[svn] GnuPG - r4220 - in trunk: . agent common doc g10 include
keyserver m4 sm
svn author wk
cvs at cvs.gnupg.org
Wed Aug 16 12:48:01 CEST 2006
Author: wk
Date: 2006-08-16 12:47:53 +0200 (Wed, 16 Aug 2006)
New Revision: 4220
Added:
trunk/common/keyserver.h
trunk/common/srv.c
trunk/common/srv.h
Removed:
trunk/include/keyserver.h
Modified:
trunk/ChangeLog
trunk/Makefile.am
trunk/TODO
trunk/agent/ChangeLog
trunk/agent/preset-passphrase.c
trunk/common/ChangeLog
trunk/common/Makefile.am
trunk/common/http.c
trunk/configure.ac
trunk/doc/gpg-agent.texi
trunk/g10/ChangeLog
trunk/g10/Makefile.am
trunk/g10/call-agent.c
trunk/g10/call-agent.h
trunk/g10/gpg.c
trunk/g10/gpgv.c
trunk/g10/keydb.h
trunk/g10/keygen.c
trunk/g10/keyid.c
trunk/g10/keyserver.c
trunk/g10/misc.c
trunk/g10/pubkey-enc.c
trunk/include/ChangeLog
trunk/include/distfiles
trunk/include/http.h
trunk/keyserver/ChangeLog
trunk/keyserver/Makefile.am
trunk/keyserver/curl-shim.c
trunk/keyserver/curl-shim.h
trunk/keyserver/gpgkeys_finger.c
trunk/m4/Makefile.am
trunk/m4/ldap.m4
trunk/sm/certreqgen.c
Log:
With --enable-gpg the keyservers are now build and a first test using gpg2
shows no prblems. Needs more testing of course.
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/ChangeLog 2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,10 @@
+2006-08-15 Werner Koch <wk at g10code.com>
+
+ * Makefile.am (keyserver): Enable building of keyserver helpers.
+
+ * configure.ac: Merged with the current configure from 1.4.5.
+ Require libgpg-error 1.2 and libksba 0.9.16.
+
2006-07-29 Marcus Brinkmann <marcus at g10code.de>
* README: Spelling fixes.
Modified: trunk/Makefile.am
===================================================================
--- trunk/Makefile.am 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/Makefile.am 2006-08-16 10:47:53 UTC (rev 4220)
@@ -35,8 +35,7 @@
if BUILD_GPG
gpg = g10
-# fixme: Noy yet ready for a build
-keyserver =
+keyserver = keyserver
else
gpg =
keyserver =
Modified: trunk/TODO
===================================================================
--- trunk/TODO 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/TODO 2006-08-16 10:47:53 UTC (rev 4220)
@@ -119,3 +119,9 @@
Add completion support.
** yesno
Update to gpg 1.4.3 version
+
+
+what about gnupg_use_iconv?
+Extend selinux support to other modules
+Does the check for Linux capabilities still makes sense?
+
Modified: trunk/agent/ChangeLog
===================================================================
--- trunk/agent/ChangeLog 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/agent/ChangeLog 2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,9 @@
+2006-07-31 Werner Koch <wk at g10code.com>
+
+ * preset-passphrase.c (make_hexstring): For conistency use
+ xtrymalloc and changed caller to use xfree. Fixed function
+ comment.
+
2006-07-29 Marcus Brinkmann <marcus at g10code.de>
* preset-passphrase.c (preset_passphrase): Do not strip off last
@@ -23,7 +29,7 @@
2006-06-26 Werner Koch <wk at g10code.com>
- * gpg-agent.c (handle_signal): Print infor for SIGUSR2 only in
+ * gpg-agent.c (handle_signal): Print info for SIGUSR2 only in
verbose mode.
2006-06-22 Werner Koch <wk at g10code.com>
Modified: trunk/agent/preset-passphrase.c
===================================================================
--- trunk/agent/preset-passphrase.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/agent/preset-passphrase.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -152,8 +152,8 @@
}
-/* Percent-Escape special characters. The string is valid until the
- next invocation of the function. */
+/* Convert the string SRC into HEX encoding. Caller needs to xfree
+ the returned string. */
static char *
make_hexstring (const char *src)
{
@@ -161,7 +161,7 @@
char *dst;
char *res;
- res = dst = malloc (len);
+ res = dst = xtrymalloc (len);
if (!dst)
{
log_error ("can not escape string: %s\n",
@@ -225,7 +225,7 @@
rc = asprintf (&line, "PRESET_PASSPHRASE %s -1 %s\n", keygrip,
passphrase_esc);
wipememory (passphrase_esc, strlen (passphrase_esc));
- free (passphrase_esc);
+ xfree (passphrase_esc);
if (rc < 0)
{
Modified: trunk/common/ChangeLog
===================================================================
--- trunk/common/ChangeLog 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/ChangeLog 2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,11 @@
+2006-08-16 Werner Koch <wk at g10code.com>
+
+ * keyserver.h: Moved from ../include to here.
+
+ * http.c: Include srv.h.
+
+ * srv.c, srv.h: New. Taken from GnuPG 1.4
+
2006-08-14 Werner Koch <wk at g10code.com>
* http.h (struct http_context_s): Moved to implementation.
Modified: trunk/common/Makefile.am
===================================================================
--- trunk/common/Makefile.am 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/Makefile.am 2006-08-16 10:47:53 UTC (rev 4220)
@@ -51,6 +51,7 @@
signal.c \
dynload.h \
estream.c estream.h \
+ srv.c srv.h \
dns-cert.c dns-cert.h \
pka.c pka.h \
http.c http.h
Modified: trunk/common/http.c
===================================================================
--- trunk/common/http.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/http.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -67,10 +67,11 @@
#include "util.h"
#include "http.h"
-
+#ifdef USE_DNS_SRV
+#include "srv.h"
+#else /*!USE_DNS_SRV*/
/* If we are not compiling with SRV record support we provide stub
data structures. */
-#ifndef USE_DNS_SRV
#ifndef MAXDNAME
#define MAXDNAME 1025
#endif
@@ -1366,7 +1367,7 @@
{
char srvname[MAXDNAME];
- stprcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
+ stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
"._tcp."), server);
srvcount = getsrv (srvname, &serverlist);
}
Copied: trunk/common/keyserver.h (from rev 4218, trunk/include/keyserver.h)
===================================================================
--- trunk/include/keyserver.h 2006-08-11 11:04:38 UTC (rev 4218)
+++ trunk/common/keyserver.h 2006-08-16 10:47:53 UTC (rev 4220)
@@ -0,0 +1,44 @@
+/* keyserver.h - Public definitions for gpg keyserver helpers.
