about summary refs log tree commit diff
path: root/nixpkgs/pkgs/development/libraries/gpgme
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/gpgme')
-rw-r--r--nixpkgs/pkgs/development/libraries/gpgme/default.nix89
-rw-r--r--nixpkgs/pkgs/development/libraries/gpgme/disable-python-tests.patch12
-rw-r--r--nixpkgs/pkgs/development/libraries/gpgme/fix-clang-autoconf-undeclared-warning.patch36
-rw-r--r--nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff12
-rw-r--r--nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff125
5 files changed, 274 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/gpgme/default.nix b/nixpkgs/pkgs/development/libraries/gpgme/default.nix
new file mode 100644
index 000000000000..c1c9460fad69
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/gpgme/default.nix
@@ -0,0 +1,89 @@
+{ lib, stdenv, fetchurl, fetchpatch
+, autoreconfHook, libgpgerror, gnupg, pkg-config, glib, pth, libassuan
+, file, which, ncurses
+, texinfo
+, buildPackages
+, qtbase ? null
+, pythonSupport ? false, swig2 ? null, python ? null
+}:
+
+let
+  inherit (stdenv.hostPlatform) system;
+in
+
+stdenv.mkDerivation rec {
+  pname = "gpgme";
+  version = "1.16.0";
+
+  src = fetchurl {
+    url = "mirror://gnupg/gpgme/${pname}-${version}.tar.bz2";
+    sha256 = "1l4yw9fqc1blvx1sq1jnfvp1jijla3ca2jw90p4x9m8hvfpc933c";
+  };
+
+  patches = [
+    # probably included in > 1.16.0
+    ./test_t-edit-sign.diff
+    # https://dev.gnupg.org/rMc4cf527ea227edb468a84bf9b8ce996807bd6992
+    ./fix_gpg_list_keys.diff
+    # https://lists.gnupg.org/pipermail/gnupg-devel/2020-April/034591.html
+    (fetchpatch {
+      name = "0001-Fix-python-tests-on-non-Linux.patch";
+      url = "https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200415/f7be62d1/attachment.obj";
+      sha256 = "00d4sxq63601lzdp2ha1i8fvybh7dzih4531jh8bx07fab3sw65g";
+    })
+    # Disable python tests on Darwin as they use gpg (see configureFlags below)
+  ] ++ lib.optional stdenv.isDarwin ./disable-python-tests.patch
+  # Fix _AC_UNDECLARED_WARNING for autoconf≥2.70. See https://lists.gnupg.org/pipermail/gnupg-devel/2020-November/034643.html
+  ++ lib.optional stdenv.cc.isClang ./fix-clang-autoconf-undeclared-warning.patch;
+
+  outputs = [ "out" "dev" "info" ];
+  outputBin = "dev"; # gpgme-config; not so sure about gpgme-tool
+
+  propagatedBuildInputs =
+    [ libgpgerror glib libassuan pth ]
+    ++ lib.optional (qtbase != null) qtbase;
+
+  nativeBuildInputs = [ pkg-config gnupg texinfo autoreconfHook ]
+  ++ lib.optionals pythonSupport [ python swig2 which ncurses ];
+
+  depsBuildBuild = [ buildPackages.stdenv.cc ];
+
+  dontWrapQtApps = true;
+
+  configureFlags = [
+    "--enable-fixed-path=${gnupg}/bin"
+    "--with-libgpg-error-prefix=${libgpgerror.dev}"
+    "--with-libassuan-prefix=${libassuan.dev}"
+  ] ++ lib.optional pythonSupport "--enable-languages=python"
+  # Tests will try to communicate with gpg-agent instance via a UNIX socket
+  # which has a path length limit. Nix on darwin is using a build directory
+  # that already has quite a long path and the resulting socket path doesn't
+  # fit in the limit. https://github.com/NixOS/nix/pull/1085
+    ++ lib.optionals stdenv.isDarwin [ "--disable-gpg-test" ];
+
+  NIX_CFLAGS_COMPILE = toString (
+    # qgpgme uses Q_ASSERT which retains build inputs at runtime unless
+    # debugging is disabled
+    lib.optional (qtbase != null) "-DQT_NO_DEBUG"
+    # https://www.gnupg.org/documentation/manuals/gpgme/Largefile-Support-_0028LFS_0029.html
+    ++ lib.optional (system == "i686-linux") "-D_FILE_OFFSET_BITS=64");
+
+  checkInputs = [ which ];
+
+  doCheck = true;
+
+  meta = with lib; {
+    homepage = "https://gnupg.org/software/gpgme/index.html";
+    changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=NEWS;hb=refs/tags/gpgme-${version}";
+    description = "Library for making GnuPG easier to use";
+    longDescription = ''
+      GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
+      easier for applications. It provides a High-Level Crypto API for
+      encryption, decryption, signing, signature verification and key
+      management.
