aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/gpg.texi123
-rw-r--r--doc/yat2m.c310
2 files changed, 330 insertions, 103 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 26179bd77..8ea819926 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -906,6 +906,24 @@ Signs a public key with your secret key but marks it as
non-exportable. This is a shortcut version of the subcommand "lsign"
from @option{--edit-key}.
+@ifset gpgtwoone
+@item --quick-sign-key @code{fpr} [@code{names}]
+@itemx --quick-lsign-key @code{name}
+@opindex quick-sign-key
+@opindex quick-lsign-key
+Directly sign a key from the passphrase without any further user
+interaction. The @code{fpr} must be the verified primary fingerprint
+of a key in the local keyring. If no @code{names} are given, all
+useful user ids are signed; with given [@code{names}] only useful user
+ids matching one of theses names are signed. The command
+@option{--quick-lsign-key} marks the signatures as non-exportable.
+
+This command uses reasonable defaults and thus does not provide the
+full flexibility of the "sign" subcommand from @option{--edit-key}.
+Its intended use to help unattended signing using a list of verified
+fingerprints.
+@end ifset
+
@ifclear gpgone
@item --passwd @var{user_id}
@opindex passwd
@@ -1177,7 +1195,7 @@ for the key fingerprint, "%t" for the extension of the image type
(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
"%v" for the single-character calculated validity of the image being
viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g.
-"full"),
+"full"), "%U" for a base32 encoded hash of the user ID,
and "%%" for an actual percent sign. If neither %i or %I are present,
then the photo will be supplied to the viewer on standard input.
@@ -1431,7 +1449,9 @@ Set what trust model GnuPG should follow. The models are:
trusted. You generally won't use this unless you are using some
external validation scheme. This option also suppresses the
"[uncertain]" tag printed with signature checks when there is no
- evidence that the user ID is bound to the key.
+ evidence that the user ID is bound to the key. Note that this
+ trust model still does not allow the use of expired, revoked, or
+ disabled keys.
@item auto
@opindex trust-mode:auto
@@ -1482,6 +1502,10 @@ mechanisms, in the order they are to be tried:
position of this mechanism in the list does not matter. It is not
required if @code{local} is also used.
+ @item clear
+ Clear all defined mechanisms. This is useful to override
+ mechanisms given in a config file.
+
@end table
@item --keyid-format @code{short|0xshort|long|0xlong}
@@ -1606,16 +1630,29 @@ are available for all keyserver types, some common options are:
program uses internally (libcurl, openldap, etc).
@item check-cert
+@ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+@end ifset
+@ifclear gpgtwoone
Enable certificate checking if the keyserver presents one (for hkps or
ldaps). Defaults to on.
+@end ifclear
@item ca-cert-file
+@ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+@end ifset
+@ifclear gpgtwoone
Provide a certificate store to override the system default. Only
necessary if check-cert is enabled, and the keyserver is using a
certificate that is not present in a system default certificate list.
Note that depending on the SSL library that the keyserver helper is
built with, this may actually be a directory or a file.
+@end ifclear
+
@end table
@item --completes-needed @code{n}
@@ -1696,6 +1733,25 @@ been given. Given that this option is not anymore used by
@command{gpg2}, it should be avoided if possible.
@end ifset
+
+@ifclear gpgone
+@item --agent-program @var{file}
+@opindex agent-program
+Specify an agent program to be used for secret key operations. The
+default value is the @file{/usr/bin/gpg-agent}. This is only used
+as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
+set or a running agent cannot be connected.
+@end ifclear
+
+@ifset gpgtwoone
+@item --dirmngr-program @var{file}
+@opindex dirmngr-program
+Specify a dirmngr program to be used for keyserver access. The
+default value is @file{/usr/sbin/dirmngr}. This is only used as a
+fallback when the environment variable @code{DIRMNGR_INFO} is not set or
+a running dirmngr cannot be connected.
