[bug#42404] [PATCH] gnu: Add libtmcg and dkgpg.

[bug#42404] [PATCH] gnu: Add libtmcg and dkgpg.

[Justus Winter]

* gnu/packages/openpgp.scm: New file.
---
 gnu/packages/openpgp.scm | 95 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100644 gnu/packages/openpgp.scm

diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
new file mode 100644
index 0000000000..d4bcbacafc
--- /dev/null
+++ b/gnu/packages/openpgp.scm
@@ -0,0 +1,95 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages openpgp)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages multiprecision))
+
+(define-public libtmcg
+  (package
+    (name "libtmcg")
+    (version "1.3.18")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://savannah/libtmcg/libTMCG-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "179b5jx3mqs9hgsj8cfwk6x8qib60kw9szk9fkz6s1gl3v83mnyx"))))
+    (build-system gnu-build-system)
+    (arguments '(#:configure-flags '("--enable-silent-rules")))
+    (inputs `(("gmp" ,gmp)
+              ("libgcrypt" ,libgcrypt)))
+    (synopsis
+     "C++ library for creating secure and fair online card games")
+    (description
+     "The library provides a sort of useful classes, algorithms, and
+high-level protocols to support an application programmer in writing such
+software.  The most remarkable feature is the absence of a trusted third
+party (TTP), i.e. neither a central game server nor trusted hardware
+components are necessary.
+
+The corresponding cryptographic problem, actually called Mental Poker, has
+been studied since 1979 (Shamir, Rivest, and Adleman) by many authors (see the
+first section of [St05] for a short survey).  LibTMCG provides the first
+practical implementation of such protocols.")
+    (home-page "https://www.nongnu.org/libtmcg/")
+    (license license:gpl2+)))
+
+(define-public dkgpg
+  (package
+    (name "dkgpg")
+    (version "1.1.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://savannah/dkgpg/dkgpg-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "1hpfg7akd5icj49i03z74hp9zj0xwl90bndn0hnw0hpb8lk7qcxg"))))
+    (build-system gnu-build-system)
+    (arguments '(#:configure-flags
+                 '("--enable-silent-rules")
+                 ;; https://savannah.nongnu.org/bugs/?58772
+                 #:parallel-tests? #f))
+    (inputs `(("bzip2" ,bzip2)
+              ("gmp" ,gmp)
+              ("libgcrypt" ,libgcrypt)
+              ("libtmcg" ,libtmcg)
+              ("zlib" ,zlib)))
+    (synopsis
+     "Distributed Key Generation and Threshold Cryptography for OpenPGP")
+    (description
+     "The Distributed Privacy Guard (DKGPG) implements Distributed Key
+Generation (DKG) and Threshold Cryptography for OpenPGP.  The generated public
+keys are compatible with the standard and thus can be used by any
+RFC4880-compliant application (e.g. GnuPG).  The main purposes of this
+software are distributing power among multiple parties, eliminating single
+points of failure, and increasing the difficulty of side-channel attacks on
+private key material.
+
+DKGPG consists of a bunch of simple command-line programs.  The current
+implementation is in experimental state and should NOT be used in production
+environments.")
+    (home-page "https://www.nongnu.org/dkgpg/")
+    (license license:gpl2+)))
-- 
2.20.1

[bug#42404] [PATCH] gnu: Add libtmcg and dkgpg.

[Justus Winter]

[-- Attachment #1: Type: text/plain, Size: 903 bytes --]

Brett Gilio <brettg@gnu.org> writes:

> Thank you for taking time to contribute these packages. Overall, without
> trying them and running the linter they seem okay. However, a few notes:
>
> 1. Does this require a new file?

Well, there is no good place to put OpenPGP software.  There is
gnupg.scm, which contains GnuPG-related packages, and some other OpenPGP
software, that IMHO shouldn't be in gnupg.scm.  GnuPG is an
implementation of the OpenPGP protocol.  Putting a different
implementation into gnupg.scm just because it implements the same
protocol seems wrong.

> If yes, please make sure that new file gets referenced appropriately
> in our Makefile so that it gets included in our bytecode compilation.

Sure, I missed that.

> 2. Could you split this into two patches? One introducing the new file
> and a first package. And a second patch introducing the second
> package?

Sure.

Justus

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

[bug#42404] [PATCH 1/2] gnu: Add libtmcg.

[Justus Winter]

* gnu/packages/openpgp.scm: New file.
---
 gnu/local.mk             |  1 +
 gnu/packages/openpgp.scm | 56 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 gnu/packages/openpgp.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index f7c6036ee7..f8a8c16124 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -403,6 +403,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/openbox.scm			\
   %D%/packages/opencog.scm			\
   %D%/packages/openldap.scm			\
+  %D%/packages/openpgp.scm			\
   %D%/packages/openstack.scm			\
   %D%/packages/orpheus.scm			\
   %D%/packages/ots.scm				\
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
new file mode 100644
index 0000000000..b806ab78cc
--- /dev/null
+++ b/gnu/packages/openpgp.scm
@@ -0,0 +1,56 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages openpgp)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages multiprecision))
+
+(define-public libtmcg
+  (package
+    (name "libtmcg")
+    (version "1.3.18")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://savannah/libtmcg/libTMCG-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "179b5jx3mqs9hgsj8cfwk6x8qib60kw9szk9fkz6s1gl3v83mnyx"))))
+    (build-system gnu-build-system)
+    (arguments '(#:configure-flags '("--enable-silent-rules")))
+    (inputs `(("gmp" ,gmp)
+              ("libgcrypt" ,libgcrypt)))
+    (synopsis
+     "C++ library for creating secure and fair online card games")
+    (description
+     "The library provides a sort of useful classes, algorithms, and
+high-level protocols to support an application programmer in writing such
+software.  The most remarkable feature is the absence of a trusted third
+party (TTP), i.e. neither a central game server nor trusted hardware
+components are necessary.
+
+The corresponding cryptographic problem, actually called Mental Poker, has
+been studied since 1979 (Shamir, Rivest, and Adleman) by many authors (see the
+first section of [St05] for a short survey).  LibTMCG provides the first
+practical implementation of such protocols.")
+    (home-page "https://www.nongnu.org/libtmcg/")
+    (license license:gpl2+)))
-- 
2.20.1

[bug#42404] [PATCH 2/2] gnu: Add dkgpg.

[Justus Winter]

* gnu/packages/openpgp.scm (dkgpg): New variable.
---
 gnu/packages/openpgp.scm | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index b806ab78cc..d4bcbacafc 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -21,6 +21,7 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages multiprecision))
 
@@ -54,3 +55,41 @@ first section of [St05] for a short survey).  LibTMCG provides the first
 practical implementation of such protocols.")
     (home-page "https://www.nongnu.org/libtmcg/")
     (license license:gpl2+)))
+
+(define-public dkgpg
+  (package
+    (name "dkgpg")
+    (version "1.1.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://savannah/dkgpg/dkgpg-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "1hpfg7akd5icj49i03z74hp9zj0xwl90bndn0hnw0hpb8lk7qcxg"))))
+    (build-system gnu-build-system)
+    (arguments '(#:configure-flags
+                 '("--enable-silent-rules")
+                 ;; https://savannah.nongnu.org/bugs/?58772
+                 #:parallel-tests? #f))
+    (inputs `(("bzip2" ,bzip2)
+              ("gmp" ,gmp)
+              ("libgcrypt" ,libgcrypt)
+              ("libtmcg" ,libtmcg)
+              ("zlib" ,zlib)))
+    (synopsis
+     "Distributed Key Generation and Threshold Cryptography for OpenPGP")
+    (description
+     "The Distributed Privacy Guard (DKGPG) implements Distributed Key
+Generation (DKG) and Threshold Cryptography for OpenPGP.  The generated public
+keys are compatible with the standard and thus can be used by any
+RFC4880-compliant application (e.g. GnuPG).  The main purposes of this
+software are distributing power among multiple parties, eliminating single
+points of failure, and increasing the difficulty of side-channel attacks on
+private key material.
+
+DKGPG consists of a bunch of simple command-line programs.  The current
+implementation is in experimental state and should NOT be used in production
+environments.")
+    (home-page "https://www.nongnu.org/dkgpg/")
+    (license license:gpl2+)))
-- 
2.20.1

[bug#42404] [PATCH 1/5] gnu: Add libtmcg.

[Justus Winter]

* gnu/packages/openpgp.scm: New file.
---
 gnu/local.mk             |  1 +
 gnu/packages/openpgp.scm | 55 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 gnu/packages/openpgp.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index f7c6036ee7..f8a8c16124 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -403,6 +403,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/openbox.scm			\
   %D%/packages/opencog.scm			\
   %D%/packages/openldap.scm			\
+  %D%/packages/openpgp.scm			\
   %D%/packages/openstack.scm			\
   %D%/packages/orpheus.scm			\
   %D%/packages/ots.scm				\
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
new file mode 100644
index 0000000000..d3cb9027f7
--- /dev/null
+++ b/gnu/packages/openpgp.scm
@@ -0,0 +1,55 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages openpgp)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages multiprecision))
+
+(define-public libtmcg
+  (package
+    (name "libtmcg")
+    (version "1.3.18")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://savannah/libtmcg/libTMCG-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "179b5jx3mqs9hgsj8cfwk6x8qib60kw9szk9fkz6s1gl3v83mnyx"))))
+    (build-system gnu-build-system)
+    (arguments '(#:configure-flags '("--enable-silent-rules")))
+    (inputs `(("gmp" ,gmp)
+              ("libgcrypt" ,libgcrypt)))
+    (synopsis
+     "C++ library for creating secure and fair online card games")
+    (description
+     "The library provides a sort of useful classes, algorithms, and
+high-level protocols to support an application programmer in writing such
+software.  The most remarkable feature is the absence of a trusted third
+party (TTP), i.e. neither a central game server nor trusted hardware
+components are necessary.
+
+The corresponding cryptographic problem, actually called Mental Poker, has
+been studied since 1979 (Shamir, Rivest, and Adleman) by many authors.
+LibTMCG provides the first practical implementation of such protocols.")
+    (home-page "https://www.nongnu.org/libtmcg/")
+    (license license:gpl2+)))
-- 
2.20.1

[bug#42404] [PATCH 2/5] gnu: Add dkgpg.

[Justus Winter]

* gnu/packages/openpgp.scm (dkgpg): New variable.
---
 gnu/packages/openpgp.scm | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index d3cb9027f7..94beab9929 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -21,6 +21,7 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages multiprecision))
 
@@ -53,3 +54,41 @@ been studied since 1979 (Shamir, Rivest, and Adleman) by many authors.
 LibTMCG provides the first practical implementation of such protocols.")
     (home-page "https://www.nongnu.org/libtmcg/")
     (license license:gpl2+)))
+
+(define-public dkgpg
+  (package
+    (name "dkgpg")
+    (version "1.1.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://savannah/dkgpg/dkgpg-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "1hpfg7akd5icj49i03z74hp9zj0xwl90bndn0hnw0hpb8lk7qcxg"))))
+    (build-system gnu-build-system)
+    (arguments '(#:configure-flags
+                 '("--enable-silent-rules")
+                 ;; https://savannah.nongnu.org/bugs/?58772
+                 #:parallel-tests? #f))
+    (inputs `(("bzip2" ,bzip2)
+              ("gmp" ,gmp)
+              ("libgcrypt" ,libgcrypt)
+              ("libtmcg" ,libtmcg)
+              ("zlib" ,zlib)))
+    (synopsis
+     "Distributed Key Generation and Threshold Cryptography for OpenPGP")
+    (description
+     "The Distributed Privacy Guard (DKGPG) implements Distributed Key
+Generation (DKG) and Threshold Cryptography for OpenPGP.  The generated public
+keys are compatible with the standard and thus can be used by any
+RFC4880-compliant application (e.g. GnuPG).  The main purposes of this
+software are distributing power among multiple parties, eliminating single
+points of failure, and increasing the difficulty of side-channel attacks on
+private key material.
+
+DKGPG consists of a bunch of simple command-line programs.  The current
+implementation is in experimental state and should NOT be used in production
+environments.")
+    (home-page "https://www.nongnu.org/dkgpg/")
+    (license license:gpl2+)))
-- 
2.20.1

[bug#42404] [PATCH 3/5] gnu: Add rnp.

[Justus Winter]

* gnu/packages/openpgp.scm (rnp): New variable.
* gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch: New file.
* gnu/packages/patches/rnp-fix-cp.patch: New file.
* gnu/packages/patches/rnp-fix-gnupg-list-packets.patch: New file.
* gnu/packages/patches/rnp-fix-test-setup.patch: New file.
* gnu/packages/patches/rnp-fix-test.patch: New file.
* gnu/packages/patches/rnp-fix-true-false.patch: New file.
* gnu/packages/patches/rnp-unbundle-googletest.patch: New file.
* gnu/packages/patches/rnp-update-expiration-16ecb289.patch: New file.
---
 gnu/packages/openpgp.scm                      |  65 ++++-
 .../patches/rnp-disable-ruby-rnp-tests.patch  |  25 ++
 gnu/packages/patches/rnp-fix-cp.patch         |  27 ++
 .../patches/rnp-fix-gnupg-list-packets.patch  |  35 +++
 gnu/packages/patches/rnp-fix-test-setup.patch |  34 +++
 gnu/packages/patches/rnp-fix-test.patch       |  32 +++
 gnu/packages/patches/rnp-fix-true-false.patch | 253 ++++++++++++++++++
 .../patches/rnp-unbundle-googletest.patch     |  45 ++++
 .../rnp-update-expiration-16ecb289.patch      | 208 ++++++++++++++
 9 files changed, 723 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
 create mode 100644 gnu/packages/patches/rnp-fix-cp.patch
 create mode 100644 gnu/packages/patches/rnp-fix-gnupg-list-packets.patch
 create mode 100644 gnu/packages/patches/rnp-fix-test-setup.patch
 create mode 100644 gnu/packages/patches/rnp-fix-test.patch
 create mode 100644 gnu/packages/patches/rnp-fix-true-false.patch
 create mode 100644 gnu/packages/patches/rnp-unbundle-googletest.patch
 create mode 100644 gnu/packages/patches/rnp-update-expiration-16ecb289.patch

diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 94beab9929..a997f4ed74 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -19,11 +19,19 @@
 (define-module (gnu packages openpgp)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages multiprecision))
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages web))
 
