aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* dirmngr: Indicate that serial numbers are hexadecimal.Werner Koch2016-01-223-9/+16
| | | | | | | | | | * dirmngr/misc.c (hexify_data): Add arg with_prefix. Adjust all callers. * dirmngr/crlcache.c (cache_isvalid): Print "0x" in front of the S/N. -- GnuPG-bug-id: 1147 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Provide the keyserver pool name even if there is no CNAME.Werner Koch2016-01-221-2/+2
| | | | | | | | | | | * dirmngr/ks-engine-hkp.c (map_host): Fix setting of r_poolname. -- map_host is intended to return the name of the pool as an additional information. However this broke some time ago and a pool name was only retrained if the pool name was retrieved from a DNS CNAME. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Use sks-keyservers CA by default for the hkps pool.Daniel Kahn Gillmor2016-01-226-5/+36
| | | | | | | | | | | | | | | | | | * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. * dirmngr/http.c (http_session_new): Add optional arg intended_hostname and set a default cert. * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to http_session_new. -- Ship the certificate for the sks-keyservers hkps pool. If the user has specified that they want to use hkps://hkps.pool.sks-keyservers.net, and they have not specified any hkp-cacert explicitly, then initialize the trust path with this specific trust anchor. Co-authored-by: [email protected] Signed-off-by: Werner Koch <[email protected]>
* gpg: Rework gpg-conf.skelWerner Koch2016-01-221-55/+26
| | | | | | | | | | -- Some of the options are too rarley used to deserve an entry in the skeleton config file. Some are even the default for many years. Added auto-key-locate because that is a very useful option. Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow new user ids with only the mail address.Werner Koch2016-01-221-6/+18
| | | | | | | | | | | * g10/keygen.c (ask_user_id): Allow empty name. -- The --quick-gen-key command allows this and further some mail providers require that a key has only the mail address to allow for anonymous accounts. Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve header text of the auto-created revocations.Werner Koch2016-01-213-12/+26
| | | | | | | | | * g10/revoke.c (gen_standard_revoke): Improve header text for the file. Add info output. -- GnuPG-bug-id: 1724 Signed-off-by: Werner Koch <[email protected]>
* gpg: Make --auto-key-retrieve work with dirmngr configured server.Werner Koch2016-01-218-29/+56
| | | | | | | | | | | | | | | | | | | | | | | * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional. * g10/keyserver.c (keyserver_any_configured): New. (keyserver_put): Remove arg keyserver because this will always receive opt.keyserver which is anyway used when connecting dirmngr. Do not check opt.keyserver. (keyserver_import_cert): Replace opt.keyserver by keyserver_any_configured. * g10/mainproc.c (check_sig_and_print): Ditto. * g10/import.c (revocation_present): Ditto. * g10/getkey.c (get_pubkey_byname): Ditto. * g10/gpgv.c (keyserver_any_configured): Add stub. * g10/test-stubs.c (keyserver_any_configured): Add stub. -- The keyserver should be configured in dirmngr.conf and thus we can't use opt.keyserver in gpg to decide whether a keyserver has been configured. GnuPG-bug-id: 2147 Signed-off-by: Werner Koch <[email protected]>
* gpg: Silence message about ignoring revoked user ids.Werner Koch2016-01-201-10/+14
| | | | | | | | | | * g10/trustdb.c (tdb_get_validity_core): Print message only in debug mode. -- This makes only sense for debugging. Signed-off-by: Werner Koch <[email protected]>
* agent: New option --pinentry-timeoutWerner Koch2016-01-205-0/+34
| | | | | | | | | | | | | * agent/gpg-agent.c (oPinentryTimeout): New. (opts): Add new option. (parse_rereadable_options): PArse that option. (main): Tell gpgconf about this option. * agent/call-pinentry.c (start_pinentry): Send option to Pinentry. * tools/gpgconf-comp.c (gc_options_gpg_agent): Add Option. -- GnuPG-bug-id: 2222 Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fix.Werner Koch2016-01-201-1/+1
| | | | --
* po: Update German translationWerner Koch2016-01-191-170/+582
| | | | | | -- These are mainly new strings for the TOFU module,
* gpg: Streamline use of error messages in tofu.cWerner Koch2016-01-191-123/+134
| | | | | | | | * g10/tofu.c: Make use of print_further_info to reduce the number of different error messages to be translated. Also streamline some messages. Signed-off-by: Werner Koch <[email protected]>
* common: Add substitute code for libgpg-error < 1.22.Werner Koch2016-01-191-2/+4
| | | | * common/util.h (GPG_ERR_DB_CORRUPTED): New.
