Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 3 Dec 2012 07:10:54 GMT
From:      Phil Pennock <phil.pennock@globnix.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/174075: security/gnupg sense inversion on CURL option
Message-ID:  <201212030710.qB37As3d024749@red.freebsd.org>
Resent-Message-ID: <201212030720.qB37K05R012815@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         174075
>Category:       ports
>Synopsis:       security/gnupg sense inversion on CURL option
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 03 07:20:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Phil Pennock
>Release:        
>Organization:
Apcera, Inc.
>Environment:
>Description:
(Confirmed present in Makefile 1.147, latest version seen via cvsweb.cgi)

The GnuPG (2) port, security/gnupg, has an option CURL:

CURL_DESC=		Use the real curl library (worked around if no)
OPTIONS_DEFAULT=	CURL

That is misleading, and looks to be a sense inversion.

.if ${PORT_OPTIONS:MCURL}
CONFIGURE_ARGS+=--without-libcurl
.else
LIB_DEPENDS+=	curl:${PORTSDIR}/ftp/curl
CONFIGURE_ARGS+=--with-libcurl=${LOCALBASE}
.endif

So, if the option is set, as it is by default, then the use of curl is entirely disabled and GnuPG uses an internal stub/shim implementation which pretends to be Curl.  If the option is explicitly *unset*, then libcurl is used and /usr/local/libexec/gpg2keys_hkp has rather more linkage dependencies reported by ldd(1).
>How-To-Repeat:
Build security/gnupg with and without the options set.

Use ldd(1) to examine linkage dependencies.

Use { gpg --keyserver-options verbose,debug --keyserver hkp://..../ --recv-key ... } to retrieve keys with debugging reporting showing which implementation is in use.
>Fix:
Change the ordering of the .if/.else/.endif branches when testing against ${PORT_OPTIONS:MCURL}

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212030710.qB37As3d024749>