mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-21 10:09:57 +01:00
speedo: Get version numbers from online database.
* build-aux/getswdb.sh: New. * build-aux/speedo.mk: Get release version numbers from swdb.lst. -- This should make maintaining GnuPG installations easier. Running make -f /foo/gnupg/build-aux/speedo.mk TARGETOS=native WHAT=release downloads all GnuPG related packages and builds them. The gnupg directory may be a GIT checkout but in that case please run ./autogen.sh on it first. Note that currently swdb.lst is always downloaded from gnupg.org and thus monitoring the network or the gnupg machine reveal information on who is currently building GnuPG. If there is an easy way to detect that TOR is enabled this can be changed to directly download from the GnuPG hidden service.
This commit is contained in:
parent
4fc1c712e9
commit
31649e72fd
2
.gitignore
vendored
2
.gitignore
vendored
@ -158,3 +158,5 @@ tools/gpgtar
|
||||
private-keys-v1.d/
|
||||
x.parm
|
||||
/VERSION
|
||||
/swdb.lst
|
||||
/swdb.lst.sig
|
||||
|
121
build-aux/getswdb.sh
Executable file
121
build-aux/getswdb.sh
Executable file
@ -0,0 +1,121 @@
|
||||
#!/bin/sh
|
||||
# Get the online version of the GnuPG software version database
|
||||
# Copyright (C) 2014 Werner Koch
|
||||
#
|
||||
# This file is free software; as a special exception the author gives
|
||||
# unlimited permission to copy and/or distribute it, with or without
|
||||
# modifications, as long as this notice is preserved.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
# The URL of the file to retrieve.
|
||||
urlbase="https://www.gnupg.org/"
|
||||
|
||||
WGET=wget
|
||||
GPGV=gpgv
|
||||
|
||||
srcdir=$(dirname "$0")
|
||||
distsigkey="$srcdir/../g10/distsigkey.gpg"
|
||||
|
||||
# Convert a 3 part version number it a numeric value.
|
||||
cvtver () {
|
||||
awk 'NR==1 {split($NF,A,".");X=1000000*A[1]+1000*A[2]+A[3];print X;exit 0}'
|
||||
}
|
||||
|
||||
# Prints usage information.
|
||||
usage()
|
||||
{
|
||||
cat <<EOF
|
||||
Usage: $(basename $0) [OPTIONS]
|
||||
Get the online version of the GnuPG software version database
|
||||
Options:
|
||||
--skip-download Assume download has already been done.
|
||||
--help Print this help.
|
||||
EOF
|
||||
exit $1
|
||||
}
|
||||
|
||||
#
|
||||
# Parse options
|
||||
#
|
||||
skip_download=no
|
||||
while test $# -gt 0; do
|
||||
case "$1" in
|
||||
# Set up `optarg'.
|
||||
--*=*)
|
||||
optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'`
|
||||
;;
|
||||
*)
|
||||
optarg=""
|
||||
;;
|
||||
esac
|
||||
|
||||
case $1 in
|
||||
--help|-h)
|
||||
usage 0
|
||||
;;
|
||||
--skip-download)
|
||||
skip_download=yes
|
||||
;;
|
||||
*)
|
||||
usage 1 1>&2
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# Get GnuPG version from VERSIOn file. For a GIT checkout this means
|
||||
# that ./autogen.sh must have been run first. For a regular tarball
|
||||
# VERSION is always available.
|
||||
if [ ! -f "$srcdir/../VERSION" ]; then
|
||||
echo "VERSION file missing - run autogen.sh first." >&2
|
||||
exit 1
|
||||
fi
|
||||
version=$(cat "$srcdir/../VERSION")
|
||||
version_num=$(echo "$version" | cvtver)
|
||||
|
||||
#
|
||||
# Download the list and verify.
|
||||
#
|
||||
if [ $skip_download = yes ]; then
|
||||
if [ ! -f swdb.lst ]; then
|
||||
echo "swdb.lst is missing." >&2
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f swdb.lst.sig ]; then
|
||||
echo "swdb.lst.sig is missing." >&2
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
if ! $WGET -q -O swdb.lst "$urlbase/swdb.lst" ; then
|
||||
echo "download of swdb.lst failed." >&2
|
||||
exit 1
|
||||
fi
|
||||
if ! $WGET -q -O swdb.lst.sig "$urlbase/swdb.lst.sig" ; then
|
||||
echo "download of swdb.lst.sig failed." >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then
|
||||
echo "list of software versions is not valid!" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#
|
||||
# Check that the online version of GnuPG is not less than this version
|
||||
# to help detect rollback attacks.
|
||||
#
|
||||
gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst)
|
||||
if [ -z "$gnupg_ver" ]; then
|
||||
echo "GnuPG 2.1 version missing in swdb.lst!" >&2
|
||||
exit 1
|
||||
fi
|
||||
gnupg_ver_num=$(echo "$gnupg_ver" | cvtver)
