* gpg.sgml (http):

* g10.c, options.h: New option --exit-on-status-write-error.
* status.c (write_status_text): Make use of this option.

15 files changed, 93 insertions, 39 deletions

diff --git a/NEWS b/NEWS
index bb898402b..467fffb73 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,8 @@ Noteworthy changes in version 1.4.2
 
     * New export option export-reset-subkey-passwd.
 
+    * New option --limit-card-insert-tries.
+
 
 Noteworthy changes in version 1.4.1 (2005-03-15)
 ------------------------------------------------
diff --git a/TODO b/TODO
index 7d9eee763..46fdd66cc 100644
--- a/TODO
+++ b/TODO
@@ -75,4 +75,4 @@
 
   * Delete a card key as well as a wiping.
 
-  * Make 2 strings translatable in export.c after releasing 1.4.2.
\ No newline at end of file
+  * Make 2 strings translatable in export.c after releasing 1.4.2.
diff --git a/doc/gpg.sgml b/doc/gpg.sgml
index 8517e8182..c184b5940 100644
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@@ -631,9 +631,7 @@ functionality is also available as the subcommand "passwd" with the
 <term>--sign-key &ParmName;</term>
 <listitem><para>
 Signs a public key with your secret key. This is a shortcut version of
-the subcommand "sign" from --edit.  You may also want to consider the
-option --no-interactive-selection which will drop you into the regular
-menu when not all keys shall be signed.
+the subcommand "sign" from --edit.  
 </para></listitem></varlistentry>
 
 <varlistentry>
@@ -1088,15 +1086,6 @@ Prompt before overwriting any files.
 </para></listitem></varlistentry>
 
 <varlistentry>
-<term>--no-interactive-selection</term>
-<listitem><para>
-Do not use interactive selection mode in certain menues but require
-a selection in advance.  This is currently only used with the "sign"
-subcommand of --edit-key.
-</para></listitem></varlistentry>
-
-
-<varlistentry>
 <term>--batch</term>
 <term>--no-batch</term>
 <listitem><para>
@@ -2483,6 +2472,18 @@ option may lead to data and key corruption.
 </para></listitem></varlistentry>
 
 <varlistentry>
+<term>--exit-on-status-write-error</term>
+<listitem><para>
+This option will cause write errors on the status FD to immediately
+terminate the process.  That should in fact be the default but it
+never worked this way and thus we need an option to enable this, so
+that the change won't break applications which close their end of a
+status fd connected pipe too early.  Using this option along with
+--enable-progress-filter may be used to cleanly cancel long running
+gpg operations.
+</para></listitem></varlistentry>
+
+<varlistentry>
 <term>--limit-card-insert-tries &ParmN;</term>
 <listitem><para>
 With &ParmN; greater than 0 the number of prompts asking to insert a
diff --git a/g10/ChangeLog b/g10/ChangeLog
index f43c18e0a..74142c937 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,12 +1,30 @@
+2005-07-22  Werner Koch  <[email protected]>
+
+	* g10.c, options.h: New option --exit-on-status-write-error.
+	* status.c (write_status_text): Make use of this option.
+
 2005-07-22  David Shaw  <[email protected]>
 
-	* options.h, g10.c (main), keyedit.c (keyedit_menu): Use
-	--interactive to enable the uid walking when signing a key with no
-	uids specified to sign.
+	* options.h, g10.c (main): Removed option --no-interactive-selection.
+	* keyedit.c (keyedit_menu): Use --interactive to enable the uid
+	walking when signing a key with no uids specified to sign.
 
 	* keylist.c (list_keyblock_print): Fix silly typo.  Noted by Greg
 	Sabino Mullane.
 
+2005-07-20  Werner Koch  <[email protected]>
+
+	* openfile.c (open_outfile): Disable FD caching for created files.
+	* encode.c (encode_simple, encode_crypt): Disable FD caching for
+	input files.
+	* verify.c (verify_one_file): Ditto.
+	* decrypt.c (decrypt_messages): Ditto. This is bug #479.
+
+	* misc.c (get_libexecdir) [W32]: Changed to return the value of
+	program used to create the process.
+	* keyserver.c (keyserver_spawn) [DISABLE_KEYSERVER_PATH]: Don't
+	change the exec-path at all.
+
 2005-07-20  David Shaw  <[email protected]>
 
