As part of the desktop rebase in 7.6, we need to rebase gnome-keyring to the version that is shipped with GNOME 3.28.
I pushed a rebase branch at http://pkgs.devel.redhat.com/cgit/rpms/gnome-keyring/log/?h=private-rhel-7.6-rebase, but it doesn't build. Could someone who knows gnome-keyring code take a look please? It fails with:
pkcs11/gkm/gkm-crypto.c:309:38: error: 'GCRY_PK_ECC' undeclared (first use in this function)
g_return_val_if_fail (algorithm == GCRY_PK_ECC, CKR_GENERAL_ERROR);
Looks like Jakub Jelen added that code upstream; I've added him to CC here, and also upstream gnome-keyring maintainer Daiki Ueno.
Failed build log: http://coprbe.devel.redhat.com/results/klember/rhel-7-gnome-3-28/rhel-7.dev-x86_64/00019753-gnome-keyring/build.log.gz
The ECC keys in gnome-keyring need a new gcrypt version.
But given that gnome-keyring wraps the openssh ssh-agent and no longer does the crypto, the patches adding ecdsa support in gnome-keyring internals can be omitted (which unfortunately adds some complexity).
Or we can introduce proper configure macros and checks in the code to avoid building ECC support, but I am not sure if I will be able to work on that just now.
I haven't really checked the code, but for RHEL-7, using the deprecated GCRY_PK_ECDSA (which will be mapped to GCRY_PK_ECC in newer versions) doesn't work?
Thanks, that seemed to work. I did a downstream s/GCRY_PK_ECC/GCRY_PK_ECDSA/ patch and it built fine with it at least: http://pkgs.devel.redhat.com/cgit/rpms/gnome-keyring/tree/0001-Fix-the-build-with-older-gcrypt-in-RHEL-7.patch?h=private-rhel-7.6-rebase
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.