From a3555c1473f8b70467e4cdc2c483f5f19d6d3910 Mon Sep 17 00:00:00 2001
From: Zach van Rijn <me@zv.io>
Date: Sun, 8 May 2022 03:29:06 +0000
Subject: user/gnutls: bump { 3.6.16 --> 3.7.4 }.

---
 user/gnutls/APKBUILD                               | 10 +++----
 user/gnutls/disable-certtool-test.patch            | 33 ----------------------
 .../gnulib-tests-dont-require-gpg-passphrase.patch | 10 -------
 user/gnutls/tests-certtool.patch                   | 33 ++++++++++++++++++++++
 4 files changed, 37 insertions(+), 49 deletions(-)
 delete mode 100644 user/gnutls/disable-certtool-test.patch
 delete mode 100644 user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch
 create mode 100644 user/gnutls/tests-certtool.patch

(limited to 'user')

diff --git a/user/gnutls/APKBUILD b/user/gnutls/APKBUILD
index 08967d27a..a88d25db0 100644
--- a/user/gnutls/APKBUILD
+++ b/user/gnutls/APKBUILD
@@ -2,7 +2,7 @@
 # Contributor: Michael Mason <ms13sp@gmail.com>
 # Maintainer: Zach van Rijn <me@zv.io>
 pkgname=gnutls
-pkgver=3.6.16
+pkgver=3.7.4
 pkgrel=0
 pkgdesc="A TLS protocol implementation"
 url="https://www.gnutls.org/"
@@ -22,8 +22,7 @@ case $pkgver in
 	;;
 esac
 source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/$pkgname-$pkgver.tar.xz
-	gnulib-tests-dont-require-gpg-passphrase.patch
-	disable-certtool-test.patch
+	tests-certtool.patch
 	"
 
 # secfixes:
@@ -85,6 +84,5 @@ xx() {
 	mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
 }
 
-sha512sums="72c78d7fcb024393c1d15f2a1856608ae4460ba43cc5bbbb4c29b80508cae6cb822df4638029de2363437d110187e0a3cc19a7288c3b2f44b2f648399a028438  gnutls-3.6.16.tar.xz
-abc24ee59cc67805fe953535b0bae33080fc8b0bf788304377f6d10ec8c162c4cf203a69c98a4ba3483b4c60ed7a204433cc7db9b8190eddb0d68f6fb6dad52d  gnulib-tests-dont-require-gpg-passphrase.patch
-25400be364c1f27b88451002a471cbf841b9738dd93c42dcbeaf7644c3deea6afc85300b40d5ae32d29dc4d441237e8b311f3e07f0af2fb4788701ee4e240c0f  disable-certtool-test.patch"
+sha512sums="38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6  gnutls-3.7.4.tar.xz
+2006876dd33559a9ee4abe73e7cedc6867c4f480befdfd5fe9e3eca327e291c3cdb12385156c2ba5ab9496dec870b15178249e015363397f1d979ef785906366  tests-certtool.patch"
diff --git a/user/gnutls/disable-certtool-test.patch b/user/gnutls/disable-certtool-test.patch
deleted file mode 100644
index 2ae16a38e..000000000
--- a/user/gnutls/disable-certtool-test.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-If GNUTLS_PIN is not available in the environment, the test will fail
-because it cannot ask for the password:
-
-Generating a self signed certificate...
-No PIN given.
-note: when operating in batch mode, set the GNUTLS_PIN or GNUTLS_SO_PIN environment variables
-cert generation failed
-FAIL certtool (exit status: 1)
-
-The comment above this line says "some CI runners need GNUTLS_PIN
-(GNUTLS_PIN=${PASS})" (i.e. GNUTLS_PIN=1234). When this is passed
-instead, the test fails again because "No password was asked" (it greps
-for "Enter password" in the output, but this won't happen because
-GNUTLS_PIN is set).
-
-The folks at Nix believe this is an incompatibility due to musl's
-getpass not falling back to stdin/stderr if it cannot connect to a tty,
-as glibc does.
-
-https://gitlab.com/gnutls/gnutls/-/issues/945
-
---- gnutls-3.6.13/tests/cert-tests/certtool	2020-01-01 14:10:19.000000000 -0600
-+++ gnutls-3.6.13/tests/cert-tests/certtool	2020-06-02 20:36:20.380039844 -0500
-@@ -20,6 +20,9 @@
- 
- #set -e
- 
-+echo 'this test is not compatible with musl'
-+exit 77
-+
- srcdir="${srcdir:-.}"
- CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
- DIFF="${DIFF:-diff -b -B}"
diff --git a/user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch b/user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch
deleted file mode 100644
index 2c9276cbc..000000000
--- a/user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- gnutls-3.6.2/gl/tests/test-vc-list-files-git.sh	2018-01-03 18:36:29.000000000 -0600
-+++ gnutls-3.6.2/gl/tests/test-vc-list-files-git.sh	2018-06-18 21:57:08.305562148 -0500
-@@ -32,6 +32,7 @@
-   touch d/a b c &&
-   git config user.email "you@example.com" &&
-   git config user.name "Your Name" &&
-+  git config commit.gpgsign false &&
-   git add . > /dev/null &&
-   git commit -q -a -m log &&
-   printf '%s\n' b c d/a > expected &&
diff --git a/user/gnutls/tests-certtool.patch b/user/gnutls/tests-certtool.patch
new file mode 100644
index 000000000..13dc12b3b
--- /dev/null
+++ b/user/gnutls/tests-certtool.patch
@@ -0,0 +1,33 @@
+I think this tests is simply wrong.
+When a PIN is given, the program should run in batch mode.
+So the question for "Enter password" should _not_ be present.
+
+Fails on the builders:
+
+> Generating a 3072 bit RSA private key...
+> Generating a self signed certificate...
+> No PIN given.
+> note: when operating in batch mode, set the GNUTLS_PIN or GNUTLS_SO_PIN environment variables
+> cert generation failed
+> FAIL certtool.sh (exit status: 1)
+
+--- a/tests/cert-tests/certtool.sh	2019-02-07 07:33:45.960887338 +0000
++++ b/tests/cert-tests/certtool.sh	2019-02-07 07:36:14.550955051 +0000
+@@ -49,7 +49,7 @@
+ 
+ 	#check whether password is being honoured
+ 	#some CI runners need GNUTLS_PIN (GNUTLS_PIN=${PASS})
+-	${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 <<EOF
++	GNUTLS_PIN=${PASS} ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 <<EOF
+ $PASS
+ EOF
+ 	if test $? != 0;then
+@@ -59,7 +59,7 @@
+ 	fi
+ 
+ 	grep "Enter password" ${TMPFILE2} >/dev/null 2>&1
+-	if test $? != 0;then
++	if test $? != 1; then
+ 		cat ${TMPFILE2}
+ 		echo "No password was asked"
+ 		exit 1
-- 
cgit v1.2.3-70-g09d2