+ * Copyright (C) 2001, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#ifndef GNUPG_COMMON_KEYSERVER_H
+#define GNUPG_COMMON_KEYSERVER_H
+
+#define KEYSERVER_PROTO_VERSION 1
+
+/* These are usable for return codes for the gpgkeys_ process, and
+ also KEY FAILED codes. */
+#define KEYSERVER_OK 0 /* not an error */
+#define KEYSERVER_INTERNAL_ERROR 1 /* gpgkeys_ internal error */
+#define KEYSERVER_NOT_SUPPORTED 2 /* operation not supported */
+#define KEYSERVER_VERSION_ERROR 3 /* VERSION mismatch */
+#define KEYSERVER_GENERAL_ERROR 4 /* keyserver internal error */
+#define KEYSERVER_NO_MEMORY 5 /* out of memory */
+#define KEYSERVER_KEY_NOT_FOUND 6 /* key not found */
+#define KEYSERVER_KEY_EXISTS 7 /* key already exists */
+#define KEYSERVER_KEY_INCOMPLETE 8 /* key incomplete (EOF) */
+#define KEYSERVER_UNREACHABLE 9 /* unable to contact keyserver */
+#define KEYSERVER_TIMEOUT 10 /* timeout while accessing keyserver */
+
+/* Must be 127 due to shell internal magic. */
+#define KEYSERVER_SCHEME_NOT_FOUND 127
+
+#endif /*GNUPG_COMMON_KEYSERVER_H*/
Copied: trunk/common/srv.c (from rev 4219, branches/STABLE-BRANCH-1-4/util/srv.c)
===================================================================
--- branches/STABLE-BRANCH-1-4/util/srv.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/srv.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -0,0 +1,257 @@
+/* srv.c - DNS SRV code
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <sys/types.h>
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#endif
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include "util.h"
+#include "srv.h"
+
+/* Not every installation has gotten around to supporting SRVs
+ yet... */
+#ifndef T_SRV
+#define T_SRV 33
+#endif
+
+static int
+priosort(const void *a,const void *b)
+{
+ const struct srventry *sa=a,*sb=b;
+ if(sa->priority>sb->priority)
+ return 1;
+ else if(sa->priority<sb->priority)
+ return -1;
+ else
+ return 0;
+}
+
+int
+getsrv(const char *name,struct srventry **list)
+{
+ unsigned char answer[PACKETSZ];
+ int r,srvcount=0;
+ unsigned char *pt,*emsg;
+ u16 count,dlen;
+
+ *list=NULL;
+
+ r=res_query(name,C_IN,T_SRV,answer,PACKETSZ);
+ if(r<sizeof(HEADER) || r>PACKETSZ)
+ return -1;
+
+ if((((HEADER *)answer)->rcode)==NOERROR &&
+ (count=ntohs(((HEADER *)answer)->ancount)))
+ {
+ int i,rc;
+
+ emsg=&answer[r];
+ pt=&answer[sizeof(HEADER)];
+
+ /* Skip over the query */
+
+ rc=dn_skipname(pt,emsg);
+ if(rc==-1)
+ goto fail;
+
+ pt+=rc+QFIXEDSZ;
+
+ while(count-->0 && pt<emsg)
+ {
+ struct srventry *srv=NULL;
+ u16 type,class;
+
+ *list=xrealloc(*list,(srvcount+1)*sizeof(struct srventry));
+ memset(&(*list)[srvcount],0,sizeof(struct srventry));
+ srv=&(*list)[srvcount];
+ srvcount++;
+
+ rc=dn_skipname(pt,emsg); /* the name we just queried for */
+ if(rc==-1)
+ goto fail;
+ pt+=rc;
+
+ /* Truncated message? */
+ if((emsg-pt)<16)
+ goto fail;
+
+ type=*pt++ << 8;
+ type|=*pt++;
+ /* We asked for SRV and got something else !? */
+ if(type!=T_SRV)
+ goto fail;
+
+ class=*pt++ << 8;
+ class|=*pt++;
+ /* We asked for IN and got something else !? */
+ if(class!=C_IN)
+ goto fail;
+
+ pt+=4; /* ttl */
+ dlen=*pt++ << 8;
+ dlen|=*pt++;
+ srv->priority=*pt++ << 8;
+ srv->priority|=*pt++;
+ srv->weight=*pt++ << 8;
+ srv->weight|=*pt++;
+ srv->port=*pt++ << 8;
+ srv->port|=*pt++;
+
+ /* Get the name. 2782 doesn't allow name compression, but
+ dn_expand still works to pull the name out of the
+ packet. */
+ rc=dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
+ if(rc==1 && srv->target[0]==0) /* "." */
+ goto noanswer;
+ if(rc==-1)
+ goto fail;
+ pt+=rc;
+ /* Corrupt packet? */
+ if(dlen!=rc+6)
+ goto fail;
+
+#if 0
+ printf("count=%d\n",srvcount);
+ printf("priority=%d\n",srv->priority);
+ printf("weight=%d\n",srv->weight);
+ printf("port=%d\n",srv->port);
+ printf("target=%s\n",srv->target);
+#endif
+ }
+
+ /* Now we have an array of all the srv records. */
+
+ /* Order by priority */
+ qsort(*list,srvcount,sizeof(struct srventry),priosort);
+
+ /* For each priority, move the zero-weighted items first. */
+ for(i=0;i<srvcount;i++)
+ {
+ int j;
+
+ for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
+ {
+ if((*list)[j].weight==0)
+ {
+ /* Swap j with i */
+ if(j!=i)
+ {
+ struct srventry temp;
+
+ memcpy(&temp,&(*list)[j],sizeof(struct srventry));
+ memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
+ memcpy(&(*list)[i],&temp,sizeof(struct srventry));
+ }
+
+ break;
+ }
+ }
+ }
+
+ /* Run the RFC-2782 weighting algorithm. We don't need very
+ high quality randomness for this, so regular libc srand/rand
+ is sufficient. */
+ srand(time(NULL)*getpid());
+
+ for(i=0;i<srvcount;i++)
+ {
+ int j;
+ float prio_count=0,chose;
+
+ for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
+ {
+ prio_count+=(*list)[j].weight;
+ (*list)[j].run_count=prio_count;
+ }
+
+ chose=prio_count*rand()/RAND_MAX;
+
+ for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
+ {
+ if(chose<=(*list)[j].run_count)
+ {
+ /* Swap j with i */
+ if(j!=i)
+ {
+ struct srventry temp;
+
+ memcpy(&temp,&(*list)[j],sizeof(struct srventry));
+ memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
+ memcpy(&(*list)[i],&temp,sizeof(struct srventry));
+ }
+ break;
+ }
+ }
+ }
+ }
+
+ return srvcount;
+
+ noanswer:
+ xfree(*list);
+ *list=NULL;
+ return 0;
+
+ fail:
+ xfree(*list);
+ *list=NULL;
+ return -1;
+}
+
+#ifdef TEST
+int
+main(int argc,char *argv[])
+{
+ struct srventry *srv;
+ int rc,i;
+
+ rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
+ printf("Count=%d\n\n",rc);
+ for(i=0;i<rc;i++)
+ {
+ printf("priority=%hu\n",srv[i].priority);
+ printf("weight=%hu\n",srv[i].weight);
+ printf("port=%hu\n",srv[i].port);
+ printf("target=%s\n",srv[i].target);
+ printf("\n");
+ }
+
+ xfree(srv);
+
+ return 0;
+}
+#endif /* TEST */
+
+/*
+Local Variables:
+compile-command: "cc -DTEST -I.. -I../include -Wall -g -o srv srv.c -lresolv libutil.a"
+End:
+*/
Copied: trunk/common/srv.h (from rev 4219, branches/STABLE-BRANCH-1-4/util/srv.h)
===================================================================
--- branches/STABLE-BRANCH-1-4/util/srv.h 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/srv.h 2006-08-16 10:47:53 UTC (rev 4220)
@@ -0,0 +1,51 @@
+/* srv.h
+ * Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#ifndef GNUPG_COMMON_SRV_H
+#define GNUPG_COMMON_SRV_H
+
+#ifdef USE_DNS_SRV
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#endif /* !_WIN32 */
+#endif /* USE_DNS_SRV */
+
+
+#ifndef MAXDNAME
+#define MAXDNAME 1025
+#endif
+
+struct srventry
+{
+ unsigned short priority;
+ unsigned short weight;
+ unsigned short port;
+ int run_count;
+ char target[MAXDNAME];
+};
+
+int getsrv(const char *name,struct srventry **list);
+
+#endif /*GNUPG_COMMON_SRV_H*/
Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/configure.ac 2006-08-16 10:47:53 UTC (rev 4220)
@@ -33,19 +33,20 @@
m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
|| echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q}')]))
AC_INIT([gnupg], my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision]),
- [gnupg-devel at gnupg.org])
+ [bug-gnupg at gnupg.org])
# Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not
# sufficient.
development_version=yes
-NEED_GPG_ERROR_VERSION=1.0
+NEED_GPG_ERROR_VERSION=1.2
+
NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.1.94
NEED_LIBASSUAN_VERSION=0.6.10
-NEED_KSBA_VERSION=0.9.13
+NEED_KSBA_VERSION=0.9.16
PACKAGE=$PACKAGE_NAME
@@ -61,20 +62,24 @@
AC_GNU_SOURCE
-# Some status variables to give feedback at the end of a configure run
+# Some status variables.
have_gpg_error=no
have_libgcrypt=no
have_libassuan=no
have_ksba=no
have_pth=no
+use_bzip2=yes
+use_exec=yes
+disable_keyserver_path=no
+
+
GNUPG_BUILD_PROGRAM(gpg, no)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
GNUPG_BUILD_PROGRAM(agent, yes)
GNUPG_BUILD_PROGRAM(scdaemon, yes)
GNUPG_BUILD_PROGRAM(symcryptrun, no)
-
AC_SUBST(PACKAGE)
AC_SUBST(PACKAGE_GT)
AC_SUBST(VERSION)
@@ -140,8 +145,7 @@
&& show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
-
-# Some folks want to use only the agent form this packet. Make it
+# Some folks want to use only the agent from this packet. Make it
# easier for them by providing the configure option
# --enable-only-agent.
AC_ARG_ENABLE(agent-only,
@@ -149,9 +153,17 @@
build_agent_only=$enableval)
+# SELinux support includes tracking of sensitive files to avoid
+# leaking their contents through processing these files by gpg itself
+AC_MSG_CHECKING([whether SELinux support is requested])
+AC_ARG_ENABLE(selinux-support,
+ AC_HELP_STRING([--enable-selinux-support],
+ [enable SELinux support]),
+ selinux_support=$enableval, selinux_support=no)
+AC_MSG_RESULT($selinux_support)
+
# Allow disabling of bzib2 support.
# It is defined only after we confirm the library is available later
-use_bzip2=yes
AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
AC_ARG_ENABLE(bzip2,
AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
@@ -204,92 +216,102 @@
AC_MSG_RESULT($enableval)
if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
+ # LDAP is defined only after we confirm the library is available later
AC_MSG_CHECKING([whether LDAP keyserver support is requested])
AC_ARG_ENABLE(ldap,
- [ --disable-ldap disable LDAP keyserver interface],
- try_ldap=$enableval, try_ldap=yes)
+ AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
+ try_ldap=$enableval, try_ldap=yes)
AC_MSG_RESULT($try_ldap)
AC_MSG_CHECKING([whether HKP keyserver support is requested])
AC_ARG_ENABLE(hkp,
- [ --disable-hkp disable HKP keyserver interface],
- try_hkp=$enableval, try_hkp=yes)
+ AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
+ try_hkp=$enableval, try_hkp=yes)
AC_MSG_RESULT($try_hkp)
- if test "$try_hkp" = yes ; then
- AC_SUBST(GPGKEYS_HKP,"gpgkeys_hkp$EXEEXT")
- fi
+ AC_MSG_CHECKING([whether finger key fetching support is requested])
+ AC_ARG_ENABLE(finger,
+ AC_HELP_STRING([--disable-finger],
+ [disable finger key fetching interface only]),
+ try_finger=$enableval, try_finger=yes)
+ AC_MSG_RESULT($try_finger)
+ AC_MSG_CHECKING([whether generic object key fetching support is requested])
+ AC_ARG_ENABLE(generic,
+ AC_HELP_STRING([--disable-generic],
+ [disable generic object key fetching interface only]),
+ try_generic=$enableval, try_generic=yes)
+ AC_MSG_RESULT($try_generic)
+
AC_MSG_CHECKING([whether email keyserver support is requested])
AC_ARG_ENABLE(mailto,
- [ --disable-mailto disable email keyserver interface],
- try_mailto=$enableval, try_mailto=yes)
+ AC_HELP_STRING([--enable-mailto],
+ [enable email keyserver interface only]),
+ try_mailto=$enableval, try_mailto=no)
AC_MSG_RESULT($try_mailto)
fi
AC_MSG_CHECKING([whether keyserver exec-path is enabled])
AC_ARG_ENABLE(keyserver-path,
- [ --disable-keyserver-path disable the exec-path option for keyserver helpers],
- [if test "$enableval" = no ; then
- AC_DEFINE(DISABLE_KEYSERVER_PATH,1,[define to disable exec-path for keyserver helpers])
- fi],enableval=yes)
+ AC_HELP_STRING([--disable-keyserver-path],
+ [disable the exec-path option for keyserver helpers]),
+ [if test "$enableval" = no ; then
+ disable_keyserver_path=yes
+ fi],enableval=yes)
AC_MSG_RESULT($enableval)
fi
-dnl
-dnl Check for the key/uid cache size. This can't be zero, but can be
-dnl pretty small on embedded systems.
-dnl
+#
+# Check for the key/uid cache size. This can't be zero, but can be
+# pretty small on embedded systems. This is used for the gpg part.
+#
AC_MSG_CHECKING([for the size of the key and uid cache])
AC_ARG_ENABLE(key-cache,
- AC_HELP_STRING([--enable-key-cache=SIZE],[Set key cache to SIZE (default 4096)]),,enableval=4096)
-
+ AC_HELP_STRING([--enable-key-cache=SIZE],
+ [Set key cache to SIZE (default 4096)]),,enableval=4096)
if test "$enableval" = "no"; then
enableval=5
elif test "$enableval" = "yes" || test "$enableval" = ""; then
enableval=4096
fi
-
changequote(,)dnl
key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
changequote([,])dnl
-
if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
AC_MSG_ERROR([invalid key-cache size])
fi
-
AC_MSG_RESULT($key_cache_size)
-AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,[Size of the key and UID caches])
+AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,
+ [Size of the key and UID caches])
-dnl
-dnl Check whether we want to use Linux capabilities
-dnl
+#
+# Check whether we want to use Linux capabilities
+#
AC_MSG_CHECKING([whether use of capabilities is requested])
AC_ARG_WITH(capabilities,
[ --with-capabilities use linux capabilities [default=no]],
[use_capabilities="$withval"],[use_capabilities=no])
AC_MSG_RESULT($use_capabilities)
+#
+# To avoid double inclusion of config.h which might happen at some
+# places, we add the usual double inclusion protection at the top of
+# config.h.
+#
+AH_TOP([
+#ifndef GNUPG_CONFIG_H_INCLUDED
+#define GNUPG_CONFIG_H_INCLUDED
+])
+#
+# Stuff which goes at the bottom of config.h.
+#
AH_BOTTOM([
-/* Some global constants. */
-#ifdef HAVE_DRIVE_LETTERS
-#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
-#elif defined(__VMS)
-#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
-#else
-#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
-#endif
-#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
-
-/* Tell libgcrypt not to use its own libgpg-error implementation. */
-#define USE_LIBGPG_ERROR 1
-
/* This is the major version number of GnuPG so that
- source included files can test for this. Note, that\
+ source included files can test for this. Note, that
we use 2 here even for GnuPG 1.9.x. */
#define GNUPG_MAJOR_VERSION 2
@@ -322,6 +344,16 @@
#define SAFE_VERSION_DOT '.'
#define SAFE_VERSION_DASH '-'
+/* Some global constants. */
+#ifdef HAVE_DRIVE_LETTERS
+#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
+#elif defined(__VMS)
+#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
+#else
+#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
+#endif
+#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
+
/* For some systems (DOS currently), we hardcode the path here. For
POSIX systems the values are constructed by the Makefiles, so that
the values may be overridden by the make invocations; this is to
@@ -357,13 +389,37 @@
#define EXEC_TEMPFILE_ONLY
#endif
-/* Temporary hacks to avoid requring a libgpg-error update. */
-#if !HAVE_DECL_GPG_ERR_LOCKED
-#define GPG_ERR_LOCKED 173
+
+/* We didn't define endianness above, so get it from OS macros. This
+ is intended for making fat binary builds on OS X. */
+#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST)
+#if defined(__BIG_ENDIAN__)
+#define BIG_ENDIAN_HOST 1
+#elif defined(__LITTLE_ENDIAN__)
+#define LITTLE_ENDIAN_HOST 1
+#else
+#error "No endianness found"
#endif
+#endif
+
+/* Tell libgcrypt not to use its own libgpg-error implementation. */
+#define USE_LIBGPG_ERROR 1
+
+/* We use jnlib, so tell other modules about it. */
+#define HAVE_JNLIB_LOGGING 1
+
+/* Our HTTP code is used in estream mode. */
+#define HTTP_USE_ESTREAM 1
+
+/* We always include support for the OpenPGP card. */
+#define ENABLE_CARD_SUPPORT 1
+
+
+#endif /*GNUPG_CONFIG_H_INCLUDED*/
])
+
AM_MAINTAINER_MODE
# Checks for programs.
@@ -380,7 +436,6 @@
AC_PROG_CPP
AC_PROG_INSTALL
AC_PROG_LN_S
-AC_PROG_MAKE_SET
AC_PROG_RANLIB
AC_CHECK_TOOL(AR, ar, :)
AC_PATH_PROG(PERL,"perl")
@@ -391,11 +446,13 @@
AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes)
GNUPG_CHECK_FAQPROG
GNUPG_CHECK_DOCBOOK_TO_TEXI
+GNUPG_CHECK_USTAR
try_gettext=yes
have_dosish_system=no
have_w32_system=no
+use_simple_gettext=no
case "${host}" in
*-mingw32*)
# special stuff for Windoze NT
@@ -408,9 +465,11 @@
[because the Unix gettext has too much overhead on
MingW32 systems and these systems lack Posix functions,
we use a simplified version of gettext])
+ disable_keyserver_path=yes
have_dosish_system=yes
have_w32_system=yes
try_gettext="no"
+ use_simple_gettext=yes
;;
i?86-emx-os2 | i?86-*-os2*emx )
# OS/2 with the EMX environment
@@ -448,11 +507,11 @@
;;
*-dec-osf5*)
if test -z "$GCC" ; then
- # Use the newer compiler `-msg_disable ptrmismatch' to
+ # Use the newer compiler `-msg_disable ptrmismatch1' to
# get rid of the unsigned/signed char mismatch warnings.
# Using this may hide other pointer mismatch warnings, but
# it at least lets other warning classes through
- CFLAGS="$CFLAGS -msg_disable ptrmismatch"
+ CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
fi
;;
m68k-atari-mint)
@@ -469,15 +528,31 @@
fi
AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
+AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes)
+
if test "$have_w32_system" = yes; then
AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
fi
AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
-# These need to go after AC_PROG_CC so that $EXEEXT is defined
+if test "$disable_keyserver_path" = yes; then
+ AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
+ [Defined to disable exec-path for keyserver helpers])
+fi
+
+# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
+if test x"$try_hkp" = xyes ; then
+ AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
+fi
+if test x"$try_finger" = xyes ; then
+ AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
+fi
+
+
+
#
# Checks for libraries.
#
@@ -513,15 +588,12 @@
# libksba is our X.509 support library
#
AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
-# fixme: Remove the following test and require newer libksba instead.
-_ksba_save_libs=$LIBS
-LIBS=$KSBA_LIBS
-AC_CHECK_FUNCS(ksba_dn_teststr)
-LIBS=$_ksba_save_libs
+
#
# libusb allows us to use the integrated CCID smartcard reader driver.
#
+# FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
AC_CHECK_LIB(usb, usb_bulk_write,
[ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
AC_DEFINE(HAVE_LIBUSB,1,
@@ -556,8 +628,9 @@
"${SHRED}", [defines the filename of the shred program])
+
#
-# Check whether the (highly desirable) GNU Pth library is available
+# Check whether the GNU Pth library is available
# Note, that we include a Pth emulation for W32.
#
AC_ARG_WITH(pth-prefix,
@@ -601,163 +674,166 @@
AC_SUBST(PTH_LIBS)
-dnl Must check for network library requirements before doing link tests
-dnl for ldap, for example. If ldap libs are static (or dynamic and without
-dnl ELF runtime link paths), then link will fail and LDAP support won't
-dnl be detected.
-
+#
+# Must check for network library requirements before doing link tests
+# for ldap, for example. If ldap libs are static (or dynamic and without
+# ELF runtime link paths), then link will fail and LDAP support won't
+# be detected.
