initial commit.

BlackArch · Dec 11, 2023 · abf77c2 · abf77c2
1 parent 1777ad6
commit abf77c2
Show file tree

Hide file tree

Showing 4 changed files with 217 additions and 0 deletions.
diff --git a/packages/gnupg/PKGBUILD b/packages/gnupg/PKGBUILD
@@ -0,0 +1,90 @@
+# This file is part of BlackArch Linux ( https://www.blackarch.org/ ).
+# See COPYING for license details.
+#
+# adjusted to our needs and style
+#
+# Maintainer: David Runge <[email protected]>
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Maintainer: Lukas Fleischer <[email protected]>
+# Contributor: Gaetan Bisson <[email protected]>
+# Contributor: Tobias Powalowski <[email protected]>
+# Contributor: Andreas Radke <[email protected]>
+# Contributor: Judd Vinet <[email protected]>
+
+pkgname=gnupg
+pkgver=2.2.41
+pkgrel=3
+pkgdesc='Complete and free implementation of the OpenPGP standard.'
+arch=('x86_64' 'aarch64')
+url='https://www.gnupg.org/'
+license=('BSD' 'custom' 'custom:CC0' 'GPL2' 'GPL3' 'LGPL3' 'LGPL2.1' 'MIT')
+depends=('bzip2' 'libbz2.so' 'glibc' 'gnutls' 'libgcrypt' 'libgpg-error'
+         'libksba' 'libassuan' 'libassuan.so' 'npth' 'libnpth.so' 'pinentry'
+         'readline' 'libreadline.so' 'sqlite' 'zlib')
+makedepends=('libldap' 'libusb-compat' 'pcsclite')
+optdepends=(
+  'libldap: gpg2keys_ldap'
+  'libusb-compat: scdaemon'
+  'pcsclite: scdaemon'
+)
+install="$pkgname.install"
+source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"
+        'drop-import-clean.patch'
+        'avoid-beta-warning.patch')
+sha512sums=('f472e5058ea9881355f0c754a47acd0b5360c36e8976b8563dbc763a7cef792bf88227cc15fe5172d3e9bb9fc34d8448dd5c183949031e91a1997cc7f0f83b55'
+            '32b4d994fdaa92582fccc1a3a2ea8ed08807fa9d7e0b4afca0415978cf3ffcbf4f95a044cb80a0c623cb28efdaa387b4008c1164f633ab4d1590f4138cf2d087'
+            '1089b2789a74866e125a4c419a54be50c323bc44bf21078636d2d8122616474e840dece42b35d80e7ccac16a2f5685b4fa4d8a9215e908daca3fcccfbcd81909')
+
+prepare() {
+  cd "$pkgname-$pkgver"
+
+  local src
+  for src in "${source[@]}"; do
+    src="${src%%::*}"
+    src="${src##*/}"
+    [[ $src = *.patch ]] || continue
+    msg2 "Applying patch $src..."
+    patch -Np1 < "../$src"
+  done
+
+  # improve reproducibility
+  rm doc/gnupg.info*
+
+  ./autogen.sh
+}
+
+build() {
+  cd "$pkgname-$pkgver"
+
+  ./configure \
+    --prefix=/usr \
+    --sysconfdir=/etc \
+    --sbindir=/usr/bin \
+    --libexecdir=/usr/lib/gnupg \
+    --enable-maintainer-mode \
+
+  make
+}
+
+package() {
+  cd "$pkgname-$pkgver"
+
+  local units=({dirmngr,gpg-agent{,-{browser,extra,ssh}}}.socket)
+  local socket_target_dir="$pkgdir/usr/lib/systemd/user/sockets.target.wants/"
+  local unit
+
+  make DESTDIR="$pkgdir" install
+  ln -s gpg "${pkgdir}"/usr/bin/gpg2
+  ln -s gpgv "${pkgdir}"/usr/bin/gpgv2
+
+  install -Dm 644 doc/examples/systemd-user/*.* \
+    -t "$pkgdir/usr/lib/systemd/user"
+  install -Dm 644 COPYING.{CC0,other} \
+    -t "$pkgdir/usr/share/licenses/$pkgname/"
+
+  install -vdm 755 "$socket_target_dir"
+  for unit in "${units[@]}"; do
+    ln -sv "../$unit" "$socket_target_dir$unit"
+  done
+}
+
diff --git a/packages/gnupg/avoid-beta-warning.patch b/packages/gnupg/avoid-beta-warning.patch
@@ -0,0 +1,56 @@
+From 114ab3037de3b0f9b35cf023b64c8a9b76070065 Mon Sep 17 00:00:00 2001
+From: Debian GnuPG Maintainers <[email protected]>
+Date: Tue, 14 Apr 2015 10:02:31 -0400
+Subject: [PATCH 6/7] avoid beta warning
+
+avoid self-describing as a beta
+
+Using autoreconf against the source as distributed in tarball form
+invariably results in a package that thinks it's a "beta" package,
+which produces the "THIS IS A DEVELOPMENT VERSION" warning string.
+
+since we use dh_autoreconf, i need this patch to avoid producing
