diff --git a/pkgs/by-name/gn/gnupg_2_5/24-allow-import-of-previously-known-keys-even-without-UI.patch b/pkgs/by-name/gn/gnupg_2_5/24-allow-import-of-previously-known-keys-even-without-UI.patch new file mode 100644 index 0000000000000..8d4f703a3dd14 --- /dev/null +++ b/pkgs/by-name/gn/gnupg_2_5/24-allow-import-of-previously-known-keys-even-without-UI.patch @@ -0,0 +1,107 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 44 +++++++++++--------------------------------- + 1 file changed, 11 insertions(+), 33 deletions(-) + + +diff --git a/g10/import.c b/g10/import.c +index 9fab46ca6..61896a6bf 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1992,13 +1991,6 @@ import_one_real (ctrl_t ctrl, + } + + +- if (!uidnode) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -2078,18 +2070,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) +- { +- if (!silent) +- { +- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -2099,24 +2083,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2174,6 +2145,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/pkgs/by-name/gn/gnupg_2_5/24-revert-rfc4880bis-defaults.patch b/pkgs/by-name/gn/gnupg_2_5/24-revert-rfc4880bis-defaults.patch new file mode 100644 index 0000000000000..8bc65ede79c06 --- /dev/null +++ b/pkgs/by-name/gn/gnupg_2_5/24-revert-rfc4880bis-defaults.patch @@ -0,0 +1,200 @@ +From 1e4f1550996334d2a631a5d769e937d29ace47bb Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Thu, 9 Feb 2023 16:38:58 +0100 +Subject: [PATCH gnupg] Revert the introduction of the RFC4880bis draft into + defaults + +This reverts commit 4583f4fe2 (gpg: Merge --rfc4880bis features into +--gnupg, 2022-10-31). +--- + g10/gpg.c | 35 ++++++++++++++++++++++++++++++++--- + g10/keygen.c | 30 ++++++++++++++++++------------ + 2 files changed, 50 insertions(+), 15 deletions(-) + +diff --git a/g10/gpg.c b/g10/gpg.c +index dcab0a11a..796888013 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -247,6 +247,7 @@ enum cmd_and_opt_values + oGnuPG, + oRFC2440, + oRFC4880, ++ oRFC4880bis, + oOpenPGP, + oPGP7, + oPGP8, +@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), + ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), + ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), ++ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"), + ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), + ARGPARSE_s_n (oPGP7, "pgp6", "@"), + ARGPARSE_s_n (oPGP7, "pgp7", "@"), +@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), + ARGPARSE_s_s (oNoop, "aead-algo", "@"), + ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), +- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), + + +@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option compliance_options[] = + { + { "gnupg", oGnuPG }, + { "openpgp", oOpenPGP }, +- { "rfc4880bis", oGnuPG }, ++ { "rfc4880bis", oRFC4880bis }, + { "rfc4880", oRFC4880 }, + { "rfc2440", oRFC2440 }, + { "pgp6", oPGP7 }, +@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option compliance_options[] = + static void + set_compliance_option (enum cmd_and_opt_values option) + { ++ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */ ++ + switch (option) + { ++ case oRFC4880bis: ++ opt.flags.rfc4880bis = 1; ++ opt.compliance = CO_RFC4880; ++ opt.flags.dsa2 = 1; ++ opt.flags.require_cross_cert = 1; ++ opt.rfc2440_text = 0; ++ opt.allow_non_selfsigned_uid = 1; ++ opt.allow_freeform_uid = 1; ++ opt.escape_from = 1; ++ opt.not_dash_escaped = 0; ++ opt.def_cipher_algo = 0; ++ opt.def_digest_algo = 0; ++ opt.cert_digest_algo = 0; ++ opt.compress_algo = -1; ++ opt.s2k_mode = 3; /* iterated+salted */ ++ opt.s2k_digest_algo = DIGEST_ALGO_SHA256; ++ opt.s2k_cipher_algo = CIPHER_ALGO_AES256; ++ break; + case oOpenPGP: + case oRFC4880: + /* This is effectively the same