 (define-public libtmcg
   (package
@@ -92,3 +100,58 @@ implementation is in experimental state and should NOT be used in production
 environments.")
     (home-page "https://www.nongnu.org/dkgpg/")
     (license license:gpl2+)))
+
+(define-public rnp
+  (package
+    (name "rnp")
+    (version "0.13.1")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/rnpgp/rnp")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "04b2a5cwy91i41vgix6ws99bg93fav8qizx92bivc75lxii8gisz"))
+              (patches
+               (search-patches "rnp-unbundle-googletest.patch"
+                               "rnp-disable-ruby-rnp-tests.patch"
+                               "rnp-fix-test-setup.patch"
+                               "rnp-fix-cp.patch"
+                               "rnp-fix-test.patch"
+                               "rnp-fix-gnupg-list-packets.patch"
+                               "rnp-fix-true-false.patch"
+                               "rnp-update-expiration-16ecb289.patch"))))
+    (build-system cmake-build-system)
+    (arguments '(#:configure-flags
+                 '("-DBUILD_SHARED_LIBS=on"
+                   "-DBUILD_TESTING=on")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (add-after 'unpack 'fixes
+                     (lambda* (#:key inputs #:allow-other-keys)
+                       (copy-recursively (assoc-ref inputs "googletest-source")
+                                         "src/tests/googletest-src")
+                       #t)))))
+    (native-inputs
+     `(("gnupg" ,gnupg)
+       ("googletest-source" ,(package-source googletest))
+       ("pkg-config" ,pkg-config)
+       ("python2" ,python-2.7)))
+    (inputs `(("botan" ,botan)
+              ("bzip2" ,bzip2)
+              ("json-c" ,json-c)
+              ("zlib" ,zlib)))
+    (synopsis
+     "RFC4880-compliant OpenPGP library written in C++")
+    (description
+     "Set of OpenPGP (RFC4880) tools that works on Linux, *BSD and macOS as a
+replacement of GnuPG.  It is maintained by Ribose after being forked from
+NetPGP, itself originally written for NetBSD.
+
+librnp is the library used by rnp for all OpenPGP functions, useful for
+developers to build against.  It is a “real” library, not a wrapper like GPGME
+of GnuPG.")
+    (home-page "https://www.rnpgp.com/")
+    (license (list license:bsd-2 license:asl2.0 license:bsd-3))))
diff --git a/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
new file mode 100644
index 0000000000..5c8c06524d
--- /dev/null
+++ b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
@@ -0,0 +1,25 @@
+From 9f3c07601393e219cc5979f93fda57bf2d07dee7 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:10:21 +0200
+Subject: [PATCH 6/6] Disable ruby-rnp tests.
+
+---
+ src/tests/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
+index 2f0a1c3f..1c82edbf 100644
+--- a/src/tests/CMakeLists.txt
++++ b/src/tests/CMakeLists.txt
+@@ -164,7 +164,7 @@ foreach(suite IN LISTS suitelist)
+ endforeach()
+ 
+ # cruby does not currently play nice with ASaN et al.
+-if (NOT ENABLE_SANITIZERS AND BUILD_SHARED_LIBS AND NOT WIN32)
++if (NOT ENABLE_SANITIZERS AND BUILD_SHARED_LIBS AND NOT WIN32 AND IGNORE)
+   include(ExternalProject)
+   set(_sourcedir "${CMAKE_BINARY_DIR}/ruby-rnp")
+   if (DEFINED ENV{RUBY_RNP_INSTALL})
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-fix-cp.patch b/gnu/packages/patches/rnp-fix-cp.patch
new file mode 100644
index 0000000000..039912d953
--- /dev/null
+++ b/gnu/packages/patches/rnp-fix-cp.patch
@@ -0,0 +1,27 @@
+From c163e1b12511e9e7df752a01767a2a8ba56c4196 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 15:52:37 +0200
+Subject: [PATCH 1/6] Make copying more robust.
+
+Let the shell locate 'cp'.  This is more robust in environments such
+as Guix or Nix that do not provide /bin/cp.
+---
+ src/tests/support.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tests/support.cpp b/src/tests/support.cpp
+index 3d6a6dc9..d260e166 100644
+--- a/src/tests/support.cpp
++++ b/src/tests/support.cpp
+@@ -283,7 +283,7 @@ copy_recursively(const char *src, const char *dst)
+     // TODO: maybe use fts or something less hacky
+     char buf[2048];
+ #ifndef _WIN32
+-    snprintf(buf, sizeof(buf), "/bin/cp -a '%s' '%s'", src, dst);
++    snprintf(buf, sizeof(buf), "cp -a '%s' '%s'", src, dst);
+ #else
+     snprintf(buf, sizeof(buf), "xcopy \"%s\" \"%s\" /I /Q /E /Y", src, dst);
+ #endif
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-fix-gnupg-list-packets.patch b/gnu/packages/patches/rnp-fix-gnupg-list-packets.patch
new file mode 100644
index 0000000000..b23e76da7c
--- /dev/null
+++ b/gnu/packages/patches/rnp-fix-gnupg-list-packets.patch
@@ -0,0 +1,35 @@
+From 4cb5b2c1d3783bfad3c4f77b2ad2ac89921e91f4 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:03:32 +0200
+Subject: [PATCH 4/6] Make invoking GnuPG more robust.
+
+GnuPG will try to read its state even for operations that do not
+require it, e.g. listing packets.  If the state directory does not
+exist, GnuPG will try to create it.  If this fails, GnuPG errors out.
+
+In some build environments, $HOME may not exist or may not be
+writable (e.g. in Guix and Nix, $HOME does not exist).  This leads to
+a spurious test failures when GnuPG is invoked to inspect packets.
+
+Fix this by using the current directory as GnuPG state directory.
+---
+ src/tests/cli_tests.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/tests/cli_tests.py b/src/tests/cli_tests.py
+index 74b28983..2b7d772a 100755
+--- a/src/tests/cli_tests.py
++++ b/src/tests/cli_tests.py
+@@ -106,7 +106,8 @@ RNP_TO_GPG_CIPHERS = {'AES' : 'aes128', 'AES192' : 'aes192', 'AES256' : 'aes256'
+         'IDEA' : 'idea', '3DES' : '3des', 'CAST5' : 'cast5', 'BLOWFISH' : 'blowfish'}
+ 
+ def check_packets(fname, regexp):
+-    ret, output, err = run_proc(GPG, ['--list-packets', path_for_gpg(fname)])
++    ret, output, err = run_proc(GPG, ['--homedir', '.',
++                                      '--list-packets', path_for_gpg(fname)])
+     if ret != 0:
+         logging.error(err)
+         return None
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-fix-test-setup.patch b/gnu/packages/patches/rnp-fix-test-setup.patch
new file mode 100644
index 0000000000..e155194ccc
--- /dev/null
+++ b/gnu/packages/patches/rnp-fix-test-setup.patch
@@ -0,0 +1,34 @@
+From f544b3e63416f3a824ed2955d119ea0d36c88b36 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:00:37 +0200
+Subject: [PATCH] Make test environment setup more robust.
+
+Previously, a failing test leaving RNP or GnuPG state directories
+behind would cause all tests following it to fail.  Improve this by
+removing the directories first should they exist.
+---
+ src/tests/cli_tests.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/tests/cli_tests.py b/src/tests/cli_tests.py
+index 2b7d772a..8261486f 100755
+--- a/src/tests/cli_tests.py
++++ b/src/tests/cli_tests.py
+@@ -704,12 +704,14 @@ def setup(loglvl):
+     RNPDIR = path.join(WORKDIR, '.rnp')
+     RNP = os.getenv('RNP_TESTS_RNP_PATH') or 'rnp'
+     RNPK = os.getenv('RNP_TESTS_RNPKEYS_PATH') or 'rnpkeys'
++    shutil.rmtree(RNPDIR, ignore_errors=True)
+     os.mkdir(RNPDIR, 0700)
+ 
+     GPGDIR = path.join(WORKDIR, '.gpg')
+     GPGHOME =  path_for_gpg(GPGDIR) if is_windows() else GPGDIR
+     GPG = os.getenv('RNP_TESTS_GPG_PATH') or find_utility('gpg')
+     GPGCONF = os.getenv('RNP_TESTS_GPGCONF_PATH') or find_utility('gpgconf')
++    shutil.rmtree(GPGDIR, ignore_errors=True)
+     os.mkdir(GPGDIR, 0700)
+ 
+ def data_path(subpath):
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-fix-test.patch b/gnu/packages/patches/rnp-fix-test.patch
new file mode 100644
index 0000000000..cb94f14673
--- /dev/null
+++ b/gnu/packages/patches/rnp-fix-test.patch
@@ -0,0 +1,32 @@
+From fede676aec9201cfd18b47ffb60ebb55fa90abac Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 15:54:32 +0200
+Subject: [PATCH 2/6] Make test more robust.
+
+Previously, a single character "0" was written to the RSA signature
+data to invalidate the signature.   However, there is a 1 in 256
+chance of there being a "0" character there, in which case the
+invalidation fails.  Instead, overwrite nine characters, reducing the
+chance of failure to 1 in 2^72.
+---
+ src/tests/key-unlock.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/tests/key-unlock.cpp b/src/tests/key-unlock.cpp
+index 66a44f0d..5610f065 100644
+--- a/src/tests/key-unlock.cpp
++++ b/src/tests/key-unlock.cpp
+@@ -149,8 +149,8 @@ TEST_F(rnp_tests, test_key_unlock_pgp)
+     std::fstream verf("dummyfile.dat.pgp",
+                       std::ios_base::binary | std::ios_base::out | std::ios_base::in);
+     off_t        versize = file_size("dummyfile.dat.pgp");
+-    verf.seekg(versize - 3, std::ios::beg);
+-    verf.write("0x0C", 1);
++    verf.seekg(versize - 9, std::ios::beg);
++    verf.write("foobarbaz", 9);
+     verf.close();
+     assert_false(cli_rnp_process_file(&cfg, &rnp));
+     rnp_cfg_free(&cfg);
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-fix-true-false.patch b/gnu/packages/patches/rnp-fix-true-false.patch
new file mode 100644
index 0000000000..ee76e51bc6
--- /dev/null
+++ b/gnu/packages/patches/rnp-fix-true-false.patch
@@ -0,0 +1,253 @@
+From 028a2f50fbf47d989bbf79be589945bec55b4825 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 15:57:57 +0200
+Subject: [PATCH 3/6] Use 'true' and 'false' instead of 'TRUE' and 'FALSE'.
+
+The latter are not guaranteed to be defined.
+---
+ src/lib/rnp.cpp   | 10 ++++-----
+ src/tests/ffi.cpp | 56 +++++++++++++++++++++++------------------------
+ 2 files changed, 33 insertions(+), 33 deletions(-)
+
+diff --git a/src/lib/rnp.cpp b/src/lib/rnp.cpp
+index a87511a4..9c0385d1 100644
+--- a/src/lib/rnp.cpp
++++ b/src/lib/rnp.cpp
+@@ -5927,7 +5927,7 @@ key_to_json(json_object *jso, rnp_key_handle_t handle, uint32_t flags)
+         return RNP_ERROR_OUT_OF_MEMORY;
+     }
+     // revoked
+-    json_object *jsorevoked = json_object_new_boolean(key->revoked ? TRUE : FALSE);
++    json_object *jsorevoked = json_object_new_boolean(key->revoked ? true : false);
+     if (!jsorevoked) {
+         return RNP_ERROR_OUT_OF_MEMORY;
+     }
+@@ -5992,7 +5992,7 @@ key_to_json(json_object *jso, rnp_key_handle_t handle, uint32_t flags)
+     }
+     json_object_object_add(jso, "public key", jsopublic);
+     json_object_object_add(
+-      jsopublic, "present", json_object_new_boolean(have_pub ? TRUE : FALSE));
++      jsopublic, "present", json_object_new_boolean(have_pub ? true : false));
+     if (flags & RNP_JSON_PUBLIC_MPIS) {
+         json_object *jsompis = json_object_new_object();
+         if (!jsompis) {
+@@ -6011,7 +6011,7 @@ key_to_json(json_object *jso, rnp_key_handle_t handle, uint32_t flags)
+     }
+     json_object_object_add(jso, "secret key", jsosecret);
+     json_object_object_add(
+-      jsosecret, "present", json_object_new_boolean(have_sec ? TRUE : FALSE));
++      jsosecret, "present", json_object_new_boolean(have_sec ? true : false));
+     if (have_sec) {
+         bool locked = pgp_key_is_locked(handle->sec);
+         if (flags & RNP_JSON_SECRET_MPIS) {
+@@ -6029,13 +6029,13 @@ key_to_json(json_object *jso, rnp_key_handle_t handle, uint32_t flags)
+                 }
+             }
+         }
+-        json_object *jsolocked = json_object_new_boolean(locked ? TRUE : FALSE);
++        json_object *jsolocked = json_object_new_boolean(locked ? true : false);
+         if (!jsolocked) {
+             return RNP_ERROR_OUT_OF_MEMORY;
+         }
+         json_object_object_add(jsosecret, "locked", jsolocked);
+         json_object *jsoprotected =
+-          json_object_new_boolean(pgp_key_is_protected(handle->sec) ? TRUE : FALSE);
++          json_object_new_boolean(pgp_key_is_protected(handle->sec) ? true : false);
+         if (!jsoprotected) {
+             return RNP_ERROR_OUT_OF_MEMORY;
+         }
+diff --git a/src/tests/ffi.cpp b/src/tests/ffi.cpp
+index 4224bb7d..28a4f867 100644
+--- a/src/tests/ffi.cpp
++++ b/src/tests/ffi.cpp
+@@ -800,10 +800,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair)
+     rnp_key_handle_t primary = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -814,10 +814,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair)
+     rnp_key_handle_t sub = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "sub", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "sub", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -878,10 +878,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair_dsa_elg)
+     rnp_key_handle_t primary = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -892,10 +892,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair_dsa_elg)
+     rnp_key_handle_t sub = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "sub", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "sub", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -958,10 +958,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_primary)
+     rnp_key_handle_t primary = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -1021,10 +1021,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub)
+     char *           primary_grip = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         primary_grip = strdup(json_object_get_string(jsogrip));
+         assert_non_null(primary_grip);
+@@ -1079,10 +1079,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub)
+     rnp_key_handle_t sub = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "sub", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "sub", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -2483,10 +2483,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub_pass_required)
+     char *           primary_grip = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         primary_grip = strdup(json_object_get_string(jsogrip));
+         assert_non_null(primary_grip);
+@@ -2557,10 +2557,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub_pass_required)
+     rnp_key_handle_t sub = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "sub", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "sub", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -3821,7 +3821,7 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+     assert_int_equal(rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "grip")),
+                                     "20A48B3C61525DCDF8B3B9D82C6BBCF4D8BFB5E5"),
+                      0);
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "revoked")), FALSE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "revoked")), false);
+     assert_int_equal(json_object_get_int64(get_json_obj(jso, "creation time")), 1511313500);
+     assert_int_equal(json_object_get_int64(get_json_obj(jso, "expiration")), 0);
+     // usage
+@@ -3843,7 +3843,7 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+                                     "FFFA72FC225214DC712D0127172EE13E88AF93B4"),
+                      0);
+     // public key
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "public key.present")), TRUE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "public key.present")), true);
+     assert_int_equal(
+       rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "public key.mpis.point")),
+                      "04B0C6F2F585C1EEDF805C4492CB683839D5EAE6246420780F063D558"
+@@ -3851,14 +3851,14 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+                      "793CEBAE8600BEEF"),
+       0);
+     // secret key
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.present")), TRUE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.present")), true);
+     assert_int_equal(
+       rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "secret key.mpis.x")),
+                      "46DE93CA439735F36B9CF228F10D8586DA824D88BBF4E24566D5312D061802C8"),
+       0);
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.locked")), FALSE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.locked")), false);
+     assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.protected")),
+-                     FALSE);
++                     false);
+     // userids
+     assert_int_equal(json_object_array_length(get_json_obj(jso, "userids")), 1);
+     assert_int_equal(rnp_strcasecmp(json_object_get_string(json_object_array_get_idx(
+@@ -3907,7 +3907,7 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+     assert_int_equal(rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "grip")),
+                                     "FFFA72FC225214DC712D0127172EE13E88AF93B4"),
+                      0);
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "revoked")), FALSE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "revoked")), false);
+     assert_int_equal(json_object_get_int64(get_json_obj(jso, "creation time")), 1511313500);
+     assert_int_equal(json_object_get_int64(get_json_obj(jso, "expiration")), 0);
+     // usage