 	* keyserver.c (curl_can_handle): New.  Do a runtime check against
diff --git a/g10/decrypt.c b/g10/decrypt.c
index ad1f5ff6c..e6894adbe 100644
--- a/g10/decrypt.c
+++ b/g10/decrypt.c
@@ -147,6 +147,8 @@ decrypt_messages(int nfiles, char *files[])
       if (!output)
         goto next_file;
       fp = iobuf_open(filename);
+      if (fp)
+        iobuf_ioctl (fp,3,1,NULL); /* disable fd caching */
       if (fp && is_secured_file (iobuf_get_fd (fp)))
         {
           iobuf_close (fp);
diff --git a/g10/encode.c b/g10/encode.c
index c70ed163b..24b7f009e 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -172,6 +172,8 @@ encode_simple( const char *filename, int mode, int use_seskey )
     
     /* prepare iobufs */
     inp = iobuf_open(filename);
+    if (inp)
+      iobuf_ioctl (inp,3,1,NULL); /* disable fd caching */
     if (inp && is_secured_file (iobuf_get_fd (inp)))
       {
         iobuf_close (inp);
@@ -472,6 +474,8 @@ encode_crypt( const char *filename, STRLIST remusr, int use_symkey )
 
     /* prepare iobufs */
     inp = iobuf_open(filename);
+    if (inp)
+      iobuf_ioctl (inp,3,1,NULL); /* disable fd caching */
     if (inp && is_secured_file (iobuf_get_fd (inp)))
       {
         iobuf_close (inp);
@@ -495,7 +499,6 @@ encode_crypt( const char *filename, STRLIST remusr, int use_symkey )
     if( (rc = open_outfile( filename, opt.armor? 1:0, &out )) )
 	goto leave;
 
-
     if( opt.armor )
 	iobuf_push_filter( out, armor_filter, &afx );
 
diff --git a/g10/g10.c b/g10/g10.c
index ac36ded3d..eea79da4c 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -346,6 +346,7 @@ enum cmd_and_opt_values
     oEnableProgressFilter,
     oMultifile,
     oKeyidFormat,
+    oExitOnStatusWriteError,
     oLimitCardInsertTries,
 
     oReaderPort,
@@ -676,6 +677,7 @@ static ARGPARSE_OPTS opts[] = {
     { oEnableProgressFilter, "enable-progress-filter", 0, "@" },
     { oMultifile, "multifile", 0, "@" },
     { oKeyidFormat, "keyid-format", 2, "@" },
+    { oExitOnStatusWriteError, "exit-on-status-write-error", 0, "@" },
     { oLimitCardInsertTries, "limit-card-insert-tries", 1, "@"},
 
     { oReaderPort, "reader-port",    2, "@"},
@@ -2543,6 +2545,11 @@ main (int argc, char **argv )
 	    else
 	      log_error("unknown keyid-format `%s'\n",pargs.r.ret_str);
 	    break;
+
+          case oExitOnStatusWriteError:
+            opt.exit_on_status_write_error = 1;
+            break;
+
 	  case oLimitCardInsertTries: 
             opt.limit_card_insert_tries = pargs.r.ret_int; 
             break;
diff --git a/g10/import.c b/g10/import.c
index 8c96e5a6a..0953ade44 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -625,7 +625,8 @@ check_prefs(KBNODE keyblock)
 	}
     }
 
-  if(problem)
+#warning DEBUG CODE ENABLED
+  if(problem || getenv ("FOOBAR"))
     {
       log_info(_("it is strongly suggested that you update"
 		 " your preferences and\n"));
diff --git a/g10/keyserver.c b/g10/keyserver.c
index e3c2391d9..2ce03d41e 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -904,8 +904,16 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
      PATH to be GNUPG_LIBEXECDIR.  All this is not that meaningful on
      Unix-like systems (since we're going to give a full path to
      gpgkeys_foo), but on W32 it prevents loading any DLLs from
-     directories in %PATH%. */
-  set_exec_path(libexecdir);
+     directories in %PATH%.
+
+     After some more thinking about this we came to the conclusion
+     that it is better to load the helpers from the directory where
+     the program of this process lives.  Fortunately Windows provides
+     a way to retrieve this and our get_libexecdir function has been
+     modified to return just this.  Setting the exec-path is not
+     anymore required.  
+       set_exec_path(libexecdir);
+ */
 #else
   if(opt.exec_path_set)
     {
diff --git a/g10/misc.c b/g10/misc.c
index 0bf71c264..9f412f3de 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1155,24 +1155,29 @@ get_libexecdir (void)
 {
 #ifdef HAVE_W32_SYSTEM
   static int got_dir;
-  static char *dir;
+  static char dir[MAX_PATH+5];
 
