* src/gpgme.h.in (gpgme_verify_flags_t): New enum.
(GPGME_VERIFY_ARCHIVE): New const.
(gpgme_op_verify_ext_start): New func.
(gpgme_op_verify_ext): New func.
* src/gpgme.def, src/libgpgme.vers: Add new functions.
* src/verify.c (gpgme_op_verify_ext_start): New.
(gpgme_op_verify_ext): New.
(verify_start): Add arg FLAGS. Pass the flags to
_gpgme_engine_op_verify.
(gpgme_op_verify_start): Call gpgme_op_verify_ext_start with 0 for
FLAGS.
(gpgme_op_verify): Call gpgme_op_verify_ext with 0 for FLAGS.
* src/engine.c, src/engine.h (_gpgme_engine_op_verify): Add arg FLAGS.
* src/engine-backend.h (struct engine_ops): Add FLAGS to 'verify'.
* src/engine-gpg.c (gpg_verify): Add arg FLAGS. Set use_gpgtar engine
flag if GPGME_VERIFY_ARCHIVE flag is set. Check for new enough gpg. Use
add_gpg_arg for gpg-only options without a value. Set extra options for
gpgtar and pass input data to stdin when using gpgtar.
* src/engine-gpgsm.c (gpgsm_verify): Add arg FLAGS. Return error if
GPGME_VERIFY_ARCHIVE flag is set.
* src/engine-uiserver.c (uiserver_verify): Ditto.
* tests/run-verify.c (show_usage): New options --archive, --directory,
and --diagnostics.
(main): Parse new options. Verify and extract with gpgtar if --archive
is given. Set file name of output data to value of --directory option.
Print stderr of gpg/gpgtar if --diagnostics is given.
--
GnuPG-bug-id: 6342
* src/gpgme.h.in (GPGME_DECRYPT_ARCHIVE): New decryption flag.
* src/engine-gpg.c (gpg_decrypt): Set use_gpgtar engine flag if
GPGME_DECRYPT_ARCHIVE flag is set. Check for new enough gpg and
incompatible flags. Use add_gpg_arg_with_value for gpg-only options
with a value and add_gpg_arg for gpg-only options without a value.
Set extra options for gpgtar and pass input data to stdin when using
gpgtar.
* tests/run-decrypt.c (show_usage): New options --archive and
--directory.
(main): Parse new options. Decrypt with gpgtar if --archive is given.
Set file name of output data to value of --directory option.
--
GnuPG-bug-id: 6342
* src/engine-gpg.c (gpg_encrypt, gpg_encrypt_sign, gpg_sign): Pass
file name set in data with --directory option to gpgtar.
* tests/run-encrypt.c (show_usage): New option --directory.
(main): Parse new option. Set file name of input data to option value.
* tests/run-sign.c (show_usage): New option --directory.
(main): Parse new option. Set file name of input data to option value.
--
GnuPG-bug-id: 6342
* src/engine-gpg.c (gpg_encrypt_sign): Set use_gpgtar engine flag if
GPGME_ENCRYPT_ARCHIVE mode is set. Check for new enough gpg. Use
add_gpg_arg_with_value for gpg-only options with a value and
add_gpg_arg for gpg-only options without a value. Set extra options for
gpgtar and pass input data to stdin when using gpgtar.
* tests/run-encrypt.c (print_result): Rename to print_encrypt_result.
Print header.
(print_sign_result): New.
(show_usage): New option --sign.
(main): Parse new option. Sign and encrypt --sign is given.
Print results of signing additionally to results of encryption.
--
With this change the gpgme_op_encrypt_sign* functions get support for
creating an encrypted and signed archive from files and/or directories
passed as NUL-separated list in the "plain" data with gpgtar.
GnuPG-bug-id: 6342
* src/gpgme.h.in (GPGME_SIG_MODE_ARCHIVE): New signature mode.
* src/engine-gpg.c (append_args_from_sender,
append_args_from_sig_notations): Use add_gpg_arg_with_value
for gpg-only options with a value.