+#
AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname,
[NETLIBS="-lnsl $NETLIBS"]))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
[NETLIBS="-lsocket $NETLIBS"]))
-dnl Now try for the resolver functions so we can use DNS SRV
+#
+# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
+#
+if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
+ AC_ARG_ENABLE(dns-srv,
+ AC_HELP_STRING([--disable-dns-srv],
+ [disable the use of DNS SRV in HKP and HTTP]),
+ use_dns_srv=$enableval,use_dns_srv=yes)
+fi
-AC_ARG_ENABLE(dns-srv,
- AC_HELP_STRING([--disable-dns-srv],[disable the use of DNS SRV in HKP]),
- use_dns_srv=$enableval,use_dns_srv=yes)
+AC_ARG_ENABLE(dns-pka,
+ AC_HELP_STRING([--disable-dns-pka],
+ [disable the use of PKA records in DNS]),
+ use_dns_pka=$enableval,use_dns_pka=yes)
-if test x"$try_hkp" = xyes && test x"$use_dns_srv" = xyes ; then
- _srv_save_libs=$LIBS
+AC_ARG_ENABLE(dns-cert,
+ AC_HELP_STRING([--disable-dns-cert],
+ [disable the use of CERT records in DNS]),
+ use_dns_cert=$enableval,use_dns_cert=yes)
+
+if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
+ || test x"$use_dns_cert" = xyes; then
+ _dns_save_libs=$LIBS
LIBS=""
# the double underscore thing is a glibc-ism?
AC_SEARCH_LIBS(res_query,resolv bind,,
- AC_SEARCH_LIBS(__res_query,resolv bind,,use_dns_srv=no))
+ AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
AC_SEARCH_LIBS(dn_expand,resolv bind,,
- AC_SEARCH_LIBS(__dn_expand,resolv bind,,use_dns_srv=no))
+ AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
AC_SEARCH_LIBS(dn_skipname,resolv bind,,
- AC_SEARCH_LIBS(__dn_skipname,resolv bind,,use_dns_srv=no))
+ AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
- if test x"$use_dns_srv" = xyes ; then
- AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
- SRVLIBS=$LIBS
- else
- AC_MSG_WARN([Resolver functions not found. Disabling DNS SRV.])
- fi
- LIBS=$_srv_save_libs
-fi
+ if test x"$have_resolver" != xno ; then
-AC_SUBST(SRVLIBS)
+ # Make sure that the BIND 4 resolver interface is workable before
+ # enabling any code that calls it. At some point I'll rewrite the
+ # code to use the BIND 8 resolver API.
-# Try and link a LDAP test program to weed out unusable LDAP
-# libraries. -lldap [-llber [-lresolv]] is for OpenLDAP. OpenLDAP in
-# general is terrible with creating weird dependencies. If all else
-# fails, the user can play guess-the-dependency by using something
-# like ./configure LDAPLIBS="-Lfoo -lbar"
+ AC_MSG_CHECKING([whether the resolver is usable])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>],
+[[unsigned char answer[PACKETSZ];
+ res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
+ dn_skipname(0,0);
+ dn_expand(0,0,0,0,0);
+]])],have_resolver=yes,have_resolver=no)
+ AC_MSG_RESULT($have_resolver)
-if test "$try_ldap" = yes ; then
- for MY_LDAPLIBS in ${LDAPLIBS+"$LDAPLIBS"} "-lldap" "-lldap -llber" "-lldap -llber -lresolv"; do
- _ldap_save_libs=$LIBS
- LIBS="$MY_LDAPLIBS $NETLIBS $LIBS"
+ # This is Apple-specific and somewhat bizarre as they changed the
+ # define in bind 8 for some reason.
- AC_MSG_CHECKING([whether LDAP via \"$MY_LDAPLIBS\" is present and sane])
- AC_TRY_LINK([#include <ldap.h>],[ldap_open("foobar",1234);],
- [gnupg_cv_func_ldap_init=yes],[gnupg_cv_func_ldap_init=no])
- AC_MSG_RESULT([$gnupg_cv_func_ldap_init])
-
- if test $gnupg_cv_func_ldap_init = no; then
- AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h])
- AC_TRY_LINK([#include <lber.h>
-#include <ldap.h>],[ldap_open("foobar",1234);],
- [gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no])
- AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init])
+ if test x"$have_resolver" != xyes ; then
+ AC_MSG_CHECKING(
+ [whether I can make the resolver usable with BIND_8_COMPAT])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([#define BIND_8_COMPAT
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>],
+[[unsigned char answer[PACKETSZ];
+ res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
+ dn_skipname(0,0); dn_expand(0,0,0,0,0);
+]])],[have_resolver=yes ; need_compat=yes])
+ AC_MSG_RESULT($have_resolver)
fi
+ fi
- if test "$gnupg_cv_func_ldaplber_init" = yes ; then
- AC_DEFINE(NEED_LBER_H,1,[Define if the LDAP library requires including lber.h before ldap.h])
- fi
+ if test x"$have_resolver" = xyes ; then
+ DNSLIBS=$LIBS
- if test "$gnupg_cv_func_ldap_init" = yes || \
- test "$gnupg_cv_func_ldaplber_init" = yes ; then
- LDAPLIBS=$MY_LDAPLIBS
- GPGKEYS_LDAP="gpgkeys_ldap$EXEEXT"
+ if test x"$use_dns_srv" = xyes ; then
+ AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
+ fi
- AC_MSG_CHECKING([whether LDAP supports ldap_get_option])
+ if test x"$use_dns_pka" = xyes ; then
+ AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
+ fi
- if test "$gnupg_cv_func_ldap_init" = yes ; then
- AC_TRY_LINK([#include <ldap.h>],
- [ldap_get_option((void *)0,0,(void *)0);],
- [gnupg_cv_func_ldap_get_option=yes],
- [gnupg_cv_func_ldap_get_option=no])
- else
- AC_TRY_LINK([#include <lber.h>
-#include <ldap.h>],[ldap_get_option((void *)0,0,(void *)0);],
- [gnupg_cv_func_ldap_get_option=yes],
- [gnupg_cv_func_ldap_get_option=no])
- fi
+ if test x"$use_dns_cert" = xyes ; then
+ AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
+ fi
- AC_MSG_RESULT([$gnupg_cv_func_ldap_get_option])
+ if test x"$need_compat" = xyes ; then
+ AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
+ fi
+ else
+ use_dns_srv=no
+ use_dns_pka=no
+ use_dns_cert=no
+ fi
- if test "$gnupg_cv_func_ldap_get_option" = yes ; then
- AC_DEFINE(HAVE_LDAP_GET_OPTION,1,[Define if the LDAP library has ldap_get_option])
- else
- AC_MSG_CHECKING([whether LDAP supports ld_errno])
+ LIBS=$_dns_save_libs
+fi
- if test "$gnupg_cv_func_ldap_init" = yes ; then
- AC_TRY_COMPILE([#include <ldap.h>],
- [LDAP *ldap; ldap->ld_errno;],
- [gnupg_cv_func_ldap_ld_errno=yes],
- [gnupg_cv_func_ldap_ld_errno=no])
- else
- AC_TRY_LINK([#include <lber.h>
-#include <ldap.h>],[LDAP *ldap; ldap->ld_errno;],
- [gnupg_cv_func_ldap_ld_errno=yes],
- [gnupg_cv_func_ldap_ld_errno=no])
- fi
+AC_SUBST(DNSLIBS)
- AC_MSG_RESULT([$gnupg_cv_func_ldap_ld_errno])
+AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
- if test "$gnupg_cv_func_ldap_ld_errno" = yes ; then
- AC_DEFINE(HAVE_LDAP_LD_ERRNO,1,[Define if the LDAP library supports ld_errno])
- fi
- fi
- fi
-
- LIBS=$_ldap_save_libs
-
- if test "$GPGKEYS_LDAP" != "" ; then break; fi
- done
+#
+# Check for LDAP
+#
+if test "$try_ldap" = yes ; then
+ GNUPG_CHECK_LDAP($NETLIBS)
fi
-AC_SUBST(GPGKEYS_LDAP)
-AC_SUBST(LDAPLIBS)
-
-
+#
# Check for curl. We fake the curl API if libcurl isn't installed.
+#
+LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes])
+AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
-# fixme: need to add this
-#LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes])
-#AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
-AM_CONDITIONAL(FAKE_CURL,1)
-
# Generic, for us, means curl
if test x"$try_generic" = xyes ; then
- AC_SUBST(GPGKEYS_CURL,"gpgkeys_curl$EXEEXT")
+ AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
fi
-dnl This isn't necessarily sendmail itself, but anything that gives a
-dnl sendmail-ish interface to the outside world. That includes qmail,
-dnl postfix, etc. Basically, anything that can handle "sendmail -t".
