Commit Graph

3379 Commits

Author SHA1 Message Date
Werner Koch
c8048bf8eb
core: New keylist mode GPGME_KEYLIST_MODE_WITH_KEYGRIP.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_KEYGRIP): New.
* src/gpgme-json.c (op_keylist): New flag "keygrip".
* src/engine-gpg.c (gpg_keylist_build_options): Pass the options.

* lang/cpp/src/global.h (WithKeygrip): New.
* lang/cpp/src/context.cpp: Add check.
* lang/cpp/src/key.cpp (Key::update): Handle WithKeygrip.
* lang/cpp/src/verificationresult.cpp: Ditto.
* lang/cpp/src/util.h (add_to_gpgme_keylist_mode_t): Ditto.
--

GnuPG-bug-id: 4939
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-15 14:11:17 +02:00
Werner Koch
32b80cf3c7
python: Workaround for a regression in GnuPG 2.2.21
* lang/python/tests/support.py (is_gpg_version): New.
* lang/python/tests/t-encrypt-sym.py: Add workaround.
--

GnuPG-bug-id: 4991
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-14 14:48:01 +02:00
Andre Heinecke
88f3202521
doc: Explain verify_result_t.status == 0 more
* doc/gpgme.texi (gpgme_verify_result_t): Explain
GPGME_STATUS_NO_ERROR more clearly.

--
This might help to avoid misunderstandings how the
status can be interpreted and explains why a verify
of unsigned PGP Data returns no error.

As a reaction to CVE-2020-10759 discovered by Justin Steven.
2020-06-09 10:22:27 +02:00
Werner Koch
728ead8ebd
core: Fix setting of the chain_model signature result.
* src/verify.c (parse_trust): Fix detection of "chain" keyword.
--

Fixes-commit: da6f3dc0c5
from 2007 shortly after introducing this.  I doubt that this info has
ever been used (it is for qualified signatures, which are only
supported using the legacy German RegTP rules for them which were soon
overturned by the commercial CAs).

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-05 14:46:56 +02:00
NIIBE Yutaka
0cc040e82f tests: Remove/change tests for GnuPG 2.3 with no gpg.keyserver.
* lang/qt/tests/t-config.cpp (testKeyserver): Remove.
* tests/gpg/t-gpgconf.c (main): Test with dirmngr.keyserver.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-11 14:20:48 +09:00
Andre Heinecke
52f930c1ed
w32: Explicitly link ws2_32
* src/Makefile.am (gpgme_w32_extra_libs): New.
(libgpgme_la_LIBADD, libgpgme_glib_la_LIBADD): Use it.

--
Since w32-io.c directly uses functions from ws2_32 it should
not rely on libgpg-error to pull in this dependency.
2020-05-08 16:38:19 +02:00
dupgit
49c13854f3
GPGME_CREATE_NOEXPIRE is only available since 1.9.0
* doc/gpgme.texi: Fixes version number from 1.8.0 to
   1.9.0 for GPGME_CREATE_NOEXPIRE.

GnuPG-Bug-Id: T4922
Signed-off-by: dupgit <olivier.delhomme@free.fr>
2020-05-08 12:34:20 +02:00
Werner Koch
004fdf61c8
core: Make sure the keygrip is available in WITH_SECRET mode.
* src/engine-gpg.c (gpg_keylist_build_options): Send --with-keygrip
if --with-secret is used.
--

Since GnuPG 2.2.19 the keygrip was not anymore send if only
--with-secret was used in a public key listing.  Given that
--with-secret requires computation of the keygrip anyway, there is no
point in not requesting the keyrip in this case.

GnuPG-bug-id: 4820
2020-05-08 11:18:42 +02:00
Andre Heinecke
5c0d1c7f76
tests, json: Do not check for keygrip of pubkeys
* tests/json/t-keylist-secret.out.json: Do not check for keygrip
of bravo key.

--
Since GnuPG 2.2.19 the keygrip is not emitted for public keys
in a keylisting --with-secret.

