From mk at fsfe.org Sun Jul 2 11:06:12 2006 From: mk at fsfe.org (Matthias Kirschner) Date: Sun Jul 2 11:05:44 2006 Subject: [solver] Re: Udev script not working In-Reply-To: <20060630104336.GA21035@sirena.org.uk> References: <20060629142435.GC3365@mbwg.de> <20060630104336.GA21035@sirena.org.uk> Message-ID: <20060702090612.GA4230@mbwg.de> Hi Mark, * Mark Brown [2006-06-30 11:43:38 +0100]: > Yes, that should be all you need (modulo the quotes which seem to have > got messed up, probably at the point where I posted the rules on the > web). > > > Should I add the above to /etc/udev/udev.rules and remove this three > > rules? > > You shouldn't need anything except the above rules to get the > permissions set on the nodes for the card reader so anything else you > added for it could be removed. It worked, I added the following to /etc/udev/udev.rules and restarted udev. [...] # USB devices SUBSYSTEM=="usb_device", SYSFS{idVendor}=="04e6", SYSFS{idProduct}=="e003", GROUP="scard", MODE="0664" SUBSYSTEM=="usb_device", SYSFS{bDeviceClass}=="0??0B", GROUP="scard", MODE="0664" SUBSYSTEM=="usb_device", SYSFS{idVendor}=="04e6", SYSFS{idProduct}=="5115", GROUP="scard", MODE="0664" BUS=="usb", KERNEL=="auer[0-9]*", NAME="usb/%k" BUS=="usb", KERNEL=="cpad[0-9]*", NAME="usb/%k" BUS=="usb", KERNEL=="dabusb*", NAME="usb/%k" BUS=="usb", KERNEL=="hiddev*", NAME="usb/%k" BUS=="usb", KERNEL=="legousbtower*", NAME="usb/%k" BUS=="usb", KERNEL=="lp[0-9]*", NAME="usb/%k" BUS=="usb", KERNEL=="ttyUSB*", \ SYSFS{product}=="Palm Handheld*|Handspring Visor", \ SYMLINK+="pilot" # usbfs-like devices SUBSYSTEM=="usb_device", PROGRAM="/bin/sh -c 'K=%k; K=$${K#usbdev}; printf bus/usb/%%03i/%%03i $${K%%%%.*} $${K#*.}'", \ NAME="%c" [...] Thank you very much, Matze -- Join the Fellowship and protect your freedom! (http://www.fsfe.org) From marcus.brinkmann at ruhr-uni-bochum.de Thu Jul 6 09:10:22 2006 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Thu Jul 6 09:12:32 2006 Subject: gpa-0.7.3 segfault when openig a file In-Reply-To: <20060619193842.7110e779.fredgk@gmail.com> References: <20060619193842.7110e779.fredgk@gmail.com> Message-ID: <87k66rw6n5.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Mon, 19 Jun 2006 19:38:42 +0200, fredg wrote: > > Hi, > > Just built it under Zenwalk linux, against gpgme-1.1.2. > I got a segfault when trying to open a file. Sorry, I can not reproduce this. > Here is a gdb backtrace: > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread -1217018176 (LWP 23885)] > 0xb7e0fb66 in gtk_scrolled_window_add_with_viewport () > from /usr/lib/libgtk-x11-2.0.so.0 > (gdb) bt > #0 0xb7e0fb66 in gtk_scrolled_window_add_with_viewport () > from /usr/lib/libgtk-x11-2.0.so.0 > #1 0xb7e0fbdb in gtk_scrolled_window_add_with_viewport () > from /usr/lib/libgtk-x11-2.0.so.0 > #2 0xb7dd1345 in gtk_list_store_new () from /usr/lib/libgtk-x11-2.0.so.0 > #3 0xb7e6eafa in gtk_tree_model_iter_next () from /usr/lib/libgtk-x11-2.0.so.0 The crash seems to happen in Gtk+. This does not mean that the bug is necessarily in Gtk+. I am using 2.8.18 (on Ubuntu 6.06). > #4 0x080535eb in ?? () > #5 0x081b6c80 in ?? () > #6 0xbfc91750 in ?? () > #7 0x082145f8 in ?? () > #8 0x08050e70 in ?? () > #9 0x0821c028 in ?? () > #10 0x00000000 in ?? () > (gdb) This would be the interesting part. You are missing debug symbols in gpa (try to build with CFLAGS=-g) and gtk (try to install the debug packages if they exist). Thanks, Marcus From harry_b at mm.st Thu Jul 6 11:54:16 2006 From: harry_b at mm.st (harry_b@mm.st) Date: Thu Jul 6 13:25:43 2006 Subject: gpgme secret key problem Message-ID: <2BC8921CDA776C2A4D3E1214@[192.168.42.12]> Hello, I am struggling with a problem finding whether a secret key is available or not. The reason for this is, that I want to display a warning to the user, if he encrypts data without one of his own keys. Obviously, he wouldn't be able to read the data himself if he does so. My function to look for the secret key is this: int gpgIsSecretKey(char* keyname) { gpgme_ctx_t context; gpgme_key_t key; gpgme_error_t error; int secret = 0; /* get a new context */ error = gpgme_new(&context); if (error) { gpgme_release(context); gpgError(error); return 0; } /* start cycling through the list of keys */ error = gpgme_op_keylist_start(context, keyname, LIST_SECRET); if (error) { gpgme_release(context); gpgError(error); return 0; } while (!(error = gpgme_op_keylist_next(context, &key))) { /* take the first usable key we find */ /* TODO: only choose usable secret keys */ if (key -> can_encrypt && key -> secret && !key -> disabled && !key -> expired && !key -> invalid && !key -> revoked) { /* we just use keys we can encrypt for */ secret = 1; } gpgme_key_unref(key); if (secret) { break; } } gpgme_release(context); return secret; } I can't see what I do wrong but obviously this does not always work as intended. Some users complain that I display the warning even when they use their own key. With my own key everything works fine. Any ideas what I miss? TIA, Harry. -- 1024D/40F14012 18F3 736A 4080 303C E61E 2E72 7E05 1F6E 40F1 4012 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT/S dx s: a C++ ULS++++$ P+++ L+++$ !E W++ N+ o? K? !w !O !M V PS+ PE Y? PGP+++ t+ 5-- X+ R+ !tv b++ DI++ D+ G e* h r++ y++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060706/6c125c58/attachment-0001.pgp From dshaw at jabberwocky.com Sun Jul 9 00:54:25 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Jul 9 00:53:16 2006 Subject: uClibc : Failure to build with version>1.4.2 In-Reply-To: <03a701c69b3d$05b8b820$f9b5a8c0@pii350> References: <03a701c69b3d$05b8b820$f9b5a8c0@pii350> Message-ID: <20060708225425.GB30219@jabberwocky.com> On Thu, Jun 29, 2006 at 07:29:41AM +0200, Gilles Espinasse wrote: > With glibc-2.3.3 or glibc-2.3.6, it work with those options and > 1.4.2/1.4.3/1.4.4 gnupg versions > ./configure --prefix=/usr --disable-nls --disable-mailto --disable-photo-vie > wers --disable-ldap > > With uClibc-0.9.28, it work with 1.4.2 but fail with 1.4.3/1.4.4 > configure result is > ... > checking for library containing res_query... no > checking for library containing __res_query... none required > checking for library containing dn_expand... no > checking for library containing __dn_expand... none required > checking for library containing dn_skipname... no > checking for library containing __dn_skipname... no > checking whether the resolver is usable... yes > ... > > Compilation error message is > ../util/libutil.a(pka.o): In function `get_pka_info': > pka.c:(.text+0x143): undefined reference to `__dn_skipname' > pka.c:(.text+0x192): undefined reference to `__dn_skipname' > ../util/libutil.a(cert.o): In function `get_cert': > cert.c:(.text+0xcc): undefined reference to `__dn_skipname' > cert.c:(.text+0xf4): undefined reference to `__dn_skipname' > collect2: ld returned 1 exit status > > It only work with 1.4.3/1.4.4 by adding to configure > --disable-dns-pka --disable-dns-cert --disable-dns-srv This should be fixed now for the next release. Thanks for the report. David From npcole at yahoo.co.uk Sun Jul 9 17:31:26 2006 From: npcole at yahoo.co.uk (Nicholas Cole) Date: Sun Jul 9 18:30:37 2006 Subject: Building libgpg-error on OS X 10.4 Message-ID: <20060709153126.38938.qmail@web26713.mail.ukl.yahoo.com> I'm trying to build libgpg-error on OS X 10.4. ./configure runs fine, but