upg cryptsetup curl gpgme xz

cryptsetup/PKGBUILD

@@ -7,9 +7,8 @@
 
 pkgname=cryptsetup
 pkgver=2.6.1
-pkgrel=01
+pkgrel=02
 pkgdesc='Userspace setup tool for transparent encryption of block devices using dm-crypt'
-arch=(x86_64)
 url='https://gitlab.com/cryptsetup/cryptsetup/'
 depends=('device-mapper' 'libdevmapper.so' 'openssl' 'popt' 'util-linux-libs'
          'libuuid.so' 'json-c' 'libjson-c.so' 'argon2' 'libargon2.so')
@@ -48,7 +47,9 @@ package() {
   install -D -m0644 "${srcdir}"/install-sd-encrypt "${pkgdir}"/usr/lib/initcpio/install/sd-encrypt
 }
 
-#---- license gpg-key sha256sums ----
+#---- arch license gpg-key & sha256sums ----
+
+arch=(x86_64)
 
 license=('GPL')
 
@@ -56,8 +57,9 @@ validpgpkeys=('2A2918243FDE46648D0686F9D9B0577BD93E98FC') # Milan Broz <gmazylan
 
 sha256sums=(410ded65a1072ab9c8e41added37b9729c087fef4d2db02bb4ef529ad6da4693  # cryptsetup-2.6.1.tar.xz
 	13847ffd76ccf3e8f359992f20f72213d4df7ddc955f40cc97923d393f76d6e8  # cryptsetup-2.6.1.tar.sign
-	29a3f1db5b86a8e6b7c914125e2c46711d6d5985bbf4089e158e06af551c8307  # hooks-encrypt
+	839e961e053512293052250b424f38c347cb46c14cbd51d7e2705b3f5378ec02  # hooks-encrypt
 	2b71c6c56ef81e5bf4f49dcc08dbd1651b46bda51a8f75a0a342b344b2d0eccd  # install-encrypt
-	24cd81419c8f3fd8341dfa3c4616946180a16ea762b6ea7576d2214f83f875db) # install-sd-encrypt
+	0105a26b58b4c271b0f7b65405b96b47014a4a517fc752cf1af8f6c556d2ea87) # install-sd-encrypt
 
+##  8dbae24de155020fc98c67d9cb209bbe1ffaadc123a68a8d23cacff8555350f9  cryptsetup-2.6.1-02-x86_64.pkg.tar.lz
 

cryptsetup/PKGBUILD-arch

@@ -3,7 +3,7 @@
 
 pkgname=cryptsetup
 pkgver=2.6.1
-pkgrel=1
+pkgrel=2
 pkgdesc='Userspace setup tool for transparent encryption of block devices using dm-crypt'
 arch=(x86_64)
 license=('GPL')
@@ -20,9 +20,9 @@ source=("https://www.kernel.org/pub/linux/utils/cryptsetup/v${pkgver%.*}/${pkgna
         'install-sd-encrypt')
 sha256sums=('410ded65a1072ab9c8e41added37b9729c087fef4d2db02bb4ef529ad6da4693'
             'SKIP'
-            '29a3f1db5b86a8e6b7c914125e2c46711d6d5985bbf4089e158e06af551c8307'
+            '839e961e053512293052250b424f38c347cb46c14cbd51d7e2705b3f5378ec02'
             '2b71c6c56ef81e5bf4f49dcc08dbd1651b46bda51a8f75a0a342b344b2d0eccd'
-            '24cd81419c8f3fd8341dfa3c4616946180a16ea762b6ea7576d2214f83f875db')
+            '0105a26b58b4c271b0f7b65405b96b47014a4a517fc752cf1af8f6c556d2ea87')
 
