Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs

Conflicts: nixpkgs/nixos/modules/config/console.nix nixpkgs/nixos/modules/services/mail/mailman.nix nixpkgs/nixos/modules/services/mail/public-inbox.nix nixpkgs/nixos/modules/services/mail/rss2email.nix nixpkgs/nixos/modules/services/networking/ssh/sshd.nix nixpkgs/pkgs/applications/networking/instant-messengers/dino/default.nix nixpkgs/pkgs/applications/networking/irc/weechat/default.nix nixpkgs/pkgs/applications/window-managers/sway/default.nix nixpkgs/pkgs/build-support/go/module.nix nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/development/interpreters/python/default.nix nixpkgs/pkgs/development/node-packages/overrides.nix nixpkgs/pkgs/development/tools/b4/default.nix nixpkgs/pkgs/servers/dict/dictd-db.nix nixpkgs/pkgs/servers/mail/public-inbox/default.nix nixpkgs/pkgs/tools/security/pinentry/default.nix nixpkgs/pkgs/tools/text/unoconv/default.nix nixpkgs/pkgs/top-level/all-packages.nix
author: Alyssa Ross <hi@alyssa.is> 2023-06-16 06:56:35 +0000
committer: Alyssa Ross <hi@alyssa.is> 2023-06-16 06:56:35 +0000
commit: 99fcaeccb89621dd492203ce1f2d551c06f228ed (patch)
tree: 41cb730ae07383004789779b0f6e11cb3f4642a3 /nixpkgs/pkgs/tools/security/gnupg
parent: 59c5f5ac8682acc13bb22bc29c7cf02f7d75f01f (diff)
parent: 75a5ebf473cd60148ba9aec0d219f72e5cf52519 (diff)
download: nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.gz
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.bz2
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.lz
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.xz
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.zst
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.zip
6 files changed, 259 insertions, 67 deletions
diff --git a/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch b/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch
deleted file mode 100644
index 061fb0e8de9c..000000000000
--- a/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Sun, 30 Jun 2019 11:54:35 -0400
-Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool
-
-* dirmngr/http.c (http_session_new): when checking whether the
-keyserver is the HKPS pool, check specifically against the pool name,
-as ./configure might have been used to select a different default
-keyserver.  It makes no sense to apply Kristian's certificate
-authority to anything other than the literal host
-hkps.pool.sks-keyservers.net.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-GnuPG-Bug-Id: 4593
----
- dirmngr/http.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index 384f2569d..8e5d53939 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session,
- 
-     is_hkps_pool = (intended_hostname
-                     && !ascii_strcasecmp (intended_hostname,
--                                          get_default_keyserver (1)));
-+                                          "hkps.pool.sks-keyservers.net"));
- 
-     /* If the user has not specified a CA list, and they are looking
-      * for the hkps pool from sks-keyservers.net, then default to
--- 
-2.22.0
-
diff --git a/nixpkgs/pkgs/tools/security/gnupg/1.nix b/nixpkgs/pkgs/tools/security/gnupg/1.nix
index 5fa9bc0beddb..390665fe44fd 100644
--- a/nixpkgs/pkgs/tools/security/gnupg/1.nix
+++ b/nixpkgs/pkgs/tools/security/gnupg/1.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
   # gcc-10. Otherwise build fails as:
   #   ld: ../util/libutil.a(estream-printf.o):/build/gnupg-1.4.23/util/../include/memory.h:100: multiple definition of
   #     `memory_debug_mode'; gpgsplit.o:/build/gnupg-1.4.23/tools/../include/memory.h:100: first defined here
-  NIX_CFLAGS_COMPILE = "-fcommon";
+  env.NIX_CFLAGS_COMPILE = "-fcommon";
 
   doCheck = true;
 
diff --git a/nixpkgs/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch b/nixpkgs/pkgs/tools/security/gnupg/22-allow-import-of-previously-known-keys-even-without-UI.patch
index 98dda54fc7fa..e8fbe1688402 100644
--- a/nixpkgs/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch
+++ b/nixpkgs/pkgs/tools/security/gnupg/22-allow-import-of-previously-known-keys-even-without-UI.patch
@@ -16,11 +16,12 @@ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  g10/import.c | 44 +++++++++++---------------------------------
  1 file changed, 11 insertions(+), 33 deletions(-)
 
