Dominique Leuenberger 2021-10-22 12:39:51 +00:00 committed by Git OBS Bridge
parent 3ce12af435
commit b06e69ae55
10 changed files with 93 additions and 234 deletions

3
gnupg-2.2.27.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399
size 7191555

BIN
gnupg-2.2.27.tar.bz2.sig Normal file

Binary file not shown.

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5789b86da6a1a6752efb38598f16a77af51170a8494039c3842b085032e8e937
size 7590874

Binary file not shown.

View File

@ -3,11 +3,11 @@
g10/gpg.c | 9 +++++++++ g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+) 2 files changed, 27 insertions(+)
Index: gnupg-2.3.0/doc/gpg.texi Index: gnupg-2.2.20/doc/gpg.texi
=================================================================== ===================================================================
--- gnupg-2.3.0.orig/doc/gpg.texi --- gnupg-2.2.20.orig/doc/gpg.texi
+++ gnupg-2.3.0/doc/gpg.texi +++ gnupg-2.2.20/doc/gpg.texi
@@ -2178,6 +2178,24 @@ implies, this option is for experts only @@ -2133,6 +2133,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option. off. @option{--no-expert} disables this option.
@ -32,37 +32,36 @@ Index: gnupg-2.3.0/doc/gpg.texi
@end table @end table
Index: gnupg-2.3.0/g10/gpg.c Index: gnupg-2.2.20/g10/gpg.c
=================================================================== ===================================================================
--- gnupg-2.3.0.orig/g10/gpg.c --- gnupg-2.2.20.orig/g10/gpg.c
+++ gnupg-2.3.0/g10/gpg.c +++ gnupg-2.2.20/g10/gpg.c
@@ -437,6 +437,7 @@ enum cmd_and_opt_values @@ -429,6 +429,7 @@ enum cmd_and_opt_values
oUseOnlyOpenPGPCard,
oIncludeKeyBlock,
oNoIncludeKeyBlock, oNoIncludeKeyBlock,
oChUid,
oForceSignKey,
+ oSetLegacyFips, + oSetLegacyFips,
oNoop oNoop
}; };
@@ -870,6 +871,7 @@ static gpgrt_opt_t opts[] = { @@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oAEADAlgo, "aead-algo", "@"), ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
+ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"),
ARGPARSE_header (NULL, N_("Options for unattended use")), @@ -3614,6 +3616,13 @@ main (int argc, char **argv)
@@ -3688,6 +3690,14 @@ main (int argc, char **argv) opt.flags.use_only_openpgp_card = 1;
opt.flags.full_timestrings = 1;
break; break;
+ case oSetLegacyFips: + case oSetLegacyFips:
+ if(gcry_fips_mode_active()) + if(gcry_fips_mode_active())
+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, + gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, "Enable legacy support in FIPS 140-2 mode");
+ "Enable legacy support in FIPS 140-2 mode"); + else
+ else + log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n");
+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); + break;
+ break;
+ +
case oNoop: break; case oNoop: break;

View File

@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
g10/import.c | 49 +++++++++++-------------------------------------- g10/import.c | 49 +++++++++++--------------------------------------
1 file changed, 11 insertions(+), 38 deletions(-) 1 file changed, 11 insertions(+), 38 deletions(-)
Index: gnupg-2.3.0/g10/import.c Index: gnupg-2.2.19/g10/import.c
=================================================================== ===================================================================
--- gnupg-2.3.0.orig/g10/import.c --- gnupg-2.2.19.orig/g10/import.c
+++ gnupg-2.3.0/g10/import.c +++ gnupg-2.2.19/g10/import.c
@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, @@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl,
size_t an; size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE]; char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0; int merge_keys_done = 0;
@ -29,12 +29,12 @@ Index: gnupg-2.3.0/g10/import.c
KEYDB_HANDLE hd = NULL; KEYDB_HANDLE hd = NULL;
if (r_valid) if (r_valid)
@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, @@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl,
log_printf ("\n"); log_printf ("\n");
} }
- -
- if (!uidnode) - if (!uidnode )
- { - {
- if (!silent) - if (!silent)
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); - log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
@ -44,18 +44,16 @@ Index: gnupg-2.3.0/g10/import.c
if (screener && screener (keyblock, screener_arg)) if (screener && screener (keyblock, screener_arg))
{ {
log_error (_("key %s: %s\n"), keystr_from_pk (pk), log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, @@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl,
xfree(user);
} }
} }
-
- /* Delete invalid parts and bail out if there are no user ids left. */ - if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
- if (!delete_inv_parts (ctrl, keyblock, keyid, options))
- { - {
- if (!silent) - if (!silent)
- { - {
- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); - log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if (!opt.quiet) - if (!opt.quiet )
- log_info(_("this may be caused by a missing self-signature\n")); - log_info(_("this may be caused by a missing self-signature\n"));
- } - }
- stats->no_user_id++; - stats->no_user_id++;
@ -68,7 +66,7 @@ Index: gnupg-2.3.0/g10/import.c
/* Get rid of deleted nodes. */ /* Get rid of deleted nodes. */
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, @@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl,
{ {
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
@ -93,7 +91,7 @@ Index: gnupg-2.3.0/g10/import.c
} }
/* The keyblock is valid and ready for real import. */ /* The keyblock is valid and ready for real import. */
@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, @@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl,
err = 0; err = 0;
stats->skipped_new_keys++; stats->skipped_new_keys++;
} }

