From 996a2bda06cb164877d5d952774a6db1b271c2f3 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Tue, 25 Jun 2024 00:12:20 +0100
Subject: gentoo auto-resync : 25:06:2024 - 00:12:20

---
 app-crypt/gnupg/Manifest                           |   2 +
 .../files/gnupg-2.4.5-revert-rfc4880bis.patch      | 196 +++++++++++++++++++++
 app-crypt/gnupg/gnupg-2.4.5-r2.ebuild              | 193 ++++++++++++++++++++
 3 files changed, 391 insertions(+)
 create mode 100644 app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch
 create mode 100644 app-crypt/gnupg/gnupg-2.4.5-r2.ebuild

(limited to 'app-crypt/gnupg')

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 832931f915e3..a37a4291afab 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -5,6 +5,7 @@ AUX gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch 1048
 AUX gnupg-2.2.42-bug923248-insecure-backup.patch 12385 BLAKE2B af374b2038a6d8628922e433f26dee2cc66c9e031d871947e2a44586cf2183d8a7bc365f1f0cc0cde552eb176d5f580b3aaab5e4a551d0652f10096c5150aa43 SHA512 1dc123f120d95ae77b52b3869bf7abfcaf0cfbfe732f691663b472a6e9bdd20502280527585dda81da4bd03e8194bdd5e72cc2111f24ccf2ce9e476fe474d4cf
 AUX gnupg-2.2.42-dirmngr-proxy.patch 4882 BLAKE2B 1dbe7221ce82024d93cb7e41cb675cd4f159e34f26126cf7ce56e59115548919c3df4b38ff017540734886af3bc516307f92cb66c3b0aa66ce0181215422e516 SHA512 fa920e0d16da4bb689664a0a7d1e851317be387e9acdc7bf79970195408e498452e8c19eb548e3397aa147a1881af1ad1e9689e40046f3ce3ea81654d6e0d2c7
 AUX gnupg-2.2.42-gpgme-tests.patch 1214 BLAKE2B f83ed690099a7151d9b8144a112c14a809e120309ebb2283bf835e37c91e18566e3d6f1b7f8d6fbd5977424a19110923196a6495f22cddfa5cc6893be6c3b720 SHA512 1fb8767b06ab1d32711275c1efca47b802cc58e7f0b04d754f3b4138e81b4bb011965e9919b3e24d3b20046b31df3f615770054a98bc61971257bd7f77bbc184
+AUX gnupg-2.4.5-revert-rfc4880bis.patch 6701 BLAKE2B 10fd21ba49183ffd1cde6d48deeccdfb368bdb8da95c14f5cb64589f5376ad31a43e7f37dfc4ca726ae7939275a06eb5d6082627ca20699a62e1914538adb2e8 SHA512 04b4b235261991f1365772ba9920cc16a3320609162ad81c188cbeb533f1347b8e2e5d67b7a1d87e67b9fbe1fec35524bc030484b87abb1892d135976b1b95fe
 AUX gpg-agent-browser.socket 298 BLAKE2B 0b08e5e60ced5e09a485506a52c1da35ed6e557fc36021d0c5f5f1ade19e7dd1d67096110eebe7955246eea53f21b2bdc3ab9f3a660ed8be90ab609ce7126008 SHA512 8dfdd132f991be23aa29ea36d2cfbfd36cdd5c3f7243636fb82ee99e5a427eccbdec69d51732ad78b9592a307eb2a0044c413635e03a6cadc94b7719388b86a7
 AUX gpg-agent-extra.socket 281 BLAKE2B 2b8edd4454fece75535e84a2ee7daffa764395a99fbfbcc1d17673220795955b4bd62a447776cbe8a2b1a790da9104465c15f47ae0ea3c5d20514cf93db27922 SHA512 b0bfa5c7ecdb541684c56938f97660fd9efce7df2ec6bdf8de95cca9ed90323a7ca796c3e886fc081b11eeff1c2632e6c20ddcbf23e14286993fa8ff0ba08804
