gnupg: remove ignore expiry patch

There's now a flag to do this.

3 files changed, 0 insertions, 88 deletions

diff --git a/overlays/patches/default.nix b/overlays/patches/default.nix
index 8770349330e1..b57a87683f87 100644
--- a/overlays/patches/default.nix
+++ b/overlays/patches/default.nix
@@ -8,8 +8,6 @@ self: super: {
     llvmPackages = self.llvmPackages_latest;
   };
 
-  gnupg = self.callPackage ./gnupg { inherit (super) gnupg; };
-
   mailmanPackages = super.mailmanPackages.extend (self: super: {
     web = self.callPackage mailman/web.nix { inherit (super) web; };
   });
diff --git a/overlays/patches/gnupg/VERY-BAD-allow-signing-with-expired-keys.patch b/overlays/patches/gnupg/VERY-BAD-allow-signing-with-expired-keys.patch
deleted file mode 100644
index 6c4187d8620e..000000000000
--- a/overlays/patches/gnupg/VERY-BAD-allow-signing-with-expired-keys.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 76d4bdc4a906ac54013fae1bddaae10a13b059cc Mon Sep 17 00:00:00 2001
-From: Alyssa Ross <hi@alyssa.is>
-Date: Fri, 31 Jul 2020 06:10:00 +0000
-Subject: [PATCH] VERY BAD: allow signing with expired keys
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This probably has very bad side effects.  Will expiration dates still
-be checked when verifying signatures, for example?  Who knows‽
----
- g10/getkey.c  | 18 ++++++++----------
- g10/pkclist.c |  3 +--
- 2 files changed, 9 insertions(+), 12 deletions(-)
-
-diff --git a/g10/getkey.c b/g10/getkey.c
-index cafed3a9a..95783bee4 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -1986,9 +1986,9 @@ parse_def_secret_key (ctrl_t ctrl)
-           if (pk->has_expired)
-             {
-               if (DBG_LOOKUP)
--                log_debug ("not using %s as default key, %s",
--                           keystr_from_pk (pk), "expired");
--              continue;
-+                log_debug ("%s has expired, but let's ignore that",
-+                           keystr_from_pk (pk));
-+              /* continue; */
-             }
-           if (pk_is_disabled (pk))
-             {
-@@ -3600,9 +3600,9 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
- 	  if (pk->has_expired)
- 	    {
- 	      if (DBG_LOOKUP)
--		log_debug ("\tsubkey has expired\n");
-+	  	log_debug ("\tsubkey has expired but let's ignored that\n");
-               n_revoked_or_expired++;
--	      continue;
-+	      /* continue; */
- 	    }
- 	  if (pk->timestamp > curtime && !opt.ignore_valid_from)
- 	    {
-@@ -3665,13 +3665,11 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
- 	  if (DBG_LOOKUP)
- 	    log_debug ("\tprimary key has been revoked\n");
- 	}
--      else if (pk->has_expired)
--	{
--	  if (DBG_LOOKUP)
--	    log_debug ("\tprimary key has expired\n");
--	}
-       else /* Okay.  */
- 	{
-+	  if (pk->has_expired && DBG_LOOKUP)
-+	    log_debug ("\tprimary key has expired but let's ignore that\n");
-+
- 	  if (DBG_LOOKUP)
- 	    log_debug ("\tprimary key may be used\n");
- 	  latest_key = keyblock;
-diff --git a/g10/pkclist.c b/g10/pkclist.c
-index 542164949..6cdd8a35c 100644
---- a/g10/pkclist.c
-+++ b/g10/pkclist.c
-@@ -412,8 +412,7 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
-   /* We should not be able to get here with a revoked or expired
-      key */
-   if(trustlevel & TRUST_FLAG_REVOKED
--     || trustlevel & TRUST_FLAG_SUB_REVOKED
--     || (trustlevel & TRUST_MASK) == TRUST_EXPIRED)
-+     || trustlevel & TRUST_FLAG_SUB_REVOKED)
-     BUG();
- 
-   if( opt.trust_model==TM_ALWAYS )
--- 
-2.27.0
-
diff --git a/overlays/patches/gnupg/default.nix b/overlays/patches/gnupg/default.nix
deleted file mode 100644
index 35000019c0b0..000000000000
--- a/overlays/patches/gnupg/default.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ gnupg, ... } @ args:
-
-(gnupg.override (builtins.removeAttrs args [ "gnupg" ])).overrideAttrs (
-  { patches ? [], ... }:
-  {
-    patches = patches ++ [ ./VERY-BAD-allow-signing-with-expired-keys.patch ];
-  }
-)