(gpg_sign): Set use_gpgtar engine flag if GPGME_SIG_MODE_ARCHIVE mode
is set. Check for new enough gpg. Use add_gpg_arg_with_value for
gpg-only options with a value and add_gpg_arg for gpg-only options
without a value. Set extra options for gpgtar and pass input data to
stdin when using gpgtar.
* src/sign.c (sign_start): Add GPGME_SIG_MODE_ARCHIVE as valid mode.
* tests/run-sign.c (show_usage): New options --archive and
--diagnostics.
(main): Parse new options. Sign with gpgtar if --archive is given.
Print stderr of gpg/gpgtar if --diagnostics is given.
--
With this change the gpgme_op_sign* functions get support for
creating a signed archive from files and/or directories passed as
NUL-separated list in the "in" data with gpgtar.
GnuPG-bug-id: 6342
* src/gpgme.h.in (GPGME_ENCRYPT_ARCHIVE): New encryption flag.
* src/engine-gpg.c (arg_and_data_s): New field gpg_arg.
(engine_gpg): New flag use_gpgtar.
(_add_arg): Add argument gpg_arg and set it.
(add_arg_ext, add_arg_with_locp, add_arg, add_arg_pfx, add_arg_len):
Adjust call of _add_arg.
(add_arg_with_locp): Add argument front.
(add_gpg_arg, add_gpg_arg_with_value): New.
(gpg_new): Use add_gpg_arg_with_value for gpg-only options with a value
and add_gpg_arg for gpg-only options without.
(build_argv): Consider usage of gpgtar when counting arguments to pass
to gpg/gpgtar. Prepend "--gpg-args" to all gpg-only arguments if gpgtar
is used.
(start): Set program to use. Read diagnostics output from stderr when
using gpgtar. Do not pass --status-fd to gpgtar for gpg < 2.4.1. Use
add_gpg_arg_with_value for --lc-ctype and --lc-messages.
(gpg_encrypt): Set use_gpgtar engine flag if GPGME_ENCRYPT_ARCHIVE flag
is set. Check for new enough gpg and incompatible flags. Use
add_gpg_arg_with_value for gpg-only options with a value and
add_gpg_arg for gpg-only options without a value. Set extra options
for gpgtar and pass input data to stdin when using gpgtar.
* src/engine-gpgsm.c (gpgsm_encrypt): Return error if new flag is set.
* src/engine-uiserver.c (uiserver_encrypt): Ditto.
* tests/run-encrypt.c (show_usage): New options --archive and
--diagnostics.
(main): Parse new options. Encrypt with gpgtar if --archive is given.
Print stderr of gpg/gpgtar if --diagnostics is given.
--
With this change the gpgme_op_encrypt* functions get support for
encrypting a list of files and/or directories passed as NUL-separated
list in "plain" data with gpgtar.
GnuPG-bug-id: 6342
* src/engine-gpg.c (_append_to_arglist, _prepend_to_arglist): New.
(_add_arg): Use _append_to_arglist and _prepend_to_arglist.
(add_data_ext): New. Extends add_data.
(add_data): Uses add_data_ext.
(gpg_new): Do not add --status-fd and --logger-fd to argument list.
(start): Prepend --logger-fd and --status-fd to the argument list.
--
This change makes it possible to handle those two arguments differently
if gpgtar is used instead of gpg.
GnuPG-bug-id: 6342
* src/dirinfo.c (WANT_GPGTAR_NAME): New.
(dirinfo): Add field gpgtar_name.
(get_gpgconf_item): Build gpgtar_name on demand and return it.
(_gpgme_get_default_gpgtar_name) : New.
(gpgme_get_dirinfo): New value "gpgtar-name" for WHAT.
* src/util.h (_gpgme_get_default_gpgtar_name): New.
* tests/t-engine-info.c (main): Add gpgtar-name to the output.
GnuPG-bug-id: 6342
* src/engine-gpg.c (build_argv): Initialize fd_data_map and argv. Goto
leave on error. Free fd_data_map and argv on error.
--
This will make it easier to add an additional "--with-gpg-args" option
where needed.