View File

@ -2,16 +2,16 @@
g10/passphrase.c | 2 +- g10/passphrase.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
Index: gnupg-2.3.0/g10/passphrase.c Index: gnupg-2.1.0/g10/passphrase.c
=================================================================== ===================================================================
--- gnupg-2.3.0.orig/g10/passphrase.c --- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100
+++ gnupg-2.3.0/g10/passphrase.c +++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100
@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac @@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations)
} {
else /* Don't print an error if an older agent is used. */
{ if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); - log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
+ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc)); + log_info (_("problem with the agent: %s\n"), gpg_strerror (err));
/* Due to limitations in the API of the upper layers they /* Default to 65536 which we used up to 2.0.13. */
consider an error as no passphrase entered. This works in return 96;
most cases but not during key creation where this should }

View File

@ -1,7 +1,7 @@
Index: gnupg-2.3.0/g10/plaintext.c Index: gnupg-2.1.20/g10/plaintext.c
=================================================================== ===================================================================
--- gnupg-2.3.0.orig/g10/plaintext.c --- gnupg-2.1.20.orig/g10/plaintext.c 2017-04-03 17:13:56.000000000 +0200
+++ gnupg-2.3.0/g10/plaintext.c +++ gnupg-2.1.20/g10/plaintext.c 2017-04-04 09:53:31.541145727 +0200
@@ -24,6 +24,7 @@ @@ -24,6 +24,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
@ -39,5 +39,5 @@ Index: gnupg-2.3.0/g10/plaintext.c
+ } + }
+ umask(saved_umask); + umask(saved_umask);
} }
#else /* __riscos__ */
leave: /* If no output filename was given, i.e. we constructed it, convert

