commit
770bf7e2de
|
@ -13,11 +13,7 @@ stdenv.mkDerivation rec {
|
||||||
outputBin = "dev"; # libassuan-config
|
outputBin = "dev"; # libassuan-config
|
||||||
|
|
||||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||||
buildInputs = [ npth gettext ];
|
buildInputs = [ npth gettext libgpg-error ];
|
||||||
|
|
||||||
configureFlags = [
|
|
||||||
"--with-libgpg-error-prefix=${libgpg-error.dev}"
|
|
||||||
];
|
|
||||||
|
|
||||||
doCheck = true;
|
doCheck = true;
|
||||||
|
|
||||||
|
|
|
@ -17,17 +17,22 @@
|
||||||
};
|
};
|
||||||
in stdenv.mkDerivation (rec {
|
in stdenv.mkDerivation (rec {
|
||||||
pname = "libgpg-error";
|
pname = "libgpg-error";
|
||||||
version = "1.45";
|
version = "1.46";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://gnupg/${pname}/${pname}-${version}.tar.bz2";
|
url = "mirror://gnupg/${pname}/${pname}-${version}.tar.bz2";
|
||||||
sha256 = "sha256-Vw+O5PtL/3t0lc/5IMJ1ACrqIUfpodIgwGghMmf4CiY=";
|
sha256 = "sha256-t+EaZCRrvl7zd0jeQ7JFq9cs/NU8muXn/FylnxyBJo0=";
|
||||||
};
|
};
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
sed '/BUILD_TIMESTAMP=/s/=.*/=1970-01-01T00:01+0000/' -i ./configure
|
sed '/BUILD_TIMESTAMP=/s/=.*/=1970-01-01T00:01+0000/' -i ./configure
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
configureFlags = [
|
||||||
|
# See https://dev.gnupg.org/T6257#164567
|
||||||
|
"--enable-install-gpg-error-config"
|
||||||
|
];
|
||||||
|
|
||||||
outputs = [ "out" "dev" "info" ];
|
outputs = [ "out" "dev" "info" ];
|
||||||
outputBin = "dev"; # deps want just the lib, most likely
|
outputBin = "dev"; # deps want just the lib, most likely
|
||||||
|
|
||||||
|
|
|
@ -11,11 +11,11 @@ assert guiSupport -> enableMinimal == false;
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "gnupg";
|
pname = "gnupg";
|
||||||
version = "2.3.7";
|
version = "2.4.0";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
|
url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
|
||||||
sha256 = "sha256-7hY6X7nsmf/BsY5l+u+NCGgAxXE9FaZyq1fTeZ2oNmk=";
|
sha256 = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM=";
|
||||||
};
|
};
|
||||||
|
|
||||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||||
|
@ -29,19 +29,13 @@ stdenv.mkDerivation rec {
|
||||||
patches = [
|
patches = [
|
||||||
./fix-libusb-include-path.patch
|
./fix-libusb-include-path.patch
|
||||||
./tests-add-test-cases-for-import-without-uid.patch
|
./tests-add-test-cases-for-import-without-uid.patch
|
||||||
./allow-import-of-previously-known-keys-even-without-UI.patch
|
# TODO: Refresh patch? Doesn't apply on 2.4.0
|
||||||
|
#./allow-import-of-previously-known-keys-even-without-UI.patch
|
||||||
./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
|
./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
|
||||||
|
|
||||||
# Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27
|
# Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27
|
||||||
./v3-0001-Disallow-compressed-signatures-and-certificates.patch
|
./v3-0001-Disallow-compressed-signatures-and-certificates.patch
|
||||||
|
|
||||||
# Fix regression when using YubiKey devices as smart cards.
|
|
||||||
# See https://dev.gnupg.org/T6070 for details.
|
|
||||||
# Committed upstream, remove this patch when updating to the next release.
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://dev.gnupg.org/rGf34b9147eb3070bce80d53febaa564164cd6c977?diff=1";
|
|
||||||
sha256 = "sha256-J/PLSz8yiEgtGv+r3BTGTHrikV70AbbHQPo9xbjaHFE=";
|
|
||||||
})
|
|
||||||
];
|
];
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1
|
sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1
|
|
@ -7716,11 +7716,11 @@ with pkgs;
|
||||||
gnupg1orig = callPackage ../tools/security/gnupg/1.nix { };
|
gnupg1orig = callPackage ../tools/security/gnupg/1.nix { };
|
||||||
gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { };
|
gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { };
|
||||||
gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1
|
gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1
|
||||||
gnupg23 = callPackage ../tools/security/gnupg/23.nix {
|
gnupg24 = callPackage ../tools/security/gnupg/24.nix {
|
||||||
guiSupport = stdenv.isDarwin;
|
guiSupport = stdenv.isDarwin;
|
||||||
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry-gtk2;
|
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry-gtk2;
|
||||||
};
|
};
|
||||||
gnupg = gnupg23;
|
gnupg = gnupg24;
|
||||||
|
|
||||||
gnupg-pkcs11-scd = callPackage ../tools/security/gnupg-pkcs11-scd { };
|
gnupg-pkcs11-scd = callPackage ../tools/security/gnupg-pkcs11-scd { };
|
||||||
|
|
||||||
|
@ -26537,7 +26537,7 @@ with pkgs;
|
||||||
# break some cyclic dependencies
|
# break some cyclic dependencies
|
||||||
util-linux = util-linuxMinimal;
|
util-linux = util-linuxMinimal;
|
||||||
# provide a super minimal gnupg used for systemd-machined
|
# provide a super minimal gnupg used for systemd-machined
|
||||||
gnupg = callPackage ../tools/security/gnupg/23.nix {
|
gnupg = gnupg.override {
|
||||||
enableMinimal = true;
|
enableMinimal = true;
|
||||||
guiSupport = false;
|
guiSupport = false;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue