svn commit: r460383 - in head/devel/subversion: . files
Lev A. Serebryakov
lev at FreeBSD.org
Tue Jan 30 12:31:07 UTC 2018
Author: lev
Date: Tue Jan 30 12:31:06 2018
New Revision: 460383
URL: https://svnweb.freebsd.org/changeset/ports/460383
Log:
Add optional support for gpg-agent
PR: 225553
Submitted by: Peter Laursen <plaursen at kobalt.dk>
Reported by: Peter Laursen <plaursen at kobalt.dk>
Added:
head/devel/subversion/files/patch-subversion_libsvn_subr_gpg_agent.c (contents, props changed)
Modified:
head/devel/subversion/Makefile
head/devel/subversion/Makefile.common
Modified: head/devel/subversion/Makefile
==============================================================================
--- head/devel/subversion/Makefile Tue Jan 30 12:28:36 2018 (r460382)
+++ head/devel/subversion/Makefile Tue Jan 30 12:31:06 2018 (r460383)
@@ -1,7 +1,7 @@
# Created by: rooneg at electricjellyfish.net
# $FreeBSD$
-PORTREVISION= 1
+PORTREVISION= 2
MAINTAINER= lev at FreeBSD.org
COMMENT= Version control system
@@ -17,6 +17,7 @@ OPTIONS_DEFINE= \
BDB \
DOCS \
FREEBSD_TEMPLATE\
+ GPG_AGENT \
MAINTAINER_DEBUG\
NLS \
SASL \
@@ -30,6 +31,7 @@ OPTIONS_DEFAULT=FREEBSD_TEMPLATE \
SERF TOOLS
FREEBSD_TEMPLATE_DESC= FreeBSD Project log template
+GPG_AGENT_DESC= Enable GPG agent password store
MAINTAINER_DEBUG_DESC= Build debug version
SERF_DESC= WebDAV/Delta-V (HTTP/HTTPS) repo access module
STATIC_DESC= Build static version (no shared libs)
Modified: head/devel/subversion/Makefile.common
==============================================================================
--- head/devel/subversion/Makefile.common Tue Jan 30 12:28:36 2018 (r460382)
+++ head/devel/subversion/Makefile.common Tue Jan 30 12:31:06 2018 (r460383)
@@ -52,6 +52,11 @@ SERF_CONFIGURE_OFF= --without-serf
SERF_CONFIGURE_ON= --with-serf
SERF_LIB_DEPENDS= libserf-1.so:www/serf
+GPG_AGENT_CONFIGURE_OFF= --without-gpg-agent
+GPG_AGENT_CONFIGURE_ON= --with-gpg-agent
+GPG_AGENT_BUILD_DEPENDS= gpg-agent:security/gnupg
+GPG_AGENT_RUN_DEPENDS= gpg-agent:security/gnupg
+
STATIC_CONFIGURE_ON= --enable-all-static PKG_CONFIG="${LOCALBASE}/bin/pkg-config --static"
# ===============================================================
Added: head/devel/subversion/files/patch-subversion_libsvn_subr_gpg_agent.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/subversion/files/patch-subversion_libsvn_subr_gpg_agent.c Tue Jan 30 12:31:06 2018 (r460383)
@@ -0,0 +1,153 @@
+--- subversion/libsvn_subr/gpg_agent.c.orig 2016-11-14 04:00:09 UTC
++++ subversion/libsvn_subr/gpg_agent.c
+@@ -65,9 +65,12 @@
+ #include <sys/un.h>
+
+ #include <apr_pools.h>
++#include <apr_strings.h>
++#include <apr_user.h>
+ #include "svn_auth.h"
+ #include "svn_config.h"
+ #include "svn_error.h"
++#include "svn_io.h"
+ #include "svn_pools.h"
+ #include "svn_cmdline.h"
+ #include "svn_checksum.h"
+@@ -225,30 +228,31 @@ bye_gpg_agent(int sd)
+ close(sd);
+ }
+
+-/* Locate a running GPG Agent, and return an open file descriptor
+- * for communication with the agent in *NEW_SD. If no running agent
+- * can be found, set *NEW_SD to -1. */
+-static svn_error_t *
+-find_running_gpg_agent(int *new_sd, apr_pool_t *pool)
++/* This implements a method of finding the socket which is a mix of the
++ * description from GPG 1.x's gpg-agent man page under the
++ * --use-standard-socket option and the logic from GPG 2.x's socket discovery
++ * code in common/homedir.c.
++ *
++ * The man page says the standard socket is "named 'S.gpg-agent' located
++ * in the home directory." GPG's home directory is either the directory
++ * specified by $GNUPGHOME or ~/.gnupg. GPG >= 2.1.13 will check for a
++ * socket under (/var)/run/UID/gnupg before ~/.gnupg if no environment
++ * variables are set.
