diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/gpgme')
5 files changed, 274 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/gpgme/default.nix b/nixpkgs/pkgs/development/libraries/gpgme/default.nix new file mode 100644 index 000000000000..c1c9460fad69 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/gpgme/default.nix @@ -0,0 +1,89 @@ +{ lib, stdenv, fetchurl, fetchpatch +, autoreconfHook, libgpgerror, gnupg, pkg-config, glib, pth, libassuan +, file, which, ncurses +, texinfo +, buildPackages +, qtbase ? null +, pythonSupport ? false, swig2 ? null, python ? null +}: + +let + inherit (stdenv.hostPlatform) system; +in + +stdenv.mkDerivation rec { + pname = "gpgme"; + version = "1.16.0"; + + src = fetchurl { + url = "mirror://gnupg/gpgme/${pname}-${version}.tar.bz2"; + sha256 = "1l4yw9fqc1blvx1sq1jnfvp1jijla3ca2jw90p4x9m8hvfpc933c"; + }; + + patches = [ + # probably included in > 1.16.0 + ./test_t-edit-sign.diff + # https://dev.gnupg.org/rMc4cf527ea227edb468a84bf9b8ce996807bd6992 + ./fix_gpg_list_keys.diff + # https://lists.gnupg.org/pipermail/gnupg-devel/2020-April/034591.html + (fetchpatch { + name = "0001-Fix-python-tests-on-non-Linux.patch"; + url = "https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200415/f7be62d1/attachment.obj"; + sha256 = "00d4sxq63601lzdp2ha1i8fvybh7dzih4531jh8bx07fab3sw65g"; + }) + # Disable python tests on Darwin as they use gpg (see configureFlags below) + ] ++ lib.optional stdenv.isDarwin ./disable-python-tests.patch + # Fix _AC_UNDECLARED_WARNING for autoconf≥2.70. See https://lists.gnupg.org/pipermail/gnupg-devel/2020-November/034643.html + ++ lib.optional stdenv.cc.isClang ./fix-clang-autoconf-undeclared-warning.patch; + + outputs = [ "out" "dev" "info" ]; + outputBin = "dev"; # gpgme-config; not so sure about gpgme-tool + + propagatedBuildInputs = + [ libgpgerror glib libassuan pth ] + ++ lib.optional (qtbase != null) qtbase; + + nativeBuildInputs = [ pkg-config gnupg texinfo autoreconfHook ] + ++ lib.optionals pythonSupport [ python swig2 which ncurses ]; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + + dontWrapQtApps = true; + + configureFlags = [ + "--enable-fixed-path=${gnupg}/bin" + "--with-libgpg-error-prefix=${libgpgerror.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + ] ++ lib.optional pythonSupport "--enable-languages=python" + # Tests will try to communicate with gpg-agent instance via a UNIX socket + # which has a path length limit. Nix on darwin is using a build directory + # that already has quite a long path and the resulting socket path doesn't + # fit in the limit. https://github.com/NixOS/nix/pull/1085 + ++ lib.optionals stdenv.isDarwin [ "--disable-gpg-test" ]; + + NIX_CFLAGS_COMPILE = toString ( + # qgpgme uses Q_ASSERT which retains build inputs at runtime unless + # debugging is disabled + lib.optional (qtbase != null) "-DQT_NO_DEBUG" + # https://www.gnupg.org/documentation/manuals/gpgme/Largefile-Support-_0028LFS_0029.html + ++ lib.optional (system == "i686-linux") "-D_FILE_OFFSET_BITS=64"); + + checkInputs = [ which ]; + + doCheck = true; + + meta = with lib; { + homepage = "https://gnupg.org/software/gpgme/index.html"; + changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=NEWS;hb=refs/tags/gpgme-${version}"; + description = "Library for making GnuPG easier to use"; + longDescription = '' + GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG + easier for