From cvs at cvs.gnupg.org Fri Oct 1 22:34:00 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 01 Oct 2010 22:34:00 +0200 Subject: [svn] GnuPG - r5433 - in trunk: . agent common dirmngr doc g10 scd sm Message-ID: Author: wk Date: 2010-10-01 22:33:53 +0200 (Fri, 01 Oct 2010) New Revision: 5433 Modified: trunk/NEWS trunk/README.maint trunk/agent/ChangeLog trunk/agent/agent.h trunk/agent/call-pinentry.c trunk/agent/command-ssh.c trunk/agent/command.c trunk/agent/cvt-openpgp.c trunk/agent/cvt-openpgp.h trunk/agent/divert-scd.c trunk/agent/findkey.c trunk/agent/genkey.c trunk/agent/gpg-agent.c trunk/agent/keyformat.txt trunk/agent/pkdecrypt.c trunk/agent/pksign.c trunk/agent/protect.c trunk/agent/t-protect.c trunk/common/ChangeLog trunk/common/http.c trunk/common/logging.c trunk/common/sexp-parse.h trunk/common/status.c trunk/common/util.h trunk/configure.ac trunk/dirmngr/ChangeLog trunk/dirmngr/validate.c trunk/doc/ChangeLog trunk/doc/DETAILS trunk/doc/Makefile.am trunk/doc/debugging.texi trunk/doc/gpg-agent.texi trunk/doc/gpg.texi trunk/doc/gpgsm.texi trunk/g10/ChangeLog trunk/g10/build-packet.c trunk/g10/call-agent.c trunk/g10/call-agent.h trunk/g10/card-util.c trunk/g10/compress.c trunk/g10/decrypt-data.c trunk/g10/decrypt.c trunk/g10/encrypt.c trunk/g10/export.c trunk/g10/free-packet.c trunk/g10/getkey.c trunk/g10/gpg.c trunk/g10/gpgv.c trunk/g10/import.c trunk/g10/keydb.h trunk/g10/keyedit.c trunk/g10/keygen.c trunk/g10/keyid.c trunk/g10/keylist.c trunk/g10/keyserver-internal.h trunk/g10/keyserver.c trunk/g10/main.h trunk/g10/mainproc.c trunk/g10/options.h trunk/g10/packet.h trunk/g10/parse-packet.c trunk/g10/photoid.c trunk/g10/pkclist.c trunk/g10/server.c trunk/g10/sign.c trunk/g10/verify.c trunk/scd/ccid-driver.c trunk/sm/ChangeLog trunk/sm/call-agent.c trunk/sm/certchain.c trunk/sm/gpgsm.c trunk/sm/import.c Log: Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates. [The diff below has been truncated] Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/ChangeLog 2010-10-01 20:33:53 UTC (rev 5433) @@ -1,3 +1,47 @@ +2010-09-30 Werner Koch + + * gpg-agent.c (agent_exit): Run cleanup. + (cleanup): Run only once. + + * call-pinentry.c (close_button_status_cb): New. + (agent_askpin): Add arg R_CANCEL_ALL. Change all callers. + * genkey.c (agent_ask_new_passphrase): Ditto. + * findkey.c (unprotect): Return GPG_ERR_FULLY_CANCELED if needed. + + * command.c (cmd_export_key): Add support for OpenPGP keys. + * findkey.c (unprotect): Add optional arg R_PASSPHRASE. + (agent_key_from_file): Ditto. Change all callers. + + * findkey.c (unprotect): Do not put the passphrase into the cache + if it has been changed. + + * cvt-openpgp.c (convert_to_openpgp, apply_protection) + (key_from_sexp): New. + +2010-09-29 Werner Koch + + * cvt-openpgp.c (convert_openpgp): Rename to convert_from_openpgp. + + * command.c (has_option): Stop at "--". + (has_option_name, option_value): Ditto. + (skip_options): Skip initial spaces. + +2010-09-24 Werner Koch + + * gpg-agent.c (main, reread_configuration): Always test whether + the default configuration file has been created in the meantime. + Fixes bug#1285. + +2010-09-17 Werner Koch + + * command.c (cmd_havekey): Allow testing of several keygrips. + +2010-09-15 Werner Koch + + * protect.c (calculate_mic): Take care of shared secret format. + + * agent.h (PROTECTED_SHARED_SECRET): New. + 2010-09-02 Werner Koch * cache.c (new_data): Change arg and callers to use a string and Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/common/ChangeLog 2010-10-01 20:33:53 UTC (rev 5433) @@ -1,3 +1,17 @@ +2010-09-30 Werner Koch + + * util.h (GPG_ERR_FULLY_CANCELED): Add replacement. + +2010-09-17 Werner Koch + + * http.c (INADDR_NONE): Provide fallback. + * logging.c (INADDR_NONE): Ditto. + +2010-09-16 Werner Koch + + * util.h: Add GPG_ERR_MISSING_ISSUER_CERT. + * status.c (get_inv_recpsgnr_code): Ditto. + 2010-09-13 Werner Koch * homedir.c (gnupg_bindir) [W32CE]: Change to bin/. Modified: trunk/dirmngr/ChangeLog =================================================================== --- trunk/dirmngr/ChangeLog 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/dirmngr/ChangeLog 2010-10-01 20:33:53 UTC (rev 5433) @@ -1,3 +1,7 @@ +2010-09-16 Werner Koch + + * validate.c (validate_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. + 2010-08-13 Werner Koch * Makefile.am (dirmngr_SOURCES): Add w32-ldap-help.h. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/doc/ChangeLog 2010-10-01 20:33:53 UTC (rev 5433) @@ -1,3 +1,7 @@ +2010-09-28 Werner Koch + + * Makefile.am (AM_MAKEINFOFLAGS): Add define gpgtwoone. + 2010-09-28 David Shaw * gpg.texi (OpenPGP Options): Clarify that --force-v3-sigs Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/g10/ChangeLog 2010-10-01 20:33:53 UTC (rev 5433) @@ -1,3 +1,67 @@ +2010-10-01 Werner Koch + + * export.c (do_export_stream): Rewrite to take the secret keys + from the agent. + (canon_pubkey_algo, transfer_format_to_openpgp): New. + +2010-09-29 Werner Koch + + * keygen.c (key_from_sexp): Fix memory leak in the error case. + + * call-agent.c (agent_export_key): New. + +2010-09-29 Werner Koch + + * build-packet.c (build_packet): Fix up the pkttype. + + * keyid.c (keystr_with_sub): Make SUB_KID optional. + (keystr_from_pk_with_sub): Ditto. + + * call-agent.c (agent_scd_pksign): Add missing space. + + * mainproc.c (struct mainproc_context): Add field CTRL. + (proc_packets): Add arg CTRL. Change all callers. + (proc_signature_packets, proc_signature_packets_by_fd) + (proc_encryption_packets): Add arg CTRL. Change all callers. + * compress.c (handle_compressed): Ditto. + * getkey.c (get_pubkey_byname): Ditto. + * keyserver.c (keyserver_spawn, keyserver_work): Ditto. + (show_prompt, keyserver_export, keyserver_import) + (keyserver_import_fprint, keyserver_import_keyid) + (keyserver_refresh, keyserver_search, keyserver_fetch) + (keyserver_import_name, keyserver_search_prompt) + (keyserver_import_pka, keyserver_import_cert): Ditto. + callers. + * verify.c (verify_signatures, verify_files): Ditto. + * sign.c (sign_file): Ditto. + * encrypt.c (encrypt_crypt, encrypt_crypt_files): Ditto. + * pkclist.c (find_and_check_key, build_pk_list): Ditto. + * keylist.c (locate_one, public_key_list, secret_key_list): Ditto. + * card-util.c (fetch_url, card_edit): Ditto. + * import.c (check_prefs, import_one, revocation_present): Ditto. + * keyedit.c (menu_addrevoker, keyedit_menu): Ditto. + * decrypt-data.c (decrypt_data): Ditto. + * decrypt.c (decrypt_message, decrypt_messages) + (decrypt_message_fd): Ditto. + * gpgv.c (main): Add CTRL structure. + +2010-09-28 Werner Koch + + * options.h (struct opt): Remove SIMPLE_SK_CHECKSUM. + + * export.c (parse_export_options): Remove option + export-resert-subkey-passwd. + (do_export_stream, do_export, export_pubkeys) + (export_pubkeys_stream, export_seckeys, export_secsubkeys): Add + arg CTRL. Change all callers. + + * call-agent.c (hash_algo_option): New. + (agent_scd_pksign): Use it. + +2010-09-17 Werner Koch + + * call-agent.c (agent_probe_any_secret_key): New. + 2010-09-28 David Shaw * options.skel: Make the example for force-v3-sigs match Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/sm/ChangeLog 2010-10-01 20:33:53 UTC (rev 5433) @@ -1,3 +1,13 @@ +2010-09-16 Werner Koch + + * certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. + (do_validate_chain): Ditto. + (gpgsm_basic_cert_check): Ditto. + * call-agent.c (learn_cb): Take care of new + GPG_ERR_MISSING_ISSUER_CERT. + * import.c (check_and_store): Ditto. + (check_and_store): Ditto. + 2010-08-16 Werner Koch * gpgsm.c (main) : Use es_printf. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/NEWS 2010-10-01 20:33:53 UTC (rev 5433) @@ -30,8 +30,8 @@ by default. * Dirmngr is now a part of this package. Dirmngr is now also - expected to run as a system service and the configuraion - directories are changed to the gnupg name space. + expected to run as a system service and the configuration + directories are changed to the GnuPG name space. * Given sufficient permissions Dirmngr is started automagically. @@ -43,7 +43,11 @@ * The OpenPGP import command is now able to merge secret keys. + * Removed options: + --export-options: export-secret-subkey-passwd + --simple-sk-checksum + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: trunk/README.maint =================================================================== --- trunk/README.maint 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/README.maint 2010-10-01 20:33:53 UTC (rev 5433) @@ -23,6 +23,7 @@ (Mainly config.guess and config.sub). * [1.4 only] Update gpg.texi and gpgv.texi from the trunk: make -C doc update-source-from-gnupg-2 + * [1.4 and 2.0] Copy needed texinfo files from trunk. * Run "make -C po update-po". * Write NEWS entries and set the release date in NEWS. * In configure.ac set "my_issvn" to "no". Modified: trunk/agent/agent.h =================================================================== --- trunk/agent/agent.h 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/agent.h 2010-10-01 20:33:53 UTC (rev 5433) @@ -182,7 +182,8 @@ PRIVATE_KEY_UNKNOWN = 0, PRIVATE_KEY_CLEAR = 1, PRIVATE_KEY_PROTECTED = 2, - PRIVATE_KEY_SHADOWED = 3 + PRIVATE_KEY_SHADOWED = 3, + PROTECTED_SHARED_SECRET = 4 }; @@ -233,7 +234,8 @@ unsigned char **shadow_info, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, - gcry_sexp_t *result); + gcry_sexp_t *result, + char **r_passphrase); gpg_error_t agent_public_key_from_file (ctrl_t ctrl, const unsigned char *grip, gcry_sexp_t *result); @@ -251,7 +253,7 @@ int agent_askpin (ctrl_t ctrl, const char *desc_text, const char *prompt_text, const char *inital_errtext, - struct pin_entry_info_s *pininfo); + struct pin_entry_info_s *pininfo, int *r_cancelall); int agent_get_passphrase (ctrl_t ctrl, char **retpass, const char *desc, const char *prompt, const char *errtext, int with_qualitybar); @@ -289,7 +291,7 @@ /*-- genkey.c --*/ int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent); gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, - char **r_passphrase); + char **r_passphrase, int *r_cancelall); int agent_genkey (ctrl_t ctrl, const char *cache_nonce, const char *keyparam, size_t keyparmlen, membuf_t *outbuf); int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); Modified: trunk/agent/call-pinentry.c =================================================================== --- trunk/agent/call-pinentry.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/call-pinentry.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -696,6 +696,29 @@ } +/* Check the button_info line for a close action. */ +static gpg_error_t +close_button_status_cb (void *opaque, const char *line) +{ + int *flag = opaque; + const char *keyword = line; + int keywordlen; + + for (keywordlen=0; *line && !spacep (line); line++, keywordlen++) + ; + while (spacep (line)) + line++; + if (keywordlen == 11 && !memcmp (keyword, "BUTTON_INFO", keywordlen)) + { + if ( !strcmp (line, "close") ) + *flag = 1; + } + + return 0; +} + + + /* Call the Entry and ask for the PIN. We do check for a valid PIN number here and repeat it as long as we have invalid formed @@ -704,7 +727,7 @@ agent_askpin (ctrl_t ctrl, const char *desc_text, const char *prompt_text, const char *initial_errtext, - struct pin_entry_info_s *pininfo) + struct pin_entry_info_s *pininfo, int *r_cancel_all) { int rc; char line[ASSUAN_LINELENGTH]; @@ -712,6 +735,10 @@ const char *errtext = NULL; int is_pin = 0; int saveflag; + int close_button; + + if (r_cancel_all) + *r_cancel_all = 0; if (opt.batch) return 0; /* fixme: we should return BAD PIN */ @@ -791,8 +818,10 @@ saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); + close_button = 0; rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, - inq_quality, entry_ctx, NULL, NULL); + inq_quality, entry_ctx, + close_button_status_cb, &close_button); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code for canceled which gets translated to an assuan Cancel error and @@ -801,6 +830,11 @@ && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); + /* Set a flag in case the window close button was clicked to + cancel the operation. */ + if (close_button && r_cancel_all && gpg_err_code (rc) == GPG_ERR_CANCELED) + *r_cancel_all = 1; + if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA) errtext = is_pin? _("PIN too long") : _("Passphrase too long"); Modified: trunk/agent/command-ssh.c =================================================================== --- trunk/agent/command-ssh.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/command-ssh.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -2425,7 +2425,7 @@ pi2->check_cb_arg = pi->pin; next_try: - err = agent_askpin (ctrl, description, NULL, initial_errtext, pi); + err = agent_askpin (ctrl, description, NULL, initial_errtext, pi, NULL); initial_errtext = NULL; if (err) goto out; @@ -2433,7 +2433,7 @@ /* Unless the passphrase is empty, ask to confirm it. */ if (pi->pin && *pi->pin) { - err = agent_askpin (ctrl, description2, NULL, NULL, pi2); + err = agent_askpin (ctrl, description2, NULL, NULL, pi2, NULL); if (err == -1) { /* The re-entered one did not match and the user did not hit cancel. */ Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/command.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -169,6 +169,23 @@ } +/* Skip over options. + Blanks after the options are also removed. */ +static char * +skip_options (const char *line) +{ + while (spacep (line)) + line++; + while ( *line == '-' && line[1] == '-' ) + { + while (*line && !spacep (line)) + line++; + while (spacep (line)) + line++; + } + return (char*)line; +} + /* Check whether the option NAME appears in LINE */ static int has_option (const char *line, const char *name) @@ -177,6 +194,8 @@ int n = strlen (name); s = strstr (line, name); + if (s && s >= skip_options (line)) + return 0; return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); } @@ -190,6 +209,8 @@ int n = strlen (name); s = strstr (line, name); + if (s && s >= skip_options (line)) + return 0; return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n) || s[n] == '=')); } @@ -203,6 +224,8 @@ int n = strlen (name); s = strstr (line, name); + if (s && s >= skip_options (line)) + return NULL; if (s && (s == line || spacep (s-1)) && s[n] && (spacep (s+n) || s[n] == '=')) { @@ -215,23 +238,6 @@ } -/* Skip over options. It is assumed that leading spaces have been - removed (this is the case for lines passed to a handler from - assuan). Blanks after the options are also removed. */ -static char * -skip_options (char *line) -{ - while ( *line == '-' && line[1] == '-' ) - { - while (*line && !spacep (line)) - line++; - while (spacep (line)) - line++; - } - return line; -} - - /* Replace all '+' by a blank. */ static void plus_to_blank (char *s) @@ -530,23 +536,35 @@ static const char hlp_havekey[] = - "HAVEKEY \n" + "HAVEKEY \n" "\n" - "Return success when the secret key is available."; + "Return success if at least one of the secret keys with the given\n" + "keygrips is available."; static gpg_error_t cmd_havekey (assuan_context_t ctx, char *line) { - int rc; + gpg_error_t err; unsigned char buf[20]; - rc = parse_keygrip (ctx, line, buf); - if (rc) - return rc; + do + { + err = parse_keygrip (ctx, line, buf); + if (err) + return err; + + if (!agent_key_available (buf)) + return 0; /* Found. */ - if (agent_key_available (buf)) - return gpg_error (GPG_ERR_NO_SECKEY); - - return 0; + while (*line && *line != ' ' && *line != '\t') + line++; + while (*line == ' ' || *line == '\t') + line++; + } + while (*line); + + /* No leave_cmd() here because errors are expected and would clutter + the log. */ + return gpg_error (GPG_ERR_NO_SECKEY); } @@ -1316,9 +1334,14 @@ ctrl->in_passwd++; rc = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, &shadow_info, CACHE_MODE_IGNORE, NULL, - &s_skey); + &s_skey, NULL); if (rc) - ; + { + /* Not all users of gpg-agent know about fully cancled; thus we + map it back. */ + if (gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) + rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); + } else if (!s_skey) { log_error ("changing a smartcard PIN is not yet supported\n"); @@ -1590,9 +1613,9 @@ used to protect the key using the same code as for regular key import. */ - err = convert_openpgp (ctrl, openpgp_sexp, grip, - ctrl->server_local->keydesc, cache_nonce, - &key, &passphrase); + err = convert_from_openpgp (ctrl, openpgp_sexp, grip, + ctrl->server_local->keydesc, cache_nonce, + &key, &passphrase); if (err) goto leave; realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err); @@ -1620,7 +1643,7 @@ err = agent_ask_new_passphrase (ctrl, _("Please enter the passphrase to protect the " "imported object within the GnuPG system."), - &passphrase); + &passphrase, NULL); if (err) goto leave; } @@ -1650,7 +1673,7 @@ static const char hlp_export_key[] = - "EXPORT_KEY \n" + "EXPORT_KEY [--cache-nonce=] [--openpgp] \n" "\n" "Export a secret key from the key store. The key will be encrypted\n" "using the current session's key wrapping key (cf. command KEYWRAP_KEY)\n" @@ -1668,6 +1691,26 @@ gcry_cipher_hd_t cipherhd = NULL; unsigned char *wrappedkey = NULL; size_t wrappedkeylen; + int openpgp; + char *cache_nonce; + char *passphrase = NULL; + + openpgp = has_option (line, "--openpgp"); + cache_nonce = option_value (line, "--cache-nonce"); + if (cache_nonce) + { + for (; *line && !spacep (line); line++) + ; + if (*line) + *line++ = '\0'; + cache_nonce = xtrystrdup (cache_nonce); + if (!cache_nonce) + { + err = gpg_error_from_syserror (); + goto leave; + } + } + line = skip_options (line); if (!ctrl->server_local->export_key) { @@ -1685,8 +1728,11 @@ goto leave; } + /* Get the key from the file. With the openpgp flag we also ask for + the passphrase so that we can use it to re-encrypt it. */ err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, - NULL, CACHE_MODE_IGNORE, NULL, &s_skey); + NULL, CACHE_MODE_IGNORE, NULL, &s_skey, + openpgp ? &passphrase : NULL); if (err) goto leave; if (!s_skey) @@ -1697,8 +1743,33 @@ err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); goto leave; } - - err = make_canon_sexp_pad (s_skey, 1, &key, &keylen); + + if (openpgp) + { + /* The openpgp option changes the key format into the OpenPGP + key transfer format. The result is already a padded + canonical S-expression. */ + if (!passphrase) + { + int fully_canceled; + err = agent_ask_new_passphrase + (ctrl, _("This key (or subkey) is not protected with a passphrase." + " Please enter a new passphrase to export it."), + &passphrase, &fully_canceled); + if (err) + { + if (fully_canceled) + err = gpg_error (GPG_ERR_FULLY_CANCELED); + goto leave; + } + } + err = convert_to_openpgp (ctrl, s_skey, passphrase, &key, &keylen); + } + else + { + /* Convert into a canonical S-expression and wrap that. */ + err = make_canon_sexp_pad (s_skey, 1, &key, &keylen); + } if (err) goto leave; gcry_sexp_release (s_skey); @@ -1735,12 +1806,18 @@ leave: + xfree (passphrase); xfree (wrappedkey); gcry_cipher_close (cipherhd); xfree (key); gcry_sexp_release (s_skey); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; + + /* Not all users of gpg-agent know about fully cancled; thus we map + it back unless we know that it is okay. */ + if (!openpgp && gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) + err = gpg_err_make (gpg_err_source (err), GPG_ERR_CANCELED); return leave_cmd (ctx, err); } Modified: trunk/agent/cvt-openpgp.c =================================================================== --- trunk/agent/cvt-openpgp.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/cvt-openpgp.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -525,10 +525,10 @@ pointed to by GRIP. On error NULL is stored at all return arguments. */ gpg_error_t -convert_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, - unsigned char *grip, const char *prompt, - const char *cache_nonce, - unsigned char **r_key, char **r_passphrase) +convert_from_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, + unsigned char *grip, const char *prompt, + const char *cache_nonce, + unsigned char **r_key, char **r_passphrase) { gpg_error_t err; gcry_sexp_t top_list; @@ -779,7 +779,7 @@ err = try_do_unprotect_cb (pi); } if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE) - err = agent_askpin (ctrl, prompt, NULL, NULL, pi); + err = agent_askpin (ctrl, prompt, NULL, NULL, pi, NULL); skeyidx = pi_arg.skeyidx; if (!err) { @@ -824,4 +824,267 @@ } + +static gpg_error_t +key_from_sexp (gcry_sexp_t sexp, const char *elems, gcry_mpi_t *array) +{ + gpg_error_t err = 0; + gcry_sexp_t l2; + int idx; + for (idx=0; *elems; elems++, idx++) + { + l2 = gcry_sexp_find_token (sexp, elems, 1); + if (!l2) + { + err = gpg_error (GPG_ERR_NO_OBJ); /* Required parameter not found. */ + goto leave; + } + array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (l2); + if (!array[idx]) + { + err = gpg_error (GPG_ERR_INV_OBJ); /* Required parameter invalid. */ + goto leave; + } + } + + leave: + if (err) + { + int i; + + for (i=0; i < idx; i++) + { + gcry_mpi_release (array[i]); + array[i] = NULL; + } + } + return err; +} + + +/* Given an ARRAY of mpis with the key parameters, protect the secret + parameters in that array and replace them by one opaque encoded + mpi. NPKEY is the number of public key parameters and NSKEY is + the number of secret key parameters (including the public ones). + On success the array will have NPKEY+1 elements. */ +static gpg_error_t +apply_protection (gcry_mpi_t *array, int npkey, int nskey, + const char *passphrase, + int protect_algo, void *protect_iv, size_t protect_ivlen, + int s2k_mode, int s2k_algo, byte *s2k_salt, u32 s2k_count) +{ + gpg_error_t err; + int i, j; + gcry_cipher_hd_t cipherhd; + unsigned char *bufarr[10]; + size_t narr[10]; + unsigned int nbits[10]; + int ndata; + unsigned char *p, *data; + + assert (npkey < nskey); + assert (nskey < DIM (bufarr)); + + /* Collect only the secret key parameters into BUFARR et al and + compute the required size of the data buffer. */ + ndata = 20; /* Space for the SHA-1 checksum. */ + for (i = npkey, j = 0; i < nskey; i++, j++ ) + { + err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]); + if (err) + { + err = gpg_error_from_syserror (); + for (i = 0; i < j; i++) + xfree (bufarr[i]); + return err; + } + nbits[j] = gcry_mpi_get_nbits (array[i]); + ndata += 2 + narr[j]; + } + + /* Allocate data buffer and stuff it with the secret key parameters. */ + data = xtrymalloc_secure (ndata); + if (!data) + { + err = gpg_error_from_syserror (); + for (i = 0; i < (nskey-npkey); i++ ) + xfree (bufarr[i]); + return err; + } + p = data; + for (i = 0; i < (nskey-npkey); i++ ) + { + *p++ = nbits[i] >> 8 ; + *p++ = nbits[i]; + memcpy (p, bufarr[i], narr[i]); + p += narr[i]; + xfree (bufarr[i]); + bufarr[i] = NULL; + } + assert (p == data + ndata - 20); + + /* Append a hash of the secret key parameters. */ + gcry_md_hash_buffer (GCRY_MD_SHA1, p, data, ndata - 20); + + /* Encrypt it. */ + err = gcry_cipher_open (&cipherhd, protect_algo, + GCRY_CIPHER_MODE_CFB, GCRY_CIPHER_SECURE); + if (!err) + err = hash_passphrase_and_set_key (passphrase, cipherhd, protect_algo, + s2k_mode, s2k_algo, s2k_salt, s2k_count); + if (!err) + err = gcry_cipher_setiv (cipherhd, protect_iv, protect_ivlen); + if (!err) + err = gcry_cipher_encrypt (cipherhd, data, ndata, NULL, 0); + gcry_cipher_close (cipherhd); + if (err) + { + xfree (data); + return err; + } + + /* Replace the secret key parameters in the array by one opaque value. */ + for (i = npkey; i < nskey; i++ ) + { + gcry_mpi_release (array[i]); + array[i] = NULL; + } + array[npkey] = gcry_mpi_set_opaque (NULL, data, ndata*8); + return 0; +} + + +/* Convert our key S_KEY into an OpenPGP key transfer format. On + success a canonical encoded S-expression is stored at R_TRANSFERKEY + and its length at R_TRANSFERKEYLEN; this S-expression is also + padded to a multiple of 64 bits. */ +gpg_error_t +convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, + unsigned char **r_transferkey, size_t *r_transferkeylen) +{ + gpg_error_t err; + gcry_sexp_t list, l2; + char *name; + int algo; + const char *algoname; + const char *elems; + int npkey, nskey; + gcry_mpi_t array[10]; + char protect_iv[16]; + char salt[8]; + unsigned long s2k_count; + int i, j; + + (void)ctrl; + + *r_transferkey = NULL; + + for (i=0; i < DIM (array); i++) + array[i] = NULL; + + list = gcry_sexp_find_token (s_key, "private-key", 0); + if (!list) + return gpg_error (GPG_ERR_NO_OBJ); /* Does not contain a key object. */ + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + name = gcry_sexp_nth_string (list, 0); + if (!name) + { + gcry_sexp_release (list); + return gpg_error (GPG_ERR_INV_OBJ); /* Invalid structure of object. */ + } + + algo = gcry_pk_map_name (name); + xfree (name); + + switch (algo) + { + case GCRY_PK_RSA: algoname = "rsa"; npkey = 2; elems = "nedpqu"; break; + case GCRY_PK_ELG: algoname = "elg"; npkey = 3; elems = "pgyx"; break; + case GCRY_PK_ELG_E: algoname = "elg"; npkey = 3; elems = "pgyx"; break; + case GCRY_PK_DSA: algoname = "dsa"; npkey = 4; elems = "pqgyx"; break; + case GCRY_PK_ECDSA: algoname = "ecdsa"; npkey = 6; elems = "pabgnqd"; break; + default: algoname = ""; npkey = 0; elems = NULL; break; + } + assert (!elems || strlen (elems) < DIM (array) ); + nskey = elems? strlen (elems) : 0; + + if (!elems) + err = gpg_error (GPG_ERR_PUBKEY_ALGO); + else + err = key_from_sexp (list, elems, array); + gcry_sexp_release (list); + if (err) + return err; + + gcry_create_nonce (protect_iv, sizeof protect_iv); + gcry_create_nonce (salt, sizeof salt); + s2k_count = get_standard_s2k_count (); + err = apply_protection (array, npkey, nskey, passphrase, + GCRY_CIPHER_AES, protect_iv, sizeof protect_iv, + 3, GCRY_MD_SHA1, salt, s2k_count); + /* Turn it into the transfer key S-expression. Note that we always + return a protected key. */ + if (!err) + { + char countbuf[35]; + membuf_t mbuf; + void *format_args_buf_ptr[1]; + int format_args_buf_int[1]; + void *format_args[10+2]; + size_t n; + gcry_sexp_t tmpkey, tmpsexp; + + snprintf (countbuf, sizeof countbuf, "%lu", s2k_count); + + init_membuf (&mbuf, 50); + put_membuf_str (&mbuf, "(skey"); + for (i=j=0; i < npkey; i++) + { + put_membuf_str (&mbuf, " _ %m"); + format_args[j++] = array + i; + } + put_membuf_str (&mbuf, " e %b"); + format_args_buf_ptr[0] = gcry_mpi_get_opaque (array[npkey], &n); + format_args_buf_int[0] = (n+7)/8; + format_args[j++] = format_args_buf_int; + format_args[j++] = format_args_buf_ptr; + put_membuf_str (&mbuf, ")\n"); + put_membuf (&mbuf, "", 1); + + tmpkey = NULL; + { + char *format = get_membuf (&mbuf, NULL); + if (!format) + err = gpg_error_from_syserror (); + else + err = gcry_sexp_build_array (&tmpkey, NULL, format, format_args); + xfree (format); + } + if (!err) + err = gcry_sexp_build (&tmpsexp, NULL, + "(openpgp-private-key\n" + " (version 1:4)\n" + " (algo %s)\n" + " %S\n" + " (protection sha1 aes %b 1:3 sha1 %b %s))\n", + algoname, + tmpkey, + (int)sizeof protect_iv, protect_iv, + (int)sizeof salt, salt, + countbuf); + gcry_sexp_release (tmpkey); + if (!err) + err = make_canon_sexp_pad (tmpsexp, 0, r_transferkey, r_transferkeylen); + gcry_sexp_release (tmpsexp); + } + + for (i=0; i < DIM (array); i++) + gcry_mpi_release (array[i]); + + return err; +} + Modified: trunk/agent/cvt-openpgp.h =================================================================== --- trunk/agent/cvt-openpgp.h 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/cvt-openpgp.h 2010-10-01 20:33:53 UTC (rev 5433) @@ -19,10 +19,14 @@ #ifndef GNUPG_AGENT_CVT_OPENPGP_H #define GNUPG_AGENT_CVT_OPENPGP_H -gpg_error_t convert_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, - unsigned char *grip, const char *prompt, - const char *cache_nonce, - unsigned char **r_key, char **r_passphrase); +gpg_error_t convert_from_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, + unsigned char *grip, const char *prompt, + const char *cache_nonce, + unsigned char **r_key, char **r_passphrase); +gpg_error_t convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, + const char *passphrase, + unsigned char **r_transferkey, + size_t *r_transferkeylen); #endif /*GNUPG_AGENT_CVT_OPENPGP_H*/ Modified: trunk/agent/divert-scd.c =================================================================== --- trunk/agent/divert-scd.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/divert-scd.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -266,7 +266,7 @@ if (any_flags) { - rc = agent_askpin (ctrl, info, prompt, again_text, pi); + rc = agent_askpin (ctrl, info, prompt, again_text, pi, NULL); again_text = NULL; if (!rc && newpin) { @@ -288,7 +288,7 @@ is_puk? _("Repeat this PUK"): _("Repeat this PIN")), - prompt, NULL, pi2); + prompt, NULL, pi2, NULL); if (!rc && strcmp (pi->pin, pi2->pin)) { again_text = (resetcode? @@ -312,7 +312,7 @@ info? info:"", info? "')":"") < 0) desc = NULL; - rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi); + rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi, NULL); xfree (desc); } Modified: trunk/agent/findkey.c =================================================================== --- trunk/agent/findkey.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/findkey.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -104,7 +104,7 @@ } -/* Callback function to try the unprotection from the passpharse query +/* Callback function to try the unprotection from the passphrase query code. */ static int try_unprotect_cb (struct pin_entry_info_s *pi) @@ -273,11 +273,16 @@ should be the hex encoded keygrip of that key to be used with the caching mechanism. DESC_TEXT may be set to override the default description used for the pinentry. If LOOKUP_TTL is given this - function is used to lookup the default ttl. */ + function is used to lookup the default ttl. If R_PASSPHRASE is not + NULL, the function succeeded and the key was protected the used + passphrase (entered or from the cache) is stored there; if not NULL + will be stored. The caller needs to free the returned + passphrase. */ static int unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, unsigned char **keybuf, const unsigned char *grip, - cache_mode_t cache_mode, lookup_ttl_t lookup_ttl) + cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, + char **r_passphrase) { struct pin_entry_info_s *pi; struct try_unprotect_arg_s arg; @@ -285,6 +290,10 @@ unsigned char *result; size_t resultlen; char hexgrip[40+1]; + int fully_canceled; + + if (r_passphrase) + *r_passphrase = NULL; bin2hex (grip, 20, hexgrip); @@ -297,13 +306,17 @@ if (pw) { rc = agent_unprotect (*keybuf, pw, NULL, &result, &resultlen); - xfree (pw); if (!rc) { + if (r_passphrase) + *r_passphrase = pw; + else + xfree (pw); xfree (*keybuf); *keybuf = result; return 0; } + xfree (pw); } } @@ -318,13 +331,17 @@ if (pw) { rc = agent_unprotect (*keybuf, pw, NULL, &result, &resultlen); - xfree (pw); if (!rc) { + if (r_passphrase) + *r_passphrase = pw; + else + xfree (pw); xfree (*keybuf); *keybuf = result; return 0; } + xfree (pw); rc = 0; } @@ -366,7 +383,9 @@ arg.change_required = 0; pi->check_cb_arg = &arg; - rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi); + rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, &fully_canceled); + if (gpg_err_code (rc) == GPG_ERR_CANCELED && fully_canceled) + rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); if (!rc) { assert (arg.unprotected_key); @@ -400,8 +419,13 @@ return rc; } } - agent_put_cache (hexgrip, cache_mode, pi->pin, - lookup_ttl? lookup_ttl (hexgrip) : 0); + else + { + agent_put_cache (hexgrip, cache_mode, pi->pin, + lookup_ttl? lookup_ttl (hexgrip) : 0); + if (r_passphrase && *pi->pin) + *r_passphrase = xtrystrdup (pi->pin); + } xfree (*keybuf); *keybuf = arg.unprotected_key; } @@ -501,13 +525,17 @@ not simply pass the TTL value because the value is only needed if an unprotect action was needed and looking up the TTL may have some overhead (e.g. scanning the sshcontrol file). If a CACHE_NONCE is - given that cache item is first tried to get a passphrase. */ + given that cache item is first tried to get a passphrase. If + R_PASSPHRASE is not NULL, the function succeeded and the key was + protected the used passphrase (entered or from the cache) is stored + there; if not NULL will be stored. The caller needs to free the + returned passphrase. */ gpg_error_t agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, const unsigned char *grip, unsigned char **shadow_info, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, - gcry_sexp_t *result) + gcry_sexp_t *result, char **r_passphrase) { int rc; unsigned char *buf; @@ -518,6 +546,8 @@ *result = NULL; if (shadow_info) *shadow_info = NULL; + if (r_passphrase) + *r_passphrase = NULL; rc = read_key_file (grip, &s_skey); if (rc) @@ -579,7 +609,7 @@ if (!rc) { rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip, - cache_mode, lookup_ttl); + cache_mode, lookup_ttl, r_passphrase); if (rc) log_error ("failed to unprotect the secret key: %s\n", gpg_strerror (rc)); @@ -626,6 +656,11 @@ if (rc || got_shadow_info) { xfree (buf); + if (r_passphrase) + { + xfree (*r_passphrase); + *r_passphrase = NULL; + } return rc; } @@ -637,6 +672,11 @@ { log_error ("failed to build S-Exp (off=%u): %s\n", (unsigned int)erroff, gpg_strerror (rc)); + if (r_passphrase) + { + xfree (*r_passphrase); + *r_passphrase = NULL; + } return rc; } Modified: trunk/agent/genkey.c =================================================================== --- trunk/agent/genkey.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/genkey.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -290,10 +290,12 @@ function returns 0 and store the passphrase at R_PASSPHRASE; if the user opted not to use a passphrase NULL will be stored there. The user needs to free the returned string. In case of an error and - error code is returned and NULL stored at R_PASSPHRASE. */ + error code is returned and NULL stored at R_PASSPHRASE. If + R_CANCEL_ALL is not NULL and the user canceled by directly closing + the window true will be stored at this address. */ gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, - char **r_passphrase) + char **r_passphrase, int *r_cancel_all) { gpg_error_t err; const char *text1 = prompt; @@ -314,7 +316,7 @@ pi2->check_cb_arg = pi->pin; next_try: - err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi); + err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, r_cancel_all); initial_errtext = NULL; if (!err) { @@ -327,7 +329,7 @@ /* Unless the passphrase is empty, ask to confirm it. */ if (pi->pin && *pi->pin) { - err = agent_askpin (ctrl, text2, NULL, NULL, pi2); + err = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL); if (err == -1) { /* The re-entered one did not match and the user did not hit cancel. */ @@ -379,7 +381,7 @@ rc = agent_ask_new_passphrase (ctrl, _("Please enter the passphrase to%0A" "to protect your new key"), - &passphrase); + &passphrase, NULL); if (rc) return rc; @@ -471,7 +473,7 @@ rc = agent_ask_new_passphrase (ctrl, _("Please enter the new passphrase"), - &passphrase); + &passphrase, NULL); if (!rc) { rc = store_key (s_skey, passphrase, 1); Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/gpg-agent.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -440,6 +440,11 @@ static void cleanup (void) { + static int done; + + if (done) + return; + done = 1; deinitialize_module_cache (); remove_socket (socket_name); remove_socket (socket_name_ssh); @@ -724,6 +729,12 @@ if( parse_debug ) log_info (_("NOTE: no default option file `%s'\n"), configname ); + /* Save the default conf file name so that + reread_configuration is able to test whether the + config file has been created in the meantime. */ + xfree (config_filename); + config_filename = configname; + configname = NULL; } else { @@ -811,10 +822,15 @@ fclose( configfp ); configfp = NULL; /* Keep a copy of the name so that it can be read on SIGHUP. */ - config_filename = configname; + if (config_filename != configname) + { + xfree (config_filename); + config_filename = configname; + } configname = NULL; goto next_pass; } + xfree (configname); configname = NULL; if (log_get_errorcount(0)) @@ -1262,6 +1278,12 @@ agent_exit (int rc) { /*FIXME: update_random_seed_file();*/ + + /* We run our cleanup handler because that may close cipher contexts + stored in secure memory and thus this needs to be done before we + explicitly terminate secure memory. */ + cleanup (); + #if 1 /* at this time a bit annoying */ if (opt.debug & DBG_MEMSTAT_VALUE) @@ -1337,8 +1359,8 @@ fp = fopen (config_filename, "r"); if (!fp) { - log_error (_("option file `%s': %s\n"), - config_filename, strerror(errno) ); + log_info (_("option file `%s': %s\n"), + config_filename, strerror(errno) ); return; } Modified: trunk/agent/keyformat.txt =================================================================== --- trunk/agent/keyformat.txt 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/keyformat.txt 2010-10-01 20:33:53 UTC (rev 5433) @@ -14,8 +14,9 @@ and should have permissions 700. The secret keys are stored in files with a name matching the -hexadecimal representation of the keygrip[2]. +hexadecimal representation of the keygrip[2] and suffixed with ".key". + Unprotected Private Key Format ============================== The content of the file is an S-Expression like the ones used with @@ -166,21 +167,23 @@ (openpgp-private-key (version V) - (protection PROTTYPE PROTALGO IV S2KMODE S2KHASH S2KSALT S2KCOUNT) (algo PUBKEYALGO) - (skey CSUM c P1 c P2 c P3 ... e PN)) + (skey _ P1 _ P2 _ P3 ... e PN) + (csum n) + (protection PROTTYPE PROTALGO IV S2KMODE S2KHASH S2KSALT S2KCOUNT)) * V is the packet version number (3 or 4). * PUBKEYALGO is a Libgcrypt algo name -* CSUM is the 16 bit checksum as defined by OpenPGP. * P1 .. PN are the parameters; the public parameters are never encrypted the secrect key parameters are encrypted if the "protection" list is given. To make this more explicit each parameter is preceded by a flag "_" for cleartext or "e" for encrypted text. +* CSUM is the depreciated 16 bit checksum as defined by OpenPGP. This + is an optional element. * If PROTTYPE is "sha1" the new style SHA1 checksum is used if it is "sum" - the old 16 bit checksum is used and if it is "none" no protection at - all is used. + the old 16 bit checksum (above) is used and if it is "none" no + protection at all is used. * PROTALGO is a Libgcrypt style cipher algorithm name * IV is the initialization verctor. * S2KMODE is the value from RFC-4880. @@ -189,7 +192,106 @@ * S2KCOUNT is the count value from RFC-4880. +Persistent Passphrase Format +============================ +To allow persistent storage of cached passphrases we use a scheme +similar to the private-key storage format. This is a master +passphrase format where each file may protect several secrets under +one master passphrase. It is possible to have several of those files +each protected by a dedicated master passphrase. Clear text keywords +allow to list the available protected passphrases. + +The name of the files with these protected secrets have this form: +pw-.dat. STRING may be an arbitrary string, as a default name +for the passphrase storage the name "pw-default.dat" is suggested. + + +(protected-shared-secret + ((desc descriptive_text) + (key [key_1] (keyword_1 keyword_2 keyword_n)) + (key [key_2] (keyword_21 keyword_22 keyword_2n)) + (key [key_n] (keyword_n1 keyword_n2 keyword_nn)) + (protected mode (parms) encrypted_octet_string) + (protected-at ) + ) +) + +After decryption the encrypted_octet_string yields this S-expression: + +( + ( + (value key_1 value_1) + (value key_2 value_2) + (value key_n value_n) + ) + (hash sha1 #...[hashvalue]...#) +) + +The "descriptive_text" is displayed with the prompt to enter the +unprotection passphrase. + +KEY_1 to KEY_N are unique identifiers for the shared secret, for +example an URI. In case this information should be kept confidential +as well, they may not appear in the unprotected part; however they are +mandatory in the encrypted_octet_string. The list of keywords is +optional. The oder of the "key" lists and the order of the "value" +lists mut match, that is the first "key"-list is associated with the +first "value" list in the encrypted_octet_string. + +The protection mode etc. is indentical to the protection mode as +decribed for the private key format. + +list of the secret key parameters. The protected-at expression is +optional; the isotimestamp is 15 bytes long (e.g. "19610711T172000"). + +The "hash" in the encrypted_octet_string is calculated on the +concatenation of the key list and value lists: i.e it is required to +hash the concatenation of all these lists, including the +parenthesis and (if used) the protected-at list. + +Example: + +(protected-shared-secret + ((desc "List of system passphrases") + (key "uid-1002" ("Knuth" "Donald Ervin Knuth")) + (key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra")) + (key) + (protected mode (parms) encrypted_octet_string) + (protected-at "20100915T111722") + ) +) + +with "encrypted_octet_string" decoding to: + +( + ( + (value 4:1002 "signal flags at the lock") + (value 4:1001 "taocp") + (value 1:0 "premature optimization is the root of all evil") + ) + (hash sha1 #0102030405060708091011121314151617181920#) +) + +To compute the hash this S-expression (in canoncical format) was +hashed: + + ((desc "List of system passphrases") + (key "uid-1002" ("Knuth" "Donald Ervin Knuth")) + (key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra")) + (key) + (value 4:1002 "signal flags at the lock") + (value 4:1001 "taocp") + (value 1:0 "premature optimization is the root of all evil") + (protected-at "20100915T111722") + ) + + + + + + + Notes: ====== [1] I usually use the terms private and secret key exchangeable but prefer the Modified: trunk/agent/pkdecrypt.c =================================================================== --- trunk/agent/pkdecrypt.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/pkdecrypt.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -66,7 +66,9 @@ } rc = agent_key_from_file (ctrl, NULL, desc_text, ctrl->keygrip, &shadow_info, - CACHE_MODE_NORMAL, NULL, &s_skey); + CACHE_MODE_NORMAL, NULL, &s_skey, NULL); + if (gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) + rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) { if (gpg_err_code (rc) == GPG_ERR_ENOENT) Modified: trunk/agent/pksign.c =================================================================== --- trunk/agent/pksign.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/pksign.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -255,7 +255,9 @@ rc = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip, &shadow_info, cache_mode, lookup_ttl, - &s_skey); + &s_skey, NULL); + if (gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) + rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) { log_error ("failed to read the secret key\n"); Modified: trunk/agent/protect.c =================================================================== --- trunk/agent/protect.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/protect.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -191,14 +191,16 @@ -/* Calculate the MIC for a private key S-Exp. SHA1HASH should point to - a 20 byte buffer. This function is suitable for any algorithms. */ +/* Calculate the MIC for a private key or shared secret S-expression. + SHA1HASH should point to a 20 byte buffer. This function is + suitable for all algorithms. */ static int calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash) { const unsigned char *hash_begin, *hash_end; const unsigned char *s; size_t n; + int is_shared_secret; s = plainkey; if (*s != '(') @@ -207,16 +209,23 @@ n = snext (&s); if (!n) return gpg_error (GPG_ERR_INV_SEXP); - if (!smatch (&s, n, "private-key")) + if (smatch (&s, n, "private-key")) + is_shared_secret = 0; + else if (smatch (&s, n, "shared-secret")) + is_shared_secret = 1; + else return gpg_error (GPG_ERR_UNKNOWN_SEXP); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); hash_begin = s; - s++; - n = snext (&s); - if (!n) - return gpg_error (GPG_ERR_INV_SEXP); - s += n; /* skip over the algorithm name */ + if (!is_shared_secret) + { + s++; + n = snext (&s); + if (!n) + return gpg_error (GPG_ERR_INV_SEXP); + s += n; /* Skip the algorithm name. */ + } while (*s == '(') { @@ -955,7 +964,7 @@ xfree (final); return rc; } - /* Now remove tha part which is included in the MIC but should not + /* Now remove the part which is included in the MIC but should not go into the final thing. */ if (cutlen) { Modified: trunk/agent/t-protect.c =================================================================== --- trunk/agent/t-protect.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/agent/t-protect.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -289,8 +289,15 @@ } +static void +test_agent_protect_shared_secret (void) +{ +} + + + int main (int argc, char **argv) { @@ -305,6 +312,7 @@ test_make_shadow_info (); test_agent_shadow_key (); test_agent_get_shadow_info (); + test_agent_protect_shared_secret (); return 0; } Modified: trunk/common/http.c =================================================================== --- trunk/common/http.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/common/http.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -114,6 +114,9 @@ #ifndef EAGAIN #define EAGAIN EWOULDBLOCK #endif +#ifndef INADDR_NONE /* Slowaris is missing that. */ +#define INADDR_NONE ((unsigned long)(-1)) +#endif /*INADDR_NONE*/ #define HTTP_PROXY_ENV "http_proxy" #define MAX_LINELEN 20000 /* Max. length of a HTTP header line. */ Modified: trunk/common/logging.c =================================================================== --- trunk/common/logging.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/common/logging.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -68,6 +68,9 @@ #ifndef EAFNOSUPPORT # define EAFNOSUPPORT EINVAL #endif +#ifndef INADDR_NONE /* Slowaris is missing that. */ +#define INADDR_NONE ((unsigned long)(-1)) +#endif /*INADDR_NONE*/ #ifdef HAVE_W32_SYSTEM #define sock_close(a) closesocket(a) Modified: trunk/common/sexp-parse.h =================================================================== --- trunk/common/sexp-parse.h 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/common/sexp-parse.h 2010-10-01 20:33:53 UTC (rev 5433) @@ -82,7 +82,7 @@ /* Check whether the the string at the address BUF points to matches the token. Return true on match and update BUF to point behind the - token. Return false and dont update tha buffer if it does not + token. Return false and do not update the buffer if it does not match. */ static inline int smatch (unsigned char const **buf, size_t buflen, const char *token) Modified: trunk/common/status.c =================================================================== --- trunk/common/status.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/common/status.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -58,6 +58,7 @@ case GPG_ERR_NOT_TRUSTED: errstr = "10"; break; case GPG_ERR_MISSING_CERT: errstr = "11"; break; + case GPG_ERR_MISSING_ISSUER_CERT: errstr = "12"; break; default: errstr = "0"; break; } Modified: trunk/common/util.h =================================================================== --- trunk/common/util.h 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/common/util.h 2010-10-01 20:33:53 UTC (rev 5433) @@ -33,6 +33,12 @@ #ifndef GPG_ERR_NOT_INITIALIZED #define GPG_ERR_NOT_INITIALIZED 184 #endif +#ifndef GPG_ERR_MISSING_ISSUER_CERT +#define GPG_ERR_MISSING_ISSUER_CERT 185 +#endif +#ifndef GPG_ERR_FULLY_CANCELED +#define GPG_ERR_FULLY_CANCELED 198 +#endif /* Hash function used with libksba. */ Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/configure.ac 2010-10-01 20:33:53 UTC (rev 5433) @@ -396,7 +396,7 @@ # define GNUPG_DEFAULT_HOMEDIR "/gnupg" # endif #elif defined(__VMS) -#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" +#define GNUPG_DEFAULT_HOMEDIR "/SYS$LOGIN/gnupg" #else #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg" #endif Modified: trunk/dirmngr/validate.c =================================================================== --- trunk/dirmngr/validate.c 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/dirmngr/validate.c 2010-10-01 20:33:53 UTC (rev 5433) @@ -623,7 +623,7 @@ log_error (_("issuer certificate not found: %s\n"), gpg_strerror (err)); /* Use a better understandable error code. */ - err = gpg_error (GPG_ERR_MISSING_CERT); + err = gpg_error (GPG_ERR_MISSING_ISSUER_CERT); goto leave; } Modified: trunk/doc/DETAILS =================================================================== --- trunk/doc/DETAILS 2010-09-29 18:42:43 UTC (rev 5432) +++ trunk/doc/DETAILS 2010-10-01 20:33:53 UTC (rev 5433) @@ -586,7 +586,8 @@ 8 := "Policy mismatch" 9 := "Not a secret key" 10 := "Key not trusted" - 11 := "Missing certificate" (e.g. intermediate or root cert.) + 11 := "Missing certificate" + 12 := "Missing issuer certificate" Note that for historical reasons the INV_RECP status is also used for gpgsm's SIGNER command where it relates to signer's From cvs at cvs.gnupg.org Mon Oct 4 23:08:35 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 04 Oct 2010 23:08:35 +0200 Subject: [svn] GnuPG - r5434 - in trunk: . common doc Message-ID: Author: wk Date: 2010-10-04 23:08:34 +0200 (Mon, 04 Oct 2010) New Revision: 5434 Added: trunk/doc/faq.org Removed: trunk/doc/faq.raw Modified: trunk/ChangeLog trunk/common/ChangeLog trunk/common/gettime.c trunk/configure.ac trunk/doc/ChangeLog trunk/doc/Makefile.am Log: [w32ce] Do not print the faulty timezone info Switch FAQ sources to org-mode [The diff below has been truncated] Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-01 20:33:53 UTC (rev 5433) +++ trunk/ChangeLog 2010-10-04 21:08:34 UTC (rev 5434) @@ -1,3 +1,7 @@ +2010-10-04 Werner Koch + + * configure.ac (GNUPG_CHECK_FAQPROG): Remove. + 2010-08-19 Werner Koch * configure.ac (AH_BOTTOM): Define GPG_ERR_ENABLE_ERRNO_MACROS. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-10-01 20:33:53 UTC (rev 5433) +++ trunk/common/ChangeLog 2010-10-04 21:08:34 UTC (rev 5434) @@ -1,3 +1,7 @@ +2010-10-04 Werner Koch + + * gettime.c (asctimestamp) [W32CE]: Do not print the timezone. + 2010-09-30 Werner Koch * util.h (GPG_ERR_FULLY_CANCELED): Add replacement. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2010-10-01 20:33:53 UTC (rev 5433) +++ trunk/doc/ChangeLog 2010-10-04 21:08:34 UTC (rev 5434) @@ -1,3 +1,10 @@ +2010-10-04 Werner Koch + + * faq.org: New. + * FAQ: Make it a static file with a pointer to the online location. + * Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html. + (FAQ, faq.html): Remove these targets + 2010-09-28 Werner Koch * Makefile.am (AM_MAKEINFOFLAGS): Add define gpgtwoone. Modified: trunk/common/gettime.c =================================================================== --- trunk/common/gettime.c 2010-10-01 20:33:53 UTC (rev 5433) +++ trunk/common/gettime.c 2010-10-04 21:08:34 UTC (rev 5434) @@ -330,41 +330,46 @@ * Note: this function returns local time */ const char * -asctimestamp( u32 stamp ) +asctimestamp (u32 stamp) { - static char buffer[50]; + static char buffer[50]; #if defined (HAVE_STRFTIME) && defined (HAVE_NL_LANGINFO) - static char fmt[50]; + static char fmt[50]; #endif - struct tm *tp; - time_t atime = stamp; + struct tm *tp; + time_t atime = stamp; - if (atime < 0) { - strcpy (buffer, "????" "-??" "-??"); - return buffer; + if (atime < 0) + { + strcpy (buffer, "????" "-??" "-??"); + return buffer; } - tp = localtime( &atime ); + tp = localtime( &atime ); #ifdef HAVE_STRFTIME -#if defined(HAVE_NL_LANGINFO) - mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 ); - if( strstr( fmt, "%Z" ) == NULL ) - strcat( fmt, " %Z"); - /* NOTE: gcc -Wformat-noliteral will complain here. I have - found no way to suppress this warning .*/ - strftime (buffer, DIM(buffer)-1, fmt, tp); +# if defined(HAVE_NL_LANGINFO) + mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 ); + if (!strstr( fmt, "%Z" )) + strcat( fmt, " %Z"); + /* NOTE: gcc -Wformat-noliteral will complain here. I have found no + way to suppress this warning. */ + strftime (buffer, DIM(buffer)-1, fmt, tp); +# elif defined(HAVE_W32CE_SYSTEM) + /* tzset is not available but %Z nevertheless prints a default + nonsense timezone ("WILDABBR"). Thus we don't print the time + zone at all. */ + strftime (buffer, DIM(buffer)-1, "%c", tp); +# else + /* FIXME: we should check whether the locale appends a " %Z" These + * locales from glibc don't put the " %Z": fi_FI hr_HR ja_JP lt_LT + * lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN. */ + strftime (buffer, DIM(buffer)-1, "%c %Z", tp); +# endif + buffer[DIM(buffer)-1] = 0; #else - /* FIXME: we should check whether the locale appends a " %Z" - * These locales from glibc don't put the " %Z": - * fi_FI hr_HR ja_JP lt_LT lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN - */ - strftime( buffer, DIM(buffer)-1, "%c %Z", tp ); + mem2str( buffer, asctime(tp), DIM(buffer) ); #endif - buffer[DIM(buffer)-1] = 0; -#else - mem2str( buffer, asctime(tp), DIM(buffer) ); -#endif - return buffer; + return buffer; } Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-10-01 20:33:53 UTC (rev 5433) +++ trunk/configure.ac 2010-10-04 21:08:34 UTC (rev 5434) @@ -518,7 +518,6 @@ AC_ISC_POSIX gl_EARLY AC_SYS_LARGEFILE -GNUPG_CHECK_FAQPROG GNUPG_CHECK_USTAR # We need to compile and run a program on the build machine. A Modified: trunk/doc/Makefile.am =================================================================== --- trunk/doc/Makefile.am 2010-10-01 20:33:53 UTC (rev 5433) +++ trunk/doc/Makefile.am 2010-10-04 21:08:34 UTC (rev 5434) @@ -32,12 +32,12 @@ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \ gnupg-card-architecture.eps gnupg-card-architecture.png \ gnupg-card-architecture.pdf \ - faq.raw FAQ faq.html gnupg7.texi \ + FAQ gnupg7.texi \ opt-homedir.texi see-also-note.texi specify-user-id.texi \ gpgv.texi texi.css yat2m.c BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \ - gnupg-card-architecture.pdf FAQ faq.html + gnupg-card-architecture.pdf info_TEXINFOS = gnupg.texi @@ -46,7 +46,7 @@ nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \ $(examples) -dist_html_DATA = faq.html +#dist_html_DATA = gnupg_TEXINFOS = \ @@ -75,7 +75,7 @@ watchgnupg_SOURCE = gnupg.texi -CLEANFILES = faq.raw.xref yat2m +CLEANFILES = yat2m DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ $(myman_pages) gnupg.7 @@ -97,25 +97,6 @@ fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@ -FAQ : faq.raw -if WORKING_FAQPROG - $(FAQPROG) -f $< $@ || $(FAQPROG) -f $< $@ -else - : Warning: missing faqprog.pl, cannot make $@ - echo "No $@ due to missing faqprog.pl" > $@ - echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@ -endif - -faq.html : faq.raw -if WORKING_FAQPROG - $(FAQPROG) -h -f $< $@ 2>&1 || $(FAQPROG) -h -f $< $@ -else - : Warning: missing faqprog.pl, cannot make $@ - echo "No $@ due to missing faqprog.pl" > $@ - echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@ -endif - - yat2m-stamp: $(myman_sources) @rm -f yat2m-stamp.tmp @touch yat2m-stamp.tmp Added: trunk/doc/faq.org =================================================================== --- trunk/doc/faq.org (rev 0) +++ trunk/doc/faq.org 2010-10-04 21:08:34 UTC (rev 5434) @@ -0,0 +1,1560 @@ +#+STARTUP: overview +#+OPTIONS: H:2 num:t toc:t \n:nil @:t ::t |:t ^:t *:t TeX:t +#+EMAIL: wk at gnupg.org +#+AUTHOR: GnuPG users +#+LANGUAGE: en +#+TITLE: GnuPG Frequently Asked Questions +#+OPTIONS: H:3 num:nil toc:t \n:nil @:t ::t |:t ^:{} -:t f:t *:t TeX:t LaTeX:t skip:nil d:(HIDE) tags:not-in-toc +#+LINK: gnupgweb http://www.gnupg.org/ +#+LINK gnupgftp ftp://ftp.gnupg.org/gcrypt/ +#+LINK: roundup https://bugs.g10code.com/gnupg/issue +#+STYLE: + +# FIXME: This FAQ needs a heavy cleanup. For now I only switched to +# org-mode format for easier maintenance. + +#+begin_html + +#+end_html + + +* Welcome + :PROPERTIES: + :CUSTOM_ID: welcome + :END: + + Welcome to the GnuPG FAQ. The latest HTML version is available + [[gnupgweb:faq.html][here]]. + + The index is generated automatically, so there may be errors. Not + all questions may be in the section they belong to. Suggestions + about how to improve the structure of this FAQ are welcome. + + Please send additions and corrections to the gnupg users mailing + list. It would be most convenient if you could provide the answer to + be included here as well. Your help is very much appreciated! + + Please, don't send message like "This should be a FAQ - what's the + answer?". If it hasn't been asked before, it isn't a FAQ. In that case + you could search in the mailing list archive. + +** What conventions are used in this FAQ? + :PROPERTIES: + :CUSTOM_ID: what-conventions-are-used-in-this-faq + :END: + + Although GnuPG is being developed for several operating systems + (often in parallel), the conventions used in this FAQ reflect a + UNIX shell environment. For Win32 users, references to a shell + prompt (`$') should be interpreted as a command prompt (`>'), + directory names separated by a forward slash (`/') may need to be + converted to a back slash (`\'), and a tilde (`~') represents a + user's "home" directory (reference question [[id:how-do-i-put-my-keyring-in-a-different-directory][How do I put my keyring in a different directory?]] for an example). + + Some command-lines presented in this FAQ are too long to properly + display in some browsers for the web page version of this file, and + have been split into two or more lines. For these commands please + remember to enter the entire command-string on one line or the + command will error, or at minimum not give the desired results. + + Please keep in mind that this FAQ contains information that may not + apply to your particular version, as new features and bug fixes are + added on a continuing basis (reference the NEWS file included with + the source or package for noteworthy changes between versions). One + item to note is that starting with GnuPG version 1.1.92 the file + containing user options and settings has been renamed from "options" + to "gpg.conf". Information in the FAQ that relates to the options + file may be interchangable with the newer gpg.conf file in many + instances. See question for details. + +* General Questions + +** What is GnuPG? + :PROPERTIES: + :CUSTOM_ID: what-is-gnupg + :END: + + [[gnupgweb][GnuPG]] stands for GNU Privacy Guard and is GNU's tool for secure + communication and data storage. It can be used to encrypt data and + to create digital signatures. It includes an advanced key + management facility and is compliant with the proposed OpenPGP + Internet standard as described in [[http://www.rfc-editor.org/rfc/rfc4880.txt][RFC-4880]]. As such, it is aimed + to be compatible with PGP from PGP Corp. and other OpenPGP tools + +** Is GnuPG compatible with PGP? + :PROPERTIES: + :CUSTOM_ID: is-gnupg-compatible-with-pgp + :END: + + In general, yes. GnuPG and newer PGP releases should be implementing + the OpenPGP standard. But there are some interoperability problems. + See question for details. + +** Is GnuPG free to use for personal or commercial use? + :PROPERTIES: + :CUSTOM_ID: is-gnupg-free-to-use + :END: + + Yes. GnuPG is part of the GNU family of tools and applications built + and provided in accordance with the Free Software Foundation (FSF) + General Public License (GPL). Therefore the software is free to copy, + use, modify and distribute in accordance with that license. Please + read the file titled COPYING that accompanies the application for + more information. + + +* Sources of Information + +** Where can I find more information on GnuPG? + :PROPERTIES: + :CUSTOM_ID: more-information-on-gnupg + :END: + + On-line resources: + + [H ul] + [H li]The documentation page is located at [H a href=[$hGPGHTTP]/documentation/]<[$hGPGHTTP]/documentation/>[H/a]. + Also, have a look at the HOWTOs and the GNU Privacy Handbook (GPH, + available in English, Spanish and Russian). The latter provides a + detailed user's guide to GnuPG. You'll also find a document about how + to convert from PGP 2.x to GnuPG. + + [H li]At [H a href=[$hGPGHTTP]/documentation/mailing-lists.html]<[$hGPGHTTP]/documentation/mailing-lists.html>[H/a] you'll find + an online archive of the GnuPG mailing lists. Most interesting should + be gnupg-users for all user-related issues and gnupg-devel if you want + to get in touch with the developers. + + In addition, searchable archives can be found on MARC, e.g.: [H br] + gnupg-users: [H a href=http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2][H/a][H br] + gnupg-devel: [H a href=http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2][H/a][H br] + + [H b]PLEASE:[H /b] + Before posting to a list, read this FAQ and the available documentation. + In addition, search the list archive - maybe your question has already + been discussed. This way you help people focus on topics that have not + yet been resolved. + + [H li]The GnuPG source distribution contains a subdirectory: + + [H samp] + ./doc + [H /samp] + + where some additional documentation is located (mainly interesting + for hackers, not the casual user). + [H /ul] + +** Where do I get GnuPG? + :PROPERTIES: + :CUSTOM_ID: where-do-i-get-gnupg + :END: + + You can download the GNU Privacy Guard from its primary FTP server + [[gnupgftp:gnupg/][ftp.gnupg.org]] or from one of its [[gnupgweb:download/mirrors.html][mirrors]]. + + The current stable version is FIXME. Please upgrade to this + version as it includes additional features, functions and security + fixes that may not have existed in prior versions. + +* Installation + +** Which OSes does GnuPG run on? + :PROPERTIES: + :CUSTOM_ID: which-oses-does-gnupg-run-on + :END: + + It should run on most Unices as well as Windows versions (including + Windows NT/2000) and Macintosh OS/X. A list of OSes reported to be OK + is presented at: + + [H a href=[$hGPGHTTP]/download/supported_systems.html] + <[$hGPGHTTP]/download/supported_systems.html> + [H /a] + +** Which random data gatherer should I use? + :PROPERTIES: + :CUSTOM_ID: which-random-data-gatherer-should-i-use + :END: + + "Good" random numbers are crucial for the security of your encryption. + Different operating systems provide a variety of more or less quality + random data. Linux and *BSD provide kernel generated random data + through /dev/random - this should be the preferred choice on these + systems. Also Solaris users with the SUNWski package installed have + a /dev/random. In these cases, use the configure option: + + [H samp] + --enable-static-rnd=linux + [H /samp] + + In addition, there's also the kernel random device by Andi Maier + [H a href= http://www.cosy.sbg.ac.at/~andi/SUNrand/][H /a], but it's still beta. Use at your + own risk! + + On other systems, the Entropy Gathering Daemon (EGD) is a good choice. + It is a perl-daemon that monitors system activity and hashes it into + random data. See the download page [H a href=[$hGPGHTTP]/download/]<[$hGPGHTTP]/download/>[H /a] + to obtain EGD. Use: + + [H samp] + --enable-static-rnd=egd + [H /samp] + + here. + + If the above options do not work, you can use the random number + generator "unix". This is [H B]very[H /B] slow and should be avoided. The + random quality isn't very good so don't use it on sensitive data. + + +** How do I include support for RSA and IDEA? + :PROPERTIES: + :CUSTOM_ID: how-do-i-include-support-for-rsa-and-idea + :END: + + RSA is included as of GnuPG version 1.0.3. + + The official GnuPG distribution does not contain IDEA due to a patent + restriction. The patent does not expire before 2007 so don't expect + official support before then. + + However, there is an unofficial module to include it even in earlier + versions of GnuPG. It's available from + [H a href=ftp://ftp.gnupg.dk/pub/contrib-dk/][H /a]. Look for: + + [H pre] + idea.c.gz (c module) + idea.c.gz.sig (signature file) + [H /pre] + + [H pre] + ideadll.zip (c module and win32 dll) + ideadll.zip.sig (signature file) + [H /pre] + + Compilation directives are in the headers of these files. You will + then need to add the following line to your ~/.gnupg/gpg.conf or + ~/.gnupg/options file: + + [H samp] + load-extension idea + [H /samp] + + +* Usage + +** What is the recommended key size? + :PROPERTIES: + :CUSTOM_ID: what-is-the-recommended-key-size + :END: + + 1024 bit for DSA signatures; even for plain Elgamal signatures. + This is sufficient as the size of the hash is probably the weakest + link if the key size is larger than 1024 bits. Encryption keys may + have greater sizes, but you should then check the fingerprint of + this key: + + [H samp] + $ gpg --fingerprint + [H /samp] + + As for the key algorithms, you should stick with the default (i.e., + DSA signature and Elgamal encryption). An Elgamal signing key has + the following disadvantages: the signature is larger, it is hard + to create such a key useful for signatures which can withstand some + real world attacks, you don't get any extra security compared to + DSA, and there might be compatibility problems with certain PGP + versions. It has only been introduced because at the time it was + not clear whether there was a patent on DSA. + +** Why does it sometimes take so long to create keys? + :PROPERTIES: + :CUSTOM_ID: why-does-it-sometimes-take-so-long-to-create-keys + :END: + + The problem here is that we need a lot of random bytes and for that + we (on Linux the /dev/random device) must collect some random data. + It is really not easy to fill the Linux internal entropy buffer; I + talked to Ted Ts'o and he commented that the best way to fill the + buffer is to play with your keyboard. Good security has its price. + What I do is to hit several times on the shift, control, alternate, + and caps lock keys, because these keys do not produce output to the + screen. This way you get your keys really fast (it's the same thing + PGP2 does). + + Another problem might be another program which eats up your random + bytes (a program (look at your daemons) that reads from /dev/random). + +** And it really takes long when I work on a remote system. Why? + :PROPERTIES: + :CUSTOM_ID: it-really-takes-long-when-i-work-on-a-remote-system + :END: + + Don't do this at all! You should never create keys or even use GnuPG + on a remote system because you normally have no physical control + over your secret key ring (which is in most cases vulnerable to + advanced dictionary attacks) - I strongly encourage everyone to only + create keys on a local computer (a disconnected laptop is probably + the best choice) and if you need it on your connected box (I know, + we all do this) be sure to have a strong password for both your + account and for your secret key, and that you can trust your system + administrator. + + When I check GnuPG on a remote system via ssh (I have no Alpha here) + ;-) I have the same problem. It takes a *very* long time to create + the keys, so I use a special option, --quick-random, to generate + insecure keys which are only good for some tests. + +** What is the difference between options and commands? + :PROPERTIES: + :CUSTOM_ID: difference-between-options-and-commands + :END: + + If you do a 'gpg --help', you