| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* common/Makefile.am (common_sources): Add new files.
* common/server-help.c: New file.
* common/server-help.h: Likewise.
* agent/command.c: Drop argument handling primitives in favor of using
the consolidated ones.
* dirmngr/server.c: Likewise.
* g10/server.c: Likewise.
* g13/server.c: Likewise.
* scd/command.c: Likewise.
* sm/server.c: Likewise.
Signed-off-by: Justus Winter <[email protected]>
|
|
* g13/g13.c (aSuspend, aResume): New.
(opts): Add commands --suspend and --resume.
(main): Implement dummy command aUmount. Implement commands aResume
and aSuspend.
* g13/sh-cmd.c (cmd_suspend): New.
(cmd_resume): New.
(register_commands): Add commands RESUME and SUSPEND.
* g13/server.c (cmd_suspend): New.
(cmd_resume): New.
(register_commands): Add commands RESUME and SUSPEND.
* g13/be-dmcrypt.c (be_dmcrypt_suspend_container): New.
(be_dmcrypt_resume_container): New.
* g13/backend.c (be_suspend_container): New.
(be_resume_container): New.
* g13/suspend.c, g13/suspend.h: New.
* g13/mount.c (parse_header, read_keyblob_prefix, read_keyblob)
(decrypt_keyblob, g13_is_container): Move to ...
* g13/keyblob.c: new file.
(keyblob_read): Rename to g13_keyblob_read and make global.
(keyblob_decrypt): Rename to g13_keyblob_decrypt and make global.
* g13/sh-dmcrypt.c (check_blockdev): Add arg expect_busy.
(sh_dmcrypt_suspend_container): New.
(sh_dmcrypt_resume_container): New.
* g13/call-syshelp.c (call_syshelp_run_suspend): New.
(call_syshelp_run_resume): New.
--
The --suspend command can be used before a hibernate operation to make
the encrypted partition inaccessible and wipe the key from the memory.
Before --suspend is called a sync(1) should be run to make sure that
their are no dirty buffers (dmsetup, as called by g13, actually does
this for you but it does not harm to do it anyway. After the
partition has been suspended a
echo 3 >proc/sys/vm/drop_caches
required to flush all caches which may still have content from the
encrypted partition.
The --resume command reverses the effect of the suspend but to do this
it needs to decrypt again. Now, if the .gnupg directory lives on the
encrypted partition this will be problematic because due to the
suspend all processes accessing data on the encrypted partition will
be put into an uninterruptible sleep (ps(1) shows a state of 'D').
This needs to be avoided. A workaround is to have a separate GnuPG
home directory (say, "~/.gnupg-fallback") with only the public keys
required to decrypt the partition along with a properly setup
conf files. A
GNUPGHOME=$(pwd)/.gnupg-fallback g13 --resume
should then be able to resume the encrypted partition using the
private key stored on a smartcard.
The implementation is pretty basic right now but useful to me.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g13/be-dmcrypt.c, g13/be-dmcrypt.h: New.
* g13/Makefile.am (g13_SOURCES): Add them.
* g13/backend.c: Include be-dmcrypt.h and call-syshelp.h.
(no_such_backend): Rename to _no_such_backend and provide replacement
macro.
(be_is_supported_conttype): Support DM-Crypt.
(be_take_lock_for_create): Call set_segvice for DM-Crypt.
(be_create_new_keys): Make it a dummy for DM-Crypt.
(be_create_container): Call be_dmcrypt_create_container.
(be_mount_container): call be_dmcrypt_mount_container.
* g13/g13-syshelp.c (main): Enable verbose mode.
* g13/g13tuple.c (get_tupledesc_data): New.
* g13/g13tuple.h (unref_tupledesc): New.
* g13/g13.h (server_control_): Add field "recipients".
* g13/g13.c (main): Fix setting of recipients via cmdline.
(g13_deinit_default_ctrl): Release recipients list.
(g13_request_shutdown): New. Replace all direct update of
shutdown_pending by calls this function.
* g13/server.c (server_local_s): Remove field recipients which is now
part of CTRL.
(reset_notify, cmd_recipient, cmd_create): Adjust for this change.
* g13/create.c (encrypt_keyblob): Rename to g13_encrypt_keyblob.
(g13_create_container): Support DM-Crypt.
* g13/mount.c (parse_header): Allow for meta data copies.
(g13_mount_container): Support DM-Crypt.
* g13/sh-cmd.c (cmd_create): Make it work.
(cmd_mount): New.
* g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Make it work.
(sh_dmcrypt_mount_container): New.
--
With this patch we can now create an encrypted partition and partly
mount it (i.e. setup keys and create the mapped device). We do not yet
create a file system or mount that file system
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options. Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--
The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
|
|
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.
* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
|
|
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
|
|
|
|
2009-11-25 Marcus Brinkmann <[email protected]>
* command.c (start_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
scd/
2009-11-25 Marcus Brinkmann <[email protected]>
* command.c (scd_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
sm/
2009-11-25 Marcus Brinkmann <[email protected]>
* server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on
fds.
g10/
2009-11-25 Marcus Brinkmann <[email protected]>
* server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds.
|
|
|
|
|
|
2009-11-02 Marcus Brinkmann <[email protected]>
* command.c (reset_notify): Take LINE arg and return error.
(register_commands): Use assuan_handler_t type.
common/
2009-11-02 Marcus Brinkmann <[email protected]>
* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
type to gpg_error_t.
g10/
2009-11-02 Marcus Brinkmann <[email protected]>
* server.c (reset_notify, input_notify, output_notify): Update to
new assuan interface.
(register_commands): Use assuan_handler_t.
scd/
2009-11-02 Marcus Brinkmann <[email protected]>
* command.c (reset_notify): Take LINE arg and return error.
(register_commands): Use assuan_handler_t type.
sm/
2009-11-02 Marcus Brinkmann <[email protected]>
* server.c (reset_notify, input_notify, output_notify): Update to
new assuan interface.
(register_commands): Use assuan_handler_t.
* call-agent.c (membuf_data_cb, default_inq_cb)
(inq_ciphertext_cb, scd_serialno_status_cb)
(scd_keypairinfo_status_cb, istrusted_status_cb)
(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.
|
|
[g13] Send MOUNTPOINT status line
|
|
[sm] Chnage --include-certs default
|
|
There is no need for an audit file.
|
|
Track mounts.
--create does now work as expected.
|
|
Implemented a signal handler.
|
