* src/genkey.c (genkey_start): set engine passphrase command handler.
--
This allows for inquiring a new passphrase during key generation rather
than requiring a pinentry. Needs a patch to gnupg to make use of
--command-fd with --gen-key.
* GUI examples written with pygtk, which has not been ported to Python
3 and won't be as it is for GTK2 and GNOME is moving to GTK3.
* New GUI examples may be required in future using any of several GUI
frameworks (e.g. wxPython, PyQt, PySide, PyGObject, etc.).
* doc/gpgme.texi: Document offline mode.
* src/context.h (gpgme_context): Add offline.
* src/engine-backend.h (keylist, keylist_ext): Add engine_flags.
* src/engine.c, src/engine.h (_gpgme_engine_op_keylist): Ditto.
(_gpgme_engine_op_keylist_ext): Ditto.
* src/engine.h (GPGME_ENGINE_FLAG_OFFLINE): New.
* src/engine-gpg.c (gpg_keylist, gpg_keylist_ext): Ditto.
* src/engine-gpgsm.c (gpgsm_keylist): Handle engine_flags.
(gpgsm_keylist_ext): Ditto.
* src/gpgme.c (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.def (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.h.in (gpgme_set_offline, gpgme_get_offline): New.
* src/libgpgme.vers (gpgme_set_offline, gpgme_get_offline): New.
* src/keylist.c (gpgme_op_keylist_start): Set offline flag.
(gpgme_op_keylist_ext_start): Ditto.
* tests/run-keylist.c (show_usage, main): Add offline argument.
--
The offline engine option was introduced with gpgsm 2.1.6
it is mainly useful for a full keylisting that includes
the certificate validation but does not depend on external
information that could take an indefinite amount of time to
collect.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* build-aux/git-hooks/commit-msg: Stop processing more lines when the
scissor line is encountered.
--
This allows the command `git commit -v` to work even if the code is
longer than 72 characters. Note that comments are already ignored by the
previous line.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
* src/engine-gpgsm.c (gpgsm_assuan_simple_command): Do not terminate
on a status lines.
--
This bug has been with us since the support for gpgsm: If there is no
status line handler but a status line is received anyway the command
handling loop terminates and thus the command/answer order gets out of
sync. In the case of the bug report this is triggered by sending an
option which starts the agent and that starting emits a "PROGRESS"
status line.
The solution is not to stop reading after a status line but record a
possible error code and return that only after OK or ERR.
GnuPG-bug-id: 1795
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/debug.h: Change macros to not have a literal 0 as last
expression of the comma operator.
* src/debug.c (_gpgme_debug_frame_end): Return 0.
(_gpgme_debug): Return 0.
--
Instead of using
foo(), 0
for the trace macros we let foo() return 0 instead.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpgsm/final.test: New.
* tests/gpgsm/initial.test: New.
* tests/gpg/start-stop-agent: Move to ../.
* tests/gpgsm/Makefile.am (TESTS_ENVIRONMENT): Export top_srcdir.
(TESTS): Add intial.test and final.test.
(AM_LDFLAGS): Add -no-install.
(clean-local): Use start-stop-agent
(initial.test): Add dependency.
* tests/gpg/Makefile.am (top_srcdir): Export top_srcdir.
(AM_LDFLAGS): Add -no-install.
(check-local): Depend on pubring-stamp instead of pubring.gpg.
(initial.test): Depend on check-local.
(./pubring-gpg): Replace by rule for ./pubring-stamp.
--
There are also a couple of other changes which should make the tests a
bit more robust and the gpg and gpgsm tests more similar.
The -no-install avoids creating wrappers for test programs, which make
debugging easier.
The dependency on check-local guarantees that its rules are run before
the first test. This is important because conf files are setup by
this rule. Earlier automake versions seem to have run check-local
always before the tests but today the order of execution is not
defined.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (calc_sig_summary): Handle GPG_ERR_CERT_REVOKED.
--
parse_new_sig() handles a revoked key by setting sig->status to
GPG_ERR_CERT_REVOKED, but then later calc_sig_summary() expects that
code in sig->validity_reason.
Additional comments added by wk.
* src/engine-gpg.c (gpg_keylist_preprocess): Increment SRC for a
backslash.
--
This bug is not exploitable because this bug fills up .data with
backslashes and thus causes the segv.
Signed-off-by: Werner Koch <wk@gnupg.org>
* Port of PyME 0.9.0 for Python 2 to Python 3 along with most of the
example scripts.