-
+#
+# Check for sendmail
+#
+# This isn't necessarily sendmail itself, but anything that gives a
+# sendmail-ish interface to the outside world. That includes Exim,
+# Postfix, etc. Basically, anything that can handle "sendmail -t".
if test "$try_mailto" = yes ; then
- AC_ARG_WITH(mailprog,[ --with-mailprog=NAME use "NAME -t" for mail transport],,with_mailprog=yes)
+ AC_ARG_WITH(mailprog,
+ AC_HELP_STRING([--with-mailprog=NAME],
+ [use "NAME -t" for mail transport]),
+ ,with_mailprog=yes)
- if test "$with_mailprog" = yes ; then
+ if test x"$with_mailprog" = xyes ; then
AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
if test "$ac_cv_path_SENDMAIL" ; then
- GPGKEYS_MAILTO="gpgkeys_mailto"
+ GPGKEYS_MAILTO="gpg2keys_mailto"
fi
- elif test "$with_mailprog" != no ; then
+ elif test x"$with_mailprog" != xno ; then
AC_MSG_CHECKING([for a mail transport program])
AC_SUBST(SENDMAIL,$with_mailprog)
AC_MSG_RESULT($with_mailprog)
- GPGKEYS_MAILTO="gpgkeys_mailto"
+ GPGKEYS_MAILTO="gpg2keys_mailto"
fi
fi
AC_SUBST(GPGKEYS_MAILTO)
+#
+# Construct a printable name of the OS
+#
case "${host}" in
*-mingw32*)
PRINTABLE_OS_NAME="MingW32"
@@ -783,6 +859,9 @@
[A human readable text with the name of the OS])
+#
+# Check for gettext
+#
AM_GNU_GETTEXT_VERSION(0.14.1)
if test "$try_gettext" = yes; then
AM_GNU_GETTEXT(,[need-ngettext])
@@ -799,21 +878,50 @@
AC_SUBST(USE_NLS)
AC_SUBST(USE_INCLUDED_LIBINTL)
AC_SUBST(BUILD_INCLUDED_LIBINTL)
+ AM_PO_SUBDIRS
fi
+
+#
+# SELinux support
+#
+if test "$selinux_support" = yes ; then
+ AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support])
+fi
+
+
+#
# Checks for header files.
+#
AC_HEADER_STDC
-AC_CHECK_HEADERS(string.h unistd.h langinfo.h termio.h locale.h)
+AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
+AC_CHECK_HEADERS([pwd.h inttypes.h])
+# Note that we do not check for iconv here because this is done anyway
+# by the gettext checks and thus it allows us to disable the use of
+# iconv by using --disable-nls.
+
+#
# Checks for typedefs, structures, and compiler characteristics.
+#
AC_C_CONST
AC_C_INLINE
+AC_C_VOLATILE
AC_TYPE_SIZE_T
+AC_TYPE_MODE_T
AC_TYPE_SIGNAL
AC_DECL_SYS_SIGLIST
-GNUPG_CHECK_ENDIAN
+AC_ARG_ENABLE(endian-check,
+ AC_HELP_STRING([--disable-endian-check],
+ [disable the endian check and trust the OS provided macros]),
+ endiancheck=$enableval,endiancheck=yes)
+if test x"$endiancheck" = xyes ; then
+ GNUPG_CHECK_ENDIAN
+fi
+
+# fixme: we should get rid of the byte type
GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
@@ -825,109 +933,69 @@
AC_CHECK_SIZEOF(unsigned long)
AC_CHECK_SIZEOF(unsigned long long)
# Ensure that we have UINT64_C before we bother to check for uint64_t
-# fixme: really needed in gnupg? I think it is only useful in libcgrypt.
+# Fixme: really needed in gnupg? I think it is only useful in libcgrypt.
AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([#include <inttypes.h>
-uint64_t foo=UINT64_C(42);]),gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
+ uint64_t foo=UINT64_C(42);]),
+ gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
if test "$gnupg_cv_uint64_c_works" = "yes" ; then
AC_CHECK_SIZEOF(uint64_t)
fi
-
-
-
if test "$ac_cv_sizeof_unsigned_short" = "0" \
|| test "$ac_cv_sizeof_unsigned_int" = "0" \
|| test "$ac_cv_sizeof_unsigned_long" = "0"; then
AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]);
fi
-dnl Do we have any 64-bit data types?
-if test "$ac_cv_sizeof_unsigned_int" != "8" \
- && test "$ac_cv_sizeof_unsigned_long" != "8" \
- && test "$ac_cv_sizeof_unsigned_long_long" != "8" \
- && test "$ac_cv_sizeof_uint64_t" != "8"; then
- AC_MSG_WARN([No 64-bit types. Disabling SHA-384, and SHA-512])
-else
- if test x"$use_sha512" = xyes ; then
- AC_SUBST(SHA512_O,sha512.o)
- AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests])
- fi
-fi
-
+#
# fixme: do we really need this - it should be encapsulated in libassuan
+#
GNUPG_SYS_SO_PEERCRED
+
+#
# Checks for library functions.
+#
+AC_CHECK_DECLS(getpagesize)
AC_FUNC_FSEEKO
AC_FUNC_VPRINTF
AC_FUNC_FORK
-AC_CHECK_FUNCS(strerror stpcpy strsep strlwr tcgetattr strtoul mmap)
-AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times gmtime_r)
-AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime)
-AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale)
-AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo)
-AC_CHECK_FUNCS(fseeko ftello ttyname isascii)
+AC_CHECK_FUNCS([strerror stpcpy strsep strlwr tcgetattr strtoul mmap])
+AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times timegm gmtime_r])
+AC_CHECK_FUNCS([unsetenv getpwnam getpwuid fcntl ftruncate])
+AC_CHECK_FUNCS([memmove gettimeofday getrusage setrlimit clock_gettime])
+AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
+AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo])
+AC_CHECK_FUNCS([ttyname isascii memrchr rand ftello])
AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
+#
# gnulib checks
+#
gl_SOURCE_BASE(gl)
gl_M4_BASE(gl/m4)
gl_MODULES(setenv strsep mkdtemp vasprintf xsize)
gl_INIT
-# These are needed by libjnlib - fixme: we should have macros for them
-AC_CHECK_FUNCS(memicmp stpcpy strlwr strtoul memmove stricmp strtol)
-AC_CHECK_FUNCS(getrusage setrlimit stat setlocale)
-AC_CHECK_FUNCS(flockfile funlockfile fopencookie funopen)
-
#
-# check for gethrtime and run a testprogram to see whether
-# it is broken. It has been reported that some Solaris and HP UX systems
-# raise an SIGILL
+# These are needed by libjnlib - fixme: we should have macros for them
#
-# fixme: Do we need this - iirc, this is only used by libgcrypt.
-#
-AC_CACHE_CHECK([for gethrtime],
- [gnupg_cv_func_gethrtime],
- [AC_TRY_LINK([#include <sys/times.h>],[
- hrtime_t tv;
- tv = gethrtime();
- ],
- [gnupg_cv_func_gethrtime=yes],
- [gnupg_cv_func_gethrtime=no])
- ])
-if test $gnupg_cv_func_gethrtime = yes; then
- AC_DEFINE([HAVE_GETHRTIME], 1,
- [Define if you have the `gethrtime(2)' function.])
- AC_CACHE_CHECK([whether gethrtime is broken],
- [gnupg_cv_func_broken_gethrtime],
- [AC_TRY_RUN([
- #include <sys/times.h>
- int main () {
- hrtime_t tv;
- tv = gethrtime();
- }
- ],
- [gnupg_cv_func_broken_gethrtime=no],
- [gnupg_cv_func_broken_gethrtime=yes],
- [gnupg_cv_func_broken_gethrtime=assume-no])
- ])
- if test $gnupg_cv_func_broken_gethrtime = yes; then
- AC_DEFINE([HAVE_BROKEN_GETHRTIME], 1,
- [Define if `gethrtime(2)' does not work correctly i.e. issues a SIGILL.])
- fi
-fi
-
+AC_CHECK_FUNCS([memicmp stpcpy strlwr strtoul memmove stricmp strtol])
+AC_CHECK_FUNCS([getrusage setrlimit stat setlocale])
+AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen])
+
+
GNUPG_CHECK_MLOCK
+
GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
-dnl
-dnl Check whether we can use Linux capabilities as requested
-dnl
+#
+# Check whether we can use Linux capabilities as requested
+#
# fixme: Still required?
#
if test "$use_capabilities" = "yes" ; then
@@ -956,13 +1024,15 @@
fi
fi
-
+#
# Sanity check regex. Tests adapted from mutt.
-
+# FIXME: We should use the the regex from gnulib
+#
AC_MSG_CHECKING([whether regular expression support is requested])
AC_ARG_ENABLE(regex,
-[ --disable-regex do not handle regular expressions in trust sigs],
- use_regex=$enableval, use_regex=yes)
+ AC_HELP_STRING([--disable-regex],
+ [do not handle regular expressions in trust signatures]),
+ use_regex=$enableval, use_regex=yes)
AC_MSG_RESULT($use_regex)
if test "$use_regex" = yes ; then
@@ -994,14 +1064,16 @@
fi
if test $gnupg_cv_included_regex = yes; then
- AC_DEFINE(USE_GNU_REGEX,1,[ Define if you want to use the included regex lib ])
- AC_SUBST(REGEX_O,regex.o)
+ AC_DEFINE(USE_INTERNAL_REGEX,1,[ Define if you want to use the included regex lib ])
fi
else
-
AC_DEFINE(DISABLE_REGEX,1,[ Define to disable regular expression support ])
fi
+AM_CONDITIONAL(USE_INTERNAL_REGEX, test x"$gnupg_cv_included_regex" = xyes)
+
+
+
#
# Do we have zlib? Must do it here because Solaris failed
# when compiling a conftest (due to the "-lz" from LIBS).
@@ -1058,16 +1130,20 @@
AC_SUBST(ZLIBS)
+# Check for readline support
+GNUPG_CHECK_READLINE
+
# See wether we want to run the long test suite.
AC_ARG_WITH(pkits-tests,
AC_HELP_STRING([--with-pkits-tests],[run the PKITS based tests]),
[run_pkits_tests=$withval], [run_pkits_tests=no])
AM_CONDITIONAL(RUN_PKITS_TESTS, test "$run_pkits_tests" = "yes")
-
+#
# Allow users to append something to the version string without
# flagging it as development version. The user version parts is
# considered everything after a dash.
+#
if test "$development_version" != yes; then
changequote(,)dnl
tmp_pat='[a-zA-Z]'
@@ -1091,16 +1167,36 @@
W32LIBS="-lwsock32"
fi
+AC_SUBST(NETLIBS)
+AC_SUBST(W32LIBS)
+
+#
+# Setup gcc specific options
+#
if test "$GCC" = yes; then
+ # Note that it is okay to use CFLAGS here because this are just
+ # warning options and the user should have a chance of overriding
+ # them.