* gpg: Add function print_further_info.Werner Koch2016-01-192-0/+22
| | | | | | * g10/misc.c (print_further_info): New. Signed-off-by: Werner Koch <[email protected]>
* g10: Improve strings printed by tofu.c.Werner Koch2016-01-182-128/+133
| | | | | | | | | | | | | | | | | | | * g10/tofu.c: Include ttyio.h. Change many strings to help translating. Make use of ngettext wehere needed. (CONTROL_L): New. (TIME_AGO_UNIT_SMALL_NAME): Remove this and all similar *_NAME macros. (time_ago_unit): Remove. (get_trust): Use tty_prints and cpr_get only for the actual prompt. Add Ctrl-L hack. (show_statistics): Use two English strings for singular and plural. * po/POTFILES.in: Add tofu.c. -- These changes are required for proper translation. More to changes may be needed, though. Signed-off-by: Werner Koch <[email protected]>
* gpg: Minor string changes.Werner Koch2016-01-183-4/+4
| | | | --
* gpg: Use "days" in "...newer than..." diagnostics.Werner Koch2016-01-181-10/+35
| | | | | | | | | | | * g10/sig-check.c (check_signature_metadata_validity): Use days if useful. -- Using days instead of a high number of seconds is for the majority of users a better measurement. Signed-off-by: Werner Koch <[email protected]>
* Use ngettext for some strings.Werner Koch2016-01-188-77/+98
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for some diagnostics. (do_genkey): Ditto. * g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto. * g10/keylist.c (print_signature_stats): Ditto. * g10/keyserver.c (keyserver_refresh): Ditto. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/sign.c (do_sign): Ditto. * g10/trustdb.c (reset_trust_records): Ditto. (validate_keys): Use a table like diagnostic output. -- Suggested-by: Ineiev <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* doc: Fix description of --s2k-* options to match gpg 2.1.Werner Koch2016-01-181-45/+18
| | | | | | -- GnuPG-bug-id: 2220
* kbx,w32: Use shorter retry intervals for keybox_file_rename.Werner Koch2016-01-151-9/+4
| | | | | | | | | | | | | | | * kbx/keybox-util.c (keybox_file_rename): Restart retry intervals after 800ms. -- The common use case is that the process waiting for a rename does an import while another process does a key listing with only short lock periods. Thus it does not make sense to set the final backoff time to 8s. It would actually be okay to retry every 100ms but that would spill the console with "waiting..." messages. This change prints the waiting message only every 1.5s. Signed-off-by: Werner Koch <[email protected]>
* w32: Fix deadlock introduced by keybox_file_rename.Werner Koch2016-01-142-18/+47
| | | | | | | | | * g10/keyring.c (keyring_lock) [W32]: Flush the close cache before locking. * kbx/keybox-init.c (keybox_lock) [W32]: Close the file before locking. Signed-off-by: Werner Koch <[email protected]>
* gpg: Detect race between pubring.gpg and pubring.kbx use.Werner Koch2016-01-141-0/+32
| | | | | | * g10/keydb.c (maybe_create_keyring_or_box): Detect race condition. Signed-off-by: Werner Koch <[email protected]>
* kbx: New function keybox_file_rename to replace rename.Werner Koch2016-01-144-30/+76
| | | | | | | | | | * kbx/keybox-util.c: Include windows.h. (keybox_file_rename): New. * kbx/keybox-update.c (rename_tmp_file): Replace remove+rename by keybox_file_rename. * g10/keyring.c (rename_tmp_file): Ditto. Signed-off-by: Werner Koch <[email protected]>
* kbx: Add function keybox_tmp_names to avoid code duplication.Werner Koch2016-01-144-130/+114
| | | | | | | | | | * kbx/keybox-update.c (create_tmp_file): Move some code to... * kbx/keybox-util.c (keybox_tmp_names): new. * g10/keyring.c: Include keybox.h. (create_tmp_file): Replace parts by keybox_tmp_names. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Make --list-options show-usage the default.Werner Koch2016-01-142-5/+4