+
 diff --git a/g10/import.c b/g10/import.c
-index 5d3162c..f9acf95 100644
+index cd3363fc7..8f10771db 100644
 --- a/g10/import.c
 +++ b/g10/import.c
-@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1858,7 +1858,6 @@ import_one_real (ctrl_t ctrl,
    size_t an;
    char pkstrbuf[PUBKEY_STRING_SIZE];
    int merge_keys_done = 0;
@@ -28,12 +29,11 @@ index 5d3162c..f9acf95 100644
    KEYDB_HANDLE hd = NULL;
  
    if (r_valid)
-@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl,
-       log_printf ("\n");
+@@ -1896,13 +1895,6 @@ import_one_real (ctrl_t ctrl,
      }
  
--
--  if (!uidnode)
+ 
+-  if (!uidnode )
 -    {
 -      if (!silent)
 -        log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
@@ -43,17 +43,17 @@ index 5d3162c..f9acf95 100644
    if (screener && screener (keyblock, screener_arg))
      {
        log_error (_("key %s: %s\n"), keystr_from_pk (pk),
-@@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl,
+@@ -1977,18 +1969,10 @@ import_one_real (ctrl_t ctrl,
  	  }
      }
  
 -  /* Delete invalid parts and bail out if there are no user ids left.  */
--  if (!delete_inv_parts (ctrl, keyblock, keyid, options))
+-  if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
 -    {
 -      if (!silent)
 -        {
--          log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
--          if (!opt.quiet)
+-          log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
+-          if (!opt.quiet )
 -            log_info(_("this may be caused by a missing self-signature\n"));
 -        }
 -      stats->no_user_id++;
@@ -62,11 +62,11 @@ index 5d3162c..f9acf95 100644
 +  /* Delete invalid parts, and note if we have any valid ones left.
 +   * We will later abort import if this key is new but contains
 +   * no valid uids.  */
-+  delete_inv_parts (ctrl, keyblock, keyid, options);
++  delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
  
    /* Get rid of deleted nodes.  */
    commit_kbnode (&keyblock);
-@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl,
+@@ -1998,24 +1982,11 @@ import_one_real (ctrl_t ctrl,
      {
        apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
        commit_kbnode (&keyblock);
@@ -91,7 +91,7 @@ index 5d3162c..f9acf95 100644
      }
  
