From ff25c606dd12653a4af140567c704d3f75d15208 Mon Sep 17 00:00:00 2001 From: "Andreas K. Huettel (dilfridge)" Date: Sun, 7 Apr 2013 14:44:39 +0200 Subject: [app-crypt/gnupg] made unkeyworded version with 4096bit card key patch Package-Manager: portage-2.2.0_alpha171 --- app-crypt/gnupg/files/gnupg-2.0.19-card4096.patch | 184 ++++++++++++++++++++++ app-crypt/gnupg/gnupg-2.0.19-r1.ebuild | 151 ------------------ app-crypt/gnupg/gnupg-2.0.19-r2.ebuild | 152 ++++++++++++++++++ 3 files changed, 336 insertions(+), 151 deletions(-) create mode 100644 app-crypt/gnupg/files/gnupg-2.0.19-card4096.patch delete mode 100644 app-crypt/gnupg/gnupg-2.0.19-r1.ebuild create mode 100644 app-crypt/gnupg/gnupg-2.0.19-r2.ebuild diff --git a/app-crypt/gnupg/files/gnupg-2.0.19-card4096.patch b/app-crypt/gnupg/files/gnupg-2.0.19-card4096.patch new file mode 100644 index 0000000..39810e0 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.0.19-card4096.patch @@ -0,0 +1,184 @@ +From ab4ea45f54006eba55db11263431c4c0c4f557dc Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Tue, 6 Nov 2012 14:39:22 +0100 +Subject: [PATCH] Allow decryption with card keys > 3072 bit + +* scd/command.c (MAXLEN_SETDATA): New. +(cmd_setdata): Add option --append. +* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data + +* scd/app-openpgp.c (struct app_local_s): Add field manufacturer. +(app_select_openpgp): Store manufacturer. +(do_decipher): Print a note for broken cards. + +-- + +Please note that I was not able to run a full test because I only have +broken cards (S/N < 346) available. + +-- + +Had to re-do the patch because of a whitespace change that made one hunk +fail. dilfridge@gentoo.org + +--- + g10/call-agent.c | 22 ++++++++++++++-------- + scd/app-openpgp.c | 10 ++++++++++ + scd/command.c | 38 ++++++++++++++++++++++++++++++++------ + 3 files changed, 56 insertions(+), 14 deletions(-) + +diff -ruN gnupg-2.0.19.orig/g10/call-agent.c gnupg-2.0.19/g10/call-agent.c +--- gnupg-2.0.19.orig/g10/call-agent.c 2012-03-27 10:00:37.000000000 +0200 ++++ gnupg-2.0.19/g10/call-agent.c 2013-04-06 23:16:53.000000000 +0200 +@@ -1034,7 +1034,7 @@ + + + /* Decrypt INDATA of length INDATALEN using the card identified by +- SERIALNO. Return the plaintext in a nwly allocated buffer stored ++ SERIALNO. Return the plaintext in a newly allocated buffer stored + at the address of R_BUF. + + Note, we currently support only RSA or more exactly algorithms +@@ -1058,20 +1058,26 @@ + return rc; + + /* FIXME: use secure memory where appropriate */ +- if (indatalen*2 + 50 > DIM(line)) +- return gpg_error (GPG_ERR_GENERAL); + + rc = select_openpgp (serialno); + if (rc) + return rc; + +- sprintf (line, "SCD SETDATA "); +- p = line + strlen (line); +- for (i=0; i < indatalen ; i++, p += 2 ) +- sprintf (p, "%02X", indata[i]); +- rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); ++ for (len = 0; len < indatalen;) ++ { ++ p = stpcpy (line, "SCD SETDATA "); ++ if (len) ++ p = stpcpy (p, "--append "); ++ for (i=0; len < indatalen && (i*2 < DIM(line)-50); i++, len++) ++ { ++ sprintf (p, "%02X", indata[len]); ++ p += 2; ++ } ++ rc = assuan_transact (agent_ctx, line, ++ NULL, NULL, NULL, NULL, NULL, NULL); + if (rc) + return rc; ++ } + + init_membuf (&data, 1024); + snprintf (line, DIM(line)-1, "SCD PKDECRYPT %s", serialno); +diff -ruN gnupg-2.0.19.orig/scd/app-openpgp.c gnupg-2.0.19/scd/app-openpgp.c +--- gnupg-2.0.19.orig/scd/app-openpgp.c 2012-03-27 10:00:38.000000000 +0200 ++++ gnupg-2.0.19/scd/app-openpgp.c 2013-04-06 23:16:53.000000000 +0200 +@@ -158,6 +158,8 @@ + + unsigned char status_indicator; /* The card status indicator. */ + ++ unsigned int manufacturer:16; /* Manufacturer ID from the s/n. */ ++ + /* Keep track of the ISO card capabilities. */ + struct + { +@@ -3426,6 +3428,12 @@ + indata, indatalen, le_value, padind, + outdata, outdatalen); + xfree (fixbuf); ++ ++ if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */ ++ && app->app_local->manufacturer == 5 ++ && app->card_version == 0x0200) ++ log_info ("NOTE: Cards with manufacturer id 5 and s/n <= 346 (0x15a)" ++ " do not work with encryption keys > 2048 bits\n"); + } + + return rc; +@@ -3713,6 +3721,8 @@ + goto leave; + } + ++ app->app_local->manufacturer = manufacturer; ++ + if (app->card_version >= 0x0200) + app->app_local->extcap.is_v2 = 1; + +diff -ruN gnupg-2.0.19.orig/scd/command.c gnupg-2.0.19/scd/command.c +--- gnupg-2.0.19.orig/scd/command.c 2012-03-27 10:00:38.000000000 +0200 ++++ gnupg-2.0.19/scd/command.c 2013-04-06 23:22:55.000000000 +0200 +@@ -46,6 +46,9 @@ + /* Maximum allowed size of key data as used in inquiries. */ + #define MAXLEN_KEYDATA 4096 + ++/* Maximum allowed total data size for SETDATA. */ ++#define MAXLEN_SETDATA 4096 ++ + /* Maximum allowed size of certificate data as used in inquiries. */ + #define MAXLEN_CERTDATA 16384 + +@@ -799,17 +802,24 @@ + + + static const char hlp_setdata[] = +- "SETDATA \n" ++ "SETDATA [--append] \n" + "\n" +- "The client should use this command to tell us the data he want to sign."; ++ "The client should use this command to tell us the data he want to sign.\n" ++ "With the option --append, the data is appended to the data set by a\n" ++ "previous SETDATA command."; + static gpg_error_t + cmd_setdata (assuan_context_t ctx, char *line) + { + ctrl_t ctrl = assuan_get_pointer (ctx); +- int n; ++ int append; ++ int n, i, off; + char *p; + unsigned char *buf; + ++ append = (ctrl->in_data.value && has_option (line, "--append")); ++ ++ line = skip_options (line); ++ + if (locked_session && locked_session != ctrl->server_local) + return gpg_error (GPG_ERR_LOCKED); + +@@ -823,14 +833,30 @@ + if ((n&1)) + return set_error (GPG_ERR_ASS_PARAMETER, "odd number of digits"); + n /= 2; ++ if (append) ++ { ++ if (ctrl->in_data.valuelen + n > MAXLEN_SETDATA) ++ return set_error (GPG_ERR_TOO_LARGE, ++ "limit on total size of data reached"); ++ buf = xtrymalloc (ctrl->in_data.valuelen + n); ++ } ++ else + buf = xtrymalloc (n); + if (!buf) + return out_of_core (); + ++ if (append) ++ { ++ memcpy (buf, ctrl->in_data.value, ctrl->in_data.valuelen); ++ off = ctrl->in_data.valuelen; ++ } ++ else ++ off = 0; ++ for (p=line, i=0; i < n; p += 2, i++) ++ buf[off+i] = xtoi_2 (p); ++ + ctrl->in_data.value = buf; +- ctrl->in_data.valuelen = n; +- for (p=line, n=0; n < ctrl->in_data.valuelen; p += 2, n++) +- buf[n] = xtoi_2 (p); ++ ctrl->in_data.valuelen = off + n; + return 0; + } + diff --git a/app-crypt/gnupg/gnupg-2.0.19-r1.ebuild b/app-crypt/gnupg/gnupg-2.0.19-r1.ebuild deleted file mode 100644 index b39f854..0000000 --- a/app-crypt/gnupg/gnupg-2.0.19-r1.ebuild +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.19-r1.ebuild,v 1.4 2013/02/21 19:29:59 zmedico Exp $ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs - -DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement" -HOMEPAGE="http://www.gnupg.org/" -SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2" -# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns bzip2 doc ldap nls mta readline static selinux smartcard usb" - -COMMON_DEPEND_LIBS=" - >=dev-libs/libassuan-2 - >=dev-libs/libgcrypt-1.4 - >=dev-libs/libgpg-error-1.7 - >=dev-libs/libksba-1.0.7 - >=dev-libs/pth-1.3.7 - >=net-misc/curl-7.10 - sys-libs/zlib - adns? ( >=net-libs/adns-1.4 ) - bzip2? ( app-arch/bzip2 ) - readline? ( sys-libs/readline ) - smartcard? ( usb? ( virtual/libusb:0 ) ) - ldap? ( net-nds/openldap )" -COMMON_DEPEND_BINS="|| ( app-crypt/pinentry app-crypt/pinentry-qt )" - -# Existence of executables is checked during configuration. -DEPEND="${COMMON_DEPEND_LIBS} - ${COMMON_DEPEND_BINS} - static? ( - >=dev-libs/libassuan-2[static-libs] - >=dev-libs/libgcrypt-1.4[static-libs] - >=dev-libs/libgpg-error-1.7[static-libs] - >=dev-libs/libksba-1.0.7[static-libs] - >=dev-libs/pth-1.3.7[static-libs] - >=net-misc/curl-7.10[static-libs] - sys-libs/zlib[static-libs] - bzip2? ( app-arch/bzip2[static-libs] ) - ) - nls? ( sys-devel/gettext ) - doc? ( sys-apps/texinfo )" - -RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} ) - ${COMMON_DEPEND_BINS} - mta? ( virtual/mta ) - !