as RFC2440, but with +@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_values option) + case oPGP8: opt.compliance = CO_PGP8; break; + case oGnuPG: + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + break; + + case oDE_VS: +@@ -2491,6 +2513,7 @@ main (int argc, char **argv) + opt.emit_version = 0; + opt.weak_digests = NULL; + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + + /* Check special options given on the command line. */ + orig_argc = argc; +@@ -3033,6 +3056,7 @@ main (int argc, char **argv) + case oOpenPGP: + case oRFC2440: + case oRFC4880: ++ case oRFC4880bis: + case oPGP7: + case oPGP8: + case oGnuPG: +@@ -3862,6 +3886,11 @@ main (int argc, char **argv) + if( may_coredump && !opt.quiet ) + log_info(_("WARNING: program may create a core file!\n")); + ++ if (!opt.flags.rfc4880bis) ++ { ++ opt.mimemode = 0; /* This will use text mode instead. */ ++ } ++ + if (eyes_only) { + if (opt.set_filename) + log_info(_("WARNING: %s overrides %s\n"), +@@ -4078,7 +4107,7 @@ main (int argc, char **argv) + /* Check our chosen algorithms against the list of legal + algorithms. */ + +- if(!GNUPG) ++ if(!GNUPG && !opt.flags.rfc4880bis) + { + const char *badalg=NULL; + preftype_t badtype=PREFTYPE_NONE; +diff --git a/g10/keygen.c b/g10/keygen.c +index a2cfe3ccf..2a1dd1f81 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string,int personal) + strcat(dummy_string,"S7 "); + strcat(dummy_string,"S2 "); /* 3DES */ + +- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB)) ++ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) + strcat(dummy_string,"A2 "); + + if (personal) +@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque) + /* Make sure that the MDC feature flag is set if needed. */ + add_feature_mdc (sig,mdc_available); + add_feature_aead (sig, aead_available); +- add_feature_v5 (sig, 1); ++ add_feature_v5 (sig, opt.flags.rfc4880bis); + add_keyserver_modify (sig,ks_modify); + keygen_add_keyserver_url(sig,NULL); + +@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl, + } + } + else if (!ascii_strcasecmp (s, "v5")) +- keyversion = 5; ++ { ++ if (opt.flags.rfc4880bis) ++ keyversion = 5; ++ } + else if (!ascii_strcasecmp (s, "v4")) + keyversion = 4; + else +@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl, + * ecdsa := Use algorithm ECDSA. + * eddsa := Use algorithm EdDSA. + * ecdh := Use algorithm ECDH. +- * v5 := Create version 5 key ++ * v5 := Create version 5 key (requires option --rfc4880bis) + * + * There are several defaults and fallbacks depending on the + * algorithm. PART can be used to select which part of STRING is +@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const char *fname ) + } + } + +- if ((keywords[i].key == pVERSION +- || keywords[i].key == pSUBVERSION)) +- ; /* Ignore version. */ ++ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION ++ || keywords[i].key == pSUBVERSION)) ++ ; /* Ignore version unless --rfc4880bis is active. */ + else + { + r = xmalloc_clear( sizeof *r + strlen( value ) ); +@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *para, int for_subkey, + para = r; + } + +- r = xmalloc_clear (sizeof *r + 20); +- r->key = for_subkey? pSUBVERSION : pVERSION; +- snprintf (r->u.value, 20, "%d", version); +- r->next = para; +- para = r; ++ if (opt.flags.rfc4880bis) ++ { ++ r = xmalloc_clear (sizeof *r + 20); ++ r->key = for_subkey? pSUBVERSION : pVERSION; ++ snprintf (r->u.value, 20, "%d", version); ++ r->next = para; ++ para = r; ++ } + + if (keytime) + { diff --git a/pkgs/by-name/gn/gnupg_2_5/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch b/pkgs/by-name/gn/gnupg_2_5/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch new file mode 100644 index 0000000000000..5cbec92ae6834 --- /dev/null +++ b/pkgs/by-name/gn/gnupg_2_5/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch @@ -0,0 +1,32 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:43 +0200 +Subject: gpg: accept subkeys with a good revocation but no self-sig during + import + +* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we +encounter a valid revocation signature. This allows import of subkey +revocation signatures, even in the absence of a corresponding subkey +binding signature. + +-- + +This fixes the remaining test in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/g10/import.c b/g10/import.c +index 4fdf248..ee2fed8 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -3613,6 +3613,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) + /* It's valid, so is it newer? */ + if (sig->timestamp >= rsdate) + { ++ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ + if (rsnode) + { + /* Delete the last revocation sig since diff --git a/pkgs/by-name/gn/gnupg_2_5/fix-libusb-include-path.patch b/pkgs/by-name/gn/gnupg_2_5/fix-libusb-include-path.patch new file mode 100644 index 0000000000000..f20249b1cad16 --- /dev/null +++ b/pkgs/by-name/gn/gnupg_2_5/fix-libusb-include-path.patch @@ -0,0 +1,12 @@ +--- a/configure ++++ b/configure +@@ -9281,8 +9281,7 @@ fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking libusb include dir" >&5 + $as_echo_n "checking libusb include dir... " >&6; } + usb_incdir_found="no" +- for _incdir in "" "/usr/include/libusb-1.0" \ +- "/usr/local/include/libusb-1.0" "/usr/pkg/include/libusb-1.0"; do ++ for _incdir in "$($PKG_CONFIG --variable=includedir libusb-1.0)/libusb-1.0"; do + _libusb_save_cppflags=$CPPFLAGS + if test -n "${_incdir}"; then + CPPFLAGS="-I${_incdir} ${CPPFLAGS}" diff --git a/pkgs/by-name/gn/gnupg_2_5/package.nix b/pkgs/by-name/gn/gnupg_2_5/package.nix new file mode 100644 index 0000000000000..29cf94f9f88a7 --- /dev/null +++ b/pkgs/by-name/gn/gnupg_2_5/package.nix @@ -0,0 +1,159 @@ +{ + lib, + stdenv, + fetchurl, + buildPackages, + pkg-config, + texinfo, + gettext, + libassuan_3, + libgcrypt, + libgpg-error, + libiconv, + libksba, + npth, + adns, + bzip2, + gnutls, + libusb1, + openldap, + readline, + sqlite, + zlib, + enableMinimal ? false, + withPcsc ? !enableMinimal, + pcsclite, + guiSupport ? stdenv.hostPlatform.isDarwin, + pinentry_mac, + pinentry-gtk2, + withTpm2Tss ? !stdenv.hostPlatform.isDarwin && !enableMinimal, + tpm2-tss, + nixosTests, +}: + +assert guiSupport -> !enableMinimal; +let + libassuan = libassuan_3; + pinentry = if stdenv.hostPlatform.isDarwin then pinentry_mac else pinentry-gtk2; +in +stdenv.mkDerivation rec { + pname = "gnupg"; + version = "2.5.2"; + + src = fetchurl { + url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; + hash = "sha256-f0BMzGpYST/twV+u9Z866RSDHP+GaiPwv51mz90P6ik="; + }; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ + pkg-config + texinfo + ]; + buildInputs = + [ + gettext + libassuan + libgcrypt + libgpg-error + libiconv + libksba + npth + ] + ++ lib.optionals (!enableMinimal) [ + adns + bzip2 + gnutls + libusb1 + openldap + readline + sqlite + zlib + ] + ++ lib.optionals withTpm2Tss [ tpm2-tss ]; + + patches = [ + ./fix-libusb-include-path.patch + ./tests-add-test-cases-for-import-without-uid.patch + ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch + ./24-allow-import-of-previously-known-keys-even-without-UI.patch + ./24-revert-rfc4880bis-defaults.patch + ]; + + postPatch = + '' + sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1 + '' + + lib.optionalString (stdenv.hostPlatform.isLinux && withPcsc) '' + sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c + ''; + + configureFlags = + [ + "--sysconfdir=/etc" + "--with-libgpg-error-prefix=${libgpg-error.