aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Remove debug output accidently introduced with 027c4e5.Werner Koch2016-05-211-3/+0
| | | | | | | -- Fixes-commit: 027c4e55522b8e18711a3331932a9869ab89ca26 Signed-off-by: Werner Koch <[email protected]>
* gpg: Store the Tofu meta handle for databases in CTRL.Werner Koch2016-05-219-47/+70
| | | | | | | | | | | | | | | | | | * g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations. (struct server_control_s): Add field tofu.dbs. * g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by by tofu_dbs_t. (opendbs): Add arg CTRL. Cache the DBS in CTRL. (closedbs): Rename to tofu_closedbs and make global. Add arg CTRL. (tofu_register): Add arg CTRL. Change all callers. Do not call closedbs. (tofu_get_validity): Ditto. (tofu_set_policy): Ditto. (tofu_get_policy): Ditto. (tofu_set_policy_by_keyid): Add arg CTRL. * g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs. Signed-off-by: Werner Koch <[email protected]>
* gpg: Pass CTRL object down to the trust functionsWerner Koch2016-05-2116-152/+180
| | | | Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix the TOFU_STATS_LONG status.Werner Koch2016-05-212-7/+10
| | | | | | | | | | | * g10/tofu.c (show_statistics): Print TOFU STATS with formatting characters. -- We better leave the non-breaking space character in the status messages so that the caller can make use of them. Signed-off-by: Werner Koch <[email protected]>
* gpg: Print "[ never ]" instead of err for validity.Werner Koch2016-05-191-0/+1
| | | | | | * g10/trust.c (uid_trust_string_fixed): Handle NEVER. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add --weak-digest to gpgv's help screen.Werner Koch2016-05-181-1/+2
| | | | | | -- Suggested-by: Daniel Kahn Gillmor
* dirmngr: Adjust the WKD lookup to specs version -01.Werner Koch2016-05-181-2/+0
| | | | | | | | | * dirmngr/server.c (cmd_wkd_get): Remove second occurrence of the domain part. -- This change updates gnupg to comply with draft-koch-openpgp-webkey-service-01
* gpg: Emit new status line KEY_CONSIDERED.Werner Koch2016-05-173-83/+151
| | | | | | | | | | | | | * common/status.h (STATUS_KEY_CONSIDERED): New. * g10/getkey.c: Include status.h. (LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New. (finish_lookup): Add arg R_FLAGS. Count expired and revoked keys and set flag. Check a requested usage before checking for expiraion or revocation. (print_status_key_considered): New. (lookup): Print new status. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix signature checking.NIIBE Yutaka2016-05-111-4/+9
| | | | | | | | | | | | * g10/sig-check.c (check_signature_over_key_or_uid): Fix call to walk_kbnode. -- Thanks to Vincent Brillault (Feandil). GnuPG-bug-id: 2351 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Allow unattended deletion of secret keys.Werner Koch2016-05-106-10/+45
| | | | | | | | | | | | | | | * agent/command.c (cmd_delete_key): Make the --force option depend on --disallow-loopback-passphrase. * g10/call-agent.c (agent_delete_key): Add arg FORCE. * g10/delkey.c (do_delete_key): Pass opt.answer_yes to agent_delete_key. -- Unless the agent has been configured with --disallow-loopback-passpharse an unattended deletion of a secret key is now possible with gpg by using --batch _and_ --yes. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix buglet in the check_all_keysigs function.Werner Koch2016-05-091-2/+3
| | | | | | | | | | | | | | | * g10/keyedit.c (sig_comparison): Actually compare the pubkey algorithms. -- This fixes two bugs: The first was a typo which led to us comparing A with A. The second problem was the use of an assert at a place where this can't be asserted: Two signature may have different algorithms; they won't verify but after all it is about corrupted signatures. Reported-by: Guilhem Moulin <[email protected]> GnuPG-bug-id: 2236 Signed-off-by: Werner Koch <[email protected]>
* gpg: Request a "save" after cmd "check" fixed something.Werner Koch2016-05-091-2/+3
| | | | | | | | | * g10/keyedit.c (keyedit_menu) <cmdCHECK>: Set modified. -- Reported-by: Guilhem Moulin <[email protected]> GnuPG-bug-id: 2236 Signed-off-by: Werner Koch <[email protected]>
* po: Update Japanese translation.NIIBE Yutaka2016-05-091-245/+165
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updates.Werner Koch2016-05-042-1/+5
| | | | --
* Release 2.1.12gnupg-2.1.12Werner Koch2016-05-041-1/+50
|
* speedo,w32: Remove the installation directory page.Werner Koch2016-05-041-8/+8
| | | | | | * build-aux/speedo/w32/inst.nsi (MUI_PAGE_DIRECTORY): Remove. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix const char pointer mismatch with gettext.Werner Koch2016-05-041-3/+4
| | | | | | * g10/tofu.c (get_trust): Use const char *. Signed-off-by: Werner Koch <[email protected]>
* speedo: Build sqlite with static-libgcc.Werner Koch2016-05-042-1/+44
| | | | | | | | * build-aux/speedo/patches/sqlite.patch: New. * Makefile.am (EXTRA_DIST): Add file. -- Signed-off-by: Werner Koch <[email protected]>
* speedo: Also try patch files w/o version number.Werner Koch2016-05-041-0/+4
| | | | | | * build-aux/speedo.mk (SPKG_template): Try such a patch file. Signed-off-by: Werner Koch <[email protected]>
* speedo,w32: Install sqliteAndre Heinecke2016-05-041-0/+9
| | | | * build-aux/speedo/w32/inst.nsi (-sqlite, -un.sqlite): New.
