linuxboot · saper · Mar 24, 2023 · Mar 24, 2023 · Mar 24, 2023 · Mar 24, 2023
diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset
@@ -128,10 +128,10 @@ gpg_key_reset()
         echo ${ADMIN_PIN_DEF}
         echo ${USER_PIN_DEF}
         echo 0
-        echo y
         echo ${GPG_USER_NAME}
         echo ${GPG_USER_MAIL}
         echo ${GPG_USER_COMMENT}
+        echo ${USER_PIN_DEF}
     } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
         > /tmp/gpg_card_edit_output 2>&1
     if [ $? -ne 0 ]; then
@@ -508,13 +508,8 @@ if [ "$prompt_output" == "y" \
 	echo -e "We will generate a GnuPG (PGP) keypair identifiable with the following text form:"
 	echo -e "Real Name (Comment) email@address.org"
 
-	echo -e "\nEnter your Real Name (At least 5 characters long):"
+	echo -e "\nEnter your Real Name (Optional):"
 	read -r GPG_USER_NAME
-	while [[ ${#GPG_USER_NAME} -lt 5 ]]; do
-	{
-		echo -e "\nEnter your Real Name (At least 5 characters long):"
-		read -r GPG_USER_NAME
-	};done
 
 	echo -e "\nEnter your email@adress.org:"
 	read -r GPG_USER_MAIL

diff --git a/initrd/etc/distro/gpg-agent.conf b/initrd/etc/distro/gpg-agent.conf
@@ -0,0 +1 @@
+disable-scdaemon
diff --git a/modules/gpg2 b/modules/gpg2
@@ -1,10 +1,10 @@
 modules-$(CONFIG_GPG2) += gpg2
 
-gpg2_version := 2.2.21
+gpg2_version := 2.4.0
 gpg2_dir := gnupg-$(gpg2_version)
 gpg2_tar := gnupg-$(gpg2_version).tar.bz2
 gpg2_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg2_tar)
-gpg2_hash := 61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec
+gpg2_hash := 1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
 
 # For reproducibility reasons we have to override the exec_prefix
 # and datarootdir on the configure line so that the Makefiles will
@@ -41,6 +41,7 @@ gpg2_configure := \
 	--disable-wks-tools \
 	--disable-gnutls \
 	--disable-dirmngr \
+	--disable-ntbtls \
 	--disable-zip \
 	--disable-sqlite \
 	--disable-gpgsm \
@@ -53,6 +54,6 @@ gpg2_target := $(MAKE_JOBS) \
 		DESTDIR="$(INSTALL)" \
 		install
 
-gpg2_output := g10/gpg agent/gpg-agent scd/scdaemon
+gpg2_output := g10/gpg agent/gpg-agent scd/scdaemon tools/gpg-connect-agent
 
 gpg2_depends := libgpg-error libgcrypt libksba libassuan npth libusb-compat $(musl_dep)
diff --git a/modules/libassuan b/modules/libassuan
@@ -1,10 +1,10 @@
 modules-$(CONFIG_GPG2) += libassuan
 
-libassuan_version := 2.5.3
+libassuan_version := 2.5.5
 libassuan_dir := libassuan-$(libassuan_version)
 libassuan_tar := libassuan-$(libassuan_version).tar.bz2
 libassuan_url := https://gnupg.org/ftp/gcrypt/libassuan/$(libassuan_tar)
-libassuan_hash := 91bcb0403866b4e7c4bc1cc52ed4c364a9b5414b3994f718c70303f7f765e702
+libassuan_hash := 8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4
 
 libassuan_configure := \
 	CFLAGS="-Os" \
@@ -13,7 +13,6 @@ libassuan_configure := \
 	--host $(MUSL_ARCH)-linux-musl \
 	--prefix "/" \
 	--disable-static \
-	--disable-debug \
 	--with-gpg-error-prefix="$(INSTALL)" \
 
 libassuan_target := $(MAKE_JOBS) \

diff --git a/modules/libgcrypt b/modules/libgcrypt
@@ -1,10 +1,10 @@
 modules-$(CONFIG_GPG2) += libgcrypt
 
