aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Copy the correct digest for use by TOFU.Werner Koch2016-09-011-1/+1
| | | | | | | | | | * g10/mainproc.c (do_check_sig): Use the current digest algo. -- Note that the digest context may have several algos enabled, which is is case if keys with different hash preferences signed the data. Signed-off-by: Werner Koch <[email protected]>
* g10: Be careful to not be in a transaction during long operationsNeal H. Walfield2016-09-011-18/+75
| | | | | | | | | | | | | | | | | | * g10/tofu.c (begin_transaction): New parameter only_batch. If set, only start a batch transaction if there is none and one has been requested. Update callers. (tofu_suspend_batch_transaction): New function. (tofu_resume_batch_transaction): Likewise. (ask_about_binding): Take a ctrl_t, not a tofu_dbs_t. Update callers. Gather statistics within a transaction. Suspend any batch transaction when getting user input. (get_trust): Take a ctrl_t, not a tofu_dbs_t. Update callers. Enclose in a transaction. (tofu_get_validity): Use a batch transaction, not a normal transaction. -- Signed-off-by: Neal H. Walfield <[email protected]>
* tests: Run test requiring the network only in maintainer-mode.Werner Koch2016-09-011-3/+11
| | | | | | | | | | * dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests. (module_tests): Move t-dns-test to ... (module_net_tests): here. -- Debian-bug-id: 836259 Signed-off-by: Werner Koch <[email protected]>
* wks: Send a final message to the user.Werner Koch2016-08-311-2/+119
| | | | | | | * tools/gpg-wks-server.c (send_congratulation_message): New. (check_and_publish): Call it. Signed-off-by: Werner Koch <[email protected]>
* wks: Relax permission check for the top directory.Werner Koch2016-08-311-3/+3
| | | | | | * tools/gpg-wks-server.c: Allow S_IXOTH for the top directory. Signed-off-by: Werner Koch <[email protected]>
* g10: On a TOFU conflict, show whether the uids are expired or revokedNeal H. Walfield2016-08-311-1/+106
| | | | | | | | | | | * g10/tofu.c (struct signature_stats): Add fields is_expired and is_revoked. (signature_stats_prepend): Clear *stats when allocating it. (ask_about_binding): Also show whether the user ids are expired or revoked. -- Signed-off-by: Neal H. Walfield <[email protected]>
* doc: Add a help text for tofu.conflict.Neal H. Walfield2016-08-311-2/+13
| | | | | | | * doc/help.txt (.gpg.tofu.conflict): New help text. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Always trust ultimately trusted keys.Neal H. Walfield2016-08-311-21/+21
| | | | | | | | * g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately trusted keys. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Fix error detection.Neal H. Walfield2016-08-311-1/+1
| | | | | | | | | | * g10/tofu.c: first_seen == 0 is not an error. -- Signed-off-by: Neal H. Walfield <[email protected]> Fixes-commit: 0f1f02ac Regression-due-to: 45bb9a2a
* g10: Update a key's TOFU policy in a transaction.Neal H. Walfield2016-08-312-1/+8
| | | | | | | | * g10/tofu.c (tofu_set_policy): Do the update in a transaction. * g10/gpg.c (main): Do a TOFU policy update in a batch transaction. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Fix the show old policy functionality when changing a TOFU policy.Neal H. Walfield2016-08-311-23/+24
| | | | | | | * g10/tofu.c (record_binding): Fix the show old policy functionality. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Drop unused argument.Neal H. Walfield2016-08-311-6/+3
| | | | | | | * g10/tofu.c (begin_transaction): Remove unused option only_batch. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Move state local to tofu.c to a private structure.Neal H. Walfield2016-08-312-19/+19
| | | | | | | | | * g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction and batch_update_started from here... * g10/tofu.c (struct tofu_dbs_s): ... to here. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Avoid name spaces clash with future sqlite versions (2).Neal H. Walfield2016-08-313-36/+36
| | | | | | | | | | | | * g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB. -- This commit completes the work started in b1ba460. Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Fix regression in gpgv's printing of the keyid.Werner Koch2016-08-311-0/+2
| | | | | | | | * g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT. -- Debian-bug-id: 836144 Signed-off-by: Werner Koch <[email protected]>
* g10: Improve TOFU batch update code.Neal H. Walfield2016-08-302-46/+64
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.h (tofu): Rename field batch_update_ref to batch_updated_wanted. * g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to in_batch_transaction. (begin_transaction): Only end an extant batch transaction if we are not in a normal transaction. When ending a batch transaction, really end it. Update ctrl->tofu.batch_update_started when starting a batch transaction. (end_transaction): Only release a batch transaction if ONLY_BATCH is true. When releasing a batch transaction, assert that there is no open normal transaction. Only allow DBS to be NULL if ONLY_BATCH is true. (tofu_begin_batch_update): Don't update ctrl->tofu.batch_update_started. (opendbs): Call end_transaction unconditionally. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Improve TOFU debugging output and some comments.Neal H. Walfield2016-08-301-21/+23
