| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Werner Koch <[email protected]>
|
|
|
|
* kbx/keyboxd.c: New.
* kbx/keyboxd.h: New.
* kbx/kbxserver.c: New.
* kbx/keyboxd-w32info.rc: New.
* kbx/Makefile.am (EXTRA_DIST): Add new rc file.
(resource_objs): Ditto.
(libexec_PROGRAMS): New.
(common_libs, commonpth_libs): New.
(kbxutil_LDADD): Use here.
(keyboxd_SOURCES): New.
(keyboxd_CFLAGS): New.
(keyboxd_LDADD): New.
(keyboxd_LDFLAGS): New.
(keyboxd_DEPENDENCIES): new.
($(PROGRAMS)): Extend.
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (GNUPG_CACHE_DIR): New const.
* tools/Makefile.am (libexec_PROGRAMS): Add gpg-pair-tool.
(gpg_pair_tool_SOURCES, gpg_pair_tool_CFLAGS)
(gpg_pair_tool_LDADD): New.
* tools/gpg-pair-tool.c: New.
--
This is a first try on a protocol to pair two devices so that they can
agree on a shared secret to exchange secret keys. The idea is that if
you want to sync your secret keys to another machine (e.g. from
desktop to mobile) you have physical access to both devices and thus a
pairing protocol allows to authenitcate the connection using a short
string. See the source for a protocol description.
How to test:
$ gpg-pair-tool -va --homedir . --initiate >msg.commit
$ gpg-pair-tool -va --homedir 2ndhome --respond \
<msg.commit >msg.dhpart1
$ gpg-pair-tool -va --homedir . --respond \
<msg.dhpart1 >msg.dhpart2
$ gpg-pair-tool -va --homedir 2ndhome --respond \
<msg.dhpart2 >msg.confirm
Now set the SAS as printed by the responder into SAS and run
$ gpg-pair-tool -va --homedir . --respond --sas $SAS <msg.confirm
Storing the secret on disk is obviously not the right thing to do.
With the new PUT_SECRET and GET_SECRET commands of gpg-agent we can
change this to store it all in gpg-agent instead. This will make it
also easier for gpg to access the secret and we won't need an option
to return it from gpg-pair-tool. Thus gpg-pair-tool can be dedicated
to run the protocol and maybe to popup info dialogs.
Adding a second expiration time for running the protocol in addition
to the expiration of the secret is probably a better idea than just
that simple catch-all TTL.
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (AC_CHECK_FUNCS): Fold most calls into one.
--
A few functions were tested two times which slightly increases the size
of the configure script. Also put the functions in sorted order into
the macro.
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (NAME_OF_SENDMAIL): New ac_define.
* tools/send-mail.c (run_sendmail): Use it.
--
We used to ac_subst the SENDMAIL in the old keyserver via mail script.
We cab reuse this to avoid a fixed name for sendmail in the
send-mail.c helper.
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New.
* tools/watchgnupg.c (print_version): USe this macro.
* common/init.c (_init_common_subsystems): Register argparse
functions.
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.29
* common/util.h: Remove replacement error codes.
* common/logging.h: Remove fallback to internal logging functions.
* common/logging.c: Remove.
* common/Makefile.am (common_sources): Remove logging.c
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
* configure.ac: Add option --enable-npth-debug
--
This requires a not yet release nPth version to have an effect.
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
portability.
* configure.ac: Always use the ldap wrapper.
--
Since the migration from GNU Pth to nPth the ldap wrapper never worked
reliable on Windows. Our long term use of the old Window CE wrapper
thing didn't fixed this either. The new code uses the portable
es_poll function and thus code which is tested at several other
places. It Should(tm) fix the Windows issues.
GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.
--
Normally SIGCONT or SIGUSR2 works for unblocking pselect. But on my
machine with GNU/Linux, when a machine is suspend/resume-ed, pselect
keeps blocked, while signal itself is delivered.
It's better to use pipe.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
|
|
--
|
|
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (HAVE_PSELECT_NO_EINTR): New.
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.
--
On NetBSD, signal to the same process cannot unblock pselect,
with unknown reason. Use pipe instead, for such systems.
GnuPG-bug-id: 3778
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac: Check ucred.h as well as sys/ucred.h.
* agent/command-ssh.c: Add inclusion of ucred.h.
--
It was T2981, adding ucred.h for Solaris. We also need sys/ucred.h
for FreeBSD and macOS.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac: Check sys/ucred.h instead of ucred.h.
* agent/command-ssh.c: Include sys/ucred.h.
--
It's *BSD and macOS thing.
Fixes-commit: f7f806afa5083617f4aba02fc3b285b06a7d73d4
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
assuan_sock_set_system_hooks is used unconditionally in gnupg since
commit 9f641430dcdecbd7ee205d407cb19bb4262aa95d, and as such it requires
libassuan 2.5.0 (function introduced in
commit 90dc81682b13a7cf716a8a26b891051cbd4b0caf)
For a detailed description see:
https://lists.gnupg.org/pipermail/gnupg-devel/2017-December/033323.html
|
|
--
|
|
* configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
* common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
--
This allows to build GnuPG with an extra socketdir below /run. See
https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033250.html
for a longer explanation why this is sometimes useful.
