Skip to content

Commit

Permalink
app-crypt/gnupg: Fix broken ssh without smartcard USE flag
Browse files Browse the repository at this point in the history 
Gentoo-Bug: 611544

Package-Manager: Portage-2.3.3, Repoman-2.3.1
  • Loading branch information
@krifisk
krifisk committed Mar 6, 2017
1 parent 82cca4e commit 0e19c5d
Show file tree
Hide file tree
Showing 2 changed files with 209 additions and 0 deletions.
85 changes: 85 additions & 0 deletions app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
From 4ce4f2f683a17be3ddb93729f3f25014a97934ad Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <[email protected]>
Date: Mon, 6 Mar 2017 10:26:11 +0900
Subject: [PATCH 1/1] agent: For SSH, robustly handling scdaemon's errors.

* agent/command-ssh.c (card_key_list): Return 0 when
agent_card_serialno returns an error.
(ssh_handler_request_identities): Handle errors for card listing
and proceed to other cases.
--

GnuPG-bug-id: 2980

Signed-off-by: NIIBE Yutaka <[email protected]>
---
agent/command-ssh.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 79b8f85..3ab41cf 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2393,13 +2393,12 @@ card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result)
err = agent_card_serialno (ctrl, r_serialno, NULL);
if (err)
{
- if (gpg_err_code (err) == GPG_ERR_ENODEV)
- return 0; /* Nothing available. */
-
- if (opt.verbose)
+ if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose)
log_info (_("error getting serial number of card: %s\n"),
gpg_strerror (err));
- return err;
+
+ /* Nothing available. */
+ return 0;
}

err = agent_card_cardlist (ctrl, result);
@@ -2568,7 +2567,6 @@ ssh_handler_request_identities (ctrl_t ctrl,
gpg_error_t err;
int ret;
ssh_control_file_t cf = NULL;
- char *cardsn;
gpg_error_t ret_err;

(void)request;
@@ -2601,21 +2599,21 @@ ssh_handler_request_identities (ctrl_t ctrl,
if (opt.verbose)
log_info (_("error getting list of cards: %s\n"),
gpg_strerror (err));
- goto out;
+ goto scd_out;
}

for (sl = card_list; sl; sl = sl->next)
{
char *serialno0;
+ char *cardsn;
+
err = agent_card_serialno (ctrl, &serialno0, sl->d);
if (err)
{
if (opt.verbose)
log_info (_("error getting serial number of card: %s\n"),
gpg_strerror (err));
- xfree (serialno);
- free_strlist (card_list);
- goto out;
+ continue;
}

xfree (serialno0);
@@ -2640,6 +2638,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
free_strlist (card_list);
}

+ scd_out:
/* Then look at all the registered and non-disabled keys. */
err = open_control_file (&cf, 0);
if (err)
--
2.8.0.rc3

124 changes: 124 additions & 0 deletions app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

EAPI="6"

inherit eutils flag-o-matic toolchain-funcs

DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="http://www.gnupg.org/"
LICENSE="GPL-3"

MY_P="${P/_/-}"
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"

SLOT="0"
IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"

COMMON_DEPEND_LIBS="
>=dev-libs/npth-1.2
>=dev-libs/libassuan-2.4.3
>=dev-libs/libgcrypt-1.7.3
>=dev-libs/libgpg-error-1.24
>=dev-libs/libksba-1.3.4
>=net-misc/curl-7.10
gnutls? ( >=net-libs/gnutls-3.0:0= )
sys-libs/zlib
ldap? ( net-nds/openldap )
bzip2? ( app-arch/bzip2 )
readline? ( sys-libs/readline:0= )
smartcard? ( usb? ( virtual/libusb:0 ) )
tofu? ( >=dev-db/sqlite-3.7 )
"
COMMON_DEPEND_BINS="app-crypt/pinentry
!app-crypt/dirmngr"

# Existence of executables is checked during configuration.
DEPEND="${COMMON_DEPEND_LIBS}
${COMMON_DEPEND_BINS}
nls? ( sys-devel/gettext )
doc? ( sys-apps/texinfo )"

RDEPEND="${COMMON_DEPEND_LIBS}
${COMMON_DEPEND_BINS}
selinux? ( sec-policy/selinux-gpg )
nls? ( virtual/libintl )"

S="${WORKDIR}/${MY_P}"

DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
)

PATCHES=(
"${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
"${FILESDIR}"/${P}-solaris-ucred.patch
"${FILESDIR}"/${P}-ssh-no-scdaemon.patch
)

src_configure() {
local myconf=()

if use smartcard; then
myconf+=(
--enable-scdaemon
$(use_enable usb ccid-driver)
)
else
myconf+=( --disable-scdaemon )
fi

if use elibc_SunOS || use elibc_AIX; then
myconf+=( --disable-symcryptrun )
else
myconf+=( --enable-symcryptrun )
fi

# glib fails and picks up clang's internal stdint.h causing weird errors
[[ ${CC} == *clang ]] && \
export gl_cv_absolute_stdint_h=/usr/include/stdint.h

econf \
"${myconf[@]}" \
$(use_enable bzip2) \
$(use_enable gnutls) \
$(use_enable nls) \
$(use_enable tofu) \
$(use_enable wks-server wks-tools) \
$(use_with ldap) \
$(use_with readline) \
--enable-gpg \
--enable-gpgsm \
--enable-large-secmem \
--enable-tools \
CC_FOR_BUILD="$(tc-getBUILD_CC)"
}

src_compile() {
default

use doc && emake -C doc html
}

src_install() {
default

use tools &&
dobin \
tools/{convert-from-106,gpg-check-pattern} \
tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
tools/make-dns-cert
emake DESTDIR="${ED}" -f doc/Makefile uninstall-nobase_dist_docDATA

dosym gpg2 /usr/bin/gpg
dosym gpgv2 /usr/bin/gpgv
echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1

dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg

use doc && dodoc doc/gnupg.html/* doc/*.png
}

0 comments on commit 0e19c5d

Please sign in to comment.