diff options
| author | Werner Koch <[email protected]> | 2014-10-09 17:10:32 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-10-09 17:10:32 +0000 |
| commit | ec332d58efc50f6508b87fc9f51db68c39cee044 (patch) | |
| tree | e31b3ed8e4b220883af26b9aa42d78e61546f7ef /kbx/keybox-init.c | |
| parent | gpg: Change wording of a migration error message. (diff) | |
| download | gnupg-ec332d58efc50f6508b87fc9f51db68c39cee044.tar.gz gnupg-ec332d58efc50f6508b87fc9f51db68c39cee044.zip | |
gpg: Take care to use pubring.kbx if it has ever been used.
* kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
* kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
flag.
* kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
and set header flag.
* kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
and add arg for_openpgp.
(keybox_new_openpgp, keybox_new_x509): New. Use them instead of the
former keybox_new.
* kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
openpgp header flags.
* g10/keydb.c (rt_from_file): New. Factored out and extended from
keydb_add_resource.
(keydb_add_resource): Switch to the kbx file if it has the openpgp
flag set.
* kbx/keybox-dump.c (dump_header_blob): Print header flags.
--
The problem was reported by dkg on gnupg-devel (2014-10-07):
I just discovered a new problem, though, which will affect people on
systems that have gpg and gpg2 coinstalled:
0) create a new keyring with gpg2, and use it exclusively with gpg2
for a while.
1) somehow (accidentally?) use gpg (1.4.x) again -- this creates
~/.gnupg/pubring.gpg
2) future runs of gpg2 now only look at pubring.gpg and ignore
pubring.kbx -- the keys you had accumulated in the keybox are no
longer listed in the output of gpg2 --list-keys
Note that gpgsm has always used pubring.kbx and thus this file might
already be there but without gpg ever inserted a key. The new flag in
the KBX header gives us an indication whether a KBX file has ever been
written by gpg >= 2.1. If that is the case we will use it instead of
the default pubring.gpg.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'kbx/keybox-init.c')
| -rw-r--r-- | kbx/keybox-init.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index 8ae3ec315..0d4800e12 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -77,15 +77,10 @@ keybox_is_writable (void *token) -/* Create a new handle for the resource associated with TOKEN. SECRET - is just a cross-check. - - The returned handle must be released using keybox_release (). */ -KEYBOX_HANDLE -keybox_new (void *token, int secret) +static KEYBOX_HANDLE +do_keybox_new (KB_NAME resource, int secret, int for_openpgp) { KEYBOX_HANDLE hd; - KB_NAME resource = token; int idx; assert (resource && !resource->secret == !secret); @@ -94,6 +89,7 @@ keybox_new (void *token, int secret) { hd->kb = resource; hd->secret = !!secret; + hd->for_openpgp = for_openpgp; if (!resource->handle_table) { resource->handle_table_size = 3; @@ -135,6 +131,30 @@ keybox_new (void *token, int secret) return hd; } + +/* Create a new handle for the resource associated with TOKEN. SECRET + is just a cross-check. This is the OpenPGP version. The returned + handle must be released using keybox_release. */ +KEYBOX_HANDLE +keybox_new_openpgp (void *token, int secret) +{ + KB_NAME resource = token; + + return do_keybox_new (resource, secret, 1); +} + +/* Create a new handle for the resource associated with TOKEN. SECRET + is just a cross-check. This is the X.509 version. The returned + handle must be released using keybox_release. */ +KEYBOX_HANDLE +keybox_new_x509 (void *token, int secret) +{ + KB_NAME resource = token; + + return do_keybox_new (resource, secret, 0); +} + + void keybox_release (KEYBOX_HANDLE hd) { |