+@@ -3924,21 +3924,21 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+     // subkey grips
+     assert_null(get_json_obj(jso, "subkey grips"));
+     // public key
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "public key.present")), TRUE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "public key.present")), true);
+     assert_int_equal(
+       rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "public key.mpis.point")),
+                      "04E2746BA4D180011B17A6909EABDBF2F3733674FBE00B20A3B857C2597233651544150B"
+                      "896BCE7DCDF47C49FC1E12D5AD86384D26336A48A18845940A3F65F502"),
+       0);
+     // secret key
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.present")), TRUE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.present")), true);
+     assert_int_equal(
+       rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "secret key.mpis.x")),
+                      "DF8BEB7272117AD7AFE2B7E882453113059787FBC785C82F78624EE7EF2117FB"),
+       0);
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.locked")), FALSE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.locked")), false);
+     assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.protected")),
+-                     FALSE);
++                     false);
+     // userids
+     assert_null(get_json_obj(jso, "userids"));
+     // signatures
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-unbundle-googletest.patch b/gnu/packages/patches/rnp-unbundle-googletest.patch
new file mode 100644
index 0000000000..d573895ecf
--- /dev/null
+++ b/gnu/packages/patches/rnp-unbundle-googletest.patch
@@ -0,0 +1,45 @@
+From 3d435bbc8c73c78260f510a8d7fd02f81e22f125 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:10:12 +0200
+Subject: [PATCH 5/6] Unbundle googletest.
+
+---
+ src/tests/CMakeLists.txt          | 2 +-
+ src/tests/gtest-CMakeLists.txt.in | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
+index 1a7ab905..2f0a1c3f 100644
+--- a/src/tests/CMakeLists.txt
++++ b/src/tests/CMakeLists.txt
+@@ -50,7 +50,7 @@ endif()
+ # maintain compiler/linker settings on Windows
+ set(gtest_force_shared_crt ON CACHE BOOL "" FORCE)
+ # add to our build (provides gtest_main target)
+-add_subdirectory(${CMAKE_CURRENT_BINARY_DIR}/googletest-src
++add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/googletest-src
+                  ${CMAKE_CURRENT_BINARY_DIR}/googletest-build
+                  EXCLUDE_FROM_ALL)
+ 
+diff --git a/src/tests/gtest-CMakeLists.txt.in b/src/tests/gtest-CMakeLists.txt.in
+index b8878ea5..16cd49ad 100644
+--- a/src/tests/gtest-CMakeLists.txt.in
++++ b/src/tests/gtest-CMakeLists.txt.in
+@@ -4,10 +4,10 @@ project(googletest-download NONE)
+ 
+ include(ExternalProject)
+ ExternalProject_Add(googletest
+-  GIT_REPOSITORY    https://github.com/google/googletest.git
+-  GIT_TAG           master
+-  GIT_SHALLOW       yes
+-  SOURCE_DIR        "${CMAKE_CURRENT_BINARY_DIR}/googletest-src"
++#  GIT_REPOSITORY    https://github.com/google/googletest.git
++#  GIT_TAG           master
++#  GIT_SHALLOW       yes
++  SOURCE_DIR        "${CMAKE_CURRENT_SOURCE_DIR}/googletest-src"
+   BINARY_DIR        "${CMAKE_CURRENT_BINARY_DIR}/googletest-build"
+   CONFIGURE_COMMAND ""
+   BUILD_COMMAND     ""
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-update-expiration-16ecb289.patch b/gnu/packages/patches/rnp-update-expiration-16ecb289.patch
new file mode 100644
index 0000000000..f552c5a9ea
--- /dev/null
+++ b/gnu/packages/patches/rnp-update-expiration-16ecb289.patch
@@ -0,0 +1,208 @@
+commit 16ecb28974b18e51f9060c86c7229f3b7e1cbb88
+Author: Nickolay Olshevsky <o.nickolay@gmail.com>
+Date:   Fri Apr 10 16:29:52 2020 +0300
+
+    Update expiration date of test keys.
+
+diff --git a/src/tests/data/test_stream_signatures/pub.asc b/src/tests/data/test_stream_signatures/pub.asc
+index 10f0509f..9da95e7a 100644
+--- a/src/tests/data/test_stream_signatures/pub.asc
++++ b/src/tests/data/test_stream_signatures/pub.asc
+@@ -9,16 +9,16 @@ Wf4zSDhsEabUFJn2HoBdSoObcDX3DbBLP4GV7KzBDqJ0ZYfyL92Q58wOs5Q8ZDVP
+ v41PvEijwVrgNDq02LYxcHgNDAJ++eGOxQdySb3Blo56AorS3xsVtIXFFlzMFB0j
+ X0lUIeGEj5iKs4xpbRr/EE+m0B70fg2Yn/XpslUnOgboaNp/mZ5T4Zpe1kz/jDV4
+ aNZ3p3l2DxxF8AUAEQEAAbQWdGVzdF9zdHJlYW1fc2lnbmF0dXJlc4kB1AQTAQgA
+-PhYhBHpg5nEXn5uSD2R4olhzvXOOV1OYBQJau41QAhsDBQkDwmcABQsJCAcCBhUK
+-CQgLAgQWAgMBAh4BAheAAAoJEFhzvXOOV1OYt5wL/iwz9BqzPpsGzTMtuCxGlUt5
+-A1p0aOwK6hD8oDlW5Tq9fuJwKrf0bSen5MPRTs7tkRQ5loriRiqwrgqggxbf2wJx
+-bFM3p3OF/CO1NMRBeCQCr37hKmtyPv3rmSHRhdeW6IdA5RS5I+UqgUZ18UF9f5va
+-zM49pflxeDLq16388gcep8pnppw8J0XBFzxW4KWEGLxto1LElq5SJzdTTwQiN2cZ
+-XmDChFyyQhesxY3qosV2jtIJktLT9Pl1qmxr/wwJf38J5DKmvJeisAl55SahN9l1
+-owe2ACHQuE9L0HpjxYYxvmFeing0eydDyU10RVgavdI6+ztfVas5f38zy6r3uxX+
+-mSbV/w4LELvT0jmTAxpVM1O9N7pB71xKypTfsMNEOxi1fWx+/bpB6GVy319JF4aE
+-JfJYO8rAMWn3UpvY8FaxuCnsDudmpwEvzgOHhr+EOyWlWMbpfC+vtFXncPjEPn7R
+-lRVy5CkSL+WidtcRmI82iG8hfG3PcpFryea8zMTKCLkBjQRau41QAQwAwB/4Oa2w
++PgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBHpg5nEXn5uSD2R4olhzvXOO
++V1OYBQJekHJ9BQkWoOgtAAoJEFhzvXOOV1OYdCUMALQ5AsHoE+RU66Qs1qWxQK9k
++R7wd0j3yLs/l9eUElpXFz0W/ZRWR2bZ9aO8fuCEQTXPgNtdGBG06fCB/MrpTCwoE
++ScUTlz0jGqC8CqbjfV6a92abk+9fXJkYcWyCjFJ0nWzQSSLOlNJ5xesqBB+yBNx7
++xyWuggnTcg5F1IbiVN4R3yhKboUZu2nvXIBJVl/JYT5f0jQUAeYLsalmF6Ug6mW3
++yVR2wvIlvA5BGlr3qJrIZH22QRPNOfwKZorhPvzD1yj/CXlV4zDDl2TjlcuAkcsT
++mqEq+gg/PkLsCpEd1rHIwbplCJiWAxTZLchw49VkGvWAFsiXKCfaWkHZaJpTbTfP
++vXppxeJ6VCt/+jU7x8KvRXyqWt45OqIbgs+mi9X4VXqLGXORh4auN6vT/V3uLTOU
++1rftvc6mEvcYoKVGNutKcQwfl+MJwfMcjAtDAsov8V6CNDJYGMBZVI6wjh6gt34O
++LjlhHM/znBU+FTtPyjSAOvD2SR3oQyVr5gSKVtlPBrkBjQRau41QAQwAwB/4Oa2w
+ 4qupz0+KCmmutEezSKZkf7xZ7UFO87X4hYdoyOUfmtnz4jjA6V5KpZ8DMfrEB9bm
+ vfHaQBrCdASxspfXDAXfZCV8UqyP+RBItfqdT/tlPxd1uWVqO8pwd0UvXgDICiXy
+ mCmUOsJ8sajI0X7yN+PjDGoGrUbT8sXpOdGD0aG5ARnaNr9zKa/7RiEaLt8SGdAt
+@@ -27,15 +27,15 @@ NYMeTk33YoRDlhWWepLYkKZ4Tkrq9A3E/5WjJcFP5NuG8pSM7i+T9glRsZCUH0gI
+ BhbzTwehQZ3ZM6Rj0aCiFrxBCfzrhjM9PXiJhXwJmV2vCVW2GQZndkF2JwAcAAsF
+ 5mzQD/ylkVLvTg4evNfiFTVQog8nLV0ZyKmodTSUWJCBVgzFP1IuHMbObeAWQF8x
+ jO69SGt4iOGQw68JljCPBJ8u6N7GMY81mTY/36tWd5pIxOLnAbpodl1DABEBAAGJ
+-AbwEGAEIACYWIQR6YOZxF5+bkg9keKJYc71zjldTmAUCWruNUAIbDAUJA8JnAAAK
+-CRBYc71zjldTmBliDACYyguYp9V80mApoM9cdswJCSJu5TpAv+fP+hcekLE0I7wq
+-qs7+zd0vasrReemgMMA9gx2IbSUZxWPUSoZloJsxcoBfEjlfoNNRXn2X9Hq7NUhu
+-19gMdwUxtnyd4dOIleYqk93QkydTeqciI+xZ0s2lmiOps0FDgKLWAbNdC/kWOp5x
+-GHx+Dy9D+cM+4YxjfBnxplG3qreY5Vmu2tlYTXG41LjJHpXL0LOQXdVf6ZdcVdQ5
+-CCynd583xL9fjxGtAoNYV5LK/1qAZuqFVSk/R9eEy2664W/Fj4I5LlH/UQIfcTdl
+-ItY+/5mFa0CK7/7uucy7zfIwILx3M9nAvzbFaTdDP7ZBOO6xkeQE22WOMYrcGGkr
+-lPueHq/gbu/4fl1XHyl4oHJZdqTaI9a9vwO/342ct+y9agtpkooSpljDavVSPiO+
+-wWd45g52HsY/bF/A7qv1e7ucH11elQgUXW6Q8kGvTy/FYMWjk5tV+mokI/k6rupt
+-SEvTyvqqYIWvhPXmkI0=
+-=C3aD
++AbwEGAEIACYCGwwWIQR6YOZxF5+bkg9keKJYc71zjldTmAUCXpBymQUJFqDoSQAK
++CRBYc71zjldTmOHODACQHml5YT4hsNN4OLP6xNdEKCCjLfY7V1EKYZZU671vYTQn
++qIRTGhNB18FATHJwONMjMegsu/8K67V3acnW7cszUbZDC1OMC7Mo0qFHvysfbxbq
++4Pb10QYtqvmla8nerbKGKqxm32CRYZf2qZ4pXG/7MvE5aAQPXR+cBgByU9EHOB5K
++t9NwYm7MEZyOSNvcRaJIN1aeS8cur5veRoLLEWYhBF/FrOusCLvkupQ/rqnsqr/D
++IHaxjHFpSwxAHan8VxkeHsxZNTYb9eejmXTBUrqePARGyuHiqCK7w0fv/RW+mXbn
++UDJl+NIg2F0oMcsoqj2F74IWkcn7X7FMP2XQv99PuAgVd9q1XhxDXSBUyXCT+E41
++hmR4rtdQRg8JiJ4RZKE8arDjRVXZdaiNMW9J5vjWrlyvqLiVyNmyyHw63LXNO0cN
++Qv4qz+S5gir8JAHYzZFnjvisll1Ur9JSQWyg97OB6dsIN7Im6sJOcjpkpHgA5v+9
++hMHj3/yuwMXx6aMHF1A=
++=zbzp
+ -----END PGP PUBLIC KEY BLOCK-----
+diff --git a/src/tests/data/test_stream_signatures/sec.asc b/src/tests/data/test_stream_signatures/sec.asc
+index f2e170d2..3b8acf1a 100644
+--- a/src/tests/data/test_stream_signatures/sec.asc
++++ b/src/tests/data/test_stream_signatures/sec.asc
+@@ -8,38 +8,38 @@ bxFGBMeUG66wv4L/+LPWdbt+v22vFTZTdz9KEEgdbYFgSA1Y1CoGgryNwUajbTNa
+ Wf4zSDhsEabUFJn2HoBdSoObcDX3DbBLP4GV7KzBDqJ0ZYfyL92Q58wOs5Q8ZDVP
+ v41PvEijwVrgNDq02LYxcHgNDAJ++eGOxQdySb3Blo56AorS3xsVtIXFFlzMFB0j
+ X0lUIeGEj5iKs4xpbRr/EE+m0B70fg2Yn/XpslUnOgboaNp/mZ5T4Zpe1kz/jDV4
+-aNZ3p3l2DxxF8AUAEQEAAf4HAwJnOWbrDVPUsMKs7NrQhmnmA68peKqJz2c5mUqo
+-jFxyhmK/vGieqWlYxDLHK7QvnBHfNUDC+rEQhplarLCbqQRZXv6mbQhz36tq4aUL
+-JOJoaDdsA/F0gtDJSEI3DurnEuYUBjgYqbJ4oGcJh1OseeKZCoQwjL4+b415TXui
+-6kbU47rJMMUyOyrBObCPZNVIIPoE9xouAJRDsvK2BBbU5d+Au1pyydF6HtHrMjUv
+-LkGD98A99G/T5ykjpwFrTf9LWRcgC1wj7tMkf6hmCZOZZQrAsc2bTkBIC/qyaWRb
+-DKc0HFsf5/ZK3/KrqKLvahzJ8vCBz1onBVil944YFIF8W4/pSgfNcQ2jWzu3mCKn
+-U+cFEoQig2Z9VEpkgeV39VW0OVYcLZF+5E7LudWScP81GA+pPeGTY6wXHJotlXi+
+-wT6NLsf+IiA51cxWfUGR0JD1NGynfgMLB2Xl5ajZjJPEnQmA26VG9oYbhD4+HszT
+-YbcOCVXxWlwaZex0quk+n/zREHCLa7NdTJVDTQohGRGXC0Hko0x09zoOBkt8J87h
+-woD5Wxk/QxgurWL093nDl58oTvx89KK9mcdkCZ8iDC1DuiBcIg6MsnlbPKva/lrA
+-FxBtYO7QbsX750kejrp0rcA2kj/+1Gr7kTzqa9EXj18zf/Bc6DKkkScpIg4Q6/+6
+-lxzoyBuVwAjT2XUYgNYUDpjjFgb0adEaNX7r18RuzGQ4P8NZ3tt0UGXrhUL7tgCW
+-aEAQdLtpmBhEk78A1Jt4EPArI9KBIZgwiiVmFWQSzfLUNtwWcROD52021AlSiukW
+-8yHq8vj/tziOUY9eTo5ghDN9d0nodDocSmfkH1X+nG2+Qxr3ksGwsN4haboslWLZ
+-vNvuQLLXQNxj8HhiWAVeCtc0LSatNZNUDli/BD8Z2KQ2FskCfHT7UVZt5ruOO48U
+-tNuOKcAszrNZXKfRf1u3rClfRKIwZItzXchTkVF1BsDT++Pe0D9qlQ8LPjQwqYZM
+-WWgJq2FrGE/FLP0MidKqyUrg5KOWIx6yNFPo01GbUJjuSVwnWBKFmN5/XKtXmglh
+-yVb+Wy2xABStwipQkEito3QRtBXnxvyfDjW+gtQh52vb8UDXJLPWCmNHKfaxXLb7
+-Liu1kRl/qP5JIjX5rCBTXyRJXt3heLGOHi5jD9oig4iQADIGk6IapnJ2c4qGlTye
+-7itOU7l2R8sKOEAWkxA4XazLiOYOuThrw2dXheuuHTPgDj2E+J9eGuFrtAcUEm77
+-7PddE4YjDjDXGidorru1feF/z86XeN7FOYhGwmBax4XaFYmW0HTOBSjgi3uAnlGd
+-jmG9GhPq7KYG8unPaUcIJuFCk7ZVyKfPtBZ0ZXN0X3N0cmVhbV9zaWduYXR1cmVz
+-iQHUBBMBCAA+FiEEemDmcRefm5IPZHiiWHO9c45XU5gFAlq7jVACGwMFCQPCZwAF
+-CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQWHO9c45XU5i3nAv+LDP0GrM+mwbN
+-My24LEaVS3kDWnRo7ArqEPygOVblOr1+4nAqt/RtJ6fkw9FOzu2RFDmWiuJGKrCu
+-CqCDFt/bAnFsUzenc4X8I7U0xEF4JAKvfuEqa3I+/euZIdGF15boh0DlFLkj5SqB
+-RnXxQX1/m9rMzj2l+XF4MurXrfzyBx6nymemnDwnRcEXPFbgpYQYvG2jUsSWrlIn
+-N1NPBCI3ZxleYMKEXLJCF6zFjeqixXaO0gmS0tP0+XWqbGv/DAl/fwnkMqa8l6Kw
+-CXnlJqE32XWjB7YAIdC4T0vQemPFhjG+YV6KeDR7J0PJTXRFWBq90jr7O19Vqzl/
+-fzPLqve7Ff6ZJtX/DgsQu9PSOZMDGlUzU703ukHvXErKlN+ww0Q7GLV9bH79ukHo
+-ZXLfX0kXhoQl8lg7ysAxafdSm9jwVrG4KewO52anAS/OA4eGv4Q7JaVYxul8L6+0
+-Vedw+MQ+ftGVFXLkKRIv5aJ21xGYjzaIbyF8bc9ykWvJ5rzMxMoInQWGBFq7jVAB
++aNZ3p3l2DxxF8AUAEQEAAf4HAwIVPI0CbfDyq+TuIyTWilgZSWAym9yP2zRCaNTU
++lixcJLELTQPR2Qy2SNfzu7aGEY7NpA0rHG6YOaFUhvoXLFRbzZ5OiLawurz9zk2I
++NrgD+10j57b0FNGmofsu5K4/0YbTyzls/TKVJAMxqXvtT9z1Zw4XywferO+PMIba
++0Oh14C7lIWEI5K5/iR6TC1ob7L/UyQ4/OK/1J555eOsN8/SIk4BZsD8qPg1RnL0c
++sJrzMvv69sBYOIFpb9U9Fu7AOwRWEzwZaCC1xhyPemOF3gZ1FKv3N/WEBOJvjyAZ
++XGltS4BUwSpXDNmHvQn5GzIsY54bY8eKlLrBudrrXetuWAko1a65FzCwVWONyr5v
++rOykS7fsLgRHj7fESqooTNNRd64WnUFBWalBqArSKTcswXEfLQaS7O2ifXmQVMLm
++RiA0gS5j3Jz5l2W8YFwzrShEsH+mKUPjDkIDYcqkyMKqVZzr1HlfbDOpfzIrknAz
++NQYeqWYiJCGGNPTqgFJQnGczcgkabClR85rXWuLJ78cr9pdC5noJzp2597vuaD59
++eh9yW2+prAcHwUK9ySv5orLUEGO2TAHEg/OHAcFQ0Q2dRlH1MQNeCUTD3i24wl/8
++MtVs+ZlB7ZWp7EpEtyt2o6cT0Kw+GhqLKt5F8mRImu2NAmjL5Fp4UpXbLz3xPKZ1
++S+0Z5kWspzmboO0A9cE4mbCwOp3IrxaylWbo1CY4cgmMbxaOc6lIExd1EqArg7/b
++rFAjOKRk/dV1hZ5Gjf54BuFu+zPbttvz5HWMbsL1NlLSBC37bdGisL6jGL+SaZwL
++FLBzxzqHrR2tJLSomS7hy+hP11XvdQV2LHvFDaqZH5CVR28AG0YPb70YeFWWaTcs
++WSqcs/plXqbfDb1pA6fq2ILzyJvJ+4Tg4vmW3kPE2lqGdQUo20BxH6ZvuH1k7RVG
++JpO5U1D+8slTfZH5l90KujKRUEyqqjEj6F6r+mKYYoMJZ8+q+8QzoXyavX25Z3pm
++ST6jvOhigmeYkZpAPi91qGujC4giNf0iqc5H8vnb/K15aiyBPCtAYrv0pbu17Hkf
++giRWwExSCJr0hm/BlCEFc8rWUzFhnNFW9BCl8PUpgxZy4rvTUr/hlJobuDe8AbxJ
++bKdOg2rhqgBU9MezUSkuWMaKYO2Cm/W4Awn+EajZOXubH/NwSkbrbMQ/NhZ2Mpuq
++M/PrsCrEu8gYVJb3OzxAUL3cZD08+uSe41C66jaBtezFfWFPaDRTMIHcRFUeixtd
++XEiUUHwe1GKwvvbPWr+hbKSfwMOVGVYJ3R7H8rSs8k7I4gaocp8h+Dy+6NnZGXiM
++LewOsSVgj8E5J9Z0l6IeWdWP4G7u4qCOtBZ0ZXN0X3N0cmVhbV9zaWduYXR1cmVz
++iQHUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEemDmcRefm5IP
++ZHiiWHO9c45XU5gFAl6Qcn0FCRag6C0ACgkQWHO9c45XU5h0JQwAtDkCwegT5FTr
++pCzWpbFAr2RHvB3SPfIuz+X15QSWlcXPRb9lFZHZtn1o7x+4IRBNc+A210YEbTp8
++IH8yulMLCgRJxROXPSMaoLwKpuN9Xpr3ZpuT719cmRhxbIKMUnSdbNBJIs6U0nnF
++6yoEH7IE3HvHJa6CCdNyDkXUhuJU3hHfKEpuhRm7ae9cgElWX8lhPl/SNBQB5gux
++qWYXpSDqZbfJVHbC8iW8DkEaWveomshkfbZBE805/ApmiuE+/MPXKP8JeVXjMMOX
++ZOOVy4CRyxOaoSr6CD8+QuwKkR3WscjBumUImJYDFNktyHDj1WQa9YAWyJcoJ9pa
++QdlomlNtN8+9emnF4npUK3/6NTvHwq9FfKpa3jk6ohuCz6aL1fhVeosZc5GHhq43
++q9P9Xe4tM5TWt+29zqYS9xigpUY260pxDB+X4wnB8xyMC0MCyi/xXoI0MlgYwFlU
++jrCOHqC3fg4uOWEcz/OcFT4VO0/KNIA68PZJHehDJWvmBIpW2U8GnQWGBFq7jVAB
+ DADAH/g5rbDiq6nPT4oKaa60R7NIpmR/vFntQU7ztfiFh2jI5R+a2fPiOMDpXkql
+ nwMx+sQH1ua98dpAGsJ0BLGyl9cMBd9kJXxSrI/5EEi1+p1P+2U/F3W5ZWo7ynB3
+ RS9eAMgKJfKYKZQ6wnyxqMjRfvI34+MMagatRtPyxek50YPRobkBGdo2v3Mpr/tG
+@@ -48,36 +48,36 @@ IRou3xIZ0C2FyrhzVlZZFZelZV556QvnD4oMSnpOhkEwWebgzpdXzeiE91Ea34il
+ CVGxkJQfSAgGFvNPB6FBndkzpGPRoKIWvEEJ/OuGMz09eImFfAmZXa8JVbYZBmd2
+ QXYnABwACwXmbNAP/KWRUu9ODh681+IVNVCiDyctXRnIqah1NJRYkIFWDMU/Ui4c
+ xs5t4BZAXzGM7r1Ia3iI4ZDDrwmWMI8Eny7o3sYxjzWZNj/fq1Z3mkjE4ucBumh2
+-XUMAEQEAAf4HAwIJVey/KKWPocL6fOspBqT2URMqaYYU/fyN6cSa0Clx1T+zrcD1
+-swWZF/Q8Ia+wDLHzMLeYbeWz0wBodpcIpRGSDNbNHAn6GMk4K23UGzMIquvCEvbd
+-XY7/N032emPBZ61Y2VJ5MuioA9lvG+HRirf/QmagveHAtPBqkjDwjE0nL7MarH7g
+-bNIHZfpYzywd3WRpvYlRebujkriS40EIAbXC6OWnlOs7srXroSpkbuqUYmx3MTMa
+-N5cP7DR+uxbiozJHW8k6Cg3MBPbdbfued3Lobc98UCuW6+0J0H8BGzDOT9eGgYQn
+-mtBaqCjCZqbN4d59Z9rp/qX6kSISZohl05rwjFI0vsi9M4cQApwrb9R7mBqCN1Xm
+-w0NTUeR9rPDomrpb0sTUzXJbrjdLXqe6RdNbEWvcJeWRxNWbzqlGTr2tmUa34XMg
+-BprMcRQXVcf7uHVsYCRCixurQTkFfejAVNIYt6x8OHRheR5XGdyakWr/iY4iBAjf
+-abWDa4huryYD4PtpY0GDzHEyO7trSSPKRnYUIobmye/4LOfcNBC3HCx1suXXgALF
+-MFMgvMJIRKr5HhbfpkJVYaU8M+R9mswkxyQxaPTO67RWVkIRsQgz4DzVw/sLuv5y
+-G+bBEgEU95OtCE3CPmXApk2aBzRkoXubw7L5wdTLI9keWClB+cqYsuc5xYUvRswj
+-qCJWALjE0x48FP+3AmT+0BPTwevhZ77QrZ4nKdlYXrRdoRsHrVCh2srVdCr5a/Ou
+-6d4lrhTkRZsW+X3uu3gnznVrcJygIKPW/Plw3zI1aFJBMgtFtnrIr+I1k/dlHaVi
+-tAtfkkszvIupjE28JlfsYsNxSr/nKlC/r+seGuxCUJnKR9Vl55p4ByTkae2aFD94
+-bPytybrpT/uZi/5evr0cgY4SkFQmzt1BvNdVU1vgi6tsw7NmSClUPZINqzB1SeAP
+-bx7wAeq5h9dsHMAERgw1fwrqDdVem0wZPX/2VBJlVFZmrDsogv/6XEsQdSS9deCW
+-gVR3CweHByxvjxdzu+2gZ/EDL6UdXE+X6DhQkUrETAkP+fEN28dPvLFmVPibpdN7
+-VSpg1qTJIXCY2AHIfrZQzs02J1/vJNaTMGRdAT0ApbNndLeqZK2zaf39+SvagO3/
+-uxheTDEc0/kovDtq6KRWj1TtbpzsdOphL+o5QMyZKl0oeVITRWoirCi57K2W05xJ
+-83bEhMYMcmW0enbVWzJ4ilWK1NGgTZvAzLMBYIXXjv+Q6yJA2kjlY6iBH+56XTO7
+-l/xhvBHLMwdkivvNgAb9Zx7fbFSj0gw9PsMXdwwzXKMtWIqSeptcQUYHFlOlx7DX
+-Fjw/d5MtDlXxX41l6eeXYYkBvAQYAQgAJhYhBHpg5nEXn5uSD2R4olhzvXOOV1OY
+-BQJau41QAhsMBQkDwmcAAAoJEFhzvXOOV1OYGWIMAJjKC5in1XzSYCmgz1x2zAkJ
+-Im7lOkC/58/6Fx6QsTQjvCqqzv7N3S9qytF56aAwwD2DHYhtJRnFY9RKhmWgmzFy
+-gF8SOV+g01FefZf0ers1SG7X2Ax3BTG2fJ3h04iV5iqT3dCTJ1N6pyIj7FnSzaWa
+-I6mzQUOAotYBs10L+RY6nnEYfH4PL0P5wz7hjGN8GfGmUbeqt5jlWa7a2VhNcbjU
+-uMkelcvQs5Bd1V/pl1xV1DkILKd3nzfEv1+PEa0Cg1hXksr/WoBm6oVVKT9H14TL
+-brrhb8WPgjkuUf9RAh9xN2Ui1j7/mYVrQIrv/u65zLvN8jAgvHcz2cC/NsVpN0M/
+-tkE47rGR5ATbZY4xitwYaSuU+54er+Bu7/h+XVcfKXigcll2pNoj1r2/A7/fjZy3
+-7L1qC2mSihKmWMNq9VI+I77BZ3jmDnYexj9sX8Duq/V7u5wfXV6VCBRdbpDyQa9P
+-L8VgxaOTm1X6aiQj+Tqu6m1IS9PK+qpgha+E9eaQjQ==
+-=vuN6
++XUMAEQEAAf4HAwKHPjD5J2XTROT4F02fJHp3k5ROZ6tELUQnFme5bv71OBmvpyPL
++Qag7Ix/ZJzrNdJi6gkii2w6Kd8TzdOESSKL+LimY+wHprev/udy6JGGpPK4EMp61
++o3sNR6lDqvKFFgW7rnE6DU7UeyiWv4GCC/aC0ivxQASHdu5IQBZftx/WO+J84xw3
++q4Xd4bGn0Dm9CRzd5SoJdVFeuhVTqqhzyu8O8u7VLIRhCwp5cZE6IgJb1f6+B4+x
+++gaoWZJwvUqqnJQCKY670qKlyhXEmoILJ7zdG6sVyaeIvJR6lZfvqBnWo4Uu1vL7
++uo9GVzCLR0GLaiMR0I9Z1BmeRDVUP9Vbk3P0MxeKcequPbboaDqHtNejxvGeOT1M
++QC+6ugHp+vHSSwHxiMJM1b66hBJc6OnQauBugjvro+nsgCOe1+BqWVkJ/ycwPHOB
++v3r9TfaqUO/0wAni3x8cLnRQNA5IoIgifzP6zc02styO0QPuNKDMOj/TMNQw668g
++W2kZllB+aki42tWZ095eVGtt9hJltLKqGciLfTmBQQvvtmAJyFhVYwsKAGfj1xqz
++E6/wCRRu5zQ2y0JUAIeNUVimX+3mFXsb+QxrZOsxh9EGYQxyRKHKkQtCtNzuWLhB
++Q2IHNeIlkxptRmq0TvApe2sV06orPqW9oCXULrWNFq0Ur4KD3AuLhZLFK+r2/gj4
++grTafzV7b4pWzQQq0ynqXAgkKHRg9eL2CQlfrlMwoteYJZPjEoHTtIW+yi0izXpc
++KZYROwyZVEV5x2Mr/yhH/IA6r/mDrnq2L6q1k5OjW6GzOFZg7lYjybq8sHUwzbhe
++gbgix/CUZf2Bk3TIGxaiYLnijbT1te9hLpQIdTHdnS/MDPPy3hQWoi1lP0rykypg
++yKToeu1UKocuTzwgVHG7GC6XbdsYoqo46TQO22ckAFk68t/50gJFzIILEEqiRHBc
++jmmdQGZKZst4fI7nXxE0KuYpSdX9NRIF72vptT+Ag59AOdVRxNHXD78G7vO8zv9i
++npJWSOEYWt8gVhbuaOVNoQbE1ox7J3CEoh9vfOFciTWZbVTVKDkFa7f8jld4v6sm
++ePV2ol2No2/7aJx+DH78pg32OW+fDD3rasmtC833LLUdyOCSllU4TGpRIU4bhprz
++7+CzQfhQrkz0LfS2RizzpAis9BitoizwWLjMrhHN/X5uffKM3J2OjmZ4nCOQUSeW
++3BNwzcWLIIoCZ/ior8sh8lexrVVwy/YCJFGZl8S/gkxgjKX5Wiem7UV+92QqNk5N
++ogxSwgrwJVieWH17ILTpvDJRJsM3JhhTVhHme/JF6CQGo8J3wUzR6nfNaPhXQrxH
++lNcRDiC57AkOlnI7coOs0YkBvAQYAQgAJgIbDBYhBHpg5nEXn5uSD2R4olhzvXOO
++V1OYBQJekHKZBQkWoOhJAAoJEFhzvXOOV1OY4c4MAJAeaXlhPiGw03g4s/rE10Qo
++IKMt9jtXUQphllTrvW9hNCeohFMaE0HXwUBMcnA40yMx6Cy7/wrrtXdpydbtyzNR
++tkMLU4wLsyjSoUe/Kx9vFurg9vXRBi2q+aVryd6tsoYqrGbfYJFhl/apnilcb/sy
++8TloBA9dH5wGAHJT0Qc4Hkq303BibswRnI5I29xFokg3Vp5Lxy6vm95GgssRZiEE
++X8Ws66wIu+S6lD+uqeyqv8MgdrGMcWlLDEAdqfxXGR4ezFk1Nhv156OZdMFSup48
++BEbK4eKoIrvDR+/9Fb6ZdudQMmX40iDYXSgxyyiqPYXvghaRyftfsUw/ZdC/30+4
++CBV32rVeHENdIFTJcJP4TjWGZHiu11BGDwmInhFkoTxqsONFVdl1qI0xb0nm+Nau
++XK+ouJXI2bLIfDrctc07Rw1C/irP5LmCKvwkAdjNkWeO+KyWXVSv0lJBbKD3s4Hp
++2wg3sibqwk5yOmSkeADm/72EwePf/K7AxfHpowcXUA==
++=Nabv
+ -----END PGP PRIVATE KEY BLOCK-----
-- 
2.20.1

