1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-21 10:09:57 +01:00

speedo: Get version numbers from online database.

* build-aux/getswdb.sh: New.
* build-aux/speedo.mk: Get release version numbers from swdb.lst.
--

This should make maintaining GnuPG installations easier.  Running

 make -f /foo/gnupg/build-aux/speedo.mk TARGETOS=native WHAT=release

downloads all GnuPG related packages and builds them.  The gnupg
directory may be a GIT checkout but in that case please run
./autogen.sh on it first.  Note that currently swdb.lst is always
downloaded from gnupg.org and thus monitoring the network or the gnupg
machine reveal information on who is currently building GnuPG.  If
there is an easy way to detect that TOR is enabled this can be changed
to directly download from the GnuPG hidden service.
This commit is contained in:
Werner Koch 2014-08-19 12:49:45 +02:00
parent 4fc1c712e9
commit 31649e72fd
3 changed files with 165 additions and 23 deletions

2
.gitignore vendored
View File

@ -158,3 +158,5 @@ tools/gpgtar
private-keys-v1.d/
x.parm
/VERSION
/swdb.lst
/swdb.lst.sig

121
build-aux/getswdb.sh Executable file
View File

@ -0,0 +1,121 @@
#!/bin/sh
# Get the online version of the GnuPG software version database
# Copyright (C) 2014 Werner Koch
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# The URL of the file to retrieve.
urlbase="https://www.gnupg.org/"
WGET=wget
GPGV=gpgv
srcdir=$(dirname "$0")
distsigkey="$srcdir/../g10/distsigkey.gpg"
# Convert a 3 part version number it a numeric value.
cvtver () {
awk 'NR==1 {split($NF,A,".");X=1000000*A[1]+1000*A[2]+A[3];print X;exit 0}'
}
# Prints usage information.
usage()
{
cat <<EOF
Usage: $(basename $0) [OPTIONS]
Get the online version of the GnuPG software version database
Options:
--skip-download Assume download has already been done.
--help Print this help.
EOF
exit $1
}
#
# Parse options
#
skip_download=no
while test $# -gt 0; do
case "$1" in
# Set up `optarg'.
--*=*)
optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'`
;;
*)
optarg=""
;;
esac
case $1 in
--help|-h)
usage 0
;;
--skip-download)
skip_download=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Get GnuPG version from VERSIOn file. For a GIT checkout this means
# that ./autogen.sh must have been run first. For a regular tarball
# VERSION is always available.
if [ ! -f "$srcdir/../VERSION" ]; then
echo "VERSION file missing - run autogen.sh first." >&2
exit 1
fi
version=$(cat "$srcdir/../VERSION")
version_num=$(echo "$version" | cvtver)
#
# Download the list and verify.
#
if [ $skip_download = yes ]; then
if [ ! -f swdb.lst ]; then
echo "swdb.lst is missing." >&2
exit 1
fi
if [ ! -f swdb.lst.sig ]; then
echo "swdb.lst.sig is missing." >&2
exit 1
fi
else
if ! $WGET -q -O swdb.lst "$urlbase/swdb.lst" ; then
echo "download of swdb.lst failed." >&2
exit 1
fi
if ! $WGET -q -O swdb.lst.sig "$urlbase/swdb.lst.sig" ; then
echo "download of swdb.lst.sig failed." >&2
exit 1
fi
fi
if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then
echo "list of software versions is not valid!" >&2
exit 1
fi
#
# Check that the online version of GnuPG is not less than this version
# to help detect rollback attacks.
#
gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst)
if [ -z "$gnupg_ver" ]; then
echo "GnuPG 2.1 version missing in swdb.lst!" >&2
exit 1
fi
gnupg_ver_num=$(echo "$gnupg_ver" | cvtver)
if [ $(( $gnupg_ver_num >= $version_num )) = 0 ]; then
echo "GnuPG version in swdb.lst is less than this version!" >&2
echo " This version: $version" >&2
echo " SWDB version: $gnupg_ver" >&2
exit 1
fi

