diff options
3 files changed, 204 insertions, 0 deletions
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 59f7652f5ad6..8b4089714cd8 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -4,3 +4,5 @@ DIST gnupg-2.2.43.tar.bz2 7435426 BLAKE2B ddf5c89d317e6ce8d1a5348f0ef81ffa1c61c9
DIST gnupg-2.2.43.tar.bz2.sig 119 BLAKE2B 38fd3790f5065d67d6b5323ef7abbb79facf00e5b9daba98e5078302fc3887423173ba434c7eff1e64faecef88d87aab9c057c570d6e96e8d0808f07f32d8fa1 SHA512 47c5354869b1825e56fa4276826fcde1ee41c70aab9b411686cf2733f4d1df9c006049e49e066b22e475bd37b337f9ffc97f8bbca0c62c0f32296909464a0643
DIST gnupg-2.4.5.tar.bz2 7889060 BLAKE2B a8b80cd4dfbb377066efb5c9f1b6cdc6d0cd1b18358c962781b5c06de1545117b13038a4655ae627c36bfd2e5fee127692df8729d6b23e1b31051ab6d897b733 SHA512 4d54744f09399c5899144d0cb5fdc2756e45b058db41b9ea9df3be03e80b914509e16ef35aa0248e7561185b80f7a5f9fd6afcab8ccff75ff82ed555448a38ff
DIST gnupg-2.4.5.tar.bz2.sig 238 BLAKE2B b236e7d62f49c8385f4fb81389bf10715d9c0a0cb5c0b4c20fb6ff1465d05a3c3657061284db23af988a1ca16c9fa393af3ce5cbd27934501eb41a4f448fff0a SHA512 5a06970e499d1eb5213b142a8a182e46f5f21b7cb32785a9e5069378797c124e151ce74727382003820042d60fd7a2f909143f44aa9ef282605875e1cab04aef
+DIST gnupg-2.5.1.tar.bz2 8126739 BLAKE2B 46955d2eebe14395adc0fdf81e89a32f3f9baaabfe1eee78f256a1fab25ce6fdb96b873678cfeb5e4abf4894c7ab4908359ed04cc6571ff442dcc5325b3ccd66 SHA512 733a11ff24145e23dd7d34d954a70c25bf70ecb1d517b8e15cc34bf690786c9f7007e4e99cde573500ac012852e91b29568fed00491f8c8254b3fb63ca5777cd
+DIST gnupg-2.5.1.tar.bz2.sig 238 BLAKE2B cd024a63ecb82a12e92444cbff8dbc9bef6a4e436d59957aae77927cce0baf9e282e63df7a5159a521c7c8694a0dbe96d6537ad3ec5f779c7c0dea8d02b5e70d SHA512 8ffd5cc72a2907972bf1854e804f6c215ff66ba2d6e91952700f49b2b5ba8bab035d0f42efdb0d3c3166301cda6e716394928bdd9c0d0d1e1789a02c7aa1a926
diff --git a/app-crypt/gnupg/gnupg-2.5.1.ebuild b/app-crypt/gnupg/gnupg-2.5.1.ebuild
new file mode 100644
index 000000000000..382e366f6c0d
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.5.1.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# Maintainers should:
+# 1. Join the "Gentoo" project at
+# 2. Subscribe to release tasks like
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+# in-source builds are not supported:
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from!