    /* The keyblock is valid and ready for real import.  */
-@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl,
+@@ -2073,6 +2044,13 @@ import_one_real (ctrl_t ctrl,
        err = 0;
        stats->skipped_new_keys++;
      }
diff --git a/nixpkgs/pkgs/tools/security/gnupg/22.nix b/nixpkgs/pkgs/tools/security/gnupg/22.nix
new file mode 100644
index 000000000000..6c2ffe123548
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/gnupg/22.nix
@@ -0,0 +1,105 @@
+{ lib, stdenv, fetchurl, buildPackages
+, pkg-config, texinfo
+, gettext, libassuan, libgcrypt, libgpg-error, libiconv, libksba, npth
+, adns, bzip2, gnutls, libusb1, openldap, readline, sqlite, zlib
+, enableMinimal ? false
+, withPcsc ? !enableMinimal, pcsclite
+, guiSupport ? stdenv.isDarwin, pinentry
+}:
+
+assert guiSupport -> enableMinimal == false;
+
+stdenv.mkDerivation rec {
+  pname = "gnupg";
+  version = "2.2.41";
+
+  src = fetchurl {
+    url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
+    hash = "sha256-E/MpEAel6FRvy3vAxmEM5EqqmzmVBZ1PgUW6Cf1b4+E=";
+  };
+
+  depsBuildBuild = [ buildPackages.stdenv.cc ];
+  nativeBuildInputs = [ pkg-config texinfo ];
+  buildInputs = [
+    gettext libassuan libgcrypt libgpg-error libiconv libksba npth
+  ] ++ lib.optionals (!enableMinimal) [
+    adns bzip2 gnutls libusb1 openldap readline sqlite zlib
+  ];
+
+  patches = [
+    ./fix-libusb-include-path.patch
+    ./tests-add-test-cases-for-import-without-uid.patch
+    ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
+    ./22-allow-import-of-previously-known-keys-even-without-UI.patch
+  ];
+
+  postPatch = ''
+    sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' configure doc/dirmngr.texi doc/gnupg.info-1
+    # Fix broken SOURCE_DATE_EPOCH usage - remove on the next upstream update
+    sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.am
+    sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.in
+    '' + lib.optionalString (stdenv.isLinux && withPcsc) ''
+      sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
+    '';
+
+  configureFlags = [
+    "--with-libgpg-error-prefix=${libgpg-error.dev}"
+    "--with-libgcrypt-prefix=${libgcrypt.dev}"
+    "--with-libassuan-prefix=${libassuan.dev}"
+    "--with-ksba-prefix=${libksba.dev}"
+    "--with-npth-prefix=${npth}"
+  ]
+  ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentry.binaryPath or "bin/pinentry"}"
+  ++ lib.optional stdenv.isDarwin "--disable-ccid-driver";
+
+  postInstall = if enableMinimal
+  then ''
+    rm -r $out/{libexec,sbin,share}
+    for f in $(find $out/bin -type f -not -name gpg)
+    do
+      rm $f
+    done
+  '' else ''
+    mkdir -p $out/lib/systemd/user
+    for f in doc/examples/systemd-user/*.{service,socket} ; do
+      substitute $f $out/lib/systemd/user/$(basename $f) \
+        --replace /usr/bin $out/bin
+    done
+
+    # add gpg2 symlink to make sure git does not break when signing commits
+    ln -s $out/bin/gpg $out/bin/gpg2
+
+    # Make libexec tools available in PATH
+    for f in $out/libexec/; do
+      if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi
+      ln -s $f $out/bin/$(basename $f)
+    done
+
+    ln -s -t $out/bin $out/libexec/*
+  '';
+
+  enableParallelBuilding = true;
+
+  passthru.tests.connman = lib.nixosTests.gnupg;
+
+  meta = with lib; {
+    homepage = "https://gnupg.org";
+    changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=${pname}.git;a=blob;f=NEWS;hb=refs/tags/${pname}-${version}";
+    description = "LTS release of the GNU Privacy Guard, a GPL OpenPGP implementation";
+    license = licenses.gpl3Plus;
+    longDescription = ''
+      The GNU Privacy Guard is the GNU project's complete and free
+      implementation of the OpenPGP standard as defined by RFC4880.  GnuPG
+      "modern" (2.1) is the latest development with a lot of new features.
+      GnuPG allows to encrypt and sign your data and communication, features a
+      versatile key management system as well as access modules for all kind of
+      public key directories.  GnuPG, also known as GPG, is a command line tool
+      with features for easy integration with other applications.  A wealth of
+      frontend applications and libraries are available.  Version 2 of GnuPG
+      also provides support for S/MIME.
+    '';
+    maintainers = with maintainers; [ fpletz vrthra ];
+    platforms = platforms.all;
+    mainProgram = "gpg";