 build() {
   cd "${srcdir}"/$pkgname-${pkgver}

cryptsetup/hooks-encrypt

@@ -68,6 +68,9 @@ EOF
             no-write-workqueue|perf-no_write_workqueue)
                 cryptargs="${cryptargs} --perf-no_write_workqueue"
                 ;;
+            sector-size=*)
+                cryptargs="${cryptargs} --sector-size ${cryptopt#*=}"
+                ;;
             *)
                 echo "Encryption option '${cryptopt}' not known, ignoring." >&2
                 ;;
@@ -91,13 +94,19 @@ EOF
             fi
             # Ask for a passphrase
             if [ ${dopassphrase} -gt 0 ]; then
-                echo ""
-                echo "A password is required to access the ${cryptname} volume:"
+                if command -v plymouth >/dev/null 2>&1 && plymouth --ping 2>/dev/null; then
+                    plymouth ask-for-password \
+                        --prompt="A password is required to access the ${cryptname} volume" \
+                        --command="cryptsetup open --type luks --key-file=- ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}"
+                else
+                    echo ""
+                    echo "A password is required to access the ${cryptname} volume:"
 
-                #loop until we get a real password
-                while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
-                    sleep 2;
-                done
+                    #loop until we get a real password
+                    while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
+                        sleep 2;
+                    done
+                fi
             fi
             if [ -e "/dev/mapper/${cryptname}" ]; then
                 if [ ${DEPRECATED_CRYPT} -eq 1 ]; then

cryptsetup/hooks-encrypt.0

@@ -0,0 +1,155 @@
+#!/usr/bin/ash
+
+run_hook() {
+    modprobe -a -q dm-crypt >/dev/null 2>&1
+    [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
+
+    # Get keyfile if specified
+    ckeyfile="/crypto_keyfile.bin"
+    if [ -n "$cryptkey" ]; then
+        IFS=: read ckdev ckarg1 ckarg2 <<EOF
+$cryptkey
+EOF
+
+        if [ "$ckdev" = "rootfs" ]; then
+            ckeyfile=$ckarg1
+        elif resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
+            case ${ckarg1} in
+                *[!0-9]*)
+                    # Use a file on the device
+                    # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
+                    mkdir /ckey
+                    mount -r -t "$ckarg1" "$resolved" /ckey
+                    dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
+                    umount /ckey
+                    ;;
+                *)
+                    # Read raw data from the block device
+                    # ckarg1 is numeric: ckarg1=offset, ckarg2=length
+                    dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
+                    ;;
+            esac
+        fi
+        [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
+    fi
+
+    if [ -n "${cryptdevice}" ]; then
+        DEPRECATED_CRYPT=0
+        IFS=: read cryptdev cryptname cryptoptions <<EOF
+$cryptdevice
+EOF
+    else
+        DEPRECATED_CRYPT=1
+        cryptdev="${root}"
+        cryptname="root"
+    fi
+
+    # This may happen if third party hooks do the crypt setup
+    if [ -b "/dev/mapper/${cryptname}" ]; then
+        echo "Device ${cryptname} already exists, not doing any crypt setup."
+        return 0
+    fi
+
+    warn_deprecated() {
+        echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
+        echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
+    }
+
+    set -f
+    OLDIFS="$IFS"; IFS=,
+    for cryptopt in ${cryptoptions}; do
+        case ${cryptopt} in
+            allow-discards|discard)
