From cvs at cvs.gnupg.org Fri Jul 1 09:48:52 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 01 Jul 2016 09:48:52 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-87-g6bfbc36 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6bfbc368f90b274192d3751274816091675f5109 (commit) from 8f39185d7bfa0bc749f9ccf4a041d2da4eba24ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6bfbc368f90b274192d3751274816091675f5109 Author: Justus Winter Date: Fri Jul 1 09:47:48 2016 +0200 Fix trivial memory leaks in tests. * dirmngr/t-ldap-parse-uri.c (check_ldap_escape_filter): Free result. * g10/t-stutter.c (main): Free file name. Signed-off-by: Justus Winter diff --git a/dirmngr/t-ldap-parse-uri.c b/dirmngr/t-ldap-parse-uri.c index 100ce0d..145b47a 100644 --- a/dirmngr/t-ldap-parse-uri.c +++ b/dirmngr/t-ldap-parse-uri.c @@ -222,6 +222,8 @@ check_ldap_escape_filter (int test_count, struct test_ldap_escape_filter *test) test->filter, result, test->result); fail (test_count * 1000); } + + xfree (result); } static void diff --git a/g10/t-stutter.c b/g10/t-stutter.c index 9576027..f3fc653 100644 --- a/g10/t-stutter.c +++ b/g10/t-stutter.c @@ -606,5 +606,6 @@ main (int argc, char *argv[]) log_fatal ("Message is too short, nothing to test.\n"); } + xfree (filename); return failed; } ----------------------------------------------------------------------- Summary of changes: dirmngr/t-ldap-parse-uri.c | 2 ++ g10/t-stutter.c | 1 + 2 files changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 1 11:00:19 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 01 Jul 2016 11:00:19 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-188-g570bf2a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 570bf2a648f14b34c4c45d3890b7300529a82d37 (commit) from 62d10c2a38160ef539a784b96960a6b5e3d8d6b6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 570bf2a648f14b34c4c45d3890b7300529a82d37 Author: Andre Heinecke Date: Fri Jul 1 10:56:57 2016 +0200 core: Fix identify for armored detached sigs * src/data-identify.c (basic_detection): Return signature for signature. -- This causes identify to return signature for both binary and ascii armored detached signatures where previously it would have returned signed for armored signatures and signature for binary signatures. GnuPG-Bug-Id: 2314 diff --git a/src/data-identify.c b/src/data-identify.c index 1cfccd7..88a472f 100644 --- a/src/data-identify.c +++ b/src/data-identify.c @@ -443,7 +443,7 @@ basic_detection (char *data, size_t datalen) if (!strncmp (s+11, "PGP ", 4)) { if (!strncmp (s+15, "SIGNATURE", 9)) - return GPGME_DATA_TYPE_PGP_SIGNED; + return GPGME_DATA_TYPE_PGP_SIGNATURE; if (!strncmp (s+15, "SIGNED MESSAGE", 14)) return GPGME_DATA_TYPE_PGP_SIGNED; if (!strncmp (s+15, "PUBLIC KEY BLOCK", 16)) ----------------------------------------------------------------------- Summary of changes: src/data-identify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 1 14:17:04 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 01 Jul 2016 14:17:04 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-94-g49fdd08 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 49fdd0887c84ed7f7b858b9e7ffa146fcb7f1e87 (commit) via 78aeb236fe4ff3a6d51b3095148e7086f2a6e9a8 (commit) via cff63da930b6b3f0253668911e0931713b2b584a (commit) via c454922ffa71929c810c6ff048d902498575302f (commit) via ff77b92aae9c8e20cbc7fa7c294adcc6a8c2f614 (commit) via 44d4c695722d96b3bbef16f2843f62413b9670cd (commit) via 5fafd18d474da7b763f5b82c73b6ca4288e136d7 (commit) from 6bfbc368f90b274192d3751274816091675f5109 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 49fdd0887c84ed7f7b858b9e7ffa146fcb7f1e87 Author: Justus Winter Date: Fri Jul 1 14:09:58 2016 +0200 common: Annotate semi-static allocation. * common/argparse.c (optfile_parse): Allow string arguments to leak. Signed-off-by: Justus Winter diff --git a/common/argparse.c b/common/argparse.c index 00cde23..240fdce 100644 --- a/common/argparse.c +++ b/common/argparse.c @@ -699,6 +699,8 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, } if (!set_opt_arg (arg, opts[idx].flags, p)) xfree (buffer); + else + gpgrt_annotate_leaked_object (buffer); } } break; commit 78aeb236fe4ff3a6d51b3095148e7086f2a6e9a8 Author: Justus Winter Date: Fri Jul 1 14:09:01 2016 +0200 g10: Fix memory leak. * g10/keyserver.c (parse_keyserver_uri): Free URI. Signed-off-by: Justus Winter diff --git a/g10/keyserver.c b/g10/keyserver.c index d7105de..2e2d6a4 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -240,13 +240,13 @@ parse_keyserver_uri (const char *string,int require_scheme) struct keyserver_spec *keyserver; const char *idx; int count; - char *uri,*options; + char *uri, *duped_uri, *options; log_assert (string); keyserver=xmalloc_clear(sizeof(struct keyserver_spec)); - uri=xstrdup(string); + duped_uri = uri = xstrdup (string); options=strchr(uri,' '); if(options) @@ -434,11 +434,13 @@ parse_keyserver_uri (const char *string,int require_scheme) goto fail; } + xfree (duped_uri); return keyserver; fail: free_keyserver_spec(keyserver); + xfree (duped_uri); return NULL; } commit cff63da930b6b3f0253668911e0931713b2b584a Author: Justus Winter Date: Fri Jul 1 13:44:32 2016 +0200 tools/gpgtar: Annotate semi-static allocation. * tools/gpgtar.c (shell_parse_argv): Annotate argument vector as leaked. Signed-off-by: Justus Winter diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 416f514..a3429de 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -275,7 +275,12 @@ shell_parse_argv (const char *s, int *r_argc, char ***r_argv) return 1; for (i = 0; list; i++) - (*r_argv)[i] = list->d, list = list->next; + { + gpgrt_annotate_leaked_object (list); + (*r_argv)[i] = list->d; + list = list->next; + } + gpgrt_annotate_leaked_object (*r_argv); return 0; } commit c454922ffa71929c810c6ff048d902498575302f Author: Justus Winter Date: Fri Jul 1 13:43:01 2016 +0200 g10: Fix memory leak. * g10/import.c (transfer_secret_keys): Release curve from the previous iteration. Signed-off-by: Justus Winter diff --git a/g10/import.c b/g10/import.c index b6bc0f2..332e266 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1524,6 +1524,7 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, else { const char *curvename = openpgp_oid_to_curve (curvestr, 1); + gcry_sexp_release (curve); err = gcry_sexp_build (&curve, NULL, "(curve %s)", curvename?curvename:curvestr); xfree (curvestr); commit ff77b92aae9c8e20cbc7fa7c294adcc6a8c2f614 Author: Justus Winter Date: Fri Jul 1 12:50:29 2016 +0200 g10: Fix build with disabled kbnode cache. * g10/kbnode.c (release_unused_nodes): Fix build with disabled kbnode cache. Signed-off-by: Justus Winter diff --git a/g10/kbnode.c b/g10/kbnode.c index a1d1f3d..e814fa8 100644 --- a/g10/kbnode.c +++ b/g10/kbnode.c @@ -34,18 +34,18 @@ static int cleanup_registered; static KBNODE unused_nodes; -#if USE_UNUSED_NODES static void release_unused_nodes (void) { +#if USE_UNUSED_NODES while (unused_nodes) { kbnode_t next = unused_nodes->next; xfree (unused_nodes); unused_nodes = next; } -} #endif /*USE_UNUSED_NODES*/ +} static kbnode_t commit 44d4c695722d96b3bbef16f2843f62413b9670cd Author: Justus Winter Date: Fri Jul 1 12:48:57 2016 +0200 g10: Fix memory leak. * g10/trustdb.c (tdb_get_validity_core): Fix kbnode leak. Signed-off-by: Justus Winter diff --git a/g10/trustdb.c b/g10/trustdb.c index 527a23d..dd74d18 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1022,17 +1022,18 @@ tdb_get_validity_core (ctrl_t ctrl, #ifdef USE_TOFU if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP) { - kbnode_t user_id_node = NULL; /* Silence -Wmaybe-uninitialized. */ + kbnode_t user_id_node = NULL; + kbnode_t n = NULL; /* Silence -Wmaybe-uninitialized. */ int user_ids = 0; int user_ids_expired = 0; /* If the caller didn't supply a user id then iterate over all uids. */ if (! uid) - user_id_node = get_pubkeyblock (main_pk->keyid); + user_id_node = n = get_pubkeyblock (main_pk->keyid); while (uid - || (user_id_node = find_next_kbnode (user_id_node, PKT_USER_ID))) + || (n = find_next_kbnode (n, PKT_USER_ID))) { unsigned int tl; PKT_user_id *user_id; @@ -1040,7 +1041,7 @@ tdb_get_validity_core (ctrl_t ctrl, if (uid) user_id = uid; else - user_id = user_id_node->pkt->pkt.user_id; + user_id = n->pkt->pkt.user_id; /* If the user id is revoked or expired, then skip it. */ if (user_id->is_revoked || user_id->is_expired) @@ -1094,6 +1095,7 @@ tdb_get_validity_core (ctrl_t ctrl, now. */ break; } + release_kbnode (user_id_node); } #endif /*USE_TOFU*/ commit 5fafd18d474da7b763f5b82c73b6ca4288e136d7 Author: Justus Winter Date: Fri Jul 1 11:26:54 2016 +0200 g10: Fix memory leak. * g10/keygen.c (keygen_set_std_prefs): Fix memory leak. Signed-off-by: Justus Winter diff --git a/g10/keygen.c b/g10/keygen.c index 11eb587..3a9a8e7 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -413,9 +413,9 @@ keygen_set_std_prefs (const char *string,int personal) if(strlen(string)) { - char *tok,*prefstring; + char *dup, *tok, *prefstring; - prefstring=xstrdup(string); /* need a writable string! */ + dup = prefstring = xstrdup (string); /* need a writable string! */ while((tok=strsep(&prefstring," ,"))) { @@ -449,7 +449,7 @@ keygen_set_std_prefs (const char *string,int personal) } } - xfree(prefstring); + xfree (dup); } if(!rc) ----------------------------------------------------------------------- Summary of changes: common/argparse.c | 2 ++ g10/import.c | 1 + g10/kbnode.c | 4 ++-- g10/keygen.c | 6 +++--- g10/keyserver.c | 6 ++++-- g10/trustdb.c | 10 ++++++---- tools/gpgtar.c | 7 ++++++- 7 files changed, 24 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 1 16:30:59 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 01 Jul 2016 16:30:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-99-g5137bf7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5137bf73ccc98a72c2eeac148e4d4b5d58f0a854 (commit) via f015552374d69e28292a12f2b91ab34d65c9b457 (commit) via d8bce478be3ae9e401841a77d189ef3c81ccb757 (commit) via 681c6ef757a73fc1a63a552186e038db179494aa (commit) via 6446a6b3dfd3b2e68b4285870f902ed1f86b0866 (commit) from 49fdd0887c84ed7f7b858b9e7ffa146fcb7f1e87 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5137bf73ccc98a72c2eeac148e4d4b5d58f0a854 Author: Werner Koch Date: Fri Jul 1 16:24:04 2016 +0200 gpg: New option --import-filter * g10/gpg.c (oImportFilter): New. (opts): Add --import-filter. (main): Handle option. * g10/import.c: Include recsel.h, init.h, and mbox-util.h. (import_keep_uid): New global var. (cleanup_import_globals): New. (parse_and_set_import_filter): New. (filter_getval): New. (apply_keep_uid_filter): New. (import_one): Apply filter if set. -- Funny new option. It can for example be used to export a key with only one user id: gpg --no-options --import --import-options import-export \ --import-filter keep-uid='mbox=wk at gnupg.org' \ < full-key.pub > key-with-one-uid.pub More features will eventually be added. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 6f0249a..9a06221 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2218,6 +2218,45 @@ opposite meaning. The options are: Defaults to no. @end table + at item --import-filter @code{@var{name}=@var{expr}} + at opindex import-filter +This option defines an import filter which is implied to the imported +keyblock right before it will be stored. @var{name} defines the type +of filter to use, @var{expr} the expression to evaluate. The option +can be used several times which then appends more expression to the +same @var{name}. + + at noindent +The available filter types are: + + at table @asis + + @item keep-uid + This filter will keep a user id packet and its dependent packets in + the keyblock if the expression evaluates to true. + + at end table + +The syntax for the expression is defined in the appendix (FIXME). The +property names for the expressions depend on the actual filter type +and are indicated in the following table. + +The available properties are: + + at table @asis + + @item uid + A string with the user id. (keep-uid) + + @item mbox + The addr-spec part of a user id with mailbox or the empty string. + (keep-uid) + + @item primary + Boolean indicating whether the user id is the primary one. (keep-uid) + + at end table + @item --export-options @code{parameters} @opindex export-options This is a space or comma delimited string that gives options for diff --git a/g10/gpg.c b/g10/gpg.c index b1d6c34..009b84c 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -300,6 +300,7 @@ enum cmd_and_opt_values oKeyServer, oKeyServerOptions, oImportOptions, + oImportFilter, oExportOptions, oListOptions, oVerifyOptions, @@ -572,6 +573,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oKeyServer, "keyserver", "@"), ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"), ARGPARSE_s_s (oImportOptions, "import-options", "@"), + ARGPARSE_s_s (oImportFilter, "import-filter", "@"), ARGPARSE_s_s (oExportOptions, "export-options", "@"), ARGPARSE_s_s (oListOptions, "list-options", "@"), ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"), @@ -2033,6 +2035,7 @@ parse_tofu_db_format (const char *db_format) } } + /* This function called to initialized a new control object. It is assumed that this object has been zeroed out before calling this function. */ @@ -3031,6 +3034,11 @@ main (int argc, char **argv) log_error(_("invalid import options\n")); } break; + case oImportFilter: + rc = parse_and_set_import_filter (pargs.r.ret_str); + if (rc) + log_error (_("invalid filter option: %s\n"), gpg_strerror (rc)); + break; case oExportOptions: if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1)) { diff --git a/g10/import.c b/g10/import.c index 332e266..deb2787 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1,6 +1,6 @@ /* import.c - import a key into our key storage. * Copyright (C) 1998-2007, 2010-2011 Free Software Foundation, Inc. - * Copyright (C) 2014 Werner Koch + * Copyright (C) 2014, 2016 Werner Koch * * This file is part of GnuPG. * @@ -35,9 +35,13 @@ #include "i18n.h" #include "ttyio.h" #include "status.h" +#include "recsel.h" #include "keyserver-internal.h" #include "call-agent.h" #include "../common/membuf.h" +#include "../common/init.h" +#include "../common/mbox-util.h" + struct import_stats_s { @@ -60,6 +64,16 @@ struct import_stats_s }; +/* A global variable to store the selector created from + * --import-filter keep-uid=EXPR. + * + * FIXME: We should put this into the CTRL object but that requires a + * lot more changes right now. + */ +static recsel_expr_t import_keep_uid; + + + static int import (ctrl_t ctrl, IOBUF inp, const char* fname, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, @@ -95,6 +109,16 @@ static int merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs, static int merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs, const char *fname, u32 *keyid ); + + +static void +cleanup_import_globals (void) +{ + recsel_release (import_keep_uid); + import_keep_uid = NULL; +} + + int parse_import_options(char *str,unsigned int *options,int noisy) { @@ -143,6 +167,39 @@ parse_import_options(char *str,unsigned int *options,int noisy) } +/* Parse and set an import filter from string. STRING has the format + * "NAME=EXPR" with NAME being the name of the filter. Spaces before + * and after NAME are not allowed. If this function is all called + * several times all expressions for the same NAME are concatenated. + * Supported filter names are: + * + * - keep-uid :: If the expression evaluates to true for a certain + * user ID packet, that packet and all it dependencies + * will be imported. The expression may use these + * variables: + * + * - uid :: The entire user ID. + * - mbox :: The mail box part of the user ID. + * - primary :: Evaluate to true for the primary user ID. + */ +gpg_error_t +parse_and_set_import_filter (const char *string) +{ + gpg_error_t err; + + /* Auto register the cleanup function. */ + register_mem_cleanup_func (cleanup_import_globals); + + if (!strncmp (string, "keep-uid=", 9)) + err = recsel_parse_expr (&import_keep_uid, string+9); + else + err = gpg_error (GPG_ERR_INV_NAME); + + return err; +} + + + import_stats_t import_new_stats_handle (void) { @@ -983,6 +1040,74 @@ check_prefs (ctrl_t ctrl, kbnode_t keyblock) } +/* Helper for apply_keep_uid_filter. */ +static const char * +filter_getval (void *cookie, const char *propname) +{ + kbnode_t node = cookie; + const char *result; + + if (node->pkt->pkttype == PKT_USER_ID) + { + if (!strcmp (propname, "uid")) + result = node->pkt->pkt.user_id->name; + else if (!strcmp (propname, "mbox")) + { + if (!node->pkt->pkt.user_id->mbox) + { + node->pkt->pkt.user_id->mbox + = mailbox_from_userid (node->pkt->pkt.user_id->name); + } + return node->pkt->pkt.user_id->mbox; + } + else if (!strcmp (propname, "primary")) + result = node->pkt->pkt.user_id->is_primary? "1":"0"; + else + result = NULL; + } + else + result = NULL; + + return result; +} + +/* + * Apply the keep-uid filter to the keyblock. The deleted nodes are + * marked and thus the caller should call commit_kbnode afterwards. + * KEYBLOCK must not have any blocks marked as deleted. + */ +static void +apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) +{ + kbnode_t node; + + for (node = keyblock->next; node; node = node->next ) + { + if (node->pkt->pkttype == PKT_USER_ID) + { + if (!recsel_select (selector, filter_getval, node)) + { + + /* log_debug ("keep-uid: deleting '%s'\n", */ + /* node->pkt->pkt.user_id->name); */ + /* The UID packet and all following packets up to the + * next UID or a subkey. */ + delete_kbnode (node); + for (; node->next + && node->next->pkt->pkttype != PKT_USER_ID + && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY + && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ; + node = node->next) + delete_kbnode (node->next); + } + /* else */ + /* log_debug ("keep-uid: keeping '%s'\n", */ + /* node->pkt->pkt.user_id->name); */ + } + } +} + + /* * Try to import one keyblock. Return an error only in serious cases, * but never for an invalid keyblock. It uses log_error to increase @@ -1116,6 +1241,14 @@ import_one (ctrl_t ctrl, /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); + /* Apply import filter. */ + if (import_keep_uid) + { + apply_keep_uid_filter (keyblock, import_keep_uid); + commit_kbnode (&keyblock); + } + + /* Show the key in the form it is merged or inserted. We skip this * if "import-export" is also active without --armor or the output * file has explicily been given. */ diff --git a/g10/main.h b/g10/main.h index 322f43c..58f2a73 100644 --- a/g10/main.h +++ b/g10/main.h @@ -349,6 +349,7 @@ typedef struct import_stats_s *import_stats_t; typedef gpg_error_t (*import_screener_t)(kbnode_t keyblock, void *arg); int parse_import_options(char *str,unsigned int *options,int noisy); +gpg_error_t parse_and_set_import_filter (const char *string); void import_keys (ctrl_t ctrl, char **fnames, int nnames, import_stats_t stats_hd, unsigned int options); int import_keys_stream (ctrl_t ctrl, iobuf_t inp, import_stats_t stats_hd, commit f015552374d69e28292a12f2b91ab34d65c9b457 Author: Werner Koch Date: Fri Jul 1 15:40:56 2016 +0200 gpg: Allow to cache the mbox in a user id struct. * g10/packet.h (PKT_user_id): Add field 'mbox'. * g10/free-packet.c (free_user_id): Free that. -- This will be required by the coming import filter. Signed-off-by: Werner Koch diff --git a/g10/free-packet.c b/g10/free-packet.c index 3883f87..516e9a1 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -311,6 +311,7 @@ free_user_id (PKT_user_id *uid) free_attributes(uid); xfree (uid->prefs); xfree (uid->namehash); + xfree (uid->mbox); xfree (uid); } diff --git a/g10/packet.h b/g10/packet.h index a496c4b..08e2cb7 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -291,6 +291,7 @@ typedef struct unsigned int ks_modify:1; unsigned int compacted:1; } flags; + char *mbox; /* NULL or the result of mailbox_from_userid. */ /* The text contained in the user id packet, which is normally the name and email address of the key holder (See RFC 4880 5.11). (Serialized.). For convenience an extra Nul is always appended. */ commit d8bce478be3ae9e401841a77d189ef3c81ccb757 Author: Werner Koch Date: Fri Jul 1 15:18:59 2016 +0200 gpg: Make sure a user ID packet has always a terminating Nul in memory. * g10/keygen.c (write_uid): Avoid overflow. -- Also the actual length if the user ID is given by LEN, using NAME diretcly is often more convenient. diff --git a/g10/keygen.c b/g10/keygen.c index 3a9a8e7..2b3d328 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -202,7 +202,7 @@ write_uid( KBNODE root, const char *s ) size_t n = strlen(s); pkt->pkttype = PKT_USER_ID; - pkt->pkt.user_id = xmalloc_clear( sizeof *pkt->pkt.user_id + n - 1 ); + pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n); pkt->pkt.user_id->len = n; pkt->pkt.user_id->ref = 1; strcpy(pkt->pkt.user_id->name, s); diff --git a/g10/packet.h b/g10/packet.h index 0ff28c8..a496c4b 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -293,7 +293,7 @@ typedef struct } flags; /* The text contained in the user id packet, which