l/scute: Patched to enable the signing key.

4 years ago · 1f85277c82
3 changed files with 128 additions and 3 deletions
--- a/l/scute/scute-1.5.0-LEARN-sendinfo.patch
+++ b/l/scute/scute-1.5.0-LEARN-sendinfo.patch
@ -0,0 +1,33 @@
+commit f31e6af6e2d9e320dedc89e0b6b2692b7d72cda7
+Author: Damien Goutte-Gattat <dgouttegattat@incenp.org>
+Date:   Sat May 19 23:03:21 2018 +0100
+
+    Do not request certificate data when LEARNing.
+    
+    * src/agent.c (scute_agent_learn): Use LEARN --sendinfo instead
+    of LEARN --send.
+    --
+    
+    Using --send is useless here and we don't even collect the data
+    that the agent may send (no data callback), which may cause the
+    LEARN command to fail.
+    
+    Of note, the --sendinfo option is available since GnuPG 2.1.1,
+    meaning Scute would not work anymore with GnuPG 2.0.x. Since that
+    branch is now EOLed, this should not be a concern.
+    
+    Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+diff --git a/src/agent.c b/src/agent.c
+index 108e1ea..46d56d5 100644
+--- a/src/agent.c
+++ b/src/agent.c
+@@ -640,7 +640,7 @@ scute_agent_learn (struct agent_card_info_s *info)
+   gpg_error_t err;
+ 
+   memset (info, 0, sizeof (*info));
+-  err = assuan_transact (agent_ctx, "LEARN --send",
+  err = assuan_transact (agent_ctx, "LEARN --sendinfo",
+ 			 NULL, NULL, default_inq_cb,
+ 			 NULL, learn_status_cb, info);
+ 
--- a/l/scute/scute-1.5.0-scutesig.patch
+++ b/l/scute/scute-1.5.0-scutesig.patch
@ -0,0 +1,84 @@
+commit 219120376e0b984f2c85aea27929c81b326365b2
+Author: Damien Goutte-Gattat <dgouttegattat@incenp.org>
+Date:   Sun May 20 16:52:45 2018 +0100
+
+    Allow to use the signing key.
+    
+    * configure.ac: New flag --enable-signing-key.
+    * src/Makefile.am: Build scutesig, which uses the signing key.
+    * src/slots.c (slot_init): Use the signing key if building scutesig.
+    (session_sign): Likewise.
+    --
+    
+    This patch allows to build scutesig.so, a version of Scute which
+    uses the signing key, along with the normal scute.so which uses
+    the authentication key.
+    
+    Suggested-by: Dirk Gottschalk <dirk.gottschalk1980@googlemail.com>
+    Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+diff --git a/configure.ac b/configure.ac
+index 3615a49..8c8f1b1 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -313,6 +313,11 @@ else
+ fi
+ AM_CONDITIONAL(HAVE_GPGSM, test "$GPGSM" != "no")
+ 
+# Use signing key?
+AC_ARG_ENABLE([signing-key],
+              AS_HELP_STRING([--enable-signing-key],
+                             [Build a version of Scute using the signing key]))
+AM_CONDITIONAL([ENABLE_SCUTESIG], [test "$enable_signing_key" = yes])
+ 
+ dnl Check for GPGSM version requirement.
+ GPGSM_VERSION=unknown
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 9ceef93..8063ab9 100644
+--- a/src/Makefile.am
+++ b/src/Makefile.am
+@@ -133,3 +133,12 @@ scute_la_LIBADD = $(scute_libadd) \
+ scute_la_CPPFLAGS = -I$(srcdir)/../include \
+ 	@LIBASSUAN_CFLAGS@ @GPG_ERROR_CFLAGS@
+ scute_la_SOURCES = $(sources)
+
+if ENABLE_SCUTESIG
+lib_LTLIBRARIES += scutesig.la
+scutesig_la_LDFLAGS = $(scute_la_LDFLAGS)
+scutesig_la_DEPENDENCIES = $(scute_la_DEPENDENCIES)
+scutesig_la_LIBADD = $(scute_la_LIBADD)
+scutesig_la_CPPFLAGS = $(scute_la_CPPFLAGS) -DENABLE_SIGNING_KEY
+scutesig_la_SOURCES = $(scute_la_SOURCES)
+endif
+diff --git a/src/slots.c b/src/slots.c
+index fc69d15..f414331 100644
+--- a/src/slots.c
+++ b/src/slots.c
+@@ -385,7 +385,12 @@ slot_init (slot_iterator_t id)
+   gpg_error_t err = 0;
+   struct slot *slot = scute_table_data (slots, id);
+ 
+#if ENABLE_SIGNING_KEY
+  err = scute_gpgsm_get_cert (slot->info.grip1, 1, add_object, slot);
+#else
+   err = scute_gpgsm_get_cert (slot->info.grip3, 3, add_object, slot);
+#endif
+
+   if (err)
+     goto init_out;
+ 
+@@ -1033,8 +1038,14 @@ session_sign (slot_iterator_t id, session_iterator_t sid,
+     }
+ 
+   sig_len = *pulSignatureLen;
+#if ENABLE_SIGNING_KEY
+  err = scute_agent_sign (slot->info.grip1, pData, ulDataLen,
+			  pSignature, &sig_len);
+#else
+   err = scute_agent_sign (slot->info.grip3, pData, ulDataLen,
+ 			  pSignature, &sig_len);
+#endif
+
+   /* FIXME: Oh well.  */
+   if (gpg_err_code (err) == GPG_ERR_INV_ARG)
+     return CKR_BUFFER_TOO_SMALL;
--- a/l/scute/scute.SlackBuild
+++ b/l/scute/scute.SlackBuild
@ -1,6 +1,6 @@
 #!/bin/bash
 # Build script for Slackware
-# Copyright (C) 2014,2015,2017 Damien Goutte-Gattat
+# Copyright (C) 2014,2015,2017,2018 Damien Goutte-Gattat
 #
 # Redistribution and use of this script, with or without modifications,
 # is permitted provided that the following conditions are met:
@ -32,7 +32,7 @@ WGET=${WGET:-https://gnupg.org/ftp/gcrypt/scute/$ARCHIVE}