| | | | | | | | | | * g10/gpg.c (main): Add LIST_SHOW_USAGE. -- The usage flags are often useful and they don't take away much space in a key listing. Thus it is better to have them enabled by default. Signed-off-by: Werner Koch <[email protected]>
* doc: Update whats-new-in-2.1 from gnupg-doc.Werner Koch2016-01-141-39/+80
| | | | --
* kbx: Change return type of search functions to gpg_error_t.Werner Koch2016-01-134-15/+18
| | | | | | | | | * kbx/keybox-search.c (keybox_search_reset): Change return type to gpg_error_t. (keybox_search): Ditto. Also handle GPG_ERR_EOF. * sm/keydb.c (keydb_search_reset): Ditto. Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve error code from lock_all.Werner Koch2016-01-131-1/+1
| | | | | | * g10/keydb.c (lock_all): Do not clobber RC during failur cleanup. Signed-off-by: Werner Koch <[email protected]>
* kbx: Improve and fix keybox_lock.Werner Koch2016-01-131-15/+13
| | | | | | | * kbx/keybox-init.c (keybox_lock): Make sure ERR is initialized. Get error codes from dotlock functions. Signed-off-by: Werner Koch <[email protected]>
* common: Make sure dotlock functions set a proper ERRNO.Werner Koch2016-01-131-17/+87
| | | | | | | | | | | | | * common/dotlock.c (map_w32_to_errno): New. (read_lockfile): Return a proper ERRNO. (dotlock_create_unix): Do not let log functions clobber ERRNO. (dotlock_take_unix): Ditto. (dotlock_release_unix): Ditto. (dotlock_create_w32): Set proper ERRNO. (dotlock_take_w32): Ditto. (dotlock_release_w32): Ditto. Signed-off-by: Werner Koch <[email protected]>
* kbx: Implement keybox_lock for use by gpg.Werner Koch2016-01-133-15/+55
| | | | | | | | | | | | | | * kbx/keybox-defs.h: Include dotlock.h and logging.h. (CONST_KB_NAME): Remove. Replace usage by KB_NAME. (struct keybox_name): Add field "lockhd". * kbx/keybox-init.c (keybox_register_file): Init LOCKHD. (keybox_lock): Chnage to return gpg_error_t. Implement locking. -- The keybox locking for gpg was not implemented - This needs to be fixed of course. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make sure to mark a duplicate registered keybox as primary.Werner Koch2016-01-135-54/+68
| | | | | | | | | | | | | | | | | | | | | | | | * kbx/keybox-init.c (keybox_register_file): Change interface to return the token even if the file has already been registered. * g10/keydb.c (primary_keyring): Rename to primary_keydb. (maybe_create_keyring_or_box): Change return type to gpg_error_t. (keydb_add_resource): Ditto. s/rc/err/. (keydb_add_resource): Mark an already registered as primary. * sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t. (keydb_add_resource): Ditto. s/rc/err/. (keydb_add_resource): Adjust for changed keybox_register_file. -- This change aligns the registering of keyboxes with those of keyrings. This fixes a potential bug: gpg --keyring foo.kbx --keyring bar.gpg --keyring foo.kbx would have marked bar.gpg as primary resource and thus inserting new keys there. The correct and now fixed behavior is to insert to foo.kbx. Signed-off-by: Werner Koch <[email protected]>
* Fix to support git worktree.NIIBE Yutaka2016-01-133-3/+3
| | | | | | | * autogen.sh, Makefile.am, doc/Makefile.am: Use -e for testing .git. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* ssh: Accept OpenSSH *cert-v01 key variants.Werner Koch2016-01-121-38/+136