[bug#42404] [PATCH 4/5] gnu: Add python-pgpy.

[Justus Winter]

* gnu/packages/python-crypto.scm (python-pgpy): New variable.
---
 gnu/packages/python-crypto.scm | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index 97f5903840..7ea86d1f7b 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -22,6 +22,7 @@
 ;;; Copyright © 2019 Guillaume Le Vaillant <glv@posteo.net>
 ;;; Copyright © 2019 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2020 Alexandros Theodotou <alex@zrythm.org>
+;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1446,3 +1447,30 @@ can decide how long it takes to hash a password and how much memory is required.
 data such as API keys, cryptocurrency wallets, or seeds for digital
 signatures.")
     (license (list license:expat license:asl2.0)))) ; dual licensed
+
+(define-public python-pgpy
+  (package
+    (name "python-pgpy")
+    (version "0.5.2")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (pypi-uri "PGPy" version))
+        (sha256
+         (base32
+          "0i4lqhzdwkjkim3wab0kqadx28z3r5ixlh6qxj4lif4gif56c0m7"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-cryptography" ,python-cryptography)
+       ("python-pyasn1" ,python-pyasn1)
+       ("python-singledispatch" ,python-singledispatch)
+       ("python-six" ,python-six)))
+    (home-page "https://github.com/SecurityInnovation/PGPy")
+    (synopsis "Python implementation of OpenPGP")
+    (description
+     "Currently, PGPy can load keys and signatures of all kinds in both ASCII
+armored and binary formats.
+
+It can create and verify RSA, DSA, and ECDSA signatures, at the moment.  It
+can also encrypt and decrypt messages using RSA and ECDH.")
+    (license license:bsd-3)))
-- 
2.20.1

[bug#42404] [PATCH 5/5] gnu: Add python-sop.

[Justus Winter]

* gnu/packages/python-crypto.scm (python-sop): New variable.
---
 gnu/packages/python-crypto.scm | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index 7ea86d1f7b..ecf82f2078 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -1474,3 +1474,34 @@ armored and binary formats.
 It can create and verify RSA, DSA, and ECDSA signatures, at the moment.  It
 can also encrypt and decrypt messages using RSA and ECDH.")
     (license license:bsd-3)))
+
+(define-public python-sop
+  (package
+    (name "python-sop")
+    (version "0.2.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (pypi-uri "sop" version))
+        (sha256
+         (base32
+          "0gljyjsdn6hdmwlwwb5g5s0c031p6izamvfxp0d39x60af8k5jyf"))))
+    (build-system python-build-system)
+    (arguments
+     '(#:tests? #f)) ; There are no tests, and unittest throws an error trying
+                     ; to find some:
+                     ;     TypeError: don't know how to make test from: 0.2.0
+    (home-page "https://gitlab.com/dkg/python-sop")
+    (synopsis "Stateless OpenPGP Command-Line Interface")
+    (description
+     "The Stateless OpenPGP Command-Line Interface (or sop) is a
+specification that encourages OpenPGP implementors to provide a common,
+relatively simple command-line API for purposes of object security.
+
+This Python module helps implementers build such a CLI from any implementation
+accessible to the Python interpreter.
+
+It does not provide such an implementation itself -- this is just the
+scaffolding for the command line, which should make it relatively easy to
+supply a handful of python functions as methods to a class.")
+    (license license:expat))) ; MIT license
-- 
2.20.1

[bug#42404] [PATCH 3/5] gnu: Add rnp.

[Ludovic Courtès]

Hi Justus,

Justus Winter <justus@sequoia-pgp.org> skribis:

> * gnu/packages/openpgp.scm (rnp): New variable.
> * gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch: New file.
> * gnu/packages/patches/rnp-fix-cp.patch: New file.
> * gnu/packages/patches/rnp-fix-gnupg-list-packets.patch: New file.
> * gnu/packages/patches/rnp-fix-test-setup.patch: New file.
> * gnu/packages/patches/rnp-fix-test.patch: New file.
> * gnu/packages/patches/rnp-fix-true-false.patch: New file.
> * gnu/packages/patches/rnp-unbundle-googletest.patch: New file.
> * gnu/packages/patches/rnp-update-expiration-16ecb289.patch: New file.

Could you add the patches to gnu/local.mk?

> +    (home-page "https://www.rnpgp.com/")
> +    (license (list license:bsd-2 license:asl2.0 license:bsd-3))))

Could you add a comment (a couple of lines) stating whether it’s triple
licensing or rather that several parts come under different licenses?

The patch overall LGTM but I’m concerned by the relatively large number
of patches and the fact that their upstream status is unknown.  Seems to
me that many of them ought to be upstream no?  If they are upstream, can
we instead either wait for a release that includes them, or take a
snapshot that includes them?

> diff --git a/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
> new file mode 100644
> index 0000000000..5c8c06524d
> --- /dev/null
> +++ b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
> @@ -0,0 +1,25 @@
> +From 9f3c07601393e219cc5979f93fda57bf2d07dee7 Mon Sep 17 00:00:00 2001
> +From: Justus Winter <teythoon@avior.uberspace.de>
> +Date: Tue, 21 Jul 2020 16:10:21 +0200
> +Subject: [PATCH 6/6] Disable ruby-rnp tests.

What’s the rationale?  Would #:tests? #f have the same effect?

> diff --git a/gnu/packages/patches/rnp-fix-cp.patch b/gnu/packages/patches/rnp-fix-cp.patch
> new file mode 100644
> index 0000000000..039912d953
> --- /dev/null
> +++ b/gnu/packages/patches/rnp-fix-cp.patch
> @@ -0,0 +1,27 @@
> +From c163e1b12511e9e7df752a01767a2a8ba56c4196 Mon Sep 17 00:00:00 2001
> +From: Justus Winter <teythoon@avior.uberspace.de>
> +Date: Tue, 21 Jul 2020 15:52:37 +0200
> +Subject: [PATCH 1/6] Make copying more robust.
> +
> +Let the shell locate 'cp'.  This is more robust in environments such
> +as Guix or Nix that do not provide /bin/cp.
> +---
> + src/tests/support.cpp | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/tests/support.cpp b/src/tests/support.cpp
> +index 3d6a6dc9..d260e166 100644
> +--- a/src/tests/support.cpp
> ++++ b/src/tests/support.cpp
> +@@ -283,7 +283,7 @@ copy_recursively(const char *src, const char *dst)
> +     // TODO: maybe use fts or something less hacky
> +     char buf[2048];
> + #ifndef _WIN32
> +-    snprintf(buf, sizeof(buf), "/bin/cp -a '%s' '%s'", src, dst);
> ++    snprintf(buf, sizeof(buf), "cp -a '%s' '%s'", src, dst);

I’d rather add a build phase that replaces /bin/cp with (which "cp") or
similar.  That way, the package would be self-contained (no need to
manually add Coreutils on $PATH).

