| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Makefile.am: Add option for building gpgsum
* autogen.rc: Add option for building gpgsum
* configure.ac: Add option for building gpgsum
* tools/Makefile.am: Add sources for gpgsum
* tools/gpgsum-w32info.rc: Add new file
* tools/gpgsum.c: Add gpsum tool
* tools/gpgsum.w32-manifest.in: Add new file
|
|
* configure.ac (TEST_LIBTSS): Fix the condition with SWTPM.
* tests/tpm2dtests/start_sw_tpm.sh: Use --daemon and --pid
to run SWTPM.
--
GnuPG-bug-id: 6052
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac (TPMSERVER): Don't supply hard-coded path.
(SWTPM, SWTPM_IOCTL, TSSSTARTUP): Likewise.
--
Having hard-coded path has bad side effect; It may not be detected
even if it's available with PATH.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac (NEED_LIBASSUAN_API): Require the API version 3.0.
(NEED_LIBASSUAN_VERSION): Require 3.0.0 or later.
--
GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac (HAVE_SOCKET): Detect SOCKET type.
* agent/command-ssh.c [HAVE_SOCKET] (start_command_handler_ssh): Use
SOCKET to cast.
--
GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
--
|
|
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--
This avoids the use of the VirtualStore uner Windows.
GnuPG-bug-id: 6503
|
|
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--
This avoids the use of the VirtualStore uner Windows.
GnuPG-bug-id: 6503
|
|
--
|
|
--
|
|
--
Note that we now print Copyright g10 Code instead of FSF.
|
|
--
|
|
|
|
* agent/Makefile.am [HAVE_W32CE_SYSTEM]: Remove.
* am/cmacros.am [HAVE_W32CE_SYSTEM]: Remove.
* autogen.sh: Remove W32ce_ variables.
* configure.ac: Likewise.
* dirmngr/Makefile.am (extra_bin_ldflags): Remove.
* g10/Makefile.am [HAVE_W32CE_SYSTEM]: Remove.
* kbx/Makefile.am: Likewise.
* sm/Makefile.am (extra_bin_ldflags): Remove.
* tools/Makefile.am (extra_bin_ldflags): Remove.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (start_command_handler_ssh_stream): New.
* agent/command-ssh.c (start_command_handler_ssh_stream): New.
* agent/gpg-agent.c (oWin32OpenSSHSupport): New.
(W32_DEFAILT_AGENT_PIPE_NAME): New.
(main): Add oWin32OpenSSHSupport support.
(win32_openssh_thread): New.
(handle_connections): Spawn win32_openssh_thread.
* configure.ac (NEED_GPGRT_VERSION): Require libgpg-error 1.46.
--
GnuPG-bug-id: 3883
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
--
|
|
--
|
|
--
|
|
* configure.ac (AC_PREREQ): Use >= 2.69.
(AC_CONFIG_HEADERS): Use it, instead of AC_CONFIG_HEADER.
(AC_HEADER_STDC, AC_HEADER_TIME): Remove obsolete macros.
(sys/time.h): Add the check of the header.
(time_t): Don't use TIME_WITH_SYS_TIME.
* acinclude.m4 (AC_HEADER_TIME): Don't require.
Don't use TIME_WITH_SYS_TIME.
* dirmngr/dns.c: Don't use TIME_WITH_SYS_TIME.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
* common/dynload.h: Include specific headers only.
* common/exechelp-w32.c: Include <windows.h>.
* common/gettime.c: Likewise.
* common/utf8conv.c: Likewise.
* tests/gpgscm/ffi.c: Likewise.
* tools/gpgconf.c: Likewise.
* configure.ac: Check winsock2.h, removing gl_HEADER_SYS_SOCKET.
--
GnuPG-bug-id: 5731
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
* configure.ac: Move clearing of build_keyboxd out of the conditional.
--
GnuPG-bug-id: 5588
|
|
* common/signal.c (get_signal_name): Use sigdescr_np if available.
* configure.ac: Check the function.
--
GnuPG-bug-id: 5568
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
keyserver.ubuntu.com.
* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/http.c (http_session_new): Ditto.
* dirmngr/server.c (make_keyserver_item): Use a different mapping for
the gnupg.net names.
--
Due to the unfortunate shutdown of the keyserver pool, the long term
defaults won't work anymore. Thus it is better to change them.