* speedo,w32: Fix uninstallationAndre Heinecke2016-05-041-0/+2
| | | | | * build-aux/speedo/w32/inst.nsi (-un.gnupg): Delete distsigkey and dirmngr-conf.skel
* speedo,w32: Install localisationAndre Heinecke2016-05-041-0/+239
| | | | | * build-aux/speedo/w32/inst.nsi (-libgpg-error, GnuPG): Install l10n. (-un.libgpg-error, -un.gnupg): Uninstall l10n files.
* po: Auto-updateWerner Koch2016-05-0425-1893/+3871
| | | | --
* tests: Disable the migrations testsWerner Koch2016-05-042-2/+1
| | | | | | | | | | | | * tests/Makefile.am (SUBDIRS): Remove migrations. * configure.ac (AC_CONFIG_FILES): Remove migrations Makefile. -- The tests introduced with commit defbc70b require some non-portable tools like mktemp and basename. They further fail with "make distcheck". Removed for now. Signed-off-by: Werner Koch <[email protected]>
* po: Update Russian translationIneiev2016-05-041-253/+220
| | | | Signed-off-by: Werner Koch <[email protected]>
* po: Update German translation.Werner Koch2016-05-041-105/+196
| | | | Signed-off-by: Werner Koch <[email protected]>
* Some minor string changes and fixed a printf format.Werner Koch2016-05-043-9/+16
| | | | | | | * g10/build-packet.c (notation_value_to_human_readable_string): Use %zu for size_t. Signed-off-by: Werner Koch <[email protected]>
* build: Update config.{guess,sub} to 2016-04-02 and 2016-03-30.Werner Koch2016-05-042-69/+110
| | | | | | | * build-aux/config.guess: Update. * build-aux/config.sub: Update. Signed-off-by: Werner Koch <[email protected]>
* agent: Make --allow-loopback-pinentry the default.Werner Koch2016-05-043-10/+16
| | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oNoAllowLoopbackPinentry): New. (opts): Add --no-allow-loopback-pinentry. Hide description of --allow-loopback-pinentry. (parse_rereadable_options): Set opt.allow_loopback_pinentry by default. (main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry in the gpgconf list. * tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto. -- Given that a user can anyway change that options in the gpg-agent.conf file and that gpg needs to be invoked with --pinentry-mode=loopback the former default does not make much sense - in that option is useful at all. There was a discussion of this topic on gnupg-devel in April without a clear result. So we try this new default and just in case real problems are found for the majority of installations, we can revert that. The new default is also aligned with GnuPG's policy to make its use easier and only require users with very high security standards to tweak certain options (those users have anyway modeled their threat model and configured their software according to this). Signed-off-by: Werner Koch <[email protected]>
* common: Print https URLs in help messages.Werner Koch2016-05-031-4/+4
| | | | | | * common/argparse.c (strusage): Print https URLS. Signed-off-by: Werner Koch <[email protected]>
* tests: Silence output of some tests.Werner Koch2016-05-037-18/+40
| | | | | | | | | | | | | | * common/t-exechelp.c (print_open_fds): Silence non-verbose output. (test_close_all_fds): Ditto. * common/t-session-env.c (show_stdnames): Indent output. * g10/test.c (TEST): Silence non-verbose okay output. (exit_tests): Ditto. * tools/gpg-zip.in (tar_verbose_opt): Add option --quiet. * tests/openpgp/gpgtar.test (GPGZIP): Pass option --quiet. * tests/openpgp/mds.test: Indent MD5 notice. * tests/openpgp/version.test: Indent --version output. Signed-off-by: Werner Koch <[email protected]>
* gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.Werner Koch2016-05-032-8/+105
| | | | | | | | | * g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD. (FULL_TRUST_THRESHOLD): New. (write_stats_status): New. (show_statistics): Call new function. Print TOFU_STATS_LONG. Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend TRUST_foo status lines with the trust model.Werner Koch2016-05-024-24/+58
| | | | | | | | | | | * g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New. * g10/trustdb.c (trust_model_string): Lowercase the strings. Add arg "model" and change callers to call with OPT.TRUST_MODEL. * g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED. * g10/pkclist.c (write_trust_status): New. (check_signatures_trust): Call new function. Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve line wrapping for a tofu message.Werner Koch2016-05-021-8/+14
| | | | | | | * g10/tofu.c (time_ago_str): Mark non-breakable spaces. (show_statistics): Remove marks. Signed-off-by: Werner Koch <[email protected]>
* gpg: Re-format some tofu messages.Werner Koch2016-05-022-107/+156
