Remove gnupg-1.4 and replace it with gnupg-2

gnupg-1.4 is not developed actively anymore, and new software expects a modern "gpg" executable, which leads to pointless patches in the ports tree. Move the various users of security/gnupg2 to security/gnupg and zap patches that forced the use of "gpg2". Crusade started by edd@ (security/gnupg maintainer), gnupg->gnupg2 test reports from semarie@, giovanni@ and solene@, input and bulk build by sthen@. ok sthen@ edd@ (maintainer)
2026-06-17 23:13:55 +02:00 · 2020-10-05 19:46:17 +00:00
parent 9d992ca270
commit b59233c341
45 changed files with 305 additions and 604 deletions
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.50 2020/10/04 17:07:30 landry Exp $
+# $OpenBSD: Makefile,v 1.51 2020/10/05 19:46:17 jca Exp $

 # keep in synch with mozilla.port.mk
 ONLY_FOR_ARCHS =	i386 amd64 powerpc sparc64
@@ -6,6 +6,7 @@ COMMENT-main =		GnuPG extension for Thunderbird
 COMMENT-seamonkey =	GnuPG extension for Seamonkey

 V =		2.2.4
+REVISION =	0
 DISTNAME =	enigmail-${V}
 PKGNAME-main =	${PKGNAME}
 PKGNAME-seamonkey =	enigmail-seamonkey-${V}
@@ -26,7 +27,7 @@ USE_GMAKE =	Yes
 CONFIGURE_STYLE =	gnu

 BUILD_DEPENDS =	archivers/zip archivers/unzip
-RUN_DEPENDS =	security/gnupg2
+RUN_DEPENDS =	security/gnupg>=2.2.23p1
 WRKDIST =	${WRKDIR}/enigmail

 # needed for the naming of the libsubprocess.so
@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.140 2020/08/31 16:52:03 sthen Exp $
+# $OpenBSD: Makefile,v 1.141 2020/10/05 19:46:17 jca Exp $

 COMMENT=	tty-based e-mail client

 DISTNAME=	mutt-1.14.7
 EPOCH=		3
+REVISION=	0

 CATEGORIES=	mail
 HOMEPAGE=	http://www.mutt.org/
@@ -97,7 +98,5 @@ post-install:
 	mv -f ${PREFIX}/share/doc/mutt/samples/* ${PREFIX}/share/examples/mutt
 	cd ${PREFIX}/share/examples/mutt; \
 	    chmod +x *.sh *.pl mutt_xtitle markdown2html
-	sed -i -e 's,gpg ,${LOCALBASE}/bin/gpg2 ,' \
-	    ${PREFIX}/share/examples/mutt/gpg.rc

 .include <bsd.port.mk>
@@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.59 2020/10/02 18:50:58 sthen Exp $
+# $OpenBSD: Makefile,v 1.60 2020/10/05 19:46:17 jca Exp $

 COMMENT=	tty-based e-mail client, Mutt with patches

 GH_ACCOUNT=	neomutt
 GH_PROJECT=	neomutt
 GH_TAGNAME=	20200925
+REVISION=	0

 CATEGORIES=	mail
 HOMEPAGE=	https://neomutt.org/
@@ -1,79 +0,0 @@
-$OpenBSD: patch-contrib_gpg_rc,v 1.2 2019/10/26 19:37:09 sthen Exp $
-
-Index: contrib/gpg.rc
--- contrib/gpg.rc.orig
-+++ contrib/gpg.rc
-@@ -59,61 +59,61 @@
- 
- # decode application/pgp
- #
-set pgp_decode_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
-+set pgp_decode_command="gpg2 --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
- 
- # Verify a signature
- #
-set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
-+set pgp_verify_command="gpg2 --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
- 
- # Decrypt an attachment
- #
-set pgp_decrypt_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - --decrypt %f"
-+set pgp_decrypt_command="gpg2 --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - --decrypt %f"
- 
- # Create a PGP/MIME signed attachment
- #
- # set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
- #
-set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --detach-sign %f"
-+set pgp_sign_command="gpg2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --detach-sign %f"
- 
- # Create a application/pgp inline signed message.  This style is obsolete but still needed for Hushmail recipients and some MUAs.
- #
- # set pgp_clearsign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"
- #
-set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --clearsign %f"
-+set pgp_clearsign_command="gpg2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --clearsign %f"
- 
- # Create an encrypted attachment (note that some users include the --always-trust option here)
- #
- # set pgp_encrypt_only_command="/usr/libexec/neomutt/pgpewrap gpg-2comp -v --batch --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
- #
-set pgp_encrypt_only_command="/usr/libexec/neomutt/pgpewrap gpg --batch --quiet --no-verbose --output - --textmode --armor --encrypt -- --recipient %r -- %f"
-+set pgp_encrypt_only_command="/usr/libexec/neomutt/pgpewrap gpg2 --batch --quiet --no-verbose --output - --textmode --armor --encrypt -- --recipient %r -- %f"
- 
- # Create an encrypted and signed attachment (note that some users include the --always-trust option here)
- #
- # set pgp_encrypt_sign_command="/usr/libexec/neomutt/pgpewrap gpg-2comp %?p?--passphrase-fd 0? -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
- #
-set pgp_encrypt_sign_command="/usr/libexec/neomutt/pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - %?a?--local-user %a? --armor --sign --encrypt -- --recipient %r -- %f"
-+set pgp_encrypt_sign_command="/usr/libexec/neomutt/pgpewrap gpg2 %?p?--pinentry-mode loopback --passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - %?a?--local-user %a? --armor --sign --encrypt -- --recipient %r -- %f"
- 
- # Import a key into the public key ring
- #
-set pgp_import_command="gpg --no-verbose --import %f"
-+set pgp_import_command="gpg2 --no-verbose --import %f"
- 
- # Export a key from the public key ring
- #
-set pgp_export_command="gpg --no-verbose --armor --export %r"
-+set pgp_export_command="gpg2 --no-verbose --armor --export %r"
- 
- # Verify a key
- #
-set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r"
-+set pgp_verify_key_command="gpg2 --verbose --batch --fingerprint --check-sigs %r"
- 
- # Read in the public key ring
- # note: the second --with-fingerprint adds fingerprints to subkeys
- #
-set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r"
-+set pgp_list_pubring_command="gpg2 --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r"
- 
- # Read in the secret key ring
- # note: the second --with-fingerprint adds fingerprints to subkeys
- #
-set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r"
-+set pgp_list_secring_command="gpg2 --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r"
- 
- # Fetch keys
- # set pgp_getkeys_command="pkspxycwrap %r"
@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.4 2020/08/23 22:16:02 sthen Exp $
+# $OpenBSD: Makefile,v 1.5 2020/10/05 19:46:17 jca Exp $

 COMMENT-main =		mail indexer, tagger and threader
 COMMENT-emacs =		Emacs bindings for notmuch

 PKGNAME-main =		notmuch-${V}
+REVISION-main =		0
 PKGNAME-emacs =		notmuch-emacs-${V}

 SHARED_LIBS +=		notmuch	0.0
@@ -28,7 +29,7 @@ RUN_DEPENDS-emacs =	devel/desktop-file-utils \
 BUILD_DEPENDS =		devel/doxygen \
 			devel/py-cffi${MODPY_FLAVOR} \
 			editors/emacs,gtk3 \
-			security/gnupg2 \
+			security/gnupg>=2.2.23p1 \
 			shells/bash \
 			shells/bash-completion \
 			textproc/py-sphinx${MODPY_FLAVOR}
@@ -1,26 +1,8 @@
-$OpenBSD: patch-configure,v 1.3 2020/08/13 18:21:18 sthen Exp $
+$OpenBSD: patch-configure,v 1.4 2020/10/05 19:46:17 jca Exp $

