From 9e39e011feeb75a9fda10af91a6d6fe9cb08323d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= Date: Fri, 24 Mar 2023 01:04:02 +0100 Subject: [PATCH 1/9] libgpg-error 1.46 198.15 -> 277.69 kB --- modules/libgpg-error | 5 +++-- patches/{libgpg-error-1.37.patch => libgpg-error-1.46.patch} | 0 2 files changed, 3 insertions(+), 2 deletions(-) rename patches/{libgpg-error-1.37.patch => libgpg-error-1.46.patch} (100%) diff --git a/modules/libgpg-error b/modules/libgpg-error index 4d978d744..28b01f32b 100644 --- a/modules/libgpg-error +++ b/modules/libgpg-error @@ -1,10 +1,10 @@ modules-$(CONFIG_GPG2) += libgpg-error -libgpg-error_version := 1.37 +libgpg-error_version := 1.46 libgpg-error_dir := libgpg-error-$(libgpg-error_version) libgpg-error_tar := libgpg-error-$(libgpg-error_version).tar.bz2 libgpg-error_url := https://gnupg.org/ftp/gcrypt/libgpg-error/$(libgpg-error_tar) -libgpg-error_hash := b32d6ff72a73cf79797f7f2d039e95e9c6f92f0c1450215410840ab62aea9763 +libgpg-error_hash := b7e11a64246bbe5ef37748de43b245abd72cfcd53c9ae5e7fc5ca59f1c81268d libgpg-error_configure := \ $(CROSS_TOOLS) \ @@ -17,6 +17,7 @@ libgpg-error_configure := \ --disable-languages \ --disable-doc \ --disable-tests \ + --enable-install-gpg-error-config \ libgpg-error_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ diff --git a/patches/libgpg-error-1.37.patch b/patches/libgpg-error-1.46.patch similarity index 100% rename from patches/libgpg-error-1.37.patch rename to patches/libgpg-error-1.46.patch From 1bd2f880909d1d7d577f8f10fff0b37f56623a9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= Date: Fri, 24 Mar 2023 01:32:53 +0100 Subject: [PATCH 2/9] libksba 1.4.0 -> 1.6.3 676.03 -> 408.95 kB \o/ --- modules/libksba | 4 ++-- patches/{libksba-1.4.0.patch => libksba-1.6.3.patch} | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) rename patches/{libksba-1.4.0.patch => libksba-1.6.3.patch} (96%) diff --git a/modules/libksba b/modules/libksba index 1cf0ae3ca..7230237a7 100644 --- a/modules/libksba +++ b/modules/libksba @@ -1,10 +1,10 @@ modules-$(CONFIG_GPG2) += libksba -libksba_version := 1.4.0 +libksba_version := 1.6.3 libksba_dir := libksba-$(libksba_version) libksba_tar := libksba-$(libksba_version).tar.bz2 libksba_url := https://gnupg.org/ftp/gcrypt/libksba/$(libksba_tar) -libksba_hash := bfe6a8e91ff0f54d8a329514db406667000cb207238eded49b599761bfca41b6 +libksba_hash := 3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c libksba_configure := \ $(CROSS_TOOLS) \ diff --git a/patches/libksba-1.4.0.patch b/patches/libksba-1.6.3.patch similarity index 96% rename from patches/libksba-1.4.0.patch rename to patches/libksba-1.6.3.patch index 3c0b8e245..e0f00267f 100644 --- a/patches/libksba-1.4.0.patch +++ b/patches/libksba-1.6.3.patch @@ -1,6 +1,6 @@ -diff -u -r libksba-1.3.5-clean/configure libksba-1.3.5/configure ---- libksba-1.3.5-clean/configure 2016-08-22 02:56:54.000000000 -0700 -+++ libksba-1.3.5/configure 2020-01-12 13:34:53.557259138 -0800 +diff -u -r libksba-1.4.0-clean/configure libksba-1.4.0/configure +--- libksba-1.4.0-clean/configure 2016-08-22 02:56:54.000000000 -0700 ++++ libksba-1.4.0/configure 2020-01-12 13:34:53.557259138 -0800 @@ -10734,7 +10734,7 @@ version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no From 5d9e70d13a5d7a4aec16d7b35f02191bce73049c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= Date: Fri, 24 Mar 2023 01:45:26 +0100 Subject: [PATCH 3/9] libassuan 2.5.3 -> 2.5.5 741.81 -> 502.42 kB --- modules/libassuan | 5 ++--- patches/{libassuan-2.5.3.patch => libassuan-2.5.5.patch} | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) rename patches/{libassuan-2.5.3.patch => libassuan-2.5.5.patch} (96%) diff --git a/modules/libassuan b/modules/libassuan index 816f11364..88467a3ce 100644 --- a/modules/libassuan +++ b/modules/libassuan @@ -1,10 +1,10 @@ modules-$(CONFIG_GPG2) += libassuan -libassuan_version := 2.5.3 +libassuan_version := 2.5.5 libassuan_dir := libassuan-$(libassuan_version) libassuan_tar := libassuan-$(libassuan_version).tar.bz2 libassuan_url := https://gnupg.org/ftp/gcrypt/libassuan/$(libassuan_tar) -libassuan_hash := 91bcb0403866b4e7c4bc1cc52ed4c364a9b5414b3994f718c70303f7f765e702 +libassuan_hash := 8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4 libassuan_configure := \ CFLAGS="-Os" \ @@ -13,7 +13,6 @@ libassuan_configure := \ --host $(MUSL_ARCH)-linux-musl \ --prefix "/" \ --disable-static \ - --disable-debug \ --with-gpg-error-prefix="$(INSTALL)" \ libassuan_target := $(MAKE_JOBS) \ diff --git a/patches/libassuan-2.5.3.patch b/patches/libassuan-2.5.5.patch similarity index 96% rename from patches/libassuan-2.5.3.patch rename to patches/libassuan-2.5.5.patch index ff27dbd27..3d24a7f26 100644 --- a/patches/libassuan-2.5.3.patch +++ b/patches/libassuan-2.5.5.patch @@ -1,6 +1,6 @@ -diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure ---- libassuan-2.5.1-clean/configure 2017-12-07 06:55:50.000000000 -0800 -+++ libassuan-2.5.1/configure 2020-01-12 13:39:50.655638965 -0800 +diff -u -r libassuan-2.5.5-clean/configure libassuan-2.5.5/configure +--- libassuan-2.5.5-clean/configure 2017-12-07 06:55:50.000000000 -0800 ++++ libassuan-2.5.5/configure 2020-01-12 13:39:50.655638965 -0800 @@ -10781,7 +10781,7 @@ version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no From aa3fb089f9e281df515f2843be2aa3fac3ee01e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= Date: Fri, 24 Mar 2023 02:03:03 +0100 Subject: [PATCH 4/9] libgcrypt 1.8.6 -> 1.10.1 562.01 -> 783.14 kB --- modules/libgcrypt | 5 +++-- ...ypt-1.8.6.patch => libgcrypt-1.10.1.patch} | 22 +++---------------- 2 files changed, 6 insertions(+), 21 deletions(-) rename patches/{libgcrypt-1.8.6.patch => libgcrypt-1.10.1.patch} (88%) diff --git a/modules/libgcrypt b/modules/libgcrypt index 13eb671b1..0df0bdfca 100644 --- a/modules/libgcrypt +++ b/modules/libgcrypt @@ -1,10 +1,10 @@ modules-$(CONFIG_GPG2) += libgcrypt -libgcrypt_version := 1.8.6 +libgcrypt_version := 1.10.1 libgcrypt_dir := libgcrypt-$(libgcrypt_version) libgcrypt_tar := libgcrypt-$(libgcrypt_version).tar.bz2 libgcrypt_url := https://gnupg.org/ftp/gcrypt/libgcrypt/$(libgcrypt_tar) -libgcrypt_hash := 0cba2700617b99fc33864a0c16b1fa7fdf9781d9ed3509f5d767178e5fd7b975 +libgcrypt_hash := ef14ae546b0084cd84259f61a55e07a38c3b53afc0f546bffcef2f01baffe9de libgcrypt_configure := \ $(CROSS_TOOLS) \ @@ -15,6 +15,7 @@ libgcrypt_configure := \ --disable-static \ --with-gpg-error-prefix="$(INSTALL)" \ --disable-asm \ + --disable-doc \ libgcrypt_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ diff --git a/patches/libgcrypt-1.8.6.patch b/patches/libgcrypt-1.10.1.patch similarity index 88% rename from patches/libgcrypt-1.8.6.patch rename to patches/libgcrypt-1.10.1.patch index efe2ccd9b..291030c4b 100644 --- a/patches/libgcrypt-1.8.6.patch +++ b/patches/libgcrypt-1.10.1.patch @@ -1,6 +1,6 @@ -diff -u -r libgcrypt-1.8.3-clean/configure libgcrypt-1.8.3/configure ---- libgcrypt-1.8.3-clean/configure 2018-06-13 00:39:33.000000000 -0700 -+++ libgcrypt-1.8.3/configure 2020-01-12 13:32:34.840010800 -0800 +diff -u -r libgcrypt-1.8.10-clean/configure libgcrypt-1.8.10/configure +--- libgcrypt-1.8.10-clean/configure 2018-06-13 00:39:33.000000000 -0700 ++++ libgcrypt-1.8.10/configure 2020-01-12 13:32:34.840010800 -0800 @@ -11292,7 +11292,7 @@ version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no @@ -174,19 +174,3 @@ diff -u -r libgcrypt-1.8.3-clean/configure libgcrypt-1.8.3/configure # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec -diff --git a/random/jitterentropy-base-user.h b/random/jitterentropy-base-user.h -index 75dd768..8a8dbd5 100644 ---- a/random/jitterentropy-base-user.h -+++ b/random/jitterentropy-base-user.h -@@ -86,9 +86,9 @@ jent_get_nstime(u64 *out) - * not rely on that extra little entropy. */ - if (!clock_gettime (CLOCK_REALTIME, &tv)) - { -- tmp = time.tv_sec; -+ tmp = tv.tv_sec; - tmp = tmp << 32; -- tmp = tmp | time.tv_nsec; -+ tmp = tmp | tv.tv_nsec; - } - else - tmp = 0; From 572857253dbec960ba5b62704c83e915b34f040c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= Date: Fri, 24 Mar 2023 03:33:16 +0100 Subject: [PATCH 5/9] gnupg 2.2.21 -> 2.4.0 830.63 -> 917.89 kB --- modules/gpg2 | 7 ++++--- patches/gpg2-2.2.21.patch | 27 --------------------------- patches/gpg2-2.4.0.patch | 23 +++++++++++++++++++++++ 3 files changed, 27 insertions(+), 30 deletions(-) delete mode 100644 patches/gpg2-2.2.21.patch create mode 100644 patches/gpg2-2.4.0.patch diff --git a/modules/gpg2 b/modules/gpg2 index e2f6175c7..2a40c976b 100644 --- a/modules/gpg2 +++ b/modules/gpg2 @@ -1,10 +1,10 @@ modules-$(CONFIG_GPG2) += gpg2 -gpg2_version := 2.2.21 +gpg2_version := 2.4.0 gpg2_dir := gnupg-$(gpg2_version) gpg2_tar := gnupg-$(gpg2_version).tar.bz2 gpg2_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg2_tar) -gpg2_hash := 61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec +gpg2_hash := 1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483 # For reproducibility reasons we have to override the exec_prefix # and datarootdir on the configure line so that the Makefiles will @@ -41,6 +41,7 @@ gpg2_configure := \ --disable-wks-tools \ --disable-gnutls \ --disable-dirmngr \ + --disable-ntbtls \ --disable-zip \ --disable-sqlite \ --disable-gpgsm \ @@ -53,6 +54,6 @@ gpg2_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ install -gpg2_output := g10/gpg agent/gpg-agent scd/scdaemon +gpg2_output := g10/gpg agent/gpg-agent scd/scdaemon tools/gpg-connect-agent gpg2_depends := libgpg-error libgcrypt libksba libassuan npth libusb-compat $(musl_dep) diff --git a/patches/gpg2-2.2.21.patch b/patches/gpg2-2.2.21.patch deleted file mode 100644 index 9591e6b94..000000000 --- a/patches/gpg2-2.2.21.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -u --recursive /home/tlaurion/build/clean/gnupg-2.2.10/configure gnupg-2.2.10/configure ---- /home/tlaurion/build/clean/gnupg-2.2.10/configure 2016-08-17 09:20:25.000000000 -0400 -+++ gnupg-2.2.10/configure 2018-01-20 16:55:14.502067084 -0500 -@@ -572,7 +572,7 @@ - ac_clean_files= - ac_config_libobj_dir=. - LIBOBJS= --cross_compiling=no -+cross_compiling=yes - subdirs= - MFLAGS= - MAKEFLAGS= -diff -u --recursive gnupg-2.2.10/common/ttyio.c gnupg-2.2.10/common/ttyio.c.mod ---- gnupg-2.2.10/common/ttyio.c 2017-08-28 06:22:54.000000000 -0400 -+++ gnupg-2.2.10/common/ttyio.c 2018-09-18 23:00:07.386250017 -0400 -@@ -190,7 +190,9 @@ - #elif defined (HAVE_W32CE_SYSTEM) - ttyfp = stderr; - #else -- ttyfp = batchmode? stderr : fopen (tty_get_ttyname (), "r+"); -+ //ttyfp = batchmode? stderr : fopen( tty_get_ttyname (), "r+"); -+ ttyfp = stderr; -+ - if( !ttyfp ) { - log_error("cannot open '%s': %s\n", tty_get_ttyname (), - strerror(errno) ); - diff --git a/patches/gpg2-2.4.0.patch b/patches/gpg2-2.4.0.patch new file mode 100644 index 000000000..ef94377b7 --- /dev/null +++ b/patches/gpg2-2.4.0.patch @@ -0,0 +1,23 @@ +diff -u --recursive gnupg-2.4.0/configure gnupg-2.4.0/configure +--- gnupg-2.4.0/configure 2016-08-17 09:20:25.000000000 -0400 ++++ gnupg-2.4.0/configure 2018-01-20 16:55:14.502067084 -0500 +@@ -572,7 +572,7 @@ + ac_clean_files= + ac_config_libobj_dir=. + LIBOBJS= +-cross_compiling=no ++cross_compiling=yes + subdirs= + MFLAGS= + MAKEFLAGS= +--- gnupg-2.4.0/common/ttyio.c.orig 2023-03-24 02:37:40.384435064 +0100 ++++ gnupg-2.4.0/common/ttyio.c 2023-03-24 02:38:21.825961221 +0100 +@@ -186,7 +186,7 @@ + SetConsoleMode (con.out, DEF_OUTMODE); + + #else /* Unix */ +- ttyfp = batchmode? stderr : fopen (tty_get_ttyname (), "r+"); ++ ttyfp = stderr; + if (!ttyfp) + { + log_error ("cannot open '%s': %s\n", tty_get_ttyname (), strerror(errno)); From 671bd54d3176975cbd5fcef5daebcbaee02b117b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= Date: Fri, 24 Mar 2023 04:17:21 +0100 Subject: [PATCH 6/9] Do not start second scdaemon for /etc/distro --- initrd/etc/distro/gpg-agent.conf | 1 + 1 file changed, 1 insertion(+) create mode 100644 initrd/etc/distro/gpg-agent.conf diff --git a/initrd/etc/distro/gpg-agent.conf b/initrd/etc/distro/gpg-agent.conf new file mode 100644 index 000000000..70afa0c8b --- /dev/null +++ b/initrd/etc/distro/gpg-agent.conf @@ -0,0 +1 @@ +disable-scdaemon From 04ba32681a303472766e982e6d9e1377c540b88b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= Date: Sun, 26 Mar 2023 20:35:49 +0200 Subject: [PATCH 7/9] libgcrypt: disconnect tests from the build Tests require libgpg-error library built for the host machine which we do not nessarily have in the build environment. --- patches/libgcrypt-1.10.1.patch | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/patches/libgcrypt-1.10.1.patch b/patches/libgcrypt-1.10.1.patch index 291030c4b..4ac608846 100644 --- a/patches/libgcrypt-1.10.1.patch +++ b/patches/libgcrypt-1.10.1.patch @@ -174,3 +174,22 @@ diff -u -r libgcrypt-1.8.10-clean/configure libgcrypt-1.8.10/configure # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +--- libgcrypt-1.10.1/Makefile.in.orig 2023-03-27 09:35:30.902000000 -0400 ++++ libgcrypt-1.10.1/Makefile.in 2023-03-27 09:37:17.803000000 -0400 +@@ -417,12 +417,12 @@ + GITLOG_TO_CHANGELOG = gitlog-to-changelog + @BUILD_DOC_FALSE@doc = + @BUILD_DOC_TRUE@doc = doc +-DIST_SUBDIRS = m4 compat mpi cipher random src doc tests +-SUBDIRS = compat mpi cipher random src $(doc) tests ++DIST_SUBDIRS = m4 compat mpi cipher random src doc ++SUBDIRS = compat mpi cipher random src $(doc) + EXTRA_DIST = autogen.sh autogen.rc README.GIT LICENSES \ + ChangeLog-2011 build-aux/ChangeLog-2011 doc/ChangeLog-2011 \ + m4/ChangeLog-2011 cipher/ChangeLog-2011 src/ChangeLog-2011 \ +- random/ChangeLog-2011 tests/ChangeLog-2011 mpi/ChangeLog-2011 \ ++ random/ChangeLog-2011 mpi/ChangeLog-2011 \ + build-aux/git-log-footer build-aux/git-log-fix VERSION + + DISTCLEANFILES = + From 84ac7ebb6ecefefa0e58a3ba6742f0c15922c7bd Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 28 Mar 2023 15:49:44 -0400 Subject: [PATCH 8/9] oem-factory-reset needed changes to comply with gpg 2.4 toolstack changes --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 6d5bd80ad..874820689 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -128,10 +128,10 @@ gpg_key_reset() echo ${ADMIN_PIN_DEF} echo ${USER_PIN_DEF} echo 0 - echo y echo ${GPG_USER_NAME} echo ${GPG_USER_MAIL} echo ${GPG_USER_COMMENT} + echo ${USER_PIN_DEF} } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \ > /tmp/gpg_card_edit_output 2>&1 if [ $? -ne 0 ]; then From 885651a58009a7d876c996d7810a032e1468bfff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= Date: Fri, 7 Apr 2023 01:51:44 +0200 Subject: [PATCH 9/9] With gpg 2.3+ user name can be empty --- initrd/bin/oem-factory-reset | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 874820689..639eb8610 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -508,13 +508,8 @@ if [ "$prompt_output" == "y" \ echo -e "We will generate a GnuPG (PGP) keypair identifiable with the following text form:" echo -e "Real Name (Comment) email@address.org" - echo -e "\nEnter your Real Name (At least 5 characters long):" + echo -e "\nEnter your Real Name (Optional):" read -r GPG_USER_NAME - while [[ ${#GPG_USER_NAME} -lt 5 ]]; do - { - echo -e "\nEnter your Real Name (At least 5 characters long):" - read -r GPG_USER_NAME - };done echo -e "\nEnter your email@adress.org:" read -r GPG_USER_MAIL