From 9664bee729d487bcc0a0bc35859f8e13d5421c75 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Wed, 26 Sep 2012 01:10:42 +0000 Subject: Slackware 14.0 Wed Sep 26 01:10:42 UTC 2012 Slackware 14.0 x86_64 stable is released! We're perfectionists here at Slackware, so this release has been a long time a-brewing. But we think you'll agree that it was worth the wait. Slackware 14.0 combines modern components, ease of use, and flexible configuration... our "KISS" philosophy demands it. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Thanks to everyone who helped make this happen. The Slackware team, the upstream developers, and (of course) the awesome Slackware user community. Have fun! :-) --- source/l/gnome-keyring/doinst.sh | 1 + source/l/gnome-keyring/gnome-keyring.SlackBuild | 117 +++++++++++++++++++++ .../gpg-agent-Hook-up-the-TTL-cache-option.patch | 98 +++++++++++++++++ ...a-Update-description-for-gpg-cache-method.patch | 30 ++++++ ...ore-Mark-a-secret-item-as-used-when-acces.patch | 26 +++++ source/l/gnome-keyring/slack-desc | 19 ++++ 6 files changed, 291 insertions(+) create mode 100644 source/l/gnome-keyring/doinst.sh create mode 100755 source/l/gnome-keyring/gnome-keyring.SlackBuild create mode 100644 source/l/gnome-keyring/gpg-agent-Hook-up-the-TTL-cache-option.patch create mode 100644 source/l/gnome-keyring/schema-Update-description-for-gpg-cache-method.patch create mode 100644 source/l/gnome-keyring/secret-store-Mark-a-secret-item-as-used-when-acces.patch create mode 100644 source/l/gnome-keyring/slack-desc (limited to 'source/l/gnome-keyring') diff --git a/source/l/gnome-keyring/doinst.sh b/source/l/gnome-keyring/doinst.sh new file mode 100644 index 00000000..c64347e9 --- /dev/null +++ b/source/l/gnome-keyring/doinst.sh @@ -0,0 +1 @@ +chroot . /usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas/ 2>/dev/null diff --git a/source/l/gnome-keyring/gnome-keyring.SlackBuild b/source/l/gnome-keyring/gnome-keyring.SlackBuild new file mode 100755 index 00000000..81bc47ab --- /dev/null +++ b/source/l/gnome-keyring/gnome-keyring.SlackBuild @@ -0,0 +1,117 @@ +#!/bin/sh + +# Slackware build script for gnome-keyring + +# Copyright 2010, 2011 Robby Workman, Northport, Alabama, USA +# Copyright 2012 Patrick J. Volkerding, Sebeka, MN, USA +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PKGNAM=gnome-keyring +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-2} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.xz || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +# Fix improper passphrase caching. +# http://www.openwall.com/lists/oss-security/2012/08/09/2 +zcat $CWD/gpg-agent-Hook-up-the-TTL-cache-option.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/schema-Update-description-for-gpg-cache-method.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/secret-store-Mark-a-secret-item-as-used-when-acces.patch.gz | patch -p1 --verbose || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --disable-static \ + --enable-shared \ + --enable-nls \ + --disable-debug \ + --enable-ssh-agent \ + --with-root-certs=/etc/ssl/certs \ + --with-pam-dir=/lib/security \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +mkdir -p $PKG/etc/gconf/gconf.xml.defaults + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION +cp -a \ + AUTHORS README* COPYING* HACKING INSTALL NEWS \ + $PKG/usr/doc/$PKGNAM-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -p -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/source/l/gnome-keyring/gpg-agent-Hook-up-the-TTL-cache-option.patch b/source/l/gnome-keyring/gpg-agent-Hook-up-the-TTL-cache-option.patch new file mode 100644 index 00000000..c1298f75 --- /dev/null +++ b/source/l/gnome-keyring/gpg-agent-Hook-up-the-TTL-cache-option.patch @@ -0,0 +1,98 @@ +From 7b65bf04737167fae6b0204d6524215550fcc079 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Wed, 8 Aug 2012 06:06:58 +0200 +Subject: [PATCH] gpg-agent: Hook up the TTL cache option + + * So that when the gsettings gpg-cache-method is 'idle' or 'timeout' + we use gpg-cache-ttl to control how long the passphrase is cached + for. + * This is a regression from 3.3.x + +https://bugzilla.gnome.org/show_bug.cgi?id=681081 +--- + daemon/gpg-agent/gkd-gpg-agent-ops.c | 40 ++++++++++++++++++++++-------------- + 1 file changed, 25 insertions(+), 15 deletions(-) + +diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c +index a1a21ff..e1c188d 100644 +--- a/daemon/gpg-agent/gkd-gpg-agent-ops.c ++++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c +@@ -323,17 +323,6 @@ load_unlock_options (GcrPrompt *prompt) + g_free (method); + } + +-static void +-save_unlock_options (GcrPrompt *prompt) +-{ +- GSettings *settings; +- +- settings = gkd_gpg_agent_settings (); +- +- if (gcr_prompt_get_choice_chosen (prompt)) +- g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS); +-} +- + static GcrPrompt * + open_password_prompt (GckSession *session, + const gchar *keyid, +@@ -406,11 +395,14 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg, + const gchar *prompt_text, const gchar *description, gboolean confirm) + { + GckBuilder builder = GCK_BUILDER_INIT; ++ GSettings *settings; + GckAttributes *attrs; + gchar *password = NULL; + GcrPrompt *prompt; + gboolean chosen; + GError *error = NULL; ++ gint lifetime; ++ gchar *method; + + g_assert (GCK_IS_SESSION (session)); + +@@ -431,21 +423,39 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg, + } + + if (password != NULL && keyid != NULL) { ++ settings = gkd_gpg_agent_settings (); + + /* Load up the save options */ + chosen = gcr_prompt_get_choice_chosen (prompt); + +- if (chosen) ++ if (chosen) { ++ g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS); + gck_builder_add_string (&builder, CKA_G_COLLECTION, "login"); +- else ++ ++ } else { ++ method = g_settings_get_string (settings, "gpg-cache-method"); ++ lifetime = g_settings_get_int (settings, "gpg-cache-ttl"); ++ ++ if (g_strcmp0 (method, GCR_UNLOCK_OPTION_IDLE) == 0) { ++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE); ++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_IDLE, lifetime); ++ ++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_TIMEOUT) == 0) { ++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE); ++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_AFTER, lifetime); ++ ++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_SESSION)){ ++ g_message ("Unsupported gpg-cache-method setting: %s", method); ++ } ++ + gck_builder_add_string (&builder, CKA_G_COLLECTION, "session"); ++ g_free (method); ++ } + + /* Now actually save the password */ + attrs = gck_attributes_ref_sink (gck_builder_end (&builder)); + do_save_password (session, keyid, description, password, attrs); + gck_attributes_unref (attrs); +- +- save_unlock_options (prompt); + } + + g_clear_object (&prompt); +-- +1.7.11.2 \ No newline at end of file diff --git a/source/l/gnome-keyring/schema-Update-description-for-gpg-cache-method.patch b/source/l/gnome-keyring/schema-Update-description-for-gpg-cache-method.patch new file mode 100644 index 00000000..12b6fb2d --- /dev/null +++ b/source/l/gnome-keyring/schema-Update-description-for-gpg-cache-method.patch @@ -0,0 +1,30 @@ +From 6387fb065d5ea16c777a0aee05b22c3cc6a0f73c Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Wed, 8 Aug 2012 06:06:24 +0200 +Subject: [PATCH] schema: Update description for gpg-cache-method + + * Document the various method strings that can be present here + +https://bugzilla.gnome.org/show_bug.cgi?id=681081 +--- + schema/org.gnome.crypto.cache.gschema.xml | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/schema/org.gnome.crypto.cache.gschema.xml b/schema/org.gnome.crypto.cache.gschema.xml +index 9a431eb..4547399 100644 +--- a/schema/org.gnome.crypto.cache.gschema.xml ++++ b/schema/org.gnome.crypto.cache.gschema.xml +@@ -3,7 +3,10 @@ + + 'session' + Cache Method +- The method to use for caching passphrases typed into the GPG agent. ++ The method to use for caching passphrases typed into the GPG agent. ++ Should be one of: 'always' caches permanently, 'session' caches until session end, ++ 'idle' caches until the not used for gpg-cache-ttl seconds, 'timeout' caches until ++ gpg-cache-ttl seconds. + + + 300 +-- +1.7.11.2 \ No newline at end of file diff --git a/source/l/gnome-keyring/secret-store-Mark-a-secret-item-as-used-when-acces.patch b/source/l/gnome-keyring/secret-store-Mark-a-secret-item-as-used-when-acces.patch new file mode 100644 index 00000000..1785b0cd --- /dev/null +++ b/source/l/gnome-keyring/secret-store-Mark-a-secret-item-as-used-when-acces.patch @@ -0,0 +1,26 @@ +From d96c49f0bf1710b69a354f4bdebf6b53bf5cb0bc Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Wed, 8 Aug 2012 15:08:22 +0200 +Subject: [PATCH] secret-store: Mark a secret item as 'used' when accessed + + * This makes the gpg-agent idle feature work correctly + +https://bugzilla.gnome.org/show_bug.cgi?id=681081 +--- + pkcs11/secret-store/gkm-secret-item.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pkcs11/secret-store/gkm-secret-item.c b/pkcs11/secret-store/gkm-secret-item.c +index 35698da..d7cbdb3 100644 +--- a/pkcs11/secret-store/gkm-secret-item.c ++++ b/pkcs11/secret-store/gkm-secret-item.c +@@ -224,6 +224,7 @@ gkm_secret_item_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATT + identifier = gkm_secret_object_get_identifier (GKM_SECRET_OBJECT (self)); + secret = gkm_secret_data_get_raw (sdata, identifier, &n_secret); + rv = gkm_attribute_set_data (attr, secret, n_secret); ++ gkm_object_mark_used (base); + g_object_unref (sdata); + return rv; + +-- +1.7.11.2 \ No newline at end of file diff --git a/source/l/gnome-keyring/slack-desc b/source/l/gnome-keyring/slack-desc new file mode 100644 index 00000000..33e06ef9 --- /dev/null +++ b/source/l/gnome-keyring/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +gnome-keyring: GNOME Keyring (a tool to handle security credentials) +gnome-keyring: +gnome-keyring: GNOME Keyring is a program designed to take care of the user's +gnome-keyring: security credentials, such as user names and passwords, in an +gnome-keyring: easy to access manner. The keyring is implemented as a daemon +gnome-keyring: and uses the process name gnome-keyring-daemon. +gnome-keyring: +gnome-keyring: +gnome-keyring: +gnome-keyring: +gnome-keyring: -- cgit v1.2.3