<=app-crypt/gnupg-2.0.1 - selinux? ( sec-policy/selinux-gpg ) - nls? ( virtual/libintl )" - -REQUIRED_USE="smartcard? ( !static )" - -src_prepare() { - epatch "${FILESDIR}"/${PN}-2.0.17-gpgsm-gencert.patch -} - -src_configure() { - local myconf - - # 'USE=static' support was requested: - # gnupg1: bug #29299 - # gnupg2: bug #159623 - use static && append-ldflags -static - - if use smartcard; then - myconf+=" --enable-scdaemon $(use_enable usb ccid-driver)" - else - myconf+=" --disable-scdaemon" - fi - - econf \ - --docdir="${EPREFIX}/usr/share/doc/${PF}" \ - --enable-gpg \ - --enable-gpgsm \ - --enable-agent \ - ${myconf} \ - $(use_with adns) \ - $(use_enable bzip2) \ - $(use_enable !elibc_SunOS symcryptrun) \ - $(use_enable nls) \ - $(use_enable mta mailto) \ - $(use_enable ldap) \ - $(use_with readline) \ - CC_FOR_BUILD="$(tc-getBUILD_CC)" -} - -src_compile() { - emake - - if use doc; then - cd doc - emake html - fi -} - -src_install() { - emake DESTDIR="${D}" install - emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA - rm -r "${ED}usr/share/gnupg/help"* - - dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \ - doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help* - - dosym gpg2 /usr/bin/gpg - dosym gpgv2 /usr/bin/gpgv - dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp - dosym gpg2keys_finger /usr/libexec/gpgkeys_finger - dosym gpg2keys_curl /usr/libexec/gpgkeys_curl - if use ldap; then - dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap - fi - echo ".so man1/gpg2.1" > "${ED}usr/share/man/man1/gpg.1" - echo ".so man1/gpgv2.1" > "${ED}usr/share/man/man1/gpgv.1" - - dodir /etc/env.d - echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >>"${ED}etc/env.d/30gnupg" - - if use doc; then - dohtml doc/gnupg.html/* doc/*.png - fi -} - -pkg_postinst() { - elog "If you wish to view images emerge:" - elog "media-gfx/xloadimage, media-gfx/xli or any other viewer" - elog "Remember to use photo-viewer option in configuration file to activate" - elog "the right viewer." - elog - - if use smartcard; then - elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of" - use usb && elog " - a CCID-compatible reader, used directly through libusb;" - elog " - sys-apps/pcsc-lite and a compatible reader device;" - elog " - dev-libs/openct and a compatible reader device;" - elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces." - elog "" - elog "General hint: you probably want to try installing sys-apps/pcsc-lite and" - elog "app-crypt/ccid first." - fi - - ewarn "Please remember to restart gpg-agent if a different version" - ewarn "of the agent is currently used. If you are unsure of the gpg" - ewarn "agent you are using please run 'killall gpg-agent'," - ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'." -} diff --git a/app-crypt/gnupg/gnupg-2.0.19-r2.ebuild b/app-crypt/gnupg/gnupg-2.0.19-r2.ebuild new file mode 100644 index 0000000..2e9624c --- /dev/null +++ b/app-crypt/gnupg/gnupg-2.0.19-r2.ebuild @@ -0,0 +1,152 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.19-r1.ebuild,v 1.4 2013/02/21 19:29:59 zmedico Exp $ + +EAPI="4" + +inherit eutils flag-o-matic toolchain-funcs + +DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement" +HOMEPAGE="http://www.gnupg.org/" +SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2" +# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="" +IUSE="adns bzip2 doc ldap nls mta readline static selinux smartcard usb" + +COMMON_DEPEND_LIBS=" + >=dev-libs/libassuan-2 + >=dev-libs/libgcrypt-1.4 + >=dev-libs/libgpg-error-1.7 + >=dev-libs/libksba-1.0.7 + >=dev-libs/pth-1.3.7 + >=net-misc/curl-7.10 + sys-libs/zlib + adns? ( >=net-libs/adns-1.4 ) + bzip2? ( app-arch/bzip2 ) + readline? ( sys-libs/readline ) + smartcard? ( usb? ( virtual/libusb:0 ) ) + ldap? ( net-nds/openldap )" +COMMON_DEPEND_BINS="|| ( app-crypt/pinentry app-crypt/pinentry-qt )" + +# Existence of executables is checked during configuration. +DEPEND="${COMMON_DEPEND_LIBS} + ${COMMON_DEPEND_BINS} + static? ( + >=dev-libs/libassuan-2[static-libs] + >=dev-libs/libgcrypt-1.4[static-libs] + >=dev-libs/libgpg-error-1.7[static-libs] + >=dev-libs/libksba-1.0.7[static-libs] + >=dev-libs/pth-1.3.7[static-libs] + >=net-misc/curl-7.10[static-libs] + sys-libs/zlib[static-libs] + bzip2? ( app-arch/bzip2[static-libs] ) + ) + nls? ( sys-devel/gettext ) + doc? ( sys-apps/texinfo )" + +RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} ) + ${COMMON_DEPEND_BINS} + mta? ( virtual/mta ) + !<=app-crypt/gnupg-2.0.1 + selinux? ( sec-policy/selinux-gpg ) + nls? ( virtual/libintl )" + +REQUIRED_USE="smartcard? ( !static )" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.0.17-gpgsm-gencert.patch + epatch "${FILESDIR}"/${PN}-2.0.19-card4096.patch +} + +src_configure() { + local myconf + + # 'USE=static' support was requested: + # gnupg1: bug #29299 + # gnupg2: bug #159623 + use static && append-ldflags -static + + if use smartcard; then + myconf+=" --enable-scdaemon $(use_enable usb ccid-driver)" + else + myconf+=" --disable-scdaemon" + fi + + econf \ + --docdir="${EPREFIX}/usr/share/doc/${PF}" \ + --enable-gpg \ + --enable-gpgsm \ + --enable-agent \ + ${myconf} \ + $(use_with adns) \ + $(use_enable bzip2) \ + $(use_enable !elibc_SunOS symcryptrun) \ + $(use_enable nls) \ + $(use_enable mta mailto) \ + $(use_enable ldap) \ + $(use_with readline) \ + CC_FOR_BUILD="$(tc-getBUILD_CC)" +} + +src_compile() { + emake + + if use doc; then + cd doc + emake html + fi +} + +src_install() { + emake DESTDIR="${D}" install + emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA + rm -r "${ED}usr/share/gnupg/help"* + + dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \ + doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help* + + dosym gpg2 /usr/bin/gpg + dosym gpgv2 /usr/bin/gpgv + dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp + dosym gpg2keys_finger /usr/libexec/gpgkeys_finger + dosym gpg2keys_curl /usr/libexec/gpgkeys_curl + if use ldap; then + dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap + fi + echo ".so man1/gpg2.1" > "${ED}usr/share/man/man1/gpg.1" + echo ".so man1/gpgv2.1" > "${ED}usr/share/man/man1/gpgv.1" + + dodir /etc/env.d + echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >>"${ED}etc/env.d/30gnupg" + + if use doc; then + dohtml doc/gnupg.html/* doc/*.png + fi +} + +pkg_postinst() { + elog "If you wish to view images emerge:" + elog "media-gfx/xloadimage, media-gfx/xli or any other viewer" + elog "Remember to use photo-viewer option in configuration file to activate" + elog "the right viewer." + elog + + if use smartcard; then + elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of" + use usb && elog " - a CCID-compatible reader, used directly through libusb;" + elog " - sys-apps/pcsc-lite and a compatible reader device;" + elog " - dev-libs/openct and a compatible reader device;" + elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces." + elog "" + elog "General hint: you probably want to try installing sys-apps/pcsc-lite and" + elog "app-crypt/ccid first." + fi + + ewarn "Please remember to restart gpg-agent if a different version" + ewarn "of the agent is currently used. If you are unsure of the gpg" + ewarn "agent you are using please run 'killall gpg-agent'," + ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'." +} -- cgit v1.2.3-65-gdbad