+@end ifset
+
@item --lock-once
@opindex lock-once
Lock the databases the first time a lock is requested
@@ -2053,6 +2109,15 @@ Since GnuPG 2.0.10, this mode is always used and thus this option is
obsolete; it does not harm to use it though.
@end ifclear
+@ifset gpgtwoone
+@item --legacy-list-mode
+@opindex legacy-list-mode
+Revert to the pre-2.1 public key list mode. This only affects the
+human readable output and not the machine interface
+(i.e. @code{--with-colons}). Note that the legacy format does not
+allow to convey suitable information for elliptic curves.
+@end ifset
+
@item --with-fingerprint
@opindex with-fingerprint
Same as the command @option{--fingerprint} but changes only the format
@@ -2062,6 +2127,12 @@ of the output and may be used together with another command.
@item --with-keygrip
@opindex with-keygrip
Include the keygrip in the key listings.
+
+@item --with-secret
+@opindex with-secret
+Include info about the presence of a secret key in public key listings
+done with @code{--with-colons}.
+
@end ifset
@end table
@@ -2244,9 +2315,13 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
-IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
-@option{--textmode} when encrypting.
+--no-force-v4-certs --escape-from-lines --force-v3-sigs
+@ifclear gpgone
+--allow-weak-digest-algos
+@end ifclear
+--cipher-algo IDEA --digest-algo
+MD5--compress-algo ZIP}. It also disables @option{--textmode} when
+encrypting.
@item --pgp6
@opindex pgp6
@@ -2702,6 +2777,14 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
+@ifclear gpgone
+@item --allow-weak-digest-algos
+@opindex allow-weak-digest-algos
+Signatures made with the broken MD5 algorithm are normally rejected
+with an ``invalid digest algorithm'' message. This option allows the
+verification of signatures made with such weak algorithms.
+@end ifclear
+
@item --no-default-keyring
@opindex no-default-keyring
Do not add the default keyrings to the list of keyrings. Note that
@@ -2963,18 +3046,33 @@ files; They all live in in the current home directory (@pxref{option
@table @file
- @item ~/.gnupg/secring.gpg
- The secret keyring. You should backup this file.
-
- @item ~/.gnupg/secring.gpg.lock
- The lock file for the secret keyring.
-
@item ~/.gnupg/pubring.gpg
The public keyring. You should backup this file.
@item ~/.gnupg/pubring.gpg.lock
The lock file for the public keyring.
+@ifset gpgtwoone
+ @item ~/.gnupg/pubring.kbx
+ The public keyring using a different format. This file is sharred
+ with @command{gpgsm}. You should backup this file.
+
+ @item ~/.gnupg/pubring.kbx.lock
+ The lock file for @file{pubring.kbx}.
+@end ifset
+
+ @item ~/.gnupg/secring.gpg
+@ifclear gpgtwoone
+ The secret keyring. You should backup this file.
+@end ifclear
+@ifset gpgtwoone
+ A secret keyring as used by GnuPG versions before 2.1. It is not
+ used by GnuPG 2.1 and later.
+
+ @item ~/.gnupg/.gpg-v21-migrated
+ File indicating that a migration to GnuPG 2.1 has taken place.
+@end ifset
+
@item ~/.gnupg/trustdb.gpg
The trust database. There is no need to backup this file; it is better
to backup the ownertrust values (@pxref{option --export-ownertrust}).
@@ -2985,6 +3083,9 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/random_seed
A file used to preserve the state of the internal random pool.
+ @item ~/.gnupg/secring.gpg.lock
+ The lock file for the secret keyring.
+
@item /usr[/local]/share/gnupg/options.skel
The skeleton options file.
diff --git a/doc/yat2m.c b/doc/yat2m.c
index 5dc81bf59..2ac43902a 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -1,5 +1,5 @@
/* yat2m.c - Yet Another Texi 2 Man converter
- * Copyright (C) 2005 g10 Code GmbH
+ * Copyright (C) 2005, 2013 g10 Code GmbH
* Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
*
* This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
*/
/*
- This is a simple textinfo to man page converter. It needs some
+ This is a simple texinfo to man page converter. It needs some
special markup in th e texinfo and tries best to get a create man
page. It has been designed for the GnuPG man pages and thus only
a few texinfo commands are supported.
