Sync from SUSE:SLFO:Main gpg2 revision 9c3801b96630127eb85114532b8c21b3
This commit is contained in:
commit
0473b7492f
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
17
gnupg-2.0.9-langinfo.patch
Normal file
17
gnupg-2.0.9-langinfo.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# fix [bnc#305725] - non latin characters displayed incorrectly by pinentry
|
||||||
|
---
|
||||||
|
# jnlib/utf8conv.c | 1 +
|
||||||
|
# 1 file changed, 1 insertion(+)
|
||||||
|
#
|
||||||
|
Index: gnupg-2.1.0/common/utf8conv.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.1.0.orig/common/utf8conv.c 2014-10-11 19:45:14.000000000 +0200
|
||||||
|
+++ gnupg-2.1.0/common/utf8conv.c 2014-11-07 11:35:05.491413258 +0100
|
||||||
|
@@ -198,6 +198,7 @@ set_native_charset (const char *newset)
|
||||||
|
#else /*!HAVE_W32_SYSTEM && !HAVE_ANDROID_SYSTEM*/
|
||||||
|
|
||||||
|
#ifdef HAVE_LANGINFO_CODESET
|
||||||
|
+ setlocale(LC_ALL, "");
|
||||||
|
newset = nl_langinfo (CODESET);
|
||||||
|
#else /*!HAVE_LANGINFO_CODESET*/
|
||||||
|
/* Try to get the used charset from environment variables. */
|
35
gnupg-2.2.16-secmem.patch
Normal file
35
gnupg-2.2.16-secmem.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
Index: gnupg-2.2.16/g10/gpg.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.2.16.orig/g10/gpg.c
|
||||||
|
+++ gnupg-2.2.16/g10/gpg.c
|
||||||
|
@@ -973,7 +973,7 @@ make_libversion (const char *libname, co
|
||||||
|
|
||||||
|
if (maybe_setuid)
|
||||||
|
{
|
||||||
|
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
|
||||||
|
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
|
||||||
|
maybe_setuid = 0;
|
||||||
|
}
|
||||||
|
s = getfnc (NULL);
|
||||||
|
@@ -1125,7 +1125,7 @@ build_list (const char *text, char lette
|
||||||
|
char *string;
|
||||||
|
|
||||||
|
if (maybe_setuid)
|
||||||
|
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
|
||||||
|
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
|
||||||
|
|
||||||
|
indent = utf8_charcount (text, -1);
|
||||||
|
len = 0;
|
||||||
|
Index: gnupg-2.2.16/sm/gpgsm.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.2.16.orig/sm/gpgsm.c
|
||||||
|
+++ gnupg-2.2.16/sm/gpgsm.c
|
||||||
|
@@ -533,7 +533,7 @@ make_libversion (const char *libname, co
|
||||||
|
|
||||||
|
if (maybe_setuid)
|
||||||
|
{
|
||||||
|
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
|
||||||
|
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
|
||||||
|
maybe_setuid = 0;
|
||||||
|
}
|
||||||
|
s = getfnc (NULL);
|
BIN
gnupg-2.4.4.tar.bz2
(Stored with Git LFS)
Normal file
BIN
gnupg-2.4.4.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
gnupg-2.4.4.tar.bz2.sig
Normal file
BIN
gnupg-2.4.4.tar.bz2.sig
Normal file
Binary file not shown.
@ -0,0 +1,33 @@
|
|||||||
|
From f361141a44365ff7db2d2cfbf118d5b54b52c3d5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vincent Breitmoser <look@my.amazin.horse>
|
||||||
|
Date: Thu, 13 Jun 2019 21:27:43 +0200
|
||||||
|
Subject: [PATCH] gpg: accept subkeys with a good revocation but no self-sig
|
||||||
|
during import
|
||||||
|
|
||||||
|
* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
|
||||||
|
encounter a valid revocation signature. This allows import of subkey
|
||||||
|
revocation signatures, even in the absence of a corresponding subkey
|
||||||
|
binding signature.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
This fixes the remaining test in import-incomplete.scm.
|
||||||
|
|
||||||
|
GnuPG-Bug-id: 4393
|
||||||
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
||||||
|
---
|
||||||
|
g10/import.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/g10/import.c b/g10/import.c
|
||||||
|
index 2be214e63..ae2453803 100644
|
||||||
|
--- a/g10/import.c
|
||||||
|
+++ b/g10/import.c
|
||||||
|
@@ -3536,6 +3536,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self)
|
||||||
|
/* It's valid, so is it newer? */
|
||||||
|
if (sig->timestamp >= rsdate)
|
||||||
|
{
|
||||||
|
+ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */
|
||||||
|
if (rsnode)
|
||||||
|
{
|
||||||
|
/* Delete the last revocation sig since
|
202
gnupg-add-test-cases-for-import-without-uid.patch
Normal file
202
gnupg-add-test-cases-for-import-without-uid.patch
Normal file
@ -0,0 +1,202 @@
|
|||||||
|
From 4c40bfa90bda748e5dada0bb1cc8fae14d744f07 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vincent Breitmoser <look@my.amazin.horse>
|
||||||
|
Date: Thu, 13 Jun 2019 21:27:41 +0200
|
||||||
|
Subject: [PATCH] tests: add test cases for import without uid
|
||||||
|
|
||||||
|
This commit adds a test case that does the following, in order:
|
||||||
|
- Import of a primary key plus user id
|
||||||
|
- Check that import of a subkey works, without a user id present in the
|
||||||
|
imported key
|
||||||
|
- Check that import of a subkey revocation works, without a user id or
|
||||||
|
subkey binding signature present in the imported key
|
||||||
|
- Check that import of a primary key revocation works, without a user id
|
||||||
|
present in the imported key
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
Note that this test currently fails. The following changesets will
|
||||||
|
fix gpg so that the tests pass.