if test "$USE_MAINTAINER_MODE" = "yes"; then
CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
- CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security"
+ CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security -Wformat-nonliteral"
else
CFLAGS="$CFLAGS -Wall"
fi
+
+ AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wno-pointer-sign"
+ AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_psign=yes,_gcc_psign=no)
+ AC_MSG_RESULT($_gcc_psign)
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_psign" = xyes ; then
+ CFLAGS="$CFLAGS -Wno-pointer-sign"
+ fi
fi
+
#
# This is handy for debugging so the compiler doesn't rearrange
# things and eliminate variables.
@@ -1112,18 +1208,9 @@
CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
fi])
-
-
-
-AC_SUBST(NETLIBS)
-AC_SUBST(W32LIBS)
-
-
-# We use jnlib, so tell other modules about it
-AC_DEFINE(HAVE_JNLIB_LOGGING, 1,
- [Defined if jnlib style logging functions are available])
-
+#
# For W32 we need to use our Pth emulation code
+#
if test "$have_w32_system" = yes; then
AC_CONFIG_LINKS(pth.h:jnlib/w32-pth.h)
fi
@@ -1254,13 +1341,13 @@
sm/Makefile
agent/Makefile
scd/Makefile
+keyserver/Makefile
tools/Makefile
doc/Makefile
tests/Makefile
])
AC_OUTPUT
-#./autogen keyserver/Makefile
#tests/pkits/Makefile
Modified: trunk/doc/gpg-agent.texi
===================================================================
--- trunk/doc/gpg-agent.texi 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/doc/gpg-agent.texi 2006-08-16 10:47:53 UTC (rev 4220)
@@ -430,7 +430,7 @@
hash mark, as well as empty lines are ignored. To mark a key as trusted
you need to enter its fingerprint followed by a space and a capital
letter @code{S}. Colons may optionally be used to separate the bytes of
- a fingerprint; this allows to cut and paste the fingeperint from a key
+ a fingerprint; this allows to cut and paste the fingerprint from a key
listing output.
Here is an example where two keys are marked as ultimately trusted:
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/ChangeLog 2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,21 @@
+2006-08-16 Werner Koch <wk at g10code.com>
+
+ * keyserver.c (GPGKEYS_PREFIX): Rename to gpg2keys_. This is so
+ that we can install helpers from 1.4 and 2 without conflicts and
+ first of all don't get lost with weird bug reports.
+
+ * keyid.c (serialno_and_fpr_from_sk): New. Actually lost during
+ the last 1.4 to 1.9 merge.
+
+ * gpg.c (list_config): Output ccid-reader-id only for gnupg 1.
+
+ * call-agent.c (agent_scd_writekey): New.
+ (inq_writekey_parms): New.
+
+ * gpgv.c: Include call-agent.h for use by stubs.
+
+ * misc.c: Include call-agent.h for use by get_signature_count.
+
2006-07-27 Werner Koch <wk at g10code.com>
* parse-packet.c (parse_comment): Cap comments at 65k.
Modified: trunk/g10/Makefile.am
===================================================================
--- trunk/g10/Makefile.am 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/Makefile.am 2006-08-16 10:47:53 UTC (rev 4220)
@@ -108,7 +108,8 @@
# ks-db.h \
# $(common_source)
-LDADD = $(needed_libs) $(ZLIBS) @LIBINTL@ @CAPLIBS@ @W32LIBS@
+LDADD = $(needed_libs) $(ZLIBS) $(DNSLIBS) $(LIBREADLINE) \
+ $(LIBINTL) $(CAPLIBS) $(W32LIBS)
gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error
gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error
Modified: trunk/g10/call-agent.c
===================================================================
--- trunk/g10/call-agent.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/call-agent.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,5 +1,5 @@
/* call-agent.c - divert operations to the agent
- * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -47,17 +47,26 @@
# define DBG_ASSUAN 1
#endif
-static ASSUAN_CONTEXT agent_ctx = NULL;
+static assuan_context_t agent_ctx = NULL;
static int force_pipe_server = 1; /* FIXME: set this back to 0. */
-struct cipher_parm_s {
- ASSUAN_CONTEXT ctx;
+struct cipher_parm_s
+{
+ assuan_context_t ctx;
const char *ciphertext;
size_t ciphertextlen;
};
-struct genkey_parm_s {
- ASSUAN_CONTEXT ctx;
+struct writekey_parm_s
+{
+ assuan_context_t ctx;
+ const unsigned char *keydata;
+ size_t keydatalen;
+};
+
+struct genkey_parm_s
+{
+ assuan_context_t ctx;
const char *sexp;
size_t sexplen;
};
@@ -672,7 +681,49 @@
return map_assuan_err (rc);
}
+
�
+/* Handle a KEYDATA inquiry. Note, we only send the data,
+ assuan_transact takes care of flushing and writing the end */
+static assuan_error_t
+inq_writekey_parms (void *opaque, const char *keyword)
+{
+ struct writekey_parm_s *parm = opaque;
+
+ return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen);
+}
+
+
+/* Send a WRITEKEY command to the SCdaemon. */
+int
+agent_scd_writekey (int keyno, const char *serialno,
+ const unsigned char *keydata, size_t keydatalen)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ struct writekey_parm_s parms;
+
+ rc = start_agent ();
+ if (rc)
+ return rc;
+
+ memset (&parms, 0, sizeof parms);
+
+ snprintf (line, DIM(line)-1, "SCD WRITEKEY --force OPENPGP.%d", keyno);
+ line[DIM(line)-1] = 0;
+ parms.ctx = agent_ctx;
+ parms.keydata = keydata;
+ parms.keydatalen = keydatalen;
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL,
+ inq_writekey_parms, &parms, NULL, NULL);
+
+ return map_assuan_err (rc);
+}
+
+
+
+�
/* Status callback for the SCD GENKEY command. */
static AssuanError
scd_genkey_cb (void *opaque, const char *line)
@@ -765,7 +816,7 @@
int
agent_scd_pksign (const char *serialno, int hashalgo,
const unsigned char *indata, size_t indatalen,
- char **r_buf, size_t *r_buflen)
+ unsigned char **r_buf, size_t *r_buflen)
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
@@ -822,7 +873,7 @@
int
agent_scd_pkdecrypt (const char *serialno,
const unsigned char *indata, size_t indatalen,
- char **r_buf, size_t *r_buflen)
+ unsigned char **r_buf, size_t *r_buflen)
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
Modified: trunk/g10/call-agent.h
===================================================================
--- trunk/g10/call-agent.h 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/call-agent.h 2006-08-16 10:47:53 UTC (rev 4220)
@@ -82,6 +82,10 @@
const unsigned char *value, size_t valuelen,
const char *serialno);
+/* Send a WRITEKEY command to the SCdaemon. */
+int agent_scd_writekey (int keyno, const char *serialno,
+ const unsigned char *keydata, size_t keydatalen);
+
/* Send a GENKEY command to the SCdaemon. */
int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
const char *serialno);
@@ -89,12 +93,12 @@
/* Send a PKSIGN command to the SCdaemon. */
int agent_scd_pksign (const char *keyid, int hashalgo,
const unsigned char *indata, size_t indatalen,
- char **r_buf, size_t *r_buflen);
+ unsigned char **r_buf, size_t *r_buflen);
/* Send a PKDECRYPT command to the SCdaemon. */
int agent_scd_pkdecrypt (const char *serialno,
const unsigned char *indata, size_t indatalen,
- char **r_buf, size_t *r_buflen);
+ unsigned char **r_buf, size_t *r_buflen);
/* Change the PIN of an OpenPGP card or reset the retry counter. */
int agent_scd_change_pin (int chvno, const char *serialno);
Modified: trunk/g10/gpg.c
===================================================================
--- trunk/g10/gpg.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/gpg.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -1434,7 +1434,9 @@
if(show_all || ascii_strcasecmp(name,"ccid-reader-id")==0)
{
-#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB)
+#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) \
+ && GNUPG_MAJOR_VERSION == 1
+
char *p, *p2, *list = ccid_get_reader_list ();
for (p=list; p && (p2 = strchr (p, '\n')); p = p2+1)
@@ -3871,10 +3873,6 @@
void
g10_exit( int rc )
{
-#ifdef ENABLE_CARD_SUPPORT
- card_close ();