+                cryptargs="${cryptargs} --allow-discards"
+                ;;
+            no-read-workqueue|perf-no_read_workqueue)
+                cryptargs="${cryptargs} --perf-no_read_workqueue"
+                ;;
+            no-write-workqueue|perf-no_write_workqueue)
+                cryptargs="${cryptargs} --perf-no_write_workqueue"
+                ;;
+            *)
+                echo "Encryption option '${cryptopt}' not known, ignoring." >&2
+                ;;
+        esac
+    done
+    set +f
+    IFS="$OLDIFS"
+    unset OLDIFS
+
+    if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
+        if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
+            [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+            dopassphrase=1
+            # If keyfile exists, try to use that
+            if [ -f ${ckeyfile} ]; then
+                if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
+                    dopassphrase=0
+                else
+                    echo "Invalid keyfile. Reverting to passphrase."
+                fi
+            fi
+            # Ask for a passphrase
+            if [ ${dopassphrase} -gt 0 ]; then
+                echo ""
+                echo "A password is required to access the ${cryptname} volume:"
+
+                #loop until we get a real password
+                while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
+                    sleep 2;
+                done
+            fi
+            if [ -e "/dev/mapper/${cryptname}" ]; then
+                if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+                    export root="/dev/mapper/root"
+                fi
+            else
+                err "Password succeeded, but ${cryptname} creation failed, aborting..."
+                return 1
+            fi
+        elif [ -n "${crypto}" ]; then
+            [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+            msg "Non-LUKS encrypted device found..."
+            if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then
+                err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
+                err "Non-LUKS decryption not attempted..."
+                return 1
+            fi
+            exe="cryptsetup open --type plain $resolved $cryptname $cryptargs"
+            IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
+$crypto
+EOF
+            [ -n "$c_hash" ]    && exe="$exe --hash '$c_hash'"
+            [ -n "$c_cipher" ]  && exe="$exe --cipher '$c_cipher'"
+            [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'"
+            [ -n "$c_offset" ]  && exe="$exe --offset '$c_offset'"
+            [ -n "$c_skip" ]    && exe="$exe --skip '$c_skip'"
+            if [ -f "$ckeyfile" ]; then
+                exe="$exe --key-file $ckeyfile"
+            else
+                echo ""
+                echo "A password is required to access the ${cryptname} volume:"
+            fi
+            eval "$exe $CSQUIET"
+
+            if [ $? -ne 0 ]; then
+                err "Non-LUKS device decryption failed. verify format: "
+                err "      crypto=hash:cipher:keysize:offset:skip"
+                return 1
+            fi
+            if [ -e "/dev/mapper/${cryptname}" ]; then
+                if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+                    export root="/dev/mapper/root"
+                fi
+            else
+                err "Password succeeded, but ${cryptname} creation failed, aborting..."
+                return 1
+            fi
+        else
+            err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
+        fi
+    fi
+    rm -f ${ckeyfile}
+}
+
+# vim: set ft=sh ts=4 sw=4 et:

cryptsetup/install-sd-encrypt

@@ -38,14 +38,12 @@ build() {
     add_binary '/usr/lib/ossl-modules/legacy.so'
 
     # add libraries dlopen()ed by systemd-cryptsetup
-    for LIB in fido2 tss2-{{esys,rc,mu},tcti-'*'}; do
-        for FILE in $(find /usr/lib/ -maxdepth 1 -name "lib${LIB}.so*"); do
-            if [[ -L "${FILE}" ]]; then
-                add_symlink "${FILE}"
-            else
-                add_binary "${FILE}"
-            fi
-        done
+    for FILE in $(find /usr/lib/ -maxdepth 1 -name "libfido.so*"); do
+        if [[ -L "${FILE}" ]]; then
+            add_symlink "${FILE}"
+        else
+            add_binary "${FILE}"
+        fi
     done
 
     # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5))

cryptsetup/install-sd-encrypt.0

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+build() {
+    local mod
+
+    add_module 'dm-crypt'
+    add_module 'dm-integrity'
+    if [[ $CRYPTO_MODULES ]]; then
+        for mod in $CRYPTO_MODULES; do
+            add_module "$mod"
+        done
+    else
+        add_all_modules '/crypto/'
+    fi
+    add_checked_modules '/drivers/char/tpm/'
+
+    map add_udev_rule \
+        '10-dm.rules' \
+        '13-dm-disk.rules' \
+        '60-fido-id.rules' \
+        '95-dm-notify.rules' \
+        '/usr/lib/initcpio/udev/11-dm-initramfs.rules'
+
+    map add_systemd_unit 'cryptsetup.target' \
+        'systemd-ask-password-console.path' \
+        'systemd-ask-password-console.service'
+    map add_binary \
+        '/usr/lib/systemd/system-generators/systemd-cryptsetup-generator' \
+        '/usr/lib/systemd/systemd-cryptsetup' \
+        '/usr/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so' \
+        '/usr/lib/cryptsetup/libcryptsetup-token-systemd-pkcs11.so' \
+        '/usr/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so'
+
+    # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
+    add_binary '/usr/lib/libgcc_s.so.1'
+
+    # cryptsetup loads the legacy provider which is required for whirlpool
+    add_binary '/usr/lib/ossl-modules/legacy.so'
+
+    # add libraries dlopen()ed by systemd-cryptsetup
+    for LIB in fido2 tss2-{{esys,rc,mu},tcti-'*'}; do
+        for FILE in $(find /usr/lib/ -maxdepth 1 -name "lib${LIB}.so*"); do
+            if [[ -L "${FILE}" ]]; then
+                add_symlink "${FILE}"
+            else
+                add_binary "${FILE}"
+            fi
+        done
+    done
+
+    # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5))
+    add_binary 'mkswap'
+
+    [[ -f /etc/crypttab.initramfs ]] && add_file '/etc/crypttab.initramfs' '/etc/crypttab'
+}
+
+help() {
+    cat <<HELPEOF
+This hook allows for an encrypted root device with systemd initramfs.
+
+See the manpage of systemd-cryptsetup-generator(8) for available kernel
+command line options. Alternatively, if the file /etc/crypttab.initramfs
+exists, it will be added to the initramfs as /etc/crypttab. See the
+crypttab(5) manpage for more information on crypttab syntax.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et:

curl/PKGBUILD

@@ -8,12 +8,11 @@
 pkgbase=curl
 pkgname=(curl libcurl-compat libcurl-gnutls)
 #pkgver=7.88.1
-_tag='b3d2310c6441c075cdad12155da944886f1974a6' # git rev-parse v${_tag_name}
-_tag_name='7_88_1'
+_tag='741b214c095c688961ac847e86babfd68299e4ce' # git rev-parse v${_tag_name}
+_tag_name='8_0_0'
 pkgver="${_tag_name//_/.}"
-pkgrel=03
+pkgrel=01
 pkgdesc='command line tool and library for transferring data with URLs - w/o ipv6 & zstd'
-arch=('x86_64')
 url='https://curl.haxx.se'
 #options=(debug)  # uncomment this to produce debug package 
 depends=('ca-certificates' 'brotli' 'libbrotlidec.so' 'krb5' 'libgssapi_krb5.so'
@@ -26,13 +25,13 @@ provides=('libcurl.so')
 source=("git+https://github.com/bagder/curl.git#tag=${_tag}?signed")
 
 _backports=(
-#  # git master
-  # tool_operate: avoid fclose(NULL) on bad header dump file
-  '1c9cfb7af368feefb522caf81b052ee742a76da8'
-
-  # CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections
-  '821f6e2a89de8aec1c7da3c0f381b92b2b801efc'
-
+##  # git master
+#  # tool_operate: avoid fclose(NULL) on bad header dump file
+#  '1c9cfb7af368feefb522caf81b052ee742a76da8'
+#
+#  # CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections
+#  '821f6e2a89de8aec1c7da3c0f381b92b2b801efc'
+#
 )
 
 _reverts=(
@@ -170,7 +169,9 @@ package_libcurl-gnutls() {
   ln -s curl "${pkgdir}"/usr/share/licenses/libcurl-gnutls
 }
 
-#---- license gpg-key sha256sums ----
+#---- arch license gpg-key & sha256sums ----
+
+arch=(x86_64)
 
 license=('MIT')
 