|
||||||
|
|
||||||
|
GnuPG-Bug-id: 4393
|
||||||
|
Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
||||||
|
---
|
||||||
|
tests/openpgp/Makefile.am | 1 +
|
||||||
|
tests/openpgp/import-incomplete.scm | 68 +++++++++++++++++++
|
||||||
|
.../import-incomplete/primary+revocation.asc | 9 +++
|
||||||
|
.../primary+subkey+sub-revocation.asc | 10 +++
|
||||||
|
.../primary+subkey+sub-sig.asc | 10 +++
|
||||||
|
.../import-incomplete/primary+uid-sig.asc | 10 +++
|
||||||
|
.../openpgp/import-incomplete/primary+uid.asc | 10 +++
|
||||||
|
7 files changed, 118 insertions(+)
|
||||||
|
create mode 100755 tests/openpgp/import-incomplete.scm
|
||||||
|
create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc
|
||||||
|
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
|
||||||
|
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
|
||||||
|
create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc
|
||||||
|
create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc
|
||||||
|
|
||||||
|
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
|
||||||
|
index e5be42b41..d886bc8f7 100644
|
||||||
|
--- a/tests/openpgp/Makefile.am
|
||||||
|
+++ b/tests/openpgp/Makefile.am
|
||||||
|
@@ -78,6 +78,7 @@ XTESTS = \
|
||||||
|
gpgv-forged-keyring.scm \
|
||||||
|
armor.scm \
|
||||||
|
import.scm \
|
||||||
|
+ import-incomplete.scm \
|
||||||
|
import-revocation-certificate.scm \
|
||||||
|
ecc.scm \
|
||||||
|
4gb-packet.scm \
|
||||||
|
diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm
|
||||||
|
new file mode 100755
|
||||||
|
index 000000000..727a027c6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/openpgp/import-incomplete.scm
|
||||||
|
@@ -0,0 +1,68 @@
|
||||||
|
+#!/usr/bin/env gpgscm
|
||||||
|
+
|
||||||
|
+;; Copyright (C) 2016 g10 Code GmbH
|
||||||
|
+;;
|
||||||
|
+;; This file is part of GnuPG.
|
||||||
|
+;;
|
||||||
|
+;; GnuPG is free software; you can redistribute it and/or modify
|
||||||
|
+;; it under the terms of the GNU General Public License as published by
|
||||||
|
+;; the Free Software Foundation; either version 3 of the License, or
|
||||||
|
+;; (at your option) any later version.
|
||||||
|
+;;
|
||||||
|
+;; GnuPG is distributed in the hope that it will be useful,
|
||||||
|
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+;; GNU General Public License for more details.
|
||||||
|
+;;
|
||||||
|
+;; You should have received a copy of the GNU General Public License
|
||||||
|
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
+
|
||||||
|
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
|
||||||
|
+(setup-environment)
|
||||||
|
+
|
||||||
|
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc")))
|
||||||
|
+
|
||||||
|
+(info "Test import of new subkey, from a certificate without uid")
|
||||||
|
+(define keyid "573EA710367356BB")
|
||||||
|
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc")))
|
||||||
|
+(tr:do
|
||||||
|
+ (tr:pipe-do
|
||||||
|
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
|
||||||
|
+ (tr:call-with-content
|
||||||
|
+ (lambda (c)
|
||||||
|
+ ;; XXX we do not have a regexp library
|
||||||
|
+ (unless (any (lambda (line)
|
||||||
|
+ (and (string-prefix? line "sub:")
|
||||||
|
+ (string-contains? line "573EA710367356BB")))
|
||||||
|
+ (string-split-newlines c))
|
||||||
|
+ (exit 1)))))
|
||||||
|
+
|
||||||
|
+(info "Test import of a subkey revocation, from a certificate without uid")
|
||||||
|
+(define keyid "573EA710367356BB")
|
||||||
|
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc")))
|
||||||
|
+(tr:do
|
||||||
|
+ (tr:pipe-do
|
||||||
|
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
|
||||||
|
+ (tr:call-with-content
|
||||||
|
+ (lambda (c)
|
||||||
|
+ ;; XXX we do not have a regexp library
|
||||||
|
+ (unless (any (lambda (line)
|
||||||
|
+ (and (string-prefix? line "sub:r:")
|
||||||
|
+ (string-contains? line "573EA710367356BB")))
|
||||||
|
+ (string-split-newlines c))
|
||||||
|
+ (exit 1)))))
|
||||||
|
+
|
||||||
|
+(info "Test import of revocation, from a certificate without uid")
|
||||||
|
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc")))
|
||||||
|
+(tr:do
|
||||||
|
+ (tr:pipe-do
|
||||||
|
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
|
||||||
|
+ (tr:call-with-content
|
||||||
|
+ (lambda (c)
|
||||||
|
+ ;; XXX we do not have a regexp library
|
||||||
|
+ (unless (any (lambda (line)
|
||||||
|
+ (and (string-prefix? line "pub:r:")
|
||||||
|
+ (string-contains? line "0843DA969AA8DAFB")))
|
||||||
|
+ (string-split-newlines c))
|
||||||
|
+ (exit 1)))))
|
||||||
|
+
|
||||||
|
diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..6b7b60802
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/openpgp/import-incomplete/primary+revocation.asc
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
+Comment: [E] primary key, revocation signature over primary (no user ID)
|
||||||
|
+
|
||||||
|
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||||
|
+631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ
|
||||||
|
+EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3
|
||||||
|
+XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ==
|
||||||
|
+=tM90
|
||||||
|
+-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..83a51a549
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
|
||||||
|
@@ -0,0 +1,10 @@
|
||||||
|
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
+Comment: [D] primary key, subkey, subkey revocation (no user ID)
|
||||||
|
+
|
||||||
|
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||||
|
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
|
||||||
|
+j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
|
||||||
|
+XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ
|
||||||
|
+3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ=
|
||||||
|
+=dwx2
|
||||||
|
+-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..dc47a02d8
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
|
||||||
|
@@ -0,0 +1,10 @@
|
||||||
|
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
+Comment: [B] primary key, subkey, subkey binding sig (no user ID)
|
||||||
|
+
|
||||||
|
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||||
|
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
|
||||||
|
+j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
|
||||||
|
+XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR
|
||||||
|
+Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg=
|
||||||
|
+=xuDu
|
||||||
|
+-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..134607d0e
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc
|
||||||
|
@@ -0,0 +1,10 @@
|
||||||
|
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
+Comment: [C] primary key and self-sig expiring in 2024 (no user ID)
|
||||||
|
+
|
||||||
|
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||||
|
+631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8
|
||||||
|
+2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu
|
||||||
|
+3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN
|
||||||
|
+9ohXOEBWvdJgVv2YAg==
|
||||||
|
+=KWIK
|
||||||
|
+-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..055f30086
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/openpgp/import-incomplete/primary+uid.asc
|
||||||
|
@@ -0,0 +1,10 @@
|
||||||
|
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
+Comment: [A] primary key, user ID, and self-sig expiring in 2021
|
||||||
|
+
|
||||||
|
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||||
|
+631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
|
||||||
|
+XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja
|
||||||
|
++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI
|
||||||
|
+kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs=
|
||||||
|
+=1eII
|
||||||
|
+-----END PGP PUBLIC KEY BLOCK-----
|
69
gnupg-add_legacy_FIPS_mode_option.patch
Normal file
69
gnupg-add_legacy_FIPS_mode_option.patch
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
---
|
||||||
|
doc/gpg.texi | 18 ++++++++++++++++++
|
||||||
|
g10/gpg.c | 9 +++++++++
|
||||||
|
2 files changed, 27 insertions(+)
|
||||||
|
|
||||||
|
Index: gnupg-2.4.2/doc/gpg.texi
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.4.2.orig/doc/gpg.texi
|
||||||
|
+++ gnupg-2.4.2/doc/gpg.texi
|
||||||
|
@@ -2285,6 +2285,24 @@ implies, this option is for experts only
|
||||||
|
understand the implications of what it allows you to do, leave this
|
||||||
|
off. @option{--no-expert} disables this option.
