diff options
| author | Alyssa Ross <hi@alyssa.is> | 2019-07-03 16:34:01 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2019-07-03 16:39:28 +0000 |
| commit | 4cab72953c6a8823a85302e8f0303477d1b20ae9 (patch) | |
| tree | d4c814373bc0eb1f5f2aa615d545296e66e82a10 /pkgs/tools/security/gnupg | |
| parent | d50528376678da9b6e39e1f887cd9e5cc855d952 (diff) | |
| download | nixlib-4cab72953c6a8823a85302e8f0303477d1b20ae9.tar nixlib-4cab72953c6a8823a85302e8f0303477d1b20ae9.tar.gz nixlib-4cab72953c6a8823a85302e8f0303477d1b20ae9.tar.bz2 nixlib-4cab72953c6a8823a85302e8f0303477d1b20ae9.tar.lz nixlib-4cab72953c6a8823a85302e8f0303477d1b20ae9.tar.xz nixlib-4cab72953c6a8823a85302e8f0303477d1b20ae9.tar.zst nixlib-4cab72953c6a8823a85302e8f0303477d1b20ae9.zip | |
gnupg: vendor SKS patch
This quickly became a 404 upstream. Fixes https://github.com/NixOS/nixpkgs/64256.
Diffstat (limited to 'pkgs/tools/security/gnupg')
| -rw-r--r-- | pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch | 34 | ||||
| -rw-r--r-- | pkgs/tools/security/gnupg/22.nix | 5 |
2 files changed, 35 insertions, 4 deletions
diff --git a/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch b/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch new file mode 100644 index 000000000000..061fb0e8de9c --- /dev/null +++ b/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch @@ -0,0 +1,34 @@ +From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Sun, 30 Jun 2019 11:54:35 -0400 +Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool + +* dirmngr/http.c (http_session_new): when checking whether the +keyserver is the HKPS pool, check specifically against the pool name, +as ./configure might have been used to select a different default +keyserver. It makes no sense to apply Kristian's certificate +authority to anything other than the literal host +hkps.pool.sks-keyservers.net. + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +GnuPG-Bug-Id: 4593 +--- + dirmngr/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index 384f2569d..8e5d53939 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, + + is_hkps_pool = (intended_hostname + && !ascii_strcasecmp (intended_hostname, +- get_default_keyserver (1))); ++ "hkps.pool.sks-keyservers.net")); + + /* If the user has not specified a CA list, and they are looking + * for the hkps pool from sks-keyservers.net, then default to +-- +2.22.0 + diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index 359432791b7f..ecb1df73e397 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -32,10 +32,7 @@ stdenv.mkDerivation rec { patches = [ ./fix-libusb-include-path.patch - (fetchpatch { - url = https://files.gnupg.net/file/data/qmxjhc6kuja3orybj7st/PHID-FILE-vvzlnw36427pdnug2amc/file; - sha256 = "13snxkmlgmvn0rgxh5k2sgxkp5mbxqiznzm45sw649nvs3ccghq8"; - }) + ./0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch ]; postPatch = '' sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' \ |