From owner-svn-ports-head@freebsd.org Tue Jan 30 12:31:07 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 37708EC7588; Tue, 30 Jan 2018 12:31:07 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DED446A4DE; Tue, 30 Jan 2018 12:31:06 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D9A481739C; Tue, 30 Jan 2018 12:31:06 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w0UCV6wT047012; Tue, 30 Jan 2018 12:31:06 GMT (envelope-from lev@FreeBSD.org) Received: (from lev@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w0UCV6sN047009; Tue, 30 Jan 2018 12:31:06 GMT (envelope-from lev@FreeBSD.org) Message-Id: <201801301231.w0UCV6sN047009@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: lev set sender to lev@FreeBSD.org using -f From: "Lev A. Serebryakov" Date: Tue, 30 Jan 2018 12:31:06 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r460383 - in head/devel/subversion: . files X-SVN-Group: ports-head X-SVN-Commit-Author: lev X-SVN-Commit-Paths: in head/devel/subversion: . files X-SVN-Commit-Revision: 460383 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2018 12:31:07 -0000 Author: lev Date: Tue Jan 30 12:31:06 2018 New Revision: 460383 URL: https://svnweb.freebsd.org/changeset/ports/460383 Log: Add optional support for gpg-agent PR: 225553 Submitted by: Peter Laursen Reported by: Peter Laursen Added: head/devel/subversion/files/patch-subversion_libsvn_subr_gpg_agent.c (contents, props changed) Modified: head/devel/subversion/Makefile head/devel/subversion/Makefile.common Modified: head/devel/subversion/Makefile ============================================================================== --- head/devel/subversion/Makefile Tue Jan 30 12:28:36 2018 (r460382) +++ head/devel/subversion/Makefile Tue Jan 30 12:31:06 2018 (r460383) @@ -1,7 +1,7 @@ # Created by: rooneg@electricjellyfish.net # $FreeBSD$ -PORTREVISION= 1 +PORTREVISION= 2 MAINTAINER= lev@FreeBSD.org COMMENT= Version control system @@ -17,6 +17,7 @@ OPTIONS_DEFINE= \ BDB \ DOCS \ FREEBSD_TEMPLATE\ + GPG_AGENT \ MAINTAINER_DEBUG\ NLS \ SASL \ @@ -30,6 +31,7 @@ OPTIONS_DEFAULT=FREEBSD_TEMPLATE \ SERF TOOLS FREEBSD_TEMPLATE_DESC= FreeBSD Project log template +GPG_AGENT_DESC= Enable GPG agent password store MAINTAINER_DEBUG_DESC= Build debug version SERF_DESC= WebDAV/Delta-V (HTTP/HTTPS) repo access module STATIC_DESC= Build static version (no shared libs) Modified: head/devel/subversion/Makefile.common ============================================================================== --- head/devel/subversion/Makefile.common Tue Jan 30 12:28:36 2018 (r460382) +++ head/devel/subversion/Makefile.common Tue Jan 30 12:31:06 2018 (r460383) @@ -52,6 +52,11 @@ SERF_CONFIGURE_OFF= --without-serf SERF_CONFIGURE_ON= --with-serf SERF_LIB_DEPENDS= libserf-1.so:www/serf +GPG_AGENT_CONFIGURE_OFF= --without-gpg-agent +GPG_AGENT_CONFIGURE_ON= --with-gpg-agent +GPG_AGENT_BUILD_DEPENDS= gpg-agent:security/gnupg +GPG_AGENT_RUN_DEPENDS= gpg-agent:security/gnupg + STATIC_CONFIGURE_ON= --enable-all-static PKG_CONFIG="${LOCALBASE}/bin/pkg-config --static" # =============================================================== Added: head/devel/subversion/files/patch-subversion_libsvn_subr_gpg_agent.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/subversion/files/patch-subversion_libsvn_subr_gpg_agent.c Tue Jan 30 12:31:06 2018 (r460383) @@ -0,0 +1,153 @@ +--- subversion/libsvn_subr/gpg_agent.c.orig 2016-11-14 04:00:09 UTC ++++ subversion/libsvn_subr/gpg_agent.c +@@ -65,9 +65,12 @@ + #include + + #include ++#include ++#include + #include "svn_auth.h" + #include "svn_config.h" + #include "svn_error.h" ++#include "svn_io.h" + #include "svn_pools.h" + #include "svn_cmdline.h" + #include "svn_checksum.h" +@@ -225,30 +228,31 @@ bye_gpg_agent(int sd) + close(sd); + } + +-/* Locate a running GPG Agent, and return an open file descriptor +- * for communication with the agent in *NEW_SD. If no running agent +- * can be found, set *NEW_SD to -1. */ +-static svn_error_t * +-find_running_gpg_agent(int *new_sd, apr_pool_t *pool) ++/* This implements a method of finding the socket which is a mix of the ++ * description from GPG 1.x's gpg-agent man page under the ++ * --use-standard-socket option and the logic from