From 47287365fba3d99582047c3c22b317adc647f6f0 Mon Sep 17 00:00:00 2001
From: YellowJacketLinux <anymouseprophet@gmail.com>
Date: Wed, 16 Oct 2024 16:57:11 -0700
Subject: [PATCH] GnuTLS

---
 22-gnutls.sh | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md    | 12 +++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 22-gnutls.sh

diff --git a/22-gnutls.sh b/22-gnutls.sh
new file mode 100644
index 0000000..517cd08
--- /dev/null
+++ b/22-gnutls.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+if [ "`whoami`" == "root" ]; then
+  echo "Danger, Will Robinson!"
+  echo "Do not execute me as r00t"
+  exit 1
+fi
+
+TARBALL="gnutls-3.8.7.1.tar.xz"
+DNL="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.7.1.tar.xz"
+SHA256="9ca0ddaccce28a74fa18d738744190afb3b0daebef74e6ad686bf7bef99abd60"
+
+[ -d gnutls-3.8.7 ] && rm -rf gnutls-3.8.7
+
+if [ ! -f ${TARBALL} ]; then
+  wget ${DNL}
+  if [ $? -ne 0 ]; then
+    echo "Could not retrieve ${DNL}"
+    echo "Sorry."
+    exit 1
+  fi
+fi
+
+CHECK="`sha256sum ${TARBALL} |awk ' { print $1 } ' `"
+if [ "${CHECK}" != "${SHA256}" ]; then
+  echo "${TARBALL} does not match expected SHA256. Sorry."
+  exit 1
+fi
+
+tar -Jxf ${TARBALL} && cd gnutls-3.8.7
+
+./configure --prefix=/usr \
+            --docdir=/usr/share/doc/gnutls-3.8.7.1 \
+            --with-default-trust-store-pkcs11="pkcs11:" \
+            --disable-dsa
+if [ $? -ne 0 ]; then
+  echo "Configure script failed for gnutls. Sorry."
+  exit 1
+fi
+
+make
+if [ $? -ne 0 ]; then
+  echo "Failed building gnutls. Sorry."
+  exit 1
+fi
+
+echo "running make check"
+sed '/ocsp-must-staple-connection/d' -i tests/Makefile
+make check > gnutls.check.log 2>&1
+
+echo ""
+echo "Inspect gnutls-3.8.7/gnutls.check.log and if all looks good, as root:"
+echo
+echo "  cd gnutls-3.8.7"
+echo "  make install"
+echo
diff --git a/README.md b/README.md
index 1a827c1..40bc468 100644
--- a/README.md
+++ b/README.md
@@ -203,4 +203,16 @@ Justification: Needed for GnuTLS. Depends upon which.
 * Script: [`21-libseccomp.sh`](21-libseccomp.sh)
 * Status: Script Untested
 
+Dependency Twenty-Two: GnuTLS
+-----------------------------
+
+Justification: Needed for GnuPG. Also is the preferred TLS stack for YJL. Build
+requires nettle, libunistring, libtasn1, p11-kit, brotli, libidn2, libseccomp.
+Runtime requires make-ca.
+
+
+* Script: [`22-gnutls.sh`](22-gnutls.sh)
+* Status: Script Untested
+* Note: Note yet built with DANE support, or Trousers support.
+