-libgcrypt_version := 1.8.6
+libgcrypt_version := 1.10.1
 libgcrypt_dir := libgcrypt-$(libgcrypt_version)
 libgcrypt_tar := libgcrypt-$(libgcrypt_version).tar.bz2
 libgcrypt_url := https://gnupg.org/ftp/gcrypt/libgcrypt/$(libgcrypt_tar)
-libgcrypt_hash := 0cba2700617b99fc33864a0c16b1fa7fdf9781d9ed3509f5d767178e5fd7b975
+libgcrypt_hash := ef14ae546b0084cd84259f61a55e07a38c3b53afc0f546bffcef2f01baffe9de
 
 libgcrypt_configure := \
 	$(CROSS_TOOLS) \
@@ -15,6 +15,7 @@ libgcrypt_configure := \
 	--disable-static \
 	--with-gpg-error-prefix="$(INSTALL)" \
 	--disable-asm \
+	--disable-doc \
 
 libgcrypt_target := $(MAKE_JOBS) \
 	DESTDIR="$(INSTALL)" \

diff --git a/modules/libgpg-error b/modules/libgpg-error
@@ -1,10 +1,10 @@
 modules-$(CONFIG_GPG2) += libgpg-error
 
-libgpg-error_version := 1.37
+libgpg-error_version := 1.46
 libgpg-error_dir := libgpg-error-$(libgpg-error_version)
 libgpg-error_tar := libgpg-error-$(libgpg-error_version).tar.bz2
 libgpg-error_url := https://gnupg.org/ftp/gcrypt/libgpg-error/$(libgpg-error_tar)
-libgpg-error_hash := b32d6ff72a73cf79797f7f2d039e95e9c6f92f0c1450215410840ab62aea9763
+libgpg-error_hash := b7e11a64246bbe5ef37748de43b245abd72cfcd53c9ae5e7fc5ca59f1c81268d
 
 libgpg-error_configure := \
 	$(CROSS_TOOLS) \
@@ -17,6 +17,7 @@ libgpg-error_configure := \
 	--disable-languages \
 	--disable-doc \
 	--disable-tests \
+	--enable-install-gpg-error-config \
 
 libgpg-error_target := $(MAKE_JOBS) \
 	DESTDIR="$(INSTALL)" \

diff --git a/modules/libksba b/modules/libksba
@@ -1,10 +1,10 @@
 modules-$(CONFIG_GPG2) += libksba
 
-libksba_version := 1.4.0
+libksba_version := 1.6.3
 libksba_dir := libksba-$(libksba_version)
 libksba_tar := libksba-$(libksba_version).tar.bz2
 libksba_url := https://gnupg.org/ftp/gcrypt/libksba/$(libksba_tar)
-libksba_hash := bfe6a8e91ff0f54d8a329514db406667000cb207238eded49b599761bfca41b6
+libksba_hash := 3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c
 
 libksba_configure := \
 	$(CROSS_TOOLS) \

diff --git a/patches/gpg2-2.2.21.patch b/patches/gpg2-2.2.21.patch
diff --git a/patches/gpg2-2.4.0.patch b/patches/gpg2-2.4.0.patch
@@ -0,0 +1,23 @@
+diff -u --recursive gnupg-2.4.0/configure gnupg-2.4.0/configure
+--- gnupg-2.4.0/configure	2016-08-17 09:20:25.000000000 -0400
++++ gnupg-2.4.0/configure	2018-01-20 16:55:14.502067084 -0500
+@@ -572,7 +572,7 @@
+ ac_clean_files=
+ ac_config_libobj_dir=.
+ LIBOBJS=
+-cross_compiling=no
++cross_compiling=yes
+ subdirs=
+ MFLAGS=
+ MAKEFLAGS=
+--- gnupg-2.4.0/common/ttyio.c.orig	2023-03-24 02:37:40.384435064 +0100
++++ gnupg-2.4.0/common/ttyio.c	2023-03-24 02:38:21.825961221 +0100
+@@ -186,7 +186,7 @@
+   SetConsoleMode (con.out, DEF_OUTMODE);
+
+ #else /* Unix */
+-  ttyfp = batchmode? stderr : fopen (tty_get_ttyname (), "r+");
++  ttyfp = stderr;
+   if (!ttyfp)
+     {
+       log_error ("cannot open '%s': %s\n", tty_get_ttyname (), strerror(errno));
diff --git a/patches/libassuan-2.5.3.patch → patches/libassuan-2.5.5.patch b/patches/libassuan-2.5.3.patch → patches/libassuan-2.5.5.patch
@@ -1,6 +1,6 @@
-diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
---- libassuan-2.5.1-clean/configure	2017-12-07 06:55:50.000000000 -0800
-+++ libassuan-2.5.1/configure	2020-01-12 13:39:50.655638965 -0800
+diff -u -r libassuan-2.5.5-clean/configure libassuan-2.5.5/configure
+--- libassuan-2.5.5-clean/configure	2017-12-07 06:55:50.000000000 -0800
++++ libassuan-2.5.5/configure	2020-01-12 13:39:50.655638965 -0800
 @@ -10781,7 +10781,7 @@
    version_type=linux # correct to gnu/linux during the next big refactor
    need_lib_prefix=no

