From 29055a825af5405e44ffcd59a776f8952bdc7203 Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Fri, 15 Dec 2017 16:03:23 +0100
Subject: [PATCH] Port to latest bouncycastle.

---
 .../bouncycastle/OpenPGPSignatureGenerator.java    | 34 ++++++++++------------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/java/org/apache/ivy/plugins/signer/bouncycastle/OpenPGPSignatureGenerator.java b/src/java/org/apache/ivy/plugins/signer/bouncycastle/OpenPGPSignatureGenerator.java
index af7beae..34c204f 100644
--- a/src/java/org/apache/ivy/plugins/signer/bouncycastle/OpenPGPSignatureGenerator.java
+++ b/src/java/org/apache/ivy/plugins/signer/bouncycastle/OpenPGPSignatureGenerator.java
@@ -41,6 +41,11 @@ import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.bouncycastle.openpgp.PGPUtil;
+import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
+import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
+import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
+import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder;
+import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
 
 public class OpenPGPSignatureGenerator implements SignatureGenerator {
 
@@ -101,11 +106,15 @@ public class OpenPGPSignatureGenerator implements SignatureGenerator {
                 pgpSec = readSecretKey(keyIn);
             }
 
-            PGPPrivateKey pgpPrivKey = pgpSec.extractPrivateKey(password.toCharArray(),
-                BouncyCastleProvider.PROVIDER_NAME);
-            PGPSignatureGenerator sGen = new PGPSignatureGenerator(pgpSec.getPublicKey()
-                    .getAlgorithm(), PGPUtil.SHA1, BouncyCastleProvider.PROVIDER_NAME);
-            sGen.initSign(PGPSignature.BINARY_DOCUMENT, pgpPrivKey);
+            PBESecretKeyDecryptor decryptor =
+                    new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
+                    .build(password.toCharArray());
+            PGPPrivateKey pgpPrivKey = pgpSec.extractPrivateKey(decryptor);
+            BcPGPContentSignerBuilder builder = new BcPGPContentSignerBuilder(
+                            pgpSec.getPublicKey().getAlgorithm(), PGPUtil.SHA1);
+
+            PGPSignatureGenerator sGen = new PGPSignatureGenerator(builder);
+            sGen.init(PGPSignature.BINARY_DOCUMENT, pgpPrivKey);
 
             in = new FileInputStream(src);
             out = new BCPGOutputStream(new ArmoredOutputStream(new FileOutputStream(dest)));
@@ -116,22 +125,10 @@ public class OpenPGPSignatureGenerator implements SignatureGenerator {
             }
 
             sGen.generate().encode(out);
-        } catch (SignatureException e) {
-            IOException ioexc = new IOException();
-            ioexc.initCause(e);
-            throw ioexc;
         } catch (PGPException e) {
             IOException ioexc = new IOException();
             ioexc.initCause(e);
             throw ioexc;
-        } catch (NoSuchAlgorithmException e) {
-            IOException ioexc = new IOException();
-            ioexc.initCause(e);
-            throw ioexc;
-        } catch (NoSuchProviderException e) {
-            IOException ioexc = new IOException();
-            ioexc.initCause(e);
-            throw ioexc;
         } finally {
             if (out != null) {
                 try {
@@ -156,7 +153,8 @@ public class OpenPGPSignatureGenerator implements SignatureGenerator {
 
     private PGPSecretKey readSecretKey(InputStream in) throws IOException, PGPException {
         in = PGPUtil.getDecoderStream(in);
-        PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(in);
+        PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(in,
+                        new BcKeyFingerprintCalculator());
 
         PGPSecretKey key = null;
         for (Iterator it = pgpSec.getKeyRings(); key == null && it.hasNext();) {
-- 
2.15.1
&gt;.
Reported by Tirifto &lt;tirifto@posteo.cz&gt;.

Regression introduced in 65ffb9388c1c3d870cb07e4cb3ef12c9ac06a161.

In the (unlikely) case where the profile we're targeting with "guix
upgrade -n" or similar is already built, a new profile generation would
be created and linked to despite the use of '-n'.  This is because
65ffb9388c1c3d870cb07e4cb3ef12c9ac06a161 assumed that dry-run behavior
would be handled solely by the build handler, which is not the case when
there's nothing to build.

* guix/scripts/package.scm (build-and-use-profile): Reintroduce #:dry-run?
and honor it.
(process-actions): Pass #:dry-run? to 'build-and-use-profile'.
* tests/guix-package-net.sh: Add test.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-01-16 23:56:56 +0100'>2022-01-16</span></td><td><a href='/guix/commit/tests/guix-package-net.sh?id=686f2eae348a44f76afe1fa73230dd87578c227d'>tests: Clean up after 'tests/guix-package-net.sh'.</a><span class='msg-avail'>...<span class='msg-tooltip'>* tests/guix-package-net.sh: Remove second 'trap' line.  Change first
'trap' line to remove "$module_dir" and *.lock files.
</span></span></td><td>Ludovic Courtès</td></tr>