GnuPG-bug-id: 6342
* src/engine-gpg.c (build_argv): Don't add "--no-sk-comments" to argv.
--
This option is a no-op since 1.4.3 and 1.4.23 is the latest 1.4 release.
GnuPG-bug-id: 6342
* src/gpgme.m4 (AM_PATH_GPGME_PTHREAD): It's deprecated, since gpgme
supports threads and GNU C library has integrated pthread features.
--
GnuPG-bug-id: 6285
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* src/context.h (gpgme_context): Add field no_auto_check_trustdb.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add flag
"no-auto-check-trustdb".
* src/engine-gpg.c (engine_gpg): Add flags.no_auto_check_trustdb.
(gpg_set_engine_flags): Set the flag.
(build_argv): Pass option to gpg.
* tests/run-keylist.c (show_usage, main): Add option --no-trust-check.
--
This makes the --no-auto-check-trustdb option available in the GPGME API
to disable the potentially expensive automatic trust database check.
GnuPG-bug-id: 6261
* src/gpgme.m4: Overriding the decision by --with-gpgme-prefix,
use gpgrt-config gpgme when gpgrt-config is available.
--
This may offer better migration.
GnuPG-bug-id: 5034
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* src/gpgme.c (gpgme_set_global_flag): Add flag "inst-type".
* src/w32-util.c (_gpgme_set_get_inst_type): New.
(INST_TYPE_GPG4WIN_DIR): New.
(INST_TYPE_GPGDESK_DIR): New.
(_gpgme_get_gpgconf_path): Implement this flag. Replace fixed strings
by the macros.
* src/posix-util.c (_gpgme_set_get_inst_type): New dummy.
--
This is intended for use by Kleopatra to reliable find the expected
GnuPG installation.
* src/parsetlv.c (_gpgme_parse_tlv): Detect integer overflow.
--
Although there is no concrete case where we use for example
(to.nhdr+ti.length), it feels safer to protect against this anyway.
* src/sign.c (parse_sig_created): Special case the rfc4880 "1F" status.
--
This has always been wrong but we can't simply force strtol to assume
hex. Patch compiles but has received no specific test. For details
see
GnuPG-bug-id: 6223
* configure.ac (GPGME_CONFIG_CFLAGS): Prefix with -I${includedir} for
non-standard include paths.
(GPGME_CONFIG_LIBS): Prefix with -L${libdir} for non-standard library
paths.
* src/gpgme.pc.in (Cflags): Remove hard-coded -I${includedir}.
(Libs): Remove hard-coded -L${libdir}.
--
This helps prevent problems when building/linking something that depends
on gpgme (installed in standard path) and some other library (installed
in a standard path and a custom path).
See T6136 for related changes in libgpg-error.
* src/w32-util.c (_gpgme_get_gpgconf_path): Add fallback for
GnuPG VS-Desktop install scheme.
--
GnuPG VS-Desktop has the install layout:
%PROGRAMFILES%\GnuPG VS-Desktop\bin\libgpgme.dll
%PROGRAMFILES%\GnuPG VS-Desktop\GnuPG\bin\gpgconf.exe
This fallback is of course only required if the registry
string pointing to the correct install directory is
broken.
GnuPG-Bug-Id: T6131
* configure.ac (USE_GPGRT_CONFIG): New.
* src/Makefile.am [USE_GPGRT_CONFIG]: Conditionalize the install
of gpgme-config.
--
When system will migrate use of gpgrt-config and removal of
gpg-error-config, gpgme-config will not be installed (but use gpgme.pc
by gpgrt-config).
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* src/keylist.c (gpgme_op_keylist_from_data_start): Call
_gpgme_op_import_init_result.
--
This fixes a crash when importing keys from data. Initializing the
import result was missing for this keylist operation.
Fixes-commit: f3ca57dfd7
GnuPG-bug-id: 5951
* src/keylist.c (parse_sec_field15): Set SECRET flag.
