[git] GnuPG - branch, master, updated. gnupg-2.1.10-135-g09117e7
by Werner Koch
cvs at cvs.gnupg.org
Thu Jan 21 11:54:51 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 09117e769a093467cb47154f36d7dda613313e33 (commit)
from bdb61351776c038d668310d9b5e5c32588ef6519 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 09117e769a093467cb47154f36d7dda613313e33
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 21 11:49:27 2016 +0100
gpg: Make --auto-key-retrieve work with dirmngr configured server.
* g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
* g10/keyserver.c (keyserver_any_configured): New.
(keyserver_put): Remove arg keyserver because this will always receive
opt.keyserver which is anyway used when connecting dirmngr. Do not
check opt.keyserver.
(keyserver_import_cert): Replace opt.keyserver by
keyserver_any_configured.
* g10/mainproc.c (check_sig_and_print): Ditto.
* g10/import.c (revocation_present): Ditto.
* g10/getkey.c (get_pubkey_byname): Ditto.
* g10/gpgv.c (keyserver_any_configured): Add stub.
* g10/test-stubs.c (keyserver_any_configured): Add stub.
--
The keyserver should be configured in dirmngr.conf and thus we can't
use opt.keyserver in gpg to decide whether a keyserver has been
configured.
GnuPG-bug-id: 2147
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index 360e127..e596533 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -404,7 +404,8 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
memset (&stparm, 0, sizeof stparm);
stparm.keyword = "KEYSERVER";
- *r_keyserver = NULL;
+ if (r_keyserver)
+ *r_keyserver = NULL;
err = open_context (ctrl, &ctx);
if (err)
@@ -420,7 +421,10 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
goto leave;
}
- *r_keyserver = stparm.source;
+ if (r_keyserver)
+ *r_keyserver = stparm.source;
+ else
+ xfree (stparm.source);
stparm.source = NULL;
leave:
diff --git a/g10/getkey.c b/g10/getkey.c
index 9a4f81e..74fa753 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1333,9 +1333,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
mailbox for the getname search, but it helps cut down
on the problem of searching for something like "john"
and getting a whole lot of keys back. */
- if (opt.keyserver)
+ if (keyserver_any_configured (ctrl))
{
- mechanism = opt.keyserver->uri;
+ mechanism = "keyserver";
glo_ctrl.in_auto_key_retrieve++;
rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len,
opt.keyserver);
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 9932756..19a2ff6 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -345,6 +345,13 @@ keyserver_match (struct keyserver_spec *spec)
}
int
+keyserver_any_configured (ctrl_t ctrl)
+{
+ (void)ctrl;
+ return 0;
+}
+
+int
keyserver_import_keyid (u32 *keyid, void *dummy)
{
(void)keyid;
diff --git a/g10/import.c b/g10/import.c
index 8e75aa1..369be35 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -2471,9 +2471,9 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
char *tempkeystr=xstrdup(keystr_from_pk(pk));
/* No, so try and get it */
- if(opt.keyserver
- && (opt.keyserver_options.options
- & KEYSERVER_AUTO_KEY_RETRIEVE))
+ if ((opt.keyserver_options.options
+ & KEYSERVER_AUTO_KEY_RETRIEVE)
+ && keyserver_any_configured (ctrl))
{
log_info(_("WARNING: key %s may be revoked:"
" fetching revocation key %s\n"),
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index 676b4db..6f6f430 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -31,6 +31,7 @@ struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
struct keyserver_spec *parse_keyserver_uri (const char *string,
int require_scheme);
struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);
+int keyserver_any_configured (ctrl_t ctrl);
int keyserver_export (ctrl_t ctrl, strlist_t users);
int keyserver_import (ctrl_t ctrl, strlist_t users);
int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
diff --git a/g10/keyserver.c b/g10/keyserver.c
index b0af63d..e9ccb58 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -109,8 +109,7 @@ static gpg_error_t keyserver_get (ctrl_t ctrl,
KEYDB_SEARCH_DESC *desc, int ndesc,
struct keyserver_spec *override_keyserver,
unsigned char **r_fpr, size_t *r_fprlen);
-static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
- struct keyserver_spec *keyserver);
+static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
/* Reasonable guess. The commonly used test key simon.josefsson.org