+    '';
+    license = with licenses; [ lgpl21Plus gpl3Plus ];
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ ];
+  };
+}
diff --git a/nixpkgs/pkgs/development/libraries/gpgme/disable-python-tests.patch b/nixpkgs/pkgs/development/libraries/gpgme/disable-python-tests.patch
new file mode 100644
index 000000000000..285af14fcc3e
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/gpgme/disable-python-tests.patch
@@ -0,0 +1,12 @@
+diff -Naur --strip-trailing-cr gpgme-1.13.1.org/lang/python/Makefile.am gpgme-1.13.1/lang/python/Makefile.am
+--- gpgme-1.13.1.org/lang/python/Makefile.am	2019-06-04 07:27:49.000000000 +0100
++++ gpgme-1.13.1/lang/python/Makefile.am	2020-04-15 14:27:34.810172944 +0100
+@@ -23,7 +23,7 @@
+ 	gpgme.i \
+ 	helpers.c helpers.h private.h
+ 
+-SUBDIRS = . tests examples doc src
++SUBDIRS = . examples doc src
+ 
+ .PHONY: prepare
+ prepare: copystamp
diff --git a/nixpkgs/pkgs/development/libraries/gpgme/fix-clang-autoconf-undeclared-warning.patch b/nixpkgs/pkgs/development/libraries/gpgme/fix-clang-autoconf-undeclared-warning.patch
new file mode 100644
index 000000000000..2d08f982ce6f
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/gpgme/fix-clang-autoconf-undeclared-warning.patch
@@ -0,0 +1,36 @@
+diff -Naur gpgme.old/configure.ac gpgme.new/configure.ac
+--- gpgme.old/configure.ac	2020-11-12 04:19:50.000000000 -0500
++++ gpgme.new/configure.ac	2021-01-08 03:04:38.000000000 -0500
+@@ -166,6 +166,16 @@
+                           mym4_minor mym4_micro)
+ AC_SUBST(VERSION_NUMBER)
+ 
++# Try to find a thread-safe version of ttyname().
++gnupg_REPLACE_TTYNAME_R
++if test "$ac_cv_func_ttyname_r" != yes; then
++  AC_MSG_WARN([
++***
++*** ttyname() is not thread-safe and ttyname_r() does not exist
++***])
++fi
++
++
+ # We need to compile and run a program on the build machine.  A
+ # comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
+ # the AC archive is broken for autoconf 2.57.  Given that there is no
+@@ -658,15 +668,6 @@
+ 
+ AC_FUNC_FSEEKO
+ 
+-# Try to find a thread-safe version of ttyname().
+-gnupg_REPLACE_TTYNAME_R
+-if test "$ac_cv_func_ttyname_r" != yes; then
+-  AC_MSG_WARN([
+-***
+-*** ttyname() is not thread-safe and ttyname_r() does not exist
+-***])
+-fi
+-
+ # Try to find a thread-safe version of getenv().
+ have_thread_safe_getenv=no
+ jm_GLIBC21
diff --git a/nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff b/nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff
new file mode 100644
index 000000000000..bd8da4edd6e0
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff
@@ -0,0 +1,12 @@
+diff --git a/src/engine-gpg.c b/src/engine-gpg.c
+index b51ea173..4e74665e 100644
+--- a/src/engine-gpg.c
++++ b/src/engine-gpg.c
+@@ -3005,6 +3005,7 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only,
+   gpg_error_t err;
+ 
+   err = add_arg (gpg, "--with-colons");
++  err = add_arg (gpg, "--with-keygrip");
+ 
+   /* Since gpg 2.1.15 fingerprints are always printed, thus there is
+    * no more need to explicitly request them.  */
\ No newline at end of file
diff --git a/nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff b/nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff
new file mode 100644
index 000000000000..55075b9eb126
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff
@@ -0,0 +1,125 @@
+From 81a33ea5e1b86d586b956e893a5b25c4cd41c969 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
+Date: Sat, 26 Jun 2021 18:02:47 +0200
+Subject: [PATCH] core: Fix use-after-free issue in test
+
+* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New.
