pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1116649 from security:privacy

Browse Source 
- Install the internal executables in the /usr/libexec dir instead
  of /usr/lib64. These files are keyboxd, scdaemon, gpg-auth
  gpg-check-pattern, gpg-pair-tool, gpg-preset-passphrase,
  gpg-protect-tool, gpg-wks-client, dirmngr_ldap and tpm2daemon.

- Provide the systemd-user files since they have been removed
  upstream since version 2.4.1. [bsc#1201564]
  * Add gpg2-systemd-user.tar.xz

- Revert back to use the IBM TPM Software stack.

- Update to 2.4.3:
  * gpg: Set default expiration date to 3 years. [T2701]
  * gpg: Add --list-filter properties "key_expires" and
    "key_expires_d". [T6529]
  * gpg: Emit status line and proper diagnostics for write errors. [T6528]
  * gpg: Make progress work for large files on Windows. [T6534]
  * gpg: New option --no-compress as alias for -z0.
  * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534]
  * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0]
  * gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
  * gpgtar: New option --no-compress.
  * dirmngr: Extend the AD_QUERY command. [rG207c99567c]
  * dirmngr: Disable the HTTP redirect rewriting. [T6477]
  * dirmngr: New option --compatibility-flags. [rGbf04b07327]
  * dirmngr: New option --ignore-crl-extensions. [T6545]
  * wkd: Use export-clean for gpg-wks-client's --mirror and --create
    commands. [rG2c7f7a5a27]
  * wkd: Make --add-revocs the default in gpg-wks-client. New option
    --no-add-revocs. [rG10c937ee68]

OBS-URL: https://build.opensuse.org/request/show/1116649
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=292
This commit is contained in:
Pedro Monreal Gonzalez 2023-10-10 15:00:55 +00:00 committed by Git OBS Bridge
parent 97910ac5da
commit 4eafdb296b
10 changed files with 167 additions and 243 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnupg-2.4.0.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
size 7666935

BIN
gnupg-2.4.0.tar.bz2.sig
View File

Binary file not shown.

3
gnupg-2.4.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a271ae6d732f6f4d80c258ad9ee88dd9c94c8fdc33c3e45328c4d7c126bd219d
size 7351327

BIN
gnupg-2.4.3.tar.bz2.sig Normal file
View File

Binary file not shown.

28
gnupg-add_legacy_FIPS_mode_option.patch
View File

@ -3,11 +3,11 @@
g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+)
Index: gnupg-2.4.0/doc/gpg.texi
Index: gnupg-2.4.2/doc/gpg.texi
===================================================================
--- gnupg-2.4.0.orig/doc/gpg.texi
+++ gnupg-2.4.0/doc/gpg.texi
@@ -2218,6 +2218,24 @@ implies, this option is for experts only
--- gnupg-2.4.2.orig/doc/gpg.texi
+++ gnupg-2.4.2/doc/gpg.texi
@@ -2285,6 +2285,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option.
@ -32,28 +32,28 @@ Index: gnupg-2.4.0/doc/gpg.texi
@end table
Index: gnupg-2.4.0/g10/gpg.c
Index: gnupg-2.4.2/g10/gpg.c
===================================================================
--- gnupg-2.4.0.orig/g10/gpg.c
+++ gnupg-2.4.0/g10/gpg.c
@@ -443,6 +443,7 @@ enum cmd_and_opt_values
--- gnupg-2.4.2.orig/g10/gpg.c
+++ gnupg-2.4.2/g10/gpg.c
@@ -446,6 +446,7 @@ enum cmd_and_opt_values
oForceSignKey,
oForbidGenKey,
oRequireCompliance,
+ oSetLegacyFips,
oCompatibilityFlags,
oNoop
@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = {
oAddDesigRevoker,
oAssertSigner,
@@ -886,6 +887,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
+ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
ARGPARSE_header (NULL, N_("Options for unattended use")),
@@ -3711,6 +3714,14 @@ main (int argc, char **argv)
opt.flags.require_compliance = 1;
@@ -3756,6 +3758,14 @@ main (int argc, char **argv)
keybox_set_buffersize (pargs.r.ret_ulong, 0);
break;
+ case oSetLegacyFips:

46
gnupg-revert-rfc4880bis.patch
View File

@ -13,11 +13,11 @@ Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
(read_parameter_file): Activate the v4 and v5 keywords.
--
Index: gnupg-2.4.0/g10/gpg.c
Index: gnupg-2.4.1/g10/gpg.c
===================================================================
--- gnupg-2.4.0.orig/g10/gpg.c
+++ gnupg-2.4.0/g10/gpg.c
@@ -246,6 +246,7 @@ enum cmd_and_opt_values
--- gnupg-2.4.1.orig/g10/gpg.c
+++ gnupg-2.4.1/g10/gpg.c
@@ -247,6 +247,7 @@ enum cmd_and_opt_values
oGnuPG,
oRFC2440,
oRFC4880,
@ -25,7 +25,7 @@ Index: gnupg-2.4.0/g10/gpg.c
oOpenPGP,
oPGP7,
oPGP8,
@@ -631,6 +632,7 @@ static gpgrt_opt_t opts[] = {
@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
@ -33,15 +33,15 @@ Index: gnupg-2.4.0/g10/gpg.c
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
ARGPARSE_s_n (oPGP7, "pgp6", "@"),
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
@@ -973,7 +975,6 @@ static gpgrt_opt_t opts[] = {
@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
ARGPARSE_s_s (oNoop, "aead-algo", "@"),
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
ARGPARSE_group (302, N_(
@@ -2207,7 +2208,7 @@ static struct gnupg_compliance_option co
@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co
{
{ "gnupg", oGnuPG },
{ "openpgp", oOpenPGP },
@ -50,7 +50,7 @@ Index: gnupg-2.4.0/g10/gpg.c
{ "rfc4880", oRFC4880 },
{ "rfc2440", oRFC2440 },
{ "pgp6", oPGP7 },
@@ -2223,8 +2224,28 @@ static struct gnupg_compliance_option co
@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co
static void
set_compliance_option (enum cmd_and_opt_values option)
{
@ -79,7 +79,7 @@ Index: gnupg-2.4.0/g10/gpg.c
case oOpenPGP:
case oRFC4880:
/* This is effectively the same as RFC2440, but with
@@ -2268,6 +2289,7 @@ set_compliance_option (enum cmd_and_opt_
@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_
case oPGP8: opt.compliance = CO_PGP8; break;
case oGnuPG:
opt.compliance = CO_GNUPG;
@ -87,7 +87,7 @@ Index: gnupg-2.4.0/g10/gpg.c
break;
case oDE_VS:
@@ -2470,6 +2492,7 @@ main (int argc, char **argv)
@@ -2490,6 +2512,7 @@ main (int argc, char **argv)
opt.emit_version = 0;
opt.weak_digests = NULL;
opt.compliance = CO_GNUPG;
@ -95,7 +95,7 @@ Index: gnupg-2.4.0/g10/gpg.c
/* Check special options given on the command line. */
orig_argc = argc;
@@ -3008,6 +3031,7 @@ main (int argc, char **argv)
@@ -3032,6 +3055,7 @@ main (int argc, char **argv)
case oOpenPGP:
case oRFC2440:
case oRFC4880:
@ -103,7 +103,7 @@ Index: gnupg-2.4.0/g10/gpg.c
case oPGP7:
case oPGP8:
case oGnuPG:
@@ -3832,6 +3856,11 @@ main (int argc, char **argv)
@@ -3868,6 +3892,11 @@ main (int argc, char **argv)
if( may_coredump && !opt.quiet )
log_info(_("WARNING: program may create a core file!\n"));
@ -115,7 +115,7 @@ Index: gnupg-2.4.0/g10/gpg.c
if (eyes_only) {
if (opt.set_filename)
log_info(_("WARNING: %s overrides %s\n"),
@@ -4057,7 +4086,7 @@ main (int argc, char **argv)
@@ -4084,7 +4113,7 @@ main (int argc, char **argv)
/* Check our chosen algorithms against the list of legal
algorithms. */
@ -124,11 +124,11 @@ Index: gnupg-2.4.0/g10/gpg.c
{
const char *badalg=NULL;
preftype_t badtype=PREFTYPE_NONE;
Index: gnupg-2.4.0/g10/keygen.c
Index: gnupg-2.4.1/g10/keygen.c
===================================================================
--- gnupg-2.4.0.orig/g10/keygen.c
+++ gnupg-2.4.0/g10/keygen.c
@@ -407,7 +407,7 @@ keygen_set_std_prefs (const char *string
--- gnupg-2.4.1.orig/g10/keygen.c
+++ gnupg-2.4.1/g10/keygen.c
@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string
strcat(dummy_string,"S7 ");
strcat(dummy_string,"S2 "); /* 3DES */
@ -137,7 +137,7 @@ Index: gnupg-2.4.0/g10/keygen.c
strcat(dummy_string,"A2 ");
if (personal)
@@ -892,7 +892,7 @@ keygen_upd_std_prefs (PKT_signature *sig
@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig
/* Make sure that the MDC feature flag is set if needed. */
add_feature_mdc (sig,mdc_available);
add_feature_aead (sig, aead_available);
@ -146,7 +146,7 @@ Index: gnupg-2.4.0/g10/keygen.c
add_keyserver_modify (sig,ks_modify);
keygen_add_keyserver_url(sig,NULL);
@@ -3387,7 +3387,10 @@ parse_key_parameter_part (ctrl_t ctrl,
@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
}
}
else if (!ascii_strcasecmp (s, "v5"))
@ -158,7 +158,7 @@ Index: gnupg-2.4.0/g10/keygen.c
else if (!ascii_strcasecmp (s, "v4"))
keyversion = 4;
else
@@ -3646,7 +3649,7 @@ parse_key_parameter_part (ctrl_t ctrl,
@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
* ecdsa := Use algorithm ECDSA.
* eddsa := Use algorithm EdDSA.
* ecdh := Use algorithm ECDH.
@ -167,7 +167,7 @@ Index: gnupg-2.4.0/g10/keygen.c
*
* There are several defaults and fallbacks depending on the
* algorithm. PART can be used to select which part of STRING is
@@ -4428,9 +4431,9 @@ read_parameter_file (ctrl_t ctrl, const
@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const
}
}
@ -180,7 +180,7 @@ Index: gnupg-2.4.0/g10/keygen.c
else
{
r = xmalloc_clear( sizeof *r + strlen( value ) );
@@ -4525,11 +4528,14 @@ quickgen_set_para (struct para_data_s *p
@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p
para = r;
}