--
Explicitly setting the SECRET flag for subkeys stored on smart cards
makes sure that the flag is also set if GPGME_KEYLIST_MODE_WITH_SECRET
is used when listing OpenPGP keys (as documented in the API
documentation). If secret keys are listed, then the flag is already set
when the packet type is parsed.
GnuPG-bug-id: 5965
* src/import.c (import_status_handler): Rename to ...
(_gpgme_import_status_handler): this. Make non-static.
(_gpgme_op_import_init_result): New.
(_gpgme_op_import_start, _gpgme_op_import_keys_start,
_gpgme_op_receive_keys_start): Call _gpgme_op_import_init_result.
* src/keylist.c (keylist_status_handler): Call
_gpgme_import_status_handler to handle import status lines.
(gpgme_op_keylist_start, gpgme_op_keylist_ext_start): Call
_gpgme_op_import_init_result.
* src/ops.h (_gpgme_op_import_init_result,
_gpgme_import_status_handler): New prototypes.
--
If a keylist operation with keylist mode GPGME_KEYLIST_MODE_LOCATE is
run, then gpg emits import status lines. Handling those status lines
allows users to retrieve the result of a --locate-(external)-keys
command.
GnuPG-bug-id: 5951
* src/gpgme.h.in (GPGME_KEYLIST_MODE_FORCE_EXTERN): New.
(GPGME_KEYLIST_MODE_LOCATE_EXTERNAL): New.
* src/gpgme.c (gpgme_set_keylist_mode): Check for invalid mode.
* src/engine-gpg.c (gpg_keylist_build_options): Use
"--locate-external-keys" instead of "--locate-keys" if flag is set.
* src/gpgme-json.c (op_keylist): New flag "force-extern".
* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Handle
new mode.
--
GnuPG-bug-id: 5951
* src/decrypt.c (op_data_t): Add field symdecrypt_failed.
(parse_status_error): Handle BAD_PASSPHRASE error code.
(_gpgme_decrypt_status_handler): Consult new field.
--
Return a bad passphrase error if the failure during symmetric decryption
is likely caused by the user entering a wrong passphrase. The special
error code of a failed public key decryption takes precedence.
GnuPG-bug-id: 5939
* src/gpgme.h.in (gpgme_op_receive_keys_start, gpgme_op_receive_keys):
New.
* src/gpgme.def, src/libgpgme.vers: Add them.
* src/engine-backend.h (struct engine_ops): Add arg keyids to field
'import'.
* src/engine.h, src/engine.c (_gpgme_engine_op_import): Add arg keyids.
* src/engine.c (_gpgme_engine_op_import): Forward new arg keyids.
* src/import.c: (_gpgme_op_import_start, _gpgme_op_import_keys_start):
Pass NULL to new arg of _gpgme_op_import_start.
(_gpgme_op_receive_keys_start, gpgme_op_receive_keys_start,
gpgme_op_receive_keys): New.
* src/engine-gpg.c (gpg_import): Add arg keyids. Extend check for
valid arguments. Build command line if keyids are given.
* src/engine-gpgsm.c (gpgsm_import): Add arg keyids. Return error if
keyids is not NULL.
tests/run-receive-keys.c: New.
tests/Makefile.am (noinst_PROGRAMS): Add new test runner.
--
The new function allows importing keys given by their key ids or
fingerprints from a keyserver (like gpg's --recv-keys command).
GnuPG-bug-id: 5808
src/export.c (export_status_handler): Handle "export_keys.secret".
--
This allows callers of the synchronous export operations to react
properly to errors (e.g. wrong passphrase) during the export of secret
keys.
GnuPG-bug-id: 5766
* src/gpgme.h.in (GPGME_EXPORT_MODE_SECRET_SUBKEY): New.
* src/export.c (check_mode): Allow new mode and check for invalid
combinations.
(export_keys_start): Return error if new mode flag is set.
* src/engine-gpg.c (export_common): Implement.
* src/gpgme-tool.c (cmd_export): New option --secret-subkey.
* tests/run-export.c (main): New option --secret-subkey.
--
This adds support for exporting secret subkeys (via gpg's
--export-secret-subkeys) to gpgme_op_export[_ext][_start].
