gentoo auto-resync : 18:02:2024 - 11:39:02

3 files changed, 401 insertions, 0 deletions

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 52e62bff315a..cd5b1ddd55de 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -5,6 +5,7 @@ AUX gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch 1048
 AUX gnupg-2.2.42-bug923248-insecure-backup.patch 12385 BLAKE2B af374b2038a6d8628922e433f26dee2cc66c9e031d871947e2a44586cf2183d8a7bc365f1f0cc0cde552eb176d5f580b3aaab5e4a551d0652f10096c5150aa43 SHA512 1dc123f120d95ae77b52b3869bf7abfcaf0cfbfe732f691663b472a6e9bdd20502280527585dda81da4bd03e8194bdd5e72cc2111f24ccf2ce9e476fe474d4cf
 AUX gnupg-2.4.2-fix-emacs.patch 16897 BLAKE2B 8d810abf26b4fbc3a6119d5b0b3c8048a82262249b2b61fbfaa01792229d4ac6277cb2b20f8e8b2fac36a201d4c0b8980e6f7c63293d2edbdb379b5d1123112e SHA512 1b2d89c5203cabcc7bdce9e4a665e708d9610e7da347a653e8c60e0a95f95605234ea953ca0ba6eb0157743d231ed52c00240f02a181640aee3b87e963e42322
 AUX gnupg-2.4.3-no-ldap.patch 732 BLAKE2B 24ae1b81900dff5b1698dd4260399557e39e68f5ecae5d8012a489a7c63c1d899f586aa0ec19a81464a738fd5362a202423afedad3a9f37ea74819f11eb6f857 SHA512 064e0ea7af889a2c9f7545de21e3999441bc86ad8b01fa092339ea4b5fcffc601b21d37a1d40397afcb21c073f3b075057af2c1fbedd926db3d427acbf8f8657
+AUX gnupg-2.4.4-dirmngr-proxy.patch 6301 BLAKE2B aa69f47d57569e64a75814c1a20964376c33e3ea2873d76295df5e8303cc0c966cc490fbba4f98a86aa392aeb57905605c1a3c2617992826e30a4450873726b9 SHA512 ee49aa5dd8be2d5b4b46ba26e450c797f65609decbf7cc267e82cf809352694d5358df7ee19752d8a4e2024428578370c7ca983da0eac7787b537c6a8cad854d
 AUX gpg-agent-browser.socket 298 BLAKE2B 0b08e5e60ced5e09a485506a52c1da35ed6e557fc36021d0c5f5f1ade19e7dd1d67096110eebe7955246eea53f21b2bdc3ab9f3a660ed8be90ab609ce7126008 SHA512 8dfdd132f991be23aa29ea36d2cfbfd36cdd5c3f7243636fb82ee99e5a427eccbdec69d51732ad78b9592a307eb2a0044c413635e03a6cadc94b7719388b86a7
 AUX gpg-agent-extra.socket 281 BLAKE2B 2b8edd4454fece75535e84a2ee7daffa764395a99fbfbcc1d17673220795955b4bd62a447776cbe8a2b1a790da9104465c15f47ae0ea3c5d20514cf93db27922 SHA512 b0bfa5c7ecdb541684c56938f97660fd9efce7df2ec6bdf8de95cca9ed90323a7ca796c3e886fc081b11eeff1c2632e6c20ddcbf23e14286993fa8ff0ba08804
 AUX gpg-agent-ssh.socket 308 BLAKE2B bacd09131082ee4bd440568b68065fb148c90a620e6628796bb9f3a2957a13860d15ce548e39ce10bc8749ebeabd7dcd0e893db49df295c9126078fc3de76619 SHA512 202bc5c9c7f9c4e97f53626c906ea455d6d4497cc03272c52f7b653cb5d5dc23850b85f939b88d04bbe70e309ad007415401298c9d04cb9b60329ad9e550e93d
@@ -22,5 +23,6 @@ EBUILD gnupg-2.2.41.ebuild 5565 BLAKE2B fdb0c920af7a13bd25a23e4ed5e0561f385b4952