168
gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
View File

@ -1,168 +0,0 @@
From e89d57a2cb10bd04d266165015f159be2ab48984 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 21 Dec 2022 10:52:24 +0900
Subject: tests: Fix tests/gpgme for in-source-tree builds.
* tests/gpgme/Makefile.am: Don't use setup.scm/ dir.
* tests/gpgme/Makefile.in: Don't use setup.scm/ dir.
* tests/gpgme/all-tests.scm: Fix the name of the environment.
--
GnuPG-bug-id: 6313
Fixes-commit: c19ea75f10d6278569619f90977ce7c820e9319d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Index: gnupg-2.4.0/tests/gpgme/Makefile.am
===================================================================
--- gnupg-2.4.0.orig/tests/gpgme/Makefile.am
+++ gnupg-2.4.0/tests/gpgme/Makefile.am
@@ -47,8 +47,7 @@ check: xcheck
.PHONY: xcheck
xcheck:
- @$(MKDIR_P) setup.scm/tests \
- tests/gpg lang/qt/tests lang/python/tests
+ @$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests
$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \
$(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
@@ -61,4 +60,4 @@ CLEANFILES = *.log report.xml
all-local: $(required_pgms)
clean-local:
- -rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests
+ -rm -rf tests lang
Index: gnupg-2.4.0/tests/gpgme/Makefile.in
===================================================================
--- gnupg-2.4.0.orig/tests/gpgme/Makefile.in
+++ gnupg-2.4.0/tests/gpgme/Makefile.in
@@ -614,8 +614,7 @@ check: xcheck
.PHONY: xcheck
xcheck:
- @$(MKDIR_P) setup.scm/tests \
- tests/gpg lang/qt/tests lang/python/tests
+ @$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests
$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \
$(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
@@ -624,7 +623,7 @@ xcheck:
all-local: $(required_pgms)
clean-local:
- -rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests
+ -rm -rf tests lang
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
Index: gnupg-2.4.0/tests/gpgme/all-tests.scm
===================================================================
--- gnupg-2.4.0.orig/tests/gpgme/all-tests.scm
+++ gnupg-2.4.0/tests/gpgme/all-tests.scm
@@ -41,7 +41,7 @@
(test::scm
#f
#f
- (path-join "tests" "gpgme" "setup.scm" "tests" "gpg")
+ (path-join "tests" "gpgme" "tests" "gpg")
(in-srcdir "tests" "gpgme" "setup.scm")
"--" "tests" "gpg")))
(define setup-py
@@ -49,7 +49,7 @@
(test::scm
#f
#f
- (path-join "tests" "gpgme" "setup.scm" "lang" "python" "tests")
+ (path-join "tests" "gpgme" "lang" "python" "tests")
(in-srcdir "tests" "gpgme" "setup.scm")
"--" "lang" "python" "tests")))
From 658daae34aa3b2b40e6473d44d41abcf175f1ab2 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 21 Mar 2023 09:15:20 +0100
Subject: [PATCH 0787/1000] doc: Suggest the use of out-of-source builds.
--
GnuPG-bug-id: 6313
diff --git a/INSTALL b/INSTALL
index 5458714e1..9e9642898 100644
--- a/INSTALL
+++ b/INSTALL
@@ -42,10 +42,12 @@ may remove or edit it.
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
-The simplest way to compile this package is:
+The suggested way to compile this package is:
- 1. `cd' to the directory containing the package's source code and type
- `./configure' to configure the package for your system.
+ 1. `cd' to the directory containing the package's source code and
+ create a new directory named `build'. Then `cd' to that
+ directory and type `../configure' to configure the package for
+ your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
@@ -58,14 +60,17 @@ The simplest way to compile this package is:
4. Type `make install' to install the programs and any data files and
documentation.
- 5. You can remove the program binaries and object files from the
- source code directory by typing `make clean'. To also remove the
- files that `configure' created (so you can compile the package for
- a different kind of computer), type `make distclean'. There is
- also a `make maintainer-clean' target, but that is intended mainly
- for the package's developers. If you use it, you may have to get
- all sorts of other programs in order to regenerate files that came
- with the distribution.
+ 5. You can remove the program binaries and object files by deleting
+ all files from the `build' directory. In case you did not used a
+ dedicated build directory but build the software directly in the
+ source tree, you can remove the program binaries and object files
+ from the source code directory by typing `make clean'. To also
+ remove the files that `configure' created (so you can compile the
+ package for a different kind of computer), type `make distclean'.
+ There is also a `make maintainer-clean' target, but that is
+ intended mainly for the package's developers. If you use it, you
+ may have to get all sorts of other programs in order to
+ regenerate files that came with the distribution.
Compilers and Options
=====================
@@ -231,4 +236,3 @@ an Autoconf bug. Until the bug is fixed you can use this workaround:
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
-
diff --git a/README b/README
index 42eed238f..b9bf7805e 100644
--- a/README
+++ b/README
@@ -53,7 +53,9 @@
As with all packages, you just have to do
- ./configure
+ mkdir build
+ cd build
+ ../configure
make
make check
make install
@@ -81,7 +83,8 @@
To quickly build all required software without installing it, the
Speedo method may be used:
- make -f build-aux/speedo.mk native
+ cd build
+ make -f ../build-aux/speedo.mk native
This method downloads all required libraries and does a native build
of GnuPG to PLAY/inst/. GNU make is required and you need to set
--
2.42.0