|
||||||
|
|
||||||
|
+@item --set-legacy-fips
|
||||||
|
+@itemx --set-legacy-fips
|
||||||
|
+@opindex set-legacy-fips
|
||||||
|
+Enable legacy support even when the libgcrypt library is in FIPS 140-2
|
||||||
|
+mode. The legacy mode of libgcrypt allows the use of all ciphers,
|
||||||
|
+including non-approved ciphers. This mode is needed when for legacy
|
||||||
|
+reasons a message must be encrypted or decrypted. Legacy reasons for
|
||||||
|
+decryptions include the decryption of old messages created with a
|
||||||
|
+public key that use cipher settings which do not meet FIPS 140-2
|
||||||
|
+requirements. Legacy reasons for encryption include the encryption
|
||||||
|
+of messages with a recipients public key where the recipient is not
|
||||||
|
+bound to FIPS 140-2 regulation and therefore provided a key using
|
||||||
|
+non-approved ciphers. Although the legacy mode is a violation of strict
|
||||||
|
+FIPS 140-2 rule interpretations, it is wise to use this mode or
|
||||||
|
+either not being able to access old messages or not being able
|
||||||
|
+to create encrypted messages to a recipient that is not adhering
|
||||||
|
+to FIPS 140-2 rules.
|
||||||
|
+
|
||||||
|
@end table
|
||||||
|
|
||||||
|
|
||||||
|
Index: gnupg-2.4.2/g10/gpg.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.4.2.orig/g10/gpg.c
|
||||||
|
+++ gnupg-2.4.2/g10/gpg.c
|
||||||
|
@@ -446,6 +446,7 @@ enum cmd_and_opt_values
|
||||||
|
oForceSignKey,
|
||||||
|
oForbidGenKey,
|
||||||
|
oRequireCompliance,
|
||||||
|
+ oSetLegacyFips,
|
||||||
|
oCompatibilityFlags,
|
||||||
|
oAddDesigRevoker,
|
||||||
|
oAssertSigner,
|
||||||
|
@@ -886,6 +887,7 @@ static gpgrt_opt_t opts[] = {
|
||||||
|
ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
|
||||||
|
ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
|
||||||
|
ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
|
||||||
|
+ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
|
||||||
|
|
||||||
|
|
||||||
|
ARGPARSE_header (NULL, N_("Options for unattended use")),
|
||||||
|
@@ -3756,6 +3758,14 @@ main (int argc, char **argv)
|
||||||
|
keybox_set_buffersize (pargs.r.ret_ulong, 0);
|
||||||
|
break;
|
||||||
|
|
||||||
|
+ case oSetLegacyFips:
|
||||||
|
+ if(gcry_fips_mode_active())
|
||||||
|
+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG,
|
||||||
|
+ "Enable legacy support in FIPS 140-2 mode");
|
||||||
|
+ else
|
||||||
|
+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n");
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
case oNoop: break;
|
||||||
|
|
||||||
|
default:
|
@ -0,0 +1,108 @@
|
|||||||
|
From a1db83d8a3308277f01b96833c13693bd7e13ff9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vincent Breitmoser <look@my.amazin.horse>
|
||||||
|
Date: Thu, 13 Jun 2019 21:27:42 +0200
|
||||||
|
Subject: [PATCH] gpg: allow import of previously known keys, even without UIDs
|
||||||
|
|
||||||
|
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
|
||||||
|
has no user id, as long as we already have a local variant of the cert
|
||||||
|
that matches the primary key.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
This fixes two of the three broken tests in import-incomplete.scm.
|
||||||
|
|
||||||
|
GnuPG-Bug-id: 4393
|
||||||
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
||||||
|
---
|
||||||
|
g10/import.c | 49 +++++++++++--------------------------------------
|
||||||
|
1 file changed, 11 insertions(+), 38 deletions(-)
|
||||||
|
|
||||||
|
Index: gnupg-2.4.0/g10/import.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.4.0.orig/g10/import.c
|
||||||
|
+++ gnupg-2.4.0/g10/import.c
|
||||||
|
@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl,
|
||||||
|
size_t an;
|
||||||
|
char pkstrbuf[PUBKEY_STRING_SIZE];
|
||||||
|
int merge_keys_done = 0;
|
||||||
|
- int any_filter = 0;
|
||||||
|
KEYDB_HANDLE hd = NULL;
|
||||||
|
|
||||||
|
if (r_valid)
|
||||||
|
@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl,
|
||||||
|
log_printf ("\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
-
|
||||||
|
- if (!uidnode)
|
||||||
|
- {
|
||||||
|
- if (!silent)
|
||||||
|
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
|
||||||
|
- return 0;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
if (screener && screener (keyblock, screener_arg))
|
||||||
|
{
|
||||||
|
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
|
||||||
|
@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Delete invalid parts and bail out if there are no user ids left. */
|
||||||
|
- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
|
||||||
|
- {
|
||||||
|
- if (!silent)
|
||||||
|
- {
|
||||||
|
- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
|
||||||
|
- if (!opt.quiet)
|
||||||
|
- log_info(_("this may be caused by a missing self-signature\n"));
|
||||||
|
- }
|
||||||
|
- stats->no_user_id++;
|
||||||
|
- return 0;
|
||||||
|
- }
|
||||||
|
+ /* Delete invalid parts, and note if we have any valid ones left.
