cert-store">
+ Use gnutls system TLS cert store for hkps access
+ </flag>
<flag name="usb">
Build direct CCID access for scdaemon; requires
<pkg>dev-libs/libusb</pkg>.