+(main): Factored out signing and verifying the result.
+--
+
+Factoring the two steps of the test into different functions fixes the
+use-after-free issue that was caused by accidentaly using a variable
+of the first step in the second step.
+
+GnuPG-bug-id: 5509
+---
+ tests/gpg/t-edit-sign.c | 54 ++++++++++++++++++++++++++++-------------
+ 1 file changed, 37 insertions(+), 17 deletions(-)
+
+diff --git a/tests/gpg/t-edit-sign.c b/tests/gpg/t-edit-sign.c
+index 2f983622..e0494c54 100644
+--- a/tests/gpg/t-edit-sign.c
++++ b/tests/gpg/t-edit-sign.c
+@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *status, const char *args, int fd)
+ }
+ 
+ 
+-int
+-main (int argc, char **argv)
++void
++sign_key (const char *key_fpr, const char *signer_fpr)
+ {
+   gpgme_ctx_t ctx;
+   gpgme_error_t err;
+   gpgme_data_t out = NULL;
+-  const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
+   gpgme_key_t signing_key = NULL;
+-  const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
+   gpgme_key_t key = NULL;
+-  gpgme_key_t signed_key = NULL;
+-  gpgme_user_id_t signed_uid = NULL;
+-  gpgme_key_sig_t key_sig = NULL;
+   char *agent_info;
+-  int mode;
+-
+-  (void)argc;
+-  (void)argv;
+-
+-  init_gpgme (GPGME_PROTOCOL_OpenPGP);
+ 
+   err = gpgme_new (&ctx);
+   fail_if_err (err);
+ 
+-  /* Sign the key */
+   agent_info = getenv("GPG_AGENT_INFO");
+   if (!(agent_info && strchr (agent_info, ':')))
+     gpgme_set_passphrase_cb (ctx, passphrase_cb, 0);
+@@ -159,8 +147,23 @@ main (int argc, char **argv)
+   gpgme_data_release (out);
+   gpgme_key_unref (key);
+   gpgme_key_unref (signing_key);
++  gpgme_release (ctx);
++}
++
++
++void
++verify_key_signature (const char *key_fpr, const char *signer_keyid)
++{
++  gpgme_ctx_t ctx;
++  gpgme_error_t err;
++  gpgme_key_t signed_key = NULL;
++  gpgme_user_id_t signed_uid = NULL;
++  gpgme_key_sig_t key_sig = NULL;
++  int mode;
++
++  err = gpgme_new (&ctx);
++  fail_if_err (err);
+ 
+-  /* Verify the key signature */
+   mode  = gpgme_get_keylist_mode (ctx);
+   mode |= GPGME_KEYLIST_MODE_SIGS;
+   err = gpgme_set_keylist_mode (ctx, mode);
+@@ -168,7 +171,7 @@ main (int argc, char **argv)
+   err = gpgme_get_key (ctx, key_fpr, &signed_key, 0);
+   fail_if_err (err);
+ 
+-  signed_uid = key->uids;
++  signed_uid = signed_key->uids;
+   if (!signed_uid)
+     {
+       fprintf (stderr, "Signed key has no user IDs\n");
+@@ -180,7 +183,7 @@ main (int argc, char **argv)
+       exit (1);
+     }
+   key_sig = signed_uid->signatures->next;
+-  if (strcmp ("2D727CC768697734", key_sig->keyid))
++  if (strcmp (signer_keyid, key_sig->keyid))
+     {
+       fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n",
+                 key_sig->keyid);
+@@ -196,6 +199,23 @@ main (int argc, char **argv)
+ 
+   gpgme_key_unref (signed_key);
+   gpgme_release (ctx);
++}
++
++
++int
++main (int argc, char **argv)
++{
++  const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
++  const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16;
++  const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
++
++  (void)argc;
++  (void)argv;
++
++  init_gpgme (GPGME_PROTOCOL_OpenPGP);
++
++  sign_key (key_fpr, signer_fpr);
++  verify_key_signature (key_fpr, signer_keyid);
+ 
+   return 0;
+ }
+-- 
+2.32.0
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-29 04:12:50 +0000