applications. It provides a High-Level Crypto API for + encryption, decryption, signing, signature verification and key + management. + ''; + license = with licenses; [ lgpl21Plus gpl3Plus ]; + platforms = platforms.unix; + maintainers = with maintainers; [ ]; + }; +} diff --git a/nixpkgs/pkgs/development/libraries/gpgme/disable-python-tests.patch b/nixpkgs/pkgs/development/libraries/gpgme/disable-python-tests.patch new file mode 100644 index 000000000000..285af14fcc3e --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/gpgme/disable-python-tests.patch @@ -0,0 +1,12 @@ +diff -Naur --strip-trailing-cr gpgme-1.13.1.org/lang/python/Makefile.am gpgme-1.13.1/lang/python/Makefile.am +--- gpgme-1.13.1.org/lang/python/Makefile.am 2019-06-04 07:27:49.000000000 +0100 ++++ gpgme-1.13.1/lang/python/Makefile.am 2020-04-15 14:27:34.810172944 +0100 +@@ -23,7 +23,7 @@ + gpgme.i \ + helpers.c helpers.h private.h + +-SUBDIRS = . tests examples doc src ++SUBDIRS = . examples doc src + + .PHONY: prepare + prepare: copystamp diff --git a/nixpkgs/pkgs/development/libraries/gpgme/fix-clang-autoconf-undeclared-warning.patch b/nixpkgs/pkgs/development/libraries/gpgme/fix-clang-autoconf-undeclared-warning.patch new file mode 100644 index 000000000000..2d08f982ce6f --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/gpgme/fix-clang-autoconf-undeclared-warning.patch @@ -0,0 +1,36 @@ +diff -Naur gpgme.old/configure.ac gpgme.new/configure.ac +--- gpgme.old/configure.ac 2020-11-12 04:19:50.000000000 -0500 ++++ gpgme.new/configure.ac 2021-01-08 03:04:38.000000000 -0500 +@@ -166,6 +166,16 @@ + mym4_minor mym4_micro) + AC_SUBST(VERSION_NUMBER) + ++# Try to find a thread-safe version of ttyname(). ++gnupg_REPLACE_TTYNAME_R ++if test "$ac_cv_func_ttyname_r" != yes; then ++ AC_MSG_WARN([ ++*** ++*** ttyname() is not thread-safe and ttyname_r() does not exist ++***]) ++fi ++ ++ + # We need to compile and run a program on the build machine. A + # comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in + # the AC archive is broken for autoconf 2.57. Given that there is no +@@ -658,15 +668,6 @@ + + AC_FUNC_FSEEKO + +-# Try to find a thread-safe version of ttyname(). +-gnupg_REPLACE_TTYNAME_R +-if test "$ac_cv_func_ttyname_r" != yes; then +- AC_MSG_WARN([ +-*** +-*** ttyname() is not thread-safe and ttyname_r() does not exist +-***]) +-fi +- + # Try to find a thread-safe version of getenv(). + have_thread_safe_getenv=no + jm_GLIBC21 diff --git a/nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff b/nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff new file mode 100644 index 000000000000..bd8da4edd6e0 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff @@ -0,0 +1,12 @@ +diff --git a/src/engine-gpg.c b/src/engine-gpg.c +index b51ea173..4e74665e 100644 +--- a/src/engine-gpg.c ++++ b/src/engine-gpg.c +@@ -3005,6 +3005,7 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only, + gpg_error_t err; + + err = add_arg (gpg, "--with-colons"); ++ err = add_arg (gpg, "--with-keygrip"); + + /* Since gpg 2.1.15 fingerprints are always printed, thus there is + * no more need to explicitly request them. */ \ No newline at end of file diff --git a/nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff b/nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff new file mode 100644 index 000000000000..55075b9eb126 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff @@ -0,0 +1,125 @@ +From 81a33ea5e1b86d586b956e893a5b25c4cd41c969 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de> +Date: Sat, 26 Jun 2021 18:02:47 +0200 +Subject: [PATCH] core: Fix use-after-free issue in test + +* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New. +(main): Factored out signing and verifying the result. +-- + +Factoring the two steps of the test into different functions fixes the +use-after-free issue that was caused by accidentaly using a variable +of the first step in the second step. + +GnuPG-bug-id: 5509 +--- + tests/gpg/t-edit-sign.c | 54 ++++++++++++++++++++++++++++------------- + 1 file changed, 37 insertions(+), 17 deletions(-) + +diff --git a/tests/gpg/t-edit-sign.c b/tests/gpg/t-edit-sign.c +index 2f983622..e0494c54 100644 +--- a/tests/gpg/t-edit-sign.c ++++ b/tests/gpg/t-edit-sign.c +@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *status, const char *args, int fd) + } + + +-int +-main (int argc, char **argv) ++void ++sign_key (const char *key_fpr, const char *signer_fpr) + { + gpgme_ctx_t ctx; + gpgme_error_t err; + gpgme_data_t out = NULL; +- const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */ + gpgme_key_t signing_key = NULL; +- const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */ + gpgme_key_t key = NULL; +- gpgme_key_t signed_key = NULL; +- gpgme_user_id_t signed_uid = NULL; +- gpgme_key_sig_t key_sig = NULL; + char *agent_info; +- int mode; +- +- (void)argc; +- (void)argv; +- +- init_gpgme (GPGME_PROTOCOL_OpenPGP); + + err = gpgme_new (&ctx); + fail_if_err (err); + +- /* Sign the key */ + agent_info = getenv("GPG_AGENT_INFO"); + if (!(agent_info && strchr (agent_info, ':'))) + gpgme_set_passphrase_cb (ctx, passphrase_cb, 0); +@@ -159,8 +147,23 @@ main (int argc, char **argv) + gpgme_data_release (out); + gpgme_key_unref (key); + gpgme_key_unref (signing_key); ++ gpgme_release (ctx); ++} ++ ++ ++void ++verify_key_signature (const char *key_fpr, const char *signer_keyid) ++{ ++ gpgme_ctx_t ctx; ++ gpgme_error_t err; ++ gpgme_key_t signed_key = NULL; ++ gpgme_user_id_t signed_uid = NULL; ++ gpgme_key_sig_t key_sig = NULL; ++ int mode; ++ ++ err = gpgme_new (&ctx); ++ fail_if_err (err); + +- /* Verify the key signature */ + mode = gpgme_get_keylist_mode (ctx); + mode |= GPGME_KEYLIST_MODE_SIGS; + err = gpgme_set_keylist_mode (ctx, mode); +@@ -168,7 +171,7 @@ main (int argc, char **argv) + err = gpgme_get_key (ctx, key_fpr, &signed_key, 0); + fail_if_err (err); + +- signed_uid = key->uids; ++ signed_uid = signed_key->uids; + if (!signed_uid) + { + fprintf (stderr, "Signed key has no user IDs\n"); +@@ -180,7 +183,7 @@ main (int argc, char **argv) + exit (1); + } + key_sig = signed_uid->signatures->next; +- if (strcmp ("2D727CC768697734", key_sig->keyid)) ++ if (strcmp (signer_keyid, key_sig->keyid)) + { + fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n", + key_sig->keyid); +@@ -196,6 +199,23 @@ main (int argc, char **argv) + + gpgme_key_unref (signed_key); + gpgme_release (ctx); ++} ++ ++ ++int ++main (int argc, char **argv) ++{ ++ const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */ ++ const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16; ++ const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */ ++ ++ (void)argc; ++ (void)argv; ++ ++ init_gpgme (GPGME_PROTOCOL_OpenPGP); ++ ++ sign_key (key_fpr, signer_fpr); ++ verify_key_signature (key_fpr, signer_keyid); + + return 0; + } +-- +2.32.0 |