| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (BINDING_NEW): New enum value.
(BINDING_CONFLICT): Likewise.
(BINDING_EXPIRED): Likewise.
(BINDING_REVOKED): Likewise.
(ask_about_binding): Move cross sig check from here...
(get_trust): ... and the conflict set building from here...
(build_conflict_set): ... to this new function.
(format_conflict_msg_part1): Replace parameter conflict with
conflict_set. Drop parameter fingerprint. Update callers.
(ask_about_binding): Drop unused parameter conflict and redundant
parameter bindings_with_this_email_count. Rename parameter
bindings_with_this_email to conflict_set. Update callers.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
| |
* tests/openpgp/README: Update.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
| |
* tests/openpgp/Makefile.am (xcheck): Pass flags to 'run-tests.scm'.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/exechelp-posix.c (struct terminated_child): New definition.
(terminated_children): New variable.
(store_result): New function.
(get_result): Likewise.
(gnupg_wait_process): Store results that were not requested and
consider previously stored results.
waitpid(2) may return information about terminated children that we
did not yet request, and there is no portable way to wait for a
specific set of children. As a workaround, we store the results of
children for later use.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
| |
--
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.h: Include asshelp.h.
* dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields.
(data_line_write): Implement logging inhibit.
(data_line_cookie_close): Print non-logged D lines.
(cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines.
(dirmngr_assuan_log_monitor): New.
* dirmngr/dirmngr.c (main): Register monitor function.
--
In particular with large keys the D lines clutter the log output and
make it unusable.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (impex_filter_getval): Add properties for key packets.
* g10/export.c (export_drop_subkey): New var.
(cleanup_export_globals): Release that var.
(parse_and_set_export_filter): Add filter "drop-subkey".
(apply_drop_subkey_filter): New.
(do_export_stream): Run that filter.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/recsel.c (recsel_parse_expr): Add them.
(recsel_dump): Print them.
(recsel_select): Evaluate them.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/import.c (filter_getval): Rename to ...
(impex_filter_getval): this. Make global.
(apply_keep_uid_filter, apply_drop_sig_filter): Adjust.
* g10/export.c (filter_getval): Remove.
(apply_drop_sig_filter): Use impex_filter_getval.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (update_card_removed): Call apdu_close_reader here.
--
This is update of the commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3
It is better apdu_close_reader is called in update_card_removed.
The commit 1598a4476466822e7e9c757ac471089d3db4b545 introduced a
regression, it doesn't close the reader after removal of the card, while
the code before the commit call apdu_close_reader in do_reset.
So, this fix.
GnuPG-bug-id: 2449
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/call-dirmngr.c (wkd_get_policy_flags): New.
* tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New.
* tools/wks-util.c (wks_parse_policy): New.
* tools/gpg-wks-client.c (command_send): Get the policy flags to show
a new info line.
* tools/gpg-wks-server.c (get_policy_flags): New.
(process_new_key): get policy flag and add a stub for "auth-submit".
(command_list_domains): Check policy flags.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/server.c (cmd_wkd_get): Add new option.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* common/name-value.c: Check for read errors.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/command.c (update_reader_status_file): Call apdu_close_reader.
--
GnuPG-bug-id: 2651
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
(reset_ccid_reader): Don't set shutdown_reader.
* scd/ccid-driver.c (ccid_shutdown_reader): Remove.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/call-scd.c (start_scd): Supply --homedir option when it's not
default homedir.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
|
| |
|
|
|
|
|
| |
* g10/tofu.c (ask_about_binding): End the transaction earlier.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (cross_sigs): New function.
(ask_about_binding): If apparently conflicting keys are cross signed,
then don't mark them as conflicting.
--
Signed-off-by: Neal H. Walfield <[email protected]>
If two keys are cross signed, then the same person (probably)
controlled them both. In this case, don't raise a TOFU conflict.
This usually occurs when someone transitions to a new key. When that
person rotates to a third key, she will typically only cross sign it
with the second key. As such, we check this transitively to avoid
declaring a conflict between the 1st and 3rd key.
|
| |
|
|
|
|
|
| |
* g10/gpg.c (main): Do not register a key for the list config
commands.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/mainproc.c (check_sig_and_print): Use hexfingerprint and
write_status_printf.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/cpr.c (write_status_printf): New.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/sig-check.c (check_signature2): Replace arg PK by R_PK and
change the semantics. Also clear the other R_ args on function entry,
use gpg_error() and change retturn type to gpg_error_t.