will get two separate lists. The first + is a list of commands. The second is a list of options. Whenever you + run GPG, you [H b]must[H /b] pick exactly one command (with one exception, + see below). You [H b]may[H /b] pick one or more options. The command should, + just by convention, come at the end of the argument list, after all + the options. If the command takes a file (all the basic ones do), + the filename comes at the very end. So the basic way to run gpg is: + + [H samp] + $ gpg [--option something] [--option2] [--option3 something] --command file + [H /samp] + + Some options take arguments. For example, the --output option (which + can be abbreviated as -o) is an option that takes a filename. The + option's argument must follow immediately after the option itself, + otherwise gpg doesn't know which option the argument is supposed to + paired with. As an option, --output and its filename must come before + the command. The --recipient (-r) option takes a name or keyID to + encrypt the message to, which must come right after the -r option. + The --encrypt (or -e) command comes after all the options and is + followed by the file you wish to encrypt. Therefore in this example + the command-line issued would be: + + [H samp] + $ gpg -r alice -o secret.txt -e test.txt + [H /samp] + + If you write the options out in full, it is easier to read: + + [H samp] + $ gpg --recipient alice --output secret.txt --encrypt test.txt + [H /samp] + + If you're encrypting to a file with the extension ".txt", then you'd + probably expect to see ASCII-armored text in the file (not binary), + so you need to add the --armor (-a) option, which doesn't take any + arguments: + + [H samp] + $ gpg --armor --recipient alice --output secret.txt --encrypt test.txt + [H /samp] + + If you imagine square brackets around the optional parts, it becomes + a bit clearer: + + [H samp] + $ gpg [--armor] [--recipient alice] [--output secret.txt] --encrypt test.txt + [H /samp] + + The optional parts can be rearranged any way you want: + + [H samp] + $ gpg --output secret.txt --recipient alice --armor --encrypt test.txt + [H /samp] + + If your filename begins with a hyphen (e.g. "-a.txt"), GnuPG assumes + this is an option and may complain. To avoid this you have to either + use "./-a.txt", or stop the option and command processing with two + hyphens: "-- -a.txt". + + [H B]The exception to using only one command:[H /B] signing and encrypting + at the same time. For this you can combine both commands, such as in: + + [H samp] + $ gpg [--options] --sign --encrypt foo.txt + [H /samp] + +** I can't delete a user ID on my secret keyring because it has already been deleted on my public keyring. What can I do? + :PROPERTIES: + :CUSTOM_ID: delete-user-id-from-secring-if-already-deleted-from-pubring + :END: + + Because you can only select from the public key ring, there is no + direct way to do this. However it is not very complicated to do + anyway. Create a new user ID with exactly the same name and you + will see that there are now two identical user IDs on the secret + ring. Now select this user ID and delete it. Both user IDs will be + removed from the secret ring. + +** I can't delete my secret key because the public key disappeared. What can I do? + :PROPERTIES: + :CUSTOM_ID: delete-my-secret-key-because-the-public-key-disappeared + :END: + + To select a key a search is always done on the public keyring, + therefore it is not possible to select a secret key without + having the public key. Normally it should never happen that the + public key got lost but the secret key is still available. The + reality is different, so GnuPG implements a special way to deal + with it: Simply use the long keyID to specify the key to delete, + which can be obtained by using the --with-colons options (it is + the fifth field in the lines beginning with "sec"). + + If you've lost your public key and need to recreate it instead + for continued use with your secret key, you may be able to use + gpgsplit as detailed in question . + + + +** What are trust, validity and ownertrust? + :PROPERTIES: + :CUSTOM_ID: what-are-trust-validity-and-ownertrust + :END: + + With GnuPG, the term "ownertrust" is used instead of "trust" to + help clarify that this is the value you have assigned to a key + to express how much you trust the owner of this key to correctly + sign (and thereby introduce) other keys. The "validity", or + calculated trust, is a value which indicates how much GnuPG + considers a key as being valid (that it really belongs to the + one who claims to be the owner of the key). For more information + on trust values see the chapter "The Web of Trust" in The GNU + Privacy Handbook. + +** How do I sign a patch file? + :PROPERTIES: + :CUSTOM_ID: how-do-i-sign-a-patch-file + :END: + + Use "gpg --clearsign --not-dash-escaped ...". The problem with + --clearsign is that all lines starting with a dash are quoted with + "- "; obviously diff produces many lines starting with a dash and + these are then quoted and that is not good for a patch ;-). To use + a patch file without removing the cleartext signature, the special + option --not-dash-escaped may be used to suppress generation of + these escape sequences. You should not mail such a patch because + spaces and line endings are also subject to the signature and a + mailer may not preserve these. If you want to mail a file you can + simply sign it using your MUA (Mail User Agent). + +** Where is the "encrypt-to-self" option? + :PROPERTIES: + :CUSTOM_ID: where-is-the-encrypt-to-self-option + :END: + + Use "--encrypt-to your_keyID". You can use more than one of these + options. To temporarily override the use of this additional key, + you can use the option "--no-encrypt-to". + +** How can I get rid of the Version and Comment headers in armored messages? + :PROPERTIES: + :CUSTOM_ID: get-rid-of-the-version-and-comment-headers-in-armored-messages + :END: + + Use "--no-version --comment ''". Note that the left over blank line + is required by the protocol. + +** What does the "You are using the xxxx character set." mean? + :PROPERTIES: + :CUSTOM_ID: what-does-the-you-are-using-the-xxx-character-set-mean + :END: + + This note is printed when UTF-8 mapping has to be done. Make sure + that the displayed character set is the one you have activated on + your system. Since "iso-8859-1" is the character set most used, + this is the default. You can change the charset with the option + "--charset". It is important that your active character set matches + the one displayed - if not, restrict yourself to plain 7 bit ASCII + and no mapping has to be done. + +** How can I get list of key IDs used to encrypt a message? + :PROPERTIES: + :CUSTOM_ID: how-can-i-get-list-of-key-ids-used-to-encrypt-a-message + :END: + + [H samp] + $ gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | + awk '/^\[GNUPG:\] ENC_TO / { print $3 }' + [H /samp] + +** Why can't I decrypt files encrypted as symmetrical-only (-c) with a version of GnuPG prior to 1.0.1. + :PROPERTIES: + :CUSTOM_ID: why-cant-i-decrypt-symmetrical-only-with-gnupg-prior-to-1.0.1 + :END: + + There was a bug in GnuPG versions prior to 1.0.1 which affected files + only if 3DES or Twofish was used for symmetric-only encryption (this has + never been the default). The bug has been fixed, but to enable decryption + of old files you should run gpg with the option "--emulate-3des-s2k-bug", + decrypt the file and encrypt it again without this option. + + NOTE: This option was removed in GnuPG development version 1.1.0 and later + updates, so you will need to use a version between 1.0.1 and 1.0.7 to + re-encrypt any affected files. + +** How can I use GnuPG in an automated environment? + :PROPERTIES: + :CUSTOM_ID: how-can-i-use-gnupg-in-an-automated-environment + :END: + + You should use the option --batch and don't use passphrases as + there is usually no way to store it more securely than on the + secret keyring itself. The suggested way to create keys for an + automated environment is: + + On a secure machine: + [H ol] + [H li] If you want to do automatic signing, create a signing subkey + for your key (use the interactive key editing menu by issueing + the command 'gpg --edit-key keyID', enter "addkey" and select + the DSA key type). + [H li] Make sure that you use a passphrase (needed by the current + implementation). + [H li] gpg --export-secret-subkeys --no-comment foo >secring.auto + [H li] Copy secring.auto and the public keyring to a test directory. + [H li] Change to this directory. + [H li] gpg --homedir . --edit foo and use "passwd" to remove the + passphrase from the subkeys. You may also want to remove all + unused subkeys. + [H li] Copy secring.auto to a floppy and carry it to the target box. + [H /ol] + + On the target machine: + [H ol] + [H li] Install secring.auto as the secret keyring. + [H li] Now you can start your new service. It's also a good idea to + install an intrusion detection system so that you hopefully + get a notice of an successful intrusion, so that you in turn + can revoke all the subkeys installed on that machine and + install new subkeys. + [H /ol] + +** Which email-client can I use with GnuPG? + :PROPERTIES: + :CUSTOM_ID: which-email-client-can-i-use-with-gnupg + :END: + + Using GnuPG to encrypt email is one of the most popular uses. + Several mail clients or mail user agents (MUAs) support GnuPG to + varying degrees. Simplifying a bit, there are two ways mail can be + encrypted with GnuPG: the "old style" ASCII armor (i.e. cleartext + encryption), and RFC 2015 style (previously PGP/MIME, now OpenPGP). + The latter has full MIME support. Some MUAs support only one of + them, so whichever you actually use depends on your needs as well + as the capabilities of your addressee. As well, support may be + native to the MUA, or provided via "plug-ins" or external tools. + + The following list is not exhaustive: + + [H pre] + MUA OpenPGP ASCII How? (N,P,T) + ------------------------------------------------------------- + Calypso N Y P (Unixmail) + Elm N Y T (mailpgp,morepgp) + Elm ME+ N Y N + Emacs/Gnus Y Y T (Mailcrypt,gpg.el) + Emacs/Mew Y Y N + Emacs/VM N Y T (Mailcrypt) + Evolution Y Y N + Exmh Y Y N + GNUMail.app Y Y P (PGPBundle) + GPGMail Y Y N + KMail (<=1.4.x) N Y N + KMail (1.5.x) Y(P) Y(N) P/N + Mozilla Y Y P (Enigmail) + Mulberry Y Y P + Mutt Y Y N + Sylpheed Y Y N + Claws-mail Y Y N + TkRat Y Y N + XEmacs/Gnus Y Y T (Mailcrypt) + XEmacs/Mew Y Y N + XEmacs/VM N Y T (Mailcrypt) + XFmail Y Y N + + N - Native, P - Plug-in, T - External Tool + [H /pre] + + The following table lists proprietary MUAs. The GNU Project + suggests against the use of these programs, but they are listed + for interoperability reasons for your convenience. + + [H pre] + MUA OpenPGP ASCII How? (N,P,T) + ------------------------------------------------------------- + Apple Mail Y Y P (GPGMail) + Becky2 Y Y P (BkGnuPG) + Eudora Y Y P (EuroraGPG) + Eudora Pro Y Y P (EudoraGPG) + Lotus Notes N Y P + Netscape 4.x N Y P + Netscape 7.x Y Y P (Enigmail) + Novell Groupwise N Y P + Outlook N Y P (G-Data) + Outlook Express N Y P (GPGOE) + Pegasus N Y P (QDPGP,PM-PGP) + Pine N Y T (pgpenvelope,(gpg|pgp)4pine) + Postme N Y P (GPGPPL) + The Bat! N Y P (Ritlabs) + [H /pre] + + Good overviews of OpenPGP-support can be found at:[H br] + [H a href=http://www.openpgp.fr.st/courrier_en.html][H /a] and[H br] + [H a href=http://www.bretschneidernet.de/tips/secmua.html][H /a]. + + Users of Win32 MUAs that lack OpenPGP support may look into + using GPGrelay [H a href=http://gpgrelay.sourceforge.net][H /a], a small + email-relaying server that uses GnuPG to enable many email clients + to send and receive emails that conform to PGP-MIME (RFC 2015). + +** Can't we have a gpg library? + :PROPERTIES: + :CUSTOM_ID: cant-we-have-a-gpg-library + :END: + + This has been frequently requested. However, the current viewpoint + of the GnuPG maintainers is that this would lead to several security + issues and will therefore not be implemented in the foreseeable + future. However, for some areas of application gpgme could do the + trick. You'll find it at [H a href=[$hGPGFTP]/gcrypt/alpha/gpgme]<[$hGPGFTP]/gcrypt/alpha/gpgme>[H /a]. + +** I have successfully generated a revocation certificate, but I don't understand how to send it to the key servers. + :PROPERTIES: + :CUSTOM_ID: how-to-send-a-revocation-to-the-keyservers + :END: + + Most keyservers don't accept a 'bare' revocation certificate. You + have to import the certificate into gpg first: + + [H samp] + $ gpg --import my-revocation.asc + [H /samp] + + then send the revoked key to the keyservers: + + [H samp] + $ gpg --keyserver certserver.pgp.com --send-keys mykeyid + [H /samp] + + (or use a keyserver web interface for this). + +** How do I put my keyring in a different directory? + :PROPERTIES: + :CUSTOM_ID: how-do-i-put-my-keyring-in-a-different-directory + :END: + + GnuPG keeps several files in a special homedir directory. These + include the options file, pubring.gpg, secring.gpg, trustdb.gpg, + and others. GnuPG will always create and use these files. On unices, + the homedir is usually ~/.gnupg; on Windows it is name "gnupg" and + found below the user's application directory. Run the gpg and + pass the option --version to see the name of that directory. + + If you want to put your keyrings somewhere else, use the option: + + [H samp] + --homedir /my/path/ + [H /samp] + + to make GnuPG create all its files in that directory. Your keyring + will be "/my/path/pubring.gpg". This way you can store your secrets + on a floppy disk. Don't use "--keyring" as its purpose is to specify + additional keyring files. + +** How do I verify signed packages? + :PROPERTIES: + :CUSTOM_ID: how-do-i-verify-signed-packages + :END: + + Before you can verify the signature that accompanies a package, + you must first have the vendor, organisation, or issueing person's + key imported into your public keyring. To prevent GnuPG warning + messages the key should also be validated (or locally signed). + + You will also need to download the detached signature file along + with the package. These files will usually have the same name as + the package, with either a binary (.sig) or ASCII armor (.asc) + extension. + + Once their key has been imported, and the package and accompanying + signature files have been downloaded, use: + + [H samp] + $ gpg --verify sigfile signed-file + [H /samp] + + If the signature file has the same base name as the package file, + the package can also be verified by specifying just the signature + file, as GnuPG will derive the package's file name from the name + given (less the .sig or .asc extension). For example, to verify a + package named foobar.tar.gz against its detached binary signature + file, use: + + [H samp] + $ gpg --verify foobar.tar.gz.sig + [H /samp] + +** How do I export a keyring with only selected signatures (keys)? + :PROPERTIES: + :CUSTOM_ID: how-do-i-export-a-keyring-with-only-selected-signatures + :END: + + If you're wanting to create a keyring with only a subset of keys + selected from a master keyring (for a club, user group, or company + department for example), simply specify the keys you want to export: + + [H samp] + $ gpg --armor --export key1 key2 key3 key4 > keys1-4.asc + [H /samp] + + +** I still have my secret key, but lost my public key. What can I do? + :PROPERTIES: + :CUSTOM_ID: i-still-have-my-secret-key-but-lost-my-public-key + :END: + + All OpenPGP secret keys have a copy of the public key inside them, + and in a worst-case scenario, you can create yourself a new public + key using the secret key. + + A tool to convert a secret key into a public one has been included + (it's actually a new option for gpgsplit) and is available with GnuPG + versions 1.2.1 or later (or can be found in CVS). It works like this: + + [H samp] + $ gpgsplit --no-split --secret-to-public secret.gpg >publickey.gpg + [H /samp] + + One should first try to export the secret key and convert just this + one. Using the entire secret keyring should work too. After this has + been done, the publickey.gpg file can be imported into GnuPG as usual. + +** Clearsigned messages sent from my web-mail account have an invalid signature. Why? + :PROPERTIES: + :CUSTOM_ID: clearsig-sent-from-webmail-have-an-invalid-signature + :END: + + Check to make sure the settings for your web-based email account + do not use HTML formatting for the pasted clearsigned message. This can + alter the message with embedded HTML markup tags or spaces, resulting + in an invalid signature. The recipient may be able to copy the signed + message block to a text file for verification, or the web email + service may allow you to attach the clearsigned message as a file + if plaintext messages are not an option. + + +* Compatibility Issues + + +** How can I encrypt a message with GnuPG so that PGP is able to decrypt it? + :PROPERTIES: + :CUSTOM_ID: how-can-i-encrypt-a-message-so-that-pgp-is-able-to-decrypt-it + :END: + + It depends on the PGP version. + + [H ul] + [H li]PGP 2.x[H br] + You can't do that because PGP 2.x normally uses IDEA which is not + supported by GnuPG as it is patented (see ), but if you have a + modified version of PGP you can try this: + + [H samp] + $ gpg --rfc1991 --cipher-algo 3des ... + [H /samp] + + Please don't pipe the data to encrypt to gpg but provide it using a + filename; otherwise, PGP 2 will not be able to handle it. + + As for conventional encryption, you can't do this for PGP 2. + + [H li]PGP 5.x and higher[H br] + You need to provide two additional options: + + [H samp] + --compress-algo 1 --cipher-algo cast5 + [H /samp] + + You may also use "3des" instead of "cast5", and "blowfish" does not + work with all versions of PGP 5. You may also want to put: + + [H samp] + compress-algo 1 + [H /samp] + + into your ~/.gnupg/options file - this does not affect normal GnuPG + operation. + + This applies to conventional encryption as well. + [H /UL] + +** How do I migrate from PGP 2.x to GnuPG? + :PROPERTIES: + :CUSTOM_ID: how-do-i-migrate-from-pgp2-to-gnupg + :END: + + PGP 2 uses the RSA and IDEA encryption algorithms. Whereas the RSA + patent has expired and RSA is included as of GnuPG 1.0.3, the IDEA + algorithm is still patented until 2007. Under certain conditions you + may use IDEA even today. In that case, you may refer to Question + about how to add IDEA support to GnuPG and read + [H a href=[$hGPGHTTP]/gph/en/pgp2x.html]<[$hGPGHTTP]/gph/en/pgp2x.html>[H /a] to perform the migration. + +** Why is PGP 5.x not able to encrypt messages with some keys? + :PROPERTIES: + :CUSTOM_ID: why-is-pgp5-not-able-to-encrypt-messages-with-some-keys + :END: + + PGP, Inc. refuses to accept Elgamal keys of type 20 even for + encryption. They only support type 16 (which is identical at least + for decryption). To be more inter-operable, GnuPG (starting with + version 0.3.3) now also uses type 16 for the Elgamal subkey which is + created if the default key algorithm is chosen. You may add a type + 16 Elgamal key to your public key, which is easy as your key + signatures are still valid. + +** Why is PGP 5.x not able to verify my messages? + :PROPERTIES: + :CUSTOM_ID: why-is-pgp5-not-able-to-verify-my-messages + :END: + + PGP 5.x does not accept v4 signatures for data material but OpenPGP + requests generation of v4 signatures for all kind of data, that's why + GnuPG defaults to them. Use the option "--force-v3-sigs" to generate + v3 signatures for data. + +** How do I transfer owner trust values from PGP to GnuPG? + :PROPERTIES: + :CUSTOM_ID: how-do-i-transfer-owner-trust-values-from-pgp-to-gnupg + :END: + + There is a script in the tools directory to help you. After you have + imported the PGP keyring you can give this command: + + [H samp] + $ lspgpot pgpkeyring | gpg --import-ownertrust + [H /samp] + + where pgpkeyring is the original keyring and not the GnuPG keyring + you might have created in the first step. + +** PGP does not like my secret key. + :PROPERTIES: + :CUSTOM_ID: pgp-does-not-like-my-secret-key + :END: + + Older PGPs probably bail out on some private comment packets used by + GnuPG. These packets are fully in compliance with OpenPGP; however + PGP is not really OpenPGP aware. A workaround is to export the + secret keys with this command: + + [H samp] + $ gpg --export-secret-keys --no-comment -a your-KeyID + [H /samp] + + Another possibility is this: by default, GnuPG encrypts your secret + key using the Blowfish symmetric algorithm. Older PGPs will only + understand 3DES, CAST5, or IDEA symmetric algorithms. Using the + following method you can re-encrypt your secret gpg key with a + different algo: + + [H samp] + $ gpg --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 + --compress-algo=1 --edit-key + [H /samp] + + Then use passwd to change the password (just change it to the same + thing, but it will encrypt the key with CAST5 this time). + + Now you can export it and PGP should be able to handle it. + + For PGP 6.x the following options work to export a key: + + [H samp] + $ gpg --s2k-cipher-algo 3des --compress-algo 1 --rfc1991 + --export-secret-keys + [H /samp] + + +** GnuPG no longer installs a ~/.gnupg/options file. Is it missing? + :PROPERTIES: + :CUSTOM_ID: gnupg-no-longer-installs-a-options-file-is-it-missing + :END: + + No. The ~/.gnupg/options file has been renamed to ~/.gnupg/gpg.conf for + new installs as of version 1.1.92. If an existing ~/.gnupg/options file + is found during an upgrade it will still be used, but this change was + required to have a more consistent naming scheme with forthcoming tools. + An existing options file can be renamed to gpg.conf for users upgrading, + or receiving the message that the "old default options file" is ignored + (occurs if both a gpg.conf and an options file are found). + +** How do you export GnuPG keys for use with PGP? + :PROPERTIES: + :CUSTOM_ID: how-do-you-export-gnupg-keys-for-use-with-pgp + :END: + + This has come up fairly often, so here's the HOWTO: + + PGP can (for most key types) use secret keys generated by GnuPG. The + problems that come up occasionally are generally because GnuPG + supports a few more features from the OpenPGP standard than PGP does. + If your secret key has any of those features in use, then PGP will + reject the key or you will have problems communicating later. Note + that PGP doesn't do Elgamal signing keys at all, so they are not + usable with any version. + + These instructions should work for GnuPG 1.0.7 and later, and PGP + 7.0.3 and later. + + Start by editing the key. Most of this line is not really necessary + as the default values are correct, but it does not hurt to repeat the + values, as this will override them in case you have something else set + in your options file. + + [H samp] + $ gpg --s2k-cipher-algo cast5 --s2k-digest-algo sha1 --s2k-mode 3 + --simple-sk-checksum --edit KeyID + [H /samp] + + Turn off some features. Set the list of preferred ciphers, hashes, + and compression algorithms to things that PGP can handle. (Yes, I + know this is an odd list of ciphers, but this is what PGP itself uses, + minus IDEA). + + [H samp] + > setpref S9 S8 S7 S3 S2 S10 H2 H3 Z1 Z0 + [H /samp] + + Now put the list of preferences onto the key. + + [H samp] + > updpref + [H /samp] + + Finally we must decrypt and re-encrypt the key, making sure that we + encrypt with a cipher that PGP likes. We set this up in the --edit + line above, so now we just need to change the passphrase to make it + take effect. You can use the same passphrase if you like, or take + this opportunity to actually change it. + + [H samp] + > passwd + [H /samp] + + Save our work. + + [H samp] + > save + [H /samp] + + Now we can do the usual export: + + [H samp] + $ gpg --export KeyID > mypublickey.pgp[H br] + $ gpg --export-secret-key KeyID > mysecretkey.pgp + [H /samp] + + Thanks to David Shaw for this information! + + +* Problems and Error Messages + +** Why do I get "gpg: Warning: using insecure memory!" + :PROPERTIES: + :CUSTOM_ID: why-do-i-get-gpg_warning_using_insecure_memory + :END: + + On many systems this program should be installed as setuid(root). + This is necessary to lock memory pages. Locking memory pages prevents + the operating system from writing them to disk and thereby keeping your + secret keys really secret. If you get no warning message about insecure + memory your operating system supports locking without being root. The + program drops root privileges as soon as locked memory is allocated. + + To setuid(root) permissions on the gpg binary you can either use: + + [H samp] + $ chmod u+s /path/to/gpg + [H /samp] + + or + + [H samp] + $ chmod 4755 /path/to/gpg + [H /samp] + + Some refrain from using setuid(root) unless absolutely required for + security reasons. Please check with your system administrator if you + are not able to make these determinations yourself. + + On UnixWare 2.x and 7.x you should install GnuPG with the 'plock' + privilege to get the same effect: + + [H samp] + $ filepriv -f plock /path/to/gpg + [H /samp] + + If you can't or don't want to install GnuPG setuid(root), you can + use the option "--no-secmem-warning" or put: + + [H samp] + no-secmem-warning + [H /samp] + + in your ~/.gnupg/options or ~/.gnupg/gpg.conf file (this disables + the warning). + + On some systems (e.g., Windows) GnuPG does not lock memory pages + and older GnuPG versions (<=1.0.4) issue the warning: + + [H samp] + gpg: Please note that you don't have secure memory + [H /samp] + + This warning can't be switched off by the above option because it + was thought to be too serious an issue. However, it confused users + too much, so the warning was eventually removed. + +** Large File Support doesn't work + :PROPERTIES: + :CUSTOM_ID: large-file-support-does-not-work + :END: + + LFS works correctly in post-1.0.4 versions. If configure doesn't + detect it, try a different (i.e., better) compiler. egcs 1.1.2 works + fine, other gccs sometimes don't. BTW, several compilation problems + of GnuPG 1.0.3 and 1.0.4 on HP-UX and Solaris were due to broken LFS + support. + +** In the edit menu the trust values are not displayed correctly after signing uids. Why? + :PROPERTIES: + :CUSTOM_ID: edit-menu-trust-not-show-correctly-after-signing-uids + :END: + + This happens because some information is stored immediately in + the trustdb, but the actual trust calculation can be done after the + save command. This is a "not easy to fix" design bug which will be + addressed in some future release. + +** What does "skipping pubkey 1: already loaded" mean? + :PROPERTIES: + :CUSTOM_ID: what-does-skipping_pubkey_1_already_loaded-mean + :END: + + As of GnuPG 1.0.3, the RSA algorithm is included. If you still have + a "load-extension rsa" in your options file, the above message + occurs. Just remove the load command from the options file. + +** GnuPG 1.0.4 doesn't create ~/.gnupg ... + :PROPERTIES: + :CUSTOM_ID: gnupg-1.0.4-does-not-create-.gnupg + :END: + + That's a known bug, already fixed in newer versions. + +** An Elgamal signature does not verify anymore since version 1.0.2 + :PROPERTIES: + :CUSTOM_ID: an-elgamal-signature-does-not-verify-anymore-since-version-1.0.2 + :END: + + Use the option --emulate-md-encode-bug. + +** Old versions of GnuPG can't verify Elgamal signatures + :PROPERTIES: + :CUSTOM_ID: old-versions-of-gnupg-cant-verify-elgamal-signatures + :END: + + Update to GnuPG 1.0.2 or newer. + +** When I use --clearsign, the plain text has sometimes extra dashes in it - why? + :PROPERTIES: + :CUSTOM_ID: extra-dashes-in-clearsign-messages + :END: + + This is called dash-escaped text and is required by OpenPGP. + It always happens when a line starts with a dash ("-") and is + needed to make the lines that structure signature and text + (i.e., "-----BEGIN PGP SIGNATURE-----") to be the only lines + that start with two dashes. + + If you use GnuPG to process those messages, the extra dashes + are removed. Good mail clients remove those extra dashes when + displaying such a message. + +** What is the thing with "can't handle multiple signatures"? + :PROPERTIES: + :CUSTOM_ID: what-is-the-thing-with-cant_handle_multiple_signatures + :END: + + Due to different message formats GnuPG is not always able to split + a file with multiple signatures unambiguously into its parts. This + error message informs you that there is something wrong with the input. + + The only way to have multiple signatures in a file is by using the + OpenPGP format with one-pass-signature packets (which is GnuPG's + default) or the cleartext signed format. + +** If I submit a key to a keyserver, nothing happens + :PROPERTIES: + :CUSTOM_ID: if-i-submit-a-key-to-a-keyserver-nothing-happens + :END: + + You are most likely using GnuPG 1.0.2 or older on Windows. That's + feature isn't yet implemented, but it's a bug not to say it. Newer + versions issue a warning. Upgrade to 1.4.5 or newer. + +** I get "gpg: waiting for lock ..." + :PROPERTIES: + :CUSTOM_ID: i-get-gpg_waiting_for_lock + :END: + + A previous instance of gpg has most likely exited abnormally and left + a lock file. Go to ~/.gnupg and look for .*.lock files and remove them. + +** Older gpg binaries (e.g., 1.0) have problems with keys from newer gpg binaries + :PROPERTIES: + :CUSTOM_ID: gpg-1.0-has-problems-with-keys-from-newer-gpg-versions + :END: + + As of 1.0.3, keys generated with gpg are created with preferences to + TWOFISH (and AES since 1.0.4) and that also means that they have the + capability to use the new MDC encryption method. This will go into + OpenPGP soon, and is also suppoted by PGP 7. This new method avoids + a (not so new) attack on all email encryption systems. + + This in turn means that pre-1.0.3 gpg binaries have problems with + newer keys. Because of security and bug fixes, you should keep your + GnuPG installation in a recent state anyway. As a workaround, you can + force gpg to use a previous default cipher algo by putting: + + [H samp] + cipher-algo cast5 + [H /samp] + + into your options file. + +** With 1.0.4, I get "this cipher algorithm is deprecated ..." + :PROPERTIES: + :CUSTOM_ID: with-1.0.4-i-get-this_cipher_algorithm_is_deprecated + :END: + + If you just generated a new key and get this message while + encrypting, you've witnessed a bug in 1.0.4. It uses the new AES + cipher Rijndael that is incorrectly being referred as "deprecated". + Ignore this warning, more recent versions of gpg are corrected. + +** Some dates are displayed as ????-??-??. Why? + :PROPERTIES: + :CUSTOM_ID: some-dates-are-displayed-as-question-marks + :END: + + Due to constraints in most libc implementations, dates beyond + 2038-01-19 can't be displayed correctly. 64-bit OSes are not + affected by this problem. To avoid printing wrong dates, GnuPG + instead prints some question marks. To see the correct value, you + can use the options --with-colons and --fixed-list-mode. + +** I still have a problem. How do I report a bug? + :PROPERTIES: + :CUSTOM_ID: i-still-have-a-problem-how-do-i-report-a-bug + :END: + + Are you sure that it's not been mentioned somewhere on the mailing + lists? Did you have a look at the bug list (you'll find a link to + the list of reported bugs on the documentation page). If you're + not sure about it being a bug, you can send mail to the + gnupg-devel list. Otherwise, use the bug tracking system + [[http://busg.gnupg.org][bugs.gnupg.org]]. + +** Why doesn't GnuPG support X.509 certificates? + :PROPERTIES: + :CUSTOM_ID: why-doesnt-gnupg-support-x509-certificates + :END: + + That is only the case for GnuPG version 1.x. GnuPG 2.x fully + supports X.509 and S/MIME using the gpgsm tool. + +** Why do national characters in my user ID look funny? + :PROPERTIES: + :CUSTOM_ID: why-do-national-characters-in-my-user-id-look-funny + :END: + + According to OpenPGP, GnuPG encodes user ID strings (and other + things) using UTF-8. In this encoding of Unicode, most national + characters get encoded as two- or three-byte sequences. For + example, å (0xE5 in ISO-8859-1) becomes Ã¥ (0xC3, + 0xA5). This might also be the reason why keyservers can't find + your key. + +** I get 'sed' errors when running ./configure on Mac OS X ... + :PROPERTIES: + :CUSTOM_ID: i-get-sed-errors-when-running-configure-on-mac-os-x + :END: + + This will be fixed after GnuPG has been upgraded to autoconf-2.50. + Until then, find the line setting CDPATH in the configure script + and place an: + + [H samp] + unset CDPATH + [H /samp] + + statement below it. + +** Why does GnuPG 1.0.6 bail out on keyrings used with 1.0.7? + :PROPERTIES: + :CUSTOM_ID: why-does-gnupg-1.0.6-bail-out-on-keyrings-used-with-1.0.7 + :END: + + There is a small bug in 1.0.6 which didn't parse trust packets + correctly. You may want to apply this patch if you can't upgrade: + [[http://www.gnupg.org/developer/gpg-woody-fix.txt]]. + +** I upgraded to GnuPG version 1.0.7 and now it takes longer to load my keyrings. What can I do? + :PROPERTIES: + :CUSTOM_ID: with-gpg-1.0.7-it-takes-longer-to-load-my-keyrings + :END: + + The way signature states are stored has changed so that v3 signatures + can be supported. You can use the new --rebuild-keydb-caches migration + command, which was built into this release and increases the speed of + many operations for existing keyrings. + +** Doesn't a fully trusted user ID on a key prevent warning messages when encrypting to other IDs on the key? + :PROPERTIES: + :CUSTOM_ID: key-validation-bug-in-gpg-1.2.1 + :END: + + No. That was actually a key validity bug in GnuPG 1.2.1 and earlier + versions. As part of the development of GnuPG 1.2.2, a bug was + discovered in the key validation code. This bug causes keys with + more than one user ID to give all user IDs on the key the amount of + validity given to the most-valid key. The bug has been fixed in GnuPG + release 1.2.2, and upgrading is the recommended fix for this problem. + More information and a patch for a some pre-1.2.2 versions of GnuPG + can be found at: + + [[http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html]]. + +** I just compiled GnuPG from source on my GNU/Linux RPM-based system and it's not working. Why? + :PROPERTIES: + :CUSTOM_ID: compiled-on-gnu-linux-rpm-based-system-and-not-working + :END: + + Many GNU/Linux distributions that are RPM-based will install a + version of GnuPG as part of its standard installation, placing the + binaries in the /usr/bin directory. Later, compiling and installing + GnuPG from source other than from a source RPM won't normally + overwrite these files, as the default location for placement of + GnuPG binaries is in /usr/local/bin unless the '--prefix' switch + is used during compile to specify an alternate location. Since the + /usr/bin directory more than likely appears in your path before + /usr/local/bin, the older RPM-version binaries will continue to + be used when called since they were not replaced. + + To resolve this, uninstall the RPM-based version with 'rpm -e gnupg' + before installing the binaries compiled from source. If dependency + errors are displayed when attempting to uninstall the RPM (such as + when Red Hat's up2date is also installed, which uses GnuPG), uninstall + the RPM with 'rpm -e gnupg --nodeps' to force the uninstall. Any + dependent files should be automatically replaced during the install + of the compiled version. If the default /usr/local/bin directory is + used, some packages such as SuSE's Yast Online Update may need to be + configured to look for GnuPG binaries in the /usr/local/bin directory, + or symlinks can be created in /usr/bin that point to the binaries + located in /usr/local/bin. + + +* Advanced Topics + +** How does this whole thing work? + :PROPERTIES: + :CUSTOM_ID: how-does-this-whole-thing-work + :END: + + To generate a secret/public keypair, run: + + [H samp] + $ gpg --gen-key + [H /samp] + + and choose the default values. + + Data that is encrypted with a public key can only be decrypted by + the matching secret key. The secret key is protected by a password, + the public key is not. + + So to send your friend a message, you would encrypt your message + with his public key, and he would only be able to decrypt it by + having the secret key and putting in the password to use his secret + key. + + GnuPG is also useful for signing things. Files that are encrypted + with the secret key can be decrypted with the public key. To sign + something, a hash is taken of the data, and then the hash is in some + form encoded with the secret key. If someone has your public key, they + can verify that it is from you and that it hasn't changed by checking + the encoded form of the hash with the public key. + + A keyring is just a large file that stores keys. You have a public + keyring where you store yours and your friend's public keys. You have + a secret keyring that you keep your secret key on, and should be very + careful with. Never ever give anyone else access to it and use a *good* + passphrase to protect the data in it. + + You can 'conventionally' encrypt something by using the option 'gpg -c'. + It is encrypted using a passphrase, and does not use public and secret + keys. If the person you send the data to knows that passphrase, they + can decrypt it. This is usually most useful for encrypting things to + yourself, although you can encrypt things to your own public key in the + same way. It should be used for communication with partners you know + and where it is easy to exchange the passphrases (e.g. with your boy + friend or your wife). The advantage is that you can change the + passphrase from time to time and decrease the risk, that many old + messages may be decrypted by people who accidently got your passphrase. + + You can add and copy keys to and from your keyring with the 'gpg + --import' and 'gpg --export' command. 'gpg --export-secret-keys' will + export secret keys. This is normally not useful, but you can generate + the key on one machine then move it to another machine. + + Keys can be signed under the 'gpg --edit-key' option. When you sign a + key, you are saying that you are certain that the key belongs to the + person it says it comes from. You should be very sure that is really + that person: You should verify the key fingerprint with: + + [H samp] + $ gpg --fingerprint KeyID + [H /samp] + + over the phone (if you really know the voice of the other person), at + a key signing party (which are often held at computer conferences), + or at a meeting of your local GNU/Linux User Group. + + Hmm, what else. You may use the option '-o filename' to force output + to this filename (use '-' to force output to stdout). '-r' just lets + you specify the recipient (which public key you encrypt with) on the From cvs at cvs.gnupg.org Tue Oct 5 15:56:26 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 05 Oct 2010 15:56:26 +0200 Subject: [svn] GnuPG - r5435 - trunk/doc Message-ID: Author: wk Date: 2010-10-05 15:56:25 +0200 (Tue, 05 Oct 2010) New Revision: 5435 Added: trunk/doc/FAQ Modified: trunk/doc/ChangeLog trunk/doc/Makefile.am trunk/doc/faq.org Log: Add a static FAQ. Add rules to build and upload the faqs. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2010-10-04 21:08:34 UTC (rev 5434) +++ trunk/doc/ChangeLog 2010-10-05 13:56:25 UTC (rev 5435) @@ -1,3 +1,7 @@ +2010-10-05 Werner Koch + + * Makefile.am (faq.txt faq.html, faq-online): New. + 2010-10-04 Werner Koch * faq.org: New. Added: trunk/doc/FAQ =================================================================== --- trunk/doc/FAQ (rev 0) +++ trunk/doc/FAQ 2010-10-05 13:56:25 UTC (rev 5435) @@ -0,0 +1,13 @@ +GnuPG Frequently Asked Questions + +A FAQ is a fast moving target and thus we don't distribute it anymore +with GnuPG. You may retrieve the current FAQ in HTML format at + + http://www.gnupg.org/faq/GnuPG-FAQ.html + +or in plain text format at the FTP server: + + ftp://ftp.gnupg.org/gcrypt/gnupg/GnuPG-FAQ.txt + + + Modified: trunk/doc/Makefile.am =================================================================== --- trunk/doc/Makefile.am 2010-10-04 21:08:34 UTC (rev 5434) +++ trunk/doc/Makefile.am 2010-10-05 13:56:25 UTC (rev 5435) @@ -75,7 +75,7 @@ watchgnupg_SOURCE = gnupg.texi -CLEANFILES = yat2m +CLEANFILES = yat2m faq.txt faq.html DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ $(myman_pages) gnupg.7 @@ -140,3 +140,24 @@ rsync -vr --exclude='.svn' . \ $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/ +# Note that you need a recent version of emacs23 with org-mode 7.01h +faq.txt faq.html: faq.org + @set -e; expopt="t nil nil nil \"$$(pwd)\""; \ + emacs --batch \ + --eval "(require 'org)" \ + --visit "$(srcdir)/faq.org" \ + --eval "(setq org-export-ascii-entities 'utf8)" \ + --eval "(org-export-as-ascii org-export-headline-levels $${expopt})"\ + --visit "$(srcdir)/faq.org" \ + --eval "(setq org-export-html-style-include-default nil)" \ + --eval "(setq org-export-html-style-include-scripts nil)" \ + --eval "(org-export-as-html org-export-headline-levels $${expopt})" + +faq-online: faq.txt faq.html + set -e; \ + user=werner ; \ + echo "Uploading current FAQ to {www,ftp}.gnupg.org ..."; \ + scp faq.html $${user}@ftp.gnupg.org:webspace/manuals/GnuPG-FAQ.html ; \ + scp faq.txt $${user}@ftp.gnupg.org:gcrypt/gnupg/GnuPG-FAQ.txt ; \ + echo "...ready" + Modified: trunk/doc/faq.org =================================================================== --- trunk/doc/faq.org 2010-10-04 21:08:34 UTC (rev 5434) +++ trunk/doc/faq.org 2010-10-05 13:56:25 UTC (rev 5435) @@ -1,3 +1,4 @@ +# faq.org -*- coding: utf-8; -*- #+STARTUP: overview #+OPTIONS: H:2 num:t toc:t \n:nil @:t ::t |:t ^:t *:t TeX:t #+EMAIL: wk at gnupg.org @@ -6,9 +7,8 @@ #+TITLE: GnuPG Frequently Asked Questions #+OPTIONS: H:3 num:nil toc:t \n:nil @:t ::t |:t ^:{} -:t f:t *:t TeX:t LaTeX:t skip:nil d:(HIDE) tags:not-in-toc #+LINK: gnupgweb http://www.gnupg.org/ -#+LINK gnupgftp ftp://ftp.gnupg.org/gcrypt/ #+LINK: roundup https://bugs.g10code.com/gnupg/issue -#+STYLE: +###+STYLE: # FIXME: This FAQ needs a heavy cleanup. For now I only switched to # org-mode format for easier maintenance. @@ -17,26 +17,36 @@ #+end_html +*WARNING: This FAQ is heavily outdated*. Mentioned versions of GnuPG +have reached end of life many years ago. Almost all bugs and problems +have been fixed in the now current versions of GnuPG. We will try to +update this FAQ in the next month. + + * Welcome :PROPERTIES: :CUSTOM_ID: welcome :END: - Welcome to the GnuPG FAQ. The latest HTML version is available - [[gnupgweb:faq.html][here]]. + Welcome to the GnuPG FAQ. The latest HTML version is available at\\ + [[http://www.gnupg.org/faq/GnuPG-FAQ.html]]; \\ + a plain text Gversion at \\ + ftp://ftp.gnupg.org/gcrypt/gnupg/GnuPG-FAQ.txt. + See the end of this file for the release date. + The index is generated automatically, so there may be errors. Not all questions may be in the section they belong to. Suggestions about how to improve the structure of this FAQ are welcome. - Please send additions and corrections to the gnupg users mailing + Please send additions and corrections to the gnupg-users mailing list. It would be most convenient if you could provide the answer to be included here as well. Your help is very much appreciated! Please, don't send message like "This should be a FAQ - what's the - answer?". If it hasn't been asked before, it isn't a FAQ. In that case - you could search in the mailing list archive. + answer?". If it hasn't been asked before, it isn't a FAQ. In that + case you could search in the mailing list archive. ** What conventions are used in this FAQ? :PROPERTIES: @@ -46,9 +56,9 @@ Although GnuPG is being developed for several operating systems (often in parallel), the conventions used in this FAQ reflect a UNIX shell environment. For Win32 users, references to a shell - prompt (`$') should be interpreted as a command prompt (`>'), - directory names separated by a forward slash (`/') may need to be - converted to a back slash (`\'), and a tilde (`~') represents a + prompt (=$=) should be interpreted as a command prompt (=>=), + directory names separated by a forward slash (=/=) may need to be + converted to a back slash (=\=), and a tilde (=~=) represents a user's "home" directory (reference question [[id:how-do-i-put-my-keyring-in-a-different-directory][How do I put my keyring in a different directory?]] for an example). Some command-lines presented in this FAQ are too long to properly @@ -65,7 +75,9 @@ containing user options and settings has been renamed from "options" to "gpg.conf". Information in the FAQ that relates to the options file may be interchangable with the newer gpg.conf file in many - instances. See question for details. + instances. See question + [[#gnupg-no-longer-installs-a-options-file-is-it-missing][GnuPG no longer installs a ~/.gnupg/options file. Is it missing?]] + for details. * General Questions @@ -88,7 +100,9 @@ In general, yes. GnuPG and newer PGP releases should be implementing the OpenPGP standard. But there are some interoperability problems. - See question for details. + See question + [[#how-can-i-encrypt-a-message-so-that-pgp-is-able-to-decrypt-it][How can I encrypt a message with GnuPG so that PGP is able to decrypt it?]] + for details. ** Is GnuPG free to use for personal or commercial use? :PROPERTIES: @@ -110,47 +124,43 @@ :CUSTOM_ID: more-information-on-gnupg :END: - On-line resources: + On-line resources: - [H ul] - [H li]The documentation page is located at [H a href=[$hGPGHTTP]/documentation/]<[$hGPGHTTP]/documentation/>[H/a]. - Also, have a look at the HOWTOs and the GNU Privacy Handbook (GPH, - available in English, Spanish and Russian). The latter provides a - detailed user's guide to GnuPG. You'll also find a document about how - to convert from PGP 2.x to GnuPG. + - The documentation page is located at [[gnupgweb:documentation/]]. + Also, have a look at the HOWTOs and the GNU Privacy Handbook + (GPH, available in English, Spanish and Russian). The latter + provides a detailed user's guide to GnuPG. You'll also find a + document about how to convert from PGP 2.x to GnuPG. - [H li]At [H a href=[$hGPGHTTP]/documentation/mailing-lists.html]<[$hGPGHTTP]/documentation/mailing-lists.html>[H/a] you'll find - an online archive of the GnuPG mailing lists. Most interesting should - be gnupg-users for all user-related issues and gnupg-devel if you want - to get in touch with the developers. + - At [[gnupgweb:documentation/mailing-lists.html]] you'll find an + online archive of the GnuPG mailing lists. Most interesting + should be gnupg-users for all user-related issues and gnupg-devel + if you want to get in touch with the developers. - In addition, searchable archives can be found on MARC, e.g.: [H br] - gnupg-users: [H a href=http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2][H/a][H br] - gnupg-devel: [H a href=http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2][H/a][H br] + In addition, searchable archives can be found on MARC, e.g.:\\ + For gnupg-users : [[http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2]]\\ + For gnupg-devel : [[http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2]] - [H b]PLEASE:[H /b] - Before posting to a list, read this FAQ and the available documentation. - In addition, search the list archive - maybe your question has already - been discussed. This way you help people focus on topics that have not - yet been resolved. + *Please:* Before posting to a list, read this FAQ and the + available documentation. In addition, search the list archive + --- maybe your question has already been discussed. This way you + help people focus on topics that have not yet been resolved. - [H li]The GnuPG source distribution contains a subdirectory: + - The GnuPG source distribution contains a subdirectory: - [H samp] - ./doc - [H /samp] + : ./doc - where some additional documentation is located (mainly interesting - for hackers, not the casual user). - [H /ul] + where some additional documentation is located (mainly + interesting for hackers, not the casual user). + ** Where do I get GnuPG? :PROPERTIES: :CUSTOM_ID: where-do-i-get-gnupg :END: You can download the GNU Privacy Guard from its primary FTP server - [[gnupgftp:gnupg/][ftp.gnupg.org]] or from one of its [[gnupgweb:download/mirrors.html][mirrors]]. + [[ftp://ftp.gnupg.org/gcrypt/gnupg/][ftp.gnupg.org]] or from one of its [[gnupgweb:download/mirrors.html][mirrors]]. The current stable version is FIXME. Please upgrade to this version as it includes additional features, functions and security @@ -163,13 +173,11 @@ :CUSTOM_ID: which-oses-does-gnupg-run-on :END: - It should run on most Unices as well as Windows versions (including - Windows NT/2000) and Macintosh OS/X. A list of OSes reported to be OK - is presented at: + It should run on most Unices as well as Windows versions + (including Windows NT/2000) and Macintosh OS/X. A list of OSes + reported to be OK is presented at: - [H a href=[$hGPGHTTP]/download/supported_systems.html] - <[$hGPGHTTP]/download/supported_systems.html> - [H /a] + [[gnupgweb:download/supported_systems.html]] ** Which random data gatherer should I use? :PROPERTIES: @@ -183,30 +191,25 @@ systems. Also Solaris users with the SUNWski package installed have a /dev/random. In these cases, use the configure option: - [H samp] - --enable-static-rnd=linux - [H /samp] + : --enable-static-rnd=linux In addition, there's also the kernel random device by Andi Maier - [H a href= http://www.cosy.sbg.ac.at/~andi/SUNrand/][H /a], but it's still beta. Use at your - own risk! + [[http://www.cosy.sbg.ac.at/~andi/SUNrand/]], but it's still beta. Use + at your own risk! On other systems, the Entropy Gathering Daemon (EGD) is a good choice. It is a perl-daemon that monitors system activity and hashes it into - random data. See the download page [H a href=[$hGPGHTTP]/download/]<[$hGPGHTTP]/download/>[H /a] + random data. See the download page [[gnupgweb:download/]] to obtain EGD. Use: - [H samp] - --enable-static-rnd=egd - [H /samp] + : --enable-static-rnd=egd here. If the above options do not work, you can use the random number - generator "unix". This is [H B]very[H /B] slow and should be avoided. The + generator "unix". This is *very slow* and should be avoided. The random quality isn't very good so don't use it on sensitive data. - ** How do I include support for RSA and IDEA? :PROPERTIES: :CUSTOM_ID: how-do-i-include-support-for-rsa-and-idea @@ -220,25 +223,19 @@ However, there is an unofficial module to include it even in earlier versions of GnuPG. It's available from - [H a href=ftp://ftp.gnupg.dk/pub/contrib-dk/][H /a]. Look for: + [[ftp://ftp.gnupg.dk/pub/contrib-dk/]]. Look for: - [H pre] - idea.c.gz (c module) - idea.c.gz.sig (signature file) - [H /pre] + : idea.c.gz (c module) + : idea.c.gz.sig (signature file) - [H pre] - ideadll.zip (c module and win32 dll) - ideadll.zip.sig (signature file) - [H /pre] + : ideadll.zip (c module and win32 dll) + : ideadll.zip.sig (signature file) Compilation directives are in the headers of these files. You will - then need to add the following line to your ~/.gnupg/gpg.conf or - ~/.gnupg/options file: + then need to add the following line to your =~/.gnupg/gpg.conf= or + =~/.gnupg/options= file: - [H samp] - load-extension idea - [H /samp] + : load-extension idea * Usage @@ -254,9 +251,7 @@ have greater sizes, but you should then check the fingerprint of this key: - [H samp] - $ gpg --fingerprint - [H /samp] + : $ gpg --fingerprint As for the key algorithms, you should stick with the default (i.e., DSA signature and Elgamal encryption). An Elgamal signing key has @@ -312,15 +307,13 @@ If you do a 'gpg --help', you will get two separate lists. The first is a list of commands. The second is a list of options. Whenever you - run GPG, you [H b]must[H /b] pick exactly one command (with one exception, - see below). You [H b]may[H /b] pick one or more options. The command should, + run GPG, you *must* pick exactly one command (with one exception, + see below). You *may* pick one or more options. The command should, just by convention, come at the end of the argument list, after all the options. If the command takes a file (all the basic ones do), the filename comes at the very end. So the basic way to run gpg is: - [H samp] - $ gpg [--option something] [--option2] [--option3 something] --command file - [H /samp] + : $ gpg [--option something] [--option2] [--option3 something] --command file Some options take arguments. For example, the --output option (which can be abbreviated as -o) is an option that takes a filename. The @@ -333,49 +326,37 @@ followed by the file you wish to encrypt. Therefore in this example the command-line issued would be: - [H samp] - $ gpg -r alice -o secret.txt -e test.txt - [H /samp] + : $ gpg -r alice -o secret.txt -e test.txt If you write the options out in full, it is easier to read: - [H samp] - $ gpg --recipient alice --output secret.txt --encrypt test.txt - [H /samp] + : $ gpg --recipient alice --output secret.txt --encrypt test.txt If you're encrypting to a file with the extension ".txt", then you'd probably expect to see ASCII-armored text in the file (not binary), so you need to add the --armor (-a) option, which doesn't take any arguments: - [H samp] - $ gpg --armor --recipient alice --output secret.txt --encrypt test.txt - [H /samp] + : $ gpg --armor --recipient alice --output secret.txt --encrypt test.txt If you imagine square brackets around the optional parts, it becomes a bit clearer: - [H samp] - $ gpg [--armor] [--recipient alice] [--output secret.txt] --encrypt test.txt - [H /samp] + : $ gpg [--armor] [--recipient alice] [--output secret.txt] --encrypt test.txt The optional parts can be rearranged any way you want: - [H samp] - $ gpg --output secret.txt --recipient alice --armor --encrypt test.txt - [H /samp] + : $ gpg --output secret.txt --recipient alice --armor --encrypt test.txt If your filename begins with a hyphen (e.g. "-a.txt"), GnuPG assumes this is an option and may complain. To avoid this you have to either - use "./-a.txt", or stop the option and command processing with two - hyphens: "-- -a.txt". + use =./-a.txt=, or stop the option and command processing with two + hyphens: =-- -a.txt=. - [H B]The exception to using only one command:[H /B] signing and encrypting + *The exception to using only one command*: signing and encrypting at the same time. For this you can combine both commands, such as in: - [H samp] - $ gpg [--options] --sign --encrypt foo.txt - [H /samp] + : $ gpg [--options] --sign --encrypt foo.txt ** I can't delete a user ID on my secret keyring because it has already been deleted on my public keyring. What can I do? :PROPERTIES: @@ -405,7 +386,8 @@ If you've lost your public key and need to recreate it instead for continued use with your secret key, you may be able to use - gpgsplit as detailed in question . + gpgsplit as detailed in question + [[#i-still-have-my-secret-key-but-lost-my-public-key][I still have my secret key, but lost my public key. What can I do?]]. @@ -454,7 +436,11 @@ :CUSTOM_ID: get-rid-of-the-version-and-comment-headers-in-armored-messages :END: - Use "--no-version --comment ''". Note that the left over blank line + Use + + : --no-version --comment '' + + Note that the left over blank line is required by the protocol. ** What does the "You are using the xxxx character set." mean? @@ -462,76 +448,82 @@ :CUSTOM_ID: what-does-the-you-are-using-the-xxx-character-set-mean :END: - This note is printed when UTF-8 mapping has to be done. Make sure - that the displayed character set is the one you have activated on - your system. Since "iso-8859-1" is the character set most used, - this is the default. You can change the charset with the option - "--charset". It is important that your active character set matches - the one displayed - if not, restrict yourself to plain 7 bit ASCII - and no mapping has to be done. + This note is printed when UTF-8 mapping has to be done. Make sure + that the displayed character set is the one you have activated on + your system. Since "iso-8859-1" is the character set most used, + this is the default. You can change the charset with the option + =--charset=. It is important that your active character set matches + the one displayed --- if not, restrict yourself to plain 7 bit + ASCII and no mapping has to be done. ** How can I get list of key IDs used to encrypt a message? :PROPERTIES: :CUSTOM_ID: how-can-i-get-list-of-key-ids-used-to-encrypt-a-message :END: - [H samp] - $ gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | - awk '/^\[GNUPG:\] ENC_TO / { print $3 }' - [H /samp] + : $ gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | \ + : awk '/^\[GNUPG:\] ENC_TO / { print $3 }' ** Why can't I decrypt files encrypted as symmetrical-only (-c) with a version of GnuPG prior to 1.0.1. :PROPERTIES: :CUSTOM_ID: why-cant-i-decrypt-symmetrical-only-with-gnupg-prior-to-1.0.1 :END: - There was a bug in GnuPG versions prior to 1.0.1 which affected files - only if 3DES or Twofish was used for symmetric-only encryption (this has - never been the default). The bug has been fixed, but to enable decryption - of old files you should run gpg with the option "--emulate-3des-s2k-bug", - decrypt the file and encrypt it again without this option. + There was a bug in GnuPG versions prior to 1.0.1 which affected files + only if 3DES or Twofish was used for symmetric-only encryption (this has + never been the default). The bug has been fixed, but to enable decryption + of old files you should run gpg with the option =--emulate-3des-s2k-bug=, + decrypt the file and encrypt it again without this option. - NOTE: This option was removed in GnuPG development version 1.1.0 and later - updates, so you will need to use a version between 1.0.1 and 1.0.7 to - re-encrypt any affected files. + NOTE: This option was removed in GnuPG development version 1.1.0 and later + updates, so you will need to use a version between 1.0.1 and 1.0.7 to + re-encrypt any affected files. ** How can I use GnuPG in an automated environment? :PROPERTIES: :CUSTOM_ID: how-can-i-use-gnupg-in-an-automated-environment :END: - You should use the option --batch and don't use passphrases as - there is usually no way to store it more securely than on the - secret keyring itself. The suggested way to create keys for an - automated environment is: + You should use the option =--batch= and don't use passphrases as + there is usually no way to store it more securely than on the + secret keyring itself. The suggested way to create keys for an + automated environment is: - On a secure machine: - [H ol] - [H li] If you want to do automatic signing, create a signing subkey - for your key (use the interactive key editing menu by issueing - the command 'gpg --edit-key keyID', enter "addkey" and select - the DSA key type). - [H li] Make sure that you use a passphrase (needed by the current - implementation). - [H li] gpg --export-secret-subkeys --no-comment foo >secring.auto - [H li] Copy secring.auto and the public keyring to a test directory. - [H li] Change to this directory. - [H li] gpg --homedir . --edit foo and use "passwd" to remove the - passphrase from the subkeys. You may also want to remove all - unused subkeys. - [H li] Copy secring.auto to a floppy and carry it to the target box. - [H /ol] + On a secure machine: + + 1. If you want to do automatic signing, create a signing subkey for + your key. Use the interactive key editing menu by issueing the + command + : gpg --edit-key keyID + enter "addkey" and select the DSA key type). - On the target machine: - [H ol] - [H li] Install secring.auto as the secret keyring. - [H li] Now you can start your new service. It's also a good idea to - install an intrusion detection system so that you hopefully - get a notice of an successful intrusion, so that you in turn - can revoke all the subkeys installed on that machine and - install new subkeys. - [H /ol] + 1. Make sure that you use a passphrase (needed by the current + implementation). + 1. + : gpg --export-secret-subkeys --no-comment foo >secring.auto + + 1. Copy secring.auto and the public keyring to a test directory. + + 1. Change to this directory. + + 1. Run the command + : gpg --homedir . --edit foo + + and use the sub-command =passwd= to remove the passphrase from the + subkeys. You may also want to remove all unused subkeys. + + 1. Copy secring.auto to a floppy and carry it to the target box. + + On the target machine: + + 1. Install secring.auto as the secret keyring. + 1. Now you can start your new service. It's also a good idea to + install an intrusion detection system so that you hopefully get + a notice of an successful intrusion, so that you in turn can + revoke all the subkeys installed on that machine and install new + subkeys. + ** Which email-client can I use with GnuPG? :PROPERTIES: :CUSTOM_ID: which-email-client-can-i-use-with-gnupg @@ -549,66 +541,62 @@ The following list is not exhaustive: - [H pre] - MUA OpenPGP ASCII How? (N,P,T) - ------------------------------------------------------------- - Calypso N Y P (Unixmail) - Elm N Y T (mailpgp,morepgp) - Elm ME+ N Y N - Emacs/Gnus Y Y T (Mailcrypt,gpg.el) - Emacs/Mew Y Y N - Emacs/VM N Y T (Mailcrypt) - Evolution Y Y N - Exmh Y Y N - GNUMail.app Y Y P (PGPBundle) - GPGMail Y Y N - KMail (<=1.4.x) N Y N - KMail (1.5.x) Y(P) Y(N) P/N - Mozilla Y Y P (Enigmail) - Mulberry Y Y P - Mutt Y Y N - Sylpheed Y Y N - Claws-mail Y Y N - TkRat Y Y N - XEmacs/Gnus Y Y T (Mailcrypt) - XEmacs/Mew Y Y N - XEmacs/VM N Y T (Mailcrypt) - XFmail Y Y N + | MUA | OpenPGP | ASCII | How? (N,P,T) | + |-----------------+---------+-------+----------------------| + | Calypso | N | Y | P (Unixmail) | + | Elm | N | Y | T (mailpgp,morepgp) | + | Elm ME+ | N | Y | N | + | Emacs/Gnus | Y | Y | T (Mailcrypt,gpg.el) | + | Emacs/Mew | Y | Y | N | + | Emacs/VM | N | Y | T (Mailcrypt) | + | Evolution | Y | Y | N | + | Exmh | Y | Y | N | + | GNUMail.app | Y | Y | P (PGPBundle) | + | GPGMail | Y | Y | N | + | KMail (<=1.4.x) | N | Y | N | + | KMail (1.5.x) | Y(P) | Y(N) | P/N | + | Mozilla | Y | Y | P (Enigmail) | + | Mulberry | Y | Y | P | + | Mutt | Y | Y | N | + | Sylpheed | Y | Y | N | + | Claws-mail | Y | Y | N | + | TkRat | Y | Y | N | + | XEmacs/Gnus | Y | Y | T (Mailcrypt) | + | XEmacs/Mew | Y | Y | N | + | XEmacs/VM | N | Y | T (Mailcrypt) | + | XFmail | Y | Y | N | - N - Native, P - Plug-in, T - External Tool - [H /pre] + ( N - Native, P - Plug-in, T - External Tool) The following table lists proprietary MUAs. The GNU Project suggests against the use of these programs, but they are listed for interoperability reasons for your convenience. - [H pre] - MUA OpenPGP ASCII How? (N,P,T) - ------------------------------------------------------------- - Apple Mail Y Y P (GPGMail) - Becky2 Y Y P (BkGnuPG) - Eudora Y Y P (EuroraGPG) - Eudora Pro Y Y P (EudoraGPG) - Lotus Notes N Y P - Netscape 4.x N Y P - Netscape 7.x Y Y P (Enigmail) - Novell Groupwise N Y P - Outlook N Y P (G-Data) - Outlook Express N Y P (GPGOE) - Pegasus N Y P (QDPGP,PM-PGP) - Pine N Y T (pgpenvelope,(gpg|pgp)4pine) - Postme N Y P (GPGPPL) - The Bat! N Y P (Ritlabs) - [H /pre] + | MUA | OpenPGP | ASCII | How? (N,P,T) | + |------------------+---------+-------+--------------------------| + | Apple Mail | Y | Y | P (GPGMail) | + | Becky2 | Y | Y | P (BkGnuPG) | + | Eudora | Y | Y | P (EuroraGPG) | + | Eudora Pro | Y | Y | P (EudoraGPG) | + | Lotus Notes | N | Y | P | + | Netscape 4.x | N | Y | P | + | Netscape 7.x | Y | Y | P (Enigmail) | + | Novell Groupwise | N | Y | P | + | Outlook | N | Y | P (G-Data) | + | Outlook Express | N | Y | P (GPGOE) | + | Pegasus | N | Y | P (QDPGP,PM-PGP) | + | Pine | N | Y | T (pgpenvelope,gpg4pine) | + | Postme | N | Y | P (GPGPPL) | + | The Bat! | N | Y | P (Ritlabs) | - Good overviews of OpenPGP-support can be found at:[H br] - [H a href=http://www.openpgp.fr.st/courrier_en.html][H /a] and[H br] - [H a href=http://www.bretschneidernet.de/tips/secmua.html][H /a]. + Good overviews of OpenPGP-support can be found at:\\ + [[http://www.openpgp.fr.st/courrier_en.html]] \\ + http://www.bretschneidernet.de/tips/secmua.html - Users of Win32 MUAs that lack OpenPGP support may look into - using GPGrelay [H a href=http://gpgrelay.sourceforge.net][H /a], a small - email-relaying server that uses GnuPG to enable many email clients - to send and receive emails that conform to PGP-MIME (RFC 2015). + Users of Win32 MUAs that lack OpenPGP support may look into using + GPGrelay http://gpgrelay.sourceforge.net, a small email-relaying + server that uses GnuPG to enable many email clients to send and + receive emails that conform to PGP-MIME (RFC 2015). ** Can't we have a gpg library? :PROPERTIES: @@ -619,60 +607,55 @@ of the GnuPG maintainers is that this would lead to several security issues and will therefore not be implemented in the foreseeable future. However, for some areas of application gpgme could do the - trick. You'll find it at [H a href=[$hGPGFTP]/gcrypt/alpha/gpgme]<[$hGPGFTP]/gcrypt/alpha/gpgme>[H /a]. + trick. You'll find it at [[gnupgweb:related_software/gpgme]]. ** I have successfully generated a revocation certificate, but I don't understand how to send it to the key servers. :PROPERTIES: :CUSTOM_ID: how-to-send-a-revocation-to-the-keyservers :END: - Most keyservers don't accept a 'bare' revocation certificate. You - have to import the certificate into gpg first: + Most keyservers don't accept a 'bare' revocation certificate. You + have to import the certificate into gpg first: - [H samp] - $ gpg --import my-revocation.asc - [H /samp] + : $ gpg --import my-revocation.asc - then send the revoked key to the keyservers: + then send the revoked key to the keyservers: - [H samp] - $ gpg --keyserver certserver.pgp.com --send-keys mykeyid - [H /samp] + : $ gpg --keyserver certserver.pgp.com --send-keys mykeyid - (or use a keyserver web interface for this). + (or use a keyserver web interface for this). ** How do I put my keyring in a different directory? :PROPERTIES: :CUSTOM_ID: how-do-i-put-my-keyring-in-a-different-directory :END: - GnuPG keeps several files in a special homedir directory. These - include the options file, pubring.gpg, secring.gpg, trustdb.gpg, - and others. GnuPG will always create and use these files. On unices, - the homedir is usually ~/.gnupg; on Windows it is name "gnupg" and - found below the user's application directory. Run the gpg and - pass the option --version to see the name of that directory. + GnuPG keeps several files in a special homedir directory. These + include the options file, pubring.gpg, secring.gpg, trustdb.gpg, + and others. GnuPG will always create and use these files. On + unices, the homedir is usually ~/.gnupg; on Windows it is name + "gnupg" and found below the user's application directory. Run the + gpg and pass the option --version to see the name of that + directory. - If you want to put your keyrings somewhere else, use the option: + If you want to put your keyrings somewhere else, use the option: - [H samp] - --homedir /my/path/ - [H /samp] + : --homedir /my/path/ - to make GnuPG create all its files in that directory. Your keyring - will be "/my/path/pubring.gpg". This way you can store your secrets - on a floppy disk. Don't use "--keyring" as its purpose