GNUPG-1-9-BRANCH gnupg (16 files)
cvs user wk
cvs at cvs.gnupg.org
Tue Nov 23 18:03:12 CET 2004
Date: Tuesday, November 23, 2004 @ 18:09:52
Author: wk
Path: /cvs/gnupg/gnupg
Tag: GNUPG-1-9-BRANCH
Modified: TODO common/ChangeLog common/b64enc.c doc/ChangeLog
doc/debugging.texi doc/gpg-agent.texi doc/gpgsm.texi
jnlib/ChangeLog jnlib/logging.c sm/ChangeLog sm/call-dirmngr.c
sm/gpgsm.c sm/gpgsm.h tools/ChangeLog tools/gpgconf-comp.c
tools/watchgnupg.c
* b64enc.c: Include stdio.h and string.h
* gpgsm.c: New option --prefer-system-dirmngr.
* call-dirmngr.c (start_dirmngr): Implement this option.
* gpgconf-comp.c <dirmngr>: Add the proxy options.
<gpgsm>: Add --prefer-system-daemon.
----------------------+
TODO | 11 +---------
common/ChangeLog | 4 +++
common/b64enc.c | 2 +
doc/ChangeLog | 4 +++
doc/debugging.texi | 23 ++++++++++++++++++----
doc/gpg-agent.texi | 2 -
doc/gpgsm.texi | 6 +++++
jnlib/ChangeLog | 9 ++++++++
jnlib/logging.c | 10 ++++++---
sm/ChangeLog | 5 ++++
sm/call-dirmngr.c | 50 +++++++++++++++++++++++++++++++------------------
sm/gpgsm.c | 7 +++++-
sm/gpgsm.h | 1
tools/ChangeLog | 9 ++++++++
tools/gpgconf-comp.c | 24 ++++++++++++++++++++++-
tools/watchgnupg.c | 2 -
16 files changed, 131 insertions(+), 38 deletions(-)
Index: gnupg/TODO
diff -u gnupg/TODO:1.165.2.32 gnupg/TODO:1.165.2.33
--- gnupg/TODO:1.165.2.32 Fri Oct 22 14:31:26 2004
+++ gnupg/TODO Tue Nov 23 18:09:51 2004
@@ -25,6 +25,8 @@
* sm/certlist.c
** ocspSigning usage is not fully implemented
We should review the entire CRL and OCSP validation system.
+ Okay. This has been fixed in dirmngr when running it in system
+ daemon mode.
* sm/decrypt.c
** replace leading zero in integer hack by a cleaner solution
@@ -93,12 +95,3 @@
This needs support in libksba/src/cert.c as well as in sm/*.c.
Need test certs as well. Same goes for CRL authorityKeyIdentifier.
-** Dirmngr: name subordination (nameRelativeToCRLIssuer)
- is not yet supported by Dirmngr.
-
-** Dirmngr: CRL DP URI
- The CRL DP shall use an URI for LDAP without a host name. The host
- name shall be looked by using the DN in the URI. We don't implement
- this yet. Solution is to have a mapping DN->host in our ldapservers
- configuration file.
-
Index: gnupg/common/ChangeLog
diff -u gnupg/common/ChangeLog:1.30.2.28 gnupg/common/ChangeLog:1.30.2.29
--- gnupg/common/ChangeLog:1.30.2.28 Wed Aug 18 16:37:22 2004
+++ gnupg/common/ChangeLog Tue Nov 23 18:09:51 2004
@@ -1,3 +1,7 @@
+2004-11-23 Werner Koch <wk at g10code.com>
+
+ * b64enc.c: Include stdio.h and string.h
+
2004-08-18 Werner Koch <wk at g10code.de>
* simple-pwquery.c (simple_pwquery): Handle gpg-error style return
Index: gnupg/common/b64enc.c
diff -u gnupg/common/b64enc.c:1.1.2.1 gnupg/common/b64enc.c:1.1.2.2
--- gnupg/common/b64enc.c:1.1.2.1 Tue Feb 10 20:27:54 2004
+++ gnupg/common/b64enc.c Tue Nov 23 18:09:51 2004
@@ -19,7 +19,9 @@
*/
#include <config.h>
+#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <assert.h>
Index: gnupg/doc/ChangeLog
diff -u gnupg/doc/ChangeLog:1.39.2.18 gnupg/doc/ChangeLog:1.39.2.19
--- gnupg/doc/ChangeLog:1.39.2.18 Fri Oct 22 14:30:34 2004
+++ gnupg/doc/ChangeLog Tue Nov 23 18:09:51 2004
@@ -1,3 +1,7 @@
+2004-11-05 Werner Koch <wk at g10code.com>
+
+ * debugging.texi (Common Problems): Curses pinentry problem.
