[git] GnuPG - branch, master, updated. gnupg-2.1.2-2-g070d7bf

by Andre Heinecke cvs at cvs.gnupg.org
Thu Feb 12 13:06:02 CET 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  070d7bf940efa60db2b0734273b9b3736d18338a (commit)
      from  b4c798b86ed4b70bfc26213727dd2d613e4a8540 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 070d7bf940efa60db2b0734273b9b3736d18338a
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Feb 5 13:58:50 2015 +0100

    dirmngr: Initialize cache from sysconfig dir
    
    * dirmngr/certcache.c (cert_cache_init): Load certificates
    from sysconfig dir instead of the homeidr.
    * dirmngr/dirmngr.c (main): Removed parsing of obsolete
    homedir_data option.
    * dirmngr/dirmngr.h (opt): Removed homedir_data.
    * doc/dirmngr.texi: Update and clarify certs directory doc.
    
    --
    
    Using the homedir for extra-certs and trusted-certs makes
    little sense when dirmngr is used with a caller that
    manages it's own store of certificates and can
    provide those through the SENDCERT command.
    You can use trusted-certs and extra-certs to provide
    users with a base of locally available certificates that are
    not already in store of the applications.

diff --git a/NEWS b/NEWS
index 1003652..48142bc 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 Noteworthy changes in version 2.1.3 (unreleased)
 ------------------------------------------------
 
+ * dirmngr: extra-certs and trusted-certs are now always loaded from
+   the sysconfig dir instead of the homedir.
+
 
 Noteworthy changes in version 2.1.2 (2015-02-11)
 ------------------------------------------------
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 969b3ec..7fc9826 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -435,11 +435,11 @@ cert_cache_init (void)
   init_cache_lock ();
   acquire_cache_write_lock ();
 
-  dname = make_filename (opt.homedir, "trusted-certs", NULL);
+  dname = make_filename (gnupg_sysconfdir (), "trusted-certs", NULL);
   load_certs_from_dir (dname, 1);
   xfree (dname);
 
-  dname = make_filename (opt.homedir_data, "extra-certs", NULL);
+  dname = make_filename (gnupg_sysconfdir (), "extra-certs", NULL);
   load_certs_from_dir (dname, 0);
   xfree (dname);
 
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index fd31b7f..36a476a 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -800,7 +800,6 @@ main (int argc, char **argv)
 #else
       opt.homedir = gnupg_sysconfdir ();
 #endif
-      opt.homedir_data = gnupg_datadir ();
       opt.homedir_cache = gnupg_cachedir ();
       socket_name = dirmngr_sys_socket_name ();
     }
@@ -926,8 +925,6 @@ main (int argc, char **argv)
   if (nogreeting )
     greeting = 0;
 
-  if (!opt.homedir_data)
-    opt.homedir_data = opt.homedir;
   if (!opt.homedir_cache)
     opt.homedir_cache = opt.homedir;
 
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index bb368f2..3dd16a3 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -80,7 +80,6 @@ struct
   int dry_run;        /* don't change any persistent data */
   int batch;          /* batch mode */
   const char *homedir;      /* Configuration directory name */
-  const char *homedir_data; /* Ditto for data files (/usr/share/dirmngr).  */
   const char *homedir_cache; /* Ditto for cache files (/var/cache/dirmngr).  */
 
   char *config_filename;     /* Name of a config file, which will be
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 5f2cfd4..6c413de 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -143,9 +143,8 @@ running mode:
 @table @asis
 
 @item With @code{--daemon} given on the commandline
-the directory named @file{/etc/gnupg} for configuration files,
- at file{/var/lib/gnupg/} for extra data and @file{/var/cache/gnupg}
-for cached CRLs.
+the directory named @file{/etc/gnupg} is used for configuration files
+and @file{/var/cache/gnupg} for cached CRLs.
 
 @item Without @code{--daemon} given on the commandline
 the directory named @file{.gnupg} directly below the home directory
@@ -428,11 +427,9 @@ Dirmngr makes use of several directories when running in daemon mode:
 The first is the standard home directory for all configuration files.
 In the deprecated system daemon mode the second directory is used instead.
 
- at item ~/.gnupg/trusted-certs
- at itemx /etc/gnupg/trusted-certs
-The first directory should be filled with certificates of Root CAs you
-are trusting in checking the CRLs and signing OCSP Reponses.  The
-second directory is used in the deprecated systems daemon mode.
+ at item /etc/gnupg/trusted-certs
+This directory should be filled with certificates of Root CAs you
+are trusting in checking the CRLs and signing OCSP Reponses.
 
 Usually these are the same certificates you use with the applications
 making use of dirmngr.  It is expected that each of these certificate
@@ -442,20 +439,22 @@ those certificates on startup and when given a SIGHUP.  Certificates
 which are not readable or do not make up a proper X.509 certificate
 are ignored; see the log file for details.
 
+Applications using dirmngr (e.g. gpgsm) can request these
+certificates to complete a trust chain in the same way as with the
+extra-certs directory (see below).
+
 Note that for OCSP responses the certificate specified using the option
 @option{--ocsp-signer} is always considered valid to sign OCSP requests.
 
-
- at item ~/.gnupg/extra-certs
- at itemx /var/lib/gnupg/extra-certs
-The first directory may contain extra certificates which are preloaded
-into the interal cache on startup.This is convenient in cases you have
-a couple intermediate CA certificates or certificates ususally used to
-sign OCSP reponses.  These certificates are first tried before going
+ at item /etc/gnupg/extra-certs
+This directory may contain extra certificates which are preloaded
+into the interal cache on startup. Applications using dirmngr (e.g. gpgsm)
+can request cached certificates to complete a trust chain.
+This is convenient in cases you have a couple intermediate CA certificates
+or certificates ususally used to sign OCSP reponses.
+These certificates are first tried before going
 out to the net to look for them.  These certificates must also be
 @acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}.
-The second directory is used instead in the deprecated systems daemon
-mode.
 
 @item /var/run/gnupg
 This directory is only used in the deprecated system daemon mode.  It

-----------------------------------------------------------------------

Summary of changes:
 NEWS                |  3 +++
 dirmngr/certcache.c |  4 ++--
 dirmngr/dirmngr.c   |  3 ---
 dirmngr/dirmngr.h   |  1 -
 doc/dirmngr.texi    | 33 ++++++++++++++++-----------------
 5 files changed, 21 insertions(+), 23 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list