 AUX gpg-agent-ssh.socket 308 BLAKE2B bacd09131082ee4bd440568b68065fb148c90a620e6628796bb9f3a2957a13860d15ce548e39ce10bc8749ebeabd7dcd0e893db49df295c9126078fc3de76619 SHA512 202bc5c9c7f9c4e97f53626c906ea455d6d4497cc03272c52f7b653cb5d5dc23850b85f939b88d04bbe70e309ad007415401298c9d04cb9b60329ad9e550e93d
@@ -19,4 +20,5 @@ DIST gnupg-2.4.5.tar.bz2.sig 119 BLAKE2B f37fb5620bc009a5b935ac75df4235d377da4f0
 EBUILD gnupg-2.2.42-r4.ebuild 5709 BLAKE2B 9d10f7fd0ee3f8b27d3c8d4b9b1dae6a73bd05f01c162e15f4a542f821080f9b76ad7984f7edaef1fc32fc0e2309909c6872e2c27da6a399e17f7192a171d6a2 SHA512 d3fdb9bdb7d5dfa87ab3983bbf9b50baf22a222a261d75f662b1f520b118e0673b181c8435292e46cd57a4f3baa405a27f129309452e96151bb8001879dbf116
 EBUILD gnupg-2.2.43-r1.ebuild 5580 BLAKE2B 3a78ae5c88037985eef8c7a09982d562b1ee620f777b7b27ecf3b2e351e0cd6dbe7e80c0e9644cd9bb0332d83d8aad9d9ef96768dd2ef782cbaa00cf6bcb97e4 SHA512 5ca6eebad3e7f9627c4ff2848514ab7f5b92b411d1e786f53a12d7d81a84145d0f8931baab81f55ef017bf52d9afb0dd04052ace4d2a3473d6b406f23d0c0126
 EBUILD gnupg-2.4.5-r1.ebuild 5900 BLAKE2B e636dbc9da8939b626fd3c579195dba1254bff02cef682cc7acd7d4d8ceaf3810e4ca76d2f7490208336df40f5b4edbfe993b6574578cadb09fbc63d74787ee8 SHA512 ccfb4cb402c492a0fcfcc8f535ea463d848f13ea3ded935149f524d41de419a338ec9a5d3f930ad622106ef2ba8e8b98d924e77a8326291413129651d495fac8
+EBUILD gnupg-2.4.5-r2.ebuild 5973 BLAKE2B e4170d07a714f1e7f2aefa235480db5cf5231f554bfeb697b5709113c2935bcddcd21cfe3f1ca993d706d2c77feb4f4adc52bae737df97d4136c711f792c94ce SHA512 d7a1865e00a291824960fc8161c0eba8434338a45d6563866ffec5526344ecaa734e85cce584d54027c094a6359e1c20465ed39849d4f55b7b83f52b8a10507e
 MISC metadata.xml 1189 BLAKE2B dae783678abfe0bae095970d96d952f591a569debad411708d29a2f128c6a291b73a33ee0b3491a6a5ec44c11f56d33c1531022e0ef9eaad3326c9cd0f79e3fb SHA512 bc7d6a9ceda213c134d9afc527fe0b0c87a4886a171b7a1e1f662f3978fec5e71323bae4c9f3882e1d763d5738446f161265070a8e513a59fa62ef0f792e9fa5
diff --git a/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch b/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch
new file mode 100644
index 000000000000..57c00966d542
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch
@@ -0,0 +1,196 @@
+https://lwn.net/Articles/953797/
+https://security.stackexchange.com/questions/275883/should-one-really-disable-aead-for-recent-gnupg-created-pgp-keys
+https://lists.gnupg.org/pipermail/librepgp-discuss/2023/000001.html
+https://bugs.gentoo.org/926186
+
+From 1e4f1550996334d2a631a5d769e937d29ace47bb Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 9 Feb 2023 16:38:58 +0100
+Subject: [PATCH gnupg] Revert the introduction of the RFC4880bis draft into
+ defaults
+
+This reverts commit 4583f4fe2 (gpg: Merge --rfc4880bis features into
+--gnupg, 2022-10-31).