+
2004-10-22 Werner Koch <wk at g10code.com>
* tools.texi (Helper Tools): Document gpgsm-gencert.sh.
Index: gnupg/doc/debugging.texi
diff -u gnupg/doc/debugging.texi:1.1.2.2 gnupg/doc/debugging.texi:1.1.2.3
--- gnupg/doc/debugging.texi:1.1.2.2 Mon Jun 28 09:42:32 2004
+++ gnupg/doc/debugging.texi Tue Nov 23 18:09:51 2004
@@ -5,7 +5,7 @@
@node Debugging
@chapter How to solve problems
-Everone knows that software often does not do what it should do and thus
+Everyone knows that software often does not do what it should do and thus
there is a need to track down problems. We call this debugging in a
reminiscent to the moth jamming a relay in a Mark II box back in 1947.
@@ -87,9 +87,24 @@
@itemize @bullet
@item Error code @samp{Not supported} from Dirmngr
- Most likely the option @option{enable-ocsp} is active for gpgsm
- but Dirmngr's OCSP feature has not been enabled using
- @option{allow-ocsp} in @file{dirmngr.conf}.
+Most likely the option @option{enable-ocsp} is active for gpgsm
+but Dirmngr's OCSP feature has not been enabled using
+ at option{allow-ocsp} in @file{dirmngr.conf}.
+
+ at item The Curses based Pinentry does not work
+
+The far most common reason for this is that the environment variable
+ at code{GPG_TTY} has not been set correctly. Make sure that it has been
+set to a real tty devce and not just to @samp{/dev/tty};
+i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is
+ at samp{GPG_TTY=`tty`} --- note the back ticks. Also make sure that
+this environment variable gets exported, that is you should follow up
+the setting with an @samp{export GPG_TTY} (assuming a Bourne style
+shell). Even for GUI based Pinentries; you should have set
+ at code{GPG_TTY}. See the section on installing the @program{gpg-agent}
+on how to do it.
+
+
@end itemize
Index: gnupg/doc/gpg-agent.texi
diff -u gnupg/doc/gpg-agent.texi:1.1.2.11 gnupg/doc/gpg-agent.texi:1.1.2.12
--- gnupg/doc/gpg-agent.texi:1.1.2.11 Wed Oct 20 10:54:45 2004
+++ gnupg/doc/gpg-agent.texi Tue Nov 23 18:09:51 2004
@@ -43,7 +43,7 @@
@end smallexample
@noindent
-You should aleays add the following lines to your @code{.bashrc} or
+You should aleways add the following lines to your @code{.bashrc} or
whatever initialization file is used for all shell invocations:
@smallexample
Index: gnupg/doc/gpgsm.texi
diff -u gnupg/doc/gpgsm.texi:1.1.2.17 gnupg/doc/gpgsm.texi:1.1.2.18
--- gnupg/doc/gpgsm.texi:1.1.2.17 Thu Sep 30 10:38:32 2004
+++ gnupg/doc/gpgsm.texi Tue Nov 23 18:09:51 2004
@@ -262,6 +262,12 @@
fallback when the environment variable @code{DIRMNGR_INFO} is not set or
a running dirmngr can't be connected.
+ at item --prefer-system-dirmngr
+ at opindex prefer-system-dirmngr
+If a system wide @command{dirmngr} is running in daemon mode, first try
+to connect to this one. Fallback to a pipe based server if this does
+not work.
+
@item --no-secmem-warning
@opindex no-secmem-warning
Don't print a warning when the so called "secure memory" can't be used.
Index: gnupg/jnlib/ChangeLog
diff -u gnupg/jnlib/ChangeLog:1.3.2.16 gnupg/jnlib/ChangeLog:1.3.2.17
--- gnupg/jnlib/ChangeLog:1.3.2.16 Fri Oct 22 11:41:24 2004
+++ gnupg/jnlib/ChangeLog Tue Nov 23 18:09:51 2004
@@ -1,3 +1,12 @@
+2004-11-22 Werner Koch <wk at g10code.com>
+
+ * logging.c (log_test_fd): Add test on LOGSTREAM. Reported by
+ Barry Schwartz.
+
+2004-11-18 Werner Koch <wk at g10code.com>
+
+ * logging.c: Explicitly include sys/stat.h for the S_I* constants.
+
2004-10-21 Werner Koch <wk at g10code.com>
* logging.c (do_logv): Use set_log_stream to setup a default.