The flag is not supported by gpgme_op_export_keys[_start] because
there is no way to specify which subkey(s) to export with these
functions.
GnuPG-bug-id: 5757
src/engine-gpgsm.c (gpgsm_export, gpgsm_export_ext): Return error if an
unsupported mode flag is set.
--
The minimal mode flag has no effect for X.509 certificates, but we still
treat it as supported (as documented in the API documentation).
GnuPG-bug-id: 5757
* src/export.c (check_mode): Return error if ssh mode is combined with
another mode flag.
--
The SSH mode flag cannot be used in combination with other flags.
GnuPG-bug-id: 5757
* src/import.c (gpgme_op_import_result): Check fpr for NULL.
(parse_error): New.
(import_status_handler): Handle error status line.
* doc/gpgme.texi (gpgme_import_status_t): Mention that fpr can be NULL.
* tests/gpg/t-import.c (check_result): Check fpr for NULL.
* tests/run-threaded.c (delete_impres): Check fpr for NULL.
--
When importing an encrypted certificate a wrong passphrase may be
entered. In this case gpgsm emits a status line with a bad passphrase
error and an "invalid object" error. To make it possible for callers
to handle a wrong passphrase error more gracefully, an import status
with bad passphrase error is added to the import result for each
status line with bad passphrase error.
GnuPG-bug-id: 5713
* src/context.h (struct gpgme_context): New field import_filter.
* src/engine-backend.h (struct engine_ops): Add arg import_filter to
field 'import'.
* src/engine-gpg.c (gpg_import): Add arg import_filter and pass option
--import-filter with argument value to gpg. Adjust all callers.
* src/engine-gpgsm.c (gpgsm_import): Add dummy arg import_filter.
* src/gpgme.c (gpgme_release): Free 'import_filter'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "import-filter".
* tests/run-import.c (main): Add option --import-filter.
--
This makes the --import-filter option available in the GPGME API for
key imports.
GnuPG-bug-id: 5739
* src/context.h (struct gpgme_context): New field key_origin.
* src/engine-backend.h (struct engine_ops): Add arg key_origin to
field 'import'.
* src/engine-gpg.c (gpg_import): Add arg key_origin and pass option
--key-origin with argument value to gpg. Adjust all callers.
* src/engine-gpgsm.c (gpgsm_import): Add dummy arg key_origin.
* src/gpgme.c (gpgme_release): Free 'key_origin'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "key-origin".
* tests/run-import.c (main): Add option --key-origin.
* tests/gpg/t-import.c (main): Set and verify key origin.
--
This makes the --key-origin option available in the GPGME API for
key imports.
GnuPG-bug-id: 5733
* src/engine-gpgconf.c (gpgconf_parse_option): Skip the string
indicator if it is not the empty string.
--
Some versions of GnuPG (~2.2.28 to 2.2.33) returned a compliance
indicator which should be an int but actually used string as type.
Simply skipping the indicator without checking that this is the
indicator does not allow to work around this type mismatch by the
gpgme users.
* src/dirinfo.c (WANT_SOCKETDIR): New.
(dirinfo): Add field socketdir.
(parse_output): Support "socketdir".
(get_gpgconf_item): Return socketdir.
* tests/t-engine-info.c (main): Add socketdir to the output.
* src/w32-util.c (_gpgme_create_process_utf8): Fix indentation.
--
GnuPG-bug-id: 5613
This is not strictly necessary because we could deduce this from one
of the other socket info items but it is more clean to have a
dedicated info item. The socketdir item is available for 5 years now
(GnuPG commit 8e3fa5a4b205c534de2142e5d071712f957cf06a)
* src/gpgme.pc.in (Require): Move gpg-error, libassuan to...
(Requires.private): ... here.
(Cflags): Add -I${includedir}.
(Libs): Add -L${libdir}.
--
This will result better library dependency for applications using
gpgme. It will break build of an application which directly uses
gpg-error or libassuan without specifying them (which means, depending
on redundant/wrong gpgme.pc).
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