As the GPGME test suite should pass with several versions
the json test cannot test this as the suite does not allow
version checks for different output.

What the intended behavior is might still be up for discussion,
always adding --with-keygip is not a good solution because
it slows down keylistings for large keyrings.

GnuPG-Bug-Id: T4820
2020-05-08 10:30:53 +02:00
NIIBE Yutaka
3658e2df65 tests: Add ECC key generation for tests/gpgsm.
* tests/gpgsm/t-genkey.c (check_result): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-03-27 19:50:24 +09:00
NIIBE Yutaka
71ef398bfd build: Fix library dependency.
* src/Makefile.am (gpgme_tool_LDADD): Add @GPG_ERROR_LIBS@.

--

Since gpgme-tool uses gpg_strerror, it should be linked
to -lgpg-error.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-03-27 16:24:13 +09:00
Werner Koch
3afa534645
core: New context flags "include-key-block" and "auto-key-import".
* src/gpgme.c (gpgme_set_ctx_flag): Add flags "include-key-block" and
"auto-key-import".
(gpgme_get_ctx_flag): Ditto.
* src/context.h (struct gpgme_context): Add flags include_key_block
and auto_key_import.
* src/engine-gpg.c (struct engine_gpg): Likewise.
(gpg_set_engine_flags): Set the flags for gpg versions >= 2.2.20.
(gpg_decrypt): Set option according to the new flags.
(gpg_encrypt): Ditto.
(gpg_encrypt_sign): Ditto.
(gpg_sign): Ditto.
(gpg_verify): Ditto.

tests/run-verify: Add option --auto-key-import.
tests/run-sign: add option --include-key-block.
--

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-17 17:24:21 +01:00
Bernhard Reiter
11edc073a3
python: fix minor typo in howto 2020-03-03 08:52:54 +01:00
Andre Heinecke
ec9690cf5c
qt: Change logging category
* lang/qt/src/*: Change logging category to macro to QGPGME_LOG.

--
The old logging category macro had a typo and this way we
are more consistent with other logging rules. For example
you could write gpg.* in the logging conf.
2020-02-19 11:15:54 +01:00
Andre Heinecke
ba08aadfa7
qt: Log execution args of gpg-card
* lang/qt/src/qgpgmegpgcardjob.cpp (do_work): Log call.
2020-02-19 11:15:54 +01:00
Werner Koch
2b8680aba9
python: Also detect python 3.9.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-14 13:16:01 +01:00
Andre Heinecke
9ca679c150
qt: Add dummy context to make mixin happy
* lang/qt/qgpgmegpgcardjob.cpp (QGpgMEGpgCardJob): Add context.
--
Otherwise it fails with an assert.
2020-02-12 15:50:36 +01:00
Andre Heinecke
77feaa4510
qt: Add GpgCardJob following the job pattern
* lang/qt/src/Makefile.am: Add new files.
* lang/qt/src/job.cpp (GpgCardJob): Add impl stuff.
* lang/qt/src/protocol.h (gpgCardJob): Get one.
* lang/qt/src/qgpgmebackend.cpp,
lang/qt/src/qgpgmebackend.h: Add helpers to get the job.
* lang/qt/src/qgpgmegpgcardjob.cpp,
lang/qt/src/gpgcardjob.h,
lang/qt/src/qgpgmegpgcardjob.h: New.

--
This is annoyingly complex to add a simple new job.
In the future we should implement something like this
without the threadedjobmixin stuff. But the idea was
to follow the usual job pattern.

GnuPG-Bug-Id: T4794
2020-02-12 11:57:09 +01:00
Andre Heinecke
cff600f1f6
Do not test for a bug in older GnuPG versions
* tests/json/t-keylist-secret.out.json

--
Since at least 2.2.19 GnuPG no longer emits secret = true
for keys where it does not have a secret. To avoid
failures with older versions we remove the check altogether.