Index: gnupg/jnlib/logging.c
diff -u gnupg/jnlib/logging.c:1.2.2.9 gnupg/jnlib/logging.c:1.2.2.10
--- gnupg/jnlib/logging.c:1.2.2.9 Fri Oct 22 11:41:24 2004
+++ gnupg/jnlib/logging.c Tue Nov 23 18:09:51 2004
@@ -35,6 +35,7 @@
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
+#include <sys/stat.h>
#include <sys/un.h>
#include <unistd.h>
#include <fcntl.h>
@@ -411,9 +412,12 @@
int
log_test_fd (int fd)
{
- int tmp = fileno (logstream);
- if ( tmp != -1 && tmp == fd)
- return 1;
+ if (logstream)
+ {
+ int tmp = fileno (logstream);
+ if ( tmp != -1 && tmp == fd)
+ return 1;
+ }
if (log_socket != -1 && log_socket == fd)
return 1;
return 0;
Index: gnupg/sm/ChangeLog
diff -u gnupg/sm/ChangeLog:1.101.2.73 gnupg/sm/ChangeLog:1.101.2.74
--- gnupg/sm/ChangeLog:1.101.2.73 Fri Oct 22 14:30:52 2004
+++ gnupg/sm/ChangeLog Tue Nov 23 18:09:51 2004
@@ -1,3 +1,8 @@
+2004-11-23 Werner Koch <wk at g10code.com>
+
+ * gpgsm.c: New option --prefer-system-dirmngr.
+ * call-dirmngr.c (start_dirmngr): Implement this option.
+
2004-10-22 Werner Koch <wk at g10code.com>
* certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate
Index: gnupg/sm/call-dirmngr.c
diff -u gnupg/sm/call-dirmngr.c:1.16.2.8 gnupg/sm/call-dirmngr.c:1.16.2.9
--- gnupg/sm/call-dirmngr.c:1.16.2.8 Wed Aug 18 16:38:46 2004
+++ gnupg/sm/call-dirmngr.c Tue Nov 23 18:09:51 2004
@@ -35,6 +35,8 @@
#include "i18n.h"
#include "keydb.h"
+/* The name of the socket for a system daemon. */
+#define DEFAULT_SOCKET_NAME "/var/run/dirmngr/socket"
struct membuf {
size_t len;
@@ -145,6 +147,7 @@
int rc;
char *infostr, *p;
ASSUAN_CONTEXT ctx;
+ int try_default = 0;
if (dirmngr_ctx)
return 0; /* fixme: We need a context for each thread or serialize
@@ -153,6 +156,12 @@
to take care of the implicit option sending caching. */
infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO");
+ if (opt.prefer_system_dirmngr && !force_pipe_server
+ &&(!infostr || !*infostr))
+ {
+ infostr = DEFAULT_SOCKET_NAME;
+ try_default = 1;
+ }
if (!infostr || !*infostr)
{
const char *pgmname;
@@ -197,26 +206,31 @@
int pid;
infostr = xstrdup (infostr);
- if ( !(p = strchr (infostr, ':')) || p == infostr)
+ if (!try_default && *infostr)
{
- log_error (_("malformed DIRMNGR_INFO environment variable\n"));
- xfree (infostr);
- force_pipe_server = 1;
- return start_dirmngr ();
- }
- *p++ = 0;
- pid = atoi (p);
- while (*p && *p != ':')
- p++;
- prot = *p? atoi (p+1) : 0;
- if (prot != 1)
- {
- log_error (_("dirmngr protocol version %d is not supported\n"),
- prot);
- xfree (infostr);
- force_pipe_server = 1;
- return start_dirmngr ();
+ if ( !(p = strchr (infostr, ':')) || p == infostr)
+ {
+ log_error (_("malformed DIRMNGR_INFO environment variable\n"));
+ xfree (infostr);
+ force_pipe_server = 1;
+ return start_dirmngr ();
+ }
+ *p++ = 0;
+ pid = atoi (p);
+ while (*p && *p != ':')
+ p++;
+ prot = *p? atoi (p+1) : 0;
+ if (prot != 1)
+ {
+ log_error (_("dirmngr protocol version %d is not supported\n"),
+ prot);
+ xfree (infostr);
+ force_pipe_server = 1;
+ return start_dirmngr ();
+ }
}
+ else
+ pid = -1;
rc = assuan_socket_connect (&ctx, infostr, pid);
xfree (infostr);
Index: gnupg/sm/gpgsm.c
diff -u gnupg/sm/gpgsm.c:1.67.2.30 gnupg/sm/gpgsm.c:1.67.2.31
--- gnupg/sm/gpgsm.c:1.67.2.30 Fri Oct 1 14:53:08 2004
+++ gnupg/sm/gpgsm.c Tue Nov 23 18:09:51 2004
@@ -107,6 +107,7 @@
oLCctype,
oLCmessages,
+ oPreferSystemDirmngr,
oDirmngrProgram,
oProtectToolProgram,
oFakedSystemTime,
@@ -272,7 +273,8 @@
{ oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")},
-
+ { oPreferSystemDirmngr,"prefer-system-dirmngr", 0,
+ N_("use system's dirmngr if available")},
{ oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")},
