From ec332d58efc50f6508b87fc9f51db68c39cee044 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 9 Oct 2014 19:10:32 +0200 Subject: gpg: Take care to use pubring.kbx if it has ever been used. * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp. * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header flag. * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp and set header flag. * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static and add arg for_openpgp. (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the former keybox_new. * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the openpgp header flags. * g10/keydb.c (rt_from_file): New. Factored out and extended from keydb_add_resource. (keydb_add_resource): Switch to the kbx file if it has the openpgp flag set. * kbx/keybox-dump.c (dump_header_blob): Print header flags. -- The problem was reported by dkg on gnupg-devel (2014-10-07): I just discovered a new problem, though, which will affect people on systems that have gpg and gpg2 coinstalled: 0) create a new keyring with gpg2, and use it exclusively with gpg2 for a while. 1) somehow (accidentally?) use gpg (1.4.x) again -- this creates ~/.gnupg/pubring.gpg 2) future runs of gpg2 now only look at pubring.gpg and ignore pubring.kbx -- the keys you had accumulated in the keybox are no longer listed in the output of gpg2 --list-keys Note that gpgsm has always used pubring.kbx and thus this file might already be there but without gpg ever inserted a key. The new flag in the KBX header gives us an indication whether a KBX file has ever been written by gpg >= 2.1. If that is the case we will use it instead of the default pubring.gpg. Signed-off-by: Werner Koch --- kbx/keybox-init.c | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) (limited to 'kbx/keybox-init.c') diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index 8ae3ec315..0d4800e12 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -77,15 +77,10 @@ keybox_is_writable (void *token) -/* Create a new handle for the resource associated with TOKEN. SECRET - is just a cross-check. - - The returned handle must be released using keybox_release (). */ -KEYBOX_HANDLE -keybox_new (void *token, int secret) +static KEYBOX_HANDLE +do_keybox_new (KB_NAME resource, int secret, int for_openpgp) { KEYBOX_HANDLE hd; - KB_NAME resource = token; int idx; assert (resource && !resource->secret == !secret); @@ -94,6 +89,7 @@ keybox_new (void *token, int secret) { hd->kb = resource; hd->secret = !!secret; + hd->for_openpgp = for_openpgp; if (!resource->handle_table) { resource->handle_table_size = 3; @@ -135,6 +131,30 @@ keybox_new (void *token, int secret) return hd; } + +/* Create a new handle for the resource associated with TOKEN. SECRET + is just a cross-check. This is the OpenPGP version. The returned + handle must be released using keybox_release. */ +KEYBOX_HANDLE +keybox_new_openpgp (void *token, int secret) +{ + KB_NAME resource = token; + + return do_keybox_new (resource, secret, 1); +} + +/* Create a new handle for the resource associated with TOKEN. SECRET + is just a cross-check. This is the X.509 version. The returned + handle must be released using keybox_release. */ +KEYBOX_HANDLE +keybox_new_x509 (void *token, int secret) +{ + KB_NAME resource = token; + + return do_keybox_new (resource, secret, 0); +} + + void keybox_release (KEYBOX_HANDLE hd) { -- cgit v1.2.3