 Index: configure
 --- configure.orig
 +++ configure
-@@ -518,7 +518,7 @@ EOF
-         printf 'No.\nCould not make tempdir for testing session-key support.\n'
-         errors=$((errors + 1))
-     elif ${CC} ${CFLAGS} ${gmime_cflags} _check_session_keys.c ${gmime_ldflags} -o _check_session_keys \
-           && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < "$srcdir"/test/gnupg-secret-key.asc \
-+           && GNUPGHOME=${TEMP_GPG} gpg2 --batch --quiet --import < "$srcdir"/test/gnupg-secret-key.asc \
-            && SESSION_KEY=$(GNUPGHOME=${TEMP_GPG} ./_check_session_keys) \
-            && [ $SESSION_KEY = 9:0BACD64099D1468AB07C796F0C0AC4851948A658A15B34E803865E9FC635F2F5 ]
-     then
-@@ -669,7 +669,7 @@ EOF
-         printf 'No.\nCould not make tempdir for testing signature verification when decrypting with session keys.\n'
-         errors=$((errors + 1))
-     elif ${CC} ${CFLAGS} ${gmime_cflags} _verify_sig_with_session_key.c ${gmime_ldflags} -o _verify_sig_with_session_key \
-            && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < "$srcdir"/test/gnupg-secret-key.asc \
-+            && GNUPGHOME=${TEMP_GPG} gpg2 --batch --quiet --import < "$srcdir"/test/gnupg-secret-key.asc \
-             && rm -f ${TEMP_GPG}/private-keys-v1.d/*.key
-     then
-         if GNUPGHOME=${TEMP_GPG} ./_verify_sig_with_session_key; then
@@ -721,9 +721,9 @@ if ! pkg-config --exists zlib; then
   rm -f compat/gen_zlib_pc
 fi
@@ -1,9 +1,9 @@
-$OpenBSD: patch-test_test-lib-OPENBSD_sh,v 1.1.1.1 2020/05/15 08:58:14 sthen Exp $
+$OpenBSD: patch-test_test-lib-OPENBSD_sh,v 1.2 2020/10/05 19:46:17 jca Exp $

 Index: test/test-lib-OPENBSD.sh
 --- test/test-lib-OPENBSD.sh.orig
 +++ test/test-lib-OPENBSD.sh
-@@ -4,6 +4,10 @@ if command -v gdate >/dev/null
+@@ -4,6 +4,9 @@ if command -v gdate >/dev/null
        date () { gdate "$@"; }
        base64 () { gbase64 "$@"; }
        wc () { gwc "$@"; }
@@ -13,5 +13,4 @@ Index: test/test-lib-OPENBSD.sh
        sha256sum () { gsha256sum "$@"; }
    fi
 +gdb () { egdb "$@"; }
-+gpg () { gpg2 "$@"; }
 +tar () { gtar "$@"; }
@@ -1,7 +1,6 @@
-$OpenBSD: patch-test_test-lib_sh,v 1.2 2020/08/13 18:21:19 sthen Exp $
+$OpenBSD: patch-test_test-lib_sh,v 1.3 2020/10/05 19:46:17 jca Exp $

 we don't have libdl
-use gpg2 instead of gpg

 Index: test/test-lib.sh
 --- test/test-lib.sh.orig
@@ -14,27 +13,3 @@ Index: test/test-lib.sh
 
 # Protect ourselves from common misconfiguration to export
 # CDPATH into the environment
-@@ -113,11 +112,11 @@ add_gnupg_home ()
-     _gnupg_exit () { gpgconf --kill all 2>/dev/null || true; }
-     at_exit_function _gnupg_exit
-     mkdir -p -m 0700 "$GNUPGHOME"
-    gpg --no-tty --import <$NOTMUCH_SRCDIR/test/gnupg-secret-key.asc >"$GNUPGHOME"/import.log 2>&1
-+    gpg2 --no-tty --import <$NOTMUCH_SRCDIR/test/gnupg-secret-key.asc >"$GNUPGHOME"/import.log 2>&1
-     test_debug "cat $GNUPGHOME/import.log"
-    if (gpg --quick-random --version >/dev/null 2>&1) ; then
-+    if (gpg2 --quick-random --version >/dev/null 2>&1) ; then
- 	echo quick-random >> "$GNUPGHOME"/gpg.conf
-    elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
-+    elif (gpg2 --debug-quick-random --version >/dev/null 2>&1) ; then
- 	echo debug-quick-random >> "$GNUPGHOME"/gpg.conf
-     fi
-     echo no-emit-version >> "$GNUPGHOME"/gpg.conf
-@@ -125,7 +124,7 @@ add_gnupg_home ()
-     # Change this if we ship a new test key
-     FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
-     SELF_USERID="Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"
-    printf '%s:6:\n' "$FINGERPRINT" | gpg --quiet --batch --no-tty --import-ownertrust
-+    printf '%s:6:\n' "$FINGERPRINT" | gpg2 --quiet --batch --no-tty --import-ownertrust
- }
- 
- add_gpgsm_home ()
@@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.6 2020/01/31 18:58:43 cwen Exp $
+# $OpenBSD: Makefile,v 1.7 2020/10/05 19:46:17 jca Exp $

 COMMENT =		tty-based CardDav search tool

 V =			1.6
 DISTNAME =		mcds-${V}
 CATEGORIES =		productivity
-REVISION =		0
+REVISION =		1

 MAINTAINER =		Timothy Brown <tbrown@freeshell.org>

@@ -17,14 +17,14 @@ WANTLIB =		assuan c curl gpg-error gpgme iconv intl xml2

 MASTER_SITES =		https://github.com/t-brown/mcds/releases/download/v${V}/

-BUILD_DEPENDS =		security/gnupg2
+BUILD_DEPENDS =		security/gnupg>=2.2.23p1

 LIB_DEPENDS =		devel/gettext,-runtime \
 			net/curl \
 			textproc/libxml \
 			security/gpgme

-RUN_DEPENDS =		security/gnupg2
+RUN_DEPENDS =		security/gnupg>=2.2.23p1

 CONFIGURE_STYLE =	gnu

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.592 2020/09/14 22:47:10 abieber Exp $
+# $OpenBSD: Makefile,v 1.593 2020/10/05 19:46:17 jca Exp $

     SUBDIR =
     SUBDIR += ADMsnmp
@@ -64,8 +64,6 @@
     SUBDIR += fwknop
     SUBDIR += ghidra
     SUBDIR += gnupg
-     SUBDIR += gnupg,card,ldap
-     SUBDIR += gnupg2
     SUBDIR += gnutls
     SUBDIR += go-crypto
     SUBDIR += go-siphash
@@ -1,73 +1,62 @@
-# $OpenBSD: Makefile,v 1.117 2020/07/05 09:40:19 jca Exp $
+# $OpenBSD: Makefile,v 1.118 2020/10/05 19:46:17 jca Exp $

-COMMENT=	GNU privacy guard - a free PGP replacement
+COMMENT =	GNU privacy guard - a free PGP replacement

-DISTNAME=	gnupg-1.4.23
-REVISION=	4
-CATEGORIES=	security
+DISTNAME =	gnupg-2.2.23
+REVISION =	1
+CATEGORIES = 	security

-# restrict, not compatible with gnupg-2.
-PKGSPEC =	gnupg-<2
+MASTER_SITES =	${MASTER_SITE_GNUPG:=gnupg/}

-MASTER_SITES=	${MASTER_SITE_GNUPG:=gnupg/}
+HOMEPAGE = 	https://www.gnupg.org/

-HOMEPAGE=	https://www.gnupg.org/
+MAINTAINER = 	Edd Barrett <edd@openbsd.org>

-# GPLv3
-PERMIT_PACKAGE=	Yes
+# GPLv3+
+PERMIT_PACKAGE =	Yes

-WANTLIB += bz2 c crypto curses curl iconv intl nghttp2 readline ssl z
+WANTLIB += assuan bz2 c gcrypt gnutls gpg-error iconv intl ksba
+WANTLIB += npth pthread readline sqlite3 usb-1.0 z

-LIB_DEPENDS=	archivers/bzip2 \
-		devel/gettext,-runtime \
-		net/curl
+EXTRACT_SUFX = 		.tar.bz2

-CONFIGURE_STYLE= gnu
-MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/scripts
-CONFIGURE_ARGS+= --disable-gnupg-iconv
-CONFIGURE_ENV=	CPPFLAGS="-I${LOCALBASE}/include" \
-		LDFLAGS="-L${LOCALBASE}/lib"
-MAKE_FLAGS=	LIBINTL="-L${LOCALBASE}/lib -lintl -liconv" \
-		LIBICONV="-L${LOCALBASE}/lib -liconv"
+FLAVORS = 		ldap
+FLAVOR ?=

