diff --git a/pkgs/development/libraries/libassuan/default.nix b/pkgs/development/libraries/libassuan/default.nix index 3a00ca498cb..97f4548cb38 100644 --- a/pkgs/development/libraries/libassuan/default.nix +++ b/pkgs/development/libraries/libassuan/default.nix @@ -13,11 +13,7 @@ stdenv.mkDerivation rec { outputBin = "dev"; # libassuan-config depsBuildBuild = [ buildPackages.stdenv.cc ]; - buildInputs = [ npth gettext ]; - - configureFlags = [ - "--with-libgpg-error-prefix=${libgpg-error.dev}" - ]; + buildInputs = [ npth gettext libgpg-error ]; doCheck = true; diff --git a/pkgs/development/libraries/libgpg-error/default.nix b/pkgs/development/libraries/libgpg-error/default.nix index fcd7946a135..d8c5d87b165 100644 --- a/pkgs/development/libraries/libgpg-error/default.nix +++ b/pkgs/development/libraries/libgpg-error/default.nix @@ -17,17 +17,22 @@ }; in stdenv.mkDerivation (rec { pname = "libgpg-error"; - version = "1.45"; + version = "1.46"; src = fetchurl { url = "mirror://gnupg/${pname}/${pname}-${version}.tar.bz2"; - sha256 = "sha256-Vw+O5PtL/3t0lc/5IMJ1ACrqIUfpodIgwGghMmf4CiY="; + sha256 = "sha256-t+EaZCRrvl7zd0jeQ7JFq9cs/NU8muXn/FylnxyBJo0="; }; postPatch = '' sed '/BUILD_TIMESTAMP=/s/=.*/=1970-01-01T00:01+0000/' -i ./configure ''; + configureFlags = [ + # See https://dev.gnupg.org/T6257#164567 + "--enable-install-gpg-error-config" + ]; + outputs = [ "out" "dev" "info" ]; outputBin = "dev"; # deps want just the lib, most likely diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/24.nix similarity index 87% rename from pkgs/tools/security/gnupg/23.nix rename to pkgs/tools/security/gnupg/24.nix index 2030e8195e6..a77dee337c0 100644 --- a/pkgs/tools/security/gnupg/23.nix +++ b/pkgs/tools/security/gnupg/24.nix @@ -11,11 +11,11 @@ assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.3.7"; + version = "2.4.0"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "sha256-7hY6X7nsmf/BsY5l+u+NCGgAxXE9FaZyq1fTeZ2oNmk="; + sha256 = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -29,19 +29,13 @@ stdenv.mkDerivation rec { patches = [ ./fix-libusb-include-path.patch ./tests-add-test-cases-for-import-without-uid.patch - ./allow-import-of-previously-known-keys-even-without-UI.patch + # TODO: Refresh patch? Doesn't apply on 2.4.0 + #./allow-import-of-previously-known-keys-even-without-UI.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 ./v3-0001-Disallow-compressed-signatures-and-certificates.patch - # Fix regression when using YubiKey devices as smart cards. - # See https://dev.gnupg.org/T6070 for details. - # Committed upstream, remove this patch when updating to the next release. - (fetchpatch { - url = "https://dev.gnupg.org/rGf34b9147eb3070bce80d53febaa564164cd6c977?diff=1"; - sha256 = "sha256-J/PLSz8yiEgtGv+r3BTGTHrikV70AbbHQPo9xbjaHFE="; - }) ]; postPatch = '' sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5c18da67c27..737e02acd48 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7716,11 +7716,11 @@ with pkgs; gnupg1orig = callPackage ../tools/security/gnupg/1.nix { }; gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { }; gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1 - gnupg23 = callPackage ../tools/security/gnupg/23.nix { + gnupg24 = callPackage ../tools/security/gnupg/24.nix { guiSupport = stdenv.isDarwin; pinentry = if stdenv.isDarwin then pinentry_mac else pinentry-gtk2; }; - gnupg = gnupg23; + gnupg = gnupg24; gnupg-pkcs11-scd = callPackage ../tools/security/gnupg-pkcs11-scd { }; @@ -26537,7 +26537,7 @@ with pkgs; # break some cyclic dependencies util-linux = util-linuxMinimal; # provide a super minimal gnupg used for systemd-machined - gnupg = callPackage ../tools/security/gnupg/23.nix { + gnupg = gnupg.override { enableMinimal = true; guiSupport = false; };