the build fails with the error copied at the end of this email. Any hints? Best wishes, N *** Warning: Linking the shared library libgpg-error.la against the *** static library ../intl/libintl.a is not portable! gcc -dynamiclib -flat_namespace -undefined suppress -o .libs/libgpg-error.0.2.1.dylib .libs/libgpg_error_la-init.o .libs/libgpg_error_la-strsource.o .libs/libgpg_error_la-strerror.o .libs/libgpg_error_la-code-to-errno.o .libs/libgpg_error_la-code-from-errno.o ../intl/libintl.a /usr/lib/libiconv.dylib -Wl,-framework -Wl,CoreFoundation -install_name /usr/local/lib/libgpg-error.0.dylib -Wl,-compatibility_version -Wl,3 -Wl,-current_version -Wl,3.1 ld: warning multiple definitions of symbol _locale_charset ../intl/libintl.a(localcharset.o) definition of _locale_charset in section (__TEXT,__text) /usr/lib/libiconv.dylib(localcharset.o) definition of _locale_charset ld: common symbols not allowed with MH_DYLIB output format with the -multi_module option ../intl/libintl.a(loadmsgcat.o) definition of common __nl_msg_cat_cntr (size 16) ../intl/libintl.a(dcigettext.o) definition of common _libintl_nl_domain_bindings (size 16) ../intl/libintl.a(plural-exp.o) definition of common _libintl_gettext_germanic_plural (size 32) /usr/bin/libtool: internal link edit command failed make[3]: *** [libgpg-error.la] Error 1 make[2]: *** [all] Error 2 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 ___________________________________________________________ All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html From mark at mcs.vuw.ac.nz Sun Jul 9 00:12:41 2006 From: mark at mcs.vuw.ac.nz (Mark Davies) Date: Mon Jul 10 14:39:46 2006 Subject: configure's tar ustar test can fail on Solaris Message-ID: <200607091012.41453.mark@mcs.vuw.ac.nz> The grep on Solaris has difficulty with binary files so may not detect the "ustar" in the output of tar during the configure test for tar speaking USTAR. The below patch fixes by passing the output through strings first. --- m4/tar-ustar.m4.orig Sun Jul 9 10:07:40 2006 +++ m4/tar-ustar.m4 Sun Jul 9 10:07:57 2006 @@ -27,7 +27,7 @@ if test x$_mytar != x ; then AC_MSG_CHECKING([whether $_mytar speaks USTAR]) echo hithere > conftest.txt - $_mytar -cf - conftest.txt | grep -q ustar + $_mytar -cf - conftest.txt | strings | grep -q ustar _tar_bad=$? rm conftest.txt cheers mark From dshaw at jabberwocky.com Tue Jul 11 13:59:23 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jul 11 13:58:02 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: <200607091012.41453.mark@mcs.vuw.ac.nz> References: <200607091012.41453.mark@mcs.vuw.ac.nz> Message-ID: <20060711115923.GC4513@jabberwocky.com> On Sun, Jul 09, 2006 at 10:12:41AM +1200, Mark Davies wrote: > The grep on Solaris has difficulty with binary files so may not detect > the "ustar" in the output of tar during the configure test for tar > speaking USTAR. The below patch fixes by passing the output through > strings first. Thanks! All fixed. David From wk at gnupg.org Tue Jul 11 17:35:26 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Jul 11 17:41:20 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: <200607091012.41453.mark@mcs.vuw.ac.nz> (Mark Davies's message of "Sun, 9 Jul 2006 10:12:41 +1200") References: <200607091012.41453.mark@mcs.vuw.ac.nz> Message-ID: <87r70sf935.fsf@wheatstone.g10code.de> On Sun, 9 Jul 2006 00:12, Mark Davies said: > - $_mytar -cf - conftest.txt | grep -q ustar > + $_mytar -cf - conftest.txt | strings | grep -q ustar I am not sure whether strings is available on all platforms. What about $_mytar -cf - conftest.txt | ( strings || cat ) | grep -q ustar Shalom-Salam, Werner From dshaw at jabberwocky.com Tue Jul 11 17:53:11 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jul 11 17:52:01 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: <87r70sf935.fsf@wheatstone.g10code.de> References: <200607091012.41453.mark@mcs.vuw.ac.nz> <87r70sf935.fsf@wheatstone.g10code.de> Message-ID: <20060711155311.GA14930@jabberwocky.com> On Tue, Jul 11, 2006 at 05:35:26PM +0200, Werner Koch wrote: > On Sun, 9 Jul 2006 00:12, Mark Davies said: > > > - $_mytar -cf - conftest.txt | grep -q ustar > > + $_mytar -cf - conftest.txt | strings | grep -q ustar > > I am not sure whether strings is available on all platforms. What > about > > $_mytar -cf - conftest.txt | ( strings || cat ) | grep -q ustar Does cat actually solve the problem here? If the problem is that Sun grep doesn't grep within binary data, then cat won't un-binary the tarball. David From npcole at yahoo.co.uk Tue Jul 11 20:32:56 2006 From: npcole at yahoo.co.uk (Nicholas Cole) Date: Tue Jul 11 20:32:47 2006 Subject: gpg-error on intel macs Message-ID: <20060711183256.76083.qmail@web26709.mail.ukl.yahoo.com> Further to my other email, it seems that libgpg-error will build fine on PPC machines, and the build problem I'm encountering seems to be an Intel only problem. Best, N ___________________________________________________________ The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html From richw at richw.org Tue Jul 11 20:05:34 2006 From: richw at richw.org (Rich Wales) Date: Tue Jul 11 21:55:41 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: <20060711155311.GA14930@jabberwocky.com> References: <200607091012.41453.mark@mcs.vuw.ac.nz> <87r70sf935.fsf@wheatstone.g10code.de> <20060711155311.GA14930@jabberwocky.com> Message-ID: <20060711180534.E5D5F3C353@whodunit.richw.org> David Shaw wrote: >> $_mytar -cf - conftest.txt | ( strings || cat ) | grep -q ustar > > Does cat actually solve the problem here? If the problem is that Sun > grep doesn't grep within binary data, then cat won't un-binary the > tarball. How about "cat -v", maybe? Rich Wales Palo Alto, CA, USA richw@richw.org http://www.richw.org From dshaw at jabberwocky.com Wed Jul 12 04:51:20 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jul 12 04:50:08 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: <20060711180534.E5D5F3C353@whodunit.richw.org> References: <200607091012.41453.mark@mcs.vuw.ac.nz> <87r70sf935.fsf@wheatstone.g10code.de> <20060711155311.GA14930@jabberwocky.com> <20060711180534.E5D5F3C353@whodunit.richw.org> Message-ID: <20060712025120.GB15493@jabberwocky.com> On Tue, Jul 11, 2006 at 11:05:34AM -0700, Rich Wales wrote: > David Shaw wrote: > > >> $_mytar -cf - conftest.txt | ( strings || cat ) | grep -q ustar > > > > Does cat actually solve the problem here? If the problem is that Sun > > grep doesn't grep within binary data, then cat won't un-binary the > > tarball. > > How about "cat -v", maybe? Good idea. I don't know how common cat -v is, but at least FreeBSD, Linux, and Solaris have it. The thing is, the 'ustar' string is always at the same byte offset in the file. I'm wondering if "head -c 262 | tail -c 5" would do it, or some sed or awk magic... David From wk at gnupg.org Wed Jul 12 07:43:56 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Jul 12 07:46:22 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: <20060711155311.GA14930@jabberwocky.com> (David Shaw's message of "Tue, 11 Jul 2006 11:53:11 -0400") References: <200607091012.41453.mark@mcs.vuw.ac.nz> <87r70sf935.fsf@wheatstone.g10code.de> <20060711155311.GA14930@jabberwocky.com> Message-ID: <87mzbffkdf.fsf@wheatstone.g10code.de> On Tue, 11 Jul 2006 17:53, David Shaw said: >> $_mytar -cf - conftest.txt | ( strings || cat ) | grep -q ustar > > Does cat actually solve the problem here? If the problem is that Sun No, but the grep won't fail, although it won't return a correct result. The important thing here is to make sure that configure works; the autoconf manual as a couple of hints although it doesn't ntell that sed does not need to work on binary files. Salam-Shalom, Werner From beebe at math.utah.edu Wed Jul 12 14:47:52 2006 From: beebe at math.utah.edu (Nelson H. F. Beebe) Date: Wed Jul 12 15:25:35 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: Your message of Tue, 11 Jul 2006 22:51:20 -0400 Message-ID: David Shaw comments today: >> ... >> The thing is, the 'ustar' string is always at the same byte offset in >> the file. I'm wondering if "head -c 262 | tail -c 5" would do it, or >> some sed or awk magic... >> ... Neither sed nor awk can handle binary files; gawk can, but may not be universally available. The tool you want is venerable dd: this works back to at least Unix version V7: $ dd skip=257 bs=1 count=5 if=foo.tar 2>/dev/null | grep ustar ustar ------------------------------------------------------------------------------- - Nelson H. F. Beebe Tel: +1 801 581 5254 - - University of Utah FAX: +1 801 581 4148 - - Department of Mathematics, 110 LCB Internet e-mail: beebe@math.utah.edu - - 155 S 1400 E RM 233 beebe@acm.org beebe@computer.org - - Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ - ------------------------------------------------------------------------------- From dshaw at jabberwocky.com Wed Jul 12 16:04:57 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jul 12 16:03:41 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: References: Message-ID: <20060712140457.GA18687@jabberwocky.com> On Wed, Jul 12, 2006 at 06:47:52AM -0600, Nelson H. F. Beebe wrote: > David Shaw comments today: > > >> ... > >> The thing is, the 'ustar' string is always at the same byte offset in > >> the file. I'm wondering if "head -c 262 | tail -c 5" would do it, or > >> some sed or awk magic... > >> ... > > Neither sed nor awk can handle binary files; gawk can, but may not be > universally available. > > The tool you want is venerable dd: this works back to at least Unix > version V7: > > $ dd skip=257 bs=1 count=5 if=foo.tar 2>/dev/null | grep ustar > ustar Excellent suggestion. Here's what I have now: $_mytar -cf - conftest.txt | (dd skip=257 bs=1 count=5 2>/dev/null || cat) | grep ustar > /dev/null David From mario.lenz at gmx.net Wed Jul 12 21:09:00 2006 From: mario.lenz at gmx.net (Mario Lenz) Date: Wed Jul 12 22:55:56 2006 Subject: GPGME: Exporting private OpenPGP keys Message-ID: <1152731340.4176.8.camel@mario> Hi! I need to export OpenPGP keys. As far as I can see it's possible to export public keys, but I miss a function for private ones. If no one is working on this at the moment, I'd like to give it a try and write one- if that's ok for you. (I won't promise anything, though ;-) cu Mario PS I'm on the right mailing list, am I? From sadam at CLEMSON.EDU Wed Jul 12 23:27:59 2006 From: sadam at CLEMSON.EDU (Adam Schreiber) Date: Thu Jul 13 00:55:36 2006 Subject: GPGME: Exporting private OpenPGP keys In-Reply-To: <1152731340.4176.8.camel@mario> References: <1152731340.4176.8.camel@mario> Message-ID: <44B5695F.9020104@clemson.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mario Lenz wrote: > I need to export OpenPGP keys. As far as I can see it's possible to > export public keys, but I miss a function for private ones. If no one is Seahorse has a function that uses gpg --armor --export-secret-key Cheers, Adam Schreiber - -- Why isn't all of your email protected? http://gnupg.org http://enigmail.mozdev.org http://seahorse.sourceforge.net http://live.gnome.org/Seahorse -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEtWlfjU1oaHEI4wgRAvI1AJ4rJbyOjqozR0BFNQSb9XIANzphIgCgu0K7 2G9tHaNcCIJZCRYItSc3gQY= =zo3p -----END PGP SIGNATURE----- From mario.lenz at gmx.net Thu Jul 13 22:36:29 2006 From: mario.lenz at gmx.net (Mario Lenz) Date: Thu Jul 13 22:35:14 2006 Subject: GPGME: Exporting private OpenPGP keys In-Reply-To: <44B5695F.9020104@clemson.edu> References: <1152731340.4176.8.camel@mario> <44B5695F.9020104@clemson.edu> Message-ID: <1152822989.4649.11.camel@mario> Hi! > > I need to export OpenPGP keys. As far as I can see it's possible to > > export public keys, but I miss a function for private ones. If no one is > > Seahorse has a function that uses gpg --armor --export-secret-key Is there a reason why this function isn't part of GPGME? If it's just because you havn't had time yet: I would do it. I had a look at it and it seems that the easiest way would be to change: if (reserved) return gpg_error (GPG_ERR_INV_VALUE); err = add_arg (gpg, "--export"); to: if (reserved == 0) err = add_arg (gpg, "--export"); else if (reserved == 1) err = add_arg (gpg, --export-secret-keys"); else return gpg_error (GPG_ERR_INV_VALUE); in functions gpg_export and gpg_export_ext (both gpgme/rungpg.c). Of course, you would loose the reserved parameter. But I would even sit down and write new functions if you don't like this solution. Mario From marcus.brinkmann at ruhr-uni-bochum.de Fri Jul 14 01:17:02 2006 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Jul 14 01:17:09 2006 Subject: GPGME: Exporting private OpenPGP keys In-Reply-To: <1152822989.4649.11.camel@mario> References: <1152731340.4176.8.camel@mario> <44B5695F.9020104@clemson.edu> <1152822989.4649.11.camel@mario> Message-ID: <873bd5umc1.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Thu, 13 Jul 2006 22:36:29 +0200, Mario Lenz wrote: > Is there a reason why this function isn't part of GPGME? If it's just > because you havn't had time yet: I would do it. I had a look at it and > it seems that the easiest way would be to change: > > if (reserved) return gpg_error (GPG_ERR_INV_VALUE); > err = add_arg (gpg, "--export"); > > to: > > if (reserved == 0) err = add_arg (gpg, "--export"); > else if (reserved == 1) err = add_arg (gpg, --export-secret-keys"); > else return gpg_error (GPG_ERR_INV_VALUE); > > in functions gpg_export and gpg_export_ext (both gpgme/rungpg.c). Of > course, you would loose the reserved parameter. This would be how to do it. In fact, I think the reserved parameter was for this purpose, I think. However from the TODO: ** New features requested by our dear users, but rejected or left for later consideration: *** Allow to export secret keys. Rejected because this is conceptually flawed. Secret keys on a smart card can not be exported, for example. Note that the trend for the gpg suite goes towards putting more and more secret-key related stuff into gpg-agent and friends, away from gpg. The idea is that handling the really sensitive data should be done in as much of a contained space as possible. Imagine the secret key would be managed by gpg-agent, and that there would be a way to export it (ie, it is not a smart card). Then the path through GPGME would be (square brackets [] denote a process) (key repository ->) [gpg-agent] -> [gnupg] -> [gpgme -> application] whereas application would often include several other layers, like libqt for input/output, or libglib for storage allocation. These are three processes at least, and at least one of them, the application, will very likely not handle secure memory at all (take a look at pinentry how difficult it is to use mix