[git] GnuPG - branch, master, updated. gnupg-2.1.8-67-gf3959f1
by Werner Koch
cvs at cvs.gnupg.org
Mon Oct 5 19:52:58 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via f3959f14b6c496c726bbca5230becb7b6844a234 (commit)
from ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f3959f14b6c496c726bbca5230becb7b6844a234
Author: Werner Koch <wk at gnupg.org>
Date: Mon Oct 5 19:48:47 2015 +0200
gpg: Install a dirmngr.conf file.
* g10/dirmngr-conf.skel: New.
* g10/Makefile.am (EXTRA_DIST): Add file.
(install-data-local, uninstall-local): Install that file.
* g10/openfile.c (copy_options_file): Add arg "name", return a value,
simplify with xstrconcat, and factor warning message out to:
(try_make_homedir): here. Also install dirmngr.conf.
* g10/options.skel: Remove --keyserver entry.
--
The option --keyserver in gpg has been deprecated in favor of
--keyserver in dirmngr.conf. Thus we need to install a skeleton file
for dirmngr to set a default keyserver.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 2fd52b3..cd12183 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -18,7 +18,8 @@
## Process this file with automake to produce Makefile.in
-EXTRA_DIST = options.skel distsigkey.gpg ChangeLog-2011 gpg-w32info.rc \
+EXTRA_DIST = options.skel dirmngr-conf.skel distsigkey.gpg \
+ ChangeLog-2011 gpg-w32info.rc \
gpg.w32-manifest.in test.c t-keydb-keyring.kbx
AM_CPPFLAGS = -I$(top_srcdir)/common
@@ -164,11 +165,14 @@ install-data-local:
$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)
$(INSTALL_DATA) $(srcdir)/options.skel \
$(DESTDIR)$(pkgdatadir)/gpg-conf.skel
+ $(INSTALL_DATA) $(srcdir)/dirmngr-conf.skel \
+ $(DESTDIR)$(pkgdatadir)/dirmngr-conf.skel
$(INSTALL_DATA) $(srcdir)/distsigkey.gpg \
$(DESTDIR)$(pkgdatadir)/distsigkey.gpg
uninstall-local:
- at rm $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
+ - at rm $(DESTDIR)$(pkgdatadir)/dirmngr-conf.skel
- at rm $(DESTDIR)$(pkgdatadir)/distsigkey.gpg
diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel
new file mode 100644
index 0000000..0888fb7
--- /dev/null
+++ b/g10/dirmngr-conf.skel
@@ -0,0 +1,61 @@
+# dirmngr-conf.skel - Skeleton to create dirmngr.conf.
+# (Note that the first three lines are not copied.)
+#
+# dirmngr.conf - Options for Dirmngr
+# Written in 2015 by The GnuPG Project <https://gnupg.org>
+#
+# To the extent possible under law, the authors have dedicated all
+# copyright and related and neighboring rights to this file to the
+# public domain worldwide. This file is distributed without any
+# warranty. You should have received a copy of the CC0 Public Domain
+# Dedication along with this file. If not, see
+# <http://creativecommons.org/publicdomain/zero/1.0/>.
+#
+#
+# Unless you specify which option file to use (with the command line
+# option "--options filename"), the file ~/.gnupg/dirmngr.conf is used
+# by dirmngr. The file can contain any long options which are valid
+# for Dirmngr. If the first non white space character of a line is a
+# '#', the line is ignored. Empty lines are also ignored. See the
+# dirmngr man page or the manual for a list of options.
+#
+
+# --keyserver URI
+#
+# GPG can send and receive keys to and from a keyserver. These
+# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP
+# support).
+#
+# Example HKP keyservers:
+# hkp://keys.gnupg.net
+#
+# Example HKPS keyservers (see --hkp-cacert below):
+# hkps://hkps.pool.sks-keyservers.net
+#
+# Example LDAP keyservers:
+# ldap://pgp.surfnet.nl:11370
+#
+# Regular URL syntax applies, and you can set an alternate port
+# through the usual method:
+# hkp://keyserver.example.net:22742
+#
+# Most users just set the name and type of their preferred keyserver.
+# Note that most servers (with the notable exception of
+# ldap://keyserver.pgp.com) synchronize changes with each other. Note
+# also that a single server name may actually point to multiple
+# servers via DNS round-robin. hkp://keys.gnupg.net is an example of
+# such a "server", which spreads the load over a number of physical
+# servers.
+
+keyserver hkp://keys.gnupg.net
+
+# --hkp-cacert FILENAME
+#
+# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to
+# know the root certificates for verification of the TLS certificates
+# used for the connection. Enter the full name of a file with the
+# root certificates here. If that file is in PEM format a ".pem"
+# suffix is expected. This option may be given multiple times to add
+# more root certificates.