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -247,6 +247,7 @@ enum cmd_and_opt_values
+     oGnuPG,
+     oRFC2440,
+     oRFC4880,
++    oRFC4880bis,
+     oOpenPGP,
+     oPGP7,
+     oPGP8,
+@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
+   ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
+   ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
++  ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
+   ARGPARSE_s_n (oPGP7, "pgp6", "@"),
+   ARGPARSE_s_n (oPGP7, "pgp7", "@"),
+@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
+   ARGPARSE_s_s (oNoop, "aead-algo", "@"),
+   ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
+-  ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
+ 
+ 
+@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option compliance_options[] =
+   {
+     { "gnupg",      oGnuPG },
+     { "openpgp",    oOpenPGP },
+-    { "rfc4880bis", oGnuPG },
++    { "rfc4880bis", oRFC4880bis },
+     { "rfc4880",    oRFC4880 },
+     { "rfc2440",    oRFC2440 },
+     { "pgp6",       oPGP7 },
+@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option compliance_options[] =
+ static void
+ set_compliance_option (enum cmd_and_opt_values option)
+ {
++  opt.flags.rfc4880bis = 0;  /* Clear because it is initially set.  */
++
+   switch (option)
+     {
++    case oRFC4880bis:
++      opt.flags.rfc4880bis = 1;
++      opt.compliance = CO_RFC4880;
++      opt.flags.dsa2 = 1;
++      opt.flags.require_cross_cert = 1;
++      opt.rfc2440_text = 0;
++      opt.allow_non_selfsigned_uid = 1;
++      opt.allow_freeform_uid = 1;
++      opt.escape_from = 1;
++      opt.not_dash_escaped = 0;
++      opt.def_cipher_algo = 0;
++      opt.def_digest_algo = 0;
++      opt.cert_digest_algo = 0;
++      opt.compress_algo = -1;
++      opt.s2k_mode = 3; /* iterated+salted */
++      opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
++      opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
++      break;
+     case oOpenPGP:
+     case oRFC4880:
+       /* This is effectively the same as RFC2440, but with
+@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_values option)
+     case oPGP8:  opt.compliance = CO_PGP8;  break;
+     case oGnuPG:
+       opt.compliance = CO_GNUPG;
++      opt.flags.rfc4880bis = 1;
+       break;
+ 
+     case oDE_VS:
+@@ -2491,6 +2513,7 @@ main (int argc, char **argv)
+     opt.emit_version = 0;
+     opt.weak_digests = NULL;
+     opt.compliance = CO_GNUPG;
++    opt.flags.rfc4880bis = 1;
+ 
+     /* Check special options given on the command line.  */
+     orig_argc = argc;
+@@ -3033,6 +3056,7 @@ main (int argc, char **argv)
+           case oOpenPGP:
+           case oRFC2440:
+           case oRFC4880:
++          case oRFC4880bis:
+           case oPGP7:
+           case oPGP8:
+           case oGnuPG:
+@@ -3862,6 +3886,11 @@ main (int argc, char **argv)
+     if( may_coredump && !opt.quiet )
+ 	log_info(_("WARNING: program may create a core file!\n"));
+ 
++    if (!opt.flags.rfc4880bis)
++      {
++        opt.mimemode = 0; /* This will use text mode instead.  */
++      }
++
+     if (eyes_only) {
+       if (opt.set_filename)
+ 	  log_info(_("WARNING: %s overrides %s\n"),
+@@ -4078,7 +4107,7 @@ main (int argc, char **argv)
+     /* Check our chosen algorithms against the list of legal
+        algorithms. */
+ 
+-    if(!GNUPG)
++    if(!GNUPG && !opt.flags.rfc4880bis)
+       {
+ 	const char *badalg=NULL;
+ 	preftype_t badtype=PREFTYPE_NONE;
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string,int personal)
+ 	      strcat(dummy_string,"S7 ");
+ 	    strcat(dummy_string,"S2 "); /* 3DES */
+ 
+-            if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
