[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-11-g31649e7
by Werner Koch
cvs at cvs.gnupg.org
Tue Aug 19 12:50:11 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 31649e72fd106a990614ce3cf720640a841ba722 (commit)
via 4fc1c712e986f280057b1bce7ca4696ba6d95dfc (commit)
from e5da80bc1888bf8801e69c9ff99f7f47550f7a09 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 31649e72fd106a990614ce3cf720640a841ba722
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 19 12:49:45 2014 +0200
speedo: Get version numbers from online database.
* build-aux/getswdb.sh: New.
* build-aux/speedo.mk: Get release version numbers from swdb.lst.
--
This should make maintaining GnuPG installations easier. Running
make -f /foo/gnupg/build-aux/speedo.mk TARGETOS=native WHAT=release
downloads all GnuPG related packages and builds them. The gnupg
directory may be a GIT checkout but in that case please run
./autogen.sh on it first. Note that currently swdb.lst is always
downloaded from gnupg.org and thus monitoring the network or the gnupg
machine reveal information on who is currently building GnuPG. If
there is an easy way to detect that TOR is enabled this can be changed
to directly download from the GnuPG hidden service.
diff --git a/.gitignore b/.gitignore
index 5a51f9f..a525f14 100644
--- a/.gitignore
+++ b/.gitignore
@@ -158,3 +158,5 @@ tools/gpgtar
private-keys-v1.d/
x.parm
/VERSION
+/swdb.lst
+/swdb.lst.sig
diff --git a/build-aux/getswdb.sh b/build-aux/getswdb.sh
new file mode 100755
index 0000000..aa889ee
--- /dev/null
+++ b/build-aux/getswdb.sh
@@ -0,0 +1,121 @@
+#!/bin/sh
+# Get the online version of the GnuPG software version database
+# Copyright (C) 2014 Werner Koch
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# The URL of the file to retrieve.
+urlbase="https://www.gnupg.org/"
+
+WGET=wget
+GPGV=gpgv
+
+srcdir=$(dirname "$0")
+distsigkey="$srcdir/../g10/distsigkey.gpg"
+
+# Convert a 3 part version number it a numeric value.
+cvtver () {
+ awk 'NR==1 {split($NF,A,".");X=1000000*A[1]+1000*A[2]+A[3];print X;exit 0}'
+}
+
+# Prints usage information.
+usage()
+{
+ cat <<EOF
+Usage: $(basename $0) [OPTIONS]
+Get the online version of the GnuPG software version database
+Options:
+ --skip-download Assume download has already been done.
+ --help Print this help.
+EOF
+ exit $1
+}
+
+#
+# Parse options
+#
+skip_download=no
+while test $# -gt 0; do
+ case "$1" in
+ # Set up `optarg'.
+ --*=*)
+ optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'`
+ ;;
+ *)
+ optarg=""
+ ;;
+ esac
+
+ case $1 in
+ --help|-h)
+ usage 0
+ ;;
+ --skip-download)
+ skip_download=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+# Get GnuPG version from VERSIOn file. For a GIT checkout this means
+# that ./autogen.sh must have been run first. For a regular tarball
+# VERSION is always available.
+if [ ! -f "$srcdir/../VERSION" ]; then
+ echo "VERSION file missing - run autogen.sh first." >&2
+ exit 1
+fi
+version=$(cat "$srcdir/../VERSION")
+version_num=$(echo "$version" | cvtver)
+
+#
+# Download the list and verify.
+#
+if [ $skip_download = yes ]; then
+ if [ ! -f swdb.lst ]; then
+ echo "swdb.lst is missing." >&2
+ exit 1
+ fi
+ if [ ! -f swdb.lst.sig ]; then
+ echo "swdb.lst.sig is missing." >&2
+ exit 1
+ fi
+else
+ if ! $WGET -q -O swdb.lst "$urlbase/swdb.lst" ; then
+ echo "download of swdb.lst failed." >&2
+ exit 1
+ fi
+ if ! $WGET -q -O swdb.lst.sig "$urlbase/swdb.lst.sig" ; then
+ echo "download of swdb.lst.sig failed." >&2
+ exit 1
+ fi
+fi
+if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then
+ echo "list of software versions is not valid!" >&2
+ exit 1
+fi
+
+#
+# Check that the online version of GnuPG is not less than this version
+# to help detect rollback attacks.
+#
+gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst)
+if [ -z "$gnupg_ver" ]; then
+ echo "GnuPG 2.1 version missing in swdb.lst!" >&2
+ exit 1
+fi
+gnupg_ver_num=$(echo "$gnupg_ver" | cvtver)
+if [ $(( $gnupg_ver_num >= $version_num )) = 0 ]; then
+ echo "GnuPG version in swdb.lst is less than this version!" >&2
+ echo " This version: $version" >&2
+ echo " SWDB version: $gnupg_ver" >&2
+ exit 1
+fi
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 4f0751f..69af39c 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -64,6 +64,21 @@ MAKE_J=3
# Name to use for the w32 installer and sources
INST_NAME=gnupg-w32
+
+# Directory names.
+# They must be absolute, as we switch directories pretty often.
+root := $(shell pwd)/PLAY
+sdir := $(root)/src
+bdir := $(root)/build
+bdir6:= $(root)/build-w64
+idir := $(root)/inst
+idir6:= $(root)/inst-w64
+stampdir := $(root)/stamps
+topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
+auxsrc := $(topsrc)/build-aux/speedo
+patdir := $(topsrc)/build-aux/speedo/patches
+w32src := $(topsrc)/build-aux/speedo/w32
+
# =====BEGIN LIST OF PACKAGES=====
# The packages that should be built. The order is also the build order.
# Fixme: Do we need to build pkg-config for cross-building?
@@ -118,17 +133,34 @@ speedo_gnupg_style = \
speedo_make_only_style = \
zlib
+# Get the content of the software DB.
