[svn] GnuPG - r5482 - in branches/STABLE-BRANCH-2-0: . agent doc
svn author wk
cvs at cvs.gnupg.org
Thu Nov 11 16:08:50 CET 2010
Author: wk
Date: 2010-11-11 16:08:48 +0100 (Thu, 11 Nov 2010)
New Revision: 5482
Modified:
branches/STABLE-BRANCH-2-0/NEWS
branches/STABLE-BRANCH-2-0/agent/ChangeLog
branches/STABLE-BRANCH-2-0/agent/agent.h
branches/STABLE-BRANCH-2-0/agent/call-scd.c
branches/STABLE-BRANCH-2-0/agent/findkey.c
branches/STABLE-BRANCH-2-0/agent/gpg-agent.c
branches/STABLE-BRANCH-2-0/doc/gpg.texi
Log:
Fix a bug where scdaemon kills a non-daemon gpg-agent.
Fix a passphrase cache annoyance.
Modified: branches/STABLE-BRANCH-2-0/agent/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-2-0/agent/ChangeLog 2010-11-11 15:07:37 UTC (rev 5481)
+++ branches/STABLE-BRANCH-2-0/agent/ChangeLog 2010-11-11 15:08:48 UTC (rev 5482)
@@ -1,3 +1,14 @@
+2010-11-11 Werner Koch <wk at g10code.com>
+
+ * agent.h (opt): Add field SIGUSR2_ENABLED.
+ * gpg-agent.c (handle_connections): Set that flag.
+ * call-scd.c (start_scd): Enable events depending on this flag.
+
+2010-09-30 Werner Koch <wk at g10code.com>
+
+ * findkey.c (unprotect): Do not put the passphrase into the cache
+ if it has been changed.
+
2010-09-24 Werner Koch <wk at g10code.com>
* gpg-agent.c (main, reread_configuration): Always test whether
@@ -2551,7 +2562,7 @@
Copyright 2001, 2002, 2003, 2004, 2005,
- 2007, 2008, 2009 Free Software Foundation, Inc.
+ 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
Modified: branches/STABLE-BRANCH-2-0/NEWS
===================================================================
--- branches/STABLE-BRANCH-2-0/NEWS 2010-11-11 15:07:37 UTC (rev 5481)
+++ branches/STABLE-BRANCH-2-0/NEWS 2010-11-11 15:08:48 UTC (rev 5482)
@@ -7,7 +7,10 @@
* Allow more hash algorithms with the OpenPGP v2 card.
+ * Fixed a bug where Scdaemon sends a signal to Gpg-agent running in
+ non-daemon mode.
+
Noteworthy changes in version 2.0.16 (2010-07-19)
-------------------------------------------------
Modified: branches/STABLE-BRANCH-2-0/agent/agent.h
===================================================================
--- branches/STABLE-BRANCH-2-0/agent/agent.h 2010-11-11 15:07:37 UTC (rev 5481)
+++ branches/STABLE-BRANCH-2-0/agent/agent.h 2010-11-11 15:08:48 UTC (rev 5482)
@@ -64,6 +64,9 @@
/* True if we are listening on the standard socket. */
int use_standard_socket;
+ /* True if we handle sigusr2. */
+ int sigusr2_enabled;
+
const char *pinentry_program; /* Filename of the program to start as
pinentry. */
const char *scdaemon_program; /* Filename of the program to handle
Modified: branches/STABLE-BRANCH-2-0/agent/call-scd.c
===================================================================
--- branches/STABLE-BRANCH-2-0/agent/call-scd.c 2010-11-11 15:07:37 UTC (rev 5481)
+++ branches/STABLE-BRANCH-2-0/agent/call-scd.c 2010-11-11 15:08:48 UTC (rev 5482)
@@ -408,17 +408,18 @@
}
/* Tell the scdaemon we want him to send us an event signal. */
- {
- char buf[100];
-
+ if (opt.sigusr2_enabled)
+ {
+ char buf[100];
+
#ifdef HAVE_W32_SYSTEM
- snprintf (buf, sizeof buf, "OPTION event-signal=%lx",
- (unsigned long)get_agent_scd_notify_event ());
+ snprintf (buf, sizeof buf, "OPTION event-signal=%lx",
+ (unsigned long)get_agent_scd_notify_event ());
#else
- snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2);
+ snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2);
#endif
- assuan_transact (ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL);
- }
+ assuan_transact (ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL);
+ }
primary_scd_ctx = ctx;
primary_scd_ctx_reusable = 0;
Modified: branches/STABLE-BRANCH-2-0/agent/findkey.c
===================================================================
--- branches/STABLE-BRANCH-2-0/agent/findkey.c 2010-11-11 15:07:37 UTC (rev 5481)
+++ branches/STABLE-BRANCH-2-0/agent/findkey.c 2010-11-11 15:08:48 UTC (rev 5482)
@@ -407,8 +407,9 @@
return rc;
}
}
- agent_put_cache (hexgrip, cache_mode, pi->pin,
- lookup_ttl? lookup_ttl (hexgrip) : 0);
+ else
+ agent_put_cache (hexgrip, cache_mode, pi->pin,
+ lookup_ttl? lookup_ttl (hexgrip) : 0);
xfree (*keybuf);
*keybuf = arg.unprotected_key;
}
Modified: branches/STABLE-BRANCH-2-0/agent/gpg-agent.c
===================================================================
--- branches/STABLE-BRANCH-2-0/agent/gpg-agent.c 2010-11-11 15:07:37 UTC (rev 5481)
+++ branches/STABLE-BRANCH-2-0/agent/gpg-agent.c 2010-11-11 15:08:48 UTC (rev 5482)
@@ -1892,6 +1892,10 @@
#endif
time_ev = NULL;
+ /* Set a flag to tell call-scd.c that it may enable event
+ notifications. */
+ opt.sigusr2_enabled = 1;
+
FD_ZERO (&fdset);
FD_SET (FD2INT (listen_fd), &fdset);
nfd = FD2INT (listen_fd);
Modified: branches/STABLE-BRANCH-2-0/doc/gpg.texi
===================================================================
--- branches/STABLE-BRANCH-2-0/doc/gpg.texi 2010-11-11 15:07:37 UTC (rev 5481)
+++ branches/STABLE-BRANCH-2-0/doc/gpg.texi 2010-11-11 15:08:48 UTC (rev 5482)
@@ -1,5 +1,5 @@
@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- at c 2008, 2009 Free Software Foundation, Inc.
