| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf.h (gc_component_t): Change type to ...
(gc_component_id_t): this.
(GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
directly.
* tools/gpgconf-comp.c: Major rework.
--
The primary reason for this rework is to support the global options.
A second reason is to clean up the code and simplify it so that we do
not anymore need to maintain a list of options in the components _and_
in gpgconf-comp.c.
What we do now is to
1. Read the option tables directly from the components using
the new generic --dump-option-table option. This includes
the header (group) descriptions.
2. Read the default values from the components as before using
--gpgconf-list and update gpgconf's internal tables with
that info.
3. Read the options using gpgrt_argparser in the same way as we do
this in the components.
The changes also do away with the second level notion of backends;
they were only used for dirmngr's extra dirmngr_ldapservers.conf file.
We intend to remove that file and replace it with a regular option so
that it will be similar on how OpenPGP keyservers are specified.
The whole thing will currently be slower than before (in particular on
Windows) but we can optimize that by keeping a cached version of the
option tables and the default values in a per homedir cache file.
There is also some work planned to remove most of the data returned by
--gpgconf-list. What can also be done is to replace the internal
tables, which list the gpgconf maintainable options, by a configuration
file so that admins are able to maintain the list of these options.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <[email protected]>
This is a backport from master (2.3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c: Remove all regular option descriptions. They
are now read in from the component. Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--
This second part removes all regular option descriptions because they
can be read from the components. A few were missing in the components
and thus moved to there.
Signed-off-by: Werner Koch <[email protected]>
This is a backport from master (2.3).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf.c (main): Set the config directories.
* tools/gpgconf-comp.c (gc_backend): Change the name of the config
files.
(struct gc_option): Add new field 'attr'.
(retrieve_options_from_program): Rewrite to use gpgrt_argparser.
--
We need to do larger changes to gpgconf so that it is possible to get
also global config options and their attributes. The old code worked
along its own list of option and used a generic option file parser.
This has no support for global config files. We now use
gnupgt_argparser so that we to do exactly the same as the component
does and thus delivers the actual option values as seen by the
component.
This is just a first step and we need to change more things.
Signed-off-by: Werner Koch <[email protected]>
This is a backport from master (2.3).
|
| |
|
|
|
|
|
|
|
| |
* common/miscellaneous.c (gnupg_reallocarray): New.
(xreallocarray): New.
--
Taken from libgpg-error so that we can build with older versions of
libgpg-error.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/w32-reg.c (get_root_key): Add short version of the root
classes.
--
The code here is only used by gpgconf's new --show-configs command.
Usually on Windows the code from gpgrt is used for reading the
registry. This one here is an exception and when backporting it I
missed to add the HKCU etc al string.
Fixes-commit: 6c6c404883e52545ed38293384c95fdacb7227c4
GnuPG-bug-id: 5724
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/parse-packet.c (sos_read): Backport from 2.3.
(parse_key): Use sos_read for Ed25519 private key.
--
Note that we keep the code of sos_read as same as 2.3. Even it is
set, the GCRYMPI_FLAG_USER2 flag is not used.
GnuPG-bug-id: 5120
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oForbidGenKey, opts): New option.
(mopt): New local struct
(gen_key_forbidden): New.
(main): Set and handle the option.
--
In large system installation it is sometimes useful to make it a bit
harder for users to generate their own keys. An example is a policy
to not use on-disk keys.
|
| |
|
|
|
|
| |
* tools/gpgconf.c (list_dirs): Add arg special.
(show_other_registry_entries): Print the Homedir.
(show_configs): List directories.
|
| |
|
|
|
|
| |
* tools/gpgconf.c (show_other_registry_entries): New.
(show_configs): Call it. Minor reformatting.
--
|
| |
|
|
|
|
|
|
|
| |
* tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain
things.
(show_configs_one_file): New arg LISTP to be passed thru.
(show_configs): Show envars and regisiry values.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* common/w32-reg.c (read_w32_reg_string): New.
* common/t-w32-reg.c (test_read_registry): Add another test.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
|
| |
|
|
|
|
|
|
| |
--
For whatever reason (maybe because it is shorter) we used the term
"PIN" instead of "Passphrase" or "Passwort". That is confusing
because there is no cache for smartcard PINs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/keylist.c (list_cert_chain): Break loop for a too long chain.