> +++ b/gnu/packages/patches/rnp-fix-true-false.patch
> @@ -0,0 +1,253 @@
> +From 028a2f50fbf47d989bbf79be589945bec55b4825 Mon Sep 17 00:00:00 2001
> +From: Justus Winter <teythoon@avior.uberspace.de>
> +Date: Tue, 21 Jul 2020 15:57:57 +0200
> +Subject: [PATCH 3/6] Use 'true' and 'false' instead of 'TRUE' and 'FALSE'.
> +
> +The latter are not guaranteed to be defined.

This should probably be upstream, but if we have to have it, how about
making this change with ‘substitute*’ instead?

> +++ b/gnu/packages/patches/rnp-update-expiration-16ecb289.patch
> @@ -0,0 +1,208 @@
> +commit 16ecb28974b18e51f9060c86c7229f3b7e1cbb88
> +Author: Nickolay Olshevsky <o.nickolay@gmail.com>
> +Date:   Fri Apr 10 16:29:52 2020 +0300
> +
> +    Update expiration date of test keys.

This is bound to expire again.  :-)

How about using faketime instead, as is done for the ‘nss’ package?

Thanks!

Ludo’.

[bug#42404] [PATCH 3/5] gnu: Add rnp.

[Justus Winter]

[-- Attachment #1: Type: text/plain, Size: 5466 bytes --]

Hi Ludo’ :)

Some context:  RNP is the OpenPGP implementation that Thunderbird 78
will use.  Furthermore, we (Sequoia) created an OpenPGP interoperability
test suite (https://tests.sequoia-pgp.org/) to test various
implementations, and we'd like to use Guix to build the implementations
for consistent, reproducible results.

Ludovic Courtès <ludo@gnu.org> writes:

> Hi Justus,
>
> Justus Winter <justus@sequoia-pgp.org> skribis:
>
>> * gnu/packages/openpgp.scm (rnp): New variable.
>> * gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch: New file.
>> * gnu/packages/patches/rnp-fix-cp.patch: New file.
>> * gnu/packages/patches/rnp-fix-gnupg-list-packets.patch: New file.
>> * gnu/packages/patches/rnp-fix-test-setup.patch: New file.
>> * gnu/packages/patches/rnp-fix-test.patch: New file.
>> * gnu/packages/patches/rnp-fix-true-false.patch: New file.
>> * gnu/packages/patches/rnp-unbundle-googletest.patch: New file.
>> * gnu/packages/patches/rnp-update-expiration-16ecb289.patch: New file.
>
> Could you add the patches to gnu/local.mk?

Sure!

>
>> +    (home-page "https://www.rnpgp.com/")
>> +    (license (list license:bsd-2 license:asl2.0 license:bsd-3))))
>
> Could you add a comment (a couple of lines) stating whether it’s triple
> licensing or rather that several parts come under different licenses?

I will.

> The patch overall LGTM but I’m concerned by the relatively large number
> of patches and the fact that their upstream status is unknown.  Seems to
> me that many of them ought to be upstream no?  If they are upstream, can
> we instead either wait for a release that includes them, or take a
> snapshot that includes them?

I agree.  I upstreamed my changes, and they got merged today:

  https://github.com/rnpgp/rnp/pull/1213

Those not included in the merge were meanwhile fixed upstream.  I don't
know whether they will make a release soon.  I assumed that Guix would
prefer to package the released version, but we could go for a snapshot
as well.  Your call.

>> diff --git a/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
>> new file mode 100644
>> index 0000000000..5c8c06524d
>> --- /dev/null
>> +++ b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
>> @@ -0,0 +1,25 @@
>> +From 9f3c07601393e219cc5979f93fda57bf2d07dee7 Mon Sep 17 00:00:00 2001
>> +From: Justus Winter <teythoon@avior.uberspace.de>
>> +Date: Tue, 21 Jul 2020 16:10:21 +0200
>> +Subject: [PATCH 6/6] Disable ruby-rnp tests.
>
> What’s the rationale?  Would #:tests? #f have the same effect?

AIUI #:tests? #f would disable all tests.  This patch prevents cmake
from cloning the ruby-rnp repository to run its tests.  There is no
cmake switch to disable it, therefore I patched it out.  I should try to
propose a better solution to the upstream project, but I'm not familiar
with cmake.

>> diff --git a/gnu/packages/patches/rnp-fix-cp.patch b/gnu/packages/patches/rnp-fix-cp.patch
>> new file mode 100644
>> index 0000000000..039912d953
>> --- /dev/null
>> +++ b/gnu/packages/patches/rnp-fix-cp.patch
>> @@ -0,0 +1,27 @@
>> +From c163e1b12511e9e7df752a01767a2a8ba56c4196 Mon Sep 17 00:00:00 2001
>> +From: Justus Winter <teythoon@avior.uberspace.de>
>> +Date: Tue, 21 Jul 2020 15:52:37 +0200
>> +Subject: [PATCH 1/6] Make copying more robust.
>> +
>> +Let the shell locate 'cp'.  This is more robust in environments such
>> +as Guix or Nix that do not provide /bin/cp.
>> +---
>> + src/tests/support.cpp | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/src/tests/support.cpp b/src/tests/support.cpp
>> +index 3d6a6dc9..d260e166 100644
>> +--- a/src/tests/support.cpp
>> ++++ b/src/tests/support.cpp
>> +@@ -283,7 +283,7 @@ copy_recursively(const char *src, const char *dst)
>> +     // TODO: maybe use fts or something less hacky
>> +     char buf[2048];
>> + #ifndef _WIN32
>> +-    snprintf(buf, sizeof(buf), "/bin/cp -a '%s' '%s'", src, dst);
>> ++    snprintf(buf, sizeof(buf), "cp -a '%s' '%s'", src, dst);
>
> I’d rather add a build phase that replaces /bin/cp with (which "cp") or
> similar.  That way, the package would be self-contained (no need to
> manually add Coreutils on $PATH).

Ok, I'll try :)

>> +++ b/gnu/packages/patches/rnp-fix-true-false.patch
>> @@ -0,0 +1,253 @@
>> +From 028a2f50fbf47d989bbf79be589945bec55b4825 Mon Sep 17 00:00:00 2001
>> +From: Justus Winter <teythoon@avior.uberspace.de>
>> +Date: Tue, 21 Jul 2020 15:57:57 +0200
>> +Subject: [PATCH 3/6] Use 'true' and 'false' instead of 'TRUE' and 'FALSE'.
>> +
>> +The latter are not guaranteed to be defined.
>
> This should probably be upstream, but if we have to have it, how about
> making this change with ‘substitute*’ instead?

Fixed upstream.

>> +++ b/gnu/packages/patches/rnp-update-expiration-16ecb289.patch
>> @@ -0,0 +1,208 @@
>> +commit 16ecb28974b18e51f9060c86c7229f3b7e1cbb88
>> +Author: Nickolay Olshevsky <o.nickolay@gmail.com>
>> +Date:   Fri Apr 10 16:29:52 2020 +0300
>> +
>> +    Update expiration date of test keys.
>
> This is bound to expire again.  :-)
>
> How about using faketime instead, as is done for the ‘nss’ package?

That is much better indeed.  I had hoped that the upstream change would
just make the keys don't expire, but they still expire in 2030...


Thanks for the review :)
Justus

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

[bug#42404] [PATCH 1/5] gnu: Add libtmcg.

[Ludovic Courtès]

Hi,

Justus Winter <justus@sequoia-pgp.org> skribis:

> * gnu/packages/openpgp.scm: New file.

[...]

> * gnu/packages/openpgp.scm (dkgpg): New variable.

Applied these two patches, thanks!

Ludo’.

[bug#42404] [PATCH 3/5] gnu: Add rnp.

[Justus Winter]

* gnu/packages/openpgp.scm (rnp): New variable.
* gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch: New file.
* gnu/packages/patches/rnp-fix-gnupg-list-packets.patch: New file.
* gnu/packages/patches/rnp-fix-test-setup.patch: New file.
* gnu/packages/patches/rnp-fix-test.patch: New file.
* gnu/packages/patches/rnp-fix-true-false.patch: New file.
* gnu/packages/patches/rnp-unbundle-googletest.patch: New file.
---
 gnu/local.mk                                  |   6 +
 gnu/packages/openpgp.scm                      |  81 +++++-
 .../patches/rnp-disable-ruby-rnp-tests.patch  |  26 ++
 .../patches/rnp-fix-gnupg-list-packets.patch  |  37 +++
 gnu/packages/patches/rnp-fix-test-setup.patch |  36 +++
 gnu/packages/patches/rnp-fix-test.patch       |  31 +++
 gnu/packages/patches/rnp-fix-true-false.patch | 255 ++++++++++++++++++
 .../patches/rnp-unbundle-googletest.patch     |  45 ++++
 8 files changed, 516 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
 create mode 100644 gnu/packages/patches/rnp-fix-gnupg-list-packets.patch
 create mode 100644 gnu/packages/patches/rnp-fix-test-setup.patch
 create mode 100644 gnu/packages/patches/rnp-fix-test.patch
 create mode 100644 gnu/packages/patches/rnp-fix-true-false.patch
 create mode 100644 gnu/packages/patches/rnp-unbundle-googletest.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f8a8c16124..68a8d2ae42 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1500,6 +1500,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/rtags-separate-rct.patch			\
   %D%/packages/patches/racket-store-checksum-override.patch	\
   %D%/packages/patches/retroarch-disable-online-updater.patch	\
+  %D%/packages/patches/rnp-disable-ruby-rnp-tests.patch		\
+  %D%/packages/patches/rnp-fix-gnupg-list-packets.patch		\
+  %D%/packages/patches/rnp-fix-test-setup.patch			\
+  %D%/packages/patches/rnp-fix-test.patch			\
+  %D%/packages/patches/rnp-fix-true-false.patch			\
+  %D%/packages/patches/rnp-unbundle-googletest.patch		\
   %D%/packages/patches/ruby-rack-ignore-failing-test.patch	\
   %D%/packages/patches/ruby-sanitize-system-libxml.patch	\
   %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 94beab9929..ccc76f7ef7 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -19,11 +19,19 @@
 (define-module (gnu packages openpgp)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages multiprecision))
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages web))
 