is to specify - additional keyring files. + to make GnuPG create all its files in that directory. Your keyring + will be "/my/path/pubring.gpg". This way you can store your secrets + on a floppy disk. Don't use "--keyring" as its purpose is to specify + additional keyring files. ** How do I verify signed packages? :PROPERTIES: :CUSTOM_ID: how-do-i-verify-signed-packages :END: - Before you can verify the signature that accompanies a package, - you must first have the vendor, organisation, or issueing person's - key imported into your public keyring. To prevent GnuPG warning - messages the key should also be validated (or locally signed). + must first have the vendor, organisation, or issueing person's key + Before you can verify the signature that accompanies a package, you + imported into your public keyring. To prevent GnuPG warning + messages the key should also be validated (or locally signed). You will also need to download the detached signature file along with the package. These files will usually have the same name as @@ -682,9 +665,7 @@ Once their key has been imported, and the package and accompanying signature files have been downloaded, use: - [H samp] - $ gpg --verify sigfile signed-file - [H /samp] + : $ gpg --verify sigfile signed-file If the signature file has the same base name as the package file, the package can also be verified by specifying just the signature @@ -693,9 +674,7 @@ package named foobar.tar.gz against its detached binary signature file, use: - [H samp] - $ gpg --verify foobar.tar.gz.sig - [H /samp] + : $ gpg --verify foobar.tar.gz.sig ** How do I export a keyring with only selected signatures (keys)? :PROPERTIES: @@ -706,11 +685,8 @@ selected from a master keyring (for a club, user group, or company department for example), simply specify the keys you want to export: - [H samp] - $ gpg --armor --export key1 key2 key3 key4 > keys1-4.asc - [H /samp] + : $ gpg --armor --export key1 key2 key3 key4 > keys1-4.asc - ** I still have my secret key, but lost my public key. What can I do? :PROPERTIES: :CUSTOM_ID: i-still-have-my-secret-key-but-lost-my-public-key @@ -724,9 +700,7 @@ (it's actually a new option for gpgsplit) and is available with GnuPG versions 1.2.1 or later (or can be found in CVS). It works like this: - [H samp] - $ gpgsplit --no-split --secret-to-public secret.gpg >publickey.gpg - [H /samp] + : $ gpgsplit --no-split --secret-to-public secret.gpg >publickey.gpg One should first try to export the secret key and convert just this one. Using the entire secret keyring should work too. After this has @@ -748,7 +722,6 @@ * Compatibility Issues - ** How can I encrypt a message with GnuPG so that PGP is able to decrypt it? :PROPERTIES: :CUSTOM_ID: how-can-i-encrypt-a-message-so-that-pgp-is-able-to-decrypt-it @@ -756,40 +729,36 @@ It depends on the PGP version. - [H ul] - [H li]PGP 2.x[H br] - You can't do that because PGP 2.x normally uses IDEA which is not - supported by GnuPG as it is patented (see ), but if you have a - modified version of PGP you can try this: + - PGP 2.x :: - [H samp] - $ gpg --rfc1991 --cipher-algo 3des ... - [H /samp] + You can't do that because PGP 2.x normally uses IDEA which is + not supported by GnuPG as it is patented (see [[#how-do-i-include-support-for-rsa-and-idea][How do I include + support for RSA and IDEA?]]), but if you have a modified version + of PGP you can try this: - Please don't pipe the data to encrypt to gpg but provide it using a - filename; otherwise, PGP 2 will not be able to handle it. + : $ gpg --rfc1991 --cipher-algo 3des ... - As for conventional encryption, you can't do this for PGP 2. + Please don't pipe the data to encrypt to gpg but provide it + using a filename; otherwise, PGP 2 will not be able to handle + it. - [H li]PGP 5.x and higher[H br] - You need to provide two additional options: + As for conventional encryption, you can't do this for PGP 2. - [H samp] - --compress-algo 1 --cipher-algo cast5 - [H /samp] + - PGP 5.x and higher :: - You may also use "3des" instead of "cast5", and "blowfish" does not - work with all versions of PGP 5. You may also want to put: + You need to provide two additional options: - [H samp] - compress-algo 1 - [H /samp] + : --compress-algo 1 --cipher-algo cast5 - into your ~/.gnupg/options file - this does not affect normal GnuPG - operation. + You may also use "3des" instead of "cast5", and "blowfish" does + not work with all versions of PGP 5. You may also want to put: + : compress-algo 1 + + into your =~/.gnupg/options= file --- this does not affect + normal GnuPG operation. + This applies to conventional encryption as well. - [H /UL] ** How do I migrate from PGP 2.x to GnuPG? :PROPERTIES: @@ -800,8 +769,9 @@ patent has expired and RSA is included as of GnuPG 1.0.3, the IDEA algorithm is still patented until 2007. Under certain conditions you may use IDEA even today. In that case, you may refer to Question - about how to add IDEA support to GnuPG and read - [H a href=[$hGPGHTTP]/gph/en/pgp2x.html]<[$hGPGHTTP]/gph/en/pgp2x.html>[H /a] to perform the migration. + [[*How%20do%20I%20include%20support%20for%20RSA%20and%20IDEA][How do I include support for RSA and IDEA?]] about how to add + IDEA support to GnuPG and read + [[gnupgweb:gph/en/pgp2x.html]] to perform the migration. ** Why is PGP 5.x not able to encrypt messages with some keys? :PROPERTIES: @@ -834,9 +804,7 @@ There is a script in the tools directory to help you. After you have imported the PGP keyring you can give this command: - [H samp] - $ lspgpot pgpkeyring | gpg --import-ownertrust - [H /samp] + : $ lspgpot pgpkeyring | gpg --import-ownertrust where pgpkeyring is the original keyring and not the GnuPG keyring you might have created in the first step. @@ -851,9 +819,7 @@ PGP is not really OpenPGP aware. A workaround is to export the secret keys with this command: - [H samp] - $ gpg --export-secret-keys --no-comment -a your-KeyID - [H /samp] + : $ gpg --export-secret-keys --no-comment -a your-KeyID Another possibility is this: by default, GnuPG encrypts your secret key using the Blowfish symmetric algorithm. Older PGPs will only @@ -861,10 +827,8 @@ following method you can re-encrypt your secret gpg key with a different algo: - [H samp] - $ gpg --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 - --compress-algo=1 --edit-key - [H /samp] + : $ gpg --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 \ + : --compress-algo=1 --edit-key Then use passwd to change the password (just change it to the same thing, but it will encrypt the key with CAST5 this time). @@ -873,24 +837,23 @@ For PGP 6.x the following options work to export a key: - [H samp] - $ gpg --s2k-cipher-algo 3des --compress-algo 1 --rfc1991 - --export-secret-keys - [H /samp] + : $ gpg --s2k-cipher-algo 3des --compress-algo 1 --rfc1991 \ + : --export-secret-keys - + ** GnuPG no longer installs a ~/.gnupg/options file. Is it missing? :PROPERTIES: :CUSTOM_ID: gnupg-no-longer-installs-a-options-file-is-it-missing :END: - No. The ~/.gnupg/options file has been renamed to ~/.gnupg/gpg.conf for - new installs as of version 1.1.92. If an existing ~/.gnupg/options file - is found during an upgrade it will still be used, but this change was - required to have a more consistent naming scheme with forthcoming tools. - An existing options file can be renamed to gpg.conf for users upgrading, - or receiving the message that the "old default options file" is ignored - (occurs if both a gpg.conf and an options file are found). + No. The ~/.gnupg/options file has been renamed to + ~/.gnupg/gpg.conf for new installs as of version 1.1.92. If an + existing ~/.gnupg/options file is found during an upgrade it will + still be used, but this change was required to have a more + consistent naming scheme with forthcoming tools. An existing + options file can be renamed to gpg.conf for users upgrading, or + receiving the message that the "old default options file" is + ignored (occurs if both a gpg.conf and an options file are found). ** How do you export GnuPG keys for use with PGP? :PROPERTIES: @@ -915,25 +878,19 @@ values, as this will override them in case you have something else set in your options file. - [H samp] - $ gpg --s2k-cipher-algo cast5 --s2k-digest-algo sha1 --s2k-mode 3 - --simple-sk-checksum --edit KeyID - [H /samp] + : $ gpg --s2k-cipher-algo cast5 --s2k-digest-algo sha1 --s2k-mode 3 \ + : --simple-sk-checksum --edit KeyID Turn off some features. Set the list of preferred ciphers, hashes, and compression algorithms to things that PGP can handle. (Yes, I know this is an odd list of ciphers, but this is what PGP itself uses, minus IDEA). - [H samp] - > setpref S9 S8 S7 S3 S2 S10 H2 H3 Z1 Z0 - [H /samp] + : > setpref S9 S8 S7 S3 S2 S10 H2 H3 Z1 Z0 Now put the list of preferences onto the key. - [H samp] - > updpref - [H /samp] + : > updpref Finally we must decrypt and re-encrypt the key, making sure that we encrypt with a cipher that PGP likes. We set this up in the --edit @@ -941,22 +898,16 @@ take effect. You can use the same passphrase if you like, or take this opportunity to actually change it. - [H samp] - > passwd - [H /samp] + : > passwd Save our work. - [H samp] - > save - [H /samp] + : > save Now we can do the usual export: - [H samp] - $ gpg --export KeyID > mypublickey.pgp[H br] - $ gpg --export-secret-key KeyID > mysecretkey.pgp - [H /samp] + : $ gpg --export KeyID > mypublickey.pgp[H br] + : $ gpg --export-secret-key KeyID > mysecretkey.pgp Thanks to David Shaw for this information! @@ -968,67 +919,58 @@ :CUSTOM_ID: why-do-i-get-gpg_warning_using_insecure_memory :END: - On many systems this program should be installed as setuid(root). - This is necessary to lock memory pages. Locking memory pages prevents - the operating system from writing them to disk and thereby keeping your - secret keys really secret. If you get no warning message about insecure - memory your operating system supports locking without being root. The - program drops root privileges as soon as locked memory is allocated. + On many systems this program should be installed as setuid(root). + This is necessary to lock memory pages. Locking memory pages + prevents the operating system from writing them to disk and thereby + keeping your secret keys really secret. If you get no warning + message about insecure memory your operating system supports + locking without being root. The program drops root privileges as + soon as locked memory is allocated. - To setuid(root) permissions on the gpg binary you can either use: + To setuid(root) permissions on the gpg binary you can either use: - [H samp] - $ chmod u+s /path/to/gpg - [H /samp] + : $ chmod u+s /path/to/gpg - or + or + + : $ chmod 4755 /path/to/gpg - [H samp] - $ chmod 4755 /path/to/gpg - [H /samp] + Some refrain from using setuid(root) unless absolutely required for + security reasons. Please check with your system administrator if + you are not able to make these determinations yourself. - Some refrain from using setuid(root) unless absolutely required for - security reasons. Please check with your system administrator if you - are not able to make these determinations yourself. + On UnixWare 2.x and 7.x you should install GnuPG with the 'plock' + privilege to get the same effect: - On UnixWare 2.x and 7.x you should install GnuPG with the 'plock' - privilege to get the same effect: + : $ filepriv -f plock /path/to/gpg - [H samp] - $ filepriv -f plock /path/to/gpg - [H /samp] + If you can't or don't want to install GnuPG setuid(root), you can + use the option "--no-secmem-warning" or put: - If you can't or don't want to install GnuPG setuid(root), you can - use the option "--no-secmem-warning" or put: + : no-secmem-warning - [H samp] - no-secmem-warning - [H /samp] + in your ~/.gnupg/options or ~/.gnupg/gpg.conf file (this disables + the warning). - in your ~/.gnupg/options or ~/.gnupg/gpg.conf file (this disables - the warning). + On some systems (e.g., Windows) GnuPG does not lock memory pages + and older GnuPG versions (<=1.0.4) issue the warning: - On some systems (e.g., Windows) GnuPG does not lock memory pages - and older GnuPG versions (<=1.0.4) issue the warning: + : gpg: Please note that you don't have secure memory - [H samp] - gpg: Please note that you don't have secure memory - [H /samp] + This warning can't be switched off by the above option because it + was thought to be too serious an issue. However, it confused users + too much, so the warning was eventually removed. - This warning can't be switched off by the above option because it - was thought to be too serious an issue. However, it confused users - too much, so the warning was eventually removed. - ** Large File Support doesn't work :PROPERTIES: :CUSTOM_ID: large-file-support-does-not-work :END: - LFS works correctly in post-1.0.4 versions. If configure doesn't - detect it, try a different (i.e., better) compiler. egcs 1.1.2 works - fine, other gccs sometimes don't. BTW, several compilation problems - of GnuPG 1.0.3 and 1.0.4 on HP-UX and Solaris were due to broken LFS - support. + LFS works correctly in post-1.0.4 versions. If configure doesn't + detect it, try a different (i.e., better) compiler. egcs 1.1.2 + works fine, other gccs sometimes don't. BTW, several compilation + problems of GnuPG 1.0.3 and 1.0.4 on HP-UX and Solaris were due to + broken LFS support. ** In the edit menu the trust values are not displayed correctly after signing uids. Why? :PROPERTIES: @@ -1131,9 +1073,7 @@ GnuPG installation in a recent state anyway. As a workaround, you can force gpg to use a previous default cipher algo by putting: - [H samp] - cipher-algo cast5 - [H /samp] + : cipher-algo cast5 into your options file. @@ -1199,9 +1139,7 @@ Until then, find the line setting CDPATH in the configure script and place an: - [H samp] - unset CDPATH - [H /samp] + : unset CDPATH statement below it. @@ -1278,9 +1216,7 @@ To generate a secret/public keypair, run: - [H samp] - $ gpg --gen-key - [H /samp] + : $ gpg --gen-key and choose the default values. @@ -1327,9 +1263,7 @@ person it says it comes from. You should be very sure that is really that person: You should verify the key fingerprint with: - [H samp] - $ gpg --fingerprint KeyID - [H /samp] + : $ gpg --fingerprint KeyID over the phone (if you really know the voice of the other person), at a key signing party (which are often held at computer conferences), @@ -1376,51 +1310,44 @@ You can see the validity (calculated trust value) using this command. - [H samp] - $ gpg --list-keys --with-colons - [H /samp] + : $ gpg --list-keys --with-colons If the first field is "pub" or "uid", the second field shows you the trust: - [H pre] - o = Unknown (this key is new to the system) - e = The key has expired - q = Undefined (no value assigned) - n = Don't trust this key at all - m = There is marginal trust in this key - f = The key is full trusted - u = The key is ultimately trusted; this is only used - for keys for which the secret key is also available. - r = The key has been revoked - d = The key has been disabled - [H /pre] + : o = Unknown (this key is new to the system) + : e = The key has expired + : q = Undefined (no value assigned) + : n = Don't trust this key at all + : m = There is marginal trust in this key + : f = The key is full trusted + : u = The key is ultimately trusted; this is only used + : for keys for which the secret key is also available. + : r = The key has been revoked + : d = The key has been disabled The value in the "pub" record is the best one of all "uid" records. You can get a list of the assigned trust values (how much you trust the owner to correctly sign another person's key) with: - [H samp] - $ gpg --list-ownertrust - [H /samp] + : $ gpg --list-ownertrust The first field is the fingerprint of the primary key, the second field is the assigned value: - [H pre] - - = No ownertrust value yet assigned or calculated. - n = Never trust this keyholder to correctly verify others signatures. - m = Have marginal trust in the keyholders capability to sign other - keys. - f = Assume that the key holder really knows how to sign keys. - u = No need to trust ourself because we have the secret key. - [H /pre] + : - = No ownertrust value yet assigned or calculated. + : n = Never trust this keyholder to correctly verify others signatures. + : m = Have marginal trust in the keyholders capability to sign other + : keys. + : f = Assume that the key holder really knows how to sign keys. + : u = No need to trust ourself because we have the secret key. Keep these values confidential because they express your opinions about others. PGP stores this information with the keyring thus it - is not a good idea to publish a PGP keyring instead of exporting the - keyring. GnuPG stores the trust in the trustdb.gpg file so it is okay - to give a gpg keyring away (but we have a --export command too). + is not a good idea to publish a PGP keyring instead of exporting + the keyring. GnuPG stores the trust in the trustdb.gpg file so it + is okay to give a gpg keyring away (but we have a --export command + too). ** What kind of output is this: "key C26EE891.298, uid 09FB: ...."? :PROPERTIES: @@ -1441,24 +1368,18 @@ information which is prefixed with information about the checked item. - [H samp] - "key 12345678.3456" - [H /samp] + : "key 12345678.3456" This is about the key with key ID 12345678 and the internal number 3456, which is the record number of the so called directory record in the trustdb. - [H samp] - "uid 12345678.3456/ACDE" - [H /samp] + : "uid 12345678.3456/ACDE" This is about the user ID for the same key. To identify the user ID the last two bytes of a ripe-md-160 over the user ID ring is printed. - [H samp] - "sig 12345678.3456/ACDE/9A8B7C6D" - [H /samp] + : "sig 12345678.3456/ACDE/9A8B7C6D" This is about the signature with key ID 9A8B7C6D for the above key and user ID, if it is a signature which is direct on a key, the user @@ -1509,9 +1430,9 @@ If you imported a key and you want to also import all the signer's keys, you can do this with this command: - gpg --check-sigs --with-colon KEYID \ - | awk -F: '$1 == "sig" && $2 == "?" { print $5 }' \ - | sort | uniq | xargs echo gpg --recv-keys + : gpg --check-sigs --with-colon KEYID \ + : | awk -F: '$1 == "sig" && $2 == "?" { print $5 }' \ + : | sort | uniq | xargs echo gpg --recv-keys Note that the invocation of sort is also required to wait for the of the listing before before starting the import. @@ -1522,18 +1443,18 @@ :CUSTOM_ID: acknowledgements :END: - Many thanks to Nils Ellmenreich for maintaining this FAQ file for - such a long time, Werner Koch for the original FAQ file, David - D. Scribner as another maintainer and to all posters to - gnupg-users and gnupg-devel. They all provided most of the - answers. + Many thanks to Nils Ellmenreich for maintaining this FAQ file for + such a long time, David D. Scribner for continuing maintenance, + Werner Koch for the original FAQ file, and to all posters to + gnupg-users and gnupg-devel. They all provided most of the answers. + Converted to org-mode and removed from the tarballs in October 2010. - Copyright (C) 2000, 2001, 2002, 2003, 2010 Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - 02111, USA + Copyright (C) 2000, 2001, 2002, 2003, 2010 Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111, USA - Verbatim copying and distribution of this entire article is - permitted in any medium, provided this notice is preserved. + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. * COMMENT HTML style specifications From cvs at cvs.gnupg.org Tue Oct 5 16:29:38 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 05 Oct 2010 16:29:38 +0200 Subject: [svn] GnuPG - r5436 - trunk/dirmngr Message-ID: Author: wk Date: 2010-10-05 16:29:37 +0200 (Tue, 05 Oct 2010) New Revision: 5436 Removed: trunk/dirmngr/no-libgcrypt.c Modified: trunk/dirmngr/Makefile.am Log: Fix a build_sources problem Modified: trunk/dirmngr/Makefile.am =================================================================== --- trunk/dirmngr/Makefile.am 2010-10-05 13:56:25 UTC (rev 5435) +++ trunk/dirmngr/Makefile.am 2010-10-05 14:29:37 UTC (rev 5436) @@ -64,15 +64,16 @@ if USE_LDAPWRAPPER -dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url) no-libgcrypt.c +dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url) dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) dirmngr_ldap_LDFLAGS = -dirmngr_ldap_LDADD = $(libcommon) ../gl/libgnu.a $(DNSLIBS) \ +dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o ../gl/libgnu.a $(DNSLIBS) \ $(GPG_ERROR_LIBS) $(LDAPLIBS) $(LIBINTL) $(LIBICONV) endif -dirmngr_client_SOURCES = dirmngr-client.c no-libgcrypt.c -dirmngr_client_LDADD = $(libcommon) ../gl/libgnu.a $(LIBASSUAN_LIBS) \ +dirmngr_client_SOURCES = dirmngr-client.c +dirmngr_client_LDADD = $(libcommon) no-libgcrypt.o \ + ../gl/libgnu.a $(LIBASSUAN_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) From cvs at cvs.gnupg.org Tue Oct 5 16:37:43 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 05 Oct 2010 16:37:43 +0200 Subject: [svn] GnuPG - r5437 - in branches/STABLE-BRANCH-1-4: . doc Message-ID: Author: wk Date: 2010-10-05 16:37:43 +0200 (Tue, 05 Oct 2010) New Revision: 5437 Added: branches/STABLE-BRANCH-1-4/doc/FAQ Removed: branches/STABLE-BRANCH-1-4/doc/faq.raw Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/configure.ac branches/STABLE-BRANCH-1-4/doc/ChangeLog branches/STABLE-BRANCH-1-4/doc/Makefile.am Log: Remove FAQ stuff Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2010-10-05 14:29:37 UTC (rev 5436) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2010-10-05 14:37:43 UTC (rev 5437) @@ -1,3 +1,7 @@ +2010-10-05 Werner Koch + + * configure.ac: Remove check for the faqprog. + 2010-09-28 Werner Koch * configure.ac (AH_BOTTOM) [__VMS]: Fix homedir. Modified: branches/STABLE-BRANCH-1-4/doc/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/doc/ChangeLog 2010-10-05 14:29:37 UTC (rev 5436) +++ branches/STABLE-BRANCH-1-4/doc/ChangeLog 2010-10-05 14:37:43 UTC (rev 5437) @@ -1,3 +1,9 @@ +2010-10-05 Werner Koch + + * FAQ: Make it a static file with a pointer to the online location. + * Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html. + (FAQ, faq.html): Remove these targets + 2010-02-11 Werner Koch * faq.raw: Fixed the bug reporting address. Added: branches/STABLE-BRANCH-1-4/doc/FAQ =================================================================== --- branches/STABLE-BRANCH-1-4/doc/FAQ (rev 0) +++ branches/STABLE-BRANCH-1-4/doc/FAQ 2010-10-05 14:37:43 UTC (rev 5437) @@ -0,0 +1,13 @@ +GnuPG Frequently Asked Questions + +A FAQ is a fast moving target and thus we don't distribute it anymore +with GnuPG. You may retrieve the current FAQ in HTML format at + + http://www.gnupg.org/faq/GnuPG-FAQ.html + +or in plain text format at the FTP server: + + ftp://ftp.gnupg.org/gcrypt/gnupg/GnuPG-FAQ.txt + + + Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2010-10-05 14:29:37 UTC (rev 5436) +++ branches/STABLE-BRANCH-1-4/configure.ac 2010-10-05 14:37:43 UTC (rev 5437) @@ -530,7 +530,6 @@ AC_PROG_AWK AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no) AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes) -GNUPG_CHECK_FAQPROG GNUPG_CHECK_USTAR Modified: branches/STABLE-BRANCH-1-4/doc/Makefile.am =================================================================== --- branches/STABLE-BRANCH-1-4/doc/Makefile.am 2010-10-05 14:29:37 UTC (rev 5436) +++ branches/STABLE-BRANCH-1-4/doc/Makefile.am 2010-10-05 14:37:43 UTC (rev 5437) @@ -16,7 +16,7 @@ # along with this program; if not, see . ## Process this file with automake to create Makefile.in -EXTRA_DIST = DETAILS faq.raw FAQ faq.html \ +EXTRA_DIST = DETAILS FAQ \ HACKING OpenPGP README.W32 samplekeys.asc gnupg.7 \ TRANSLATE gpg.ru.sgml gpg.ru.1 highlights-1.4.txt \ gpg.texi gpgv.texi specify-user-id.texi see-also-note.texi \ @@ -39,13 +39,12 @@ # Need this to avoid building of dvis with automake 1.4 DVIS = -pkgdata_DATA = FAQ faq.html +pkgdata_DATA = FAQ -BUILT_SOURCES = FAQ faq.html # we can't add gpg.texi gpgv.texi here because automake does not like them to # be built files. -CLEANFILES = faq.raw.xref gpg.xml gpgv.xml gpg.ru.xml +CLEANFILES = gpg.xml gpgv.xml gpg.ru.xml DISTCLEANFILES = yat2m yat2m-stamp.tmp yat2m-stamp $(myman_pages) AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css -D gpgone @@ -89,24 +88,6 @@ echo "No man page due to missing docbook-to-man" >>$@ endif -FAQ : faq.raw -if WORKING_FAQPROG - $(FAQPROG) -f $< $@ || $(FAQPROG) -f $< $@ -else - : Warning: missing faqprog.pl, cannot make $@ - echo "No $@ due to missing faqprog.pl" > $@ - echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@ -endif - -faq.html : faq.raw -if WORKING_FAQPROG - $(FAQPROG) -h -f $< $@ 2>&1 || $(FAQPROG) -h -f $< $@ -else - : Warning: missing faqprog.pl, cannot make $@ - echo "No $@ due to missing faqprog.pl" > $@ - echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@ -endif - dist-hook: @if test "`wc -c < gpg.1`" -lt 200; then \ echo 'ERROR: dummy man page'; false; fi From cvs at cvs.gnupg.org Tue Oct 5 21:05:45 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 05 Oct 2010 21:05:45 +0200 Subject: [svn] GnuPG - r5438 - in trunk: agent doc sm tools Message-ID: Author: wk Date: 2010-10-05 21:05:43 +0200 (Tue, 05 Oct 2010) New Revision: 5438 Modified: trunk/agent/ChangeLog trunk/agent/gpg-agent.c trunk/doc/gpg-agent.texi trunk/sm/certchain.c trunk/tools/ChangeLog trunk/tools/watchgnupg.c Log: Don't set SSH_AGENTPID_INFO. Doc fixes. Allow TCP and local sockets in watchgnupg. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-10-05 14:37:43 UTC (rev 5437) +++ trunk/agent/ChangeLog 2010-10-05 19:05:43 UTC (rev 5438) @@ -1,3 +1,8 @@ +2010-10-05 Werner Koch + + * gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k + won't kill out gpg-agent. + 2010-09-30 Werner Koch * gpg-agent.c (agent_exit): Run cleanup. Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2010-10-05 14:37:43 UTC (rev 5437) +++ trunk/tools/ChangeLog 2010-10-05 19:05:43 UTC (rev 5438) @@ -1,3 +1,11 @@ +2010-10-05 Werner Koch + + * watchgnupg.c (main): Support TCP and local socket listening. + (main): Factor some code out to .. + (setup_client): this. + (err): New. + (client_list): New. + 2010-08-25 Werner Koch * gpgtar-extract.c (create_directory): Add .p7m as known Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2010-10-05 14:37:43 UTC (rev 5437) +++ trunk/agent/gpg-agent.c 2010-10-05 19:05:43 UTC (rev 5438) @@ -1054,7 +1054,7 @@ } else if (pid) { /* We are the parent */ - char *infostr, *infostr_ssh_sock, *infostr_ssh_pid; + char *infostr, *infostr_ssh_sock; /* Close the socket FD. */ close (fd); @@ -1100,13 +1100,6 @@ kill (pid, SIGTERM); exit (1); } - if (asprintf (&infostr_ssh_pid, "SSH_AGENT_PID=%u", - pid) < 0) - { - log_error ("out of core\n"); - kill (pid, SIGTERM); - exit (1); - } } *socket_name = 0; /* Don't let cleanup() remove the socket - @@ -1130,8 +1123,6 @@ { es_fputs (infostr_ssh_sock, fp); es_putc ('\n', fp); - es_fputs (infostr_ssh_pid, fp); - es_putc ('\n', fp); } es_fclose (fp); } @@ -1154,13 +1145,6 @@ kill (pid, SIGTERM ); exit (1); } - if (opt.ssh_support && putenv (infostr_ssh_pid)) - { - log_error ("failed to set environment: %s\n", - strerror (errno) ); - kill (pid, SIGTERM ); - exit (1); - } /* Close all the file descriptors except the standard ones and those open at startup. We explicitly don't @@ -1186,8 +1170,6 @@ { *strchr (infostr_ssh_sock, '=') = ' '; es_printf ("setenv %s\n", infostr_ssh_sock); - *strchr (infostr_ssh_pid, '=') = ' '; - es_printf ("setenv %s\n", infostr_ssh_pid); } } else @@ -1197,15 +1179,12 @@ { es_printf ("%s; export SSH_AUTH_SOCK;\n", infostr_ssh_sock); - es_printf ("%s; export SSH_AGENT_PID;\n", - infostr_ssh_pid); } } xfree (infostr); if (opt.ssh_support) { xfree (infostr_ssh_sock); - xfree (infostr_ssh_pid); } exit (0); } Modified: trunk/doc/gpg-agent.texi =================================================================== --- trunk/doc/gpg-agent.texi 2010-10-05 14:37:43 UTC (rev 5437) +++ trunk/doc/gpg-agent.texi 2010-10-05 19:05:43 UTC (rev 5438) @@ -83,7 +83,6 @@ . "$@{HOME@}/.gpg-agent-info" export GPG_AGENT_INFO export SSH_AUTH_SOCK - export SSH_AGENT_PID fi @end smallexample @@ -576,10 +575,13 @@ caller: @table @code + @item relax -Relax checking of some root certificate requirements. This is for -example required if the certificate is missing the basicConstraints -attribute (despite that it is a MUST for CA certificates). + at cindex relax +Relax checking of some root certificate requirements. As of now this +flag allows the use of root certificates with a missing basicConstraints +attribute (despite that it is a MUST for CA certificates) and disables +CRL checking for the root certificate. @item cm If validation of a certificate finally issued by a CA with this flag set @@ -589,7 +591,7 @@ @item sshcontrol - + at cindex sshcontrol This file is used when support for the secure shell agent protocol has been enabled (@pxref{option --enable-ssh-support}). Only keys present in this file are used in the SSH protocol. You should backup this file. @@ -712,7 +714,6 @@ . "$@{HOME@}/.gpg-agent-info" export GPG_AGENT_INFO export SSH_AUTH_SOCK - export SSH_AGENT_PID fi @end example @end cartouche Modified: trunk/sm/certchain.c =================================================================== --- trunk/sm/certchain.c 2010-10-05 14:37:43 UTC (rev 5437) +++ trunk/sm/certchain.c 2010-10-05 19:05:43 UTC (rev 5438) @@ -274,7 +274,7 @@ /* Check whether CERT is an allowed certificate. This requires that CERT matches all requirements for such a CA, i.e. the BasicConstraints extension. The function returns 0 on success and - the awlloed length of the chain at CHAINLEN. */ + the allowed length of the chain at CHAINLEN. */ static int allowed_ca (ctrl_t ctrl, ksba_cert_t cert, int *chainlen, int listmode, estream_t fp) Modified: trunk/tools/watchgnupg.c =================================================================== --- trunk/tools/watchgnupg.c 2010-10-05 14:37:43 UTC (rev 5437) +++ trunk/tools/watchgnupg.c 2010-10-05 19:05:43 UTC (rev 5438) @@ -71,19 +71,19 @@ } -/* static void */ -/* err (const char *format, ...) */ -/* { */ -/* va_list arg_ptr; */ +static void +err (const char *format, ...) +{ + va_list arg_ptr; -/* fflush (stdout); */ -/* fprintf (stderr, "%s: ", PGM); */ + fflush (stdout); + fprintf (stderr, "%s: ", PGM); -/* va_start (arg_ptr, format); */ -/* vfprintf (stderr, format, arg_ptr); */ -/* va_end (arg_ptr); */ -/* putc ('\n', stderr); */ -/* } */ + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + putc ('\n', stderr); +} static void * xmalloc (size_t n) @@ -123,8 +123,12 @@ }; typedef struct client_s *client_t; +/* The list of all connected peers. */ +static client_t client_list; + + static void print_fd_and_time (int fd) { @@ -187,6 +191,57 @@ static void +setup_client (int server_fd, int is_un) +{ + struct sockaddr_un addr_un; + struct sockaddr_in addr_in; + struct sockaddr *addr; + socklen_t addrlen; + int fd; + client_t client; + + if (is_un) + { + addr = (struct sockaddr *)&addr_un; + addrlen = sizeof addr_un; + } + else + { + addr = (struct sockaddr *)&addr_in; + addrlen = sizeof addr_in; + } + + fd = accept (server_fd, addr, &addrlen); + if (fd == -1) + { + printf ("[accepting %s connection failed: %s]\n", + is_un? "local":"tcp", strerror (errno)); + } + else if (fd >= FD_SETSIZE) + { + close (fd); + printf ("[connection request denied: too many connections]\n"); + } + else + { + for (client = client_list; client && client->fd != -1; + client = client->next) + ; + if (!client) + { + client = xcalloc (1, sizeof *client); + client->next = client_list; + client_list = client; + } + client->fd = fd; + printf ("[client at fd %d connected (%s)]\n", + client->fd, is_un? "local":"tcp"); + } +} + + + +static void print_version (int with_help) { fputs (MYVERSION_LINE "\n" @@ -197,17 +252,19 @@ "There is NO WARRANTY, to the extent permitted by law.\n", stdout); if (with_help) - fputs ("\n" - "Usage: " PGM " [OPTIONS] SOCKETNAME|PORT\n" - "Open the local socket SOCKETNAME (or the TCP port PORT)\n" - "and display log messages\n" - "\n" - " --force delete an already existing socket file\n" - " --tcp listen on a TCP port instead of a local socket\n" - " --verbose enable extra informational output\n" - " --version print version of the program and exit\n" - " --help display this help and exit\n" - BUGREPORT_LINE, stdout ); + fputs + ("\n" + "Usage: " PGM " [OPTIONS] SOCKETNAME\n" + " " PGM " [OPTIONS] PORT [SOCKETNAME]\n" + "Open the local socket SOCKETNAME (or the TCP port PORT)\n" + "and display log messages\n" + "\n" + " --tcp listen on a TCP port and optionally on a local socket\n" + " --force delete an already existing socket file\n" + " --verbose enable extra informational output\n" + " --version print version of the program and exit\n" + " --help display this help and exit\n" + BUGREPORT_LINE, stdout ); exit (0); } @@ -221,12 +278,12 @@ struct sockaddr_un srvr_addr_un; struct sockaddr_in srvr_addr_in; - struct sockaddr *srvr_addr = NULL; - socklen_t addrlen; + struct sockaddr *addr_in = NULL; + struct sockaddr *addr_un = NULL; + socklen_t addrlen_in, addrlen_un; unsigned short port; - int server; + int server_un, server_in; int flags; - client_t client_list = NULL; if (argc) { @@ -261,36 +318,70 @@ } } - if (argc != 1) + if (!((!tcp && argc == 1) || (tcp && (argc == 1 || argc == 2)))) { - fprintf (stderr, "usage: " PGM " socketname\n"); + fprintf (stderr, "usage: " PGM " socketname\n" + " " PGM " --tcp port [socketname]\n"); exit (1); } + + if (tcp) + { + port = atoi (*argv); + argc--; argv++; + } + else + { + port = 0; + } - port = tcp? atoi (*argv) : 0; + setvbuf (stdout, NULL, _IOLBF, 0); - if (verbose) + if (tcp) { - if (tcp) + int i = 1; + server_in = socket (PF_INET, SOCK_STREAM, 0); + if (server_in == -1) + die ("socket(PF_INET) failed: %s\n", strerror (errno)); + if (setsockopt (server_in, SOL_SOCKET, SO_REUSEADDR, + (unsigned char *)&i, sizeof (i))) + err ("setsockopt(SO_REUSEADDR) failed: %s\n", strerror (errno)); + if (verbose) fprintf (stderr, "listening on port %hu\n", port); - else - fprintf (stderr, "opening socket `%s'\n", *argv); } + else + server_in = -1; - setvbuf (stdout, NULL, _IOLBF, 0); + if (argc) + { + server_un = socket (PF_LOCAL, SOCK_STREAM, 0); + if (server_un == -1) + die ("socket(PF_LOCAL) failed: %s\n", strerror (errno)); + if (verbose) + fprintf (stderr, "listening on socket `%s'\n", *argv); + } + else + server_un = -1; - server = socket (tcp? PF_INET : PF_LOCAL, SOCK_STREAM, 0); - if (server == -1) - die ("socket() failed: %s\n", strerror (errno)); - /* We better set the listening socket to non-blocking so that we don't get bitten by race conditions in accept. The should not happen for Unix Domain sockets but well, shit happens. */ - flags = fcntl (server, F_GETFL, 0); - if (flags == -1) - die ("fcntl (F_GETFL) failed: %s\n", strerror (errno)); - if ( fcntl (server, F_SETFL, (flags | O_NONBLOCK)) == -1) - die ("fcntl (F_SETFL) failed: %s\n", strerror (errno)); + if (server_in != -1) + { + flags = fcntl (server_in, F_GETFL, 0); + if (flags == -1) + die ("fcntl (F_GETFL) failed: %s\n", strerror (errno)); + if ( fcntl (server_in, F_SETFL, (flags | O_NONBLOCK)) == -1) + die ("fcntl (F_SETFL) failed: %s\n", strerror (errno)); + } + if (server_un != -1) + { + flags = fcntl (server_un, F_GETFL, 0); + if (flags == -1) + die ("fcntl (F_GETFL) failed: %s\n", strerror (errno)); + if ( fcntl (server_un, F_SETFL, (flags | O_NONBLOCK)) == -1) + die ("fcntl (F_SETFL) failed: %s\n", strerror (errno)); + } if (tcp) { @@ -298,36 +389,41 @@ srvr_addr_in.sin_family = AF_INET; srvr_addr_in.sin_port = htons (port); srvr_addr_in.sin_addr.s_addr = htonl (INADDR_ANY); - srvr_addr = (struct sockaddr *)&srvr_addr_in; - addrlen = sizeof srvr_addr_in; + addr_in = (struct sockaddr *)&srvr_addr_in; + addrlen_in = sizeof srvr_addr_in; } - else + if (argc) { memset (&srvr_addr_un, 0, sizeof srvr_addr_un); srvr_addr_un.sun_family = AF_LOCAL; strncpy (srvr_addr_un.sun_path, *argv, sizeof (srvr_addr_un.sun_path)-1); srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path) - 1] = 0; - srvr_addr = (struct sockaddr *)&srvr_addr_un; - addrlen = SUN_LEN (&srvr_addr_un); + addr_un = (struct sockaddr *)&srvr_addr_un; + addrlen_un = SUN_LEN (&srvr_addr_un); } + else + addrlen_un = 0; /* Silent gcc. */ + if (server_in != -1 && bind (server_in, addr_in, addrlen_in)) + die ("bind to port %hu failed: %s\n", port, strerror (errno)); + again: - if (bind (server, srvr_addr, addrlen)) + if (server_un != -1 && bind (server_un, addr_un, addrlen_un)) { - if (!tcp && errno == EADDRINUSE && force) + if (errno == EADDRINUSE && force) { force = 0; remove (srvr_addr_un.sun_path); goto again; } - if (tcp) - die ("bind to port %hu failed: %s\n", port, strerror (errno)); else die ("bind to `%s' failed: %s\n", *argv, strerror (errno)); } - if (listen (server, 5)) - die ("listen failed: %s\n", strerror (errno)); + if (server_in != -1 && listen (server_in, 5)) + die ("listen on inet failed: %s\n", strerror (errno)); + if (server_un != -1 && listen (server_un, 5)) + die ("listen on local failed: %s\n", strerror (errno)); for (;;) { @@ -339,8 +435,18 @@ to set them allways from scratch and don't maintain an active fd_set. */ FD_ZERO (&rfds); - FD_SET (server, &rfds); - max_fd = server; + max_fd = -1; + if (server_in != -1) + { + FD_SET (server_in, &rfds); + max_fd = server_in; + } + if (server_un != -1) + { + FD_SET (server_un, &rfds); + if (server_un > max_fd) + max_fd = server_un; + } for (client = client_list; client; client = client->next) if (client->fd != -1) { @@ -352,37 +458,11 @@ if (select (max_fd + 1, &rfds, NULL, NULL, NULL) <= 0) continue; /* Ignore any errors. */ - if (FD_ISSET (server, &rfds)) /* New connection. */ - { - struct sockaddr_un clnt_addr; - int fd; + if (server_in != -1 && FD_ISSET (server_in, &rfds)) + setup_client (server_in, 0); + if (server_un != -1 && FD_ISSET (server_un, &rfds)) + setup_client (server_un, 1); - addrlen = sizeof clnt_addr; - fd = accept (server, (struct sockaddr *) &clnt_addr, &addrlen); - if (fd == -1) - { - printf ("[accepting connection failed: %s]\n", strerror (errno)); - } - else if (fd >= FD_SETSIZE) - { - close (fd); - printf ("[connection request denied: too many connections]\n"); - } - else - { - for (client = client_list; client && client->fd != -1; - client = client->next) - ; - if (!client) - { - client = xcalloc (1, sizeof *client); - client->next = client_list; - client_list = client; - } - client->fd = fd; - printf ("[client at fd %d connected]\n", client->fd); - } - } for (client = client_list; client; client = client->next) if (client->fd != -1 && FD_ISSET (client->fd, &rfds)) { From cvs at cvs.gnupg.org Wed Oct 6 13:29:12 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 06 Oct 2010 13:29:12 +0200 Subject: [svn] GnuPG - r5439 - in trunk: . agent doc g10 tools Message-ID: Author: wk Date: 2010-10-06 13:29:10 +0200 (Wed, 06 Oct 2010) New Revision: 5439 Modified: trunk/ChangeLog trunk/NEWS trunk/agent/ChangeLog trunk/agent/cvt-openpgp.c trunk/configure.ac trunk/doc/gpg-agent.texi trunk/g10/ChangeLog trunk/g10/import.c trunk/tools/ChangeLog trunk/tools/watchgnupg.c Log: Import fixes. new otion for watchgnupg Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/ChangeLog 2010-10-06 11:29:10 UTC (rev 5439) @@ -1,3 +1,7 @@ +2010-10-06 Werner Koch + + * configure.ac: Make --enable-standard-socket the default. + 2010-10-04 Werner Koch * configure.ac (GNUPG_CHECK_FAQPROG): Remove. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/agent/ChangeLog 2010-10-06 11:29:10 UTC (rev 5439) @@ -1,3 +1,7 @@ +2010-10-06 Werner Koch + + * cvt-openpgp.c (convert_secret_key): Add missing break. + 2010-10-05 Werner Koch * gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/g10/ChangeLog 2010-10-06 11:29:10 UTC (rev 5439) @@ -1,3 +1,8 @@ +2010-10-06 Werner Koch + + * import.c (transfer_secret_keys): Ignore missing key parameters. + Provide dummy IV. Ignore stub keys. + 2010-10-01 Werner Koch * export.c (do_export_stream): Rewrite to take the secret keys Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/tools/ChangeLog 2010-10-06 11:29:10 UTC (rev 5439) @@ -1,3 +1,7 @@ +2010-10-06 Werner Koch + + * watchgnupg.c (print_version): Add option --time-only. + 2010-10-05 Werner Koch * watchgnupg.c (main): Support TCP and local socket listening. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/NEWS 2010-10-06 11:29:10 UTC (rev 5439) @@ -26,8 +26,8 @@ * If the agent's --use-standard-socket option is active, all tools try to start and daemonize the agent on the fly. In the past this was only supported on W32; on non-W32 systems the new configure - option --enable-standard-socket may now be used to use this feature - by default. + option --disable-standard-socket may now be used to disable this + new default. * Dirmngr is now a part of this package. Dirmngr is now also expected to run as a system service and the configuration Modified: trunk/agent/cvt-openpgp.c =================================================================== --- trunk/agent/cvt-openpgp.c 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/agent/cvt-openpgp.c 2010-10-06 11:29:10 UTC (rev 5439) @@ -126,6 +126,7 @@ "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", skey[0], skey[1], skey[2], skey[3], skey[4], skey[5]); + break; default: err = gpg_error (GPG_ERR_PUBKEY_ALGO); Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/configure.ac 2010-10-06 11:29:10 UTC (rev 5439) @@ -79,7 +79,7 @@ use_exec=yes disable_keyserver_path=no use_ccid_driver=yes -use_standard_socket=no +use_standard_socket=yes try_ks_ldap=no @@ -657,8 +657,8 @@ # AC_MSG_CHECKING([whether to use a standard socket by default]) AC_ARG_ENABLE(standard-socket, - AC_HELP_STRING([--enable-standard-socket], - [use a standard socket for the agent by default]), + AC_HELP_STRING([--disable-standard-socket], + [don't use a standard socket by default]), use_standard_socket=$enableval) tmp="" if test "$use_standard_socket" != yes; then Modified: trunk/doc/gpg-agent.texi =================================================================== --- trunk/doc/gpg-agent.texi 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/doc/gpg-agent.texi 2010-10-06 11:29:10 UTC (rev 5439) @@ -2,6 +2,11 @@ @c This is part of the GnuPG manual. @c For copying conditions, see the file gnupg.texi. + at c Note that we use this texinfo file for all versions of GnuPG: + at c 2.0 and 2.1. The macro "gpgtwoone" controls parts which are only + at c valid for GnuPG 2.1 and later. + + @node Invoking GPG-AGENT @chapter Invoking GPG-AGENT @cindex GPG-AGENT command options @@ -438,8 +443,16 @@ environment variable @var{GPG_AGENT_INFO} and then fall back to this socket. This option may not be used if the home directory is mounted on a remote file system which does not support special files like fifos or -sockets. Note, that @option{--use-standard-socket} is the default on -Windows systems. The default may be changed at build time. It is +sockets. + at ifset gpgtwoone +Note, that @option{--use-standard-socket} is the default on all +systems since GnuPG 2.1. + at end ifset + at ifclear gpgtwoone +Note, that @option{--use-standard-socket} is the default on +Windows systems. + at end ifclear +The default may be changed at build time. It is possible to test at runtime whether the agent has been configured for use with the standard socket by issuing the command @command{gpg-agent --use-standard-socket-p} which returns success if the standard socket Modified: trunk/g10/import.c =================================================================== --- trunk/g10/import.c 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/g10/import.c 2010-10-06 11:29:10 UTC (rev 5439) @@ -1122,8 +1122,7 @@ if (!err) err = gcry_cipher_setkey (cipherhd, kek, keklen); if (err) - goto leave; - xfree (kek); + goto leave; xfree (kek); kek = NULL; main_pk = NULL; @@ -1143,6 +1142,11 @@ stats->count++; stats->secret_read++; + /* For now we ignore the stub keys becuase we don't have real + support for them in gpg-agent. */ + if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002) + continue; + /* Convert our internal secret key object into an S-expression. */ nskey = pubkey_get_nskey (pk->pubkey_algo); if (!nskey || nskey > PUBKEY_MAX_NSKEY) @@ -1156,7 +1160,9 @@ put_membuf_str (&mbuf, "(skey"); for (i=j=0; i < nskey; i++) { - if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE)) + if (!pk->pkey[i]) + ; /* Protected keys only have NPKEY+1 elements. */ + else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE)) { put_membuf_str (&mbuf, " e %b"); format_args_buf_ptr[i] = gcry_mpi_get_opaque (pk->pkey[i], &n); @@ -1189,7 +1195,10 @@ if (ski->is_protected) { char countbuf[35]; - + + /* Note that the IVLEN may be zero if we are working on a + dummy key. We can't express that in an S-expression and + thus we send dummy data for the IV. */ snprintf (countbuf, sizeof countbuf, "%lu", (unsigned long)ski->s2k.count); err = gcry_sexp_build @@ -1197,7 +1206,8 @@ " (protection %s %s %b %d %s %b %s)\n", ski->sha1chk? "sha1":"sum", openpgp_cipher_algo_name (ski->algo), - (int)ski->ivlen, ski->iv, + ski->ivlen? (int)ski->ivlen:1, + ski->ivlen? ski->iv: (const unsigned char*)"X", ski->s2k.mode, openpgp_md_algo_name (ski->s2k.hash_algo), (int)sizeof (ski->s2k.salt), ski->s2k.salt, Modified: trunk/tools/watchgnupg.c =================================================================== --- trunk/tools/watchgnupg.c 2010-10-05 19:05:43 UTC (rev 5438) +++ trunk/tools/watchgnupg.c 2010-10-06 11:29:10 UTC (rev 5439) @@ -52,8 +52,8 @@ static int verbose; +static int time_only; - static void die (const char *format, ...) { @@ -136,10 +136,15 @@ time_t atime = time (NULL); tp = localtime (&atime); - printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ", - fd, - 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, - tp->tm_hour, tp->tm_min, tp->tm_sec ); + if (time_only) + printf ("%3d - %02d:%02d:%02d ", + fd, + tp->tm_hour, tp->tm_min, tp->tm_sec ); + else + printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ", + fd, + 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, + tp->tm_hour, tp->tm_min, tp->tm_sec ); } @@ -262,6 +267,7 @@ " --tcp listen on a TCP port and optionally on a local socket\n" " --force delete an already existing socket file\n" " --verbose enable extra informational output\n" + " --time-only print only the time; not a full timestamp\n" " --version print version of the program and exit\n" " --help display this help and exit\n" BUGREPORT_LINE, stdout ); @@ -306,6 +312,11 @@ verbose = 1; argc--; argv++; } + else if (!strcmp (*argv, "--time-only")) + { + time_only = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--force")) { force = 1; From cvs at cvs.gnupg.org Thu Oct 7 12:58:52 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 07 Oct 2010 12:58:52 +0200 Subject: [svn] gpgme - r1493 - trunk/src Message-ID: Author: wk Date: 2010-10-07 12:58:51 +0200 (Thu, 07 Oct 2010) New Revision: 1493 Modified: trunk/src/ChangeLog trunk/src/debug.c trunk/src/gpgme-tool.c trunk/src/util.h trunk/src/w32-util.c Log: Enable debugging feature for W32CE. kFreeBSD portability fix. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-09-16 14:17:50 UTC (rev 1492) +++ trunk/src/ChangeLog 2010-10-07 10:58:51 UTC (rev 1493) @@ -1,3 +1,10 @@ +2010-10-07 Werner Koch + + * gpgme-tool.c (ARGP_ERR_UNKNOWN): Use EDEADLK if available. + + * w32-util.c (_gpgme_w32ce_get_debug_envvar) [W32CE]: New. + * debug.c (debug_init) [W32CE]: Use new function. + 2010-09-16 Werner Koch * import.c: Include "util.h". Modified: trunk/src/debug.c =================================================================== --- trunk/src/debug.c 2010-09-16 14:17:50 UTC (rev 1492) +++ trunk/src/debug.c 2010-10-07 10:58:51 UTC (rev 1493) @@ -115,12 +115,16 @@ char *e; const char *s1, *s2;; +#ifdef HAVE_W32CE_SYSTEM + e = _gpgme_w32ce_get_debug_envvar (); +#else /*!HAVE_W32CE_SYSTEM*/ err = _gpgme_getenv ("GPGME_DEBUG", &e); if (err) { UNLOCK (debug_lock); return; } +#endif /*!HAVE_W32CE_SYSTEM*/ initialized = 1; errfp = stderr; Modified: trunk/src/gpgme-tool.c =================================================================== --- trunk/src/gpgme-tool.c 2010-09-16 14:17:50 UTC (rev 1492) +++ trunk/src/gpgme-tool.c 2010-10-07 10:58:51 UTC (rev 1493) @@ -109,7 +109,11 @@ void *pstate; }; -#define ARGP_ERR_UNKNOWN EDEADLOCK +#ifdef EDEADLK +# define ARGP_ERR_UNKNOWN EDEADLK /* POSIX */ +#else +# define ARGP_ERR_UNKNOWN EDEADLOCK /* *GNU/kFreebsd does not define this) */ +#endif #define ARGP_KEY_ARG 0 #define ARGP_KEY_ARGS 0x1000006 #define ARGP_KEY_END 0x1000001 Modified: trunk/src/util.h =================================================================== --- trunk/src/util.h 2010-09-16 14:17:50 UTC (rev 1492) +++ trunk/src/util.h 2010-10-07 10:58:51 UTC (rev 1493) @@ -127,7 +127,10 @@ #ifdef HAVE_W32_SYSTEM int _gpgme_mkstemp (int *fd, char **name); const char *_gpgme_get_w32spawn_path (void); -#endif +#endif /*HAVE_W32_SYSTEM*/ +#ifdef HAVE_W32CE_SYSTEM +char *_gpgme_w32ce_get_debug_envvar (void); +#endif /*HAVE_W32CE_SYSTEM*/ /*-- Error codes not yet available in current gpg-error.h. --*/ #ifndef GPG_ERR_UNFINISHED Modified: trunk/src/w32-util.c =================================================================== --- trunk/src/w32-util.c 2010-09-16 14:17:50 UTC (rev 1492) +++ trunk/src/w32-util.c 2010-10-07 10:58:51 UTC (rev 1493) @@ -588,3 +588,24 @@ *name = tmpname; return 0; } + + + +#ifdef HAVE_W32CE_SYSTEM +/* Return a malloced string with the replacement value for the + GPGME_DEBUG envvar. Caller must release. Returns NULL if not + set. */ +char * +_gpgme_w32ce_get_debug_envvar (void) +{ + char *tmp; + + tmp = w32_read_registry (L"\\Software\\GNU\\gpgme", L"debug"); + if (tmp && !*tmp) + { + free (tmp); + tmp = NULL; + } + return NULL; +} +#endif /*HAVE_W32CE_SYSTEM*/ From cvs at cvs.gnupg.org Thu Oct 7 14:54:17 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 07 Oct 2010 14:54:17 +0200 Subject: [svn] gpgme - r1494 - trunk/src Message-ID: Author: wk Date: 2010-10-07 14:54:17 +0200 (Thu, 07 Oct 2010) New Revision: 1494 Modified: trunk/src/w32-util.c Log: Fix last change Modified: trunk/src/w32-util.c =================================================================== --- trunk/src/w32-util.c 2010-10-07 10:58:51 UTC (rev 1493) +++ trunk/src/w32-util.c 2010-10-07 12:54:17 UTC (rev 1494) @@ -600,7 +600,7 @@ { char *tmp; - tmp = w32_read_registry (L"\\Software\\GNU\\gpgme", L"debug"); + tmp = read_w32_registry_string (NULL, L"\\Software\\GNU\\gpgme", L"debug"); if (tmp && !*tmp) { free (tmp); From cvs at cvs.gnupg.org Fri Oct 8 13:11:09 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 08 Oct 2010 13:11:09 +0200 Subject: [svn] GnuPG - r5440 - in trunk: doc g10 sm Message-ID: Author: wk Date: 2010-10-08 13:11:08 +0200 (Fri, 08 Oct 2010) New Revision: 5440 Modified: trunk/doc/gpg.texi trunk/doc/gpgsm.texi trunk/g10/ChangeLog trunk/g10/gpg.c trunk/g10/keylist.c trunk/g10/options.h trunk/sm/ChangeLog trunk/sm/gpgsm.c trunk/sm/gpgsm.h trunk/sm/keylist.c Log: Add new option --with-keygrip Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/g10/ChangeLog 2010-10-08 11:11:08 UTC (rev 5440) @@ -1,3 +1,10 @@ +2010-10-08 Werner Koch + + * gpg.c: Add option --with-keygrip. + * options.h (struct opt): Add WITH_KEYGRIP. + * keylist.c (list_keyblock_print, list_keyblock_colon): Implement + new option. + 2010-10-06 Werner Koch * import.c (transfer_secret_keys): Ignore missing key parameters. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/sm/ChangeLog 2010-10-08 11:11:08 UTC (rev 5440) @@ -1,3 +1,9 @@ +2010-10-08 Werner Koch + + * gpgsm.c: Add option --with-keygrip. + * gpgsm.h (struct opt): Add WITH_KEYGRIP. + * keylist.c (list_cert_std): Implement option. + 2010-09-16 Werner Koch * certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/doc/gpg.texi 2010-10-08 11:11:08 UTC (rev 5440) @@ -1945,6 +1945,11 @@ Same as the command @option{--fingerprint} but changes only the format of the output and may be used together with another command. + at ifset gpgtwoone + at item --with-keygrip + at opindex with-keygrip +Include the keygrip in the key listings. + at end ifset @end table Modified: trunk/doc/gpgsm.texi =================================================================== --- trunk/doc/gpgsm.texi 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/doc/gpgsm.texi 2010-10-08 11:11:08 UTC (rev 5440) @@ -554,6 +554,10 @@ For standard key listings, also print the MD5 fingerprint of the certificate. + at item --with-keygrip +Include the keygrip in standard key listings. Note that the keygrip is +always listed in --with-colons mode. + @end table @c ******************************************* Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/g10/gpg.c 2010-10-08 11:11:08 UTC (rev 5440) @@ -166,6 +166,7 @@ oNoAskCertLevel, oFingerprint, oWithFingerprint, + oWithKeygrip, oAnswerYes, oAnswerNo, oKeyring, @@ -669,6 +670,7 @@ ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"), ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"), ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"), + ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"), ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"), ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"), @@ -2279,6 +2281,10 @@ fpr_maybe_cmd = 1; break; + case oWithKeygrip: + opt.with_keygrip = 1; + break; + case oSecretKeyring: /* Ignore this old option. */ break; Modified: trunk/g10/keylist.c =================================================================== --- trunk/g10/keylist.c 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/g10/keylist.c 2010-10-08 11:11:08 UTC (rev 5440) @@ -822,6 +822,17 @@ if (fpr) print_fingerprint (pk, 0); + if (opt.with_keygrip) + { + char *p; + + if (!hexkeygrip_from_pk (pk, &p)) + { + es_fprintf (es_stdout, " Keygrip = %s\n", p); + xfree (p); + } + } + /* FIXME: Change this function to take a PK and ask the agent: */ /* if (secret) print_card_serialno (sk); */ @@ -919,6 +930,16 @@ /* if (secret) */ /* print_card_serialno (sk2); */ } + if (opt.with_keygrip) + { + char *p; + + if (!hexkeygrip_from_pk (pk2, &p)) + { + es_fprintf (es_stdout, " Keygrip = %s\n", p); + xfree (p); + } + } if (opt.with_key_data) print_key_data (pk2); } @@ -1131,14 +1152,15 @@ print_revokers (pk); if (fpr) print_fingerprint (pk, 0); - if (opt.with_key_data) + if (opt.with_key_data || opt.with_keygrip) { if (!hexkeygrip_from_pk (pk, &p)) { es_fprintf (es_stdout, "grp:::::::::%s:\n", p); xfree (p); } - print_key_data (pk); + if (opt.with_key_data) + print_key_data (pk); } for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) @@ -1236,14 +1258,15 @@ es_putc ('\n', es_stdout); if (fpr > 1) print_fingerprint (pk2, 0); - if (opt.with_key_data) + if (opt.with_key_data || opt.with_keygrip) { if (!hexkeygrip_from_pk (pk2, &p)) { es_fprintf (es_stdout, "grp:::::::::%s:\n", p); xfree (p); } - print_key_data (pk2); + if (opt.with_key_data) + print_key_data (pk2); } } else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE) Modified: trunk/g10/options.h =================================================================== --- trunk/g10/options.h 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/g10/options.h 2010-10-08 11:11:08 UTC (rev 5440) @@ -59,7 +59,8 @@ int check_sigs; /* check key signatures */ int with_colons; int with_key_data; - int with_fingerprint; /* opt --with-fingerprint active */ + int with_fingerprint; /* Option --with-fingerprint active. */ + int with_keygrip; /* Option --with-keygrip active. */ int fingerprint; /* list fingerprints */ int list_sigs; /* list signatures */ int no_armor; Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/sm/gpgsm.c 2010-10-08 11:11:08 UTC (rev 5440) @@ -143,6 +143,7 @@ oWithFingerprint, oWithMD5Fingerprint, + oWithKeygrip, oAnswerYes, oAnswerNo, oKeyring, @@ -371,6 +372,7 @@ ARGPARSE_s_n (oWithEphemeralKeys, "with-ephemeral-keys", "@"), ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"), ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"), + ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"), ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"), ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"), @@ -1244,6 +1246,10 @@ opt.fingerprint++; break; + case oWithKeygrip: + opt.with_keygrip = 1; + break; + case oOptions: /* config files may not be nested (silently ignore them) */ if (!configfp) Modified: trunk/sm/gpgsm.h =================================================================== --- trunk/sm/gpgsm.h 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/sm/gpgsm.h 2010-10-08 11:11:08 UTC (rev 5440) @@ -80,6 +80,8 @@ int with_md5_fingerprint; /* Also print an MD5 fingerprint for standard key listings. */ + int with_keygrip; /* Option --with-keygrip active. */ + int armor; /* force base64 armoring (see also ctrl.with_base64) */ int no_armor; /* don't try to figure out whether data is base64 armored*/ Modified: trunk/sm/keylist.c =================================================================== --- trunk/sm/keylist.c 2010-10-06 11:29:10 UTC (rev 5439) +++ trunk/sm/keylist.c 2010-10-08 11:11:08 UTC (rev 5440) @@ -1216,6 +1216,16 @@ es_fprintf (fp, " fingerprint: %s\n", dn?dn:"error"); xfree (dn); + if (opt.with_keygrip) + { + dn = gpgsm_get_keygrip_hexstring (cert); + if (dn) + { + es_fprintf (fp, " keygrip: %s\n", dn); + xfree (dn); + } + } + if (have_secret) { char *cardsn; From cvs at cvs.gnupg.org Fri Oct 8 16:37:43 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 08 Oct 2010 16:37:43 +0200 Subject: [svn] GnuPG - r5441 - in trunk: . common Message-ID: Author: wk Date: 2010-10-08 16:37:42 +0200 (Fri, 08 Oct 2010) New Revision: 5441 Modified: trunk/ChangeLog trunk/autogen.sh trunk/common/asshelp.c trunk/configure.ac Log: New configure optionh --enable-dirmngr-auto-start. autogen.sh enables this for CE. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-08 11:11:08 UTC (rev 5440) +++ trunk/ChangeLog 2010-10-08 14:37:42 UTC (rev 5441) @@ -1,3 +1,9 @@ +2010-10-08 Werner Koch + + * configure.ac: Add option --enable-dirmngr-auto-start. + (USE_DIRMNGR_AUTO_START): New ac_define. + * autogen.sh <--build-w32ce>: Use new option. + 2010-10-06 Werner Koch * configure.ac: Make --enable-standard-socket the default. Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2010-10-08 11:11:08 UTC (rev 5440) +++ trunk/autogen.sh 2010-10-08 14:37:42 UTC (rev 5441) @@ -103,7 +103,8 @@ w32root="$w32ce_root" [ -z "$w32root" ] && w32root="$HOME/w32ce_root" toolprefixes="$w32ce_toolprefixes arm-mingw32ce" - extraoptions="--disable-scdaemon --disable-zip $w32ce_extraoptions" + extraoptions="--enable-dirmngr-auto-start --disable-scdaemon " + extraoptions="$extraoptions --disable-zip $w32ce_extraoptions" ;; *) [ -z "$w32root" ] && w32root="$HOME/w32root" Modified: trunk/common/asshelp.c =================================================================== --- trunk/common/asshelp.c 2010-10-08 11:11:08 UTC (rev 5440) +++ trunk/common/asshelp.c 2010-10-08 14:37:42 UTC (rev 5441) @@ -547,7 +547,6 @@ gpg_error_t err; assuan_context_t ctx; const char *sockname; - lock_spawn_t lock; *r_ctx = NULL; @@ -560,8 +559,10 @@ sockname = dirmngr_socket_name (); err = assuan_socket_connect (ctx, sockname, 0, 0); +#ifdef USE_DIRMNGR_AUTO_START if (err) { + lock_spawn_t lock; const char *argv[2]; /* With no success try start a new Dirmngr. On most systems @@ -619,6 +620,13 @@ unlock_spawning (&lock, "dirmngr"); } +#else + (void)homedir; + (void)dirmngr_program; + (void)verbose; + (void)status_cb; + (void)status_cb_arg; +#endif /*USE_DIRMNGR_AUTO_START*/ if (err) { Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-10-08 11:11:08 UTC (rev 5440) +++ trunk/configure.ac 2010-10-08 14:37:42 UTC (rev 5441) @@ -80,6 +80,7 @@ disable_keyserver_path=no use_ccid_driver=yes use_standard_socket=yes +dirmngr_auto_start=no try_ks_ldap=no @@ -339,7 +340,23 @@ use_ccid_driver=$enableval) AC_MSG_RESULT($use_ccid_driver) +# +# Dirmngr is nowadays a system service and thus it usually does no +# make sense to start it as needed. However on some systems this is +# possible; this option enable the feature. +# +AC_MSG_CHECKING([whether to auto start dirmngr]) +AC_ARG_ENABLE(dirmngr-auto-start, + AC_HELP_STRING([--enable-dirmngr-auto-start], + [enable auto starting of the dirmngr]), + dirmngr_auto_start=$enableval) +AC_MSG_RESULT($dirmngr_auto_start) +if test "$dirmngr_auto_start" = yes ; then + AC_DEFINE(USE_DIRMNGR_AUTO_START,1, + [Define to enable auto starting of the dirmngr]) +fi + # # To avoid double inclusion of config.h which might happen at some # places, we add the usual double inclusion protection at the top of @@ -1655,6 +1672,7 @@ Default dirmngr: $show_gnupg_dirmngr_pgm Use standard socket: $use_standard_socket + Dirmngr auto start: $dirmngr_auto_start " if test x"$use_regex" != xyes ; then echo " From cvs at cvs.gnupg.org Sun Oct 10 11:53:03 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Sun, 10 Oct 2010 11:53:03 +0200 Subject: [svn] GnuPG - r5442 - in branches/STABLE-BRANCH-1-4: . g10 Message-ID: Author: wk Date: 2010-10-10 11:53:02 +0200 (Sun, 10 Oct 2010) New Revision: 5442 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/configure.ac branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/keyring.c Log: VMS fixes Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2010-10-08 14:37:42 UTC (rev 5441) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2010-10-10 09:53:02 UTC (rev 5442) @@ -1,3 +1,8 @@ +2010-10-10 Werner Koch + + * configure.ac (AH_BOTTOM): Add GNUPG_BAK_SFX and GNUPG_TMP_SFX. + Define GNUPG_HOMEDIR et al for VMS. + 2010-10-05 Werner Koch * configure.ac: Remove check for the faqprog. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-08 14:37:42 UTC (rev 5441) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-10 09:53:02 UTC (rev 5442) @@ -1,3 +1,7 @@ +2010-10-10 Werner Koch + + * keyring.c (create_tmp_file): Use GNUPG_TMP_SFX anf GNUPG_BAK_SFX. + 2010-09-28 David Shaw * options.skel: Make the example for force-v3-sigs match Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2010-10-08 14:37:42 UTC (rev 5441) +++ branches/STABLE-BRANCH-1-4/configure.ac 2010-10-10 09:53:02 UTC (rev 5442) @@ -25,8 +25,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh --force" right before creating a distribution. -m4_define([my_version], [1.4.11rc1]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.4.11]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) AC_INIT([gnupg], @@ -460,7 +460,15 @@ # define PATHSEP_S ":" #endif +#ifdef __VMS +# define GNUPG_BAK_SFX "_bak" +# define GNUPG_TMP_SFX "_tmp" +#else /*!def __VMS */ +# define GNUPG_BAK_SFX "~" +# define GNUPG_TMP_SFX EXTSEP_S "tmp" +#endif /* def __VMS [else] */ + /* For some OSes we need to use fixed strings for certain directories. */ #ifdef HAVE_DRIVE_LETTERS # define LOCALEDIR "c:\\\\lib\\\\gnupg\\\\locale" @@ -470,7 +478,10 @@ # define GNUPG_HOMEDIR "c:\\\\gnupg" #else # ifdef __VMS -# define GNUPG_HOMEDIR "/SYS$LOGIN/gnupg" +# define GNUPG_DATADIR "/SYS$MANAGER/gnupg_share" +# define GNUPG_HOMEDIR "/SYS$LOGIN/gnupg" +# define GNUPG_LIBDIR "/SYS$MANAGER/gnupg_share" +# define GNUPG_LIBEXECDIR "" # else # define GNUPG_HOMEDIR "~/.gnupg" # endif Modified: branches/STABLE-BRANCH-1-4/g10/keyring.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/keyring.c 2010-10-08 14:37:42 UTC (rev 5441) +++ branches/STABLE-BRANCH-1-4/g10/keyring.c 2010-10-10 09:53:02 UTC (rev 5442) @@ -1182,11 +1182,11 @@ strcpy (stpcpy(tmpfname, template), EXTSEP_S "tmp"); } # else /* Posix file names */ - bakfname = xmalloc (strlen( template ) + 2); - strcpy (stpcpy (bakfname,template),"~"); + bakfname = xmalloc (strlen (template) + sizeof (GNUPG_BAK_SFX) + 1); + strcpy (stpcpy (bakfname, template), GNUPG_BAK_SFX); - tmpfname = xmalloc (strlen( template ) + 5); - strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp"); + tmpfname = xmalloc (strlen (template) + sizeof (GNUPG_TMP_SFX) + 1 ); + strcpy (stpcpy(tmpfname, template), GNUPG_TMP_SFX); # endif /* Posix filename */ /* Create the temp file with limited access */ From cvs at cvs.gnupg.org Mon Oct 11 14:36:28 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 11 Oct 2010 14:36:28 +0200 Subject: [svn] GnuPG - r5443 - trunk/doc Message-ID: Author: wk Date: 2010-10-11 14:36:27 +0200 (Mon, 11 Oct 2010) New Revision: 5443 Modified: trunk/doc/ChangeLog trunk/doc/gpg.texi Log: Describe %v and %V. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2010-10-10 09:53:02 UTC (rev 5442) +++ trunk/doc/ChangeLog 2010-10-11 12:36:27 UTC (rev 5443) @@ -1,3 +1,8 @@ +2010-10-11 Daniel Kahn Gillmor (wk) + + * gpg.texi (GPG Configuration Options) : Describe %v + and %V. + 2010-10-05 Werner Koch * Makefile.am (faq.txt faq.html, faq-online): New. Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2010-10-10 09:53:02 UTC (rev 5442) +++ trunk/doc/gpg.texi 2010-10-11 12:36:27 UTC (rev 5443) @@ -1141,6 +1141,9 @@ Other flags are "%k" for the key ID, "%K" for the long key ID, "%f" for the key fingerprint, "%t" for the extension of the image type (e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"), +"%v" for the single-character calculated validity of the image being +viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g. +"full"), and "%%" for an actual percent sign. If neither %i or %I are present, then the photo will be supplied to the viewer on standard input. From cvs at cvs.gnupg.org Mon Oct 11 21:20:26 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 11 Oct 2010 21:20:26 +0200 Subject: [svn] assuan - r389 - trunk/tests Message-ID: Author: wk Date: 2010-10-11 21:20:25 +0200 (Mon, 11 Oct 2010) New Revision: 389 Modified: trunk/tests/ChangeLog trunk/tests/Makefile.am Log: Fix bug#1205 Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2010-09-17 14:16:34 UTC (rev 388) +++ trunk/tests/ChangeLog 2010-10-11 19:20:25 UTC (rev 389) @@ -1,3 +1,7 @@ +2010-10-11 Werner Koch + + * Makefile.am (w32cetools): Move ce-server to here. + 2010-03-17 Werner Koch * pipeconnect.c: New. Based on fdpassing.c Modified: trunk/tests/Makefile.am =================================================================== --- trunk/tests/Makefile.am 2010-09-17 14:16:34 UTC (rev 388) +++ trunk/tests/Makefile.am 2010-10-11 19:20:25 UTC (rev 389) @@ -28,7 +28,7 @@ TESTS = pipeconnect if HAVE_W32CE_SYSTEM -w32cetools = ce-createpipe +w32cetools = ce-createpipe ce-server endif if USE_DESCRIPTOR_PASSING @@ -39,6 +39,6 @@ AM_CFLAGS = $(GPG_ERROR_CFLAGS) noinst_HEADERS = common.h -noinst_PROGRAMS = $(TESTS) ce-server $(w32cetools) +noinst_PROGRAMS = $(TESTS) $(w32cetools) LDADD = ../src/libassuan.la $(NETLIBS) $(GPG_ERROR_LIBS) From cvs at cvs.gnupg.org Tue Oct 12 17:58:20 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 12 Oct 2010 17:58:20 +0200 Subject: [svn] pinentry - r239 - in trunk: . qt Message-ID: Author: wk Date: 2010-10-12 17:58:19 +0200 (Tue, 12 Oct 2010) New Revision: 239 Modified: trunk/ChangeLog trunk/NEWS trunk/autogen.sh trunk/qt/main.cpp Log: Add default-cacnel and default-ok to pinentry-qt(3) Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-09-30 15:17:08 UTC (rev 238) +++ trunk/ChangeLog 2010-10-12 15:58:19 UTC (rev 239) @@ -1,3 +1,9 @@ +2010-10-12 Werner Koch + + * qt/main.cpp (escape_accel): New. Adapt from from qt4/. + (qt_cmd_handler): Implement default-ok and default-cancel. Escape + accelerators. + 2010-09-30 Werner Koch * pinentry/pinentry.h (struct pinentry): Add CLOSE_BUTTON. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-09-30 15:17:08 UTC (rev 238) +++ trunk/NEWS 2010-10-12 15:58:19 UTC (rev 239) @@ -7,8 +7,9 @@ the keyboard. * The protocol options default-cancel and default-ok now work for the - pinnetry-gtk2. + pinentry-gtk2 and pinentry-qt (that is QT3). + Noteworthy changes in version 0.8.0 (2010-03-03) ------------------------------------------------ Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2010-09-30 15:17:08 UTC (rev 238) +++ trunk/autogen.sh 2010-10-12 15:58:19 UTC (rev 239) @@ -140,7 +140,7 @@ fi fi - ./configure --enable-maintainer-mode --prefix=${w32root} \ + $tsdir/configure --enable-maintainer-mode --prefix=${w32root} \ --host=${host} --build=${build} \ --disable-pinentry-gtk \ --disable-pinentry-qt \ Modified: trunk/qt/main.cpp =================================================================== --- trunk/qt/main.cpp 2010-09-30 15:17:08 UTC (rev 238) +++ trunk/qt/main.cpp 2010-10-12 15:58:19 UTC (rev 239) @@ -39,6 +39,45 @@ #include #endif +static QString escape_accel( const QString & s ) { + + QString result; + result.reserve( 2 * s.length()); + + bool afterUnderscore = false; + + for ( unsigned int i = 0, end = s.length() ; i != end ; ++i ) { + const QChar ch = s[i]; + if ( ch == QChar ( '_' ) ) + { + if ( afterUnderscore ) // escaped _ + { + result += QChar ( '_' ); + afterUnderscore = false; + } + else // accel + { + afterUnderscore = true; + } + } + else + { + if ( afterUnderscore || // accel + ch == QChar ( '&' ) ) // escape & from being interpreted by Qt + result += QChar ( '&' ); + result += ch; + afterUnderscore = false; + } + } + + if ( afterUnderscore ) + // trailing single underscore: shouldn't happen, but deal with it robustly: + result += QChar ( '_' ); + + return result; +} + + /* Hack for creating a QWidget with a "foreign" window ID */ class ForeignWidget : public QWidget { @@ -79,9 +118,16 @@ #endif if (pe->ok) - pinentry.setOkText (QString::fromUtf8 (pe->ok)); + pinentry.setOkText (escape_accel (QString::fromUtf8 (pe->ok))); + else if (pe->default_ok) + pinentry.setOkText (escape_accel (QString::fromUtf8 (pe->default_ok))); + if (pe->cancel) - pinentry.setCancelText (QString::fromUtf8 (pe->cancel)); + pinentry.setCancelText (escape_accel (QString::fromUtf8 (pe->cancel))); + else if (pe->default_cancel) + pinentry.setCancelText + (escape_accel (QString::fromUtf8 (pe->default_cancel))); + if (pe->error) pinentry.setError (QString::fromUtf8 (pe->error)); if (pe->quality_bar) @@ -113,9 +159,13 @@ } else { - QString desc = QString::fromUtf8 (pe->description? pe->description :""); - QString ok = QString::fromUtf8 (pe->ok ? pe->ok : "OK"); - QString can = QString::fromUtf8 (pe->cancel ? pe->cancel : "Cancel"); + QString desc = QString::fromUtf8 (pe->description? pe->description : ""); + QString ok = escape_accel + (QString::fromUtf8 (pe->ok ? pe->ok : + pe->default_ok ? pe->default_ok : "&OK")); + QString can = escape_accel + (QString::fromUtf8 (pe->cancel ? pe->cancel : + pe->default_cancel? pe->default_cancel: "&Cancel")); bool ret; ret = QMessageBox::information (parent, "", desc, ok, can ); @@ -160,7 +210,7 @@ for (done=0,p=*new_argv,i=0; i < argc; i++) if (!done && !strcmp (argv[i], "--display")) { - new_argv[i] = "-display"; + new_argv[i] = (char*)"-display"; done = 1; } else From cvs at cvs.gnupg.org Wed Oct 13 17:57:12 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 13 Oct 2010 17:57:12 +0200 Subject: [svn] GnuPG - r5444 - in trunk: . agent common doc g10 Message-ID: Author: wk Date: 2010-10-13 17:57:08 +0200 (Wed, 13 Oct 2010) New Revision: 5444 Modified: trunk/NEWS trunk/agent/ChangeLog trunk/agent/agent.h trunk/agent/call-pinentry.c trunk/agent/command-ssh.c trunk/agent/command.c trunk/agent/cvt-openpgp.c trunk/agent/divert-scd.c trunk/agent/findkey.c trunk/agent/genkey.c trunk/agent/gpg-agent.c trunk/agent/pkdecrypt.c trunk/agent/pksign.c trunk/agent/protect-tool.c trunk/common/ChangeLog trunk/common/miscellaneous.c trunk/common/util.h trunk/doc/gpg.texi trunk/g10/ChangeLog trunk/g10/call-agent.c trunk/g10/card-util.c trunk/g10/getkey.c trunk/g10/gpg.c trunk/g10/gpgv.c trunk/g10/import.c trunk/g10/keydb.h trunk/g10/keyedit.c trunk/g10/keygen.c trunk/g10/keylist.c trunk/g10/misc.c trunk/g10/options.h trunk/g10/passphrase.c trunk/g10/pubkey-enc.c Log: More agent support for gpg. [The diff below has been truncated] Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/ChangeLog 2010-10-13 15:57:08 UTC (rev 5444) @@ -1,3 +1,24 @@ +2010-10-13 Werner Koch + + * call-pinentry.c (agent_get_passphrase): Support the close_button. + + * gpg-agent.c (create_server_socket): Switch back to stderr + logging if we are not starting a agent. + + * command.c (cmd_passwd, cmd_export_key): Move mapping of + GPG_ERR_FULLY_CANCELED to .. + (leave_cmd): .. here. + (option_handler): Add option agent-awareness. + * protect-tool.c (get_passphrase): Take care of + GPG_ERR_FULLY_CANCELED. + * findkey.c (try_unprotect_cb): Ditto. + (unprotect): Remove the fully_canceled hack. + * call-pinentry.c (start_pinentry): Ditto. + (agent_askpin): Ditto. + * pkdecrypt.c (agent_pkdecrypt): Ditto + * pksign.c (agent_pksign_do): Ditto. + * genkey.c (agent_ask_new_passphrase): Remove arg CANCEL_ALL. + 2010-10-06 Werner Koch * cvt-openpgp.c (convert_secret_key): Add missing break. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/common/ChangeLog 2010-10-13 15:57:08 UTC (rev 5444) @@ -1,3 +1,8 @@ +2010-10-13 Werner Koch + + * miscellaneous.c (parse_version_number, parse_version_string) + (gnupg_compare_version): New. + 2010-10-04 Werner Koch * gettime.c (asctimestamp) [W32CE]: Do not print the timezone. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/ChangeLog 2010-10-13 15:57:08 UTC (rev 5444) @@ -1,3 +1,33 @@ +2010-10-13 Werner Koch + + * call-agent.c (start_agent): Send option agent-awareness. + (status_sc_op_failure): Take care of GPG_ERR_FULLY_CANCELED. + * passphrase.c (passphrase_get): Ditto. + * import.c (transfer_secret_keys): Ditto. + * card-util.c (write_sc_op_status): Ditto. + + * getkey.c (enum_secret_keys): Rewrite. + + * pubkey-enc.c (get_session_key): Skip keys without an encryption + capability. Handle GPG_ERR_FULLY_CANCELED. + * gpg.c: Add option --try-secret-key. + * options.h (struct opt): Add field secret_keys_to_try. + + * passphrase.c (next_to_last_passphrase): Remove. + +2010-10-12 Werner Koch + + * keygen.c (generate_subkeypair): Check availibility of secret parts. + + * keylist.c (print_card_serialno): Change to take a hexified serialno. + (list_keyblock_print): Print serialno and stub key indicators. + (list_keyblock_colon): Ditto. + + * getkey.c (have_any_secret_key): Remove. Replace all calls by + agent_probe_any_secret_key. + * gpgv.c (agent_probe_any_secret_key): New. + (agent_get_keyinfo): New. + 2010-10-08 Werner Koch * gpg.c: Add option --with-keygrip. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/NEWS 2010-10-13 15:57:08 UTC (rev 5444) @@ -43,11 +43,14 @@ * The OpenPGP import command is now able to merge secret keys. - * Removed options: + * Removed GPG options: --export-options: export-secret-subkey-passwd --simple-sk-checksum + * New GPG options: + --try-secret-key + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: trunk/agent/agent.h =================================================================== --- trunk/agent/agent.h 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/agent.h 2010-10-13 15:57:08 UTC (rev 5444) @@ -253,7 +253,7 @@ int agent_askpin (ctrl_t ctrl, const char *desc_text, const char *prompt_text, const char *inital_errtext, - struct pin_entry_info_s *pininfo, int *r_cancelall); + struct pin_entry_info_s *pininfo); int agent_get_passphrase (ctrl_t ctrl, char **retpass, const char *desc, const char *prompt, const char *errtext, int with_qualitybar); @@ -291,7 +291,7 @@ /*-- genkey.c --*/ int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent); gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, - char **r_passphrase, int *r_cancelall); + char **r_passphrase); int agent_genkey (ctrl_t ctrl, const char *cache_nonce, const char *keyparam, size_t keyparmlen, membuf_t *outbuf); int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); Modified: trunk/agent/call-pinentry.c =================================================================== --- trunk/agent/call-pinentry.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/call-pinentry.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -467,8 +467,10 @@ else { rc = agent_inq_pinentry_launched (ctrl, pinentry_pid); - if (gpg_err_code (rc) == GPG_ERR_CANCELED) - return unlock_pinentry (gpg_error (GPG_ERR_CANCELED)); + if (gpg_err_code (rc) == GPG_ERR_CANCELED + || gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) + return unlock_pinentry (gpg_err_make (GPG_ERR_SOURCE_DEFAULT, + gpg_err_code (rc))); rc = 0; } @@ -727,7 +729,7 @@ agent_askpin (ctrl_t ctrl, const char *desc_text, const char *prompt_text, const char *initial_errtext, - struct pin_entry_info_s *pininfo, int *r_cancel_all) + struct pin_entry_info_s *pininfo) { int rc; char line[ASSUAN_LINELENGTH]; @@ -737,9 +739,6 @@ int saveflag; int close_button; - if (r_cancel_all) - *r_cancel_all = 0; - if (opt.batch) return 0; /* fixme: we should return BAD PIN */ @@ -830,10 +829,10 @@ && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - /* Set a flag in case the window close button was clicked to - cancel the operation. */ - if (close_button && r_cancel_all && gpg_err_code (rc) == GPG_ERR_CANCELED) - *r_cancel_all = 1; + /* Change error code in case the window close button was clicked + to cancel the operation. */ + if (close_button && gpg_err_code (rc) == GPG_ERR_CANCELED) + rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA) errtext = is_pin? _("PIN too long") @@ -890,6 +889,7 @@ char line[ASSUAN_LINELENGTH]; struct entry_parm_s parm; int saveflag; + int close_button; *retpass = NULL; if (opt.batch) @@ -942,14 +942,21 @@ saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); + close_button = 0; rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, - inq_quality, entry_ctx, NULL, NULL); + inq_quality, entry_ctx, + close_button_status_cb, &close_button); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code for canceled which gets translated to an assuan Cancel error and not to the code for a user cancel. Fix this here. */ if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); + /* Change error code in case the window close button was clicked + to cancel the operation. */ + if (close_button && gpg_err_code (rc) == GPG_ERR_CANCELED) + rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); + if (rc) xfree (parm.buffer); else Modified: trunk/agent/command-ssh.c =================================================================== --- trunk/agent/command-ssh.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/command-ssh.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -2425,7 +2425,7 @@ pi2->check_cb_arg = pi->pin; next_try: - err = agent_askpin (ctrl, description, NULL, initial_errtext, pi, NULL); + err = agent_askpin (ctrl, description, NULL, initial_errtext, pi); initial_errtext = NULL; if (err) goto out; @@ -2433,7 +2433,7 @@ /* Unless the passphrase is empty, ask to confirm it. */ if (pi->pin && *pi->pin) { - err = agent_askpin (ctrl, description2, NULL, NULL, pi2, NULL); + err = agent_askpin (ctrl, description2, NULL, NULL, pi2); if (err == -1) { /* The re-entered one did not match and the user did not hit cancel. */ Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/command.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -71,6 +71,7 @@ be done. */ void *import_key; /* Malloced KEK for the import_key command. */ void *export_key; /* Malloced KEK for the export_key command. */ + int allow_fully_canceled; /* Client is aware of GPG_ERR_FULLY_CANCELED. */ }; @@ -364,6 +365,16 @@ if (!name) name = "?"; + /* Not all users of gpg-agent know about the fully canceled + error code; map it back if needed. */ + if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) + { + ctrl_t ctrl = assuan_get_pointer (ctx); + + if (!ctrl->server_local->allow_fully_canceled) + err = gpg_err_make (gpg_err_source (err), GPG_ERR_CANCELED); + } + /* Most code from common/ does not know the error source, thus we fix this here. */ if (gpg_err_source (err) == GPG_ERR_SOURCE_UNKNOWN) @@ -1336,12 +1347,7 @@ grip, &shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey, NULL); if (rc) - { - /* Not all users of gpg-agent know about fully cancled; thus we - map it back. */ - if (gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) - rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - } + ; else if (!s_skey) { log_error ("changing a smartcard PIN is not yet supported\n"); @@ -1643,7 +1649,7 @@ err = agent_ask_new_passphrase (ctrl, _("Please enter the passphrase to protect the " "imported object within the GnuPG system."), - &passphrase, NULL); + &passphrase); if (err) goto leave; } @@ -1751,17 +1757,12 @@ canonical S-expression. */ if (!passphrase) { - int fully_canceled; err = agent_ask_new_passphrase (ctrl, _("This key (or subkey) is not protected with a passphrase." " Please enter a new passphrase to export it."), - &passphrase, &fully_canceled); + &passphrase); if (err) - { - if (fully_canceled) - err = gpg_error (GPG_ERR_FULLY_CANCELED); - goto leave; - } + goto leave; } err = convert_to_openpgp (ctrl, s_skey, passphrase, &key, &keylen); } @@ -1814,10 +1815,6 @@ xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; - /* Not all users of gpg-agent know about fully cancled; thus we map - it back unless we know that it is okay. */ - if (!openpgp && gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) - err = gpg_err_make (gpg_err_source (err), GPG_ERR_CANCELED); return leave_cmd (ctx, err); } @@ -2185,8 +2182,15 @@ ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; - if (!strcmp (key, "putenv")) + if (!strcmp (key, "agent-awareness")) { + /* The value is a version string telling us of which agent + version the caller is aware of. */ + ctrl->server_local->allow_fully_canceled = + gnupg_compare_version (value, "2.1.0"); + } + else if (!strcmp (key, "putenv")) + { /* Change the session's environment to be used for the Pinentry. Valid values are: Delete envvar NAME Modified: trunk/agent/cvt-openpgp.c =================================================================== --- trunk/agent/cvt-openpgp.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/cvt-openpgp.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -780,7 +780,7 @@ err = try_do_unprotect_cb (pi); } if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE) - err = agent_askpin (ctrl, prompt, NULL, NULL, pi, NULL); + err = agent_askpin (ctrl, prompt, NULL, NULL, pi); skeyidx = pi_arg.skeyidx; if (!err) { Modified: trunk/agent/divert-scd.c =================================================================== --- trunk/agent/divert-scd.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/divert-scd.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -266,7 +266,7 @@ if (any_flags) { - rc = agent_askpin (ctrl, info, prompt, again_text, pi, NULL); + rc = agent_askpin (ctrl, info, prompt, again_text, pi); again_text = NULL; if (!rc && newpin) { @@ -288,7 +288,7 @@ is_puk? _("Repeat this PUK"): _("Repeat this PIN")), - prompt, NULL, pi2, NULL); + prompt, NULL, pi2); if (!rc && strcmp (pi->pin, pi2->pin)) { again_text = (resetcode? @@ -312,7 +312,7 @@ info? info:"", info? "')":"") < 0) desc = NULL; - rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi, NULL); + rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi); xfree (desc); } Modified: trunk/agent/findkey.c =================================================================== --- trunk/agent/findkey.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/findkey.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -169,7 +169,8 @@ _("I'll change it later"), 0); if (!err) arg->change_required = 1; - else if (gpg_err_code (err) == GPG_ERR_CANCELED) + else if (gpg_err_code (err) == GPG_ERR_CANCELED + || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) err = 0; } xfree (desc); @@ -290,7 +291,6 @@ unsigned char *result; size_t resultlen; char hexgrip[40+1]; - int fully_canceled; if (r_passphrase) *r_passphrase = NULL; @@ -383,9 +383,7 @@ arg.change_required = 0; pi->check_cb_arg = &arg; - rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, &fully_canceled); - if (gpg_err_code (rc) == GPG_ERR_CANCELED && fully_canceled) - rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); + rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi); if (!rc) { assert (arg.unprotected_key); Modified: trunk/agent/genkey.c =================================================================== --- trunk/agent/genkey.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/genkey.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -290,12 +290,10 @@ function returns 0 and store the passphrase at R_PASSPHRASE; if the user opted not to use a passphrase NULL will be stored there. The user needs to free the returned string. In case of an error and - error code is returned and NULL stored at R_PASSPHRASE. If - R_CANCEL_ALL is not NULL and the user canceled by directly closing - the window true will be stored at this address. */ + error code is returned and NULL stored at R_PASSPHRASE. */ gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, - char **r_passphrase, int *r_cancel_all) + char **r_passphrase) { gpg_error_t err; const char *text1 = prompt; @@ -316,7 +314,7 @@ pi2->check_cb_arg = pi->pin; next_try: - err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, r_cancel_all); + err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi); initial_errtext = NULL; if (!err) { @@ -329,7 +327,7 @@ /* Unless the passphrase is empty, ask to confirm it. */ if (pi->pin && *pi->pin) { - err = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL); + err = agent_askpin (ctrl, text2, NULL, NULL, pi2); if (err == -1) { /* The re-entered one did not match and the user did not hit cancel. */ @@ -381,7 +379,7 @@ rc = agent_ask_new_passphrase (ctrl, _("Please enter the passphrase to%0A" "to protect your new key"), - &passphrase, NULL); + &passphrase); if (rc) return rc; @@ -473,7 +471,7 @@ rc = agent_ask_new_passphrase (ctrl, _("Please enter the new passphrase"), - &passphrase, NULL); + &passphrase); if (!rc) { rc = store_key (s_skey, passphrase, 1); Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/gpg-agent.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -1523,6 +1523,8 @@ a hang. */ if (!is_ssh && !check_for_running_agent (1, 1)) { + log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX); + log_set_file (NULL); log_error (_("a gpg-agent is already running - " "not starting a new one\n")); *name = 0; /* Inhibit removal of the socket by cleanup(). */ Modified: trunk/agent/pkdecrypt.c =================================================================== --- trunk/agent/pkdecrypt.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/pkdecrypt.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -67,8 +67,6 @@ rc = agent_key_from_file (ctrl, NULL, desc_text, ctrl->keygrip, &shadow_info, CACHE_MODE_NORMAL, NULL, &s_skey, NULL); - if (gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) - rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) { if (gpg_err_code (rc) == GPG_ERR_ENOENT) Modified: trunk/agent/pksign.c =================================================================== --- trunk/agent/pksign.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/pksign.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -256,8 +256,6 @@ rc = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip, &shadow_info, cache_mode, lookup_ttl, &s_skey, NULL); - if (gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) - rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) { log_error ("failed to read the secret key\n"); Modified: trunk/agent/protect-tool.c =================================================================== --- trunk/agent/protect-tool.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/agent/protect-tool.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -704,7 +704,8 @@ repeat, repeat, 1, &pw); if (err) { - if (gpg_err_code (err) == GPG_ERR_CANCELED) + if (gpg_err_code (err) == GPG_ERR_CANCELED + || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) log_info (_("cancelled\n")); else log_error (_("error while asking for the passphrase: %s\n"), Modified: trunk/common/miscellaneous.c =================================================================== --- trunk/common/miscellaneous.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/common/miscellaneous.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -236,3 +236,81 @@ } + +/* Parse the first portion of the version number S and store it at + NUMBER. On success, the function returns a pointer into S starting + with the first character, which is not part of the initial number + portion; on failure, NULL is returned. */ +static const char* +parse_version_number (const char *s, int *number) +{ + int val = 0; + + if (*s == '0' && digitp (s+1)) + return NULL; /* Leading zeros are not allowed. */ + for (; digitp (s); s++ ) + { + val *= 10; + val += *s - '0'; + } + *number = val; + return val < 0? NULL : s; +} + +/* Break up the complete string representation of the version number S, + which is expected to have this format: + + ... + + The major, minor and micro number components will be stored at + MAJOR, MINOR and MICRO. On success, a pointer to the last + component, the patch level, will be returned; on failure, NULL will + be returned. */ +static const char * +parse_version_string (const char *s, int *major, int *minor, int *micro) +{ + s = parse_version_number (s, major); + if (!s || *s != '.') + return NULL; + s++; + s = parse_version_number (s, minor); + if (!s || *s != '.') + return NULL; + s++; + s = parse_version_number (s, micro); + if (!s) + return NULL; + return s; /* Patchlevel. */ +} + +/* Return true if version string is at least version B. */ +int +gnupg_compare_version (const char *a, const char *b) +{ + int a_major, a_minor, a_micro; + int b_major, b_minor, b_micro; + const char *a_plvl, *b_plvl; + + if (!a || !b) + return 0; + + /* Parse version A. */ + a_plvl = parse_version_string (a, &a_major, &a_minor, &a_micro); + if (!a_plvl ) + return 0; /* Invalid version number. */ + + /* Parse version B. */ + b_plvl = parse_version_string (b, &b_major, &b_minor, &b_micro); + if (!b_plvl ) + return 0; /* Invalid version number. */ + + /* Compare version numbers. */ + return (a_major > b_major + || (a_major == b_major && a_minor > b_minor) + || (a_major == b_major && a_minor == b_minor + && a_micro > b_micro) + || (a_major == b_major && a_minor == b_minor + && a_micro == b_micro + && strcmp (a_plvl, b_plvl) >= 0)); +} + Modified: trunk/common/util.h =================================================================== --- trunk/common/util.h 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/common/util.h 2010-10-13 15:57:08 UTC (rev 5444) @@ -267,7 +267,9 @@ int match_multistr (const char *multistr,const char *match); +int gnupg_compare_version (const char *a, const char *b); + /*-- Simple replacement functions. */ #ifndef HAVE_TTYNAME /* Systems without ttyname (W32) will merely return NULL. */ Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/doc/gpg.texi 2010-10-13 15:57:08 UTC (rev 5444) @@ -1782,13 +1782,27 @@ Use @var{name} as the key to sign with. Note that this option overrides @option{--default-key}. + at ifset gpgtwoone + at item --try-secret-key @var{name} + at opindex try-secret-key +For hidden recipients GPG needs to know the keys to use for trial +decryption. The key set with @option{--default-key} is always tried +first, but this is often not sufficient. This option allows to set more +keys to be used for trial decryption. Although any valid user-id +specification may be used for @var{name} it makes sense to use at least +the long keyid to avoid ambiguities. Note that gpg-agent might pop up a +pinentry for a lot keys to do the trial decryption. If you want to stop +all further trial decryption you may use close-window button instead of +the cancel button. + at end ifset + @item --try-all-secrets @opindex try-all-secrets Don't look at the key ID as stored in the message but try all secret keys in turn to find the right decryption key. This option forces the behaviour as used by anonymous recipients (created by using - at option{--throw-keyids}) and might come handy in case where an encrypted -message contains a bogus key ID. + at option{--throw-keyids} or @option{--hidden-recipient}) and might come +handy in case where an encrypted message contains a bogus key ID. @item --skip-hidden-recipients @itemx --no-skip-hidden-recipients Modified: trunk/g10/call-agent.c =================================================================== --- trunk/g10/call-agent.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/call-agent.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -99,6 +99,7 @@ case 0: break; case GPG_ERR_CANCELED: + case GPG_ERR_FULLY_CANCELED: write_status_text (STATUS_SC_OP_FAILURE, "1"); break; case GPG_ERR_BAD_PIN: @@ -142,6 +143,11 @@ agents. */ assuan_transact (agent_ctx, "OPTION allow-pinentry-notify", NULL, NULL, NULL, NULL, NULL, NULL); + /* Tell the agent about what version we are aware. This is + here used to indirectly enable GPG_ERR_FULLY_CANCELED. */ + assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0", + NULL, NULL, NULL, NULL, NULL, NULL); + } } Modified: trunk/g10/card-util.c =================================================================== --- trunk/g10/card-util.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/card-util.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -58,6 +58,7 @@ break; #if GNUPG_MAJOR_VERSION != 1 case GPG_ERR_CANCELED: + case GPG_ERR_FULLY_CANCELED: write_status_text (STATUS_SC_OP_FAILURE, "1"); break; case GPG_ERR_BAD_PIN: Modified: trunk/g10/getkey.c =================================================================== --- trunk/g10/getkey.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/getkey.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -568,8 +568,9 @@ * first pubkey certificate which has the given name in a user_id. If * PK has the pubkey algo set, the function will only return a pubkey * with that algo. If NAMELIST is NULL, the first key is returned. - * The caller should provide storage for the PK. If RET_KB is not - * NULL the function will return the keyblock there. */ + * The caller should provide storage for the PK or pass NULL if it is + * not needed. If RET_KB is not NULL the function stores the entire + * keyblock at that address. */ static int key_byname (GETKEY_CTX *retctx, strlist_t namelist, PKT_public_key *pk, @@ -1146,12 +1147,13 @@ } -/* Get a key by name and store it into PK. If RETCTX is not NULL - * return the search context which needs to be released by the caller - * using getkey_end. If NAME is NULL use the default key (see below). - * On success and if RET_KEYBLOCK is not NULL the found keyblock is - * stored at this address. WANT_SECRET passed as true requires that a - * secret key is available for the selected key. +/* Get a key by name and store it into PK if that is not NULL. If + * RETCTX is not NULL return the search context which needs to be + * released by the caller using getkey_end. If NAME is NULL use the + * default key (see below). On success and if RET_KEYBLOCK is not + * NULL the found keyblock is stored at this address. WANT_SECRET + * passed as true requires that a secret key is available for the + * selected key. * * If WANT_SECRET is true and NAME is NULL and a default key has been * defined that defined key is used. In all other cases the first @@ -2459,7 +2461,7 @@ goto skip; } - if (want_secret && !have_any_secret_key (NULL, ctx->keyblock)) + if (want_secret && agent_probe_any_secret_key (NULL, ctx->keyblock)) goto skip; /* No secret key available. */ /* Warning: node flag bits 0 and 1 should be preserved by @@ -2504,57 +2506,42 @@ -/**************** - * FIXME: Replace by the generic function - * It does not work as it is right now - it is used at - * one place: to get the key for an anonymous recipient. - * - * set with_subkeys true to include subkeys - * set with_spm true to include secret-parts-missing keys - * - * Enumerate all primary secret keys. Caller must use these procedure: +/* + * Enumerate certain secret keys. Caller must use these procedure: * 1) create a void pointer and initialize it to NULL * 2) pass this void pointer by reference to this function * and provide space for the secret key (pass a buffer for sk) - * 3) call this function as long as it does not return -1 - * to indicate EOF. + * 3) call this function as long as it does not return an error. + * The error code GPG_ERR_EOF indicates the end of the listing. * 4) Always call this function a last time with SK set to NULL, * so that can free it's context. */ -int -enum_secret_keys (void **context, PKT_public_key * sk, - int with_subkeys, int with_spm) +gpg_error_t +enum_secret_keys (void **context, PKT_public_key *sk) { - log_debug ("FIXME: Anonymous recipient does not yet work\n"); - return -1; -#if 0 - - int rc = 0; + gpg_error_t err = 0; + const char *name; struct { int eof; - int first; - KEYDB_HANDLE hd; - KBNODE keyblock; - KBNODE node; + int state; + strlist_t sl; + kbnode_t keyblock; + kbnode_t node; } *c = *context; - if (!c) { /* Make a new context. */ - c = xmalloc_clear (sizeof *c); + c = xtrycalloc (1, sizeof *c); + if (!c) + return gpg_error_from_syserror (); *context = c; - c->hd = keydb_new (1); /*FIXME*/ - c->first = 1; - c->keyblock = NULL; - c->node = NULL; } if (!sk) { /* Free the context. */ - keydb_release (c->hd); release_kbnode (c->keyblock); xfree (c); *context = NULL; @@ -2562,48 +2549,79 @@ } if (c->eof) - return -1; + return gpg_error (GPG_ERR_EOF); - do + for (;;) { - /* Get the next secret key from the current keyblock. */ + /* Loop until we have a keyblock. */ + while (!c->keyblock) + { + /* Loop over the list of secret keys. */ + do + { + name = NULL; + switch (c->state) + { + case 0: /* First try to use the --default-key. */ + if (opt.def_secret_key && *opt.def_secret_key) + name = opt.def_secret_key; + c->state = 1; + break; + + case 1: /* Init list of keys to try. */ + c->sl = opt.secret_keys_to_try; + c->state++; + break; + + case 2: /* Get next item from list. */ + if (c->sl) + { + name = c->sl->d; + c->sl = c->sl->next; + } + else + c->state++; + break; + + default: /* No more names to check - stop. */ + c->eof = 1; + return gpg_error (GPG_ERR_EOF); + } + } + while (!name || !*name); + + err = getkey_byname (NULL, NULL, name, 1, &c->keyblock); + if (err) + { + /* getkey_byname might return a keyblock even in the + error case - I have not checked. Thus better release + it. */ + release_kbnode (c->keyblock); + c->keyblock = NULL; + } + else + c->node = c->keyblock; + } + + /* Get the next key from the current keyblock. */ for (; c->node; c->node = c->node->next) { - if ((c->node->pkt->pkttype == PKT_SECRET_KEY - || (with_subkeys - && c->node->pkt->pkttype == PKT_SECRET_SUBKEY)) - && !(c->node->pkt->pkt.secret_key->protect.s2k.mode == 1001 - && !with_spm)) + if (c->node->pkt->pkttype == PKT_PUBLIC_KEY + || c->node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { - copy_secret_key (sk, c->node->pkt->pkt.secret_key); + copy_public_key (sk, c->node->pkt->pkt.public_key); c->node = c->node->next; return 0; /* Found. */ } - } + } + + /* Dispose the keyblock and continue. */ release_kbnode (c->keyblock); - c->keyblock = c->node = NULL; - - rc = c->first ? keydb_search_first (c->hd) : keydb_search_next (c->hd); - c->first = 0; - if (rc) - { - keydb_release (c->hd); - c->hd = NULL; - c->eof = 1; - return -1; /* eof */ - } - - rc = keydb_get_keyblock (c->hd, &c->keyblock); - c->node = c->keyblock; + c->keyblock = NULL; } - while (!rc); +} - return rc; /* Error. */ -#endif -} - - /********************************************* *********** User ID printing helpers ******* *********************************************/ Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/gpg.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -177,6 +177,7 @@ oDefRecipient, oDefRecipientSelf, oNoDefRecipient, + oTrySecretKey, oOptions, oDebug, oDebugLevel, @@ -460,6 +461,8 @@ ARGPARSE_s_s (oLocalUser, "local-user", N_("|USER-ID|use USER-ID to sign or decrypt")), + ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"), + ARGPARSE_s_i (oCompress, NULL, N_("|N|set compress level to N (0 disables)")), ARGPARSE_s_i (oCompressLevel, "compress-level", "@"), @@ -1622,6 +1625,7 @@ es_printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE); es_printf ("default-key:%lu:\n", GC_OPT_FLAG_NONE); es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE); + es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE); es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE); es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE); es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT); @@ -2526,6 +2530,12 @@ sl->flags = 2; any_explicit_recipient = 1; break; + + case oTrySecretKey: + add_to_strlist2 (&opt.secret_keys_to_try, + pargs.r.ret_str, utf8_strings); + break; + case oTextmodeShort: opt.textmode = 2; break; case oTextmode: opt.textmode=1; break; case oNoTextmode: opt.textmode=0; break; Modified: trunk/g10/gpgv.c =================================================================== --- trunk/g10/gpgv.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/gpgv.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -546,3 +546,21 @@ (void)pk; return gpg_error (GPG_ERR_NO_SECKEY); } + +gpg_error_t +agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock) +{ + (void)ctrl; + (void)keyblock; + return gpg_error (GPG_ERR_NO_SECKEY); +} + +gpg_error_t +agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno) +{ + (void)ctrl; + (void)hexkeygrip; + *r_serialno = NULL; + return gpg_error (GPG_ERR_NO_SECKEY); +} + Modified: trunk/g10/import.c =================================================================== --- trunk/g10/import.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/import.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -362,7 +362,7 @@ * Read the next keyblock from stream A. * PENDING_PKT should be initialzed to NULL * and not chnaged form the caller. - * Retunr: 0 = okay, -1 no more blocks or another errorcode. + * Return: 0 = okay, -1 no more blocks or another errorcode. */ static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) @@ -1142,8 +1142,15 @@ stats->count++; stats->secret_read++; - /* For now we ignore the stub keys becuase we don't have real - support for them in gpg-agent. */ + /* We ignore stub keys. The way we handle them in other parts + of the code is by asking the agent whether any secret key is + available for a given keyblock and then concluding that we + have a secret key; all secret (sub)keys of the keyblock the + agent does not know of are then stub keys. This works also + for card stub keys. The learn command or the card-status + command may be used to check with the agent whether a card + has been inserted and a stub key is in turn generated by the + agent. */ if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002) continue; @@ -1288,7 +1295,8 @@ write_status (STATUS_RSA_OR_IDEA); idea_cipher_warn (0); } - if (gpg_err_code (err) == GPG_ERR_CANCELED) + if (gpg_err_code (err) == GPG_ERR_CANCELED + || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) break; /* Don't try the other subkeys. */ } } Modified: trunk/g10/keydb.h =================================================================== --- trunk/g10/keydb.h 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/keydb.h 2010-10-13 15:57:08 UTC (rev 5444) @@ -241,11 +241,8 @@ kbnode_t *ret_keyblock); void getkey_end (getkey_ctx_t ctx); -int have_any_secret_key (ctrl_t ctrl, kbnode_t keyblock); +gpg_error_t enum_secret_keys (void **context, PKT_public_key *pk); - -//int enum_secret_keys( void **context, PKT_secret_key *sk, -// int with_subkeys, int with_spm ); void merge_keys_and_selfsig( KBNODE keyblock ); char*get_user_id_string( u32 *keyid ); char*get_user_id_string_native( u32 *keyid ); Modified: trunk/g10/keyedit.c =================================================================== --- trunk/g10/keyedit.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/keyedit.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -1638,7 +1638,7 @@ /* See whether we have a matching secret key. */ if (seckey_check) { - have_seckey = have_any_secret_key (ctrl, keyblock); + have_seckey = !agent_probe_any_secret_key (ctrl, keyblock); if (have_seckey && !quiet) tty_printf (_("Secret key is available.\n")); } Modified: trunk/g10/keygen.c =================================================================== --- trunk/g10/keygen.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/keygen.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -3441,6 +3441,8 @@ u32 expire; unsigned int nbits; u32 cur_time; + char *hexgrip = NULL; + char *serialno = NULL; /* Break out the primary key. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); @@ -3476,38 +3478,17 @@ goto leave; } -#warning ask gpg-agent on the availibility of the secret key - /* if (pri_sk->is_protected && pri_sk->protect.s2k.mode == 1001) */ - /* { */ - /* tty_printf (_("Secret parts of primary key are not available.\n")); */ - /* err = G10ERR_NO_SECKEY; */ - /* goto leave; */ - /* } */ + err = hexkeygrip_from_pk (pri_psk, &hexgrip); + if (err) + goto leave; + if (agent_get_keyinfo (NULL, hexgrip, &serialno)) + { + tty_printf (_("Secret parts of primary key are not available.\n")); + goto leave; + } + if (serialno) + tty_printf (_("Secret parts of primary key are stored on-card.\n")); - - /* /\* Unprotect to get the passphrase. *\/ */ - /* switch (is_secret_key_protected (pri_sk) ) */ - /* { */ - /* case -1: */ - /* err = G10ERR_PUBKEY_ALGO; */ - /* break; */ - /* case 0: */ - /* tty_printf (_("This key is not protected.\n")); */ - /* break; */ - /* case -2: */ - /* tty_printf (_("Secret parts of primary key are stored on-card.\n")); */ - /* ask_pass = 1; */ - /* break; */ - /* default: */ - /* tty_printf (_("Key is protected.\n")); */ - /* err = check_secret_key ( pri_sk, 0 ); */ - /* if (!err) */ - /* passphrase = get_last_passphrase(); */ - /* break; */ - /* } */ - /* if (err) */ - /* goto leave; */ - algo = ask_algo (1, NULL, &use); assert (algo); nbits = ask_keysize (algo, 0); @@ -3536,6 +3517,8 @@ write_status_text (STATUS_KEY_CREATED, "S"); leave: + xfree (hexgrip); + xfree (serialno); if (err) log_error (_("Key generation failed: %s\n"), g10_errstr (err) ); return err; Modified: trunk/g10/keylist.c =================================================================== --- trunk/g10/keylist.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/keylist.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -40,11 +40,12 @@ #include "main.h" #include "i18n.h" #include "status.h" +#include "call-agent.h" static void list_all (int); static void list_one (strlist_t names, int secret); static void locate_one (ctrl_t ctrl, strlist_t names); -static void print_card_serialno (PKT_public_key *sk); +static void print_card_serialno (const char *serialno); struct sig_stats { @@ -175,6 +176,7 @@ /* Print basic information of a secret key including the card serial number information. */ +#ifdef ENABLE_CARD_SUPPORT void print_card_key_info (estream_t fp, kbnode_t keyblock) { @@ -224,9 +226,9 @@ /* } */ /* } */ } +#endif /*ENABLE_CARD_SUPPORT*/ - /* Flags = 0x01 hashed 0x02 critical. */ static void status_one_subpacket (sigsubpkttype_t type, size_t len, int flags, @@ -444,7 +446,7 @@ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr (rc)); goto leave; } - if (secret && !have_any_secret_key (NULL, keyblock)) + if (secret && agent_probe_any_secret_key (NULL, keyblock)) ; /* Secret key listing requested but this isn't one. */ else { @@ -757,13 +759,15 @@ static void list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque) { - int rc = 0; + int rc; KBNODE kbctx; KBNODE node; PKT_public_key *pk; struct sig_stats *stats = opaque; int skip_sigs = 0; int s2k_char; + char *hexgrip = NULL; + char *serialno = NULL; /* Get the keyid from the keyblock. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); @@ -775,11 +779,24 @@ } pk = node->pkt->pkt.public_key; + + if (secret || opt.with_keygrip) + { + rc = hexkeygrip_from_pk (pk, &hexgrip); + if (rc) + log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); + } + + if (secret) + { + if (!agent_get_keyinfo (NULL, hexgrip, &serialno)) + s2k_char = serialno? '>':' '; + else + s2k_char = '#'; /* Key not found. */ + } + else + s2k_char = ' '; - /* Fixme: Get s2k mode from the agent. */ - s2k_char = (/*(sk->protect.s2k.mode == 1001)? '#' : - (sk->protect.s2k.mode == 1002)? '>' : */' '); - check_trustdb_stale (); es_fprintf (es_stdout, "%s%c %4u%c/%s %s", @@ -822,20 +839,12 @@ if (fpr) print_fingerprint (pk, 0); - if (opt.with_keygrip) - { - char *p; + if (opt.with_keygrip && hexgrip) + es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip); - if (!hexkeygrip_from_pk (pk, &p)) - { - es_fprintf (es_stdout, " Keygrip = %s\n", p); - xfree (p); - } - } + if (serialno) + print_card_serialno (serialno); - /* FIXME: Change this function to take a PK and ask the agent: */ - /* if (secret) print_card_serialno (sk); */ - if (opt.with_key_data) print_key_data (pk); @@ -895,10 +904,25 @@ else skip_sigs = 0; - /* Fixme: Get s2k mode from the agent. */ - s2k_char = (/*(sk->protect.s2k.mode == 1001)? '#' : - (sk->protect.s2k.mode == 1002)? '>' : */' '); - + xfree (serialno); serialno = NULL; + xfree (hexgrip); hexgrip = NULL; + if (secret || opt.with_keygrip) + { + rc = hexkeygrip_from_pk (pk2, &hexgrip); + if (rc) + log_error ("error computing a keygrip: %s\n", + gpg_strerror (rc)); + } + if (secret) + { + if (!agent_get_keyinfo (NULL, hexgrip, &serialno)) + s2k_char = serialno? '>':' '; + else + s2k_char = '#'; /* Key not found. */ + } + else + s2k_char = ' '; + es_fprintf (es_stdout, "%s%c %4u%c/%s %s", secret? "ssb":"sub", s2k_char, @@ -926,20 +950,11 @@ if (fpr > 1) { print_fingerprint (pk2, 0); - /* FIXME: (see above) */ - /* if (secret) */ - /* print_card_serialno (sk2); */ + if (serialno) + print_card_serialno (serialno); } - if (opt.with_keygrip) - { - char *p; - - if (!hexkeygrip_from_pk (pk2, &p)) - { - es_fprintf (es_stdout, " Keygrip = %s\n", p); - xfree (p); - } - } + if (opt.with_keygrip && hexgrip) + es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip); if (opt.with_key_data) print_key_data (pk2); } @@ -1050,6 +1065,8 @@ } } es_putc ('\n', es_stdout); + xfree (serialno); + xfree (hexgrip); } void @@ -1079,7 +1096,7 @@ static void list_keyblock_colon (KBNODE keyblock, int secret, int fpr) { - int rc = 0; + int rc; KBNODE kbctx; KBNODE node; PKT_public_key *pk; @@ -1088,6 +1105,9 @@ int ulti_hack = 0; int i; char *p; + char *hexgrip = NULL; + char *serialno = NULL; + int stubkey; /* Get the keyid from the keyblock. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); @@ -1099,6 +1119,15 @@ } pk = node->pkt->pkt.public_key; + if (secret || opt.with_keygrip || opt.with_key_data) + { + rc = hexkeygrip_from_pk (pk, &hexgrip); + if (rc) + log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); + } + stubkey = 0; + if (secret && agent_get_keyinfo (NULL, hexgrip, &serialno)) + stubkey = 1; /* Key not found. */ keyid_from_pk (pk, keyid); es_fputs (secret? "sec:":"pub:", es_stdout); @@ -1135,16 +1164,10 @@ { es_putc (':', es_stdout); /* End of field 13. */ es_putc (':', es_stdout); /* End of field 14. */ - if (/*FIXME sk->protect.s2k.mode*/1 == 1001) - es_putc ('#', es_stdout); /* Key is just a stub. */ - else if (/*FIXME sk->protect.s2k.mode*/1 == 1002) - { - /* Key is stored on an external token (card) or handled by - the gpg-agent. Print the serial number of that token - here. */ - /* FIXME: for (i = 0; i < sk->protect.ivlen; i++) */ - /* es_fprintf (es_stdout, "%02X", sk->protect.iv[i]); */ - } + if (stubkey) + es_putc ('#', es_stdout); + else if (serialno) + es_fputs(serialno, es_stdout); es_putc (':', es_stdout); /* End of field 15. */ } es_putc ('\n', es_stdout); @@ -1154,11 +1177,8 @@ print_fingerprint (pk, 0); if (opt.with_key_data || opt.with_keygrip) { - if (!hexkeygrip_from_pk (pk, &p)) - { - es_fprintf (es_stdout, "grp:::::::::%s:\n", p); - xfree (p); - } + if (hexgrip) + es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); if (opt.with_key_data) print_key_data (pk); } @@ -1213,8 +1233,22 @@ else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { u32 keyid2[2]; - PKT_public_key *pk2 = node->pkt->pkt.public_key; + PKT_public_key *pk2; + pk2 = node->pkt->pkt.public_key; + xfree (hexgrip); hexgrip = NULL; + xfree (serialno); serialno = NULL; + if (secret || opt.with_keygrip || opt.with_key_data) + { + rc = hexkeygrip_from_pk (pk2, &hexgrip); + if (rc) + log_error ("error computing a keygrip: %s\n", + gpg_strerror (rc)); + } + stubkey = 0; + if (secret && agent_get_keyinfo (NULL, hexgrip, &serialno)) + stubkey = 1; /* Key not found. */ + keyid_from_pk (pk2, keyid2); es_fputs (secret? "ssb:":"sub:", es_stdout); if (!pk2->is_valid) @@ -1243,16 +1277,10 @@ { es_putc (':', es_stdout); /* End of field 13. */ es_putc (':', es_stdout); /* End of field 14. */ - if (/*FIXME:sk2->protect.s2k.mode*/1 == 1001) - es_putc ('#', es_stdout); /* Key is just a stub. */ - else if (/*FIXME: sk2->protect.s2k.mode*/1 == 1002) - { - /* Key is stored on an external token (card) or - handled by the gpg-agent. Print the serial - number of that token here. */ - /* FIXME: for (i = 0; i < sk2->protect.ivlen; i++) - es_fprintf (es_stdout, "%02X", sk2->protect.iv[i]); */ - } + if (stubkey) + es_putc ('#', es_stdout); + else if (serialno) + es_fputs (serialno, es_stdout); es_putc (':', es_stdout); /* End of field 15. */ } es_putc ('\n', es_stdout); @@ -1260,11 +1288,8 @@ print_fingerprint (pk2, 0); if (opt.with_key_data || opt.with_keygrip) { - if (!hexkeygrip_from_pk (pk2, &p)) - { - es_fprintf (es_stdout, "grp:::::::::%s:\n", p); - xfree (p); - } + if (hexgrip) + es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); if (opt.with_key_data) print_key_data (pk2); } @@ -1385,6 +1410,9 @@ /* fixme: check or list other sigs here */ } } + + xfree (hexgrip); + xfree (serialno); } /* @@ -1550,38 +1578,25 @@ /* Print the serial number of an OpenPGP card if available. */ static void -print_card_serialno (PKT_public_key *pk) +print_card_serialno (const char *serialno) { - log_debug ("Fixme: Needs to be adjusted to gpg-agent\n"); - /* int i; */ + if (!serialno) + return; + if (opt.with_colons) + return; /* Handled elsewhere. */ - /* if (!sk) */ - /* return; */ - /* if (!sk->is_protected || sk->protect.s2k.mode != 1002) */ - /* return; /\* Not a card. *\/ */ - /* if (opt.with_colons) */ - /* return; /\* Handled elsewhere. *\/ */ - - /* es_fputs (_(" Card serial no. ="), es_stdout); */ - /* es_putc (' ', es_stdout); */ - /* if (sk->protect.ivlen == 16 */ - /* && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6)) */ - /* { */ - /* /\* This is an OpenPGP card. Just print the relevant part. *\/ */ - /* for (i = 8; i < 14; i++) */ - /* { */ - /* if (i == 10) */ - /* es_putc (' ', es_stdout); */ - /* es_fprintf (es_stdout, "%02X", sk->protect.iv[i]); */ - /* } */ - /* } */ - /* else */ - /* { */ - /* /\* Something is wrong: Print all. *\/ */ - /* for (i = 0; i < sk->protect.ivlen; i++) */ - /* es_fprintf (es_stdout, "%02X", sk->protect.iv[i]); */ - /* } */ - /* es_putc ('\n', es_stdout); */ + es_fputs (_(" Card serial no. ="), es_stdout); + es_putc (' ', es_stdout); + if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12)) + { + /* This is an OpenPGP card. Print the relevant part. */ + /* Example: D2760001240101010001000003470000 */ + /* xxxxyyyyyyyy */ + es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20); + } + else + es_fputs (serialno, es_stdout); + es_putc ('\n', es_stdout); } Modified: trunk/g10/misc.c =================================================================== --- trunk/g10/misc.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/misc.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -555,11 +555,10 @@ /* if(agent_scd_getattr("SIG-COUNTER",&info)==0) */ /* return info.sig_counter; */ /* } */ -#endif - - /* How to do this without a card? */ - +#else + (void)pk; return 0; +#endif } /* Expand %-strings. Returns a string which must be xfreed. Returns Modified: trunk/g10/options.h =================================================================== --- trunk/g10/options.h 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/options.h 2010-10-13 15:57:08 UTC (rev 5444) @@ -79,6 +79,8 @@ const char *def_secret_key; char *def_recipient; int def_recipient_self; + strlist_t secret_keys_to_try; + int def_cert_level; int min_cert_level; int ask_cert_level; Modified: trunk/g10/passphrase.c =================================================================== --- trunk/g10/passphrase.c 2010-10-11 12:36:27 UTC (rev 5443) +++ trunk/g10/passphrase.c 2010-10-13 15:57:08 UTC (rev 5444) @@ -211,17 +211,6 @@ return p; } -/* As if we had used the passphrase - make it the last_pw. */ -void -next_to_last_passphrase(void) -{ - if (next_pw) - { - last_pw=next_pw; - next_pw=NULL; - } -} - /* Here's an interesting question: since this passphrase was passed in on the command line, is there really any point in using secure memory for it? I'm going with 'yes', since it doesn't hurt, and @@ -407,7 +396,8 @@ if (!rc) From cvs at cvs.gnupg.org Thu Oct 14 10:32:56 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 14 Oct 2010 10:32:56 +0200 Subject: [svn] GnuPG - r5445 - in trunk: agent common tests tests/openpgp tools Message-ID: Author: wk Date: 2010-10-14 10:32:55 +0200 (Thu, 14 Oct 2010) New Revision: 5445 Modified: trunk/agent/gpg-agent.c trunk/common/ChangeLog trunk/common/asshelp.c trunk/tests/Makefile.am trunk/tests/openpgp/Makefile.am trunk/tests/openpgp/defs.inc trunk/tests/openpgp/gpg-agent.conf.tmpl trunk/tools/ChangeLog trunk/tools/gpg-connect-agent.c trunk/tools/gpgconf-comp.c trunk/tools/gpgconf.c Log: Some tweaks to the agent startup. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/common/ChangeLog 2010-10-14 08:32:55 UTC (rev 5445) @@ -1,3 +1,9 @@ +2010-10-14 Werner Koch + + * asshelp.c (start_new_gpg_agent): Print a notice once the agent + has been started. + (start_new_dirmngr): Likewise. + 2010-10-13 Werner Koch * miscellaneous.c (parse_version_number, parse_version_string) Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/tools/ChangeLog 2010-10-14 08:32:55 UTC (rev 5445) @@ -1,3 +1,11 @@ +2010-10-14 Werner Koch + + * gpg-connect-agent.c (start_agent): Rewrite using the + start_new_gpg_agent function. + + * gpgconf-comp.c (gpg_agent_runtime_change): Use gpg-connect-agent + on all platforms. + 2010-10-06 Werner Koch * watchgnupg.c (print_version): Add option --time-only. Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/agent/gpg-agent.c 2010-10-14 08:32:55 UTC (rev 5445) @@ -850,8 +850,31 @@ /*log_info ("NOTE: this is a development version!\n");*/ #endif +#ifdef ENABLE_NLS + /* gpg-agent usually does not output any messages because it runs in + the background. For log files it is acceptable to have messages + always encoded in utf-8. We switch here to utf-8, so that + commands like --help still give native messages. It is far + easier to switch only once instead of for every message and it + actually helps when more then one thread is active (avoids an + extra copy step). */ + bind_textdomain_codeset (PACKAGE_GT, "UTF-8"); +#endif + + if (!pipe_server && !is_daemon && !gpgconf_list) + { + /* We have been called without any options and thus we merely + check whether an agent is already running. We do this right + here so that we don't clobber a logfile with this check but + print the status directly to stderr. */ + opt.debug = 0; + set_debug (); + check_for_running_agent (0, 0); + agent_exit (0); + } + set_debug (); - + if (atexit (cleanup)) { log_error ("atexit failed\n"); @@ -939,27 +962,6 @@ agent_exit (0); } - /* If this has been called without any options, we merely check - whether an agent is already running. We do this here so that we - don't clobber a logfile but print it directly to stderr. */ - if (!pipe_server && !is_daemon) - { - log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX); - check_for_running_agent (0, 0); - agent_exit (0); - } - -#ifdef ENABLE_NLS - /* gpg-agent usually does not output any messages because it runs in - the background. For log files it is acceptable to have messages - always encoded in utf-8. We switch here to utf-8, so that - commands like --help still give native messages. It is far - easier to switch only once instead of for every message and it - actually helps when more then one thread is active (avoids an - extra copy step). */ - bind_textdomain_codeset (PACKAGE_GT, "UTF-8"); -#endif - /* Now start with logging to a file if this is desired. */ if (logfile) { Modified: trunk/common/asshelp.c =================================================================== --- trunk/common/asshelp.c 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/common/asshelp.c 2010-10-14 08:32:55 UTC (rev 5445) @@ -422,14 +422,19 @@ int i; if (verbose) - log_info (_("waiting %d seconds for the %s " - "to come up\n"), 5, "agent" ); + log_info (_("waiting %d seconds for the agent " + "to come up\n"), 5); for (i=0; i < 5; i++) { gnupg_sleep (1); err = assuan_socket_connect (ctx, sockname, 0, 0); if (!err) - break; + { + if (verbose && !debug) + log_info (_("connection to agent" + " established\n")); + break; + } } } } @@ -513,7 +518,7 @@ } if (debug) - log_debug ("connection to agent established\n"); + log_debug (_("connection to agent established\n")); err = assuan_transact (ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL); @@ -606,14 +611,19 @@ int i; if (verbose) - log_info (_("waiting %d seconds for the %s to come up\n"), - 5, "dirmngr" ); + log_info (_("waiting %d seconds for the dirmngr to come up\n"), + 5); for (i=0; i < 5; i++) { gnupg_sleep (1); err = assuan_socket_connect (ctx, sockname, 0, 0); if (!err) - break; + { + if (verbose && !debug) + log_info (_("connection to the dirmngr" + " established\n")); + break; + } } } } @@ -637,7 +647,7 @@ } if (debug) - log_debug ("connection to the dirmngr established\n"); + log_debug (_("connection to the dirmngr established\n")); *r_ctx = ctx; return 0; Modified: trunk/tests/Makefile.am =================================================================== --- trunk/tests/Makefile.am 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/tests/Makefile.am 2010-10-14 08:32:55 UTC (rev 5445) @@ -46,7 +46,7 @@ samplekeys/cert_g10code_test1.pem \ samplekeys/cert_g10code_theo1.pem -# We used to run $(testscripts) here but tehse asschk scripts ares not +# We used to run $(testscripts) here but these asschk scripts ares not # completely reliable in all enviromnets and thus we better disable # them. The tests are anyway way to minimal. We will eventually # write new tests based on gpg-connect-agent which has a full fledged Modified: trunk/tests/openpgp/Makefile.am =================================================================== --- trunk/tests/openpgp/Makefile.am 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/tests/openpgp/Makefile.am 2010-10-14 08:32:55 UTC (rev 5445) @@ -16,15 +16,14 @@ # along with this program; if not, see . # Process this file with automake to create Makefile.in -GPG_IMPORT = ../../g10/gpg2 --homedir . \ +GPG_IMPORT = ../../g10/gpg2 --homedir $(abs_builddir) \ --quiet --yes --no-permission-warning --import # Programs required before we can run these tests. required_pgms = ../../g10/gpg2 ../../agent/gpg-agent \ ../../tools/gpg-connect-agent -TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \ - ../../agent/gpg-agent --quiet --daemon sh +TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C TESTS = version.test mds.test \ decrypt.test decrypt-dsa.test \ @@ -68,7 +67,6 @@ prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \ ./pubring.pkr ./secring.skr ./gpg_dearmor $(DATA_FILES) $(GPG_IMPORT) $(srcdir)/pubdemo.asc - cat $(srcdir)/gpg-agent.conf.tmpl > gpg-agent.conf echo timestamp >./prepared.stamp # We need to depend on a couple of programs so that the tests don't Modified: trunk/tests/openpgp/defs.inc =================================================================== --- trunk/tests/openpgp/defs.inc 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/tests/openpgp/defs.inc 2010-10-14 08:32:55 UTC (rev 5445) @@ -1,6 +1,6 @@ # Definitions for the OpenPGP test scripts -*- sh -*- # Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, -# 2007 Free Software Foundation, Inc. +# 2007, 2010 Free Software Foundation, Inc. # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. This file is @@ -161,26 +161,27 @@ [ -z "$srcdir" ] && fatal "not called from make" -# Make sure we have a valid option files even with VPATH builds. -for f in gpg.conf ; do - if [ -f ./$f ]; then - : - elif [ -f $srcdir/$f.tmpl ]; then - cat $srcdir/$f.tmpl >$f - fi -done - # Always work in the current directory. We set GNUPGHOME only if it # has not been set already. Usually it is set through the Makefile's # TESTS_ENVIRONMENT macro. if [ -z "$GNUPGHOME" ]; then - GNUPGHOME=`pwd` + GNUPGHOME=`/bin/pwd` export GNUPGHOME -elif [ "$GNUPGHOME" != `pwd` ]; then +elif [ "$GNUPGHOME" != `/bin/pwd` ]; then echo "$pgmname: GNUPGHOME not set to the cwd" $* >&2 exit 1 fi +# Make sure we have a valid option files even with VPATH builds. +for f in gpg.conf gpg-agent.conf ; do + if [ -f ./$f ]; then + : + elif [ -f $srcdir/$f.tmpl ]; then + cat $srcdir/$f.tmpl >$f + fi +done + +# (--no-permission-warning makes only sense on the commandline) GPG="../../g10/gpg2 --no-permission-warning " echo "Test: $pgmname" > ${pgmname}.log Modified: trunk/tests/openpgp/gpg-agent.conf.tmpl =================================================================== --- trunk/tests/openpgp/gpg-agent.conf.tmpl 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/tests/openpgp/gpg-agent.conf.tmpl 2010-10-14 08:32:55 UTC (rev 5445) @@ -1,2 +1,3 @@ -no-use-standard-socket +use-standard-socket + Modified: trunk/tools/gpg-connect-agent.c =================================================================== --- trunk/tools/gpg-connect-agent.c 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/tools/gpg-connect-agent.c 2010-10-14 08:32:55 UTC (rev 5445) @@ -2156,131 +2156,28 @@ static assuan_context_t start_agent (void) { - int rc = 0; - char *infostr, *p; + gpg_error_t err; assuan_context_t ctx; session_env_t session_env; - infostr = getenv ("GPG_AGENT_INFO"); - if (!infostr || !*infostr) - { - char *sockname; - - rc = assuan_new (&ctx); - if (rc) - { - log_error ("assuan_new failed: %s\n", gpg_strerror (rc)); - exit (1); - } - - /* Check whether we can connect at the standard socket. */ - sockname = make_filename (opt.homedir, "S.gpg-agent", NULL); - rc = assuan_socket_connect (ctx, sockname, 0, 0); - -#ifdef HAVE_W32_SYSTEM - /* If we failed to connect under Windows, we fire up the agent. */ - if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED) - { - const char *agent_program; - const char *argv[3]; - int save_rc = rc; - - if (opt.verbose) - log_info (_("no running gpg-agent - starting one\n")); - agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT); - - argv[0] = "--daemon"; - argv[1] = "--use-standard-socket"; - argv[2] = NULL; - - rc = gnupg_spawn_process_detached (agent_program, argv, NULL); - if (rc) - log_debug ("failed to start agent `%s': %s\n", - agent_program, gpg_strerror (rc)); - else - { - /* Give the agent some time to prepare itself. */ - gnupg_sleep (3); - /* Now try again to connect the agent. */ - rc = assuan_new (&ctx); - if (rc) - { - log_error ("assuan_new failed: %s\n", gpg_strerror (rc)); - exit (1); - } - - rc = assuan_socket_connect (ctx, sockname, 0, 0); - } - if (rc) - rc = save_rc; - } -#endif /*HAVE_W32_SYSTEM*/ - xfree (sockname); - } - else - { - int prot; - int pid; - - infostr = xstrdup (infostr); - if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr) - { - log_error (_("malformed GPG_AGENT_INFO environment variable\n")); - xfree (infostr); - exit (1); - } - *p++ = 0; - pid = atoi (p); - while (*p && *p != PATHSEP_C) - p++; - prot = *p? atoi (p+1) : 0; - if (prot != 1) - { - log_error (_("gpg-agent protocol version %d is not supported\n"), - prot); - xfree (infostr); - exit (1); - } - - rc = assuan_new (&ctx); - if (rc) - { - log_error ("assuan_new failed: %s\n", gpg_strerror (rc)); - exit (1); - } - - rc = assuan_socket_connect (ctx, infostr, pid, 0); - xfree (infostr); - } - - if (rc) - { - log_error ("can't connect to the agent: %s\n", gpg_strerror (rc)); - exit (1); - } - - if (opt.verbose) - log_info ("connection to agent established\n"); - - rc = assuan_transact (ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL); - if (rc) - { - log_error (_("error sending %s command: %s\n"), "RESET", - gpg_strerror (rc)); - exit (1); - } - session_env = session_env_new (); if (!session_env) log_fatal ("error allocating session environment block: %s\n", strerror (errno)); - rc = send_pinentry_environment (ctx, GPG_ERR_SOURCE_DEFAULT, - NULL, NULL, session_env); + err = start_new_gpg_agent (&ctx, + GPG_ERR_SOURCE_DEFAULT, + opt.homedir, + NULL, + NULL, NULL, + session_env, + !opt.quiet, 0, + NULL, NULL); + session_env_release (session_env); - if (rc) + if (err) { - log_error (_("error sending standard options: %s\n"), gpg_strerror (rc)); + log_error (_("error sending standard options: %s\n"), gpg_strerror (err)); exit (1); } Modified: trunk/tools/gpgconf-comp.c =================================================================== --- trunk/tools/gpgconf-comp.c 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/tools/gpgconf-comp.c 2010-10-14 08:32:55 UTC (rev 5445) @@ -1032,35 +1032,6 @@ static void gpg_agent_runtime_change (void) { -#ifndef HAVE_W32_SYSTEM - char *agent = getenv ("GPG_AGENT_INFO"); - char *pid_str; - unsigned long pid_long; - char *tail; - pid_t pid; - - if (!agent) - return; - - pid_str = strchr (agent, ':'); - if (!pid_str) - return; - - pid_str++; - errno = 0; - pid_long = strtoul (pid_str, &tail, 0); - if (errno || (*tail != ':' && *tail != '\0')) - return; - - pid = (pid_t) pid_long; - - /* Check for overflow. */ - if (pid_long != (unsigned long) pid) - return; - - /* Ignore any errors here. */ - kill (pid, SIGHUP); -#else gpg_error_t err; const char *pgmname; const char *argv[2]; @@ -1077,7 +1048,6 @@ gc_error (0, 0, "error running `%s%s': %s", pgmname, " reloadagent", gpg_strerror (err)); gnupg_release_process (pid); -#endif /*!HAVE_W32_SYSTEM*/ } Modified: trunk/tools/gpgconf.c =================================================================== --- trunk/tools/gpgconf.c 2010-10-13 15:57:08 UTC (rev 5444) +++ trunk/tools/gpgconf.c 2010-10-14 08:32:55 UTC (rev 5445) @@ -50,7 +50,6 @@ aCheckConfig, aListDirs, aReload - }; @@ -72,7 +71,7 @@ N_("list global configuration file") }, { aCheckConfig, "check-config", 256, N_("check global configuration file") }, - { aReload, "reload", 256, "@" }, + { aReload, "reload", 256, N_("reload all or a given component")}, { 301, NULL, 0, N_("@\nOptions:\n ") }, From cvs at cvs.gnupg.org Thu Oct 14 18:34:36 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 14 Oct 2010 18:34:36 +0200 Subject: [svn] GnuPG - r5446 - in trunk: agent doc g10 tests/openpgp tests/openpgp/privkeys tools Message-ID: Author: wk Date: 2010-10-14 18:34:31 +0200 (Thu, 14 Oct 2010) New Revision: 5446 Added: trunk/tests/openpgp/finish.test trunk/tests/openpgp/privkeys/ trunk/tests/openpgp/privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc trunk/tests/openpgp/privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc trunk/tests/openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc trunk/tests/openpgp/privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc trunk/tests/openpgp/privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc trunk/tests/openpgp/privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc trunk/tests/openpgp/privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc trunk/tests/openpgp/privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc trunk/tests/openpgp/privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc Modified: trunk/agent/ChangeLog trunk/agent/agent.h trunk/agent/command.c trunk/agent/genkey.c trunk/doc/DETAILS trunk/doc/gpg-agent.texi trunk/doc/tools.texi trunk/g10/ChangeLog trunk/g10/call-agent.c trunk/g10/call-agent.h trunk/g10/keygen.c trunk/tests/openpgp/ChangeLog trunk/tests/openpgp/Makefile.am trunk/tests/openpgp/decrypt-dsa.test trunk/tests/openpgp/decrypt.test trunk/tests/openpgp/defs.inc trunk/tests/openpgp/encrypt-dsa.test trunk/tests/openpgp/genkey1024.test trunk/tests/openpgp/gpg-agent.conf.tmpl trunk/tests/openpgp/mkdemodirs trunk/tests/openpgp/multisig.test trunk/tests/openpgp/seat.test trunk/tests/openpgp/signencrypt-dsa.test trunk/tests/openpgp/sigs-dsa.test trunk/tests/openpgp/sigs.test trunk/tests/openpgp/version.test trunk/tools/ChangeLog trunk/tools/gpg-connect-agent.c Log: All tests work are again working Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/agent/ChangeLog 2010-10-14 16:34:31 UTC (rev 5446) @@ -1,3 +1,8 @@ +2010-10-14 Werner Koch + + * command.c (cmd_genkey): Add option --no-protection. + * genkey.c (agent_genkey): Add arg NO_PROTECTION. + 2010-10-13 Werner Koch * call-pinentry.c (agent_get_passphrase): Support the close_button. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/g10/ChangeLog 2010-10-14 16:34:31 UTC (rev 5446) @@ -1,3 +1,12 @@ +2010-10-14 Werner Koch + + * call-agent.c (agent_genkey): Add arg NO_PROTECTION. + * keygen.c (do_create, gen_elg, gen_dsa, gen_rsa, common_gen): Add + arg KEYGEN_FLAGS. + (read_parameter_file): Add options no-protection and transient-key. + (KEYGEN_FLAG_NO_PROTECTION, KEYGEN_FLAG_TRANSIENT_KEY): New. + (gen_rsa, gen_dsa, gen_elg): Use transient-key. + 2010-10-13 Werner Koch * call-agent.c (start_agent): Send option agent-awareness. Modified: trunk/tests/openpgp/ChangeLog =================================================================== --- trunk/tests/openpgp/ChangeLog 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/tests/openpgp/ChangeLog 2010-10-14 16:34:31 UTC (rev 5446) @@ -1,3 +1,24 @@ +2010-10-14 Werner Koch + + * genkey1024.test: Use the new no-protection option. + + * decrypt-dsa.test: Do not specify an extra keyring. The keyring + has been loaded into pubring.gpg. + * sigs-dsa.test: Ditto. + * encrypt-dsa.test: Ditto. + * signencrypt-dsa.test: Ditto. + + * decrypt.test: Remove passphrase stuff. + * sigs.test: Ditto. + + * privkeys/: New. + + * Makefile.am: Move most stuff to ... + * version.test: Prepare data files etc. + * finish.test: New. + * defs.inc: Set all envvars. + (usrname1, usrname2, username3): Use full mail address. + 2010-06-07 Werner Koch * Makefile.am (TESTS_ENVIRONMENT): New. Start all scripts under Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/tools/ChangeLog 2010-10-14 16:34:31 UTC (rev 5446) @@ -1,5 +1,7 @@ 2010-10-14 Werner Koch + * gpg-connect-agent.c: Add option --agent-program. + * gpg-connect-agent.c (start_agent): Rewrite using the start_new_gpg_agent function. Modified: trunk/agent/agent.h =================================================================== --- trunk/agent/agent.h 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/agent/agent.h 2010-10-14 16:34:31 UTC (rev 5446) @@ -293,7 +293,8 @@ gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, char **r_passphrase); int agent_genkey (ctrl_t ctrl, const char *cache_nonce, - const char *keyparam, size_t keyparmlen, membuf_t *outbuf); + const char *keyparam, size_t keyparmlen, + int no_protection, membuf_t *outbuf); int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); /*-- protect.c --*/ Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/agent/command.c 2010-10-14 16:34:31 UTC (rev 5446) @@ -806,7 +806,7 @@ static const char hlp_genkey[] = - "GENKEY []\n" + "GENKEY [--no-protection] []\n" "\n" "Generate a new key, store the secret part and return the public\n" "part. Here is an example transaction:\n" @@ -824,12 +824,16 @@ { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; + int no_protection; unsigned char *value; size_t valuelen; membuf_t outbuf; char *cache_nonce = NULL; char *p; + no_protection = has_option (line, "--no-protection"); + line = skip_options (line); + p = line; for (p=line; *p && *p != ' ' && *p != '\t'; p++) ; @@ -844,7 +848,8 @@ init_membuf (&outbuf, 512); - rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, &outbuf); + rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection, + &outbuf); xfree (value); if (rc) clear_outbuf (&outbuf); Modified: trunk/agent/genkey.c =================================================================== --- trunk/agent/genkey.c 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/agent/genkey.c 2010-10-14 16:34:31 UTC (rev 5446) @@ -352,10 +352,11 @@ /* Generate a new keypair according to the parameters given in KEYPARAM. If CACHE_NONCE is given first try to lookup a passphrase - using the cache nonce. */ + using the cache nonce. If NO_PROTECTION is true the key will not + be protected by a passphrase. */ int agent_genkey (ctrl_t ctrl, const char *cache_nonce, - const char *keyparam, size_t keyparamlen, + const char *keyparam, size_t keyparamlen, int no_protection, membuf_t *outbuf) { gcry_sexp_t s_keyparam, s_key, s_private, s_public; @@ -372,8 +373,12 @@ } /* Get the passphrase now, cause key generation may take a while. */ - passphrase = cache_nonce? agent_get_cache (cache_nonce, CACHE_MODE_NONCE):NULL; - if (passphrase) + if (no_protection || !cache_nonce) + passphrase = NULL; + else + passphrase = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); + + if (passphrase || no_protection) rc = 0; else rc = agent_ask_new_passphrase (ctrl, @@ -424,7 +429,8 @@ gcry_create_nonce (tmpbuf, 12); cache_nonce = bin2hex (tmpbuf, 12, NULL); } - if (cache_nonce + if (cache_nonce + && !no_protection && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 900 /*seconds*/)) agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); Modified: trunk/doc/DETAILS =================================================================== --- trunk/doc/DETAILS 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/doc/DETAILS 2010-10-14 16:34:31 UTC (rev 5446) @@ -826,6 +826,19 @@ entry code. This is a global option. %no-ask-passphrase Disable the ask-passphrase mode. + %no-protection + With GnuPG 2.1 it is not anymore possible to specify a + passphrase for unattended key generation. The passphrase + command is simply ignored and %ask-passpharse is thus + implicitly enabled. Using this option allows to the creation + of keys without any passphrases. This option is mainly + intended for regression tests. + %transient-key + If given the keys are created using a faster and a somewhat + less secure random number generator. This option may be used + for keys which are only used for a short time and do not + require full cryptographic strength. It takes only effect if + used together with the option no-protection. o The order of the parameters does not matter except for "Key-Type" which must be the first parameter. The parameters are only for the Modified: trunk/doc/gpg-agent.texi =================================================================== --- trunk/doc/gpg-agent.texi 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/doc/gpg-agent.texi 2010-10-14 16:34:31 UTC (rev 5446) @@ -485,7 +485,7 @@ @item --enable-ssh-support @opindex enable-ssh-support -Enable emulation of the OpenSSH Agent protocol. +Enable the OpenSSH Agent protocol. In this mode of operation, the agent does not only implement the gpg-agent protocol, but also the agent protocol used by OpenSSH @@ -512,11 +512,21 @@ following command may be used: @smallexample -echo UPDATESTARTUPTTY | gpg-connect-agent +gpg-connect-agent updatestartuptty /bye @end smallexample +Although all GnuPG components try to start the gpg-agent as needed, this +is not possible for the ssh support because ssh does not know about it. +Thus if no GnuPG tool which accesses the agent has been run, there is no +guarantee that ssh is abale to use gpg-agent for authentication. To fix +this you may start gpg-agent if needed using this simple command: + at smallexample +gpg-connect-agent /bye + at end smallexample +Adding the @option{--verbose} shows the progress of starting the agent. + @end table All the long options may also be given in the configuration file after Modified: trunk/doc/tools.texi =================================================================== --- trunk/doc/tools.texi 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/doc/tools.texi 2010-10-14 16:34:31 UTC (rev 5446) @@ -296,6 +296,12 @@ Run a syntax check on the global configuration file. If @var{filename} is given, check that file instead. + at item --reload [@var{component}] + at opindex reload +Reload all or the given component. This is basically the sam as sending +a SIGHUP to the component. Components which don't support reloading are +ignored. + @end table @@ -1170,6 +1176,11 @@ @include opt-homedir.texi + at item --agent-program @var{file} + at opindex agent-program +Specify the agent program to be started if none is running. + + @item -S @itemx --raw-socket @var{name} @opindex S Modified: trunk/g10/call-agent.c =================================================================== --- trunk/g10/call-agent.c 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/g10/call-agent.c 2010-10-14 16:34:31 UTC (rev 5446) @@ -1517,10 +1517,11 @@ /* Call the agent to generate a new key. KEYPARMS is the usual S-expression giving the parameters of the key. gpg-agent passes it - gcry_pk_genkey. */ + gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not + to protect the generated key. */ gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, - const char *keyparms, gcry_sexp_t *r_pubkey) + const char *keyparms, int no_protection, gcry_sexp_t *r_pubkey) { gpg_error_t err; struct genkey_parm_s gk_parm; @@ -1543,7 +1544,8 @@ gk_parm.ctrl = ctrl; gk_parm.ctx = agent_ctx; gk_parm.keyparms = keyparms; - snprintf (line, sizeof line, "GENKEY%s%s", + snprintf (line, sizeof line, "GENKEY%s%s%s", + no_protection? " --no-protection":"", cache_nonce_addr && *cache_nonce_addr? " ":"", cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:""); err = assuan_transact (agent_ctx, line, Modified: trunk/g10/call-agent.h =================================================================== --- trunk/g10/call-agent.h 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/g10/call-agent.h 2010-10-14 16:34:31 UTC (rev 5446) @@ -155,7 +155,7 @@ /* Generate a new key. */ gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, - const char *keyparms, + const char *keyparms, int no_protection, gcry_sexp_t *r_pubkey); /* Create a signature. */ Modified: trunk/g10/keygen.c =================================================================== --- trunk/g10/keygen.c 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/g10/keygen.c 2010-10-14 16:34:31 UTC (rev 5446) @@ -49,7 +49,10 @@ #define DEFAULT_STD_ALGO GCRY_PK_RSA #define DEFAULT_STD_KEYSIZE 2048 +#define KEYGEN_FLAG_NO_PROTECTION 1 +#define KEYGEN_FLAG_TRANSIENT_KEY 2 + #define MAX_PREFS 30 enum para_name { @@ -99,6 +102,7 @@ int lnr; int dryrun; int ask_passphrase; + unsigned int keygen_flags; int use_files; struct { char *fname; @@ -1137,14 +1141,15 @@ static int common_gen (const char *keyparms, int algo, const char *algoelem, kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, - char **cache_nonce_addr) + int keygen_flags, char **cache_nonce_addr) { int err; PACKET *pkt; PKT_public_key *pk; gcry_sexp_t s_key; - err = agent_genkey (NULL, cache_nonce_addr, keyparms, &s_key); + err = agent_genkey (NULL, cache_nonce_addr, keyparms, + !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), &s_key); if (err) { log_error ("agent_genkey failed: %s\n", gpg_strerror (err) ); @@ -1196,7 +1201,8 @@ */ static int gen_elg (int algo, unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, char **cache_nonce_addr) { int err; char *keyparms; @@ -1216,18 +1222,23 @@ log_info (_("keysize rounded up to %u bits\n"), nbits ); } + /* Note that we use transient-key only if no-protection has also + been enabled. */ snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); - keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)))", + keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)%s))", algo == GCRY_PK_ELG_E ? "openpgp-elg" : algo == GCRY_PK_ELG ? "elg" : "x-oops" , - strlen (nbitsstr), nbitsstr); + strlen (nbitsstr), nbitsstr, + ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + "(transient-key)" : "" ); if (!keyparms) err = gpg_error_from_syserror (); else { err = common_gen (keyparms, algo, "pgy", pub_root, timestamp, expireval, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); xfree (keyparms); } @@ -1240,7 +1251,8 @@ */ static gpg_error_t gen_dsa (unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, char **cache_nonce_addr) { int err; unsigned int qbits; @@ -1301,16 +1313,19 @@ snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits); - keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)))", + keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)%s))", strlen (nbitsstr), nbitsstr, - strlen (qbitsstr), qbitsstr); + strlen (qbitsstr), qbitsstr, + ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + "(transient-key)" : "" ); if (!keyparms) err = gpg_error_from_syserror (); else { err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy", pub_root, timestamp, expireval, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); xfree (keyparms); } @@ -1323,7 +1338,8 @@ */ static int gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, char **cache_nonce_addr) { int err; char *keyparms; @@ -1347,15 +1363,18 @@ } snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); - keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)))", - strlen (nbitsstr), nbitsstr); + keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)%s))", + strlen (nbitsstr), nbitsstr, + ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + "(transient-key)" : "" ); if (!keyparms) err = gpg_error_from_syserror (); else { err = common_gen (keyparms, algo, "ne", pub_root, timestamp, expireval, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); xfree (keyparms); } @@ -2153,7 +2172,7 @@ static int do_create (int algo, unsigned int nbits, KBNODE pub_root, u32 timestamp, u32 expiredate, int is_subkey, - char **cache_nonce_addr) + int keygen_flags, char **cache_nonce_addr) { gpg_error_t err; @@ -2168,13 +2187,13 @@ if (algo == PUBKEY_ALGO_ELGAMAL_E) err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); else if (algo == PUBKEY_ALGO_DSA) err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); else if (algo == PUBKEY_ALGO_RSA) err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); else BUG(); @@ -2742,6 +2761,10 @@ outctrl.ask_passphrase = 1; else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) ) outctrl.ask_passphrase = 0; + else if( !ascii_strcasecmp( keyword, "%no-protection" ) ) + outctrl.keygen_flags |= KEYGEN_FLAG_NO_PROTECTION; + else if( !ascii_strcasecmp( keyword, "%transient-key" ) ) + outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY; else if( !ascii_strcasecmp( keyword, "%commit" ) ) { outctrl.lnr = lnr; if (proc_parameter_file( para, fname, &outctrl, 0 )) @@ -3242,7 +3265,8 @@ get_parameter_uint( para, pKEYLENGTH ), pub_root, timestamp, - get_parameter_u32( para, pKEYEXPIRE ), 0, &cache_nonce); + get_parameter_u32( para, pKEYEXPIRE ), 0, + outctrl->keygen_flags, &cache_nonce); else err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, ×tamp, @@ -3293,7 +3317,7 @@ pub_root, timestamp, get_parameter_u32 (para, pSUBKEYEXPIRE), 1, - &cache_nonce); + outctrl->keygen_flags, &cache_nonce); /* Get the pointer to the generated public subkey packet. */ if (!err) { @@ -3500,7 +3524,7 @@ goto leave; } - err = do_create (algo, nbits, keyblock, cur_time, expire, 1, NULL); + err = do_create (algo, nbits, keyblock, cur_time, expire, 1, 0, NULL); if (err) goto leave; Modified: trunk/tests/openpgp/Makefile.am =================================================================== --- trunk/tests/openpgp/Makefile.am 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/tests/openpgp/Makefile.am 2010-10-14 16:34:31 UTC (rev 5446) @@ -1,4 +1,6 @@ -# Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc. +# Makefile.am - For tests/openpgp +# Copyright (C) 1998, 1999, 2000, 2001, 2003, +# 2010 Free Software Foundation, Inc. # # This file is part of GnuPG. # @@ -16,15 +18,15 @@ # along with this program; if not, see . # Process this file with automake to create Makefile.in -GPG_IMPORT = ../../g10/gpg2 --homedir $(abs_builddir) \ - --quiet --yes --no-permission-warning --import # Programs required before we can run these tests. required_pgms = ../../g10/gpg2 ../../agent/gpg-agent \ - ../../tools/gpg-connect-agent + ../../tools/gpg-connect-agent ../../tools/mk-tdata TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C +# Note: version.test needs to be the first test to run and finish.test +# the last one TESTS = version.test mds.test \ decrypt.test decrypt-dsa.test \ sigs.test sigs-dsa.test \ @@ -36,7 +38,7 @@ armdetachm.test detachm.test genkey1024.test \ conventional.test conventional-mdc.test \ multisig.test verify.test armor.test \ - import.test + import.test finish.test TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ @@ -46,73 +48,34 @@ bug537-test.data.asc bug894-test.asc \ bug1223-good.asc bug1223-bogus.asc -DATA_FILES = data-500 data-9000 data-32000 data-80000 plain-large +data_files = data-500 data-9000 data-32000 data-80000 plain-large +priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ + privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc \ + privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc \ + privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc \ + privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc \ + privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc \ + privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc \ + privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \ + privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc + + EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \ - mkdemodirs signdemokey + mkdemodirs signdemokey $(priv_keys) -CLEANFILES = prepared.stamp x y yy z out err $(DATA_FILES) \ +CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \ - pubring.gpg secring.gpg pubring.pkr secring.skr + pubring.gpg secring.gpg pubring.pkr secring.skr \ + gnupg-test.stop DISTCLEANFILES = pubring.gpg~ random_seed +# We need to depend on a couple of programs so that the tests don't +# start before all programs are built. +all-local: $(required_pgms) -all-local: prepared.stamp - distclean-local: $(srcdir)/mkdemodirs --clean -prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \ - ./pubring.pkr ./secring.skr ./gpg_dearmor $(DATA_FILES) - $(GPG_IMPORT) $(srcdir)/pubdemo.asc - echo timestamp >./prepared.stamp - -# We need to depend on a couple of programs so that the tests don't -# start before all programs are built. -./gpg_dearmor: $(required_pgms) - echo '#!/bin/sh' >./gpg_dearmor - echo "../../g10/gpg2 --no-options --no-greeting \ - --no-secmem-warning --batch --dearmor" >>./gpg_dearmor - chmod 755 ./gpg_dearmor - -./pubring.gpg: $(srcdir)/pubring.asc $(srcdir)/pubdemo.asc ./gpg_dearmor - ./gpg_dearmor > ./pubring.gpg < $(srcdir)/pubring.asc - -./secring.gpg: $(srcdir)/secring.asc ./gpg_dearmor - ./gpg_dearmor > ./secring.gpg < $(srcdir)/secring.asc - -./pubring.pkr: $(srcdir)/pubring.pkr.asc ./gpg_dearmor - ./gpg_dearmor > ./pubring.pkr < $(srcdir)/pubring.pkr.asc - -./secring.skr: $(srcdir)/secring.skr.asc ./gpg_dearmor - ./gpg_dearmor > ./secring.skr < $(srcdir)/secring.skr.asc - -./plain-1: $(srcdir)/plain-1o.asc ./gpg_dearmor - ./gpg_dearmor > ./plain-1 < $(srcdir)/plain-1o.asc - -./plain-2: $(srcdir)/plain-2o.asc ./gpg_dearmor - ./gpg_dearmor > ./plain-2 < $(srcdir)/plain-2o.asc - -./plain-3: $(srcdir)/plain-3o.asc ./gpg_dearmor - ./gpg_dearmor > ./plain-3 < $(srcdir)/plain-3o.asc - - -data-500: - ../../tools/mk-tdata 500 >data-500 -data-9000: - ../../tools/mk-tdata 9000 >data-9000 -data-32000: - ../../tools/mk-tdata 32000 >data-32000 -data-80000: - ../../tools/mk-tdata 80000 >data-80000 -plain-large: - cat $(srcdir)/../../doc/HACKING \ - $(srcdir)/../../doc/DETAILS \ - $(srcdir)/../../doc/gpg.texi >plain-large - -# To speed up key generation we create a dummy random seed file -random_seed: - ../../tools/mk-tdata 600 - Modified: trunk/tests/openpgp/decrypt-dsa.test =================================================================== --- trunk/tests/openpgp/decrypt-dsa.test 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/tests/openpgp/decrypt-dsa.test 2010-10-14 16:34:31 UTC (rev 5446) @@ -12,7 +12,7 @@ #info Checking decryption of supplied DSA encrypted file for i in "plain-1" ; do - $GPG $dsa_keyrings -o y --yes $srcdir/$i-pgp.asc + $GPG -o y --yes $srcdir/$i-pgp.asc cmp $i y || error "$i: mismatch" done Modified: trunk/tests/openpgp/decrypt.test =================================================================== --- trunk/tests/openpgp/decrypt.test 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/tests/openpgp/decrypt.test 2010-10-14 16:34:31 UTC (rev 5446) @@ -12,7 +12,7 @@ #info Checking decryption of supplied files for i in $plain_files ; do - echo "$usrpass1" | $GPG --passphrase-fd 0 -o y --yes $srcdir/$i.asc + $GPG -o y --yes $srcdir/$i.asc cmp $i y || error "$i: mismatch" done Modified: trunk/tests/openpgp/defs.inc =================================================================== --- trunk/tests/openpgp/defs.inc 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/tests/openpgp/defs.inc 2010-10-14 16:34:31 UTC (rev 5446) @@ -12,23 +12,22 @@ #------ constants --------------- #-------------------------------- -# Note that usrpass1 is also used in Makefile.am -usrname1="one" +usrname1="one at example.com" usrpass1="def" -usrname2="two" +usrname2="two at example.com" usrpass2="" -usrname3="three" +usrname3="three at example.com" usrpass3="" dsa_usrname1="pgp5" -# we use the sub key because we do not yet have the logic to -# to derive the first encryption key from a keyblock (I guess) +# we use the sub key because we do not yet have the logic to to derive +# the first encryption key from a keyblock (I guess) (Well of course +# we have this by now and the notation below will lookup the primary +# first and the search for the encryption subkey.) dsa_usrname2="0xCB879DE9" -dsa_keyrings="--keyring ./pubring.pkr --secret-keyring ./secring.skr" - plain_files="plain-1 plain-2 plain-3" data_files="data-500 data-9000 data-32000 data-80000" exp_files="" @@ -50,6 +49,7 @@ fatal () { echo "$pgmname: fatal:" $* >&2 echo "$pgmname: fatal:" $* >&5 + echo stop >gnupg-test.stop exit 1; } @@ -121,7 +121,7 @@ #} have_pubkey_algo () { - if ../../g10/gpg2 --homedir . --version | grep "Pubkey:.*$1" >/dev/null + if $GPG --version | grep "Pubkey:.*$1" >/dev/null then true else @@ -130,7 +130,7 @@ } have_cipher_algo () { - if ../../g10/gpg2 --homedir . --version | grep "Cipher:.*$1" >/dev/null + if $GPG --version | grep "Cipher:.*$1" >/dev/null then true else @@ -139,7 +139,7 @@ } have_hash_algo () { - if ../../g10/gpg2 --homedir . --version | grep "Hash:.*$1" >/dev/null + if $GPG --version | grep "Hash:.*$1" >/dev/null then true else @@ -148,11 +148,13 @@ } all_cipher_algos () { - ../../g10/gpg2 --homedir . --with-colons --list-config ciphername | sed 's/^cfg:ciphername://; s/;/ /g' + $GPG --with-colons --list-config ciphername \ + | sed 's/^cfg:ciphername://; s/;/ /g' } all_hash_algos () { - ../../g10/gpg2 --homedir . --with-colons --list-config digestname | sed 's/^cfg:digestname://; s/;/ /g' + $GPG --with-colons --list-config digestname \ + | sed 's/^cfg:digestname://; s/;/ /g' } set -e @@ -161,6 +163,16 @@ [ -z "$srcdir" ] && fatal "not called from make" +# +if [ -f gnupg-test.stop ]; then + if [ $pgmname = "version.test" ]; then + rm gnupg-test.stop + else + # Skip the rest of the tests. + exit 77 + fi +fi + # Always work in the current directory. We set GNUPGHOME only if it # has not been set already. Usually it is set through the Makefile's # TESTS_ENVIRONMENT macro. @@ -172,21 +184,32 @@ exit 1 fi +# We don't use GPG_AGENT_INFO anymore - better reset it. +unset GPG_AGENT_INFO + +# (--no-permission-warning makes only sense on the commandline) +GPG="../../g10/gpg2 --no-permission-warning " +# (We may not use a relative name for gpg-agent.) +GPG_AGENT="$(cd ../../agent && /bin/pwd)/gpg-agent" +GPG_CONNECT_AGENT="../../tools/gpg-connect-agent" +GPGCONF="../../tools/gpgconf" +GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase" +MKTDATA="../../tools/mk-tdata" + # Make sure we have a valid option files even with VPATH builds. for f in gpg.conf gpg-agent.conf ; do if [ -f ./$f ]; then : elif [ -f $srcdir/$f.tmpl ]; then cat $srcdir/$f.tmpl >$f + if [ "$f" = "gpg.conf" ]; then + echo "agent-program $GPG_AGENT" >>gpg.conf + fi fi done -# (--no-permission-warning makes only sense on the commandline) -GPG="../../g10/gpg2 --no-permission-warning " - echo "Test: $pgmname" > ${pgmname}.log echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log -echo "GPG_AGENT_INFO=$GPG_AGENT_INFO" >> ${pgmname}.log exec 5>&2 2>>${pgmname}.log : Modified: trunk/tests/openpgp/encrypt-dsa.test =================================================================== --- trunk/tests/openpgp/encrypt-dsa.test 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/tests/openpgp/encrypt-dsa.test 2010-10-14 16:34:31 UTC (rev 5446) @@ -12,17 +12,17 @@ #info Checking encryption for i in $plain_files $data_files ; do - $GPG $dsa_keyrings --always-trust -e -o x --yes -r "$dsa_usrname2" $i - $GPG $dsa_keyrings -o y --yes x + $GPG --always-trust -e -o x --yes -r "$dsa_usrname2" $i + $GPG -o y --yes x cmp $i y || error "$i: mismatch" done for ca in `all_cipher_algos` ; do echo_n "$ca " for i in $plain_files $data_files ; do - $GPG $dsa_keyrings --always-trust --cipher-algo $ca -e \ + $GPG --always-trust --cipher-algo $ca -e \ -o x --yes -r "$dsa_usrname2" $i - $GPG $dsa_keyrings -o y --yes x + $GPG -o y --yes x cmp $i y || error "$i: mismatch" done done Added: trunk/tests/openpgp/finish.test =================================================================== --- trunk/tests/openpgp/finish.test (rev 0) +++ trunk/tests/openpgp/finish.test 2010-10-14 16:34:31 UTC (rev 5446) @@ -0,0 +1,17 @@ +#!/bin/sh +# Copyright 2010 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +. $srcdir/defs.inc || exit 3 + +if $GPG_AGENT --quiet; then + $GPG_CONNECT_AGENT killagent /bye >/dev/null +fi + +exit 0 + Property changes on: trunk/tests/openpgp/finish.test ___________________________________________________________________ Added: svn:executable + * Modified: trunk/tests/openpgp/genkey1024.test =================================================================== --- trunk/tests/openpgp/genkey1024.test 2010-10-14 08:32:55 UTC (rev 5445) +++ trunk/tests/openpgp/genkey1024.test 2010-10-14 16:34:31 UTC (rev 5446) @@ -10,10 +10,7 @@ . $srcdir/defs.inc || exit 3 -# FIXME: Skip this test for now -exit 77 - -$GPG --quiet --batch --debug-quick-random --gen-key < Author: wk Date: 2010-10-14 18:36:47 +0200 (Thu, 14 Oct 2010) New Revision: 5447 Modified: trunk/tests/openpgp/gpg-agent.conf.tmpl Log: Remove debug options Modified: trunk/tests/openpgp/gpg-agent.conf.tmpl =================================================================== --- trunk/tests/openpgp/gpg-agent.conf.tmpl 2010-10-14 16:34:31 UTC (rev 5446) +++ trunk/tests/openpgp/gpg-agent.conf.tmpl 2010-10-14 16:36:47 UTC (rev 5447) @@ -1,7 +1,5 @@ use-standard-socket allow-preset-passphrase no-grab -log-file socket:///home/wk/b/gnupg/tests/openpgp/S.log -debug 1024 -verbose + From cvs at cvs.gnupg.org Fri Oct 15 11:16:40 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 15 Oct 2010 11:16:40 +0200 Subject: [svn] GnuPG - r5448 - in trunk: dirmngr tests/openpgp Message-ID: Author: wk Date: 2010-10-15 11:16:39 +0200 (Fri, 15 Oct 2010) New Revision: 5448 Modified: trunk/dirmngr/ChangeLog trunk/dirmngr/Makefile.am trunk/tests/openpgp/ChangeLog trunk/tests/openpgp/Makefile.am Log: Tweaks to make make distcheck work. Modified: trunk/dirmngr/ChangeLog =================================================================== --- trunk/dirmngr/ChangeLog 2010-10-14 16:36:47 UTC (rev 5447) +++ trunk/dirmngr/ChangeLog 2010-10-15 09:16:39 UTC (rev 5448) @@ -1,3 +1,7 @@ +2010-10-15 Werner Koch + + * Makefile.am (CLEANFILES): Add no-libgcrypt.c. + 2010-09-16 Werner Koch * validate.c (validate_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. Modified: trunk/tests/openpgp/ChangeLog =================================================================== --- trunk/tests/openpgp/ChangeLog 2010-10-14 16:36:47 UTC (rev 5447) +++ trunk/tests/openpgp/ChangeLog 2010-10-15 09:16:39 UTC (rev 5448) @@ -1,3 +1,7 @@ +2010-10-15 Werner Koch + + * Makefile.am (clean-local): New. + 2010-10-14 Werner Koch * genkey1024.test: Use the new no-protection option. Modified: trunk/dirmngr/Makefile.am =================================================================== --- trunk/dirmngr/Makefile.am 2010-10-14 16:36:47 UTC (rev 5447) +++ trunk/dirmngr/Makefile.am 2010-10-15 09:16:39 UTC (rev 5448) @@ -36,6 +36,8 @@ BUILT_SOURCES = no-libgcrypt.c +CLEANFILES = no-libgcrypt.c + if HAVE_W32_SYSTEM ldap_url = ldap-url.h ldap-url.c else Modified: trunk/tests/openpgp/Makefile.am =================================================================== --- trunk/tests/openpgp/Makefile.am 2010-10-14 16:36:47 UTC (rev 5447) +++ trunk/tests/openpgp/Makefile.am 2010-10-15 09:16:39 UTC (rev 5448) @@ -68,14 +68,14 @@ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \ pubring.gpg secring.gpg pubring.pkr secring.skr \ - gnupg-test.stop + gnupg-test.stop pubring.gpg~ random_seed -DISTCLEANFILES = pubring.gpg~ random_seed +clean-local: + -rm -rf private-keys-v1.d + # We need to depend on a couple of programs so that the tests don't # start before all programs are built. all-local: $(required_pgms) -distclean-local: - $(srcdir)/mkdemodirs --clean From cvs at cvs.gnupg.org Mon Oct 18 11:24:57 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 11:24:57 +0200 Subject: [svn] GnuPG - r5449 - in branches/STABLE-BRANCH-1-4: . doc g10 po scripts Message-ID: Author: wk Date: 2010-10-18 11:24:48 +0200 (Mon, 18 Oct 2010) New Revision: 5449 Modified: branches/STABLE-BRANCH-1-4/AUTHORS branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/NEWS branches/STABLE-BRANCH-1-4/configure.ac branches/STABLE-BRANCH-1-4/doc/gpg.texi branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/app-openpgp.c branches/STABLE-BRANCH-1-4/po/ChangeLog branches/STABLE-BRANCH-1-4/po/be.po branches/STABLE-BRANCH-1-4/po/ca.po branches/STABLE-BRANCH-1-4/po/cs.po branches/STABLE-BRANCH-1-4/po/da.po branches/STABLE-BRANCH-1-4/po/de.po branches/STABLE-BRANCH-1-4/po/el.po branches/STABLE-BRANCH-1-4/po/eo.po branches/STABLE-BRANCH-1-4/po/es.po branches/STABLE-BRANCH-1-4/po/et.po branches/STABLE-BRANCH-1-4/po/fi.po branches/STABLE-BRANCH-1-4/po/fr.po branches/STABLE-BRANCH-1-4/po/gl.po branches/STABLE-BRANCH-1-4/po/hu.po branches/STABLE-BRANCH-1-4/po/id.po branches/STABLE-BRANCH-1-4/po/it.po branches/STABLE-BRANCH-1-4/po/ja.po branches/STABLE-BRANCH-1-4/po/nb.po branches/STABLE-BRANCH-1-4/po/nl.po branches/STABLE-BRANCH-1-4/po/pl.po branches/STABLE-BRANCH-1-4/po/pt.po branches/STABLE-BRANCH-1-4/po/pt_BR.po branches/STABLE-BRANCH-1-4/po/ro.po branches/STABLE-BRANCH-1-4/po/ru.po branches/STABLE-BRANCH-1-4/po/sk.po branches/STABLE-BRANCH-1-4/po/sv.po branches/STABLE-BRANCH-1-4/po/tr.po branches/STABLE-BRANCH-1-4/po/zh_CN.po branches/STABLE-BRANCH-1-4/po/zh_TW.po branches/STABLE-BRANCH-1-4/scripts/ChangeLog branches/STABLE-BRANCH-1-4/scripts/config.guess branches/STABLE-BRANCH-1-4/scripts/config.sub Log: Prepare for 1.4.11 Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2010-10-18 09:24:48 UTC (rev 5449) @@ -1,3 +1,7 @@ +2010-10-18 Werner Koch + + Release 1.4.11. + 2010-10-10 Werner Koch * configure.ac (AH_BOTTOM): Add GNUPG_BAK_SFX and GNUPG_TMP_SFX. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-18 09:24:48 UTC (rev 5449) @@ -1,3 +1,8 @@ +2010-10-18 Werner Koch + + * app-openpgp.c (parse_algorithm_attribute): Remove extra const in + definition of DESC. + 2010-10-10 Werner Koch * keyring.c (create_tmp_file): Use GNUPG_TMP_SFX anf GNUPG_BAK_SFX. Modified: branches/STABLE-BRANCH-1-4/po/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/po/ChangeLog 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/po/ChangeLog 2010-10-18 09:24:48 UTC (rev 5449) @@ -1,3 +1,15 @@ +2010-10-18 Werner Koch + + * de.po: Two updates. + +2010-10-18 Lauren?iu Buzdugan (wk) + + * ro.po: Update. + +2010-10-18 Jakub Bogusz (wk) + + * pl.po: Update. + 2010-09-02 Werner Koch * de.po: Insert missing spaces. Fixes Debian-Bug#594489. @@ -705,7 +717,7 @@ Copyright 1998, 1999, 2000, 2001, 2004, - 2005, 2007 Free Software Foundation, Inc. + 2005, 2007, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: branches/STABLE-BRANCH-1-4/scripts/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/scripts/ChangeLog 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/scripts/ChangeLog 2010-10-18 09:24:48 UTC (rev 5449) @@ -1,3 +1,8 @@ +2010-10-18 Werner Koch + + * config.guess: Update to version 2010-09-24. + * config.sub: Update to version 2010-09-11. + 2009-09-05 Werner Koch * autogen.sh <--build-w32>: Pass --with-bzip2. Modified: branches/STABLE-BRANCH-1-4/AUTHORS =================================================================== --- branches/STABLE-BRANCH-1-4/AUTHORS 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/AUTHORS 2010-10-18 09:24:48 UTC (rev 5449) @@ -43,8 +43,10 @@ Jacobo Tarri'o Barreiro Translations [gl] -Janusz Aleksander Urbanowicz Translations [po] +Jakub Bogusz Translations [pl] +Janusz Aleksander Urbanowicz Translations [pl] + Jedi Lin Translations [zh-tw] Jouni Hiltunen Translations [fi] Modified: branches/STABLE-BRANCH-1-4/NEWS =================================================================== --- branches/STABLE-BRANCH-1-4/NEWS 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/NEWS 2010-10-18 09:24:48 UTC (rev 5449) @@ -1,9 +1,9 @@ -Noteworthy changes in version 1.4.11 (unreleased) +Noteworthy changes in version 1.4.11 (2010-10-18) ------------------------------------------------- - * Bug fixes. + * Bug fixes and portability changes. - * Ignore some GnuPG-2 options. + * Minor changes for better interoperability with GnuPG-2. Noteworthy changes in version 1.4.10 (2009-09-02) Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/configure.ac 2010-10-18 09:24:48 UTC (rev 5449) @@ -26,7 +26,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh --force" right before creating a distribution. m4_define([my_version], [1.4.11]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) AC_INIT([gnupg], Modified: branches/STABLE-BRANCH-1-4/doc/gpg.texi =================================================================== --- branches/STABLE-BRANCH-1-4/doc/gpg.texi 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/doc/gpg.texi 2010-10-18 09:24:48 UTC (rev 5449) @@ -1,8 +1,13 @@ @c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - at c 2008, 2009 Free Software Foundation, Inc. + at c 2008, 2009, 2010 Free Software Foundation, Inc. @c This is part of the GnuPG manual. @c For copying conditions, see the file gnupg.texi. + at c Note that we use this texinfo file for all versions of GnuPG: 1.4.x, + at c 2.0 and 2.1. The macro "gpgone" controls parts which are only valid + at c for GnuPG 1.4, the macro "gpgtwoone" controls parts which are only + at c valid for GnupG 2.1 and later. + @node Invoking GPG @chapter Invoking GPG @cindex GPG command options @@ -68,18 +73,19 @@ @ifset gpgone This is the standalone version of @command{gpg}. For desktop use you -should consider using @command{gpg2}. +should consider using @command{gpg2} @footnote{On some platforms gpg2 is +installed under the name @command{gpg}}. @end ifset @ifclear gpgone In contrast to the standalone version @command{gpg}, which is more -suited for server and embedded platforms, this version is installed -under the name @command{gpg2} and more targeted to the desktop as it -requires several other modules to be installed. The standalone version -will be kept maintained and it is possible to install both versions on -the same system. If you need to use different configuration files, you -should make use of something like @file{gpg.conf-2} instead of just - at file{gpg.conf}. +suited for server and embedded platforms, this version is commonly +installed under the name @command{gpg2} and more targeted to the desktop +as it requires several other modules to be installed. The standalone +version will be kept maintained and it is possible to install both +versions on the same system. If you need to use different configuration +files, you should make use of something like @file{gpg.conf-2} instead +of just @file{gpg.conf}. @end ifclear @manpause @@ -415,8 +421,10 @@ command has the special property to render the secret part of the primary key useless; this is a GNU extension to OpenPGP and other implementations can not be expected to successfully import such a key. + at ifclear gpgtwoone See the option @option{--simple-sk-checksum} if you want to import such an exported key with an older OpenPGP implementation. + at end ifclear @item --import @itemx --fast-import @@ -527,12 +535,13 @@ With the second form (or a deprecated "*" as algo) digests for all available algorithms are printed. - at item --gen-random @code{0|1|2} + at item --gen-random @code{0|1|2} @code{count} @opindex gen-random -Emit @var{count} random bytes of the given quality level. If count is -not given or zero, an endless sequence of random bytes will be emitted. -PLEASE, don't use this command unless you know what you are doing; it -may remove precious entropy from the system! +Emit @var{count} random bytes of the given quality level 0, 1 or 2. If + at var{count} is not given or zero, an endless sequence of random bytes +will be emitted. If used with @option{--armor} the output will be +base64 encoded. PLEASE, don't use this command unless you know what +you are doing; it may remove precious entropy from the system! @item --gen-prime @code{mode} @code{bits} @opindex gen-prime @@ -592,12 +601,12 @@ @item uid @code{n} @opindex keyedit:uid Toggle selection of user ID or photographic user ID with index @code{n}. -Use 0 to deselect all. +Use @code{*} to select all and @code{0} to deselect all. @item key @code{n} @opindex keyedit:key Toggle selection of subkey with index @code{n}. -Use 0 to deselect all. +Use @code{*} to select all and @code{0} to deselect all. @item sign @opindex keyedit:sign @@ -889,6 +898,13 @@ non-exportable. This is a shortcut version of the subcommand "lsign" from @option{--edit-key}. + at ifclear gpgone + at item --passwd @var{user_id} + at opindex passwd +Change the passphrase of the secret key belonging to the certificate +specified as @var{user_id}. This is a shortcut for the sub-command + at code{passwd} of the edit key menu. + at end ifclear @end table @@ -902,7 +918,7 @@ @node GPG Options @section Option Summary - at command{@gpgname} comes features a bunch of options to control the exact + at command{@gpgname} features a bunch of options to control the exact behaviour and to change the default configuration. @menu @@ -1125,6 +1141,9 @@ Other flags are "%k" for the key ID, "%K" for the long key ID, "%f" for the key fingerprint, "%t" for the extension of the image type (e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"), +"%v" for the single-character calculated validity of the image being +viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g. +"full"), and "%%" for an actual percent sign. If neither %i or %I are present, then the photo will be supplied to the viewer on standard input. @@ -1523,10 +1542,12 @@ ldaps). Defaults to on. @item ca-cert-file -Provide a certificate file to override the system default. Only +Provide a certificate store to override the system default. Only necessary if check-cert is enabled, and the keyserver is using a certificate that is not present in a system default certificate list. +Note that depending on the SSL library that the keyserver helper is +built with, this may actually be a directory or a file. @end table @item --completes-needed @code{n} @@ -1540,6 +1561,7 @@ @item --max-cert-depth @code{n} Maximum depth of a certification chain (default is 5). + at ifclear gpgtwoone @item --simple-sk-checksum Secret keys are integrity protected by using a SHA-1 checksum. This method is part of the upcoming enhanced OpenPGP specification but @@ -1550,6 +1572,7 @@ the secret key is encrypted - the simplest way to make this happen is to change the passphrase on the key (even changing it to the same value is acceptable). + at end ifclear @item --no-sig-cache Do not cache the verification status of key signatures. @@ -1759,17 +1782,41 @@ Use @var{name} as the key to sign with. Note that this option overrides @option{--default-key}. + at ifset gpgtwoone + at item --try-secret-key @var{name} + at opindex try-secret-key +For hidden recipients GPG needs to know the keys to use for trial +decryption. The key set with @option{--default-key} is always tried +first, but this is often not sufficient. This option allows to set more +keys to be used for trial decryption. Although any valid user-id +specification may be used for @var{name} it makes sense to use at least +the long keyid to avoid ambiguities. Note that gpg-agent might pop up a +pinentry for a lot keys to do the trial decryption. If you want to stop +all further trial decryption you may use close-window button instead of +the cancel button. + at end ifset + @item --try-all-secrets + at opindex try-all-secrets Don't look at the key ID as stored in the message but try all secret keys in turn to find the right decryption key. This option forces the behaviour as used by anonymous recipients (created by using - at option{--throw-keyids}) and might come handy in case where an encrypted -message contains a bogus key ID. + at option{--throw-keyids} or @option{--hidden-recipient}) and might come +handy in case where an encrypted message contains a bogus key ID. + at item --skip-hidden-recipients + at itemx --no-skip-hidden-recipients + at opindex skip-hidden-recipients + at opindex no-skip-hidden-recipients +During decryption skip all anonymous recipients. This option helps in +the case that people use the hidden recipients feature to hide there +own encrypt-to key from others. If oneself has many secret keys this +may lead to a major annoyance because all keys are tried in turn to +decrypt soemthing which was not really intended for it. The drawback +of this option is that it is currently not possible to decrypt a +message which includes real anonymous recipients. - - @end table @c ******************************************* @@ -1864,11 +1911,17 @@ Include designated revoker information that was marked as "sensitive". Defaults to no. + at c Since GnuPG 2.1 gpg-agent manages the secret key and thus the + at c export-reset-subkey-passwd hack is not anymore justified. Such use + at c cases need to be implemented using a specialized secret key export + at c tool. + at ifclear gpgtwoone @item export-reset-subkey-passwd When using the @option{--export-secret-subkeys} command, this option resets the passphrases for all exported subkeys to empty. This is useful when the exported subkey is to be used on an unattended machine where a passphrase doesn't necessarily make sense. Defaults to no. + at end ifclear @item export-clean Compact (remove all signatures from) user IDs on the key being @@ -1909,6 +1962,11 @@ Same as the command @option{--fingerprint} but changes only the format of the output and may be used together with another command. + at ifset gpgtwoone + at item --with-keygrip + at opindex with-keygrip +Include the keygrip in the key listings. + at end ifset @end table @@ -1944,10 +2002,11 @@ OpenPGP states that an implementation should generate v4 signatures but PGP versions 5 through 7 only recognize v4 signatures on key material. This option forces v3 signatures for signatures on data. -Note that this option implies @option{--ask-sig-expire}, +Note that this option implies @option{--no-ask-sig-expire}, and unsets @option{--sig-policy-url}, @option{--sig-notation}, and @option{--sig-keyserver-url}, as these features cannot be used with v3 signatures. @option{--no-force-v3-sigs} disables this option. +Defaults to no. @item --force-v4-certs @itemx --no-force-v4-certs @@ -2135,6 +2194,34 @@ @opindex interactive Prompt before overwriting any files. + at item --debug-level @var{level} + at opindex debug-level +Select the debug level for investigating problems. @var{level} may be +a numeric value or by a keyword: + + at table @code + at item none +No debugging at all. A value of less than 1 may be used instead of +the keyword. + at item basic +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. + at item advanced +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. + at item expert +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. + at item guru +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. + at end table + +How these messages are mapped to the actual debugging flags is not +specified and may change with newer releases of this program. They are +however carefully selected to best aid in debugging. + @item --debug @var{flags} @opindex debug Set debugging flags. All flags are or-ed and @var{flags} may @@ -2149,6 +2236,13 @@ Note that this option is only available on some system. @end ifset + at item --faked-system-time @var{epoch} + at opindex faked-system-time +This option is only useful for testing; it sets the system time back or +forth to @var{epoch} which is the number of seconds elapsed since the year +1970. Alternatively @var{epoch} may be given as a full ISO time string +(e.g. "20070924T154812"). + @item --enable-progress-filter Enable certain PROGRESS status outputs. This option allows frontends to display a progress indicator while gpg is processing larger files. @@ -2486,10 +2580,7 @@ When making a data signature, prompt for an expiration time. If this option is not specified, the expiration time set via @option{--default-sig-expire} is used. @option{--no-ask-sig-expire} -disables this option. Note that by default, @option{--force-v3-sigs} is -set which also disables this option. If you want signature expiration, -you must set @option{--no-force-v3-sigs} as well as turning - at option{--ask-sig-expire} on. +disables this option. @item --default-sig-expire The default expiration time to use for signature expiration. Valid @@ -2853,7 +2944,7 @@ @mansect bugs @chapheading BUGS -On many systems this program should be installed as setuid(root). This +On older systems this program should be installed as setuid(root). This is necessary to lock memory pages. Locking memory pages prevents the operating system from writing memory pages (which may contain passphrases or other sensitive material) to disk. If you get no @@ -2868,6 +2959,10 @@ to protect the saved memory, passphrases or other sensitive material may be recoverable from it later. +Before you report a bug you should first search the mailing list +archives for similar problems and second check whether such a bug has +already been reported to our bug tracker at http://bugs.gnupg.org . + @mansect see also @ifset isman @command{gpgv}(1), Modified: branches/STABLE-BRANCH-1-4/g10/app-openpgp.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/app-openpgp.c 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/g10/app-openpgp.c 2010-10-18 09:24:48 UTC (rev 5449) @@ -3598,7 +3598,7 @@ unsigned char *buffer; size_t buflen; void *relptr; - const char const desc[3][5] = {"sign", "encr", "auth"}; + const char desc[3][5] = {"sign", "encr", "auth"}; assert (keyno >=0 && keyno <= 2); Modified: branches/STABLE-BRANCH-1-4/po/be.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/ca.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/cs.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/da.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/de.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/el.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/eo.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/es.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/et.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/fi.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/fr.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/gl.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/hu.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/id.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/it.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/ja.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/nb.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/nl.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/pl.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/pt.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/pt_BR.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/ro.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/ru.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/sk.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/sv.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/tr.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/zh_CN.po [not shown] Modified: branches/STABLE-BRANCH-1-4/po/zh_TW.po [not shown] Modified: branches/STABLE-BRANCH-1-4/scripts/config.guess =================================================================== --- branches/STABLE-BRANCH-1-4/scripts/config.guess 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/scripts/config.guess 2010-10-18 09:24:48 UTC (rev 5449) @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# Free Software Foundation, Inc. -timestamp='2007-11-19' +timestamp='2010-09-24' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ # the same distribution terms that you use for the rest of that program. -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,8 +56,9 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -91,7 +92,7 @@ exit 1 fi -trap 'exit 1' 1 2 15 +trap 'exit 1' HUP INT TERM # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires @@ -105,7 +106,7 @@ set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" HUP INT PIPE TERM ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || @@ -170,7 +171,7 @@ arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep __ELF__ >/dev/null + | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? @@ -324,14 +325,33 @@ case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -532,7 +552,7 @@ echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[45]) + *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -640,7 +660,7 @@ # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep __LP64__ >/dev/null + grep -q __LP64__ then HP_ARCH="hppa2.0w" else @@ -791,18 +811,24 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - *:Interix*:[3456]*) + *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T | authenticamd) + authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we @@ -832,8 +858,29 @@ i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; arm*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -847,6 +894,17 @@ frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -856,75 +914,34 @@ m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - mips:Linux:*:*) + mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU - #undef mips - #undef mipsel + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mipsel + CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips + CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; - mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips64 - #undef mips64el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mips64el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips64 - #else - CPU= - #endif - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + padre:Linux:*:*) + echo sparc-unknown-linux-gnu exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -933,9 +950,12 @@ *) echo hppa-unknown-linux-gnu ;; esac exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; @@ -948,6 +968,9 @@ sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-tilera-linux-gnu + exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; @@ -957,69 +980,6 @@ xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^LIBC/{ - s: ::g - p - }'`" - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both @@ -1048,7 +1008,7 @@ i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) @@ -1092,8 +1052,11 @@ pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 @@ -1131,6 +1094,16 @@ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; @@ -1143,7 +1116,7 @@ rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) @@ -1206,6 +1179,9 @@ BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1233,6 +1209,16 @@ *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} @@ -1248,6 +1234,9 @@ *:QNX:*:4*) echo i386-pc-qnx exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; @@ -1314,6 +1303,9 @@ i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1474,9 +1466,9 @@ the operating system you are using. It is advised that you download the most up to date version of the config scripts from - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD and - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD If the version you run ($0) is already up to date, please send the following data and any information you think might be Modified: branches/STABLE-BRANCH-1-4/scripts/config.sub =================================================================== --- branches/STABLE-BRANCH-1-4/scripts/config.sub 2010-10-15 09:16:39 UTC (rev 5448) +++ branches/STABLE-BRANCH-1-4/scripts/config.sub 2010-10-18 09:24:48 UTC (rev 5449) @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# Free Software Foundation, Inc. -timestamp='2007-11-19' +timestamp='2010-09-11' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -32,13 +32,16 @@ # Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. @@ -72,8 +75,9 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -120,8 +124,10 @@ # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ - uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -148,10 +154,13 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) + -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; + -bluegene*) + os=-cnk + ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 @@ -249,13 +258,16 @@ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep \ + | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ @@ -268,28 +280,41 @@ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | moxie \ | mt \ | msp430 \ + | nds32 | nds32le | nds32be \ | nios | nios2 \ | ns16k | ns32k \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ + | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ + | tahoe | thumb | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) + | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12) + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none @@ -320,7 +345,7 @@ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ @@ -329,14 +354,17 @@ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ @@ -351,27 +379,30 @@ | mmix-* \ | mt-* \ | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile-* | tilegx-* \ | tron-* \ + | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ - | z8k-*) + | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) @@ -439,6 +470,10 @@ basic_machine=m68k-apollo os=-bsd ;; + aros) + basic_machine=i386-pc + os=-aros + ;; aux) basic_machine=m68k-apple os=-aux @@ -447,10 +482,35 @@ basic_machine=ns32k-sequent os=-dynix ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; c90) basic_machine=c90-cray os=-unicos ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -518,6 +578,10 @@ basic_machine=m88k-motorola os=-sysv3 ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp @@ -672,6 +736,14 @@ basic_machine=m68k-isi os=-sysv ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; m88k-omron*) basic_machine=m88k-omron ;; @@ -683,6 +755,9 @@ basic_machine=ns32k-utek os=-sysv ;; + microblaze) + basic_machine=microblaze-xilinx + ;; mingw32) basic_machine=i386-pc os=-mingw32 @@ -787,6 +862,12 @@ np1) basic_machine=np1-gould ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -817,6 +898,14 @@ basic_machine=i860-intel os=-osf ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; pbd) basic_machine=sparc-tti ;; @@ -1013,18 +1102,15 @@ basic_machine=t90-cray os=-unicos ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff + # This must be matched before tile*. + tilegx*) + basic_machine=tilegx-unknown + os=-linux-gnu ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff + tile*) + basic_machine=tile-unknown + os=-linux-gnu ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; tx39) basic_machine=mipstx39-unknown ;; @@ -1100,6 +1186,10 @@ basic_machine=z8k-unknown os=-sim ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -1138,7 +1228,7 @@ we32k) basic_machine=we32k-att ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) @@ -1188,6 +1278,9 @@ # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; @@ -1208,10 +1301,11 @@ # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ + | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1220,9 +1314,10 @@ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ + | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ + | -mingw32* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ @@ -1230,7 +1325,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1360,6 +1455,11 @@ -zvmoe) os=-zvmoe ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; -none) ;; *) @@ -1400,6 +1500,15 @@ c4x-* | tic4x-*) os=-coff ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 @@ -1557,7 +1666,7 @@ -sunos*) vendor=sun ;; - -aix*) + -cnk*|-aix*) vendor=ibm ;; -beos*) From cvs at cvs.gnupg.org Mon Oct 18 12:02:30 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 12:02:30 +0200 Subject: [svn] GnuPG - r5450 - branches/STABLE-BRANCH-1-4/cipher Message-ID: Author: wk Date: 2010-10-18 12:02:29 +0200 (Mon, 18 Oct 2010) New Revision: 5450 Modified: branches/STABLE-BRANCH-1-4/cipher/ChangeLog branches/STABLE-BRANCH-1-4/cipher/rndw32.c Log: Add a minor feature for w32. Modified: branches/STABLE-BRANCH-1-4/cipher/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/cipher/ChangeLog 2010-10-18 09:24:48 UTC (rev 5449) +++ branches/STABLE-BRANCH-1-4/cipher/ChangeLog 2010-10-18 10:02:29 UTC (rev 5450) @@ -1,3 +1,7 @@ +2010-10-18 Werner Koch + + * rndw32.c (slow_gatherer_windowsNT): Add GNUPG_RNDW32_NOPERF envvar. + 2010-09-28 Steven M. Schweda (wk) Changes to help the VMS port. See Modified: branches/STABLE-BRANCH-1-4/cipher/rndw32.c =================================================================== --- branches/STABLE-BRANCH-1-4/cipher/rndw32.c 2010-10-18 09:24:48 UTC (rev 5449) +++ branches/STABLE-BRANCH-1-4/cipher/rndw32.c 2010-10-18 10:02:29 UTC (rev 5450) @@ -477,9 +477,16 @@ * worst-case estimate which is usually nowhere near the actual amount * required. For example it may report that 128K of memory is required, * but only return 64K of data */ -#warning How shall we disable get performacne data - if (0) - log_debug ("Warning: get performance data disabled\n"); + if (getenv("GNUPG_RNDW32_NOPERF")) + { + static int shown; + + if (!shown) + { + shown = 1; + g10_log_info ("note: get performance data has been disabled\n"); + } + } else { pPerfData = xmalloc (cbPerfData); for (;;) { From cvs at cvs.gnupg.org Mon Oct 18 12:12:24 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 12:12:24 +0200 Subject: [svn] gcry - r1447 - trunk/random Message-ID: Author: wk Date: 2010-10-18 12:12:23 +0200 (Mon, 18 Oct 2010) New Revision: 1447 Modified: trunk/random/ChangeLog trunk/random/rndw32.c Log: Look at GNUPG_RNDW32_NOPERF Modified: trunk/random/ChangeLog =================================================================== --- trunk/random/ChangeLog 2010-08-31 16:43:44 UTC (rev 1446) +++ trunk/random/ChangeLog 2010-10-18 10:12:23 UTC (rev 1447) @@ -1,3 +1,8 @@ +2010-10-18 Werner Koch + + * rndw32.c (registry_poll): Disable performace fata gathering if + GNUPG_RNDW32_NOPERF has been set. + 2010-04-27 Marcus Brinkmann * rndw32ce.c (fillup_buffer): Rewrite without using nested Modified: trunk/random/rndw32.c =================================================================== --- trunk/random/rndw32.c 2010-08-31 16:43:44 UTC (rev 1446) +++ trunk/random/rndw32.c 2010-10-18 10:12:23 UTC (rev 1447) @@ -418,45 +418,58 @@ this can consume tens of MB of memory and huge amounts of CPU time while it gathers its data, and even running once can still consume about 1/2MB of memory */ - pPerfData = gcry_xmalloc (cbPerfData); - for (iterations=0; iterations < 10; iterations++) + if (getenv ("GNUPG_RNDW32_NOPERF")) { - dwSize = cbPerfData; - if ( debug_me ) - log_debug ("rndw32#slow_gatherer_nt: get perf data\n" ); - - status = RegQueryValueEx (HKEY_PERFORMANCE_DATA, "Global", NULL, - NULL, (LPBYTE) pPerfData, &dwSize); - if (status == ERROR_SUCCESS) + static int shown; + + if (!shown) { - if (!memcmp (pPerfData->Signature, L"PERF", 8)) - (*add) ( pPerfData, dwSize, requester ); - else - log_debug ("rndw32: no PERF signature\n"); - break; + shown = 1; + log_info ("note: get performance data has been disabled\n"); } - else if (status == ERROR_MORE_DATA) + } + else + { + pPerfData = gcry_xmalloc (cbPerfData); + for (iterations=0; iterations < 10; iterations++) { - cbPerfData += PERFORMANCE_BUFFER_STEP; - pPerfData = gcry_xrealloc (pPerfData, cbPerfData); - } - else - { - static int been_here; - - /* Silence the error message. In particular under Wine (as - of 2008) we would get swamped with such diagnotiscs. One - such diagnotiscs should be enough. */ - if (been_here != status) + dwSize = cbPerfData; + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_nt: get perf data\n" ); + + status = RegQueryValueEx (HKEY_PERFORMANCE_DATA, "Global", NULL, + NULL, (LPBYTE) pPerfData, &dwSize); + if (status == ERROR_SUCCESS) { - been_here = status; - log_debug ("rndw32: get performance data problem: ec=%ld\n", - status); + if (!memcmp (pPerfData->Signature, L"PERF", 8)) + (*add) ( pPerfData, dwSize, requester ); + else + log_debug ("rndw32: no PERF signature\n"); + break; } - break; + else if (status == ERROR_MORE_DATA) + { + cbPerfData += PERFORMANCE_BUFFER_STEP; + pPerfData = gcry_xrealloc (pPerfData, cbPerfData); + } + else + { + static int been_here; + + /* Silence the error message. In particular under Wine (as + of 2008) we would get swamped with such diagnotiscs. One + such diagnotiscs should be enough. */ + if (been_here != status) + { + been_here = status; + log_debug ("rndw32: get performance data problem: ec=%ld\n", + status); + } + break; + } } + gcry_free (pPerfData); } - gcry_free (pPerfData); /* Although this isn't documented in the Win32 API docs, it's necessary to explicitly close the HKEY_PERFORMANCE_DATA key after use (it's From cvs at cvs.gnupg.org Mon Oct 18 12:19:40 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 12:19:40 +0200 Subject: [svn] GnuPG - r5451 - tags Message-ID: Author: wk Date: 2010-10-18 12:19:39 +0200 (Mon, 18 Oct 2010) New Revision: 5451 Added: tags/gnupg-1.4.11/ Log: Release tag From cvs at cvs.gnupg.org Mon Oct 18 12:28:59 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 12:28:59 +0200 Subject: [svn] GnuPG - r5452 - branches/STABLE-BRANCH-1-4 Message-ID: Author: wk Date: 2010-10-18 12:28:58 +0200 (Mon, 18 Oct 2010) New Revision: 5452 Modified: branches/STABLE-BRANCH-1-4/NEWS branches/STABLE-BRANCH-1-4/configure.ac Log: Post release updates Modified: branches/STABLE-BRANCH-1-4/NEWS =================================================================== --- branches/STABLE-BRANCH-1-4/NEWS 2010-10-18 10:19:39 UTC (rev 5451) +++ branches/STABLE-BRANCH-1-4/NEWS 2010-10-18 10:28:58 UTC (rev 5452) @@ -1,3 +1,8 @@ +Noteworthy changes in version 1.4.12 (unreleased) +------------------------------------------------- + + + Noteworthy changes in version 1.4.11 (2010-10-18) ------------------------------------------------- Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2010-10-18 10:19:39 UTC (rev 5451) +++ branches/STABLE-BRANCH-1-4/configure.ac 2010-10-18 10:28:58 UTC (rev 5452) @@ -25,8 +25,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh --force" right before creating a distribution. -m4_define([my_version], [1.4.11]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.4.12]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) AC_INIT([gnupg], From cvs at cvs.gnupg.org Mon Oct 18 14:59:20 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 14:59:20 +0200 Subject: [svn] GnuPG - r5453 - in trunk: agent dirmngr g10 scd tools Message-ID: Author: wk Date: 2010-10-18 14:59:19 +0200 (Mon, 18 Oct 2010) New Revision: 5453 Modified: trunk/agent/ChangeLog trunk/agent/call-scd.c trunk/dirmngr/crlcache.c trunk/g10/ChangeLog trunk/g10/sign.c trunk/scd/ChangeLog trunk/scd/app-openpgp.c trunk/tools/mail-signed-keys Log: Fix a signing problem with the card Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-10-18 10:28:58 UTC (rev 5452) +++ trunk/agent/ChangeLog 2010-10-18 12:59:19 UTC (rev 5453) @@ -1,3 +1,8 @@ +2010-10-18 Werner Koch + + * call-scd.c (agent_card_pksign): Make sure to return an unsigned + number. + 2010-10-14 Werner Koch * command.c (cmd_genkey): Add option --no-protection. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-18 10:28:58 UTC (rev 5452) +++ trunk/g10/ChangeLog 2010-10-18 12:59:19 UTC (rev 5453) @@ -1,3 +1,7 @@ +2010-10-18 Werner Koch + + * sign.c (do_sign): Remove warning and commented old code. + 2010-10-14 Werner Koch * call-agent.c (agent_genkey): Add arg NO_PROTECTION. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2010-10-18 10:28:58 UTC (rev 5452) +++ trunk/scd/ChangeLog 2010-10-18 12:59:19 UTC (rev 5453) @@ -1,3 +1,8 @@ +2010-10-18 Werner Koch + + * app-openpgp.c (parse_algorithm_attribute): Remove extra const in + definition of DESC. + 2010-08-16 Werner Koch * scdaemon.c: Replace remaining printf by es_printf. Modified: trunk/agent/call-scd.c =================================================================== --- trunk/agent/call-scd.c 2010-10-18 10:28:58 UTC (rev 5452) +++ trunk/agent/call-scd.c 2010-10-18 12:59:19 UTC (rev 5453) @@ -1,5 +1,5 @@ /* call-scd.c - fork of the scdaemon to do SC operations - * Copyright (C) 2001, 2002, 2005, 2007 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2005, 2007, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -812,6 +812,7 @@ size_t len; unsigned char *sigbuf; size_t sigbuflen; + int prepend_nul; *r_buf = NULL; rc = start_scd (ctrl); @@ -850,15 +851,20 @@ sigbuf = get_membuf (&data, &sigbuflen); /* Create an S-expression from it which is formatted like this: - "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" */ - *r_buflen = 21 + 11 + sigbuflen + 4; + "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))". We better make sure + that this won't be interpreted as a negative number. */ + prepend_nul = (sigbuflen && (*sigbuf & 0x80)); + + *r_buflen = 21 + 11 + prepend_nul + sigbuflen + 4; p = xtrymalloc (*r_buflen); *r_buf = (unsigned char*)p; if (!p) return unlock_scd (ctrl, out_of_core ()); p = stpcpy (p, "(7:sig-val(3:rsa(1:s" ); - sprintf (p, "%u:", (unsigned int)sigbuflen); + sprintf (p, "%u:", (unsigned int)sigbuflen + prepend_nul); p += strlen (p); + if (prepend_nul) + *p++ = 0; memcpy (p, sigbuf, sigbuflen); p += sigbuflen; strcpy (p, ")))"); Modified: trunk/dirmngr/crlcache.c =================================================================== --- trunk/dirmngr/crlcache.c 2010-10-18 10:28:58 UTC (rev 5452) +++ trunk/dirmngr/crlcache.c 2010-10-18 12:59:19 UTC (rev 5453) @@ -1943,7 +1943,19 @@ /* Insert the CRL retrieved using URL into the cache specified by CACHE. The CRL itself will be read from the stream FP and is - expected in binary format. */ + expected in binary format. + + Called by: + crl_cache_load + cmd_loadcrl + --load-crl + crl_cache_reload_crl + cmd_isvalid + cmd_checkcrl + cmd_loadcrl + --fetch-crl + + */ gpg_error_t crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) { Modified: trunk/g10/sign.c =================================================================== --- trunk/g10/sign.c 2010-10-18 10:28:58 UTC (rev 5452) +++ trunk/g10/sign.c 2010-10-18 12:59:19 UTC (rev 5453) @@ -251,6 +251,7 @@ gpg_error_t err; gcry_mpi_t frame; byte *dp; + char *hexgrip; if (pksk->timestamp > sig->timestamp ) { @@ -277,64 +278,33 @@ sig->data[0] = NULL; sig->data[1] = NULL; -#warning fixme: Use the agent for the card -/* if (pksk->is_protected && pksk->protect.s2k.mode == 1002) */ -/* { */ -/* #ifdef ENABLE_CARD_SUPPORT */ -/* unsigned char *rbuf; */ -/* size_t rbuflen; */ -/* char *snbuf; */ - -/* snbuf = serialno_and_fpr_from_sk (sk->protect.iv, */ -/* sk->protect.ivlen, sk); */ -/* rc = agent_scd_pksign (snbuf, digest_algo, */ -/* gcry_md_read (md, digest_algo), */ -/* gcry_md_get_algo_dlen (digest_algo), */ -/* &rbuf, &rbuflen); */ -/* xfree (snbuf); */ -/* if (!rc) */ -/* { */ -/* if (gcry_mpi_scan (&sig->data[0], GCRYMPI_FMT_USG, */ -/* rbuf, rbuflen, NULL)) */ -/* BUG (); */ -/* xfree (rbuf); */ -/* } */ -/* #else */ -/* return gpg_error (GPG_ERR_NOT_SUPPORTED); */ -/* #endif /\* ENABLE_CARD_SUPPORT *\/ */ -/* } */ -/* else */ - if (1) + + err = hexkeygrip_from_pk (pksk, &hexgrip); + if (!err) { - char *hexgrip; + char *desc; + gcry_sexp_t s_sigval; - err = hexkeygrip_from_pk (pksk, &hexgrip); - if (!err) - { - char *desc; - gcry_sexp_t s_sigval; - - desc = gpg_format_keydesc (pksk, 0, 1); - err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc, - dp, gcry_md_get_algo_dlen (mdalgo), mdalgo, - &s_sigval); - xfree (desc); - - if (err) - ; - else if (pksk->pubkey_algo == GCRY_PK_RSA - || pksk->pubkey_algo == GCRY_PK_RSA_S) - sig->data[0] = mpi_from_sexp (s_sigval, "s"); - else - { - sig->data[0] = mpi_from_sexp (s_sigval, "r"); - sig->data[1] = mpi_from_sexp (s_sigval, "s"); - } + desc = gpg_format_keydesc (pksk, 0, 1); + err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc, + dp, gcry_md_get_algo_dlen (mdalgo), mdalgo, + &s_sigval); + xfree (desc); - gcry_sexp_release (s_sigval); + if (err) + ; + else if (pksk->pubkey_algo == GCRY_PK_RSA + || pksk->pubkey_algo == GCRY_PK_RSA_S) + sig->data[0] = mpi_from_sexp (s_sigval, "s"); + else + { + sig->data[0] = mpi_from_sexp (s_sigval, "r"); + sig->data[1] = mpi_from_sexp (s_sigval, "s"); } - xfree (hexgrip); + + gcry_sexp_release (s_sigval); } + xfree (hexgrip); /* Check that the signature verification worked and nothing is * fooling us e.g. by a bug in the signature create code or by Modified: trunk/scd/app-openpgp.c =================================================================== --- trunk/scd/app-openpgp.c 2010-10-18 10:28:58 UTC (rev 5452) +++ trunk/scd/app-openpgp.c 2010-10-18 12:59:19 UTC (rev 5453) @@ -3596,7 +3596,7 @@ unsigned char *buffer; size_t buflen; void *relptr; - const char const desc[3][5] = {"sign", "encr", "auth"}; + const char desc[3][5] = {"sign", "encr", "auth"}; assert (keyno >=0 && keyno <= 2); Modified: trunk/tools/mail-signed-keys =================================================================== --- trunk/tools/mail-signed-keys 2010-10-18 10:28:58 UTC (rev 5452) +++ trunk/tools/mail-signed-keys 2010-10-18 12:59:19 UTC (rev 5453) @@ -81,7 +81,7 @@ print "Hi," | sendmail print "" | sendmail print "Here you get back the signed key." | sendmail - print "Please send it yourself to a keyserver." | sendmail + print "I already sent them to the keyservers." | sendmail print "" | sendmail print "Peace," | sendmail print " " signame | sendmail From cvs at cvs.gnupg.org Mon Oct 18 15:40:06 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 15:40:06 +0200 Subject: [svn] GnuPG - r5454 - trunk/doc Message-ID: Author: wk Date: 2010-10-18 15:40:06 +0200 (Mon, 18 Oct 2010) New Revision: 5454 Modified: trunk/doc/ChangeLog trunk/doc/DETAILS Log: doc fix Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2010-10-18 12:59:19 UTC (rev 5453) +++ trunk/doc/ChangeLog 2010-10-18 13:40:06 UTC (rev 5454) @@ -1,3 +1,7 @@ +2010-10-18 Werner Koch + + * DETAILS: Fix description of IMPORT_RES. Reported by Nicholas Cole. + 2010-10-11 Daniel Kahn Gillmor (wk) * gpg.texi (GPG Configuration Options) : Describe %v Modified: trunk/doc/DETAILS =================================================================== --- trunk/doc/DETAILS 2010-10-18 12:59:19 UTC (rev 5453) +++ trunk/doc/DETAILS 2010-10-18 13:40:06 UTC (rev 5454) @@ -465,7 +465,8 @@ 4 := "Error storing certificate". IMPORT_RES - + + Final statistics on import process (this is one long line) FILE_START From cvs at cvs.gnupg.org Mon Oct 18 15:54:43 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 15:54:43 +0200 Subject: [svn] GnuPG - r5455 - trunk/g10 Message-ID: Author: wk Date: 2010-10-18 15:54:42 +0200 (Mon, 18 Oct 2010) New Revision: 5455 Modified: trunk/g10/ChangeLog trunk/g10/call-agent.c Log: replace some sprintf by bin2hex. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-18 13:40:06 UTC (rev 5454) +++ trunk/g10/ChangeLog 2010-10-18 13:54:42 UTC (rev 5455) @@ -1,5 +1,8 @@ 2010-10-18 Werner Koch + * call-agent.c (agent_scd_pksign): Replace sprintf by bin2hex. + (agent_scd_pkdecrypt, agent_pksign): Ditto. + * sign.c (do_sign): Remove warning and commented old code. 2010-10-14 Werner Koch Modified: trunk/g10/call-agent.c =================================================================== --- trunk/g10/call-agent.c 2010-10-18 13:40:06 UTC (rev 5454) +++ trunk/g10/call-agent.c 2010-10-18 13:54:42 UTC (rev 5455) @@ -935,8 +935,8 @@ const unsigned char *indata, size_t indatalen, unsigned char **r_buf, size_t *r_buflen) { - int rc, i; - char *p, line[ASSUAN_LINELENGTH]; + int rc; + char line[ASSUAN_LINELENGTH]; membuf_t data; size_t len; @@ -959,10 +959,9 @@ if (rc) return rc; - sprintf (line, "SCD SETDATA "); - p = line + strlen (line); - for (i=0; i < indatalen ; i++, p += 2 ) - sprintf (p, "%02X", indata[i]); + strcpy (line, "SCD SETDATA "); + bin2hex (indata, indatalen, line + strlen (line)); + rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) return rc; @@ -999,8 +998,8 @@ const unsigned char *indata, size_t indatalen, unsigned char **r_buf, size_t *r_buflen) { - int rc, i; - char *p, line[ASSUAN_LINELENGTH]; + int rc; + char line[ASSUAN_LINELENGTH]; membuf_t data; size_t len; @@ -1020,10 +1019,9 @@ if (rc) return rc; - sprintf (line, "SCD SETDATA "); - p = line + strlen (line); - for (i=0; i < indatalen ; i++, p += 2 ) - sprintf (p, "%02X", indata[i]); + strcpy (line, "SCD SETDATA "); + bin2hex (indata, indatalen, line + strlen (line)); + rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) return rc; @@ -1635,8 +1633,7 @@ gcry_sexp_t *r_sigval) { gpg_error_t err; - int i; - char *p, line[ASSUAN_LINELENGTH]; + char line[ASSUAN_LINELENGTH]; membuf_t data; *r_sigval = NULL; @@ -1669,9 +1666,7 @@ } snprintf (line, sizeof line, "SETHASH %d ", digestalgo); - p = line + strlen (line); - for (i=0; i < digestlen ; i++, p += 2 ) - sprintf (p, "%02X", digest[i]); + bin2hex (digest, digestlen, line + strlen (line)); err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) return err; From cvs at cvs.gnupg.org Mon Oct 18 16:56:53 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 16:56:53 +0200 Subject: [svn] GnuPG - r5456 - in trunk: agent common po Message-ID: Author: wk Date: 2010-10-18 16:56:52 +0200 (Mon, 18 Oct 2010) New Revision: 5456 Modified: trunk/agent/ChangeLog trunk/agent/call-pinentry.c trunk/common/asshelp.c trunk/po/ChangeLog trunk/po/LINGUAS trunk/po/POTFILES.in trunk/po/de.po Log: Re-enabled german translation Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-10-18 13:54:42 UTC (rev 5455) +++ trunk/agent/ChangeLog 2010-10-18 14:56:52 UTC (rev 5456) @@ -1,5 +1,8 @@ 2010-10-18 Werner Koch + * call-pinentry.c (start_pinentry): Print name of pinentry on + connect error. + * call-scd.c (agent_card_pksign): Make sure to return an unsigned number. Modified: trunk/po/ChangeLog =================================================================== --- trunk/po/ChangeLog 2010-10-18 13:54:42 UTC (rev 5455) +++ trunk/po/ChangeLog 2010-10-18 14:56:52 UTC (rev 5456) @@ -1,3 +1,11 @@ +2010-10-18 Werner Koch + + * de.po: Update. + + * POTFILES.in: Add cvt-openpgp.c + + * LINGUAS: Re-enable de.po. + 2010-04-13 Marcus Brinkmann * POTFILES.in: Replace common/exechelp.c by Modified: trunk/agent/call-pinentry.c =================================================================== --- trunk/agent/call-pinentry.c 2010-10-18 13:54:42 UTC (rev 5455) +++ trunk/agent/call-pinentry.c 2010-10-18 14:56:52 UTC (rev 5456) @@ -332,8 +332,8 @@ ASSUAN_PIPE_CONNECT_DETACHED); if (rc) { - log_error ("can't connect to the PIN entry module: %s\n", - gpg_strerror (rc)); + log_error ("can't connect to the PIN entry module `%s': %s\n", + opt.pinentry_program, gpg_strerror (rc)); assuan_release (ctx); return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY)); } Modified: trunk/common/asshelp.c =================================================================== --- trunk/common/asshelp.c 2010-10-18 13:54:42 UTC (rev 5455) +++ trunk/common/asshelp.c 2010-10-18 14:56:52 UTC (rev 5456) @@ -366,8 +366,8 @@ agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT); if (verbose) - log_info (_("no running %s - starting `%s'\n"), - "gpg-agent", agent_program); + log_info (_("no running gpg-agent - starting `%s'\n"), + agent_program); if (status_cb) status_cb (status_cb_arg, STATUS_PROGRESS, @@ -579,8 +579,8 @@ dirmngr_program = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR); if (verbose) - log_info (_("no running %s - starting `%s'\n"), - "dirmngr", dirmngr_program); + log_info (_("no running Dirmngr - starting `%s'\n"), + dirmngr_program); if (status_cb) status_cb (status_cb_arg, STATUS_PROGRESS, Modified: trunk/po/LINGUAS =================================================================== --- trunk/po/LINGUAS 2010-10-18 13:54:42 UTC (rev 5455) +++ trunk/po/LINGUAS 2010-10-18 14:56:52 UTC (rev 5456) @@ -4,7 +4,7 @@ #ca #cs #da -#de +de #eo #el #es Modified: trunk/po/POTFILES.in =================================================================== --- trunk/po/POTFILES.in 2010-10-18 13:54:42 UTC (rev 5455) +++ trunk/po/POTFILES.in 2010-10-18 14:56:52 UTC (rev 5456) @@ -10,6 +10,7 @@ agent/trustlist.c agent/findkey.c agent/pksign.c +agent/cvt-openpgp.c common/exechelp-posix.c common/exechelp-w32.c Modified: trunk/po/de.po [not shown] From cvs at cvs.gnupg.org Mon Oct 18 17:17:24 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 17:17:24 +0200 Subject: [svn] GnuPG - r5457 - branches/STABLE-BRANCH-1-4/po Message-ID: Author: wk Date: 2010-10-18 17:17:23 +0200 (Mon, 18 Oct 2010) New Revision: 5457 Modified: branches/STABLE-BRANCH-1-4/po/ChangeLog branches/STABLE-BRANCH-1-4/po/zh_TW.po Log: Two little updates Modified: branches/STABLE-BRANCH-1-4/po/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/po/ChangeLog 2010-10-18 14:56:52 UTC (rev 5456) +++ branches/STABLE-BRANCH-1-4/po/ChangeLog 2010-10-18 15:17:23 UTC (rev 5457) @@ -1,3 +1,7 @@ +2010-10-18 Jedi Lin (wk) + + * zh_TW.po: Update [not in 1.4.11] + 2010-10-18 Werner Koch * de.po: Two updates. Modified: branches/STABLE-BRANCH-1-4/po/zh_TW.po [not shown] From cvs at cvs.gnupg.org Mon Oct 18 20:19:45 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 18 Oct 2010 20:19:45 +0200 Subject: [svn] GnuPG - r5458 - in trunk: . scripts Message-ID: Author: wk Date: 2010-10-18 20:19:45 +0200 (Mon, 18 Oct 2010) New Revision: 5458 Added: trunk/scripts/potomo Modified: trunk/ChangeLog trunk/Makefile.am Log: Install the mo files on W32 platforms Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-18 15:17:23 UTC (rev 5457) +++ trunk/ChangeLog 2010-10-18 18:19:45 UTC (rev 5458) @@ -1,3 +1,7 @@ +2010-10-18 Werner Koch + + * Makefile.am (install-data-hook): Add W32 specific hook. + 2010-10-08 Werner Koch * configure.ac: Add option --enable-dirmngr-auto-start. Modified: trunk/Makefile.am =================================================================== --- trunk/Makefile.am 2010-10-18 15:17:23 UTC (rev 5457) +++ trunk/Makefile.am 2010-10-18 18:19:45 UTC (rev 5458) @@ -22,7 +22,7 @@ AUTOMAKE_OPTIONS = dist-bzip2 no-dist-gzip DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto -EXTRA_DIST = scripts/config.rpath autogen.sh README.SVN +EXTRA_DIST = scripts/config.rpath scripts/potomo autogen.sh README.SVN DISTCLEANFILES = g10defs.h if BUILD_GPGSM @@ -93,7 +93,19 @@ dist-hook: echo "$(VERSION)" > $(distdir)/VERSION +if HAVE_W32_SYSTEM +install-data-hook: + set -e; \ + for i in $$($(top_srcdir)/scripts/potomo \ + --get-linguas $(top_srcdir)/po) ; do \ + $(MKDIR_P) "$(DESTDIR)$(localedir)/$$i/LC_MESSAGES" || true; \ + rm -f "$(DESTDIR)$(localedir)/$$i/LC_MESSAGES/gnupg2.mo" \ + 2>/dev/null || true; \ + $(top_srcdir)/scripts/potomo $(top_srcdir)/po/$$i.po \ + "$(DESTDIR)$(localedir)/$$i/LC_MESSAGES/gnupg2.mo" ; \ + done +endif + stowinstall: $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/gnupg - Added: trunk/scripts/potomo =================================================================== --- trunk/scripts/potomo (rev 0) +++ trunk/scripts/potomo 2010-10-18 18:19:45 UTC (rev 5458) @@ -0,0 +1,64 @@ +#!/bin/sh +# potomo - Convert a .po file to an utf-8 encoded .mo file. +# Copyright 2008 g10 Code GmbH +# Copyright 2010 Free Software Foundation, Inc. +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This script is used to create the mo files for applications using +# the simple gettext implementation provided by libgpg-error. That +# gettext can only cope with utf-8 encoded mo files; thus we make this +# sure while creating the mo. A conversion is not done if the source +# file does not exist or if it is not newer than the mo file. + +if [ "$1" = "--get-linguas" -a $# -eq 2 ]; then + if [ ! -f "$2/LINGUAS" ]; then + echo "potomo: directory '$2' has no LINGUAS file" >&2 + exit 1 + fi + echo $(sed -e "/^#/d" -e "s/#.*//" "$2"/LINGUAS) + exit 0 +fi + +if [ $# -ne 2 ]; then + echo "usage: potomo INFILE.PO OUTFILE.MO" >&2 + echo " potomo --get-linguas DIR" >&2 + exit 1 +fi +infile="$1" +outfile="$2" + +if [ ! -f "$infile" ]; then + echo "potomo: '$infile' not found - ignored" 2>&1 + exit 0 +fi + +if [ "$outfile" -nt "$infile" ]; then + echo "potomo: '$outfile' is newer than source - keeping" 2>&1 + exit 0 +fi + +# Note that we could use the newer msgconv. However this tool was not +# widely available back in 2008. + +fromset=`sed -n '/^"Content-Type:/ s/.*charset=\([a-zA-Z0-9_-]*\).*/\1/p' \ + "$infile"` + +case "$fromset" in + utf8|utf-8|UTF8|UTF-8) + echo "potomo: '$infile' keeping $fromset" >&2 + msgfmt --output-file="$outfile" "$infile" + ;; + *) + echo "potomo: '$infile' converting from $fromset to utf-8" >&2 + iconv --silent --from-code=$fromset --to-code=utf-8 < "$infile" |\ + sed "/^\"Content-Type:/ s/charset=[a-zA-Z0-9_-]*/charset=utf-8/"|\ + msgfmt --output-file="$outfile" - + ;; +esac Property changes on: trunk/scripts/potomo ___________________________________________________________________ Added: svn:executable + * From cvs at cvs.gnupg.org Tue Oct 19 18:46:56 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 19 Oct 2010 18:46:56 +0200 Subject: [svn] pinentry - r240 - in trunk: . pinentry Message-ID: Author: wk Date: 2010-10-19 18:46:56 +0200 (Tue, 19 Oct 2010) New Revision: 240 Modified: trunk/ChangeLog trunk/pinentry/pinentry.c Log: Detect --display=FOO in addition to --display FOO. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-12 15:58:19 UTC (rev 239) +++ trunk/ChangeLog 2010-10-19 16:46:56 UTC (rev 240) @@ -1,3 +1,8 @@ +2010-10-19 Werner Koch + + * pinentry/pinentry.c (pinentry_have_display): Also detect + --display=DISPID. + 2010-10-12 Werner Koch * qt/main.cpp (escape_accel): New. Adapt from from qt4/. Modified: trunk/pinentry/pinentry.c =================================================================== --- trunk/pinentry/pinentry.c 2010-10-12 15:58:19 UTC (rev 239) +++ trunk/pinentry/pinentry.c 2010-10-19 16:46:56 UTC (rev 240) @@ -395,7 +395,7 @@ return 1; #endif for (; argc; argc--, argv++) - if (!strcmp (*argv, "--display")) + if (!strcmp (*argv, "--display") || !strncmp (*argv, "--display=", 10)) return 1; return 0; } From cvs at cvs.gnupg.org Wed Oct 20 04:27:26 2010 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Wed, 20 Oct 2010 04:27:26 +0200 Subject: [svn] GnuPG - r5459 - branches/STABLE-BRANCH-1-4/checks Message-ID: Author: dshaw Date: 2010-10-20 04:27:25 +0200 (Wed, 20 Oct 2010) New Revision: 5459 Modified: branches/STABLE-BRANCH-1-4/checks/ChangeLog branches/STABLE-BRANCH-1-4/checks/armor.test Log: * armor.test: Tweak the bug 1179 test to only run if Twofish is included in the program. The sample message requires Twofish. Modified: branches/STABLE-BRANCH-1-4/checks/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/checks/ChangeLog 2010-10-18 18:19:45 UTC (rev 5458) +++ branches/STABLE-BRANCH-1-4/checks/ChangeLog 2010-10-20 02:27:25 UTC (rev 5459) @@ -1,3 +1,8 @@ +2010-10-19 David Shaw + + * armor.test: Tweak the bug 1179 test to only run if Twofish is + included in the program. The sample message requires Twofish. + 2010-05-12 Werner Koch * armor.test: Extend to test bug 1179. Modified: branches/STABLE-BRANCH-1-4/checks/armor.test =================================================================== --- branches/STABLE-BRANCH-1-4/checks/armor.test 2010-10-18 18:19:45 UTC (rev 5458) +++ branches/STABLE-BRANCH-1-4/checks/armor.test 2010-10-20 02:27:25 UTC (rev 5459) @@ -739,16 +739,20 @@ # armor filter gpg swalled the CRC line and passed the '-----END...' # line on to the decryption layer. -i=alpha_seckey -info "importing: $i" -eval "(IFS=; echo \"\$$i\")" >x -$GPG --import x || true +# Can only perform this test if we have Twofish -i=nopad_armored_msg -info "checking: $i" -eval "(IFS=; echo \"\$$i\")" >x -if echo "abc" | $GPG --passphrase-fd 0 -o - x > /dev/null ; then - : -else - error "bug#1179 is back in town" +if $GPG --with-colons --list-config ciphername | grep TWOFISH > /dev/null 2>/dev/null ; then + i=alpha_seckey + info "importing: $i" + eval "(IFS=; echo \"\$$i\")" >x + $GPG --import x || true + + i=nopad_armored_msg + info "checking: $i" + eval "(IFS=; echo \"\$$i\")" >x + if echo "abc" | $GPG --passphrase-fd 0 -o - x > /dev/null ; then + : + else + error "bug#1179 is back in town" + fi fi From cvs at cvs.gnupg.org Wed Oct 20 08:51:12 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 20 Oct 2010 08:51:12 +0200 Subject: [svn] GnuPG - r5460 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: wk Date: 2010-10-20 08:51:11 +0200 (Wed, 20 Oct 2010) New Revision: 5460 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/encr-data.c branches/STABLE-BRANCH-1-4/g10/keyid.c branches/STABLE-BRANCH-1-4/g10/parse-packet.c branches/STABLE-BRANCH-1-4/g10/trustdb.c Log: Remove warnings on VMS Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-20 02:27:25 UTC (rev 5459) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-20 06:51:11 UTC (rev 5460) @@ -1,3 +1,10 @@ +2010-10-20 Werner Koch + + * encr-data.c (decode_filter): Cast -1 to size_t. Reported by + Steven M. Schweda. + * parse-packet.c (parse_key): Ditto. + * trustdb.c (validate_keys): Likewise to unsigned int. + 2010-10-18 Werner Koch * app-openpgp.c (parse_algorithm_attribute): Remove extra const in Modified: branches/STABLE-BRANCH-1-4/g10/encr-data.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/encr-data.c 2010-10-20 02:27:25 UTC (rev 5459) +++ branches/STABLE-BRANCH-1-4/g10/encr-data.c 2010-10-20 06:51:11 UTC (rev 5460) @@ -298,7 +298,8 @@ if( control == IOBUFCTRL_UNDERFLOW ) { assert(a); n = iobuf_read( a, buf, size ); - if( n == -1 ) n = 0; + if (n == (size_t)(-1)) + n = 0; if( n ) { if (fc->cipher_hd) cipher_decrypt( fc->cipher_hd, buf, buf, n); Modified: branches/STABLE-BRANCH-1-4/g10/keyid.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/keyid.c 2010-10-20 02:27:25 UTC (rev 5459) +++ branches/STABLE-BRANCH-1-4/g10/keyid.c 2010-10-20 06:51:11 UTC (rev 5460) @@ -444,6 +444,10 @@ { struct tm *tp; + /* Note: VMS uses an unsigned time_t thus the compiler yields a + warning here. You may ignore this warning or def out this test + for VMS. The proper way to handle this would be a configure + test to a detect properly implemented unsigned time_t. */ if ( atime < 0 ) /* 32 bit time_t and after 2038-01-19 */ strcpy (buffer, "????" "-??" "-??"); /* mark this as invalid */ else { Modified: branches/STABLE-BRANCH-1-4/g10/parse-packet.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/parse-packet.c 2010-10-20 02:27:25 UTC (rev 5459) +++ branches/STABLE-BRANCH-1-4/g10/parse-packet.c 2010-10-20 06:51:11 UTC (rev 5460) @@ -1842,7 +1842,7 @@ } snlen = iobuf_get (inp); pktlen--; - if (pktlen < snlen || snlen == -1) { + if (pktlen < snlen || snlen == (size_t)(-1)) { rc = G10ERR_INVALID_PACKET; goto leave; } Modified: branches/STABLE-BRANCH-1-4/g10/trustdb.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/trustdb.c 2010-10-20 02:27:25 UTC (rev 5459) +++ branches/STABLE-BRANCH-1-4/g10/trustdb.c 2010-10-20 06:51:11 UTC (rev 5460) @@ -2343,7 +2343,7 @@ { k->ownertrust = ask_ownertrust (k->kid,min); - if (k->ownertrust == -1) + if (k->ownertrust == (unsigned int)(-1)) { quit=1; goto leave; From cvs at cvs.gnupg.org Wed Oct 20 13:33:52 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 20 Oct 2010 13:33:52 +0200 Subject: [svn] GnuPG - r5461 - trunk/g10 Message-ID: Author: wk Date: 2010-10-20 13:33:50 +0200 (Wed, 20 Oct 2010) New Revision: 5461 Modified: trunk/g10/ChangeLog trunk/g10/free-packet.c trunk/g10/getkey.c trunk/g10/kbnode.c trunk/g10/keyedit.c trunk/g10/keyid.c trunk/g10/keylist.c trunk/g10/keyserver.c trunk/g10/mainproc.c trunk/g10/misc.c trunk/g10/packet.h trunk/g10/parse-packet.c trunk/g10/pkclist.c trunk/g10/pubkey-enc.c trunk/g10/seckey-cert.c trunk/g10/sig-check.c trunk/g10/sign.c trunk/g10/trustdb.c Log: Make public key data structure easier to read. Check vor v1 card while signing. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/ChangeLog 2010-10-20 11:33:50 UTC (rev 5461) @@ -1,3 +1,28 @@ +2010-10-20 Werner Koch + + * packet.h (PKT_public_key): s/mdc_feature/flags.mdc/. Change all + users. + (PKT_public_key): Split is_disabled into flags.disabled_valid and + flags.disabled. Change all users. + (pk_is_disabled): Adjust for change. + (PKT_public_key): s/is_primary/flags.primary/. Change all users. + (PKT_public_key): s/is_revoked/flags.revoked/. Change all users. + (PKT_public_key): s/maybe_revoked/flags.maybe_revoked/. Change all + users. + (PKT_public_key): s/is_valid/flags.valid/. Change all users. + (PKT_public_key): s/dont_cache/flags.dont_cache/. Change all users. + (PKT_public_key): s/backsig/flags.backsig/. Change all users. + + * sign.c (openpgp_card_v1_p): New. + (hash_for): Re-implement test for v1 cards. + * packet.h (PKT_public_key): Add field serialno and + flags.serialno_valid. + * free-packet.c (release_public_key_parts): Free serialno. + + * parse-packet.c (parse_key): Cast -1 to size_t. + * trustdb.c (validate_keys): Cast -1 to size_t. Suggested by + Steven M. Schweda. + 2010-10-18 Werner Koch * call-agent.c (agent_scd_pksign): Replace sprintf by bin2hex. Modified: trunk/g10/free-packet.c =================================================================== --- trunk/g10/free-packet.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/free-packet.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -112,7 +112,11 @@ pk->revkey=NULL; pk->numrevkeys=0; } - + if (pk->serialno) + { + xfree (pk->serialno); + pk->serialno = NULL; + } } Modified: trunk/g10/getkey.c =================================================================== --- trunk/g10/getkey.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/getkey.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -134,7 +134,7 @@ if (pk_cache_disabled) return; - if (pk->dont_cache) + if (pk->flags.dont_cache) return; if (is_ELGAMAL (pk->pubkey_algo) @@ -1411,6 +1411,8 @@ rinfo->keyid[1] = sig->keyid[1]; } + +/* Note that R_REVOKED may be set to 0, 1 or 2. */ static void merge_selfsigs_main (KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) @@ -1571,7 +1573,7 @@ /* Mark that key as valid: One direct key signature should * render a key as valid. */ - pk->is_valid = 1; + pk->flags.valid = 1; } /* Pass 1.5: Look for key revocation signatures that were not made @@ -1599,7 +1601,7 @@ break; } else if (rc == G10ERR_NO_PUBKEY) - pk->maybe_revoked = 1; + pk->flags.maybe_revoked = 1; /* A failure here means the sig did not verify, was not issued by a revocation key, or a revocation @@ -1623,7 +1625,7 @@ if (uidnode && signode) { fixup_uidnode (uidnode, signode, keytimestamp); - pk->is_valid = 1; + pk->flags.valid = 1; } uidnode = k; signode = NULL; @@ -1659,22 +1661,22 @@ if (uidnode && signode) { fixup_uidnode (uidnode, signode, keytimestamp); - pk->is_valid = 1; + pk->flags.valid = 1; } /* If the key isn't valid yet, and we have --allow-non-selfsigned-uid set, then force it valid. */ - if (!pk->is_valid && opt.allow_non_selfsigned_uid) + if (!pk->flags.valid && opt.allow_non_selfsigned_uid) { if (opt.verbose) log_info (_("Invalid key %s made valid by" " --allow-non-selfsigned-uid\n"), keystr_from_pk (pk)); - pk->is_valid = 1; + pk->flags.valid = 1; } /* The key STILL isn't valid, so try and find an ultimately trusted signature. */ - if (!pk->is_valid) + if (!pk->flags.valid) { uidnode = NULL; @@ -1705,7 +1707,7 @@ && get_ownertrust (ultimate_pk) == TRUST_ULTIMATE) { free_public_key (ultimate_pk); - pk->is_valid = 1; + pk->flags.valid = 1; break; } @@ -1942,7 +1944,7 @@ subpk = subnode->pkt->pkt.public_key; keytimestamp = subpk->timestamp; - subpk->is_valid = 0; + subpk->flags.valid = 0; subpk->main_keyid[0] = mainpk->main_keyid[0]; subpk->main_keyid[1] = mainpk->main_keyid[1]; @@ -1969,7 +1971,7 @@ subkeys rather than re-sign old ones as the problem is in the distribution. Plus, PGP (7) does this the same way. */ - subpk->is_revoked = 1; + subpk->flags.revoked = 1; sig_to_revoke_info (sig, &subpk->revoked); /* Although we could stop now, we continue to * figure out other information like the old expiration @@ -2025,10 +2027,10 @@ if (openpgp_pk_test_algo (subpk->pubkey_algo)) return; - subpk->is_valid = 1; + subpk->flags.valid = 1; /* Find the most recent 0x19 embedded signature on our self-sig. */ - if (subpk->backsig == 0) + if (!subpk->flags.backsig) { int seq = 0; size_t n; @@ -2093,9 +2095,9 @@ /* 2==valid, 1==invalid, 0==didn't check */ if (check_backsig (mainpk, subpk, backsig) == 0) - subpk->backsig = 2; + subpk->flags.backsig = 2; else - subpk->backsig = 1; + subpk->flags.backsig = 1; free_seckey_enc (backsig); } @@ -2123,7 +2125,7 @@ struct revoke_info rinfo; PKT_public_key *main_pk; prefitem_t *prefs; - int mdc_feature; + unsigned int mdc_feature; if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY) { @@ -2151,7 +2153,7 @@ } main_pk = keyblock->pkt->pkt.public_key; - if (revoked || main_pk->has_expired || !main_pk->is_valid) + if (revoked || main_pk->has_expired || !main_pk->flags.valid) { /* If the primary key is revoked, expired, or invalid we * better set the appropriate flags on that key and all @@ -2162,11 +2164,11 @@ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY) { PKT_public_key *pk = k->pkt->pkt.public_key; - if (!main_pk->is_valid) - pk->is_valid = 0; - if (revoked && !pk->is_revoked) + if (!main_pk->flags.valid) + pk->flags.valid = 0; + if (revoked && !pk->flags.revoked) { - pk->is_revoked = revoked; + pk->flags.revoked = revoked; memcpy (&pk->revoked, &rinfo, sizeof (rinfo)); } if (main_pk->has_expired) @@ -2206,7 +2208,7 @@ if (pk->prefs) xfree (pk->prefs); pk->prefs = copy_prefs (prefs); - pk->mdc_feature = mdc_feature; + pk->flags.mdc = mdc_feature; } } } @@ -2313,13 +2315,13 @@ if (DBG_CACHE) log_debug ("\tchecking subkey %08lX\n", (ulong) keyid_from_pk (pk, NULL)); - if (!pk->is_valid) + if (!pk->flags.valid) { if (DBG_CACHE) log_debug ("\tsubkey not valid\n"); continue; } - if (pk->is_revoked) + if (pk->flags.revoked) { if (DBG_CACHE) log_debug ("\tsubkey has been revoked\n"); @@ -2368,12 +2370,12 @@ if (DBG_CACHE && !foundk && !req_prim) log_debug ("\tno suitable subkeys found - trying primary\n"); pk = keyblock->pkt->pkt.public_key; - if (!pk->is_valid) + if (!pk->flags.valid) { if (DBG_CACHE) log_debug ("\tprimary key not valid\n"); } - else if (pk->is_revoked) + else if (pk->flags.revoked) { if (DBG_CACHE) log_debug ("\tprimary key has been revoked\n"); Modified: trunk/g10/kbnode.c =================================================================== --- trunk/g10/kbnode.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/kbnode.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -396,9 +396,9 @@ (ulong)keyid_from_pk( pk, NULL ), pk->pubkey_algo, pk->pubkey_usage, pk->has_expired? 'e':'.', - pk->is_revoked? 'r':'.', - pk->is_valid? 'v':'.', - pk->mdc_feature? 'm':'.'); + pk->flags.revoked? 'r':'.', + pk->flags.valid? 'v':'.', + pk->flags.mdc? 'm':'.'); } log_flush (); Modified: trunk/g10/keyedit.c =================================================================== --- trunk/g10/keyedit.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/keyedit.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -1807,7 +1807,7 @@ { int localsig = 0, nonrevokesig = 0, trustsig = 0, interactive = 0; - if (pk->is_revoked) + if (pk->flags.revoked) { tty_printf (_("Key is revoked.")); @@ -2651,9 +2651,9 @@ fputs (node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub:" : "sub:", stdout); - if (!pk->is_valid) + if (!pk->flags.valid) putchar ('i'); - else if (pk->is_revoked) + else if (pk->flags.revoked) putchar ('r'); else if (pk->has_expired) putchar ('e'); @@ -2882,7 +2882,7 @@ primary = pk; } - if (pk->is_revoked) + if (pk->flags.revoked) { char *user = get_user_id_string_native (pk->revoked.keyid); tty_printf (_("The following key was revoked on" @@ -2933,7 +2933,7 @@ tty_printf (_("created: %s"), datestr_from_pk (pk)); tty_printf (" "); - if (pk->is_revoked) + if (pk->flags.revoked) tty_printf (_("revoked: %s"), revokestr_from_pk (pk)); else if (pk->has_expired) tty_printf (_("expired: %s"), expirestr_from_pk (pk)); @@ -3754,7 +3754,7 @@ { if (node->pkt->pkt.public_key->pubkey_usage & PUBKEY_USAGE_SIG) { - if (node->pkt->pkt.public_key->backsig) + if (node->pkt->pkt.public_key->flags.backsig) tty_printf (_ ("signing subkey %s is already cross-certified\n"), keystr_from_pk (node->pkt->pkt.public_key)); @@ -5028,7 +5028,7 @@ PACKET *pkt; PKT_signature *sig; - if (pk->is_revoked) + if (pk->flags.revoked) { tty_printf (_("Key %s is already revoked.\n"), keystr_from_pk (pk)); return 0; @@ -5089,7 +5089,7 @@ PKT_public_key *subpk = node->pkt->pkt.public_key; struct sign_attrib attrib; - if (subpk->is_revoked) + if (subpk->flags.revoked) { tty_printf (_("Subkey %s is already revoked.\n"), keystr_from_pk (subpk)); Modified: trunk/g10/keyid.c =================================================================== --- trunk/g10/keyid.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/keyid.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -446,6 +446,10 @@ { struct tm *tp; + /* Note: VMS uses an unsigned time_t thus the compiler yields a + warning here. You may ignore this warning or def out this test + for VMS. The proper way to handle this would be a configure test + to a detect properly implemented unsigned time_t. */ if ( atime < 0 ) /* 32 bit time_t and after 2038-01-19 */ strcpy (buffer, "????" "-??" "-??"); /* mark this as invalid */ else Modified: trunk/g10/keylist.c =================================================================== --- trunk/g10/keylist.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/keylist.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -601,7 +601,7 @@ if (use & PUBKEY_USAGE_SIG) { es_putc ('s', es_stdout); - if (pk->is_primary) + if (pk->flags.primary) { es_putc ('c', es_stdout); /* The PUBKEY_USAGE_CERT flag was introduced later and we @@ -631,17 +631,17 @@ { pk = k->pkt->pkt.public_key; - if (pk->is_primary) + if (pk->flags.primary) disabled = pk_is_disabled (pk); - if (pk->is_valid && !pk->is_revoked && !pk->has_expired) + if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired) { if (pk->pubkey_usage & PUBKEY_USAGE_ENC) enc = 1; if (pk->pubkey_usage & PUBKEY_USAGE_SIG) { sign = 1; - if (pk->is_primary) + if (pk->flags.primary) cert = 1; } if (pk->pubkey_usage & PUBKEY_USAGE_CERT) @@ -805,7 +805,7 @@ nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo), keystr_from_pk (pk), datestr_from_pk (pk)); - if (pk->is_revoked) + if (pk->flags.revoked) { es_fprintf (es_stdout, " ["); es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk)); @@ -895,7 +895,7 @@ { PKT_public_key *pk2 = node->pkt->pkt.public_key; - if ((pk2->is_revoked || pk2->has_expired) + if ((pk2->flags.revoked || pk2->has_expired) && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS)) { skip_sigs = 1; @@ -928,7 +928,7 @@ s2k_char, nbits_from_pk (pk2), pubkey_letter (pk2->pubkey_algo), keystr_from_pk (pk2), datestr_from_pk (pk2)); - if (pk2->is_revoked) + if (pk2->flags.revoked) { es_fprintf (es_stdout, " ["); es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk2)); @@ -1131,9 +1131,9 @@ keyid_from_pk (pk, keyid); es_fputs (secret? "sec:":"pub:", es_stdout); - if (!pk->is_valid) + if (!pk->flags.valid) es_putc ('i', es_stdout); - else if (pk->is_revoked) + else if (pk->flags.revoked) es_putc ('r', es_stdout); else if (pk->has_expired) es_putc ('e', es_stdout); @@ -1193,7 +1193,7 @@ if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL) dump_attribs (node->pkt->pkt.user_id, pk); /* - * Fixme: We need a is_valid flag here too + * Fixme: We need a valid flag here too */ str = uid->attrib_data ? "uat" : "uid"; if (uid->is_revoked) @@ -1251,9 +1251,9 @@ keyid_from_pk (pk2, keyid2); es_fputs (secret? "ssb:":"sub:", es_stdout); - if (!pk2->is_valid) + if (!pk2->flags.valid) es_putc ('i', es_stdout); - else if (pk2->is_revoked) + else if (pk2->flags.revoked) es_putc ('r', es_stdout); else if (pk2->has_expired) es_putc ('e', es_stdout); Modified: trunk/g10/keyserver.c =================================================================== --- trunk/g10/keyserver.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/keyserver.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -1282,7 +1282,7 @@ pk->timestamp, pk->expiredate); - if(pk->is_revoked) + if(pk->flags.revoked) fprintf(spawn->tochild,"r"); if(pk->has_expired) fprintf(spawn->tochild,"e"); Modified: trunk/g10/mainproc.c =================================================================== --- trunk/g10/mainproc.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/mainproc.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -1002,7 +1002,7 @@ else { /* of subkey */ - if( pk->is_revoked ) + if( pk->flags.revoked ) { printf(" ["); printf(_("revoked: %s"),revokestr_from_pk(pk)); @@ -1930,7 +1930,7 @@ sig->version,sig->pubkey_algo,sig->digest_algo, sig->sig_class); bufp = bufp + strlen (bufp); - if (!vpk->is_primary) { + if (!vpk->flags.primary) { u32 akid[2]; akid[0] = vpk->main_keyid[0]; Modified: trunk/g10/misc.c =================================================================== --- trunk/g10/misc.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/misc.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -657,7 +657,7 @@ if((*(ch+1))=='p' && args->pksk) { - if(args->pksk->is_primary) + if(args->pksk->flags.primary) fingerprint_from_pk (args->pksk, array, &len); else if (args->pksk->main_keyid[0] || args->pksk->main_keyid[1]) Modified: trunk/g10/packet.h =================================================================== --- trunk/g10/packet.h 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/packet.h 2010-10-20 11:33:50 UTC (rev 5461) @@ -235,48 +235,61 @@ * elements; the extra secret key information are stored in the * SECKEY_INFO field. */ -typedef struct { - u32 timestamp; /* key made */ - u32 expiredate; /* expires at this date or 0 if not at all */ - u32 max_expiredate; /* must not expire past this date */ - struct revoke_info revoked; - byte hdrbytes; /* number of header bytes */ - byte version; - byte selfsigversion; /* highest version of all of the self-sigs */ - byte pubkey_algo; /* algorithm used for public key scheme */ - byte pubkey_usage; /* for now only used to pass it to getkey() */ - byte req_usage; /* hack to pass a request to getkey() */ - byte req_algo; /* Ditto */ - u32 has_expired; /* set to the expiration date if expired */ - int is_revoked; /* key has been revoked, 1 if by the - owner, 2 if by a designated revoker */ - int maybe_revoked; /* a designated revocation is present, but - without the key to check it */ - int is_valid; /* key (especially subkey) is valid */ - int dont_cache; /* do not cache this */ - byte backsig; /* 0=none, 1=bad, 2=good */ - u32 main_keyid[2]; /* keyid of the primary key */ - u32 keyid[2]; /* calculated by keyid_from_pk() */ - byte is_primary; - byte is_disabled; /* 0 for unset, 1 for enabled, 2 for disabled. */ - prefitem_t *prefs; /* list of preferences (may be NULL) */ - int mdc_feature; /* mdc feature set */ - PKT_user_id *user_id; /* if != NULL: found by that uid */ - struct revocation_key *revkey; - int numrevkeys; - u32 trust_timestamp; - byte trust_depth; - byte trust_value; - const byte *trust_regexp; - struct seckey_info *seckey_info; /* If not NULL this malloced - structure describes a secret - key. */ - gcry_mpi_t pkey[PUBKEY_MAX_NSKEY]; /* Right, NSKEY elements. */ +typedef struct +{ + u32 timestamp; /* key made */ + u32 expiredate; /* expires at this date or 0 if not at all */ + u32 max_expiredate; /* must not expire past this date */ + struct revoke_info revoked; + byte hdrbytes; /* number of header bytes */ + byte version; + byte selfsigversion; /* highest version of all of the self-sigs */ + byte pubkey_algo; /* algorithm used for public key scheme */ + byte pubkey_usage; /* for now only used to pass it to getkey() */ + byte req_usage; /* hack to pass a request to getkey() */ + byte req_algo; /* Ditto */ + u32 has_expired; /* set to the expiration date if expired */ + u32 main_keyid[2]; /* keyid of the primary key */ + u32 keyid[2]; /* calculated by keyid_from_pk() */ + prefitem_t *prefs; /* list of preferences (may be NULL) */ + struct + { + unsigned int mdc:1; /* MDC feature set. */ + unsigned int disabled_valid:1;/* The next flag is valid. */ + unsigned int disabled:1; /* The key has been disabled. */ + unsigned int primary:1; /* This is a primary key. */ + unsigned int revoked:2; /* Key has been revoked. + 1 = revoked by the owner + 2 = revoked by designated revoker. */ + unsigned int maybe_revoked:1; /* A designated revocation is + present, but without the key to + check it. */ + unsigned int valid:1; /* Key (especially subkey) is valid. */ + unsigned int dont_cache:1; /* Do not cache this key. */ + unsigned int backsig:2; /* 0=none, 1=bad, 2=good. */ + unsigned int serialno_valid:1;/* SERIALNO below is valid. */ + } flags; + PKT_user_id *user_id; /* If != NULL: found by that uid. */ + struct revocation_key *revkey; + int numrevkeys; + u32 trust_timestamp; + byte trust_depth; + byte trust_value; + const byte *trust_regexp; + char *serialno; /* Malloced hex string or NULL if it is + likely not on a card. See also + flags.serialno_valid. */ + struct seckey_info *seckey_info; /* If not NULL this malloced + structure describes a secret + key. */ + gcry_mpi_t pkey[PUBKEY_MAX_NSKEY]; /* Right, NSKEY elements. */ } PKT_public_key; /* Evaluates as true if the pk is disabled, and false if it isn't. If there is no disable value cached, fill one in. */ -#define pk_is_disabled(a) (((a)->is_disabled)?((a)->is_disabled==2):(cache_disabled_value((a)))) +#define pk_is_disabled(a) \ + (((a)->flags.disabled_valid)? \ + ((a)->flags.disabled):(cache_disabled_value((a)))) typedef struct { Modified: trunk/g10/parse-packet.c =================================================================== --- trunk/g10/parse-packet.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/parse-packet.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -1901,7 +1901,7 @@ pk->max_expiredate = max_expiredate; pk->hdrbytes = hdrlen; pk->version = version; - pk->is_primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY); + pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY); pk->pubkey_algo = algorithm; nskey = pubkey_get_nskey (algorithm); @@ -2085,7 +2085,7 @@ } snlen = iobuf_get (inp); pktlen--; - if (pktlen < snlen || snlen == -1) + if (pktlen < snlen || snlen == (size_t)(-1)) { err = gpg_error (GPG_ERR_INV_PACKET); goto leave; Modified: trunk/g10/pkclist.c =================================================================== --- trunk/g10/pkclist.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/pkclist.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -527,7 +527,7 @@ goto leave; } - if(pk->maybe_revoked && !pk->is_revoked) + if(pk->flags.maybe_revoked && !pk->flags.revoked) log_info(_("WARNING: this key might be revoked (revocation key" " not present)\n")); @@ -536,7 +536,7 @@ if ( (trustlevel & TRUST_FLAG_REVOKED) ) { write_status( STATUS_KEYREVOKED ); - if(pk->is_revoked==2) + if(pk->flags.revoked == 2) log_info(_("WARNING: This key has been revoked by its" " designated revoker!\n")); else @@ -1491,7 +1491,7 @@ if (pkr->pk->user_id) /* selected by user ID */ mdc = pkr->pk->user_id->flags.mdc; else - mdc = pkr->pk->mdc_feature; + mdc = pkr->pk->flags.mdc; if (!mdc) return 0; /* At least one recipient does not support it. */ } @@ -1512,7 +1512,7 @@ if (pkr->pk->user_id) /* selected by user ID */ mdc = pkr->pk->user_id->flags.mdc; else - mdc = pkr->pk->mdc_feature; + mdc = pkr->pk->flags.mdc; if (!mdc) log_info (_("Note: key %s has no %s feature\n"), keystr_from_pk (pkr->pk), "MDC"); Modified: trunk/g10/pubkey-enc.c =================================================================== --- trunk/g10/pubkey-enc.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/pubkey-enc.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -313,7 +313,7 @@ } } - if (pk && pk->is_revoked) + if (pk && pk->flags.revoked) { log_info (_("NOTE: key has been revoked")); log_printf ("\n"); Modified: trunk/g10/seckey-cert.c =================================================================== --- trunk/g10/seckey-cert.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/seckey-cert.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -76,10 +76,11 @@ } keyid_from_sk( sk, keyid ); keyid[2] = keyid[3] = 0; - if( !sk->is_primary ) { + if (!sk->flags.primary) + { keyid[2] = sk->main_keyid[0]; keyid[3] = sk->main_keyid[1]; - } + } dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo, &sk->protect.s2k, mode, tryagain_text, canceled ); @@ -269,6 +270,7 @@ int is_secret_key_protected (PKT_public_key *pk) { +#warning do we need this return 0; /* FIXME: use agent_get_keyinfo?*/ /* return sk->is_protected? */ /* sk->protect.s2k.mode == 1002? -2 : */ Modified: trunk/g10/sig-check.c =================================================================== --- trunk/g10/sig-check.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/sig-check.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -82,7 +82,7 @@ } else if( get_pubkey( pk, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; - else if(!pk->is_valid && !pk->is_primary) + else if(!pk->flags.valid && !pk->flags.primary) rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an invalid subkey */ else @@ -98,9 +98,9 @@ them as their own. The attacker couldn't actually use the subkey, but they could try and claim ownership of any signaures issued by it. */ - if(rc==0 && !pk->is_primary && pk->backsig<2) + if(rc==0 && !pk->flags.primary && pk->flags.backsig < 2) { - if(pk->backsig==0) + if (!pk->flags.backsig) { log_info(_("WARNING: signing subkey %s is not" " cross-certified\n"),keystr_from_pk(pk)); @@ -112,7 +112,7 @@ if(opt.flags.require_cross_cert) rc=G10ERR_GENERAL; } - else if(pk->backsig==1) + else if(pk->flags.backsig == 1) { log_info(_("WARNING: signing subkey %s has an invalid" " cross-certification\n"),keystr_from_pk(pk)); @@ -246,7 +246,7 @@ *r_expired = 1; } - if (pk->is_revoked) + if (pk->flags.revoked) { if (opt.verbose) log_info (_("NOTE: signature key %s has been revoked\n"), @@ -412,13 +412,12 @@ assert(IS_KEY_REV(sig)); assert((sig->keyid[0]!=pk->keyid[0]) || (sig->keyid[0]!=pk->keyid[1])); - if(busy) + if (busy) { - /* return an error (i.e. not revoked), but mark the pk as + /* Return an error (i.e. not revoked), but mark the pk as uncacheable as we don't really know its revocation status - until it is checked directly. */ - - pk->dont_cache=1; + until it is checked directly. */ + pk->flags.dont_cache = 1; return rc; } Modified: trunk/g10/sign.c =================================================================== --- trunk/g10/sign.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/sign.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -360,7 +360,49 @@ } +/* Return true if the key seems to be on a version 1 OpenPGP card. + This works by asking the agent and may fail if the card has not yet + been used with the agent. */ +static int +openpgp_card_v1_p (PKT_public_key *pk) +{ + gpg_error_t err; + int result; + /* Shortcut if we are not using RSA: The v1 cards only support RSA + thus there is no point in looking any further. */ + if (!is_RSA (pk->pubkey_algo)) + return 0; + + if (!pk->flags.serialno_valid) + { + char *hexgrip; + + err = hexkeygrip_from_pk (pk, &hexgrip); + if (err) + { + log_error ("error computing a keygrip: %s\n", gpg_strerror (err)); + return 0; /* Ooops. */ + } + + xfree (pk->serialno); + agent_get_keyinfo (NULL, hexgrip, &pk->serialno); + xfree (hexgrip); + pk->flags.serialno_valid = 1; + } + + if (!pk->serialno) + result = 0; /* Error from a past agent_get_keyinfo or no card. */ + else + { + /* The version number of the card is included in the serialno. */ + result = !strncmp (pk->serialno, "D2760001240101", 14); + } + return result; +} + + + static int match_dsa_hash (unsigned int qbytes) { @@ -440,10 +482,7 @@ return match_dsa_hash(qbytes); } - else if (0 - /* FIXME: call agent sk->is_protected && sk->protect.s2k.mode == 1002 - && sk->protect.ivlen == 16 - && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01\x01", 7)*/) + else if (openpgp_card_v1_p (pk)) { /* The sk lives on a smartcard, and old smartcards only handle SHA-1 and RIPEMD/160. Newer smartcards (v2.0) don't have @@ -851,7 +890,7 @@ gcry_md_start_debug (mfx.md, "sign"); /* If we're encrypting and signing, it is reasonable to pick the - hash algorithm to use out of the recepient key prefs. This is + hash algorithm to use out of the recipient key prefs. This is best effort only, as in a DSA2 and smartcard world there are cases where we cannot please everyone with a single hash (DSA2 wants >160 and smartcards want =160). In the future this could Modified: trunk/g10/trustdb.c =================================================================== --- trunk/g10/trustdb.c 2010-10-20 06:51:11 UTC (rev 5460) +++ trunk/g10/trustdb.c 2010-10-20 11:33:50 UTC (rev 5461) @@ -520,7 +520,7 @@ { if(!key && !uid) return _("10 translator see trustdb.c:uid_trust_string_fixed"); - else if(uid->is_revoked || (key && key->is_revoked)) + else if(uid->is_revoked || (key && key->flags.revoked)) return _("[ revoked]"); else if(uid->is_expired) return _("[ expired]"); @@ -994,16 +994,17 @@ ********* Query trustdb values ************** ***********************************************/ -/* Return true if key is disabled */ +/* Return true if key is disabled. Note that this is usually used via + the pk_is_disabled macro. */ int -cache_disabled_value(PKT_public_key *pk) +cache_disabled_value (PKT_public_key *pk) { int rc; TRUSTREC trec; - int disabled=0; + int disabled = 0; - if(pk->is_disabled) - return (pk->is_disabled==2); + if (pk->flags.disabled_valid) + return pk->flags.disabled; init_trustdb(); @@ -1016,15 +1017,13 @@ if (rc == -1) /* no record found, so assume not disabled */ goto leave; - if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) - disabled=1; + if (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) + disabled = 1; /* Cache it for later so we don't need to look at the trustdb every time */ - if(disabled) - pk->is_disabled=2; - else - pk->is_disabled=1; + pk->flags.disabled = disabled; + pk->flags.disabled_valid = 1; leave: return disabled; @@ -1151,16 +1150,17 @@ if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) ) { validity |= TRUST_FLAG_DISABLED; - pk->is_disabled=2; + pk->flags.disabled = 1; } else - pk->is_disabled=1; + pk->flags.disabled = 0; + pk->flags.disabled_valid = 1; leave: /* set some flags direct from the key */ - if (main_pk->is_revoked) + if (main_pk->flags.revoked) validity |= TRUST_FLAG_REVOKED; - if (main_pk != pk && pk->is_revoked) + if (main_pk != pk && pk->flags.revoked) validity |= TRUST_FLAG_SUB_REVOKED; /* Note: expiration is a trust value and not a flag - don't know why * I initially designed it that way */ @@ -2145,7 +2145,7 @@ merge_keys_and_selfsig (keyblock); clear_kbnode_flags (keyblock); pk = keyblock->pkt->pkt.public_key; - if (pk->has_expired || pk->is_revoked) + if (pk->has_expired || pk->flags.revoked) { /* it does not make sense to look further at those keys */ mark_keyblock_seen (full_trust, keyblock); @@ -2355,7 +2355,7 @@ { k->ownertrust = ask_ownertrust (k->kid,min); - if (k->ownertrust == -1) + if (k->ownertrust == (unsigned int)(-1)) { quit=1; goto leave; From cvs at cvs.gnupg.org Wed Oct 20 17:06:17 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 20 Oct 2010 17:06:17 +0200 Subject: [svn] gpg-error - r251 - in trunk: . src Message-ID: Author: wk Date: 2010-10-20 17:06:15 +0200 (Wed, 20 Oct 2010) New Revision: 251 Added: trunk/potomo Modified: trunk/ChangeLog trunk/Makefile.am trunk/NEWS trunk/src/err-codes.h.in trunk/src/gpg-error.c trunk/src/init.c Log: Fix for W32CE. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-09-16 18:44:32 UTC (rev 250) +++ trunk/ChangeLog 2010-10-20 15:06:15 UTC (rev 251) @@ -1,3 +1,15 @@ +2010-10-20 Werner Koch + + * potomo: New. Copied from GnuPG. + * Makefile.am (install-data-hook) [W32]: New. + + * src/init.c (get_locale_dir): Strip the "bin" part. + * src/gpg-error.c (get_locale_dir): Ditto. + +2010-09-30 Werner Koch + + * src/err-codes.h.in: Add GPG_ERR_FULLY_CANCELED. + 2010-09-16 Werner Koch * src/w32-gettext.c (module_init): Do not set a constructur if not Modified: trunk/Makefile.am =================================================================== --- trunk/Makefile.am 2010-09-16 18:44:32 UTC (rev 250) +++ trunk/Makefile.am 2010-10-20 15:06:15 UTC (rev 251) @@ -20,7 +20,8 @@ ACLOCAL_AMFLAGS = -I m4 AUTOMAKE_OPTIONS = dist-bzip2 -EXTRA_DIST = autogen.sh config.rpath libgpg-error.spec.in COPYING COPYING.LIB +EXTRA_DIST = autogen.sh config.rpath libgpg-error.spec.in COPYING COPYING.LIB \ + potomo if LANGUAGES_SOME lang_subdirs = lang @@ -36,6 +37,18 @@ $(top_srcdir)/libgpg-error.spec.in > $(distdir)/libgpg-error.spec @set -e; echo "$(VERSION)" > $(distdir)/VERSION +if HAVE_W32_SYSTEM +install-data-hook: + set -e; \ + for i in $$($(top_srcdir)/potomo --get-linguas $(top_srcdir)/po); do \ + $(MKDIR_P) "$(DESTDIR)$(localedir)/$$i/LC_MESSAGES" || true; \ + rm -f "$(DESTDIR)$(localedir)/$$i/LC_MESSAGES/libgpg-error.mo" \ + 2>/dev/null || true; \ + $(top_srcdir)/potomo $(top_srcdir)/po/$$i.po \ + "$(DESTDIR)$(localedir)/$$i/LC_MESSAGES/libgpg-error.mo" ; \ + done +endif + stowinstall: $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/libgpg-error Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-09-16 18:44:32 UTC (rev 250) +++ trunk/NEWS 2010-10-20 15:06:15 UTC (rev 251) @@ -7,6 +7,7 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPG_ERR_NOT_INITIALIZED NEW. GPG_ERR_MISSING_ISSUER_CERT NEW. + GPG_ERR_FULLY_CANCELED NEW. Noteworthy changes in version 1.9 (2010-07-21) Added: trunk/potomo =================================================================== --- trunk/potomo (rev 0) +++ trunk/potomo 2010-10-20 15:06:15 UTC (rev 251) @@ -0,0 +1,64 @@ +#!/bin/sh +# potomo - Convert a .po file to an utf-8 encoded .mo file. +# Copyright 2008 g10 Code GmbH +# Copyright 2010 Free Software Foundation, Inc. +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This script is used to create the mo files for applications using +# the simple gettext implementation provided by libgpg-error. That +# gettext can only cope with utf-8 encoded mo files; thus we make this +# sure while creating the mo. A conversion is not done if the source +# file does not exist or if it is not newer than the mo file. + +if [ "$1" = "--get-linguas" -a $# -eq 2 ]; then + if [ ! -f "$2/LINGUAS" ]; then + echo "potomo: directory '$2' has no LINGUAS file" >&2 + exit 1 + fi + echo $(sed -e "/^#/d" -e "s/#.*//" "$2"/LINGUAS) + exit 0 +fi + +if [ $# -ne 2 ]; then + echo "usage: potomo INFILE.PO OUTFILE.MO" >&2 + echo " potomo --get-linguas DIR" >&2 + exit 1 +fi +infile="$1" +outfile="$2" + +if [ ! -f "$infile" ]; then + echo "potomo: '$infile' not found - ignored" 2>&1 + exit 0 +fi + +if [ "$outfile" -nt "$infile" ]; then + echo "potomo: '$outfile' is newer than source - keeping" 2>&1 + exit 0 +fi + +# Note that we could use the newer msgconv. However this tool was not +# widely available back in 2008. + +fromset=`sed -n '/^"Content-Type:/ s/.*charset=\([a-zA-Z0-9_-]*\).*/\1/p' \ + "$infile"` + +case "$fromset" in + utf8|utf-8|UTF8|UTF-8) + echo "potomo: '$infile' keeping $fromset" >&2 + msgfmt --output-file="$outfile" "$infile" + ;; + *) + echo "potomo: '$infile' converting from $fromset to utf-8" >&2 + iconv --silent --from-code=$fromset --to-code=utf-8 < "$infile" |\ + sed "/^\"Content-Type:/ s/charset=[a-zA-Z0-9_-]*/charset=utf-8/"|\ + msgfmt --output-file="$outfile" - + ;; +esac Property changes on: trunk/potomo ___________________________________________________________________ Added: svn:executable + * Modified: trunk/src/err-codes.h.in =================================================================== --- trunk/src/err-codes.h.in 2010-09-16 18:44:32 UTC (rev 250) +++ trunk/src/err-codes.h.in 2010-10-20 15:06:15 UTC (rev 251) @@ -215,8 +215,9 @@ 183 GPG_ERR_LIMIT_REACHED Limit reached 184 GPG_ERR_NOT_INITIALIZED Not initialized 185 GPG_ERR_MISSING_ISSUER_CERT Missing issuer certificate -# 186 to 198 are free to be used. +# 186 to 197 are free to be used. +198 GPG_ERR_FULLY_CANCELED Operation fully cancelled 199 GPG_ERR_UNFINISHED Operation not yet finished 200 GPG_ERR_BUFFER_TOO_SHORT Buffer too short Modified: trunk/src/gpg-error.c =================================================================== --- trunk/src/gpg-error.c 2010-09-16 18:44:32 UTC (rev 250) +++ trunk/src/gpg-error.c 2010-10-20 15:06:15 UTC (rev 251) @@ -131,6 +131,12 @@ p = strrchr (result, '\\'); if (p) *p = 0; + /* If we are installed below "bin" strip that part and + use the top directory instead. */ + p = strrchr (result, '\\'); + if (p && !strcmp (p+1, "bin")) + *p = 0; + /* Append the static part. */ strcat (result, SLDIR); } } Modified: trunk/src/init.c =================================================================== --- trunk/src/init.c 2010-09-16 18:44:32 UTC (rev 250) +++ trunk/src/init.c 2010-10-20 15:06:15 UTC (rev 251) @@ -235,6 +235,27 @@ p = strrchr (result, '\\'); if (p) *p = 0; + /* If we are installed below "bin" strip that part and + use the top directory instead. + + Background: Under Windows we don't install GnuPG + below bin/ but in the top directory with only share/, + lib/, and etc/ below it. One of the reasons is to + keep the the length of the filenames at bay so not to + increase the limited length of the PATH envvar. + Another and more important reason, however, is that + the very first GPG versions on W32 were installed + into a flat directory structure and for best + compatibility with these versions we didn't changed + that later. For WindowsCE we can right away install + it under bin, though. The hack with detection of the + bin directory part allows us to eventually migrate to + such a directory layout under plain Windows without + the need to change libgpg-error. */ + p = strrchr (result, '\\'); + if (p && !strcmp (p+1, "bin")) + *p = 0; + /* Append the static part. */ strcat (result, SLDIR); } } From cvs at cvs.gnupg.org Wed Oct 20 17:06:51 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 20 Oct 2010 17:06:51 +0200 Subject: [svn] GnuPG - r5462 - in trunk: common g10 tools Message-ID: Author: wk Date: 2010-10-20 17:06:50 +0200 (Wed, 20 Oct 2010) New Revision: 5462 Modified: trunk/common/ChangeLog trunk/common/i18n.c trunk/g10/ChangeLog trunk/g10/verify.c trunk/tools/gpgconf.c Log: Enable i18n for W32. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-10-20 11:33:50 UTC (rev 5461) +++ trunk/common/ChangeLog 2010-10-20 15:06:50 UTC (rev 5462) @@ -1,3 +1,7 @@ +2010-10-20 Werner Koch + + * i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Call textdomain. + 2010-10-14 Werner Koch * asshelp.c (start_new_gpg_agent): Print a notice once the agent Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-20 11:33:50 UTC (rev 5461) +++ trunk/g10/ChangeLog 2010-10-20 15:06:50 UTC (rev 5462) @@ -1,5 +1,8 @@ 2010-10-20 Werner Koch + * verify.c (verify_signatures): Use gpg_strerror on open failure + for consistency of error messages. + * packet.h (PKT_public_key): s/mdc_feature/flags.mdc/. Change all users. (PKT_public_key): Split is_disabled into flags.disabled_valid and Modified: trunk/common/i18n.c =================================================================== --- trunk/common/i18n.c 2010-10-20 11:33:50 UTC (rev 5461) +++ trunk/common/i18n.c 2010-10-20 15:06:50 UTC (rev 5462) @@ -34,6 +34,7 @@ { #ifdef USE_SIMPLE_GETTEXT bindtextdomain (PACKAGE_GT, gnupg_localedir ()); + textdomain (PACKAGE_GT); #else # ifdef ENABLE_NLS setlocale (LC_ALL, "" ); Modified: trunk/g10/verify.c =================================================================== --- trunk/g10/verify.c 2010-10-20 11:33:50 UTC (rev 5461) +++ trunk/g10/verify.c 2010-10-20 15:06:50 UTC (rev 5462) @@ -96,7 +96,7 @@ if( !fp ) { rc = gpg_error_from_syserror (); log_error(_("can't open `%s': %s\n"), - print_fname_stdin(sigfile), strerror (errno)); + print_fname_stdin(sigfile), gpg_strerror (rc)); goto leave; } handle_progress (pfx, fp, sigfile); Modified: trunk/tools/gpgconf.c =================================================================== --- trunk/tools/gpgconf.c 2010-10-20 11:33:50 UTC (rev 5461) +++ trunk/tools/gpgconf.c 2010-10-20 15:06:50 UTC (rev 5462) @@ -189,6 +189,9 @@ if (log_get_errorcount (0)) exit (2); + + fprintf (stderr, "My error: %d (%s)\n", GPG_ERR_ENOENT, + gpg_strerror (GPG_ERR_ENOENT)); fname = argc ? *argv : NULL; From cvs at cvs.gnupg.org Wed Oct 20 17:25:33 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 20 Oct 2010 17:25:33 +0200 Subject: [svn] gpg-error - r252 - trunk/src Message-ID: Author: wk Date: 2010-10-20 17:25:33 +0200 (Wed, 20 Oct 2010) New Revision: 252 Modified: trunk/src/init.c Log: Add comment. Modified: trunk/src/init.c =================================================================== --- trunk/src/init.c 2010-10-20 15:06:15 UTC (rev 251) +++ trunk/src/init.c 2010-10-20 15:25:33 UTC (rev 252) @@ -330,6 +330,10 @@ if (err == -1) err = _gpg_w32ce_get_errno (); + + /* Note: On a German HTC Touch Pro2 device I also tried + LOCALE_USER_DEFAULT and LOCALE_SYSTEM_DEFAULT - both returned + English messages. */ if (FormatMessageW (FORMAT_MESSAGE_FROM_SYSTEM, NULL, err, MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), tmpbuf, STRBUFFER_SIZE -1, From cvs at cvs.gnupg.org Thu Oct 21 10:23:31 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 21 Oct 2010 10:23:31 +0200 Subject: [svn] GnuPG - r5463 - in trunk: dirmngr po Message-ID: Author: wk Date: 2010-10-21 10:23:29 +0200 (Thu, 21 Oct 2010) New Revision: 5463 Modified: trunk/dirmngr/ChangeLog trunk/dirmngr/dirmngr.c trunk/dirmngr/ldap-wrapper.c trunk/po/ChangeLog trunk/po/POTFILES.in trunk/po/de.po Log: Translate dirmngr strings Modified: trunk/dirmngr/ChangeLog =================================================================== --- trunk/dirmngr/ChangeLog 2010-10-20 15:06:50 UTC (rev 5462) +++ trunk/dirmngr/ChangeLog 2010-10-21 08:23:29 UTC (rev 5463) @@ -1,3 +1,7 @@ +2010-10-21 Werner Koch + + * dirmngr.c (main): Changed faked system time warning + 2010-10-15 Werner Koch * Makefile.am (CLEANFILES): Add no-libgcrypt.c. Modified: trunk/po/ChangeLog =================================================================== --- trunk/po/ChangeLog 2010-10-20 15:06:50 UTC (rev 5462) +++ trunk/po/ChangeLog 2010-10-21 08:23:29 UTC (rev 5463) @@ -1,3 +1,8 @@ +2010-10-21 Werner Koch + + * POTFILES.in: Add files in dirmngr/. + * de.po: Translate the dirmngr strings. + 2010-10-18 Werner Koch * de.po: Update. Modified: trunk/dirmngr/dirmngr.c =================================================================== --- trunk/dirmngr/dirmngr.c 2010-10-20 15:06:50 UTC (rev 5462) +++ trunk/dirmngr/dirmngr.c 2010-10-21 08:23:29 UTC (rev 5463) @@ -860,9 +860,10 @@ if (gnupg_faked_time_p ()) { - gnupg_isotime_t tbuf; + log_info (_("WARNING: running with faked system time: ")); gnupg_get_isotime (tbuf); - log_info (_("WARNING: running with faked system time %s\n"), tbuf); + dump_isotime (tbuf); + log_printf ("\n"); } set_debug (); @@ -1013,7 +1014,7 @@ pid = pth_fork (); if (pid == (pid_t)-1) { - log_fatal (_("fork failed: %s\n"), strerror (errno) ); + log_fatal (_("error forking process: %s\n"), strerror (errno)); dirmngr_exit (1); } @@ -1070,7 +1071,7 @@ } if (setsid() == -1) { - log_error (_("setsid() failed: %s\n"), strerror(errno) ); + log_error ("setsid() failed: %s\n", strerror(errno) ); dirmngr_exit (1); } @@ -1080,7 +1081,7 @@ if (chdir("/")) { - log_error (_("chdir to / failed: %s\n"), strerror (errno)); + log_error ("chdir to / failed: %s\n", strerror (errno)); dirmngr_exit (1); } } Modified: trunk/dirmngr/ldap-wrapper.c =================================================================== --- trunk/dirmngr/ldap-wrapper.c 2010-10-20 15:06:50 UTC (rev 5462) +++ trunk/dirmngr/ldap-wrapper.c 2010-10-21 08:23:29 UTC (rev 5463) @@ -670,7 +670,7 @@ } if (err) { - log_error (_("error creating pipe: %s\n"), gpg_strerror (err)); + log_error (_("error creating a pipe: %s\n"), gpg_strerror (err)); xfree (arg_list); xfree (ctx); return err; Modified: trunk/po/POTFILES.in =================================================================== --- trunk/po/POTFILES.in 2010-10-20 15:06:50 UTC (rev 5462) +++ trunk/po/POTFILES.in 2010-10-21 08:23:29 UTC (rev 5463) @@ -104,6 +104,21 @@ sm/sign.c sm/verify.c +dirmngr/certcache.c +dirmngr/crlcache.c +dirmngr/crlfetch.c +dirmngr/dirmngr-client.c +dirmngr/dirmngr.c +dirmngr/dirmngr_ldap.c +dirmngr/ldap-wrapper-ce.c +dirmngr/ldap-wrapper.c +dirmngr/ldap.c +dirmngr/ldapserver.c +dirmngr/misc.c +dirmngr/ocsp.c +dirmngr/server.c +dirmngr/validate.c + tools/gpg-connect-agent.c tools/gpgconf-comp.c tools/gpgconf.c Modified: trunk/po/de.po [not shown] From cvs at cvs.gnupg.org Thu Oct 21 10:52:24 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 21 Oct 2010 10:52:24 +0200 Subject: [svn] GnuPG - r5464 - trunk/dirmngr Message-ID: Author: wk Date: 2010-10-21 10:52:23 +0200 (Thu, 21 Oct 2010) New Revision: 5464 Modified: trunk/dirmngr/dirmngr.c Log: Fix last commit Modified: trunk/dirmngr/dirmngr.c =================================================================== --- trunk/dirmngr/dirmngr.c 2010-10-21 08:23:29 UTC (rev 5463) +++ trunk/dirmngr/dirmngr.c 2010-10-21 08:52:23 UTC (rev 5464) @@ -860,6 +860,8 @@ if (gnupg_faked_time_p ()) { + gnupg_isotime_t tbuf; + log_info (_("WARNING: running with faked system time: ")); gnupg_get_isotime (tbuf); dump_isotime (tbuf); From cvs at cvs.gnupg.org Thu Oct 21 12:25:04 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 21 Oct 2010 12:25:04 +0200 Subject: [svn] GnuPG - r5465 - trunk/g10 Message-ID: Author: wk Date: 2010-10-21 12:25:03 +0200 (Thu, 21 Oct 2010) New Revision: 5465 Modified: trunk/g10/ChangeLog trunk/g10/Makefile.am trunk/g10/decrypt.c trunk/g10/packet.h trunk/g10/revoke.c trunk/g10/seckey-cert.c Log: Remove cruft. Make --gen-revoke work Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-21 08:52:23 UTC (rev 5464) +++ trunk/g10/ChangeLog 2010-10-21 10:25:03 UTC (rev 5465) @@ -1,3 +1,10 @@ +2010-10-21 Werner Koch + + * seckey-cert.c: Remove. + * Makefile.am (gpg2_SOURCES): Remove seckey-cert.c + + * revoke.c (gen_revoke): Check that the secret key is available. + 2010-10-20 Werner Koch * verify.c (verify_signatures): Use gpg_strerror on open failure Modified: trunk/g10/Makefile.am =================================================================== --- trunk/g10/Makefile.am 2010-10-21 08:52:23 UTC (rev 5464) +++ trunk/g10/Makefile.am 2010-10-21 10:25:03 UTC (rev 5465) @@ -81,7 +81,6 @@ skclist.c \ pubkey-enc.c \ passphrase.c \ - seckey-cert.c \ decrypt.c \ decrypt-data.c \ cipher.c \ Modified: trunk/g10/decrypt.c =================================================================== --- trunk/g10/decrypt.c 2010-10-21 08:52:23 UTC (rev 5464) +++ trunk/g10/decrypt.c 2010-10-21 10:25:03 UTC (rev 5465) @@ -132,7 +132,7 @@ } #ifdef HAVE_W32CE_SYSTEM -#warning Need to fix this +#warning Need to fix this if we want to use g13 opt.outfp = NULL; #else opt.outfp = fdopen (dup (output_fd), "wb"); Modified: trunk/g10/packet.h =================================================================== --- trunk/g10/packet.h 2010-10-21 08:52:23 UTC (rev 5464) +++ trunk/g10/packet.h 2010-10-21 10:25:03 UTC (rev 5465) @@ -481,8 +481,6 @@ int signature_check2( PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, int *r_expired, int *r_revoked, PKT_public_key *ret_pk ); -/*-- seckey-cert.c --*/ -int is_secret_key_protected (PKT_public_key *pk); /*-- pubkey-enc.c --*/ gpg_error_t get_session_key (PKT_pubkey_enc *k, DEK *dek); Modified: trunk/g10/revoke.c =================================================================== --- trunk/g10/revoke.c 2010-10-21 08:52:23 UTC (rev 5464) +++ trunk/g10/revoke.c 2010-10-21 10:25:03 UTC (rev 5465) @@ -36,8 +36,8 @@ #include "ttyio.h" #include "status.h" #include "i18n.h" +#include "call-agent.h" - struct revocation_reason_info { int code; char *desc; @@ -462,7 +462,6 @@ init_packet( &pkt ); /* Search the userid; we don't want the whole getkey stuff here. */ - log_debug ("FIXME: This needs to be adjusted for public key based lookups\n"); kdbhd = keydb_new (); rc = classify_user_id (uname, &desc); if (!rc) @@ -475,24 +474,29 @@ } rc = keydb_get_keyblock (kdbhd, &keyblock ); - if( rc ) { - log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) ); - goto leave; - } + if (rc) + { + log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) ); + goto leave; + } /* Get the keyid from the keyblock. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); if (!node) BUG (); - /* fixme: should make a function out of this stuff, - * it's used all over the source */ psk = node->pkt->pkt.public_key; + rc = agent_probe_secret_key (NULL, psk); + if (rc) + { + log_error (_("secret key \"%s\" not found: %s\n"), + uname, gpg_strerror (rc)); + goto leave; + } + keyid_from_pk (psk, keyid ); print_seckey_info (psk); -#warning add code to check that the secret key is available - tty_printf("\n"); if (!cpr_get_answer_is_yes ("gen_revoke.okay", _("Create a revocation certificate for this key? (y/N) "))) Modified: trunk/g10/seckey-cert.c =================================================================== --- trunk/g10/seckey-cert.c 2010-10-21 08:52:23 UTC (rev 5464) +++ trunk/g10/seckey-cert.c 2010-10-21 10:25:03 UTC (rev 5465) @@ -1,4 +1,4 @@ -/* seckey-cert.c - secret key certificate packet handling +/* seckey-cert.c - Not anymore used * Copyright (C) 1998, 1999, 2000, 2001, 2002, * 2006, 2009 Free Software Foundation, Inc. * @@ -18,6 +18,8 @@ * along with this program; if not, see . */ +#error Not anymore used - only kept for reference in the repository. + #include #include #include @@ -35,10 +37,9 @@ #include "status.h" #include "pkglue.h" -#if 0 /* Not anymore used - kept for reference. */ static int -do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, - int *canceled ) +xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, + int *canceled ) { gpg_error_t err; byte *buffer; @@ -258,21 +259,6 @@ return 0; } -#endif /*0*/ -/**************** - * check whether the secret key is protected. - * Returns: 0 not protected, -1 on error or the protection algorithm - * -2 indicates a card stub. - * -3 indicates a not-online stub. - */ -int -is_secret_key_protected (PKT_public_key *pk) -{ -#warning do we need this - return 0; /* FIXME: use agent_get_keyinfo?