is normally the name and email address of the key holder (See RFC 4880 5.11). - (Serialized.) */ + (Serialized.). For convenience an extra Nul is always appended. */ char name[1]; } PKT_user_id; commit 681c6ef757a73fc1a63a552186e038db179494aa Author: Werner Koch Date: Thu Jun 30 20:25:46 2016 +0200 common: Add function to select records etc. * common/recsel.c, common/recsel.h: New. * common/t-recsel.c: New. Signed-off-by: Werner Koch diff --git a/common/Makefile.am b/common/Makefile.am index 2451689..6f9d96d 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -91,7 +91,8 @@ common_sources = \ call-gpg.c call-gpg.h \ exectool.c exectool.h \ server-help.c server-help.h \ - name-value.c name-value.h + name-value.c name-value.h \ + recsel.c recsel.h if HAVE_W32_SYSTEM common_sources += w32-reg.c w32-afunix.c w32-afunix.h @@ -157,7 +158,7 @@ module_tests = t-stringhelp t-timestuff \ t-convert t-percent t-gettime t-sysutils t-sexputil \ t-session-env t-openpgp-oid t-ssh-utils \ t-mapstrings t-zb32 t-mbox-util t-iobuf t-strlist \ - t-name-value t-ccparray + t-name-value t-ccparray t-recsel if !HAVE_W32CE_SYSTEM module_tests += t-exechelp endif @@ -208,6 +209,7 @@ t_iobuf_LDADD = $(t_common_ldadd) t_strlist_LDADD = $(t_common_ldadd) t_name_value_LDADD = $(t_common_ldadd) t_ccparray_LDADD = $(t_common_ldadd) +t_recsel_LDADD = $(t_common_ldadd) # System specific test if HAVE_W32_SYSTEM diff --git a/common/recsel.c b/common/recsel.c new file mode 100644 index 0000000..b35574f --- /dev/null +++ b/common/recsel.c @@ -0,0 +1,571 @@ +/* recsel.c - Record selection + * Copyright (C) 2014, 2016 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of either + * + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include +#include + +#include "util.h" +#include "recsel.h" + +/* Select operators. */ +typedef enum + { + SELECT_SAME, + SELECT_SUB, + SELECT_NONEMPTY, + SELECT_ISTRUE, + SELECT_EQ, /* Numerically equal. */ + SELECT_LE, + SELECT_GE, + SELECT_LT, + SELECT_GT + } select_op_t; + + +/* Definition for a select expression. */ +struct recsel_expr_s +{ + recsel_expr_t next; + select_op_t op; /* Operation code. */ + unsigned int not:1; /* Negate operators. */ + unsigned int disjun:1;/* Start of a disjunction. */ + unsigned int xcase:1; /* String match is case sensitive. */ + const char *value; /* (Points into NAME.) */ + long numvalue; /* strtol of VALUE. */ + char name[1]; /* Name of the property. */ +}; + + +/* Helper */ +static inline gpg_error_t +my_error_from_syserror (void) +{ + return gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); +} + +/* Helper */ +static inline gpg_error_t +my_error (gpg_err_code_t ec) +{ + return gpg_err_make (default_errsource, ec); +} + + +/* This is a case-sensitive version of our memistr. I wonder why no + * standard function memstr exists but I better do not use the name + * memstr to avoid future conflicts. + * + * FIXME: Move this to a stringhelp.c + */ +static const char * +my_memstr (const void *buffer, size_t buflen, const char *sub) +{ + const unsigned char *buf = buffer; + const unsigned char *t = (const unsigned char *)buf; + const unsigned char *s = (const unsigned char *)sub; + size_t n = buflen; + + for ( ; n ; t++, n-- ) + { + if (*t == *s) + { + for (buf = t++, buflen = n--, s++; n && *t ==*s; t++, s++, n--) + ; + if (!*s) + return (const char*)buf; + t = (const unsigned char *)buf; + s = (const unsigned char *)sub ; + n = buflen; + } + } + return NULL; +} + + +/* Return a pointer to the next logical connection operator or NULL if + * none. */ +static char * +find_next_lc (char *string) +{ + char *p1, *p2; + + p1 = strchr (string, '&'); + if (p1 && p1[1] != '&') + p1 = NULL; + p2 = strchr (string, '|'); + if (p2 && p2[1] != '|') + p2 = NULL; + if (p1 && !p2) + return p1; + if (!p1) + return p2; + return p1 < p2 ? p1 : p2; +} + + +/* Parse an expression. The expression symtax is: + * + * [] {{} PROPNAME VALUE []} + * + * A [] indicates an optional part, a {} a repetition. PROPNAME and + * VALUE may not be the empty string. White space between the + * elements is ignored. Numerical values are computed as long int; + * standard C notation applies. is the logical connection + * operator; either "&&" for a conjunction or "||" for a disjunction. + * A conjunction is assumed at the begin of an expression and + * conjunctions have higher precedence than disjunctions. If VALUE + * starts with one of the characters used in any a space after + * the is required. A VALUE is terminated by an unless the + * "--" is used in which case the VALUE spans to the end of the + * expression. may be any of + * + * =~ Substring must match + * !~ Substring must not match + * = The full string must match + * <> The full string must not match + * == The numerical value must match + * != The numerical value must not match + * <= The numerical value of the field must be LE than the value. + * < The numerical value of the field must be LT than the value. + * >= The numerical value of the field must be GT than the value. + * >= The numerical value of the field must be GE than the value. + * -n True if value is not empty (no VALUE parameter allowed). + * -z True if value is empty (no VALUE parameter allowed). + * -t Alias for "NAME != 0" (no VALUE parameter allowed). + * -f Alias for "NAME == 0" (no VALUE parameter allowed). + * + * Values for must be space separated and any of: + * + * -- VALUE spans to the end of the expression. + * -c The string match in this part is done case-sensitive. + * + * For example four calls to recsel_parse_expr() with these values for + * EXPR + * + * "uid =~ Alfa" + * "&& uid !~ Test" + * "|| uid =~ Alpha" + * "uid !~ Test" + * + * or the equivalent expression + * + * "uid =~ Alfa" && uid !~ Test" || uid =~ Alpha" && "uid !~ Test" + * + * are making a selector for records where the "uid" property contains + * the strings "Alfa" or "Alpha" but not the String "test". + * + * The caller must pass the address of a selector variable to this + * function and initialize the value of the function to NULL before + * the first call. recset_release needs to be called to free the + * selector. + */ +gpg_error_t +recsel_parse_expr (recsel_expr_t *selector, const char *expression) +{ + recsel_expr_t se_head = NULL; + recsel_expr_t se, se2; + char *expr_buffer; + char *expr; + char *s0, *s; + int toend = 0; + int xcase = 0; + int disjun = 0; + char *next_lc = NULL; + + while (*expression == ' ' || *expression == '\t') + expression++; + + expr_buffer = xtrystrdup (expression); + if (!expr_buffer) + return my_error_from_syserror (); + expr = expr_buffer; + + if (*expr == '|' && expr[1] == '|') + { + disjun = 1; + expr += 2; + } + else if (*expr == '&' && expr[1] == '&') + expr += 2; + + next_term: + while (*expr == ' ' || *expr == '\t') + expr++; + + while (*expr == '-') + { + switch (*++expr) + { + case '-': toend = 1; break; + case 'c': xcase = 1; break; + default: + log_error ("invalid flag '-%c' in expression\n", *expr); + recsel_release (se_head); + xfree (expr_buffer); + return my_error (GPG_ERR_INV_FLAG); + } + expr++; + while (*expr == ' ' || *expr == '\t') + expr++; + } + + next_lc = toend? NULL : find_next_lc (expr); + if (next_lc) + *next_lc = 0; /* Terminate this term. */ + + se = xtrymalloc (sizeof *se + strlen (expr)); + if (!se) + return my_error_from_syserror (); + strcpy (se->name, expr); + se->next = NULL; + se->not = 0; + se->disjun = disjun; + se->xcase = xcase; + + if (!se_head) + se_head = se; + else + { + for (se2 = se_head; se2->next; se2 = se2->next) + ; + se2->next = se; + } + + + s = strpbrk (expr, "=<>!~-"); + if (!s || s == expr ) + { + log_error ("no field name given in expression\n"); + recsel_release (se_head); + xfree (expr_buffer); + return my_error (GPG_ERR_NO_NAME); + } + s0 = s; + + if (!strncmp (s, "=~", 2)) + { + se->op = SELECT_SUB; + s += 2; + } + else if (!strncmp (s, "!~", 2)) + { + se->op = SELECT_SUB; + se->not = 1; + s += 2; + } + else if (!strncmp (s, "<>", 2)) + { + se->op = SELECT_SAME; + se->not = 1; + s += 2; + } + else if (!strncmp (s, "==", 2)) + { + se->op = SELECT_EQ; + s += 2; + } + else if (!strncmp (s, "!=", 2)) + { + se->op = SELECT_EQ; + se->not = 1; + s += 2; + } + else if (!strncmp (s, "<=", 2)) + { + se->op = SELECT_LE; + s += 2; + } + else if (!strncmp (s, ">=", 2)) + { + se->op = SELECT_GE; + s += 2; + } + else if (!strncmp (s, "<", 1)) + { + se->op = SELECT_LT; + s += 1; + } + else if (!strncmp (s, ">", 1)) + { + se->op = SELECT_GT; + s += 1; + } + else if (!strncmp (s, "=", 1)) + { + se->op = SELECT_SAME; + s += 1; + } + else if (!strncmp (s, "-z", 2)) + { + se->op = SELECT_NONEMPTY; + se->not = 1; + s += 2; + } + else if (!strncmp (s, "-n", 2)) + { + se->op = SELECT_NONEMPTY; + s += 2; + } + else if (!strncmp (s, "-f", 2)) + { + se->op = SELECT_ISTRUE; + se->not = 1; + s += 2; + } + else if (!strncmp (s, "-t", 2)) + { + se->op = SELECT_ISTRUE; + s += 2; + } + else + { + log_error ("invalid operator in expression\n"); + recsel_release (se_head); + xfree (expr_buffer); + return my_error (GPG_ERR_INV_OP); + } + + /* We require that a space is used if the value starts with any of + the operator characters. */ + if (se->op == SELECT_NONEMPTY || se->op == SELECT_ISTRUE) + ; + else if (strchr ("=<>!~", *s)) + { + log_error ("invalid operator in expression\n"); + recsel_release (se_head); + xfree (expr_buffer); + return my_error (GPG_ERR_INV_OP); + } + + while (*s == ' ' || *s == '\t') + s++; + + if (se->op == SELECT_NONEMPTY || se->op == SELECT_ISTRUE) + { + if (*s) + { + log_error ("value given for -n or -z\n"); + recsel_release (se_head); + xfree (expr_buffer); + return my_error (GPG_ERR_SYNTAX); + } + } + else + { + if (!*s) + { + log_error ("no value given in expression\n"); + recsel_release (se_head); + xfree (expr_buffer); + return my_error (GPG_ERR_MISSING_VALUE); + } + } + + se->name[s0 - expr] = 0; + trim_spaces (se->name); + if (!se->name[0]) + { + log_error ("no field name given in expression\n"); + recsel_release (se_head); + xfree (expr_buffer); + return my_error (GPG_ERR_NO_NAME); + } + + trim_spaces (se->name + (s - expr)); + se->value = se->name + (s - expr); + if (!se->value[0] && !(se->op == SELECT_NONEMPTY || se->op == SELECT_ISTRUE)) + { + log_error ("no value given in expression\n"); + recsel_release (se_head); + xfree (expr_buffer); + return my_error (GPG_ERR_MISSING_VALUE); + } + + se->numvalue = strtol (se->value, NULL, 0); + + if (next_lc) + { + disjun = next_lc[1] == '|'; + expr = next_lc + 2; + goto next_term; + } + + /* Read:y Append to passes last selector. */ + if (!*selector) + *selector = se_head; + else + { + for (se2 = *selector; se2->next; se2 = se2->next) + ; + se2->next = se_head; + } + + xfree (expr_buffer); + return 0; +} + + +void +recsel_release (recsel_expr_t a) +{ + while (a) + { + recsel_expr_t tmp = a->next; + xfree (a); + a = tmp; + } +} + + +void +recsel_dump (recsel_expr_t selector) +{ + recsel_expr_t se; + + log_debug ("--- Begin selectors ---\n"); + for (se = selector; se; se = se->next) + { + log_debug ("%s %s %s %s '%s'\n", + se==selector? " ": (se->disjun? "||":"&&"), + se->xcase? "-c":" ", + se->name, + se->op == SELECT_SAME? (se->not? "<>":"= "): + se->op == SELECT_SUB? (se->not? "!~":"=~"): + se->op == SELECT_NONEMPTY?(se->not? "-z":"-n"): + se->op == SELECT_ISTRUE? (se->not? "-f":"-t"): + se->op == SELECT_EQ? (se->not? "!=":"=="): + se->op == SELECT_LT? "< ": + se->op == SELECT_LE? "<=": + se->op == SELECT_GT? "> ": + se->op == SELECT_GE? ">=":"[oops]", + se->value); + } + log_debug ("--- End selectors ---\n"); +} + + +/* Return true if the record RECORD has been selected. The GETVAL + * function is called with COOKIE and the NAME of a property used in + * the expression. */ +int +recsel_select (recsel_expr_t selector, + const char *(*getval)(void *cookie, const char *propname), + void *cookie) +{ + recsel_expr_t se; + const char *value; + size_t selen, valuelen; + long numvalue; + int result = 1; + + se = selector; + while (se) + { + value = getval? getval (cookie, se->name) : NULL; + if (!value) + value = ""; + + if (!*value) + { + /* Field is empty. */ + result = 0; + } + else /* Field has a value. */ + { + valuelen = strlen (value); + numvalue = strtol (value, NULL, 0); + selen = strlen (se->value); + + switch (se->op) + { + case SELECT_SAME: + if (se->xcase) + result = (valuelen==selen && !memcmp (value,se->value,selen)); + else + result = (valuelen==selen && !memicmp (value,se->value,selen)); + break; + case SELECT_SUB: + if (se->xcase) + result = !!my_memstr (value, valuelen, se->value); + else + result = !!memistr (value, valuelen, se->value); + break; + case SELECT_NONEMPTY: + result = !!valuelen; + break; + case SELECT_ISTRUE: + result = !!numvalue; + break; + case SELECT_EQ: + result = (numvalue == se->numvalue); + break; + case SELECT_GT: + result = (numvalue > se->numvalue); + break; + case SELECT_GE: + result = (numvalue >= se->numvalue); + break; + case SELECT_LT: + result = (numvalue < se->numvalue); + break; + case SELECT_LE: + result = (numvalue <= se->numvalue); + break; + } + } + + if (se->not) + result = !result; + + if (result) + { + /* This expression evaluated to true. See wether there are + remaining expressions in this conjunction. */ + if (!se->next || se->next->disjun) + break; /* All expressions are true. Return True. */ + se = se->next; /* Test the next. */ + } + else + { + /* This expression evaluated to false and thus the + * conjuction evaluates to false. We skip over the + * remaining expressions of this conjunction and continue + * with the next disjunction if any. */ + do + se = se->next; + while (se && !se->disjun); + } + } + + return result; +} diff --git a/common/recsel.h b/common/recsel.h new file mode 100644 index 0000000..be67afc --- /dev/null +++ b/common/recsel.h @@ -0,0 +1,43 @@ +/* recsel.c - Record selection + * Copyright (C) 2016 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of either + * + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ +#ifndef GNUPG_COMMON_RECSEL_H +#define GNUPG_COMMON_RECSEL_H + +struct recsel_expr_s; +typedef struct recsel_expr_s *recsel_expr_t; + +gpg_error_t recsel_parse_expr (recsel_expr_t *selector, const char *expr); +void recsel_release (recsel_expr_t a); +void recsel_dump (recsel_expr_t selector); +int recsel_select (recsel_expr_t selector, + const char *(*getval)(void *cookie, const char *propname), + void *cookie); + + +#endif /*GNUPG_COMMON_RECSEL_H*/ diff --git a/common/t-recsel.c b/common/t-recsel.c new file mode 100644 index 0000000..fe2a7b9 --- /dev/null +++ b/common/t-recsel.c @@ -0,0 +1,405 @@ +/* t-recsel.c - Module test for recsel.c + * Copyright (C) 2016 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include + +#include "util.h" +#include "init.h" +#include "recsel.h" + +#define PGM "t-recsel" + +#define pass() do { ; } while(0) +#define fail(a,e) do { log_error ("line %d: test %d failed: %s\n", \ + __LINE__, (a), gpg_strerror ((e))); \ + exit (1); \ + } while(0) + +static int verbose; +static int debug; + + +#define FREEEXPR() do { recsel_release (se); se = NULL; } while (0) +#define ADDEXPR(a) do { \ + err = recsel_parse_expr (&se, (a)); \ + if (err) \ + fail (0, err); \ + } while (0) + + +static const char * +test_1_getval (void *cookie, const char *name) +{ + if (strcmp (name, "uid")) + fail (0, 0); + return cookie; +} + +static void +run_test_1 (void) +{ + static const char *expr[] = { + "uid =~ Alfa", + "&& uid !~ Test ", + "|| uid =~ Alpha", + " uid !~ Test" + }; + gpg_error_t err; + recsel_expr_t se = NULL; + int i; + + for (i=0; i < DIM (expr); i++) + { + err = recsel_parse_expr (&se, expr[i]); + if (err) + fail (i, err); + } + + if (debug) + recsel_dump (se); + + /* The example from recsel.c in several variants. */ + if (!recsel_select (se, test_1_getval, "Alfa")) + fail (0, 0); + if (!recsel_select (se, test_1_getval, "Alpha")) + fail (0, 0); + if (recsel_select (se, test_1_getval, "Alfa Test")) + fail (0, 0); + if (recsel_select (se, test_1_getval, "Alpha Test")) + fail (0, 0); + + /* Some modified versions from above. */ + if (!recsel_select (se, test_1_getval, " AlfA Tes")) + fail (0, 0); + if (!recsel_select (se, test_1_getval, " AlfA Tes ")) + fail (0, 0); + if (!recsel_select (se, test_1_getval, " Tes AlfA")) + fail (0, 0); + if (!recsel_select (se, test_1_getval, "TesAlfA")) + fail (0, 0); + + /* Simple cases. */ + if (recsel_select (se, NULL, NULL)) + fail (0, 0); + if (recsel_select (se, test_1_getval, NULL)) + fail (0, 0); + if (recsel_select (se, test_1_getval, "")) + fail (0, 0); + + FREEEXPR(); +} + + +/* Same as test1 but using a combined expression.. */ +static void +run_test_1b (void) +{ + gpg_error_t err; + recsel_expr_t se = NULL; + + err = recsel_parse_expr + (&se, "uid =~ Alfa && uid !~ Test || uid =~ Alpha && uid !~ Test" ); + if (err) + fail (0, err); + + if (debug) + recsel_dump (se); + + /* The example from recsel.c in several variants. */ + if (!recsel_select (se, test_1_getval, "Alfa")) + fail (0, 0); + if (!recsel_select (se, test_1_getval, "Alpha")) + fail (0, 0); + if (recsel_select (se, test_1_getval, "Alfa Test")) + fail (0, 0); + if (recsel_select (se, test_1_getval, "Alpha Test")) + fail (0, 0); + + /* Some modified versions from above. */ + if (!recsel_select (se, test_1_getval, " AlfA Tes")) + fail (0, 0); + if (!recsel_select (se, test_1_getval, " AlfA Tes ")) + fail (0, 0); + if (!recsel_select (se, test_1_getval, " Tes AlfA")) + fail (0, 0); + if (!recsel_select (se, test_1_getval, "TesAlfA")) + fail (0, 0); + + /* Simple cases. */ + if (recsel_select (se, NULL, NULL)) + fail (0, 0); + if (recsel_select (se, test_1_getval, NULL)) + fail (0, 0); + if (recsel_select (se, test_1_getval, "")) + fail (0, 0); + + FREEEXPR(); +} + + +static const char * +test_2_getval (void *cookie, const char *name) +{ + if (!strcmp (name, "uid")) + return "foo at example.org"; + else if (!strcmp (name, "keyid")) + return "0x12345678"; + else if (!strcmp (name, "zero")) + return "0"; + else if (!strcmp (name, "one")) + return "1"; + else if (!strcmp (name, "blanks")) + return " "; + else if (!strcmp (name, "letters")) + return "abcde"; + else + return cookie; +} + +static void +run_test_2 (void) +{ + gpg_error_t err; + recsel_expr_t se = NULL; + + ADDEXPR ("uid = foo at example.org"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("uid = Foo at example.org"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("-c uid = Foo at example.org"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("uid =~ foo at example.org"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("uid =~ Foo at example.org"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("-c uid =~ Foo at example.org"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("uid !~ foo at example.org"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("uid !~ Foo at example.org"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("-c uid !~ Foo at example.org"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("uid =~ @"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("uid =~ @"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("keyid == 0x12345678"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("keyid != 0x12345678"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("keyid >= 0x12345678"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("keyid <= 0x12345678"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("keyid > 0x12345677"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("keyid < 0x12345679"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("keyid > 0x12345678"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("keyid < 0x12345678"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + + FREEEXPR(); + ADDEXPR ("uid -n"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("uid -z"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("nothing -z"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("nothing -n"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("blanks -n"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("blanks -z"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("letters -n"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("letters -z"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + + FREEEXPR(); + ADDEXPR ("nothing -f"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("nothing -t"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("zero -f"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("zero -t"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("one -t"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("one -f"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("blanks -f"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("blanks -t"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("letter -f"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("letters -t"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + + FREEEXPR(); +} + + + +int +main (int argc, char **argv) +{ + int last_argc = -1; + + log_set_prefix (PGM, GPGRT_LOG_WITH_PREFIX); + init_common_subsystems (&argc, &argv); + + if (argc) + { argc--; argv++; } + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + { + fputs ("usage: " PGM " [options]\n" + "Options:\n" + " --verbose print timings etc.