+SWDB := $(shell $(topsrc)/build-aux/getswdb.sh && echo okay)
+ifeq ($(strip $(SWDB)),)
+$(error Error getting GnuPG software version database)
+endif
+
# Version numbers of the released packages
-# Fixme: Take the version numbers from gnupg-doc/web/swdb.mac
-libgpg_error_ver = 1.13
-npth_ver = 0.91
-libgcrypt_ver = 1.6.1
-libassuan_ver = 2.1.1
-libksba_ver = 1.3.0
-gpgme_ver = 1.5.0
-pinentry_ver = 0.8.4
-gpa_ver = 0.9.5
-gpgex_ver = 1.0.0
+gnupg_ver = $(shell cat $(topsrc)/VERSION)
+libgpg_error_ver = $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst)
+npth_ver = $(shell awk '$$1=="npth_ver" {print $$2}' swdb.lst)
+libgcrypt_ver = $(shell awk '$$1=="libgcrypt_ver" {print $$2}' swdb.lst)
+libassuan_ver = $(shell awk '$$1=="libassuan_ver" {print $$2}' swdb.lst)
+libksba_ver = $(shell awk '$$1=="libksba_ver" {print $$2}' swdb.lst)
+gpgme_ver = $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst)
+pinentry_ver = $(shell awk '$$1=="pinentry_ver" {print $$2}' swdb.lst)
+gpa_ver = $(shell awk '$$1=="gpa_ver" {print $$2}' swdb.lst)
+gpgex_ver = $(shell awk '$$1=="gpgex_ver" {print $$2}' swdb.lst)
+
+$(info Information from the version database)
+$(info GnuPG ..........: $(gnupg_ver))
+$(info Libgpg-error ...: $(libgpg_error_ver))
+$(info Npth ...........: $(npth_ver))
+$(info Libgcrypt ......: $(libgcrypt_ver))
+$(info Libassuan ......: $(libassuan_ver))
+$(info GPGME ..........: $(gpgme_ver))
+$(info Pinentry .......: $(pinentry_ver))
+$(info GPA ............: $(gpa_ver))
+$(info GpgEX.... ......: $(gpgex_ver))
# Version number for external packages
@@ -397,19 +429,6 @@ MKDIR=mkdir
MAKENSIS=makensis
BUILD_ISODATE=$(shell date -u +%Y-%m-%d)
-# These paths must be absolute, as we switch directories pretty often.
-root := $(shell pwd)/PLAY
-sdir := $(root)/src
-bdir := $(root)/build
-bdir6:= $(root)/build-w64
-idir := $(root)/inst
-idir6:= $(root)/inst-w64
-stampdir := $(root)/stamps
-topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
-auxsrc := $(topsrc)/build-aux/speedo
-patdir := $(topsrc)/build-aux/speedo/patches
-w32src := $(topsrc)/build-aux/speedo/w32
-
# The next two macros will work only after gnupg has been build.
INST_VERSION=$(shell head -1 $(idir)/INST_VERSION)
INST_PROD_VERSION=$(shell head -1 $(idir)/INST_PROD_VERSION)
commit 4fc1c712e986f280057b1bce7ca4696ba6d95dfc
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 19 11:12:26 2014 +0200
build: Create VERSION file via autoconf.
* Makefile.am (dist-hook): Remove creation of VERSION.
(EXTRA_DIST): Add VERSION.
* configure.ac: Let autoconf create VERSION.
diff --git a/.gitignore b/.gitignore
index 5fc934a..5a51f9f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -157,3 +157,4 @@ tools/watchgnupg
tools/gpgtar
private-keys-v1.d/
x.parm
+/VERSION
diff --git a/Makefile.am b/Makefile.am
index 2d07ad2..89e2077 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -25,7 +25,7 @@ GITLOG_TO_CHANGELOG=gitlog-to-changelog
EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc
ChangeLog-2011 po/ChangeLog-2011 build-aux/ChangeLog-2011 \
- build-aux/gitlog-to-changelog \
+ VERSION build-aux/gitlog-to-changelog \
build-aux/git-log-fix build-aux/git-log-footer \
build-aux/speedo.mk README.GIT
@@ -93,7 +93,6 @@ dist_doc_DATA = README
dist-hook: gen-ChangeLog
- echo "$(VERSION)" > $(distdir)/VERSION
if HAVE_W32_SYSTEM
install-data-hook:
diff --git a/configure.ac b/configure.ac
index 02e02bb..ec259c3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,7 +47,7 @@ m4_define([mym4_isbeta], m4_argn(2, mym4_verslist))
m4_define([mym4_version], m4_argn(4, mym4_verslist))
m4_define([mym4_revision], m4_argn(7, mym4_verslist))
m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
-
+m4_esyscmd([echo ]mym4_version[>VERSION])
AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org])
NEED_GPG_ERROR_VERSION=1.13
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 3 ++
Makefile.am | 3 +-
build-aux/getswdb.sh | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++
build-aux/speedo.mk | 65 +++++++++++++++++----------
configure.ac | 2 +-
5 files changed, 168 insertions(+), 26 deletions(-)
create mode 100755 build-aux/getswdb.sh
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list