rpm/gpg2
SHA256
1
0
Fork 0
forked from pool/gpg2
Code Pull Requests Activity
0f5ef67105
gpg2/gpg2.spec
Marcus Meissner 0f5ef67105 Accepting request 1083567 from home:david.anes:branches:Base:System 
- Rebased patches:
  * gnupg-add_legacy_FIPS_mode_option.patch
- Removed patches (already upstream):
  * gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch 
- Don't ship systemd examples, as they are removed from upstream
  release tarball.
- Update to 2.4.1:
  * If the ~/.gnupg directory does not exist, the keyboxd is now
    automagically enabled.
  * gpg: New option --add-desig-revoker.
  * gpg: New option --assert-signer.
  * gpg: New command --quick-add-adsk and other ADSK features.
  * gpg: New list-option "show-unusable-sigs".  Also show
    "[self-signature]" instead of the user-id in key signature
    listings. 
  * gpg: For symmetric encryption the default S2K hash is now SHA256.
  * gpg: Detect already compressed data also when using a pipe.  Also
    detect JPEG and PNG file formats.
  * gpg: New subcommand "openpgp" for --card-edit.
  * gpgsm: Verification of detached signatures does now strip trailing
    zeroes from the input if --assume-binary is used.
  * gpgsm: Non-armored detached signature are now created without
    using indefinite form length octets.  This improves compatibility
    with some PDF signature verification software.
  * gpgtar: Emit progress status lines in create mode.
  * dirmngr: The LDAP modifyTimestamp is now returned by some
    keyserver commands.
  * ssh: Allow specification of the order keys are presented to ssh.
    See the man page entry for --enable-ssh-support.
  * gpg: Make list-options "show-sig-subpackets" work again.

OBS-URL: https://build.opensuse.org/request/show/1083567
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=284
2023-04-29 07:28:45 +00:00

196 lines
6.5 KiB
RPMSpec
Raw Blame History

#
# spec file for package gpg2
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: gpg2
Version: 2.4.1
Release: 0
Summary: File encryption, decryption, signature creation and verification utility
License: GPL-3.0-or-later
Group: Productivity/Networking/Security
URL: https://www.gnupg.org
Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2
Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
# https://www.gnupg.org/signature_key.html
Source3: https://gnupg.org/signature_key.asc#/%{name}.keyring
Source4: scdaemon.udev
Source99: %{name}.changes
Patch1: gnupg-gpg-agent-ulimit.patch
Patch2: gnupg-2.0.9-langinfo.patch
Patch3: gnupg-dont-fail-with-seahorse-agent.patch
Patch4: gnupg-set_umask_before_open_outfile.patch
Patch5: gnupg-detect_FIPS_mode.patch
Patch6: gnupg-add_legacy_FIPS_mode_option.patch
Patch7: gnupg-2.2.16-secmem.patch
Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
Patch9: gnupg-add-test-cases-for-import-without-uid.patch
Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
BuildRequires: expect
BuildRequires: fdupes
BuildRequires: ibmswtpm2
BuildRequires: ibmtss-devel
BuildRequires: libassuan-devel >= 2.5.0
BuildRequires: libgcrypt-devel >= 1.9.1
BuildRequires: libgpg-error-devel >= 1.46
BuildRequires: libksba-devel >= 1.6.3
BuildRequires: makeinfo
BuildRequires: npth-devel >= 1.2
BuildRequires: openldap2-devel
BuildRequires: pkgconfig
BuildRequires: readline-devel
BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(gnutls) >= 3.0
BuildRequires: pkgconfig(libusb-1.0)
BuildRequires: pkgconfig(sqlite3) >= 3.27
BuildRequires: pkgconfig(zlib)
# runtime dependency to support devel repository users - boo#955982
Requires: libassuan0 >= 2.5.0
Requires: libgcrypt20 >= 1.9.1
Requires: libksba >= 1.3.4
Requires: pinentry
Recommends: dirmngr = %{version}
Provides: gnupg = %{version}
Provides: gpg = 1.4.9
Provides: newpg
Obsoletes: gpg < 1.4.9
%description
GnuPG is a hybrid-encryption software program; it uses a combination
of symmetric-key and public-key cryptography to encrypt/decrypt
messages and/or to sign and verify them.
gpg2 provides GPGSM, gpg-agent, and a keybox library.
%package -n dirmngr
Summary: Keyserver, CRL, and OCSP access for GnuPG
Group: Productivity/Networking/Security
%description -n dirmngr
Since version 2.1 of GnuPG, dirmngr takes care of accessing the OpenPGP
keyservers. As with previous versions it is also used as a server for managing
and downloading certificate
revocation lists (CRLs) for X.509 certificates, downloading X.509 certificates,
and providing access to OCSP providers. Dirmngr is invoked internally by gpg,
gpgsm, or via the gpg-connect-agent tool.
%package tpm
Summary: TPM2 support for GnuPG
Group: Productivity/Networking/Security
%description tpm
Version 2.3 of GnuPG introduced support for converting GPG private
keys to TPM2 wrapped form. This package enables that support. The
keytotpm command will not function unless this package is installed.
%lang_package
%prep
%autosetup -p1 -n gnupg-%{version}
# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch
# to not have man pages and info files have the build date (boo#1047218)
touch -d 2018-05-04 doc/gpg.texi
%build
date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
%configure \
--libexecdir=%{_libdir} \
--docdir=%{_docdir}/%{name} \
--with-agent-pgm=%{_bindir}/gpg-agent \
--with-pinentry-pgm=%{_bindir}/pinentry \
--with-dirmngr-pgm=%{_bindir}/dirmngr \
--with-scdaemon-pgm=%{_bindir}/scdaemon \
--with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \
--enable-ldap \
--enable-gpgsm=yes \
--enable-gpgtar \
--enable-g13 \
--enable-large-secmem \
--enable-wks-tools \
--with-gnu-ld \
--with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
--enable-build-timestamp=$date \
--enable-gpg-is-gpg2
%make_build
%install
%make_install
mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
# bnc#391347
install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
# delete to prevent fdupes from creating cross-partition hardlink
rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf
rm %{buildroot}%{_infodir}/dir
# compat symlinks
ln -sf gpg2 %{buildroot}%{_bindir}/gpg
ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
# fix rpmlint invalid-lc-messages-dir:
rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
# install scdaemon to %%{_bindir} (bnc#863645)
mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
# install tpm2daemon
mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir}
# install udev rules for scdaemon
install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
%find_lang gnupg2
%fdupes -s %{buildroot}
%check
# Run only localy, fails in OBS
#%%if ! 0%%{?qemu_user_space_build}
#make %%{?_smp_mflags} check
#%%endif
%post
%udev_rules_update
%files lang -f gnupg2.lang
%files
%{_infodir}/gnupg*
%exclude %{_mandir}/*/dirmngr*%{ext_man}
%{_mandir}/*/*%{ext_man}
%license COPYING*
%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
%doc %{_docdir}/%{name}
%exclude %{_bindir}/dirmngr*
%exclude %{_bindir}/tpm2daemon*
%{_bindir}/*
%{_libdir}/[^d]*
%{_sbindir}/addgnupghome
%{_sbindir}/applygnupgdefaults
%{_sbindir}/g13-syshelp
%{_udevrulesdir}/60-scdaemon.rules
%{_datadir}/gnupg
%dir %{_sysconfdir}/gnupg
%config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf
%files -n dirmngr
%license COPYING*
%{_mandir}/*/dirmngr*%{ext_man}
%{_bindir}/dirmngr*
%files tpm
%{_bindir}/tpm2daemon*
%changelog
View Git Blame Copy Permalink