+  };
+}
diff --git a/nixpkgs/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch b/nixpkgs/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch
new file mode 100644
index 000000000000..8d4f703a3dd1
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch
@@ -0,0 +1,107 @@
+From: Vincent Breitmoser <look@my.amazin.horse>
+Date: Thu, 13 Jun 2019 21:27:42 +0200
+Subject: gpg: allow import of previously known keys, even without UIDs
+
+* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
+has no user id, as long as we already have a local variant of the cert
+that matches the primary key.
+
+--
+
+This fixes two of the three broken tests in import-incomplete.scm.
+
+GnuPG-Bug-id: 4393
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ g10/import.c | 44 +++++++++++---------------------------------
+ 1 file changed, 11 insertions(+), 33 deletions(-)
+
+
+diff --git a/g10/import.c b/g10/import.c
+index 9fab46ca6..61896a6bf 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl,
+   size_t an;
+   char pkstrbuf[PUBKEY_STRING_SIZE];
+   int merge_keys_done = 0;
+-  int any_filter = 0;
+   KEYDB_HANDLE hd = NULL;
+ 
+   if (r_valid)
+@@ -1992,13 +1991,6 @@ import_one_real (ctrl_t ctrl,
+     }
+ 
+ 
+-  if (!uidnode)
+-    {
+-      if (!silent)
+-        log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
+-      return 0;
+-    }
+-
+   if (screener && screener (keyblock, screener_arg))
+     {
+       log_error (_("key %s: %s\n"), keystr_from_pk (pk),
+@@ -2078,18 +2070,10 @@ import_one_real (ctrl_t ctrl,
+ 	  }
+     }
+ 
+-  /* Delete invalid parts and bail out if there are no user ids left.  */
+-  if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
+-    {
+-      if (!silent)
+-        {
+-          log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
+-          if (!opt.quiet)
+-            log_info(_("this may be caused by a missing self-signature\n"));
+-        }
+-      stats->no_user_id++;
+-      return 0;
+-    }
++ /* Delete invalid parts, and note if we have any valid ones left.
++  * We will later abort import if this key is new but contains
++  * no valid uids.  */
++  delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
+ 
+   /* Get rid of deleted nodes.  */
+   commit_kbnode (&keyblock);
+@@ -2099,24 +2083,11 @@ import_one_real (ctrl_t ctrl,
+     {
+       apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
+       commit_kbnode (&keyblock);
+-      any_filter = 1;
+     }
+   if (import_filter.drop_sig)
+     {
+       apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
+       commit_kbnode (&keyblock);
+-      any_filter = 1;
+-    }
+-
+-  /* If we ran any filter we need to check that at least one user id
+-   * is left in the keyring.  Note that we do not use log_error in
+-   * this case. */
+-  if (any_filter && !any_uid_left (keyblock))
+-    {
+-      if (!opt.quiet )
+-        log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
+-      stats->no_user_id++;
+-      return 0;
+     }
+ 
+   /* The keyblock is valid and ready for real import.  */
+@@ -2174,6 +2145,13 @@ import_one_real (ctrl_t ctrl,
+       err = 0;
+       stats->skipped_new_keys++;
+     }
++  else if (err && !any_uid_left (keyblock))
++    {
++      if (!silent)
++        log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
++      err = 0;
++      stats->no_user_id++;
++    }
+   else if (err)  /* Insert this key. */
+     {
+       /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY.  */
diff --git a/nixpkgs/pkgs/tools/security/gnupg/23.nix b/nixpkgs/pkgs/tools/security/gnupg/24.nix
index b93e533e6fd8..c8e313cd9cf5 100644
--- a/nixpkgs/pkgs/tools/security/gnupg/23.nix
+++ b/nixpkgs/pkgs/tools/security/gnupg/24.nix
@@ -1,53 +1,59 @@
-{ fetchurl, fetchpatch, lib, stdenv, pkg-config, libgcrypt, libassuan, libksba
-, libgpg-error, libiconv, npth, gettext, texinfo, buildPackages
-, guiSupport ? stdenv.isDarwin, enableMinimal ? false
-, adns, bzip2, gnutls, libusb1, openldap
-, tpm2-tss, pcsclite, pinentry, readline, sqlite, zlib
+{ lib, stdenv, fetchurl, buildPackages
+, pkg-config, texinfo
+, gettext, libassuan, libgcrypt, libgpg-error, libiconv, libksba, npth
+, adns, bzip2, gnutls, libusb1, openldap, readline, sqlite, zlib
+, enableMinimal ? false
+, withPcsc ? !enableMinimal, pcsclite
+, guiSupport ? stdenv.isDarwin, pinentry
+, withTpm2Tss ? !stdenv.isDarwin && !enableMinimal, tpm2-tss
 }:
 