GnuPG-Bug-Id: T4820
2020-01-29 11:01:10 +01:00
Daniel Kahn Gillmor
414938cfed m4/python: Scan for python 3.8 as well
* m4/python.m4: Scan for python 3.8 as well.

--

It's not clear to me why python3.8 should be commented out of the
python path search.  This change simplifies and normalizes the search
for modern versions of python 3.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-01-23 18:26:48 -05:00
Andre Heinecke
39052913f2
core: Add MacOS fallbacks to look for binaries
* src/posix-util.c (find_executable): New.
(walk_path_str): Factored out from walk_path.
(walk_path): Replaced by find_executable.
(_gpgme_get_gpg_path, _gpgme_get_gpgconf_path): Use find_executable.

--
This should help to locate GnuPG on MacOS systems where
it is not part of the PATH environment variable and
should reduce the need to have fixed path known
at GPGME compile time.

mailvelope/issue699
2020-01-17 12:42:56 +01:00
Andre Heinecke
194272dbc3
cpp, qt: Use uidhash to select uids for signing
* lang/cpp/src/gpgsignkeyeditinteractor.cpp (action):
Use uidhash instead of number.
(GpgSignKeyEditInteractor::setKey): New.
* lang/cpp/src/gpgsignkeyeditinteractor.h: Update accordingly.
* lang/cpp/src/key.h, lang/cpp/src/key.cpp: Wrap uidhash.
* lang/qt/src/qgpgmesignkeyjob.cpp: Set the key.

--
Using the uidhash avoids problems when the user ids
on --edit-key are different ones then the uids
captured by gpgme when listing keys. Or if
they are in a different order. This can happen
with cached keys or keys with user attributes.
2019-12-13 18:06:00 +01:00
Werner Koch
5eeae535ee
core: Extend gpgme_user_id_t with uidhash member.
* src/gpgme.h.in (struct _gpgme_user_id): Add field 'uidhash'.
* src/key.c (gpgme_key_unref): Free it.
* src/keylist.c (keylist_colon_handler): Set it.
* tests/run-keylist.c (main): Print it.
--

The uidhash value is part of gpg's output since the year 2005.  This
now adds support to gpgme.  The application for uidhash is to select
a user id in an edit interactor: Instead of giving the number of the
user id, the uidhash value can be be used to avoid tracking the user
id numbers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-13 15:11:00 +01:00
Andre Heinecke
7e7eaf4342
Revert "doc: Remove UI Server documentation"
This reverts commit 1b2ad3b73c.

--
Just removing the documentation was not the right way as
this is still in use.
2019-12-11 10:30:41 +01:00
Daniel Kahn Gillmor
ae4d7761a1 gpg: Avoid error diagnostics with --override-session-key when verifying
* src/engine-gpg.c (gpg_decrypt): only send --no-keyring when we are
not verifying.

--

Without this change, the signature verification would fail.  This
problem was introduced in bded8ebc59 in
an attempt to avoid an error when *not* verifying.  Clearly more test
suite coverage is needed to avoid introducing this sort of problem in
the future.

GnuPG-bug-id: 3464
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-12-06 10:41:44 +09:00
Daniel Kahn Gillmor
c0c97dbbe6 gpgme-tool: Fix help text for INCLUDE_CERTS.
* src/gpgme-tool.c (hlp_include_certs): added missing newline.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-12-03 18:42:07 -05:00
Werner Koch
d480a3c8f3
core,w32: Silence compiler warnings.
* src/w32-util.c (_gpgme_w32_cancel_synchronous_io): Add some casts.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-27 20:40:39 +01:00
Andre Heinecke
1b2ad3b73c
doc: Remove UI Server documentation
* doc/Makefile.am: Remove uiserver.texi
* doc/gpgme.texi: Remove UI-Server mentions.
* doc/uiserver.texi: Removed.

--
This prepares the removal of UI Server from implementing
applications like Kleopatra.
The only user of the UI Server is GpgEX and even that
does not need it at all and is better served with process
calls.