| | | | | -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.Neal H. Walfield2016-08-301-1/+16
| | | | | | | | * g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired) user ids, change TOFU to return TRUST_NEVER. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Change tofu_register & tofu_get_validity to process multiple uids.Neal H. Walfield2016-08-303-197/+238
| | | | | | | | | | | | | * g10/tofu.c (tofu_register): Take a list of user ids, not a single user id. Only register the bindings, don't compute the trust. Thus, change return type to an int and remove the may_ask parameter. Update callers. (tofu_get_validity): Take a list of user ids, not a single user id. Update callers. Observe signatures made by expired user ids, but don't include them in the trust calculation. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Support nested transactions on the TOFU DB.Neal H. Walfield2016-08-302-20/+22
| | | | | | | | | | | | | | | | * g10/gpg.h (struct server_control_s): New field in_transaction. * g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and savepoint_inner_commit. (begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION. Name the savepoint according to the nesting level. (end_transaction): Name the savepoint according to the nesting level. Decrement CTRL->TOFU.IN_TRANSACTION. (rollback_transaction): Likewise. Only ever rollback a non-batch transaction. (opendbs): Assert that there are no outstanding transactions. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Print the info text in more situations.Neal H. Walfield2016-08-301-1/+2
| | | | | | | | * g10/tofu.c (ask_about_binding): Print the info text when the policy is ask and there are multiple bindings with the email address. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Print the formatted text.Neal H. Walfield2016-08-301-1/+1
| | | | | | | | * g10/tofu.c (ask_about_binding): Print the formatted text, not the unformatted text. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: When showing a user id's trust, pass the current signature.Neal H. Walfield2016-08-301-1/+1
| | | | | | | | * g10/mainproc.c (check_sig_and_print): Consistently pass SIG to get_validity. -- Signed-off-by: Neal H. Walfield <[email protected]>
* w32: Fix build regression due to 2aa0701.Werner Koch2016-08-291-1/+1
| | | | | | | | * common/logging.c (fun_writer): Always declare 'name_for_err'. -- Regression-due-to: 2aa0701013f703ad93e17da3345c493c08aa04ee Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Print the plain socket directory with --list-dirs.Werner Koch2016-08-291-0/+1
| | | | | | * tools/gpgconf.c (list_dirs): Add plain socketdir out. Signed-off-by: Werner Koch <[email protected]>
* common: Add a default socket name feature.Werner Koch2016-08-299-25/+63
| | | | | | | | | | | | | | | | | * common/logging.c (log_set_socket_dir_cb): New. (socket_dir_cb): New. (set_file_fd): Allow "socket://". (fun_writer): Implement default socket name. * common/init.c (_init_common_subsystems): Register default socket. -- This change allows the use of log-file socket:// in any configuration file. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make decryption of -R work w/o --try-secret-key or --default-key.Werner Koch2016-08-291-10/+7
| | | | | | | | | | * g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all cases not just when --try-all-secrets is used. -- Regression-due-to: 82b90eee100cf1c9680517059b2d35e295dd992a Reported-by: Carola Grunwald Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix false negatives in Ed25519 signature verification.Werner Koch2016-08-252-3/+128
| | | | | | | | | | | | | | * g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values. * tests/openpgp/verify.scm (msg_ed25519_rshort): New (msg_ed25519_sshort): New. ("Checking that a valid Ed25519 signature is verified as such"): New. -- About one out of 256 signature won't verify due to stripped zero bytes. See the source comment for details. Reported-by: Andre Heinecke Signed-off-by: Werner Koch <[email protected]>
* common: Rename an odd named function.Werner Koch2016-08-254-7/+7
| | | | | | | | | | | | | * common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519. (openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519. Change callers. -- We use "cv25519" everywhere else and thus the test function should not have a surprising name. Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --with-tofu-info.Werner Koch2016-08-259-38/+107
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oWithTofuInfo): New. (opts): Add --with-tofu-info. (main): Set opt.with_tofu_info. * g10/options.h (struct opt): Add field WITH_TOFU_INFO. * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter special mode if not NULL. Change all callers. (tofu_write_tfs_record): New. * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as part of the "uid" record. Print a new "tfs" record if the new option is set. * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record. -- A separate option is required to avoid slowing down key listings. Foer example the current code takes for a keylisting in tofu+pgp mode 17 seconds while it takes more than 5 minutes if the option is used. Signed-off-by: Werner Koch <[email protected]>