secure memory and a GUI application). Another one, gnupg, would not need to run with secure memory in this model if secret key exports were not allowed (that's the reason why we move this stuff to gpg-agent). I do understand that there is another consideration, and that is that users want to be able to do key management using their favourite email program, and that this includes making backups of secret keys. In GPA, we do the same, by calling gnupg directly. And yes, it would be preferable to use a GPGME interface. So, if you still think it is a good idea, and if Werner does not object too strongly, I think I would accept such a patch that you propose, just because it is a small change, and it is something that many people want to do and because they are going to do it anyway, and if they do it it's better to do it via GPGME. But at least we need to make it very clear in the documentation what the limits and caveats are. Thanks, Marcus From wk at gnupg.org Thu Jul 13 23:28:27 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Jul 14 10:16:03 2006 Subject: GPGME: Exporting private OpenPGP keys In-Reply-To: <1152731340.4176.8.camel@mario> (Mario Lenz's message of "Wed, 12 Jul 2006 21:09:00 +0200") References: <1152731340.4176.8.camel@mario> Message-ID: <878xmxw5xg.fsf@wheatstone.g10code.de> On Wed, 12 Jul 2006 21:09, Mario Lenz said: > I need to export OpenPGP keys. As far as I can see it's possible to > export public keys, but I miss a function for private ones. If no one is > working on this at the moment, I'd like to give it a try and write one- Exporting private keys is not in the domain of gpgme. Management of private keys requires specialized (organizational) processes. Further, the way private keys are exported is very application specific and we can't easily come up with an abstract API for that. Thus we don't intend to support this in gpgme. Salam-Shalom, Werner From mario.lenz at gmx.net Fri Jul 14 18:31:20 2006 From: mario.lenz at gmx.net (Mario Lenz) Date: Fri Jul 14 18:30:11 2006 Subject: GPGME: Exporting private OpenPGP keys In-Reply-To: <878xmxw5xg.fsf@wheatstone.g10code.de> References: <1152731340.4176.8.camel@mario> <878xmxw5xg.fsf@wheatstone.g10code.de> Message-ID: <1152894680.4172.5.camel@mario> > Exporting private keys is not in the domain of gpgme. Management of > private keys requires specialized (organizational) processes. > Further, the way private keys are exported is very application > specific and we can't easily come up with an abstract API for > that. Thus we don't intend to support this in gpgme. OK, I'll have a look at seahorse and try to write my own exporting function. Thanks for the info :-) cu Mario From mark at mcs.vuw.ac.nz Sat Jul 15 00:39:52 2006 From: mark at mcs.vuw.ac.nz (Mark Davies) Date: Sat Jul 15 01:00:45 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: <87r70sf935.fsf@wheatstone.g10code.de> References: <200607091012.41453.mark@mcs.vuw.ac.nz> <87r70sf935.fsf@wheatstone.g10code.de> Message-ID: <200607151039.53132.mark@mcs.vuw.ac.nz> On Wednesday 12 July 2006 03:35, Werner Koch wrote: > On Sun, 9 Jul 2006 00:12, Mark Davies said: > > - $_mytar -cf - conftest.txt | grep -q ustar > > + $_mytar -cf - conftest.txt | strings | grep -q ustar > > I am not sure whether strings is available on all platforms. What > about > > $_mytar -cf - conftest.txt | ( strings || cat ) | grep -q ustar If that works then fine, but I will note that strings has been on every unix system I've ever used (going back to BSD4.2) and it is part of POSIX and the Single Unix Specification. cheers mark From dgc at uchicago.edu Sat Jul 15 01:08:34 2006 From: dgc at uchicago.edu (David Champion) Date: Sat Jul 15 02:25:44 2006 Subject: configure's tar ustar test can fail on Solaris In-Reply-To: <200607151039.53132.mark@mcs.vuw.ac.nz> References: <200607091012.41453.mark@mcs.vuw.ac.nz> <87r70sf935.fsf@wheatstone.g10code.de> <200607151039.53132.mark@mcs.vuw.ac.nz> Message-ID: <20060714230833.GJ15353@monkey.uchicago.edu> * On 2006.07.14, in <200607151039.53132.mark@mcs.vuw.ac.nz>, * "Mark Davies" wrote: > > If that works then fine, but I will note that strings has been on every unix > system I've ever used (going back to BSD4.2) and it is part of POSIX and the > Single Unix Specification. On some platforms (I'm afraid I've forgotten which ones, but they're probably commercial) it's not included in the base system, but only with the compiler option. Apparently some distributors have felt that it's primarily a developer tool; indeed, some versions of strings refuse to process a file if it's not recognizably compiled object code. Obviously if you're compiling GnuPG you have a compiler, but if you obtained gcc or some other compiler from some third-party source, then you might not have strings or other related tools. I'm not sure how common this situation is in 2006, but I believe GnuPG aims to be very widely portable, so it's good to address. -- -D. dgc@uchicago.edu NSIT University of Chicago From fredgk at gmail.com Sun Jul 16 14:39:08 2006 From: fredgk at gmail.com (fredg) Date: Sun Jul 16 14:38:05 2006 Subject: gpa-0.7.3 segfault when openig a file In-Reply-To: <87k66rw6n5.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <20060619193842.7110e779.fredgk@gmail.com> <87k66rw6n5.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <20060716143908.e9b3d444.fredgk@gmail.com> Hi, I am using gtk-2.8.19. Here is a more complete gdb backtrace: (gdb) run Starting program: /usr/bin/gpa [Thread debugging using libthread_db enabled] [New Thread -1216726432 (LWP 23841)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1216726432 (LWP 23841)] 0xb7e29b66 in gtk_scrolled_window_add_with_viewport () from /usr/lib/libgtk-x11-2.0.so.0 (gdb) bt #0 0xb7e29b66 in gtk_scrolled_window_add_with_viewport () from /usr/lib/libgtk-x11-2.0.so.0 #1 0xb7e29bdb in gtk_scrolled_window_add_with_viewport () from /usr/lib/libgtk-x11-2.0.so.0 #2 0xb7deb345 in gtk_list_store_new () from /usr/lib/libgtk-x11-2.0.so.0 #3 0xb7e88afa in gtk_tree_model_iter_next () from /usr/lib/libgtk-x11-2.0.so.0 #4 0x080535eb in add_file (fileman=0x81414a0, filename=0x8242bf8 "/home/nounou/documents/clefs.txt") at fileman.c:186 #5 0x080537d7 in open_file (param=0x815d0a8) at fileman.c:239 #6 0xb7badfa4 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0 #7 0xb7b97d2c in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #8 0xb7bac9ec in g_signal_has_handler_pending () from /usr/lib/libgobject-2.0.so.0 #9 0xb7bad93d in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #10 0xb7badbbb in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #11 0xb7d3f4ed in gtk_button_clicked () from /usr/lib/libgtk-x11-2.0.so.0 #12 0xb7d40a6c in gtk_button_get_alignment () from /usr/lib/libgtk-x11-2.0.so.0 #13 0xb7badfa4 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0 #14 0xb7b98028 in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0 #15 0xb7b97d2c in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #16 0xb7bac2ce in g_signal_has_handler_pending () ---Type to continue, or q to quit--- from /usr/lib/libgobject-2.0.so.0 #17 0xb7bad93d in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #18 0xb7badbbb in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #19 0xb7d3f4ad in gtk_button_released () from /usr/lib/libgtk-x11-2.0.so.0 #20 0xb7d40241 in gtk_button_set_relief () from /usr/lib/libgtk-x11-2.0.so.0 #21 0xb7df00f0 in gtk_marshal_VOID__UINT_STRING () from /usr/lib/libgtk-x11-2.0.so.0 #22 0xb7b98028 in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0 #23 0xb7b97d2c in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #24 0xb7bac51a in g_signal_has_handler_pending () from /usr/lib/libgobject-2.0.so.0 #25 0xb7bad654 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #26 0xb7badbbb in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #27 0xb7eb8e94 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0 #28 0xb7dedc58 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0 #29 0xb7dee090 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0 #30 0xb7cb71b1 in gdk_event_get_graphics_expose () from /usr/lib/libgdk-x11-2.0.so.0 #31 0xb7b284e4 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #32 0xb7b29f16 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0 #33 0xb7b2a195 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #34 0xb7dee8e3 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #35 0x0804ff99 in main (argc=1, argv=0xbff33a24) at gpa.c:578 (gdb) Cheers. Fred. On Thu, 06 Jul 2006 09:10:22 +0200 Marcus Brinkmann wrote: > At Mon, 19 Jun 2006 19:38:42 +0200, > fredg wrote: > > > > Hi, > > > > Just built it under Zenwalk linux, against gpgme-1.1.2. > > I got a segfault when trying to open a file. > > Sorry, I can not reproduce this. > > > Here is a gdb backtrace: > > > > Program received signal SIGSEGV, Segmentation fault. > > [Switching to Thread -1217018176 (LWP 23885)] > > 0xb7e0fb66 in gtk_scrolled_window_add_with_viewport () > > from /usr/lib/libgtk-x11-2.0.so.0 > > (gdb) bt > > #0 0xb7e0fb66 in gtk_scrolled_window_add_with_viewport () > > from /usr/lib/libgtk-x11-2.0.so.0 > > #1 0xb7e0fbdb in gtk_scrolled_window_add_with_viewport () > > from /usr/lib/libgtk-x11-2.0.so.0 > > #2 0xb7dd1345 in gtk_list_store_new () from /usr/lib/libgtk-x11-2.0.so.0 > > #3 0xb7e6eafa in gtk_tree_model_iter_next () from /usr/lib/libgtk-x11-2.0.so.0 > > The crash seems to happen in Gtk+. This does not mean that the bug is > necessarily in Gtk+. I am using 2.8.18 (on Ubuntu 6.06). > > > #4 0x080535eb in ?? () > > #5 0x081b6c80 in ?? () > > #6 0xbfc91750 in ?? () > > #7 0x082145f8 in ?? () > > #8 0x08050e70 in ?? () > > #9 0x0821c028 in ?? () > > #10 0x00000000 in ?? () > > (gdb) > > This would be the interesting part. > > You are missing debug symbols in gpa (try to build with CFLAGS=-g) and > gtk (try to install the debug packages if they exist). > > Thanks, > Marcus > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060716/fe0ad58f/attachment-0001.pgp From sadam at CLEMSON.EDU Sun Jul 16 16:09:54 2006 From: sadam at CLEMSON.EDU (Adam Schreiber) Date: Sun Jul 16 16:08:52 2006 Subject: GPGME: Exporting private OpenPGP keys In-Reply-To: <1152894680.4172.5.camel@mario> References: <1152731340.4176.8.camel@mario> <878xmxw5xg.fsf@wheatstone.g10code.de> <1152894680.4172.5.camel@mario> Message-ID: <44BA48B2.6090409@clemson.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mario Lenz wrote: > OK, I'll have a look at seahorse and try to write my own exporting > function. Thanks for the info :-) Mario, I believe the function is in libseahorse/seahorse-gpgmex-op.c. If not it's in one of the other seahorse-gpgmex-*.c files. Cheers, Adam - -- Why isn't all of your email protected? http://gnupg.org http://enigmail.mozdev.org http://seahorse.sourceforge.net http://live.gnome.org/Seahorse -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEukiyjU1oaHEI4wgRAj/UAKCgswkougM1JF554y76ZpaP3F35FwCdGRLI exwaEo1Oc6ktxoAnkrQ3Wo0= =iF0i -----END PGP SIGNATURE----- From kyle at memoryhole.net Fri Jul 21 02:09:41 2006 From: kyle at memoryhole.net (Kyle Wheeler) Date: Fri Jul 21 10:47:38 2006 Subject: 1.4.4 unable to reopen standard input error Message-ID: <20060721000941.GD25177@c-68-35-181-106.hsd1.nm.comcast.net> Hello, I recently upgraded gnupg from 1.4.2 to 1.4.4, and suddenly I am running into a nasty problem. I use mutt on MacOS X (10.4.7) for all my email needs, and one of the things I can do (well, used to be able to do) is decode and reply to ?traditional? pgp-encoded email (a-la what is generated by pine users who send encrypted email). After upgrading gnupg, I can no longer reply to emails that have been encrypted in the ?traditional? (translation: inline ascii) manner. I can decrypt them just fine, but whatever re-decryption mutt does when replying merely produces: gpg: fatal: unable to reopen standard input, output, or error The command that mutt runs to decode such email is this: gpg --status-fd=2 --no-verbose --quiet --batch --output - %f Where "%f" is replaced by the name of the file to decrypt (mutt saves the encrypted message to a file and then runs gpg on it). I understand there was a patch that went into gnupg 1.4.4 (http://lists.gnupg.org/pipermail/gnupg-devel/2006-May/022915.html patch-stdout.reopen.patch) that may have something to do with this. Is there anything I can do to fix this? I'm tempted to track down that patch and reverse it on my 1.4.4 source, to see if that doesn't fix it. Interestingly, other people on the mutt mailing lists who also use gnupg 1.4.4 (but do so on Linux) do not have the problem. ~Kyle -- He who dares not offend cannot be honest. -- Thomas Paine -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060720/ddde3743/attachment.pgp From wk at gnupg.org Fri Jul 21 13:05:37 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Jul 21 13:11:20 2006 Subject: 1.4.4 unable to reopen standard input error In-Reply-To: <20060721000941.GD25177@c-68-35-181-106.hsd1.nm.comcast.net> (Kyle Wheeler's message of "Thu, 20 Jul 2006 20:09:41 -0400") References: <20060721000941.GD25177@c-68-35-181-106.hsd1.nm.comcast.net> Message-ID: <871wsftdz2.fsf@wheatstone.g10code.de> On Fri, 21 Jul 2006 02:09, Kyle Wheeler said: > (http://lists.gnupg.org/pipermail/gnupg-devel/2006-May/022915.html > patch-stdout.reopen.patch) that may have something to do with this. Is > there anything I can do to fix this? I'm tempted to track down that > patch and reverse it on my 1.4.4 source, to see if that doesn't fix it. It is important that stdin, stdout and stderr are open and thus connected to some file descriptor. If for example stderr is closed and gpg opens another file (like the trustdb or a keyring) and later prints a message to stderr it will end up in that file - oops. Thus it is always required to make sure that the standard file descriptors are connected; i.e. to dup them to /dev/null right before the exec call. To figure out your problem you should run mutt under "strace -f" or whatever system call trace utility you have on your system. grep for the exec of gpg and then check what happended to descriptors 0,1,2 right before that. As an alternative you might want to add set crypt_use_gpgme into your .muttrc and use the modern gpg interface. Shalom-Salam, Werner From dshaw at jabberwocky.com Fri Jul 21 14:56:59 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Jul 21 14:55:48 2006 Subject: 1.4.4 unable to reopen standard input error In-Reply-To: <20060721000941.GD25177@c-68-35-181-106.hsd1.nm.comcast.net> References: <20060721000941.GD25177@c-68-35-181-106.hsd1.nm.comcast.net> Message-ID: <20060721125659.GA19539@jabberwocky.com> On Thu, Jul 20, 2006 at 08:09:41PM -0400, Kyle Wheeler wrote: > Hello, > > I