From 4fe0d5ed5d29a5f0d717dec973a64682c2edae1e Mon Sep 17 00:00:00 2001
From: Doron Behar <doron.behar@gmail.com>
Date: Wed, 21 Dec 2022 09:22:24 +0200
Subject: [PATCH 1/4] libgpg-error: 1.45 -> 1.46

Changelog: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;hb=refs/tags/libgpg-error-1.46
---
 pkgs/development/libraries/libgpg-error/default.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libgpg-error/default.nix b/pkgs/development/libraries/libgpg-error/default.nix
index 4f687d41dd6..79da233fc6f 100644
--- a/pkgs/development/libraries/libgpg-error/default.nix
+++ b/pkgs/development/libraries/libgpg-error/default.nix
@@ -17,17 +17,22 @@
   };
 in stdenv.mkDerivation (rec {
   pname = "libgpg-error";
-  version = "1.45";
+  version = "1.46";
 
   src = fetchurl {
     url = "mirror://gnupg/${pname}/${pname}-${version}.tar.bz2";
-    sha256 = "sha256-Vw+O5PtL/3t0lc/5IMJ1ACrqIUfpodIgwGghMmf4CiY=";
+    sha256 = "sha256-t+EaZCRrvl7zd0jeQ7JFq9cs/NU8muXn/FylnxyBJo0=";
   };
 
   postPatch = ''
     sed '/BUILD_TIMESTAMP=/s/=.*/=1970-01-01T00:01+0000/' -i ./configure
   '';
 
+  configureFlags = [
+    # See https://dev.gnupg.org/T6257#164567
+    "--enable-install-gpg-error-config"
+  ];
+
   outputs = [ "out" "dev" "info" ];
   outputBin = "dev"; # deps want just the lib, most likely
 

From 2d44dc9643c28346ea5b22561869d04a62a80be0 Mon Sep 17 00:00:00 2001
From: Doron Behar <doron.behar@gmail.com>
Date: Wed, 21 Dec 2022 09:42:14 +0200
Subject: [PATCH 2/4] libassuan: Use automatically detected libgpg-error

---
 pkgs/development/libraries/libassuan/default.nix | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/pkgs/development/libraries/libassuan/default.nix b/pkgs/development/libraries/libassuan/default.nix
index 3a00ca498cb..97f4548cb38 100644
--- a/pkgs/development/libraries/libassuan/default.nix
+++ b/pkgs/development/libraries/libassuan/default.nix
@@ -13,11 +13,7 @@ stdenv.mkDerivation rec {
   outputBin = "dev"; # libassuan-config
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
-  buildInputs = [ npth gettext ];
-
-  configureFlags = [
-    "--with-libgpg-error-prefix=${libgpg-error.dev}"
-  ];
+  buildInputs = [ npth gettext libgpg-error ];
 
   doCheck = true;
 

From d3b076da3890aa212889226519d7d19760e64690 Mon Sep 17 00:00:00 2001
From: Doron Behar <doron.behar@gmail.com>
Date: Wed, 21 Dec 2022 09:12:31 +0200
Subject: [PATCH 3/4] gnupg: 2.3.7 -> 2.4.0

---
 pkgs/tools/security/gnupg/{23.nix => 24.nix} | 14 ++++----------
 pkgs/top-level/all-packages.nix              |  4 ++--
 2 files changed, 6 insertions(+), 12 deletions(-)
 rename pkgs/tools/security/gnupg/{23.nix => 24.nix} (87%)

diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/24.nix
similarity index 87%
rename from pkgs/tools/security/gnupg/23.nix
rename to pkgs/tools/security/gnupg/24.nix
index 0b7941ce46e..e7d1381a180 100644
--- a/pkgs/tools/security/gnupg/23.nix
+++ b/pkgs/tools/security/gnupg/24.nix
@@ -11,11 +11,11 @@ assert guiSupport -> enableMinimal == false;
 
 stdenv.mkDerivation rec {
   pname = "gnupg";
-  version = "2.3.7";
+  version = "2.4.0";
 
   src = fetchurl {
     url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
-    sha256 = "sha256-7hY6X7nsmf/BsY5l+u+NCGgAxXE9FaZyq1fTeZ2oNmk=";
+    sha256 = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM=";
   };
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
@@ -29,19 +29,13 @@ stdenv.mkDerivation rec {
   patches = [
     ./fix-libusb-include-path.patch
     ./tests-add-test-cases-for-import-without-uid.patch
-    ./allow-import-of-previously-known-keys-even-without-UI.patch
+    # TODO: Refresh patch? Doesn't apply on 2.4.0
+    #./allow-import-of-previously-known-keys-even-without-UI.patch
     ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
 
     # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27
     ./v3-0001-Disallow-compressed-signatures-and-certificates.patch
 
-    # Fix regression when using YubiKey devices as smart cards.
-    # See https://dev.gnupg.org/T6070 for details.
-    # Committed upstream, remove this patch when updating to the next release.
-    (fetchpatch {
-      url = "https://dev.gnupg.org/rGf34b9147eb3070bce80d53febaa564164cd6c977?diff=1";
-      sha256 = "sha256-J/PLSz8yiEgtGv+r3BTGTHrikV70AbbHQPo9xbjaHFE=";
-    })
   ];
   postPatch = ''
     sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 0c6794a435d..92961bc1e1f 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7529,11 +7529,11 @@ with pkgs;
   gnupg1orig = callPackage ../tools/security/gnupg/1.nix { };
   gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { };
   gnupg1 = gnupg1compat;    # use config.packageOverrides if you prefer original gnupg1
-  gnupg23 = callPackage ../tools/security/gnupg/23.nix {
+  gnupg24 = callPackage ../tools/security/gnupg/24.nix {
     guiSupport = stdenv.isDarwin;
     pinentry = if stdenv.isDarwin then pinentry_mac else pinentry-gtk2;
   };
-  gnupg = gnupg23;
+  gnupg = gnupg24;
 
   gnupg-pkcs11-scd = callPackage ../tools/security/gnupg-pkcs11-scd { };
 

From 05e6f8e36f0afaa8c5f0f66eeba4b61afa324058 Mon Sep 17 00:00:00 2001
From: Doron Behar <doron.behar@gmail.com>
Date: Sun, 25 Dec 2022 01:30:20 +0200
Subject: [PATCH 4/4] systemd: use gnupg.override instead of callPackage

---
 pkgs/top-level/all-packages.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 92961bc1e1f..99702755762 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -26136,7 +26136,7 @@ with pkgs;
     # break some cyclic dependencies
     util-linux = util-linuxMinimal;
     # provide a super minimal gnupg used for systemd-machined
-    gnupg = callPackage ../tools/security/gnupg/23.nix {
+    gnupg = gnupg.override {
       enableMinimal = true;
       guiSupport = false;
     };