heads/modules/gpg2
Thierry Laurion 37f04e2855
Fix key to card failing with invalid time when moving keys to smartcard on master (Opt: Authenticated Heads)
- Revert gnupg toolstack version bump to prior of  merge (2.4.2 -> 2.4.0). Version bump not needed for reproducibility.
  - Investigation and upstream discussions will take their time resolving invalid time issue introduced by between 2.4.0 and latest gnupg, fix regression first under master)

- oem-factory-reset
  - Adding DO_WITH_DEBUG to oem-factory-reset for all its gpg calls. If failing in debug mode, /tmp/debug.txt contains calls and errors
  - Wipe keyrings only (*.gpg, *.kbx)  not conf files under gpg homedir (keep initrd/.gnupg/*.conf)

- flake.nix
  - switch build derivative from qemu and qemu_kvm to qemu_full to have qemu-img tool which was missing to run qemu boards (v0.1.8 docker)
  - add gnupg so that qemu boards can call inject_gpg to inject public key in absence of flashrom+pflash support for internal flashing

- flake.lock: Updated nix pinned package list under flake.lock with 'nix flake update' so qemu_full builds

- README.md: have consistent docker testing + release (push) notes

- .circleci/config.yml: depend on docker v0.1.8 (qemu_full built with canokey-qemu lib support, diffoscopeMinimal and gnupg for proper qemu testing)

TODO:
- some fd2 instead of fd1?!
- oem-factory-resest has whiptail_or_die which sets whiptail box to HEIGHT 0. This doesn't show a scrolling window on gpg errors which is problematic with fbwhiptail, not whiptail

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-17 09:27:29 -04:00

57 lines
1.7 KiB
Makefile

modules-$(CONFIG_GPG2) += gpg2
gpg2_version := 2.4.0
gpg2_dir := gnupg-$(gpg2_version)
gpg2_tar := gnupg-$(gpg2_version).tar.bz2
gpg2_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg2_tar)
gpg2_hash := 1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
gpg2_depends := libgpg-error libgcrypt libksba libassuan npth libusb $(musl_dep)
# For reproducibility reasons we have to override the exec_prefix
# and datarootdir on the configure line so that the Makefiles will
# be generated with the correct paths, but then re-write them when
# we use the install target so that they will be copied to the correct
# location.
gpg2_configure := \
$(CROSS_TOOLS) \
CFLAGS="-Os" \
./configure \
CPPFLAGS="-I$(INSTALL)/include/libusb-1.0" \
--host $(MUSL_ARCH)-linux-musl \
--prefix "/" \
--libexecdir "/bin" \
--disable-all-tests \
--disable-bzip2 \
--disable-dirmngr \
--disable-doc \
--disable-exec \
--disable-gnutls \
--disable-gpgsm \
--disable-ldap \
--disable-libdns \
--disable-nls \
--disable-ntbtls \
--disable-photo-viewers \
--disable-rpath \
--disable-sqlite \
--disable-tofu \
--disable-wks-tools \
--disable-zip \
--enable-ccid-driver \
--enable-scdaemon \
--with-gpg-error-prefix="$(INSTALL)" \
--with-ksba-prefix="$(INSTALL)" \
--with-libassuan-prefix="$(INSTALL)" \
--with-libgcrypt-prefix="$(INSTALL)" \
--with-npth-prefix="$(INSTALL)" \
# Run one build to generate the executables with the pre-defined
# exec_prefix and datarootdir, then a second make to install the binaries
# into our actual target location
gpg2_target := $(MAKE_JOBS) \
&& $(MAKE) -C $(build)/$(gpg2_dir) \
DESTDIR="$(INSTALL)" \
install
gpg2_output := g10/gpg agent/gpg-agent scd/scdaemon