++            if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ 	      strcat(dummy_string,"A2 ");
+ 
+             if (personal)
+@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
+   /* Make sure that the MDC feature flag is set if needed.  */
+   add_feature_mdc (sig,mdc_available);
+   add_feature_aead (sig, aead_available);
+-  add_feature_v5 (sig, 1);
++  add_feature_v5 (sig, opt.flags.rfc4880bis);
+   add_keyserver_modify (sig,ks_modify);
+   keygen_add_keyserver_url(sig,NULL);
+ 
+@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
+                 }
+             }
+           else if (!ascii_strcasecmp (s, "v5"))
+-            keyversion = 5;
++            {
++              if (opt.flags.rfc4880bis)
++                keyversion = 5;
++            }
+           else if (!ascii_strcasecmp (s, "v4"))
+             keyversion = 4;
+           else
+@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
+  *   ecdsa := Use algorithm ECDSA.
+  *   eddsa := Use algorithm EdDSA.
+  *   ecdh  := Use algorithm ECDH.
+- *   v5    := Create version 5 key
++ *   v5    := Create version 5 key (requires option --rfc4880bis)
+  *
+  * There are several defaults and fallbacks depending on the
+  * algorithm.  PART can be used to select which part of STRING is
+@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
+ 	    }
+ 	}
+ 
+-        if ((keywords[i].key == pVERSION
+-             || keywords[i].key == pSUBVERSION))
+-          ; /* Ignore version.  */
++        if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
++                                      || keywords[i].key == pSUBVERSION))
++          ; /* Ignore version unless --rfc4880bis is active.  */
+         else
+           {
+             r = xmalloc_clear( sizeof *r + strlen( value ) );
+@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
+       para = r;
+     }
+ 
+-  r = xmalloc_clear (sizeof *r + 20);
+-  r->key = for_subkey? pSUBVERSION : pVERSION;
+-  snprintf (r->u.value, 20, "%d", version);
+-  r->next = para;
+-  para = r;
++  if (opt.flags.rfc4880bis)
++    {
++      r = xmalloc_clear (sizeof *r + 20);
++      r->key = for_subkey? pSUBVERSION : pVERSION;
++      snprintf (r->u.value, 20, "%d", version);
++      r->next = para;
++      para = r;
++    }
+ 
+   if (keytime)
+     {
diff --git a/app-crypt/gnupg/gnupg-2.4.5-r2.ebuild b/app-crypt/gnupg/gnupg-2.4.5-r2.ebuild
new file mode 100644
index 000000000000..5b2191cfb0b7
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.5-r2.ebuild
@@ -0,0 +1,193 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0:=
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.46
+	>=dev-libs/libksba-1.6.3
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.2:0= )
+"
+RDEPEND="
+	${DEPEND}
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+PDEPEND="
+	app-crypt/pinentry
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${PN}-2.4.5-revert-rfc4880bis.patch # bug #926186
+)
+
+src_prepare() {
+	default
+
+	GNUPG_SYSTEMD_UNITS=(
+		dirmngr.service
+		dirmngr.socket
+		gpg-agent-browser.socket
+		gpg-agent-extra.socket
+		gpg-agent.service
+		gpg-agent.socket
+		gpg-agent-ssh.socket
+	)
+
+	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i "${T}"/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	# Upstream don't support LTO, bug #854222.
+	filter-lto
+
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		ac_cv_path_GPGRT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpgrt-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+	use doc && dodoc doc/*.png
+
+	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+	dodoc "${FILESDIR}"/README-systemd
+	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
+}
-- 
cgit v1.2.3