*/ - /* return sk->is_protected? */ - /* sk->protect.s2k.mode == 1002? -2 : */ - /* sk->protect.s2k.mode == 1001? -3 : sk->protect.algo : 0; */ -} + From cvs at cvs.gnupg.org Fri Oct 22 09:35:30 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 22 Oct 2010 09:35:30 +0200 Subject: [svn] GnuPG - r5466 - branches/STABLE-BRANCH-1-4/mpi Message-ID: Author: wk Date: 2010-10-22 09:35:30 +0200 (Fri, 22 Oct 2010) New Revision: 5466 Modified: branches/STABLE-BRANCH-1-4/mpi/ChangeLog branches/STABLE-BRANCH-1-4/mpi/longlong.h Log: mips fixes Modified: branches/STABLE-BRANCH-1-4/mpi/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/mpi/ChangeLog 2010-10-21 10:25:03 UTC (rev 5465) +++ branches/STABLE-BRANCH-1-4/mpi/ChangeLog 2010-10-22 07:35:30 UTC (rev 5466) @@ -1,3 +1,8 @@ +2010-10-22 Jason Woodward (wk) + + * longlong.h (umul_ppmm) [mips32]: Fix typo. + (umul_ppmm) [mips64]: Don't use =h with gcc >= 4.4. + 2010-06-01 Werner Koch * longlong.h (umul_ppmm) <__mips__>: Add code for gcc 4.4. This Modified: branches/STABLE-BRANCH-1-4/mpi/longlong.h =================================================================== --- branches/STABLE-BRANCH-1-4/mpi/longlong.h 2010-10-21 10:25:03 UTC (rev 5465) +++ branches/STABLE-BRANCH-1-4/mpi/longlong.h 2010-10-22 07:35:30 UTC (rev 5466) @@ -710,7 +710,7 @@ ************** MIPS ***************** ***************************************/ #if defined (__mips__) && W_TYPE_SIZE == 32 -#if __GNUC__ > 4 || ( __GNUC__ == 4 && __GNUC_MINOR >= 4 ) +#if __GNUC__ > 4 || ( __GNUC__ == 4 && __GNUC_MINOR__ >= 4 ) #define umul_ppmm(w1, w0, u, v) \ do { \ UDItype __ll = (UDItype)(u) * (v); \ @@ -727,8 +727,8 @@ #else #define umul_ppmm(w1, w0, u, v) \ __asm__ ("multu %2,%3 \n" \ - "mflo %0 \n" \ - "mfhi %1" \ + "mflo %0 \n" \ + "mfhi %1" \ : "=d" ((USItype)(w0)), \ "=d" ((USItype)(w1)) \ : "d" ((USItype)(u)), \ @@ -742,25 +742,33 @@ ************** MIPS/64 ************** ***************************************/ #if (defined (__mips) && __mips >= 3) && W_TYPE_SIZE == 64 -#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 -#define umul_ppmm(w1, w0, u, v) \ - __asm__ ("dmultu %2,%3" \ - : "=l" ((UDItype)(w0)), \ - "=h" ((UDItype)(w1)) \ - : "d" ((UDItype)(u)), \ - "d" ((UDItype)(v))) -#else -#define umul_ppmm(w1, w0, u, v) \ - __asm__ ("dmultu %2,%3 \n" \ - "mflo %0 \n" \ - "mfhi %1" \ - : "=d" ((UDItype)(w0)), \ - "=d" ((UDItype)(w1)) \ - : "d" ((UDItype)(u)), \ - "d" ((UDItype)(v))) -#endif -#define UMUL_TIME 20 -#define UDIV_TIME 140 +# if __GNUC__ > 4 || ( __GNUC__ == 4 && __GNUC_MINOR__ >= 4 ) +# define umul_ppmm(w1, w0, u, v) \ + do { \ + typedef unsigned int __ll_UTItype __attribute__((mode(TI))); \ + __ll_UTItype __ll = (__ll_UTItype)(u) * (v); \ + w1 = __ll >> 64; \ + w0 = __ll; \ + } while (0) +# elif if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 +# define umul_ppmm(w1, w0, u, v) \ + __asm__ ("dmultu %2,%3" \ + : "=l" ((UDItype)(w0)), \ + "=h" ((UDItype)(w1)) \ + : "d" ((UDItype)(u)), \ + "d" ((UDItype)(v))) +# else +# define umul_ppmm(w1, w0, u, v) \ + __asm__ ("dmultu %2,%3 \n" \ + "mflo %0 \n" \ + "mfhi %1" \ + : "=d" ((UDItype)(w0)), \ + "=d" ((UDItype)(w1)) \ + : "d" ((UDItype)(u)), \ + "d" ((UDItype)(v))) +# endif +# define UMUL_TIME 20 +# define UDIV_TIME 140 #endif /* __mips__ */ From cvs at cvs.gnupg.org Tue Oct 26 11:10:32 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 26 Oct 2010 11:10:32 +0200 Subject: [svn] GnuPG - r5467 - in trunk: agent common g10 po sm Message-ID: Author: wk Date: 2010-10-26 11:10:29 +0200 (Tue, 26 Oct 2010) New Revision: 5467 Modified: trunk/agent/ChangeLog trunk/agent/agent.h trunk/agent/cache.c trunk/agent/command.c trunk/agent/findkey.c trunk/agent/genkey.c trunk/common/ChangeLog trunk/common/logging.c trunk/common/logging.h trunk/g10/ChangeLog trunk/g10/call-agent.c trunk/g10/call-agent.h trunk/g10/gpg.c trunk/g10/keyedit.c trunk/g10/main.h trunk/g10/passphrase.c trunk/po/de.po trunk/sm/server.c Log: Re-implemented GPG's --passwd command and improved it. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/agent/ChangeLog 2010-10-26 09:10:29 UTC (rev 5467) @@ -1,3 +1,20 @@ +2010-10-26 Werner Koch + + * cache.c (agent_put_cache): Allow deletion even if TTL is passwd + as 0. + + * genkey.c (agent_protect_and_store): Add arg PASSPHRASE_ADDR. + * command.c (cmd_passwd): Add option --passwd-nonce. + (struct server_local_s): Add LAST_CACHE_NONCE and LAST_PASSWD_NONCE. + (clear_nonce_cache): New. + (reset_notify): Clear the nonce cache. + (start_command_handler): Ditto. + +2010-10-25 Werner Koch + + * command.c (cmd_export_key): Free CACHE_NONCE. + (cmd_passwd): Add option --cache-nonce. + 2010-10-18 Werner Koch * call-pinentry.c (start_pinentry): Print name of pinentry on Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/common/ChangeLog 2010-10-26 09:10:29 UTC (rev 5467) @@ -1,3 +1,7 @@ +2010-10-25 Werner Koch + + * logging.c (do_log): Rename to log_log and make global. + 2010-10-20 Werner Koch * i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Call textdomain. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/g10/ChangeLog 2010-10-26 09:10:29 UTC (rev 5467) @@ -1,5 +1,24 @@ +2010-10-26 Werner Koch + + * keyedit.c (change_passphrase): Handle the passwd_nonce. + * call-agent.c (cache_nonce_parm_s): New. + (cache_nonce_status_cb): Use that new struct. + (agent_genkey, agent_import_key, agent_export_key, agent_passwd): + Adjust for that change. + +2010-10-25 Werner Koch + + * passphrase.c (gpg_format_keydesc): Fix printing of main keyid. + + * keyedit.c (JNLIB_NEED_LOG_LOGV): Define. + * call-agent.c (agent_passwd): New. + 2010-10-21 Werner Koch + * keyedit.c (keyedit_passwd): Simplify. + (change_passphrase): Return an error code and not the change + flag. Remove editing of the keyring. + * seckey-cert.c: Remove. * Makefile.am (gpg2_SOURCES): Remove seckey-cert.c Modified: trunk/agent/agent.h =================================================================== --- trunk/agent/agent.h 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/agent/agent.h 2010-10-26 09:10:29 UTC (rev 5467) @@ -295,7 +295,8 @@ int agent_genkey (ctrl_t ctrl, const char *cache_nonce, const char *keyparam, size_t keyparmlen, int no_protection, membuf_t *outbuf); -int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); +gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, + char **passphrase_addr); /*-- protect.c --*/ unsigned long get_standard_s2k_count (void); Modified: trunk/agent/cache.c =================================================================== --- trunk/agent/cache.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/agent/cache.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -284,7 +284,7 @@ default: ttl = opt.def_cache_ttl; break; } } - if (!ttl || cache_mode == CACHE_MODE_IGNORE) + if ((!ttl && data) || cache_mode == CACHE_MODE_IGNORE) return 0; for (r=thecache; r; r = r->next) Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/agent/command.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -72,6 +72,8 @@ void *import_key; /* Malloced KEK for the import_key command. */ void *export_key; /* Malloced KEK for the export_key command. */ int allow_fully_canceled; /* Client is aware of GPG_ERR_FULLY_CANCELED. */ + char *last_cache_nonce; /* Last CACHE_NOCNE sent as status (malloced). */ + char *last_passwd_nonce; /* Last PASSWD_NOCNE sent as status (malloced). */ }; @@ -153,6 +155,26 @@ } +static void +clear_nonce_cache (ctrl_t ctrl) +{ + if (ctrl->server_local->last_cache_nonce) + { + agent_put_cache (ctrl->server_local->last_cache_nonce, + CACHE_MODE_NONCE, NULL, 0); + xfree (ctrl->server_local->last_cache_nonce); + ctrl->server_local->last_cache_nonce = NULL; + } + if (ctrl->server_local->last_passwd_nonce) + { + agent_put_cache (ctrl->server_local->last_passwd_nonce, + CACHE_MODE_NONCE, NULL, 0); + xfree (ctrl->server_local->last_passwd_nonce); + ctrl->server_local->last_passwd_nonce = NULL; + } +} + + static gpg_error_t reset_notify (assuan_context_t ctx, char *line) { @@ -166,6 +188,9 @@ xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; + + clear_nonce_cache (ctrl); + return 0; } @@ -1331,44 +1356,135 @@ static const char hlp_passwd[] = - "PASSWD \n" + "PASSWD [--cache-nonce=] [--passwd-nonce=] \n" "\n" "Change the passphrase/PIN for the key identified by keygrip in LINE."; static gpg_error_t cmd_passwd (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); - int rc; + gpg_error_t err; + int c; + char *cache_nonce = NULL; + char *passwd_nonce = NULL; unsigned char grip[20]; gcry_sexp_t s_skey = NULL; unsigned char *shadow_info = NULL; + char *passphrase = NULL; + char *pend; - rc = parse_keygrip (ctx, line, grip); - if (rc) + cache_nonce = option_value (line, "--cache-nonce"); + if (cache_nonce) + { + for (pend = cache_nonce; *pend && !spacep (pend); pend++) + ; + c = *pend; + *pend = '\0'; + cache_nonce = xtrystrdup (cache_nonce); + *pend = c; + if (!cache_nonce) + { + err = gpg_error_from_syserror (); + goto leave; + } + } + + passwd_nonce = option_value (line, "--passwd-nonce"); + if (passwd_nonce) + { + for (pend = passwd_nonce; *pend && !spacep (pend); pend++) + ; + c = *pend; + *pend = '\0'; + passwd_nonce = xtrystrdup (passwd_nonce); + *pend = c; + if (!passwd_nonce) + { + err = gpg_error_from_syserror (); + goto leave; + } + } + + line = skip_options (line); + + err = parse_keygrip (ctx, line, grip); + if (err) goto leave; ctrl->in_passwd++; - rc = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, - grip, &shadow_info, CACHE_MODE_IGNORE, NULL, - &s_skey, NULL); - if (rc) + err = agent_key_from_file (ctrl, cache_nonce, ctrl->server_local->keydesc, + grip, &shadow_info, CACHE_MODE_IGNORE, NULL, + &s_skey, &passphrase); + if (err) ; else if (!s_skey) { log_error ("changing a smartcard PIN is not yet supported\n"); - rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); } else - rc = agent_protect_and_store (ctrl, s_skey); + { + char *newpass = NULL; + + if (passwd_nonce) + newpass = agent_get_cache (passwd_nonce, CACHE_MODE_NONCE); + err = agent_protect_and_store (ctrl, s_skey, &newpass); + if (!err && passphrase) + { + /* A passphrase existed on the old key and the change was + successful. Return a nonce for that old passphrase to + let the caller try to unprotect the other subkeys with + the same key. */ + if (!cache_nonce) + { + char buf[12]; + gcry_create_nonce (buf, 12); + cache_nonce = bin2hex (buf, 12, NULL); + } + if (cache_nonce + && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, + passphrase, 120 /*seconds*/)) + { + assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); + xfree (ctrl->server_local->last_cache_nonce); + ctrl->server_local->last_cache_nonce = cache_nonce; + cache_nonce = NULL; + } + if (newpass) + { + /* If we have a new passphrase (which might be empty) we + store it under a passwd nonce so that the caller may + send that nonce again to use it for another key. */ + if (!passwd_nonce) + { + char buf[12]; + gcry_create_nonce (buf, 12); + passwd_nonce = bin2hex (buf, 12, NULL); + } + if (passwd_nonce + && !agent_put_cache (passwd_nonce, CACHE_MODE_NONCE, + newpass, 120 /*seconds*/)) + { + assuan_write_status (ctx, "PASSWD_NONCE", passwd_nonce); + xfree (ctrl->server_local->last_passwd_nonce); + ctrl->server_local->last_passwd_nonce = passwd_nonce; + passwd_nonce = NULL; + } + } + } + xfree (newpass); + } ctrl->in_passwd--; xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; leave: + xfree (passphrase); gcry_sexp_release (s_skey); xfree (shadow_info); - return leave_cmd (ctx, rc); + xfree (cache_nonce); + return leave_cmd (ctx, err); } @@ -1812,6 +1928,7 @@ leave: + xfree (cache_nonce); xfree (passphrase); xfree (wrappedkey); gcry_cipher_close (cipherhd); @@ -2448,6 +2565,9 @@ } } + /* Reset the nonce caches. */ + clear_nonce_cache (ctrl); + /* Reset the SCD if needed. */ agent_reset_scd (ctrl); Modified: trunk/agent/findkey.c =================================================================== --- trunk/agent/findkey.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/agent/findkey.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -405,7 +405,7 @@ xfree (pi); return rc; } - rc = agent_protect_and_store (ctrl, s_skey); + rc = agent_protect_and_store (ctrl, s_skey, NULL); gcry_sexp_release (s_skey); if (rc) { Modified: trunk/agent/genkey.c =================================================================== --- trunk/agent/genkey.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/agent/genkey.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -468,20 +468,40 @@ -/* Apply a new passphrase to the key S_SKEY and store it. */ -int -agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey) +/* Apply a new passphrase to the key S_SKEY and store it. If + PASSPHRASE_ADDR and *PASSPHRASE_ADDR are not NULL, use that + passphrase. If PASSPHRASE_ADDR is not NULL store a newly entered + passphrase at that address. */ +gpg_error_t +agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, + char **passphrase_addr) { - int rc; - char *passphrase; + gpg_error_t err; - rc = agent_ask_new_passphrase (ctrl, - _("Please enter the new passphrase"), - &passphrase); - if (!rc) + if (passphrase_addr && *passphrase_addr) { - rc = store_key (s_skey, passphrase, 1); - xfree (passphrase); + /* Take an empty string as request not to protect the key. */ + err = store_key (s_skey, **passphrase_addr? *passphrase_addr:NULL, 1); } - return rc; + else + { + char *pass = NULL; + + if (passphrase_addr) + { + xfree (*passphrase_addr); + *passphrase_addr = NULL; + } + err = agent_ask_new_passphrase (ctrl, + _("Please enter the new passphrase"), + &pass); + if (!err) + err = store_key (s_skey, pass, 1); + if (!err && passphrase_addr) + *passphrase_addr = pass; + else + xfree (pass); + } + + return err; } Modified: trunk/common/logging.c =================================================================== --- trunk/common/logging.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/common/logging.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -670,8 +670,8 @@ } -static void -do_log (int level, const char *fmt, ...) +void +log_log (int level, const char *fmt, ...) { va_list arg_ptr ; @@ -812,14 +812,14 @@ void bug_at( const char *file, int line, const char *func ) { - do_log (JNLIB_LOG_BUG, ("... this is a bug (%s:%d:%s)\n"), file, line, func); + log_log (JNLIB_LOG_BUG, ("... this is a bug (%s:%d:%s)\n"), file, line, func); abort (); /* Never called; just to make the compiler happy. */ } #else void bug_at( const char *file, int line ) { - do_log (JNLIB_LOG_BUG, _("you found a bug ... (%s:%d)\n"), file, line); + log_log (JNLIB_LOG_BUG, _("you found a bug ... (%s:%d)\n"), file, line); abort (); /* Never called; just to make the compiler happy. */ } #endif Modified: trunk/common/logging.h =================================================================== --- trunk/common/logging.h 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/common/logging.h 2010-10-26 09:10:29 UTC (rev 5467) @@ -65,6 +65,7 @@ JNLIB_LOG_BUG, JNLIB_LOG_DEBUG }; +void log_log (int level, const char *fmt, ...) JNLIB_GCC_A_PRINTF(2,3); void log_logv (int level, const char *fmt, va_list arg_ptr); void log_string (int level, const char *string); #endif /*JNLIB_NEED_LOG_LOGV*/ Modified: trunk/g10/call-agent.c =================================================================== --- trunk/g10/call-agent.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/g10/call-agent.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -86,6 +86,13 @@ }; +struct cache_nonce_parm_s +{ + char **cache_nonce_addr; + char **passwd_nonce_addr; +}; + + static gpg_error_t learn_status_cb (void *opaque, const char *line); @@ -1470,7 +1477,7 @@ static gpg_error_t cache_nonce_status_cb (void *opaque, const char *line) { - char **cache_nonce = opaque; + struct cache_nonce_parm_s *parm = opaque; const char *keyword = line; int keywordlen; @@ -1481,12 +1488,20 @@ if (keywordlen == 11 && !memcmp (keyword, "CACHE_NONCE", keywordlen)) { - if (cache_nonce) + if (parm->cache_nonce_addr) { - xfree (*cache_nonce); - *cache_nonce = xtrystrdup (line); + xfree (*parm->cache_nonce_addr); + *parm->cache_nonce_addr = xtrystrdup (line); } } + else if (keywordlen == 12 && !memcmp (keyword, "PASSWD_NONCE", keywordlen)) + { + if (parm->passwd_nonce_addr) + { + xfree (*parm->passwd_nonce_addr); + *parm->passwd_nonce_addr = xtrystrdup (line); + } + } return 0; } @@ -1523,6 +1538,7 @@ { gpg_error_t err; struct genkey_parm_s gk_parm; + struct cache_nonce_parm_s cn_parm; membuf_t data; size_t len; unsigned char *buf; @@ -1546,10 +1562,12 @@ no_protection? " --no-protection":"", cache_nonce_addr && *cache_nonce_addr? " ":"", cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:""); + cn_parm.cache_nonce_addr = cache_nonce_addr; + cn_parm.passwd_nonce_addr = NULL; err = assuan_transact (agent_ctx, line, membuf_data_cb, &data, inq_genkey_parms, &gk_parm, - cache_nonce_status_cb, cache_nonce_addr); + cache_nonce_status_cb, &cn_parm); if (err) { xfree (get_membuf (&data, &len)); @@ -1625,7 +1643,7 @@ displayed if the agent needs to ask for the PIN. DIGEST and DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id used to compute the digest. If CACHE_NONCE is used the agent is - advised to firts try a passphrase associated with that nonce. */ + advised to first try a passphrase associated with that nonce. */ gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *keygrip, const char *desc, @@ -1890,6 +1908,7 @@ { gpg_error_t err; struct import_key_parm_s parm; + struct cache_nonce_parm_s cn_parm; char line[ASSUAN_LINELENGTH]; err = start_agent (ctrl, 0); @@ -1914,9 +1933,11 @@ snprintf (line, sizeof line, "IMPORT_KEY%s%s", cache_nonce_addr && *cache_nonce_addr? " ":"", cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:""); + cn_parm.cache_nonce_addr = cache_nonce_addr; + cn_parm.passwd_nonce_addr = NULL; err = assuan_transact (agent_ctx, line, NULL, NULL, inq_import_key_parms, &parm, - cache_nonce_status_cb, cache_nonce_addr); + cache_nonce_status_cb, &cn_parm); return err; } @@ -1932,6 +1953,7 @@ unsigned char **r_result, size_t *r_resultlen) { gpg_error_t err; + struct cache_nonce_parm_s cn_parm; membuf_t data; size_t len; unsigned char *buf; @@ -1958,10 +1980,12 @@ hexkeygrip); init_membuf_secure (&data, 1024); + cn_parm.cache_nonce_addr = cache_nonce_addr; + cn_parm.passwd_nonce_addr = NULL; err = assuan_transact (agent_ctx, line, membuf_data_cb, &data, default_inq_cb, ctrl, - cache_nonce_status_cb, cache_nonce_addr); + cache_nonce_status_cb, &cn_parm); if (err) { xfree (get_membuf (&data, &len)); @@ -1974,3 +1998,49 @@ *r_resultlen = len; return 0; } + + + +/* Ask the agent to change the passphrase of the key identified by + HEXKEYGRIP. If DESC is not NULL, display DESC instead of the + default description message. If CACHE_NONCE_ADDR is not NULL the + agent is advised to first try a passphrase associated with that + nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use + the passphrase associated with that nonce. */ +gpg_error_t +agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, + char **cache_nonce_addr, char **passwd_nonce_addr) +{ + gpg_error_t err; + struct cache_nonce_parm_s cn_parm; + char line[ASSUAN_LINELENGTH]; + + err = start_agent (ctrl, 0); + if (err) + return err; + + if (!hexkeygrip || strlen (hexkeygrip) != 40) + return gpg_error (GPG_ERR_INV_VALUE); + + if (desc) + { + snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc); + err = assuan_transact (agent_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (err) + return err; + } + + snprintf (line, DIM(line)-1, "PASSWD %s%s %s%s %s", + cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"", + cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"", + passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"", + passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"", + hexkeygrip); + cn_parm.cache_nonce_addr = cache_nonce_addr; + cn_parm.passwd_nonce_addr = passwd_nonce_addr; + err = assuan_transact (agent_ctx, line, NULL, NULL, + default_inq_cb, ctrl, + cache_nonce_status_cb, &cn_parm); + return err; +} Modified: trunk/g10/call-agent.h =================================================================== --- trunk/g10/call-agent.h 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/g10/call-agent.h 2010-10-26 09:10:29 UTC (rev 5467) @@ -184,6 +184,9 @@ const char *desc, char **cache_nonce_addr, unsigned char **r_result, size_t *r_resultlen); +/* Change the passphrase of a key. */ +gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, + char **cache_nonce_addr, char **passwd_nonce_addr); + #endif /*GNUPG_G10_CALL_AGENT_H*/ - Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/g10/gpg.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -3657,7 +3657,7 @@ else { username = make_username (fname); - keyedit_passwd (username); + keyedit_passwd (ctrl, username); xfree (username); } break; Modified: trunk/g10/keyedit.c =================================================================== --- trunk/g10/keyedit.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/g10/keyedit.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -30,6 +30,7 @@ # include #endif +#define JNLIB_NEED_LOG_LOGV #include "gpg.h" #include "options.h" #include "packet.h" @@ -1124,44 +1125,63 @@ /* - * Change the passphrase of the primary and all secondary keys. - * We use only one passphrase for all keys. + * Change the passphrase of the primary and all secondary keys. Note + * that it is common to use only one passphrase for the primary and + * all subkeys. However, this is now (since GnuPG 2.1) all up to the + * gpg-agent. Returns 0 on success or an error code. */ -static int -change_passphrase (KBNODE keyblock, int *r_err) +static gpg_error_t +change_passphrase (ctrl_t ctrl, kbnode_t keyblock) { - int rc = 0; - int changed = 0; - KBNODE node; - PKT_public_key *pksk; - char *passphrase = NULL; - int no_primary_secrets = 0; + gpg_error_t err; + kbnode_t node; + PKT_public_key *pk; int any; + u32 keyid[2], subid[2]; + char *hexgrip = NULL; + char *cache_nonce = NULL; + char *passwd_nonce = NULL; node = find_kbnode (keyblock, PKT_PUBLIC_KEY); if (!node) { log_error ("Oops; public key missing!\n"); + err = gpg_error (GPG_ERR_INTERNAL); goto leave; } - pksk = node->pkt->pkt.public_key; + pk = node->pkt->pkt.public_key; + keyid_from_pk (pk, keyid); + /* Check whether it is likely that we will be able to change the + passphrase for any subkey. */ for (any = 0, node = keyblock; node; node = node->next) { if (node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { - log_debug ("FIXME\n"); - /* PKT_public_key *tmpsk = node->pkt->pkt.public_key; */ - /* if (!(tmpsk->is_protected */ - /* && (tmpsk->protect.s2k.mode == 1001 */ - /* || tmpsk->protect.s2k.mode == 1002))) */ - /* { */ - /* any = 1; */ - /* break; */ - /* } */ + char *serialno; + + pk = node->pkt->pkt.public_key; + keyid_from_pk (pk, subid); + + xfree (hexgrip); + err = hexkeygrip_from_pk (pk, &hexgrip); + if (err) + goto leave; + err = agent_get_keyinfo (ctrl, hexgrip, &serialno); + if (!err && serialno) + ; /* Key on card. */ + else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + ; /* Maybe stub key. */ + else if (!err) + any = 1; /* Key is known. */ + else + log_error ("key %s: error getting keyinfo from agent: %s\n", + keystr_with_sub (keyid, subid), gpg_strerror (err)); + xfree (serialno); } } + err = 0; if (!any) { tty_printf (_("Key has only stub or on-card key items - " @@ -1169,162 +1189,43 @@ goto leave; } - log_debug ("FIXME\n"); - /* See how to handle this key. */ - /* switch (is_secret_key_protected (pksk)) */ - /* { */ - /* case -1: */ - /* rc = G10ERR_PUBKEY_ALGO; */ - /* break; */ - /* case 0: */ - /* tty_printf (_("This key is not protected.\n")); */ - /* break; */ - /* default: */ - /* if (sk->protect.s2k.mode == 1001) */ - /* { */ - /* tty_printf (_("Secret parts of key are not available.\n")); */ - /* no_primary_secrets = 1; */ - /* } */ - /* else if (sk->protect.s2k.mode == 1002) */ - /* { */ - /* tty_printf (_("Secret parts of key are stored on-card.\n")); */ - /* no_primary_secrets = 1; */ - /* } */ - /* else */ - /* { */ - /* u32 keyid[2]; */ - - /* tty_printf (_("Key is protected.\n")); */ - - /* /\* Clear the passphrase cache so that the user is required */ - /* to enter the old passphrase. *\/ */ - /* keyid_from_pk (pksk, keyid); */ - /* passphrase_clear_cache (keyid, NULL, 0); */ - - /* /\* rc = check_secret_key( sk, 0 ); *\/ */ - /* /\* if( !rc ) *\/ */ - /* /\* passphrase = get_last_passphrase(); *\/ */ - /* } */ - /* break; */ - /* } */ - - /* Unprotect all subkeys (use the supplied passphrase or ask) */ - for (node = keyblock; !rc && node; node = node->next) + /* Change the passphrase for all keys. */ + for (any = 0, node = keyblock; node; node = node->next) { - if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - { - log_debug ("FIXME\n"); - /* PKT_pubic_key *subsk = node->pkt->pkt.public_key; */ - /* if (!(subsk->is_protected */ - /* && (subsk->protect.s2k.mode == 1001 */ - /* || subsk->protect.s2k.mode == 1002))) */ - /* { */ - /* set_next_passphrase (passphrase); */ - /* /\* rc = check_secret_key( subsk, 0 ); *\/ */ - /* /\* if( !rc && !passphrase ) *\/ */ - /* /\* passphrase = get_last_passphrase(); *\/ */ - /* } */ - } - } + if (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + char *desc; - if (rc) - tty_printf (_("Can't edit this key: %s\n"), g10_errstr (rc)); - else - { - DEK *dek = NULL; - STRING2KEY *s2k = xmalloc_secure (sizeof *s2k); - const char *errtext = NULL; + pk = node->pkt->pkt.public_key; + keyid_from_pk (pk, subid); - tty_printf (_("Enter the new passphrase for this secret key.\n\n")); - - set_next_passphrase (NULL); - for (;;) - { - int canceled; - - s2k->mode = opt.s2k_mode; - s2k->hash_algo = S2K_DIGEST_ALGO; - dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, - s2k, 2, errtext, &canceled); - if (!dek && canceled) - { - rc = GPG_ERR_CANCELED; - break; - } - else if (!dek) - { - errtext = N_("passphrase not correctly repeated; try again"); - tty_printf ("%s.\n", _(errtext)); - } - else if (!dek->keylen) - { - rc = 0; - tty_printf (_("You don't want a passphrase -" - " this is probably a *bad* idea!\n\n")); - if (cpr_get_answer_is_yes - ("change_passwd.empty.okay", - _("Do you really want to do this? (y/N) "))) - { - changed++; - break; - } - } - else - { /* okay */ - rc = 0; - if (!no_primary_secrets) - { - /* sk->protect.algo = dek->algo; */ - /* sk->protect.s2k = *s2k; */ - rc = 0; - /* rc = protect_secret_key( sk, dek ); */ - } - for (node = keyblock; !rc && node; node = node->next) - { - if (node->pkt->pkttype == PKT_SECRET_SUBKEY) - { - log_debug ("FIXME\n"); -/* PKT_secret_key *subsk = node->pkt->pkt.secret_key; */ -/* if (!(subsk->is_protected */ -/* && (subsk->protect.s2k.mode == 1001 */ -/* || subsk->protect.s2k.mode == 1002))) */ -/* { */ -/* subsk->protect.algo = dek->algo; */ -/* subsk->protect.s2k = *s2k; */ -/* #warning fixme */ -/* rc = 0; */ -/* /\* rc = protect_secret_key( subsk, dek ); *\/ */ -/* } */ - } - } - if (rc) - log_error ("protect_secret_key failed: %s\n", - g10_errstr (rc)); - else - { - u32 keyid[2]; - - /* Clear the cahce again so that the user is - required to enter the new passphrase at the - next operation. */ - /* FIXME keyid_from_sk (sk, keyid); */ - passphrase_clear_cache (keyid, NULL, 0); - - changed++; - } - break; - } - } - xfree (s2k); - xfree (dek); + xfree (hexgrip); + err = hexkeygrip_from_pk (pk, &hexgrip); + if (err) + goto leave; + + desc = gpg_format_keydesc (pk, 0, 1); + err = agent_passwd (ctrl, hexgrip, desc, &cache_nonce, &passwd_nonce); + xfree (desc); + + if (err) + log_log ((gpg_err_code (err) == GPG_ERR_CANCELED + || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) + ? JNLIB_LOG_INFO : JNLIB_LOG_ERROR, + _("key %s: error changing passphrase: %s\n"), + keystr_with_sub (keyid, subid), + gpg_strerror (err)); + if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) + break; + } } -leave: - xfree (passphrase); - set_next_passphrase (NULL); - if (r_err) - *r_err = rc; - return changed && !rc; + leave: + xfree (hexgrip); + xfree (cache_nonce); + xfree (passwd_nonce); + return err; } @@ -2184,7 +2085,7 @@ break; case cmdPASSWD: - change_passphrase (keyblock, NULL); + change_passphrase (ctrl, keyblock); break; case cmdTRUST: @@ -2361,13 +2262,10 @@ /* Change the passphrase of the secret key identified by USERNAME. */ void -keyedit_passwd (const char *username) +keyedit_passwd (ctrl_t ctrl, const char *username) { gpg_error_t err; PKT_public_key *pk; - unsigned char fpr[MAX_FINGERPRINT_LEN]; - size_t fprlen; - KEYDB_HANDLE kdh = NULL; kbnode_t keyblock = NULL; pk = xtrycalloc (1, sizeof *pk); @@ -2376,44 +2274,16 @@ err = gpg_error_from_syserror (); goto leave; } - err = getkey_byname (NULL, pk, username, 1, NULL); + err = getkey_byname (NULL, pk, username, 1, &keyblock); if (err) goto leave; - fingerprint_from_pk (pk, fpr, &fprlen); - while (fprlen < MAX_FINGERPRINT_LEN) - fpr[fprlen++] = 0; - /* FIXME: Call an agent function instead. */ + err = change_passphrase (ctrl, keyblock); - kdh = NULL /*keydb_new (1)*/; - if (!kdh) - { - err = gpg_error (GPG_ERR_GENERAL); - goto leave; - } - - err = keydb_search_fpr (kdh, fpr); - if (err == -1 || gpg_err_code (err) == GPG_ERR_EOF) - err = gpg_error (GPG_ERR_NO_SECKEY); - if (err) - goto leave; - - err = keydb_get_keyblock (kdh, &keyblock); - if (err) - goto leave; - - if (!change_passphrase (keyblock, &err)) - goto leave; - - err = keydb_update_keyblock (kdh, keyblock); - if (err) - log_error (_("update secret failed: %s\n"), gpg_strerror (err)); - leave: release_kbnode (keyblock); if (pk) free_public_key (pk); - keydb_release (kdh); if (err) { log_info ("error changing the passphrase for `%s': %s\n", Modified: trunk/g10/main.h =================================================================== --- trunk/g10/main.h 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/g10/main.h 2010-10-26 09:10:29 UTC (rev 5467) @@ -224,7 +224,7 @@ /*-- keyedit.c --*/ void keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, strlist_t commands, int quiet, int seckey_check ); -void keyedit_passwd (const char *username); +void keyedit_passwd (ctrl_t ctrl, const char *username); void show_basic_key_info (KBNODE keyblock); /*-- keygen.c --*/ Modified: trunk/g10/passphrase.c =================================================================== --- trunk/g10/passphrase.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/g10/passphrase.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -675,7 +675,7 @@ } -/* Return an allocated utf-8 string describing the key PK. IF ESCAPED +/* Return an allocated utf-8 string describing the key PK. If ESCAPED is true spaces and control characters are percent or plus escaped. MODE 0 is for the common prompt, MODE 1 for the import prompt. */ char * @@ -696,9 +696,9 @@ orig_codeset = i18n_switchto_utf8 (); - if (pk->main_keyid[2] && pk->main_keyid[3] - && pk->keyid[0] != pk->main_keyid[2] - && pk->keyid[1] != pk->main_keyid[3]) + if (pk->main_keyid[0] && pk->main_keyid[1] + && pk->keyid[0] != pk->main_keyid[0] + && pk->keyid[1] != pk->main_keyid[1]) maink = xtryasprintf (_(" (main key ID %s)"), keystr (pk->main_keyid)); else maink = NULL; Modified: trunk/po/de.po [not shown] Modified: trunk/sm/server.c =================================================================== --- trunk/sm/server.c 2010-10-22 07:35:30 UTC (rev 5466) +++ trunk/sm/server.c 2010-10-26 09:10:29 UTC (rev 5467) @@ -163,7 +163,9 @@ { if (ctrl->server_local->message_fd != -1) { +#ifdef HAVE_W32CE_SYSTEM #warning Is this correct for W32/W32CE? +#endif close (ctrl->server_local->message_fd); ctrl->server_local->message_fd = -1; } From cvs at cvs.gnupg.org Tue Oct 26 11:31:00 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 26 Oct 2010 11:31:00 +0200 Subject: [svn] gpg-error - r253 - in trunk: . po Message-ID: Author: wk Date: 2010-10-26 11:30:58 +0200 (Tue, 26 Oct 2010) New Revision: 253 Modified: trunk/ChangeLog trunk/NEWS trunk/config.guess trunk/config.sub trunk/configure.ac trunk/po/cs.po trunk/po/de.po trunk/po/fr.po trunk/po/it.po trunk/po/libgpg-error.pot trunk/po/nl.po trunk/po/pl.po trunk/po/ro.po trunk/po/sv.po trunk/po/vi.po trunk/po/zh_CN.po Log: Prepare 1.10 Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-20 15:25:33 UTC (rev 252) +++ trunk/ChangeLog 2010-10-26 09:30:58 UTC (rev 253) @@ -1,3 +1,11 @@ +2010-10-26 Werner Koch + + Release 1.10. + + * configure.ac: Set LT version to C8/A8/R0. + * config.guess: Update to version 2010-09-24. + * config.sub: Update to version 2010-09-11. + 2010-10-20 Werner Koch * potomo: New. Copied from GnuPG. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-10-20 15:25:33 UTC (rev 252) +++ trunk/NEWS 2010-10-26 09:30:58 UTC (rev 253) @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.10 +Noteworthy changes in version 1.10 (2010-10-26) ---------------------------------------------- * Using a static library on W32 does now work. Modified: trunk/config.guess =================================================================== --- trunk/config.guess 2010-10-20 15:25:33 UTC (rev 252) +++ trunk/config.guess 2010-10-26 09:30:58 UTC (rev 253) @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 # Free Software Foundation, Inc. -timestamp='2008-01-23' +timestamp='2010-09-24' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ # the same distribution terms that you use for the rest of that program. -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,8 +56,9 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -91,7 +92,7 @@ exit 1 fi -trap 'exit 1' 1 2 15 +trap 'exit 1' HUP INT TERM # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires @@ -105,7 +106,7 @@ set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" HUP INT PIPE TERM ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || @@ -170,7 +171,7 @@ arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep __ELF__ >/dev/null + | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? @@ -324,14 +325,33 @@ case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -532,7 +552,7 @@ echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[456]) + *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -640,7 +660,7 @@ # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep __LP64__ >/dev/null + grep -q __LP64__ then HP_ARCH="hppa2.0w" else @@ -791,12 +811,12 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - *:Interix*:[3456]*) + *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T | authenticamd) + authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) @@ -806,6 +826,9 @@ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we @@ -835,6 +858,20 @@ i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ @@ -857,6 +894,17 @@ frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -866,75 +914,34 @@ m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - mips:Linux:*:*) + mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU - #undef mips - #undef mipsel + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mipsel + CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips + CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; - mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips64 - #undef mips64el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mips64el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips64 - #else - CPU= - #endif - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + padre:Linux:*:*) + echo sparc-unknown-linux-gnu exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -943,9 +950,12 @@ *) echo hppa-unknown-linux-gnu ;; esac exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; @@ -958,6 +968,9 @@ sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-tilera-linux-gnu + exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; @@ -967,69 +980,6 @@ xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^LIBC/{ - s: ::g - p - }'`" - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both @@ -1058,7 +1008,7 @@ i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) @@ -1102,8 +1052,11 @@ pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 @@ -1141,6 +1094,16 @@ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; @@ -1153,7 +1116,7 @@ rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) @@ -1216,6 +1179,9 @@ BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1243,6 +1209,16 @@ *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} @@ -1258,6 +1234,9 @@ *:QNX:*:4*) echo i386-pc-qnx exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; @@ -1324,6 +1303,9 @@ i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 Modified: trunk/config.sub =================================================================== --- trunk/config.sub 2010-10-20 15:25:33 UTC (rev 252) +++ trunk/config.sub 2010-10-26 09:30:58 UTC (rev 253) @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 # Free Software Foundation, Inc. -timestamp='2008-01-16' +timestamp='2010-09-11' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -32,13 +32,16 @@ # Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. @@ -72,8 +75,9 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -120,8 +124,10 @@ # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ - uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -148,10 +154,13 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) + -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; + -bluegene*) + os=-cnk + ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 @@ -249,13 +258,16 @@ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep \ + | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ @@ -268,28 +280,41 @@ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | moxie \ | mt \ | msp430 \ + | nds32 | nds32le | nds32be \ | nios | nios2 \ | ns16k | ns32k \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ + | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ + | tahoe | thumb | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) + | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12) + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none @@ -320,7 +345,7 @@ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ @@ -329,14 +354,17 @@ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ @@ -351,27 +379,30 @@ | mmix-* \ | mt-* \ | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile-* | tilegx-* \ | tron-* \ + | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ - | z8k-*) + | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) @@ -439,6 +470,10 @@ basic_machine=m68k-apollo os=-bsd ;; + aros) + basic_machine=i386-pc + os=-aros + ;; aux) basic_machine=m68k-apple os=-aux @@ -455,10 +490,27 @@ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; c90) basic_machine=c90-cray os=-unicos ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -526,6 +578,10 @@ basic_machine=m88k-motorola os=-sysv3 ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp @@ -699,6 +755,9 @@ basic_machine=ns32k-utek os=-sysv ;; + microblaze) + basic_machine=microblaze-xilinx + ;; mingw32) basic_machine=i386-pc os=-mingw32 @@ -803,6 +862,12 @@ np1) basic_machine=np1-gould ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -1037,18 +1102,11 @@ basic_machine=t90-cray os=-unicos ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff + # This must be matched before tile*. + tilegx*) + basic_machine=tilegx-unknown + os=-linux-gnu ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff - ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; tile*) basic_machine=tile-unknown os=-linux-gnu @@ -1128,6 +1186,10 @@ basic_machine=z8k-unknown os=-sim ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -1166,7 +1228,7 @@ we32k) basic_machine=we32k-att ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) @@ -1216,6 +1278,9 @@ # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; @@ -1236,10 +1301,11 @@ # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ + | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1248,9 +1314,10 @@ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ + | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ + | -mingw32* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ @@ -1258,7 +1325,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1388,6 +1455,11 @@ -zvmoe) os=-zvmoe ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; -none) ;; *) @@ -1428,6 +1500,15 @@ c4x-* | tic4x-*) os=-coff ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 @@ -1585,7 +1666,7 @@ -sunos*) vendor=sun ;; - -aix*) + -cnk*|-aix*) vendor=ibm ;; -beos*) Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-10-20 15:25:33 UTC (rev 252) +++ trunk/configure.ac 2010-10-26 09:30:58 UTC (rev 253) @@ -25,7 +25,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [1.10]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) @@ -38,8 +38,8 @@ # (Interfaces added: AGE++) # (Interfaces removed: AGE=0) # Note that added error codes don't constitute an interface change. -LIBGPG_ERROR_LT_CURRENT=7 -LIBGPG_ERROR_LT_AGE=7 +LIBGPG_ERROR_LT_CURRENT=8 +LIBGPG_ERROR_LT_AGE=8 LIBGPG_ERROR_LT_REVISION=0 AC_SUBST(LIBGPG_ERROR_LT_CURRENT) AC_SUBST(LIBGPG_ERROR_LT_AGE) Modified: trunk/po/cs.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/libgpg-error.pot =================================================================== --- trunk/po/libgpg-error.pot 2010-10-20 15:25:33 UTC (rev 252) +++ trunk/po/libgpg-error.pot 2010-10-26 09:30:58 UTC (rev 253) @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: libgpg-error 1.10-svn249\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"POT-Creation-Date: 2010-09-16 16:34+0200\n" +"POT-Creation-Date: 2010-10-20 16:55+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -845,247 +845,251 @@ msgstr "" #: src/err-codes.h:214 +msgid "Operation fully cancelled" +msgstr "" + +#: src/err-codes.h:215 msgid "Operation not yet finished" msgstr "" -#: src/err-codes.h:215 +#: src/err-codes.h:216 msgid "Buffer too short" msgstr "" -#: src/err-codes.h:216 +#: src/err-codes.h:217 msgid "Invalid length specifier in S-expression" msgstr "" -#: src/err-codes.h:217 +#: src/err-codes.h:218 msgid "String too long in S-expression" msgstr "" -#: src/err-codes.h:218 +#: src/err-codes.h:219 msgid "Unmatched parentheses in S-expression" msgstr "" -#: src/err-codes.h:219 +#: src/err-codes.h:220 msgid "S-expression not canonical" msgstr "" -#: src/err-codes.h:220 +#: src/err-codes.h:221 msgid "Bad character in S-expression" msgstr "" -#: src/err-codes.h:221 +#: src/err-codes.h:222 msgid "Bad quotation in S-expression" msgstr "" -#: src/err-codes.h:222 +#: src/err-codes.h:223 msgid "Zero prefix in S-expression" msgstr "" -#: src/err-codes.h:223 +#: src/err-codes.h:224 msgid "Nested display hints in S-expression" msgstr "" -#: src/err-codes.h:224 +#: src/err-codes.h:225 msgid "Unmatched display hints" msgstr "" -#: src/err-codes.h:225 +#: src/err-codes.h:226 msgid "Unexpected reserved punctuation in S-expression" msgstr "" -#: src/err-codes.h:226 +#: src/err-codes.h:227 msgid "Bad hexadecimal character in S-expression" msgstr "" -#: src/err-codes.h:227 +#: src/err-codes.h:228 msgid "Odd hexadecimal numbers in S-expression" msgstr "" -#: src/err-codes.h:228 +#: src/err-codes.h:229 msgid "Bad octal character in S-expression" msgstr "" -#: src/err-codes.h:229 +#: src/err-codes.h:230 msgid "General IPC error" msgstr "" -#: src/err-codes.h:230 +#: src/err-codes.h:231 msgid "IPC accept call failed" msgstr "" -#: src/err-codes.h:231 +#: src/err-codes.h:232 msgid "IPC connect call failed" msgstr "" -#: src/err-codes.h:232 +#: src/err-codes.h:233 msgid "Invalid IPC response" msgstr "" -#: src/err-codes.h:233 +#: src/err-codes.h:234 msgid "Invalid value passed to IPC" msgstr "" -#: src/err-codes.h:234 +#: src/err-codes.h:235 msgid "Incomplete line passed to IPC" msgstr "" -#: src/err-codes.h:235 +#: src/err-codes.h:236 msgid "Line passed to IPC too long" msgstr "" -#: src/err-codes.h:236 +#: src/err-codes.h:237 msgid "Nested IPC commands" msgstr "" -#: src/err-codes.h:237 +#: src/err-codes.h:238 msgid "No data callback in IPC" msgstr "" -#: src/err-codes.h:238 +#: src/err-codes.h:239 msgid "No inquire callback in IPC" msgstr "" -#: src/err-codes.h:239 +#: src/err-codes.h:240 msgid "Not an IPC server" msgstr "" -#: src/err-codes.h:240 +#: src/err-codes.h:241 msgid "Not an IPC client" msgstr "" -#: src/err-codes.h:241 +#: src/err-codes.h:242 msgid "Problem starting IPC server" msgstr "" -#: src/err-codes.h:242 +#: src/err-codes.h:243 msgid "IPC read error" msgstr "" -#: src/err-codes.h:243 +#: src/err-codes.h:244 msgid "IPC write error" msgstr "" -#: src/err-codes.h:244 +#: src/err-codes.h:245 msgid "Too much data for IPC layer" msgstr "" -#: src/err-codes.h:245 +#: src/err-codes.h:246 msgid "Unexpected IPC command" msgstr "" -#: src/err-codes.h:246 +#: src/err-codes.h:247 msgid "Unknown IPC command" msgstr "" -#: src/err-codes.h:247 +#: src/err-codes.h:248 msgid "IPC syntax error" msgstr "" -#: src/err-codes.h:248 +#: src/err-codes.h:249 msgid "IPC call has been cancelled" msgstr "" -#: src/err-codes.h:249 +#: src/err-codes.h:250 msgid "No input source for IPC" msgstr "" -#: src/err-codes.h:250 +#: src/err-codes.h:251 msgid "No output source for IPC" msgstr "" -#: src/err-codes.h:251 +#: src/err-codes.h:252 msgid "IPC parameter error" msgstr "" -#: src/err-codes.h:252 +#: src/err-codes.h:253 msgid "Unknown IPC inquire" msgstr "" -#: src/err-codes.h:253 +#: src/err-codes.h:254 msgid "User defined error code 1" msgstr "" -#: src/err-codes.h:254 +#: src/err-codes.h:255 msgid "User defined error code 2" msgstr "" -#: src/err-codes.h:255 +#: src/err-codes.h:256 msgid "User defined error code 3" msgstr "" -#: src/err-codes.h:256 +#: src/err-codes.h:257 msgid "User defined error code 4" msgstr "" -#: src/err-codes.h:257 +#: src/err-codes.h:258 msgid "User defined error code 5" msgstr "" -#: src/err-codes.h:258 +#: src/err-codes.h:259 msgid "User defined error code 6" msgstr "" -#: src/err-codes.h:259 +#: src/err-codes.h:260 msgid "User defined error code 7" msgstr "" -#: src/err-codes.h:260 +#: src/err-codes.h:261 msgid "User defined error code 8" msgstr "" -#: src/err-codes.h:261 +#: src/err-codes.h:262 msgid "User defined error code 9" msgstr "" -#: src/err-codes.h:262 +#: src/err-codes.h:263 msgid "User defined error code 10" msgstr "" -#: src/err-codes.h:263 +#: src/err-codes.h:264 msgid "User defined error code 11" msgstr "" -#: src/err-codes.h:264 +#: src/err-codes.h:265 msgid "User defined error code 12" msgstr "" -#: src/err-codes.h:265 +#: src/err-codes.h:266 msgid "User defined error code 13" msgstr "" -#: src/err-codes.h:266 +#: src/err-codes.h:267 msgid "User defined error code 14" msgstr "" -#: src/err-codes.h:267 +#: src/err-codes.h:268 msgid "User defined error code 15" msgstr "" -#: src/err-codes.h:268 +#: src/err-codes.h:269 msgid "User defined error code 16" msgstr "" -#: src/err-codes.h:269 +#: src/err-codes.h:270 msgid "System error w/o errno" msgstr "" -#: src/err-codes.h:270 +#: src/err-codes.h:271 msgid "Unknown system error" msgstr "" -#: src/err-codes.h:271 +#: src/err-codes.h:272 msgid "End of file" msgstr "" -#: src/err-codes.h:272 +#: src/err-codes.h:273 msgid "Unknown error code" msgstr "" -#: src/gpg-error.c:386 +#: src/gpg-error.c:392 #, c-format msgid "Usage: %s GPG-ERROR [...]\n" msgstr "" -#: src/gpg-error.c:442 +#: src/gpg-error.c:448 #, c-format msgid "%s: warning: could not recognize %s\n" msgstr "" Modified: trunk/po/nl.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/vi.po [not shown] Modified: trunk/po/zh_CN.po [not shown] From cvs at cvs.gnupg.org Tue Oct 26 11:41:06 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 26 Oct 2010 11:41:06 +0200 Subject: [svn] gpg-error - r254 - tags Message-ID: Author: wk Date: 2010-10-26 11:41:06 +0200 (Tue, 26 Oct 2010) New Revision: 254 Added: tags/libgpg-error-1.10/ Log: Tag release From cvs at cvs.gnupg.org Tue Oct 26 11:42:02 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 26 Oct 2010 11:42:02 +0200 Subject: [svn] gpg-error - r255 - trunk Message-ID: Author: wk Date: 2010-10-26 11:42:02 +0200 (Tue, 26 Oct 2010) New Revision: 255 Modified: trunk/NEWS trunk/configure.ac Log: Post release updates Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-10-26 09:41:06 UTC (rev 254) +++ trunk/NEWS 2010-10-26 09:42:02 UTC (rev 255) @@ -1,3 +1,8 @@ +Noteworthy changes in version 1.11 (unreleased) +---------------------------------------------- + + + Noteworthy changes in version 1.10 (2010-10-26) ---------------------------------------------- Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-10-26 09:41:06 UTC (rev 254) +++ trunk/configure.ac 2010-10-26 09:42:02 UTC (rev 255) @@ -24,8 +24,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.10]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.11]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) From cvs at cvs.gnupg.org Tue Oct 26 14:25:49 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 26 Oct 2010 14:25:49 +0200 Subject: [svn] GnuPG - r5468 - in trunk: . doc po scripts Message-ID: Author: wk Date: 2010-10-26 14:25:47 +0200 (Tue, 26 Oct 2010) New Revision: 5468 Modified: trunk/AUTHORS trunk/ChangeLog trunk/NEWS trunk/README trunk/configure.ac trunk/doc/gpg-agent.texi trunk/po/POTFILES.in trunk/po/de.po trunk/scripts/ChangeLog trunk/scripts/config.guess trunk/scripts/config.sub Log: Update scripts etc. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/ChangeLog 2010-10-26 12:25:47 UTC (rev 5468) @@ -1,3 +1,7 @@ +2010-10-26 Werner Koch + + Release 2.1.0beta1. + 2010-10-18 Werner Koch * Makefile.am (install-data-hook): Add W32 specific hook. Modified: trunk/scripts/ChangeLog =================================================================== --- trunk/scripts/ChangeLog 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/scripts/ChangeLog 2010-10-26 12:25:47 UTC (rev 5468) @@ -1,6 +1,11 @@ +2010-10-26 Werner Koch + + * config.guess: Update to version 2010-09-24. + * config.sub: Update to version 2010-09-11. + 2007-12-14 Werner Koch - * config.guess, config.sub: Update to version 2007-11-19. + * config.guess, config.sub: Update to version 2007-11-19. 2007-07-04 Werner Koch @@ -22,7 +27,7 @@ * config.guess, config.sub: Updated. - Copyright 2004, 2007 Free Software Foundation, Inc. + Copyright 2004, 2007, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -31,5 +36,4 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - Modified: trunk/AUTHORS =================================================================== --- trunk/AUTHORS 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/AUTHORS 2010-10-26 12:25:47 UTC (rev 5468) @@ -165,7 +165,7 @@ ========= Copyright 1998, 1999, 2000, 2001, 2002, 2004, 2005, - 2006, 2007, 2008 Free Software Foundation, Inc. + 2006, 2007, 2008, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/NEWS 2010-10-26 12:25:47 UTC (rev 5468) @@ -1,5 +1,5 @@ -Noteworthy changes in version 2.1.x (under development) -------------------------------------------------------- +Noteworthy changes in version 2.1.0beta1 (2010-10-26) +----------------------------------------------------- * Encrypted OpenPGP messages with trailing data (e.g. other OpenPGP packets) are now correctly parsed. Modified: trunk/README =================================================================== --- trunk/README 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/README 2010-10-26 12:25:47 UTC (rev 5468) @@ -2,14 +2,12 @@ ========================= Version 2.1 + THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE. + Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - 2006, 2007, 2008, 2009 Free Software Foundation, Inc. + 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. - THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE. - THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE. - THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE. - INTRODUCTION ============ @@ -29,7 +27,6 @@ OpenPGP-only version. - BUILD INSTRUCTIONS ================== @@ -68,9 +65,53 @@ In case of problem please ask on gnupg-users at gnupg.org for advise. Note that the PKITS tests are always skipped unless you copy the PKITS -test data file into the tests/pkits directory. +test data file into the tests/pkits directory. There is no need to +run these test and some of them may even fail because the test scripts +are not yet complete. +You may run + gpgconf --list-dirs + +to view the default directories used by GnuPG. + + +MIGRATION FROM 1.4 or 2.0 +========================= + +The major change in 2.1 is that gpg-agent now takes care of the +OpenPGP secret keys (those managed by GPG). The former secring.gpg +will not be used anymore. Newly generated keys are generated and +stored in the agent's key store (~/.gnupg/private-keys-v1.d/). To +migrate your existing keys to the agent you should run this command + + gpg2 --import ~/.gnupg/secring.gpg + +The agent will you ask for the passphrase of each key. You may use +the Cancel button of the Pinentry to skip importing this key. If you +want to stop the import process and you use one of the latest +pinentries, you should close the pinentry window instead of hitting +the cancel button. Secret keys already imported are skipped by the +import command. It is advisable to keep the secring.gpg for use with +older versions of GPG. + +Note that gpg-agent now uses a fixed socket by default. All tools +will start the gpg-agent as needed. In general there is no more need +to set the GPG_AGENT_INFO environment variable. The SSH_AUTH_SOCK +environment variable should be set to a fixed value. + +GPG's smartcard commands --card-edit and --card-status as well as the +card related sub-commands of --edit-key are not yet supported. +However, signing and decryption with a smartcard does work. + +The Dirmngr is now part of GnuPG proper. Thus there is no more need +to install the separate dirmngr package. The directroy layout of +Dirmngr changed to make use of the GnuPG directories; for example you +use /etc/gnupg/trusted-certs and /var/lib/gnupg/extra-certs. Dirmngr +needs to be started as a system daemon. + + + DOCUMENTATION ============= Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/configure.ac 2010-10-26 12:25:47 UTC (rev 5468) @@ -24,8 +24,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [2.1.0]) -m4_define([my_issvn], [yes]) +m4_define([my_version], [2.1.0beta1]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) Modified: trunk/doc/gpg-agent.texi =================================================================== --- trunk/doc/gpg-agent.texi 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/doc/gpg-agent.texi 2010-10-26 12:25:47 UTC (rev 5468) @@ -52,13 +52,24 @@ @command{gpg} and @command{gpgsm} as well as for a couple of other utilities. + at ifset gpgtwoone +The agent is usualy started on demand by @command{gpg}, @command{gpgsm}, + at command{gpgconf} or @command{gpg-connect-agent}. Thus there is no +reason to start it manually. In case you want to use the included +Secure Shell Agent you may start the agent using: + + at example +gpg-connect-agent /bye + at end example + at end ifset + + at ifclear gpgtwoone @noindent The usual way to run the agent is from the @code{~/.xsession} file: @example eval $(gpg-agent --daemon) @end example - @noindent If you don't use an X server, you can also put this into your regular startup file @code{~/.profile} or @code{.bash_profile}. It is best not @@ -94,6 +105,7 @@ @noindent It reads the data out of the file and exports the variables. If you don't use Secure Shell, you don't need the last two export statements. + at end ifclear @noindent You should always add the following lines to your @code{.bashrc} or Modified: trunk/po/POTFILES.in =================================================================== --- trunk/po/POTFILES.in 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/po/POTFILES.in 2010-10-26 12:25:47 UTC (rev 5468) @@ -64,7 +64,6 @@ g10/plaintext.c g10/pubkey-enc.c g10/revoke.c -g10/seckey-cert.c g10/seskey.c g10/sig-check.c g10/sign.c Modified: trunk/po/de.po [not shown] Modified: trunk/scripts/config.guess =================================================================== --- trunk/scripts/config.guess 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/scripts/config.guess 2010-10-26 12:25:47 UTC (rev 5468) @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# Free Software Foundation, Inc. -timestamp='2007-11-19' +timestamp='2010-09-24' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ # the same distribution terms that you use for the rest of that program. -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,8 +56,9 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -91,7 +92,7 @@ exit 1 fi -trap 'exit 1' 1 2 15 +trap 'exit 1' HUP INT TERM # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires @@ -105,7 +106,7 @@ set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" HUP INT PIPE TERM ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || @@ -170,7 +171,7 @@ arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep __ELF__ >/dev/null + | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? @@ -324,14 +325,33 @@ case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -532,7 +552,7 @@ echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[45]) + *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -640,7 +660,7 @@ # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep __LP64__ >/dev/null + grep -q __LP64__ then HP_ARCH="hppa2.0w" else @@ -791,18 +811,24 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - *:Interix*:[3456]*) + *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T | authenticamd) + authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we @@ -832,8 +858,29 @@ i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; arm*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -847,6 +894,17 @@ frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -856,75 +914,34 @@ m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - mips:Linux:*:*) + mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU - #undef mips - #undef mipsel + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mipsel + CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips + CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; - mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips64 - #undef mips64el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mips64el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips64 - #else - CPU= - #endif - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + padre:Linux:*:*) + echo sparc-unknown-linux-gnu exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -933,9 +950,12 @@ *) echo hppa-unknown-linux-gnu ;; esac exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; @@ -948,6 +968,9 @@ sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-tilera-linux-gnu + exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; @@ -957,69 +980,6 @@ xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^LIBC/{ - s: ::g - p - }'`" - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both @@ -1048,7 +1008,7 @@ i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) @@ -1092,8 +1052,11 @@ pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 @@ -1131,6 +1094,16 @@ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; @@ -1143,7 +1116,7 @@ rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) @@ -1206,6 +1179,9 @@ BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1233,6 +1209,16 @@ *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} @@ -1248,6 +1234,9 @@ *:QNX:*:4*) echo i386-pc-qnx exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; @@ -1314,6 +1303,9 @@ i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1474,9 +1466,9 @@ the operating system you are using. It is advised that you download the most up to date version of the config scripts from - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD and - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD If the version you run ($0) is already up to date, please send the following data and any information you think might be Modified: trunk/scripts/config.sub =================================================================== --- trunk/scripts/config.sub 2010-10-26 09:10:29 UTC (rev 5467) +++ trunk/scripts/config.sub 2010-10-26 12:25:47 UTC (rev 5468) @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# Free Software Foundation, Inc. -timestamp='2007-11-19' +timestamp='2010-09-11' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -32,13 +32,16 @@ # Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. @@ -72,8 +75,9 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -120,8 +124,10 @@ # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ - uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -148,10 +154,13 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) + -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; + -bluegene*) + os=-cnk + ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 @@ -249,13 +258,16 @@ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep \ + | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ @@ -268,28 +280,41 @@ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | moxie \ | mt \ | msp430 \ + | nds32 | nds32le | nds32be \ | nios | nios2 \ | ns16k | ns32k \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ + | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ + | tahoe | thumb | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) + | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12) + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none @@ -320,7 +345,7 @@ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ @@ -329,14 +354,17 @@ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ @@ -351,27 +379,30 @@ | mmix-* \ | mt-* \ | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile-* | tilegx-* \ | tron-* \ + | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ - | z8k-*) + | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) @@ -439,6 +470,10 @@ basic_machine=m68k-apollo os=-bsd ;; + aros) + basic_machine=i386-pc + os=-aros + ;; aux) basic_machine=m68k-apple os=-aux @@ -447,10 +482,35 @@ basic_machine=ns32k-sequent os=-dynix ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; c90) basic_machine=c90-cray os=-unicos ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -518,6 +578,10 @@ basic_machine=m88k-motorola os=-sysv3 ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp @@ -672,6 +736,14 @@ basic_machine=m68k-isi os=-sysv ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; m88k-omron*) basic_machine=m88k-omron ;; @@ -683,6 +755,9 @@ basic_machine=ns32k-utek os=-sysv ;; + microblaze) + basic_machine=microblaze-xilinx + ;; mingw32) basic_machine=i386-pc os=-mingw32 @@ -787,6 +862,12 @@ np1) basic_machine=np1-gould ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -817,6 +898,14 @@ basic_machine=i860-intel os=-osf ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; pbd) basic_machine=sparc-tti ;; @@ -1013,18 +1102,15 @@ basic_machine=t90-cray os=-unicos ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff + # This must be matched before tile*. + tilegx*) + basic_machine=tilegx-unknown + os=-linux-gnu ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff + tile*) + basic_machine=tile-unknown + os=-linux-gnu ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; tx39) basic_machine=mipstx39-unknown ;; @@ -1100,6 +1186,10 @@ basic_machine=z8k-unknown os=-sim ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -1138,7 +1228,7 @@ we32k) basic_machine=we32k-att ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) @@ -1188,6 +1278,9 @@ # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; @@ -1208,10 +1301,11 @@ # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ + | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1220,9 +1314,10 @@ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ + | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ + | -mingw32* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ @@ -1230,7 +1325,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1360,6 +1455,11 @@ -zvmoe) os=-zvmoe ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; -none) ;; *) @@ -1400,6 +1500,15 @@ c4x-* | tic4x-*) os=-coff ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 @@ -1557,7 +1666,7 @@ -sunos*) vendor=sun ;; - -aix*) + -cnk*|-aix*) vendor=ibm ;; -beos*) From cvs at cvs.gnupg.org Tue Oct 26 14:46:56 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 26 Oct 2010 14:46:56 +0200 Subject: [svn] ksba - r327 - trunk Message-ID: Author: wk Date: 2010-10-26 14:46:55 +0200 (Tue, 26 Oct 2010) New Revision: 327 Modified: trunk/ChangeLog trunk/NEWS trunk/autogen.sh trunk/config.guess trunk/config.sub trunk/configure.ac Log: Update config.gues et al. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-09-13 11:02:44 UTC (rev 326) +++ trunk/ChangeLog 2010-10-26 12:46:55 UTC (rev 327) @@ -1,3 +1,11 @@ +2010-10-26 Werner Koch + + Release 1.1.0. + + * configure.ac: Bump LT version to C18/A10/R0. + * config.guess: Update to version 2010-09-24. + * config.sub: Update to version 2010-09-11. + 2010-08-19 Werner Koch * configure.ac (AH_TOP, AH_BOTTOM): New. Define Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-09-13 11:02:44 UTC (rev 326) +++ trunk/NEWS 2010-10-26 12:46:55 UTC (rev 327) @@ -1,6 +1,8 @@ -Noteworthy changes in version 1.1.0 (unreleased) +Noteworthy changes in version 1.1.0 (2010-10-26) ------------------------------------------------ + * New functions to fix a leak in dirmngr. + * Interface changes relative to the 1.0.