\n" + " --debug flyswatter\n", + stdout); + exit (0); + } + else if (!strcmp (*argv, "--verbose")) + { + verbose++; + argc--; argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose += 2; + debug++; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + { + log_error ("unknown option '%s'\n", *argv); + exit (2); + } + } + + run_test_1 (); + run_test_1b (); + run_test_2 (); + /* Fixme: We should add test for complex conditions. */ + + return 0; +} commit 6446a6b3dfd3b2e68b4285870f902ed1f86b0866 Author: Werner Koch Date: Fri Jul 1 14:42:18 2016 +0200 common: Smart up register_mem_cleanup_func. * common/init.c (register_mem_cleanup_func): Avoid double registration. Signed-off-by: Werner Koch diff --git a/common/init.c b/common/init.c index c68a4e6..c406ffe 100644 --- a/common/init.c +++ b/common/init.c @@ -106,6 +106,10 @@ register_mem_cleanup_func (void (*func)(void)) { mem_cleanup_item_t item; + for (item = mem_cleanup_list; item; item = item->next) + if (item->func == func) + return; /* Function has already been registered. */ + item = malloc (sizeof *item); if (item) { ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 6 +- common/init.c | 4 + common/recsel.c | 571 +++++++++++++++++++++++++++++++++++++++++ common/{userids.h => recsel.h} | 22 +- common/t-recsel.c | 405 +++++++++++++++++++++++++++++ doc/gpg.texi | 39 +++ g10/free-packet.c | 1 + g10/gpg.c | 8 + g10/import.c | 135 +++++++++- g10/keygen.c | 2 +- g10/main.h | 1 + g10/packet.h | 3 +- 12 files changed, 1183 insertions(+), 14 deletions(-) create mode 100644 common/recsel.c copy common/{userids.h => recsel.h} (63%) create mode 100644 common/t-recsel.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 1 16:52:27 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 01 Jul 2016 16:52:27 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-100-g7bfc86c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7bfc86c938d11c14ea78b196c82ceba2a2f5317d (commit) from 5137bf73ccc98a72c2eeac148e4d4b5d58f0a854 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7bfc86c938d11c14ea78b196c82ceba2a2f5317d Author: Werner Koch Date: Fri Jul 1 16:50:12 2016 +0200 gpg: New option --export-filter * g10/gpg.c (oExportFilter): New. (opts): Add --export-filter. (main): Handle option. * g10/export.c: Include recsel.h, init.h, and mbox-util.h. (export_keep_uid): New global var. (cleanup_export_globals): New. (parse_and_set_export_filter): New. (filter_getval): New. (apply_keep_uid_filter): New. (do_export_stream): Apply filter if set. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 9a06221..7118e0d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2219,12 +2219,14 @@ opposite meaning. The options are: @end table @item --import-filter @code{@var{name}=@var{expr}} + at itemx --export-filter @code{@var{name}=@var{expr}} @opindex import-filter -This option defines an import filter which is implied to the imported -keyblock right before it will be stored. @var{name} defines the type -of filter to use, @var{expr} the expression to evaluate. The option -can be used several times which then appends more expression to the -same @var{name}. + at opindex export-filter +These options define an import/export filter which are applied to the +imported/exported keyblock right before it will be stored/written. + at var{name} defines the type of filter to use, @var{expr} the +expression to evaluate. The option can be used several times which +then appends more expression to the same @var{name}. @noindent The available filter types are: diff --git a/g10/export.c b/g10/export.c index 4137235..2a50b32 100644 --- a/g10/export.c +++ b/g10/export.c @@ -35,6 +35,9 @@ #include "i18n.h" #include "membuf.h" #include "host2net.h" +#include "recsel.h" +#include "mbox-util.h" +#include "init.h" #include "trustdb.h" #include "call-agent.h" @@ -56,6 +59,16 @@ struct export_stats_s }; +/* A global variable to store the selector created from + * --export-filter keep-uid=EXPR. + * + * FIXME: We should put this into the CTRL object but that requires a + * lot more changes right now. + */ +static recsel_expr_t export_keep_uid; + + + /* Local prototypes. */ static int do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options, export_stats_t stats); @@ -65,6 +78,12 @@ static int do_export_stream (ctrl_t ctrl, iobuf_t out, export_stats_t stats, int *any); +static void +cleanup_export_globals (void) +{ + recsel_release (export_keep_uid); + export_keep_uid = NULL; +} /* Option parser for export options. See parse_options fro @@ -100,6 +119,38 @@ parse_export_options(char *str,unsigned int *options,int noisy) } +/* Parse and set an export filter from string. STRING has the format + * "NAME=EXPR" with NAME being the name of the filter. Spaces before + * and after NAME are not allowed. If this function is called several + * times all expressions for the same NAME are concatenated. + * Supported filter names are: + * + * - keep-uid :: If the expression evaluates to true for a certain + * user ID packet, that packet and all it dependencies + * will be exported. The expression may use these + * variables: + * + * - uid :: The entire user ID. + * - mbox :: The mail box part of the user ID. + * - primary :: Evaluate to true for the primary user ID. + */ +gpg_error_t +parse_and_set_export_filter (const char *string) +{ + gpg_error_t err; + + /* Auto register the cleanup function. */ + register_mem_cleanup_func (cleanup_export_globals); + + if (!strncmp (string, "keep-uid=", 9)) + err = recsel_parse_expr (&export_keep_uid, string+9); + else + err = gpg_error (GPG_ERR_INV_NAME); + + return err; +} + + /* Create a new export stats object initialized to zero. On error returns NULL and sets ERRNO. */ export_stats_t @@ -1147,6 +1198,74 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd, } +/* Helper for apply_keep_uid_filter. */ +static const char * +filter_getval (void *cookie, const char *propname) +{ + kbnode_t node = cookie; + const char *result; + + if (node->pkt->pkttype == PKT_USER_ID) + { + if (!strcmp (propname, "uid")) + result = node->pkt->pkt.user_id->name; + else if (!strcmp (propname, "mbox")) + { + if (!node->pkt->pkt.user_id->mbox) + { + node->pkt->pkt.user_id->mbox + = mailbox_from_userid (node->pkt->pkt.user_id->name); + } + return node->pkt->pkt.user_id->mbox; + } + else if (!strcmp (propname, "primary")) + result = node->pkt->pkt.user_id->is_primary? "1":"0"; + else + result = NULL; + } + else + result = NULL; + + return result; +} + +/* + * Apply the keep-uid filter to the keyblock. The deleted nodes are + * marked and thus the caller should call commit_kbnode afterwards. + * KEYBLOCK must not have any blocks marked as deleted. + */ +static void +apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) +{ + kbnode_t node; + + for (node = keyblock->next; node; node = node->next ) + { + if (node->pkt->pkttype == PKT_USER_ID) + { + if (!recsel_select (selector, filter_getval, node)) + { + + log_debug ("keep-uid: deleting '%s'\n", + node->pkt->pkt.user_id->name); + /* The UID packet and all following packets up to the + * next UID or a subkey. */ + delete_kbnode (node); + for (; node->next + && node->next->pkt->pkttype != PKT_USER_ID + && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY + && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ; + node = node->next) + delete_kbnode (node->next); + } + else + log_debug ("keep-uid: keeping '%s'\n", + node->pkt->pkt.user_id->name); + } + } +} + + /* Export the keys identified by the list of strings in USERS to the stream OUT. If Secret is false public keys will be exported. With secret true secret keys will be exported; in this case 1 means the @@ -1326,6 +1445,13 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, if ((options & EXPORT_CLEAN)) clean_key (keyblock, opt.verbose, (options&EXPORT_MINIMAL), NULL, NULL); + if (export_keep_uid) + { + commit_kbnode (&keyblock); + apply_keep_uid_filter (keyblock, export_keep_uid); + commit_kbnode (&keyblock); + } + /* And write it. */ xfree (cache_nonce); cache_nonce = NULL; diff --git a/g10/gpg.c b/g10/gpg.c index 009b84c..154d39a 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -302,6 +302,7 @@ enum cmd_and_opt_values oImportOptions, oImportFilter, oExportOptions, + oExportFilter, oListOptions, oVerifyOptions, oTempDir, @@ -575,6 +576,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oImportOptions, "import-options", "@"), ARGPARSE_s_s (oImportFilter, "import-filter", "@"), ARGPARSE_s_s (oExportOptions, "export-options", "@"), + ARGPARSE_s_s (oExportFilter, "export-filter", "@"), ARGPARSE_s_s (oListOptions, "list-options", "@"), ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"), @@ -3049,6 +3051,11 @@ main (int argc, char **argv) log_error(_("invalid export options\n")); } break; + case oExportFilter: + rc = parse_and_set_export_filter (pargs.r.ret_str); + if (rc) + log_error (_("invalid filter option: %s\n"), gpg_strerror (rc)); + break; case oListOptions: if(!parse_list_options(pargs.r.ret_str)) { diff --git a/g10/main.h b/g10/main.h index 58f2a73..3ee2762 100644 --- a/g10/main.h +++ b/g10/main.h @@ -379,6 +379,7 @@ void export_release_stats (export_stats_t stats); void export_print_stats (export_stats_t stats); int parse_export_options(char *str,unsigned int *options,int noisy); +gpg_error_t parse_and_set_export_filter (const char *string); int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, export_stats_t stats); ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 12 +++--- g10/export.c | 126 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ g10/gpg.c | 7 ++++ g10/main.h | 1 + 4 files changed, 141 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 1 16:57:38 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 01 Jul 2016 16:57:38 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-191-gfbd6ac4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via fbd6ac4655ebf56d91ebd9a4ff499c8319fcd087 (commit) via 93c5d420fcfe275aeff2b3d5ce99629edbe6625d (commit) via 948ce7d1edf12ecb5080a4816ca15f495d6393f5 (commit) from 570bf2a648f14b34c4c45d3890b7300529a82d37 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fbd6ac4655ebf56d91ebd9a4ff499c8319fcd087 Author: Andre Heinecke Date: Fri Jul 1 16:55:14 2016 +0200 Qt: Add test for TofuInfo * lang/qt/tests/t-tofuinfo.cpp: New. * lang/qt/tests/Makefile.am: Update accordingly. -- The test currently contains a workaround for GnuPG-Bug-Id 2405 diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index c060c70..204b5a7 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -24,9 +24,9 @@ TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) EXTRA_DIST = initial.test -TESTS = initial.test t-keylist t-keylocate t-ownertrust +TESTS = initial.test t-keylist t-keylocate t-ownertrust t-tofuinfo -moc_files = t-keylist.moc t-keylocate.moc t-ownertrust.moc +moc_files = t-keylist.moc t-keylocate.moc t-ownertrust.moc t-tofuinfo.moc AM_LDFLAGS = -no-install @@ -49,12 +49,13 @@ initial.test : check-local t_keylist_SOURCES = t-keylist.cpp t_keylocate_SOURCES = t-keylocate.cpp t_ownertrust_SOURCES = t-ownertrust.cpp +t_tofuinfo_SOURCES = t-tofuinfo.cpp nodist_t_keylist_SOURCES = $(moc_files) BUILT_SOURCES = $(moc_files) -noinst_PROGRAMS = t-keylist t-keylocate t-ownertrust +noinst_PROGRAMS = t-keylist t-keylocate t-ownertrust t-tofuinfo CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \ diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp new file mode 100644 index 0000000..0257359 --- /dev/null +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -0,0 +1,163 @@ +/* t-tofuinfo.cpp + + This file is part of qgpgme, the Qt API binding for gpgme + Copyright (c) 2016 Intevation GmbH + + QGpgME is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + QGpgME is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + In addition, as a special exception, the copyright holders give + permission to link the code of this program with any edition of + the Qt library by Trolltech AS, Norway (or with modified versions + of Qt that use the same license as Qt), and distribute linked + combinations including the two. You must obey the GNU General + Public License in all respects for all of the code used other than + Qt. If you modify this file, you may extend this exception to + your version of the file, but you are not obligated to do so. If + you do not wish to do so, delete this exception statement from + your version. +*/ +#include +#include +#include +#include "protocol.h" +#include "tofuinfo.h" +#include "verifyopaquejob.h" +#include "verificationresult.h" +#include + +using namespace QGpgME; +using namespace GpgME; + +static const char testMsg1[] = +"-----BEGIN PGP MESSAGE-----\n" +"\n" +"owGbwMvMwCSoW1RzPCOz3IRxjXQSR0lqcYleSUWJTZOvjVdpcYmCu1+oQmaJIleH\n" +"GwuDIBMDGysTSIqBi1MApi+nlGGuwDeHao53HBr+FoVGP3xX+kvuu9fCMJvl6IOf\n" +"y1kvP4y+8D5a11ang0udywsA\n" +"=Crq6\n" +"-----END PGP MESSAGE-----\n"; + +class TofuInfoTest: public QObject +{ + Q_OBJECT + + void testTofuCopy(TofuInfo other, const TofuInfo &orig) + { + Q_ASSERT(!orig.isNull()); + Q_ASSERT(!other.isNull()); + Q_ASSERT(!strcmp(orig.fingerprint(), other.fingerprint())); + Q_ASSERT(orig.lastSeen() == other.lastSeen()); + Q_ASSERT(orig.signCount() == other.signCount()); + Q_ASSERT(orig.validity() == other.validity()); + Q_ASSERT(orig.policy() == other.policy()); + } + +private: + QTemporaryDir mDir; + +private Q_SLOTS: + void testTofuNull() + { + TofuInfo tofu; + Q_ASSERT(tofu.isNull()); + Q_ASSERT(!tofu.fingerprint()); + Q_ASSERT(!tofu.address()); + Q_ASSERT(!tofu.description()); + Q_ASSERT(!tofu.signCount()); + Q_ASSERT(!tofu.lastSeen()); + Q_ASSERT(!tofu.firstSeen()); + Q_ASSERT(tofu.validity() == TofuInfo::ValidityUnknown); + Q_ASSERT(tofu.policy() == TofuInfo::PolicyUnknown); + } + + void testTofuInfo() + { + auto *job = openpgp()->verifyOpaqueJob(true); + const QByteArray data1(testMsg1); + QByteArray plaintext; + + auto result = job->exec(data1, plaintext); + + Q_ASSERT(!strcmp(plaintext.constData(), "Just GNU it!\n")); + Q_ASSERT(!result.isNull()); + Q_ASSERT(!result.error()); + + Q_ASSERT(result.numSignatures() == 1); + Signature sig = result.signatures()[0]; + /* TOFU is always marginal */ + Q_ASSERT(sig.validity() == Signature::Marginal); + + Q_ASSERT(!sig.tofuInfo().empty()); + Q_FOREACH(const TofuInfo stats, sig.tofuInfo()) { + Q_ASSERT(!stats.isNull()); + Q_ASSERT(!strcmp(stats.fingerprint(), sig.fingerprint())); + Q_ASSERT(stats.firstSeen() == stats.lastSeen()); + Q_ASSERT(!stats.signCount()); + Q_ASSERT(stats.address()); + /* See issue2405 Comment back in when resolved + Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); */ + Q_ASSERT(stats.validity() == TofuInfo::NoHistory); + } + + const TofuInfo first = sig.tofuInfo()[0]; + testTofuCopy(first, first); + + /* Another verify */ + + /* FIXME: GnuPG-Bug-Id 2405 makes the wait necessary. */ + QTest::qWait(1000); + job = openpgp()->verifyOpaqueJob(true); + result = job->exec(data1, plaintext); + + Q_ASSERT(!result.isNull()); + Q_ASSERT(!result.error()); + + Q_ASSERT(result.numSignatures() == 1); + sig = result.signatures()[0]; + /* TOFU is always marginal */ + Q_ASSERT(sig.validity() == Signature::Marginal); + + Q_ASSERT(!sig.tofuInfo().empty()); + Q_FOREACH(const TofuInfo stats, sig.tofuInfo()) { + Q_ASSERT(!stats.isNull()); + Q_ASSERT(!strcmp(stats.fingerprint(), sig.fingerprint())); + Q_ASSERT(stats.signCount() == 1); + Q_ASSERT(stats.address()); + Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); + Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); + } + } + + void initTestCase() + { + const QString gpgHome = qgetenv("GNUPGHOME"); + QVERIFY2(!gpgHome.isEmpty(), "GNUPGHOME environment variable is not set."); + qputenv("GNUPGHOME", mDir.path().toUtf8()); + Q_ASSERT(mDir.isValid()); + QFile conf(mDir.path() + QStringLiteral("/gpg.conf")); + Q_ASSERT(conf.open(QIODevice::WriteOnly)); + conf.write("trust-model tofu+pgp"); + conf.close(); + Q_ASSERT(QFile::copy(gpgHome + QStringLiteral("/pubring.gpg"), + mDir.path() + QStringLiteral("/pubring.gpg"))); + Q_ASSERT(QFile::copy(gpgHome + QStringLiteral("/secring.gpg"), + mDir.path() + QStringLiteral("/secring.gpg"))); + + } +}; + +QTEST_MAIN(TofuInfoTest) + +#include "t-tofuinfo.moc" commit 93c5d420fcfe275aeff2b3d5ce99629edbe6625d Author: Andre Heinecke Date: Fri Jul 1 16:49:06 2016 +0200 Cpp: Add TofuInfo to signatures * lang/cpp/src/tofuinfo.cpp, lang/cpp/src/tofuinfo.h: New class. * lang/cpp/src/verificationresult.cpp (Signature::tofuInfo): New. (VerificationResult::Private): Handle tofu info. (GpgME::operator<<(std::ostream &os, const Signature &sig)): Include TofuInfo in dump. * lang/cpp/src/verificationresult.h (Signature::tofuInfo): New. * lang/cpp/src/Makefile.am (main_sources, gpgmepp_headers): Add new files. * configure.ac (LIBGPGMEPP_LT_REVISION): Bump for new API. diff --git a/configure.ac b/configure.ac index 4269540..335a33a 100644 --- a/configure.ac +++ b/configure.ac @@ -63,7 +63,7 @@ LIBGPGME_LT_REVISION=0 LIBGPGMEPP_LT_CURRENT=6 LIBGPGMEPP_LT_AGE=0 -LIBGPGMEPP_LT_REVISION=0 +LIBGPGMEPP_LT_REVISION=1 LIBQGPGME_LT_CURRENT=6 LIBQGPGME_LT_AGE=0 diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index d3d28ce..364d2ca 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -32,7 +32,7 @@ main_sources = \ gpgsetownertrusteditinteractor.cpp gpgsignkeyeditinteractor.cpp \ gpgadduserideditinteractor.cpp defaultassuantransaction.cpp \ scdgetinfoassuantransaction.cpp gpgagentgetinfoassuantransaction.cpp \ - vfsmountresult.cpp configuration.cpp + vfsmountresult.cpp configuration.cpp tofuinfo.cpp gpgmepp_headers = \ assuanresult.h configuration.h context.h data.h decryptionresult.h \ @@ -43,7 +43,8 @@ gpgmepp_headers = \ gpgsetownertrusteditinteractor.h gpgsignkeyeditinteractor.h \ importresult.h keygenerationresult.h key.h keylistresult.h \ notation.h result.h scdgetinfoassuantransaction.h signingresult.h \ - trustitem.h verificationresult.h vfsmountresult.h gpgmepp_export.h + trustitem.h verificationresult.h vfsmountresult.h gpgmepp_export.h \ + tofuinfo.h private_gpgmepp_headers = \ result_p.h context_p.h util.h callbacks.h data_p.h diff --git a/lang/cpp/src/tofuinfo.cpp b/lang/cpp/src/tofuinfo.cpp new file mode 100644 index 0000000..c27a59e --- /dev/null +++ b/lang/cpp/src/tofuinfo.cpp @@ -0,0 +1,177 @@ +/* tofuinfo.cpp - wraps gpgme tofu info + Copyright (C) 2016 Intevation GmbH + + This file is part of GPGME++. + + GPGME++ is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + GPGME++ is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with GPGME++; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#include "tofuinfo.h" + +#include +#include "util.h" + +class GpgME::TofuInfo::Private +{ +public: + Private() {} + Private(gpgme_tofu_info_t info) + : mInfo(info ? new _gpgme_tofu_info(*info) : nullptr) + { + if (mInfo && mInfo->fpr) { + mInfo->fpr = strdup(mInfo->fpr); + } + if (mInfo && mInfo->address) { + mInfo->address = strdup(mInfo->address); + } + if (mInfo && mInfo->description) { + mInfo->description = strdup(mInfo->description); + } + } + + Private(const Private &other) + : mInfo(other.mInfo) + { + if (mInfo && mInfo->fpr) { + mInfo->fpr = strdup(mInfo->fpr); + } + if (mInfo && mInfo->address) { + mInfo->address = strdup(mInfo->address); + } + if (mInfo && mInfo->description) { + mInfo->description = strdup(mInfo->description); + } + } + + ~Private() + { + if (mInfo) { + std::free(mInfo->fpr); + mInfo->fpr = nullptr; + std::free(mInfo->address); + mInfo->address = nullptr; + std::free(mInfo->description); + mInfo->description = nullptr; + + delete mInfo; + } + } + + gpgme_tofu_info_t mInfo; +}; + +GpgME::TofuInfo::TofuInfo(gpgme_tofu_info_t info) + : d(new Private(info)) +{ +} + +GpgME::TofuInfo::TofuInfo() : d() +{ +} + +bool GpgME::TofuInfo::isNull() const +{ + return !d || !d->mInfo; +} + +GpgME::TofuInfo::Validity GpgME::TofuInfo::validity() const +{ + if (isNull()) { + return ValidityUnknown; + } + switch (d->mInfo->validity) { + case 0: + return Conflict; + case 1: + return NoHistory; + case 2: + return LittleHistory; + case 3: + return BasicHistory; + case 4: + return LargeHistory; + default: + return ValidityUnknown; + } +} + +GpgME::TofuInfo::Policy GpgME::TofuInfo::policy() const +{ + if (isNull()) { + return PolicyUnknown; + } + switch (d->mInfo->policy) { + case GPGME_TOFU_POLICY_NONE: + return PolicyNone; + case GPGME_TOFU_POLICY_AUTO: + return PolicyAuto; + case GPGME_TOFU_POLICY_GOOD: + return PolicyGood; + case GPGME_TOFU_POLICY_BAD: + return PolicyBad; + case GPGME_TOFU_POLICY_ASK: + return PolicyAsk; + case GPGME_TOFU_POLICY_UNKNOWN: + return PolicyUnknown; + } +} + +const char *GpgME::TofuInfo::fingerprint() const +{ + return isNull() ? nullptr : d->mInfo->fpr; +} + +const char *GpgME::TofuInfo::address() const +{ + return isNull() ? nullptr : d->mInfo->address; +} + +const char *GpgME::TofuInfo::description() const +{ + return isNull() ? nullptr : d->mInfo->description; +} + +unsigned short GpgME::TofuInfo::signCount() const +{ + return isNull() ? 