 assert guiSupport -> enableMinimal == false;
 
 stdenv.mkDerivation rec {
   pname = "gnupg";
-  version = "2.3.7";
+  version = "2.4.0";
 
   src = fetchurl {
     url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
-    sha256 = "sha256-7hY6X7nsmf/BsY5l+u+NCGgAxXE9FaZyq1fTeZ2oNmk=";
+    hash = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM=";
   };
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
   nativeBuildInputs = [ pkg-config texinfo ];
   buildInputs = [
-    libgcrypt libassuan libksba libiconv npth gettext
-  ] ++ lib.optionals (!enableMinimal) ([
-    readline libusb1 gnutls adns openldap zlib bzip2 sqlite
-  ] ++ lib.optional (!stdenv.isDarwin) tpm2-tss);
+    gettext libassuan libgcrypt libgpg-error libiconv libksba npth
+  ] ++ lib.optionals (!enableMinimal) [
+    adns bzip2 gnutls libusb1 openldap readline sqlite zlib
+  ] ++ lib.optionals withTpm2Tss [ tpm2-tss ];
 
   patches = [
     ./fix-libusb-include-path.patch
     ./tests-add-test-cases-for-import-without-uid.patch
-    ./allow-import-of-previously-known-keys-even-without-UI.patch
     ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
-
+    ./24-allow-import-of-previously-known-keys-even-without-UI.patch
     # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27
     ./v3-0001-Disallow-compressed-signatures-and-certificates.patch
   ];
+
   postPatch = ''
     sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1
-  '' + lib.optionalString (stdenv.isLinux && (!enableMinimal)) ''
-    sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
-  '';
+    '' + lib.optionalString (stdenv.isLinux && withPcsc) ''
+      sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
+    '';
 
-  pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry";
   configureFlags = [
+    "--sysconfdir=/etc"
     "--with-libgpg-error-prefix=${libgpg-error.dev}"
     "--with-libgcrypt-prefix=${libgcrypt.dev}"
     "--with-libassuan-prefix=${libassuan.dev}"
     "--with-ksba-prefix=${libksba.dev}"
     "--with-npth-prefix=${npth}"
-  ] ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"
-  ++ lib.optional ((!stdenv.isDarwin) && (!enableMinimal)) "--with-tss=intel";
+  ]
+  ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentry.binaryPath or "bin/pinentry"}"
+  ++ lib.optional withTpm2Tss "--with-tss=intel"
+  ++ lib.optional stdenv.isDarwin "--disable-ccid-driver";
+
   postInstall = if enableMinimal
   then ''
     rm -r $out/{libexec,sbin,share}
@@ -70,12 +76,20 @@ stdenv.mkDerivation rec {
       if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi
       ln -s $f $out/bin/$(basename $f)
     done
+
+    for f in $out/libexec/; do
+      if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi
+      ln -s $f $out/bin/$(basename $f)
+    done
   '';
 
   enableParallelBuilding = true;
 
+  passthru.tests.connman = lib.nixosTests.gnupg;
+
   meta = with lib; {
     homepage = "https://gnupg.org";
+    changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=${pname}.git;a=blob;f=NEWS;hb=refs/tags/${pname}-${version}";
     description = "Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation";
     license = licenses.gpl3Plus;
     longDescription = ''
author	Alyssa Ross <hi@alyssa.is>	2023-06-16 06:56:35 +0000
committer	Alyssa Ross <hi@alyssa.is>	2023-06-16 06:56:35 +0000
commit	99fcaeccb89621dd492203ce1f2d551c06f228ed (patch)
tree	41cb730ae07383004789779b0f6e11cb3f4642a3 /nixpkgs/pkgs/tools/security/gnupg
parent	59c5f5ac8682acc13bb22bc29c7cf02f7d75f01f (diff)
parent	75a5ebf473cd60148ba9aec0d219f72e5cf52519 (diff)
download	nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.gz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.bz2 nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.lz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.xz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.zst nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.zip