|
||||||
|
+ * We will later abort import if this key is new but contains
|
||||||
|
+ * no valid uids. */
|
||||||
|
+ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
|
||||||
|
|
||||||
|
/* Get rid of deleted nodes. */
|
||||||
|
commit_kbnode (&keyblock);
|
||||||
|
@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl,
|
||||||
|
{
|
||||||
|
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
|
||||||
|
commit_kbnode (&keyblock);
|
||||||
|
- any_filter = 1;
|
||||||
|
}
|
||||||
|
if (import_filter.drop_sig)
|
||||||
|
{
|
||||||
|
apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
|
||||||
|
commit_kbnode (&keyblock);
|
||||||
|
- any_filter = 1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* If we ran any filter we need to check that at least one user id
|
||||||
|
- * is left in the keyring. Note that we do not use log_error in
|
||||||
|
- * this case. */
|
||||||
|
- if (any_filter && !any_uid_left (keyblock))
|
||||||
|
- {
|
||||||
|
- if (!opt.quiet )
|
||||||
|
- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
|
||||||
|
- stats->no_user_id++;
|
||||||
|
- return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* The keyblock is valid and ready for real import. */
|
||||||
|
@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl,
|
||||||
|
err = 0;
|
||||||
|
stats->skipped_new_keys++;
|
||||||
|
}
|
||||||
|
+ else if (err && !any_uid_left (keyblock))
|
||||||
|
+ {
|
||||||
|
+ if (!silent)
|
||||||
|
+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
|
||||||
|
+ err = 0;
|
||||||
|
+ stats->no_user_id++;
|
||||||
|
+ }
|
||||||
|
else if (err) /* Insert this key. */
|
||||||
|
{
|
||||||
|
/* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */
|
13
gnupg-allow-large-rsa.patch
Normal file
13
gnupg-allow-large-rsa.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Index: gnupg-2.4.0/g10/keygen.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.4.0.orig/g10/keygen.c
|
||||||
|
+++ gnupg-2.4.0/g10/keygen.c
|
||||||
|
@@ -2461,7 +2461,7 @@ get_keysize_range (int algo, unsigned in
|
||||||
|
|
||||||
|
default:
|
||||||
|
*min = opt.compliance == CO_DE_VS ? 2048: 1024;
|
||||||
|
- *max = 4096;
|
||||||
|
+ *max = opt.flags.large_rsa == 1 ? 8192 : 4096;
|
||||||
|
def = 3072;
|
||||||
|
break;
|
||||||
|
}
|
18
gnupg-detect_FIPS_mode.patch
Normal file
18
gnupg-detect_FIPS_mode.patch
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
Index: gnupg-2.3.8/g10/mainproc.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.3.8.orig/g10/mainproc.c
|
||||||
|
+++ gnupg-2.3.8/g10/mainproc.c
|
||||||
|
@@ -1011,7 +1011,12 @@ proc_plaintext( CTX c, PACKET *pkt )
|
||||||
|
according to 2440, so hopefully it won't come up that often.
|
||||||
|
There is no good way to specify what algorithms to use in
|
||||||
|
that case, so these there are the historical answer. */
|
||||||
|
- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
|
||||||
|
+
|
||||||
|
+ /* Libgcrypt manual says that gcry_version_check must be called
|
||||||
|
+ * before calling gcry_fips_mode_active. */
|
||||||
|
+ gcry_check_version (NULL);
|
||||||
|
+ if(!gcry_fips_mode_active())
|
||||||
|
+ gcry_md_enable(c->mfx.md, DIGEST_ALGO_RMD160);
|
||||||
|
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
|
||||||
|
}
|
||||||
|
if (DBG_HASHING)
|
17
gnupg-dont-fail-with-seahorse-agent.patch
Normal file
17
gnupg-dont-fail-with-seahorse-agent.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
g10/passphrase.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Index: gnupg-2.3.0/g10/passphrase.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.3.0.orig/g10/passphrase.c
|
||||||
|
+++ gnupg-2.3.0/g10/passphrase.c
|
||||||
|
@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
|
||||||
|
+ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc));
|
||||||
|
/* Due to limitations in the API of the upper layers they
|
||||||
|
consider an error as no passphrase entered. This works in
|
||||||
|
most cases but not during key creation where this should
|
35
gnupg-gpg-agent-ulimit.patch
Normal file
35
gnupg-gpg-agent-ulimit.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
gpg-agent is in the chain of commands in xinitrc.
|
||||||
|
It receives a list of commands via argv[] which it is supposed to launch via exec.
|
||||||
|
In this mode all what matters is a bunch of setenv() of gpg related variables.
|
||||||
|
At no point it must fiddle with ulimit that was provided by its callers.
|
||||||
|
In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session.
|
||||||
|
|
||||||
|
Every code path before the fork() call does no sensitive things, so coredumps do not matter.
|
||||||
|
|
||||||
|
gpg-agent does fork a child in this mode.
|
||||||
|
That child has the liberty to tweak ulimit in every way it wants.
|
||||||
|
This is what this patch does.
|
||||||
|
|
||||||
|
Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process.
|
||||||
|
As a result, crashes of desktop applications can not be debugged.
|
||||||
|
|
||||||
|
References: bsc#1124847
|
||||||
|
|
||||||
|
--- a/agent/gpg-agent.c
|
||||||
|
+++ b/agent/gpg-agent.c
|
||||||
|
@@ -1049,7 +1049,6 @@ main (int argc, char **argv )
|
||||||
|
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
|
||||||
|
gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
|
||||||
|
|
||||||
|
- disable_core_dumps ();
|
||||||
|
|
||||||
|
/* Set default options. */
|
||||||
|
parse_rereadable_options (NULL, 0); /* Reset them to default values. */
|
||||||
|
@@ -1738,6 +1737,7 @@ main (int argc, char **argv )
|
||||||
|
/*
|
||||||
|
This is the child
|
||||||
|
*/
|
||||||
|
+ disable_core_dumps ();
|
||||||
|
|
||||||
|
initialize_modules ();
|
||||||
|
|
24
gnupg-nobetasuffix.patch
Normal file
24
gnupg-nobetasuffix.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
Index: gnupg-2.4.3/autogen.sh
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.4.3.orig/autogen.sh
|
||||||
|
+++ gnupg-2.4.3/autogen.sh
|
||||||
|
@@ -221,7 +221,7 @@ if [ "$myhost" = "find-version" ]; then
|
||||||
|
esac
|
||||||
|
|
||||||
|
beta=no
|
||||||
|
- if [ -e .git ]; then
|
||||||
|
+ if false; then
|
||||||
|
ingit=yes
|
||||||
|
tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
|
||||||
|
tmp=$(echo "$tmp" | sed s/^"$package"//)
|
||||||
|
@@ -237,8 +237,8 @@ if [ "$myhost" = "find-version" ]; then
|
||||||
|
rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
|
||||||
|
else
|
||||||
|
ingit=no
|
||||||
|
- beta=yes
|
||||||
|
- tmp="-unknown"
|
||||||
|
+ beta=no
|
||||||
|
+ tmp=""
|
||||||
|
rev="0000000"
|
||||||
|
rvd="0"
|
||||||
|
fi
|
202
gnupg-revert-rfc4880bis.patch
Normal file
202
gnupg-revert-rfc4880bis.patch
Normal file
@ -0,0 +1,202 @@
|
|||||||
|
From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Werner Koch <wk@gnupg.org>
|
||||||
|
Date: Mon, 31 Oct 2022 16:14:18 +0100
|
||||||
|
Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
|
||||||
|
|
||||||
|
* g10/gpg.c (oRFC4880bis): Remove.