0 : d->mInfo->signcount; +} + +unsigned int GpgME::TofuInfo::firstSeen() const +{ + return isNull() ? 0 : d->mInfo->firstseen; +} + +unsigned int GpgME::TofuInfo::lastSeen() const +{ + return isNull() ? 0 : d->mInfo->lastseen; +} + +std::ostream &GpgME::operator<<(std::ostream &os, const GpgME::TofuInfo &info) +{ + os << "GpgME::Signature::TofuInfo("; + if (!info.isNull()) { + os << "\n address: " << protect(info.address()) + << "\n fpr: " << protect(info.fingerprint()) + << "\n desc: " << protect(info.description()) + << "\n validity: " << info.validity() + << "\n policy: " << info.policy() + << "\n signcount: "<< info.signCount() + << "\n firstseen: "<< info.firstSeen() + << "\n lastseen: " << info.lastSeen() + << '\n'; + } + return os << ")"; +} diff --git a/lang/cpp/src/tofuinfo.h b/lang/cpp/src/tofuinfo.h new file mode 100644 index 0000000..c698360 --- /dev/null +++ b/lang/cpp/src/tofuinfo.h @@ -0,0 +1,126 @@ +/* + tofuinfo.h - wraps gpgme tofu info + Copyright (C) 2016 Intevation GmbH + + This file is part of GPGME++. + + GPGME++ is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + GPGME++ is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with GPGME++; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#ifndef __GPGMEPP_TOFUINFO_H__ +#define __GPGMEPP_TOFUINFO_H__ + +#include "gpgmepp_export.h" + +#include "gpgme.h" + +#include "global.h" + +#include + +namespace GpgME +{ + +class GPGMEPP_EXPORT TofuInfo +{ +public: + TofuInfo(); + explicit TofuInfo(gpgme_tofu_info_t info); + + const TofuInfo &operator=(TofuInfo other) + { + swap(other); + return *this; + } + + void swap(TofuInfo &other) + { + using std::swap; + swap(this->d, other.d); + } + + bool isNull() const; + + /* @enum Validity + * @brief The TOFU Validity. */ + enum Validity { + /*! Unknown (uninitialized).*/ + ValidityUnknown, + /*! TOFU Conflict.*/ + Conflict, + /*! Key without history.*/ + NoHistory, + /*! Key with too little history.*/ + LittleHistory, + /*! Key with enough history for basic trust.*/ + BasicHistory, + /*! Key with a lot of history.*/ + LargeHistory, + }; + Validity validity() const; + + /* @enum Policy + * @brief The TOFU Validity. */ + enum Policy { + /*! GPGME_TOFU_POLICY_NONE */ + PolicyNone, + /*! GPGME_TOFU_POLICY_AUTO */ + PolicyAuto, + /*! GPGME_TOFU_POLICY_GOOD */ + PolicyGood, + /*! GPGME_TOFU_POLICY_UNKNOWN */ + PolicyUnknown, + /*! GPGME_TOFU_POLICY_BAD */ + PolicyBad, + /*! GPGME_TOFU_POLICY_ASK */ + PolicyAsk, + }; + Policy policy() const; + + /* Number of signatures seen for this binding. Capped at USHRT_MAX. */ + unsigned short signCount() const; + + /* Number of seconds since the first message was verified. */ + unsigned int firstSeen() const; + + /* Number of seconds since the last message was verified. */ + unsigned int lastSeen() const; + + /* Finterprint of the key for this entry. */ + const char *fingerprint() const; + + /* If non-NULL a human readable string summarizing the TOFU data. */ + const char *description() const; + + /* The address of the tofu binding. + * + * If no mail address is set for a User ID this is the name used + * for the user ID. Can be ambiguous when the same mail address or + * name is used in multiple user ids. + */ + const char *address() const; + +private: + class Private; + std::shared_ptr d; +}; + +GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const TofuInfo &info); + +} // namespace GpgME + +GPGMEPP_MAKE_STD_SWAP_SPECIALIZATION(TofuInfo) +#endif // __GPGMEPP_TOFUINFO_H__ diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp index b6fde7d..4bd1a7b 100644 --- a/lang/cpp/src/verificationresult.cpp +++ b/lang/cpp/src/verificationresult.cpp @@ -24,6 +24,7 @@ #include #include "result_p.h" #include "util.h" +#include "tofuinfo.h" #include @@ -81,6 +82,11 @@ public: } nota.back().push_back(n); } + // copy tofu info: + tinfos.push_back(std::vector()); + for (gpgme_tofu_info_t in = is->tofu; in ; in = in->next) { + tinfos.back().push_back(TofuInfo(in)); + } } } ~Private() @@ -107,6 +113,7 @@ public: std::vector sigs; std::vector< std::vector > nota; + std::vector< std::vector > tinfos; std::vector purls; std::string file_name; }; @@ -363,6 +370,15 @@ std::vector GpgME::Signature::notations() const return result; } +std::vector GpgME::Signature::tofuInfo() const +{ + if (isNull()) { + return std::vector(); + } + + return d->tinfos[idx]; +} + class GpgME::Notation::Private { public: @@ -530,6 +546,9 @@ std::ostream &GpgME::operator<<(std::ostream &os, const Signature &sig) const std::vector nota = sig.notations(); std::copy(nota.begin(), nota.end(), std::ostream_iterator(os, "\n")); + const std::vector tinfos = sig.tofuInfo(); + std::copy(tinfos.begin(), tinfos.end(), + std::ostream_iterator(os, "\n")); } return os << ')'; } diff --git a/lang/cpp/src/verificationresult.h b/lang/cpp/src/verificationresult.h index 17f0568..5a2927f 100644 --- a/lang/cpp/src/verificationresult.h +++ b/lang/cpp/src/verificationresult.h @@ -40,6 +40,7 @@ namespace GpgME class Error; class Signature; class Notation; +class TofuInfo; class GPGMEPP_EXPORT VerificationResult : public Result { @@ -156,6 +157,18 @@ public: GpgME::Notation notation(unsigned int index) const; std::vector notations() const; + /** List of TOFU stats for this signature. + * + * For each UserID of the key used to create this + * signature a tofu entry is returned. + * + * Warning: Addresses can be ambigous if there are multiple UserID's + * with the same mailbox in a key. + * + * @returns The list of TOFU stats. + */ + std::vector tofuInfo() const; + private: std::shared_ptr d; unsigned int idx; commit 948ce7d1edf12ecb5080a4816ca15f495d6393f5 Author: Andre Heinecke Date: Fri Jul 1 16:47:04 2016 +0200 core: Clarify documentation of tofu_stats address * src/gpgme.h.in: Mention that Address is not always in addr-spec. -- The old comment made it look like you could always expect the address to be parsable as a mailbox address. diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 790485d..cdb7037 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1559,7 +1559,12 @@ struct _gpgme_tofu_info { struct _gpgme_tofu_info *next; - /* The mail address (addr-spec from RFC5322) of the tofu binding. */ + /* The mail address (addr-spec from RFC5322) of the tofu binding. + * + * If no mail address is set for a User ID this is the name used + * for the user ID. Can be ambiguous when the same mail address or + * name is used in multiple user ids. + */ char *address; /* The fingerprint of the primary key. */ ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- lang/cpp/src/Makefile.am | 5 +- lang/cpp/src/tofuinfo.cpp | 177 ++++++++++++++++++++++++++++++++++++ lang/cpp/src/tofuinfo.h | 126 +++++++++++++++++++++++++ lang/cpp/src/verificationresult.cpp | 19 ++++ lang/cpp/src/verificationresult.h | 13 +++ lang/qt/tests/Makefile.am | 7 +- lang/qt/tests/t-tofuinfo.cpp | 163 +++++++++++++++++++++++++++++++++ src/gpgme.h.in | 7 +- 9 files changed, 512 insertions(+), 7 deletions(-) create mode 100644 lang/cpp/src/tofuinfo.cpp create mode 100644 lang/cpp/src/tofuinfo.h create mode 100644 lang/qt/tests/t-tofuinfo.cpp hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jul 2 16:31:21 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 02 Jul 2016 16:31:21 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-102-g442efa9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 442efa9b3ff211c692b6967a944b3d9371ad1bb7 (commit) via aae3cdb61555db4efb26f522030c8303a731d4a9 (commit) from 7bfc86c938d11c14ea78b196c82ceba2a2f5317d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 442efa9b3ff211c692b6967a944b3d9371ad1bb7 Author: Werner Koch Date: Sat Jul 2 16:18:50 2016 +0200 doc: Describe filter expressions. * doc/gpg.texi: Remove some superfluous .E. (FILTER EXPRESSIONS): New. Signed-off-by: Werner Koch diff --git a/common/recsel.c b/common/recsel.c index b35574f..5dc685f 100644 --- a/common/recsel.c +++ b/common/recsel.c @@ -133,7 +133,7 @@ find_next_lc (char *string) } -/* Parse an expression. The expression symtax is: +/* Parse an expression. The expression syntax is: * * [] {{} PROPNAME VALUE []} * @@ -161,8 +161,8 @@ find_next_lc (char *string) * >= The numerical value of the field must be GE than the value. * -n True if value is not empty (no VALUE parameter allowed). * -z True if value is empty (no VALUE parameter allowed). - * -t Alias for "NAME != 0" (no VALUE parameter allowed). - * -f Alias for "NAME == 0" (no VALUE parameter allowed). + * -t Alias for "PROPNAME != 0" (no VALUE parameter allowed). + * -f Alias for "PROPNAME == 0" (no VALUE parameter allowed). * * Values for must be space separated and any of: * diff --git a/doc/gpg.texi b/doc/gpg.texi index 7118e0d..7dff333 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -570,7 +570,7 @@ Use the source, Luke :-). The output format is still subject to change. @item --enarmor - at item --dearmor + at itemx --dearmor @opindex enarmor @opindex dearmor Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor. @@ -2239,9 +2239,9 @@ The available filter types are: @end table -The syntax for the expression is defined in the appendix (FIXME). The -property names for the expressions depend on the actual filter type -and are indicated in the following table. +For the syntax of the expression see the chapter "FILTER EXPRESSIONS". +The property names for the expressions depend on the actual filter +type and are indicated in the following table. The available properties are: @@ -3238,7 +3238,6 @@ current home directory (@pxref{option --homedir}). @end table - at c man:.RE Note that on larger installations, it is useful to put predefined files into the directory @file{@value{SYSCONFSKELDIR}} so that newly created users start up with a working configuration. @@ -3313,7 +3312,6 @@ files; They all live in in the current home directory (@pxref{option @end table - at c man:.RE Operation is further controlled by a few environment variables: @table @asis @@ -3406,6 +3404,123 @@ user for the filename. @include specify-user-id.texi @end ifset + at mansect filter expressions + at chapheading FILTER EXPRESSIONS + +The options @option{--import-filter} and @option{--export-filter} use +expressions with this syntax (square brackets indicate an optional +part and curly braces a repetition, white space between the elements +are allowed): + + at c man:.RS + at example + [lc] @{[@{flag@}] PROPNAME op VALUE [lc]@} + at end example + at c man:.RE + +The name of a property (@var{PROPNAME}) may only consist of letters, +digits and underscores. The description for the filter type +describes which properties are defined. If an undefined property is +used it evaluates to the empty string. Unless otherwise noted, the + at var{VALUE} must always be given and may not be the empty string. No +quoting is defined for the value, thus the value may not contain the +strings @code{&&} or @code{||}, which are used as logical connection +operators. The flag @code{--} can be used to remove this restriction. + +Numerical values are computed as long int; standard C notation +applies. @var{lc} is the logical connection operator; either + at code{&&} for a conjunction or @code{||} for a disjunction. A +conjunction is assumed at the begin of an expression. Conjunctions +have higher precedence than disjunctions. If @var{VALUE} starts with +one of the characters used in any @var{op} a space after the + at var{op} is required. + + at noindent +The supported operators (@var{op}) are: + + at table @asis + + @item =~ + Substring must match. + + @item !~ + Substring must not match. + + @item = + The full string must match. + + @item <> + The full string must not match. + + @item == + The numerical value must match. + + @item != + The numerical value must not match. + + @item <= + The numerical value of the field must be LE than the value. + + @item < + The numerical value of the field must be LT than the value. + + @item >= + The numerical value of the field must be GT than the value. + + @item >= + The numerical value of the field must be GE than the value. + + @item -n + True if value is not empty (no value allowed). + + @item -z + True if value is empty (no value allowed). + + @item -t + Alias for "PROPNAME != 0" (no value allowed). + + @item -f + Alias for "PROPNAME == 0" (no value allowed). + + at end table + + at noindent +Values for @var{flag} must be space separated. The supported flags +are: + + at table @asis + @item -- + @var{VALUE} spans to the end of the expression. + @item -c + The string match in this part is done case-sensitive. + at end table + +The filter options concatenate several specifications for a filter of +the same type. For example the four options in this example: + + at c man:.RS + at example + --import-option keep-uid="uid =~ Alfa" + --import-option keep-uid="&& uid !~ Test" + --import-option keep-uid="|| uid =~ Alpha" + --import-option keep-uid="uid !~ Test" + at end example + at c man:.RE + + at noindent +which is equivalent to + + at c man:.RS + at example + --import-option \ + keep-uid="uid =~ Alfa" && uid !~ Test" || uid =~ Alpha" && "uid !~ Test" + at end example + at c man:.RE + +imports only the user ids of a key containing the strings "Alfa" +or "Alpha" but not the string "test". + + @mansect return value @chapheading RETURN VALUE commit aae3cdb61555db4efb26f522030c8303a731d4a9 Author: Werner Koch Date: Sat Jul 2 16:17:25 2016 +0200 yat2m: Fix table formatting. * doc/yat2m.c (proc_texi_cmd): Use .TQ for @itemx. Print a .P at the end of a level 0 table. Signed-off-by: Werner Koch diff --git a/doc/yat2m.c b/doc/yat2m.c index 7599081..9b76f19 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -746,7 +746,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "subsection", 6, "\n.SS " }, { "chapheading", 0}, { "item", 2, ".TP\n.B " }, - { "itemx", 2, ".TP\n.B " }, + { "itemx", 2, ".TQ\n.B " }, { "table", 3 }, { "itemize", 3 }, { "bullet", 0, "* " }, @@ -793,6 +793,8 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { if ((*table_level)-- > 1) fputs (".RE\n", fp); + else + fputs (".P\n", fp); } else if (n >= 7 && !memcmp (s, "example", 7) && (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n')) ----------------------------------------------------------------------- Summary of changes: common/recsel.c | 6 +-- doc/gpg.texi | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++++--- doc/yat2m.c | 4 +- 3 files changed, 127 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jul 2 16:35:58 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 02 Jul 2016 16:35:58 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.23-6-g1a53a0a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 1a53a0ac4cc241a5c6d360d6259dd04afc09264c (commit) from 467ccbb6062439eda9dce7cd991934d1a5491713 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1a53a0ac4cc241a5c6d360d6259dd04afc09264c Author: Werner Koch Date: Sat Jul 2 16:33:50 2016 +0200 yat2m: Fix table formatting. * doc/yat2m.c (proc_texi_cmd): Use .TQ for @itemx. Print a .P at the end of a level 0 table. Signed-off-by: Werner Koch diff --git a/doc/yat2m.c b/doc/yat2m.c index 7599081..9b76f19 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -746,7 +746,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "subsection", 6, "\n.SS " }, { "chapheading", 0}, { "item", 2, ".TP\n.B " }, - { "itemx", 2, ".TP\n.B " }, + { "itemx", 2, ".TQ\n.B " }, { "table", 3 }, { "itemize", 3 }, { "bullet", 0, "* " }, @@ -793,6 +793,8 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { if ((*table_level)-- > 1) fputs (".RE\n", fp); + else + fputs (".P\n", fp); } else if (n >= 7 && !memcmp (s, "example", 7) && (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n')) ----------------------------------------------------------------------- Summary of changes: doc/yat2m.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jul 3 00:43:49 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 03 Jul 2016 00:43:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-105-g7705f31 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7705f310f1406fe49b45e16c371b09863313f24f (commit) via c619035d9cd0c9cef62facf5365321289051f9a0 (commit) via 0e36a1d1fb79c2b75c081616eed00075190b38aa (commit) from 442efa9b3ff211c692b6967a944b3d9371ad1bb7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7705f310f1406fe49b45e16c371b09863313f24f Author: Werner Koch Date: Sun Jul 3 00:41:30 2016 +0200 tools: Call sendmail directly from the wks tools. * tools/send-mail.c, tools/send-mail.h: New. * tools/wks-util.c: New. * tools/Makefile.am (gpg_wks_server_SOURCES): Add them. (gpg_wks_client_SOURCES): Ditto. * tools/gpg-wks.h (opt): Add fields use_sendmail and output. * tools/gpg-wks-client.c: Add options --send and --output. Rename command --send to --create. (command_send, send_confirmation_response): Output via wks_send_mime. * tools/gpg-wks-server.c: Add options --send and --output. (send_confirmation_request): Output via wks_send_mime. (check_and_publish): Add hack for name-value bug. -- With this code, a dedicated user on the server along with a procmail script, it was possible to run a basic test. Signed-off-by: Werner Koch diff --git a/tools/Makefile.am b/tools/Makefile.am index 362ee1f..7bc1456 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -147,21 +147,25 @@ gpgtar_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ gpg_wks_server_SOURCES = \ gpg-wks-server.c \ gpg-wks.h \ + wks-util.c \ wks-receive.c \ rfc822parse.c rfc822parse.h \ mime-parser.c mime-parser.h \ - mime-maker.h mime-maker.c + mime-maker.c mime-maker.h \ + send-mail.c send-mail.h gpg_wks_server_CFLAGS = $(GPG_ERROR_CFLAGS) gpg_wks_server_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) gpg_wks_client_SOURCES = \ gpg-wks-client.c \ - gpg-wks.h \ + gpg-wks.h \ + wks-util.c \ wks-receive.c \ rfc822parse.c rfc822parse.h \ mime-parser.c mime-parser.h \ - mime-maker.h mime-maker.c \ + mime-maker.h mime-maker.c \ + send-mail.c send-mail.h \ call-dirmngr.c call-dirmngr.h gpg_wks_client_CFLAGS = $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index c7cb8fb..25ee43f 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -34,6 +34,7 @@ #include "name-value.h" #include "call-dirmngr.h" #include "mime-maker.h" +#include "send-mail.h" #include "gpg-wks.h" @@ -44,13 +45,15 @@ enum cmd_and_opt_values oQuiet = 'q', oVerbose = 'v', + oOutput = 'o', oDebug = 500, - aSend, + aCreate, aReceive, oGpgProgram, + oSend, oDummy }; @@ -60,8 +63,8 @@ enum cmd_and_opt_values static ARGPARSE_OPTS opts[] = { ARGPARSE_group (300, ("@Commands:\n ")), - ARGPARSE_c (aSend, "send", - ("send a publication request")), + ARGPARSE_c (aCreate, "create", + ("create a publication request")), ARGPARSE_c (aReceive, "receive", ("receive a confirmation request")), @@ -71,6 +74,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oQuiet, "quiet", ("be somewhat more quiet")), ARGPARSE_s_s (oDebug, "debug", "@"), ARGPARSE_s_s (oGpgProgram, "gpg", "@"), + ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"), + ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"), ARGPARSE_end () @@ -112,10 +117,10 @@ my_strusage( int level ) case 1: case 40: - p = ("Usage: gpg-wks-client --send|--receive [args] (-h for help)"); + p = ("Usage: gpg-wks-client [command] [options] [args] (-h for help)"); break; case 41: - p = ("Syntax: gpg-wks-client --send|--receive [args]\n" + p = ("Syntax: gpg-wks-client [command] [options] [args]\n" "Client for the Web Key Service\n"); break; @@ -158,8 +163,14 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) case oGpgProgram: opt.gpg_program = pargs->r.ret_str; break; + case oSend: + opt.use_sendmail = 1; + break; + case oOutput: + opt.output = pargs->r.ret_str; + break; - case aSend: + case aCreate: case aReceive: cmd = pargs->r_opt; break; @@ -221,12 +232,12 @@ main (int argc, char **argv) /* Run the selected command. */ switch (cmd) { - case aSend: + case aCreate: if (argc != 2) - wrong_args ("--send FINGERPRINT USER-ID"); + wrong_args ("--create FINGERPRINT USER-ID"); err = command_send (argv[0], argv[1]); if (err) - log_error ("sending key failed: %s\n", gpg_strerror (err)); + log_error ("creating request failed: %s\n", gpg_strerror (err)); break; case aReceive: @@ -234,7 +245,7 @@ main (int argc, char **argv) wrong_args ("--receive"); err = wks_receive (es_stdin, command_receive_cb, NULL); if (err) - log_error ("reading mail failed: %s\n", gpg_strerror (err)); + log_error ("processing mail failed: %s\n", gpg_strerror (err)); break; default: @@ -407,7 +418,7 @@ command_send (const char *fingerprint, char *userid) if (err) goto leave; - err = mime_maker_make (mime, es_stdout); + err = wks_send_mime (mime); leave: mime_maker_release (mime); @@ -502,7 +513,7 @@ send_confirmation_response (const char *sender, const char *address, if (err) goto leave; - err = mime_maker_make (mime, es_stdout); + err = wks_send_mime (mime); leave: mime_maker_release (mime); diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 1106934..305b454 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -40,6 +40,7 @@ #include "mbox-util.h" #include "name-value.h" #include "mime-maker.h" +#include "send-mail.h" #include "gpg-wks.h" @@ -50,6 +51,7 @@ enum cmd_and_opt_values oQuiet = 'q', oVerbose = 'v', + oOutput = 'o', oDebug = 500, @@ -57,6 +59,7 @@ enum cmd_and_opt_values aCron, oGpgProgram, + oSend, oFrom, oHeader, @@ -79,7 +82,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oQuiet, "quiet", ("be somewhat more quiet")), ARGPARSE_s_s (oDebug, "debug", "@"), ARGPARSE_s_s (oGpgProgram, "gpg", "@"), - ARGPARSE_s_s (oFrom, "from" , "|ADDR|use ADDR as the default sender"), + ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"), + ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"), + ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"), ARGPARSE_s_s (oHeader, "header" , "|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"), @@ -182,6 +187,12 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) case oHeader: append_to_strlist (&opt.extra_headers, pargs->r.ret_str); break; + case oSend: + opt.use_sendmail = 1; + break; + case oOutput: + opt.output = pargs->r.ret_str; + break; case aReceive: case aCron: @@ -831,7 +842,7 @@ send_confirmation_request (server_ctx_t ctx, if (err) goto leave; - err = mime_maker_make (mime, es_stdout); + err = wks_send_mime (mime); leave: mime_maker_release (mime); @@ -923,6 +934,14 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) const char *s; strlist_t sl; + /* FIXME: There is a bug in name-value.c which adds white space for + * the last pair and thus we strip the nonce here until this has + * been fixed. */ + char *nonce2 = xstrdup (nonce); + trim_trailing_spaces (nonce2); + nonce = nonce2; + + domain = strchr (address, '@'); log_assert (domain && domain[1]); domain++; @@ -1027,6 +1046,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) xfree (hash); xfree (fnewname); xfree (fname); + xfree (nonce2); return err; } diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h index 873925c..be85eec 100644 --- a/tools/gpg-wks.h +++ b/tools/gpg-wks.h @@ -22,6 +22,7 @@ #include "../common/util.h" #include "../common/strlist.h" +#include "mime-maker.h" /* We keep all global options in the structure OPT. */ struct @@ -29,6 +30,8 @@ struct int verbose; unsigned int debug; int quiet; + int use_sendmail; + const char *output; const char *gpg_program; const char *directory; const char *default_from; @@ -43,6 +46,9 @@ struct #define DBG_EXTPROG_VALUE 16384 /* debug external program calls */ +/*-- wks-util.c --*/ +gpg_error_t wks_send_mime (mime_maker_t mime); + /*-- wks-receive.c --*/ gpg_error_t wks_receive (estream_t fp, gpg_error_t (*result_cb)(void *opaque, diff --git a/tools/send-mail.c b/tools/send-mail.c new file mode 100644 index 0000000..2266521 --- /dev/null +++ b/tools/send-mail.c @@ -0,0 +1,129 @@ +/* send-mail.c - Invoke sendmail or other delivery tool. + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include + +#include "util.h" +#include "exectool.h" +#include "sysutils.h" +#include "send-mail.h" + + +static gpg_error_t +run_sendmail (estream_t data) +{ + gpg_error_t err; + const char pgmname[] = "/usr/lib/sendmail"; + const char *argv[3]; + + argv[0] = "-oi"; + argv[1] = "-t"; + argv[2] = NULL; + + err = gnupg_exec_tool_stream (pgmname, argv, data, NULL, NULL, NULL, NULL); + if (err) + log_error ("running '%s' failed: %s\n", pgmname, gpg_strerror (err)); + return err; +} + + +/* Send the data in FP as mail. */ +gpg_error_t +send_mail (estream_t fp) +{ + return run_sendmail (fp); +} + + +/* Convenience function to write a mail to a named file. */ +gpg_error_t +send_mail_to_file (estream_t fp, const char *fname) +{ + gpg_error_t err; + estream_t outfp = NULL; + char *buffer = NULL; + size_t buffersize = 32 * 1024; + size_t nbytes, nwritten; + + if (!fname) + fname = "-"; + + buffer = xtrymalloc (buffersize); + if (!buffer) + return gpg_error_from_syserror (); + + outfp = !strcmp (fname,"-")? es_stdout : es_fopen (fname, "wb"); + if (!outfp) + { + err = gpg_error_from_syserror (); + log_error ("error creating '%s': %s\n", fname, gpg_strerror (err)); + goto leave; + } + for (;;) + { + if (es_read (fp, buffer, sizeof buffer, &nbytes)) + { + err = gpg_error_from_syserror (); + log_error ("error reading '%s': %s\n", + es_fname_get (fp), gpg_strerror (err)); + goto leave; + } + + if (!nbytes) + { + err = 0; + break; /* Ready. */ + } + + if (es_write (outfp, buffer, nbytes, &nwritten)) + { + err = gpg_error_from_syserror (); + log_error ("error writing '%s': %s\n", fname, gpg_strerror (err)); + goto leave; + } + else if (nwritten != nbytes) + { + err = gpg_error (GPG_ERR_EIO); + log_error ("error writing '%s': %s\n", fname, "short write"); + goto leave; + } + } + + + leave: + if (err) + { + if (outfp && outfp != es_stdout) + { + es_fclose (outfp); + gnupg_remove (fname); + } + } + else if (outfp && outfp != es_stdout && es_fclose (outfp)) + { + err = gpg_error_from_syserror (); + log_error ("error closing '%s': %s\n", fname, gpg_strerror (err)); + } + + xfree (buffer); + return err; +} diff --git a/tools/send-mail.h b/tools/send-mail.h new file mode 100644 index 0000000..5f57854 --- /dev/null +++ b/tools/send-mail.h @@ -0,0 +1,27 @@ +/* send-mail.h - Invoke sendmail or other delivery tool. + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef GNUPG_SEND_MAIL_H +#define GNUPG_SEND_MAIL_H + +gpg_error_t send_mail (estream_t fp); +gpg_error_t send_mail_to_file (estream_t fp, const char *fname); + + +#endif /*GNUPG_SEND_MAIL_H*/ diff --git a/tools/wks-util.c b/tools/wks-util.c new file mode 100644 index 0000000..8d9f92b --- /dev/null +++ b/tools/wks-util.c @@ -0,0 +1,65 @@ +/* wks-utils.c - Common helper fucntions for wks tools + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include + +#include "util.h" +#include "mime-maker.h" +#include "send-mail.h" +#include "gpg-wks.h" + + +/* Helper to write mail to the output(s). */ +gpg_error_t +wks_send_mime (mime_maker_t mime) +{ + gpg_error_t err; + estream_t mail; + + /* Without any option we take a short path. */ + if (!opt.use_sendmail && !opt.output) + return mime_maker_make (mime, es_stdout); + + mail = es_fopenmem (0, "w+b"); + if (!mail) + { + err = gpg_error_from_syserror (); + return err; + } + + err = mime_maker_make (mime, mail); + + if (!err && opt.output) + { + es_rewind (mail); + err = send_mail_to_file (mail, opt.output); + } + + if (!err && opt.use_sendmail) + { + es_rewind (mail); + err = send_mail (mail); + } + + es_fclose (mail); + return err; +} commit c619035d9cd0c9cef62facf5365321289051f9a0 Author: Werner Koch Date: Sat Jul 2 18:59:22 2016 +0200 tools: Add options to gpg-wks-server. * tools/gpg-wks.h (opt): Add 'default_from' and 'extra_headers'. * tools/gpg-wks-server.c (oFrom, oHeader): New. (parse_arguments): Set them and check args. (get_submission_address): New. (send_confirmation_request): Set correct From address. Add extra headers. (process_new_key): Return an error code. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 2ae84e2..1106934 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -57,6 +57,8 @@ enum cmd_and_opt_values aCron, oGpgProgram, + oFrom, + oHeader, oDummy }; @@ -77,7 +79,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oQuiet, "quiet", ("be somewhat more quiet")), ARGPARSE_s_s (oDebug, "debug", "@"), ARGPARSE_s_s (oGpgProgram, "gpg", "@"), - + ARGPARSE_s_s (oFrom, "from" , "|ADDR|use ADDR as the default sender"), + ARGPARSE_s_s (oHeader, "header" , + "|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"), ARGPARSE_end () }; @@ -172,6 +176,12 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) case oGpgProgram: opt.gpg_program = pargs->r.ret_str; break; + case oFrom: + opt.default_from = pargs->r.ret_str; + break; + case oHeader: + append_to_strlist (&opt.extra_headers, pargs->r.ret_str); + break; case aReceive: case aCron: @@ -228,6 +238,24 @@ main (int argc, char **argv) if (!opt.directory) opt.directory = "/var/lib/gnupg/wks"; + /* Check for syntax errors in the --header option to avoid later + * error messages with a not easy to find cause */ + if (opt.extra_headers) + { + strlist_t sl; + + for (sl = opt.extra_headers; sl; sl = sl->next) + { + err = mime_maker_add_header (NULL, sl->d, NULL); + if (err) + log_error ("syntax error in \"--header %s\": %s\n", + sl->d, gpg_strerror (err)); + } + } + + if (log_get_errorcount (0)) + exit (2); + /* Check that we have a working directory. */ #if defined(HAVE_STAT) @@ -271,7 +299,7 @@ main (int argc, char **argv) wrong_args ("--receive"); err = wks_receive (es_stdin, command_receive_cb, NULL); if (err) - log_error ("reading mail failed: %s\n", gpg_strerror (err)); + log_error ("processing mail failed: %s\n", gpg_strerror (err)); break; case aCron: @@ -523,6 +551,74 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *fingerprint) } +/* Get the submission address for address MBOX. Caller must free the + * value. If no address can be found NULL is returned. */ +static char * +get_submission_address (const char *mbox) +{ + gpg_error_t err; + const char *domain; + char *fname, *line, *p; + size_t n; + estream_t fp; + + domain = strchr (mbox, '@'); + if (!domain) + return NULL; + domain++; + + fname = make_filename_try (opt.directory, domain, "submission-address", NULL); + if (!fname) + { + err = gpg_error_from_syserror (); + log_error ("make_filename failed in %s: %s\n", + __func__, gpg_strerror (err)); + return NULL; + } + + fp = es_fopen (fname, "r"); + if (!fp) + { + err = gpg_error_from_syserror (); + if (gpg_err_code (err) == GPG_ERR_ENOENT) + log_info ("Note: no specific submission address configured" + " for domain '%s'\n", domain); + else + log_error ("error reading '%s': %s\n", fname, gpg_strerror (err)); + xfree (fname); + return NULL; + } + + line = NULL; + n = 0; + if (es_getline (&line, &n, fp) < 0) + { + err = gpg_error_from_syserror (); + log_error ("error reading '%s': %s\n", fname, gpg_strerror (err)); + xfree (line); + es_fclose (fp); + xfree (fname); + return NULL; + } + es_fclose (fp); + xfree (fname); + + p = strchr (line, '\n'); + if (p) + *p = 0; + trim_spaces (line); + if (!is_valid_mailbox (line)) + { + log_error ("invalid submission address for domain '%s' detected\n", + domain); + xfree (line); + return NULL; + } + + return line; +} + + /* We store the key under the name of the nonce we will then send to * the user. On success the nonce is stored at R_NONCE. */ static gpg_error_t @@ -631,20 +727,40 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce) } +/* Send a confirmation rewqyest. DIR is the directory used for the + * address MBOX. NONCE is the nonce we want to see in the response to + * this mail. */ static gpg_error_t -send_confirmation_request (server_ctx_t ctx, const char *mbox, const char *nonce) +send_confirmation_request (server_ctx_t ctx, + const char *mbox, const char *nonce) { gpg_error_t err; estream_t body = NULL; estream_t bodyenc = NULL; mime_maker_t mime = NULL; + char *from_buffer = NULL; + const char *from; + strlist_t sl; + + from = from_buffer = get_submission_address (mbox); + if (!from) + { + from = opt.default_from; + if (!from) + { + log_error ("no sender address found for '%s'\n", mbox); + err = gpg_error (GPG_ERR_CONFIGURATION); + goto leave; + } + log_info ("Note: using default sender address '%s'\n", from); + } body = es_fopenmem (0, "w+b"); if (!body) { err = gpg_error_from_syserror (); log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); - return err; + goto leave; } /* It is fine to use 8 bit encosind because that is encrypted and * only our client will see it. */ @@ -658,7 +774,7 @@ send_confirmation_request (server_ctx_t ctx, const char *mbox, const char *nonce "address: %s\n" "fingerprint: %s\n" "nonce: %s\n"), - "sender at example.org", + from, mbox, ctx->fpr, nonce); @@ -674,12 +790,21 @@ send_confirmation_request (server_ctx_t ctx, const char *mbox, const char *nonce err = mime_maker_new (&mime, NULL); if (err) goto leave; + err = mime_maker_add_header (mime, "From", from); + if (err) + goto leave; err = mime_maker_add_header (mime, "To", mbox); if (err) goto leave; - err = mime_maker_add_header (mime, "Subject", "confirm key publication"); + err = mime_maker_add_header (mime, "Subject", "Confirm your key publication"); if (err) goto leave; + for (sl = opt.extra_headers; sl; sl = sl->next) + { + err = mime_maker_add_header (mime, sl->d, NULL); + if (err) + goto leave; + } err = mime_maker_add_header (mime, "Content-Type", "multipart/encrypted; " @@ -712,6 +837,7 @@ send_confirmation_request (server_ctx_t ctx, const char *mbox, const char *nonce mime_maker_release (mime); xfree (bodyenc); xfree (body); + xfree (from_buffer); return err; } @@ -779,7 +905,7 @@ process_new_key (server_ctx_t ctx, estream_t key) wipememory (nonce, strlen (nonce)); xfree (nonce); xfree (dname); - return 0; + return err; } diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h index 249b10a..873925c 100644 --- a/tools/gpg-wks.h +++ b/tools/gpg-wks.h @@ -31,6 +31,8 @@ struct int quiet; const char *gpg_program; const char *directory; + const char *default_from; + strlist_t extra_headers; } opt; /* Debug values and macros. */ commit 0e36a1d1fb79c2b75c081616eed00075190b38aa Author: Werner Koch Date: Sat Jul 2 18:55:22 2016 +0200 tools: Extend mime-maker.c:mime_maker_add_header. * tools/mime-maker.c (add_header): Check header name and allow name-value syntax. (mime_maker_add_header): Add mode for a syntax check. Signed-off-by: Werner Koch diff --git a/tools/mime-maker.c b/tools/mime-maker.c index 88f9d5f..fa42043 100644 --- a/tools/mime-maker.c +++ b/tools/mime-maker.c @@ -27,6 +27,11 @@ #include "mime-maker.h" +/* All valid charachters in a header name. */ +#define HEADER_NAME_CHARS ("abcdefghijklmnopqrstuvwxyz" \ + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ + "-01234567890") + /* An object to store an header. Also used for a list of headers. */ struct header_s { @@ -294,12 +299,37 @@ add_header (part_t part, const char *name, const char *value) { gpg_error_t err; header_t hdr; + size_t namelen; + const char *s; - hdr = xtrymalloc (sizeof *hdr + strlen (name)); + if (!value) + { + s = strchr (name, '='); + if (!s) + return gpg_error (GPG_ERR_INV_ARG); + namelen = s - name; + value = s+1; + } + else + namelen = strlen (name); + + hdr = xtrymalloc (sizeof *hdr + namelen); if (!hdr) return gpg_error_from_syserror (); hdr->next = NULL; - strcpy (hdr->name, name); + memcpy (hdr->name, name, namelen); + hdr->name[namelen] = 0; + + /* Check that the header name is valid. We allow all lower and + * uppercase letters and, except for the first character, digits and + * the dash. */ + if (strspn (hdr->name, HEADER_NAME_CHARS) != namelen + || strchr ("-0123456789", *hdr->name)) + { + xfree (hdr); + return gpg_error (GPG_ERR_INV_NAME); + } + capitalize_header_name (hdr->name); hdr->value = xtrystrdup (value); if (!hdr->value) @@ -308,21 +338,30 @@ add_header (part_t part, const char *name, const char *value) xfree (hdr); return err; } - *part->headers_tail = hdr; - part->headers_tail = &hdr->next; + + if (part) + { + *part->headers_tail = hdr; + part->headers_tail = &hdr->next; + } + else + xfree (hdr); return 0; } /* Add a header with NAME and VALUE to the current mail. A LF in the - * VALUE will be handled automagically. If no container has been - * added, the header will be used for the regular mail headers and not - * for a MIME part. If the current part is in a container and a body - * has been added, we append a new part to the current container. - * Thus for a non-MIME mail the caller needs to call this function - * followed by a call to add a body. When adding a Content-Type the - * boundary parameter must not be included. + * VALUE will be handled automagically. If NULL is used for VALUE it + * is expected that the NAME has the format "NAME=VALUE" and VALUE is + * taken from there. + * + * If no container has been added, the header will be used for the + * regular mail headers and not for a MIME part. If the current part + * is in a container and a body has been added, we append a new part + * to the current container. Thus for a non-MIME mail the caller + * needs to call this function followed by a call to add a body. When + * adding a Content-Type the boundary parameter must not be included. */ gpg_error_t mime_maker_add_header (mime_maker_t ctx, const char *name, const char *value) @@ -330,6 +369,10 @@ mime_maker_add_header (mime_maker_t ctx, const char *name, const char *value) gpg_error_t err; part_t part, parent; + /* Hack to use this fucntion for a synacx check of NAME and VALUE. */ + if (!ctx) + return add_header (NULL, name, value); + err = ensure_part (ctx, &parent); if (err) return err; ----------------------------------------------------------------------- Summary of changes: tools/Makefile.am | 10 ++- tools/gpg-wks-client.c | 35 +++++--- tools/gpg-wks-server.c | 162 +++++++++++++++++++++++++++++++++-- tools/gpg-wks.h | 8 ++ tools/mime-maker.c | 65 +++++++++++--- tools/send-mail.c | 129 ++++++++++++++++++++++++++++ sm/passphrase.h => tools/send-mail.h | 14 +-- tools/wks-util.c | 65 ++++++++++++++ 8 files changed, 447 insertions(+), 41 deletions(-) create mode 100644 tools/send-mail.c copy sm/passphrase.h => tools/send-mail.h (74%) create mode 100644 tools/wks-util.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jul 3 10:29:40 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 03 Jul 2016 10:29:40 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-106-g1bfed0b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1bfed0bbc5ec9d60d4fb3a0f5c865923ed3563e7 (commit) from 7705f310f1406fe49b45e16c371b09863313f24f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1bfed0bbc5ec9d60d4fb3a0f5c865923ed3563e7 Author: Werner Koch Date: Sun Jul 3 10:27:39 2016 +0200 wks: Let the client only export the requested UID. * tools/gpg-wks-client.c (get_key): Export only the requested uid. Signed-off-by: Werner Koch diff --git a/doc/HACKING b/doc/HACKING index d2168d6..94e65d8 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -46,6 +46,8 @@ are - scd :: The scdaemon component - ccid :: The CCID driver in scdaemon - dirmngr :: The dirmngr component + - wks :: The web key service tools + - tools :: Other code in tools - w32 :: Windows related code - po :: Translations - build :: Changes to the build system diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 25ee43f..312f58b 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -291,11 +291,10 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec) { gpg_error_t err; ccparray_t ccp; - const char **argv; - estream_t key; + const char **argv = NULL; + estream_t key = NULL; struct get_key_status_parm_s parm; - - (void)addrspec; /* FIXME - need to use it. */ + char *filterexp = NULL; memset (&parm, 0, sizeof parm); @@ -306,7 +305,15 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec) { err = gpg_error_from_syserror (); log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); - return err; + goto leave; + } + + filterexp = es_bsprintf ("keep-uid=mbox = %s", addrspec); + if (!filterexp) + { + err = gpg_error_from_syserror (); + log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); + goto leave; } ccparray_init (&ccp, 0); @@ -321,6 +328,8 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec) ccparray_put (&ccp, "--always-trust"); ccparray_put (&ccp, "--armor"); ccparray_put (&ccp, "--export-options=export-minimal"); + ccparray_put (&ccp, "--export-filter"); + ccparray_put (&ccp, filterexp); ccparray_put (&ccp, "--export"); ccparray_put (&ccp, "--"); ccparray_put (&ccp, fingerprint); @@ -353,6 +362,7 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec) leave: es_fclose (key); xfree (argv); + xfree (filterexp); return err; } @@ -388,7 +398,6 @@ command_send (const char *fingerprint, char *userid) err = get_key (&key, fingerprint, addrspec); if (err) goto leave; - log_debug ("fixme: Check that the key has the requested user-id.\n"); /* Get the submission address. */ err = wkd_get_submission_address (addrspec, &submission_to); ----------------------------------------------------------------------- Summary of changes: doc/HACKING | 2 ++ tools/gpg-wks-client.c | 21 +++++++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jul 3 11:58:10 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 03 Jul 2016 11:58:10 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-107-g9177a89 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9177a897732b3cebf3f15c97c1f613f71b6318fe (commit) from 1bfed0bbc5ec9d60d4fb3a0f5c865923ed3563e7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9177a897732b3cebf3f15c97c1f613f71b6318fe Author: Werner Koch Date: Sun Jul 3 11:55:21 2016 +0200 gpg: Avoid spurious failures on keyblocks with no or only deleted nodes. * g10/import.c (write_keyblock_to_output): Clear ERR on success. -- Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index deb2787..e4b05f7 100644 --- a/g10/import.c +++ b/g10/import.c @@ -869,6 +869,7 @@ write_keyblock_to_output (kbnode_t keyblock) } } } + err = 0; leave: if (err) ----------------------------------------------------------------------- Summary of changes: g10/import.