++ *
++ * $GPG_AGENT_INFO takes precedence, if set, otherwise $GNUPGHOME will be
++ * used. For GPG >= 2.1.13, $GNUPGHOME will be used directly only if it
++ * refers to the canonical home -- ~/.gnupg. Otherwise, the path specified
++ * by $GNUPGHOME is hashed (SHA1 + z-base-32) and the socket is expected to
++ * be present under (/var)/run/UID/gnupg/d.HASH. This last mechanism is not
++ * yet supported here. */
++static const char *
++find_gpg_agent_socket(apr_pool_t *result_pool, apr_pool_t *scratch_pool)
+ {
+- char *buffer;
+ char *gpg_agent_info = NULL;
+ char *gnupghome = NULL;
+ const char *socket_name = NULL;
+- const char *request = NULL;
+- const char *p = NULL;
+- char *ep = NULL;
+- int sd;
+
+- *new_sd = -1;
+-
+- /* This implements the method of finding the socket as described in
+- * the gpg-agent man page under the --use-standard-socket option.
+- * The manage page says the standard socket is "named 'S.gpg-agent' located
+- * in the home directory." GPG's home directory is either the directory
+- * specified by $GNUPGHOME or ~/.gnupg. */
+- gpg_agent_info = getenv("GPG_AGENT_INFO");
+- if (gpg_agent_info != NULL)
++ if ((gpg_agent_info = getenv("GPG_AGENT_INFO")) != NULL)
+ {
+ apr_array_header_t *socket_details;
+
+@@ -256,25 +260,77 @@ find_running_gpg_agent(int *new_sd, apr_pool_t *pool)
+ * The path to the socket, the pid of the gpg-agent process and
+ * finally the version of the protocol the agent talks. */
+ socket_details = svn_cstring_split(gpg_agent_info, ":", TRUE,
+- pool);
++ scratch_pool);
+ socket_name = APR_ARRAY_IDX(socket_details, 0, const char *);
+ }
+ else if ((gnupghome = getenv("GNUPGHOME")) != NULL)
+ {
+- const char *homedir = svn_dirent_canonicalize(gnupghome, pool);
+- socket_name = svn_dirent_join(homedir, "S.gpg-agent", pool);
++ const char *homedir = svn_dirent_canonicalize(gnupghome, scratch_pool);
++ socket_name = svn_dirent_join(homedir, "S.gpg-agent", scratch_pool);
+ }
+ else
+ {
+- const char *homedir = svn_user_get_homedir(pool);
++ int i = 0;
++ const char *maybe_socket[] = {NULL, NULL, NULL, NULL};
++ const char *homedir;
+
+- if (!homedir)
+- return SVN_NO_ERROR;
++#ifdef APR_HAS_USER
++ apr_uid_t uid;
++ apr_gid_t gid;
+
+- homedir = svn_dirent_canonicalize(homedir, pool);
+- socket_name = svn_dirent_join_many(pool, homedir, ".gnupg",
+- "S.gpg-agent", SVN_VA_NULL);
++ if (apr_uid_current(&uid, &gid, scratch_pool) == APR_SUCCESS)
++ {
++ const char *uidbuf = apr_psprintf(scratch_pool, "%lu",
++ (unsigned long)uid);
++ maybe_socket[i++] = svn_dirent_join_many(scratch_pool, "/run/user",
++ uidbuf, "gnupg",
++ "S.gpg-agent",
++ SVN_VA_NULL);
++ maybe_socket[i++] = svn_dirent_join_many(scratch_pool,
++ "/var/run/user",
++ uidbuf, "gnupg",
++ "S.gpg-agent",
++ SVN_VA_NULL);
++ }
++#endif
++
++ homedir = svn_user_get_homedir(scratch_pool);
++ if (homedir)
++ maybe_socket[i++] = svn_dirent_join_many(scratch_pool, homedir,
++ ".gnupg", "S.gpg-agent",
++ SVN_VA_NULL);
++
++ for (i = 0; !socket_name && maybe_socket[i]; i++)
++ {
++ apr_finfo_t finfo;
++ svn_error_t *err = svn_io_stat(&finfo, maybe_socket[i],
++ APR_FINFO_TYPE, scratch_pool);
++ if (!err && finfo.filetype == APR_SOCK)
++ socket_name = maybe_socket[i];
++ svn_error_clear(err);
++ }
+ }
++
++ if (socket_name)
++ socket_name = apr_pstrdup(result_pool, socket_name);
++
++ return socket_name;
++}
++
++/* Locate a running GPG Agent, and return an open file descriptor
++ * for communication with the agent in *NEW_SD. If no running agent
++ * can be found, set *NEW_SD to -1. */
++static svn_error_t *
++find_running_gpg_agent(int *new_sd, apr_pool_t *pool)
++{
++ char *buffer;
++ const char *socket_name = find_gpg_agent_socket(pool, pool);
++ const char *request = NULL;
++ const char *p = NULL;
++ char *ep = NULL;
++ int sd;
++
++ *new_sd = -1;
+
+ if (socket_name != NULL)
+ {
More information about the svn-ports-all
mailing list