View File

@ -1,151 +1,3 @@
-------------------------------------------------------------------
Tue Oct 12 19:20:50 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- GnuPG 2.3.3:
* agent: Fix segv in GET_PASSPHRASE (regression)
* dirmngr: Fix Let's Encrypt certificate chain validation
* gpg: Change default and maximum AEAD chunk size to 4 MiB
* gpg: Print a warning when importing a bad cv25519 secret key
* gpg: Fix --list-packets for undecryptable AEAD packets
* gpg: Verify backsigs for v5 keys correctly
* keyboxd: Fix checksum computation for no UBID entry on disk
* keyboxd: Fix "invalid object" error with cv448 keys
* dirmngr: New option --ignore-cert
* agent: Fix calibrate_get_time use of clock_gettime
* Support a gpgconf.ctl file under Unix and use this for the
regression tests
-------------------------------------------------------------------
Wed Aug 25 10:01:38 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- GnuPG 2.3.2:
* gpg: Allow fingerprint based lookup with --locate-external-key.
* gpg: Allow decryption w/o public key but with correct card inserted.
* gpg: Auto import keys specified with --trusted-keys.
* gpg: Do not use import-clean for LDAP keyserver imports.
* gpg: Fix mailbox based search via AKL keyserver method.
* gpg: Fix memory corruption with --clearsign introduced with 2.3.1.
* gpg: Use a more descriptive prompt for symmetric decryption.
* gpg: Improve speed of secret key listing.
* gpg: Support keygrip search with traditional keyring.
* gpg: Let --fetch-key return an exit code on failure.
* gpg: Emit the NO_SECKEY status again for decryption.
* gpgsm: Support decryption of password based encryption (pwri).
* gpgsm: Support AES-GCM decryption.
* gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.
* gpgsm: Fix finding of issuer in use-keyboxd mode.
* gpgsm: New option --ldapserver as an alias for --keyserver.
* agent: Use SHA-256 for SSH fingerprint by default.
* agent: Fix calling handle_pincache_put.
* agent: Fix importing protected secret key.
* agent: Fix a regression in agent_get_shadow_info_type.
* agent: Add translatable text for Caps Lock hint.
* agent: New option --pinentry-formatted-passphrase.
* agent: Add checkpin inquiry for pinentry.
* agent: New option --check-sym-passphrase-pattern.
* agent: Use the sysconfdir for a pattern file.
* agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry.
* dirmngr: LDAP search by a mailbox now ignores revoked keys.
* dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
* dirmngr: Allow for non-URL specified ldap keyservers.
* dirmngr: New option --ldapserver.
* dirmngr: Fix regression in KS_GET for mail address pattern.
* card: New option --shadow for the list command.
* tests: Make sure the built keyboxd is used.
* scd: Fix computing shared secrets for 512 bit curves.
* scd: Fix unblock PIN by a Reset Code with KDF.
* scd: Fix PC/SC removed card problem.
* scd: Recover the partial match for PORTSTR for PC/SC.
* scd: Make sure to release the PC/SC context.
* scd: Fix zero-byte handling in ECC.
* scd: Fix serial number detection for Yubikey 5.
* scd: Add basic support for AET JCOP cards.
* scd: Detect external interference when --pcsc-shared is in use.
* scd: Fix access to the list of cards.
* gpgconf: Do not list a disabled tpm2d.
* gpgconf: Make runtime changes with different homedir work.
* keyboxd: Fix searching for exact mail adddress.
* keyboxd: Fix searching with multiple patterns.
* tools: Extend gpg-check-pattern.
* wkd: Fix client issue with leading or trailing spaces in user-ids.
* Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry.
* Change the default keyserver to keyserver.ubuntu.com. This is a
temporary change due to the shutdown of the SKS keyserver pools.
-------------------------------------------------------------------
Fri Jun 11 12:19:16 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- GnuPG 2.3.1:
* The new configuration file common.conf is now used to enable
the use of the key database daemon with "use-keyboxd". Using
this option in gpg.conf and gpgsm.conf is supported for a
transitional period. See doc/example/common.conf for more.
* gpg: Force version 5 key creation for ed448 and cv448 algorithms.
* gpg: By default do not use the self-sigs-only option when
importing from an LDAP keyserver.
* gpg: Lookup a missing public key of the active card via LDAP.
* gpgsm: New command --show-certs.
* scd: Fix CCID driver for SCM SPR332/SPR532.
* scd: Further improvements for PKCS#15 cards.
* New configure option --with-tss to allow the selection of the
TSS library.
- Rebase patches:
* gnupg-add_legacy_FIPS_mode_option.patch
* gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
* gnupg-dont-fail-with-seahorse-agent.patch
* gnupg-set_umask_before_open_outfile.patch
-------------------------------------------------------------------
Fri Jun 11 12:15:37 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- GnuPG 2.3.0:
* A new experimental key database daemon is provided. To enable
it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored
in a SQLite database and make key lookup much faster.
* New tool gpg-card as a flexible frontend for all types of
supported smartcards.
* New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
gpg-connect-agent.
* The gpg-wks-client tool is now installed under bin; a wrapper for
its old location at libexec is also installed.
* tpm2d: New daemon to physically bind keys to the local machine.
* gpg: Switch to ed25519/cv25519 as default public key algorithms.
* gpg: Verification results now depend on the --sender option and
the signer's UID subpacket.
* gpg: Do not use any 64-bit block size cipher algorithm for
encryption. Use AES as last resort cipher preference instead of
3DES. This can be reverted using --allow-old-cipher-algos.
* gpg: Support AEAD encryption mode using OCB or EAX.
* gpg: Support v5 keys and signatures.
* gpg: Support curve X448 (ed448, cv448).
* gpg: Allow use of group names in key listings.
* gpg: New option --full-timestrings to print date and time.
* gpg: New option --force-sign-key.
* gpg: New option --no-auto-trust-new-key.
* gpg: The legacy key discovery method PKA is no longer supported.
The command --print-pka-records and the PKA related import and
export options have been removed.
* gpg: Support export of Ed448 Secure Shell keys.
* gpgsm: Add basic ECC support.
* gpgsm: Support creation of EdDSA certificates. [#4888]
* agent: Allow the use of "Label:" in a key file to customize the
pinentry prompt.
* agent: Support ssh-agent extensions for environment variables.
With a patched version of OpenSSH this avoids the need for the
"updatestartuptty" kludge.
* scd: Improve support for multiple card readers and tokens.
* scd: Support PIV cards.
* scd: Support for Rohde&Schwarz Cybersecurity cards.
* scd: Support Telesec Signature Cards v2.0
* scd: Support multiple application on certain smartcard.
* scd: New option --application-priority.
* scd: New option --pcsc-shared; see man page for important notes.
* dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.
* The symcryptrun tool, a wrapper for the now obsolete external
Chiasmus tool, has been removed.
* Full Unicode support for the command line.
- dropped legacy commands: gpg-zip
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 7 20:56:23 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> Wed Apr 7 20:56:23 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>

