[git] GnuPG - branch, master, updated. gnupg-2.1.10-71-g44aee35
by NIIBE Yutaka
cvs at cvs.gnupg.org
Thu Dec 24 03:49:53 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 44aee35e69540510617aea4b886ef845590960fe (commit)
via ee433d2b00c93b5a4e4ed54b9fb5806361df1b71 (commit)
via 40959add1ba0efc1f4aa87fa075fa42423eff73c (commit)
via e684c634df814b12d399dcdc375c35d3e9a137af (commit)
from ae3e5c25ca4325dc15a105156600322c9e5cb9c4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 44aee35e69540510617aea4b886ef845590960fe
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Dec 24 11:37:42 2015 +0900
g10: Remove subcommand checkbkupkey for --key-edit.
* g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.
--
GnuPG-bug-id: 2169
It was introduced by the commit 9e834047 in 2009. Then, we moved
private key handling to gpg-agent which broke this subcommand.
Note: This subcommand was not supported in 1.4 and 2.0.
diff --git a/g10/keyedit.c b/g10/keyedit.c
index cfbbed7..0553208 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1352,7 +1352,7 @@ enum cmdids
#endif /*!NO_TRUST_MODELS*/
cmdSHOWPREF,
cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
- cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCHECKBKUPKEY,
+ cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD,
cmdCLEAN, cmdMINIMIZE, cmdGRIP, cmdNOP
};
@@ -1404,7 +1404,6 @@ static struct
N_("move a key to a smartcard")},
{ "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK,
N_("move a backup key to a smartcard")},
- { "checkbkupkey", cmdCHECKBKUPKEY, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK, NULL},
#endif /*ENABLE_CARD_SUPPORT */
{ "delkey", cmdDELKEY, KEYEDIT_NOT_SK, N_("delete selected subkeys")},
{ "addrevoker", cmdADDREVOKER, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
@@ -1921,7 +1920,6 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break;
case cmdBKUPTOCARD:
- case cmdCHECKBKUPKEY:
{
/* Ask for a filename, check whether this is really a
backup key as generated by the card generation, parse
@@ -1982,47 +1980,21 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
xfree (fname);
node = new_kbnode (pkt);
- if (cmd == cmdCHECKBKUPKEY)
- {
- log_debug ("FIXME: This needs to be changed\n");
- /* PKT_public_key *sk = node->pkt->pkt.secret_key; */
- /* switch (is_secret_key_protected (sk)) */
- /* { */
- /* case 0: /\* Not protected. *\/ */
- /* tty_printf (_("This key is not protected.\n")); */
- /* break; */
- /* case -1: */
- /* log_error (_("unknown key protection algorithm\n")); */
- /* break; */
- /* default: */
- /* if (sk->protect.s2k.mode == 1001) */
- /* tty_printf (_("Secret parts of key" */
- /* " are not available.\n")); */
- /* if (sk->protect.s2k.mode == 1002) */
- /* tty_printf (_("Secret parts of key" */
- /* " are stored on-card.\n")); */
- /* else */
- /* check_secret_key (sk, 0); */
- /* } */
- }
- else /* Store it. */
- {
- /* We need to transfer it to gpg-agent. */
- err = transfer_secret_keys (ctrl, NULL, node, 1);
+ /* Transfer it to gpg-agent which handles secret keys. */
+ err = transfer_secret_keys (ctrl, NULL, node, 1);
- /* Then, treat the pkt as a public key to call
- card_store_subkey. */
- pkt->pkttype = PKT_PUBLIC_KEY;
+ /* Treat the pkt as a public key. */
+ pkt->pkttype = PKT_PUBLIC_KEY;
- if (card_store_subkey (node, 0))
- {
- redisplay = 1;
- sec_shadowing = 1;
- }
+ /* Ask gpg-agent to store the secret key to card. */
+ if (card_store_subkey (node, 0))
+ {
+ redisplay = 1;
+ sec_shadowing = 1;
}
release_kbnode (node);
- }
- break;
+ }
+ break;
#endif /* ENABLE_CARD_SUPPORT */
commit ee433d2b00c93b5a4e4ed54b9fb5806361df1b71
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Dec 24 10:41:23 2015 +0900
g10: Allow relative path for specifying the file for bkuptocard.
* g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME.