|
||||||
|
(opts): Make --rfc4880bis a Noop.
|
||||||
|
(compliance_options): Make rfc4880bis to gnupg.
|
||||||
|
(set_compliance_option): Remove rfc4880bis stuff.
|
||||||
|
(main): Ditto. Note that this now activates the --mimemode option.
|
||||||
|
* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection.
|
||||||
|
(keygen_upd_std_prefs): Always announce support for v5 keys.
|
||||||
|
(read_parameter_file): Activate the v4 and v5 keywords.
|
||||||
|
--
|
||||||
|
|
||||||
|
Index: gnupg-2.4.1/g10/gpg.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.4.1.orig/g10/gpg.c
|
||||||
|
+++ gnupg-2.4.1/g10/gpg.c
|
||||||
|
@@ -247,6 +247,7 @@ enum cmd_and_opt_values
|
||||||
|
oGnuPG,
|
||||||
|
oRFC2440,
|
||||||
|
oRFC4880,
|
||||||
|
+ oRFC4880bis,
|
||||||
|
oOpenPGP,
|
||||||
|
oPGP7,
|
||||||
|
oPGP8,
|
||||||
|
@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
|
||||||
|
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
|
||||||
|
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
|
||||||
|
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
|
||||||
|
+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
|
||||||
|
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
|
||||||
|
ARGPARSE_s_n (oPGP7, "pgp6", "@"),
|
||||||
|
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
|
||||||
|
@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
|
||||||
|
ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
|
||||||
|
ARGPARSE_s_s (oNoop, "aead-algo", "@"),
|
||||||
|
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
|
||||||
|
- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
|
||||||
|
ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
|
||||||
|
|
||||||
|
|
||||||
|
@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co
|
||||||
|
{
|
||||||
|
{ "gnupg", oGnuPG },
|
||||||
|
{ "openpgp", oOpenPGP },
|
||||||
|
- { "rfc4880bis", oGnuPG },
|
||||||
|
+ { "rfc4880bis", oRFC4880bis },
|
||||||
|
{ "rfc4880", oRFC4880 },
|
||||||
|
{ "rfc2440", oRFC2440 },
|
||||||
|
{ "pgp6", oPGP7 },
|
||||||
|
@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co
|
||||||
|
static void
|
||||||
|
set_compliance_option (enum cmd_and_opt_values option)
|
||||||
|
{
|
||||||
|
+ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */
|
||||||
|
+
|
||||||
|
switch (option)
|
||||||
|
{
|
||||||
|
+ case oRFC4880bis:
|
||||||
|
+ opt.flags.rfc4880bis = 1;
|
||||||
|
+ opt.compliance = CO_RFC4880;
|
||||||
|
+ opt.flags.dsa2 = 1;
|
||||||
|
+ opt.flags.require_cross_cert = 1;
|
||||||
|
+ opt.rfc2440_text = 0;
|
||||||
|
+ opt.allow_non_selfsigned_uid = 1;
|
||||||
|
+ opt.allow_freeform_uid = 1;
|
||||||
|
+ opt.escape_from = 1;
|
||||||
|
+ opt.not_dash_escaped = 0;
|
||||||
|
+ opt.def_cipher_algo = 0;
|
||||||
|
+ opt.def_digest_algo = 0;
|
||||||
|
+ opt.cert_digest_algo = 0;
|
||||||
|
+ opt.compress_algo = -1;
|
||||||
|
+ opt.s2k_mode = 3; /* iterated+salted */
|
||||||
|
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
|
||||||
|
+ opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
|
||||||
|
+ break;
|
||||||
|
case oOpenPGP:
|
||||||
|
case oRFC4880:
|
||||||
|
/* This is effectively the same as RFC2440, but with
|
||||||
|
@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_
|
||||||
|
case oPGP8: opt.compliance = CO_PGP8; break;
|
||||||
|
case oGnuPG:
|
||||||
|
opt.compliance = CO_GNUPG;
|
||||||
|
+ opt.flags.rfc4880bis = 1;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case oDE_VS:
|
||||||
|
@@ -2490,6 +2512,7 @@ main (int argc, char **argv)
|
||||||
|
opt.emit_version = 0;
|
||||||
|
opt.weak_digests = NULL;
|
||||||
|
opt.compliance = CO_GNUPG;
|
||||||
|
+ opt.flags.rfc4880bis = 1;
|
||||||
|
|
||||||
|
/* Check special options given on the command line. */
|
||||||
|
orig_argc = argc;
|
||||||
|
@@ -3032,6 +3055,7 @@ main (int argc, char **argv)
|
||||||
|
case oOpenPGP:
|
||||||
|
case oRFC2440:
|
||||||
|
case oRFC4880:
|
||||||
|
+ case oRFC4880bis:
|
||||||
|
case oPGP7:
|
||||||
|
case oPGP8:
|
||||||
|
case oGnuPG:
|
||||||
|
@@ -3868,6 +3892,11 @@ main (int argc, char **argv)
|
||||||
|
if( may_coredump && !opt.quiet )
|
||||||
|
log_info(_("WARNING: program may create a core file!\n"));
|
||||||
|
|
||||||
|
+ if (!opt.flags.rfc4880bis)
|
||||||
|
+ {
|
||||||
|
+ opt.mimemode = 0; /* This will use text mode instead. */
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (eyes_only) {
|
||||||
|
if (opt.set_filename)
|
||||||
|
log_info(_("WARNING: %s overrides %s\n"),
|
||||||
|
@@ -4084,7 +4113,7 @@ main (int argc, char **argv)
|
||||||
|
/* Check our chosen algorithms against the list of legal
|
||||||
|
algorithms. */
|
||||||
|
|
||||||
|
- if(!GNUPG)
|
||||||
|
+ if(!GNUPG && !opt.flags.rfc4880bis)
|
||||||
|
{
|
||||||
|
const char *badalg=NULL;
|
||||||
|
preftype_t badtype=PREFTYPE_NONE;
|
||||||
|
Index: gnupg-2.4.1/g10/keygen.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.4.1.orig/g10/keygen.c
|
||||||
|
+++ gnupg-2.4.1/g10/keygen.c
|
||||||
|
@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string
|
||||||
|
strcat(dummy_string,"S7 ");
|
||||||
|
strcat(dummy_string,"S2 "); /* 3DES */
|
||||||
|
|
||||||
|
- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
|
||||||
|
+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
|
||||||
|
strcat(dummy_string,"A2 ");
|
||||||
|
|
||||||
|
if (personal)
|
||||||
|
@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig
|
||||||
|
/* Make sure that the MDC feature flag is set if needed. */
|
||||||
|
add_feature_mdc (sig,mdc_available);
|
||||||
|
add_feature_aead (sig, aead_available);
|
||||||
|
- add_feature_v5 (sig, 1);
|
||||||
|
+ add_feature_v5 (sig, opt.flags.rfc4880bis);
|
||||||
|
add_keyserver_modify (sig,ks_modify);
|
||||||
|
keygen_add_keyserver_url(sig,NULL);
|
||||||
|
|
||||||
|
@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (!ascii_strcasecmp (s, "v5"))
|
||||||
|
- keyversion = 5;
|
||||||
|
+ {
|
||||||
|
+ if (opt.flags.rfc4880bis)
|
||||||
|
+ keyversion = 5;
|
||||||
|
+ }
|
||||||
|
else if (!ascii_strcasecmp (s, "v4"))
|
||||||
|
keyversion = 4;
|
||||||
|
else
|
||||||
|
@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
|
||||||
|
* ecdsa := Use algorithm ECDSA.
