Import fixes.

new otion for watchgnupg

10 files changed, 69 insertions, 17 deletions

diff --git a/ChangeLog b/ChangeLog
index 477d68bf7..870a0322f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-10-06  Werner Koch  <[email protected]>
+
+	* configure.ac: Make --enable-standard-socket the default.
+
 2010-10-04  Werner Koch  <[email protected]>
 
 	* configure.ac (GNUPG_CHECK_FAQPROG): Remove.
diff --git a/NEWS b/NEWS
index b456fa845..f895d3a65 100644
--- a/NEWS
+++ b/NEWS
@@ -26,8 +26,8 @@ Noteworthy changes in version 2.1.x (under development)
  * If the agent's --use-standard-socket option is active, all tools
    try to start and daemonize the agent on the fly.  In the past this
    was only supported on W32; on non-W32 systems the new configure
-   option --enable-standard-socket may now be used to use this feature
-   by default.
+   option --disable-standard-socket may now be used to disable this
+   new default.
 
  * Dirmngr is now a part of this package.  Dirmngr is now also
    expected to run as a system service and the configuration
diff --git a/agent/ChangeLog b/agent/ChangeLog
index 5abcc67f2..01ff96172 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,3 +1,7 @@
+2010-10-06  Werner Koch  <[email protected]>
+
+	* cvt-openpgp.c (convert_secret_key): Add missing break.
+
 2010-10-05  Werner Koch  <[email protected]>
 
 	* gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 8105ae6f6..5a044c449 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -126,6 +126,7 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey)
                              "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
                              skey[0], skey[1], skey[2], skey[3], skey[4],
                              skey[5]);
+      break;
 
     default:
       err = gpg_error (GPG_ERR_PUBKEY_ALGO);
diff --git a/configure.ac b/configure.ac
index 009f399cd..8565b551d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -79,7 +79,7 @@ use_bzip2=yes
 use_exec=yes
 disable_keyserver_path=no
 use_ccid_driver=yes
-use_standard_socket=no
+use_standard_socket=yes
 
 try_ks_ldap=no
 
@@ -657,8 +657,8 @@ fi
 #
 AC_MSG_CHECKING([whether to use a standard socket by default])
 AC_ARG_ENABLE(standard-socket,
-              AC_HELP_STRING([--enable-standard-socket],
-                             [use a standard socket for the agent by default]),
+              AC_HELP_STRING([--disable-standard-socket],
+                             [don't use a standard socket by default]),
               use_standard_socket=$enableval)
 tmp=""
 if test "$use_standard_socket" != yes; then
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 2d7f85e47..d504d2a99 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -2,6 +2,11 @@
 @c This is part of the GnuPG manual.
 @c For copying conditions, see the file gnupg.texi.
 
+@c Note that we use this texinfo file for all versions of GnuPG: 
+@c 2.0 and 2.1.  The macro "gpgtwoone" controls parts which are only
+@c valid for GnuPG 2.1 and later.
+
+
 @node Invoking GPG-AGENT
 @chapter Invoking GPG-AGENT
 @cindex GPG-AGENT command options
@@ -438,8 +443,16 @@ a random socket below a temporary directory.  Tools connecting to
 environment variable @var{GPG_AGENT_INFO} and then fall back to this
 socket.  This option may not be used if the home directory is mounted on
 a remote file system which does not support special files like fifos or
-sockets.  Note, that @option{--use-standard-socket} is the default on
-Windows systems.  The default may be changed at build time.  It is
+sockets.
+@ifset gpgtwoone
+Note, that @option{--use-standard-socket} is the default on all
+systems since GnuPG 2.1.
+@end ifset
+@ifclear gpgtwoone
+Note, that @option{--use-standard-socket} is the default on
+Windows systems.
+@end ifclear
+The default may be changed at build time.  It is
 possible to test at runtime whether the agent has been configured for
 use with the standard socket by issuing the command @command{gpg-agent
 --use-standard-socket-p} which returns success if the standard socket
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 17f3e3269..36a49ba84 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,8 @@
+2010-10-06  Werner Koch  <[email protected]>
+
+	* import.c (transfer_secret_keys): Ignore missing key parameters.
+	Provide dummy IV.  Ignore stub keys.
+
 2010-10-01  Werner Koch  <[email protected]>
 
 	* export.c (do_export_stream): Rewrite to take the secret keys
diff --git a/g10/import.c b/g10/import.c
index 605c3b8ab..b3969770f 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1122,8 +1122,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
   if (!err)
     err = gcry_cipher_setkey (cipherhd, kek, keklen);
   if (err)
-    goto leave;
-  xfree (kek);
+    goto leave;  xfree (kek);
   kek = NULL;
 
   main_pk = NULL;
@@ -1143,6 +1142,11 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
       stats->count++;
       stats->secret_read++;
 
+      /* For now we ignore the stub keys becuase we don't have real
+         support for them in gpg-agent.  */
+      if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
+        continue;
+
       /* Convert our internal secret key object into an S-expression.  */
       nskey = pubkey_get_nskey (pk->pubkey_algo);
       if (!nskey || nskey > PUBKEY_MAX_NSKEY)
@@ -1156,7 +1160,9 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
       put_membuf_str (&mbuf, "(skey");
       for (i=j=0; i < nskey; i++)
         {
-          if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
+          if (!pk->pkey[i])
+            ; /* Protected keys only have NPKEY+1 elements.  */
+          else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
             {
               put_membuf_str (&mbuf, " e %b");
               format_args_buf_ptr[i] = gcry_mpi_get_opaque (pk->pkey[i], &n);
@@ -1189,7 +1195,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
       if (ski->is_protected)
         {
           char countbuf[35];
-
+          
+          /* Note that the IVLEN may be zero if we are working on a
+             dummy key.  We can't express that in an S-expression and
+             thus we send dummy data for the IV.  */
           snprintf (countbuf, sizeof countbuf, "%lu",
                     (unsigned long)ski->s2k.count);
           err = gcry_sexp_build
@@ -1197,7 +1206,8 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
              " (protection %s %s %b %d %s %b %s)\n",
              ski->sha1chk? "sha1":"sum",
              openpgp_cipher_algo_name (ski->algo),
-             (int)ski->ivlen, ski->iv,
+             ski->ivlen? (int)ski->ivlen:1,
+             ski->ivlen? ski->iv: (const unsigned char*)"X",
              ski->s2k.mode,
              openpgp_md_algo_name (ski->s2k.hash_algo),
              (int)sizeof (ski->s2k.salt), ski->s2k.salt,
diff --git a/tools/ChangeLog b/tools/ChangeLog
index aad09355e..f841ac13a 100644
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@@ -1,3 +1,7 @@
+2010-10-06  Werner Koch  <[email protected]>
+
+	* watchgnupg.c (print_version): Add option --time-only.
+
 2010-10-05  Werner Koch  <[email protected]>
 
 	* watchgnupg.c (main): Support TCP and local socket listening.
diff --git a/tools/watchgnupg.c b/tools/watchgnupg.c
index 95726dae9..958605c62 100644
--- a/tools/watchgnupg.c
+++ b/tools/watchgnupg.c
@@ -52,7 +52,7 @@
 
 
 static int verbose;
-
+static int time_only;
 
 static void
 die (const char *format, ...)
@@ -136,10 +136,15 @@ print_fd_and_time (int fd)
   time_t atime = time (NULL);
   
   tp = localtime (&atime);
-  printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ",
-          fd,
-          1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
-          tp->tm_hour, tp->tm_min, tp->tm_sec );
+  if (time_only)  
+    printf ("%3d - %02d:%02d:%02d ",
+            fd,
+            tp->tm_hour, tp->tm_min, tp->tm_sec );
+  else
+    printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ",
+            fd,
+            1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+            tp->tm_hour, tp->tm_min, tp->tm_sec );
 }
 
 
@@ -262,6 +267,7 @@ print_version (int with_help)
        "  --tcp       listen on a TCP port and optionally on a local socket\n"
        "  --force     delete an already existing socket file\n"
        "  --verbose   enable extra informational output\n"
+       "  --time-only print only the time; not a full timestamp\n"
        "  --version   print version of the program and exit\n"
        "  --help      display this help and exit\n"
        BUGREPORT_LINE, stdout );
@@ -306,6 +312,11 @@ main (int argc, char **argv)
           verbose = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--time-only"))
+        {
+          time_only = 1;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--force"))
         {
           force = 1;