%{!?dotests:%define DO_TESTS 1} %{?dotests:%define DO_TESTS 0} Name: gnupg2 Summary: A GNU utility for secure communication and data storage. Version: 2.2.35 Release: 1 License: GPLv3+ Group: Applications/System URL: https://www.gnupg.org Source0: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source1: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Patch0: gnupg2-2.2.35-aix.patch # needed for compatibility with system FIPS mode Patch1: gnupg-2.1.10-secmem.patch Patch2: gnupg-2.2.16-ocsp-keyusage.patch Patch3: gnupg-2.1.1-fips-algo.patch # allow 8192 bit RSA keys in keygen UI with large RSA Patch4: gnupg-2.2.23-large-rsa.patch Patch5: %{name}-2.2.9-g10-t-stutter-sync.patch Patch6: %{name}-2.2.19-aix-thread-init.patch Patch7: %{name}-2.2.9-aix-do-open64.patch # From Fedora (v2.2.27, different from v2.2.23) Patch8: gnupg-2.2.23-insttools-v2.patch # Fixes for issues found in Coverity scan - reported upstream # From Fedora (v2.2.27, different from v2.2.23) Patch9: gnupg-2.2.21-coverity-v2.patch # From Fedora 33 gnupg2 2.2.18 / 19 / 20 # fix missing uid on refresh from keys.openpgp.org # https://salsa.debian.org/debian/gnupg2/commit/f292beac1171c6c77faf41d1f88c2e0942ed4437 Patch10: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch Patch11: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch Patch12: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch BuildRequires: patch, make BuildRequires: libgcrypt-devel, libksba-devel, libassuan >= 2.5.3 BuildRequires: libgpg-error-devel >= 1.36 BuildRequires: libiconv >= 1.16 BuildRequires: npth-devel, gettext, bzip2, zlib-devel BuildRequires: curl-devel >= 7.67.0-1, readline-devel >= 8.0-2 BuildRequires: openldap-devel >= 2.4.50 Requires: libgcrypt >= 1.8.5-1, libksba >= 1.3.5-1, libassuan >= 2.5.3 Requires: libgpg-error >= 1.36 Requires: libiconv >= 1.16 Requires: npth >= 1.5, gettext >= 0.19.8.1-5, bzip2 >= 1.0.8-2, zlib >= 1.2.11-1 Requires: curl >= 7.67.0-1, readline >= 8.0-2 Requires: openldap >= 2.4.50 Requires: /sbin/install-info, info # Current list of requires from Fedora BuildRequires: bzip2-devel BuildRequires: libassuan-devel >= 2.5.3 BuildRequires: gnutls-devel BuildRequires: sqlite-devel Requires: gnutls >= 3.6.14, sqlite >= 3.32.1 # For testing - weak dependency because not required for public-key operations Recommends: pinentry Provides: gpg = %{version}-%{release} Provides: gnupg = %{version}-%{release} Provides: dirmngr = %{version}-%{release} %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. This package includes support for smart cards and S/MIME encryption and signing. %prep %setup -q -n gnupg-%{version} export PATH=/opt/freeware/bin:$PATH %patch0 %patch1 -p1 -b .secmem %patch2 -p1 -b .keyusage %patch3 -p1 -b .fips %patch4 -p0 -b .large-rsa %patch5 -p1 -b .g10-t-stutter-sync %patch6 -p1 -b .aix-thread-init %patch7 -p1 -b .aix-do-open64 %patch8 -p1 -b .insttools %patch9 -p1 -b .coverity %patch10 -p1 -b .test_missing_uid %patch11 -p1 -b .prev_known_key %patch12 -p1 -b .good_revoc rm -rf /tmp/%{name}-%{version}-32bit cp -pr . /tmp/%{name}-%{version}-32bit rm -fr * mv /tmp/%{name}-%{version}-32bit 32bit cp -pr 32bit 64bit %build export RM="/usr/bin/rm -f" cd 64bit # first build the 64-bit version export CC="gcc -maix64 -O2" export LDFLAGS="-L/opt/freeware/lib64 -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib" export OBJECT_MODE=64 ./configure -v \ --prefix=%{_prefix} \ --infodir=%{_infodir} \ --mandir=%{_mandir} \ --libexecdir=%{_libexecdir}64 \ --disable-gpgtar \ --disable-rpath \ --enable-g13 \ --enable-large-secmem \ --with-libintl-prefix=/opt/freeware \ --with-libiconv-prefix=/opt/freeware gmake %{?_smp_mflags} if [ "%{DO_TESTS}" == 1 ] then echo "Testing ${OBJECT_MODE} bit build" ( gmake -k check || true ) fi cd ../32bit # now build the 32-bit version export CC="gcc -maix32 -D_LARGE_FILES" export CFLAGS="-O2" export LDFLAGS="-L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib:/usr/lib:/lib -Wl,-bmaxdata:0x80000000" export OBJECT_MODE=32 ./configure -v \ --prefix=%{_prefix} \ --infodir=%{_infodir} \ --mandir=%{_mandir} \ --libexecdir=%{_libexecdir} \ --disable-gpgtar \ --disable-rpath \ --enable-g13 \ --enable-large-secmem \ --with-libintl-prefix=/opt/freeware \ --with-libiconv-prefix=/opt/freeware gmake %{?