 EBUILD gnupg-2.2.42-r1.ebuild 5585 BLAKE2B b93ce0f9bd50af4ca60fd022abd469d7e01128893a284e03d4d58ea30c8931b111cd0bc78136033e6a7c92c1e7bf3e958ac246ee91c306462b91337136975041 SHA512 e5f97fa30968480420ba9f5107ed1db8d6e1112886f81e735a382a61a0945ac0529c7cca891d226818cfc2cf3574f042358eb058e55cd2dc064c46ef04e34bb3
 EBUILD gnupg-2.2.42-r2.ebuild 5639 BLAKE2B b2be8bb8401613c71509e47075a1839246ce5ba1a5bbdb683f929490e8d04bd5960fdc868b5ddc43a50eeac3bafd4527dd9b588ec67c9cb1f8ba6a951ddcecb1 SHA512 2367ca49bfbfe7885b9be16b42f4c7a3442e9e307b1fc81b8af531d0233d4bb6dea1e5925ed468bc23d2c12693c62107e1245782a03b671f6f152ce516ac4d0f
 EBUILD gnupg-2.4.3-r1.ebuild 6201 BLAKE2B 24a6e7d1c0bbbb544487e2bd6b30b052a352b16ef7c1bcaa1587964a4eb883407edc393a0548f7fe2b3ee60257b1dc0bd48cd9c4398fdc6ca228521b5fc8bef7 SHA512 5a084293031b6d186fc948001142d72430dbfca819a61e611c8a268dabf4afe15c25c57f7cd2dde506dc4da05dfe482d5a8e180b46556c90d518c097c057be30
+EBUILD gnupg-2.4.4-r1.ebuild 6172 BLAKE2B 7799c4d6d06cd428cb866f93e6317e5b692e216297bd2ff9f020c2e1a8eb49782ca83fc5cb217a1843f9eb8bdf9e6b4bf2067488ec6ad1ea62c1a96ea002ffa6 SHA512 53e75c1a3fabeafe2abde8b9482a4c13508804be6e251f464417c03c1f57935079b0480ed80f0beff3aa385ad629bc46d592b5dd53df40614b41a316ef0ec8c5
 EBUILD gnupg-2.4.4.ebuild 6210 BLAKE2B 587a3c4651ca0a71988067b0c41e649614de1459bf504f802f613cb40c9e613763286b6f6156fccd365d0013d536b4e450f95a13f61e709d337cd44755be4e8a SHA512 e3534902f01a42e772c60f4f8e0f5b9e80196f49a12b326321c7a4756614a0f1184ddb173a026601c59ca69fecc3c797212c22a512577e92ba28857afd001419
 MISC metadata.xml 1189 BLAKE2B dae783678abfe0bae095970d96d952f591a569debad411708d29a2f128c6a291b73a33ee0b3491a6a5ec44c11f56d33c1531022e0ef9eaad3326c9cd0f79e3fb SHA512 bc7d6a9ceda213c134d9afc527fe0b0c87a4886a171b7a1e1f662f3978fec5e71323bae4c9f3882e1d763d5738446f161265070a8e513a59fa62ef0f792e9fa5
diff --git a/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
new file mode 100644
index 000000000000..686a3aadc8dd
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
@@ -0,0 +1,202 @@
+https://bugs.gentoo.org/924606
+https://dev.gnupg.org/T6997
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=04cbc3074aa98660b513a80f623a7e9f0702c7c9
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=848546b05ab0ff6abd47724ecfab73bf32dd4c01
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2810b934647edd483996bee1f5f9256a162b2705
+
+From 6236978d78886cbb476ed9fbc49ff99c7582b2d7 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Thu, 15 Feb 2024 15:38:34 +0900
+Subject: [PATCH 1/3] dirmngr: Fix proxy with TLS.
+
+* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
+available regardless of USE_TLS.
+(run_proxy_connect): Use log_debug_string.
+(send_request): Remove USE_TLS.
+
+--
+
+Since the commit of
+
+	1009e4e5f71347a1fe194e59a9d88c8034a67016
+
+Building with TLS library is mandatory.
