Created attachment 149946 [details]
patch gnupg port to enable TLS
With the move of GnuPG to version 2.1, TLS support for key retrieval is no longer coming from libcurl, but instead from direct support in dirmngr. The codebase supports two TLS provides, "Not Too Bad TLS" (ntbtls) from the GnuPG maintainers, and GnuTLS.
Currently the FreeBSD packaging of 2.1 constitutes a feature regression, as neither of these is enabled, so hkps:// keyserver URLs no longer work.
The attached patch adds a GNUTLS option to the port, sets it on by default, enables the use of pkg-config (so that the presence can be picked up) and adds a comment noting the alternative TLS provider option, suggesting that patches to support that in Ports are welcome -- slightly presumptuous of me, but I decided that it's easy enough to remove whatever of that new text is unwelcome.
I built the resulting port with Poudriere locally and I can now access hkps:// keyservers (after updating ~/.gnupg/dirmngr.conf to set trust anchors).
I took PORTREVISION to 3 because for me, 2 was when I had everything _except_ the USES flag fixed, so still wasn't working; I'm not familiar enough with ports policy to know whether this is okay, or if it will be set to 2 and it's on me to just force-downgrade locally. No harm in asking for it to be 3. :^)
Auto-assigned to maintainer kuriyama@FreeBSD.org
Patch included in bug 196301
*** This bug has been marked as a duplicate of bug 196301 ***