 (define-public libtmcg
   (package
@@ -92,3 +100,74 @@ implementation is in experimental state and should NOT be used in production
 environments.")
     (home-page "https://www.nongnu.org/dkgpg/")
     (license license:gpl2+)))
+
+(define-public rnp
+  (package
+    (name "rnp")
+    (version "0.13.1")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/rnpgp/rnp")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "04b2a5cwy91i41vgix6ws99bg93fav8qizx92bivc75lxii8gisz"))
+              (patches
+               (search-patches "rnp-unbundle-googletest.patch"
+                               "rnp-disable-ruby-rnp-tests.patch"
+                               "rnp-fix-test-setup.patch"
+                               "rnp-fix-test.patch"
+                               "rnp-fix-gnupg-list-packets.patch"
+                               "rnp-fix-true-false.patch"))))
+    (build-system cmake-build-system)
+    (arguments '(#:configure-flags
+                 '("-DBUILD_SHARED_LIBS=on"
+                   "-DBUILD_TESTING=on")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (add-after 'unpack 'fixes
+                     (lambda* (#:key inputs #:allow-other-keys)
+                       (copy-recursively (assoc-ref inputs "googletest-source")
+                                         "src/tests/googletest-src")
+                       (substitute* "src/tests/support.cpp"
+                         (("/bin/cp") (which "cp")))
+                       #t))
+                   (replace 'check
+                     (lambda _
+                       ;; Some OpenPGP certificates used by the tests expire.
+                       ;; To work around that, set the time to roughly the
+                       ;; release date.
+                       (invoke "faketime" "2020-01-15" "make" "test"))))))
+    (native-inputs
+     `(("gnupg" ,gnupg) ; for tests
+       ("googletest-source" ,(package-source googletest)) ; for tests
+       ("libfaketime" ,libfaketime) ; for tests
+       ("pkg-config" ,pkg-config)
+       ("python2" ,python-2.7)))
+    (inputs `(("botan" ,botan)
+              ("bzip2" ,bzip2)
+              ("json-c" ,json-c)
+              ("zlib" ,zlib)))
+    (synopsis
+     "RFC4880-compliant OpenPGP library written in C++")
+    (description
+     "Set of OpenPGP (RFC4880) tools that works on Linux, *BSD and macOS as a
+replacement of GnuPG.  It is maintained by Ribose after being forked from
+NetPGP, itself originally written for NetBSD.
+
+librnp is the library used by rnp for all OpenPGP functions, useful for
+developers to build against.  It is a “real” library, not a wrapper like GPGME
+of GnuPG.")
+    (home-page "https://www.rnpgp.com/")
+    (license
+     ;; RNP contains code written by Ribose and code derived from netpgp.
+     (list
+      ;; Ribose's BSD 2-Clause License and NetBSD's BSD 2-Clause License
+      ;; (netpgp).
+      license:bsd-2
+      ;; Nominet UK's Apache 2.0 Licence (netpgp).
+      license:asl2.0
+      ;; Nominet UK's BSD 3-Clause License (netpgp).
+      license:bsd-3))))
diff --git a/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
new file mode 100644
index 0000000000..4fc1838275
--- /dev/null
+++ b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
@@ -0,0 +1,26 @@
+From 9f3c07601393e219cc5979f93fda57bf2d07dee7 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:10:21 +0200
+Subject: [PATCH 6/6] Disable ruby-rnp tests.
+
+Prevents cmake from cloning the ruby-rnp repository in order to run its tests.
+---
+ src/tests/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
+index 2f0a1c3f..1c82edbf 100644
+--- a/src/tests/CMakeLists.txt
++++ b/src/tests/CMakeLists.txt
+@@ -164,7 +164,7 @@ foreach(suite IN LISTS suitelist)
+ endforeach()
+ 
+ # cruby does not currently play nice with ASaN et al.
+-if (NOT ENABLE_SANITIZERS AND BUILD_SHARED_LIBS AND NOT WIN32)
++if (NOT ENABLE_SANITIZERS AND BUILD_SHARED_LIBS AND NOT WIN32 AND IGNORE)
+   include(ExternalProject)
+   set(_sourcedir "${CMAKE_BINARY_DIR}/ruby-rnp")
+   if (DEFINED ENV{RUBY_RNP_INSTALL})
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-fix-gnupg-list-packets.patch b/gnu/packages/patches/rnp-fix-gnupg-list-packets.patch
new file mode 100644
index 0000000000..5d57f8f7d0
--- /dev/null
+++ b/gnu/packages/patches/rnp-fix-gnupg-list-packets.patch
@@ -0,0 +1,37 @@
+From 4cb5b2c1d3783bfad3c4f77b2ad2ac89921e91f4 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:03:32 +0200
+Subject: [PATCH 4/6] Make invoking GnuPG more robust.
+
+GnuPG will try to read its state even for operations that do not
+require it, e.g. listing packets.  If the state directory does not
+exist, GnuPG will try to create it.  If this fails, GnuPG errors out.
+
+In some build environments, $HOME may not exist or may not be
+writable (e.g. in Guix and Nix, $HOME does not exist).  This leads to
+a spurious test failures when GnuPG is invoked to inspect packets.
+
+Fix this by using the current directory as GnuPG state directory.
+
+Merged upstream as 681e3be65594469f2e6e5912b4371d1af981d7c7.
+---
+ src/tests/cli_tests.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/tests/cli_tests.py b/src/tests/cli_tests.py
+index 74b28983..2b7d772a 100755
+--- a/src/tests/cli_tests.py
++++ b/src/tests/cli_tests.py
+@@ -106,7 +106,8 @@ RNP_TO_GPG_CIPHERS = {'AES' : 'aes128', 'AES192' : 'aes192', 'AES256' : 'aes256'
+         'IDEA' : 'idea', '3DES' : '3des', 'CAST5' : 'cast5', 'BLOWFISH' : 'blowfish'}
+ 
+ def check_packets(fname, regexp):
+-    ret, output, err = run_proc(GPG, ['--list-packets', path_for_gpg(fname)])
++    ret, output, err = run_proc(GPG, ['--homedir', '.',
++                                      '--list-packets', path_for_gpg(fname)])
+     if ret != 0:
+         logging.error(err)
+         return None
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-fix-test-setup.patch b/gnu/packages/patches/rnp-fix-test-setup.patch
new file mode 100644
index 0000000000..8c0ffee5cc
--- /dev/null
+++ b/gnu/packages/patches/rnp-fix-test-setup.patch
@@ -0,0 +1,36 @@
+From f544b3e63416f3a824ed2955d119ea0d36c88b36 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:00:37 +0200
+Subject: [PATCH] Make test environment setup more robust.
+
+Previously, a failing test leaving RNP or GnuPG state directories
+behind would cause all tests following it to fail.  Improve this by
+removing the directories first should they exist.
+
+Merged upstream as 203224f0b1505dba17837c03da603e5b98ab125a.
+---
+ src/tests/cli_tests.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/tests/cli_tests.py b/src/tests/cli_tests.py
+index 2b7d772a..8261486f 100755
+--- a/src/tests/cli_tests.py
++++ b/src/tests/cli_tests.py
+@@ -704,12 +704,14 @@ def setup(loglvl):
+     RNPDIR = path.join(WORKDIR, '.rnp')
+     RNP = os.getenv('RNP_TESTS_RNP_PATH') or 'rnp'
+     RNPK = os.getenv('RNP_TESTS_RNPKEYS_PATH') or 'rnpkeys'
++    shutil.rmtree(RNPDIR, ignore_errors=True)
+     os.mkdir(RNPDIR, 0700)
+ 
+     GPGDIR = path.join(WORKDIR, '.gpg')
+     GPGHOME =  path_for_gpg(GPGDIR) if is_windows() else GPGDIR
+     GPG = os.getenv('RNP_TESTS_GPG_PATH') or find_utility('gpg')
+     GPGCONF = os.getenv('RNP_TESTS_GPGCONF_PATH') or find_utility('gpgconf')
++    shutil.rmtree(GPGDIR, ignore_errors=True)
+     os.mkdir(GPGDIR, 0700)
+ 
+ def data_path(subpath):
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-fix-test.patch b/gnu/packages/patches/rnp-fix-test.patch
new file mode 100644
index 0000000000..4a590dd400
--- /dev/null
+++ b/gnu/packages/patches/rnp-fix-test.patch
@@ -0,0 +1,31 @@
+From fd0122b0f77fdd0b9e136ba7a3a07e48f6c3080c Mon Sep 17 00:00:00 2001
+From: Nickolay Olshevsky <o.nickolay@gmail.com>
+Date: Wed, 11 Mar 2020 18:16:35 +0200
+Subject: [PATCH 2/6] Fix possible rare failure in test_key_unlock_pgp() test.
+
+Fixed upstream in ba5030620dba3e8684b31ef28687390ca693bf9d.
+---
+ src/tests/key-unlock.cpp | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/tests/key-unlock.cpp b/src/tests/key-unlock.cpp
+index 66a44f0d..f7491757 100644
+--- a/src/tests/key-unlock.cpp
++++ b/src/tests/key-unlock.cpp
+@@ -148,9 +148,10 @@ TEST_F(rnp_tests, test_key_unlock_pgp)
+     // verify (negative)
+     std::fstream verf("dummyfile.dat.pgp",
+                       std::ios_base::binary | std::ios_base::out | std::ios_base::in);
+-    off_t        versize = file_size("dummyfile.dat.pgp");
+-    verf.seekg(versize - 3, std::ios::beg);
+-    verf.write("0x0C", 1);
++    verf.seekg(-3, std::ios::end);
++    char bt = verf.peek() ^ 0xff;
++    verf.seekp(-3, std::ios::end);
++    verf.write(&bt, 1);
+     verf.close();
+     assert_false(cli_rnp_process_file(&cfg, &rnp));
+     rnp_cfg_free(&cfg);
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-fix-true-false.patch b/gnu/packages/patches/rnp-fix-true-false.patch
new file mode 100644
index 0000000000..32ba8bd75b
--- /dev/null
+++ b/gnu/packages/patches/rnp-fix-true-false.patch
@@ -0,0 +1,255 @@
+From 028a2f50fbf47d989bbf79be589945bec55b4825 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 15:57:57 +0200
+Subject: [PATCH 3/6] Use 'true' and 'false' instead of 'TRUE' and 'FALSE'.
+
+The latter are not guaranteed to be defined.
+
+Fixed upstream in 0a28a7e982cb229ba041290af073e6d7ede19955.
+---
+ src/lib/rnp.cpp   | 10 ++++-----
+ src/tests/ffi.cpp | 56 +++++++++++++++++++++++------------------------
+ 2 files changed, 33 insertions(+), 33 deletions(-)
+
+diff --git a/src/lib/rnp.cpp b/src/lib/rnp.cpp
+index a87511a4..9c0385d1 100644
+--- a/src/lib/rnp.cpp
++++ b/src/lib/rnp.cpp
+@@ -5927,7 +5927,7 @@ key_to_json(json_object *jso, rnp_key_handle_t handle, uint32_t flags)
+         return RNP_ERROR_OUT_OF_MEMORY;
+     }
+     // revoked
+-    json_object *jsorevoked = json_object_new_boolean(key->revoked ? TRUE : FALSE);
++    json_object *jsorevoked = json_object_new_boolean(key->revoked ? true : false);
+     if (!jsorevoked) {
+         return RNP_ERROR_OUT_OF_MEMORY;
+     }
+@@ -5992,7 +5992,7 @@ key_to_json(json_object *jso, rnp_key_handle_t handle, uint32_t flags)
+     }
+     json_object_object_add(jso, "public key", jsopublic);
+     json_object_object_add(
+-      jsopublic, "present", json_object_new_boolean(have_pub ? TRUE : FALSE));
++      jsopublic, "present", json_object_new_boolean(have_pub ? true : false));
+     if (flags & RNP_JSON_PUBLIC_MPIS) {
+         json_object *jsompis = json_object_new_object();
+         if (!jsompis) {
+@@ -6011,7 +6011,7 @@ key_to_json(json_object *jso, rnp_key_handle_t handle, uint32_t flags)
+     }
+     json_object_object_add(jso, "secret key", jsosecret);
+     json_object_object_add(
+-      jsosecret, "present", json_object_new_boolean(have_sec ? TRUE : FALSE));
++      jsosecret, "present", json_object_new_boolean(have_sec ? true : false));
+     if (have_sec) {
+         bool locked = pgp_key_is_locked(handle->sec);
+         if (flags & RNP_JSON_SECRET_MPIS) {
+@@ -6029,13 +6029,13 @@ key_to_json(json_object *jso, rnp_key_handle_t handle, uint32_t flags)
+                 }
+             }
+         }
+-        json_object *jsolocked = json_object_new_boolean(locked ? TRUE : FALSE);
++        json_object *jsolocked = json_object_new_boolean(locked ? true : false);
+         if (!jsolocked) {
+             return RNP_ERROR_OUT_OF_MEMORY;
+         }
+         json_object_object_add(jsosecret, "locked", jsolocked);
+         json_object *jsoprotected =
+-          json_object_new_boolean(pgp_key_is_protected(handle->sec) ? TRUE : FALSE);
++          json_object_new_boolean(pgp_key_is_protected(handle->sec) ? true : false);
+         if (!jsoprotected) {
+             return RNP_ERROR_OUT_OF_MEMORY;
+         }
+diff --git a/src/tests/ffi.cpp b/src/tests/ffi.cpp
+index 4224bb7d..28a4f867 100644
+--- a/src/tests/ffi.cpp
++++ b/src/tests/ffi.cpp
+@@ -800,10 +800,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair)
+     rnp_key_handle_t primary = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -814,10 +814,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair)
+     rnp_key_handle_t sub = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "sub", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "sub", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -878,10 +878,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair_dsa_elg)
+     rnp_key_handle_t primary = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -892,10 +892,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair_dsa_elg)
+     rnp_key_handle_t sub = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "sub", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "sub", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -958,10 +958,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_primary)
+     rnp_key_handle_t primary = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -1021,10 +1021,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub)
+     char *           primary_grip = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         primary_grip = strdup(json_object_get_string(jsogrip));
+         assert_non_null(primary_grip);
+@@ -1079,10 +1079,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub)
+     rnp_key_handle_t sub = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "sub", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "sub", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -2483,10 +2483,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub_pass_required)
+     char *           primary_grip = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "primary", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         primary_grip = strdup(json_object_get_string(jsogrip));
+         assert_non_null(primary_grip);
+@@ -2557,10 +2557,10 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub_pass_required)
+     rnp_key_handle_t sub = NULL;
+     {
+         json_object *jsokey = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(parsed_results, "sub", &jsokey));
++        assert_int_equal(true, json_object_object_get_ex(parsed_results, "sub", &jsokey));
+         assert_non_null(jsokey);
+         json_object *jsogrip = NULL;
+-        assert_int_equal(TRUE, json_object_object_get_ex(jsokey, "grip", &jsogrip));
++        assert_int_equal(true, json_object_object_get_ex(jsokey, "grip", &jsogrip));
+         assert_non_null(jsogrip);
+         const char *grip = json_object_get_string(jsogrip);
+         assert_non_null(grip);
+@@ -3821,7 +3821,7 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+     assert_int_equal(rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "grip")),
+                                     "20A48B3C61525DCDF8B3B9D82C6BBCF4D8BFB5E5"),
+                      0);
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "revoked")), FALSE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "revoked")), false);
+     assert_int_equal(json_object_get_int64(get_json_obj(jso, "creation time")), 1511313500);
+     assert_int_equal(json_object_get_int64(get_json_obj(jso, "expiration")), 0);
+     // usage
+@@ -3843,7 +3843,7 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+                                     "FFFA72FC225214DC712D0127172EE13E88AF93B4"),
+                      0);
+     // public key
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "public key.present")), TRUE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "public key.present")), true);
+     assert_int_equal(
+       rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "public key.mpis.point")),
+                      "04B0C6F2F585C1EEDF805C4492CB683839D5EAE6246420780F063D558"
+@@ -3851,14 +3851,14 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+                      "793CEBAE8600BEEF"),
+       0);
+     // secret key
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.present")), TRUE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.present")), true);
+     assert_int_equal(
+       rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "secret key.mpis.x")),
+                      "46DE93CA439735F36B9CF228F10D8586DA824D88BBF4E24566D5312D061802C8"),
+       0);
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.locked")), FALSE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.locked")), false);
+     assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.protected")),
+-                     FALSE);
++                     false);
+     // userids
+     assert_int_equal(json_object_array_length(get_json_obj(jso, "userids")), 1);
+     assert_int_equal(rnp_strcasecmp(json_object_get_string(json_object_array_get_idx(
+@@ -3907,7 +3907,7 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+     assert_int_equal(rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "grip")),
+                                     "FFFA72FC225214DC712D0127172EE13E88AF93B4"),
+                      0);
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "revoked")), FALSE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "revoked")), false);
+     assert_int_equal(json_object_get_int64(get_json_obj(jso, "creation time")), 1511313500);
+     assert_int_equal(json_object_get_int64(get_json_obj(jso, "expiration")), 0);
+     // usage
+@@ -3924,21 +3924,21 @@ TEST_F(rnp_tests, test_ffi_key_to_json)
+     // subkey grips
+     assert_null(get_json_obj(jso, "subkey grips"));
+     // public key
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "public key.present")), TRUE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "public key.present")), true);
+     assert_int_equal(
+       rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "public key.mpis.point")),
+                      "04E2746BA4D180011B17A6909EABDBF2F3733674FBE00B20A3B857C2597233651544150B"
+                      "896BCE7DCDF47C49FC1E12D5AD86384D26336A48A18845940A3F65F502"),
+       0);
+     // secret key
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.present")), TRUE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.present")), true);
+     assert_int_equal(
+       rnp_strcasecmp(json_object_get_string(get_json_obj(jso, "secret key.mpis.x")),
+                      "DF8BEB7272117AD7AFE2B7E882453113059787FBC785C82F78624EE7EF2117FB"),
+       0);
+-    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.locked")), FALSE);
++    assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.locked")), false);
+     assert_int_equal(json_object_get_boolean(get_json_obj(jso, "secret key.protected")),
+-                     FALSE);
++                     false);
+     // userids
+     assert_null(get_json_obj(jso, "userids"));
+     // signatures
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-unbundle-googletest.patch b/gnu/packages/patches/rnp-unbundle-googletest.patch
new file mode 100644
index 0000000000..d573895ecf
--- /dev/null
+++ b/gnu/packages/patches/rnp-unbundle-googletest.patch
@@ -0,0 +1,45 @@
+From 3d435bbc8c73c78260f510a8d7fd02f81e22f125 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:10:12 +0200
+Subject: [PATCH 5/6] Unbundle googletest.
+
+---
+ src/tests/CMakeLists.txt          | 2 +-
+ src/tests/gtest-CMakeLists.txt.in | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
+index 1a7ab905..2f0a1c3f 100644
+--- a/src/tests/CMakeLists.txt
++++ b/src/tests/CMakeLists.txt
+@@ -50,7 +50,7 @@ endif()
+ # maintain compiler/linker settings on Windows
+ set(gtest_force_shared_crt ON CACHE BOOL "" FORCE)
+ # add to our build (provides gtest_main target)
+-add_subdirectory(${CMAKE_CURRENT_BINARY_DIR}/googletest-src
++add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/googletest-src
+                  ${CMAKE_CURRENT_BINARY_DIR}/googletest-build
+                  EXCLUDE_FROM_ALL)
+ 
+diff --git a/src/tests/gtest-CMakeLists.txt.in b/src/tests/gtest-CMakeLists.txt.in
+index b8878ea5..16cd49ad 100644
+--- a/src/tests/gtest-CMakeLists.txt.in
++++ b/src/tests/gtest-CMakeLists.txt.in
+@@ -4,10 +4,10 @@ project(googletest-download NONE)
+ 
+ include(ExternalProject)
+ ExternalProject_Add(googletest
+-  GIT_REPOSITORY    https://github.com/google/googletest.git
+-  GIT_TAG           master
+-  GIT_SHALLOW       yes
+-  SOURCE_DIR        "${CMAKE_CURRENT_BINARY_DIR}/googletest-src"
++#  GIT_REPOSITORY    https://github.com/google/googletest.git
++#  GIT_TAG           master
++#  GIT_SHALLOW       yes
++  SOURCE_DIR        "${CMAKE_CURRENT_SOURCE_DIR}/googletest-src"
+   BINARY_DIR        "${CMAKE_CURRENT_BINARY_DIR}/googletest-build"
+   CONFIGURE_COMMAND ""
+   BUILD_COMMAND     ""
+-- 
+2.20.1
+
-- 
2.20.1

[bug#42404] [PATCH 3/5] gnu: Add rnp.

[Ludovic Courtès]

Hi!

Justus Winter <justus@sequoia-pgp.org> skribis:

> * gnu/packages/openpgp.scm (rnp): New variable.
> * gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch: New file.
> * gnu/packages/patches/rnp-fix-gnupg-list-packets.patch: New file.
> * gnu/packages/patches/rnp-fix-test-setup.patch: New file.
> * gnu/packages/patches/rnp-fix-test.patch: New file.
> * gnu/packages/patches/rnp-fix-true-false.patch: New file.
> * gnu/packages/patches/rnp-unbundle-googletest.patch: New file.

Thanks for the quick update!

Some (hopefully final!) comments:

> +++ b/gnu/packages/patches/rnp-fix-gnupg-list-packets.patch
> @@ -0,0 +1,37 @@
> +From 4cb5b2c1d3783bfad3c4f77b2ad2ac89921e91f4 Mon Sep 17 00:00:00 2001
> +From: Justus Winter <teythoon@avior.uberspace.de>
> +Date: Tue, 21 Jul 2020 16:03:32 +0200
> +Subject: [PATCH 4/6] Make invoking GnuPG more robust.
> +
> +GnuPG will try to read its state even for operations that do not
> +require it, e.g. listing packets.  If the state directory does not
> +exist, GnuPG will try to create it.  If this fails, GnuPG errors out.
> +
> +In some build environments, $HOME may not exist or may not be
> +writable (e.g. in Guix and Nix, $HOME does not exist).  This leads to
> +a spurious test failures when GnuPG is invoked to inspect packets.
> +
> +Fix this by using the current directory as GnuPG state directory.
> +
> +Merged upstream as 681e3be65594469f2e6e5912b4371d1af981d7c7.
> +---
> + src/tests/cli_tests.py | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/src/tests/cli_tests.py b/src/tests/cli_tests.py
> +index 74b28983..2b7d772a 100755
> +--- a/src/tests/cli_tests.py
> ++++ b/src/tests/cli_tests.py
> +@@ -106,7 +106,8 @@ RNP_TO_GPG_CIPHERS = {'AES' : 'aes128', 'AES192' : 'aes192', 'AES256' : 'aes256'
> +         'IDEA' : 'idea', '3DES' : '3des', 'CAST5' : 'cast5', 'BLOWFISH' : 'blowfish'}
> + 
> + def check_packets(fname, regexp):
> +-    ret, output, err = run_proc(GPG, ['--list-packets', path_for_gpg(fname)])
> ++    ret, output, err = run_proc(GPG, ['--homedir', '.',

For the purposes of the tests, how about simply adding a pre-check phase
that does: (setenv "HOME" (getpwd)) ?  That way we won’t have to carry
another patch.

> +++ b/gnu/packages/patches/rnp-fix-test-setup.patch
> @@ -0,0 +1,36 @@
> +From f544b3e63416f3a824ed2955d119ea0d36c88b36 Mon Sep 17 00:00:00 2001
> +From: Justus Winter <teythoon@avior.uberspace.de>
> +Date: Tue, 21 Jul 2020 16:00:37 +0200
> +Subject: [PATCH] Make test environment setup more robust.
> +
> +Previously, a failing test leaving RNP or GnuPG state directories
> +behind would cause all tests following it to fail.  Improve this by
> +removing the directories first should they exist.
> +
> +Merged upstream as 203224f0b1505dba17837c03da603e5b98ab125a.

[...]

> +Subject: [PATCH 2/6] Fix possible rare failure in test_key_unlock_pgp() test.
> +
> +Fixed upstream in ba5030620dba3e8684b31ef28687390ca693bf9d.

[...]

> +Subject: [PATCH 3/6] Use 'true' and 'false' instead of 'TRUE' and 'FALSE'.
> +
> +The latter are not guaranteed to be defined.
> +
> +Fixed upstream in 0a28a7e982cb229ba041290af073e6d7ede19955.

Should we just pick a Git snapshot for now instead of carrying these
patches?  I tend to freak out when I see many patches.  ;-)

Thanks,
Ludo’.

[bug#42404] [PATCH 1/3] gnu: Add rnp.