For https access keyserver.ubuntu.com is now used because it can be
expected that this server can stand the load from newer gnupg LTS
versions.
For http based access the Dutch Surfnet keyserver is used. However
due to a non-standard TLS certificate this server can not easily be
made the default for https.
Note: that the default server will be changed again as soon as a new
connected keyserver infrastructure has been established.
(cherry picked from commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1)
|
|
* configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h.
* dirmngr/ks-engine-ldap.c: Remove including getopt.h.
* tools/make-dns-cert.c: Likewise.
--
Checking string.h is supported by AC_HEADER_STDC. Use of getopt.h
is only needed for getopt_long of GNU extention.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac: Have a single AC_HEADER_TIME.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac (AC_CHECK_HEADERS): Remove pty.h utmp.h, util.h,
and libutil.h.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
It does not make sense to have the cms stuff at the top level but the
openpgp at a dedicated directory. This patch fixes that.
|
|
* configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.
--
GnuPG-bug-id: 5440
Reported-by: Jay Freeman
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
* configure.ac: New option --with-tss to force the use of a
specific TSS library.
--
While most systems will probably have only one of the two TPM
libraries that we support (the IBM TSS or the Intel TSS), it
would still be helpful to allow which one to use in the event
that both are detected, instead of always using the IBM one.
This patch does that by adding a --with-tss=TSS configure-time
option, where TSS can be "ibm", "intel", or "autodetect". The
default value is "autodetect", which triggers the original
behavior (i.e. try to detect both libraries, and prefer the IBM
one if both are found).
Signed-off-by: Damien Goutte-Gattat <[email protected]>
|
|
--
|
|
--
|
|
* configure.ac (min_automake_version): Bump to 1.16.3
--
This version has the now needed support for
- new variable AM_DISTCHECK_DVI_TARGET, to allow overriding the
"make dvi" that is done as part of distcheck.
|
|
* configure.ac (TEST_LIBTSS): Make that conditional depend on the
detection of tssstartup.
--
While the tpm2d daemon can use either the Intel TSS or the IBM TSS,
the test code (specifically, the start_sw_tpm.sh script) requires
some tools from the IBM TSS (tssstartup and tsspowerup).
If a software TPM is detected at configure time but the IBM TSS
tools are absent (e.g. because only the Intel TSS is available on
the system), `make check` will attempt to run the tpm2d tests and
those will fail when the start_sw_tpm.sh script is launched.
This patch makes running the tpm2d tests dependent not only on
the detection of a software TPM, but also on the detection of
tssstartup (it is probably safe to assume that if tssstartup is
present, then tsspowerup is available as well).
Signed-off-by: Damien Goutte-Gattat <[email protected]>
|
|
* configure.ac (build_tpmd): New configure option --disable-tpm2d
(BUILD_WITH_TPM2D): New.
* Makefile.am (tests): Use conditionally BUILD_TPM2D instead of
HAVE_LIBTSS.
* build-aux/speedo.mk (speedo_pkg_gnupg_configure) [W32]: Do not build
tpm2d.
* autogen.rc: Ditto.
|
|
* configure.ac: Check for Intel TSS.
* tpm2d/intel-tss.h: New.
* tpm2d/tpm2.h (HAVE_INTEL_TSS): Use the Intel code.
--
The Intel TSS is somewhat of a moving target, so this wraps support
for this TSS into tpm2daemon. Unfortunately this wrapper uses some
APIs that are only present in a relatively recent Intel TSS, so it
looks like it will only work with version 2.4.0 or higher.
Signed-off-by: James Bottomley <[email protected]>
- Add header blurb; see previous patch.
- Add new file to the Makefile
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac: Detect TPM emulator and enable tests.
* tests/tpm2dtests/: New test suite.
* tests/Makefile.am: Run tests.
--
Add a set of tests that exercise tpm2daemon handling of keys and
verify compatibility with non-tpm based keys.
Running this test infrastructure requires a tpm emulator, which is
tested for during configuration. If an emulator is not found, the
tests won't be run since they require the presence of a TPM (although
the TPM handling code will still be built).
Signed-off-by: James Bottomley <[email protected]>
- Fixed tests/Makefile.am for make distcheck.
Signed-off-by: Werner Koch <[email protected]>
|
|
* tpm2d: New directory.
* Makefile.am (SUBDIRS): Add directory.
* configure.ac: Detect libtss and decide whether to build tpm2d.
* am/cmacros.am: Add a define.
* util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* common/homedir.c (gnupg_module_name): Add tpm2d.
* common/mapstrings.c (macros): Add "TPM2DAEMON".
* tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
* tools/gpgconf-comp.c (known_options_tpm2daemon): New.
(gc_component): Add TPM2.
(tpm2daemon_runtime_change): New.
* tpm2d/Makefile.am: New.
* tpm2d/command.c: New.
* tpm2d/ibm-tss.h: New.
* tpm2d/tpm2.c: New.
* tpm2d/tpm2.h: New.
* tpm2d/tpm2daemon.c: New.
* tpm2d/tpm2daemon.h: New.
---
This commit adds and plumbs in a tpm2daemon to the build to mirror the
operation of scdaemon. The architecture of the code is that
tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
updated function prefixes (this argues there could be some further
consolidation of the daemon handling code). Note that although this
commit causes the daemon to be built and installed, nothing actually
starts it or uses it yet.
Command handling
----------------
command.c is copied from the command handler in scd.c except that the
command implementation is now done in terms of tpm2 commands and the
wire protocol is far simpler. The tpm2daemon only responds to 4
commands
IMPORT: import a standard s-expression private key and export it to
TPM2 format. This conversion cannot be undone and the
private key now can *only* be used by the TPM2. To anyone
who gets hold of the private key now, it's just an
encrypted binary blob.
PKSIGN: create a signature from the tpm2 key. The TPM2 form private
key is retrieved by KEYDATA and the hash to be signed by
EXTRA. Note there is no hash specifier because the tpm2
tss deduces the hash type from the length of the EXTRA
data. This is actually a limitation of the tpm2 command
API and it will be interesting to see how this fares if the
tpm2 ever supports say sha3-256 hashes.
PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
The tpm2 for private key is retrieved by KEYDATA and the
information used to create the symmetric key by EXTRA.
KILLTPM2D: stop the daemon
All the tpm2 primitives used by command.c are in tpm2.h and all the
tpm2 specific gunk is confined to tpm2.c, which is the only piece of
this that actually does calls into the tss library.
Signed-off-by: James Bottomley <[email protected]>
Changes from James' patch:
- gpgconf: The displayed name is "TPM" and not "TPM2". That
string is used by GUIs and should be something the user
understands. For example we also use "network" instead
of "Dirmngr".
- Removed some commented includes.
- Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
- Silenced a C90 compiler warning and flags unused parameters.
- Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
files so that make distcheck works.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
Requiring 3.28 had the problem that for example Debin distributes a
3.27 with backported fixes. There is no 3.28. So we relax this
again.
Fixes-commit: d763548f2e00726a40ec886c8179c07bf4e6e664
|
|
--
We are actually not vulnerable but it seems to be a good idea to force
installation of a good copy of SQlite
GnuPG-bug-id: 4510
|
|
--
|
|
* configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional.
* tools/Makefile.am (gpg_pair_tool_SOURCES): We build it always.
--
This is because we require libgcrypt 1.9 anyway.
|
|
* build-aux/speedo.mk: Update from 2.2. Add target w32-msi-release.
* build-aux/speedo/w32/inst.nsi: Fix location of doc files.
* build-aux/speedo/w32/wixlib.wxs: Add gpg-card and fix a wrong name.
* Makefile.am (release): Support a WITH_MSI variable.
(wixlibfile): Improve copying to archive.
(release): Use AMTAR instead of TAR.
--
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION
and set to 1.41.
* common/sysutils.c (gnupg_access): Remove code for older gpgrt
versions.
* kbx/backend-sqlite.c: Ditto.
* sm/gpgsm.c (main): Ditto.
--
We already have a requirement for a newer Libgcrypt and thus we can
also require a more recent libgpgrt (aka libgpg-error) which was
released before Libgcrypt.
|
|
* tools/symcryptrun.c: Remove.
* tools/Makefile.am: Ditto.
* doc/tools.texi: Remove man page.
* configure.ac: Remove build option and tests used only by this tool.
* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Do not build
symcryptrun.
--
symcryptrun is too ancient to be of any use and has not been tested in
many years. Thus we should not distribute it anymore.
|