Also support tilda expansion.
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 15500ef..cfbbed7 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1927,17 +1927,23 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
backup key as generated by the card generation, parse
that key and store it on card. */
KBNODE node;
- const char *fname;
+ char *fname;
PACKET *pkt;
IOBUF a;
- fname = arg_string;
- if (!*fname)
+ if (!*arg_string)
{
tty_printf (_("Command expects a filename argument\n"));
break;
}
+ if (*arg_string == DIRSEP_C)
+ fname = xstrdup (arg_string);
+ else if (*arg_string == '~')
+ fname = make_filename (arg_string, NULL);
+ else
+ fname = make_filename (opt.homedir, arg_string, NULL);
+
/* Open that file. */
a = iobuf_open (fname);
if (a && is_secured_file (iobuf_get_fd (a)))
@@ -1946,12 +1952,13 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
a = NULL;
gpg_err_set_errno (EPERM);
}
- if (!a)
- {
- tty_printf (_("Can't open '%s': %s\n"),
- fname, strerror (errno));
- break;
- }
+ if (!a)
+ {
+ tty_printf (_("Can't open '%s': %s\n"),
+ fname, strerror (errno));
+ xfree (fname);
+ break;
+ }
/* Parse and check that file. */
pkt = xmalloc (sizeof *pkt);
@@ -1962,14 +1969,17 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
if (!err && pkt->pkttype != PKT_SECRET_KEY
&& pkt->pkttype != PKT_SECRET_SUBKEY)
err = GPG_ERR_NO_SECKEY;
- if (err)
- {
- tty_printf (_("Error reading backup key from '%s': %s\n"),
- fname, gpg_strerror (err));
- free_packet (pkt);
- xfree (pkt);
- break;
- }
+ if (err)
+ {
+ tty_printf (_("Error reading backup key from '%s': %s\n"),
+ fname, gpg_strerror (err));
+ xfree (fname);
+ free_packet (pkt);
+ xfree (pkt);
+ break;
+ }
+
+ xfree (fname);
node = new_kbnode (pkt);
if (cmd == cmdCHECKBKUPKEY)
commit 40959add1ba0efc1f4aa87fa075fa42423eff73c
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Dec 24 09:54:23 2015 +0900
g10: fix regression of bkuptocard subcommand in --edit-key.
* g10/keyedit.c (keyedit_menu): Call transfer_secret_keys.
* g10/import.c (transfer_secret_keys): Make it global function.
Allow stats==NULL.
--
GnuPG-bug-id: 2169
diff --git a/g10/import.c b/g10/import.c
index 02d6b76..27bfece 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1318,7 +1318,7 @@ import_one (ctrl_t ctrl,
function prints diagnostics and returns an error code. If BATCH is
true the secret keys are stored by gpg-agent in the transfer format
(i.e. no re-protection and aksing for passphrases). */
-static gpg_error_t
+gpg_error_t
transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, kbnode_t sec_keyblock,
int batch)
{
@@ -1389,8 +1389,11 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, kbnode_t sec_ke
if (!ski)
BUG ();
- stats->count++;
- stats->secret_read++;
+ if (stats)
+ {
+ stats->count++;
+ stats->secret_read++;
+ }
/* We ignore stub keys. The way we handle them in other parts
of the code is by asking the agent whether any secret key is
@@ -1561,7 +1564,8 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, kbnode_t sec_ke
if (opt.verbose)
log_info (_("key %s: secret key imported\n"),
keystr_from_pk_with_sub (main_pk, pk));
- stats->secret_imported++;
+ if (stats)
+ stats->secret_imported++;
}
else if ( gpg_err_code (err) == GPG_ERR_EEXIST )
{
@@ -1569,7 +1573,8 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, kbnode_t sec_ke
log_info (_("key %s: secret key already exists\n"),
keystr_from_pk_with_sub (main_pk, pk));
err = 0;
- stats->secret_dups++;
+ if (stats)
+ stats->secret_dups++;
}
else
{
diff --git a/g10/keyedit.c b/g10/keyedit.c
index d958db8..15500ef 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1922,7 +1922,6 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
case cmdBKUPTOCARD:
case cmdCHECKBKUPKEY:
- log_debug ("FIXME: This needs to be changed\n");
{
/* Ask for a filename, check whether this is really a