@@ -107,6 +107,9 @@
character. */
#define LINESIZE 1024
+/* Number of allowed condition nestings. */
+#define MAX_CONDITION_NESTING 10
+
/* Option flags. */
static int verbose;
static int quiet;
@@ -117,10 +120,6 @@ static const char *opt_select;
static const char *opt_include;
static int opt_store;
-/* The only define we understand is -D gpgone. Thus we need a simple
- boolean tro track it. */
-static int gpgone_defined;
-
/* Flag to keep track whether any error occurred. */
static int any_error;
@@ -129,7 +128,7 @@ static int any_error;
struct macro_s
{
struct macro_s *next;
- char *value; /* Malloced value. */
+ char *value; /* Malloced value. */
char name[1];
};
typedef struct macro_s *macro_t;
@@ -137,6 +136,24 @@ typedef struct macro_s *macro_t;
/* List of all defined macros. */
static macro_t macrolist;
+/* List of global macro names. The value part is not used. */
+static macro_t predefinedmacrolist;
+
+/* Object to keep track of @isset and @ifclear. */
+struct condition_s
+{
+ int manverb; /* "manverb" needs special treatment. */
+ int isset; /* This is an @isset condition. */
+ char name[1]; /* Name of the condition macro. */
+};
+typedef struct condition_s *condition_t;
+
+/* The stack used to evaluate conditions. And the current states. */
+static condition_t condition_stack[MAX_CONDITION_NESTING];
+static int condition_stack_idx;
+static int cond_is_active; /* State of ifset/ifclear */
+static int cond_in_verbatim; /* State of "manverb". */
+
/* Object to store one line of content. */
struct line_buffer_s
@@ -313,7 +330,158 @@ isodatestring (void)
}
+/* Add NAME to the list of predefined macros which are global for all
+ files. */
+static void
+add_predefined_macro (const char *name)
+{
+ macro_t m;
+
+ for (m=predefinedmacrolist; m; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m)
+ {
+ m = xcalloc (1, sizeof *m + strlen (name));
+ strcpy (m->name, name);
+ m->next = predefinedmacrolist;
+ predefinedmacrolist = m;
+ }
+}
+
+
+/* Create or update a macro with name MACRONAME and set its values TO
+ MACROVALUE. Note that ownership of the macro value is transferred
+ to this function. */
+static void
+set_macro (const char *macroname, char *macrovalue)
+{
+ macro_t m;
+
+ for (m=macrolist; m; m = m->next)
+ if (!strcmp (m->name, macroname))
+ break;
+ if (m)
+ free (m->value);
+ else
+ {
+ m = xcalloc (1, sizeof *m + strlen (macroname));
+ strcpy (m->name, macroname);
+ m->next = macrolist;
+ macrolist = m;
+ }
+ m->value = macrovalue;
+ macrovalue = NULL;
+}
+
+
+/* Return true if the macro NAME is set, i.e. not the empty string and
+ not evaluating to 0. */
+static int
+macro_set_p (const char *name)
+{
+ macro_t m;
+
+ for (m = macrolist; m ; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m || !m->value || !*m->value)
+ return 0;
+ if ((*m->value & 0x80) || !isdigit (*m->value))
+ return 1; /* Not a digit but some other string. */
+ return !!atoi (m->value);
+}
+
+
+/* Evaluate the current conditions. */
+static void
+evaluate_conditions (const char *fname, int lnr)
+{
+ int i;
+
+ /* for (i=0; i < condition_stack_idx; i++) */
+ /* inf ("%s:%d: stack[%d] %s %s %c", */
+ /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */
+ /* condition_stack[i]->name, */
+ /* (macro_set_p (condition_stack[i]->name) */
+ /* ^ !condition_stack[i]->isset)? 't':'f'); */
+
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
+ if (condition_stack_idx)
+ {
+ for (i=0; i < condition_stack_idx; i++)
+ {
+ if (condition_stack[i]->manverb)
+ cond_in_verbatim = (macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset);
+ else if (!(macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset))