+ at c 2008, 2009, 2010 Free Software Foundation, Inc.
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@@ -415,8 +415,10 @@
command has the special property to render the secret part of the
primary key useless; this is a GNU extension to OpenPGP and other
implementations can not be expected to successfully import such a key.
+ at ifclear gpgtwoone
See the option @option{--simple-sk-checksum} if you want to import such
an exported key with an older OpenPGP implementation.
+ at end ifclear
@item --import
@itemx --fast-import
@@ -527,12 +529,13 @@
With the second form (or a deprecated "*" as algo) digests for all
available algorithms are printed.
- at item --gen-random @code{0|1|2}
+ at item --gen-random @code{0|1|2} @code{count}
@opindex gen-random
-Emit @var{count} random bytes of the given quality level. If count is
-not given or zero, an endless sequence of random bytes will be emitted.
-PLEASE, don't use this command unless you know what you are doing; it
-may remove precious entropy from the system!
+Emit @var{count} random bytes of the given quality level 0, 1 or 2. If
+ at var{count} is not given or zero, an endless sequence of random bytes
+will be emitted. If used with @option{--armor} the output will be
+base64 encoded. PLEASE, don't use this command unless you know what
+you are doing; it may remove precious entropy from the system!
@item --gen-prime @code{mode} @code{bits}
@opindex gen-prime
@@ -1044,7 +1047,7 @@
@option{--check-sigs} listings. Defaults to no.
@item show-uid-validity
-Display the calculated validity of user IDs during public key listings.
+Display the calculated validity of user IDs during key listings.
Defaults to no.
@item show-unusable-uids
@@ -1549,6 +1552,7 @@
@item --max-cert-depth @code{n}
Maximum depth of a certification chain (default is 5).
+ at ifclear gpgtwoone
@item --simple-sk-checksum
Secret keys are integrity protected by using a SHA-1 checksum. This
method is part of the upcoming enhanced OpenPGP specification but
@@ -1559,6 +1563,7 @@
the secret key is encrypted - the simplest way to make this happen is
to change the passphrase on the key (even changing it to the same
value is acceptable).
+ at end ifclear
@item --no-sig-cache
Do not cache the verification status of key signatures.
@@ -1883,11 +1888,17 @@
Include designated revoker information that was marked as
"sensitive". Defaults to no.
+ at c Since GnuPG 2.1 gpg-agent manages the secret key and thus the
+ at c export-reset-subkey-passwd hack is not anymore justified. Such use
+ at c cases need to be implemented using a specialized secret key export
+ at c tool.
+ at ifclear gpgtwoone
@item export-reset-subkey-passwd
When using the @option{--export-secret-subkeys} command, this option resets
the passphrases for all exported subkeys to empty. This is useful
when the exported subkey is to be used on an unattended machine where
a passphrase doesn't necessarily make sense. Defaults to no.
+ at end ifclear
@item export-clean
Compact (remove all signatures from) user IDs on the key being
@@ -1963,10 +1974,11 @@
OpenPGP states that an implementation should generate v4 signatures
but PGP versions 5 through 7 only recognize v4 signatures on key
material. This option forces v3 signatures for signatures on data.
-Note that this option implies @option{--ask-sig-expire},
+Note that this option implies @option{--no-ask-sig-expire}, and unsets
@option{--sig-policy-url}, @option{--sig-notation}, and
@option{--sig-keyserver-url}, as these features cannot be used with v3
signatures. @option{--no-force-v3-sigs} disables this option.
+Defaults to no.
@item --force-v4-certs
@itemx --no-force-v4-certs
@@ -2196,6 +2208,13 @@
Note that this option is only available on some system.
@end ifset
+ at item --faked-system-time @var{epoch}
+ at opindex faked-system-time
+This option is only useful for testing; it sets the system time back or
+forth to @var{epoch} which is the number of seconds elapsed since the year
+1970. Alternatively @var{epoch} may be given as a full ISO time string
+(e.g. "20070924T154812").
+
@item --enable-progress-filter
Enable certain PROGRESS status outputs. This option allows frontends
to display a progress indicator while gpg is processing larger files.
@@ -2533,10 +2552,7 @@
When making a data signature, prompt for an expiration time. If this
option is not specified, the expiration time set via
@option{--default-sig-expire} is used. @option{--no-ask-sig-expire}
-disables this option. Note that by default, @option{--force-v3-sigs} is
-set which also disables this option. If you want signature expiration,
-you must set @option{--no-force-v3-sigs} as well as turning
- at option{--ask-sig-expire} on.
+disables this option.
@item --default-sig-expire
The default expiration time to use for signature expiration. Valid
More information about the Gnupg-commits
mailing list