-FLAVORS=	card ldap
-FLAVOR?=
-
-.if ${FLAVOR:Mcard}
-LIB_DEPENDS+=		devel/libusb-compat
-WANTLIB +=		usb
-.else
-CONFIGURE_ARGS+=	--disable-card-support --without-libusb
-.endif
+LIB_DEPENDS =		archivers/bzip2 \
+			databases/sqlite3 \
+			devel/gettext,-runtime \
+			devel/libusb1 \
+			devel/npth>=1.5 \
+			security/gnutls \
+			security/libassuan>=2.4.3 \
+			security/libgcrypt \
+			security/libksba>=1.3.4

 .if ${FLAVOR:Mldap}
-CONFIGURE_ARGS+=	--enable-ldap
-LIB_DEPENDS+=		databases/openldap
-WANTLIB +=		ldap>=8
+CONFIGURE_ARGS +=	--enable-ldap
+WANTLIB +=		lber ldap
+LIB_DEPENDS +=		databases/openldap
 .else
-CONFIGURE_ARGS+=	--disable-ldap
+CONFIGURE_ARGS +=	--disable-ldap
 .endif

+RUN_DEPENDS = 		security/pinentry

-GNUPGDOCFILES=	README AUTHORS COPYING THANKS TODO BUGS \
-		doc/DETAILS doc/FAQ doc/OpenPGP doc/HACKING
+TEST_DEPENDS = 	${FULLPKGNAME}:${BUILD_PKGPATH}
+PORTHOME=${WRKDIR}

-.include <bsd.port.arch.mk>
-.if (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "mips64" || \
-     ${MACHINE_ARCH} == "mips64el" || ${MACHINE_ARCH} == "powerpc") \
-     && ${PROPERTIES:Mclang}
-CFLAGS += -fheinous-gnu-extensions
-.endif
+USE_GMAKE = 		Yes

-.if ${MACHINE_ARCH} == "hppa"
-pre-configure:
-	# mpi/hppa1.1/udiv-qrnnd.S is not PIE-safe
-	mv ${WRKSRC}/mpi/hppa/udiv-qrnnd.S ${WRKSRC}/mpi/hppa1.1/
-.endif
+CONFIGURE_STYLE = 	gnu
+CONFIGURE_ENV = 	CPPFLAGS="-I${LOCALBASE}/include" \
+			LDFLAGS="-L${LOCALBASE}/lib"
+CONFIGURE_ARGS += 	--enable-gpgtar \
+			--enable-wks-tools

+# compat symlinks, remove for OpenBSD 7.0?
 post-install:
-	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/gnupg
-	cd ${WRKSRC}; ${INSTALL_DATA} ${GNUPGDOCFILES} \
-		${PREFIX}/share/doc/gnupg
+	ln -sf gpg ${PREFIX}/bin/gpg2
+	ln -sf gpgv ${PREFIX}/bin/gpgv2

 .include <bsd.port.mk>
@@ -1,2 +1,2 @@
-SHA256 (gnupg-1.4.23.tar.gz) = R9kgsK0Jm9yf/G4bNjK/YXN8Iv1todqZRCmvHF+pURo=
-SIZE (gnupg-1.4.23.tar.gz) = 5218622
+SHA256 (gnupg-2.2.23.tar.bz2) = ELVeSdeLPknx7bWNdUHsva2S3a7riFtvSG7SPRzR2lw=
+SIZE (gnupg-2.2.23.tar.bz2) = 7099806
@@ -1,13 +0,0 @@
-$OpenBSD: patch-cipher_Makefile_in,v 1.12 2017/10/19 16:36:04 jca Exp $
-Index: cipher/Makefile.in
--- cipher/Makefile.in.orig
-+++ cipher/Makefile.in
-@@ -401,7 +401,7 @@ target_alias = @target_alias@
- top_build_prefix = @top_build_prefix@
- top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
-AM_CPPFLAGS = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/intl \
-+AM_CPPFLAGS = -I.. -I$(top_srcdir)/include \
- 	-I$(top_srcdir)/mpi -I../mpi $(am__append_1)
- noinst_LIBRARIES = libcipher.a
- libcipher_a_SOURCES = cipher.c pubkey.c md.c dynload.c bithelp.h des.c \
@@ -1,12 +1,20 @@
-$OpenBSD: patch-doc_Makefile_in,v 1.10 2015/03/01 12:12:54 jca Exp $
--- doc/Makefile.in.orig	Fri Feb 27 09:37:51 2015
-+++ doc/Makefile.in	Fri Feb 27 22:39:17 2015
-@@ -422,7 +422,7 @@ gnupg1_TEXINFOS = gnupg1.texi
+$OpenBSD: patch-doc_Makefile_in,v 1.11 2020/10/05 19:46:17 jca Exp $
+
+Index: doc/Makefile.in
+--- doc/Makefile.in.orig
+++ doc/Makefile.in
+@@ -476,14 +476,6 @@ libcommontls = ../common/libcommontls.a
+ libcommontlsnpth = ../common/libcommontlsnpth.a
+ examples = examples/README examples/scd-event examples/trustlist.txt	\
+ 	   examples/vsnfd.prf examples/debug.prf                        \
+-	   examples/systemd-user/README 				\
+-	   examples/systemd-user/dirmngr.service 			\
+-	   examples/systemd-user/dirmngr.socket				\
+-	   examples/systemd-user/gpg-agent.service 			\
+-	   examples/systemd-user/gpg-agent.socket 			\
+-	   examples/systemd-user/gpg-agent-ssh.socket 			\
+-	   examples/systemd-user/gpg-agent-browser.socket		\
+-	   examples/systemd-user/gpg-agent-extra.socket 		\
+ 	   examples/gpgconf.conf examples/pwpattern.list
 
