Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gnupg24: add freepg patches #368275

Merged
merged 1 commit into from
Jan 5, 2025
Merged

gnupg24: add freepg patches #368275

merged 1 commit into from
Jan 5, 2025
+25 −316

Conversation

stigtsp
Copy link
Member

@stigtsp stigtsp commented Dec 26, 2024
edited
Loading

Add patches to GnuPG 2.4 from FreePG, a common resource for GnuPG downstream packagers to track, maintain, and apply commonly-used patches for GnuPG that have been refused by upstream.

The purpose of adding these patches to nixpkgs is to ensure compatibility with other OpenPGP tools.

https://gitlab.com/freepg/gnupg/

Arch Linux is also doing the same:
https://gitlab.archlinux.org/archlinux/packaging/packages/gnupg/-/merge_requests/8

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@ofborg ofborg bot requested a review from fpletz December 26, 2024 09:58
@stigtsp stigtsp changed the base branch from master to staging December 26, 2024 16:49
@ofborg ofborg bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Dec 26, 2024
@stigtsp stigtsp force-pushed the gnupg-freepg branch 2 times, most recently from ca54d44 to 7ac027e Compare December 29, 2024 18:02
@fpletz fpletz removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Dec 29, 2024
fpletz
fpletz approved these changes Dec 29, 2024
View reviewed changes
Copy link
Member

@fpletz fpletz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't tested this yet but 👍 on introducing the freepg patches.

@stigtsp
gnupg24: add freepg patches
0d7cdd8 
Add patches to GnuPG 2.4 from FreePG, a common resource for GnuPG
downstream packagers to track, maintain, and apply commonly-used patches
for GnuPG that have been refused by upstream.

The purpose of adding these patches to nixpkgs is to ensure
compatibility with other OpenPGP tools.

https://gitlab.com/freepg/gnupg/
@stigtsp stigtsp marked this pull request as ready for review December 29, 2024 18:39
@ofborg ofborg bot requested a review from fpletz December 30, 2024 02:46
emilazy
emilazy approved these changes Jan 5, 2025
View reviewed changes
Copy link
Member

@emilazy emilazy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sad that this is necessary, but I agree that it’s a good idea. I’ve confirmed the build on x86_64-darwin (rebased on top of master). Two non‐blocking comments for the future.

pkgs/tools/security/gnupg/24.nix
domain = "gitlab.com";
owner = "freepg";
repo = "gnupg";
rev = "541772915dc4ec832c37f85bc629a22051f0e8f7";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Upstream have tags corresponding to GnuPG releases; it would be nice if we could convince them to also tag the branch with the patch files in them in future. Or we could just source directly from their patched tags.

pkgs/tools/security/gnupg/24.nix
Comment on lines +86 to +94
"0002-gpg-accept-subkeys-with-a-good-revocation-but-no-sel.patch"
"0003-gpg-allow-import-of-previously-known-keys-even-witho.patch"
"0004-tests-add-test-cases-for-import-without-uid.patch"
"0005-gpg-drop-import-clean-from-default-keyserver-import-.patch"
"0006-Do-not-use-OCB-mode-even-if-AEAD-OCB-key-preference-.patch"
"0007-Revert-the-introduction-of-the-RFC4880bis-draft-into.patch"
"0008-avoid-systemd-deprecation-warning.patch"
"0009-Add-systemd-support-for-keyboxd.patch"
"0010-doc-Remove-profile-and-systemd-example-files.patch"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don’t know if globs work here, but if not perhaps we could do it manually in postPatch instead, to ensure that we never miss a new patch.

@emilazy emilazy merged commit 093ec45 into NixOS:staging Jan 5, 2025
78 of 79 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emilazy emilazy emilazy approved these changes

@fpletz fpletz Awaiting requested review from fpletz

Assignees
No one assigned
Labels
10.rebuild-darwin: 501-1000 10.rebuild-darwin: 501+ 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 11.by: package-maintainer This PR was created by the maintainer of the package it changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stigtsp @fpletz @emilazy