+
+GnuPG-bug-id: 6997
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/http.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 4899a5d55..10eecfdb0 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2362,7 +2362,6 @@ run_gnutls_handshake (http_t hd, const char *server)
+  * NULL, decode the string and use this as input from teh server.  On
+  * success the final output token is stored at PROXY->OUTTOKEN and
+  * OUTTOKLEN.  IF the authentication succeeded OUTTOKLEN is zero. */
+-#ifdef USE_TLS
+ static gpg_error_t
+ proxy_get_token (proxy_info_t proxy, const char *inputstring)
+ {
+@@ -2530,11 +2529,9 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
+ 
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+-#endif /*USE_TLS*/
+ 
+ 
+ /* Use the CONNECT method to proxy our TLS stream.  */
+-#ifdef USE_TLS
+ static gpg_error_t
+ run_proxy_connect (http_t hd, proxy_info_t proxy,
+                    const char *httphost, const char *server,
+@@ -2586,7 +2583,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+   hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
+ 
+   if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
+-    log_debug_with_string (request, "http.c:proxy:request:");
++    log_debug_string (request, "http.c:proxy:request:");
+ 
+   if (!hd->fp_write)
+     {
+@@ -2743,7 +2740,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+   xfree (tmpstr);
+   return err;
+ }
+-#endif /*USE_TLS*/
+ 
+ 
+ /* Make a request string using a standard proxy.  On success the
+@@ -2903,7 +2899,6 @@ send_request (ctrl_t ctrl,
+       goto leave;
+     }
+ 
+-#if USE_TLS
+   if (use_http_proxy && hd->uri->use_tls)
+     {
+       err = run_proxy_connect (hd, proxy, httphost, server, port);
+@@ -2915,7 +2910,6 @@ send_request (ctrl_t ctrl,
+        * clear the flag to indicate this.  */
+       use_http_proxy = 0;
+     }
+-#endif	/* USE_TLS */
+ 
+ #if HTTP_USE_NTBTLS
+   err = run_ntbtls_handshake (hd);
+-- 
+2.43.2
+
+From 68650eb6999e674fd2f1c78f47b68d3cd1d37ff0 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 16 Feb 2024 11:31:37 +0900
+Subject: [PATCH 2/3] dirmngr: Fix the regression of use of proxy for TLS
+ connection.
+
+* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
+causes resource leak of FP_WRITE.
+Don't try to read response body to fix the hang.
+
+--
+
+GnuPG-bug-id: 6997
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/http.c | 14 ++------------
+ 1 file changed, 2 insertions(+), 12 deletions(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 10eecfdb0..7ce01bacd 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2553,6 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+    * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
+    */
+   auth_basic = !!proxy->uri->auth;
++  hd->keep_alive = 0;
+ 
+   /* For basic authentication we need to send just one request.  */
+   if (auth_basic
+@@ -2574,13 +2575,12 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+                          httphost ? httphost : server,
+                          port,
+                          authhdr ? authhdr : "",
+-                         auth_basic? "" : "Connection: keep-alive\r\n");
++                         hd->keep_alive? "Connection: keep-alive\r\n" : "");
+   if (!request)
+     {
+       err = gpg_error_from_syserror ();
+       goto leave;
+     }
+-  hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
+ 
+   if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
+     log_debug_string (request, "http.c:proxy:request:");
+@@ -2607,16 +2607,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+   if (err)
+     goto leave;
+ 
+-  {
+-    unsigned long count = 0;
+-
+-    while (es_getc (hd->fp_read) != EOF)
+-      count++;
+-    if (opt_debug)
+-      log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
+-                 count);
+-  }
+-
+   /* Reset state.  */
+   es_clearerr (hd->fp_read);
+   ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
+-- 
+2.43.2
+
+From 7c7cbd94549d08780fc3767d6de8336b3f44e7d7 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 16 Feb 2024 16:24:26 +0900
+Subject: [PATCH 3/3] dirmngr: Fix keep-alive flag handling.
+
+* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
+Authentication.  Fix resource leak of FP_WRITE.
+
+--
+
+GnuPG-bug-id: 6997
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/http.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 7ce01bacd..da0c89ae5 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2553,7 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+    * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
+    */
+   auth_basic = !!proxy->uri->auth;
+-  hd->keep_alive = 0;
++  hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
+ 
+   /* For basic authentication we need to send just one request.  */
+   if (auth_basic
+@@ -2717,6 +2717,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+     }
+ 
+  leave:
++  if (hd->keep_alive)
++    {
++      es_fclose (hd->fp_write);
++      hd->fp_write = NULL;
++      /* The close has released the cookie and thus we better set it
++       * to NULL.  */
++      hd->write_cookie = NULL;
++    }
+   /* Restore flags, destroy stream, reset state.  */
+   hd->flags = saved_flags;
+   es_fclose (hd->fp_read);
+-- 
+2.43.2
+
diff --git a/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild
new file mode 100644
index 000000000000..768489c6bf9f
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.46
+	>=dev-libs/libksba-1.6.3
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.2:0= )
+"
+RDEPEND="
+	${DEPEND}
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+PDEPEND="
+	app-crypt/pinentry
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-dirmngr-proxy.patch #924606
+)
+
+src_prepare() {
+	default
+
+	GNUPG_SYSTEMD_UNITS=(
+		dirmngr.service
+		dirmngr.socket
+		gpg-agent-browser.socket
+		gpg-agent-extra.socket
+		gpg-agent.service
+		gpg-agent.socket
+		gpg-agent-ssh.socket
+	)
+
+	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i "${T}"/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	# Upstream don't support LTO, bug #854222.
+	filter-lto
+
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+	use doc && dodoc doc/*.png
+
+	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+	dodoc "${FILESDIR}"/README-systemd
+	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
+}