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-ksba-prefix=${libksba.dev}" + "GPGRT_CONFIG=${lib.getDev libgpg-error}/bin/gpgrt-config" + ] + ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${ + pinentry.binaryPath or "bin/pinentry" + }" + ++ lib.optional withTpm2Tss "--with-tss=intel" + ++ lib.optional stdenv.hostPlatform.isDarwin "--disable-ccid-driver"; + + postInstall = + if enableMinimal then + '' + rm -r $out/{libexec,sbin,share} + for f in $(find $out/bin -type f -not -name gpg) + do + rm $f + done + '' + else + '' + # add gpg2 symlink to make sure git does not break when signing commits + ln -s $out/bin/gpg $out/bin/gpg2 + + # Make libexec tools available in PATH + for f in $out/libexec/; do + if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi + ln -s $f $out/bin/$(basename $f) + done + + for f in $out/libexec/; do + if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi + ln -s $f $out/bin/$(basename $f) + done + ''; + + enableParallelBuilding = true; + + passthru.tests = nixosTests.gnupg; + + meta = with lib; { + homepage = "https://gnupg.org"; + changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=${pname}.git;a=blob;f=NEWS;hb=refs/tags/${pname}-${version}"; + description = "Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "modern" (2.1) is the latest development with a lot of new features. + GnuPG allows to encrypt and sign your data and communication, features a + versatile key management system as well as access modules for all kind of + public key directories. GnuPG, also known as GPG, is a command line tool + with features for easy integration with other applications. A wealth of + frontend applications and libraries are available. Version 2 of GnuPG + also provides support for S/MIME. + ''; + maintainers = with maintainers; [ + fpletz + sgo + ]; + platforms = platforms.all; + mainProgram = "gpg"; + }; +} diff --git a/pkgs/by-name/gn/gnupg_2_5/tests-add-test-cases-for-import-without-uid.patch b/pkgs/by-name/gn/gnupg_2_5/tests-add-test-cases-for-import-without-uid.patch new file mode 100644 index 0000000000000..37ddeea224958 --- /dev/null +++ b/pkgs/by-name/gn/gnupg_2_5/tests-add-test-cases-for-import-without-uid.patch @@ -0,0 +1,201 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:41 +0200 +Subject: tests: add test cases for import without uid + +This commit adds a test case that does the following, in order: +- Import of a primary key plus user id +- Check that import of a subkey works, without a user id present in the +imported key +- Check that import of a subkey revocation works, without a user id or +subkey binding signature present in the imported key +- Check that import of a primary key revocation works, without a user id +present in the imported key + +-- + +Note that this test currently fails. The following changesets will +fix gpg so that the tests pass. + +GnuPG-Bug-id: 4393 +Signed-Off-By: Daniel Kahn Gillmor +--- + tests/openpgp/Makefile.am | 1 + + tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++ + .../import-incomplete/primary+revocation.asc | 9 +++ + .../primary+subkey+sub-revocation.asc | 10 ++++ + .../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++ + .../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++ + tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++ + 7 files changed, 118 insertions(+) + create mode 100755 tests/openpgp/import-incomplete.scm + create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc + +diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am +index f6014c9..6423da1 100644 +--- a/tests/openpgp/Makefile.am ++++ b/tests/openpgp/Makefile.am +@@ -78,6 +78,7 @@ XTESTS = \ + gpgv-forged-keyring.scm \ + armor.scm \ + import.scm \ ++ import-incomplete.scm \ + import-revocation-certificate.scm \ + ecc.scm \ + 4gb-packet.scm \ +diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm +new file mode 100755 +index 0000000..727a027 +--- /dev/null ++++ b/tests/openpgp/import-incomplete.scm +@@ -0,0 +1,68 @@ ++#!