diff options
Diffstat (limited to 'source/l/gnome-keyring')
6 files changed, 291 insertions, 0 deletions
diff --git a/source/l/gnome-keyring/doinst.sh b/source/l/gnome-keyring/doinst.sh new file mode 100644 index 00000000..c64347e9 --- /dev/null +++ b/source/l/gnome-keyring/doinst.sh @@ -0,0 +1 @@ +chroot . /usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas/ 2>/dev/null diff --git a/source/l/gnome-keyring/gnome-keyring.SlackBuild b/source/l/gnome-keyring/gnome-keyring.SlackBuild new file mode 100755 index 00000000..81bc47ab --- /dev/null +++ b/source/l/gnome-keyring/gnome-keyring.SlackBuild @@ -0,0 +1,117 @@ +#!/bin/sh + +# Slackware build script for gnome-keyring + +# Copyright 2010, 2011 Robby Workman, Northport, Alabama, USA +# Copyright 2012 Patrick J. Volkerding, Sebeka, MN, USA +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PKGNAM=gnome-keyring +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-2} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.xz || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +# Fix improper passphrase caching. +# http://www.openwall.com/lists/oss-security/2012/08/09/2 +zcat $CWD/gpg-agent-Hook-up-the-TTL-cache-option.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/schema-Update-description-for-gpg-cache-method.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/secret-store-Mark-a-secret-item-as-used-when-acces.patch.gz | patch -p1 --verbose || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --disable-static \ + --enable-shared \ + --enable-nls \ + --disable-debug \ + --enable-ssh-agent \ + --with-root-certs=/etc/ssl/certs \ + --with-pam-dir=/lib/security \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +mkdir -p $PKG/etc/gconf/gconf.xml.defaults + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION +cp -a \ + AUTHORS README* COPYING* HACKING INSTALL NEWS \ + $PKG/usr/doc/$PKGNAM-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -p -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/source/l/gnome-keyring/gpg-agent-Hook-up-the-TTL-cache-option.patch b/source/l/gnome-keyring/gpg-agent-Hook-up-the-TTL-cache-option.patch new file mode 100644 index 00000000..c1298f75 --- /dev/null +++ b/source/l/gnome-keyring/gpg-agent-Hook-up-the-TTL-cache-option.patch @@ -0,0 +1,98 @@ +From 7b65bf04737167fae6b0204d6524215550fcc079 Mon Sep 17 00:00:00 2001 +From: Stef Walter <stefw@gnome.org> +Date: Wed, 8 Aug 2012 06:06:58 +0200 +Subject: [PATCH] gpg-agent: Hook up the TTL cache option + + * So that when the gsettings gpg-cache-method is 'idle' or 'timeout' + we use gpg-cache-ttl to control how long the passphrase is cached + for. + * This is a regression from 3.3.x + +https://bugzilla.gnome.org/show_bug.cgi?id=681081 +--- + daemon/gpg-agent/gkd-gpg-agent-ops.c | 40 ++++++++++++++++++++++-------------- + 1 file changed, 25 insertions(+), 15 deletions(-) + +diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c +index a1a21ff..e1c188d 100644 +--- a/daemon/gpg-agent/gkd-gpg-agent-ops.c ++++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c +@@ -323,17 +323,6 @@ load_unlock_options (GcrPrompt *prompt) + g_free (method); + } + +-static void +-save_unlock_options (GcrPrompt *prompt) +-{ +- GSettings *settings; +- +- settings = gkd_gpg_agent_settings (); +- +- if (gcr_prompt_get_choice_chosen (prompt)) +- g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS); +-} +- + static GcrPrompt * + open_password_prompt (GckSession *session, + const gchar *keyid, +@@ -406,11 +395,14 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg, + const gchar *prompt_text, const gchar *description, gboolean confirm) + { + GckBuilder builder = GCK_BUILDER_INIT; ++ GSettings *settings; + GckAttributes *attrs; + gchar *password = NULL; + GcrPrompt *prompt; + gboolean chosen; + GError *error = NULL; ++ gint lifetime; ++ gchar *method; + + g_assert (GCK_IS_SESSION (session)); + +@@ -431,21 +423,39 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg, + } + + if (password != NULL && keyid != NULL) { ++ settings = gkd_gpg_agent_settings (); + + /* Load up the save options */ + chosen = gcr_prompt_get_choice_chosen (prompt); + +- if (chosen) ++ if (chosen) { ++ g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS); + gck_builder_add_string (&builder, CKA_G_COLLECTION, "login"); +- else ++ ++ } else { ++ method = g_settings_get_string (settings, "gpg-cache-method"); ++ lifetime = g_settings_get_int (settings, "gpg-cache-ttl"); ++ ++ if (g_strcmp0 (method, GCR_UNLOCK_OPTION_IDLE) == 