|
||||||
|
* eddsa := Use algorithm EdDSA.
|
||||||
|
* ecdh := Use algorithm ECDH.
|
||||||
|
- * v5 := Create version 5 key
|
||||||
|
+ * v5 := Create version 5 key (requires option --rfc4880bis)
|
||||||
|
*
|
||||||
|
* There are several defaults and fallbacks depending on the
|
||||||
|
* algorithm. PART can be used to select which part of STRING is
|
||||||
|
@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((keywords[i].key == pVERSION
|
||||||
|
- || keywords[i].key == pSUBVERSION))
|
||||||
|
- ; /* Ignore version. */
|
||||||
|
+ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
|
||||||
|
+ || keywords[i].key == pSUBVERSION))
|
||||||
|
+ ; /* Ignore version unless --rfc4880bis is active. */
|
||||||
|
else
|
||||||
|
{
|
||||||
|
r = xmalloc_clear( sizeof *r + strlen( value ) );
|
||||||
|
@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p
|
||||||
|
para = r;
|
||||||
|
}
|
||||||
|
|
||||||
|
- r = xmalloc_clear (sizeof *r + 20);
|
||||||
|
- r->key = for_subkey? pSUBVERSION : pVERSION;
|
||||||
|
- snprintf (r->u.value, 20, "%d", version);
|
||||||
|
- r->next = para;
|
||||||
|
- para = r;
|
||||||
|
+ if (opt.flags.rfc4880bis)
|
||||||
|
+ {
|
||||||
|
+ r = xmalloc_clear (sizeof *r + 20);
|
||||||
|
+ r->key = for_subkey? pSUBVERSION : pVERSION;
|
||||||
|
+ snprintf (r->u.value, 20, "%d", version);
|
||||||
|
+ r->next = para;
|
||||||
|
+ para = r;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (keytime)
|
||||||
|
{
|
43
gnupg-set_umask_before_open_outfile.patch
Normal file
43
gnupg-set_umask_before_open_outfile.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
Index: gnupg-2.3.0/g10/plaintext.c
|
||||||
|
===================================================================
|
||||||
|
--- gnupg-2.3.0.orig/g10/plaintext.c
|
||||||
|
+++ gnupg-2.3.0/g10/plaintext.c
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
#include <string.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
+#include <sys/stat.h>
|
||||||
|
#ifdef HAVE_DOSISH_SYSTEM
|
||||||
|
# include <fcntl.h> /* for setmode() */
|
||||||
|
#endif
|
||||||
|
@@ -38,6 +39,9 @@
|
||||||
|
#include "../common/status.h"
|
||||||
|
#include "../common/i18n.h"
|
||||||
|
|
||||||
|
+/* define safe permissions for creating plaintext files */
|
||||||
|
+#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
|
||||||
|
+#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS)
|
||||||
|
|
||||||
|
/* Get the output filename. On success, the actual filename that is
|
||||||
|
used is set in *FNAMEP and a filepointer is returned in *FP.