+ >=dev-libs/libassuan-2.5.0:=
+ >=dev-libs/libgcrypt-1.9.1:=
+ >=dev-libs/libgpg-error-1.46
+ >=dev-libs/libksba-1.6.3
+ >=dev-libs/npth-1.2
+ >=net-misc/curl-7.10
+ sys-libs/zlib
+ bzip2? ( app-arch/bzip2 )
+ ldap? ( net-nds/openldap:= )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:1 ) )
+ tofu? ( >=dev-db/sqlite-3.27 )
+ tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+ ssl? ( >=net-libs/gnutls-3.2:0= )
+ nls? ( virtual/libintl )
+ selinux? ( sec-policy/selinux-gpg )
+ wks-server? ( virtual/mta )
+ app-crypt/pinentry
+ virtual/pkgconfig
+ doc? ( sys-apps/texinfo )
+ nls? ( sys-devel/gettext )
+ verify-sig? ( sec-keys/openpgp-keys-gnupg )
+ "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+ "${FILESDIR}"/${PN}-2.4.5-revert-rfc4880bis.patch # bug #926186
+src_prepare() {
+ default
+ dirmngr.service
+ dirmngr.socket
+ gpg-agent-browser.socket
+ gpg-agent-extra.socket
+ gpg-agent.service
+ gpg-agent.socket
+ gpg-agent-ssh.socket
+ )
+ cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+ # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+ # idea borrowed from libdbus, see
+ #
+ #
+ # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+ # which in turn requires discovery in Autoconf, something that upstream deeply resents.
+ sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+ -i "${T}"/gpg-agent-ssh.socket || die
+ # definition of getpeername etc uses different things like socket_fd_t
+ [[ ${CHOST} == *-solaris* ]] &&
+ append-cflags $(test-flags-CC -Wno-incompatible-pointer-types)
+my_src_configure() {
+ # Upstream don't support LTO, bug #854222.
+ filter-lto
+ local myconf=(
+ $(use_enable bzip2)
+ $(use_enable nls)
+ $(use_enable smartcard scdaemon)
+ $(use_enable ssl gnutls)
+ $(use_enable test all-tests)
+ $(use_enable test tests)
+ $(use_enable tofu)
+ $(use_enable tofu keyboxd)
+ $(use_enable tofu sqlite)
+ $(usex tpm '--with-tss=intel' '--disable-tpm2d')
+ $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+ $(use_enable wks-server wks-tools)
+ $(use_with ldap)
+ $(use_with readline)
+ # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+ # As of GnuPG 2.3, the mailprog substitution is used for the binary called
+ # by wks-client & wks-server; and if it's autodetected but not not exist at
+ # build time, then then 'gpg-wks-client --send' functionality will not
+ # work. This has an unwanted side-effect in stage3 builds: there was a
+ # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+ # the build where the install guide previously make the user chose the
+ # logger & mta early in the install.
+ --with-mailprog=/usr/libexec/sendmail
+ --disable-ntbtls
+ --enable-gpgsm
+ --enable-large-secmem
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+ GPGRT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpgrt-config"
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+ )
+ if use prefix && use usb; then
+ # bug #649598
+ append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+ fi
+ # bug #663142
+ if use user-socket; then
+ myconf+=( --enable-run-gnupg-user-socket )
+ fi
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+ econf "${myconf[@]}"
+my_src_compile() {
+ default
+ use doc && emake -C doc html
+my_src_test() {
+ export TESTFLAGS="--parallel=$(makeopts_jobs)"
+ default
+my_src_install() {
+ emake DESTDIR="${D}" install
+ use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+ dosym gpg /usr/bin/gpg2
+ dosym gpgv /usr/bin/gpgv2
+ echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+ echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+ use doc && dodoc doc/gnupg.html/*
+my_src_install_all() {
+ einstalldocs
+ use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+ use doc && dodoc doc/*.png
+ # Dropped upstream in;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+ dodoc "${FILESDIR}"/README-systemd
+ systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
diff --git a/profiles/package.mask b/profiles/package.mask
index 219d27be4fd0..5529b91f50bf 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -33,6 +33,11 @@
+# Robin H. Johnson <> (2024-09-22)
+# Upstream testing release; fails some tests as well here
+# Beware that if you upgrade to it, you may need to reset your keyrings.
# Michał Górny <> (2024-09-21)
# Discontinued upstream. Since 7.3.17, only 2.7 and 3.10 are released.
# Vulnerable.