* g10/mainproc.c (do_check_sig): Add arg R_PK.
(list_node): Pass NULL for new arg.
(check_sig_and_print): Rework to make use of the returned PK.
--
The output
gpg: textmode signature, digest algorithm SHA256, key algorithm rsa2048
showed the pubkey algo of the primary key which was surprising.
Changed to print the algo of the subkey used for verification.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
| |
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/tofu.c (ask_about_binding): Default to unknown.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
returned by the TOFU trust model.
(do_we_trust_pre): Print a different message if TRUSTLEVEL is
TRUST_NEVER.
(check_signatures_trust): Improve comment.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/tofu.c (show_statistics): Improve the text (key and user id, not
just key).
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/tofu.c (show_statistics): Remove unused parameter sig_exclude.
Update callers.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/mainproc.c (do_check_sig): Use the current digest algo.
--
Note that the digest context may have several algos enabled, which is
is case if keys with different hash preferences signed the data.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (begin_transaction): New parameter only_batch. If set,
only start a batch transaction if there is none and one has been
requested. Update callers.
(tofu_suspend_batch_transaction): New function.
(tofu_resume_batch_transaction): Likewise.
(ask_about_binding): Take a ctrl_t, not a tofu_dbs_t. Update
callers. Gather statistics within a transaction. Suspend any batch
transaction when getting user input.
(get_trust): Take a ctrl_t, not a tofu_dbs_t. Update callers.
Enclose in a transaction.
(tofu_get_validity): Use a batch transaction, not a normal
transaction.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests.
(module_tests): Move t-dns-test to ...
(module_net_tests): here.
--
Debian-bug-id: 836259
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* tools/gpg-wks-server.c (send_congratulation_message): New.
(check_and_publish): Call it.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* tools/gpg-wks-server.c: Allow S_IXOTH for the top directory.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (struct signature_stats): Add fields is_expired and
is_revoked.
(signature_stats_prepend): Clear *stats when allocating it.
(ask_about_binding): Also show whether the user ids are expired or
revoked.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
| |
* doc/help.txt (.gpg.tofu.conflict): New help text.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately
trusted keys.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/tofu.c: first_seen == 0 is not an error.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Fixes-commit: 0f1f02ac
Regression-due-to: 45bb9a2a
|
| |
|
|
|
|
|
|
| |
* g10/tofu.c (tofu_set_policy): Do the update in a transaction.
* g10/gpg.c (main): Do a TOFU policy update in a batch transaction.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/tofu.c (record_binding): Fix the show old policy functionality.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/tofu.c (begin_transaction): Remove unused option only_batch.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction
and batch_update_started from here...
* g10/tofu.c (struct tofu_dbs_s): ... to here.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to
GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG
to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and
SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB.
--
This commit completes the work started in b1ba460.
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT.
--
Debian-bug-id: 836144
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.h (tofu): Rename field batch_update_ref to
batch_updated_wanted.
* g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to
in_batch_transaction.
(begin_transaction): Only end an extant batch transaction if we are
not in a normal transaction. When ending a batch transaction, really
end it. Update ctrl->tofu.batch_update_started when starting a batch
transaction.
(end_transaction): Only release a batch transaction if ONLY_BATCH is
true. When releasing a batch transaction, assert that there is no
open normal transaction. Only allow DBS to be NULL if ONLY_BATCH is
true.
(tofu_begin_batch_update): Don't update
ctrl->tofu.batch_update_started.
(opendbs): Call end_transaction unconditionally.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
| |
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired)
user ids, change TOFU to return TRUST_NEVER.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (tofu_register): Take a list of user ids, not a single
user id. Only register the bindings, don't compute the trust. Thus,
change return type to an int and remove the may_ask parameter. Update
callers.
(tofu_get_validity): Take a list of user ids, not a single user id.
Update callers. Observe signatures made by expired user ids, but
don't include them in the trust calculation.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.h (struct server_control_s): New field in_transaction.
* g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and
savepoint_inner_commit.
(begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION. Name the
savepoint according to the nesting level.
(end_transaction): Name the savepoint according to the nesting level.
Decrement CTRL->TOFU.IN_TRANSACTION.
(rollback_transaction): Likewise. Only ever rollback a non-batch
transaction.
(opendbs): Assert that there are no outstanding transactions.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