| | | | | | | | | | | | | | | | | | | | | * agent/command-ssh.c (SPEC_FLAG_WITH_CERT): New. (ssh_key_types): Add OpenSSH cert types. (stream_read_string): Allow a dummy read. (ssh_receive_mpint_list): Pass SPEC by reference. (ssh_receive_mpint_list): New arg CERT and use it. (ssh_receive_key): Read certificate into an estream object and modify parser to make use of that object. -- This is a first step to support certificate via the agent. The only effect of this change is the removal of an error message parsing the certificate. Note that ssh-add sends the private key anyway first and only then follows with the certificate+private key. What we need to implement next is a way to store the certificate in the agent and return it on request. Signed-off-by: Werner Koch <[email protected]>
* gpg: Re-indent check_key_signature2.Werner Koch2016-01-121-284/+309
| | | | | | | | | | | | | | | | | | | | | | | | | | | | -- I am considering some changes and thus better start off by switching to standard GNU indentation. This patch also changes comment lines like if (foo) /* Comment on foo. */ { to if (foo) { /* Comment on foo. */ or if (foo) /* Comment on foo. */ { to make the brace of the opening block stand out immediately. Further stars on the left are added to longer comments because that makes the code easier to read by disabled hackers, when reading without font locking, and for reading black-white printouts.
* common: Fix iobuf API of filter function for alignment.NIIBE Yutaka2016-01-121-2/+1
| | | | | | | | * common/iobuf.h: Fix comment. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix iobuf API of filter function for alignment.NIIBE Yutaka2016-01-1212-36/+49
| | | | | | | | | | | | | | | | | | | | | * common/iobuf.h (IOBUFCTRL_DESC): Change the call semantics. * common/iobuf.c (iobuf_desc): Add the second argument DESC. (print_chain, iobuf_close, do_open, iobuf_sockopen, iobuf_ioctl) (iobuf_push_filter2, pop_filter, iobuf_write_temp): Change calls of iobuf_desc. (file_filter, file_es_filter, sock_filter, block_filter): Fill the description. * common/t-iobuf.c (every_other_filter, double_filter): Likewise. * g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c, g10/decrypt-data.c, g10/encrypt.c, g10/mdfilter.c, g10/progress.c, g10/textfilter.c: Likewise. -- Newer GCC warns against possible alignment difference of pointers. This change can silence those warnings. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Move documentation from keydb.h to keydb.c and getkey.c.Werner Koch2016-01-113-499/+531
| | | | | | | | | | | -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix NULL de-ref for ambiguous key check in --export-ssh-keys.Werner Koch2016-01-112-1/+10
| | | | | | | | | | | * g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL. -- This change adds the expected behavior for the getkey_next function to fix this NULL de-ref. GnuPG-bug-id: 2212 Signed-off-by: Werner Koch <[email protected]>
* tools: Remove gpgkey2ssh.Werner Koch2016-01-096-423/+18
| | | | | | | | | | * tools/gpgkey2ssh.c: Remove. * tools/Makefile.am (bin_PROGRAMS): Ditto. -- Also remove it form the docs. Signed-off-by: Werner Koch <[email protected]>
* gpg: Support ECDSA keys with --export-ssh-key.Werner Koch2016-01-081-0/+6
| | | | | | * g10/export.c (key_to_sshblob): Add hack for ECDSA. Signed-off-by: Werner Koch <[email protected]>
* gpg: New command --export-ssh-keyWerner Koch2016-01-083-2/+312
| | | | | | | | | | | | | | | | | | * g10/export.c: Include membuf.h and host2net.h. (key_to_sshblob): New. (export_ssh_key): New. * g10/gpg.c (aExportSshKey): New. (opts): Add command. (main): Implement that command. -- GnuPG-bug-id: 2212 I have done only a few tests rights now and the ECDSA curves do not yet work. However ssh-keygen -l accept RSA and ed25519 keys exported using this command. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add an exact search flag to the PK struct.Werner Koch2016-01-082-4/+7