+ {
+ cond_is_active = 0;
+ break;
+ }
+ }
+ }
+
+ /* inf ("%s:%d: active=%d verbatim=%d", */
+ /* fname, lnr, cond_is_active, cond_in_verbatim); */
+}
+
+
+/* Push a condition with condition macro NAME onto the stack. If
+ ISSET is true, a @isset condition is pushed. */
+static void
+push_condition (const char *name, int isset, const char *fname, int lnr)
+{
+ condition_t cond;
+ int manverb = 0;
+ if (condition_stack_idx >= MAX_CONDITION_NESTING)
+ {
+ err ("%s:%d: condition nested too deep", fname, lnr);
+ return;
+ }
+
+ if (!strcmp (name, "manverb"))
+ {
+ if (!isset)
+ {
+ err ("%s:%d: using \"@ifclear manverb\" is not allowed", fname, lnr);
+ return;
+ }
+ manverb = 1;
+ }
+
+ cond = xcalloc (1, sizeof *cond + strlen (name));
+ cond->manverb = manverb;
+ cond->isset = isset;
+ strcpy (cond->name, name);
+
+ condition_stack[condition_stack_idx++] = cond;
+ evaluate_conditions (fname, lnr);
+}
+
+
+/* Remove the last condition from the stack. ISSET is used for error
+ reporting. */
+static void
+pop_condition (int isset, const char *fname, int lnr)
+{
+ if (!condition_stack_idx)
+ {
+ err ("%s:%d: unbalanced \"@end %s\"",
+ fname, lnr, isset?"isset":"isclear");
+ return;
+ }
+ condition_stack_idx--;
+ free (condition_stack[condition_stack_idx]);
+ condition_stack[condition_stack_idx] = NULL;
+ evaluate_conditions (fname, lnr);
+}
+
+
+
/* Return a section buffer for the section NAME. Allocate a new buffer
if this is a new section. Keep track of the sections in THEPAGE.
This function may reallocate the section array in THEPAGE. */
@@ -862,14 +1030,8 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
int lnr = 0;
/* Fixme: The following state variables don't carry over to include
files. */
- int in_verbatim = 0;
int skip_to_end = 0; /* Used to skip over menu entries. */
int skip_sect_line = 0; /* Skip after @mansect. */
- int ifset_nesting = 0; /* How often a ifset has been seen. */
- int ifclear_nesting = 0; /* How often a ifclear has been seen. */
- int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */
- int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */
- int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */
int item_indent = 0; /* How far is the current @item indented. */
/* Helper to define a macro. */
@@ -883,7 +1045,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
size_t n = strlen (line);
int got_line = 0;
- char *p;
+ char *p, *pend;
lnr++;
if (!n || line[n-1] != '\n')
@@ -930,26 +1092,12 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "macro", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- macro_t m;
-
if (macrovalueused)
macrovalue[--macrovalueused] = 0; /* Kill the last LF. */
macrovalue[macrovalueused] = 0; /* Terminate macro. */
macrovalue = xrealloc (macrovalue, macrovalueused+1);
- for (m= macrolist; m; m = m->next)
- if (!strcmp (m->name, macroname))
- break;
- if (m)
- free (m->value);
- else
- {
- m = xcalloc (1, sizeof *m + strlen (macroname));
- strcpy (m->name, macroname);
- m->next = macrolist;
- macrolist = m;
- }
- m->value = macrovalue;
+ set_macro (macroname, macrovalue);
macrovalue = NULL;
free (macroname);
macroname = NULL;
@@ -997,23 +1145,33 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
if (n == 6 && !memcmp (line, "@ifset", 6)
&& (line[6]==' '||line[6]=='\t'))
{
- ifset_nesting++;
-
- if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7]))
+ for (p=line+7; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_verbatim)
- err ("%s:%d: nested \"@ifset manverb\"", fname, lnr);
- else
- in_verbatim = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifset\"", fname, lnr);