- # Need this to avoid building of dvis with automake 1.4
- DVIS = 
-pkgdata_DATA = FAQ
-+#pkgdata_DATA = FAQ
- 
- # we can't add gpg.texi gpgv.texi here because automake does not like them to
- # be built files.
+ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt		\
@@ -1,12 +0,0 @@
-$OpenBSD: patch-g10_Makefile_in,v 1.11 2015/03/01 12:12:54 jca Exp $
--- g10/Makefile.in.orig	Fri Feb 27 09:37:51 2015
-+++ g10/Makefile.in	Fri Feb 27 22:39:17 2015
-@@ -461,7 +461,7 @@ target_alias = @target_alias@
- top_build_prefix = @top_build_prefix@
- top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
-AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/intl \
-+AM_CPPFLAGS = -I$(top_srcdir)/include \
- 	@LIBUSB_CPPFLAGS@ $(am__append_1)
- needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
- other_libs = $(LIBICONV) $(DNSLIBS) $(LIBINTL) $(CAPLIBS)
@@ -1,12 +0,0 @@
-$OpenBSD: patch-keyserver_Makefile_in,v 1.10 2015/03/01 12:12:54 jca Exp $
--- keyserver/Makefile.in.orig	Fri Feb 27 09:37:52 2015
-+++ keyserver/Makefile.in	Fri Feb 27 22:40:22 2015
-@@ -444,7 +444,7 @@ target_alias = @target_alias@
- top_build_prefix = @top_build_prefix@
- top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
-AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/intl
-+AM_CPPFLAGS = -I$(top_srcdir)/include
- EXTRA_SCRIPTS = gpgkeys_mailto
- gpglibexecdir = $(libexecdir)/@PACKAGE@
- gpglibexec_PROGRAMS = @GPGKEYS_LDAP@ @GPGKEYS_HKP@ @GPGKEYS_FINGER@ @GPGKEYS_CURL@
@@ -1,14 +0,0 @@
-$OpenBSD: patch-mpi_Makefile_in,v 1.4 2018/11/11 21:14:33 naddy Exp $
-
-Index: mpi/Makefile.in
--- mpi/Makefile.in.orig
-+++ mpi/Makefile.in
-@@ -713,7 +713,7 @@ uninstall-am:
- # cancel the default rules used by libtool which do not really
- # work and add one to cpp .S files
- .S.o:
-	 $(CPP) $(INCLUDES) $(DEFS) $< | grep -v '^#' > _$*.s
-+	 $(CPP) $(INCLUDES) $(DEFS) -DPIC $< | grep -v '^#' > _$*.s
- 	 $(COMPILE) $(AM_CCASFLAGS) -c _$*.s
- 	 mv -f _$*.o $*.o
- 
@@ -1,15 +0,0 @@
-$OpenBSD: patch-mpi_config_links,v 1.7 2020/04/12 18:29:01 cwen Exp $
-
-Fix "error: unsupported argument '-mppc' to option 'Wa,'" with clang on macppc
-
-Index: mpi/config.links
--- mpi/config.links.orig
-+++ mpi/config.links
-@@ -234,7 +234,6 @@ case "${host}" in
-        echo '/* configured for {Open,Net}BSD on powerpc */' >>./mpi/asm-syntax.h
-        echo '#define ELF_SYNTAX'                 >>./mpi/asm-syntax.h
-        cat   $srcdir/mpi/powerpc32/syntax.h	 >>./mpi/asm-syntax.h
-       mpi_sflags="-Wa,-mppc"
-        path="powerpc32"
-        ;;
- 
@@ -1,42 +0,0 @@
-$OpenBSD: patch-mpi_longlong_h,v 1.3 2018/01/23 13:54:54 jca Exp $
-
-Index: mpi/longlong.h
--- mpi/longlong.h.orig
-+++ mpi/longlong.h
-@@ -184,8 +184,8 @@ extern UDItype __udiv_qrnnd ();
- #define add_ssaaaa(sh, sl, ah, al, bh, bl) \
-   __asm__ ("adds %1, %4, %5\n"                                          \
- 	   "adc  %0, %2, %3"                                            \
-	   : "=r" ((USItype)(sh)),                                      \
-	     "=&r" ((USItype)(sl))                                      \
-+	   : "=r" ((sh)),                                               \
-+	     "=&r" ((sl))                                               \
- 	   : "%r" ((USItype)(ah)),                                      \
- 	     "rI" ((USItype)(bh)),                                      \
- 	     "%r" ((USItype)(al)),                                      \
-@@ -193,8 +193,8 @@ extern UDItype __udiv_qrnnd ();
- #define sub_ddmmss(sh, sl, ah, al, bh, bl) \
-   __asm__ ("subs %1, %4, %5\n"                                          \
- 	   "sbc  %0, %2, %3"                                            \
-	   : "=r" ((USItype)(sh)),                                      \
-	     "=&r" ((USItype)(sl))                                      \
-+	   : "=r" ((sh)),                                               \
-+	     "=&r" ((sl))                                               \
- 	   : "r" ((USItype)(ah)),                                       \
- 	     "rI" ((USItype)(bh)),                                      \
- 	     "r" ((USItype)(al)),                                       \
-@@ -221,10 +221,10 @@ extern UDItype __udiv_qrnnd ();
- 	   : "r0", "r1", "r2" __AND_CLOBBER_CC)
- #else
- #define umul_ppmm(xh, xl, a, b)                                         \
-  __asm__ ("%@ Inlined umul_ppmm\n"                                     \
-	   "umull %r1, %r0, %r2, %r3"                                   \
-		   : "=&r" ((USItype)(xh)),                             \
-		     "=r" ((USItype)(xl))                               \
-+  __asm__ ("@ Inlined umul_ppmm\n"                                      \
-+	   "umull %1, %0, %2, %3"                                       \
-+		   : "=&r" ((xh)),                                      \
-+		     "=r" ((xl))                                        \
- 		   : "r" ((USItype)(a)),                                \
- 		     "r" ((USItype)(b))                                 \
- 		   : "r0", "r1")
@@ -1,12 +0,0 @@
-$OpenBSD: patch-tools_Makefile_in,v 1.11 2015/03/01 12:12:54 jca Exp $
--- tools/Makefile.in.orig	Fri Feb 27 09:37:52 2015
-+++ tools/Makefile.in	Fri Feb 27 22:39:17 2015
-@@ -430,7 +430,7 @@ top_build_prefix = @top_build_prefix@
- top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
- EXTRA_DIST = lspgpot ring-a-party mail-signed-keys convert-from-106
-AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/intl \
-+AM_CPPFLAGS = -I$(top_srcdir)/include \
- 	$(am__append_1)
- needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a 
- other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
@@ -1,12 +0,0 @@
-$OpenBSD: patch-util_Makefile_in,v 1.10 2015/03/01 12:12:54 jca Exp $
--- util/Makefile.in.orig	Fri Feb 27 09:37:52 2015
-+++ util/Makefile.in	Fri Feb 27 22:40:53 2015
-@@ -415,7 +415,7 @@ target_alias = @target_alias@
- top_build_prefix = @top_build_prefix@
- top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
-AM_CPPFLAGS = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/intl
-+AM_CPPFLAGS = -I.. -I$(top_srcdir)/include
- noinst_LIBRARIES = libutil.a libcompat.a
- libutil_a_SOURCES = logger.c fileutil.c miscutil.c strgutil.c ttyio.c \
- 	argparse.c memory.c secmem.c errors.c iobuf.c dotlock.c http.c \
@@ -1,40 +0,0 @@
-$OpenBSD: patch-util_secmem_c,v 1.5 2014/10/13 19:21:16 sthen Exp $
--- util/secmem.c.orig	Thu Dec 20 12:22:28 2012
-+++ util/secmem.c	Sun Dec 30 23:27:38 2012
-@@ -36,6 +36,8 @@
- #include <sys/lock.h>
- #endif
- #endif
-+#include <sys/sysctl.h>
-+#include <uvm/uvm_swap_encrypt.h>
- 
- #include "types.h"
- #include "memory.h"
-@@ -91,11 +93,23 @@ static int suspend_warning;
- static void
- print_warn(void)
- {
-  if (!no_warning)
-+  int	 mib[3], swapencrypt = 0;
-+  size_t len;
-+
-+  mib[0] = CTL_VM;
-+  mib[1] = VM_SWAPENCRYPT;
-+  mib[2] = SWPENC_ENABLE;
-+
-+  len = sizeof(swapencrypt);
-+
-+  if (sysctl(mib, 3, &swapencrypt, &len, NULL, 0) == -1)
-+    log_info("WARNING: Can't receive vm.swapencrypt.enable sysctl value\n");
-+
-+  if (!no_warning && !swapencrypt)
-     {
-      log_info(_("WARNING: using insecure memory!\n"));
-      log_info(_("please see http://www.gnupg.org/documentation/faqs.html"
-		 " for more information\n"));
-+      log_info("WARNING: Using insecure memory!\n");
-+      log_info("Please enable swap encryption via"
-+		 " 'sysctl vm.swapencrypt.enable=1'.\n");
-     }
- }
- 
@@ -1,7 +1,6 @@
-GnuPG is a complete and free replacement for PGP. Because it does
-not use IDEA or RSA it can be used without any restrictions. GnuPG