Suggested-by: Rainer Perske
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix. Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex. Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--
This patch enables the use of the log function from libgpgrt (aka
libgpg-error). Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions. Eventually the
whole divert stuff can be removed.
The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string. Note that this is fully specified
standard C behaviour.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
This reverts commit e1984969cac06a88c7e6f5e49e5c3104d10a847d
because that was 2.2 only.
|
|
--
|
|
* configure.ac: Do not add -Werror to mycflags.
--
On Windows and possible also on other platforms we expect to a get a
few errors or warnins. Thus we can't use -Werror by default. This is
why we have a separate configure options --enable-werror ;-).
Fixes-commit: 3ecd1a41be7c880976987d13e88342c98f37e064
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac: Use -Werror.
--
Using clang, -Wlogical-op doesn't fail but generates warning.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac (YAT2M): Only define when found.
* doc/Makefile.am: Portability fix.
--
This is not intended to apply to master, but 2.2 branch only. When
new libgpg-error is required, installation of yat2m can be assumed.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash.
--
Windows does not like the leading backslash and won't read
the key.
Problem reported in the Gpg4win Message boards.
This bug was introduced by rev. 75ba215e
Signed-off-by: Andre Heinecke <[email protected]>
|
|
--
|
|
--
gpg is used by several other components as well as from the test
suite. We need it.
GnuPG-bug-id: 3479
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac: Implement that option.
--
This can be used as a workaround in case of bogus autoconf tests.
GnuPG-bug-id: 2423
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac: Do not mess with the user provided CFLAGS.
--
A problem was claimed with some configure tests if the user provided
CFLAGS=-Werror. The commit introducing this
Fixes-commit: 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8
does not mention a concrete case. Anyway, messing with CFLAGS is a
bad idea because configure tests will then test something different
than what is used later (cf. autoconf manual). Tests which depend on
the whether -Werror is used needsto be fixed.
Note that in certain cases we modify CFLAGS. This is only done for
some configure options or if the platform requires the use of special
compiler flags (e.g. on HP/UX).
GnuPG-bug-id: 2423
|
|
* configure.ac (ENABLE_LOG_CLOCK): New ac_define and option.
* common/logging.c (log_clock): Use ENABLE_LOG_CLOCK to enable
timestamp printing.
* g10/call-agent.c (agent_pksign): Time signing.
* g10/sig-check.c (check_signature_end_simple): Time verification.
--
Timing for verification is limited to data signatures because this is
the most common thing to evaluate. We should consider to change
log_clock to printf style so that we could print the signature class
and other info.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
AGENT_S2K_CALIBRATION (measured in milliseconds)
* agent/protect.c (calibrate_s2k_count): Calibrate based on
AGENT_S2K_CALIBRATION.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
GnuPG-bug-id: 3399
|
|
--
|
|
--
|
|
|
|
* configure.ac (GNUPG_SWDB_TAG): New ac_define. Set it to "gnupg22".
* tools/gpgconf.c (query_swdb): Use it.
* build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
* Makefile.am (distcheck-hook): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
* configure.ac: New option --enable-all-tests.
* tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*.
* tests/openpgp/all-tests.scm (all-tests): Use that var instead
of *maintainer-mode*.
* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests.
--
It is better to have a separate option to run all tests than to put
this on top of --enable-maintainer-mode. This way we can also make
sure to run all tests during "make distcheck".
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac: Leak the maintainer mode flag into 'config.h'.
* tests/gpgscm/ffi.c: Pass it into the scheme environment.
* tests/openpgp/all-tests.scm: Only run tests against non-default
configurations (keyring, extended-key-format) in maintainer mode.
--
Werner is concerned that the tests do take up too much time and asked
me to reduce the runtime of the tests for normal users.
Signed-off-by: Justus Winter <[email protected]>
|
|
* configure.ac: Remove option --enable-gpg2-is-gpg. Add option
--enable-gpg-is-gpg2.
* build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove
--enable-gpg2-is-gpg.
--
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
* common/homedir.c (default_homedir): Strip trailing slashes.
(gnupg_set_homedir): Ditto.
--
is_gnupg_default_homedir() does not ignore trailing slashes when
comparing directory names. This can lead to multiple agents started
on the same directory if the homedir was specified with --homedir or
GNUPGHOME without or with a number of slashes.
We now make sure that the home directory name never ends in a
slash (except for the roo of course).
GnuPG-bug-id: 3295
Signed-off-by: Werner Koch <[email protected]>
|
|
--
dev.gnupg org is the development platform but the canonical bug
address is and has always been bugs.gnupg.org. We should keep on
using this address for the case that we switch the tracker again or
split it off the development system.
That is also the reason why we should keep on communicating a plain
bug number without the 'T' prefix.
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (YAT2M): Check for tool.
* doc/Makefile.am (yat2m-stamp): Use installed tool if possible.
--
|