* gpg: Change TOFU_STATS to return timestamps.Werner Koch2016-08-242-35/+77
| | | | | | | | | * g10/tofu.c (write_stats_status): Add arg FP to print a colon formated line. Adjust for changed TOFU_STATS interface. (show_statistics): Let the query return timestamps and use gnupg_get-time to compute the "time ago" values. Signed-off-by: Werner Koch <[email protected]>
* common: Guarantee that gnupg_get_time does not return an error.Werner Koch2016-08-241-16/+10
| | | | | | | | | | | | | * common/gettime.c (gnupg_get_time): Abor if time() failed. (gnupg_get_isotime): Remove now useless check. (make_timestamp): Remove check becuase we already checked this modulo the faked time thing. -- In reality a call foo = time (NULL) can never fail because the only defined error is EFAULT, but we don't provide a buffer. Signed-off-by: Werner Koch <[email protected]>
* wks: Add command --supported to gpg-wks-client.Werner Koch2016-08-241-0/+55
| | | | | | | | | | * tools/gpg-wks-client.c (aSupported): New. (opts): Add --supported. (parse_arguments): Ditto. (main): Call command_supported. (command_supported): New. Signed-off-by: Werner Koch <[email protected]>
* doc: Some additional source commentsWerner Koch2016-08-242-1/+6
| | | | --
* common: Change license of mbox-util to LGPLv2.1+.Werner Koch2016-08-222-28/+8
| | | | | | | | -- Noet that the code has entirely been written by me. Signed-off-by: Werner Koch <[email protected]>
* wks: Install gpg-wks-client under libexecWerner Koch2016-08-221-2/+5
| | | | | | | | * tools/Makefile.am (bin_PROGRAMS): Move gpg-wks-client to ... (libexec_PROGRAMS): ...here. -- Signed-off-by: Werner Koch <[email protected]>
* common: Remove unused vars in simple-pwquery.Werner Koch2016-08-221-16/+5
| | | | | | | | | * common/simple-pwquery.c (agent_send_option): Remove unused vars. (simple_query): Ditto. (agent_open): Ditto. Return RC on error. (simple_pwquery): Remove unused vars. Remove shadowing of 'p'. Signed-off-by: Werner Koch <[email protected]>
* Post release updates.Werner Koch2016-08-182-1/+5
| | | | --
* Release 2.1.15gnupg-2.1.15Werner Koch2016-08-180-0/+0
|
* Update NEWS.Werner Koch2016-08-181-1/+48
| | | | --
* po: Auto updateWerner Koch2016-08-1825-2065/+2135
| | | | --
* po: Add init.c to POTFILES.inWerner Koch2016-08-181-1/+1
| | | | --
* po: Update German translationWerner Koch2016-08-181-76/+76
|
* po: Update Norwegian translation.Åka Sikrom2016-08-181-485/+242
|
* po: Update Russian translationIneiev2016-08-181-15/+9
|
* gpg: Add import filter "drop-sig".Werner Koch2016-08-182-3/+104
| | | | | | | | | | | * g10/import.c (import_drop_sig): New variable. (cleanup_import_globals): Release that. (parse_and_set_import_filter): Add filter "drop-sig". (filter_getval): Implement properties for drop-sig. (apply_drop_sig_filter): New. (import_one): Apply that filter. Signed-off-by: Werner Koch <[email protected]>
* doc: Add comments on how to parse --list-colons output.Werner Koch2016-08-182-4/+12
| | | | | | -- GnuPG-bug-id: 2437
* dirmngr: Remove all system daemon features.Werner Koch2016-08-1813-365/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (opts): Remove fields 'system_service' and 'system_daemon'. * common/homedir.c (dirmngr_sys_socket_name): Remove. (dirmngr_user_socket_name): Rename to ... (dirmngr_socket_name): this. Change call callers. * common/asshelp.c (start_new_dirmngr): Remove the system socket feature. * tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket". * sm/server.c (gpgsm_server): Adjust for removed system socket feature. * dirmngr/server.c (cmd_getinfo): Ditto. (cmd_killdirmngr): Remove check for system daemon. (cmd_reloaddirmngr): Ditto. * dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro. (aService): Remove. (opts): Remove --service. (w32_service_control): Remove. (real_main, call_real_main) [W32]: Remove wrapper. (main): Remove Windows system service feature. Remove system dameon feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file. * dirmngr/certcache.c (load_certs_from_dir): Remove warning in the system dameon case. * dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d". * dirmngr/ocsp.c (validate_responder_cert): Do not call validate_cert_chain which was used only in system daemon mode. * dirmngr/validate.c (validate_cert_chain): Always use the code. -- We are now starting dirmngr as needed as a user daemon. The deprecated system daemon mode does not anymore make sense. In case a system wide daemon is required, it is better to setup a dedicated account to run dirmngr and tweak socket permissions accordingly. Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --senderWerner Koch2016-08-184-0/+44
| | | | | | | | | | | | | * g10/options.h (struct opt): Add field 'sender_list'. * g10/gpg.c: Include mbox-util.h. (oSender): New. (opts): Add option "--sender". (main): Parse option. -- This option will eventually be used for more advanced purposes. Signed-off-by: Werner Koch <[email protected]>
* agent: Allow import of overly large keys.Werner Koch2016-08-161-1/+1
| | | | | | | | * agent/command.c (MAXLEN_KEYDATA): Double the size. -- Debian-bug-id: 834447 Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 17:56:54 +0000