-is nearly in compliance with RFC2440 (OpenPGP).
-
-Flavors:
-	card - build with OpenPGP card support
-	ldap - build with LDAP keyserver support
+The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
+and data storage.  It can be used to encrypt data, create digital
+signatures, help authenticating using Secure Shell and to provide a
+framework for public key cryptography.  It includes an advanced key
+management facility and is compliant with the OpenPGP and S/MIME
+standards.
@@ -1,2 +1,2 @@
-@comment $OpenBSD: PFRAG.ldap,v 1.2 2009/09/15 13:44:41 dhill Exp $
-@bin libexec/gnupg/gpgkeys_ldap
+@comment $OpenBSD: PFRAG.ldap,v 1.3 2020/10/05 19:46:17 jca Exp $
+@bin libexec/dirmngr_ldap
@@ -1,62 +1,126 @@
-@comment $OpenBSD: PLIST,v 1.31 2016/06/29 16:14:44 espie Exp $
-@option no-default-conflict
-@option is-branch
-@conflict gnupg-<2
+@comment $OpenBSD: PLIST,v 1.32 2020/10/05 19:46:17 jca Exp $
+@conflict gnupg-<2.2.23p1
@pkgpath ${BASE_PKGPATH},idea
+@pkgpath security/gnupg2
+@bin bin/dirmngr
+@bin bin/dirmngr-client
@bin bin/gpg
-bin/gpg-zip
+@bin bin/gpg-agent
+@bin bin/gpg-connect-agent
+@bin bin/gpg-wks-server
+bin/gpg2
+@bin bin/gpgconf
+@bin bin/gpgparsemail
+@bin bin/gpgscm
+@bin bin/gpgsm
@bin bin/gpgsplit
+@bin bin/gpgtar
@bin bin/gpgv
-@info info/gnupg1.info
-libexec/gnupg/
-@bin libexec/gnupg/gpgkeys_curl
-@bin libexec/gnupg/gpgkeys_finger
-@bin libexec/gnupg/gpgkeys_hkp
-@man man/man1/gpg-zip.1
+bin/gpgv2
+@bin bin/kbxutil
+@bin bin/watchgnupg
+@info info/gnupg.info
+@bin libexec/gpg-check-pattern
+@bin libexec/gpg-preset-passphrase
+@bin libexec/gpg-protect-tool
+@bin libexec/gpg-wks-client
+@bin libexec/scdaemon
+@man man/man1/dirmngr-client.1
+@man man/man1/gpg-agent.1
+@man man/man1/gpg-connect-agent.1
+@man man/man1/gpg-preset-passphrase.1
+@man man/man1/gpg-wks-client.1
+@man man/man1/gpg-wks-server.1
@man man/man1/gpg.1
+@man man/man1/gpgconf.1
+@man man/man1/gpgparsemail.1
+@man man/man1/gpgsm.1
+@man man/man1/gpgtar.1
@man man/man1/gpgv.1
+@man man/man1/scdaemon.1
+@man man/man1/symcryptrun.1
+@man man/man1/watchgnupg.1
+@man man/man7/gnupg.7
+@man man/man8/addgnupghome.8
+@man man/man8/applygnupgdefaults.8
+@man man/man8/dirmngr.8
+sbin/addgnupghome
+sbin/applygnupgdefaults
 share/doc/gnupg/
-share/doc/gnupg/AUTHORS
-share/doc/gnupg/BUGS
-share/doc/gnupg/COPYING
+share/doc/gnupg/DCO
 share/doc/gnupg/DETAILS
 share/doc/gnupg/FAQ
 share/doc/gnupg/HACKING
+share/doc/gnupg/KEYSERVER
 share/doc/gnupg/OpenPGP
 share/doc/gnupg/README
-share/doc/gnupg/THANKS
-share/doc/gnupg/TODO
+share/doc/gnupg/TRANSLATE
+share/doc/gnupg/examples/
+share/doc/gnupg/examples/README
+share/doc/gnupg/examples/debug.prf
+share/doc/gnupg/examples/gpgconf.conf
+share/doc/gnupg/examples/pwpattern.list
+share/doc/gnupg/examples/scd-event
+share/doc/gnupg/examples/trustlist.txt
+share/doc/gnupg/examples/vsnfd.prf
+share/doc/pkg-readmes/${PKGSTEM}
 share/gnupg/
-share/gnupg/options.skel
-share/locale/be/LC_MESSAGES/gnupg.mo
-share/locale/ca/LC_MESSAGES/gnupg.mo
-share/locale/cs/LC_MESSAGES/gnupg.mo
-share/locale/da/LC_MESSAGES/gnupg.mo
-share/locale/de/LC_MESSAGES/gnupg.mo
-share/locale/el/LC_MESSAGES/gnupg.mo
-share/locale/en@boldquot/LC_MESSAGES/gnupg.mo
-share/locale/en@quot/LC_MESSAGES/gnupg.mo
-share/locale/eo/LC_MESSAGES/gnupg.mo
-share/locale/es/LC_MESSAGES/gnupg.mo
-share/locale/et/LC_MESSAGES/gnupg.mo
-share/locale/fi/LC_MESSAGES/gnupg.mo
-share/locale/fr/LC_MESSAGES/gnupg.mo
-share/locale/gl/LC_MESSAGES/gnupg.mo
-share/locale/hu/LC_MESSAGES/gnupg.mo
-share/locale/id/LC_MESSAGES/gnupg.mo
-share/locale/it/LC_MESSAGES/gnupg.mo
-share/locale/ja/LC_MESSAGES/gnupg.mo
-share/locale/nb/LC_MESSAGES/gnupg.mo
-share/locale/nl/LC_MESSAGES/gnupg.mo
-share/locale/pl/LC_MESSAGES/gnupg.mo
-share/locale/pt/LC_MESSAGES/gnupg.mo
-share/locale/pt_BR/LC_MESSAGES/gnupg.mo
-share/locale/ro/LC_MESSAGES/gnupg.mo
-share/locale/ru/LC_MESSAGES/gnupg.mo
-share/locale/sk/LC_MESSAGES/gnupg.mo
-share/locale/sv/LC_MESSAGES/gnupg.mo
-share/locale/tr/LC_MESSAGES/gnupg.mo
-share/locale/uk/LC_MESSAGES/gnupg.mo
-share/locale/zh_CN/LC_MESSAGES/gnupg.mo
-share/locale/zh_TW/LC_MESSAGES/gnupg.mo
+share/gnupg/distsigkey.gpg
+share/gnupg/help.be.txt
+share/gnupg/help.ca.txt
+share/gnupg/help.cs.txt
+share/gnupg/help.da.txt
+share/gnupg/help.de.txt
+share/gnupg/help.el.txt
+share/gnupg/help.eo.txt
+share/gnupg/help.es.txt
+share/gnupg/help.et.txt
+share/gnupg/help.fi.txt
+share/gnupg/help.fr.txt
+share/gnupg/help.gl.txt
+share/gnupg/help.hu.txt
+share/gnupg/help.id.txt
+share/gnupg/help.it.txt
+share/gnupg/help.ja.txt
+share/gnupg/help.nb.txt
+share/gnupg/help.pl.txt
+share/gnupg/help.pt.txt
+share/gnupg/help.pt_BR.txt
+share/gnupg/help.ro.txt
+share/gnupg/help.ru.txt
+share/gnupg/help.sk.txt
+share/gnupg/help.sv.txt
+share/gnupg/help.tr.txt
+share/gnupg/help.txt
+share/gnupg/help.zh_CN.txt
+share/gnupg/help.zh_TW.txt
+share/gnupg/sks-keyservers.netCA.pem
+share/locale/ca/LC_MESSAGES/gnupg2.mo
+share/locale/cs/LC_MESSAGES/gnupg2.mo
+share/locale/da/LC_MESSAGES/gnupg2.mo
+share/locale/de/LC_MESSAGES/gnupg2.mo
+share/locale/el/LC_MESSAGES/gnupg2.mo
+share/locale/en@boldquot/LC_MESSAGES/gnupg2.mo
+share/locale/en@quot/LC_MESSAGES/gnupg2.mo
+share/locale/eo/LC_MESSAGES/gnupg2.mo
+share/locale/es/LC_MESSAGES/gnupg2.mo
+share/locale/et/LC_MESSAGES/gnupg2.mo
+share/locale/fi/LC_MESSAGES/gnupg2.mo
+share/locale/fr/LC_MESSAGES/gnupg2.mo
+share/locale/gl/LC_MESSAGES/gnupg2.mo
+share/locale/hu/LC_MESSAGES/gnupg2.mo
+share/locale/id/LC_MESSAGES/gnupg2.mo
+share/locale/it/LC_MESSAGES/gnupg2.mo
+share/locale/ja/LC_MESSAGES/gnupg2.mo
+share/locale/nb/LC_MESSAGES/gnupg2.mo
+share/locale/pl/LC_MESSAGES/gnupg2.mo
+share/locale/pt/LC_MESSAGES/gnupg2.mo
+share/locale/ro/LC_MESSAGES/gnupg2.mo
+share/locale/ru/LC_MESSAGES/gnupg2.mo
+share/locale/sk/LC_MESSAGES/gnupg2.mo
+share/locale/sv/LC_MESSAGES/gnupg2.mo
+share/locale/tr/LC_MESSAGES/gnupg2.mo
+share/locale/uk/LC_MESSAGES/gnupg2.mo
+share/locale/zh_CN/LC_MESSAGES/gnupg2.mo
+share/locale/zh_TW/LC_MESSAGES/gnupg2.mo
 %%ldap%%
@@ -0,0 +1,44 @@
+$OpenBSD: README,v 1.1 2020/10/05 19:46:17 jca Exp $
+
+-----------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------
+
+In order to use a card reader other than the few ones supported by
+GnuPG's internal CCID driver, the ccid, pcsc-lite and pcsc-tools packages
+need to be installed.
+
+Example YubiKey 4 Setup Procedure
+=================================
+
+Install required packages, enable and start pcscd(8) PC/SC smartcard daemon:
+
+    # pkg_add ccid pcsc-lite pcsc-tools
+    # rcctl enable pcscd
+    # rcctl start pcscd
+
+Find the reader with YubiKey:
+
+    $ pcsc_scan -n
+    PC/SC device scanner
+    V 1.4.27 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
+    Compiled with PC/SC lite version: 1.8.20
+    Using reader plug'n play mechanism
+    Scanning present readers...
+    0: Yubico Yubikey 4 OTP+U2F+CCID 00 00
+
+    Sun Apr 23 15:15:40 2017
+    Reader 0: Yubico Yubikey 4 OTP+U2F+CCID 00 00
+      Card state: Card inserted, Exclusive Mode,
+      ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
+    #Ctrl+C
+
+Configure scdaemon(1) smartcard daemon to use this reader:
+
+    $ echo "reader-port \"Yubico Yubikey 4 OTP+U2F+CCID 00 0\"" >> \
+	~/.gnupg/scdaemon.conf
+
+Check if the YubiKey is recognized by GnuPG:
+
+    $ gpg2 --card-status
+    Reader ...........: Yubico Yubikey 4 OTP U2F CCID 00 00
@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.16 2020/08/01 14:43:32 abieber Exp $
+# $OpenBSD: Makefile,v 1.17 2020/10/05 19:46:17 jca Exp $