+
+#hkp-cacert /path/to/CA/sks-keyservers.netCA.pem
diff --git a/g10/openfile.c b/g10/openfile.c
index 76961e5..859090e 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -375,10 +375,11 @@ open_sigfile (const char *sigfilename, progress_filter_context_t *pfx)
/****************
- * Copy the option file skeleton to the given directory.
+ * Copy the option file skeleton for NAME to the given directory.
+ * Returns true if the new option file has any option.
*/
-static void
-copy_options_file (const char *destdir)
+static int
+copy_options_file (const char *destdir, const char *name)
{
const char *datadir = gnupg_datadir ();
char *fname;
@@ -390,10 +391,9 @@ copy_options_file (const char *destdir)
int any_option = 0;
if (opt.dry_run)
- return;
+ return 0;
- fname = xmalloc (strlen(datadir) + strlen(destdir) + 15);
- strcpy (stpcpy(fname, datadir), DIRSEP_S "gpg-conf" SKELEXT);
+ fname = xstrconcat (datadir, DIRSEP_S, name, "-conf", SKELEXT, NULL);
src = fopen (fname, "r");
if (src && is_secured_file (fileno (src)))
{
@@ -405,9 +405,10 @@ copy_options_file (const char *destdir)
{
log_info (_("can't open '%s': %s\n"), fname, strerror(errno));
xfree(fname);
- return;
+ return 0;
}
- strcpy (stpcpy (fname, destdir), DIRSEP_S GPGEXT_GPG EXTSEP_S "conf");
+ xfree (fname);
+ fname = xstrconcat (destdir, DIRSEP_S, name, EXTSEP_S, "conf", NULL);
oldmask = umask (077);
if (is_secured_filename (fname))
@@ -424,7 +425,7 @@ copy_options_file (const char *destdir)
log_info (_("can't create '%s': %s\n"), fname, strerror(errno) );
fclose (src);
xfree (fname);
- return;
+ return 0;
}
while ((c = getc (src)) != EOF)
@@ -455,11 +456,8 @@ copy_options_file (const char *destdir)
fclose (src);
log_info (_("new configuration file '%s' created\n"), fname);
- if (any_option)
- log_info (_("WARNING: options in '%s'"
- " are not yet active during this run\n"),
- fname);
xfree (fname);
+ return any_option;
}
@@ -492,7 +490,15 @@ try_make_homedir (const char *fname)
fname, strerror(errno) );
else if (!opt.quiet )
log_info ( _("directory '%s' created\n"), fname );
- copy_options_file( fname );
+
+ /* Note that we also copy a dirmngr.conf file here. This is
+ because gpg is likely the first invoked tool and thus creates
+ the directory. */
+ copy_options_file (fname, DIRMNGR_NAME);
+ if (copy_options_file (fname, GPG_NAME))
+ log_info (_("WARNING: options in '%s'"
+ " are not yet active during this run\n"),
+ fname);
}
}
diff --git a/g10/options.skel b/g10/options.skel
index 20b5711..e8f1882 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -95,39 +95,9 @@ require-cross-certification
#lock-once
-# GnuPG can send and receive keys to and from a keyserver. These
-# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
-# support).
-#
-# Example HKP keyservers:
-# hkp://keys.gnupg.net
-#
-# Example LDAP keyservers:
-# ldap://pgp.surfnet.nl:11370
-#
-# Regular URL syntax applies, and you can set an alternate port
-# through the usual method:
-# hkp://keyserver.example.net:22742
-#
-# If you have problems connecting to a HKP server through a buggy http
-# proxy, you can use keyserver option broken-http-proxy (see below),
-# but first you should make sure that you have read the man page
-# regarding proxies (keyserver option honor-http-proxy)
-#
-# Most users just set the name and type of their preferred keyserver.
-# Note that most servers (with the notable exception of
-# ldap://keyserver.pgp.com) synchronize changes with each other. Note
-# also that a single server name may actually point to multiple
-# servers via DNS round-robin. hkp://keys.gnupg.net is an example of
-# such a "server", which spreads the load over a number of physical
-# servers. To see the IP address of the server actually used, you may use
-# the "--keyserver-options debug".
-
-keyserver hkp://keys.gnupg.net
-#keyserver http://http-keys.gnupg.net
-#keyserver mailto:pgp-public-keys at keys.nl.pgp.net
# Common options for keyserver functions:
+# (Note that the --keyserver option has been moved to dirmngr.conf)
#
# include-disabled = when searching, include keys marked as "disabled"
# on the keyserver (not all keyservers support this).
-----------------------------------------------------------------------
Summary of changes:
g10/Makefile.am | 6 ++++-
g10/dirmngr-conf.skel | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++
g10/openfile.c | 34 ++++++++++++++++------------
g10/options.skel | 32 +--------------------------
4 files changed, 87 insertions(+), 46 deletions(-)
create mode 100644 g10/dirmngr-conf.skel
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list