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jul 3 17:18:00 2016 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 03 Jul 2016 17:18:00 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-15-gcb79630 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via cb79630ec567a5f2e03e5f863cda168faa7b8cc8 (commit) via 07de9858032826f5a7b08c372f6bcc73bbb503eb (commit) via a6158a01a4d81a5d862e1e0a60bfd6063443311d (commit) via a09126242a51c4ea4564b0f70b808e4f27fe5a91 (commit) via 4a983e3bef58b9d056517e25e0ab10b72d12ceba (commit) from 6965515c73632a088fb126a4a55e95121671fa98 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cb79630ec567a5f2e03e5f863cda168faa7b8cc8 Author: Jussi Kivilinna Date: Fri Jul 1 23:07:07 2016 +0300 Fix static build * tests/pubkey.c (_gcry_pk_util_get_nbits): Make function 'static'. -- Signed-off-by: Jussi Kivilinna diff --git a/tests/pubkey.c b/tests/pubkey.c index 3eb5b4f..1271e43 100644 --- a/tests/pubkey.c +++ b/tests/pubkey.c @@ -175,7 +175,7 @@ show_sexp (const char *prefix, gcry_sexp_t a) } /* from ../cipher/pubkey-util.c */ -gpg_err_code_t +static gpg_err_code_t _gcry_pk_util_get_nbits (gcry_sexp_t list, unsigned int *r_nbits) { char buf[50]; commit 07de9858032826f5a7b08c372f6bcc73bbb503eb Author: Jussi Kivilinna Date: Thu Jun 30 21:51:50 2016 +0300 Disallow encryption/decryption if key is not set * cipher/cipher.c (cipher_encrypt, cipher_decrypt): If mode is not NONE, make sure that key is set. * cipher/cipher-ccm.c (_gcry_cipher_ccm_set_nonce): Do not clear 'marks.key' when reseting state. -- Reported-by: Andreas Metzler Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-ccm.c b/cipher/cipher-ccm.c index 4d8f816..d7f14d8 100644 --- a/cipher/cipher-ccm.c +++ b/cipher/cipher-ccm.c @@ -110,6 +110,7 @@ gcry_err_code_t _gcry_cipher_ccm_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce, size_t noncelen) { + unsigned int marks_key; size_t L = 15 - noncelen; size_t L_; @@ -122,12 +123,14 @@ _gcry_cipher_ccm_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce, return GPG_ERR_INV_LENGTH; /* Reset state */ + marks_key = c->marks.key; memset (&c->u_mode, 0, sizeof(c->u_mode)); memset (&c->marks, 0, sizeof(c->marks)); memset (&c->u_iv, 0, sizeof(c->u_iv)); memset (&c->u_ctr, 0, sizeof(c->u_ctr)); memset (c->lastiv, 0, sizeof(c->lastiv)); c->unused = 0; + c->marks.key = marks_key; /* Setup CTR */ c->u_ctr.ctr[0] = L_; diff --git a/cipher/cipher.c b/cipher/cipher.c index 2b7bf21..ff3340f 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -818,6 +818,12 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, { gcry_err_code_t rc; + if (c->mode != GCRY_CIPHER_MODE_NONE && !c->marks.key) + { + log_error ("cipher_encrypt: key not set\n"); + return GPG_ERR_MISSING_KEY; + } + switch (c->mode) { case GCRY_CIPHER_MODE_ECB: @@ -935,6 +941,12 @@ cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, { gcry_err_code_t rc; + if (c->mode != GCRY_CIPHER_MODE_NONE && !c->marks.key) + { + log_error ("cipher_decrypt: key not set\n"); + return GPG_ERR_MISSING_KEY; + } + switch (c->mode) { case GCRY_CIPHER_MODE_ECB: commit a6158a01a4d81a5d862e1e0a60bfd6063443311d Author: Jussi Kivilinna Date: Thu Jun 30 21:34:46 2016 +0300 Avoid unaligned accesses with ARM ldm/stm instructions * cipher/rijndael-arm.S: Remove __ARM_FEATURE_UNALIGNED ifdefs, always compile with unaligned load/store code paths. * cipher/sha512-arm.S: Ditto. -- Reported-by: Michael Plass Signed-off-by: Jussi Kivilinna diff --git a/cipher/rijndael-arm.S b/cipher/rijndael-arm.S index 694369d..e3a91c2 100644 --- a/cipher/rijndael-arm.S +++ b/cipher/rijndael-arm.S @@ -225,7 +225,7 @@ _gcry_aes_arm_encrypt_block: push {%r4-%r11, %ip, %lr}; /* read input block */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if src is unaligned */ tst %r2, #3; beq 1f; @@ -238,7 +238,6 @@ _gcry_aes_arm_encrypt_block: b 2f; .ltorg 1: -#endif /* aligned load */ ldm %r2, {RA, RB, RC, RD}; #ifndef __ARMEL__ @@ -277,7 +276,7 @@ _gcry_aes_arm_encrypt_block: add %sp, #16; /* store output block */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if dst is unaligned */ tst RT0, #3; beq 1f; @@ -290,7 +289,6 @@ _gcry_aes_arm_encrypt_block: b 2f; .ltorg 1: -#endif /* aligned store */ #ifndef __ARMEL__ rev RA, RA; @@ -484,7 +482,7 @@ _gcry_aes_arm_decrypt_block: push {%r4-%r11, %ip, %lr}; /* read input block */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if src is unaligned */ tst %r2, #3; beq 1f; @@ -497,7 +495,6 @@ _gcry_aes_arm_decrypt_block: b 2f; .ltorg 1: -#endif /* aligned load */ ldm %r2, {RA, RB, RC, RD}; #ifndef __ARMEL__ @@ -533,7 +530,7 @@ _gcry_aes_arm_decrypt_block: add %sp, #16; /* store output block */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if dst is unaligned */ tst RT0, #3; beq 1f; @@ -546,7 +543,6 @@ _gcry_aes_arm_decrypt_block: b 2f; .ltorg 1: -#endif /* aligned store */ #ifndef __ARMEL__ rev RA, RA; diff --git a/cipher/sha512-arm.S b/cipher/sha512-arm.S index 28f156e..94ec014 100644 --- a/cipher/sha512-arm.S +++ b/cipher/sha512-arm.S @@ -323,7 +323,7 @@ _gcry_sha512_transform_arm: stm RWhi, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} /* Load input to w[16] */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if data is unaligned */ tst %r1, #3; beq 1f; @@ -341,7 +341,6 @@ _gcry_sha512_transform_arm: read_be64_unaligned_4(%r1, 12 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); b 2f; -#endif 1: /* aligned load */ add RWhi, %sp, #(w(0)); commit a09126242a51c4ea4564b0f70b808e4f27fe5a91 Author: Jussi Kivilinna Date: Thu Jun 30 21:23:05 2016 +0300 Fix non-PIC reference in PIC for poly1305/ARMv7-NEON * cipher/poly1305-armv7-neon.S (GET_DATA_POINTER): New. (_gcry_poly1305_armv7_neon_init_ext): Use GET_DATA_POINTER. -- Reported-by: Michael Plass Signed-off-by: Jussi Kivilinna diff --git a/cipher/poly1305-armv7-neon.S b/cipher/poly1305-armv7-neon.S index 1134e85..b1554ed 100644 --- a/cipher/poly1305-armv7-neon.S +++ b/cipher/poly1305-armv7-neon.S @@ -33,6 +33,19 @@ .fpu neon .arm +#ifdef __PIC__ +# define GET_DATA_POINTER(reg, name, rtmp) \ + ldr reg, 1f; \ + ldr rtmp, 2f; \ + b 3f; \ + 1: .word _GLOBAL_OFFSET_TABLE_-(3f+8); \ + 2: .word name(GOT); \ + 3: add reg, pc, reg; \ + ldr reg, [reg, rtmp]; +#else +# define GET_DATA_POINTER(reg, name, rtmp) ldr reg, =name +#endif + .text .p2align 2 @@ -52,7 +65,7 @@ _gcry_poly1305_armv7_neon_init_ext: and r2, r2, r2 moveq r14, #-1 ldmia r1!, {r2-r5} - ldr r7, =.Lpoly1305_init_constants_neon + GET_DATA_POINTER(r7,.Lpoly1305_init_constants_neon,r8) mov r6, r2 mov r8, r2, lsr #26 mov r9, r3, lsr #20 commit 4a983e3bef58b9d056517e25e0ab10b72d12ceba Author: Jussi Kivilinna Date: Thu Jun 30 21:17:32 2016 +0300 Fix wrong CPU feature #ifdef for SHA1/AVX * cipher/sha1-avx-amd64.S: Check for HAVE_GCC_INLINE_ASM_AVX instead of HAVE_GCC_INLINE_ASM_AVX2 & HAVE_GCC_INLINE_ASM_BMI2. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/sha1-avx-amd64.S b/cipher/sha1-avx-amd64.S index 062a45b..3b3a6d1 100644 --- a/cipher/sha1-avx-amd64.S +++ b/cipher/sha1-avx-amd64.S @@ -31,8 +31,7 @@ #if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ - defined(HAVE_GCC_INLINE_ASM_BMI2) && \ - defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(USE_SHA1) + defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA1) #ifdef __PIC__ # define RIP (%rip) ----------------------------------------------------------------------- Summary of changes: cipher/cipher-ccm.c | 3 +++ cipher/cipher.c | 12 ++++++++++++ cipher/poly1305-armv7-neon.S | 15 ++++++++++++++- cipher/rijndael-arm.S | 12 ++++-------- cipher/sha1-avx-amd64.S | 3 +-- cipher/sha512-arm.S | 3 +-- tests/pubkey.c | 2 +- 7 files changed, 36 insertions(+), 14 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 4 10:02:49 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 04 Jul 2016 10:02:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-108-g27d158e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 27d158ead4a2b9c52269ef28d050a49c786c7d13 (commit) from 9177a897732b3cebf3f15c97c1f613f71b6318fe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 27d158ead4a2b9c52269ef28d050a49c786c7d13 Author: Werner Koch Date: Mon Jul 4 10:00:34 2016 +0200 tests: Add a gettime test for sizeof (time_t) > 4. * common/t-gettime.c (test_isotime2epoch): Add 4 more tests. Signed-off-by: Werner Koch diff --git a/common/t-gettime.c b/common/t-gettime.c index 9b3139d..8a222b7 100644 --- a/common/t-gettime.c +++ b/common/t-gettime.c @@ -54,6 +54,12 @@ test_isotime2epoch (void) { "20070629T160000 ", 1183132800 }, { "20070629T160000\n", 1183132800 }, { "20070629T160000.", INVALID }, +#if SIZEOF_TIME_T > 4 + { "21060207T062815", (time_t)0x0ffffffff }, + { "21060207T062816", (time_t)0x100000000 }, + { "21060207T062817", (time_t)0x100000001 }, + { "21060711T120001", (time_t)4308292801 }, +#endif /*SIZEOF_TIME_T > 4*/ { NULL, 0 } }; int idx; ----------------------------------------------------------------------- Summary of changes: common/t-gettime.c | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 4 11:31:41 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 04 Jul 2016 11:31:41 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-109-g8c8ae04 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8c8ae043b8d65cb79e0e99c5bdbdcbf34714bd0c (commit) from 27d158ead4a2b9c52269ef28d050a49c786c7d13 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8c8ae043b8d65cb79e0e99c5bdbdcbf34714bd0c Author: Werner Koch Date: Mon Jul 4 11:28:58 2016 +0200 wks: Add command --read to gpg-wks-client. * tools/gpg-wks-client.c (aRead): New. (opts): Add command "--read". (main): Implement that. -- This command allows to process alread decrypted Web Key Service messages. It can for example be used in /etc/mailcap --8<---------------cut here---------------start------------->8--- application/vnd.gnupg.wks; gpg-wks-client -v --read --send;\ needsterminal; description=Web Key Service message --8<---------------cut here---------------end--------------->8--- to allow Mutt to process confirmation requests. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 312f58b..20dfa29 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -51,6 +51,7 @@ enum cmd_and_opt_values aCreate, aReceive, + aRead, oGpgProgram, oSend, @@ -66,7 +67,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aCreate, "create", ("create a publication request")), ARGPARSE_c (aReceive, "receive", - ("receive a confirmation request")), + ("receive a MIME confirmation request")), + ARGPARSE_c (aRead, "read", + ("receive a plain text confirmation request")), ARGPARSE_group (301, ("@\nOptions:\n ")), @@ -96,6 +99,7 @@ static struct debug_flags_s debug_flags [] = static void wrong_args (const char *text) GPGRT_ATTR_NORETURN; static gpg_error_t command_send (const char *fingerprint, char *userid); +static gpg_error_t process_confirmation_request (estream_t msg); static gpg_error_t command_receive_cb (void *opaque, const char *mediatype, estream_t fp); @@ -172,6 +176,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) case aCreate: case aReceive: + case aRead: cmd = pargs->r_opt; break; @@ -242,12 +247,20 @@ main (int argc, char **argv) case aReceive: if (argc) - wrong_args ("--receive"); + wrong_args ("--receive < MIME-DATA"); err = wks_receive (es_stdin, command_receive_cb, NULL); if (err) log_error ("processing mail failed: %s\n", gpg_strerror (err)); break; + case aRead: + if (argc) + wrong_args ("--read < WKS-DATA"); + err = process_confirmation_request (es_stdin); + if (err) + log_error ("processing mail failed: %s\n", gpg_strerror (err)); + break; + default: usage (1); break; ----------------------------------------------------------------------- Summary of changes: tools/gpg-wks-client.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 4 11:48:30 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 04 Jul 2016 11:48:30 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-196-g329ab93 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 329ab93f7ed862d7f4c0501fca5355936a74ac52 (commit) via 8fa9b5696ca9f8386971e6f36646536f9579ceaa (commit) via efb5059b9b6e81db7b0c016aa9fb70abe98308ea (commit) via 80498ab662238a31325e78c0037ea6752f680a37 (commit) via d75c118aae18e20f08dbbb69c7998e1f3694ccd0 (commit) from fbd6ac4655ebf56d91ebd9a4ff499c8319fcd087 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 329ab93f7ed862d7f4c0501fca5355936a74ac52 Author: Andre Heinecke Date: Mon Jul 4 11:23:12 2016 +0200 Doc: Document pinentry mode * doc/gpgme.texi (Passphrase Callback): Document as context attribute. (gpgme_set_passphrase_cb): Note that this requires LOOPBACK mode with GnuPG 2.1. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 8d666c3..87322b0 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -2311,6 +2311,7 @@ started. In fact, these references are accessed through the * ASCII Armor:: Requesting @acronym{ASCII} armored output. * Text Mode:: Choosing canonical text mode. * Offline Mode:: Choosing offline mode. +* Pinentry Mode:: Choosing the pinentry mode. * Included Certificates:: Including a number of certificates. * Key Listing Mode:: Selecting key listing mode. * Passphrase Callback:: Getting the passphrase from the user. @@ -2471,6 +2472,57 @@ valid pointer. @end deftypefun + at node Pinentry Mode + at subsection Pinentry Mode + at cindex context, pinentry mode + at cindex pinentry mode + + at deftypefun gpgme_error_t gpgme_set_pinentry_mode (@w{gpgme_ctx_t @var{ctx}}, + at w{gpgme_pinentry_mode_t @var{mode}}) +The function @code{gpgme_set_pinentry_mode} specifies the pinentry mode +to be used. + +For GnuPG >= 2.1 this option is required to be set to + at code{GPGME_PINENTRY_MODE_LOOPBACK} to enable the passphrase callback +mechanism in GPGME through @code{gpgme_set_passphrase_cb}. + at end deftypefun + + at deftypefun gpgme_pinentry_mode_t gpgme_get_pinentry_mode (@w{gpgme_ctx_t @var{ctx}}) +The function @code{gpgme_get_pinenty_mode} returns the +mode set for the context. + at end deftypefun + + at deftp {Data type} {enum gpgme_pinentry_mode_t} + at tindex gpgme_pinentry_mode_t +The @code{gpgme_minentry_mode_t} type specifies the set of possible pinentry +modes that are supported by @acronym{GPGME} if GnuPG >= 2.1 is used. +The following modes are supported: + + at table @code + at item GPGME_PINENTRY_MODE_DEFAULT +Use the default of the agent, which is ask. + + at item GPGME_PINENTRY_MODE_ASK +Force the use of the Pinentry. + + at item GPGME_PINENTRY_MODE_CANCEL +Emulate use of Pinentry's cancel button. + + at item GPGME_PINENTRY_MODE_ERROR +Return a Pinentry error @code{No Pinentry}. + + at item GPGME_PINENTRY_MODE_LOOPBACK +Redirect Pinentry queries to the caller. +This enables the use of @code{gpgme_set_passphrase_cb} whis pinentry +queries redirected to gpgme. + +Note: This mode requires @code{allow-loopback-pinentry} to be enabled +in the @file{gpg-agent.conf} or an agent started with that option. + + at end table + at end deftp + + @node Included Certificates @subsection Included Certificates @cindex certificates, included @@ -2639,6 +2691,10 @@ implement their own passphrase query. Some engines do not even support an external passphrase callback at all, in this case the error code @code{GPG_ERR_NOT_SUPPORTED} is returned. +For GnuPG >= 2.1 the pinentry mode has to be set to + at code{GPGME_PINENTRY_MODE_LOOPBACK} to enable the passphrase callback. +See @code{gpgme_set_pinentry_mode}. + The user can disable the use of a passphrase callback function by calling @code{gpgme_set_passphrase_cb} with @var{passfunc} being @code{NULL}. commit 8fa9b5696ca9f8386971e6f36646536f9579ceaa Author: Andre Heinecke Date: Mon Jul 4 11:42:30 2016 +0200 Qt: Add testTofuSignCount * src/lang/qt/tests/t-tofuinfo.cpp(testTofuSignCount): New. (initTestCase): Set gpg-agent loopback pinentry config. (signAndVerify): Helper for tofuTestSignCount. -- Also needs the wait code because of GnuPG-Bug-Id: 2405 diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index 0257359..a27dd93 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -35,6 +35,12 @@ #include "tofuinfo.h" #include "verifyopaquejob.h" #include "verificationresult.h" +#include "signingresult.h" +#include "keylistjob.h" +#include "keylistresult.h" +#include "qgpgmesignjob.h" +#include "key.h" +#include "t-support.h" #include using namespace QGpgME; @@ -64,6 +70,40 @@ class TofuInfoTest: public QObject Q_ASSERT(orig.policy() == other.policy()); } + void signAndVerify(const QString &what, const GpgME::Key &key, int expected) + { + Context *ctx = Context::createForProtocol(OpenPGP); + ctx->setPassphraseProvider(new TestPassphraseProvider); + ctx->setPinentryMode(Context::PinentryLoopback); + auto *job = new QGpgMESignJob(ctx); + + std::vector keys; + keys.push_back(key); + QByteArray signedData; + auto sigResult = job->exec(keys, what.toUtf8(), NormalSignatureMode, signedData); + + Q_ASSERT(!sigResult.error()); + + auto verifyJob = openpgp()->verifyOpaqueJob(); + QByteArray verified; + + auto result = verifyJob->exec(signedData, verified); + + Q_ASSERT(!result.error()); + Q_ASSERT(verified == what.toUtf8()); + + Q_ASSERT(result.numSignatures() == 1); + auto sig = result.signatures()[0]; + + Q_FOREACH(const TofuInfo stats, sig.tofuInfo()) { + Q_ASSERT(!stats.isNull()); + Q_ASSERT(!strcmp(stats.fingerprint(), sig.fingerprint())); + Q_ASSERT(stats.signCount() == expected); + } + /* FIXME: GnuPG-Bug-Id 2405 makes the wait necessary. */ + QTest::qWait(1000); + } + private: QTemporaryDir mDir; @@ -90,9 +130,9 @@ private Q_SLOTS: auto result = job->exec(data1, plaintext); - Q_ASSERT(!strcmp(plaintext.constData(), "Just GNU it!\n")); Q_ASSERT(!result.isNull()); Q_ASSERT(!result.error()); + Q_ASSERT(!strcmp(plaintext.constData(), "Just GNU it!\n")); Q_ASSERT(result.numSignatures() == 1); Signature sig = result.signatures()[0]; @@ -138,6 +178,44 @@ private Q_SLOTS: Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); } + + /* Verify that another call yields the same result */ + job = openpgp()->verifyOpaqueJob(true); + result = job->exec(data1, plaintext); + + Q_ASSERT(!result.isNull()); + Q_ASSERT(!result.error()); + + Q_ASSERT(result.numSignatures() == 1); + sig = result.signatures()[0]; + /* TOFU is always marginal */ + Q_ASSERT(sig.validity() == Signature::Marginal); + + Q_ASSERT(!sig.tofuInfo().empty()); + Q_FOREACH(const TofuInfo stats, sig.tofuInfo()) { + Q_ASSERT(!stats.isNull()); + Q_ASSERT(!strcmp(stats.fingerprint(), sig.fingerprint())); + Q_ASSERT(stats.signCount() == 1); + Q_ASSERT(stats.address()); + Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); + Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); + } + } + + void testTofuSignCount() + { + auto *job = openpgp()->keyListJob(false, false, false); + std::vector keys; + GpgME::KeyListResult result = job->exec(QStringList() << QStringLiteral("zulu at example.net"), + true, keys); + Q_ASSERT(!keys.empty()); + Key key = keys[0]; + Q_ASSERT(!key.isNull()); + + signAndVerify(QStringLiteral("Hello"), key, 0); + signAndVerify(QStringLiteral("Hello2"), key, 1); + signAndVerify(QStringLiteral("Hello3"), key, 2); + signAndVerify(QStringLiteral("Hello4"), key, 3); } void initTestCase() @@ -150,6 +228,10 @@ private Q_SLOTS: Q_ASSERT(conf.open(QIODevice::WriteOnly)); conf.write("trust-model tofu+pgp"); conf.close(); + QFile agentConf(mDir.path() + QStringLiteral("/gpg-agent.conf")); + Q_ASSERT(agentConf.open(QIODevice::WriteOnly)); + agentConf.write("allow-loopback-pinentry"); + agentConf.close(); Q_ASSERT(QFile::copy(gpgHome + QStringLiteral("/pubring.gpg"), mDir.path() + QStringLiteral("/pubring.gpg"))); Q_ASSERT(QFile::copy(gpgHome + QStringLiteral("/secring.gpg"), commit efb5059b9b6e81db7b0c016aa9fb70abe98308ea Author: Andre Heinecke Date: Mon Jul 4 11:40:03 2016 +0200 Qt: Add test passphrase provider * lang/qt/tests/t-support.h (TestPassphraseProvider): New. * lang/qt/tests/Makefile.am (t_tofuinfo_SOURCES): Add t-support.h diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index 204b5a7..c228000 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -49,7 +49,7 @@ initial.test : check-local t_keylist_SOURCES = t-keylist.cpp t_keylocate_SOURCES = t-keylocate.cpp t_ownertrust_SOURCES = t-ownertrust.cpp -t_tofuinfo_SOURCES = t-tofuinfo.cpp +t_tofuinfo_SOURCES = t-tofuinfo.cpp t-support.h nodist_t_keylist_SOURCES = $(moc_files) diff --git a/lang/qt/tests/t-support.h b/lang/qt/tests/t-support.h new file mode 100644 index 0000000..8755b99 --- /dev/null +++ b/lang/qt/tests/t-support.h @@ -0,0 +1,47 @@ +/* t-support.h + + This file is part of qgpgme, the Qt API binding for gpgme + Copyright (c) 2016 Intevation GmbH + + QGpgME is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + QGpgME is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + In addition, as a special exception, the copyright holders give + permission to link the code of this program with any edition of + the Qt library by Trolltech AS, Norway (or with modified versions + of Qt that use the same license as Qt), and distribute linked + combinations including the two. You must obey the GNU General + Public License in all respects for all of the code used other than + Qt. If you modify this file, you may extend this exception to + your version of the file, but you are not obligated to do so. If + you do not wish to do so, delete this exception statement from + your version. +*/ + +#include "interfaces/passphraseprovider.h" +#include + +namespace GpgME +{ +class TestPassphraseProvider : public PassphraseProvider +{ +public: + char *getPassphrase(const char *useridHint, const char *description, + bool previousWasBad, bool &canceled) Q_DECL_OVERRIDE + { + return strdup("abc"); + } +}; + +} // namespace GpgME commit 80498ab662238a31325e78c0037ea6752f680a37 Author: Andre Heinecke Date: Mon Jul 4 11:31:01 2016 +0200 Cpp: Add support for TOFU_CONFLICT sigsum * lang/cpp/src/verificationresult.cpp (GpgME::Signature::Summary): Handle TOFU_CONFLICT. * lang/cpp/src/verificationresult.h (Summary): Add TofuConflict. diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp index 4bd1a7b..3eb8a85 100644 --- a/lang/cpp/src/verificationresult.cpp +++ b/lang/cpp/src/verificationresult.cpp @@ -224,6 +224,9 @@ GpgME::Signature::Summary GpgME::Signature::summary() const if (sigsum & GPGME_SIGSUM_SYS_ERROR) { result |= SysError; } + if (sigsum & GPGME_SIGSUM_TOFU_CONFLICT) { + result |= TofuConflict; + } return static_cast