recently upgraded gnupg from 1.4.2 to 1.4.4, and suddenly I am > running into a nasty problem. > > I use mutt on MacOS X (10.4.7) for all my email needs, and one of the > things I can do (well, used to be able to do) is decode and reply to > ?traditional? pgp-encoded email (a-la what is generated by pine users > who send encrypted email). After upgrading gnupg, I can no longer > reply to emails that have been encrypted in the ?traditional? > (translation: inline ascii) manner. I can decrypt them just fine, but > whatever re-decryption mutt does when replying merely produces: > > gpg: fatal: unable to reopen standard input, output, or error > > The command that mutt runs to decode such email is this: > > gpg --status-fd=2 --no-verbose --quiet --batch --output - %f Are you sure that is the command? I see no way for the passphrase to be passed there. David From troy at austin.ibm.com Tue Jul 25 02:49:53 2006 From: troy at austin.ibm.com (Troy Bollinger) Date: Tue Jul 25 04:55:42 2006 Subject: [Dailydave] GnuPG 1.4.4 fun In-Reply-To: <20060721225558.D144623E3FE@dzeta.agava.net> References: <20060721225558.D144623E3FE@dzeta.agava.net> Message-ID: <20060725004953.GA31396@austin.ibm.com> Quoting Evgeny Legerov (research@gleg.net): > Another GnuPG bug: > > $ perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| /var/gnupg/bin/gpg --no-armor > gpg: /home/ggg/.gnupg/options:82: deprecated option "honor-http-proxy" > gpg: please use "keyserver-options http-proxy" instead > > gpg: Segmentation fault caught ... exiting > Segmentation fault > Hi, The above testcase was posted to the dailydave mailing list a few days ago. The diff below stops the segmentation fault, although I'm not certain that it's the _correct_ way to fix it. I think there are similar problems with xmalloc() arguments in: parse_gpg_control create_gpg_control parse_plaintext Troy --------------------------------- $ diff -r -c gnupg-1.4.4 gnupg-1.4.4.new/ diff -r -c gnupg-1.4.4/g10/packet.h gnupg-1.4.4.new/g10/packet.h *** gnupg-1.4.4/g10/packet.h Thu Mar 9 06:12:02 2006 --- gnupg-1.4.4.new/g10/packet.h Mon Jul 24 18:51:11 2006 *************** *** 302,309 **** typedef struct { ! int len; /* length of data */ ! char data[1]; } PKT_comment; typedef struct { --- 302,309 ---- typedef struct { ! unsigned int len; /* length of data */ ! byte data[1]; } PKT_comment; typedef struct { diff -r -c gnupg-1.4.4/g10/parse-packet.c gnupg-1.4.4.new/g10/parse-packet.c *** gnupg-1.4.4/g10/parse-packet.c Sun Jun 25 05:58:40 2006 --- gnupg-1.4.4.new/g10/parse-packet.c Mon Jul 24 19:17:04 2006 *************** *** 2087,2101 **** parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) { byte *p; ! packet->pkt.comment = xmalloc(sizeof *packet->pkt.comment + pktlen - 1); packet->pkt.comment->len = pktlen; p = packet->pkt.comment->data; for( ; pktlen; pktlen--, p++ ) *p = iobuf_get_noeof(inp); if( list_mode ) { ! int n = packet->pkt.comment->len; fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT? "OpenPGP draft " : "" ); for(p=packet->pkt.comment->data; n; p++, n-- ) { --- 2087,2106 ---- parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) { byte *p; + size_t sz = sizeof *packet->pkt.comment + pktlen - 1; ! if (sz < pktlen) { ! log_error("packet(%d) too big (%lu)\n", pkttype, (ulong)pktlen); ! g10_exit (126); ! } ! packet->pkt.comment = xmalloc(sz); packet->pkt.comment->len = pktlen; p = packet->pkt.comment->data; for( ; pktlen; pktlen--, p++ ) *p = iobuf_get_noeof(inp); if( list_mode ) { ! size_t n = packet->pkt.comment->len; fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT? "OpenPGP draft " : "" ); for(p=packet->pkt.comment->data; n; p++, n-- ) { -- Troy Bollinger Network Security Analyst PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy From wk at gnupg.org Tue Jul 25 12:28:59 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Jul 25 12:31:21 2006 Subject: [Dailydave] GnuPG 1.4.4 fun In-Reply-To: <20060725004953.GA31396@austin.ibm.com> (Troy Bollinger's message of "Mon, 24 Jul 2006 19:49:53 -0500") References: <20060721225558.D144623E3FE@dzeta.agava.net> <20060725004953.GA31396@austin.ibm.com> Message-ID: <87bqreou50.fsf@wheatstone.g10code.de> On Tue, 25 Jul 2006 02:49, Troy Bollinger said: > I think there are similar problems with xmalloc() arguments in: > > parse_gpg_control > create_gpg_control > parse_plaintext Right after fixing the recent UID integer overflow I walked over the code and figured out the mallocs in need of a fix. Most of them are already fixed a few need more investigation. The easiest fix is to limit the packet length to a reasonable value right after parsing the packet header. Thanks, Werner From wk at gnupg.org Tue Jul 25 14:10:23 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Jul 25 14:33:31 2006 Subject: [Announce] Gpg4win 1.0.4 released Message-ID: <87u055opg0.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From gilboooo at gmail.com Tue Jul 25 13:55:34 2006 From: gilboooo at gmail.com (Gilbert Fernandes) Date: Wed Jul 26 17:07:34 2006 Subject: GnuPG 1.4.4 does not compile on NetBSD is curl library is installed from pkgsrc Message-ID: Hello everyone, when GnuPG 1.4.4 is compiled on NetBSD 3.0 it works fine. The configure does its job, as the make and make install. But if the curl library has been installed on the system (on one of my computers, it has been installed as dependency of clamav) then the make fails because a file does not find the proper include file at the right place. Here is the error message : -*- In file included from gpgkeys_finger.c:48: ksutil.h:26:23: curl/curl.h: No such file or directory In file included from gpgkeys_finger.c:48: ksutil.h:108: error: parse error before "error" *** Error code 1 Stop. make: stopped in /root/g/gnupg-1.4.4/keyserver *** Error code 1 Stop. make: stopped in /root/g/gnupg-1.4.4 *** Error code 1 Stop. make: stopped in /root/g/gnupg-1.4.4 soekris{/root/g/gnupg-1.4.4} -*- As soon as I remove the curl library (compiled from /usr/pkgsrc/www/curl) the make of GnuPG 1.4.4 works fine. When the curl library is installed, the curl.h file is located there : /usr/pkg/include/curl/curl.h To make a test, I have tried to compile the previous GnuPG version (1.4.3) with and without that curl library installed : -*- keyserver.c:30:23: curl/curl.h: No such file or directory In file included from keyserver.c:40: ../include/ttyio.h:32: warning: `libintl_printf' is an unrecognized format function type ../include/ttyio.h:34: warning: `libintl_printf' is an unrecognized format function type In file included from keyserver.c:45: ../include/util.h:81: warning: `libintl_printf' is an unrecognized format function type ../include/util.h:84: warning: `libintl_printf' is an unrecognized format function type ../include/util.h:85: warning: `libintl_printf' is an unrecognized format function type ../include/util.h:86: warning: `libintl_printf' is an unrecognized format function type ../include/util.h:87: warning: `libintl_printf' is an unrecognized format function type ../include/util.h:88: warning: `libintl_printf' is an unrecognized format function type keyserver.c: In function `parse_keyserver_uri': keyserver.c:367: warning: subscript has type `char' *** Error code 1 Stop. make: stopped in /root/g/gnupg-1.4.3/g10 *** Error code 1 Stop. make: stopped in /root/g/gnupg-1.4.3 *** Error code 1 Stop. make: stopped in /root/g/gnupg-1.4.3 -*- Result is the same. Here is my system uname -a : NetBSD soekris 3.0 NetBSD 3.0 (SOEKRIS) #4: Fri May 5 19:19:40 UTC 2006 root@soekris:/usr/src/sys/arch/i386/compile/SOEKRIS i386 Installed software versions : curl-7.15.4 gmake-3.81 (I always compiled GnuPG using make, not gmake) libtool-base-1.5.22nb3 m4-1.4.4 When I tried to compile without curl, both 1.4.3 and 1.4.4 compile fine. After having installed curl, I did a new ./configure && make in both GnuPG 1.4.3 folder and 1.4.4 folder after a make clean. Two solutions : 1. GnuPG make file is adapted to NetBSD 2. The curl package maintener does a change that allows GnuPG make file to find curl where it should be. 3. #ifdef __NETBSD__ include the curl file located in /usr/pkg/include/curl/ The curl library maintainer is Cc of this email. Best regards, -- unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep From gdt at ir.bbn.com Wed Jul 26 17:48:15 2006 From: gdt at ir.bbn.com (Greg Troxel) Date: Wed Jul 26 19:25:45 2006 Subject: GnuPG 1.4.4 does not compile on NetBSD is curl library is installed from pkgsrc In-Reply-To: (Gilbert Fernandes's message of "Tue, 25 Jul 2006 13:55:34 +0200") References: Message-ID: "Gilbert Fernandes" writes: executive summary: GnuPG has a bug, which is that LIBCURL_CPPFLAGS is not included for gpgkeys_finger.c (which includes ksutil.h which includes curl/libcurl.h, and thus it needs it). add gpgkeys_finger_CPPFLAGS = @LIBCURL_CPPFLAGS@ gpgkeys_finger_LDADD = @LIBCURL@ @GETOPT@ to keyserver/Makefile.am, and probably similarly for fake curl. long version: > when GnuPG 1.4.4 is compiled on NetBSD 3.0 it works fine. The configure > does its job, as the make and make install. Is there some reason you aren't using pkgsrc? If you were, you wouldn't be having this problem. > But if the curl library has been installed on the system (on one of > my computers, it has been installed as dependency of clamav) then > the make fails because a file does not find the proper include file > at the right place. > > In file included from gpgkeys_finger.c:48: > ksutil.h:26:23: curl/curl.h: No such file or directory Are you passing CPPFLAGS of -I/usr/pkg/include? (I assuming not; if you did gnupg would work. In general on NetBSD when using dependencies from pkgsrc you need to do that.) curl supports both pkg-config and curl-config. gnupg seems to use curl-config. > 1. GnuPG make file is adapted to NetBSD > 2. The curl package maintener does a change that allows GnuPG make file > to find curl where it should be. > 3. #ifdef __NETBSD__ include the curl file located in /usr/pkg/include/curl/ I don't know what 1 means, but really (see above) there's a small bug to fix which is independent of NetBSD. 2 is not the answer because both curl-config and the curl pkg-config file seem correct. 3 is wrong because pkgsrc isn't just NetBSD, and someone might have curl elsewhere. Which leaves us with 1. Use pkgsrc, which sets up CPPFLAGS and works fine. 2. Fix the bug in gnupg makefiles On my system (3.99), with curl, I did a manual build of gnupg 1.4.4. I notice in config.status that curl was found and the variables look ok s,@LIBCURL_CPPFLAGS@,-I/usr/pkg/include,;t t s,@LIBCURL@,-L/usr/pkg/lib -lcurl -L/usr/pkg/lib -Wl,-R/usr/pkg/lib -lidn -lssl -lcrypto -lz,;t t but in keyserver it seems that LIBCURL_CPPFLAGS are not included: gdt 35 ~/SOFTWARE/GNUPG/gnupg-1.4.4/keyserver > gmake if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgkeys_finger.o -MD -MP -MF ".deps/gpgkeys_finger.Tpo" -c -o gpgkeys_finger.o gpgkeys_finger.c; \ then mv -f ".deps/gpgkeys_finger.Tpo" ".deps/gpgkeys_finger.Po"; else rm -f ".deps/gpgkeys_finger.Tpo"; exit 1; fi In file included from gpgkeys_finger.c:48: ksutil.h:26:23: curl/curl.h: No such file or directory In file included from gpgkeys_finger.c:48: ksutil.h:108: error: syntax error before "error" gmake: *** [gpgkeys_finger.o] Error 1 That's because of a bug in Makefile.am, shown at the very top of this message. (Werner: hope that's "trivial"; my papers are not in order :-) -- Greg Troxel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 185 bytes Desc: not available Url : /pipermail/attachments/20060726/e506546d/attachment.pgp From dshaw at jabberwocky.com Wed Jul 26 22:34:44 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jul 26 22:33:37 2006 Subject: GnuPG 1.4.4 does not compile on NetBSD is curl library is installed from pkgsrc In-Reply-To: References: Message-ID: <20060726203444.GA7787@jabberwocky.com> On Tue, Jul 25, 2006 at 01:55:34PM +0200, Gilbert Fernandes wrote: > Hello everyone, > > when GnuPG 1.4.4 is compiled on NetBSD 3.0 it works fine. The configure > does its job, as the make and make install. > > But if the curl library has been installed on the system (on one of my > computers, > it has been installed as dependency of clamav) then the make fails because > a file does not find the proper include file at the right place. Should be fixed now, thanks. Index: Makefile.am =================================================================== --- Makefile.am (revision 4198) +++ Makefile.am (working copy) @@ -50,4 +50,5 @@ gpgkeys_curl_LDADD = @LIBCURL@ @GETOPT@ gpgkeys_hkp_CPPFLAGS = @LIBCURL_CPPFLAGS@ gpgkeys_hkp_LDADD = @LIBCURL@ @GETOPT@ +gpgkeys_finger_CPPFLAGS = @LIBCURL_CPPFLAGS@ endif David From gilboooo at gmail.com Wed Jul 26 23:10:24 2006 From: gilboooo at gmail.com (Gilbert Fernandes) Date: Thu Jul 27 14:21:36 2006 Subject: GnuPG 1.4.4 does not compile on NetBSD is curl library is installed from pkgsrc In-Reply-To: <20060726203444.GA7787@jabberwocky.com> References: <20060726203444.GA7787@jabberwocky.com> Message-ID: > Should be fixed now, thanks. Name your beer and address and I will handle the shipping :) (er.. try to choose a beer I can find in France though ha ha) -- unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep From wk at gnupg.org Thu Jul 27 17:25:34 2006 From: wk at gnupg.org (Werner Koch) Date: Thu Jul 27 17:31:16 2006 Subject: GnuPG 1.9.222 released Message-ID: <87psfrjci9.fsf@wheatstone.g10code.de> Hi! This is just a short note to announce that GnuPG 1.9.22 is avaiable at the usual place (ftp.gnupg.org/gcrypt/alpha/gnupg/). Noteworthy changes in version 1.9.22 (2006-07-27) ------------------------------------------------- * Enhanced pkcs#12 support to allow import from simple keyBags. * Exporting to pkcs#12 now create bag attributes so that Mozilla is able to import the files. * Fixed uploading of certain keys to the smart card. It is currently to hot in my office to write a real announcement. And well, I need to leave for the monthly meeting of the www.dlug.de . Salam-Shalom, Werner From alphasigmax at gmail.com Fri Jul 28 03:37:56 2006 From: alphasigmax at gmail.com (Alphax) Date: Fri Jul 28 03:39:30 2006 Subject: Better proxy support available via libcurl? Message-ID: <44C96A74.2050409@gmail.com> Since gnupg uses libcurl, and libcurl has support for authenticating proxies... Shouldn't it be possible to have authenticating proxy support in gnupg? -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 564 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060728/5f222c73/signature.pgp From wk at gnupg.org Fri Jul 28 11:32:18 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Jul 28 11:34:11 2006 Subject: Release candidate for 1.4.5 Message-ID: <87fygmjcrh.fsf@wheatstone.g10code.de> Hi! I