BIN
gpg2-systemd-user.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

108
gpg2.changes
View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue Oct 10 06:46:08 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Install the internal executables in the /usr/libexec dir instead
of /usr/lib64. These files are keyboxd, scdaemon, gpg-auth
gpg-check-pattern, gpg-pair-tool, gpg-preset-passphrase,
gpg-protect-tool, gpg-wks-client, dirmngr_ldap and tpm2daemon.
-------------------------------------------------------------------
Mon Oct 9 12:33:12 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Provide the systemd-user files since they have been removed
upstream since version 2.4.1. [bsc#1201564]
* Add gpg2-systemd-user.tar.xz
-------------------------------------------------------------------
Thu Sep 21 07:36:32 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
@ -5,6 +20,92 @@ Thu Sep 21 07:36:32 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
* Note that, there is no activation by default.
* Rework excludes in the spec's files section.
-------------------------------------------------------------------
Thu Aug 3 16:24:19 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Revert back to use the IBM TPM Software stack.
-------------------------------------------------------------------
Wed Jul 5 09:10:55 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.3:
* gpg: Set default expiration date to 3 years. [T2701]
* gpg: Add --list-filter properties "key_expires" and
"key_expires_d". [T6529]
* gpg: Emit status line and proper diagnostics for write errors. [T6528]
* gpg: Make progress work for large files on Windows. [T6534]
* gpg: New option --no-compress as alias for -z0.
* gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534]
* gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0]
* gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
* gpgtar: New option --no-compress.
* dirmngr: Extend the AD_QUERY command. [rG207c99567c]
* dirmngr: Disable the HTTP redirect rewriting. [T6477]
* dirmngr: New option --compatibility-flags. [rGbf04b07327]
* dirmngr: New option --ignore-crl-extensions. [T6545]
* wkd: Use export-clean for gpg-wks-client's --mirror and --create
commands. [rG2c7f7a5a27]
* wkd: Make --add-revocs the default in gpg-wks-client. New option
--no-add-revocs. [rG10c937ee68]
* scd: Make signing work for Nexus cards. [rGb83d86b988]
* scd: Fix authentication with Administration Key for PIV. [rG25b59cf6ce]
-------------------------------------------------------------------
Tue May 30 19:37:39 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.2:
* gpg: Print a warning if no more encryption subkeys are left over
after changing the expiration date. [rGef2c3d50fa]
* gpg: Fix searching for the ADSK key when adding an ADSK. [T6504]
* gpgsm: Speed up key listings on Windows. [rG08ff55bd44]
* gpgsm: Reduce the number of "failed to open policy file"
diagnostics. [rG68613a6a9d]
* agent: Make updating of private key files more robust and track
display S/N. [T6135]
* keyboxd: Avoid longish delays on Windows when listing keys.
[rG6944aefa3c]
* gpgtar: Emit extra status lines to help GPGME. [T6497]
* w32: Avoid using the VirtualStore. [T6403]
* Rebase gnupg-add_legacy_FIPS_mode_option.patch
-------------------------------------------------------------------
Fri Apr 28 11:58:06 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.1:
* If the ~/.gnupg directory does not exist, the keyboxd is now
automagically enabled. [rGd9e7488b17]
* gpg: New option --add-desig-revoker. [rG3d094e2bcf]
* gpg: New option --assert-signer. [rGc9e95b8dee]
* gpg: New command --quick-add-adsk and other ADSK features.
[T6395, https://gnupg.org/blog/20230321-adsk.html]
* gpg: New list-option "show-unusable-sigs". Also show "[self-signature]"
instead of the user-id in key signature listings. [rG103acfe9ca]
* gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367]
* gpg: Detect already compressed data also when using a pipe. Also
detect JPEG and PNG file formats. [T6332]
* gpg: New subcommand "openpgp" for --card-edit. [T6462]
* gpgsm: Verification of detached signatures does now strip trailing
zeroes from the input if --assume-binary is used. [rG2a13f7f9dc]
* gpgsm: Non-armored detached signature are now created without
using indefinite form length octets. This improves compatibility
with some PDF signature verification software. [rG8996b0b655]
* gpgtar: Emit progress status lines in create mode. [T6363]
* dirmngr: The LDAP modifyTimestamp is now returned by some
keyserver commands. [rG56d309133f]
* ssh: Allow specification of the order keys are presented to ssh.
See the man page entry for --enable-ssh-support. [T5996, T6212]
* gpg: Make list-options "show-sig-subpackets" work again.
Fixes regression in 2.4.0. [rG5a223303d7]
* gpg: Fix the keytocard command for Yubikeys. [T6378]
* gpg: Do not continue an export after a cancel for the primary key. [T6093]
* gpg: Replace the --override-compliance-check hack by a real fix. [T5655]
* gpgtar: Fix decryption with input taken from stdin. [T6355]
* Rebase patches:
- gnupg-revert-rfc4880bis.patch
- gnupg-add_legacy_FIPS_mode_option.patch
* Remove patch fixed upstream:
- gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
-------------------------------------------------------------------
Fri Mar 10 09:03:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
@ -23,6 +124,13 @@ Fri Mar 10 08:42:02 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Allow 8192 bit RSA keys in keygen UI when large_rsa is set
* Add gnupg-allow-large-rsa.patch
-------------------------------------------------------------------
Tue Feb 7 08:58:03 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Fix the regression test suite fails with the IBM TPM Software
stack. Builds fine using the Intel TPM; use the swtpm and
tpm2-0-tss-devel packages instead of ibmswtpm2 and ibmtss-devel.
-------------------------------------------------------------------
Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