GnuPG-Bug-Id: T4030
2019-11-12 11:04:11 +01:00
NIIBE Yutaka
c493242007 qt,tests: Take care for old DSA key using deprecated digest algo.
* lang/qt/tests/t-remarks.cpp (initTestCase): Supply
allow-weak-key-signatures flag for GnuPG 2.3, which
normally rejects use of SHA1 digest.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-11-08 08:07:33 +09:00
Andre Heinecke
e7b5c6405d
qt, tests: Add check for supported versions
* lang/qt/tests/t-encrypt.cpp (decryptSupported): Moved to
t-support as loopbackSupported.
* lang/qt/tests/t-remarks.cpp: Check for loopbackSupported.
* lang/qt/tests/t-support.cpp, lang/qt/tests/t-support.h
(loopbackSupported): New.

--
This ensures that the tests do not fail with GnuPG 2.0.x
2019-11-06 09:21:02 +01:00
Andre Heinecke
024edbbd3c
qt, tests: Replace accidentally commited assert
* lang/qt/test/t-remarks.cpp (testRemarkReplaceSingleUIDExportable):
Use QVERIFY instead of assert.

--
An assert causes the temp directory not to be cleaned up. I
use this to analyze test failures.
If you want to see the tests home directory after a failure you
can just change a failing verify to an assert.
2019-11-06 09:12:09 +01:00
Andre Heinecke
a56f6015e9
qt,tests: Add test to add an exportable certify
* lang/qt/test/t-remarks.cpp (testRemarkReplaceSingleUIDExportable):
New.

--
Just checking in case the edit-key offers new states for that.
2019-11-06 09:10:03 +01:00
NIIBE Yutaka
1b840a151a python: Fix how to generate documentation.
* lang/python/doc/Makefile.am: Explicitly write rules to generate rst
and texinfo files.

Fixes-commit: 36428d8cf1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-11-06 10:30:16 +09:00
Andre Heinecke
9cf4db1e52
qt, tests: Add testcase for multiple remarsk
* lang/qt/tests/t-remarks.cpp (testMultipleRemarks): New.
2019-11-04 13:56:14 +01:00
Andre Heinecke
cb7668caeb
cpp: Add API to obtain mutliple remarks
* lang/cpp/src/key.cpp, lang/cpp/src/key.h (UserID::remarks): New.
* NEWS: Mention this.

--
This can be useful if we want to show remarks made by others, too.

For:
GnuPG-Bug-Id: T4734
2019-11-04 13:54:55 +01:00
Andre Heinecke
db888b1cc0
qt,tests: Move remarks test out and extend it
* lang/qt/tests/t-various.cpp (testRemarks): Move out.
* lang/qt/tests/t-remarks.cpp: New.
* lang/qt/tests/Makefile.am: Update accordingly.
--
While t-various is nice to add a quick test for more
extensive stuff it is better to move it in its own test.

This also tests with a key that has only a single uid.
2019-11-04 11:18:35 +01:00
Andre Heinecke
08933c183a
cpp: Fix dupe_ok state for single uid
* lang/cpp/src/gpgsignkeyeditinteractor.cpp (makeTable):
Add transition from command to dupe_ok
2019-11-04 11:17:27 +01:00
Werner Koch
067b1a73d9
doc: Note the need for a base tag.
--
2019-11-04 09:15:43 +01:00
Andre Heinecke
d61491dd25
qt: Allow adding empty remarks
* lang/qt/src/qgpgmesignkeyjob.cpp (sign_key): Allow empty
remarks.
2019-11-01 12:05:47 +01:00
Andre Heinecke
174caaa6f5
cpp: Minor optimization in remark lookup
* lang/cpp/src/key.cpp (UserID::remark): Use C-API.

--
The other parts of that function already use the C API
so we can also avoid function calls for the keyListMode.
2019-11-01 12:04:41 +01:00
Andre Heinecke
266e05eee8
cpp: Fix adding duplicated sigs on multiple uids
* lang/cpp/src/gpgsignkeyeditinteractor.cpp: Add another
state DUPE_OK2 to allow gpg looping over all uids.