| | | | | | | | | * g10/getkey.c (merge_selfsigs_subkey): Clear exact flag. (finish_lookup): Set exact flag. * g10/packet.h (PKT_public_key): Add field flags.exact. -- Signed-off-by: Werner Koch <[email protected]>
* Print warnings if old daemon versions are used.Werner Koch2016-01-086-7/+164
| | | | | | | | | | | | | | | | | | | | | | * common/status.h (STATUS_WARNING): New. * g10/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. * g10/call-dirmngr.c: Include status.h. (warn_version_mismatch): New. (create_context): Call warn function. * sm/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. (gpgsm_agent_learn): Call warn function. * sm/call-dirmngr.c (warn_version_mismatch): New. (prepare_dirmngr): Call warn function. -- We have seen too often bug reports which are due to still running old versions of the daemons. To catch this problematic use we now print warning messages and also provide the warning via the status interface. Signed-off-by: Werner Koch <[email protected]>
* common: New function compare_version_strings.Werner Koch2016-01-083-1/+150
| | | | | | | | | | | | | | | * common/stringhelp.c (parse_version_number): New. (parse_version_string): New. (compare_version_strings): New. * common/t-stringhelp.c (test_compare_version_strings): New. (main): Call test. Return ERRCOUNT instead of 0. -- The code for that function is based on code from libgcrypt. Similar code is in all GnuPG related libraries this function is a candidates for inclusion in libgpg-error. Signed-off-by: Werner Koch <[email protected]>
* common: New function get_assuan_server_version.Werner Koch2016-01-083-17/+43
| | | | | | | | | * common/asshelp.c: Include membuf.h. (get_assuan_server_version): New. * g10/call-agent.c (agent_get_version): Use new function. -- Signed-off-by: Werner Koch <[email protected]>
* common: New put_membuf_cb to replace static membuf_data_cb.Werner Koch2016-01-086-73/+41
| | | | | | | | | | | | * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Return an error code from keygrip_from_pk.Werner Koch2016-01-071-1/+1
| | | | | | | | | | * g10/keyid.c (keygrip_from_pk): Return an error code. -- The error was show but the function did not return it. This change should improve error messages for unknown algorithms. Signed-off-by: Werner Koch <[email protected]>
* gpg: Avoid warnings about possible NULL deref.Werner Koch2016-01-074-3/+8
| | | | | | | | | | | | | * g10/getkey.c (cache_public_key): Protect deref of CE which actually can't happen. * g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/. * g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for DB. * g10/trustdb.c (update_min_ownertrust): Remove useless clearling of ERR. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix warnings about useless assignments.Werner Koch2016-01-0710-30/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | * g10/armor.c (parse_hash_header): Remove duplicate var assignment. * g10/getkey.c (cache_user_id): Ditto. * g10/keygen.c (ask_curve): Ditto. This also fixes a small memory leak. * g10/keygen.c (proc_parameter_file): Remove useless assignment or pointer increment. (generate_keypair): Ditto. * g10/getkey.c (finish_lookup, lookup): Ditto. * g10/card-util.c (change_pin): Ditto. * g10/gpg.c (main) <aVerify>: Ditto. * g10/import.c (import): Ditto. (print_import_check): Ditto * g10/keyring.c (do_copy): Ditto. * g10/tdbio.c (tdbio_read_record): Ditto. * g10/trustdb.c (tdb_update_ownertrust): Ditto. (update_validity): Ditto. * g10/server.c (cmd_passwd): Remove useless call to skip_options. -- Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 19:27:53 +0000