diff --git a/gnupg-2.2.27.tar.bz2 b/gnupg-2.2.27.tar.bz2 new file mode 100644 index 0000000..451f1a3 --- /dev/null +++ b/gnupg-2.2.27.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399 +size 7191555 diff --git a/gnupg-2.2.27.tar.bz2.sig b/gnupg-2.2.27.tar.bz2.sig new file mode 100644 index 0000000..8c34ebe Binary files /dev/null and b/gnupg-2.2.27.tar.bz2.sig differ diff --git a/gnupg-2.2.8-files-are-digests.patch b/gnupg-2.2.8-files-are-digests.patch new file mode 100644 index 0000000..92992b2 --- /dev/null +++ b/gnupg-2.2.8-files-are-digests.patch @@ -0,0 +1,200 @@ +--- + g10/gpg.c | 4 +++ + g10/options.h | 1 + g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ + 3 files changed, 67 insertions(+), 6 deletions(-) + +Index: gnupg-2.2.27/g10/gpg.c +=================================================================== +--- gnupg-2.2.27.orig/g10/gpg.c ++++ gnupg-2.2.27/g10/gpg.c +@@ -382,6 +382,7 @@ enum cmd_and_opt_values + oTTYtype, + oLCctype, + oLCmessages, ++ oFilesAreDigests, + oXauthority, + oGroup, + oUnGroup, +@@ -838,6 +839,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), + ARGPARSE_s_n (oUnwrap, "unwrap", "@"), + ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), ++ ARGPARSE_s_n (oFilesAreDigests, "files-are-digests", "@"), + + /* Aliases. I constantly mistype these, and assume other people do + as well. */ +@@ -2372,6 +2374,7 @@ main (int argc, char **argv) + opt.def_cert_expire = "0"; + gnupg_set_homedir (NULL); + opt.passphrase_repeat = 1; ++ opt.files_are_digests=0; + opt.emit_version = 0; + opt.weak_digests = NULL; + +@@ -2944,6 +2947,7 @@ main (int argc, char **argv) + opt.verify_options&=~VERIFY_SHOW_PHOTOS; + break; + case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; ++ case oFilesAreDigests: opt.files_are_digests = 1; break; + + case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; + case oIncludeKeyBlock: opt.flags.include_key_block = 1; break; +Index: gnupg-2.2.27/g10/options.h +=================================================================== +--- gnupg-2.2.27.orig/g10/options.h ++++ gnupg-2.2.27/g10/options.h +@@ -202,6 +202,7 @@ struct + int no_auto_check_trustdb; + int preserve_permissions; + int no_homedir_creation; ++ int files_are_digests; + struct groupitem *grouplist; + int mangle_dos_filenames; + int enable_progress_filter; +Index: gnupg-2.2.27/g10/sign.c +=================================================================== +--- gnupg-2.2.27.orig/g10/sign.c ++++ gnupg-2.2.27/g10/sign.c +@@ -43,6 +43,8 @@ + #include "../common/mbox-util.h" + #include "../common/compliance.h" + ++#include "../common/host2net.h" ++ + #ifdef HAVE_DOSISH_SYSTEM + #define LF "\r\n" + #else +@@ -844,6 +846,8 @@ write_signature_packets (ctrl_t ctrl, + if (duration || opt.sig_policy_url + || opt.sig_notations || opt.sig_keyserver_url) + sig->version = 4; ++ else if (opt.files_are_digests) ++ sig->version = 3; + else + sig->version = pk->version; + +@@ -872,8 +876,12 @@ write_signature_packets (ctrl_t ctrl, + } + else + err = 0; /* Actually never reached. */ ++ if (!opt.files_are_digests) { + hash_sigversion_to_magic (md, sig); + gcry_md_final (md); ++ } else if (sig->version >= 4) { ++ log_bug("files-are-digests doesn't work with v4 sigs\n"); ++ } + + if (!err) + err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); +@@ -937,6 +945,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + SK_LIST sk_rover = NULL; + int multifile = 0; + u32 duration=0; ++ int sigclass = 0x00; ++ u32 timestamp = 0; + + pfx = new_progress_context (); + afx = new_armor_context (); +@@ -954,7 +964,16 @@ sign_file (ctrl_t ctrl, strlist_t filena + fname = NULL; + + if( fname && filenames->next && (!detached || encryptflag) ) +- log_bug("multiple files can only be detached signed"); ++ log_bug("multiple files can only be detached signed\n"); ++ ++ if (opt.files_are_digests && (multifile || !fname)) ++ log_bug("files-are-digests only works with one file\n"); ++ if (opt.files_are_digests && !detached) ++ log_bug("files-are-digests can only write detached signatures\n"); ++ if (opt.files_are_digests && !opt.def_digest_algo) ++ log_bug("files-are-digests needs --digest-algo\n"); ++ if (opt.files_are_digests && opt.textmode) ++ log_bug("files-are-digests doesn't work with --textmode\n"); + + if(encryptflag==2 + && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) +@@ -975,7 +994,7 @@ sign_file (ctrl_t ctrl, strlist_t filena + goto leave; + + /* prepare iobufs */ +- if( multifile ) /* have list of filenames */ ++ if( multifile || opt.files_are_digests) /* have list of filenames */ + inp = NULL; /* we do it later */ + else { + inp = iobuf_open(fname); +@@ -1124,7 +1143,7 @@ sign_file (ctrl_t ctrl, strlist_t filena + for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) + gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); + +- if( !multifile ) ++ if( !multifile && !opt.files_are_digests ) + iobuf_push_filter( inp, md_filter, &mfx ); + + if( detached && !encryptflag) +@@ -1179,6 +1198,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + + write_status_begin_signing (mfx.md); + ++ sigclass = opt.textmode && !outfile? 