@@ -178,7 +179,8 @@ validpgpkeys=('27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2') # Daniel Stenberg
 
 sha256sums=(SKIP)
 
-##  78ea4dcbe91c88551428eecc6f08a56f0c8522c34b6a05c45f1bfc7d974b733b  curl-7.88.1-03-x86_64.pkg.tar.lz
-##  7496d09b1b0e30d43eaf2092fe29b724791dfea2f7405de686637cadf111bed3  libcurl-compat-7.88.1-03-x86_64.pkg.tar.lz
-##  60f844e7ca673b5c22883e1ca903d62d959608ffdd3e78cff6122b8f9783bbd3  libcurl-gnutls-7.88.1-03-x86_64.pkg.tar.lz
+##  94dcd7e3964ea4a9644da8bca780ddd027378d2e5331c9f15443f07581686d60  curl-8.0.0-01-x86_64.pkg.tar.lz
+##  48034bc4245c21c1a8cf53e590ab73f1ff6209dafe6405c1d87cf3258cd8dacd  libcurl-compat-8.0.0-01-x86_64.pkg.tar.lz
+##  53cdbaa260f4e2297b22bb2dc9906e14bb934dcfbaae32d0b978233a33d0cd91  libcurl-gnutls-8.0.0-01-x86_64.pkg.tar.lz
+
 

curl/PKGBUILD-arch

@@ -6,10 +6,10 @@
 
 pkgbase=curl
 pkgname=(curl libcurl-compat libcurl-gnutls)
-_tag='b3d2310c6441c075cdad12155da944886f1974a6' # git rev-parse v${_tag_name}
-_tag_name='7_88_1'
+_tag='741b214c095c688961ac847e86babfd68299e4ce' # git rev-parse v${_tag_name}
+_tag_name='8_0_0'
 pkgver="${_tag_name//_/.}"
-pkgrel=3
+pkgrel=1
 pkgdesc='command line tool and library for transferring data with URLs'
 arch=('x86_64')
 url='https://curl.haxx.se/'
@@ -24,11 +24,6 @@ source=("git+https://github.com/bagder/curl.git#tag=${_tag}?signed")
 sha512sums=('SKIP')
 
 _backports=(
-  # tool_operate: avoid fclose(NULL) on bad header dump file
-  '1c9cfb7af368feefb522caf81b052ee742a76da8'
-
-  # CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections
-  '821f6e2a89de8aec1c7da3c0f381b92b2b801efc'
 )
 
 _reverts=(

curl/time

@@ -1,6 +1,6 @@
 
 
-real	3m40.946s
-user	3m13.964s
-sys	0m32.094s
+real	12m15.186s
+user	3m54.094s
+sys	0m44.689s
  

gpgme/PKGBUILD

@@ -7,25 +7,20 @@
 
 pkgbase=gpgme
 pkgname=(gpgme qgpgme python-gpgme)
-pkgver=1.18.0
-pkgrel=02  # renamed one patch and added 2nd
-_python_ver=3.10
+pkgver=1.19.0
+pkgrel=02
 pkgdesc="A C wrapper library for GnuPG"
-arch=('x86_64')
 #options=('debug')  ##  uncomment this to have the debug pkg produced
 url='https://www.gnupg.org/related_software/gpgme/'
-makedepends=('libgpg-error' 'gnupg' 'qt5-base' 'python' 'swig')
-source=("https://www.gnupg.org/ftp/gcrypt/${pkgbase}/${pkgbase}-${pkgver}.tar.bz2"{,.sig}
-#        python310.patch) --> 0001-***
-        0001-python-3-10.patch
-        0002-python-setup.patch)
+makedepends=('gnupg' 'libgpg-error' 'python' 'python-setuptools' 'python-build' 'python-installer' 'python-setuptools' 'python-wheel' 'qt5-base' 'swig')
+source=("https://www.gnupg.org/ftp/gcrypt/${pkgbase}/${pkgbase}-${pkgver}.tar.bz2"{,.sig})
 