_smp_mflags} if [ "%{DO_TESTS}" == 1 ] then echo "Testing ${OBJECT_MODE} bit build" ( gmake -k check || true ) fi # There is a t-stringhelp test which fails compare "//bar" with "/bar" # if HOME=/ HOME=/tmp gmake check %install [ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} cd 64bit export OBJECT_MODE=64 gmake DESTDIR=${RPM_BUILD_ROOT} install docdir=%{_docdir}/%{name}-%{version} cp tools/gpg-zip tools/gpgsplit ${RPM_BUILD_ROOT}%{_bindir}/ sed 's^\.\./g[0-9\.]*/^^g' tools/lspgpot > lspgpot cp lspgpot ${RPM_BUILD_ROOT}%{_bindir}/lspgpot chmod 755 ${RPM_BUILD_ROOT}%{_bindir}/lspgpot rm -f ${RPM_BUILD_ROOT}%{_infodir}/dir gzip --best ${RPM_BUILD_ROOT}%{_infodir}/gnupg*.info* # gpgconf.conf mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/gnupg touch ${RPM_BUILD_ROOT}%{_sysconfdir}/gnupg/gpgconf.conf # more docs cp AUTHORS COPYING ChangeLog NEWS THANKS TODO \ ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ # rename files conflicting with gnupg-1.x mv -f ${RPM_BUILD_ROOT}%{_bindir}/gpgsplit ${RPM_BUILD_ROOT}%{_bindir}/gpg2-split mv -f ${RPM_BUILD_ROOT}%{_bindir}/gpg-zip ${RPM_BUILD_ROOT}%{_bindir}/gpg2-zip ( cd ${RPM_BUILD_ROOT}/%{_prefix}/bin for fic in $(ls -1| grep -v -e _32 -e _64) do mv $fic "$fic"_64 done cd ${RPM_BUILD_ROOT}/%{_prefix}/sbin for fic in $(ls -1| grep -v -e _32 -e _64) do mv $fic "$fic"_64 done ) #Install on 32bit mode cd ../32bit export OBJECT_MODE=32 gmake DESTDIR=${RPM_BUILD_ROOT} install docdir=%{_docdir}/%{name}-%{version} cp tools/gpg-zip tools/gpgsplit ${RPM_BUILD_ROOT}%{_bindir}/ /usr/bin/strip -X32_64 ${RPM_BUILD_ROOT}%{_bindir}/* || : sed 's^\.\./g[0-9\.]*/^^g' tools/lspgpot > lspgpot cp lspgpot ${RPM_BUILD_ROOT}%{_bindir}/lspgpot chmod 755 ${RPM_BUILD_ROOT}%{_bindir}/lspgpot rm -f ${RPM_BUILD_ROOT}%{_infodir}/dir gzip --best ${RPM_BUILD_ROOT}%{_infodir}/gnupg*.info* # gpgconf.conf mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/gnupg touch ${RPM_BUILD_ROOT}%{_sysconfdir}/gnupg/gpgconf.conf # more docs cp AUTHORS COPYING ChangeLog NEWS THANKS TODO \ ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ # rename files conflicting with gnupg-1.x mv -f ${RPM_BUILD_ROOT}%{_bindir}/gpgsplit ${RPM_BUILD_ROOT}%{_bindir}/gpg2-split mv -f ${RPM_BUILD_ROOT}%{_bindir}/gpg-zip ${RPM_BUILD_ROOT}%{_bindir}/gpg2-zip ( cd ${RPM_BUILD_ROOT}/%{_prefix}/bin for fic in $(ls -1| grep -v -e _32 -e _64) do mv $fic "$fic"_32 ln -sf "$fic"_64 $fic done cd ${RPM_BUILD_ROOT}/%{_prefix}/sbin for fic in $(ls -1| grep -v -e _32 -e _64) do mv $fic "$fic"_32 ln -sf "$fic"_64 $fic done ) %post if [ -f %{_infodir}/%{name}.info.gz ] ; then /sbin/install-info %{_infodir}/%{name}*.info.gz %{_infodir}/dir || : fi %preun if [ $1 = 0 ]; then if [ -f %{_infodir}/%{name}.info.gz ] ; then /sbin/install-info --delete %{_infodir}/%{name}.info.gz %{_infodir}/dir || : fi fi %clean [ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} %files %defattr(-,root,system) %{_docdir}/%{name}-%{version}/ %dir %{_sysconfdir}/gnupg %ghost %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %{_bindir}/* %{_sbindir}/* %{_libexecdir}/* %{_libexecdir}64/* %{_datadir}/gnupg/* %{_datadir}/locale/*/*/* %{_infodir}/* %{_mandir}/man?/* %changelog * Wed Jun 22 2022 Reshma V Kumar - 2.2.35-1 - Update to latest version * Tue Oct 20 2020 Rishita Saha - 2.2.23-1 - Updated to version 2.2.23 to fix CVE-2020-25125 - No longer shipping files in /usr * Wed Apr 08 2020 Rishita Saha - 2.2.20-1 - Updated to version 2.2.20 * Thu Oct 11 2018 Michael Wilson - 2.2.9-1 - Updated to version 2.2.9 - Removed Perzl changelog as the notes contained no useful information * Thu Nov 09 2017 Tony Reix - 2.0.30-1 - Updated to version 2.0.30 * Thu Sep 18 2014 Michael Perzl - 2.0.26-1 - updated to version 2.0.26