0x01 : 0x00; ++ + /* Setup the inner packet. */ + if( detached ) { + if( multifile ) { +@@ -1219,6 +1240,45 @@ sign_file (ctrl_t ctrl, strlist_t filena + if( opt.verbose ) + log_printf ("\n"); + } ++ else if (opt.files_are_digests) { ++ byte *mdb, ts[5]; ++ size_t mdlen; ++ const char *fp; ++ int c, d; ++ ++ gcry_md_final(mfx.md); ++ /* this assumes gcry_md_read returns the same buffer */ ++ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); ++ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); ++ if (strlen(fname) != mdlen * 2 + 11) ++ log_bug("digests must be %d + @ + 5 bytes\n", mdlen); ++ d = -1; ++ for (fp = fname ; *fp; ) { ++ c = *fp++; ++ if (c >= '0' && c <= '9') ++ c -= '0'; ++ else if (c >= 'a' && c <= 'f') ++ c -= 'a' - 10; ++ else if (c >= 'A' && c <= 'F') ++ c -= 'A' - 10; ++ else ++ log_bug("filename is not hex\n"); ++ if (d >= 0) { ++ *mdb++ = d << 4 | c; ++ c = -1; ++ if (--mdlen == 0) { ++ mdb = ts; ++ if (*fp++ != '@') ++ log_bug("missing time separator\n"); ++ } ++ } ++ d = c; ++ } ++ sigclass = ts[0]; ++ if (sigclass != 0x00 && sigclass != 0x01) ++ log_bug("bad cipher class\n"); ++ timestamp = buf32_to_u32(ts + 1); ++ } + else { + /* read, so that the filter can calculate the digest */ + while( iobuf_get(inp) != -1 ) +@@ -1237,8 +1297,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + + /* write the signatures */ + rc = write_signature_packets (ctrl, sk_list, out, mfx.md, +- opt.textmode && !outfile? 0x01 : 0x00, +- 0, duration, detached ? 'D':'S', NULL); ++ sigclass, ++ timestamp, duration, detached ? 'D':'S', NULL); + if( rc ) + goto leave; + diff --git a/gnupg-2.3.0.tar.bz2 b/gnupg-2.3.0.tar.bz2 deleted file mode 100644 index be30ff5..0000000 --- a/gnupg-2.3.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:84c1ef39e8621cfb70f31463a5d1d8edeab44332bc1e0e1af9b78b6f9ed05bb4 -size 7557228 diff --git a/gnupg-2.3.0.tar.bz2.sig b/gnupg-2.3.0.tar.bz2.sig deleted file mode 100644 index d89680d..0000000 Binary files a/gnupg-2.3.0.tar.bz2.sig and /dev/null differ diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index ac58652..258c800 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.3.0/doc/gpg.texi +Index: gnupg-2.2.20/doc/gpg.texi =================================================================== ---- gnupg-2.3.0.orig/doc/gpg.texi -+++ gnupg-2.3.0/doc/gpg.texi -@@ -2178,6 +2178,24 @@ implies, this option is for experts only +--- gnupg-2.2.20.orig/doc/gpg.texi ++++ gnupg-2.2.20/doc/gpg.texi +@@ -2133,6 +2133,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,28 +32,28 @@ Index: gnupg-2.3.0/doc/gpg.texi @end table -Index: gnupg-2.3.0/g10/gpg.c +Index: gnupg-2.2.20/g10/gpg.c =================================================================== ---- gnupg-2.3.0.orig/g10/gpg.c -+++ gnupg-2.3.0/g10/gpg.c -@@ -437,6 +437,7 @@ enum cmd_and_opt_values +--- gnupg-2.2.20.orig/g10/gpg.c ++++ gnupg-2.2.20/g10/gpg.c +@@ -429,6 +429,7 @@ enum cmd_and_opt_values + oUseOnlyOpenPGPCard, + oIncludeKeyBlock, oNoIncludeKeyBlock, - oChUid, - oForceSignKey, + oSetLegacyFips, oNoop }; -@@ -870,6 +871,7 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_s (oAEADAlgo, "aead-algo", "@"), - ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), - ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), +@@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), + ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), + ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), + ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), - ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3688,6 +3690,13 @@ main (int argc, char **argv) - opt.flags.full_timestrings = 1; +@@ -3614,6 +3616,13 @@ main (int argc, char **argv) + opt.flags.use_only_openpgp_card = 1; break; + case oSetLegacyFips: diff --git a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch index bf5711b..3c80a48 100644 --- a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +++ b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch @@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.3.0/g10/import.c +Index: gnupg-2.2.19/g10/import.c =================================================================== ---- gnupg-2.3.0.orig/g10/import.c -+++ gnupg-2.3.0/g10/import.c -@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.2.19.orig/g10/import.c ++++ gnupg-2.2.19/g10/import.c +@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,12 +29,12 @@ Index: gnupg-2.3.0/g10/import.c KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, +@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } - -- if (!uidnode) +- if (!uidnode ) - { - if (!silent) - log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); @@ -44,18 +44,16 @@ Index: gnupg-2.3.0/g10/import.c if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, - xfree(user); +@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl, } } -- -- /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) + +- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) - { - if (!silent) - { -- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); -- if (!opt.quiet) +- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet ) - log_info(_("this may be caused by a missing self-signature\n")); - } - stats->no_user_id++; @@ -68,7 +66,7 @@ Index: gnupg-2.3.0/g10/import.c /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, +@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -93,7 +91,7 @@ Index: gnupg-2.3.0/g10/import.c } /* The keyblock is valid and ready for real import. */ -@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, +@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch index e4bbb06..6302c8b 100644 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -2,16 +2,16 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.3.0/g10/passphrase.c +Index: gnupg-2.1.0/g10/passphrase.c =================================================================== ---- gnupg-2.3.0.orig/g10/passphrase.c -+++ gnupg-2.3.0/g10/passphrase.c -@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac - } - else - { -- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); -+ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc)); - /* Due to limitations in the API of the upper layers they - consider an error as no passphrase entered. This works in - most cases but not during key creation where this should +--- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100 ++++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100 +@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations) + { + /* Don't print an error if an older agent is used. */ + if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) +- log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); ++ log_info (_("problem with the agent: %s\n"), gpg_strerror (err)); + /* Default to 65536 which we used up to 2.0.13. */ + return 96; + } diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch index 7e78d69..195e99c 100644 --- a/gnupg-set_umask_before_open_outfile.patch +++ b/gnupg-set_umask_before_open_outfile.patch @@ -1,7 +1,7 @@ -Index: gnupg-2.3.0/g10/plaintext.c +Index: gnupg-2.1.20/g10/plaintext.c =================================================================== ---- gnupg-2.3.0.orig/g10/plaintext.c -+++ gnupg-2.3.0/g10/plaintext.c +--- gnupg-2.1.20.orig/g10/plaintext.c 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.20/g10/plaintext.c 2017-04-04 09:53:31.541145727 +0200 @@ -24,6 +24,7 @@ #include #include @@ -39,5 +39,5 @@ Index: gnupg-2.3.0/g10/plaintext.c + } + umask(saved_umask); } - - leave: + #else /* __riscos__ */ + /* If no output filename was given, i.e. we constructed it, convert diff --git a/gpg2.changes b/gpg2.changes index 6d1c949..83c03a1 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,59 +1,3 @@ -------------------------------------------------------------------- -Wed Apr 7 20:56:23 UTC 2021 - Andreas Stieger - -- GnuPG 2.3.0: - * A new experimental key database daemon is provided. To enable - it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored - in a SQLite database and make key lookup much faster. - * New tool gpg-card as a flexible frontend for all types of - supported smartcards. - * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and - gpg-connect-agent. - * The gpg-wks-client tool is now installed under bin; a wrapper for - its old location at libexec is also installed. - * tpm2d: New daemon to physically bind keys to the local machine. - * gpg: Switch to ed25519/cv25519 