--
When duplicated signatures should be added to multiple
user ids GnuPG will ask for each uid so we have to
add a transition for that.

GnuPG-Bug-Id: T4734
2019-11-01 12:02:07 +01:00
Andre Heinecke
a4d5394b46
cpp: Add env var to control editinteractor debug
* lang/cpp/src/editinteractor.cpp (EditInteractor::Private::Private):
Read "GPGMEPP_INTERACTOR_DEBUG" env var.
(EditInteractor::Private::~Private): Close debug file.

--
While it was possible for the application to control the
debug through setDebugChannel it is often times helpful
to just debug without changing the application using
GPGME
2019-11-01 12:00:18 +01:00
Andre Heinecke
1242c6c93a
core: Fix parsing of userid sigs after a subpkg
* src/keylist.c (keylist_colon_handler): Do not clear
out the tmp_uid when a subpacket line is encountered.

--
When the uid is cleared no more signatures following
the subpacket are parsed, so we now no longer clear
it when a subpacket is encountered.
2019-10-29 16:43:37 +01:00
Andre Heinecke
1f3ca698f1
qt,tests: Add test for remarks
* lang/qt/tests/t-various.cpp (testRemark): New.
2019-10-29 16:36:45 +01:00
Andre Heinecke
373acd6923
qt: Extend signkeyjob to handle remarks and dups
* lang/qt/src/qgpgmesignkeyjob.cpp: Handle remarks and
dupeOK.
* lang/qt/src/signkeyjob.h (SignKeyJob::setDupeOk),
(SignKeyJob::setRemark): New.

--
This API makes it easy for Kleopatra to add remarks for:
GnuPG-Bug-Id: T4734
2019-10-29 16:33:58 +01:00
Andre Heinecke
36f7f7a478
cpp: Add support for multiple keysigs in edit
* lang/cpp/src/gpgsignkeyeditinteractor.cpp
(GpgSignKeyEditInteractor::setDupeOk): New.
(makeTable): Add new tansitions.
(SignKeyState): Add DUPE_OK Status.
(GpgSignKeyEditInteractor::action): Handle DUPE_OK.
(GpgSignKeyEditInteractor::Private::Private): Carry flag.

--
When extended-edit is enabled this can be used to answer
the "dupe_ok" query from the edit-key with yes.

This is for:
GnuPG-Bug-Id: T4734
2019-10-29 16:31:20 +01:00
Andre Heinecke
83ecf1686a
cpp: Add convenience API to obtain remarks
* lang/cpp/src/key.h, lang/cpp/src/key.cpp (UserID::remark): New.

--
A remark made by one key on another is a signature notation on
a user id certification signature with the name "rem@gnupg.org".

This helps with:
GnuPG-Bug-Id: T4734
2019-10-29 16:24:01 +01:00
Andre Heinecke
0224408c63
core: Add cert-notation support and extended-edit
* src/context.h (gpgme_context): Add new flag for extended-edit.
* src/engine-gpg.c (append_args_from_sig_notations): Add flags to
control the kind of notations.
(gpg_edit): Respect extended-edit and notations.
(gpg_encrypt_sign, gpg_sign): Update call to
append_args_from_sig_notations.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Support
extended-edit.
* NEWS, doc/gpgme.texi: Mention extended-edit.

--
This provides a way to get the extended key-edit interface without
breaking bad state machines that rely on the current command flow.

A use case for this is to enable multiple local signatures, which
can be used together with annotations for:

GnuPG-Bug-Id: T4734
2019-10-29 16:11:54 +01:00
Andre Heinecke
9d83698818
cpp: Minor coding style fix
--
2019-10-29 11:04:41 +01:00
Andre Heinecke
fe2892618c
core,w32: Initialize dbg_help for socket debugging
* src/w32-io.c (_gpgme_io_select): Initialize dbg_help.

--
This fixes a crash on Windows because dbg_help might
be used unitialized.
2019-10-28 16:02:22 +01:00