-#endif
-
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
if ( (opt.debug & DBG_MEMSTAT_VALUE) )
{
Modified: trunk/g10/gpgv.c
===================================================================
--- trunk/g10/gpgv.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/gpgv.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -49,6 +49,7 @@
#include "ttyio.h"
#include "i18n.h"
#include "status.h"
+#include "call-agent.h"
enum cmd_and_opt_values { aNull = 0,
Modified: trunk/g10/keydb.h
===================================================================
--- trunk/g10/keydb.h 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/keydb.h 2006-08-16 10:47:53 UTC (rev 4220)
@@ -292,6 +292,8 @@
const char *colon_expirestr_from_sig (PKT_signature *sig);
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
+char *serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
+ PKT_secret_key *sk);
/*-- kbnode.c --*/
KBNODE new_kbnode( PACKET *pkt );
Modified: trunk/g10/keygen.c
===================================================================
--- trunk/g10/keygen.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/keygen.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -2921,6 +2921,7 @@
PKT_secret_key *sk = NULL;
int i;
size_t nskey, npkey;
+ gcry_sexp_t s_parms, s_key;
npkey = pubkey_get_npkey (algo);
nskey = pubkey_get_nskey (algo);
@@ -3613,8 +3614,8 @@
if ( !info.n || !info.e )
{
log_error ("communication error with SCD\n");
- mpi_free (info.n);
- mpi_free (info.e);
+ gcry_mpi_release (info.n);
+ gcry_mpi_release (info.e);
return gpg_error (GPG_ERR_GENERAL);
}
@@ -3672,7 +3673,7 @@
int rc;
const char *s;
PACKET *pkt;
- PKT_secret_key *sk, *sk_unprotected, *sk_protected;
+ PKT_secret_key *sk, *sk_unprotected = NULL, *sk_protected = NULL;
PKT_public_key *pk;
size_t n;
int i;
@@ -3697,7 +3698,7 @@
n = pubkey_get_nskey (sk->pubkey_algo);
for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
{
- mpi_free (sk->skey[i]);
+ gcry_mpi_release (sk->skey[i]);
sk->skey[i] = NULL;
}
i = pubkey_get_npkey (sk->pubkey_algo);
@@ -3733,12 +3734,13 @@
umask (oldmask);
if (!fp)
{
+ rc = gpg_error_from_errno (errno);
log_error (_("can't create backup file `%s': %s\n"),
fname, strerror(errno) );
xfree (fname);
free_secret_key (sk_unprotected);
free_secret_key (sk_protected);
- return G10ERR_OPEN_FILE;
+ return rc;
}
pkt = xcalloc (1, sizeof *pkt);
@@ -3754,7 +3756,7 @@
}
else
{
- byte array[MAX_FINGERPRINT_LEN];
+ unsigned char array[MAX_FINGERPRINT_LEN];
char *fprbuf, *p;
iobuf_close (fp);
@@ -3831,11 +3833,11 @@
assert (!sk->is_protected);
/* Copy the parameters into straight buffers. */
- rsa_n = mpi_get_secure_buffer (sk->skey[0], &rsa_n_len, NULL);
- rsa_e = mpi_get_secure_buffer (sk->skey[1], &rsa_e_len, NULL);
- rsa_p = mpi_get_secure_buffer (sk->skey[3], &rsa_p_len, NULL);
- rsa_q = mpi_get_secure_buffer (sk->skey[4], &rsa_q_len, NULL);
- if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
+ gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_n, &rsa_n_len, sk->skey[0]);
+ gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_e, &rsa_e_len, sk->skey[1]);
+ gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_p, &rsa_p_len, sk->skey[2]);
+ gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_q, &rsa_q_len, sk->skey[3]);
+ if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
{
rc = G10ERR_INV_ARG;
goto leave;
Modified: trunk/g10/keyid.c
===================================================================
--- trunk/g10/keyid.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/keyid.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -812,3 +812,28 @@
*ret_len = len;
return array;
}
+
+
+/* Create a serialno/fpr string from the serial number and the secret
+ key. Caller must free the returned string. There is no error
+ return. */
+char *
+serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
+ PKT_secret_key *sk)
+{
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+ char *buffer, *p;
+ int i;
+
+ fingerprint_from_sk (sk, fpr, &fprlen);
+ buffer = p = xmalloc (snlen*2 + 1 + fprlen*2 + 1);
+ for (i=0; i < snlen; i++, p+=2)
+ sprintf (p, "%02X", sn[i]);
+ *p++ = '/';
+ for (i=0; i < fprlen; i++, p+=2)
+ sprintf (p, "%02X", fpr[i]);
+ *p = 0;
+ return buffer;
+}
+
Modified: trunk/g10/keyserver.c
===================================================================
--- trunk/g10/keyserver.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/keyserver.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -941,7 +941,11 @@
return 0;
}
+#if GNUPG_MAJOR_VERSION == 2
+#define GPGKEYS_PREFIX "gpg2keys_"
+#else
#define GPGKEYS_PREFIX "gpgkeys_"
+#endif
#define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT
#define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL))
#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
Modified: trunk/g10/misc.c
===================================================================
--- trunk/g10/misc.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/misc.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -64,6 +64,7 @@
#include "main.h"
#include "photoid.h"
#include "options.h"
+#include "call-agent.h"
#include "i18n.h"
@@ -490,7 +491,9 @@
}
#endif
-static unsigned long get_signature_count(PKT_secret_key *sk)
+
+static unsigned long
+get_signature_count (PKT_secret_key *sk)
{
#ifdef ENABLE_CARD_SUPPORT
if(sk && sk->is_protected && sk->protect.s2k.mode==1002)
Modified: trunk/g10/pubkey-enc.c
===================================================================
--- trunk/g10/pubkey-enc.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/pubkey-enc.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -37,6 +37,7 @@
#include "main.h"
#include "i18n.h"
#include "pkglue.h"
+#include "call-agent.h"
static int get_it( PKT_pubkey_enc *k,
Modified: trunk/include/ChangeLog
===================================================================
--- trunk/include/ChangeLog 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/include/ChangeLog 2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,8 @@
+2006-08-16 Werner Koch <wk at g10code.com>
+
+ * keyserver.h: Moved to ../common.
+ * http.h: Retired.
+
2006-04-28 Werner Koch <wk at g10code.com>
* cipher.h (DIGEST_ALGO_SHA224): Define it.
Modified: trunk/include/distfiles
===================================================================
--- trunk/include/distfiles 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/include/distfiles 2006-08-16 10:47:53 UTC (rev 4220)
@@ -7,7 +7,6 @@
i18n.h
host2net.h
http.h
-keyserver.h
_regex.h
ChangeLog
Modified: trunk/include/http.h
===================================================================
--- trunk/include/http.h 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/include/http.h 2006-08-16 10:47:53 UTC (rev 4220)
@@ -23,6 +23,9 @@
#ifndef G10_HTTP_H
#define G10_HTTP_H 1
+#error this file should not be used anymore
+
+
#include "../common/iobuf.h"
struct uri_tuple {
Deleted: trunk/include/keyserver.h
Modified: trunk/keyserver/ChangeLog
===================================================================
--- trunk/keyserver/ChangeLog 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/ChangeLog 2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,20 @@
+2006-08-16 Werner Koch <wk at g10code.com>
+
+ * Makefile.am: Renamed all binaries to gpg2keys_*.
+ (gpg2keys_ldap_CPPFLAGS): Add AM_CPPFLAGS.
+
+2006-08-15 Werner Koch <wk at g10code.com>
+
+ * Makefile.am: Adjusted to the gnupg2 framework.
+
+2006-08-14 Werner Koch <wk at g10code.com>
+
+ * curl-shil.c, curl-shim.h: Changed to make use of the new http.c
+ API.
+
+ * curl-shim.c (curl_easy_perform): Add missing http_close to the
+ POST case.
+
2006-07-24 David Shaw <dshaw at jabberwocky.com> (wk)
* curl-shim.c (curl_easy_perform): Minor cleanup of proxy code.