[Justus Winter]

* gnu/packages/openpgp.scm (rnp): New variable.
* gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch: New file.
* gnu/packages/patches/rnp-fix-gnupg-list-packets.patch: New file.
* gnu/packages/patches/rnp-fix-test-setup.patch: New file.
* gnu/packages/patches/rnp-fix-test.patch: New file.
* gnu/packages/patches/rnp-fix-true-false.patch: New file.
* gnu/packages/patches/rnp-unbundle-googletest.patch: New file.
---
 gnu/local.mk                                  |   3 +
 gnu/packages/openpgp.scm                      |  94 +++++++++-
 .../patches/rnp-add-version.cmake.patch       | 169 ++++++++++++++++++
 .../patches/rnp-disable-ruby-rnp-tests.patch  |  26 +++
 .../patches/rnp-unbundle-googletest.patch     |  43 +++++
 5 files changed, 334 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/rnp-add-version.cmake.patch
 create mode 100644 gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
 create mode 100644 gnu/packages/patches/rnp-unbundle-googletest.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 8274e158d0..9ce51a7c00 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1504,6 +1504,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/rtags-separate-rct.patch			\
   %D%/packages/patches/racket-store-checksum-override.patch	\
   %D%/packages/patches/retroarch-disable-online-updater.patch	\
+  %D%/packages/patches/rnp-add-version.cmake.patch		\
+  %D%/packages/patches/rnp-disable-ruby-rnp-tests.patch		\
+  %D%/packages/patches/rnp-unbundle-googletest.patch		\
   %D%/packages/patches/ruby-rack-ignore-failing-test.patch	\
   %D%/packages/patches/ruby-rubocop-break-dependency-cycle.patch\
   %D%/packages/patches/ruby-sanitize-system-libxml.patch	\
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 94beab9929..a5b8f1b09d 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -19,11 +19,19 @@
 (define-module (gnu packages openpgp)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages multiprecision))
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages web))
 
 (define-public libtmcg
   (package
@@ -92,3 +100,87 @@ implementation is in experimental state and should NOT be used in production
 environments.")
     (home-page "https://www.nongnu.org/dkgpg/")
     (license license:gpl2+)))
+
+(define-public rnp
+  ;; Packaging the currently released version requires a large number of
+  ;; patches.  For now, we package a snapshot instead.
+  (let ((commit "203224f0b1505dba17837c03da603e5b98ab125a")
+        (revision "0")
+        (last-version "0.13.1")
+        (day-of-release "2020-07-21"))
+    (package
+      (name "rnp")
+      (version (git-version last-version revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/rnpgp/rnp")
+                      (commit commit)))
+                (file-name
+                 (string-append name "-" (string-take commit 7) "-checkout"))
+                (sha256
+                 (base32
+                  "1rnwhc9ys4v4mv584hmmrl0ycnqmsaigpffzm31qq337hz24zqya"))
+                (patches
+                 (search-patches "rnp-unbundle-googletest.patch"
+                                 "rnp-disable-ruby-rnp-tests.patch"
+                                 "rnp-add-version.cmake.patch"))))
+      (build-system cmake-build-system)
+      (arguments `(#:configure-flags
+                   '("-DBUILD_SHARED_LIBS=on"
+                     "-DBUILD_TESTING=on")
+                   #:phases
+                   (modify-phases %standard-phases
+                     (add-after 'unpack 'fixes
+                       (lambda* (#:key inputs #:allow-other-keys)
+                         (copy-recursively (assoc-ref inputs "googletest-source")
+                                           "src/tests/googletest-src")
+                         (substitute* "src/tests/support.cpp"
+                           (("\"cp\"") (string-append "\"" (which "cp") "\"")))
+                         ;; Produce a version stamp in the format the upstream
+                         ;; project uses for unreleased revisions.
+                         (with-output-to-file "version.txt"
+                           (lambda _
+                             (display
+                              (string-append ,last-version
+                                             "-" ,revision
+                                             "-g" ,(string-take commit 7)))))
+                         #t))
+                     (replace 'check
+                       (lambda _
+                         ;; Some OpenPGP certificates used by the tests expire.
+                         ;; To work around that, set the time to roughly the
+                         ;; release date.
+                         (invoke "faketime" ,day-of-release "make" "test"))))))
+      (native-inputs
+       `(("gnupg" ,gnupg) ; for tests
+         ("googletest-source" ,(package-source googletest)) ; for tests
+         ("libfaketime" ,libfaketime) ; for tests
+         ("pkg-config" ,pkg-config)
+         ("python" ,python)
+         ("python2" ,python-2.7)))
+      (inputs `(("botan" ,botan)
+                ("bzip2" ,bzip2)
+                ("json-c" ,json-c)
+                ("zlib" ,zlib)))
+      (synopsis
+       "RFC4880-compliant OpenPGP library written in C++")
+      (description
+       "Set of OpenPGP (RFC4880) tools that works on Linux, *BSD and macOS as a
+replacement of GnuPG.  It is maintained by Ribose after being forked from
+NetPGP, itself originally written for NetBSD.
+
+librnp is the library used by rnp for all OpenPGP functions, useful for
+developers to build against.  It is a “real” library, not a wrapper like GPGME
+of GnuPG.")
+      (home-page "https://www.rnpgp.com/")
+      (license
+       ;; RNP contains code written by Ribose and code derived from netpgp.
+       (list
+        ;; Ribose's BSD 2-Clause License and NetBSD's BSD 2-Clause License
+        ;; (netpgp).
+        license:bsd-2
+        ;; Nominet UK's Apache 2.0 Licence (netpgp).
+        license:asl2.0
+        ;; Nominet UK's BSD 3-Clause License (netpgp).
+        license:bsd-3)))))
diff --git a/gnu/packages/patches/rnp-add-version.cmake.patch b/gnu/packages/patches/rnp-add-version.cmake.patch
new file mode 100644
index 0000000000..67e3b75457
--- /dev/null
+++ b/gnu/packages/patches/rnp-add-version.cmake.patch
@@ -0,0 +1,169 @@
+From b4326f4649ceb146d5cc74f8579b68d8dc8f51e6 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Mon, 27 Jul 2020 14:00:25 +0200
+Subject: [PATCH 3/3] Add external version.cmake.
+
+This file is maintained in an external repository.  It is only
+included in released versions.  For building snapshots of RNP, a fixed
+snapshot of version.cmake is downloaded on demand.  To avoid this,
+this patch explicitly provides the file.
+---
+ cmake/version.cmake | 146 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 146 insertions(+)
+ create mode 100644 cmake/version.cmake
+
+diff --git a/cmake/version.cmake b/cmake/version.cmake
+new file mode 100644
+index 00000000..514027aa
+--- /dev/null
++++ b/cmake/version.cmake
+@@ -0,0 +1,146 @@
++# Copyright (c) 2018 Ribose Inc.
++# All rights reserved.
++#
++# Redistribution and use in source and binary forms, with or without
++# modification, are permitted provided that the following conditions
++# are met:
++# 1. Redistributions of source code must retain the above copyright
++#    notice, this list of conditions and the following disclaimer.
++# 2. Redistributions in binary form must reproduce the above copyright
++#    notice, this list of conditions and the following disclaimer in the
++#    documentation and/or other materials provided with the distribution.
++#
++# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
++# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
++# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++# POSSIBILITY OF SUCH DAMAGE.
++
++# desired length of commit hash
++set(GIT_REV_LEN 7)
++
++# call git, store output in var (can fail)
++macro(_git var)
++  execute_process(
++    COMMAND "${GIT_EXECUTABLE}" ${ARGN}
++    WORKING_DIRECTORY "${source_dir}"
++    RESULT_VARIABLE _git_ec
++    OUTPUT_VARIABLE ${var}
++    OUTPUT_STRIP_TRAILING_WHITESPACE
++    ERROR_QUIET
++  )
++endmacro()
++
++# call git, store output in var (can not fail)
++macro(git var)
++  _git(${var} ${ARGN})
++  if (NOT _git_ec EQUAL 0)
++    string(REPLACE ";" " " args "${ARGN}")
++    message(FATAL_ERROR "Failed to execute: git ${args}")
++  endif()
++endmacro()
++
++function(extract_version_info version var_prefix)
++  # extract the main components
++  #   v1.9.0-3-g5b92266+1546836556
++  #   v1.9.0-3-g5b92266-dirty+1546836556
++  string(REGEX MATCH "^v?([0-9]+\\.[0-9]+\\.[0-9]+)(-([0-9]+)-g([0-9a-f]+)(-dirty)?)?(\\+([0-9]+))?$" matches "${version}")
++  if (NOT matches)
++    message(FATAL_ERROR "Failed to extract version components.")
++  endif()
++  set(${var_prefix}_VERSION "${CMAKE_MATCH_1}" PARENT_SCOPE) # 1.9.0
++  if (NOT CMAKE_MATCH_3)
++    set(CMAKE_MATCH_3 "0")
++  endif()
++  set(${var_prefix}_VERSION_NCOMMITS "${CMAKE_MATCH_3}" PARENT_SCOPE) # 3
++  if (NOT CMAKE_MATCH_4)
++    set(CMAKE_MATCH_4 "0")
++  endif()
++  set(${var_prefix}_VERSION_GIT_REV "${CMAKE_MATCH_4}" PARENT_SCOPE) # 5b92266
++  if (CMAKE_MATCH_5 STREQUAL "-dirty")
++    set(${var_prefix}_VERSION_IS_DIRTY TRUE PARENT_SCOPE)
++  else()
++    set(${var_prefix}_VERSION_IS_DIRTY FALSE PARENT_SCOPE)
++  endif()
++  # timestamp is optional, default to 0
++  if (NOT CMAKE_MATCH_7)
++    set(CMAKE_MATCH_7 "0")
++  endif()
++  set(${var_prefix}_VERSION_COMMIT_TIMESTAMP "${CMAKE_MATCH_7}" PARENT_SCOPE) # 1546836556
++endfunction()
++
++function(determine_version source_dir var_prefix)
++  if (EXISTS "${source_dir}/.git")
++    # for GIT_EXECUTABLE
++    find_package(Git REQUIRED)
++    # get a description of the version, something like:
++    #   v1.9.1-0-g38ffe82        (a tagged release)
++    #   v1.9.1-0-g38ffe82-dirty  (a tagged release with local modifications)
++    #   v1.9.0-3-g5b92266        (post-release snapshot)
++    #   v1.9.0-3-g5b92266-dirty  (post-release snapshot with local modifications)
++    _git(version describe --abbrev=${GIT_REV_LEN} --match "v[0-9]*" --long --dirty)
++    if (NOT _git_ec EQUAL 0)
++      # no annotated tags, fake one
++      git(revision rev-parse --short=${GIT_REV_LEN} --verify HEAD)
++      set(version "v0.0.0-0-g${revision}")
++      # check if dirty (this won't detect untracked files, but should be ok)
++      _git(changes diff-index --quiet HEAD --)
++      if (NOT _git_ec EQUAL 0)
++        string(APPEND version "-dirty")
++      endif()
++      # append the commit timestamp of the most recent commit (only
++      # in non-release branches -- typically master)
++      git(commit_timestamp show -s --format=%ct)
++      string(APPEND version "+${commit_timestamp}")
++    endif()
++  else()
++    # same as above, but used for snapshots
++    file(STRINGS "${source_dir}/version.txt" version)
++  endif()
++  set(local_prefix "_determine_ver")
++  extract_version_info("${version}" "${local_prefix}")
++  foreach(suffix VERSION VERSION_NCOMMITS VERSION_GIT_REV VERSION_IS_DIRTY VERSION_COMMIT_TIMESTAMP)
++    if (NOT DEFINED ${local_prefix}_${suffix})
++      message(FATAL_ERROR "Unable to determine version.")
++    endif()
++    set(${var_prefix}_${suffix} "${${local_prefix}_${suffix}}" PARENT_SCOPE)
++    message(STATUS "${var_prefix}_${suffix}: ${${local_prefix}_${suffix}}")
++  endforeach()
++  # Set VERSION_SUFFIX and VERSION_FULL. When making changes, be aware that
++  # this is used in packaging as well and will affect ordering.
++  # | state            | version_full                |
++  # |------------------------------------------------|
++  # | exact tag        | 0.9.0                       |
++  # | exact tag, dirty | 0.9.0+git20180604           |
++  # | after tag        | 0.9.0+git20180604.1.085039f |
++  # | no tag           | 0.0.0+git20180604.2ee02af   |
++  string(TIMESTAMP date "%Y%m%d" UTC)
++  set(version_suffix "")
++  if ((NOT ${local_prefix}_VERSION_NCOMMITS EQUAL 0) OR (${local_prefix}_VERSION STREQUAL "0.0.0"))
++    # 0.9.0+git20150604.4.289818b
++    string(APPEND version_suffix "+git${date}")
++    if (NOT ${local_prefix}_VERSION_NCOMMITS EQUAL 0)
++      string(APPEND version_suffix ".${${local_prefix}_VERSION_NCOMMITS}")
++    endif()
++    string(APPEND version_suffix ".${${local_prefix}_VERSION_GIT_REV}")
++  else()
++    if (${local_prefix}_VERSION_IS_DIRTY)
++      # 0.9.0+git20150604
++      string(APPEND version_suffix "+git${date}")
++    endif()
++  endif()
++  set(version_full "${${local_prefix}_VERSION}${version_suffix}")
++  # set the results
++  set(${var_prefix}_VERSION_SUFFIX "${version_suffix}" PARENT_SCOPE)
++  set(${var_prefix}_VERSION_FULL "${version_full}" PARENT_SCOPE)
++  # for informational purposes
++  message(STATUS "${var_prefix}_VERSION_SUFFIX: ${version_suffix}")
++  message(STATUS "${var_prefix}_VERSION_FULL: ${version_full}")
++endfunction()
++
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
new file mode 100644
index 0000000000..5a75b6f40f
--- /dev/null
+++ b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
@@ -0,0 +1,26 @@
+From 40e53d639d86337cf58be3a2b9750b6c97a3c740 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:10:21 +0200
+Subject: [PATCH 2/2] Disable ruby-rnp tests.
+
+Prevents cmake from cloning the ruby-rnp repository in order to run its tests.
+---
+ src/tests/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
+index d3c4fbe6..e7e1965e 100644
+--- a/src/tests/CMakeLists.txt
++++ b/src/tests/CMakeLists.txt
+@@ -125,7 +125,7 @@ gtest_discover_tests(rnp_tests
+ 
+ # ruby-rnp
+ # cruby does not currently play nice with ASaN et al.
+-if (NOT ENABLE_SANITIZERS AND BUILD_SHARED_LIBS AND NOT WIN32)
++if (NOT ENABLE_SANITIZERS AND BUILD_SHARED_LIBS AND NOT WIN32 AND IGNORE)
+   include(ExternalProject)
+   set(_sourcedir "${CMAKE_BINARY_DIR}/ruby-rnp")
+   if (DEFINED ENV{RUBY_RNP_INSTALL})
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-unbundle-googletest.patch b/gnu/packages/patches/rnp-unbundle-googletest.patch
new file mode 100644
index 0000000000..b85bfd1f0e
--- /dev/null
+++ b/gnu/packages/patches/rnp-unbundle-googletest.patch
@@ -0,0 +1,43 @@
+From 4b4697c8dd66bd2b1e4d6b831bbde46e27d62c46 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:10:12 +0200
+Subject: [PATCH 1/2] Unbundle googletest.
+
+---
+ src/tests/CMakeLists.txt          | 2 +-
+ src/tests/gtest-CMakeLists.txt.in | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
+index 0a841666..d3c4fbe6 100644
+--- a/src/tests/CMakeLists.txt
++++ b/src/tests/CMakeLists.txt
+@@ -53,7 +53,7 @@ endif()
+ # maintain compiler/linker settings on Windows
+ set(gtest_force_shared_crt ON CACHE BOOL "" FORCE)
+ # add to our build (provides gtest_main target)
+-add_subdirectory(${CMAKE_CURRENT_BINARY_DIR}/googletest-src
++add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/googletest-src
+                  ${CMAKE_CURRENT_BINARY_DIR}/googletest-build
+                  EXCLUDE_FROM_ALL)
+ 
+diff --git a/src/tests/gtest-CMakeLists.txt.in b/src/tests/gtest-CMakeLists.txt.in
+index a43e8e5d..3cc0ddd5 100644
+--- a/src/tests/gtest-CMakeLists.txt.in
++++ b/src/tests/gtest-CMakeLists.txt.in
+@@ -4,9 +4,9 @@ project(googletest-download NONE)
+ 
+ include(ExternalProject)
+ ExternalProject_Add(googletest
+-  GIT_REPOSITORY    https://github.com/google/googletest.git
+-  GIT_TAG           c43f710
+-  SOURCE_DIR        "${CMAKE_CURRENT_BINARY_DIR}/googletest-src"
++#  GIT_REPOSITORY    https://github.com/google/googletest.git
++#  GIT_TAG           c43f710
++  SOURCE_DIR        "${CMAKE_CURRENT_SOURCE_DIR}/googletest-src"
+   BINARY_DIR        "${CMAKE_CURRENT_BINARY_DIR}/googletest-build"
+   CONFIGURE_COMMAND ""
+   BUILD_COMMAND     ""
+-- 
+2.20.1
+
-- 
2.20.1

[bug#42404] [PATCH 1/3] gnu: Add rnp.