/usr/bin/env gpgscm ++ ++;; Copyright (C) 2016 g10 Code GmbH ++;; ++;; This file is part of GnuPG. ++;; ++;; GnuPG is free software; you can redistribute it and/or modify ++;; it under the terms of the GNU General Public License as published by ++;; the Free Software Foundation; either version 3 of the License, or ++;; (at your option) any later version. ++;; ++;; GnuPG is distributed in the hope that it will be useful, ++;; but WITHOUT ANY WARRANTY; without even the implied warranty of ++;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++;; GNU General Public License for more details. ++;; ++;; You should have received a copy of the GNU General Public License ++;; along with this program; if not, see . ++ ++(load (in-srcdir "tests" "openpgp" "defs.scm")) ++(setup-environment) ++ ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) ++ ++(info "Test import of new subkey, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of a subkey revocation, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:r:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of revocation, from a certificate without uid") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "pub:r:") ++ (string-contains? line "0843DA969AA8DAFB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ +diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc +new file mode 100644 +index 0000000..6b7b608 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+revocation.asc +@@ -0,0 +1,9 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [E] primary key, revocation signature over primary (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ ++EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 ++XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== ++=tM90 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +new file mode 100644 +index 0000000..83a51a5 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [D] primary key, subkey, subkey revocation (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ ++3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= ++=dwx2 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +new file mode 100644 +index 0000000..dc47a02 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [B] primary key, subkey, subkey binding sig (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR ++Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= ++=xuDu ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc +new file mode 100644 +index 0000000..134607d +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [C] primary key and self-sig expiring in 2024 (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 ++2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu ++3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN ++9ohXOEBWvdJgVv2YAg== ++=KWIK ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc +new file mode 100644 +index 0000000..055f300 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [A] primary key, user ID, and self-sig expiring in 2021 ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja +++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI ++kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= ++=1eII ++-----END PGP PUBLIC KEY BLOCK----- diff --git a/pkgs/by-name/li/libassuan_3/package.nix b/pkgs/by-name/li/libassuan_3/package.nix new file mode 100644 index 0000000000000..8294475f0d532 --- /dev/null +++ b/pkgs/by-name/li/libassuan_3/package.nix @@ -0,0 +1,79 @@ +{ + autoreconfHook, + fetchgit, + lib, + stdenv, + gettext, + npth, + libgpg-error, + buildPackages, + gitUpdater, + texinfo, +}: + +stdenv.mkDerivation rec { + pname = "libassuan"; + version = "3.0.1"; + + src = fetchgit { + url = "git://git.gnupg.org/libassuan.git"; + rev = "69069bc63e6b1152e34e39bc322132fd4fd7284d"; + sha256 = "sha256-VPIjnate9TB0guadj30dy2wTpeLkY5y65WRLr1IiY0Y="; + name = "${pname}-${version}"; + }; + + outputs = [ + "out" + "dev" + "info" + ]; + outputBin = "dev"; # libassuan-config + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ + autoreconfHook + texinfo + ]; + buildInputs = [ + npth + gettext + ]; + + configureFlags = [ + # Required for cross-compilation. + "--with-libgpg-error-prefix=${libgpg-error.dev}" + ]; + + doCheck = true; + + preBuild = '' + touch doc/version.texi + ''; + + # Make sure includes are fixed for callers who don't use libassuan-config + postInstall = '' + sed -i 's,#include ,#include "${libgpg-error.dev}/include/gpg-error.h",g' $dev/include/assuan.h + ''; + + passthru.updateScript = gitUpdater { + url = "https://dev.gnupg.org/source/libassuan.git"; + rev-prefix = "libassuan-"; + ignoredVersions = ".*-base"; + }; + + meta = with lib; { + description = "IPC library used by GnuPG and related software"; + mainProgram = "libassuan-config"; + longDescription = '' + Libassuan is a small library implementing the so-called Assuan + protocol. This protocol is used for IPC between most newer + GnuPG components. Both, server and client side functions are + provided. + ''; + homepage = "https://gnupg.org/software/libassuan/"; + changelog = "https://dev.gnupg.org/source/libassuan/browse/master/NEWS;libassuan-${version}"; + license = licenses.lgpl2Plus; + platforms = platforms.all; + maintainers = [ ]; + }; +} diff --git a/pkgs/by-name/li/libgpg-error/package.nix b/pkgs/by-name/li/libgpg-error/package.nix index 2dee6c721bc1a..c7946a50ec74e 100644 --- a/pkgs/by-name/li/libgpg-error/package.nix +++ b/pkgs/by-name/li/libgpg-error/package.nix @@ -1,6 +1,11 @@ -{ stdenv, lib, buildPackages, fetchurl, fetchpatch, gettext +{ stdenv +, lib +, buildPackages +, fetchurl +, gettext , genPosixLockObjOnly ? false -}: let +}: +let genPosixLockObjOnlyAttrs = lib.optionalAttrs genPosixLockObjOnly { buildPhase = '' cd src @@ -15,23 +20,16 @@ outputs = [ "out" ]; outputBin = "out"; }; -in stdenv.mkDerivation (rec { +in +stdenv.mkDerivation (rec { pname = "libgpg-error"; - version = "1.50"; + version = "1.51"; src = fetchurl { url = "mirror://gnupg/${pname}/${pname}-${version}.tar.bz2"; - hash = "sha256-aUBTSeCmM+REooxbNc6PFEhGhFGKUI3EigiZkv6T4go="; + hash = "sha256-vg8bLba5Pu1VNpzfefGfcnUMjHw5/CC1d+ckVFQn5rI="; }; - patches = [ - (fetchpatch { - url = "https://github.com/macports/macports-ports/raw/cc17f22f4056d84967bd94cf41458e3d3150f9e1/devel/libgpg-error/files/patch-src-spawn-posix.c.diff"; - extraPrefix = ""; - hash = "sha256-nIS9oKcgHdHtRTlaSx7mgwQPXq855t+SNujplQKKhzQ="; - }) - ]; - postPatch = '' sed '/BUILD_TIMESTAMP=/s/=.*/=1970-01-01T00:01+0000/' -i ./configure ''; diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix index 4ac7d48213e2a..5be2aab85b64f 100644 --- a/pkgs/development/libraries/libgcrypt/default.nix +++ b/pkgs/development/libraries/libgcrypt/default.nix @@ -17,11 +17,11 @@ assert enableCapabilities -> stdenv.hostPlatform.isLinux; stdenv.mkDerivation rec { pname = "libgcrypt"; - version = "1.10.3"; + version = "1.11.0"; src = fetchurl { - url = "mirror://gnupg/libgcrypt/${pname}-${version}.tar.bz2"; - hash = "sha256-iwhwiXrFrGfe1Wjc+t9Flpz6imvrD9YK8qnq3Coycqo="; + url = "mirror://gnupg/libgcrypt/libgcrypt-${version}.tar.bz2"; + sha256 = "sha256-CRIMmGfOfyCB1qqhd1OGuYwvLyRhNXYarkfYH1hoW5w="; }; outputs = [ @@ -97,9 +97,7 @@ stdenv.mkDerivation rec { doCheck = true; enableParallelChecking = true; - passthru.tests = { - inherit gnupg libotr rsyslog; - }; + passthru.tests = { inherit gnupg libotr rsyslog; }; meta = with lib; { homepage = "https://www.gnu.org/software/libgcrypt/";