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS) (STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New. * g10/tofu.c (NO_WARNING_THRESHOLD): New. (record_binding, tofu_register): Take care of --dry-run. (show_statistics): Print STATUS_TOFU_USER. Reformat some messages. Fix the ngettext/strcmp thing. Use log_string instead of log_info. Use NO_WARNING_THRESHOLD constant. (get_trust): Use format_text and print a compact fingerprint. -- The use of log_string makes long messages better readable; instead of gpg: Warning: if you think you've seen more[...] key, then this key might be a forgery! Car[...] address for small variations. If the key i[...] we now have gpg: Warning: if you think you've seen more[...] key, then this key might be a forgery![...] address for small variations. If the [...] We also put the key information after the message and not between the user id and the last used info like here: gpg: Verified 7 messages signed by "Werner Koch <[email protected]>" in the past 4 days, 16 hours. The most recent message was verified 3 days, 13 hours ago. (key: 8061 5870 F5BA D690 3336 [...] 1E42 B367, policy: auto) This also makes the key info a separate translatable string. Further a compact version of the fingerprint (hex w/o spaces) is printed in some messages. Signed-off-by: Werner Koch <[email protected]>
* doc: Add a comment about the goals of the agent.Werner Koch2016-05-021-0/+26
| | | | --
* scd: More fix of error return path.NIIBE Yutaka2016-05-021-2/+2
| | | | | | | | | | * scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of apdu_connect. -- GnuPG-bug-id: 2306 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Extend log_string to indent lines.Werner Koch2016-04-291-3/+18
| | | | | | | * common/logging.c (do_logv): Add indentation when called via log_string. Signed-off-by: Werner Koch <[email protected]>
* gpg: Factor some code code out of tofu.cWerner Koch2016-04-291-82/+82
| | | | | | | | | | | | | | | | * g10/tofu.c (string_to_long): New. (string_to_ulong): New. (get_single_unsigned_long_cb): Replace strtol/strtoul by new function. (get_single_long_cb): Ditto. (signature_stats_collect_cb): Ditto. (get_policy): Ditto. (show_statistics): Ditto. Uese es_free instead of free. -- There is one minor semantic change: We now accept "nnn.0" always. The old code did not checked for ".0: in show_statistics. Signed-off-by: Werner Koch <[email protected]>
* doc: Fix name of gpg's option --tofu-policyWerner Koch2016-04-291-2/+2
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove all assert.h and s/assert/log_assert/.Werner Koch2016-04-2952-285/+232
| | | | Signed-off-by: Werner Koch <[email protected]>
* common: Improve log_assert.Werner Koch2016-04-292-15/+39
| | | | | | | | | * common/logging.c (bug_at): Do not i18n the string. (_log_assert): New. * common/logging.h (log_assert): Use new function and pass line information. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix error return path.NIIBE Yutaka2016-04-281-3/+4
| | | | | | | | | | * scd/ccid-driver.c (bulk_in): Remove EAGAIN handling. Handle LIBUSB_ERROR_NO_DEVICE to return CCID_DRIVER_ERR_NO_READER. -- GnuPG-bug-id: 2306 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix memory leaks.NIIBE Yutaka2016-04-271-1/+10
| | | | | | | | | | * scd/ccid-driver.c (scan_or_find_usb_device): Return on LIBUSB_ERROR_NO_MEM. Free CONFIG before return except on error. (scan_or_find_devices): Free device list. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.Werner Koch2016-04-2712-22/+187
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for [email protected] is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address [email protected] can be used for testing. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add experimental command WKD_GET.Werner Koch2016-04-271-4/+74
| | | | | | | * dirmngr/server.c (cmd_wkd_get): New. (register_commands): Add command WKD_GET. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Use system provided root CAs with KS_FETCH.Werner Koch2016-04-272-2/+5
| | | | | | * dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS. Signed-off-by: Werner Koch <[email protected]>
* http: Allow to request system defined CAs for TLS.Werner Koch2016-04-265-14/+41
| | | | | | | | | | | | * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. * dirmngr/http.c (http_session_new): Add arg "flags". * dirmngr/ks-engine-hkp.c (send_request): Use new flag HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Add OpenPGP card vendor 0x2342.Werner Koch2016-04-261-1/+1
| | | | --
* common: Minor fixes for the new private-keys.c.Werner Koch2016-04-251-31/+41
| | | | | | | | | | | | | | | | | | | | | | | * common/private-keys.c (my_error_from_syserror): New. Use it in place of gpg_error_from_syserror. (_pkc_add, pkc_lookup, pke_next_value): Use ascii_strcasecmp. (pkc_parse): Use xtrystrdup and append_to_strlist_try as intended. (_pkc_add): Add braces around if-statement. -- We should have a macro so that we do not need to define a wrapper function like my_error_from_syserror in files where it is needed. I am not sure about a proper name, "my_" seems to be the easiest replacement. Note that the global DEFAULT_ERRSOURCE is relatively new to replace the need to convey the error source in function calls; we want that function from common/ return the error source of the main binary. We require that a key is ASCII and thus we better use ascii_strcasecmp to avoid problems with strange locales. Signed-off-by: Werner Koch <[email protected]>