|
||||||
|
@@ -161,11 +165,15 @@ get_output_file (const byte *embedded_na
|
||||||
|
log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
- else if (!(fp = es_fopen (fname, "wb")))
|
||||||
|
- {
|
||||||
|
- err = gpg_error_from_syserror ();
|
||||||
|
- log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
|
||||||
|
- goto leave;
|
||||||
|
+ else {
|
||||||
|
+ mode_t saved_umask = umask(GPG_SAFE_UMASK);
|
||||||
|
+ if( !(fp = es_fopen(fname,"wb")) ) {
|
||||||
|
+ err = gpg_error_from_syserror ();
|
||||||
|
+ log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
|
||||||
|
+ umask(saved_umask);
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
+ umask(saved_umask);
|
||||||
|
}
|
||||||
|
|
||||||
|
leave:
|
BIN
gpg2-systemd-user.tar.xz
(Stored with Git LFS)
Normal file
BIN
gpg2-systemd-user.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
2880
gpg2.changes
Normal file
2880
gpg2.changes
Normal file
File diff suppressed because it is too large
Load Diff
86
gpg2.keyring
Normal file
86
gpg2.keyring
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
|
||||||
|
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
|
||||||
|
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
|
||||||
|
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
|
||||||
|
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
|
||||||
|
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
|
||||||
|
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
|
||||||
|
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
|
||||||
|
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
|
||||||
|
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
|
||||||
|
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
|
||||||
|
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
|
||||||
|
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
|
||||||
|
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
|
||||||
|
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
|
||||||
|
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
|
||||||
|
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
|
||||||
|
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
|
||||||
|
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
|
||||||
|
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
|
||||||
|
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
|
||||||
|
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
|
||||||
|
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
|
||||||
|
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
|
||||||
|
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
|
||||||
|
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
|
||||||
|
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
|
||||||
|
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
|
||||||
|
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
|
||||||
|
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
|
||||||
|
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
|
||||||
|
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
|
||||||
|
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
|
||||||
|
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
|
||||||
|
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
|
||||||
|
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
|
||||||
|
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
|
||||||
|
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
|
||||||
|
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
|
||||||
|
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
|
||||||
|
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
|
||||||
|
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
|
||||||
|
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
|
||||||
|
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
|
||||||
|
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
|
||||||
|
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
|
||||||
|
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
|
||||||
|
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
|
||||||
|
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
|
||||||
|
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
|
||||||
|
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
|
||||||
|
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
|
||||||
|
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
|
||||||
|
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
|
||||||
|
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
|
||||||
|
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
|
||||||
|
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
|
||||||
|
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
|
||||||
|
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
|
||||||
|
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
|
||||||
|
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
|
||||||
|
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
|
||||||
|
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
|
||||||
|
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
|
||||||
|
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
|
||||||
|
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
|
||||||
|
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
|
||||||
|
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
|
||||||
|
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
|
||||||
|
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
|
||||||
|
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
|
||||||
|
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
|
||||||
|
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
|
||||||
|
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
|
||||||
|
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
|
||||||
|
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
|
||||||
|
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
|
||||||
|
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
|
||||||
|
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
|
||||||
|
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
|
||||||
|
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
|
||||||
|
eiInsGZ/+h5XYrpXTgA=
|
||||||
|
=4+Sn
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
199
gpg2.spec
Normal file
199
gpg2.spec
Normal file
@ -0,0 +1,199 @@
|
|||||||
|
#
|
||||||
|
# spec file for package gpg2
|
||||||
|
#
|
||||||
|
# Copyright (c) 2024 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: gpg2
|
||||||
|
Version: 2.4.4
|
||||||
|
Release: 0
|
||||||
|
Summary: File encryption, decryption, signature creation and verification utility
|
||||||
|
License: GPL-3.0-or-later
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
URL: https://www.gnupg.org
|
||||||
|
Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2
|
||||||
|
Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
|
||||||
|
# https://www.gnupg.org/signature_key.html
|
||||||
|
Source3: https://gnupg.org/signature_key.asc#/%{name}.keyring
|
||||||
|
Source4: scdaemon.udev
|
||||||
|
Source5: gpg2-systemd-user.tar.xz
|
||||||
|
Source99: %{name}.changes
|
||||||
|
Patch1: gnupg-gpg-agent-ulimit.patch
|
||||||
|
Patch2: gnupg-2.0.9-langinfo.patch
|
||||||
|
Patch3: gnupg-dont-fail-with-seahorse-agent.patch
|
||||||
|
Patch4: gnupg-set_umask_before_open_outfile.patch
|
||||||
|
Patch5: gnupg-detect_FIPS_mode.patch
|
||||||
|
Patch6: gnupg-add_legacy_FIPS_mode_option.patch
|
||||||
|
Patch7: gnupg-2.2.16-secmem.patch
|
||||||
|
Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
|
||||||
|
Patch9: gnupg-add-test-cases-for-import-without-uid.patch
|
||||||
|
Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
|
||||||
|
#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set
|
||||||
|
Patch11: gnupg-allow-large-rsa.patch
|
||||||
|
#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation
|
||||||
|
Patch12: gnupg-revert-rfc4880bis.patch
|
||||||
|
#PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
|
||||||
|
Patch13: gnupg-nobetasuffix.patch
|
||||||
|
BuildRequires: expect
|
||||||
|
BuildRequires: fdupes
|
||||||
|
BuildRequires: ibmswtpm2
|
||||||
|
BuildRequires: ibmtss-devel
|
||||||
|
BuildRequires: libassuan-devel >= 2.5.0
|
||||||
|
BuildRequires: libgcrypt-devel >= 1.9.1
|
||||||
|
BuildRequires: libgpg-error-devel >= 1.46
|
||||||
|
BuildRequires: libksba-devel >= 1.6.3
|
||||||
|
BuildRequires: makeinfo
|
||||||
|
BuildRequires: npth-devel >= 1.2
|
||||||
|
BuildRequires: openldap2-devel
|
||||||
|
BuildRequires: pkgconfig
|
||||||
|
BuildRequires: readline-devel
|
||||||
|
BuildRequires: pkgconfig(bzip2)
|
||||||
|
BuildRequires: pkgconfig(gnutls) >= 3.0
|
||||||
|
BuildRequires: pkgconfig(libusb-1.0)
|
||||||
|
BuildRequires: pkgconfig(sqlite3) >= 3.27
|
||||||
|
BuildRequires: pkgconfig(zlib)
|
||||||
|
# runtime dependency to support devel repository users - boo#955982
|
||||||
|
Requires: libassuan0 >= 2.5.0
|
||||||
|
Requires: libgcrypt20 >= 1.9.1
|
||||||
|
Requires: libgpg-error >= 1.46
|
||||||
|
Requires: libksba >= 1.3.4
|
||||||
|
Requires: pinentry
|
||||||
|
Recommends: dirmngr = %{version}
|
||||||
|
Provides: gnupg = %{version}
|
||||||
|
Provides: gpg = 1.4.9
|
||||||
|
Provides: newpg
|
||||||
|
Obsoletes: gpg < 1.4.9
|
||||||
|
|
||||||
|
%description
|
||||||
|
GnuPG is a hybrid-encryption software program; it uses a combination
|
||||||
|
of symmetric-key and public-key cryptography to encrypt/decrypt
|
||||||
|
messages and/or to sign and verify them.
|
||||||
|
|
||||||
|
gpg2 provides GPGSM, gpg-agent, and a keybox library.
|
||||||
|
|
||||||
|
%package -n dirmngr
|
||||||
|
Summary: Keyserver, CRL, and OCSP access for GnuPG
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
|
||||||
|
%description -n dirmngr
|
||||||
|
Since version 2.1 of GnuPG, dirmngr takes care of accessing the OpenPGP
|
||||||
|
keyservers. As with previous versions it is also used as a server for managing
|
||||||
|
and downloading certificate
|
||||||
|
revocation lists (CRLs) for X.509 certificates, downloading X.509 certificates,
|
||||||
|
and providing access to OCSP providers. Dirmngr is invoked internally by gpg,
|
||||||
|
gpgsm, or via the gpg-connect-agent tool.