+ continue;
}
- else if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 1, fname, lnr);
+ continue;
+ }
+ else if (n == 8 && !memcmp (line, "@ifclear", 8)
+ && (line[8]==' '||line[8]=='\t'))
+ {
+ for (p=line+9; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_gpgone)
- err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr);
- else
- in_gpgone = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifsclear\"", fname, lnr);
+ continue;
}
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 0, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1021,40 +1179,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifset", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- if (in_verbatim && ifset_nesting == in_verbatim)
- in_verbatim = 0;
- if (in_gpgone && ifset_nesting == in_gpgone)
- in_gpgone = 0;
-
- if (ifset_nesting)
- ifset_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr);
- continue;
- }
- else if (n == 8 && !memcmp (line, "@ifclear", 8)
- && (line[8]==' '||line[8]=='\t'))
- {
- ifclear_nesting++;
-
- if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
- {
- if (not_in_gpgone)
- err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr);
- else
- not_in_gpgone = ifclear_nesting;
- }
-
- else if (!strncmp (p, "isman", 5)
- && (p[5]==' '||p[5]=='\t'||!p[5]))
- {
- if (not_in_man)
- err ("%s:%d: nested \"@ifclear isman\"", fname, lnr);
- else
- not_in_man = ifclear_nesting;
- }
-
+ pop_condition (1, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1062,23 +1187,13 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifclear", 7)
&& (p[7]==' '||p[7]=='\t'||!p[7]))
{
- if (not_in_gpgone && ifclear_nesting == not_in_gpgone)
- not_in_gpgone = 0;
- if (not_in_man && ifclear_nesting == not_in_man)
- not_in_man = 0;
-
- if (ifclear_nesting)
- ifclear_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr);
+ pop_condition (0, fname, lnr);
continue;
}
}
/* Take action on ifset/ifclear. */
- if ( (in_gpgone && !gpgone_defined)
- || (not_in_gpgone && gpgone_defined)
- || not_in_man)
+ if (!cond_is_active)
continue;
/* Process commands. */
@@ -1090,7 +1205,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
skip_to_end = 0;
}
- else if (in_verbatim)
+ else if (cond_in_verbatim)
{
got_line = 1;
}
@@ -1182,7 +1297,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
else if (!skip_to_end)
got_line = 1;
- if (got_line && in_verbatim)
+ if (got_line && cond_in_verbatim)
add_content (*section_name, line, 1);
else if (got_line && thepage.name && *section_name && !in_pause)
add_content (*section_name, line, 0);
@@ -1201,6 +1316,8 @@ top_parse_file (const char *fname, FILE *fp)
{
char *section_name = NULL; /* Name of the current section or NULL
if not in a section. */
+ macro_t m;
+
while (macrolist)
{
macro_t next = macrolist->next;
@@ -1208,6 +1325,10 @@ top_parse_file (const char *fname, FILE *fp)
free (macrolist);
macrolist = next;
}
+ for (m=predefinedmacrolist; m; m = m->next)
+ set_macro (m->name, xstrdup ("1"));
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
parse_file (fname, fp, &section_name, 0);
free (section_name);
@@ -1223,6 +1344,12 @@ main (int argc, char **argv)
opt_source = "GNU";
opt_release = "";
+ /* Define default macros. The trick is that these macros are not
+ defined when using the actual texinfo renderer. */
+ add_predefined_macro ("isman");
+ add_predefined_macro ("manverb");
+
+ /* Option parsing. */
if (argc)
{
argc--; argv++;
@@ -1327,8 +1454,7 @@ main (int argc, char **argv)
argc--; argv++;
if (argc)
{
- if (!strcmp (*argv, "gpgone"))
- gpgone_defined = 1;
+ add_predefined_macro (*argv);
argc--; argv++;
}
}