New package: signing party-2.11_1

[jcgruenhage]

General

• This is a new package and it conforms to the quality requirements

Have the results of the proposed changes been tested?

• I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
• I generally don't use the affected packages but briefly tested this PR

TODOs

• fix cross compilation
• fix bug in perl-Interface-GnuPG (version detection is broken, which causes it to refuse operation) Bug has not been found, but the check has been disabled. xbps makes sure we have a new enough version of GnuPG installed.

[the-eater]

call me out if I'm wrong here, but no prefix should be needed for Public Domain

[jcgruenhage]

call me out if I'm wrong here, but no prefix should be needed for Public Domain

We require the custom: prefix for everything that's not an SPDX license identifier, and while there are a few public domain alike licenses, there is not really the one, so this needs to be there.

Edit: argh, yes, I cant read. updated.

[the-eater]

on IRC I have pointed them to

license A string matching the license's SPDX Short identifier, Public Domain, or string prefixed with custom: for other licenses.

LGTM

[Chocimier]

Cross compilation works when keyanalyze is build separately:

post_patch() {
       vsed -i Makefile -e 's/keyanalyze//'
}

# Template file for 'keyanalyze'
pkgname=keyanalyze
version=2.11
revision=1
wrksrc="signing-party-v${version}"
build_wrksrc="keyanalyze/pgpring"
build_style=gnu-configure
make_install_args="-C .."
hostmakedepends="autoconf automake"
makedepends="libmd-devel"
short_desc="Analyses the relationships between the keys in public key ring"
maintainer=" <@>"
license="GPL-2.0-only"
homepage="https://salsa.debian.org/signing-party-team/signing-party"
distfiles="https://salsa.debian.org/signing-party-team/signing-party/-/archive/v${version}/signing-party-v${version}.tar.gz"
checksum=e339cfea9af6f12bf09de8aa6c8972c168d2eb712cb72a8a7415e3f7ecb43cf2

pre_configure() {
	autoreconf -fi
}

post_build() {
	cd ..
	vsed -i Makefile -e '/all:/s:pgpring/pgpring::'
	make CFLAGS="$CFLAGS"
}

[jcgruenhage]

@Chocimier Thanks! I'll include that.

Aside of fixing crosscompiling, I've noticed another problem, in perl-GnuPG-Interface, it fails to get the currently installed gpg version, which means that more elaborate usage of the tools (which actually call that library) fail with an error about that. Anyone with knowledge of perl magic available to maybe take a look? I worked around this locally by overriding the version check, but that surely wouldn't be the way to properly fix this.

[github-actions]

Pull Requests become stale 90 days after last activity and are closed 14 days after that. If this pull request is still relevant bump it or assign it.

[jcgruenhage]

So, a few things here:

• can we reopen this?
• @Chocimier keyanalyze does build with that template, but the resulting package is broken. I've commented it out for now, because keyanalyze isn't really all that useful for me anyway
• the problem with perl-GnuPG-Interface still persists, any guesses what's going wrong there?

error determining fileno for STDIN: Illegal seek at (eval 270) line 55.
Use of uninitialized value $line in pattern match (m//) at /usr/share/perl5/vendor_perl/GnuPG/Interface.pm line 827.
Use of uninitialized value $a in split at /usr/share/perl5/vendor_perl/GnuPG/Interface.pm line 841.
Use of uninitialized value $a in split at /usr/share/perl5/vendor_perl/GnuPG/Interface.pm line 841.
GnuPG Version 1.4 or 2.2+ required at (eval 270) line 55.

Here's the code:

sub _version {
    my ( $self ) = @_;

    my $out = IO::Handle->new;
    my $handles = GnuPG::Handles->new( stdout => $out );
    my $pid = $self->wrap_call( commands => [ '--no-options', '--version' ], handles => $handles );
    my $line = $out->getline;
    $line =~ /(\d+\.\d+\.\d+)/;

    my $version = $1;
    unless ($self->cmp_version($version, '2.2') >= 0 or
        ($self->cmp_version($version, '1.4') >= 0 and $self->cmp_version($version, '1.5') < 0 )) {
        croak "GnuPG Version 1.4 or 2.2+ required";
    }
    waitpid $pid, 0;

    return $version;
}

And here's the output of gpg --no-options --version:

gpg (GnuPG) 2.2.34
libgcrypt 1.10.1
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/jcgruenhage/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

From my understanding of perl, this looks like it should work. I've also not been able to find any patches that other distros that have this packaged apply.

[jcgruenhage]

Update on the current situation:

• The remaining problematic package (keyanalyze) has been removed from the scope of this PR. I do not use it, and I haven't heard of anyone else doing so, so I'd be inclined to just skip it entirely.
• The patch to perl-GnuPG-Interface was modified not to comment out lines but to remove them, to return a more up2date version (not returning a version breaks other parts, which would require a bigger patch), and to also remove the tests that started breaking because of the changes in the patch.
• This has been tested with gnupg: adopt, update to 2.3.7. #38021, works as expected.

afaict, this addresses all the remaining feedback. I'd be happy if we could get this merged soon now :)