aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--.gitignore2
-rwxr-xr-xbuild-aux/getswdb.sh121
-rw-r--r--build-aux/speedo.mk65
3 files changed, 165 insertions, 23 deletions
diff --git a/.gitignore b/.gitignore
index 5a51f9fd2..a525f1485 100644
--- a/.gitignore
+++ b/.gitignore
@@ -158,3 +158,5 @@ tools/gpgtar
private-keys-v1.d/
x.parm
/VERSION
+/swdb.lst
+/swdb.lst.sig
diff --git a/build-aux/getswdb.sh b/build-aux/getswdb.sh
new file mode 100755
index 000000000..aa889ee79
--- /dev/null
+++ b/build-aux/getswdb.sh
@@ -0,0 +1,121 @@
+#!/bin/sh
+# Get the online version of the GnuPG software version database
+# Copyright (C) 2014 Werner Koch
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# The URL of the file to retrieve.
+urlbase="https://www.gnupg.org/"
+
+WGET=wget
+GPGV=gpgv
+
+srcdir=$(dirname "$0")
+distsigkey="$srcdir/../g10/distsigkey.gpg"
+
+# Convert a 3 part version number it a numeric value.
+cvtver () {
+ awk 'NR==1 {split($NF,A,".");X=1000000*A[1]+1000*A[2]+A[3];print X;exit 0}'
+}
+
+# Prints usage information.
+usage()
+{
+ cat <<EOF
+Usage: $(basename $0) [OPTIONS]
+Get the online version of the GnuPG software version database
+Options:
+ --skip-download Assume download has already been done.
+ --help Print this help.
+EOF
+ exit $1
+}
+
+#
+# Parse options
+#
+skip_download=no
+while test $# -gt 0; do
+ case "$1" in
+ # Set up `optarg'.
+ --*=*)
+ optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'`
+ ;;
+ *)
+ optarg=""
+ ;;
+ esac
+
+ case $1 in
+ --help|-h)
+ usage 0
+ ;;
+ --skip-download)
+ skip_download=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+# Get GnuPG version from VERSIOn file. For a GIT checkout this means
+# that ./autogen.sh must have been run first. For a regular tarball
+# VERSION is always available.
+if [ ! -f "$srcdir/../VERSION" ]; then
+ echo "VERSION file missing - run autogen.sh first." >&2
+ exit 1
+fi
+version=$(cat "$srcdir/../VERSION")
+version_num=$(echo "$version" | cvtver)
+
+#
+# Download the list and verify.
+#
+if [ $skip_download = yes ]; then
+ if [ ! -f swdb.lst ]; then
+ echo "swdb.lst is missing." >&2
+ exit 1
+ fi
+ if [ ! -f swdb.lst.sig ]; then
+ echo "swdb.lst.sig is missing." >&2
+ exit 1
+ fi
+else
+ if ! $WGET -q -O swdb.lst "$urlbase/swdb.lst" ; then
+ echo "download of swdb.lst failed." >&2
+ exit 1
+ fi
+ if ! $WGET -q -O swdb.lst.sig "$urlbase/swdb.lst.sig" ; then
+ echo "download of swdb.lst.sig failed." >&2
+ exit 1
+ fi
+fi
+if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then
+ echo "list of software versions is not valid!" >&2
+ exit 1
+fi
+
+#
+# Check that the online version of GnuPG is not less than this version
+# to help detect rollback attacks.
+#
+gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst)
+if [ -z "$gnupg_ver" ]; then
+ echo "GnuPG 2.1 version missing in swdb.lst!" >&2
+ exit 1
+fi
+gnupg_ver_num=$(echo "$gnupg_ver" | cvtver)
+if [ $(( $gnupg_ver_num >= $version_num )) = 0 ]; then
+ echo "GnuPG version in swdb.lst is less than this version!" >&2
+ echo " This version: $version" >&2
+ echo " SWDB version: $gnupg_ver" >&2
+ exit 1
+fi
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 4f0751fca..69af39ce4 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -64,6 +64,21 @@ MAKE_J=3
# Name to use for the w32 installer and sources
INST_NAME=gnupg-w32
+
+# Directory names.