 COMMENT =	pass compatible password manager written in go

 MODGO_MODNAME =	github.com/gopasspw/gopass
 MODGO_VERSION =	v1.9.2
+REVISION =	0
 DISTNAME =	gopass-${MODGO_VERSION}

 CATEGORIES =	security
@@ -21,7 +22,7 @@ MODGO_TYPE =	bin
 MODGO_LDFLAGS =	-X "main.version=${MODGO_VERSION}"

 RUN_DEPENDS =	devel/git \
-		security/gnupg2
+		security/gnupg>=2.2.23p1

 # for tests; some still fail
 PORTHOME =	${WRKDIR}
@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.57 2020/08/24 16:28:30 sthen Exp $
+# $OpenBSD: Makefile,v 1.58 2020/10/05 19:46:18 jca Exp $

 COMMENT-main =		GnuPG Made Easy
 COMMENT-qt =		Qt bindings for GPGme

 VERSION =		1.14.0
+REVISION =		0
 DISTNAME =		gpgme-${VERSION}
 PKGNAME-main =		gpgme-${VERSION}
 PKGNAME-qt =		gpgme-qt-${VERSION}
@@ -38,12 +39,8 @@ NOT_FOR_ARCHS-qt =	alpha mips64 sh

 CONFIGURE_STYLE =	gnu

-# Requires gpgsm (gnupg 2.x) during build, but can run with any gnupg.
-BUILD_DEPENDS =		gnupg->=2:security/gnupg2
-
-# gnupg-* is normally the default anyway, but gnupg1 overrides PKGSPEC
-# so we must be explicit here.
-RUN_DEPENDS =		gnupg-*:security/gnupg
+BUILD_DEPENDS =		security/gnupg>=2.2.23p1
+RUN_DEPENDS =		security/gnupg>=2.2.23p1
 LIB_DEPENDS-main =	${LIB_DEPENDS:N*qt*} \
 			devel/gettext,-runtime \
 			security/libgpg-error>=1.4 \
@@ -72,11 +69,4 @@ pre-configure:
 	${SUBST_CMD} ${WRKSRC}/lang/cpp/src/GpgmeppConfig.cmake.in.in
 	${SUBST_CMD} ${WRKSRC}/lang/qt/src/QGpgmeConfig.cmake.in.in

-# The tests target gpg2. Running with gpg version 1 will give:
-# `./t-support.h:160: GPGME: Invalid crypto engine'
-# https://dev.gnupg.org/T3512
-TEST_DEPENDS +=		security/gnupg2
-pre-build:
-	ln -sf ${LOCALBASE}/bin/gpg2 ${WRKDIR}/bin/gpg
-
 .include <bsd.port.mk>
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.25 2020/02/01 17:52:39 juanfra Exp $
+# $OpenBSD: Makefile,v 1.26 2020/10/05 19:46:18 jca Exp $

 # go-ps only supports amd64 on OpenBSD
 # ../vendor/github.com/keybase/go-ps/process.go:39: undefined: processes
@@ -8,6 +8,7 @@ ONLY_FOR_ARCHS = amd64
 COMMENT =	client for keybase.io

 V =		v5.2.0
+REVISION =	0
 DISTNAME =	keybase-${V}
 PKGNAME =	keybase-${V:S/v//}
 EXTRACT_SUFX =	.tar.xz
@@ -22,7 +23,7 @@ PERMIT_PACKAGE =	Yes

 MASTER_SITES =	https://github.com/keybase/client/releases/download/${V}/

-RUN_DEPENDS =	security/gnupg2
+RUN_DEPENDS =	security/gnupg>=2.2.23p1

 WANTLIB += c pthread

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.7 2019/10/08 12:26:01 jca Exp $
+# $OpenBSD: Makefile,v 1.8 2020/10/05 19:46:18 jca Exp $

 COMMENT =	manage and share secrets using GnuPG and Git

 DISTNAME =	keyringer-0.5.4
-REVISION =	0
+REVISION =	1

 CATEGORIES =	security

@@ -18,7 +18,7 @@ MASTER_SITES =		https://keyringer.pw/releases/
 EXTRACT_SUFX =		.tar.bz2

 RUN_DEPENDS =		devel/git \
-			security/gnupg2 \
+			security/gnupg>=2.2.23p1 \
 			shells/bash \
 			converters/base64

@@ -1,7 +1,6 @@
-$OpenBSD: patch-lib_keyringer_functions,v 1.5 2019/10/08 12:26:01 jca Exp $
+$OpenBSD: patch-lib_keyringer_functions,v 1.6 2020/10/05 19:46:18 jca Exp $

 - no mount -l/tmpfs in OpenBSD
- use gpg2, upstream seems to rely on gpg being gpg2
 - use date(1) -r instead of GNU date(1) --date=

 Index: lib/keyringer/functions
@@ -16,54 +15,7 @@ Index: lib/keyringer/functions
 }
 
 # Setup a temporary file
-@@ -314,9 +314,9 @@ function keyringer_set_env {
-   fi
- 
-   if [ ! -z "$KEYID" ]; then
-    GPG="gpg --quiet --no-encrypt-to -u $KEYID"
-+    GPG="gpg2 --quiet --no-encrypt-to -u $KEYID"
-   else
-    GPG="gpg --quiet --no-encrypt-to"
-+    GPG="gpg2 --quiet --no-encrypt-to"
-   fi
- 
-   # Check keyring config version
-@@ -601,7 +601,7 @@ function keyringer_recv_keys {
-   local recipient="$1"
- 
-   echo "Trying to receive missing key $recipient..."
-  gpg --batch --recv-keys "$recipient"
-+  gpg2 --batch --recv-keys "$recipient"
- }
- 
- # Refresh keys from keyserver
-@@ -611,7 +611,7 @@ function keyringer_refresh_keys {
-   local recipient="$1"
- 
-   echo "Trying to refresh key $recipient..."
-  gpg --batch --recv-keys "$recipient"
-+  gpg2 --batch --recv-keys "$recipient"
- }
- 
- # Check recipient size
-@@ -698,7 +698,7 @@ function keyringer_check_recipients {
- function keyringer_check_recipient_key {
-   local recipient="$1"
- 
-  gpg --list-key "$recipient" &> /dev/null
-+  gpg2 --list-key "$recipient" &> /dev/null
-   if [ "$?" != "0" ]; then
-     if [ "$BASENAME" == "check" ]; then
-       refresh="no"
-@@ -727,14 +727,14 @@ function keyringer_check_expiration {
-   seconds="`date +%s`"
- 
-   # Check the main key
-  expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | head -n1 | cut -d : -f 7`"
-+  expiry="`gpg2 --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | head -n1 | cut -d : -f 7`"
- 
-   # TODO: Time to expire can be configured via repository options.
-   ahead="$((86400 * 30 + $seconds))"
+@@ -734,7 +734,7 @@ function keyringer_check_expiration {
 