diff --git a/patches/libgcrypt-1.8.6.patch → patches/libgcrypt-1.10.1.patch b/patches/libgcrypt-1.8.6.patch → patches/libgcrypt-1.10.1.patch
@@ -1,6 +1,6 @@
-diff -u -r libgcrypt-1.8.3-clean/configure libgcrypt-1.8.3/configure
---- libgcrypt-1.8.3-clean/configure	2018-06-13 00:39:33.000000000 -0700
-+++ libgcrypt-1.8.3/configure	2020-01-12 13:32:34.840010800 -0800
+diff -u -r libgcrypt-1.8.10-clean/configure libgcrypt-1.8.10/configure
+--- libgcrypt-1.8.10-clean/configure	2018-06-13 00:39:33.000000000 -0700
++++ libgcrypt-1.8.10/configure	2020-01-12 13:32:34.840010800 -0800
 @@ -11292,7 +11292,7 @@
    version_type=linux # correct to gnu/linux during the next big refactor
    need_lib_prefix=no
@@ -174,19 +174,22 @@ diff -u -r libgcrypt-1.8.3-clean/configure libgcrypt-1.8.3/configure
 
  # Compile-time system search path for libraries.
  sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-diff --git a/random/jitterentropy-base-user.h b/random/jitterentropy-base-user.h
-index 75dd768..8a8dbd5 100644
---- a/random/jitterentropy-base-user.h
-+++ b/random/jitterentropy-base-user.h
-@@ -86,9 +86,9 @@ jent_get_nstime(u64 *out)
-    * not rely on that extra little entropy.  */
-   if (!clock_gettime (CLOCK_REALTIME, &tv))
-     {
--      tmp = time.tv_sec;
-+      tmp = tv.tv_sec;
-       tmp = tmp << 32;
--      tmp = tmp | time.tv_nsec;
-+      tmp = tmp | tv.tv_nsec;
-     }
-   else
-     tmp = 0;
+--- libgcrypt-1.10.1/Makefile.in.orig	2023-03-27 09:35:30.902000000 -0400
++++ libgcrypt-1.10.1/Makefile.in	2023-03-27 09:37:17.803000000 -0400
+@@ -417,12 +417,12 @@
+ GITLOG_TO_CHANGELOG = gitlog-to-changelog
+ @BUILD_DOC_FALSE@doc = 
+ @BUILD_DOC_TRUE@doc = doc
+-DIST_SUBDIRS = m4 compat mpi cipher random src doc tests
+-SUBDIRS = compat mpi cipher random src $(doc) tests
++DIST_SUBDIRS = m4 compat mpi cipher random src doc
++SUBDIRS = compat mpi cipher random src $(doc)
+ EXTRA_DIST = autogen.sh autogen.rc README.GIT LICENSES      	           \
+              ChangeLog-2011 build-aux/ChangeLog-2011 doc/ChangeLog-2011    \
+              m4/ChangeLog-2011 cipher/ChangeLog-2011 src/ChangeLog-2011    \
+-             random/ChangeLog-2011 tests/ChangeLog-2011 mpi/ChangeLog-2011 \
++             random/ChangeLog-2011 mpi/ChangeLog-2011 \
+              build-aux/git-log-footer build-aux/git-log-fix VERSION
+
+ DISTCLEANFILES = 
+
diff --git a/patches/libgpg-error-1.37.patch → patches/libgpg-error-1.46.patch b/patches/libgpg-error-1.37.patch → patches/libgpg-error-1.46.patch
diff --git a/patches/libksba-1.4.0.patch → patches/libksba-1.6.3.patch b/patches/libksba-1.4.0.patch → patches/libksba-1.6.3.patch
@@ -1,6 +1,6 @@
-diff -u -r libksba-1.3.5-clean/configure libksba-1.3.5/configure
---- libksba-1.3.5-clean/configure	2016-08-22 02:56:54.000000000 -0700
-+++ libksba-1.3.5/configure	2020-01-12 13:34:53.557259138 -0800
+diff -u -r libksba-1.4.0-clean/configure libksba-1.4.0/configure
+--- libksba-1.4.0-clean/configure	2016-08-22 02:56:54.000000000 -0700
++++ libksba-1.4.0/configure	2020-01-12 13:34:53.557259138 -0800
 @@ -10734,7 +10734,7 @@
    version_type=linux # correct to gnu/linux during the next big refactor
    need_lib_prefix=no