kumquat-buildroot/package/gnupg/gnupg.mk

90 lines
2.1 KiB
Makefile
Raw Normal View History

################################################################################
#
# gnupg
#
################################################################################
GNUPG_VERSION = 1.4.23
GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG_LICENSE = GPL-3.0+
GNUPG_LICENSE_FILES = COPYING
GNUPG_DEPENDENCIES = zlib $(if $(BR2_PACKAGE_LIBICONV),libiconv)
GNUPG_CONF_ENV = ac_cv_sys_symbol_underscore=no
GNUPG_CONF_OPTS = \
--disable-rpath \
--enable-minimal \
--disable-regex \
--enable-sha256 \
--enable-sha512
HOST_GNUPG_DEPENDENCIES = host-zlib
HOST_GNUPG_CONF_OPTS = \
--disable-rpath \
--enable-minimal \
--disable-regex \
--enable-sha256 \
--enable-sha512 \
--enable-aes \
--enable-rsa \
--without-libcurl \
--without-readline
# gnupg doesn't support assembly for coldfire
ifeq ($(BR2_m68k_cf),y)
GNUPG_CONF_OPTS += --disable-asm
endif
ifeq ($(BR2_PACKAGE_BZIP2),y)
GNUPG_CONF_OPTS += --enable-bzip2
GNUPG_DEPENDENCIES += bzip2
endif
ifeq ($(BR2_PACKAGE_LIBCURL),y)
GNUPG_CONF_ENV += ac_cv_path__libcurl_config=$(STAGING_DIR)/usr/bin/curl-config
GNUPG_DEPENDENCIES += libcurl
else
GNUPG_CONF_OPTS += --without-libcurl
endif
ifeq ($(BR2_PACKAGE_READLINE),y)
GNUPG_DEPENDENCIES += readline
else
GNUPG_CONF_OPTS += --without-readline
endif
ifeq ($(BR2_PACKAGE_GNUPG_AES),y)
GNUPG_CONF_OPTS += --enable-aes
else
GNUPG_CONF_OPTS += --disable-aes
endif
ifeq ($(BR2_PACKAGE_GNUPG_RSA),y)
GNUPG_CONF_OPTS += --enable-rsa
else
GNUPG_CONF_OPTS += --disable-rsa
endif
ifneq ($(BR2_PACKAGE_GNUPG_GPGV),y)
define GNUPG_REMOVE_GPGV
rm -f $(TARGET_DIR)/usr/bin/gpgv
endef
GNUPG_POST_INSTALL_TARGET_HOOKS += GNUPG_REMOVE_GPGV
endif
ifneq ($(BR2_PACKAGE_GNUPG_GPGSPLIT),y)
define GNUPG_REMOVE_GPGSPLIT
rm -f $(TARGET_DIR)/usr/bin/gpgsplit
endef
GNUPG_POST_INSTALL_TARGET_HOOKS += GNUPG_REMOVE_GPGSPLIT
endif
package/gnupg: fix TAR path in gpg-zip script gnupg installs a shell script called gpg-zip, which contains a reference to the 'tar' program. Unfortunately, the location of the tar program is determined at build time, and is therefore incorrect on the target. This causes runtime issues, but also potentially leaks some host paths into the target, causing BR2_REPRODUCIBLE=y failures. gnupg has a --with-tar option, but it doesn't work properly as the implementation of the GNUPG_CHECK_USTAR m4 macro in m4/tar-ustar.m4 is incomplete: - If --with-tar is passed, AC_PATH_PROG is not called, so the TAR variable is not defined and AC_SUBST([TAR]) is not called, so the @TAR@ replacement in tools/gpg-zip.in is replaced by the empty string. - If --with-tar is passed, the check that this tar version support the ustar format is not executed, so the HAVE_USTAR automake conditional is never defined. There is unfortunately no way to determine if the target tar supports ustar or not, but since even the Busybox variant apparently does, we can probably assume all tar versions that Buildroot can build support the ustar format. Fixing this logic is a bit cumbersome, gnupg 1.4.x is not really maintained anymore and fixing the logic would require an AUTORECONF = YES. So we just opt with a very simple solution: replace TAR=something by TAR=/bin/tar, through a post-install target hook. We only do this if gpg-zip is installed, since its installation is optional. Note that the logic is still not ideal, because the installation (or not) of gpg-zip depends on whether the system/host tar has ustar format or not. Fixes the gpg-zip reproducibility issue reported in: http://autobuild.buildroot.net/results/d1c/d1c5ad34ba928edfbb5901eb936c7e4457cc9083//diffoscope-results.txt Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-12-26 23:14:36 +01:00
define GNUPG_FIXUP_GPG_ZIP
test -f $(TARGET_DIR)/usr/bin/gpg-zip && \
$(SED) 's%^TAR=.*%TAR=/bin/tar%' $(TARGET_DIR)/usr/bin/gpg-zip
endef
GNUPG_POST_INSTALL_TARGET_HOOKS += GNUPG_FIXUP_GPG_ZIP
$(eval $(autotools-package))
$(eval $(host-autotools-package))