   if (!got_dir)
     {
-      dir = read_w32_registry_string ("HKEY_LOCAL_MACHINE",
-                                      "Software\\GNU\\GnuPG",
-                                      "Install Directory");
-      if (dir && !*dir)
+      char *p;
+
+      if ( !GetModuleFileName ( NULL, dir, MAX_PATH) )
         {
-          /* To avoid problems with using an empty dir we don't allow
-             for that. */
-          free (dir);
-          dir = NULL;
+          log_debug ("GetModuleFileName failed: %s\n", w32_strerror (0));
+          *dir = 0;
         }
       got_dir = 1;
+      p = strrchr (dir, DIRSEP_C);
+      if (p)
+        *p = 0;
+      else
+        {
+          log_debug ("bad filename `%s' returned for this process\n", dir);
+          *dir = 0; 
+        }
     }
 
-  if (dir)
+  if (*dir)
     return dir;
   /* Fallback to the hardwired value. */
 #endif /*HAVE_W32_SYSTEM*/
diff --git a/g10/openfile.c b/g10/openfile.c
index 121b46dd0..be6585fbd 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -267,6 +267,9 @@ open_outfile( const char *iname, int mode, IOBUF *a )
     m_free(buf);
   }
 
+  if (*a)
+    iobuf_ioctl (*a,3,1,NULL); /* disable fd caching */
+
   return rc;
 }
 
diff --git a/g10/options.h b/g10/options.h
index db5d5e76d..c278b5d29 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -194,8 +194,13 @@ struct
   byte *show_subpackets;
   int rfc2440_text;
 
-  int limit_card_insert_tries; /* If > 0, limit the number of card
-                                  insertion prompts to this value. */
+  /* If true, let write failures on the status-fd exit the process. */
+  int exit_on_status_write_error;
+
+  /* If > 0, limit the number of card insertion prompts to this
+     value. */
+  int limit_card_insert_tries; 
+
 #ifdef ENABLE_CARD_SUPPORT
   const char *ctapi_driver; /* Library to access the ctAPI. */
   const char *pcsc_driver;  /* Library to access the PC/SC system. */
diff --git a/g10/status.c b/g10/status.c
index b14d605da..6ef5e7eec 100644
--- a/g10/status.c
+++ b/g10/status.c
@@ -263,7 +263,8 @@ write_status_text ( int no, const char *text)
         }
     }
     putc ('\n',statusfp);
-    fflush (statusfp);
+    if ( fflush (statusfp) && opt.exit_on_status_write_error )
+      g10_exit (0);
 }
 
 
@@ -327,7 +328,8 @@ write_status_text_and_buffer ( int no, const char *string,
     } while ( len );
 
     putc ('\n',statusfp);
-    fflush (statusfp);
+    if ( fflush (statusfp) && opt.exit_on_status_write_error )
+      g10_exit (0);
 }
 
 void
diff --git a/g10/verify.c b/g10/verify.c
index d5ac9f592..a08a71291 100644
--- a/g10/verify.c
+++ b/g10/verify.c
@@ -144,6 +144,8 @@ verify_one_file( const char *name )
 
     print_file_status( STATUS_FILE_START, name, 1 );
     fp = iobuf_open(name);
+    if (fp)
+      iobuf_ioctl (fp,3,1,NULL); /* disable fd caching */
     if (fp && is_secured_file (iobuf_get_fd (fp)))
       {
         iobuf_close (fp);
diff --git a/util/ttyio.c b/util/ttyio.c
index 5dde139d2..d1d4ca2fa 100644
--- a/util/ttyio.c
+++ b/util/ttyio.c
@@ -507,11 +507,6 @@ do_get( const char *prompt, int hidden )
 	else if( c > 0xa0 )
 	    ; /* we don't allow 0xa0, as this is a protected blank which may
 	       * confuse the user */
-        /* Fixme: The above assumption is not bad.  We assum a certain
-           character set and even worse, the W32 version behaves
-           differently.  It is not clear how we can hix this.  When
-           used for passphrases this code path strips off certain
-           characters so changing this might invalidate passphrases.  */
 	else if( iscntrl(c) )
 	    continue;
 	if( !(i < n-1) ) {