0) { ++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE); ++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_IDLE, lifetime); ++ ++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_TIMEOUT) == 0) { ++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE); ++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_AFTER, lifetime); ++ ++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_SESSION)){ ++ g_message ("Unsupported gpg-cache-method setting: %s", method); ++ } ++ + gck_builder_add_string (&builder, CKA_G_COLLECTION, "session"); ++ g_free (method); ++ } + + /* Now actually save the password */ + attrs = gck_attributes_ref_sink (gck_builder_end (&builder)); + do_save_password (session, keyid, description, password, attrs); + gck_attributes_unref (attrs); +- +- save_unlock_options (prompt); + } + + g_clear_object (&prompt); +-- +1.7.11.2
\ No newline at end of file diff --git a/source/l/gnome-keyring/schema-Update-description-for-gpg-cache-method.patch b/source/l/gnome-keyring/schema-Update-description-for-gpg-cache-method.patch new file mode 100644 index 00000000..12b6fb2d --- /dev/null +++ b/source/l/gnome-keyring/schema-Update-description-for-gpg-cache-method.patch @@ -0,0 +1,30 @@ +From 6387fb065d5ea16c777a0aee05b22c3cc6a0f73c Mon Sep 17 00:00:00 2001 +From: Stef Walter <stefw@gnome.org> +Date: Wed, 8 Aug 2012 06:06:24 +0200 +Subject: [PATCH] schema: Update description for gpg-cache-method + + * Document the various method strings that can be present here + +https://bugzilla.gnome.org/show_bug.cgi?id=681081 +--- + schema/org.gnome.crypto.cache.gschema.xml | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/schema/org.gnome.crypto.cache.gschema.xml b/schema/org.gnome.crypto.cache.gschema.xml +index 9a431eb..4547399 100644 +--- a/schema/org.gnome.crypto.cache.gschema.xml ++++ b/schema/org.gnome.crypto.cache.gschema.xml +@@ -3,7 +3,10 @@ + <key name="gpg-cache-method" type="s"> + <default>'session'</default> + <summary>Cache Method</summary> +- <description>The method to use for caching passphrases typed into the GPG agent.</description> ++ <description>The method to use for caching passphrases typed into the GPG agent. ++ Should be one of: 'always' caches permanently, 'session' caches until session end, ++ 'idle' caches until the not used for gpg-cache-ttl seconds, 'timeout' caches until ++ gpg-cache-ttl seconds.</description> + </key> + <key name="gpg-cache-ttl" type="i"> + <default>300</default> +-- +1.7.11.2
\ No newline at end of file diff --git a/source/l/gnome-keyring/secret-store-Mark-a-secret-item-as-used-when-acces.patch b/source/l/gnome-keyring/secret-store-Mark-a-secret-item-as-used-when-acces.patch new file mode 100644 index 00000000..1785b0cd --- /dev/null +++ b/source/l/gnome-keyring/secret-store-Mark-a-secret-item-as-used-when-acces.patch @@ -0,0 +1,26 @@ +From d96c49f0bf1710b69a354f4bdebf6b53bf5cb0bc Mon Sep 17 00:00:00 2001 +From: Stef Walter <stefw@gnome.org> +Date: Wed, 8 Aug 2012 15:08:22 +0200 +Subject: [PATCH] secret-store: Mark a secret item as 'used' when accessed + + * This makes the gpg-agent idle feature work correctly + +https://bugzilla.gnome.org/show_bug.cgi?id=681081 +--- + pkcs11/secret-store/gkm-secret-item.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pkcs11/secret-store/gkm-secret-item.c b/pkcs11/secret-store/gkm-secret-item.c +index 35698da..d7cbdb3 100644 +--- a/pkcs11/secret-store/gkm-secret-item.c ++++ b/pkcs11/secret-store/gkm-secret-item.c +@@ -224,6 +224,7 @@ gkm_secret_item_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATT + identifier = gkm_secret_object_get_identifier (GKM_SECRET_OBJECT (self)); + secret = gkm_secret_data_get_raw (sdata, identifier, &n_secret); + rv = gkm_attribute_set_data (attr, secret, n_secret); ++ gkm_object_mark_used (base); + g_object_unref (sdata); + return rv; + +-- +1.7.11.2
\ No newline at end of file diff --git a/source/l/gnome-keyring/slack-desc b/source/l/gnome-keyring/slack-desc new file mode 100644 index 00000000..33e06ef9 --- /dev/null +++ b/source/l/gnome-keyring/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +gnome-keyring: GNOME Keyring (a tool to handle security credentials) +gnome-keyring: +gnome-keyring: GNOME Keyring is a program designed to take care of the user's +gnome-keyring: security credentials, such as user names and passwords, in an +gnome-keyring: easy to access manner. The keyring is implemented as a daemon +gnome-keyring: and uses the process name gnome-keyring-daemon. +gnome-keyring: +gnome-keyring: +gnome-keyring: +gnome-keyring: +gnome-keyring: |