* Intended to be developed in parallel with the original Python 2
version until such time as a rewrite of GPGME leads to developing an
IO API in Python 3 from scratch.
* Python 3 PyME and API maintainer has entered, stage left with current
GPG key ID 0x321E4E2373590E5D, primary fingerprint is "DB47 24E6 FA42
86C9 2B4E 55C4 321E 4E23 7359 0E5D" and signing subkey fingerprint is
"B7F0 FE75 9387 430D D0C5 8BDB 7FF2 D371 35C7 553C" for future
reference with git commit signatures.
* Some of them cannot be properly tested on OS X, especially with GTK in
the mix (it works on OS X, but is unlikely to be as easily accessible
as Cocoa or Qt).
* Most major functions are showcased and do work, albeit sometimes with
false positives of error messages, at least on OS X.
* exportimport works, but will still segfault for an as yet unknown
reason.
* genkey produces a traceback error, but does create the key as
intended.
* matched passphrase in signverify.
* Changed plaintext string to byte literal.
* Nested key selection in a try/except statement in case of
UnicodeEncodeError instances.
* Tested successfully on over 9,000 keys.
* The entirety of the Python 3 port of PyME up to commit
2145348ec54c6027f2ea20f695de0277e2871405
* The old commit log has been saved as
lang/py3-pyme/docs/old-commits.log
* Can be viewed as a normal (separate) git repository at
https://github.com/adversary-org/pyme3
* Utilising the submodule feature of git was deliberately skipped on
humanitarian grounds (in order to prevent pain and suffering on the
part of anyone having to manage this repository).
* src/Makefile.am (extra_ltoptions): New.
(libgpgme_la_LDFLAGS): Use it.
(libgpgme_pthread_la_LDFLAGS): Ditto.
(libgpgme_glib_la_LDFLAGS): Ditto.
--
Since gcc 4.8 there is a regression in Mingw64 in that plain C
programs may link to libgcc_s.a which has a dependency on
libgcc_s_sjlj.dll. This is for example triggered by using long long
arithmetic on a 32 bit Windows (e.g symbol __udivdi3).
Note that we don't use this patch for the Qt version which, as C++
programs, actually requires that DLL,
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-spawn.c (add_data): Fix malloc
--
Bummer. Why did I subtracted one from the size? Did I assume a
dynamically allocated structure with a string field which was not
going to be used? Very strange.
Not a real problem though because malloc will anyway round up the
allocation to at least the next word size.
Detected by Stack 0.3.
--
Somehow the doc/gpl.texi from gpgme and gnupg drifted out of sync.
This patch to gpgme's file brings it in line with gnupg's master
branch, and avoids the following errors during make:
./gpl.texi:667: @section seen before @end enumerate
./gpl.texi:724: unmatched `@end enumerate'
./gpl.texi:1: warning: node next `Copying' in menu `Concept Index'
and in sectioning `Function and Data Index' differ
* src/context.h (OPDATA_EXPORT): New.
* src/export.c (op_data_t): New.
(release_op_data): New.
(parse_error): New.
(export_status_handler): New.
(export_start, export_ext_start): Prepare op_data.
(gpgme_op_export_ext, gpgme_op_export_keys): Return an error from the
status handler.
--
To support an error return also for the async functions we need to
extend the API. Until we have done that this new features helps at
least in some cases; in particular for --send-keys.
* src/sign.c (gpgme_op_sign_result): Reformat and take care of failed
malloc.
--
Although _gpgme_debug_trace() is current always true, the code should
be run always and not just in trace mode. Also added error checking
to malloc and strdup. And while at replace some while by for loop for
easier readability.
* src/sign.c (gpgme_op_sign_result): Test that invalid and valid
signatures add up to gpgme_signers_count().
--
When invalid and valid signatures do not equal gpgme_signers_count() it
means that there was a bad passphrase during signing after the first
signer. This leaves the result.signatures from previous signers intact
which isn't correct since gpg will report:
gpg: number of one-pass packets does not match number of signature
packets
gpg: can't handle this ambiguous signature data
during verify. So when this happens append the valid signatures to the
.invalid_signers list with .reason set to GPG_ERR_GENERAL.
--
The --no-sk-comments flag is (or should be) a no-op in modern versions
of gnupg, but gpgme should still use its full form rather than the
(slightly) abbreviated --no-sk-comment