--
This avoids endless loops in case of circular chain definitions. We
use such a limit at other palces as well. Example for such a chain is
# ------------------------ >8 ------------------------
ID: 0xBE231B05
S/N: 51260A931CE27F9CC3A55F79E072AE82
(dec): 107864989418777835411218143713715990146
Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53
sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05
md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6
pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678
certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82
keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9
notBefore: 2005-06-07 08:09:10
notAfter: 2019-06-24 19:06:30
hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
keyType: rsa2048
subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A
authKeyId: [none]
authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
[...]
Certified by
ID: 0xCE2E4C63
S/N: 46EAF096054CC5E3FA65EA6E9F42C664
(dec): 94265836834010752231943569188608722532
Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73
sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63
md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27
pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840
certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664
keygrip: 10678FB5A458D99B7692851E49849F507688B847
notBefore: 2005-06-07 08:09:10
notAfter: 2020-05-30 10:48:38
hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
keyType: rsa2048
subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
authKeyId: [none]
authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A
keyUsage: certSign crlSign
[...]
Which has a circular dependency on subKeyId/authkeyId.ki.
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.
--
GnuPG-bug-id: 5682
Co-authored-by: Klas Lindfors
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS.
* kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add
NPTH_CFLAGS.
* tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS,
gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS.
--
The tools include gcrypt.h via common/util.h.
GnuPG-bug-id: 5592
|
| |
|
|
|
|
|
|
| |
* agent/gpg-agent.c (main): Move detection up.
--
The problem is that PARGS is re-used and when detecting a possible
incorrect use, the flag that "--" has already been seen has gone.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--
The last key is new. As usual the key is on a dedicated card with the
Admin PIN accessible to a few core hackers.
# ------------------------ >8 ------------------------
pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15]
5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key)
uid Andre Heinecke (Release Signing Key)
sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key)
sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <[email protected]>
pub ed25519 2020-08-24 [SC] [expires: 2030-06-30]
6DAA6E64A76D2840571B4902528897B826403ADA
uid Werner Koch (dist signing 2020)
sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020)
sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig)
sig 63113AE866587D0A 2020-08-24 [email protected]
sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing)
sig F2AD85AC1E42B367 2020-08-24 Werner Koch <[email protected]>
pub ed25519 2021-05-19 [SC] [expires: 2027-04-04]
AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
uid Niibe Yutaka (GnuPG Release Key)
sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key)
sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <[email protected]>
sig E267B052364F028D 2021-09-14 NIIBE Yutaka <[email protected]>
pub brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31]
02F38DFF731FF97CB039A1DA549E695E905BA208
uid GnuPG.com (Release Signing Key 2021)
sig 3 549E695E905BA208 2021-10-15 GnuPG.com (Release Signing Key 2021)
sig 528897B826403ADA 2021-10-15 Werner Koch (dist signing 2020)
sig E3FDFF218E45B72B 2021-10-15 Werner Koch (wheatstone commit signing)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tdbdump.c (export_ownertrust): Skip records marked with the
option --trusted-key.
(import_ownertrust): Clear the trusted-key flag.
* g10/tdbio.h (struct trust_record): Add field flags.
* g10/tdbio.c (tdbio_dump_record): Improve output.
(tdbio_read_record, tdbio_write_record): Handle flags.
* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
the flag for new --trusted-keys.
(tdb_update_ownertrust): Add arg as_trusted_key. Update callers.
--
GnuPG-bug-id: 5685
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf.c (aShowConfigs): New.
(opts): Add --show-configs.
(CUTLINE_FMT): New.
(show_version_gnupg): Add arg "prefix" and adjust caller.
(my_copy_file): New.
(show_configs_one_file): New.New.
(show_configs): New.
(main): Call show_configs.
--
The ability to have a consolidated list of all config files is very
useful for support cases. This is in particular important due to the
global config files and their conditional constructs.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.
(create_server_socket): Implement option.
* dirmngr/dirmngr.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option. Add comment to eventually implement it.
--
Note that --steal-socket has currently no effect on dirmngr because
dirmngr does this anway.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (select_a_reader): Only SPRx32 is in the white list.