51
gpg2.spec
View File

@ -17,7 +17,7 @@
Name: gpg2
Version: 2.4.0
Version: 2.4.3
Release: 0
Summary: File encryption, decryption, signature creation and verification utility
License: GPL-3.0-or-later
@ -28,6 +28,7 @@ Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
# https://www.gnupg.org/signature_key.html
Source3: https://gnupg.org/signature_key.asc#/%{name}.keyring
Source4: scdaemon.udev
Source5: gpg2-systemd-user.tar.xz
Source99: %{name}.changes
Patch1: gnupg-gpg-agent-ulimit.patch
Patch2: gnupg-2.0.9-langinfo.patch
@ -43,8 +44,6 @@ Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.pa
Patch11: gnupg-allow-large-rsa.patch
#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation
Patch12: gnupg-revert-rfc4880bis.patch
#PATCH-FIX-UPSTREAM Fix tests/gpgme for in-source-tree builds
Patch13: gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
BuildRequires: expect
BuildRequires: fdupes
BuildRequires: ibmswtpm2
@ -66,6 +65,7 @@ BuildRequires: pkgconfig(zlib)
# runtime dependency to support devel repository users - boo#955982
Requires: libassuan0 >= 2.5.0
Requires: libgcrypt20 >= 1.9.1
Requires: libgpg-error >= 1.46
Requires: libksba >= 1.3.4
Requires: pinentry
Recommends: dirmngr = %{version}
@ -105,7 +105,7 @@ keytotpm command will not function unless this package is installed.
%lang_package
%prep
%autosetup -p1 -n gnupg-%{version}
%autosetup -p1 -a5 -n gnupg-%{version}
# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch
# to not have man pages and info files have the build date (boo#1047218)
@ -114,19 +114,10 @@ touch -d 2018-05-04 doc/gpg.texi
%build
date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
%configure \
--libexecdir=%{_libdir} \
--docdir=%{_docdir}/%{name} \
--with-agent-pgm=%{_bindir}/gpg-agent \
--with-pinentry-pgm=%{_bindir}/pinentry \
--with-dirmngr-pgm=%{_bindir}/dirmngr \
--with-scdaemon-pgm=%{_bindir}/scdaemon \
--with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \
--enable-ldap \
--enable-gpgsm=yes \
--enable-gpgtar \
--disable-rpath \
--enable-g13 \
--enable-large-secmem \
--enable-wks-tools \
--with-gnu-ld \
--with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
--enable-build-timestamp=$date \
@ -137,6 +128,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
%install
%make_install
mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
# install gpgconf.conf bnc#391347
install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
# delete to prevent fdupes from creating cross-partition hardlink
@ -151,31 +143,20 @@ ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
# fix rpmlint invalid-lc-messages-dir:
rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
# install scdaemon to %%{_bindir} (bnc#863645)
mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
# install tpm2daemon
mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir}
# install udev rules for scdaemon
install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
# Move the systemd user units to appropriate directory
# Move the systemd user units to the appropriate directory
install -d -m 755 %{buildroot}%{_userunitdir}
mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_userunitdir}
cp systemd-user/gpg-agent*.s* %{buildroot}%{_userunitdir}
cp systemd-user/dirmngr.s* %{buildroot}%{_userunitdir}
cp systemd-user/README.systemd %{buildroot}%{_docdir}/gpg2/
%find_lang gnupg2
%fdupes -s %{buildroot}
%check
# Run only localy, fails in OBS
%if ! 0%{?qemu_user_space_build}
%make_build -j1 check || :
%endif
%make_build check || :
%post
%udev_rules_update
@ -184,13 +165,12 @@ mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_user
%files
%license COPYING*
%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ README
%doc AUTHORS NEWS THANKS TODO ChangeLog
%{_infodir}/gnupg*
%{_mandir}/*/[agsw]*%{ext_man}
%doc %{_docdir}/%{name}
%{_bindir}/[gksw]*
%{_libdir}/g*
%{_libdir}/k*
%{_bindir}/[gkw]*
%{_libexecdir}/[gks]*
%{_sbindir}/addgnupghome
%{_sbindir}/applygnupgdefaults
%{_sbindir}/g13-syshelp
@ -204,10 +184,11 @@ mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_user
%license COPYING*
%{_mandir}/*/dirmngr*%{ext_man}
%{_bindir}/dirmngr*
%{_libexecdir}/dirmngr_ldap
%{_userunitdir}/dirmngr.*
%files tpm
%license COPYING*
%{_bindir}/tpm2daemon*
%{_libexecdir}/tpm2daemon*
%changelog