   # Check if key is expired
   if [ ! -z "$expiry" ] && [[ "$seconds" -gt "$expiry" ]]; then
@@ -72,7 +24,7 @@ Index: lib/keyringer/functions
 
     if [ "$KEYRINGER_MODE" == "write" ] || [ "$KEYRINGER_MODE" == "readwrite" ]; then
       echo ", aborting."
-@@ -749,12 +749,12 @@ function keyringer_check_expiration {
+@@ -749,7 +749,7 @@ function keyringer_check_expiration {
   # TODO: Users can be alerted by mail if configured by user preferences.
   # TODO: Outgoing emails can be encrypted.
   if [ "$BASENAME" == "check" ] && [ ! -z "$expiry" ] && [[ "$ahead" -gt "$expiry" ]]; then
@@ -81,12 +33,6 @@ Index: lib/keyringer/functions
   fi
 
   # Check the subkeys
-   local subkey=""
-  for subkey in $(gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub); do
-+  for subkey in $(gpg2 --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub); do
-     local expiry=$(cut -d : -f 7 <<< "$subkey")
- 
-     if [[ -z "$expiry" ]]; then
@@ -765,7 +765,7 @@ function keyringer_check_expiration {
       not_expired="1"
 
@@ -96,12 +42,3 @@ Index: lib/keyringer/functions
       fi
     fi
   done
-@@ -851,7 +851,7 @@ function keyringer_create_new_recipients {
-       recipient="`grep -e "^default-key" ~/.gnupg/gpg.conf | cut -d ' ' -f 2`"
- 
-       if [ ! -z "$recipient" ]; then
-        key="`gpg --fingerprint --with-colons $recipient 2> /dev/null`"
-+        key="`gpg2 --fingerprint --with-colons $recipient 2> /dev/null`"
- 
-         if [ "$?" == "0" ]; then
-           fpr="`echo "$key" | grep -e '^fpr:' | head -1 | cut -d : -f 10`"
@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.7 2019/07/12 20:49:09 sthen Exp $
+# $OpenBSD: Makefile,v 1.8 2020/10/05 19:46:18 jca Exp $

 COMMENT =	simple password store

 DISTNAME =	password-store-1.7.3
+REVISION =	0

 CATEGORIES =	security

@@ -20,7 +21,7 @@ RUN_DEPENDS =	converters/base64 \
 		devel/git \
 		graphics/libqrencode \
 		misc/gnugetopt \
-		security/gnupg2 \
+		security/gnupg>=2.2.23p1 \
 		shells/bash \
 		sysutils/colortree \
 		x11/xclip
@@ -1,8 +1,8 @@
-$OpenBSD: patch-src_password-store_sh,v 1.4 2018/06/19 09:39:18 bentley Exp $
+$OpenBSD: patch-src_password-store_sh,v 1.5 2020/10/05 19:46:18 jca Exp $
 Index: src/password-store.sh
 --- src/password-store.sh.orig
 +++ src/password-store.sh
-@@ -323,7 +323,7 @@ cmd_init() {
+@@ -324,7 +324,7 @@ cmd_init() {
 		fi
 		rmdir -p "${gpg_id%/*}" 2>/dev/null
 	else
@@ -11,7 +11,7 @@ Index: src/password-store.sh
 		printf "%s\n" "$@" > "$gpg_id"
 		local id_print="$(printf "%s, " "$@")"
 		echo "Password store initialized for ${id_print%, }${id_path:+ ($id_path)}"
-@@ -381,7 +381,10 @@ cmd_show() {
+@@ -382,7 +382,10 @@ cmd_show() {
 		else
 			echo "${path%\/}"
 		fi
@@ -23,7 +23,7 @@ Index: src/password-store.sh
 	elif [[ -z $path ]]; then
 		die "Error: password store is empty. Try \"pass init\"."
 	else
-@@ -393,14 +396,16 @@ cmd_find() {
+@@ -394,14 +397,16 @@ cmd_find() {
 	[[ $# -eq 0 ]] && die "Usage: $PROGRAM $COMMAND pass-names..."
 	IFS="," eval 'echo "Search Terms: $*"'
 	local terms="*$(printf '%s*|*' "$@")"
@@ -42,7 +42,7 @@ Index: src/password-store.sh
 		[[ $? -ne 0 ]] && continue
 		passfile="${passfile%.gpg}"
 		passfile="${passfile#$PREFIX/}"
-@@ -432,7 +437,7 @@ cmd_insert() {
+@@ -433,7 +438,7 @@ cmd_insert() {
 
 	[[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
 
@@ -51,7 +51,7 @@ Index: src/password-store.sh
 	set_gpg_recipients "$(dirname -- "$path")"
 
 	if [[ $multiline -eq 1 ]]; then
-@@ -466,7 +471,7 @@ cmd_edit() {
+@@ -467,7 +472,7 @@ cmd_edit() {
 
 	local path="${1%/}"
 	check_sneaky_paths "$path"
@@ -1,7 +1,8 @@
-$OpenBSD: patch-src_platform_openbsd_sh,v 1.1 2017/03/07 08:53:17 bentley Exp $
--- src/platform/openbsd.sh.orig	Tue Feb 28 14:02:06 2017
-+++ src/platform/openbsd.sh	Tue Feb 28 14:02:18 2017
-@@ -2,39 +2,5 @@
+$OpenBSD: patch-src_platform_openbsd_sh,v 1.2 2020/10/05 19:46:18 jca Exp $
+Index: src/platform/openbsd.sh
+--- src/platform/openbsd.sh.orig
+++ src/platform/openbsd.sh
+@@ -2,40 +2,6 @@
 # Copyright (C) 2015 David Dahlberg <david.dahlberg@fkie.fraunhofer.de>. All Rights Reserved.
 # This file is licensed under the GPLv2+. Please see COPYING for more information.
 
@@ -41,3 +42,4 @@ $OpenBSD: patch-src_platform_openbsd_sh,v 1.1 2017/03/07 08:53:17 bentley Exp $
 -
 GETOPT="gnugetopt"
 SHRED="rm -P -f"
+ BASE64="openssl base64"
@@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2020/09/14 22:46:38 abieber Exp $
+# $OpenBSD: Makefile,v 1.2 2020/10/05 19:46:18 jca Exp $

 COMMENT=	multi-platform GUI for password-store

 GH_ACCOUNT=	IJHack
 GH_PROJECT=	QtPass
 GH_TAGNAME=	v1.3.2
+REVISION=	0
 PKGNAME=	${DISTNAME:L}

 CATEGORIES=	security x11
@@ -23,7 +24,7 @@ MODULES=	devel/qmake \
 		x11/qt5

 RUN_DEPENDS=	devel/git \
-		security/gnupg2 \
+		security/gnupg>=2.2.23p1 \
 		security/password-store \
 		security/pwgen

@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.52 2020/07/05 08:53:45 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.53 2020/10/05 19:46:18 jca Exp $

 COMMENT =		encrypted backup using rsync algorithm

 MODPY_EGG_VERSION =	0.8.13
+REVISION =		0
 DISTNAME =		duplicity-${MODPY_EGG_VERSION}

 CATEGORIES =		sysutils
@@ -29,7 +30,7 @@ LIB_DEPENDS =		net/librsync
 RUN_DEPENDS =		devel/py-fasteners${MODPY_FLAVOR} \
 			devel/py-future${MODPY_FLAVOR} \
 			net/ncftp \
-			gnupg->=2:security/gnupg2 \
+			security/gnupg>=2.2.23p1 \
 			security/py-paramiko${MODPY_FLAVOR}