just did a release candidate for 1.4.5. I'd kindly ask you to try building it in the next days and report any build problems to this mailing list. The tarballs are available at: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.5.tar.bz2 (3018k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.5.tar.bz2.sig Or as a diff against 1.4.4: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.4-1.4.5rc1.diff.bz2 (107k) There is no binary for windows available. If you are in need for a fixed gpg binary, please get the the latest Gpg4win installer from http://www.gpg4win.org which includes a patches gpg version. Noteworthy changes in version 1.4.5 ------------------------------------------------ * Reverted check for valid standard handles under Windows. * More DSA2 tweaks. * Fixed a problem uploading certain keys to the smart card. * Fixed 2 more possible memory allocation attacks. * Added Norwegian translation. Happy hacking, Werner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060728/dbb21429/attachment.pgp From dshaw at jabberwocky.com Fri Jul 28 04:27:29 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Jul 28 14:34:58 2006 Subject: Better proxy support available via libcurl? In-Reply-To: <44C96A74.2050409@gmail.com> References: <44C96A74.2050409@gmail.com> Message-ID: <20060728022729.GA19064@jabberwocky.com> On Fri, Jul 28, 2006 at 11:07:56AM +0930, Alphax wrote: > Since gnupg uses libcurl, and libcurl has support for authenticating > proxies... > > Shouldn't it be possible to have authenticating proxy support in gnupg? Yes, it's possible. At the moment, only BASIC auth is used. Which one did you need? David From alphasigmax at gmail.com Fri Jul 28 18:05:08 2006 From: alphasigmax at gmail.com (Alphax) Date: Fri Jul 28 18:06:21 2006 Subject: Better proxy support available via libcurl? In-Reply-To: <20060728022729.GA19064@jabberwocky.com> References: <44C96A74.2050409@gmail.com> <20060728022729.GA19064@jabberwocky.com> Message-ID: <44CA35B4.3070203@gmail.com> David Shaw wrote: > On Fri, Jul 28, 2006 at 11:07:56AM +0930, Alphax wrote: >> Since gnupg uses libcurl, and libcurl has support for authenticating >> proxies... >> >> Shouldn't it be possible to have authenticating proxy support in gnupg? > > Yes, it's possible. At the moment, only BASIC auth is used. Which > one did you need? > If BASIC is just username & password, it should be enough; I'll have to check the manpage to see how to use it... -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 564 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060729/e4693291/signature-0001.pgp From dshaw at jabberwocky.com Fri Jul 28 18:38:00 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Jul 28 18:37:09 2006 Subject: Better proxy support available via libcurl? In-Reply-To: <44CA35B4.3070203@gmail.com> References: <44C96A74.2050409@gmail.com> <20060728022729.GA19064@jabberwocky.com> <44CA35B4.3070203@gmail.com> Message-ID: <20060728163800.GA20813@jabberwocky.com> On Sat, Jul 29, 2006 at 01:35:08AM +0930, Alphax wrote: > David Shaw wrote: > > On Fri, Jul 28, 2006 at 11:07:56AM +0930, Alphax wrote: > >> Since gnupg uses libcurl, and libcurl has support for authenticating > >> proxies... > >> > >> Shouldn't it be possible to have authenticating proxy support in gnupg? > > > > Yes, it's possible. At the moment, only BASIC auth is used. Which > > one did you need? > > > > If BASIC is just username & password, it should be enough; I'll have to > check the manpage to see how to use it... Use a proxy like "http://user:pass@the.proxy.host". Note that this works with both curl and the built-in HTTP handler also. David From g.esp at free.fr Sat Jul 29 14:15:21 2006 From: g.esp at free.fr (Gilles Espinasse) Date: Sat Jul 29 14:16:20 2006 Subject: Release candidate for 1.4.5 References: <87fygmjcrh.fsf@wheatstone.g10code.de> Message-ID: <040f01c6b308$aa274b50$f9b5a8c0@pii350> ----- Original Message ----- From: "Werner Koch" To: Cc: Sent: Friday, July 28, 2006 11:32 AM Subject: Release candidate for 1.4.5 1.4.5 rc1 compile fine now on uClibc with ./configure --prefix=/usr --disable-nls --disable-mailto --disable-photo-vie wers --disable-ldap no more forced to use --disable-dns-srv --disable-dns-pka --disable-dns-cert Thank Gilles From alphasigmax at gmail.com Sat Jul 29 15:43:50 2006 From: alphasigmax at gmail.com (Alphax) Date: Sat Jul 29 15:45:17 2006 Subject: Better proxy support available via libcurl? In-Reply-To: <20060728163800.GA20813@jabberwocky.com> References: <44C96A74.2050409@gmail.com> <20060728022729.GA19064@jabberwocky.com> <44CA35B4.3070203@gmail.com> <20060728163800.GA20813@jabberwocky.com> Message-ID: <44CB6616.1050605@gmail.com> David Shaw wrote: > On Sat, Jul 29, 2006 at 01:35:08AM +0930, Alphax wrote: >> David Shaw wrote: >>> On Fri, Jul 28, 2006 at 11:07:56AM +0930, Alphax wrote: >>>> Since gnupg uses libcurl, and libcurl has support for authenticating >>>> proxies... >>>> >>>> Shouldn't it be possible to have authenticating proxy support in gnupg? >>> Yes, it's possible. At the moment, only BASIC auth is used. Which >>> one did you need? >>> >> If BASIC is just username & password, it should be enough; I'll have to >> check the manpage to see how to use it... > > Use a proxy like "http://user:pass@the.proxy.host". > > Note that this works with both curl and the built-in HTTP handler also. > Is it at all likely to work on Windows, or is the networking code too stupid? Where can I get a cURL package for MinGW that will actually work? -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060729/6c120443/signature.pgp From g.esp at free.fr Sat Jul 29 18:27:48 2006 From: g.esp at free.fr (Gilles Espinasse) Date: Sat Jul 29 18:28:59 2006 Subject: --enable-minimal Message-ID: <043501c6b32b$ee875510$f9b5a8c0@pii350> --enable-minimal is a shortcut to have a gpg with minimal size/functions Test on 1.4.5rc1 With ./configure --prefix=/usr, size is 1017633 (unstripped) With --enable-minimal, size is 786060 (unstripped) With --enable-minimal --disable-nls , size is 770354 (unstripped) With --enable-minimal --disable-nls --disable-dns-srv --disable-dns-pka --di sable-dns-cert, size is 769377 (unstripped) Should not --disable-nls --disable-dns-srv --disable-dns-pka --disable-dns-cert be include in --enable-minimal selection? Gilles From mchastain at ipowerweb.com Thu Jul 27 02:55:34 2006 From: mchastain at ipowerweb.com (Marcel Chastain - Security Administration) Date: Mon Sep 18 13:04:59 2006 Subject: perl EUID change causing failure Message-ID: <44C7FA38.20606@ipowerweb.com> I have a perl wrapper around gpg for use within our company's internal control panel. It changes its 'EUID' (Effective UserID) early in the script. From there, it attempts to run /usr/local/bin/gpg --list-public-keys My test script: #!/usr/bin/perl $ENV{'GNUPGHOME'} = '/home/username/.gnupg'; my $uid = getpwnam("username"); $> = $uid; print `/usr/local/bin/gpg --list-public-keys`; The output: gpg: Ohhhh jeeee: ... this is a bug (gpg.c:1880:main) secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 (replace the word 'username' with a user on your system for testing purposes) Now, this *only* happens when setting the EUID. I can set the RealUID and things work perfectly. Running gnupg 1.4.4 compiled from ports, freebsd 4.11-STABLE . -- ####################### Marcel C. Security Administration iPower, Inc.