View File

@ -17,36 +17,34 @@
Name: gpg2 Name: gpg2
Version: 2.3.3 Version: 2.2.27
Release: 0 Release: 0
Summary: File encryption, decryption, signature creation and verification utility Summary: File encryption, decryption, signature creation and verification utility
License: GPL-3.0-or-later License: GPL-3.0-or-later
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
URL: https://www.gnupg.org URL: https://www.gnupg.org
Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
# https://www.gnupg.org/signature_key.html # https://www.gnupg.org/signature_key.html
Source3: %{name}.keyring Source3: %{name}.keyring
Source4: scdaemon.udev Source4: scdaemon.udev
Source99: %{name}.changes Source99: %{name}.changes
Patch1: gnupg-gpg-agent-ulimit.patch Patch4: gnupg-2.0.9-langinfo.patch
Patch2: gnupg-2.0.9-langinfo.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch
Patch3: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch
Patch4: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch
Patch5: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch
Patch6: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-2.2.16-secmem.patch
Patch7: gnupg-2.2.16-secmem.patch Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch14: gnupg-add-test-cases-for-import-without-uid.patch
Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch Patch1124847: gnupg-gpg-agent-ulimit.patch
BuildRequires: expect BuildRequires: expect
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: ibmswtpm2
BuildRequires: ibmtss-devel
BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libassuan-devel >= 2.5.0
BuildRequires: libgcrypt-devel >= 1.9.1 BuildRequires: libgcrypt-devel >= 1.8.0
BuildRequires: libgpg-error-devel >= 1.41 BuildRequires: libgpg-error-devel >= 1.27
BuildRequires: libksba-devel >= 1.3.4 BuildRequires: libksba-devel >= 1.3.5
BuildRequires: makeinfo BuildRequires: makeinfo
BuildRequires: npth-devel >= 1.2 BuildRequires: npth-devel >= 1.2
BuildRequires: openldap2-devel BuildRequires: openldap2-devel
@ -55,12 +53,12 @@ BuildRequires: readline-devel
BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(gnutls) >= 3.0
BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(libusb-1.0)
BuildRequires: pkgconfig(sqlite3) >= 3.27 BuildRequires: pkgconfig(sqlite3) >= 3.7
BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(zlib)
# runtime dependency to support devel repository users - boo#955982 # runtime dependency to support devel repository users - boo#955982
Requires: libassuan0 >= 2.5.0 Requires: libassuan0 >= 2.5.0
Requires: libgcrypt20 >= 1.9.1 Requires: libgcrypt20 >= 1.8.0
Requires: libksba >= 1.3.4 Requires: libksba >= 1.3.5
Requires: pinentry Requires: pinentry
Recommends: dirmngr = %{version} Recommends: dirmngr = %{version}
Provides: gnupg = %{version} Provides: gnupg = %{version}
@ -90,11 +88,18 @@ gpgsm, or via the gpg-connect-agent tool.
%lang_package %lang_package
%prep %prep
%autosetup -p1 -n gnupg-%{version} %setup -q -n gnupg-%{version}
%patch1124847 -p1
# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch %patch4 -p1
# to not have man pages and info files have the build date (boo#1047218) %patch6 -p1
touch -d 2018-05-04 doc/gpg.texi %patch8 -p1
%patch9 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218)
%build %build
date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
@ -107,6 +112,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
--with-scdaemon-pgm=%{_bindir}/scdaemon \ --with-scdaemon-pgm=%{_bindir}/scdaemon \
--enable-ldap \ --enable-ldap \
--enable-gpgsm=yes \ --enable-gpgsm=yes \
--enable-gpg \
--enable-gpgtar \ --enable-gpgtar \
--enable-g13 \ --enable-g13 \
--enable-large-secmem \ --enable-large-secmem \
@ -114,7 +120,8 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
--with-gnu-ld \ --with-gnu-ld \
--with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
--enable-build-timestamp=$date \ --enable-build-timestamp=$date \
--enable-gpg-is-gpg2 --enable-gpg-is-gpg2 \
--enable-Werror
%make_build %make_build
@ -138,6 +145,9 @@ mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
# install udev rules for scdaemon # install udev rules for scdaemon
install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
# install legacy tools
install -m 755 tools/gpg-zip %{buildroot}/%{_bindir}
# install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir}
%find_lang gnupg2 %find_lang gnupg2
%fdupes -s %{buildroot} %fdupes -s %{buildroot}