Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Nov 2014 23:36:54 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 195459] New: security/gnupg missing TLS support after 2.1 update
Message-ID:  <bug-195459-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195459

            Bug ID: 195459
           Summary: security/gnupg missing TLS support after 2.1 update
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: kuriyama@FreeBSD.org
          Reporter: freebsd@phil.spodhuis.org
          Assignee: kuriyama@FreeBSD.org
             Flags: maintainer-feedback?(kuriyama@FreeBSD.org)

Created attachment 149946
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=149946&action=edit
patch gnupg port to enable TLS

With the move of GnuPG to version 2.1, TLS support for key retrieval is no
longer coming from libcurl, but instead from direct support in dirmngr.  The
codebase supports two TLS provides, "Not Too Bad TLS" (ntbtls) from the GnuPG
maintainers, and GnuTLS.

Currently the FreeBSD packaging of 2.1 constitutes a feature regression, as
neither of these is enabled, so hkps:// keyserver URLs no longer work.

The attached patch adds a GNUTLS option to the port, sets it on by default,
enables the use of pkg-config (so that the presence can be picked up) and adds
a comment noting the alternative TLS provider option, suggesting that patches
to support that in Ports are welcome -- slightly presumptuous of me, but I
decided that it's easy enough to remove whatever of that new text is unwelcome.

I built the resulting port with Poudriere locally and I can now access hkps://
keyservers (after updating ~/.gnupg/dirmngr.conf to set trust anchors).

I took PORTREVISION to 3 because for me, 2 was when I had everything _except_
the USES flag fixed, so still wasn't working; I'm not familiar enough with
ports policy to know whether this is okay, or if it will be set to 2 and it's
on me to just force-downgrade locally.  No harm in asking for it to be 3.  :^)

Thanks,
-Phil

--- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> ---
Auto-assigned to maintainer kuriyama@FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-195459-13>