|
||||
if [ $(( $gnupg_ver_num >= $version_num )) = 0 ]; then
|
||||
echo "GnuPG version in swdb.lst is less than this version!" >&2
|
||||
echo " This version: $version" >&2
|
||||
echo " SWDB version: $gnupg_ver" >&2
|
||||
exit 1
|
||||
fi
|
@ -64,6 +64,21 @@ MAKE_J=3
|
||||
# Name to use for the w32 installer and sources
|
||||
INST_NAME=gnupg-w32
|
||||
|
||||
|
||||
# Directory names.
|
||||
# They must be absolute, as we switch directories pretty often.
|
||||
root := $(shell pwd)/PLAY
|
||||
sdir := $(root)/src
|
||||
bdir := $(root)/build
|
||||
bdir6:= $(root)/build-w64
|
||||
idir := $(root)/inst
|
||||
idir6:= $(root)/inst-w64
|
||||
stampdir := $(root)/stamps
|
||||
topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
|
||||
auxsrc := $(topsrc)/build-aux/speedo
|
||||
patdir := $(topsrc)/build-aux/speedo/patches
|
||||
w32src := $(topsrc)/build-aux/speedo/w32
|
||||
|
||||
# =====BEGIN LIST OF PACKAGES=====
|
||||
# The packages that should be built. The order is also the build order.
|
||||
# Fixme: Do we need to build pkg-config for cross-building?
|
||||
@ -118,17 +133,34 @@ speedo_gnupg_style = \
|
||||
speedo_make_only_style = \
|
||||
zlib
|
||||
|
||||
# Get the content of the software DB.
|
||||
SWDB := $(shell $(topsrc)/build-aux/getswdb.sh && echo okay)
|
||||
ifeq ($(strip $(SWDB)),)
|
||||
$(error Error getting GnuPG software version database)
|
||||
endif
|
||||
|
||||
# Version numbers of the released packages
|
||||
# Fixme: Take the version numbers from gnupg-doc/web/swdb.mac
|
||||
libgpg_error_ver = 1.13
|
||||
npth_ver = 0.91
|
||||
libgcrypt_ver = 1.6.1
|
||||
libassuan_ver = 2.1.1
|
||||
libksba_ver = 1.3.0
|
||||
gpgme_ver = 1.5.0
|
||||
pinentry_ver = 0.8.4
|
||||
gpa_ver = 0.9.5
|
||||
gpgex_ver = 1.0.0
|
||||
gnupg_ver = $(shell cat $(topsrc)/VERSION)
|
||||
libgpg_error_ver = $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst)
|
||||
npth_ver = $(shell awk '$$1=="npth_ver" {print $$2}' swdb.lst)
|
||||
libgcrypt_ver = $(shell awk '$$1=="libgcrypt_ver" {print $$2}' swdb.lst)
|
||||
libassuan_ver = $(shell awk '$$1=="libassuan_ver" {print $$2}' swdb.lst)
|
||||
libksba_ver = $(shell awk '$$1=="libksba_ver" {print $$2}' swdb.lst)
|
||||
gpgme_ver = $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst)
|
||||
pinentry_ver = $(shell awk '$$1=="pinentry_ver" {print $$2}' swdb.lst)
|
||||
gpa_ver = $(shell awk '$$1=="gpa_ver" {print $$2}' swdb.lst)
|
||||
gpgex_ver = $(shell awk '$$1=="gpgex_ver" {print $$2}' swdb.lst)
|
||||
|
||||
$(info Information from the version database)
|
||||
$(info GnuPG ..........: $(gnupg_ver))
|
||||
$(info Libgpg-error ...: $(libgpg_error_ver))
|
||||
$(info Npth ...........: $(npth_ver))
|
||||
$(info Libgcrypt ......: $(libgcrypt_ver))
|
||||
$(info Libassuan ......: $(libassuan_ver))
|
||||
$(info GPGME ..........: $(gpgme_ver))
|
||||
$(info Pinentry .......: $(pinentry_ver))
|
||||
$(info GPA ............: $(gpa_ver))
|
||||
$(info GpgEX.... ......: $(gpgex_ver))
|
||||
|
||||
|
||||
# Version number for external packages
|
||||
@ -397,19 +429,6 @@ MKDIR=mkdir
|
||||
MAKENSIS=makensis
|
||||
BUILD_ISODATE=$(shell date -u +%Y-%m-%d)
|
||||
|
||||
# These paths must be absolute, as we switch directories pretty often.
|
||||
root := $(shell pwd)/PLAY
|
||||
sdir := $(root)/src
|
||||
bdir := $(root)/build
|
||||
bdir6:= $(root)/build-w64
|
||||
idir := $(root)/inst
|
||||
idir6:= $(root)/inst-w64
|
||||
stampdir := $(root)/stamps
|
||||
topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
|
||||
auxsrc := $(topsrc)/build-aux/speedo
|
||||
patdir := $(topsrc)/build-aux/speedo/patches
|
||||
w32src := $(topsrc)/build-aux/speedo/w32
|
||||
|
||||
# The next two macros will work only after gnupg has been build.
|
||||
INST_VERSION=$(shell head -1 $(idir)/INST_VERSION)
|
||||
INST_PROD_VERSION=$(shell head -1 $(idir)/INST_PROD_VERSION)
|
||||
|
Loading…
x
Reference in New Issue
Block a user