@@ -1005,7 +1004,7 @@ keyserver_export (ctrl_t ctrl, strlist_t users)
if(sl)
{
- rc = keyserver_put (ctrl, sl, opt.keyserver);
+ rc = keyserver_put (ctrl, sl);
free_strlist(sl);
}
@@ -1132,6 +1131,14 @@ keyserver_import (ctrl_t ctrl, strlist_t users)
}
+/* Return true if any keyserver has been configured. */
+int
+keyserver_any_configured (ctrl_t ctrl)
+{
+ return !gpg_dirmngr_ks_list (ctrl, NULL);
+}
+
+
/* Import all keys that exactly match NAME */
int
keyserver_import_name (ctrl_t ctrl, const char *name,
@@ -1380,7 +1387,12 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
opt.keyserver_options.import_options|=IMPORT_FAST;
/* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
- scheme, then enable fake v3 keyid generation. */
+ scheme, then enable fake v3 keyid generation. Note that this
+ works only with a keyserver configured. gpg.conf
+ (i.e. opt.keyserver); however that method of configuring a
+ keyserver is deprecated and in any case it is questionable
+ whether we should keep on supporting these ancient and broken
+ keyservers. */
if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
&& (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
@@ -1775,21 +1787,21 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
}
-/* Send all keys specified by KEYSPECS to the KEYSERVERS. */
+/* Send all keys specified by KEYSPECS to the configured keyserver. */
static gpg_error_t
-keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
- struct keyserver_spec *keyserver)
+keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
{
gpg_error_t err;
strlist_t kspec;
+ char *ksurl;
if (!keyspecs)
return 0; /* Return success if the list is empty. */
- if (!opt.keyserver)
+ if (gpg_dirmngr_ks_list (ctrl, &ksurl))
{
- log_error (_("no keyserver known (use option --keyserver)\n"));
+ log_error (_("no keyserver known\n"));
return gpg_error (GPG_ERR_NO_KEYSERVER);
}
@@ -1807,14 +1819,9 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
else
{
- if (keyserver->host)
- log_info (_("sending key %s to %s server %s\n"),
- keystr (keyblock->pkt->pkt.public_key->keyid),
- keyserver->scheme, keyserver->host);
- else
- log_info (_("sending key %s to %s\n"),
- keystr (keyblock->pkt->pkt.public_key->keyid),
- keyserver->uri);
+ log_info (_("sending key %s to %s\n"),
+ keystr (keyblock->pkt->pkt.public_key->keyid),
+ ksurl?ksurl:"[?]");
err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
release_kbnode (keyblock);
@@ -1827,6 +1834,7 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
}
}
+ xfree (ksurl);
return err;
@@ -1940,15 +1948,15 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
free_keyserver_spec(spec);
}
}
- else if(opt.keyserver)
+ else if (keyserver_any_configured (ctrl))
{
/* If only a fingerprint is provided, try and fetch it from
- our --keyserver */
+ the configured keyserver. */
err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
}
else
- log_info(_("no keyserver known (use option --keyserver)\n"));
+ log_info(_("no keyserver known\n"));
/* Give a better string here? "CERT fingerprint for \"%s\"
found, but no keyserver" " known (use option
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 8688325..5e6b40b 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1803,8 +1803,8 @@ check_sig_and_print (CTX c, kbnode_t node)
no information from the DNS PKA, this is a third try. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
- && opt.keyserver
- && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE))
+ && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
+ && keyserver_any_configured (c->ctrl))
{
int res;
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index a1988f0..74b6bf7 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -157,6 +157,13 @@ keyserver_match (struct keyserver_spec *spec)
}
int
+keyserver_any_configured (ctrl_t ctrl)
+{
+ (void)ctrl;
+ return 0;
+}
+
+int
keyserver_import_keyid (u32 *keyid, void *dummy)
{
(void)keyid;
-----------------------------------------------------------------------
Summary of changes:
g10/call-dirmngr.c | 8 ++++++--
g10/getkey.c | 4 ++--
g10/gpgv.c | 7 +++++++
g10/import.c | 6 +++---
g10/keyserver-internal.h | 1 +
g10/keyserver.c | 48 ++++++++++++++++++++++++++++--------------------
g10/mainproc.c | 4 ++--
g10/test-stubs.c | 7 +++++++
8 files changed, 56 insertions(+), 29 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list