 TEST_DEPENDS =		archivers/gtar \
@@ -1,14 +0,0 @@
-$OpenBSD: patch-duplicity_config_py,v 1.1 2020/07/05 08:53:45 ajacoutot Exp $
-
-Index: duplicity/config.py
--- duplicity/config.py.orig
-+++ duplicity/config.py
-@@ -95,7 +95,7 @@ are_errors_fatal = {
- # source directory.
- select = None
- 
-gpg_binary = None
-+gpg_binary = 'gpg2'
- 
- # Set to GPGProfile that will be used to compress/uncompress encrypted
- # files.  Replaces encryption_keys, sign_key, and passphrase settings.
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.155 2020/08/09 10:33:43 jasper Exp $
+# $OpenBSD: Makefile,v 1.156 2020/10/05 19:46:18 jca Exp $

 # optional dependencies
 # https://github.com/saltstack/salt/blob/develop/doc/conf.py
@@ -18,6 +18,7 @@
 COMMENT =		remote execution and configuration management system

 MODPY_EGG_VERSION =	3001.1
+REVISION =		0
 DISTNAME =		salt-${MODPY_EGG_VERSION}

 CATEGORIES =		sysutils net devel
@@ -1,25 +0,0 @@
-$OpenBSD: patch-salt_renderers_gpg_py,v 1.1 2020/07/25 09:25:32 jasper Exp $
-
-Attempt to use gpg2 first, falling back to gpg.
-
-Index: salt/renderers/gpg.py
--- salt/renderers/gpg.py.orig
-+++ salt/renderers/gpg.py
-@@ -305,11 +305,12 @@ def _get_gpg_exec():
-     """
-     return the GPG executable or raise an error
-     """
-    gpg_exec = salt.utils.path.which("gpg")
-    if gpg_exec:
-        return gpg_exec
-    else:
-        raise SaltRenderError("GPG unavailable")
-+    for gpg_bin in ['gpg', 'gpg2']:
-+        gpg_exec = salt.utils.path.which(gpg_bin)
-+        if gpg_exec:
-+            return gpg_exec
-+
-+    raise SaltRenderError("GPG unavailable")
- 
- 
- def _get_key_dir():
@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.64 2020/05/14 14:58:33 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.65 2020/10/05 19:46:18 jca Exp $

 COMMENT=		library for bits of crypto UI and parsing

 GNOME_PROJECT=		gcr
 GNOME_VERSION=		3.36.0
+REVISION=		0

 SHARED_LIBS += gck-1                     2.1 # 0.0.0
 SHARED_LIBS += gcr-base-3                3.1 # 1.0.0
@@ -30,8 +31,8 @@ LIB_DEPENDS=		x11/gtk+3 \
 			security/libgcrypt \
 			security/p11-kit

-BUILD_DEPENDS=		gnupg->=2:security/gnupg2
-RUN_DEPENDS=		gnupg->=2:security/gnupg2
+BUILD_DEPENDS=		security/gnupg>=2.2.23p1
+RUN_DEPENDS=		security/gnupg>=2.2.23p1

 CONFIGURE_ARGS=		-Dgtk_doc=false

@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.37 2019/07/07 11:20:52 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.38 2020/10/05 19:46:18 jca Exp $

 COMMENT=	interface components for OpenPGP

 GNOME_PROJECT=	libcryptui
 GNOME_VERSION=	3.12.2
-REVISION=	9
+REVISION=	10

 SHARED_LIBS +=  cryptui              2.0      # 0.0

@@ -35,9 +35,7 @@ LIB_DEPENDS=	x11/dbus-glib \

 CONFIGURE_STYLE=gnu

-# security/gpgme depends on either gnupg-1 or gnupg-2; we want 2.X
-BUILD_DEPENDS +=	gnupg->=2:security/gnupg2
-RUN_DEPENDS +=		gnupg->=2:security/gnupg2
-CONFIGURE_ENV +=	ac_cv_path_GNUPG=${LOCALBASE}/bin/gpg2
+BUILD_DEPENDS +=	security/gnupg>=2.2.23p1
+RUN_DEPENDS +=		security/gnupg>=2.2.23p1

 .include <bsd.port.mk>
@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.33 2019/07/07 11:20:54 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.34 2020/10/05 19:46:18 jca Exp $

 COMMENT=		GnuPG extension for nautilus(1)

 GNOME_PROJECT=		seahorse-nautilus
 GNOME_VERSION=		3.10.1
-REVISION=		12
+REVISION=		13

 CATEGORIES=		security

@@ -32,10 +32,8 @@ LIB_DEPENDS=		x11/gnome/gcr \

 CONFIGURE_STYLE=	gnu

-# security/gpgme depends on either gnupg-1 or gnupg-2; we want 2.X
-BUILD_DEPENDS +=	gnupg->=2:security/gnupg2
-RUN_DEPENDS +=		gnupg->=2:security/gnupg2
-CONFIGURE_ENV +=	ac_cv_path_GNUPG=${LOCALBASE}/bin/gpg2
+BUILD_DEPENDS +=	security/gnupg>=2.2.23p1
+RUN_DEPENDS +=		security/gnupg>=2.2.23p1

 post-install:
 	rm ${PREFIX}/lib/nautilus/extensions-3.0/*.{a,la}
@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.26 2019/07/07 11:20:54 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.27 2020/10/05 19:46:18 jca Exp $

 COMMENT=		PGP public keys sharing via DNS-SD and HKP

 GNOME_PROJECT=		seahorse-sharing
 GNOME_VERSION=		3.8.0
-REVISION=		10
+REVISION=		11

 CATEGORIES=		net security

@@ -30,10 +30,8 @@ LIB_DEPENDS=		devel/libsoup \

 CONFIGURE_STYLE=	gnu

-# security/gpgme depends on either gnupg-1 or gnupg-2; we want 2.X
-BUILD_DEPENDS +=	gnupg->=2:security/gnupg2
-RUN_DEPENDS +=		gnupg->=2:security/gnupg2
-CONFIGURE_ENV +=	ac_cv_path_GNUPG=${LOCALBASE}/bin/gpg2
+BUILD_DEPENDS +=	security/gnupg>=2.2.23p1
+RUN_DEPENDS +=		security/gnupg>=2.2.23p1

 FAKE_FLAGS=		sysconfdir=${PREFIX}/share/examples/seahorse-sharing

@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.122 2020/06/27 18:14:22 kmos Exp $
+# $OpenBSD: Makefile,v 1.123 2020/10/05 19:46:18 jca Exp $

 COMMENT=		GNOME encryption interface

 GNOME_PROJECT=		seahorse
 GNOME_VERSION=		3.36.2
+REVISION=		0

 CATEGORIES=		security

@@ -35,9 +36,8 @@ LIB_DEPENDS=		databases/openldap \
 			x11/gnome/libsecret \
 			x11/libhandy

-# security/gpgme depends on either gnupg-1 or gnupg-2; we want 2.X
-BUILD_DEPENDS +=	gnupg->=2:security/gnupg2
-RUN_DEPENDS +=		gnupg->=2:security/gnupg2
+BUILD_DEPENDS +=	security/gnupg>=2.2.23p1
+RUN_DEPENDS +=		security/gnupg>=2.2.23p1

 DEBUG_PACKAGES=		${BUILD_PACKAGES}

@@ -2,6 +2,7 @@

 COMMENT =	certificate manager and a universal crypto GUI
 DISTNAME =	kleopatra-${VERSION}
+REVISION =	0
 CATEGORIES =	security x11

 SHARED_LIBS +=  kleopatraclientcore     1.0 # 1.3.0
@@ -24,7 +25,7 @@ MODKDE5_DOCS = yes

 MODULES +=	x11/kde-applications

-RUN_DEPENDS =	security/gnupg2
+RUN_DEPENDS =	security/gnupg>=2.2.23p1
 BUILD_DEPENDS =	devel/boost

 LIB_DEPENDS =	devel/kf5/kauth \