+# They must be absolute, as we switch directories pretty often.
+root := $(shell pwd)/PLAY
+sdir := $(root)/src
+bdir := $(root)/build
+bdir6:= $(root)/build-w64
+idir := $(root)/inst
+idir6:= $(root)/inst-w64
+stampdir := $(root)/stamps
+topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
+auxsrc := $(topsrc)/build-aux/speedo
+patdir := $(topsrc)/build-aux/speedo/patches
+w32src := $(topsrc)/build-aux/speedo/w32
+
# =====BEGIN LIST OF PACKAGES=====
# The packages that should be built. The order is also the build order.
# Fixme: Do we need to build pkg-config for cross-building?
@@ -118,17 +133,34 @@ speedo_gnupg_style = \
speedo_make_only_style = \
zlib
+# Get the content of the software DB.
+SWDB := $(shell $(topsrc)/build-aux/getswdb.sh && echo okay)
+ifeq ($(strip $(SWDB)),)
+$(error Error getting GnuPG software version database)
+endif
+
# Version numbers of the released packages
-# Fixme: Take the version numbers from gnupg-doc/web/swdb.mac
-libgpg_error_ver = 1.13
-npth_ver = 0.91
-libgcrypt_ver = 1.6.1
-libassuan_ver = 2.1.1
-libksba_ver = 1.3.0
-gpgme_ver = 1.5.0
-pinentry_ver = 0.8.4
-gpa_ver = 0.9.5
-gpgex_ver = 1.0.0
+gnupg_ver = $(shell cat $(topsrc)/VERSION)
+libgpg_error_ver = $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst)
+npth_ver = $(shell awk '$$1=="npth_ver" {print $$2}' swdb.lst)
+libgcrypt_ver = $(shell awk '$$1=="libgcrypt_ver" {print $$2}' swdb.lst)
+libassuan_ver = $(shell awk '$$1=="libassuan_ver" {print $$2}' swdb.lst)
+libksba_ver = $(shell awk '$$1=="libksba_ver" {print $$2}' swdb.lst)
+gpgme_ver = $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst)
+pinentry_ver = $(shell awk '$$1=="pinentry_ver" {print $$2}' swdb.lst)
+gpa_ver = $(shell awk '$$1=="gpa_ver" {print $$2}' swdb.lst)
+gpgex_ver = $(shell awk '$$1=="gpgex_ver" {print $$2}' swdb.lst)
+
+$(info Information from the version database)
+$(info GnuPG ..........: $(gnupg_ver))
+$(info Libgpg-error ...: $(libgpg_error_ver))
+$(info Npth ...........: $(npth_ver))
+$(info Libgcrypt ......: $(libgcrypt_ver))
+$(info Libassuan ......: $(libassuan_ver))
+$(info GPGME ..........: $(gpgme_ver))
+$(info Pinentry .......: $(pinentry_ver))
+$(info GPA ............: $(gpa_ver))
+$(info GpgEX.... ......: $(gpgex_ver))
# Version number for external packages
@@ -397,19 +429,6 @@ MKDIR=mkdir
MAKENSIS=makensis
BUILD_ISODATE=$(shell date -u +%Y-%m-%d)
-# These paths must be absolute, as we switch directories pretty often.
-root := $(shell pwd)/PLAY
-sdir := $(root)/src
-bdir := $(root)/build
-bdir6:= $(root)/build-w64
-idir := $(root)/inst
-idir6:= $(root)/inst-w64
-stampdir := $(root)/stamps
-topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
-auxsrc := $(topsrc)/build-aux/speedo
-patdir := $(topsrc)/build-aux/speedo/patches
-w32src := $(topsrc)/build-aux/speedo/w32
-
# The next two macros will work only after gnupg has been build.
INST_VERSION=$(shell head -1 $(idir)/INST_VERSION)
INST_PROD_VERSION=$(shell head -1 $(idir)/INST_PROD_VERSION)