as default public key algorithms. - * gpg: Verification results now depend on the --sender option and - the signer's UID subpacket. - * gpg: Do not use any 64-bit block size cipher algorithm for - encryption. Use AES as last resort cipher preference instead of - 3DES. This can be reverted using --allow-old-cipher-algos. - * gpg: Support AEAD encryption mode using OCB or EAX. - * gpg: Support v5 keys and signatures. - * gpg: Support curve X448 (ed448, cv448). - * gpg: Allow use of group names in key listings. - * gpg: New option --full-timestrings to print date and time. - * gpg: New option --force-sign-key. - * gpg: New option --no-auto-trust-new-key. - * gpg: The legacy key discovery method PKA is no longer supported. - The command --print-pka-records and the PKA related import and - export options have been removed. - * gpg: Support export of Ed448 Secure Shell keys. - * gpgsm: Add basic ECC support. - * gpgsm: Support creation of EdDSA certificates. [#4888] - * agent: Allow the use of "Label:" in a key file to customize the - pinentry prompt. - * agent: Support ssh-agent extensions for environment variables. - With a patched version of OpenSSH this avoids the need for the - "updatestartuptty" kludge. - * scd: Improve support for multiple card readers and tokens. - * scd: Support PIV cards. - * scd: Support for Rohde&Schwarz Cybersecurity cards. - * scd: Support Telesec Signature Cards v2.0 - * scd: Support multiple application on certain smartcard. - * scd: New option --application-priority. - * scd: New option --pcsc-shared; see man page for important notes. - * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. - * The symcryptrun tool, a wrapper for the now obsolete external - Chiasmus tool, has been removed. - * Full Unicode support for the command line. -- Remove the "files-are-digests" option from the openSUSE package. - This feature was not upstream and only used in the OBS signing - daemon. The recommended upstream feature for separating the data - to be signed from the private keys is gpg agent forwarding, - available from 2.1. Drop gnupg-2.2.8-files-are-digests.patch -- dropped legacy commands: gpg-zip - ------------------------------------------------------------------- Tue Jan 12 22:45:11 UTC 2021 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index aeb3c80..3c8c658 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.0 +Version: 2.2.27 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -30,6 +30,7 @@ Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes Patch4: gnupg-2.0.9-langinfo.patch +Patch5: gnupg-2.2.8-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch @@ -41,12 +42,10 @@ Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.pa Patch1124847: gnupg-gpg-agent-ulimit.patch BuildRequires: expect BuildRequires: fdupes -BuildRequires: ibmswtpm2 -BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 -BuildRequires: libgcrypt-devel >= 1.9.1 -BuildRequires: libgpg-error-devel >= 1.41 -BuildRequires: libksba-devel >= 1.3.4 +BuildRequires: libgcrypt-devel >= 1.8.0 +BuildRequires: libgpg-error-devel >= 1.27 +BuildRequires: libksba-devel >= 1.3.5 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel @@ -55,17 +54,19 @@ BuildRequires: readline-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) -BuildRequires: pkgconfig(sqlite3) >= 3.27 +BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 -Requires: libgcrypt20 >= 1.9.1 -Requires: libksba >= 1.3.4 +Requires: libgcrypt20 >= 1.8.0 +Requires: libksba >= 1.3.5 Requires: pinentry Recommends: dirmngr = %{version} Provides: gnupg = %{version} Provides: gpg = 1.4.9 Provides: newpg +# special feature needed for OBS signd +Provides: gpg2_signd_support Obsoletes: gpg < 1.4.9 %description @@ -93,6 +94,7 @@ gpgsm, or via the gpg-connect-agent tool. %setup -q -n gnupg-%{version} %patch1124847 -p1 %patch4 -p1 +%patch5 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 @@ -114,6 +116,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-scdaemon-pgm=%{_bindir}/scdaemon \ --enable-ldap \ --enable-gpgsm=yes \ + --enable-gpg \ --enable-gpgtar \ --enable-g13 \ --enable-large-secmem \ @@ -122,6 +125,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ --enable-gpg-is-gpg2 \ + --enable-Werror %make_build @@ -145,6 +149,9 @@ mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules +# install legacy tools +install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} +# install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir} %find_lang gnupg2 %fdupes -s %{buildroot}