|
||||||
|
|
||||||
|
%package tpm
|
||||||
|
Summary: TPM2 support for GnuPG
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
|
||||||
|
%description tpm
|
||||||
|
Version 2.3 of GnuPG introduced support for converting GPG private
|
||||||
|
keys to TPM2 wrapped form. This package enables that support. The
|
||||||
|
keytotpm command will not function unless this package is installed.
|
||||||
|
|
||||||
|
%lang_package
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1 -a5 -n gnupg-%{version}
|
||||||
|
|
||||||
|
# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch
|
||||||
|
# to not have man pages and info files have the build date (boo#1047218)
|
||||||
|
touch -d 2018-05-04 doc/gpg.texi
|
||||||
|
|
||||||
|
%build
|
||||||
|
date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
|
||||||
|
%configure \
|
||||||
|
--docdir=%{_docdir}/%{name} \
|
||||||
|
--disable-rpath \
|
||||||
|
--enable-g13 \
|
||||||
|
--enable-large-secmem \
|
||||||
|
--with-gnu-ld \
|
||||||
|
--with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
|
||||||
|
--enable-build-timestamp=$date \
|
||||||
|
--enable-gpg-is-gpg2
|
||||||
|
|
||||||
|
%make_build
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
|
||||||
|
|
||||||
|
# install gpgconf.conf bnc#391347
|
||||||
|
install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
|
||||||
|
# delete to prevent fdupes from creating cross-partition hardlink
|
||||||
|
rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf
|
||||||
|
|
||||||
|
# remove info dir
|
||||||
|
rm %{buildroot}%{_infodir}/dir
|
||||||
|
|
||||||
|
# compat symlinks
|
||||||
|
ln -sf gpg2 %{buildroot}%{_bindir}/gpg
|
||||||
|
ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
|
||||||
|
ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
|
||||||
|
ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
|
||||||
|
|
||||||
|
# install udev rules for scdaemon
|
||||||
|
install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
|
||||||
|
|
||||||
|
# Move the systemd user units to the appropriate directory
|
||||||
|
install -d -m 755 %{buildroot}%{_userunitdir}
|
||||||
|
cp systemd-user/gpg-agent*.s* %{buildroot}%{_userunitdir}
|
||||||
|
cp systemd-user/dirmngr.s* %{buildroot}%{_userunitdir}
|
||||||
|
cp systemd-user/README.systemd %{buildroot}%{_docdir}/gpg2/
|
||||||
|
|
||||||
|
%find_lang gnupg2
|
||||||
|
%fdupes -s %{buildroot}
|
||||||
|
|
||||||
|
%check
|
||||||
|
%make_build check || :
|
||||||
|
|
||||||
|
%post
|
||||||
|
%udev_rules_update
|
||||||
|
|
||||||
|
%files lang -f gnupg2.lang
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license COPYING*
|
||||||
|
%doc AUTHORS NEWS THANKS TODO ChangeLog
|
||||||
|
%{_infodir}/gnupg*
|
||||||
|
%{_mandir}/*/[agsw]*%{ext_man}
|
||||||
|
%doc %{_docdir}/%{name}
|
||||||
|
%{_bindir}/[gkw]*
|
||||||
|
%{_libexecdir}/[gks]*
|
||||||
|
%{_sbindir}/addgnupghome
|
||||||
|
%{_sbindir}/applygnupgdefaults
|
||||||
|
%{_sbindir}/g13-syshelp
|
||||||
|
%{_udevrulesdir}/60-scdaemon.rules
|
||||||
|
%{_datadir}/gnupg
|
||||||
|
%dir %{_sysconfdir}/gnupg
|
||||||
|
%config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf
|
||||||
|
%{_userunitdir}/gpg-agent*
|
||||||
|
%if 0%{?sle_version} >= 150500
|
||||||
|
%exclude %{_userunitdir}/dirmngr.*
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%files -n dirmngr
|
||||||
|
%license COPYING*
|
||||||
|
%{_mandir}/*/dirmngr*%{ext_man}
|
||||||
|
%{_bindir}/dirmngr*
|
||||||
|
%{_libexecdir}/dirmngr_ldap
|
||||||
|
%{_userunitdir}/dirmngr.*
|
||||||
|
|
||||||
|
%files tpm
|
||||||
|
%license COPYING*
|
||||||
|
%{_libexecdir}/tpm2daemon*
|
||||||
|
|
||||||
|
%changelog
|
65
scdaemon.udev
Normal file
65
scdaemon.udev
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
# do not edit this file, it will be overwritten on update
|
||||||
|
|
||||||
|
SUBSYSTEM!="usb", GOTO="gnupg_rules_end"
|
||||||
|
ACTION!="add", GOTO="gnupg_rules_end"
|
||||||
|
|
||||||
|
# USB SmartCard Readers
|
||||||
|
## Cherry GmbH (XX33, ST2000)
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0005", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0010", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="003e", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## SCM Microsystems, Inc (SCR331-DI, SCR335, SCR3320, SCR331, SCR3310 and SPR532)
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5117", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Omnikey AG (CardMan 3821, CardMan 6121)
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="3821", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="6622", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Gemalto
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3437", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3438", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3478", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34c2", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34ec", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Reiner (SCT cyberJack)
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="0c4b", ATTR{idProduct}=="0500", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Kobil (KAAN)
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="0d46", ATTR{idProduct}=="2012", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## VASCO (DIGIPASS 920)
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="1a44", ATTR{idProduct}=="0920", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Crypto Stick
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4107", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Nitrokey
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4108", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4109", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4211", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Gnuk Token
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="234b", ATTR{idProduct}=="0000", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Alcor Micro Corp cardreader (in ThinkPad X250)
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="058f", ATTR{idProduct}=="9540", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Fujitsu Siemens
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="0bf8", ATTR{idProduct}=="1006", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Yubico
|
||||||
|
# Yubikey NEO OTP+CCID
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
# Yubikey NEO CCID
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0112", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
# Yubikey NEO U2F+CCID
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
# Yubikey NEO OTP+U2F+CCID
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
# Yubikey 4 CCID
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0404", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
# Yubikey 4 OTP+CCID
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
# Yubikey 4 U2F+CCID
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
# Yubikey 4 OTP+U2F+CCID
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
## Trustica Cryptoucan
|
||||||
|
SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", ATTR{idProduct}=="81e6", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
|
||||||
|
|
||||||
|
LABEL="gnupg_rules_end"
|
Loading…
Reference in New Issue
Block a user