diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix index 31a6bd2c4602..34561c3c33dd 100644 --- a/pkgs/tools/security/gnupg/21.nix +++ b/pkgs/tools/security/gnupg/21.nix @@ -13,15 +13,13 @@ with stdenv.lib; assert x11Support -> pinentry != null; stdenv.mkDerivation rec { - name = "gnupg-2.1.4"; + name = "gnupg-2.1.5"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "1c3c89b7ziknz6h1dnwmfjhgyy28g982rcncrhmhylb8v3npw4k4"; + sha256 = "0k5818r847zplbrwjp6i48s6xb5zy44rny2kmbisd6y3c1qml45m"; }; - patches = [ ./socket-activate-2.1.1.patch ]; - postPatch = stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; diff --git a/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch b/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch deleted file mode 100644 index 2c2d7b542501..000000000000 --- a/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch +++ /dev/null @@ -1,170 +0,0 @@ -Port Shea Levy's socket activation patch to version 2.1.1. - -diff -Naur gnupg-2.1.1-upstream/agent/gpg-agent.c gnupg-2.1.1/agent/gpg-agent.c ---- gnupg-2.1.1-upstream/agent/gpg-agent.c 2014-12-01 05:04:57.000000000 -0430 -+++ gnupg-2.1.1/agent/gpg-agent.c 2014-12-23 17:13:48.029286035 -0430 -@@ -125,7 +125,9 @@ - oPuttySupport, - oDisableScdaemon, - oDisableCheckOwnSocket, -- oWriteEnvFile -+ oWriteEnvFile, -+ oAgentFD, -+ oSSHAgentFD - }; - - -@@ -143,6 +145,8 @@ - ARGPARSE_group (301, N_("@Options:\n ")), - - ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")), -+ ARGPARSE_s_i (oAgentFD, "agent-fd", "@"), -+ ARGPARSE_s_i (oSSHAgentFD, "ssh-agent-fd", "@"), - ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")), - ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), - ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), -@@ -627,6 +631,31 @@ - return 1; /* handled */ - } - -+/* Handle agent socket(s) */ -+static void -+handle_agent_socks(int fd, int fd_extra, int fd_ssh) -+{ -+#ifndef HAVE_W32_SYSTEM -+ if (chdir("/")) -+ { -+ log_error ("chdir to / failed: %s\n", strerror (errno)); -+ exit (1); -+ } -+ -+ { -+ struct sigaction sa; -+ -+ sa.sa_handler = SIG_IGN; -+ sigemptyset (&sa.sa_mask); -+ sa.sa_flags = 0; -+ sigaction (SIGPIPE, &sa, NULL); -+ } -+#endif /*!HAVE_W32_SYSTEM*/ -+ -+ log_info ("%s %s started\n", strusage(11), strusage(13) ); -+ handle_connections (fd, fd_extra, fd_ssh); -+ assuan_sock_close (fd); -+} - - /* The main entry point. */ - int -@@ -643,6 +672,8 @@ - int default_config =1; - int pipe_server = 0; - int is_daemon = 0; -+ int fd_agent = GNUPG_INVALID_FD; -+ int fd_ssh_agent = GNUPG_INVALID_FD; - int nodetach = 0; - int csh_style = 0; - char *logfile = NULL; -@@ -850,6 +881,8 @@ - case oSh: csh_style = 0; break; - case oServer: pipe_server = 1; break; - case oDaemon: is_daemon = 1; break; -+ case oAgentFD: fd_agent = pargs.r.ret_int; break; -+ case oSSHAgentFD: fd_ssh_agent = pargs.r.ret_int; break; - - case oDisplay: default_display = xstrdup (pargs.r.ret_str); break; - case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break; -@@ -940,7 +973,8 @@ - bind_textdomain_codeset (PACKAGE_GT, "UTF-8"); - #endif - -- if (!pipe_server && !is_daemon && !gpgconf_list) -+ if (!pipe_server && !is_daemon && !gpgconf_list && -+ fd_agent == GNUPG_INVALID_FD) - { - /* We have been called without any options and thus we merely - check whether an agent is already running. We do this right -@@ -1090,6 +1124,10 @@ - agent_deinit_default_ctrl (ctrl); - xfree (ctrl); - } -+ else if (fd_agent != GNUPG_INVALID_FD) -+ { -+ handle_agent_socks(fd_agent, GNUPG_INVALID_FD, fd_ssh_agent); -+ } - else if (!is_daemon) - ; /* NOTREACHED */ - else -@@ -1287,26 +1325,8 @@ - log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED); - opt.running_detached = 1; - } -- -- if (chdir("/")) -- { -- log_error ("chdir to / failed: %s\n", strerror (errno)); -- exit (1); -- } -- -- { -- struct sigaction sa; -- -- sa.sa_handler = SIG_IGN; -- sigemptyset (&sa.sa_mask); -- sa.sa_flags = 0; -- sigaction (SIGPIPE, &sa, NULL); -- } --#endif /*!HAVE_W32_SYSTEM*/ -- -- log_info ("%s %s started\n", strusage(11), strusage(13) ); -- handle_connections (fd, fd_extra, fd_ssh); -- assuan_sock_close (fd); -+#endif /*!HAVE_W32_SYSTEM*/ -+ handle_agent_socks(fd, fd_extra, fd_ssh); - } - - return 0; -diff -Naur gnupg-2.1.1-upstream/doc/gpg-agent.texi gnupg-2.1.1/doc/gpg-agent.texi ---- gnupg-2.1.1-upstream/doc/gpg-agent.texi 2014-12-05 09:56:37.000000000 -0430 -+++ gnupg-2.1.1/doc/gpg-agent.texi 2014-12-23 16:26:38.366391186 -0430 -@@ -43,7 +43,15 @@ - .IR file ] - .RI [ options ] - .B \-\-daemon --.RI [ command_line ] -+.br -+.B gpg-agent -+.RB [ \-\-homedir -+.IR dir ] -+.RB [ \-\-options -+.IR file ] -+.RI [ options ] -+.B \-\-agent-fd -+.IR fd - @end ifset - - @mansect description -@@ -186,6 +194,11 @@ - a new process as a child of gpg-agent: @code{gpg-agent --daemon - /bin/sh}. This way you get a new shell with the environment setup - properly; if you exit from this shell, gpg-agent terminates as well. -+ -+@item --agent-fd @var{fd} -+@opindex agent-fd -+Start the gpg-agent using @var{fd} as the listening socket. This is useful for -+socket activation a la systemd and launchd. - @end table - - @mansect options -@@ -545,6 +558,12 @@ - remote machine. - - -+@item --ssh-agent-fd @var{fd} -+@opindex ssh-agent-fd -+ -+When starting the agent with @option{--agent-fd}, use this to pass in a socket -+to be used for the OpenSSH agent protocol. -+ - @anchor{option --enable-ssh-support} - @item --enable-ssh-support - @opindex enable-ssh-support