-prepare() {
-  cd ${pkgbase}-${pkgver}
-
-  patch -Np1 -i ../0001-python-3-10.patch
-  patch -Np1 -i ../0002-python-setup.patch
-}
+#prepare() {
+#  cd ${pkgbase}-${pkgver}
+#
+#  patch -Np1 -i ../0001-python-3-10.patch
+#  patch -Np1 -i ../0002-python-setup.patch
+#}
 
 build() {
   cd ${pkgbase}-${pkgver}
@@ -37,25 +32,24 @@ build() {
     --disable-gpgsm-test
   make
 
-  # ensure reproducibility of .pyc files
-  touch -d @$SOURCE_DATE_EPOCH lang/python/version.py
-  touch -d @$SOURCE_DATE_EPOCH lang/python/python${_python_ver}-gpg/lib.linux-x86_64-${_python_ver}/gpg/gpgme.py
-
-  # .pyc files will be created if check() is used - generate them here
-
+  (
+    # use a PEP517 workflow to get a reproducible Python package
+    cd lang/python/
+    python -m build --wheel --no-isolation
+  )
 }
 
-#check() {
-#  cd ${pkgbase}-${pkgver}
-#
-#  # this test fails with gnupg (FS#66572)
-#  sed -i 's#"t-keylist-secret",##' tests/json/t-json.c
-#
-#  make check
+check() {
+  cd ${pkgbase}-${pkgver}
+
+  # this test fails with gnupg (FS#66572)
+  sed -i 's#"t-keylist-secret",##' tests/json/t-json.c
+
+  make check
 #
 #  # ensure reproducibilty whether test-suite is run or not
 #  find . -name *.pyc -exec rm {} +
-#}
+}
 
 package_gpgme() {
   depends=('libgpg-error' 'gnupg>=2')
@@ -87,19 +81,23 @@ package_python-gpgme() {
   depends=('gpgme' 'python')
 
   cd ${pkgbase}-${pkgver}/lang/python
-  make DESTDIR="${pkgdir}" install
+  python -m installer --destdir="$pkgdir" dist/*.whl
 }
 
-#---- license gpg-key sha256sums ----
+#---- arch license gpg-key & sha256sums ----
+
+arch=(x86_64)
 
 license=('LGPL')
 
 validpgpkeys=('6DAA6E64A76D2840571B4902528897B826403ADA' # Werner Koch (dist signing 2020)
               'AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD') # Niibe Yutaka (GnuPG Release Key)
 
-sha256sums=(361d4eae47ce925dba0ea569af40e7b52c645c4ae2e65e5621bf1b6cdd8b0e9e  # gpgme-1.18.0.tar.bz2
-	f09812d9a1ea513aa10a06c878d351eacf7f48110e200db3cfc7961412e240aa  # gpgme-1.18.0.tar.bz2.sig
-##	105c722a34526516b9cc53e5690ee8c29651a9dcd3a0235f4009e94ef4fd684d # gpgme-1.18.0.tar.bz2.sig  ## Added Yutaka to sig
-            5de2f6bcb6b30642d0cbc3fbd86803c9460d732f44a526f44cedee8bb78d291a  # 0001-python-3-10.patch
-            84fb13e9afa549027469e0d1a1bad69bf786b63ef6359a5d65320bd226dcccc7) # 0002-python-setup.patch
+sha256sums=(cb58494dc415fba9eeb12b826550ad3190dc92e265c5bb2ae1a21c92841cfd38  # gpgme-1.19.0.tar.bz2
+	eee2bab6a0ba332c86150c8440c3ec9f12e61b0047713a6663bb2c83b80b2926) # gpgme-1.19.0.tar.bz2.sig
+
+##  b21def79f924a1623950493bc4a5142ea890fc7f60d26c0247ae4672bc9db111  gpgme-1.19.0-02-x86_64.pkg.tar.lz
+##  c7d49cd681fba0729ec404e74d09bbc16fbacc0d8f062cdc3c84236f42d92713  python-gpgme-1.19.0-02-x86_64.pkg.tar.lz
+##  f2bd084c203731573dddf5b1e276da55e3861886cec36cc3751e5a70565d0ac9  qgpgme-1.19.0-02-x86_64.pkg.tar.lz
+
 