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ksba_reader_set_release_notify NEW Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2010-09-13 11:02:44 UTC (rev 326) +++ trunk/autogen.sh 2010-10-26 12:46:55 UTC (rev 327) @@ -124,7 +124,7 @@ fi fi - ./configure --enable-maintainer-mode --prefix=${w32root} \ + $tsdir/configure --enable-maintainer-mode --prefix=${w32root} \ --host=${host} --build=${build} \ --with-gpg-error-prefix=${w32root} "$@" Modified: trunk/config.guess =================================================================== --- trunk/config.guess 2010-09-13 11:02:44 UTC (rev 326) +++ trunk/config.guess 2010-10-26 12:46:55 UTC (rev 327) @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# Free Software Foundation, Inc. -timestamp='2007-11-19' +timestamp='2010-09-24' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ # the same distribution terms that you use for the rest of that program. -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,8 +56,9 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -91,7 +92,7 @@ exit 1 fi -trap 'exit 1' 1 2 15 +trap 'exit 1' HUP INT TERM # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires @@ -105,7 +106,7 @@ set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" HUP INT PIPE TERM ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || @@ -170,7 +171,7 @@ arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep __ELF__ >/dev/null + | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? @@ -324,14 +325,33 @@ case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -532,7 +552,7 @@ echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[45]) + *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -640,7 +660,7 @@ # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep __LP64__ >/dev/null + grep -q __LP64__ then HP_ARCH="hppa2.0w" else @@ -791,18 +811,24 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - *:Interix*:[3456]*) + *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T | authenticamd) + authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we @@ -832,8 +858,29 @@ i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; arm*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -847,6 +894,17 @@ frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -856,75 +914,34 @@ m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - mips:Linux:*:*) + mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU - #undef mips - #undef mipsel + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mipsel + CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips + CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; - mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips64 - #undef mips64el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mips64el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips64 - #else - CPU= - #endif - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + padre:Linux:*:*) + echo sparc-unknown-linux-gnu exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -933,9 +950,12 @@ *) echo hppa-unknown-linux-gnu ;; esac exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; @@ -948,6 +968,9 @@ sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-tilera-linux-gnu + exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; @@ -957,69 +980,6 @@ xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^LIBC/{ - s: ::g - p - }'`" - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both @@ -1048,7 +1008,7 @@ i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) @@ -1092,8 +1052,11 @@ pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 @@ -1131,6 +1094,16 @@ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; @@ -1143,7 +1116,7 @@ rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) @@ -1206,6 +1179,9 @@ BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1233,6 +1209,16 @@ *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} @@ -1248,6 +1234,9 @@ *:QNX:*:4*) echo i386-pc-qnx exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; @@ -1314,6 +1303,9 @@ i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1474,9 +1466,9 @@ the operating system you are using. It is advised that you download the most up to date version of the config scripts from - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD and - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD If the version you run ($0) is already up to date, please send the following data and any information you think might be Modified: trunk/config.sub =================================================================== --- trunk/config.sub 2010-09-13 11:02:44 UTC (rev 326) +++ trunk/config.sub 2010-10-26 12:46:55 UTC (rev 327) @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# Free Software Foundation, Inc. -timestamp='2007-11-19' +timestamp='2010-09-11' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -32,13 +32,16 @@ # Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. @@ -72,8 +75,9 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -120,8 +124,10 @@ # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ - uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -148,10 +154,13 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) + -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; + -bluegene*) + os=-cnk + ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 @@ -249,13 +258,16 @@ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep \ + | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ @@ -268,28 +280,41 @@ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | moxie \ | mt \ | msp430 \ + | nds32 | nds32le | nds32be \ | nios | nios2 \ | ns16k | ns32k \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ + | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ + | tahoe | thumb | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) + | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12) + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none @@ -320,7 +345,7 @@ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ @@ -329,14 +354,17 @@ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ @@ -351,27 +379,30 @@ | mmix-* \ | mt-* \ | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile-* | tilegx-* \ | tron-* \ + | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ - | z8k-*) + | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) @@ -439,6 +470,10 @@ basic_machine=m68k-apollo os=-bsd ;; + aros) + basic_machine=i386-pc + os=-aros + ;; aux) basic_machine=m68k-apple os=-aux @@ -447,10 +482,35 @@ basic_machine=ns32k-sequent os=-dynix ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; c90) basic_machine=c90-cray os=-unicos ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -518,6 +578,10 @@ basic_machine=m88k-motorola os=-sysv3 ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp @@ -672,6 +736,14 @@ basic_machine=m68k-isi os=-sysv ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; m88k-omron*) basic_machine=m88k-omron ;; @@ -683,6 +755,9 @@ basic_machine=ns32k-utek os=-sysv ;; + microblaze) + basic_machine=microblaze-xilinx + ;; mingw32) basic_machine=i386-pc os=-mingw32 @@ -787,6 +862,12 @@ np1) basic_machine=np1-gould ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -817,6 +898,14 @@ basic_machine=i860-intel os=-osf ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; pbd) basic_machine=sparc-tti ;; @@ -1013,18 +1102,15 @@ basic_machine=t90-cray os=-unicos ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff + # This must be matched before tile*. + tilegx*) + basic_machine=tilegx-unknown + os=-linux-gnu ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff + tile*) + basic_machine=tile-unknown + os=-linux-gnu ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; tx39) basic_machine=mipstx39-unknown ;; @@ -1100,6 +1186,10 @@ basic_machine=z8k-unknown os=-sim ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -1138,7 +1228,7 @@ we32k) basic_machine=we32k-att ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) @@ -1188,6 +1278,9 @@ # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; @@ -1208,10 +1301,11 @@ # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ + | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1220,9 +1314,10 @@ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ + | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ + | -mingw32* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ @@ -1230,7 +1325,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1360,6 +1455,11 @@ -zvmoe) os=-zvmoe ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; -none) ;; *) @@ -1400,6 +1500,15 @@ c4x-* | tic4x-*) os=-coff ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 @@ -1557,7 +1666,7 @@ -sunos*) vendor=sun ;; - -aix*) + -cnk*|-aix*) vendor=ibm ;; -beos*) Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-09-13 11:02:44 UTC (rev 326) +++ trunk/configure.ac 2010-10-26 12:46:55 UTC (rev 327) @@ -26,7 +26,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [1.1.0]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) @@ -39,9 +39,9 @@ # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) # Please remember to document interface changes in the NEWS file. -LIBKSBA_LT_CURRENT=17 -LIBKSBA_LT_AGE=9 -LIBKSBA_LT_REVISION=8 +LIBKSBA_LT_CURRENT=18 +LIBKSBA_LT_AGE=10 +LIBKSBA_LT_REVISION=0 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 From cvs at cvs.gnupg.org Tue Oct 26 14:54:12 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 26 Oct 2010 14:54:12 +0200 Subject: [svn] ksba - r328 - tags Message-ID: Author: wk Date: 2010-10-26 14:54:12 +0200 (Tue, 26 Oct 2010) New Revision: 328 Added: tags/libksba-1.1.0/ Log: Release tag From cvs at cvs.gnupg.org Tue Oct 26 14:54:55 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 26 Oct 2010 14:54:55 +0200 Subject: [svn] ksba - r329 - trunk Message-ID: Author: wk Date: 2010-10-26 14:54:54 +0200 (Tue, 26 Oct 2010) New Revision: 329 Modified: trunk/NEWS trunk/configure.ac Log: Post release updates Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-10-26 12:54:12 UTC (rev 328) +++ trunk/NEWS 2010-10-26 12:54:54 UTC (rev 329) @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.1.1 +------------------------------------------------ + + Noteworthy changes in version 1.1.0 (2010-10-26) ------------------------------------------------ Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-10-26 12:54:12 UTC (rev 328) +++ trunk/configure.ac 2010-10-26 12:54:54 UTC (rev 329) @@ -25,8 +25,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.1.0]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.1.1]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) From cvs at cvs.gnupg.org Tue Oct 26 14:55:36 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 26 Oct 2010 14:55:36 +0200 Subject: [svn] GnuPG - r5469 - tags Message-ID: Author: wk Date: 2010-10-26 14:55:36 +0200 (Tue, 26 Oct 2010) New Revision: 5469 Added: tags/gnupg-2.1.0beta1/ Log: Release tag. From cvs at cvs.gnupg.org Wed Oct 27 09:37:54 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 27 Oct 2010 09:37:54 +0200 Subject: [svn] GnuPG - r5470 - in trunk: . agent scd tools Message-ID: Author: wk Date: 2010-10-27 09:37:52 +0200 (Wed, 27 Oct 2010) New Revision: 5470 Modified: trunk/NEWS trunk/agent/ChangeLog trunk/agent/gpg-agent.c trunk/configure.ac trunk/scd/ChangeLog trunk/scd/scdaemon.c trunk/tools/ChangeLog trunk/tools/symcryptrun.c Log: Honor TMPDIR. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-10-26 12:55:36 UTC (rev 5469) +++ trunk/agent/ChangeLog 2010-10-27 07:37:52 UTC (rev 5470) @@ -1,3 +1,7 @@ +2010-10-27 Werner Koch + + * gpg-agent.c (create_socket_name): Use TMPDIR. Change callers. + 2010-10-26 Werner Koch * cache.c (agent_put_cache): Allow deletion even if TTL is passwd Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2010-10-26 12:55:36 UTC (rev 5469) +++ trunk/scd/ChangeLog 2010-10-27 07:37:52 UTC (rev 5470) @@ -1,3 +1,7 @@ +2010-10-27 Werner Koch + + * scdaemon.c (create_socket_name): Use TMPDIR. Change callers. + 2010-10-18 Werner Koch * app-openpgp.c (parse_algorithm_attribute): Remove extra const in Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2010-10-26 12:55:36 UTC (rev 5469) +++ trunk/tools/ChangeLog 2010-10-27 07:37:52 UTC (rev 5470) @@ -1,3 +1,7 @@ +2010-10-27 Werner Koch + + * symcryptrun.c (confucius_mktmpdir): Use TMPDIR. + 2010-10-14 Werner Koch * gpg-connect-agent.c: Add option --agent-program. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-10-26 12:55:36 UTC (rev 5469) +++ trunk/NEWS 2010-10-27 07:37:52 UTC (rev 5470) @@ -1,3 +1,10 @@ +Noteworthy changes in version 2.1.0beta2 (unreleased) +----------------------------------------------------- + + * TMPDIR is now also honored when creating a socket using + --no-standard-socket and with symcryptrun's temp files. + + Noteworthy changes in version 2.1.0beta1 (2010-10-26) ----------------------------------------------------- Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2010-10-26 12:55:36 UTC (rev 5469) +++ trunk/agent/gpg-agent.c 2010-10-27 07:37:52 UTC (rev 5470) @@ -1026,10 +1026,10 @@ /* Create the sockets. */ socket_name = create_socket_name - ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent"); + ("S.gpg-agent", "gpg-XXXXXX/S.gpg-agent"); if (opt.ssh_support) socket_name_ssh = create_socket_name - ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); + ("S.gpg-agent.ssh", "gpg-XXXXXX/S.gpg-agent.ssh"); fd = create_server_socket (socket_name, 0, &socket_nonce); if (opt.ssh_support) @@ -1446,7 +1446,15 @@ name = make_filename (opt.homedir, standard_name, NULL); else { - name = xstrdup (template); + /* Prepend the tmp directory to the template. */ + p = getenv ("TMPDIR"); + if (!p || !*p) + p = "/tmp"; + if (p[strlen (p) - 1] == '/') + name = xstrconcat (p, template, NULL); + else + name = xstrconcat (p, "/", template, NULL); + p = strrchr (name, '/'); if (!p) BUG (); Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-10-26 12:55:36 UTC (rev 5469) +++ trunk/configure.ac 2010-10-27 07:37:52 UTC (rev 5470) @@ -24,8 +24,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [2.1.0beta1]) -m4_define([my_issvn], [no]) +m4_define([my_version], [2.1.0]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) Modified: trunk/scd/scdaemon.c =================================================================== --- trunk/scd/scdaemon.c 2010-10-26 12:55:36 UTC (rev 5469) +++ trunk/scd/scdaemon.c 2010-10-27 07:37:52 UTC (rev 5470) @@ -731,7 +731,7 @@ { socket_name = create_socket_name (standard_socket, "S.scdaemon", - "/tmp/gpg-XXXXXX/S.scdaemon"); + "gpg-XXXXXX/S.scdaemon"); fd = FD2INT(create_server_socket (standard_socket, socket_name, &socket_nonce)); @@ -780,7 +780,7 @@ /* Create the socket. */ socket_name = create_socket_name (standard_socket, "S.scdaemon", - "/tmp/gpg-XXXXXX/S.scdaemon"); + "gpg-XXXXXX/S.scdaemon"); fd = FD2INT (create_server_socket (standard_socket, socket_name, &socket_nonce)); @@ -1019,7 +1019,15 @@ name = make_filename (opt.homedir, standard_name, NULL); else { - name = xstrdup (template); + /* Prepend the tmp directory to the template. */ + p = getenv ("TMPDIR"); + if (!p || !*p) + p = "/tmp"; + if (p[strlen (p) - 1] == '/') + name = xstrconcat (p, template, NULL); + else + name = xstrconcat (p, "/", template, NULL); + p = strrchr (name, '/'); if (!p) BUG (); Modified: trunk/tools/symcryptrun.c =================================================================== --- trunk/tools/symcryptrun.c 2010-10-26 12:55:36 UTC (rev 5469) +++ trunk/tools/symcryptrun.c 2010-10-27 07:37:52 UTC (rev 5470) @@ -303,9 +303,15 @@ static char * confucius_mktmpdir (void) { - char *name; + char *name, *p; - name = strdup ("/tmp/gpg-XXXXXX"); + p = getenv ("TMPDIR"); + if (!p || !*p) + p = "/tmp"; + if (p[strlen (p) - 1] == '/') + name = xstrconcat (p, "gpg-XXXXXX", NULL); + else + name = xstrconcat (p, "/", "gpg-XXXXXX", NULL); if (!name || !mkdtemp (name)) { log_error (_("can't create temporary directory `%s': %s\n"), From cvs at cvs.gnupg.org Wed Oct 27 12:59:13 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 27 Oct 2010 12:59:13 +0200 Subject: [svn] GnuPG - r5471 - in branches/STABLE-BRANCH-1-4: . g10 util Message-ID: Author: wk Date: 2010-10-27 12:59:11 +0200 (Wed, 27 Oct 2010) New Revision: 5471 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/THANKS branches/STABLE-BRANCH-1-4/acinclude.m4 branches/STABLE-BRANCH-1-4/configure.ac branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/keygen.c branches/STABLE-BRANCH-1-4/g10/keyid.c branches/STABLE-BRANCH-1-4/util/ChangeLog branches/STABLE-BRANCH-1-4/util/miscutil.c Log: Detect unsigned time_t and adjust y2038 detection. Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2010-10-27 07:37:52 UTC (rev 5470) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2010-10-27 10:59:11 UTC (rev 5471) @@ -1,3 +1,8 @@ +2010-10-27 Werner Koch + + * acinclude.m4 (GNUPG_TIME_T_UNSIGNED): New. + * configure.ac: Call AC_HEADER_TIME and GNUPG_TIME_T_UNSIGNED. + 2010-10-18 Werner Koch Release 1.4.11. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-27 07:37:52 UTC (rev 5470) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-27 10:59:11 UTC (rev 5471) @@ -1,3 +1,10 @@ +2010-10-27 Werner Koch + + * keygen.c (ask_expire_interval): Print 2038 warning only for 32 + bit signed time_t. + * keyid.c (mk_datestr): Do the y2038 test only for a signed time_t. + (INVALID_TIME_CHECK): New. + 2010-10-20 Werner Koch * encr-data.c (decode_filter): Cast -1 to size_t. Reported by Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/util/ChangeLog 2010-10-27 07:37:52 UTC (rev 5470) +++ branches/STABLE-BRANCH-1-4/util/ChangeLog 2010-10-27 10:59:11 UTC (rev 5471) @@ -1,3 +1,8 @@ +2010-10-27 Werner Koch + + * miscutil.c (INVALID_TIME_CHECK): New. + (strtimestamp, isotimestamp, asctimestamp): Use it. + 2010-09-28 Steven M. Schweda (wk) Changes to help the VMS port. See Modified: branches/STABLE-BRANCH-1-4/THANKS =================================================================== --- branches/STABLE-BRANCH-1-4/THANKS 2010-10-27 07:37:52 UTC (rev 5470) +++ branches/STABLE-BRANCH-1-4/THANKS 2010-10-27 10:59:11 UTC (rev 5471) @@ -93,6 +93,7 @@ Jan Niehusmann jan at gondor.com Janusz A. Urbanowicz alex at bofh.torun.pl James Troup james at nocrew.org +Jason Woodward jason dot woodward at timesys dot com Jean-loup Gailly gzip at prep.ai.mit.edu Jeff Long long at kestrel.cc.ukans.edu Jeffery Von Ronne jronne at ics.uci.edu Modified: branches/STABLE-BRANCH-1-4/acinclude.m4 =================================================================== --- branches/STABLE-BRANCH-1-4/acinclude.m4 2010-10-27 07:37:52 UTC (rev 5470) +++ branches/STABLE-BRANCH-1-4/acinclude.m4 2010-10-27 10:59:11 UTC (rev 5471) @@ -45,6 +45,33 @@ ]) +# GNUPG_TIME_T_UNSIGNED +# Check whether time_t is unsigned +# +AC_DEFUN([GNUPG_TIME_T_UNSIGNED], + [ AC_CACHE_CHECK(whether time_t is unsigned, gnupg_cv_time_t_unsigned, + [AC_REQUIRE([AC_HEADER_TIME])dnl + AC_COMPILE_IFELSE([AC_LANG_BOOL_COMPILE_TRY( + [AC_INCLUDES_DEFAULT([]) +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +], + [((time_t)-1) < 0])], + gnupg_cv_time_t_unsigned=no, gnupg_cv_time_t_unsigned=yes)]) + if test $gnupg_cv_time_t_unsigned = yes; then + AC_DEFINE(HAVE_UNSIGNED_TIME_T,1,[Defined if time_t is an unsigned type]) + fi +])# GNUPG_TIME_T_UNSIGNED + + dnl GNUPG_CHECK_GNUMAKE dnl AC_DEFUN([GNUPG_CHECK_GNUMAKE], Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2010-10-27 07:37:52 UTC (rev 5470) +++ branches/STABLE-BRANCH-1-4/configure.ac 2010-10-27 10:59:11 UTC (rev 5471) @@ -956,6 +956,7 @@ AC_CHECK_SIZEOF(unsigned int) AC_CHECK_SIZEOF(unsigned long) AC_CHECK_SIZEOF(unsigned long long) +AC_HEADER_TIME AC_CHECK_SIZEOF(time_t,,[[ #include #if TIME_WITH_SYS_TIME @@ -969,6 +970,7 @@ # endif #endif ]]) +GNUPG_TIME_T_UNSIGNED # Ensure that we have UINT64_C before we bother to check for uint64_t AC_CHECK_HEADERS([inttypes.h]) Modified: branches/STABLE-BRANCH-1-4/g10/keygen.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/keygen.c 2010-10-27 07:37:52 UTC (rev 5470) +++ branches/STABLE-BRANCH-1-4/g10/keygen.c 2010-10-27 10:59:11 UTC (rev 5471) @@ -1789,7 +1789,7 @@ ? _("Key expires at %s\n") : _("Signature expires at %s\n"), asctimestamp((ulong)(timestamp + interval) ) ); -#if SIZEOF_TIME_T <= 4 +#if SIZEOF_TIME_T <= 4 && !defined(HAVE_UNSIGNED_TIME_T) if ((time_t)((ulong)(timestamp+interval)) < 0 ) tty_printf (_("Your system can't display dates beyond 2038.\n" "However, it will be correctly handled up to" Modified: branches/STABLE-BRANCH-1-4/g10/keyid.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/keyid.c 2010-10-27 07:37:52 UTC (rev 5470) +++ branches/STABLE-BRANCH-1-4/g10/keyid.c 2010-10-27 10:59:11 UTC (rev 5471) @@ -33,6 +33,14 @@ #include "keydb.h" #include "i18n.h" +#ifdef HAVE_UNSIGNED_TIME_T +# define INVALID_TIME_CHECK(a) ((a) == (time_t)(-1)) +#else + /* Error or 32 bit time_t and value after 2038-01-19. */ +# define INVALID_TIME_CHECK(a) ((a) < 0) +#endif + + int pubkey_letter( int algo ) { @@ -444,12 +452,8 @@ { struct tm *tp; - /* Note: VMS uses an unsigned time_t thus the compiler yields a - warning here. You may ignore this warning or def out this test - for VMS. The proper way to handle this would be a configure - test to a detect properly implemented unsigned time_t. */ - if ( atime < 0 ) /* 32 bit time_t and after 2038-01-19 */ - strcpy (buffer, "????" "-??" "-??"); /* mark this as invalid */ + if (INVALID_TIME_CHECK (atime)) + strcpy (buffer, "????" "-??" "-??"); /* Mark this as invalid. */ else { tp = gmtime (&atime); sprintf (buffer,"%04d-%02d-%02d", Modified: branches/STABLE-BRANCH-1-4/util/miscutil.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/miscutil.c 2010-10-27 07:37:52 UTC (rev 5470) +++ branches/STABLE-BRANCH-1-4/util/miscutil.c 2010-10-27 10:59:11 UTC (rev 5471) @@ -31,6 +31,13 @@ #include "util.h" #include "i18n.h" +#ifdef HAVE_UNSIGNED_TIME_T +# define INVALID_TIME_CHECK(a) ((a) == (time_t)(-1)) +#else + /* Error or 32 bit time_t and value after 2038-01-19. */ +# define INVALID_TIME_CHECK(a) ((a) < 0) +#endif + /**************** * I know that the OpenPGP protocol has a Y2106 problem ;-) */ @@ -117,8 +124,8 @@ static char buffer[11+5]; struct tm *tp; time_t atime = stamp; - - if (atime < 0) { + + if (INVALID_TIME_CHECK (atime)) { strcpy (buffer, "????" "-??" "-??"); } else { @@ -140,7 +147,7 @@ struct tm *tp; time_t atime = stamp; - if (atime < 0) { + if (INVALID_TIME_CHECK (atime)) { strcpy (buffer, "????" "-??" "-??" " " "??" ":" "??" ":" "??"); } else { @@ -216,10 +223,11 @@ struct tm *tp; time_t atime = stamp; - if (atime < 0) { + if (INVALID_TIME_CHECK (atime)) + { strcpy (buffer, "????" "-??" "-??"); return buffer; - } + } tp = localtime( &atime ); #ifdef HAVE_STRFTIME From cvs at cvs.gnupg.org Wed Oct 27 13:26:54 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 27 Oct 2010 13:26:54 +0200 Subject: [svn] GnuPG - r5472 - in trunk: . common g10 Message-ID: Author: wk Date: 2010-10-27 13:26:53 +0200 (Wed, 27 Oct 2010) New Revision: 5472 Modified: trunk/ChangeLog trunk/acinclude.m4 trunk/common/ChangeLog trunk/common/gettime.c trunk/configure.ac trunk/g10/ChangeLog trunk/g10/keygen.c trunk/g10/keyid.c Log: Better support unsigned time_t Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-27 10:59:11 UTC (rev 5471) +++ trunk/ChangeLog 2010-10-27 11:26:53 UTC (rev 5472) @@ -1,3 +1,9 @@ +2010-10-27 Werner Koch + + * acinclude.m4 (GNUPG_TIME_T_UNSIGNED): New. + * configure.ac (AC_HEADER_TIME): Include before checking time_t. + (GNUPG_TIME_T_UNSIGNED): Add. + 2010-10-26 Werner Koch Release 2.1.0beta1. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-10-27 10:59:11 UTC (rev 5471) +++ trunk/common/ChangeLog 2010-10-27 11:26:53 UTC (rev 5472) @@ -1,3 +1,11 @@ +2010-10-27 Werner Koch + + * gettime.c (gnupg_get_isotime): Compare to (time_t)-1. + (epoch2isotime): Ditto. + (IS_INVALID_TIME_T): New. + (asctimestamp): Use lNew macro. + (strtimestamp, isotimestamp): Ditto. Use snprintf. + 2010-10-25 Werner Koch * logging.c (do_log): Rename to log_log and make global. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-27 10:59:11 UTC (rev 5471) +++ trunk/g10/ChangeLog 2010-10-27 11:26:53 UTC (rev 5472) @@ -1,3 +1,10 @@ +2010-10-27 Werner Koch + + * keygen.c (ask_expire_interval): Do not print the y2038 if we + have an unsigned time_t. + * keyid.c (IS_INVALID_TIME_T): New. + (mk_datestr): Use it to detect the y2038 problem. + 2010-10-26 Werner Koch * keyedit.c (change_passphrase): Handle the passwd_nonce. Modified: trunk/acinclude.m4 =================================================================== --- trunk/acinclude.m4 2010-10-27 10:59:11 UTC (rev 5471) +++ trunk/acinclude.m4 2010-10-27 11:26:53 UTC (rev 5472) @@ -305,5 +305,28 @@ ]) - - +# GNUPG_TIME_T_UNSIGNED +# Check whether time_t is unsigned +# +AC_DEFUN([GNUPG_TIME_T_UNSIGNED], + [ AC_CACHE_CHECK(whether time_t is unsigned, gnupg_cv_time_t_unsigned, + [AC_REQUIRE([AC_HEADER_TIME])dnl + AC_COMPILE_IFELSE([AC_LANG_BOOL_COMPILE_TRY( + [AC_INCLUDES_DEFAULT([]) +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +], + [((time_t)-1) < 0])], + gnupg_cv_time_t_unsigned=no, gnupg_cv_time_t_unsigned=yes)]) + if test $gnupg_cv_time_t_unsigned = yes; then + AC_DEFINE(HAVE_UNSIGNED_TIME_T,1,[Defined if time_t is an unsigned type]) + fi +])# GNUPG_TIME_T_UNSIGNED Modified: trunk/common/gettime.c =================================================================== --- trunk/common/gettime.c 2010-10-27 10:59:11 UTC (rev 5471) +++ trunk/common/gettime.c 2010-10-27 11:26:53 UTC (rev 5472) @@ -29,6 +29,14 @@ #include "i18n.h" #include "gettime.h" +#ifdef HAVE_UNSIGNED_TIME_T +# define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1)) +#else + /* Error or 32 bit time_t and value after 2038-01-19. */ +# define IS_INVALID_TIME_T(a) ((a) < 0) +#endif + + static unsigned long timewarp; static enum { NORMAL = 0, FROZEN, FUTURE, PAST } timemode; @@ -59,7 +67,7 @@ { time_t atime = gnupg_get_time (); - if (atime < 0) + if (atime == (time_t)(-1)) *timebuf = 0; else { @@ -223,7 +231,7 @@ void epoch2isotime (gnupg_isotime_t timebuf, time_t atime) { - if (atime < 0) + if (atime == (time_t)(-1)) *timebuf = 0; else { @@ -283,21 +291,23 @@ * Note: this function returns GMT */ const char * -strtimestamp( u32 stamp ) +strtimestamp (u32 stamp) { - static char buffer[11+5]; - struct tm *tp; - time_t atime = stamp; + static char buffer[11+5]; + struct tm *tp; + time_t atime = stamp; - if (atime < 0) { - strcpy (buffer, "????" "-??" "-??"); + if (IS_INVALID_TIME_T (atime)) + { + strcpy (buffer, "????" "-??" "-??"); } - else { - tp = gmtime( &atime ); - sprintf(buffer,"%04d-%02d-%02d", + else + { + tp = gmtime( &atime ); + snprintf (buffer, sizeof buffer, "%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday ); } - return buffer; + return buffer; } @@ -311,16 +321,16 @@ struct tm *tp; time_t atime = stamp; - if (atime < 0) + if (IS_INVALID_TIME_T (atime)) { strcpy (buffer, "????" "-??" "-??" " " "??" ":" "??" ":" "??"); } else { tp = gmtime ( &atime ); - sprintf (buffer,"%04d-%02d-%02d %02d:%02d:%02d", - 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, - tp->tm_hour, tp->tm_min, tp->tm_sec); + snprintf (buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d", + 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, + tp->tm_hour, tp->tm_min, tp->tm_sec); } return buffer; } @@ -339,7 +349,7 @@ struct tm *tp; time_t atime = stamp; - if (atime < 0) + if (IS_INVALID_TIME_T (atime)) { strcpy (buffer, "????" "-??" "-??"); return buffer; Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-10-27 10:59:11 UTC (rev 5471) +++ trunk/configure.ac 2010-10-27 11:26:53 UTC (rev 5472) @@ -1160,6 +1160,7 @@ AC_CHECK_SIZEOF(unsigned int) AC_CHECK_SIZEOF(unsigned long) AC_CHECK_SIZEOF(unsigned long long) +AC_HEADER_TIME AC_CHECK_SIZEOF(time_t,,[[ #include #if TIME_WITH_SYS_TIME @@ -1173,6 +1174,7 @@ # endif #endif ]]) +GNUPG_TIME_T_UNSIGNED # Ensure that we have UINT64_C before we bother to check for uint64_t Modified: trunk/g10/keygen.c =================================================================== --- trunk/g10/keygen.c 2010-10-27 10:59:11 UTC (rev 5471) +++ trunk/g10/keygen.c 2010-10-27 11:26:53 UTC (rev 5472) @@ -1854,7 +1854,7 @@ ? _("Key expires at %s\n") : _("Signature expires at %s\n"), asctimestamp((ulong)(curtime + interval) ) ); -#if SIZEOF_TIME_T <= 4 +#if SIZEOF_TIME_T <= 4 && !defined (HAVE_UNSIGNED_TIME_T) if ( (time_t)((ulong)(curtime+interval)) < 0 ) tty_printf (_("Your system can't display dates beyond 2038.\n" "However, it will be correctly handled up to" Modified: trunk/g10/keyid.c =================================================================== --- trunk/g10/keyid.c 2010-10-27 10:59:11 UTC (rev 5471) +++ trunk/g10/keyid.c 2010-10-27 11:26:53 UTC (rev 5472) @@ -37,7 +37,14 @@ #define KEYID_STR_SIZE 19 +#ifdef HAVE_UNSIGNED_TIME_T +# define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1)) +#else + /* Error or 32 bit time_t and value after 2038-01-19. */ +# define IS_INVALID_TIME_T(a) ((a) < 0) +#endif + /* Return a letter describing the public key algorithms. */ int pubkey_letter( int algo ) @@ -446,12 +453,8 @@ { struct tm *tp; - /* Note: VMS uses an unsigned time_t thus the compiler yields a - warning here. You may ignore this warning or def out this test - for VMS. The proper way to handle this would be a configure test - to a detect properly implemented unsigned time_t. */ - if ( atime < 0 ) /* 32 bit time_t and after 2038-01-19 */ - strcpy (buffer, "????" "-??" "-??"); /* mark this as invalid */ + if (IS_INVALID_TIME_T (atime)) + strcpy (buffer, "????" "-??" "-??"); /* Mark this as invalid. */ else { tp = gmtime (&atime); From cvs at cvs.gnupg.org Thu Oct 28 16:00:15 2010 From: cvs at cvs.gnupg.org (svn author marcus) Date: Thu, 28 Oct 2010 16:00:15 +0200 Subject: [svn] gpgme - r1495 - trunk/src Message-ID: Author: marcus Date: 2010-10-28 16:00:14 +0200 (Thu, 28 Oct 2010) New Revision: 1495 Modified: trunk/src/ChangeLog trunk/src/opassuan.c Log: 2010-10-28 Marcus Brinkmann * opassuan.c (gpgme_op_assuan_transact_ext): Fix uninitialized value use. Reported by Marc Mutz. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-10-07 12:54:17 UTC (rev 1494) +++ trunk/src/ChangeLog 2010-10-28 14:00:14 UTC (rev 1495) @@ -1,3 +1,8 @@ +2010-10-28 Marcus Brinkmann + + * opassuan.c (gpgme_op_assuan_transact_ext): Fix uninitialized + value use. Reported by Marc Mutz. + 2010-10-07 Werner Koch * gpgme-tool.c (ARGP_ERR_UNKNOWN): Use EDEADLK if available. Modified: trunk/src/opassuan.c =================================================================== --- trunk/src/opassuan.c 2010-10-07 12:54:17 UTC (rev 1494) +++ trunk/src/opassuan.c 2010-10-28 14:00:14 UTC (rev 1495) @@ -126,9 +126,10 @@ data_cb, data_cb_value, inq_cb, inq_cb_value, status_cb, status_cb_value); - if (!err) - err = _gpgme_wait_one_ext (ctx, &op_err); + if (err) + goto out; + err = _gpgme_wait_one_ext (ctx, &op_err); if (op_err) { TRACE_LOG2 ("op_err = %s <%s>", gpgme_strerror (op_err), @@ -140,7 +141,8 @@ } if (op_err_p) *op_err_p = op_err; - + + out: return TRACE_ERR (err); } From cvs at cvs.gnupg.org Thu Oct 28 16:24:53 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 28 Oct 2010 16:24:53 +0200 Subject: [svn] gpg-error - r256 - in trunk: . contrib contrib/conf-w32ce-msc src Message-ID: Author: wk Date: 2010-10-28 16:24:52 +0200 (Thu, 28 Oct 2010) New Revision: 256 Added: trunk/contrib/ trunk/contrib/conf-w32ce-msc/ trunk/contrib/conf-w32ce-msc/build.mk trunk/contrib/conf-w32ce-msc/config.h Modified: trunk/ChangeLog trunk/src/gpg-error.h.in trunk/src/init.c trunk/src/mkstrtable.awk trunk/src/w32-gettext.c Log: Add some code to allow building with MSC. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-26 09:42:02 UTC (rev 255) +++ trunk/ChangeLog 2010-10-28 14:24:52 UTC (rev 256) @@ -1,3 +1,16 @@ +2010-10-28 Werner Koch + + * contrib/conf-w32ce-msc/build.mk: New. + * contrib/conf-w32ce-msc/config.h: New. + + * src/mkstrtable.awk: s/inline/GPG_ERR_INLINE/ + * src/w32-gettext.c: Include gpg-error.h and replace all + __inline__ by GPG_ERR_INLINE. + (module_init): Use _GPG_ERR_CONSTRUCTOR. + (_gpg_w32__init_gettext_module): Build also if we don't have + constructors + * src/gpg-error.h.in (GPG_ERR_INLINE) [_MSC_VER]: Define as __inline. + 2010-10-26 Werner Koch Release 1.10. Added: trunk/contrib/conf-w32ce-msc/build.mk =================================================================== --- trunk/contrib/conf-w32ce-msc/build.mk (rev 0) +++ trunk/contrib/conf-w32ce-msc/build.mk 2010-10-28 14:24:52 UTC (rev 256) @@ -0,0 +1,95 @@ +# build.mk - Makefile to build libgpg-error using Visual-C +# Copyright 2010 g10 Code GmbH +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This is a helper make script to build libgpg-error for WindowsCE +# using the Microsoft Visual C compiler. + +# The target build directry where we run the Visual C compiler/ +# This needs to be an absolute directory name. +targetdir = /home/smb/xppro-gnu/src/libgpg-error + + +help: + @echo "Run " + @echo " make -f ../contrib/conf-w32ce-msc/build.mk copy-source" + @echo "on the POSIX system and then" + @echo " nmake -f build.mk all" + @echo "on the Windows system" + + +CFLAGS = -DHAVE_CONFIG_H -DDLL_EXPORT -I. +LDFLAGS = + +# Standard source files +sources = \ + init.c init.h \ + strsource.c \ + strerror.c \ + code-to-errno.c \ + code-from-errno.c \ + w32-gettext.c \ + gettext.h \ + err-sources.h \ + err-codes.h + +# Sources files in this directory inclduing this Makefile +conf_sources = \ + build.mk \ + config.h + +# Source files built by running the standard build system. +built_sources = \ + code-from-errno.h \ + code-to-errno.h \ + err-codes-sym.h \ + err-sources-sym.h \ + errnos-sym.h \ + gpg-error.h \ + mkerrcodes.h \ + mkw32errmap.map.c \ + gpg-error.def + +copy-static-source: + @if [ ! -f ./w32-gettext.c ]; then \ + echo "Please cd to the src/ directory first"; \ + exit 1; \ + fi + cp -t $(targetdir) $(sources); + cd ../contrib/conf-w32ce-msc ; cp -t $(targetdir) $(conf_sources) + + +copy-built-source: + @if [ ! -f ./mkw32errmap.map.c ]; then \ + echo "Please build using ./autogen.sh --build-w32ce first"; \ + exit 1; \ + fi + cp -t $(targetdir) $(built_sources) + +copy-source: copy-static-source copy-built-source + + +all: $(sources) $(conf_sources) $(built_sources) + $(CC) $(CFLAGS) -c w32-gettext.c + $(CC) $(CFLAGS) -c init.c + $(CC) $(CFLAGS) -c strsource.c + $(CC) $(CFLAGS) -c strerror.c + $(CC) $(CFLAGS) -c code-to-errno.c + $(CC) $(CFLAGS) -c code-from-errno.c + $(CC) $(LDFLAGS) /LD -Felibgpg-error-0.dll \ + w32-gettext.obj init.obj strsource.obj strerror.obj \ + code-to-errno.obj code-from-errno.obj \ + gpg-error.def + +# Note that install needs to be run on the POSIX platform and the all +# is only to make sure we build everything; it won't compile anything +# because Visual-C is probably not installed on that platform. +install: all + @echo fixme Install the files Property changes on: trunk/contrib/conf-w32ce-msc/build.mk ___________________________________________________________________ Added: svn:executable + * Added: trunk/contrib/conf-w32ce-msc/config.h =================================================================== --- trunk/contrib/conf-w32ce-msc/config.h (rev 0) +++ trunk/contrib/conf-w32ce-msc/config.h 2010-10-28 14:24:52 UTC (rev 256) @@ -0,0 +1,153 @@ +/* config.h for building with Visual-C for WindowsCE. + * Copyright 2010 g10 Code GmbH + * + * This file is free software; as a special exception the author gives + * unlimited permission to copy and/or distribute it, with or without + * modifications, as long as this notice is preserved. + * + * This file is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* This file was originally created by running + * ./autogen.sh --build-w32ce + * on svn revision 253 (libgpg-error 1.10) and then adjusted to work + * with Visual-C. + */ + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "1.11-msc1" + + +/* Name of package */ +#define PACKAGE "libgpg-error" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "bug-gnupg at gnupg.org" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "libgpg-error" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "libgpg-error " PACKAGE_VERSION + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "libgpg-error" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "" + + + +/* Define to 1 if translation of program messages to the user's native + language is requested. */ +/* #undef ENABLE_NLS */ + +/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the + CoreFoundation framework. */ +/* #undef HAVE_CFLOCALECOPYCURRENT */ + +/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in + the CoreFoundation framework. */ +/* #undef HAVE_CFPREFERENCESCOPYAPPVALUE */ + +/* Define if the GNU dcgettext() function is already present or preinstalled. + */ +/* #undef HAVE_DCGETTEXT */ + +/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you + don't. */ +#define HAVE_DECL_STRERROR_R 0 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_DLFCN_H */ + +/* Define if the GNU gettext() function is already present or preinstalled. */ +/* #undef HAVE_GETTEXT */ + +/* Define if you have the iconv() function and it works. */ +/* #undef HAVE_ICONV */ + +/* Define to 1 if you have the header file. */ +#define HAVE_INTTYPES_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LOCALE_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `strerror_r' function. */ +/* #undef HAVE_STRERROR_R */ + +/* Define to 1 if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_UNISTD_H 1 + +/* Defined if we run on WindowsCE */ +#define HAVE_W32CE_SYSTEM 1 + +/* Defined if we run on a W32 API based system */ +#define HAVE_W32_SYSTEM 1 + +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#define LT_OBJDIR ".libs/" + +/* Define to 1 if your C compiler doesn't accept -c and -o together. */ +/* #undef NO_MINUS_C_MINUS_O */ + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Define to 1 if strerror_r returns char *. */ +/* #undef STRERROR_R_CHAR_P */ + + +/* Version number of package */ +#define VERSION PACKAGE_VERSION + +/* Define to 1 if on MINIX. */ +/* #undef _MINIX */ + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +/* #undef _POSIX_1_SOURCE */ + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +/* #undef _POSIX_SOURCE */ + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + + +/* Force using of NLS for W32 even if no libintl has been found. This is + okay because we have our own gettext implementation for W32. */ +#if defined(HAVE_W32_SYSTEM) && !defined(ENABLE_NLS) +#define ENABLE_NLS 1 +#endif +/* For building we need to define these macro. */ +#define GPG_ERR_ENABLE_GETTEXT_MACROS 1 +#define GPG_ERR_ENABLE_ERRNO_MACROS 1 + +/* snprintf is not part of oldnames.lib thus we redefine it here. */ +#define snprintf _snprintf + Property changes on: trunk/contrib/conf-w32ce-msc/config.h ___________________________________________________________________ Added: svn:executable + * Modified: trunk/src/gpg-error.h.in =================================================================== --- trunk/src/gpg-error.h.in 2010-10-26 09:42:02 UTC (rev 255) +++ trunk/src/gpg-error.h.in 2010-10-28 14:24:52 UTC (rev 256) @@ -25,6 +25,8 @@ #ifdef __GNUC__ #define GPG_ERR_INLINE __inline__ +#elif _MSC_VER >= 1300 +#define GPG_ERR_INLINE __inline #elif __STDC_VERSION__ >= 199901L #define GPG_ERR_INLINE inline #else Modified: trunk/src/init.c =================================================================== --- trunk/src/init.c 2010-10-26 09:42:02 UTC (rev 255) +++ trunk/src/init.c 2010-10-28 14:24:52 UTC (rev 256) @@ -380,6 +380,10 @@ tls_index = TlsAlloc (); if (tls_index == TLS_OUT_OF_INDEXES) return FALSE; +#ifndef _GPG_ERR_HAVE_CONSTRUCTOR + /* If we have not constructors (e.g. MSC) we call it here. */ + _gpg_w32__init_gettext_module (); +#endif /* falltru. */ case DLL_THREAD_ATTACH: tls = LocalAlloc (LPTR, sizeof *tls); Modified: trunk/src/mkstrtable.awk =================================================================== --- trunk/src/mkstrtable.awk 2010-10-26 09:42:02 UTC (rev 255) +++ trunk/src/mkstrtable.awk 2010-10-28 14:24:52 UTC (rev 256) @@ -157,7 +157,7 @@ print " " pos[coded_msgs]; print " };"; print ""; - print "static inline int"; + print "static GPG_ERR_INLINE int"; print namespace "msgidxof (int code)"; print "{"; print " return (0 ? 0"; Modified: trunk/src/w32-gettext.c =================================================================== --- trunk/src/w32-gettext.c 2010-10-26 09:42:02 UTC (rev 255) +++ trunk/src/w32-gettext.c 2010-10-28 14:24:52 UTC (rev 256) @@ -50,8 +50,8 @@ #endif /*!jnlib_malloc*/ #include "init.h" +#include "gpg-error.h" - /* localname.c from gettext BEGIN. */ @@ -1026,7 +1026,7 @@ /* Support functions. */ -static __inline__ uint32_t +static GPG_ERR_INLINE uint32_t do_swap_u32 (uint32_t i) { return (i << 24) | ((i & 0xff00) << 8) | ((i >> 8) & 0xff00) | (i >> 24); @@ -1041,8 +1041,8 @@ /* The so called `hashpjw' function by P.J. Weinberger [see Aho/Sethi/Ullman, COMPILERS: Principles, Techniques and Tools, 1986, 1987 Bell Telephone Laboratories, Inc.] */ -static __inline__ unsigned long -hash_string( const char *str_param ) +static GPG_ERR_INLINE unsigned long +hash_string (const char *str_param) { unsigned long int hval, g; const char *str = str_param; @@ -1147,11 +1147,11 @@ /* Constructor for this module. This can only be used if we are a - DLL. IF used as a static lib we can't control the process set; for + DLL. If used as a static lib we can't control the process set; for example it might be used with a main module which is not build with mingw and thus does not know how to call the constructors. */ #ifdef DLL_EXPORT -static void module_init (void) __attribute__ ((__constructor__)); +static void module_init (void) _GPG_ERR_CONSTRUCTOR; #endif static void module_init (void) @@ -1165,7 +1165,7 @@ } } -#ifndef DLL_EXPORT +#if !defined(DLL_EXPORT) || !defined(_GPG_ERR_HAVE_CONSTRUCTOR) void _gpg_w32__init_gettext_module (void) { From cvs at cvs.gnupg.org Thu Oct 28 20:40:54 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 28 Oct 2010 20:40:54 +0200 Subject: [svn] gpg-error - r257 - trunk/contrib/conf-w32ce-msc Message-ID: Author: wk Date: 2010-10-28 20:40:54 +0200 (Thu, 28 Oct 2010) New Revision: 257 Modified: trunk/contrib/conf-w32ce-msc/build.mk Log: Add some comments Modified: trunk/contrib/conf-w32ce-msc/build.mk =================================================================== --- trunk/contrib/conf-w32ce-msc/build.mk 2010-10-28 14:24:52 UTC (rev 256) +++ trunk/contrib/conf-w32ce-msc/build.mk 2010-10-28 18:40:54 UTC (rev 257) @@ -24,8 +24,26 @@ @echo " nmake -f build.mk all" @echo "on the Windows system" +ce_defines = -DWINCE -D_WIN32_WCE=0x502 -DUNDER_CE + -DWIN32_PLATFORM_PSPC -D_UNICODE -DUNICODE + -D_CONSOLE -DARM -D_ARM_ +#-D_DEBUG -DDEBUG -CFLAGS = -DHAVE_CONFIG_H -DDLL_EXPORT -I. +# Some options of Visual-C: +# -W3 Set warning level 3 +# -Zi Generate debug info +# -Od Disable optimization +# -Gm Enable minimal rebuild (for C++) +# -EHsc Exception handling model sc +# -MTd Create a debug multithreaded executable +# -fp: Floating point behaviour +# -GR- Disable runtime type information +# -Os Favor small code +# -LD Create a DLL +# -Fe Set executable output name (may be only a directory) +CFLAGS = -nologo -W3 -fp:fast -Os $(ce_defines) \ + -DHAVE_CONFIG_H -DDLL_EXPORT -I. + LDFLAGS = # Standard source files @@ -55,7 +73,8 @@ gpg-error.h \ mkerrcodes.h \ mkw32errmap.map.c \ - gpg-error.def + gpg-error.def \ + gpg-extra/errno.h copy-static-source: @if [ ! -f ./w32-gettext.c ]; then \ @@ -83,7 +102,7 @@ $(CC) $(CFLAGS) -c strerror.c $(CC) $(CFLAGS) -c code-to-errno.c $(CC) $(CFLAGS) -c code-from-errno.c - $(CC) $(LDFLAGS) /LD -Felibgpg-error-0.dll \ + $(CC) $(LDFLAGS) -LD -Felibgpg-error-0.dll \ w32-gettext.obj init.obj strsource.obj strerror.obj \ code-to-errno.obj code-from-errno.obj \ gpg-error.def From cvs at cvs.gnupg.org Fri Oct 29 19:39:31 2010 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Fri, 29 Oct 2010 19:39:31 +0200 Subject: [svn] GnuPG - r5473 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2010-10-29 19:39:30 +0200 (Fri, 29 Oct 2010) New Revision: 5473 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/pkclist.c Log: * pkclist.c (select_algo_from_prefs): Make sure the scores can't overflow when picking an algorithm (not a security issue since we can't pick something not present in all preference lists, but we might pick something that isn't scored first choice). Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-27 11:26:53 UTC (rev 5472) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-29 17:39:30 UTC (rev 5473) @@ -1,3 +1,10 @@ +2010-10-29 David Shaw + + * pkclist.c (select_algo_from_prefs): Make sure the scores can't + overflow when picking an algorithm (not a security issue since we + can't pick something not present in all preference lists, but we + might pick something that isn't scored first choice). + 2010-10-27 Werner Koch * keygen.c (ask_expire_interval): Print 2038 warning only for 32 Modified: branches/STABLE-BRANCH-1-4/g10/pkclist.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/pkclist.c 2010-10-27 11:26:53 UTC (rev 5472) +++ branches/STABLE-BRANCH-1-4/g10/pkclist.c 2010-10-29 17:39:30 UTC (rev 5473) @@ -1,6 +1,6 @@ /* pkclist.c * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008 Free Software Foundation, Inc. + * 2008, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1267,8 +1267,8 @@ const prefitem_t *prefs; int result=-1,i; unsigned int best=-1; - byte scores[256]; - + u16 scores[256]; + if( !pk_list ) return -1; @@ -1330,7 +1330,13 @@ { if( prefs[i].type == preftype ) { - scores[prefs[i].value]+=rank; + /* Make sure all scores don't add up past 0xFFFF + (and roll around) */ + if(rank+scores[prefs[i].value]<=0xFFFF) + scores[prefs[i].value]+=rank; + else + scores[prefs[i].value]=0xFFFF; + mask[prefs[i].value/32] |= 1<<(prefs[i].value%32); rank++; From cvs at cvs.gnupg.org Fri Oct 29 20:07:14 2010 From: cvs at cvs.gnupg.org (svn author marcus) Date: Fri, 29 Oct 2010 20:07:14 +0200 Subject: [svn] gpg-error - r258 - trunk/contrib/conf-w32ce-msc Message-ID: Author: marcus Date: 2010-10-29 20:07:14 +0200 (Fri, 29 Oct 2010) New Revision: 258 Modified: trunk/contrib/conf-w32ce-msc/build.mk trunk/contrib/conf-w32ce-msc/config.h Log: * build.mk (ce_defines): Fix line continuation. (CFLAGS): Add -Igpg-extra for errno.h. * config.h (HAVE_SYS_TYPES_H, HAVE_SYS_STAT_H): Define. Modified: trunk/contrib/conf-w32ce-msc/build.mk =================================================================== --- trunk/contrib/conf-w32ce-msc/build.mk 2010-10-28 18:40:54 UTC (rev 257) +++ trunk/contrib/conf-w32ce-msc/build.mk 2010-10-29 18:07:14 UTC (rev 258) @@ -24,8 +24,8 @@ @echo " nmake -f build.mk all" @echo "on the Windows system" -ce_defines = -DWINCE -D_WIN32_WCE=0x502 -DUNDER_CE - -DWIN32_PLATFORM_PSPC -D_UNICODE -DUNICODE +ce_defines = -DWINCE -D_WIN32_WCE=0x502 -DUNDER_CE \ + -DWIN32_PLATFORM_PSPC -D_UNICODE -DUNICODE \ -D_CONSOLE -DARM -D_ARM_ #-D_DEBUG -DDEBUG @@ -42,9 +42,9 @@ # -LD Create a DLL # -Fe Set executable output name (may be only a directory) CFLAGS = -nologo -W3 -fp:fast -Os $(ce_defines) \ - -DHAVE_CONFIG_H -DDLL_EXPORT -I. + -DHAVE_CONFIG_H -DDLL_EXPORT -I. -Igpg-extra -LDFLAGS = +LDFLAGS = # Standard source files sources = \ @@ -102,10 +102,13 @@ $(CC) $(CFLAGS) -c strerror.c $(CC) $(CFLAGS) -c code-to-errno.c $(CC) $(CFLAGS) -c code-from-errno.c - $(CC) $(LDFLAGS) -LD -Felibgpg-error-0.dll \ - w32-gettext.obj init.obj strsource.obj strerror.obj \ - code-to-errno.obj code-from-errno.obj \ - gpg-error.def + link.exe /DLL /IMPLIB:libgpg-error-0.lib /OUT:libgpg-error-0.dll \ + /DEF:gpg-error.def /NOLOGO /MANIFEST:NO \ + /NODEFAULTLIB:"oldnames.lib" /DYNAMICBASE:NO \ + w32-gettext.obj init.obj strsource.obj strerror.obj \ + code-to-errno.obj code-from-errno.obj \ + coredll.lib corelibc.lib ole32.lib oleaut32.lib uuid.lib \ + commctrl.lib /subsystem:windowsce,5.02 # Note that install needs to be run on the POSIX platform and the all # is only to make sure we build everything; it won't compile anything Modified: trunk/contrib/conf-w32ce-msc/config.h =================================================================== --- trunk/contrib/conf-w32ce-msc/config.h 2010-10-28 18:40:54 UTC (rev 257) +++ trunk/contrib/conf-w32ce-msc/config.h 2010-10-29 18:07:14 UTC (rev 258) @@ -94,10 +94,10 @@ #define HAVE_STRING_H 1 /* Define to 1 if you have the header file. */ -#define HAVE_SYS_STAT_H 1 +#undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ -#define HAVE_SYS_TYPES_H 1 +#undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #define HAVE_UNISTD_H 1 From cvs at cvs.gnupg.org Fri Oct 29 20:10:12 2010 From: cvs at cvs.gnupg.org (svn author marcus) Date: Fri, 29 Oct 2010 20:10:12 +0200 Subject: [svn] gpg-error - r259 - in trunk: . src Message-ID: Author: marcus Date: 2010-10-29 20:10:11 +0200 (Fri, 29 Oct 2010) New Revision: 259 Modified: trunk/ChangeLog trunk/src/init.c trunk/src/w32-gettext.c Log: 2010-10-29 Marcus Brinkmann * src/w32-gettext.c: Guard include of . Do not include . (CreateFileA) [HAVE_W32CE_SYSTEM]: New wrapper function. (load_domain): Use native Windows API. * src/init.c (TLS_OUT_OF_INDEXES) [HAVE_W32CE_SYSTEM, !TLS_OUT_OF_INDEXES]: Define it. (abort) [!__MINGW32CE__]: Define it. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-29 18:07:14 UTC (rev 258) +++ trunk/ChangeLog 2010-10-29 18:10:11 UTC (rev 259) @@ -1,3 +1,14 @@ +2010-10-29 Marcus Brinkmann + + * src/w32-gettext.c: Guard include of . Do not + include . + (CreateFileA) [HAVE_W32CE_SYSTEM]: New wrapper function. + (load_domain): Use native Windows API. + + * src/init.c (TLS_OUT_OF_INDEXES) [HAVE_W32CE_SYSTEM, + !TLS_OUT_OF_INDEXES]: Define it. + (abort) [!__MINGW32CE__]: Define it. + 2010-10-28 Werner Koch * contrib/conf-w32ce-msc/build.mk: New. Modified: trunk/src/init.c =================================================================== --- trunk/src/init.c 2010-10-29 18:07:14 UTC (rev 258) +++ trunk/src/init.c 2010-10-29 18:10:11 UTC (rev 259) @@ -33,6 +33,12 @@ #ifdef HAVE_W32CE_SYSTEM # include "mkw32errmap.map.c" /* Generated map_w32codes () */ +# ifndef TLS_OUT_OF_INDEXES +# define TLS_OUT_OF_INDEXES 0xFFFFFFFF +# endif +# ifndef __MINGW32CE__ +# define abort() exit(1) +# endif #endif Modified: trunk/src/w32-gettext.c =================================================================== --- trunk/src/w32-gettext.c 2010-10-29 18:07:14 UTC (rev 258) +++ trunk/src/w32-gettext.c 2010-10-29 18:10:11 UTC (rev 259) @@ -30,8 +30,9 @@ #include #include #include +#ifdef HAVE_SYS_TYPES_H #include -#include +#endif #include #ifndef HAVE_W32CE_SYSTEM # include @@ -52,6 +53,36 @@ #include "init.h" #include "gpg-error.h" +#ifdef HAVE_W32CE_SYSTEM +/* Forward declaration. */ +static wchar_t *utf8_to_wchar (const char *string, size_t length, size_t *retlen); + +static HANDLE +CreateFileA (LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwSharedMode, + LPSECURITY_ATTRIBUTES lpSecurityAttributes, + DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, + HANDLE hTemplateFile) +{ + wchar_t *filename; + HANDLE result; + int err; + size_t size; + + filename = utf8_to_wchar (lpFileName, -1, &size); + if (!filename) + return INVALID_HANDLE_VALUE; + + result = CreateFileW (filename, dwDesiredAccess, dwSharedMode, + lpSecurityAttributes, dwCreationDisposition, + dwFlagsAndAttributes, hTemplateFile); + + err = GetLastError (); + free (filename); + SetLastError (err); + return result; +} +#endif + /* localname.c from gettext BEGIN. */ @@ -611,7 +642,9 @@ static const char * my_nl_locale_name (const char *categoryname) { +#ifndef HAVE_W32CE_SYSTEM const char *retval; +#endif LCID lcid; LANGID langid; int primary, sub; @@ -1194,31 +1227,28 @@ static struct loaded_domain * load_domain (const char *filename) { - FILE *fp; - size_t size; - struct stat st; + HANDLE fh; + DWORD size; struct mo_file_header *data = NULL; struct loaded_domain *domain = NULL; size_t to_read; char *read_ptr; - - fp = fopen (filename, "rb"); - if (!fp) + + fh = CreateFileA (filename, GENERIC_READ, FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); + if (fh == INVALID_HANDLE_VALUE) + return NULL; + + size = GetFileSize (fh, NULL); + if (size == INVALID_FILE_SIZE) { + CloseHandle (fh); return NULL; } - if (fstat (fileno (fp), &st) - || (size = (size_t) st.st_size) != st.st_size - || size < sizeof (struct mo_file_header)) - { - fclose (fp); - return NULL; - } data = (2*size <= size)? NULL : jnlib_malloc (2*size); if (!data) { - fclose (fp); + CloseHandle (fh); return NULL; } @@ -1226,10 +1256,13 @@ read_ptr = (char *) data; do { - long int nb = fread (read_ptr, 1, to_read, fp); - if (nb < to_read) + BOOL res; + DWORD nb; + + res = ReadFile (fh, read_ptr, to_read, &nb, NULL); + if (! res || nb < to_read) { - fclose (fp); + CloseHandle (fh); jnlib_free (data); return NULL; } @@ -1237,7 +1270,7 @@ to_read -= nb; } while (to_read > 0); - fclose (fp); + CloseHandle (fh); /* Using the magic number we can test whether it really is a message catalog file. */ From cvs at cvs.gnupg.org Fri Oct 29 21:14:29 2010 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Fri, 29 Oct 2010 21:14:29 +0200 Subject: [svn] GnuPG - r5474 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2010-10-29 21:14:28 +0200 (Fri, 29 Oct 2010) New Revision: 5474 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/pkclist.c Log: * pkclist.c (select_algo_from_prefs): Slightly improve the handling of MD5 in preference lists. Instead of replacing MD5 with SHA-1, just remove MD5 from the list altogether, and let the next-highest ranked algorithm be chosen. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-29 17:39:30 UTC (rev 5473) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-29 19:14:28 UTC (rev 5474) @@ -5,6 +5,11 @@ can't pick something not present in all preference lists, but we might pick something that isn't scored first choice). + * pkclist.c (select_algo_from_prefs): Slightly improve the + handling of MD5 in preference lists. Instead of replacing MD5 + with SHA-1, just remove MD5 from the list altogether, and let the + next-highest ranked algorithm be chosen. + 2010-10-27 Werner Koch * keygen.c (ask_expire_interval): Print 2038 warning only for 32 Modified: branches/STABLE-BRANCH-1-4/g10/pkclist.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/pkclist.c 2010-10-29 17:39:30 UTC (rev 5473) +++ branches/STABLE-BRANCH-1-4/g10/pkclist.c 2010-10-29 19:14:28 UTC (rev 5474) @@ -1266,7 +1266,6 @@ u32 bits[8]; const prefitem_t *prefs; int result=-1,i; - unsigned int best=-1; u16 scores[256]; if( !pk_list ) @@ -1403,10 +1402,31 @@ if(result==-1) { + unsigned int best=-1; + /* At this point, we have not selected an algorithm due to a special request or via personal prefs. Pick the highest ranked algorithm (i.e. the one with the lowest score). */ + if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5]) + { + /* "If you are building an authentication system, the recipient + may specify a preferred signing algorithm. However, the + signer would be foolish to use a weak algorithm simply + because the recipient requests it." (RFC4880:14). If any + other hash algorithm is available, pretend that MD5 isn't. + Note that if the user intentionally chose MD5 by putting it + in their personal prefs, then we do what the user said (as we + never reach this code). */ + + for(i=DIGEST_ALGO_MD5+1;i<256;i++) + if(scores[i]) + { + scores[DIGEST_ALGO_MD5]=0; + break; + } + } + for(i=0;i<256;i++) { /* Note the '<' here. This means in case of a tie, we will @@ -1424,18 +1444,6 @@ result=i; } } - - /* "If you are building an authentication system, the recipient - may specify a preferred signing algorithm. However, the - signer would be foolish to use a weak algorithm simply - because the recipient requests it." (RFC4880:14). If we - settle on MD5, and SHA1 is also available, use SHA1 instead. - Note that if the user intentionally chose MD5 by putting it - in their personal prefs, then we do what the user said (as we - never reach this code). */ - if(preftype==PREFTYPE_HASH && result==DIGEST_ALGO_MD5 - && (bits[0] & (1< Author: dshaw Date: 2010-10-29 21:16:27 +0200 (Fri, 29 Oct 2010) New Revision: 5475 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/gpg.c Log: * gpg.c (main): Do not provide a default for --personal-digest-preferences. This allows the usual digest selection algorithm to pick a digest based on recipient keys. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-29 19:14:28 UTC (rev 5474) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-10-29 19:16:27 UTC (rev 5475) @@ -1,5 +1,9 @@ 2010-10-29 David Shaw + * gpg.c (main): Do not provide a default for + --personal-digest-preferences. This allows the usual digest + selection algorithm to pick a digest based on recipient keys. + * pkclist.c (select_algo_from_prefs): Make sure the scores can't overflow when picking an algorithm (not a security issue since we can't pick something not present in all preference lists, but we Modified: branches/STABLE-BRANCH-1-4/g10/gpg.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/gpg.c 2010-10-29 19:14:28 UTC (rev 5474) +++ branches/STABLE-BRANCH-1-4/g10/gpg.c 2010-10-29 19:16:27 UTC (rev 5475) @@ -1,6 +1,6 @@ /* gpg.c - The GnuPG utility (main for gpg) * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2007, 2008, 2009 Free Software Foundation, Inc. + * 2007, 2008, 2009, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -3148,11 +3148,6 @@ keygen_set_std_prefs(opt.def_preference_list,0)) log_error(_("invalid default preferences\n")); - /* We provide defaults for the personal digest list. This is - SHA-1. */ - if(!pers_digest_list) - pers_digest_list="h2"; - if(pers_cipher_list && keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM)) log_error(_("invalid personal cipher preferences\n")); From cvs at cvs.gnupg.org Fri Oct 29 21:41:28 2010 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Fri, 29 Oct 2010 21:41:28 +0200 Subject: [svn] GnuPG - r5476 - trunk/doc Message-ID: Author: dshaw Date: 2010-10-29 21:41:28 +0200 (Fri, 29 Oct 2010) New Revision: 5476 Modified: trunk/doc/ChangeLog trunk/doc/gpg.texi Log: * gpg.texi (GPG Configuration Options): Clarify that show-photos doesn't work with --with-colons. --personal-digest-preferences does not have a default any longer. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2010-10-29 19:16:27 UTC (rev 5475) +++ trunk/doc/ChangeLog 2010-10-29 19:41:28 UTC (rev 5476) @@ -1,3 +1,9 @@ +2010-10-29 David Shaw + + * gpg.texi (GPG Configuration Options): Clarify that show-photos + doesn't work with --with-colons. --personal-digest-preferences + does not have a default any longer. + 2010-10-18 Werner Koch * DETAILS: Fix description of IMPORT_RES. Reported by Nicholas Cole. Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2010-10-29 19:16:27 UTC (rev 5475) +++ trunk/doc/gpg.texi 2010-10-29 19:41:28 UTC (rev 5476) @@ -1029,9 +1029,11 @@ @item show-photos @opindex list-options:show-photos Causes @option{--list-keys}, @option{--list-sigs}, - at option{--list-public-keys}, and @option{--list-secret-keys} to display -any photo IDs attached to the key. Defaults to no. See also - at option{--photo-viewer}. + at option{--list-public-keys}, and @option{--list-secret-keys} to +display any photo IDs attached to the key. Defaults to no. See also + at option{--photo-viewer}. Does not work with @option{--with-colons}: +see @option{--attribute-fd} for the appropriate way to get photo data +for scripts and other frontends. @item show-policy-urls @opindex list-options:show-policy-urls @@ -2042,8 +2044,7 @@ preferences, as GPG will only select an algorithm that is usable by all recipients. The most highly ranked digest algorithm in this list is also used when signing without encryption -(e.g. @option{--clearsign} or @option{--sign}). The default value is -SHA-1. +(e.g. @option{--clearsign} or @option{--sign}). @item --personal-compress-preferences @code{string} Set the list of personal compression preferences to @code{string}. From cvs at cvs.gnupg.org Fri Oct 29 21:49:55 2010 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Fri, 29 Oct 2010 21:49:55 +0200 Subject: [svn] GnuPG - r5477 - trunk/g10 Message-ID: Author: dshaw Date: 2010-10-29 21:49:54 +0200 (Fri, 29 Oct 2010) New Revision: 5477 Modified: trunk/g10/ChangeLog trunk/g10/pkclist.c Log: * pkclist.c (select_algo_from_prefs): Make sure the scores can't overflow when picking an algorithm (not a security issue since we can't pick something not present in all preference lists, but we might pick something that isn't scored first choice). * pkclist.c (select_algo_from_prefs): Slightly improve the handling of MD5 in preference lists. Instead of replacing MD5 with SHA-1, just remove MD5 from the list altogether, and let the next-highest ranked algorithm be chosen. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-10-29 19:41:28 UTC (rev 5476) +++ trunk/g10/ChangeLog 2010-10-29 19:49:54 UTC (rev 5477) @@ -1,3 +1,15 @@ +2010-10-29 David Shaw + + * pkclist.c (select_algo_from_prefs): Make sure the scores can't + overflow when picking an algorithm (not a security issue since we + can't pick something not present in all preference lists, but we + might pick something that isn't scored first choice). + + * pkclist.c (select_algo_from_prefs): Slightly improve the + handling of MD5 in preference lists. Instead of replacing MD5 + with SHA-1, just remove MD5 from the list altogether, and let the + next-highest ranked algorithm be chosen. + 2010-10-27 Werner Koch * keygen.c (ask_expire_interval): Do not print the y2038 if we Modified: trunk/g10/pkclist.c =================================================================== --- trunk/g10/pkclist.c 2010-10-29 19:41:28 UTC (rev 5476) +++ trunk/g10/pkclist.c 2010-10-29 19:49:54 UTC (rev 5477) @@ -1,6 +1,6 @@ /* pkclist.c - create a list of public keys * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008, 2009 Free Software Foundation, Inc. + * 2008, 2009, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1303,9 +1303,8 @@ u32 bits[8]; const prefitem_t *prefs; int result=-1,i; - unsigned int best=-1; - byte scores[256]; - + u16 scores[256]; + if( !pk_list ) return -1; @@ -1367,7 +1366,13 @@ { if( prefs[i].type == preftype ) { - scores[prefs[i].value]+=rank; + /* Make sure all scores don't add up past 0xFFFF + (and roll around) */ + if(rank+scores[prefs[i].value]<=0xFFFF) + scores[prefs[i].value]+=rank; + else + scores[prefs[i].value]=0xFFFF; + mask[prefs[i].value/32] |= 1<<(prefs[i].value%32); rank++; @@ -1434,10 +1439,31 @@ if(result==-1) { + unsigned int best=-1; + /* At this point, we have not selected an algorithm due to a special request or via personal prefs. Pick the highest ranked algorithm (i.e. the one with the lowest score). */ + if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5]) + { + /* "If you are building an authentication system, the recipient + may specify a preferred signing algorithm. However, the + signer would be foolish to use a weak algorithm simply + because the recipient requests it." (RFC4880:14). If any + other hash algorithm is available, pretend that MD5 isn't. + Note that if the user intentionally chose MD5 by putting it + in their personal prefs, then we do what the user said (as we + never reach this code). */ + + for(i=DIGEST_ALGO_MD5+1;i<256;i++) + if(scores[i]) + { + scores[DIGEST_ALGO_MD5]=0; + break; + } + } + for(i=0;i<256;i++) { /* Note the '<' here. This means in case of a tie, we will @@ -1455,18 +1481,6 @@ result=i; } } - - /* "If you are building an authentication system, the recipient - may specify a preferred signing algorithm. However, the - signer would be foolish to use a weak algorithm simply - because the recipient requests it." (RFC4880:14). If we - settle on MD5, and SHA1 is also available, use SHA1 instead. - Note that if the user intentionally chose MD5 by putting it - in their personal prefs, then we do what the user said (as we - never reach this code). */ - if(preftype==PREFTYPE_HASH && result==DIGEST_ALGO_MD5 - && (bits[0] & (1< Author: dshaw Date: 2010-10-29 21:54:56 +0200 (Fri, 29 Oct 2010) New Revision: 5478 Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog branches/STABLE-BRANCH-2-0/g10/pkclist.c Log: * pkclist.c (select_algo_from_prefs): Make sure the scores can't overflow when picking an algorithm (not a security issue since we can't pick something not present in all preference lists, but we might pick something that isn't scored first choice). * pkclist.c (select_algo_from_prefs): Slightly improve the handling of MD5 in preference lists. Instead of replacing MD5 with SHA-1, just remove MD5 from the list altogether, and let the next-highest ranked algorithm be chosen. Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-10-29 19:49:54 UTC (rev 5477) +++ branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-10-29 19:54:56 UTC (rev 5478) @@ -1,3 +1,15 @@ +2010-10-29 David Shaw + + * pkclist.c (select_algo_from_prefs): Make sure the scores can't + overflow when picking an algorithm (not a security issue since we + can't pick something not present in all preference lists, but we + might pick something that isn't scored first choice). + + * pkclist.c (select_algo_from_prefs): Slightly improve the + handling of MD5 in preference lists. Instead of replacing MD5 + with SHA-1, just remove MD5 from the list altogether, and let the + next-highest ranked algorithm be chosen. + 2010-09-29 Werner Koch * keygen.c (key_from_sexp): Fix memory leak in the error case. @@ -10973,7 +10985,7 @@ Copyright 1998,1999,2000,2001,2002,2003,2004,2005, - 2006,2007,2008,2009 Free Software Foundation, Inc. + 2006,2007,2008,2009,2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: branches/STABLE-BRANCH-2-0/g10/pkclist.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/pkclist.c 2010-10-29 19:49:54 UTC (rev 5477) +++ branches/STABLE-BRANCH-2-0/g10/pkclist.c 2010-10-29 19:54:56 UTC (rev 5478) @@ -1,6 +1,6 @@ /* pkclist.c - create a list of public keys * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008 Free Software Foundation, Inc. + * 2008, 2009, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1275,9 +1275,8 @@ u32 bits[8]; const prefitem_t *prefs; int result=-1,i; - unsigned int best=-1; - byte scores[256]; - + u16 scores[256]; + if( !pk_list ) return -1; @@ -1339,7 +1338,13 @@ { if( prefs[i].type == preftype ) { - scores[prefs[i].value]+=rank; + /* Make sure all scores don't add up past 0xFFFF + (and roll around) */ + if(rank+scores[prefs[i].value]<=0xFFFF) + scores[prefs[i].value]+=rank; + else + scores[prefs[i].value]=0xFFFF; + mask[prefs[i].value/32] |= 1<<(prefs[i].value%32); rank++; @@ -1406,10 +1411,31 @@ if(result==-1) { + unsigned int best=-1; + /* At this point, we have not selected an algorithm due to a special request or via personal prefs. Pick the highest ranked algorithm (i.e. the one with the lowest score). */ + if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5]) + { + /* "If you are building an authentication system, the recipient + may specify a preferred signing algorithm. However, the + signer would be foolish to use a weak algorithm simply + because the recipient requests it." (RFC4880:14). If any + other hash algorithm is available, pretend that MD5 isn't. + Note that if the user intentionally chose MD5 by putting it + in their personal prefs, then we do what the user said (as we + never reach this code). */ + + for(i=DIGEST_ALGO_MD5+1;i<256;i++) + if(scores[i]) + { + scores[DIGEST_ALGO_MD5]=0; + break; + } + } + for(i=0;i<256;i++) { /* Note the '<' here. This means in case of a tie, we will @@ -1427,18 +1453,6 @@ result=i; } } - - /* "If you are building an authentication system, the recipient - may specify a preferred signing algorithm. However, the - signer would be foolish to use a weak algorithm simply - because the recipient requests it." (RFC4880:14). If we - settle on MD5, and SHA1 is also available, use SHA1 instead. - Note that if the user intentionally chose MD5 by putting it - in their personal prefs, then we do what the user said (as we - never reach this code). */ - if(preftype==PREFTYPE_HASH && result==DIGEST_ALGO_MD5 - && (bits[0] & (1< Author: wk Date: 2010-10-31 11:30:16 +0100 (Sun, 31 Oct 2010) New Revision: 260 Modified: trunk/ChangeLog trunk/src/init.c trunk/src/w32-gettext.c Log: s/abort/TerminateProcess/ Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-10-29 18:10:11 UTC (rev 259) +++ trunk/ChangeLog 2010-10-31 10:30:16 UTC (rev 260) @@ -1,3 +1,8 @@ +2010-10-31 Werner Koch + + * src/init.c (abort): Use TerminateProcess; exit would call atexit + functions. + 2010-10-29 Marcus Brinkmann * src/w32-gettext.c: Guard include of . Do not Modified: trunk/src/init.c =================================================================== --- trunk/src/init.c 2010-10-29 18:10:11 UTC (rev 259) +++ trunk/src/init.c 2010-10-31 10:30:16 UTC (rev 260) @@ -37,7 +37,8 @@ # define TLS_OUT_OF_INDEXES 0xFFFFFFFF # endif # ifndef __MINGW32CE__ -# define abort() exit(1) +# /* Replace the Mingw32CE provided abort function. */ +# define abort() do { TerminateProcess (GetCurrentProcess(), 8); } while (0) # endif #endif Modified: trunk/src/w32-gettext.c =================================================================== --- trunk/src/w32-gettext.c 2010-10-29 18:10:11 UTC (rev 259) +++ trunk/src/w32-gettext.c 2010-10-31 10:30:16 UTC (rev 260) @@ -1234,7 +1234,8 @@ size_t to_read; char *read_ptr; - fh = CreateFileA (filename, GENERIC_READ, FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); + fh = CreateFileA (filename, GENERIC_READ, FILE_SHARE_WRITE, NULL, + OPEN_EXISTING, 0, NULL); if (fh == INVALID_HANDLE_VALUE) return NULL;