--
GnuPG-bug-id: 5644
Fixes-commit: 752422a792cecf459b37f517d634bcf272292b14
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
|
| | |
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS.
--
GnuPG-bug-id: 5671
|
| |
|
|
|
|
|
|
|
| |
* common/homedir.c (unix_rootdir): Silence diagnostic in the common
case.
(MYPROC_SELF_EXE): Support NetBSD.
--
GnuPG-bug-id: 5656
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
(i18n_localegettext): Ditto.
* tools/gpgconf-comp.c (my_dgettext): Ditto.
--
On Unix, gnupg_localedir() returns the locale directory relative to
the root directory of the gnupg installation if specified in the
gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR.
GnuPG-bug-id: 5999
|
| |
|
|
|
|
|
|
|
|
| |
* common/homedir.c (MYPROC_SELF_EXE): New.
(unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as
fallback.
--
In addition this adds a fallback method for AIX etc which do not have
an easy way to get the info.
|
| |
|
|
|
|
|
|
|
|
| |
* common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
(gnupg_sysconfdir): Return it.
--
Our regression test suite has the problem that we can't disable the
use of the global config files or test them using the regualr
binaries. This new keyword will allow us to overcome the problem.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (unix_rootdir): New.
(gnupg_bindir): Use it.
(gnupg_libexecdir): Use it.
(gnupg_libdir): Use it.
(gnupg_datadir): Use it.
(gnupg_localedir): Use it.
--
This feature is useful for building and using an AppImage version of
gnupg and probably also for some other use cases.
GnuPG-bug-id: 5999
Here is a sample gpgconf.ctl file
--8<---------------cut here---------------start------------->8---
# gpgconf.ctl
#
# This file is used to change the directories where the gpg components
# are installed. It does not change the configuration directories.
# The file is expected in the same directory as gpgconf. The physical
# installation directories are evaluated and no symlinks. Blank lines
# and lines starting with pound signed are ignored. No errors are
# printed for unknown keywords or commands. The only defined key for
# now is "rootdir" which must be followed by one optional space, an
# equal sign, and the value for the root directory. Environment
# variables are substituted in standard shell manner, the final value
# must start with a slash, trailing slashed are stripped.
rootdir = $APPDIR/gnupg
--8<---------------cut here---------------end--------------->8---
|
| |
|
|
|
|
|
|
|
|
| |
* common/stringhelp.c (substitute_envvars): New. Based on code in
gpg-connect-agent.
* common/t-stringhelp.c: Include sysutils.h.
(test_substitute_envvars): New.
--
GnuPG-bug-id: 5599
|
| |
|
|
|
| |
* common/init.c (_init_common_subsystems): Silence message.
--
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which
begins with '.'.
--
GnuPG-bug-id: 5657
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/keylist.c (show_notation): Print binary notation from BDAT.
--
GnuPG-bug-id: 5667
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (munge_config_filename): New.
(change_options_program): Call it.
--
In case a system-wide config exists but no local file, the component
returns the name of the system-wide config file and gpgconf tried to
update this file. This fixes this by detecting the presense of a
system-wide config file.
This applies only to 2.2; the configuration system in 2.3 has been
heavily changed to better handle system-wide configuration files.
GnuPG-bug-id: 5650
|
| |
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (select_a_reader): New.
(open_pcsc_reader): Use select_a_reader.
--
GnuPG-bug-id: 5644
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oOverrideComplianceCheck): New.
(opts): Add new option.
(main): Set option and add check for batch mode.
* g10/options.h (opt): Add flags.override_compliance_check.
* g10/sig-check.c (check_signature2): Factor complaince checking out
to ...
(check_key_verify_compliance): new. Turn error into a warning in
override mode.
--
There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode. This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.
GnuPG-bug-id: 5655
Backported-from-master: fb26e144adfd93051501d58f5d0d4f8826ddf436
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* g10/free-packet.c (free_packet): Add the case for case
PKT_ENCRYPTED_AEAD.
--
GnuPG-bug-id: 5584
Signed-off-by: NIIBE Yutaka <[email protected]>
(bug id fixed in this backport)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.
--
This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
GnuPG-bug-id: 5639
Backported-from-master: 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d
|