+builds that announce themselves as DEVELOPMENT VERSIONs.
+
+See discussion at:
+
+ http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
+---
+ autogen.sh | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/autogen.sh b/autogen.sh
+index b23855061..9b86d3ff9 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -229,24 +229,24 @@ if [ "$myhost" = "find-version" ]; then
+     esac
+
+     beta=no
+-    if [ -e .git ]; then
++    if false; then
+       ingit=yes
+       tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
+       tmp=$(echo "$tmp" | sed s/^"$package"//)
+       if [ -n "$tmp" ]; then
+           tmp=$(echo "$tmp" | sed s/^"$package"//  \
+                 | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
+       else
+           tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
+                 | awk -F- '$4!=0{print"-beta"$4}')
+       fi
+       [ -n "$tmp" ] && beta=yes
+       rev=$(git rev-parse --short HEAD | tr -d '\n\r')
+       rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
+     else
+       ingit=no
+-      beta=yes
+-      tmp="-unknown"
++      beta=no
++      tmp=""
+       rev="0000000"
+       rvd="0"
+     fi
+-- 
+2.27.0
+
diff --git a/packages/gnupg/drop-import-clean.patch b/packages/gnupg/drop-import-clean.patch
@@ -0,0 +1,54 @@
+From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <[email protected]>
+Date: Mon, 15 Jul 2019 16:24:35 -0400
+Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import
+ options
+
+* g10/gpg.c (main): drop IMPORT_CLEAN from the
+default opt.keyserver_options.import_options
+* doc/gpg.texi: reflect this change in the documentation
+
+Given that SELF_SIGS_ONLY is already set, it's not clear what
+additional benefit IMPORT_CLEAN provides.  Furthermore, IMPORT_CLEAN
+means that receiving an OpenPGP certificate from a keyserver will
+potentially delete data that is otherwise held in the local keyring,
+which is surprising to users who expect retrieval from the keyservers
+to be purely additive.
+
+GnuPG-Bug-Id: 4628
+Signed-off-by: Daniel Kahn Gillmor <[email protected]>
+---
+ doc/gpg.texi | 2 +-
+ g10/gpg.c    | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 4870441d4..551459a74 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are:
+
+ @end table
+
+-The default list of options is: "self-sigs-only, import-clean,
++The default list of options is: "self-sigs-only,
+ repair-keys, repair-pks-subkey-bug, export-attributes,
+ honor-pka-record".
+
+diff --git a/g10/gpg.c b/g10/gpg.c
+index 68cc22041..fa2bcfa5e 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2397,8 +2397,7 @@ main (int argc, char **argv)
+     opt.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+ 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
+-                                            | IMPORT_SELF_SIGS_ONLY
+-                                            | IMPORT_CLEAN);
++                                            | IMPORT_SELF_SIGS_ONLY);
+     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+     opt.verify_options = (LIST_SHOW_UID_VALIDITY
+-- 
+2.27.0
+
diff --git a/packages/gnupg/gnupg.install b/packages/gnupg/gnupg.install
@@ -0,0 +1,17 @@
+post_install() {
+  # run dirmngr once to create /root/.gnupg
+  # https://bugs.archlinux.org/task/47371
+  # https://bugs.archlinux.org/task/42798
+  dirmngr </dev/null &>/dev/null
+}
+
+post_upgrade() {
+  local unit
+
+  if (( $(vercmp "$2" '2.2.37-1') < 0)); then
+    for unit in {dirmngr,gpg-agent{,-{browser,extra,ssh}}}.socket; do
+      rm -f "/etc/systemd/user/sockets.target.wants/$unit"
+    done
+    printf "NOTE: GnuPG's systemd sockets are now enabled in the vendor location /usr/lib/systemd/user/!\n"
+  fi
+}