 # Build infos
 NAMEPKG=${NAMEPKG:-scute}
-BUILD=${BUILD:-1GGD}
+BUILD=${BUILD:-2GGD}
 ARCH=${ARCH:-$(uname -m | sed 's/^i.86$/i486/;s/^arm.*/arm/')}
 JOBS=${JOBS:-1}
 EXT=${EXT:-txz}
@ -78,11 +78,18 @@ fi
 sha256sum -c $ARCHIVE.sha256
 NAME=$(tar ft $ARCHIVE | head -n 1 | cut -d / -f 1)

-# Compile
+# Extract and patch
 cd $TMP
 echo "Building $ARCHIVE..."
 tar xf $CWD/$ARCHIVE
 cd $NAME
+# Use LEARN --sendinfo instead of LEARN --send
+patch -p 1 < $CWD/scute-1.5.0-LEARN-sendinfo.patch
+# Allow use of signing key
+patch -p 1 < $CWD/scute-1.5.0-scutesig.patch
+
+# Build
+./autogen.sh
 CFLAGS=$CPUOPT \
 CXXFLAGS=$CPUOPT \
 ./configure \
@ -90,6 +97,7 @@ CXXFLAGS=$CPUOPT \
  --libdir=/usr/lib$LIBDIRSUFFIX \
  --infodir=/usr/info \
  --with-gpg-connect-agent=/usr/bin/gpg-connect-agent \
+  --enable-signing-key \
  --build=$ARCH-slackware-linux
 make -j $JOBS
 make install-strip DESTDIR=$PKG