GPG 2.x's socket discovery ++ * code in common/homedir.c. ++ * ++ * The man page says the standard socket is "named 'S.gpg-agent' located ++ * in the home directory." GPG's home directory is either the directory ++ * specified by $GNUPGHOME or ~/.gnupg. GPG >= 2.1.13 will check for a ++ * socket under (/var)/run/UID/gnupg before ~/.gnupg if no environment ++ * variables are set. ++ * ++ * $GPG_AGENT_INFO takes precedence, if set, otherwise $GNUPGHOME will be ++ * used. For GPG >= 2.1.13, $GNUPGHOME will be used directly only if it ++ * refers to the canonical home -- ~/.gnupg. Otherwise, the path specified ++ * by $GNUPGHOME is hashed (SHA1 + z-base-32) and the socket is expected to ++ * be present under (/var)/run/UID/gnupg/d.HASH. This last mechanism is not ++ * yet supported here. */ ++static const char * ++find_gpg_agent_socket(apr_pool_t *result_pool, apr_pool_t *scratch_pool) + { +- char *buffer; + char *gpg_agent_info = NULL; + char *gnupghome = NULL; + const char *socket_name = NULL; +- const char *request = NULL; +- const char *p = NULL; +- char *ep = NULL; +- int sd; + +- *new_sd = -1; +- +- /* This implements the method of finding the socket as described in +- * the gpg-agent man page under the --use-standard-socket option. +- * The manage page says the standard socket is "named 'S.gpg-agent' located +- * in the home directory." GPG's home directory is either the directory +- * specified by $GNUPGHOME or ~/.gnupg. */ +- gpg_agent_info = getenv("GPG_AGENT_INFO"); +- if (gpg_agent_info != NULL) ++ if ((gpg_agent_info = getenv("GPG_AGENT_INFO")) != NULL) + { + apr_array_header_t *socket_details; + +@@ -256,25 +260,77 @@ find_running_gpg_agent(int *new_sd, apr_pool_t *pool) + * The path to the socket, the pid of the gpg-agent process and + * finally the version of the protocol the agent talks. */ + socket_details = svn_cstring_split(gpg_agent_info, ":", TRUE, +- pool); ++ scratch_pool); + socket_name = APR_ARRAY_IDX(socket_details, 0, const char *); + } + else if ((gnupghome = getenv("GNUPGHOME")) != NULL) + { +- const char *homedir = svn_dirent_canonicalize(gnupghome, pool); +- socket_name = svn_dirent_join(homedir, "S.gpg-agent", pool); ++ const char *homedir = svn_dirent_canonicalize(gnupghome, scratch_pool); ++ socket_name = svn_dirent_join(homedir, "S.gpg-agent", scratch_pool); + } + else + { +- const char *homedir = svn_user_get_homedir(pool); ++ int i = 0; ++ const char *maybe_socket[] = {NULL, NULL, NULL, NULL}; ++ const char *homedir; + +- if (!homedir) +- return SVN_NO_ERROR; ++#ifdef APR_HAS_USER ++ apr_uid_t uid; ++ apr_gid_t gid; + +- homedir = svn_dirent_canonicalize(homedir, pool); +- socket_name = svn_dirent_join_many(pool, homedir, ".gnupg", +- "S.gpg-agent", SVN_VA_NULL); ++ if (apr_uid_current(&uid, &gid, scratch_pool) == APR_SUCCESS) ++ { ++ const char *uidbuf = apr_psprintf(scratch_pool, "%lu", ++ (unsigned long)uid); ++ maybe_socket[i++] = svn_dirent_join_many(scratch_pool, "/run/user", ++ uidbuf, "gnupg", ++ "S.gpg-agent", ++ SVN_VA_NULL); ++ maybe_socket[i++] = svn_dirent_join_many(scratch_pool, ++ "/var/run/user", ++ uidbuf, "gnupg", ++ "S.gpg-agent", ++ SVN_VA_NULL); ++ } ++#endif ++ ++ homedir = svn_user_get_homedir(scratch_pool); ++ if (homedir) ++ maybe_socket[i++] = svn_dirent_join_many(scratch_pool, homedir, ++ ".gnupg", "S.gpg-agent", ++ SVN_VA_NULL); ++ ++ for (i = 0; !socket_name && maybe_socket[i]; i++) ++ { ++ apr_finfo_t finfo; ++ svn_error_t *err = svn_io_stat(&finfo, maybe_socket[i], ++ APR_FINFO_TYPE, scratch_pool); ++ if (!err && finfo.filetype == APR_SOCK) ++ socket_name = maybe_socket[i]; ++ svn_error_clear(err); ++ } + } ++ ++ if (socket_name) ++ socket_name = apr_pstrdup(result_pool, socket_name); ++ ++ return socket_name; ++} ++ ++/* Locate a running GPG Agent, and return an open file descriptor ++ * for communication with the agent in *NEW_SD. If no running agent ++ * can be found, set *NEW_SD to -1. */ ++static svn_error_t * ++find_running_gpg_agent(int *new_sd, apr_pool_t *pool) ++{ ++ char *buffer; ++ const char *socket_name = find_gpg_agent_socket(pool, pool); ++ const char *request = NULL; ++ const char *p = NULL; ++ char *ep = NULL; ++ int sd; ++ ++ *new_sd = -1; + + if (socket_name != NULL) + {