backup key as generated by the card generation, parse
@@ -1975,6 +1974,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
if (cmd == cmdCHECKBKUPKEY)
{
+ log_debug ("FIXME: This needs to be changed\n");
/* PKT_public_key *sk = node->pkt->pkt.secret_key; */
/* switch (is_secret_key_protected (sk)) */
/* { */
@@ -1996,14 +1996,21 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
/* } */
}
else /* Store it. */
- {
- if (card_store_subkey (node, 0))
- {
- redisplay = 1;
- sec_shadowing = 1;
- }
- }
- release_kbnode (node);
+ {
+ /* We need to transfer it to gpg-agent. */
+ err = transfer_secret_keys (ctrl, NULL, node, 1);
+
+ /* Then, treat the pkt as a public key to call
+ card_store_subkey. */
+ pkt->pkttype = PKT_PUBLIC_KEY;
+
+ if (card_store_subkey (node, 0))
+ {
+ redisplay = 1;
+ sec_shadowing = 1;
+ }
+ }
+ release_kbnode (node);
}
break;
diff --git a/g10/main.h b/g10/main.h
index c3a2114..06f2577 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -337,6 +337,8 @@ gpg_error_t import_old_secring (ctrl_t ctrl, const char *fname);
import_stats_t import_new_stats_handle (void);
void import_release_stats_handle (import_stats_t hd);
void import_print_stats (import_stats_t hd);
+gpg_error_t transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
+ kbnode_t sec_keyblock, int batch);
int collapse_uids( KBNODE *keyblock );
commit e684c634df814b12d399dcdc375c35d3e9a137af
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Dec 24 09:51:16 2015 +0900
agent: Support --force option for IMPORT_KEY.
* agent/command.c (cmd_keywrap_key): New option --force.
diff --git a/agent/command.c b/agent/command.c
index 4b6040a..446cf24 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2028,7 +2028,7 @@ cmd_keywrap_key (assuan_context_t ctx, char *line)
static const char hlp_import_key[] =
- "IMPORT_KEY [--unattended] [<cache_nonce>]\n"
+ "IMPORT_KEY [--unattended] [--force] [<cache_nonce>]\n"
"\n"
"Import a secret key into the key store. The key is expected to be\n"
"encrypted using the current session's key wrapping key (cf. command\n"
@@ -2036,13 +2036,14 @@ static const char hlp_import_key[] =
"no arguments but uses the inquiry \"KEYDATA\" to ask for the actual\n"
"key data. The unwrapped key must be a canonical S-expression. The\n"
"option --unattended tries to import the key as-is without any\n"
- "re-encryption";
+ "re-encryption. Exisiting key can be overwritten with --force.";
static gpg_error_t
cmd_import_key (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
int opt_unattended;
+ int force;
unsigned char *wrappedkey = NULL;
size_t wrappedkeylen;
gcry_cipher_hd_t cipherhd = NULL;
@@ -2066,6 +2067,7 @@ cmd_import_key (assuan_context_t ctx, char *line)
}
opt_unattended = has_option (line, "--unattended");
+ force = has_option (line, "--force");
line = skip_options (line);
p = line;
@@ -2180,7 +2182,7 @@ cmd_import_key (assuan_context_t ctx, char *line)
}
else
{
- if (!agent_key_available (grip))
+ if (!force && !agent_key_available (grip))
err = gpg_error (GPG_ERR_EEXIST);
else
{
@@ -2202,10 +2204,10 @@ cmd_import_key (assuan_context_t ctx, char *line)
err = agent_protect (key, passphrase, &finalkey, &finalkeylen,
ctrl->s2k_count);
if (!err)
- err = agent_write_private_key (grip, finalkey, finalkeylen, 0);
+ err = agent_write_private_key (grip, finalkey, finalkeylen, force);
}
else
- err = agent_write_private_key (grip, key, realkeylen, 0);
+ err = agent_write_private_key (grip, key, realkeylen, force);
leave:
gcry_sexp_release (openpgp_sexp);
-----------------------------------------------------------------------
Summary of changes:
agent/command.c | 12 ++++---
g10/import.c | 15 ++++++---
g10/keyedit.c | 97 +++++++++++++++++++++++++--------------------------------
g10/main.h | 2 ++
4 files changed, 62 insertions(+), 64 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list