{ oEnableCRLChecks, "enable-crl-checks", 0, "@"},
{ oForceCRLRefresh, "force-crl-refresh", 0, "@"},
@@ -1047,6 +1049,7 @@
case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break;
case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
+ case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break;
case oProtectToolProgram:
opt.protect_tool_program = pargs.r.ret_str;
break;
@@ -1333,6 +1336,8 @@
GC_OPT_FLAG_NONE );
printf ("auto-issuer-key-retrieve:%lu:\n",
GC_OPT_FLAG_NONE );
+ printf ("prefer-system-dirmngr:%lu:\n",
+ GC_OPT_FLAG_NONE );
}
break;
Index: gnupg/sm/gpgsm.h
diff -u gnupg/sm/gpgsm.h:1.54.2.21 gnupg/sm/gpgsm.h:1.54.2.22
--- gnupg/sm/gpgsm.h:1.54.2.21 Thu Sep 30 23:37:06 2004
+++ gnupg/sm/gpgsm.h Tue Nov 23 18:09:51 2004
@@ -55,6 +55,7 @@
char *lc_messages;
const char *dirmngr_program;
+ int prefer_system_dirmngr; /* Prefer using a system wide drimngr. */
const char *protect_tool_program;
char *outfile; /* name of output file */
Index: gnupg/tools/ChangeLog
diff -u gnupg/tools/ChangeLog:1.25.2.55 gnupg/tools/ChangeLog:1.25.2.56
--- gnupg/tools/ChangeLog:1.25.2.55 Fri Oct 22 14:31:04 2004
+++ gnupg/tools/ChangeLog Tue Nov 23 18:09:51 2004
@@ -1,3 +1,12 @@
+2004-11-23 Werner Koch <wk at g10code.com>
+
+ * gpgconf-comp.c <dirmngr>: Add the proxy options.
+ <gpgsm>: Add --prefer-system-daemon.
+
+2004-11-11 Werner Koch <wk at g10code.com>
+
+ * watchgnupg.c (main): Fixed test for read error.
+
2004-10-22 Werner Koch <wk at g10code.com>
* Makefile.am (bin_SCRIPTS): Add gpgsm-gencert.sh
Index: gnupg/tools/gpgconf-comp.c
diff -u gnupg/tools/gpgconf-comp.c:1.1.2.43 gnupg/tools/gpgconf-comp.c:1.1.2.44
--- gnupg/tools/gpgconf-comp.c:1.1.2.43 Fri Oct 1 18:51:18 2004
+++ gnupg/tools/gpgconf-comp.c Tue Nov 23 18:09:51 2004
@@ -628,6 +628,9 @@
{ "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
"gnupg", "|FILE|read options from FILE",
GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPGSM },
+ { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", "use system's dirmngr if available",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
{ "Debug",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
@@ -731,10 +734,29 @@
"dirmngr", "force loading of outdated CRLs",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "HTTP",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+ "gnupg", N_("Configuration for HTTP servers") },
+ { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "inhibit the use of HTTP",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "|URL|redirect all HTTP requests to URL",
+ GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+
{ "LDAP",
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
"gnupg", N_("Configuration of LDAP servers to use") },
- { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "inhibit the use of LDAP",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "|HOST|use HOST for LDAP queries",
+ GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+ { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "do not use fallback hosts with --ldap-proxy",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"dirmngr", "add new servers discovered in CRL distribution points"
" to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
Index: gnupg/tools/watchgnupg.c
diff -u gnupg/tools/watchgnupg.c:1.1.2.5 gnupg/tools/watchgnupg.c:1.1.2.6
--- gnupg/tools/watchgnupg.c:1.1.2.5 Thu Feb 12 11:02:22 2004
+++ gnupg/tools/watchgnupg.c Tue Nov 23 18:09:51 2004
@@ -354,7 +354,7 @@
int n;
n = read (client->fd, line, sizeof line - 1);
- if (n == 1)
+ if (n < 0)
{
int save_errno = errno;
print_line (client, NULL); /* flush */
More information about the Gnupg-commits
mailing list