Now SHA256 has been shown to be an adequate replacement for SHA1, use SHA256 for verifying all port downloads. Ref #2767
The new 'verify' component facilitates the code of GnuPG to verify detached OpenPGP signatures against public keys. Since GnuPG depends on libgcrypt and libgpg-error, the patch adds these libraries to the libports repository. Fixes #2640