[Justus Winter]

* gnu/packages/openpgp.scm (rnp): New variable.
* gnu/packages/patches/rnp-add-version.cmake.patch: New file.
* gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch: New file.
* gnu/packages/patches/rnp-unbundle-googletest.patch: New file.
---
 gnu/local.mk                                  |   3 +
 gnu/packages/openpgp.scm                      |  94 +++++++++-
 .../patches/rnp-add-version.cmake.patch       | 169 ++++++++++++++++++
 .../patches/rnp-disable-ruby-rnp-tests.patch  |  26 +++
 .../patches/rnp-unbundle-googletest.patch     |  43 +++++
 5 files changed, 334 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/rnp-add-version.cmake.patch
 create mode 100644 gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
 create mode 100644 gnu/packages/patches/rnp-unbundle-googletest.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 8274e158d0..9ce51a7c00 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1504,6 +1504,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/rtags-separate-rct.patch			\
   %D%/packages/patches/racket-store-checksum-override.patch	\
   %D%/packages/patches/retroarch-disable-online-updater.patch	\
+  %D%/packages/patches/rnp-add-version.cmake.patch		\
+  %D%/packages/patches/rnp-disable-ruby-rnp-tests.patch		\
+  %D%/packages/patches/rnp-unbundle-googletest.patch		\
   %D%/packages/patches/ruby-rack-ignore-failing-test.patch	\
   %D%/packages/patches/ruby-rubocop-break-dependency-cycle.patch\
   %D%/packages/patches/ruby-sanitize-system-libxml.patch	\
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 94beab9929..a5b8f1b09d 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -19,11 +19,19 @@
 (define-module (gnu packages openpgp)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages multiprecision))
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages web))
 
 (define-public libtmcg
   (package
@@ -92,3 +100,87 @@ implementation is in experimental state and should NOT be used in production
 environments.")
     (home-page "https://www.nongnu.org/dkgpg/")
     (license license:gpl2+)))
+
+(define-public rnp
+  ;; Packaging the currently released version requires a large number of
+  ;; patches.  For now, we package a snapshot instead.
+  (let ((commit "203224f0b1505dba17837c03da603e5b98ab125a")
+        (revision "0")
+        (last-version "0.13.1")
+        (day-of-release "2020-07-21"))
+    (package
+      (name "rnp")
+      (version (git-version last-version revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/rnpgp/rnp")
+                      (commit commit)))
+                (file-name
+                 (string-append name "-" (string-take commit 7) "-checkout"))
+                (sha256
+                 (base32
+                  "1rnwhc9ys4v4mv584hmmrl0ycnqmsaigpffzm31qq337hz24zqya"))
+                (patches
+                 (search-patches "rnp-unbundle-googletest.patch"
+                                 "rnp-disable-ruby-rnp-tests.patch"
+                                 "rnp-add-version.cmake.patch"))))
+      (build-system cmake-build-system)
+      (arguments `(#:configure-flags
+                   '("-DBUILD_SHARED_LIBS=on"
+                     "-DBUILD_TESTING=on")
+                   #:phases
+                   (modify-phases %standard-phases
+                     (add-after 'unpack 'fixes
+                       (lambda* (#:key inputs #:allow-other-keys)
+                         (copy-recursively (assoc-ref inputs "googletest-source")
+                                           "src/tests/googletest-src")
+                         (substitute* "src/tests/support.cpp"
+                           (("\"cp\"") (string-append "\"" (which "cp") "\"")))
+                         ;; Produce a version stamp in the format the upstream
+                         ;; project uses for unreleased revisions.
+                         (with-output-to-file "version.txt"
+                           (lambda _
+                             (display
+                              (string-append ,last-version
+                                             "-" ,revision
+                                             "-g" ,(string-take commit 7)))))
+                         #t))
+                     (replace 'check
+                       (lambda _
+                         ;; Some OpenPGP certificates used by the tests expire.
+                         ;; To work around that, set the time to roughly the
+                         ;; release date.
+                         (invoke "faketime" ,day-of-release "make" "test"))))))
+      (native-inputs
+       `(("gnupg" ,gnupg) ; for tests
+         ("googletest-source" ,(package-source googletest)) ; for tests
+         ("libfaketime" ,libfaketime) ; for tests
+         ("pkg-config" ,pkg-config)
+         ("python" ,python)
+         ("python2" ,python-2.7)))
+      (inputs `(("botan" ,botan)
+                ("bzip2" ,bzip2)
+                ("json-c" ,json-c)
+                ("zlib" ,zlib)))
+      (synopsis
+       "RFC4880-compliant OpenPGP library written in C++")
+      (description
+       "Set of OpenPGP (RFC4880) tools that works on Linux, *BSD and macOS as a
+replacement of GnuPG.  It is maintained by Ribose after being forked from
+NetPGP, itself originally written for NetBSD.
+
+librnp is the library used by rnp for all OpenPGP functions, useful for
+developers to build against.  It is a “real” library, not a wrapper like GPGME
+of GnuPG.")
+      (home-page "https://www.rnpgp.com/")
+      (license
+       ;; RNP contains code written by Ribose and code derived from netpgp.
+       (list
+        ;; Ribose's BSD 2-Clause License and NetBSD's BSD 2-Clause License
+        ;; (netpgp).
+        license:bsd-2
+        ;; Nominet UK's Apache 2.0 Licence (netpgp).
+        license:asl2.0
+        ;; Nominet UK's BSD 3-Clause License (netpgp).
+        license:bsd-3)))))
diff --git a/gnu/packages/patches/rnp-add-version.cmake.patch b/gnu/packages/patches/rnp-add-version.cmake.patch
new file mode 100644
index 0000000000..67e3b75457
--- /dev/null
+++ b/gnu/packages/patches/rnp-add-version.cmake.patch
@@ -0,0 +1,169 @@
+From b4326f4649ceb146d5cc74f8579b68d8dc8f51e6 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Mon, 27 Jul 2020 14:00:25 +0200
+Subject: [PATCH 3/3] Add external version.cmake.
+
+This file is maintained in an external repository.  It is only
+included in released versions.  For building snapshots of RNP, a fixed
+snapshot of version.cmake is downloaded on demand.  To avoid this,
+this patch explicitly provides the file.
+---
+ cmake/version.cmake | 146 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 146 insertions(+)
+ create mode 100644 cmake/version.cmake
+
+diff --git a/cmake/version.cmake b/cmake/version.cmake
+new file mode 100644
+index 00000000..514027aa
+--- /dev/null
++++ b/cmake/version.cmake
+@@ -0,0 +1,146 @@
++# Copyright (c) 2018 Ribose Inc.
++# All rights reserved.
++#
++# Redistribution and use in source and binary forms, with or without
++# modification, are permitted provided that the following conditions
++# are met:
++# 1. Redistributions of source code must retain the above copyright
++#    notice, this list of conditions and the following disclaimer.
++# 2. Redistributions in binary form must reproduce the above copyright
++#    notice, this list of conditions and the following disclaimer in the
++#    documentation and/or other materials provided with the distribution.
++#
++# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
++# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
++# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++# POSSIBILITY OF SUCH DAMAGE.
++
++# desired length of commit hash
++set(GIT_REV_LEN 7)
++
++# call git, store output in var (can fail)
++macro(_git var)
++  execute_process(
++    COMMAND "${GIT_EXECUTABLE}" ${ARGN}
++    WORKING_DIRECTORY "${source_dir}"
++    RESULT_VARIABLE _git_ec
++    OUTPUT_VARIABLE ${var}
++    OUTPUT_STRIP_TRAILING_WHITESPACE
++    ERROR_QUIET
++  )
++endmacro()
++
++# call git, store output in var (can not fail)
++macro(git var)
++  _git(${var} ${ARGN})
++  if (NOT _git_ec EQUAL 0)
++    string(REPLACE ";" " " args "${ARGN}")
++    message(FATAL_ERROR "Failed to execute: git ${args}")
++  endif()
++endmacro()
++
++function(extract_version_info version var_prefix)
++  # extract the main components
++  #   v1.9.0-3-g5b92266+1546836556
++  #   v1.9.0-3-g5b92266-dirty+1546836556
++  string(REGEX MATCH "^v?([0-9]+\\.[0-9]+\\.[0-9]+)(-([0-9]+)-g([0-9a-f]+)(-dirty)?)?(\\+([0-9]+))?$" matches "${version}")
++  if (NOT matches)
++    message(FATAL_ERROR "Failed to extract version components.")
++  endif()
++  set(${var_prefix}_VERSION "${CMAKE_MATCH_1}" PARENT_SCOPE) # 1.9.0
++  if (NOT CMAKE_MATCH_3)
++    set(CMAKE_MATCH_3 "0")
++  endif()
++  set(${var_prefix}_VERSION_NCOMMITS "${CMAKE_MATCH_3}" PARENT_SCOPE) # 3
++  if (NOT CMAKE_MATCH_4)
++    set(CMAKE_MATCH_4 "0")
++  endif()
++  set(${var_prefix}_VERSION_GIT_REV "${CMAKE_MATCH_4}" PARENT_SCOPE) # 5b92266
++  if (CMAKE_MATCH_5 STREQUAL "-dirty")
++    set(${var_prefix}_VERSION_IS_DIRTY TRUE PARENT_SCOPE)
++  else()
++    set(${var_prefix}_VERSION_IS_DIRTY FALSE PARENT_SCOPE)
++  endif()
++  # timestamp is optional, default to 0
++  if (NOT CMAKE_MATCH_7)
++    set(CMAKE_MATCH_7 "0")
++  endif()
++  set(${var_prefix}_VERSION_COMMIT_TIMESTAMP "${CMAKE_MATCH_7}" PARENT_SCOPE) # 1546836556
++endfunction()
++
++function(determine_version source_dir var_prefix)
++  if (EXISTS "${source_dir}/.git")
++    # for GIT_EXECUTABLE
++    find_package(Git REQUIRED)
++    # get a description of the version, something like:
++    #   v1.9.1-0-g38ffe82        (a tagged release)
++    #   v1.9.1-0-g38ffe82-dirty  (a tagged release with local modifications)
++    #   v1.9.0-3-g5b92266        (post-release snapshot)
++    #   v1.9.0-3-g5b92266-dirty  (post-release snapshot with local modifications)
++    _git(version describe --abbrev=${GIT_REV_LEN} --match "v[0-9]*" --long --dirty)
++    if (NOT _git_ec EQUAL 0)
++      # no annotated tags, fake one
++      git(revision rev-parse --short=${GIT_REV_LEN} --verify HEAD)
++      set(version "v0.0.0-0-g${revision}")
++      # check if dirty (this won't detect untracked files, but should be ok)
++      _git(changes diff-index --quiet HEAD --)
++      if (NOT _git_ec EQUAL 0)
++        string(APPEND version "-dirty")
++      endif()
++      # append the commit timestamp of the most recent commit (only
++      # in non-release branches -- typically master)
++      git(commit_timestamp show -s --format=%ct)
++      string(APPEND version "+${commit_timestamp}")
++    endif()
++  else()
++    # same as above, but used for snapshots
++    file(STRINGS "${source_dir}/version.txt" version)
++  endif()
++  set(local_prefix "_determine_ver")
++  extract_version_info("${version}" "${local_prefix}")
++  foreach(suffix VERSION VERSION_NCOMMITS VERSION_GIT_REV VERSION_IS_DIRTY VERSION_COMMIT_TIMESTAMP)
++    if (NOT DEFINED ${local_prefix}_${suffix})
++      message(FATAL_ERROR "Unable to determine version.")
++    endif()
++    set(${var_prefix}_${suffix} "${${local_prefix}_${suffix}}" PARENT_SCOPE)
++    message(STATUS "${var_prefix}_${suffix}: ${${local_prefix}_${suffix}}")
++  endforeach()
++  # Set VERSION_SUFFIX and VERSION_FULL. When making changes, be aware that
++  # this is used in packaging as well and will affect ordering.
++  # | state            | version_full                |
++  # |------------------------------------------------|
++  # | exact tag        | 0.9.0                       |
++  # | exact tag, dirty | 0.9.0+git20180604           |
++  # | after tag        | 0.9.0+git20180604.1.085039f |
++  # | no tag           | 0.0.0+git20180604.2ee02af   |
++  string(TIMESTAMP date "%Y%m%d" UTC)
++  set(version_suffix "")
++  if ((NOT ${local_prefix}_VERSION_NCOMMITS EQUAL 0) OR (${local_prefix}_VERSION STREQUAL "0.0.0"))
++    # 0.9.0+git20150604.4.289818b
++    string(APPEND version_suffix "+git${date}")
++    if (NOT ${local_prefix}_VERSION_NCOMMITS EQUAL 0)
++      string(APPEND version_suffix ".${${local_prefix}_VERSION_NCOMMITS}")
++    endif()
++    string(APPEND version_suffix ".${${local_prefix}_VERSION_GIT_REV}")
++  else()
++    if (${local_prefix}_VERSION_IS_DIRTY)
++      # 0.9.0+git20150604
++      string(APPEND version_suffix "+git${date}")
++    endif()
++  endif()
++  set(version_full "${${local_prefix}_VERSION}${version_suffix}")
++  # set the results
++  set(${var_prefix}_VERSION_SUFFIX "${version_suffix}" PARENT_SCOPE)
++  set(${var_prefix}_VERSION_FULL "${version_full}" PARENT_SCOPE)
++  # for informational purposes
++  message(STATUS "${var_prefix}_VERSION_SUFFIX: ${version_suffix}")
++  message(STATUS "${var_prefix}_VERSION_FULL: ${version_full}")
++endfunction()
++
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
new file mode 100644
index 0000000000..5a75b6f40f
--- /dev/null
+++ b/gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch
@@ -0,0 +1,26 @@
+From 40e53d639d86337cf58be3a2b9750b6c97a3c740 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:10:21 +0200
+Subject: [PATCH 2/2] Disable ruby-rnp tests.
+
+Prevents cmake from cloning the ruby-rnp repository in order to run its tests.
+---
+ src/tests/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
+index d3c4fbe6..e7e1965e 100644
+--- a/src/tests/CMakeLists.txt
++++ b/src/tests/CMakeLists.txt
+@@ -125,7 +125,7 @@ gtest_discover_tests(rnp_tests
+ 
+ # ruby-rnp
+ # cruby does not currently play nice with ASaN et al.
+-if (NOT ENABLE_SANITIZERS AND BUILD_SHARED_LIBS AND NOT WIN32)
++if (NOT ENABLE_SANITIZERS AND BUILD_SHARED_LIBS AND NOT WIN32 AND IGNORE)
+   include(ExternalProject)
+   set(_sourcedir "${CMAKE_BINARY_DIR}/ruby-rnp")
+   if (DEFINED ENV{RUBY_RNP_INSTALL})
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/rnp-unbundle-googletest.patch b/gnu/packages/patches/rnp-unbundle-googletest.patch
new file mode 100644
index 0000000000..b85bfd1f0e
--- /dev/null
+++ b/gnu/packages/patches/rnp-unbundle-googletest.patch
@@ -0,0 +1,43 @@
+From 4b4697c8dd66bd2b1e4d6b831bbde46e27d62c46 Mon Sep 17 00:00:00 2001
+From: Justus Winter <teythoon@avior.uberspace.de>
+Date: Tue, 21 Jul 2020 16:10:12 +0200
+Subject: [PATCH 1/2] Unbundle googletest.
+
+---
+ src/tests/CMakeLists.txt          | 2 +-
+ src/tests/gtest-CMakeLists.txt.in | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
+index 0a841666..d3c4fbe6 100644
+--- a/src/tests/CMakeLists.txt
++++ b/src/tests/CMakeLists.txt
+@@ -53,7 +53,7 @@ endif()
+ # maintain compiler/linker settings on Windows
+ set(gtest_force_shared_crt ON CACHE BOOL "" FORCE)
+ # add to our build (provides gtest_main target)
+-add_subdirectory(${CMAKE_CURRENT_BINARY_DIR}/googletest-src
++add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/googletest-src
+                  ${CMAKE_CURRENT_BINARY_DIR}/googletest-build
+                  EXCLUDE_FROM_ALL)
+ 
+diff --git a/src/tests/gtest-CMakeLists.txt.in b/src/tests/gtest-CMakeLists.txt.in
+index a43e8e5d..3cc0ddd5 100644
+--- a/src/tests/gtest-CMakeLists.txt.in
++++ b/src/tests/gtest-CMakeLists.txt.in
+@@ -4,9 +4,9 @@ project(googletest-download NONE)
+ 
+ include(ExternalProject)
+ ExternalProject_Add(googletest
+-  GIT_REPOSITORY    https://github.com/google/googletest.git
+-  GIT_TAG           c43f710
+-  SOURCE_DIR        "${CMAKE_CURRENT_BINARY_DIR}/googletest-src"
++#  GIT_REPOSITORY    https://github.com/google/googletest.git
++#  GIT_TAG           c43f710
++  SOURCE_DIR        "${CMAKE_CURRENT_SOURCE_DIR}/googletest-src"
+   BINARY_DIR        "${CMAKE_CURRENT_BINARY_DIR}/googletest-build"
+   CONFIGURE_COMMAND ""
+   BUILD_COMMAND     ""
+-- 
+2.20.1
+
-- 
2.20.1

[bug#42404] [PATCH 1/3] gnu: Add rnp.

[Ludovic Courtès]

Hello,

Justus Winter <justus@sequoia-pgp.org> skribis:

> * gnu/packages/openpgp.scm (rnp): New variable.
> * gnu/packages/patches/rnp-add-version.cmake.patch: New file.
> * gnu/packages/patches/rnp-disable-ruby-rnp-tests.patch: New file.
> * gnu/packages/patches/rnp-unbundle-googletest.patch: New file.

Great, applied!

Ludo’.

bug#42404: [PATCH 5/5] gnu: Add python-sop.

[Ludovic Courtès]

Justus Winter <justus@sequoia-pgp.org> skribis:

> * gnu/packages/python-crypto.scm (python-sop): New variable.

[...]

> * gnu/packages/python-crypto.scm (python-pgpy): New variable.

Also applied these two patches, thank you.

Ludo’.