gpgme/PKGBUILD-arch

@@ -4,30 +4,28 @@
 
 pkgbase=gpgme
 pkgname=(gpgme qgpgme python-gpgme)
-pkgver=1.18.0
+pkgver=1.19.0
 pkgrel=2
-_python_ver=3.10
 pkgdesc='A C wrapper library for GnuPG'
 arch=('x86_64')
 url='https://www.gnupg.org/related_software/gpgme/'
 license=('LGPL')
-makedepends=('libgpg-error' 'gnupg' 'qt5-base' 'python' 'swig')
+makedepends=(
+  'gnupg'
+  'libgpg-error'
+  'python'
+  'python-build'
+  'python-installer'
+  'python-setuptools'
+  'python-wheel'
+  'qt5-base'
+  'swig'
+)
 validpgpkeys=('6DAA6E64A76D2840571B4902528897B826403ADA'  # Werner Koch (dist signing 2020)
               'AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD') # Niibe Yutaka (GnuPG Release Key)
-source=("https://www.gnupg.org/ftp/gcrypt/${pkgbase}/${pkgbase}-${pkgver}.tar.bz2"{,.sig}
-        '0001-python-3-10.patch'
-        '0002-python-setup.patch')
-sha256sums=('361d4eae47ce925dba0ea569af40e7b52c645c4ae2e65e5621bf1b6cdd8b0e9e'
-            'SKIP'
-            '5de2f6bcb6b30642d0cbc3fbd86803c9460d732f44a526f44cedee8bb78d291a'
-            '84fb13e9afa549027469e0d1a1bad69bf786b63ef6359a5d65320bd226dcccc7')
-
-prepare() {
-  cd ${pkgbase}-${pkgver}
-
-  patch -Np1 -i ../0001-python-3-10.patch
-  patch -Np1 -i ../0002-python-setup.patch
-}
+source=("https://www.gnupg.org/ftp/gcrypt/${pkgbase}/${pkgbase}-${pkgver}.tar.bz2"{,.sig})
+sha256sums=('cb58494dc415fba9eeb12b826550ad3190dc92e265c5bb2ae1a21c92841cfd38'
+            'SKIP')
 
 build() {
   cd ${pkgbase}-${pkgver}
@@ -39,12 +37,11 @@ build() {
     --disable-gpgsm-test
   make
 
-  # ensure reproducibility of .pyc files
-  touch -d @$SOURCE_DATE_EPOCH lang/python/version.py
-  touch -d @$SOURCE_DATE_EPOCH lang/python/python${_python_ver}-gpg/lib.linux-x86_64-${_python_ver}/gpg/gpgme.py
-
-  # .pyc files will be created if check() is used - generate them here
-
+  (
+    # use a PEP517 workflow to get a reproducible Python package
+    cd lang/python/
+    python -m build --wheel --no-isolation
+  )
 }
 
 check() {
@@ -54,9 +51,6 @@ check() {
   sed -i 's#"t-keylist-secret",##' tests/json/t-json.c
 
   make check
-
-  # ensure reproducibilty whether test-suite is run or not
-  find . -name *.pyc -exec rm {} +
 }
 
 package_gpgme() {
@@ -89,5 +83,5 @@ package_python-gpgme() {
   depends=('gpgme' 'python')
 
   cd ${pkgbase}-${pkgver}/lang/python
-  make DESTDIR="${pkgdir}" install
+  python -m installer --destdir="$pkgdir" dist/*.whl
 }

gpgme/deps

@@ -1,5 +1,9 @@
 qt5-base
 python
 swig
+python-setuptools
+python-build
+python-installer
+python-wheel
 
