gpg: Check gpg-agent version before 2.1 migration.

* g10/call-agent.c, g10/call-agent.h (agent_get_version): New.
* g10/migrate.c (migrate_secring): Abort migration if
agent_get_version returns not at least 2.1.0

--
GnuPG-bug-id: 1718

On the first installation of GnuPG 2.1 it is likely that an
old gpg-agent is still running in the environment. In that
case the migration would fail.

Signed-off-by: Andre Heinecke <[email protected]>

3 files changed, 55 insertions, 0 deletions

diff --git a/g10/call-agent.c b/g10/call-agent.c
index 58f4a92c5..080df1867 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -2277,3 +2277,33 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
                          cache_nonce_status_cb, &cn_parm);
   return err;
 }
+
+/* Return the version reported by gpg-agent.  */
+gpg_error_t
+agent_get_version (ctrl_t ctrl, char **r_version)
+{
+  gpg_error_t err;
+  membuf_t data;
+
+  err = start_agent (ctrl, 0);
+  if (err)
+    return err;
+
+  init_membuf (&data, 64);
+  err = assuan_transact (agent_ctx, "GETINFO version",
+                        membuf_data_cb, &data,
+                        NULL, NULL, NULL, NULL);
+  if (err)
+    {
+      xfree (get_membuf (&data, NULL));
+      *r_version = NULL;
+    }
+  else
+    {
+      put_membuf (&data, "", 1);
+      *r_version = get_membuf (&data, NULL);
+      if (!*r_version)
+        err = gpg_error_from_syserror ();
+    }
+  return err;
+}
diff --git a/g10/call-agent.h b/g10/call-agent.h
index 1deb8548a..5b4cd0931 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -192,6 +192,8 @@ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip,
 /* Change the passphrase of a key.  */
 gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
                           char **cache_nonce_addr, char **passwd_nonce_addr);
+/* Get the version reported by gpg-agent.  */
+gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version);
 
 
 #endif /*GNUPG_G10_CALL_AGENT_H*/
diff --git a/g10/migrate.c b/g10/migrate.c
index 9a21cfe8e..5cb3512d9 100644
--- a/g10/migrate.c
+++ b/g10/migrate.c
@@ -29,6 +29,7 @@
 #include "keydb.h"
 #include "util.h"
 #include "main.h"
+#include "call-agent.h"
 
 
 #ifdef HAVE_DOSISH_SYSTEM
@@ -46,6 +47,7 @@ migrate_secring (ctrl_t ctrl)
   dotlock_t lockhd = NULL;
   char *secring = NULL;
   char *flagfile = NULL;
+  char *agent_version = NULL;
 
   secring = make_filename (opt.homedir, "secring" EXTSEP_S "gpg", NULL);
   if (access (secring, F_OK))
@@ -72,6 +74,27 @@ migrate_secring (ctrl_t ctrl)
       goto leave;
     }
 
+  if (!agent_get_version (ctrl, &agent_version))
+    {
+      if (!gnupg_compare_version (agent_version, "2.1.0"))
+        {
+          log_error ("error: GnuPG agent version \"%s\" is too old. ",
+                     agent_version);
+          log_error ("Please install an updated GnuPG agent.\n");
+          log_error ("migration aborted\n");
+          xfree (agent_version);
+          goto leave;
+        }
+      xfree (agent_version);
+    }
+  else
+    {
+      log_error ("error: GnuPG agent unusable. "
+                 "Please check that a GnuPG agent can be started.\n");
+      log_error ("migration aborted\n");
+      goto leave;
+    }
+
   log_info ("porting secret keys from '%s' to gpg-agent\n", secring);
   if (!import_old_secring (ctrl, secring))
     {