View File

@ -64,6 +64,21 @@ MAKE_J=3
# Name to use for the w32 installer and sources
INST_NAME=gnupg-w32
# Directory names.
# They must be absolute, as we switch directories pretty often.
root := $(shell pwd)/PLAY
sdir := $(root)/src
bdir := $(root)/build
bdir6:= $(root)/build-w64
idir := $(root)/inst
idir6:= $(root)/inst-w64
stampdir := $(root)/stamps
topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
auxsrc := $(topsrc)/build-aux/speedo
patdir := $(topsrc)/build-aux/speedo/patches
w32src := $(topsrc)/build-aux/speedo/w32
# =====BEGIN LIST OF PACKAGES=====
# The packages that should be built. The order is also the build order.
# Fixme: Do we need to build pkg-config for cross-building?
@ -118,17 +133,34 @@ speedo_gnupg_style = \
speedo_make_only_style = \
zlib
# Get the content of the software DB.
SWDB := $(shell $(topsrc)/build-aux/getswdb.sh && echo okay)
ifeq ($(strip $(SWDB)),)
$(error Error getting GnuPG software version database)
endif
# Version numbers of the released packages
# Fixme: Take the version numbers from gnupg-doc/web/swdb.mac
libgpg_error_ver = 1.13
npth_ver = 0.91
libgcrypt_ver = 1.6.1
libassuan_ver = 2.1.1
libksba_ver = 1.3.0
gpgme_ver = 1.5.0
pinentry_ver = 0.8.4
gpa_ver = 0.9.5
gpgex_ver = 1.0.0
gnupg_ver = $(shell cat $(topsrc)/VERSION)
libgpg_error_ver = $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst)
npth_ver = $(shell awk '$$1=="npth_ver" {print $$2}' swdb.lst)
libgcrypt_ver = $(shell awk '$$1=="libgcrypt_ver" {print $$2}' swdb.lst)
libassuan_ver = $(shell awk '$$1=="libassuan_ver" {print $$2}' swdb.lst)
libksba_ver = $(shell awk '$$1=="libksba_ver" {print $$2}' swdb.lst)
gpgme_ver = $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst)
pinentry_ver = $(shell awk '$$1=="pinentry_ver" {print $$2}' swdb.lst)
gpa_ver = $(shell awk '$$1=="gpa_ver" {print $$2}' swdb.lst)
gpgex_ver = $(shell awk '$$1=="gpgex_ver" {print $$2}' swdb.lst)
$(info Information from the version database)
$(info GnuPG ..........: $(gnupg_ver))
$(info Libgpg-error ...: $(libgpg_error_ver))
$(info Npth ...........: $(npth_ver))
$(info Libgcrypt ......: $(libgcrypt_ver))
$(info Libassuan ......: $(libassuan_ver))
$(info GPGME ..........: $(gpgme_ver))
$(info Pinentry .......: $(pinentry_ver))
$(info GPA ............: $(gpa_ver))
$(info GpgEX.... ......: $(gpgex_ver))
# Version number for external packages
@ -397,19 +429,6 @@ MKDIR=mkdir
MAKENSIS=makensis
BUILD_ISODATE=$(shell date -u +%Y-%m-%d)
# These paths must be absolute, as we switch directories pretty often.
root := $(shell pwd)/PLAY
sdir := $(root)/src
bdir := $(root)/build
bdir6:= $(root)/build-w64
idir := $(root)/inst
idir6:= $(root)/inst-w64
stampdir := $(root)/stamps
topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
auxsrc := $(topsrc)/build-aux/speedo
patdir := $(topsrc)/build-aux/speedo/patches
w32src := $(topsrc)/build-aux/speedo/w32
# The next two macros will work only after gnupg has been build.
INST_VERSION=$(shell head -1 $(idir)/INST_VERSION)
INST_PROD_VERSION=$(shell head -1 $(idir)/INST_PROD_VERSION)