Modified: trunk/keyserver/Makefile.am
===================================================================
--- trunk/keyserver/Makefile.am 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/Makefile.am 2006-08-16 10:47:53 UTC (rev 4220)
@@ -18,36 +18,47 @@
## Process this file with automake to produce Makefile.in
-INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
-EXTRA_PROGRAMS = gpgkeys_ldap gpgkeys_hkp gpgkeys_finger gpgkeys_curl
-EXTRA_SCRIPTS = gpgkeys_mailto
+EXTRA_PROGRAMS = gpg2keys_ldap gpg2keys_hkp gpg2keys_finger gpg2keys_curl
+EXTRA_SCRIPTS = gpg2keys_mailto
-gpglibexecdir = $(libexecdir)/@PACKAGE@
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
-gpglibexec_PROGRAMS = @GPGKEYS_LDAP@ @GPGKEYS_HKP@ @GPGKEYS_FINGER@ @GPGKEYS_CURL@
-gpglibexec_SCRIPTS = @GPGKEYS_MAILTO@
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS)
+
+include $(top_srcdir)/am/cmacros.am
+
+libexec_PROGRAMS = $(GPGKEYS_LDAP) $(GPGKEYS_HKP) $(GPGKEYS_FINGER) \
+ $(GPGKEYS_CURL)
+libexec_SCRIPTS = $(GPGKEYS_MAILTO)
noinst_SCRIPTS = gpgkeys_test
-gpgkeys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h
-gpgkeys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h
-gpgkeys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h
-gpgkeys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h
-
+needed_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
-gpgkeys_ldap_CPPFLAGS = @LDAP_CPPFLAGS@
-gpgkeys_ldap_LDADD = ../util/libutil.a @LDAPLIBS@ @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
+gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h
+gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h
+gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h
+gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h
-gpgkeys_finger_LDADD = ../util/libutil.a @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
+gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_ldap_LDADD = $(needed_libs) $(LDAPLIBS) $(NETLIBS) \
+ $(other_libs) $(W32LIBS)
+
+gpg2keys_finger_LDADD = $(needed_libs) $(LIBGCRYPT_LIBS) \
+ $(NETLIBS) $(other_libs) $(W32LIBS)
+
if FAKE_CURL
-gpgkeys_curl_SOURCES += curl-shim.c curl-shim.h
-gpgkeys_curl_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
-gpgkeys_hkp_SOURCES += curl-shim.c curl-shim.h
-gpgkeys_hkp_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
+gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h
+gpg2keys_curl_LDADD = $(needed_libs) $(NETLIBS) $(DNSLIBS) \
+ $(other_libs) $(W32LIBS)
+gpg2keys_hkp_SOURCES += curl-shim.c curl-shim.h
+gpg2keys_hkp_LDADD = $(needed_libs) $(NETLIBS) $(DNSLIBS) \
+ $(other_libs) $(W32LIBS)
else
-gpgkeys_curl_CPPFLAGS = @LIBCURL_CPPFLAGS@
-gpgkeys_curl_LDADD = @LIBCURL@ @GETOPT@
-gpgkeys_hkp_CPPFLAGS = @LIBCURL_CPPFLAGS@
-gpgkeys_hkp_LDADD = @LIBCURL@ @GETOPT@
+gpg2keys_curl_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_curl_LDADD = $(LIBCURL) $(GETOPT)
+gpg2keys_hkp_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_hkp_LDADD = $(LIBCURL) $(GETOPT)
endif
+
Modified: trunk/keyserver/curl-shim.c
===================================================================
--- trunk/keyserver/curl-shim.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/curl-shim.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -27,6 +27,7 @@
#include <string.h>
#include <stdio.h>
#include <errno.h>
+
#include "http.h"
#include "util.h"
#include "ksutil.h"
@@ -100,7 +101,11 @@
void
curl_easy_cleanup(CURL *curl)
{
- free(curl);
+ if (curl)
+ {
+ http_close (curl->hd);
+ free(curl);
+ }
}
CURLcode
@@ -177,42 +182,46 @@
if(curl->flags.post)
{
- rc=http_open(&curl->hd,HTTP_REQ_POST,curl->url,curl->auth,0,proxy);
- if(rc==0)
+ rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth,
+ 0, proxy, NULL);
+ if (!rc)
{
- char content_len[50];
- unsigned int post_len=strlen(curl->postfields);
+ unsigned int post_len = strlen(curl->postfields);
- iobuf_writestr(curl->hd.fp_write,
- "Content-Type: application/x-www-form-urlencoded\r\n");
- sprintf(content_len,"Content-Length: %u\r\n",post_len);
+ es_fprintf (http_get_write_ptr (curl->hd),
+ "Content-Type: application/x-www-form-urlencoded\r\n"
+ "Content-Length: %u\r\n", post_len);
+ http_start_data (curl->hd);
+ es_write (http_get_write_ptr (curl->hd),
+ curl->postfields, post_len, NULL);
- iobuf_writestr(curl->hd.fp_write,content_len);
-
- http_start_data(&curl->hd);
- iobuf_write(curl->hd.fp_write,curl->postfields,post_len);
- rc=http_wait_response(&curl->hd,&curl->status);
- if(rc==0 && curl->flags.failonerror && curl->status>=300)
- err=CURLE_HTTP_RETURNED_ERROR;
+ rc = http_wait_response (curl->hd);
+ curl->status = http_get_status_code (curl->hd);
+ if (!rc && curl->flags.failonerror && curl->status>=300)
+ err = CURLE_HTTP_RETURNED_ERROR;
+ http_close(curl->hd);
+ curl->hd = NULL;
}
}
else
{
- rc=http_open(&curl->hd,HTTP_REQ_GET,curl->url,curl->auth,0,proxy);
- if(rc==0)
+ rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth,
+ 0, proxy, NULL);
+ if (!rc)
{
- rc=http_wait_response(&curl->hd,&curl->status);
- if(rc==0)
+ rc = http_wait_response (curl->hd);
+ curl->status = http_get_status_code (curl->hd);
+ if (!rc)
{
- if(curl->flags.failonerror && curl->status>=300)
- err=CURLE_HTTP_RETURNED_ERROR;
+ if (curl->flags.failonerror && curl->status>=300)
+ err = CURLE_HTTP_RETURNED_ERROR;
else
{
- unsigned int maxlen=1024,buflen,len;
- byte *line=NULL;
+ unsigned int maxlen = 1024, buflen, len;
+ unsigned char *line = NULL;
- while((len=iobuf_read_line(curl->hd.fp_read,
- &line,&buflen,&maxlen)))
+ while ((len = es_read_line (http_get_read_ptr (curl->hd),
+ &line, &buflen, &maxlen)))
{
size_t ret;
@@ -226,12 +235,16 @@
}
}
- xfree(line);
- http_close(&curl->hd);
+ es_free (line);
+ http_close(curl->hd);
+ curl->hd = NULL;
}
}
else
- http_close(&curl->hd);
+ {
+ http_close (curl->hd);
+ curl->hd = NULL;
+ }
}
}
Modified: trunk/keyserver/curl-shim.h
===================================================================
--- trunk/keyserver/curl-shim.h 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/curl-shim.h 2006-08-16 10:47:53 UTC (rev 4220)
@@ -73,7 +73,7 @@
unsigned int failonerror:1;
unsigned int verbose:1;
} flags;
- struct http_context hd;
+ http_t hd;
} CURL;
#define CURL_ERROR_SIZE 256
Modified: trunk/keyserver/gpgkeys_finger.c
===================================================================
--- trunk/keyserver/gpgkeys_finger.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/gpgkeys_finger.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -46,6 +46,7 @@
#include "util.h"
#include "keyserver.h"
#include "ksutil.h"
+#include "iobuf.h"
#ifdef _WIN32
#define sock_close(a) closesocket(a)
@@ -289,7 +290,7 @@
{
int rc;
int sock;
- IOBUF fp_read;
+ iobuf_t fp_read;
unsigned int maxlen, buflen, gotit=0;
byte *line = NULL;
Modified: trunk/m4/Makefile.am
===================================================================
--- trunk/m4/Makefile.am 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/m4/Makefile.am 2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,6 +1,6 @@
EXTRA_DIST = intmax.m4 longdouble.m4 longlong.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4 codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4
-EXTRA_DIST += ldap.m4
+EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4
EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4
Modified: trunk/m4/ldap.m4
===================================================================
--- trunk/m4/ldap.m4 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/m4/ldap.m4 2006-08-16 10:47:53 UTC (rev 4220)
@@ -65,7 +65,7 @@
if test "$gnupg_cv_func_ldap_init" = yes || \
test "$gnupg_cv_func_ldaplber_init" = yes ; then
LDAPLIBS="$LDAP_LDFLAGS $MY_LDAPLIBS"
- GPGKEYS_LDAP="gpgkeys_ldap$EXEEXT"
+ GPGKEYS_LDAP="gpg2keys_ldap$EXEEXT"
AC_CHECK_FUNCS(ldap_get_option ldap_set_option ldap_start_tls_s)
Modified: trunk/sm/certreqgen.c
===================================================================
--- trunk/sm/certreqgen.c 2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/sm/certreqgen.c 2006-08-16 10:47:53 UTC (rev 4220)
@@ -467,7 +467,7 @@
return gpg_error (GPG_ERR_INV_PARAMETER);
}
- /* check the keylength */
+ /* Check the keylength. */
if (!get_parameter (para, pKEYLENGTH, 0))
nbits = 1024;
else
@@ -481,7 +481,7 @@
return gpg_error (GPG_ERR_INV_PARAMETER);
}
- /* check the usage */
+ /* Check the usage. */
if (parse_parameter_usage (para, pKEYUSAGE))
return gpg_error (GPG_ERR_INV_PARAMETER);
@@ -493,7 +493,6 @@
log_error (_("line %d: no subject name given\n"), r->lnr);
return gpg_error (GPG_ERR_INV_PARAMETER);
}
-#if HAVE_KSBA_DN_TESTSTR
err = ksba_dn_teststr (s, 0, &erroff, &errlen);
if (err)
{
@@ -507,7 +506,6 @@
return gpg_error (GPG_ERR_INV_PARAMETER);
}
-#endif /*HAVE_KSBA_DN_TESTSTR*/
/* Check that the optional email address is okay. */
for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
More information about the Gnupg-commits
mailing list