 

xz/PKGBUILD

@@ -6,10 +6,9 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------
 
 pkgname=xz
-pkgver=5.4.1
-pkgrel=02
+pkgver=5.4.2
+pkgrel=01
 pkgdesc='Library and command line tools for XZ and LZMA compressed files'
-arch=('x86_64')
 url='https://tukaani.org/xz/'
 depends=('sh')
 #options=('debug')   ##### uncomment this to produce the debug pkg
@@ -47,18 +46,17 @@ package() {
 	ln -sf /usr/share/licenses/common/GPL2/license.txt "${pkgdir}/usr/share/doc/xz/COPYING.GPLv2"
 }
 
-#---- license gpg-key sha256sums ----
+#---- arch license gpg-key & sha256sums ----
+
+arch=(x86_64)
 
 license=('GPL' 'LGPL' 'custom')
 
 validpgpkeys=('3690C240CE51B4670D30AD1C38EE757D69184620') # Lasse Collin <lasse.collin@tukaani.org>
 
-sha256sums=(e4b0f81582efa155ccf27bb88275254a429d44968e488fc94b806f2a61cd3e22  # xz-5.4.1.tar.gz
-	4250f26d4be1f749018ff623b384cfdf6c352cb375b4e267a38d85cbf20b77e5) # xz-5.4.1.tar.gz.sig
+sha256sums=(87947679abcf77cc509d8d1b474218fd16b72281e2797360e909deaee1ac9d05  # xz-5.4.2.tar.gz
+	49b48fe20a7620c6d688e6633ae055bf27d987dcc89d55bafcc148256cdca37a) # xz-5.4.2.tar.gz.sig
 
-sha512sums=('5cff8383a68fb88ecbb3770ec48af0ad5582e08de9dccd339e0b685aaa53447e59d6425caa3f63b54a674e5d78c20520876db547d156e6658ad4841660cba85b'
-             'SKIP')
+##  a52aeed0c582a827023b979de05faf341cf5793067d3fdbbfa17b6790525403d  xz-5.4.2-01-x86_64.pkg.tar.lz
 
 
-#  3c1c478bd6adfecfe6c27a55a3c55ce8205997b2010366b5c3fcd84b59511402  xz-5.4.1-02-x86_64.pkg.tar.xz
-

xz/PKGBUILD-arch

@@ -2,7 +2,7 @@
 # Contributor: François Charette <firmicus@gmx.net>
 
 pkgname=xz
-pkgver=5.4.1
+pkgver=5.4.2
 pkgrel=1
 pkgdesc='Library and command line tools for XZ and LZMA compressed files'
 arch=('x86_64')
@@ -12,9 +12,9 @@ depends=('sh')
 provides=('liblzma.so')
 validpgpkeys=('3690C240CE51B4670D30AD1C38EE757D69184620') # Lasse Collin <lasse.collin@tukaani.org>
 source=("https://tukaani.org/${pkgname}/${pkgname}-${pkgver}.tar.gz"{,.sig})
-sha256sums=('e4b0f81582efa155ccf27bb88275254a429d44968e488fc94b806f2a61cd3e22'
+sha256sums=('87947679abcf77cc509d8d1b474218fd16b72281e2797360e909deaee1ac9d05'
             'SKIP')
-sha512sums=('5cff8383a68fb88ecbb3770ec48af0ad5582e08de9dccd339e0b685aaa53447e59d6425caa3f63b54a674e5d78c20520876db547d156e6658ad4841660cba85b'
+sha512sums=('149f980338bea3d66de1ff5994b2b236ae1773135eda68b62b009df0c9dcdf5467f8cb2c06da95a71b6556d60bd3d21f475feced34d5dfdb80ee95416a2f9737'
             'SKIP')
 
 build() {