(result); } @@ -520,6 +523,7 @@ std::ostream &GpgME::operator<<(std::ostream &os, Signature::Summary summary) OUTPUT(CrlTooOld); OUTPUT(BadPolicy); OUTPUT(SysError); + OUTPUT(TofuConflict); #undef OUTPUT return os << ')'; } diff --git a/lang/cpp/src/verificationresult.h b/lang/cpp/src/verificationresult.h index 5a2927f..f5fbc2e 100644 --- a/lang/cpp/src/verificationresult.h +++ b/lang/cpp/src/verificationresult.h @@ -115,7 +115,8 @@ public: CrlMissing = 0x080, CrlTooOld = 0x100, BadPolicy = 0x200, - SysError = 0x400 + SysError = 0x400, + TofuConflict= 0x800 }; Summary summary() const; commit d75c118aae18e20f08dbbb69c7998e1f3694ccd0 Author: Andre Heinecke Date: Mon Jul 4 11:25:40 2016 +0200 Cpp: Add support for pinentry_mode * lang/cpp/src/context.cpp (Context::pinentryMode): Return mode. (Context::setPinentryMode): Set mode. * lang/cpp/src/context.h (PinentryMode): Add enum. diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 085b835..9e31b6a 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -1255,6 +1255,46 @@ Error Context::lastError() const return Error(d->lasterr); } +Context::PinentryMode Context::pinentryMode() const +{ + switch (gpgme_get_pinentry_mode (d->ctx)) { + case GPGME_PINENTRY_MODE_ASK: + return PinentryAsk; + case GPGME_PINENTRY_MODE_CANCEL: + return PinentryCancel; + case GPGME_PINENTRY_MODE_ERROR: + return PinentryError; + case GPGME_PINENTRY_MODE_LOOPBACK: + return PinentryLoopback; + case GPGME_PINENTRY_MODE_DEFAULT: + default: + return PinentryDefault; + } +} + +Error Context::setPinentryMode(PinentryMode which) +{ + gpgme_pinentry_mode_t mode; + switch (which) { + case PinentryAsk: + mode = GPGME_PINENTRY_MODE_ASK; + break; + case PinentryCancel: + mode = GPGME_PINENTRY_MODE_CANCEL; + break; + case PinentryError: + mode = GPGME_PINENTRY_MODE_ERROR; + break; + case PinentryLoopback: + mode = GPGME_PINENTRY_MODE_LOOPBACK; + break; + case PinentryDefault: + default: + mode = GPGME_PINENTRY_MODE_DEFAULT; + } + return Error(d->lasterr = gpgme_set_pinentry_mode(d->ctx, mode)); +} + std::ostream &operator<<(std::ostream &os, Protocol proto) { os << "GpgME::Protocol("; diff --git a/lang/cpp/src/context.h b/lang/cpp/src/context.h index a8112d6..c9c2af7 100644 --- a/lang/cpp/src/context.h +++ b/lang/cpp/src/context.h @@ -117,6 +117,16 @@ public: GpgME::Error setEngineFileName(const char *filename); GpgME::Error setEngineHomeDirectory(const char *filename); + enum PinentryMode{ + PinentryDefault = 0, + PinentryAsk = 1, + PinentryCancel = 2, + PinentryError = 3, + PinentryLoopback = 4 + }; + GpgME::Error setPinentryMode(PinentryMode which); + PinentryMode pinentryMode() const; + private: friend class ::GpgME::EventLoopInteractor; void installIOCallbacks(gpgme_io_cbs *iocbs); ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 56 +++++++++++++++ lang/cpp/src/context.cpp | 40 +++++++++++ lang/cpp/src/context.h | 10 +++ lang/cpp/src/verificationresult.cpp | 4 ++ lang/cpp/src/verificationresult.h | 3 +- lang/qt/tests/Makefile.am | 2 +- .../{src/abstractimportjob.h => tests/t-support.h} | 35 +++------ lang/qt/tests/t-tofuinfo.cpp | 84 +++++++++++++++++++++- 8 files changed, 206 insertions(+), 28 deletions(-) copy lang/qt/{src/abstractimportjob.h => tests/t-support.h} (72%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 5 11:20:27 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 05 Jul 2016 11:20:27 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.23-7-g65e9676 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 65e967627b3d60f550c7d302227dcf9f797e437f (commit) from 1a53a0ac4cc241a5c6d360d6259dd04afc09264c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 65e967627b3d60f550c7d302227dcf9f797e437f Author: Andre Heinecke Date: Mon Jul 4 16:19:50 2016 +0200 Define EWOULDBLOCK in case it is not defined * src/estream.c (EWOULDBLOCK): Define fallback. -- Older mingw versions (2.0) do not define EWOULDBLOCK in errno.h diff --git a/src/estream.c b/src/estream.c index 4352df5..4cc72ba 100644 --- a/src/estream.c +++ b/src/estream.c @@ -130,6 +130,11 @@ # define O_NONBLOCK 0 /* FIXME: Not yet supported. */ #endif +#if !defined (EWOULDBLOCK) && defined (HAVE_W32_SYSTEM) +/* Compatibility with errno.h from mingw-2.0 */ +# define EWOULDBLOCK 140 +#endif + #ifndef EAGAIN # define EAGAIN EWOULDBLOCK #endif ----------------------------------------------------------------------- Summary of changes: src/estream.c | 5 +++++ 1 file changed, 5 insertions(+) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 5 12:41:50 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 05 Jul 2016 12:41:50 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-110-ga6b8798 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a6b87981f7ddef42b25703723162c647e312b125 (commit) from 8c8ae043b8d65cb79e0e99c5bdbdcbf34714bd0c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a6b87981f7ddef42b25703723162c647e312b125 Author: Justus Winter Date: Tue Jul 5 12:38:15 2016 +0200 g10: Fix out-of-bounds read. * g10/armor.c (use_armor_filter): We need two bytes for 'is_armored'. Signed-off-by: Justus Winter diff --git a/g10/armor.c b/g10/armor.c index fb74655..e4503b8 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -274,15 +274,17 @@ is_armored( const byte *buf ) int use_armor_filter( IOBUF a ) { - byte buf[1]; + byte buf[2]; int n; /* fixme: there might be a problem with iobuf_peek */ - n = iobuf_peek(a, buf, 1 ); + n = iobuf_peek (a, buf, 2); if( n == -1 ) return 0; /* EOF, doesn't matter whether armored or not */ if( !n ) return 1; /* can't check it: try armored */ + if (n != 2) + return 0; /* short buffer */ return is_armored(buf); } ----------------------------------------------------------------------- Summary of changes: g10/armor.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 5 13:56:24 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 05 Jul 2016 13:56:24 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.4.2-4-g70bb71e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 70bb71e51462e9d81eff80ef8308cd8e15ea96ca (commit) from d60ef7192ad95ec2ec1aef436742f56e6c750b89 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 70bb71e51462e9d81eff80ef8308cd8e15ea96ca Author: Justus Winter Date: Tue Jul 5 13:46:37 2016 +0200 Fix distcheck. * tests/Makefile.am (EXTRA_DIST): Drop compiled test. Signed-off-by: Justus Winter diff --git a/tests/Makefile.am b/tests/Makefile.am index 0ccb981..c9044a4 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -20,7 +20,7 @@ TESTS_ENVIRONMENT = -EXTRA_DIST = motd ce-createpipe.c $(testtools) +EXTRA_DIST = motd ce-createpipe.c BUILT_SOURCES = CLEANFILES = ----------------------------------------------------------------------- Summary of changes: tests/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 5 16:29:00 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 05 Jul 2016 16:29:00 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-114-g8270580 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8270580a5a70874beeffcdd16221937db4bcdc93 (commit) via f26fe4f73e8430d93c03d95a8a24fdabd078bb20 (commit) via b70d08827ddb56423ad610b4ebaaaf9cc763512f (commit) via 0b8a3358798b7028be872a923da2e275da67d592 (commit) from a6b87981f7ddef42b25703723162c647e312b125 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8270580a5a70874beeffcdd16221937db4bcdc93 Author: Justus Winter Date: Tue Jul 5 16:25:21 2016 +0200 tests: Honor environment variable 'TMP'. This fixes problems with long socket names, e.g. when doing distcheck. * tests/gpgscm/tests.scm (path-join): New function. (with-temporary-working-directory): Honor 'TMP'. (make-temporary-file): Likewise. * tests/migrations/Makefile.am (TMP): Default to '/tmp'. (TESTS_ENVIRONMENT): Set 'TMP'. * tests/openpgp/Makefile.am (TMP): Default to '/tmp'. (TESTS_ENVIRONMENT): Set 'TMP'. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index ebe1be5..2728817 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -160,6 +160,18 @@ (sink (open to (logior O_WRONLY O_CREAT) #o600))) (splice source sink))) +(define (path-join . components) + (let loop ((acc #f) (rest (filter (lambda (s) + (not (string=? "" s))) components))) + (if (null? rest) + acc + (loop (if (string? acc) + (string-append acc "/" (car rest)) + (car rest)) + (cdr rest))))) +(assert (string=? (path-join "foo" "bar" "baz") "foo/bar/baz")) +(assert (string=? (path-join "" "bar" "baz") "bar/baz")) + (define (canonical-path path) (if (char=? #\/ (string-ref path 0)) path @@ -222,7 +234,7 @@ (macro (with-temporary-working-directory form) (let ((result-sym (gensym)) (cwd-sym (gensym)) (tmp-sym (gensym))) `(let* ((,cwd-sym (getcwd)) - (,tmp-sym (mkdtemp "gpgscm-XXXXXX")) + (,tmp-sym (mkdtemp (path-join (getenv "TMP") "gpgscm-XXXXXX"))) (_ (chdir ,tmp-sym)) (,result-sym (begin ,@(cdr form)))) (chdir ,cwd-sym) @@ -230,9 +242,9 @@ ,result-sym))) (define (make-temporary-file . args) - (canonical-path (string-append (mkdtemp "gpgscm-XXXXXX") - "/" - (if (null? args) "a" (car args))))) + (canonical-path (path-join + (mkdtemp (path-join (getenv "TMP") "gpgscm-XXXXXX")) + (if (null? args) "a" (car args))))) (define (remove-temporary-file filename) (catch '() diff --git a/tests/migrations/Makefile.am b/tests/migrations/Makefile.am index 0377b23..9c82d66 100644 --- a/tests/migrations/Makefile.am +++ b/tests/migrations/Makefile.am @@ -26,8 +26,11 @@ include $(top_srcdir)/am/cmacros.am AM_CFLAGS = +TMP ?= /tmp + TESTS_ENVIRONMENT = GPG_AGENT_INFO= LC_ALL=C \ PATH=../gpgscm:$(PATH) \ + TMP=$(TMP) \ GPGSCM_PATH=$(top_srcdir)/tests/gpgscm:$(top_srcdir)/tests/migrations TESTS = from-classic.scm \ diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 4137018..012a3f2 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -34,9 +34,12 @@ noinst_PROGRAMS = fake-pinentry fake_pinentry_SOURCES = fake-pinentry.c +TMP ?= /tmp + TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \ EXEEXT=$(EXEEXT) \ PATH=../gpgscm:$(PATH) \ + TMP=$(TMP) \ objdir=$(abs_top_builddir) \ GPGSCM_PATH=$(top_srcdir)/tests/gpgscm:$(top_srcdir)/tests/openpgp commit f26fe4f73e8430d93c03d95a8a24fdabd078bb20 Author: Justus Winter Date: Tue Jul 5 16:24:13 2016 +0200 gpgscm: Improve robustness and compatibility. * tests/gpgscm/ffi.c (do_getenv): Avoid gccism. (do_mkdtemp): Handle errors. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index acfe1c7..21beb76 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -219,9 +219,11 @@ do_getenv (scheme *sc, pointer args) { FFI_PROLOG (); char *name; + char *value; FFI_ARG_OR_RETURN (sc, char *, name, string, args); FFI_ARGS_DONE_OR_RETURN (sc, args); - FFI_RETURN_STRING (sc, getenv (name) ?: ""); + value = getenv (name); + FFI_RETURN_STRING (sc, value ? value : ""); } static pointer @@ -313,6 +315,7 @@ do_mkdtemp (scheme *sc, pointer args) FFI_PROLOG (); char *template; char buffer[128]; + char *name; FFI_ARG_OR_RETURN (sc, char *, template, string, args); FFI_ARGS_DONE_OR_RETURN (sc, args); @@ -320,7 +323,10 @@ do_mkdtemp (scheme *sc, pointer args) FFI_RETURN_ERR (sc, EINVAL); strncpy (buffer, template, sizeof buffer); - FFI_RETURN_STRING (sc, gnupg_mkdtemp (buffer)); + name = gnupg_mkdtemp (buffer); + if (name == NULL) + FFI_RETURN_ERR (sc, gpg_error_from_syserror ()); + FFI_RETURN_STRING (sc, name); } static pointer commit b70d08827ddb56423ad610b4ebaaaf9cc763512f Author: Justus Winter Date: Tue Jul 5 15:13:25 2016 +0200 tests/migrations: Fix distcheck. * tests/migrations/Makefile.am (TESTS): Rename test. (TEST_FILES): Update list. (EXTRA_DIST): Add common.scm. * tests/migrations/common.scm (GPGTAR): New variable. (dearmor): Rename and untar archive. * tests/migrations/extended-private-key-format.scm: Rename. (setup): Update. * tests/migrations/extended-pkf.tar.asc: New file. * tests/migrations/extended-private-key-format.gpghome: Delete. * tests/migrations/from-classic.gpghome: Likewise. * tests/migrations/from-classic.scm (setup): Update. * tests/migrations/from-classic.tar.asc: New file. Signed-off-by: Justus Winter diff --git a/tests/migrations/Makefile.am b/tests/migrations/Makefile.am index baba00a..0377b23 100644 --- a/tests/migrations/Makefile.am +++ b/tests/migrations/Makefile.am @@ -31,18 +31,12 @@ TESTS_ENVIRONMENT = GPG_AGENT_INFO= LC_ALL=C \ GPGSCM_PATH=$(top_srcdir)/tests/gpgscm:$(top_srcdir)/tests/migrations TESTS = from-classic.scm \ - extended-private-key-format.scm - -TEST_FILES = from-classic.gpghome/pubring.gpg.asc \ - from-classic.gpghome/secring.gpg.asc \ - from-classic.gpghome/trustdb.gpg.asc \ - extended-private-key-format.gpghome/trustdb.gpg.asc \ - extended-private-key-format.gpghome/pubring.kbx.asc \ - extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc \ - extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc \ - extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc - -EXTRA_DIST = $(TESTS) $(TEST_FILES) + extended-pkf.scm + +TEST_FILES = from-classic.tar.asc \ + extended-pkf.tar.asc + +EXTRA_DIST = common.scm $(TESTS) $(TEST_FILES) CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ diff --git a/tests/migrations/common.scm b/tests/migrations/common.scm index e13f975..79f69e5 100644 --- a/tests/migrations/common.scm +++ b/tests/migrations/common.scm @@ -30,11 +30,10 @@ --no-secmem-warning --batch ,(string-append "--agent-program=" GPG-AGENT "|--debug-quick-random"))) +(define GPGTAR (qualify (string-append (getcwd) "/../../tools/gpgtar"))) -(define (dearmor source-name sink-name) +(define (untar-armored source-name) (pipe:do (pipe:open source-name (logior O_RDONLY O_BINARY)) (pipe:spawn `(, at GPG --dearmor)) - (pipe:write-to sink-name - (logior O_WRONLY O_CREAT O_BINARY) - #o600))) + (pipe:spawn `(,GPGTAR --extract --directory=. -)))) diff --git a/tests/migrations/extended-private-key-format.scm b/tests/migrations/extended-pkf.scm similarity index 69% rename from tests/migrations/extended-private-key-format.scm rename to tests/migrations/extended-pkf.scm index d4a9422..3e76532 100755 --- a/tests/migrations/extended-private-key-format.scm +++ b/tests/migrations/extended-pkf.scm @@ -19,23 +19,10 @@ (load (with-path "common.scm")) -(define src-gpghome (in-srcdir "extended-private-key-format.gpghome")) +(define src-tarball (in-srcdir "extended-pkf.tar.asc")) (define (setup) - (for-each-p' - "Preparing home directory" - (lambda (f) (dearmor f (basename-suffix f ".asc"))) - (lambda (f) (basename-suffix f ".asc")) - (glob (string-append src-gpghome "/*.asc"))) - - (mkdir "private-keys-v1.d" "-rwx") - (for-each-p' - "Preparing private-keys-v1.d directory" - (lambda (f) (dearmor f (string-append "private-keys-v1.d/" - (basename-suffix f ".asc")))) - (lambda (f) (basename-suffix f ".asc")) - (glob (string-append src-gpghome "/private-keys-v1.d/*.asc"))) - + (untar-armored src-tarball) (setenv "GNUPGHOME" (getcwd) #t)) (define (trigger-migration) diff --git a/tests/migrations/extended-pkf.tar.asc b/tests/migrations/extended-pkf.tar.asc new file mode 100644 index 0000000..adbe174 --- /dev/null +++ b/tests/migrations/extended-pkf.tar.asc @@ -0,0 +1,220 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +cHJpdmF0ZS1rZXlzLXYxLmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAADAwMDA3NTUAMDAwMTc1MAAwMDAxNzUwADAwMDAwMDAwMDAwADEyNzM2NzI1 +MzA2ADAxNDU0NwAgNQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMHRleXRob29uAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAdGV5dGhvb24AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwcml2YXRlLWtleXMtdjEu +ZC84QjVBQkYzRUY5RUI4RDk2QjkxQTBCOEMyQzQ0MDFDOTFDODM0QzM0LmtleQAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDAwMDY0NAAwMDAx +NzUwADAwMDE3NTAAMDAwMDAwMDEyMDQAMTI3MzY3MjUyNTYAMDIyMTAyACAwAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AHVzdGFyADAwdGV5dGhvb24AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0ZXl0aG9v +bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAEtleTogKHByaXZhdGUta2V5IChlbGcgKHAgIzAwQ0NE +OEIxRjlEQUM3NEQ4MDhDQzUyRjBEODk0NjREQTU1NEM2OUQ2N0YzCiAzMjNDNDJB +OTVDOTk2MkRGNDIxMjZFQzBFMDk3MUY0OUI4MTE1MjlBNkEyQUU5RjBBREVCODM5 +QTYzNDYxNUNENTZGQTU0CiBGNUEwQjdFRjI1QTBFMkZFODQzRkEyRTZFMDIxQ0FC +NDExOUU2MDM5NEM5RDZBM0Y3QUQ0RjU3Nzk2RDM2NjY5QTUxMjY2CiBDMjdBOEQx +QzVBNkI0MTQxRDVDODMxRTg0NTQxRjNDODExRTg5MDc4OTgwMzM4Mjk1RjgyQjdG +N0ZENDMzM0VGRDkzMzEyCiBGMkFCIykoZyAjMDYjKSh5ICMzNzczQTZEOUVDODg5 +RDc2RTMyNEQ2RTVFQzIxQkQ0NTY5OTgzMUFFNEZEMEFFMDM3ODIwCiA1QkFFNUI4 +Q0U4NUZBREFCRDdFNkI3QzczMDI1Q0IzRDczMEQ1QzU4MjkwMzRENzZCRTA4NTVD +MkU5RkY3QTQ5MjNFRkZBCiBGMTZBOTY2Njk0NERCQzYyOTQ4MzhGQzNGMDlGRjk2 +NEE4RDAyM0NCOEVCQTMzMkZCMDUxRUEwMjgyMEVFNjEyMEZGQkU2CiAyQjM2QTIw +MkIzQzc1MkY5REE3NkIyRUMxMUE2N0QyRTM1RTY2RUMxMDYzNTg3QjIyNTAwRThB +NDZEMTU3Qjc1IykoeCAjCiA2OTE1QzZDRUQyNTgxNDNGODkzN0IxMzM1RjQ4ODdG +MDA0MkI3QzYzMDA1Mzk4RjkzOTZCQjg1MzIzOENCNiMpKSkKNjE1Q0Q1NkZBNTQK +IEY1QTBCN0VGMjVBMEUyRkU4NDNGQTJFNkUwMjFDQUI0MTE5RTYwMzk0QzlENkEz +RjdBRDRGNTc3OTZEMzY2NjlBNTEyNjYKIEMyN0E4RDFDNUE2QjQxNDFENUM4MzFF +ODQ1NDFGM0M4MTFFODkwNzg5ODAzMzgyOTVGODJCN0Y3RkQ0MzMzRUZEOTMzMTIK +IEYyQUIjKShnICMwNiMpKHkgIzM3NzNBNkQ5RUM4ODlENzZFMzI0RDZFNUVDMjFC +RDQ1Njk5ODMxQUU0RkQwQUUwMzc4MjAKIDVCQUU1QjhDRTg1RkFEQUJEN0U2QjdD +NzMwMjVDQjNENzMwRDVDNTgyOTAzNEQ3NkJFMDg1NUMyRTlGRjdBNDkyM0VGRkEK +IEYxNkE5NjY2OTQ0REJDNjI5NDgzOEZDM0YwOUZGOTY0QThEMDIzQ0I4RUJBMzMy +RkIwNTFFQTAyODIwRUU2MTIwRkZCRTYKIDJCMzZBMjBwcml2YXRlLWtleXMtdjEu +ZC8zNDNEOEFGNzk3OTZFRTEwN0Q2NDVBMjc4N0E5RDkyNTJGOTI0RTZGLmtleQAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDAwMDY0NAAwMDAx +NzUwADAwMDE3NTAAMDAwMDAwMDA3NTQAMTI3MzY3MjUyNTYAMDIyMDQwACAwAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AHVzdGFyADAwdGV5dGhvb24AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0ZXl0aG9v +bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAACgxMTpwcml2YXRlLWtleSgzOmRzYSgxOnAxMjk6AKxx +qlg9Kz9DZ/3N52BC0w+JtYKke39vpdWVDHR3MHmMJ/31Y2iSpm0fvRs3h1j9/fBV +mLOZglNQyH62SxdJyZwCelkZzfUy/qLm9Qaqi7wpg0p4EbmWdoFF/A1Zg/MU7D5w +5xu+EA1J77Z6QyALN9rIOXZ7rLLa64lw/MV4LdIPKSgxOnEyMToAuOPYbSW26ea5 +CR7wQ7OGMRCJJOcpKDE6ZzEyODpfiE8aUjDk+UeuwbuF1qGFO51XmFEaW+iyfCyt +gle8oBAsBXURXbpIhhQfmkz/Jxesbbl2pWgbnq5CqeEF1SqjiJKezFjdkwDjoPXh +ERz0//8Ia8n+PZnjWDDy7ygHutLnR2O+hpZvmbKPtuFpxMF19qHdTx1VdwiLVkW+ +2JoYBikoMTp5MTI4OgIF7eNIdpaYiB0427un4ggc26+Y9nkF93DaMnZEaYSeum6g +/g7D1vwINFgQkMYEWi4DK3W+uH0E/n8o20wS2wvMrbeYaQm5v6ucd001wwFDY6Ad +wpwP7UCLQcu6qqvwNHdxWYK6+gIsSufLmeMGrsvC0WQqYeu1GfGpHIMCZJlZKSgx +OngyMDp/2Na42QEhjCvSBm9cv2Qyk9M5EykpKQAAAAAAAAAAAAAAAAAAAAAAAAAA +cHJpdmF0ZS1rZXlzLXYxLmQvMTNGREI4ODA5QjE3QzU1NDc3NzlGOUQyMDVDNDVG +NDdDRTAyMTdDRS5rZXkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAADAwMDA2NDQAMDAwMTc1MAAwMDAxNzUwADAwMDAwMDAxNzQyADEyNzM2NzI1 +MjU2ADAyMjAzMgAgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMHRleXRob29uAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAdGV5dGhvb24AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABLZXk6IChwcml2YXRlLWtl +eSAocnNhIChuICMwMEE4NTI1Njc2RUNFNEQ3NUZFNkQwMDczRjJCRjk5QTZGNDkz +M0NFQkRENAogNTI4QUY1NkU0QzYxRTJGNzMxMjQ3MzkzNjQ1RERBRjU4RUFERDU2 +NTI5QzI1Mzk3NzgyMzY0NjNERjJENDU4NTIwRTgwRQogMzRDMDU4MjQyQjNGRjg4 +REQzOUE4ODNCNDc1QjY2Q0VBQUJCQzk5ODlGRjAxRkZFNzM3NjYwRTlCNjFCQjlE +QzkxMjA1RAogNDI4RkZGRThGNjc1RkFFRjYxMzY1OEM3MkRBNkQ3NTBDMEVCQzQw +QUY2MjNEMjA2NjkyQzgyNTE0QzQwNEQ4ODI1QUI3MAogMTAwMSMpKGUgIzAxMDEj +KShkICMwMEJDQTAwMTQ0ODVGQjc2RDUwRTlCNkNCQTU3MjFBQzExMjEzOTBGODYw +OEQ0MDg0QgogRDA0NUE4NzZERjM4MTBGMTE0QkMyRDY4RUI1NTJFNjFCMDFFREJD +MjQ4MUYwOEM4MjgzMkUwMEUyNzlENjdBODUzMDU1RAogQ0FFNUMyMzU2ODUxQ0JF +MzZENjEwQzREMkFCNDNGQTY1NTk4NUM0NDY5RDFEOTExRTFBRkQ4MTdFQUE1RkVF +MEZGMjY1NwogNEMzNTlFMTc1Mjg3MDUyMTk0NTNCNTFBRUMxMERCRjc1NjJCMDYx +RDVDNjZDMzVCQjNGOUYwQjIyMkI5RDE5NkI5IykocAogICMwMEMzM0M1ODA2Mzk5 +NkJENTk3NTJBQUJERkRBQ0RBQTdCNEI2NkFBMTc1NEVFMEQ4OUI3Nzk0RjBERThG +RjcyNEM1NAogOUZGMTEyQTMzMjkyQkI5RDdCQ0VFNzk0RjA4MDI0QzNFNTVGRDgy +MzNGNTA3OUVENDk5MUM0REYyNjE4RDkjKShxICMwMAogRENCNTk0NUYwMEYxQUY0 +MzhCRDRDMzExQjhCQUNBM0Q5REIwQUQxNjUxOTg2NTM0MjAzMEYxREYzMDU3RTU1 +MzJDNDdGNQogOEQzMzAzQ0JBM0M4QTI5ODE0RjYxN0I3QjNERUU5OEZBQUFBRUU4 +MTFCNDk4RkFBRjIxNzdCNzc2OSMpKHUgIzI5RkIyRAogRjY5QjIzNUE0OUE5MDZC +MTBFRjdEOEY4MUFBRUE4QUQ4MUU3Q0RERTFGNEE3OUNFMjQ0QkY4RkNFNkRENUVC +MTgxMUIwQgogRDVFNTE2NUI5NTcwODUwMzY5MDFERDI4NUE2MjhDMjk3QTc4MkRB +ODE1NzNBNDNEMUMwOSMpKSkKMUFGRDgxN0VBQTVGRUUwRkYyNjU3CiA0QzM1OUUx +cHVicmluZy5rYngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAADAwMDA2NDQAMDAwMTc1MAAwMDAxNzUwADAwMDAwMDAzMDI3ADEyNzM2NzI1 +MjU2ADAxMzYxNwAgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMHRleXRob29uAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAdGV5dGhvb24AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAQEAAktCWGYAAAAA +Vxi2I1cYtiMAAAAAAAAAAAAABBcCAQAAAAAAfgAAA4UAAgAcwd67NOqLcQCer6R0 +lz1Q4cQP3s8AAAAgAAAAAM09D1cBy/yssqSQcwWjeIeyeQeqAAAAPAAAAAAAAAAB +AAwAAAIlAAAAIgAAAAAAAgAE//////////8AAAAAAAAAAAAAAABXGLYjAAAAAJkB +ogQ/8lJrEQQArHGqWD0rP0Nn/c3nYELTD4m1gqR7f2+l1ZUMdHcweYwn/fVjaJKm +bR+9GzeHWP398FWYs5mCU1DIfrZLF0nJnAJ6WRnN9TL+oub1BqqLvCmDSngRuZZ2 +gUX8DVmD8xTsPnDnG74QDUnvtnpDIAs32sg5dnusstrriXD8xXgt0g8AoLjj2G0l +tunmuQke8EOzhjEQiSTnA/9fiE8aUjDk+UeuwbuF1qGFO51XmFEaW+iyfCytgle8 +oBAsBXURXbpIhhQfmkz/Jxesbbl2pWgbnq5CqeEF1SqjiJKezFjdkwDjoPXhERz0 +//8Ia8n+PZnjWDDy7ygHutLnR2O+hpZvmbKPtuFpxMF19qHdTx1VdwiLVkW+2JoY +BgP6AgXt40h2lpiIHTjbu6fiCBzbr5j2eQX3cNoydkRphJ66bqD+DsPW/Ag0WBCQ +xgRaLgMrdb64fQT+fyjbTBLbC8ytt5hpCbm/q5x3TTXDAUNjoB3CnA/tQItBy7qq +q/A0d3FZgrr6AixK58uZ4wauy8LRZCph67UZ8akcgwJkmVm0IlRlc3QgdHdvIChu +byBwcCkgPHR3b0BleGFtcGxlLmNvbT6IXwQTEQIAHwUCP/JSawIbAwcLCQgHAwIB +AxUCAwMWAgECHgECF4AACgkQlz1Q4cQP3s+AQwCfQXxEYOueZe/uuozb6mJzagPP +WSkAnRJY8fF2MkdbOgYyseqhwDL/fAWLuQENBD/yUm8QBADM2LH52sdNgIzFLw2J +Rk2lVMadZ/MyPEKpXJli30ISbsDglx9JuBFSmmoq6fCt64OaY0YVzVb6VPWgt+8l +oOL+hD+i5uAhyrQRnmA5TJ1qP3rU9XeW02ZppRJmwnqNHFprQUHVyDHoRUHzyBHo +kHiYAzgpX4K39/1DM+/ZMxLyqwADBgP+N3Om2eyInXbjJNbl7CG9RWmYMa5P0K4D +eCBbrluM6F+tq9fmt8cwJcs9cw1cWCkDTXa+CFXC6f96SSPv+vFqlmaUTbxilIOP +w/Cf+WSo0CPLjrozL7BR6gKCDuYSD/vmKzaiArPHUvnadrLsEaZ9LjXmbsEGNYey +JQDopG0Ve3WISQQYEQIACQUCP/JSbwIbDAAKCRCXPVDhxA/ezyy+AKCZZylXC+0M +3ecBVPV0wVO8LPSF/ACgjhWzMkF6wb/wbItb57YT4uJBdWpyKrYYYncCnYq+gLAI +v8OEIB9wawAAAeACAQAAAAAAXgAAAW4AAQAczyNJCw94uFC7vHNp0SC2Juyr9R0A +AAAgAAAAAAAAAAEADAAAAO8AAAAmAAAAAAABAAT/////AAAAAAAAAAAAAAAAVxi2 +SQAAAACZAIwEP/JTvQEEAKhSVnbs5Ndf5tAHPyv5mm9JM8691FKK9W5MYeL3MSRz +k2Rd2vWOrdVlKcJTl3gjZGPfLUWFIOgONMBYJCs/+I3Tmog7R1tmzqq7yZif8B/+ +c3Zg6bYbudyRIF1Cj//o9nX672E2WMctptdQwOvECvYj0gZpLIJRTEBNiCWrcBAB +AAkBAbQmVGVzdCB0aHJlZSAobm8gcHApIDx0aHJlZUBleGFtcGxlLmNvbT6ItQQT +AQIAHwUCP/JTvQIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQ0SC2Juyr9R1q +QwP/bCDX1WGk1u0zkKJWJ/VXnuH3jk6ZevkuHZICwjlqAxv1de5P3Jeya/4kPmEQ +TotEv3xcDAZ+9pBL3TrZolAKhxkBZ08l4QSy76kyf8hB0eoZ2Svs7LrGPBJr6CHX +0kyDiapHgAhBKQq9GhNKpIAZuL6DK2dOaQDtoRSW2iB1h4ksYHkxg+dI/AANhV82 +0vGwpkRIsPBsi1vnthPi4kF1anIqthhidwKdir6AsAi/w4QgH3BrAAAB4AIBAAAA +AABeAAABbgABABzPI0kLD3i4ULu8c2nRILYm7Kv1HQAAACAAAAAAAAAAAQAMAAAA +7wAAACYAAAAAAAEABP////8AAAAAAAAAAAAAAABXGLZJAAAAAJkAjAQ/8lO9AQQA +qFJWduzk11/m0Ac/K/mab0kzzr3UUor1bkxh4vcxJHOTZF3a9Y6t1WUpwlOXeCNk +Y98tRYUg6A40wFgkKz/4jdOaiDtHW2bOqrvJmJ/wH/5zdmDpthu53JEgXUKP/+j2 +dfrvYTZYxy2m11DA68QK9iPSBmksglFMQE2IJatwEAEACQEBtCZUZXN0IHRocmVl +IChubyBwcCkgPHRocmVlQGV4YW1wbGUuY29tPoi1BBMBAgAfBQI/8lO9AhsDBwsJ +CAcDAgEDFQIDAxYCAQIeAQIXgAAKCRDRILYm7Kv1HWpDA/9sINfVYaTW7TOQolYn +9Vee4feOTpl6+S4dkgLCOWoDG/V17k/cl7Jr/iQ+YRBOi0S/fFwMBn72kEvdOtmi +UAqHGQFnTyXhBLLvqTJ/yEHR6hnZK+zsusY8EmvoIdfSTIOJqkeACEEpCr0aE0qk +gBm4voMrZ05pAO2hFJbaIHRydXN0ZGIuZ3BnAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAwMDAwNjQ0ADAwMDE3NTAAMDAwMTc1MAAwMDAw +MDAwMjI2MAAxMjczNjcyNTI1NgAwMTM2MjcAIDAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdXN0YXIAMDB0ZXl0aG9v +bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRleXRob29uAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AWdwZwMDAQUBAgAAVxi2IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAA== +=Joz2 +-----END PGP ARMORED FILE----- diff --git a/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc b/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc deleted file mode 100644 index d9192b1..0000000 --- a/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN PGP ARMORED FILE----- -Version: GnuPG v2 -Comment: Use "gpg --dearmor" for unpacking - -S2V5OiAocHJpdmF0ZS1rZXkgKHJzYSAobiAjMDBBODUyNTY3NkVDRTRENzVGRTZE -MDA3M0YyQkY5OUE2RjQ5MzNDRUJERDQKIDUyOEFGNTZFNEM2MUUyRjczMTI0NzM5 -MzY0NUREQUY1OEVBREQ1NjUyOUMyNTM5Nzc4MjM2NDYzREYyRDQ1ODUyMEU4MEUK -IDM0QzA1ODI0MkIzRkY4OEREMzlBODgzQjQ3NUI2NkNFQUFCQkM5OTg5RkYwMUZG -RTczNzY2MEU5QjYxQkI5REM5MTIwNUQKIDQyOEZGRkU4RjY3NUZBRUY2MTM2NThD -NzJEQTZENzUwQzBFQkM0MEFGNjIzRDIwNjY5MkM4MjUxNEM0MDREODgyNUFCNzAK -IDEwMDEjKShlICMwMTAxIykoZCAjMDBCQ0EwMDE0NDg1RkI3NkQ1MEU5QjZDQkE1 -NzIxQUMxMTIxMzkwRjg2MDhENDA4NEIKIEQwNDVBODc2REYzODEwRjExNEJDMkQ2 -OEVCNTUyRTYxQjAxRURCQzI0ODFGMDhDODI4MzJFMDBFMjc5RDY3QTg1MzA1NUQK -IENBRTVDMjM1Njg1MUNCRTM2RDYxMEM0RDJBQjQzRkE2NTU5ODVDNDQ2OUQxRDkx -MUUxQUZEODE3RUFBNUZFRTBGRjI2NTcKIDRDMzU5RTE3NTI4NzA1MjE5NDUzQjUx -QUVDMTBEQkY3NTYyQjA2MUQ1QzY2QzM1QkIzRjlGMEIyMjJCOUQxOTZCOSMpKHAK -ICAjMDBDMzNDNTgwNjM5OTZCRDU5NzUyQUFCREZEQUNEQUE3QjRCNjZBQTE3NTRF -RTBEODlCNzc5NEYwREU4RkY3MjRDNTQKIDlGRjExMkEzMzI5MkJCOUQ3QkNFRTc5 -NEYwODAyNEMzRTU1RkQ4MjMzRjUwNzlFRDQ5OTFDNERGMjYxOEQ5IykocSAjMDAK -IERDQjU5NDVGMDBGMUFGNDM4QkQ0QzMxMUI4QkFDQTNEOURCMEFEMTY1MTk4NjUz -NDIwMzBGMURGMzA1N0U1NTMyQzQ3RjUKIDhEMzMwM0NCQTNDOEEyOTgxNEY2MTdC -N0IzREVFOThGQUFBQUVFODExQjQ5OEZBQUYyMTc3Qjc3NjkjKSh1ICMyOUZCMkQK -IEY2OUIyMzVBNDlBOTA2QjEwRUY3RDhGODFBQUVBOEFEODFFN0NEREUxRjRBNzlD -RTI0NEJGOEZDRTZERDVFQjE4MTFCMEIKIEQ1RTUxNjVCOTU3MDg1MDM2OTAxREQy -ODVBNjI4QzI5N0E3ODJEQTgxNTczQTQzRDFDMDkjKSkpCg== -=laTh ------END PGP ARMORED FILE----- diff --git a/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc b/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc deleted file mode 100644 index 1eede1c..0000000 --- a/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP ARMORED FILE----- -Version: GnuPG v2 -Comment: Use "gpg --dearmor" for unpacking - -KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToArHGqWD0rP0Nn/c3nYELTD4m1 -gqR7f2+l1ZUMdHcweYwn/fVjaJKmbR+9GzeHWP398FWYs5mCU1DIfrZLF0nJnAJ6 -WRnN9TL+oub1BqqLvCmDSngRuZZ2gUX8DVmD8xTsPnDnG74QDUnvtnpDIAs32sg5 -dnusstrriXD8xXgt0g8pKDE6cTIxOgC449htJbbp5rkJHvBDs4YxEIkk5ykoMTpn -MTI4Ol+ITxpSMOT5R67Bu4XWoYU7nVeYURpb6LJ8LK2CV7ygECwFdRFdukiGFB+a -TP8nF6xtuXalaBuerkKp4QXVKqOIkp7MWN2TAOOg9eERHPT//whryf49meNYMPLv -KAe60udHY76Glm+Zso+24WnEwXX2od1PHVV3CItWRb7YmhgGKSgxOnkxMjg6AgXt -40h2lpiIHTjbu6fiCBzbr5j2eQX3cNoydkRphJ66bqD+DsPW/Ag0WBCQxgRaLgMr -db64fQT+fyjbTBLbC8ytt5hpCbm/q5x3TTXDAUNjoB3CnA/tQItBy7qqq/A0d3FZ -grr6AixK58uZ4wauy8LRZCph67UZ8akcgwJkmVkpKDE6eDIwOn/Y1rjZASGMK9IG -b1y/ZDKT0zkTKSkp -=muRa ------END PGP ARMORED FILE----- diff --git a/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc b/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc deleted file mode 100644 index 7083673..0000000 --- a/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN PGP ARMORED FILE----- -Version: GnuPG v2 -Comment: Use "gpg --dearmor" for unpacking - -S2V5OiAocHJpdmF0ZS1rZXkgKGVsZyAocCAjMDBDQ0Q4QjFGOURBQzc0RDgwOEND -NTJGMEQ4OTQ2NERBNTU0QzY5RDY3RjMKIDMyM0M0MkE5NUM5OTYyREY0MjEyNkVD -MEUwOTcxRjQ5QjgxMTUyOUE2QTJBRTlGMEFERUI4MzlBNjM0NjE1Q0Q1NkZBNTQK -IEY1QTBCN0VGMjVBMEUyRkU4NDNGQTJFNkUwMjFDQUI0MTE5RTYwMzk0QzlENkEz -RjdBRDRGNTc3OTZEMzY2NjlBNTEyNjYKIEMyN0E4RDFDNUE2QjQxNDFENUM4MzFF -ODQ1NDFGM0M4MTFFODkwNzg5ODAzMzgyOTVGODJCN0Y3RkQ0MzMzRUZEOTMzMTIK -IEYyQUIjKShnICMwNiMpKHkgIzM3NzNBNkQ5RUM4ODlENzZFMzI0RDZFNUVDMjFC -RDQ1Njk5ODMxQUU0RkQwQUUwMzc4MjAKIDVCQUU1QjhDRTg1RkFEQUJEN0U2QjdD -NzMwMjVDQjNENzMwRDVDNTgyOTAzNEQ3NkJFMDg1NUMyRTlGRjdBNDkyM0VGRkEK -IEYxNkE5NjY2OTQ0REJDNjI5NDgzOEZDM0YwOUZGOTY0QThEMDIzQ0I4RUJBMzMy -RkIwNTFFQTAyODIwRUU2MTIwRkZCRTYKIDJCMzZBMjAyQjNDNzUyRjlEQTc2QjJF -QzExQTY3RDJFMzVFNjZFQzEwNjM1ODdCMjI1MDBFOEE0NkQxNTdCNzUjKSh4ICMK -IDY5MTVDNkNFRDI1ODE0M0Y4OTM3QjEzMzVGNDg4N0YwMDQyQjdDNjMwMDUzOThG -OTM5NkJCODUzMjM4Q0I2IykpKQo= -=6fkh ------END PGP ARMORED FILE----- diff --git a/tests/migrations/extended-private-key-format.gpghome/pubring.kbx.asc b/tests/migrations/extended-private-key-format.gpghome/pubring.kbx.asc deleted file mode 100644 index 5012371..0000000 --- a/tests/migrations/extended-private-key-format.gpghome/pubring.kbx.asc +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN PGP ARMORED FILE----- -Version: GnuPG v2 -Comment: Use "gpg --dearmor" for unpacking - -AAAAIAEBAAJLQlhmAAAAAFcYtiNXGLYjAAAAAAAAAAAAAAQXAgEAAAAAAH4AAAOF -AAIAHMHeuzTqi3EAnq+kdJc9UOHED97PAAAAIAAAAADNPQ9XAcv8rLKkkHMFo3iH -snkHqgAAADwAAAAAAAAAAQAMAAACJQAAACIAAAAAAAIABP//////////AAAAAAAA -AAAAAAAAVxi2IwAAAACZAaIEP/JSaxEEAKxxqlg9Kz9DZ/3N52BC0w+JtYKke39v -pdWVDHR3MHmMJ/31Y2iSpm0fvRs3h1j9/fBVmLOZglNQyH62SxdJyZwCelkZzfUy -/qLm9Qaqi7wpg0p4EbmWdoFF/A1Zg/MU7D5w5xu+EA1J77Z6QyALN9rIOXZ7rLLa -64lw/MV4LdIPAKC449htJbbp5rkJHvBDs4YxEIkk5wP/X4hPGlIw5PlHrsG7hdah -hTudV5hRGlvosnwsrYJXvKAQLAV1EV26SIYUH5pM/ycXrG25dqVoG56uQqnhBdUq -o4iSnsxY3ZMA46D14REc9P//CGvJ/j2Z41gw8u8oB7rS50djvoaWb5myj7bhacTB -dfah3U8dVXcIi1ZFvtiaGAYD+gIF7eNIdpaYiB0427un4ggc26+Y9nkF93DaMnZE -aYSeum6g/g7D1vwINFgQkMYEWi4DK3W+uH0E/n8o20wS2wvMrbeYaQm5v6ucd001 -wwFDY6AdwpwP7UCLQcu6qqvwNHdxWYK6+gIsSufLmeMGrsvC0WQqYeu1GfGpHIMC -ZJlZtCJUZXN0IHR3byAobm8gcHApIDx0d29AZXhhbXBsZS5jb20+iF8EExECAB8F -Aj/yUmsCGwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJEJc9UOHED97PgEMAn0F8 -RGDrnmXv7rqM2+pic2oDz1kpAJ0SWPHxdjJHWzoGMrHqocAy/3wFi7kBDQQ/8lJv -EAQAzNix+drHTYCMxS8NiUZNpVTGnWfzMjxCqVyZYt9CEm7A4JcfSbgRUppqKunw -reuDmmNGFc1W+lT1oLfvJaDi/oQ/oubgIcq0EZ5gOUydaj961PV3ltNmaaUSZsJ6 -jRxaa0FB1cgx6EVB88gR6JB4mAM4KV+Ct/f9QzPv2TMS8qsAAwYD/jdzptnsiJ12 -4yTW5ewhvUVpmDGuT9CuA3ggW65bjOhfravX5rfHMCXLPXMNXFgpA012vghVwun/ -ekkj7/rxapZmlE28YpSDj8Pwn/lkqNAjy466My+wUeoCgg7mEg/75is2ogKzx1L5 -2nay7BGmfS415m7BBjWHsiUA6KRtFXt1iEkEGBECAAkFAj/yUm8CGwwACgkQlz1Q -4cQP3s8svgCgmWcpVwvtDN3nAVT1dMFTvCz0hfwAoI4VszJBesG/8GyLW+e2E+Li -QXVqciq2GGJ3Ap2KvoCwCL/DhCAfcGsAAAHgAgEAAAAAAF4AAAFuAAEAHM8jSQsP -eLhQu7xzadEgtibsq/UdAAAAIAAAAAAAAAABAAwAAADvAAAAJgAAAAAAAQAE//// -/wAAAAAAAAAAAAAAAFcYtkkAAAAAmQCMBD/yU70BBACoUlZ27OTXX+bQBz8r+Zpv -STPOvdRSivVuTGHi9zEkc5NkXdr1jq3VZSnCU5d4I2Rj3y1FhSDoDjTAWCQrP/iN -05qIO0dbZs6qu8mYn/Af/nN2YOm2G7nckSBdQo//6PZ1+u9hNljHLabXUMDrxAr2 -I9IGaSyCUUxATYglq3AQAQAJAQG0JlRlc3QgdGhyZWUgKG5vIHBwKSA8dGhyZWVA -ZXhhbXBsZS5jb20+iLUEEwECAB8FAj/yU70CGwMHCwkIBwMCAQMVAgMDFgIBAh4B -AheAAAoJENEgtibsq/UdakMD/2wg19VhpNbtM5CiVif1V57h945OmXr5Lh2SAsI5 -agMb9XXuT9yXsmv+JD5hEE6LRL98XAwGfvaQS9062aJQCocZAWdPJeEEsu+pMn/I -QdHqGdkr7Oy6xjwSa+gh19JMg4mqR4AIQSkKvRoTSqSAGbi+gytnTmkA7aEUltog -dYeJLGB5MYPnSPwADYVfNtLxsKZESLA= -=tULv ------END PGP ARMORED FILE----- diff --git a/tests/migrations/extended-private-key-format.gpghome/trustdb.gpg.asc b/tests/migrations/extended-private-key-format.gpghome/trustdb.gpg.asc deleted file mode 100644 index f4d354d..0000000 --- a/tests/migrations/extended-private-key-format.gpghome/trustdb.gpg.asc +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN PGP ARMORED FILE----- -Version: GnuPG v2 -Comment: Use "gpg --dearmor" for unpacking - -AWdwZwMDAQUBAgAAVxi2IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -=eBUi ------END PGP ARMORED FILE----- diff --git a/tests/migrations/from-classic.gpghome/pubring.gpg.asc b/tests/migrations/from-classic.gpghome/pubring.gpg.asc deleted file mode 100644 index ecdfddc..0000000 --- a/tests/migrations/from-classic.gpghome/pubring.gpg.asc +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN PGP ARMORED FILE----- -Version: GnuPG v2 -Comment: Use "gpg --dearmor" for unpacking - -mQGiBD/yNQgRBAC/KSfe6uVfDgA3BrGpNLhVxT/ytwXMpBI8pEdTiY0jWnYrb/Yu -8wtCeZ9GAux/ZA/ted+7pdibHXfX5PzDfgUTZwrIJa57OUpWwI878AzZxNsnVv1I -P6ufGyESKME4PUQO5heKhwAb0gQwFwArS3v4oeYrEljhJ79kpt319JEAEwCg+hTk -nylYwYGT/PEVQ4JlLPoWmqUEAJn1HX1Od5tyoK4OEAM5G+wHz3SBj4FMonZNWs1I -t03JKHoM5ulQ2FgEWmBVIPTKSDm/jQXPYApz5DpxpoGYbTCaEo6zfE32AEzoXDmG -AZE90Xhq/wcEN+JcHpHytAA/n+hYaR3sYegQ52mWMR+vdd99KO0V0jLRcckgBA7Z -2jlFA/98cyy2nYt0QI5Tf+t/d4WBeib2yNWVtZH/j7XpDqHLZDgVAYkazCA6ZF7B -vLddBEqVAh1X5tqua4AXX9L4SGYb7B0LRV72alhYiWWHez126KjVgwRTUxtEJ4En -HmYJRReLlXosPIRhXSz7HFAqalPXJ0DvC9kzTQnnjPOylyMPTbQjVGVzdCBvbmUg -KHBwPWRlZikgPG9uZUBleGFtcGxlLmNvbT6IWgQTEQIAGgUCP/I1CAIbAwILAgMV -AgMDFgIBAh4BAheAAAoJEA73cJbXTF8iUO4AnA8wHb3erMrfWV3ij0d/cEiSJAYF -AJ9fcbShgTXDN1dIVZvLSW5E93TfC7ACAAOIWgQTEQIAGgUCP/I1CAIbAwILAgMV -AgMDFgIBAh4BAheAAAoJEA73cJbXTF8iUO4An3DqZUvcr92tYI+Ewj4jcmzFrNKM -AJ4yYTZj75t4d7WhUv1WjtDgJkkAm7ACAAO5AQ0EP/I1DRAEAOgCS1p47zcdec0U -vVC0phewalHUU6f7mulWr0j0ZY1RU0IOP18HAeT7INcwPcUaUvC9KYenXmYbvO1i -7sNNUCOsKUamwg+oSNMcbM3AwNwxlggTyJS1N6WzIX7MjRLUlUqtbLRhPDGlCltt -6yeAjS0pZT646TANaBDiRIgk94ADAAMFA/9Gh2X1Sy+4Ip/RtMJDPZOY+Y6sWUN7 -OiM2BkdUmCLOmaOVfgrsEevKdSBBj0oVWN81U02i7jQzhhAI3tZMFJmP/hlF7AlS -5HSaLj2+t1nHAKKy70QhskINR41CCv9sHAc5gN1WrY5NDpeI12GmqsWMPQVPUHsT -Te0QsT6XbHzvC4hJBBgRAgAJBQI/8jUNAhsMAAoJEA73cJbXTF8icHgAoMoPkG6U -dFdvTjKc/phZ6XojaDd9AKCokQkuhQ1wgXe2naMXaMGvzRaYzbACAAOZAaIEP/JS -axEEAKxxqlg9Kz9DZ/3N52BC0w+JtYKke39vpdWVDHR3MHmMJ/31Y2iSpm0fvRs3 -h1j9/fBVmLOZglNQyH62SxdJyZwCelkZzfUy/qLm9Qaqi7wpg0p4EbmWdoFF/A1Z -g/MU7D5w5xu+EA1J77Z6QyALN9rIOXZ7rLLa64lw/MV4LdIPAKC449htJbbp5rkJ -HvBDs4YxEIkk5wP/X4hPGlIw5PlHrsG7hdahhTudV5hRGlvosnwsrYJXvKAQLAV1 -EV26SIYUH5pM/ycXrG25dqVoG56uQqnhBdUqo4iSnsxY3ZMA46D14REc9P//CGvJ -/j2Z41gw8u8oB7rS50djvoaWb5myj7bhacTBdfah3U8dVXcIi1ZFvtiaGAYD+gIF -7eNIdpaYiB0427un4ggc26+Y9nkF93DaMnZEaYSeum6g/g7D1vwINFgQkMYEWi4D -K3W+uH0E/n8o20wS2wvMrbeYaQm5v6ucd001wwFDY6AdwpwP7UCLQcu6qqvwNHdx -WYK6+gIsSufLmeMGrsvC0WQqYeu1GfGpHIMCZJlZtCJUZXN0IHR3byAobm8gcHAp -IDx0d29AZXhhbXBsZS5jb20+iF8EExECAB8FAj/yUmsCGwMHCwkIBwMCAQMVAgMD -FgIBAh4BAheAAAoJEJc9UOHED97PgEMAn0F8RGDrnmXv7rqM2+pic2oDz1kpAJ0S -WPHxdjJHWzoGMrHqocAy/3wFi7ACAAO5AQ0EP/JSbxAEAMzYsfnax02AjMUvDYlG -TaVUxp1n8zI8QqlcmWLfQhJuwOCXH0m4EVKaairp8K3rg5pjRhXNVvpU9aC37yWg -4v6EP6Lm4CHKtBGeYDlMnWo/etT1d5bTZmmlEmbCeo0cWmtBQdXIMehFQfPIEeiQ -eJgDOClfgrf3/UMz79kzEvKrAAMGA/43c6bZ7IidduMk1uXsIb1FaZgxrk/QrgN4 -IFuuW4zoX62r1+a3xzAlyz1zDVxYKQNNdr4IVcLp/3pJI+/68WqWZpRNvGKUg4/D -8J/5ZKjQI8uOujMvsFHqAoIO5hIP++YrNqICs8dS+dp2suwRpn0uNeZuwQY1h7Il -AOikbRV7dYhJBBgRAgAJBQI/8lJvAhsMAAoJEJc9UOHED97PLL4AoJlnKVcL7Qzd -5wFU9XTBU7ws9IX8AKCOFbMyQXrBv/Bsi1vnthPi4kF1arACAAOYjAQ/8lO9AQQA -qFJWduzk11/m0Ac/K/mab0kzzr3UUor1bkxh4vcxJHOTZF3a9Y6t1WUpwlOXeCNk -Y98tRYUg6A40wFgkKz/4jdOaiDtHW2bOqrvJmJ/wH/5zdmDpthu53JEgXUKP/+j2 -dfrvYTZYxy2m11DA68QK9iPSBmksglFMQE2IJatwEAEACQEBtCZUZXN0IHRocmVl -IChubyBwcCkgPHRocmVlQGV4YW1wbGUuY29tPoi1BBMBAgAfBQI/8lO9AhsDBwsJ -CAcDAgEDFQIDAxYCAQIeAQIXgAAKCRDRILYm7Kv1HWpDA/9sINfVYaTW7TOQolYn -9Vee4feOTpl6+S4dkgLCOWoDG/V17k/cl7Jr/iQ+YRBOi0S/fFwMBn72kEvdOtmi -UAqHGQFnTyXhBLLvqTJ/yEHR6hnZK+zsusY8EmvoIdfSTIOJqkeACEEpCr0aE0qk -gBm4voMrZ05pAO2hFJbaIHWHibACAAM= -=fphx ------END PGP ARMORED FILE----- diff --git a/tests/migrations/from-classic.gpghome/secring.gpg.asc b/tests/migrations/from-classic.gpghome/secring.gpg.asc deleted file mode 100644 index 6aa367a..0000000 --- a/tests/migrations/from-classic.gpghome/secring.gpg.asc +++ /dev/null @@ -1,68 +0,0 @@ ------BEGIN PGP ARMORED FILE----- -Version: GnuPG v2 -Comment: Use "gpg --dearmor" for unpacking - -lQHpBD/yNQgRBAC/KSfe6uVfDgA3BrGpNLhVxT/ytwXMpBI8pEdTiY0jWnYrb/Yu -8wtCeZ9GAux/ZA/ted+7pdibHXfX5PzDfgUTZwrIJa57OUpWwI878AzZxNsnVv1I -P6ufGyESKME4PUQO5heKhwAb0gQwFwArS3v4oeYrEljhJ79kpt319JEAEwCg+hTk -nylYwYGT/PEVQ4JlLPoWmqUEAJn1HX1Od5tyoK4OEAM5G+wHz3SBj4FMonZNWs1I -t03JKHoM5ulQ2FgEWmBVIPTKSDm/jQXPYApz5DpxpoGYbTCaEo6zfE32AEzoXDmG -AZE90Xhq/wcEN+JcHpHytAA/n+hYaR3sYegQ52mWMR+vdd99KO0V0jLRcckgBA7Z -2jlFA/98cyy2nYt0QI5Tf+t/d4WBeib2yNWVtZH/j7XpDqHLZDgVAYkazCA6ZF7B -vLddBEqVAh1X5tqua4AXX9L4SGYb7B0LRV72alhYiWWHez126KjVgwRTUxtEJ4En -HmYJRReLlXosPIRhXSz7HFAqalPXJ0DvC9kzTQnnjPOylyMPTf4HAwI+6Mr+dvBp -XtZVHbBd1xUPHQl/+cIIBV6w3EFQuR6w7OorCYE6OHrHfEsFwCi3PNG5WUsMYIj2 -eddOuyRWtFR/QsaltCNUZXN0IG9uZSAocHA9ZGVmKSA8b25lQGV4YW1wbGUuY29t -PohaBBMRAgAaBQI/8jUIAhsDAgsCAxUCAwMWAgECHgECF4AACgkQDvdwltdMXyJQ -7gCcDzAdvd6syt9ZXeKPR39wSJIkBgUAn19xtKGBNcM3V0hVm8tJbkT3dN8LsAIA -AIhaBBMRAgAaBQI/8jUIAhsDAgsCAxUCAwMWAgECHgECF4AACgkQDvdwltdMXyJQ -7gCfcOplS9yv3a1gj4TCPiNybMWs0owAnjJhNmPvm3h3taFS/VaO0OAmSQCbsAIA -AJ0BXwQ/8jUNEAQA6AJLWnjvNx15zRS9ULSmF7BqUdRTp/ua6VavSPRljVFTQg4/ -XwcB5Psg1zA9xRpS8L0ph6deZhu87WLuw01QI6wpRqbCD6hI0xxszcDA3DGWCBPI -lLU3pbMhfsyNEtSVSq1stGE8MaUKW23rJ4CNLSllPrjpMA1oEOJEiCT3gAMAAwUD -/0aHZfVLL7gin9G0wkM9k5j5jqxZQ3s6IzYGR1SYIs6Zo5V+CuwR68p1IEGPShVY -3zVTTaLuNDOGEAje1kwUmY/+GUXsCVLkdJouPb63WccAorLvRCGyQg1HjUIK/2wc -BzmA3Vatjk0Ol4jXYaaqxYw9BU9QexNN7RCxPpdsfO8L/gcDArbUVjowJlNA1rny -wPbRkyAfJDY8m6+s1oM56PICi8N/E3TM/0A2fOESbsTfW6eKCmrIB3VDnURtVUTv -WS71OKAqhddkD8tUtVQWdKXL5YhJBBgRAgAJBQI/8jUNAhsMAAoJEA73cJbXTF8i -cHgAoMoPkG6UdFdvTjKc/phZ6XojaDd9AKCokQkuhQ1wgXe2naMXaMGvzRaYzbAC -AACVAekEP/JSaxEEAKxxqlg9Kz9DZ/3N52BC0w+JtYKke39vpdWVDHR3MHmMJ/31 -Y2iSpm0fvRs3h1j9/fBVmLOZglNQyH62SxdJyZwCelkZzfUy/qLm9Qaqi7wpg0p4 -EbmWdoFF/A1Zg/MU7D5w5xu+EA1J77Z6QyALN9rIOXZ7rLLa64lw/MV4LdIPAKC4 -49htJbbp5rkJHvBDs4YxEIkk5wP/X4hPGlIw5PlHrsG7hdahhTudV5hRGlvosnws -rYJXvKAQLAV1EV26SIYUH5pM/ycXrG25dqVoG56uQqnhBdUqo4iSnsxY3ZMA46D1 -4REc9P//CGvJ/j2Z41gw8u8oB7rS50djvoaWb5myj7bhacTBdfah3U8dVXcIi1ZF -vtiaGAYD+gIF7eNIdpaYiB0427un4ggc26+Y9nkF93DaMnZEaYSeum6g/g7D1vwI -NFgQkMYEWi4DK3W+uH0E/n8o20wS2wvMrbeYaQm5v6ucd001wwFDY6AdwpwP7UCL -Qcu6qqvwNHdxWYK6+gIsSufLmeMGrsvC0WQqYeu1GfGpHIMCZJlZ/gcDAt0kdqtP -lKPG1udCj4rXVf+JWEOsbdSsnimRh7rcSE5ksh/JzinsE9rm9FRY112AWfzPaj99 -0JAuaDOzn4d/6tPUnHa0IlRlc3QgdHdvIChubyBwcCkgPHR3b0BleGFtcGxlLmNv -bT6IXwQTEQIAHwUCP/JSawIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQlz1Q -4cQP3s+AQwCfQXxEYOueZe/uuozb6mJzagPPWSkAnRJY8fF2MkdbOgYyseqhwDL/ -fAWLsAIAAJ0BXwQ/8lJvEAQAzNix+drHTYCMxS8NiUZNpVTGnWfzMjxCqVyZYt9C -Em7A4JcfSbgRUppqKunwreuDmmNGFc1W+lT1oLfvJaDi/oQ/oubgIcq0EZ5gOUyd -aj961PV3ltNmaaUSZsJ6jRxaa0FB1cgx6EVB88gR6JB4mAM4KV+Ct/f9QzPv2TMS -8qsAAwYD/jdzptnsiJ124yTW5ewhvUVpmDGuT9CuA3ggW65bjOhfravX5rfHMCXL -PXMNXFgpA012vghVwun/ekkj7/rxapZmlE28YpSDj8Pwn/lkqNAjy466My+wUeoC -gg7mEg/75is2ogKzx1L52nay7BGmfS415m7BBjWHsiUA6KRtFXt1/gcDAp6cJdVh -287E1o1bCCplLBBjGAPRdWYlnZoJXXn7OUTHTSvMQkEZhAgDOKIiiwC88Drlk+bS -m9MngTW7YnBsrRfIGhpSxLcYSeMk2xu8m4hJBBgRAgAJBQI/8lJvAhsMAAoJEJc9 -UOHED97PLL4AoJlnKVcL7Qzd5wFU9XTBU7ws9IX8AKCOFbMyQXrBv/Bsi1vnthPi -4kF1arACAACVAgQEP/JTvQEEAKhSVnbs5Ndf5tAHPyv5mm9JM8691FKK9W5MYeL3 -MSRzk2Rd2vWOrdVlKcJTl3gjZGPfLUWFIOgONMBYJCs/+I3Tmog7R1tmzqq7yZif -8B/+c3Zg6bYbudyRIF1Cj//o9nX672E2WMctptdQwOvECvYj0gZpLIJRTEBNiCWr -cBABAAkBAf4HAwL3+6VQeHRq3tZqCOiuxPcuaSlTpURzbLJBa70QpeAbLZjOIjbm -dQuNBzmxYZNe5V8mf33q2gn/P9vjki0Z/k96qJOXBgLSJkyK4FPi2dtqKkrOonkx -rFv2AZ6Gt3zGp6dN3meYvG8GIiIvFiZmKYOrt4/XsAnPhXetbN23vO3dJxquD9sw -O8phwR2u6ii789nbXjD6vOyyv7WcogUVQTHC9pJQrOkDX9aMxiVWHvvv2o2FOU/n -JanwL/QN4J0sL36ytLoqhsUnayhhHbAP5TA+Vbk9JWvwO+6n8KDiUOkyaIzDaOgr -BvU1eMSv89MiYH8JiNU9nO9ungT0hxJMn9OwFcrXGCXZ6xXct9yN4nlVV0r16032 -DE7m0JQuwoLm4S7OkQEBHlvtfs/WZzMWkFbduOarPr1uzf92BaSjpQLEAKCFgX1/ -zBPnmqDOnOdL4AIZcYR+q+vWvQLI1RoYSCiodfNQt7iq2IRF8j4qis88QC/JMb60 -JlRlc3QgdGhyZWUgKG5vIHBwKSA8dGhyZWVAZXhhbXBsZS5jb20+iLUEEwECAB8F -Aj/yU70CGwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJENEgtibsq/UdakMD/2wg -19VhpNbtM5CiVif1V57h945OmXr5Lh2SAsI5agMb9XXuT9yXsmv+JD5hEE6LRL98 -XAwGfvaQS9062aJQCocZAWdPJeEEsu+pMn/IQdHqGdkr7Oy6xjwSa+gh19JMg4mq -R4AIQSkKvRoTSqSAGbi+gytnTmkA7aEUltogdYeJsAIAAA== -=QqWQ ------END PGP ARMORED FILE----- diff --git a/tests/migrations/from-classic.gpghome/trustdb.gpg.asc b/tests/migrations/from-classic.gpghome/trustdb.gpg.asc deleted file mode 100644 index d4ab65d..0000000 --- a/tests/migrations/from-classic.gpghome/trustdb.gpg.asc +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN PGP ARMORED FILE----- -Version: GnuPG v2 -Comment: Use "gpg --dearmor" for unpacking - -AWdwZwMDAQUBAgAAVxdnIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -=XUWW ------END PGP ARMORED FILE----- diff --git a/tests/migrations/from-classic.scm b/tests/migrations/from-classic.scm index 6b98eeb..2128532 100755 --- a/tests/migrations/from-classic.scm +++ b/tests/migrations/from-classic.scm @@ -19,14 +19,10 @@ (load (with-path "common.scm")) -(define src-gpghome (in-srcdir "from-classic.gpghome")) +(define src-tarball (in-srcdir "from-classic.tar.asc")) (define (setup) - (for-each-p' - "Preparing home directory" - (lambda (f) (dearmor f (basename-suffix f ".asc"))) - (lambda (f) (basename-suffix f ".asc")) - (glob (string-append src-gpghome "/*.asc"))) + (untar-armored src-tarball) (setenv "GNUPGHOME" (getcwd) #t)) (define (trigger-migration) diff --git a/tests/migrations/from-classic.tar.asc b/tests/migrations/from-classic.tar.asc new file mode 100644 index 0000000..f35637d --- /dev/null +++ b/tests/migrations/from-classic.tar.asc @@ -0,0 +1,209 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +cHVicmluZy5ncGcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAADAwMDA2NDQAMDAwMTc1MAAwMDAxNzUwADAwMDAwMDA0MzQ3ADEyNzM2NzI0 +NjE3ADAxMzYxNgAgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMHRleXRob29uAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAdGV5dGhvb24AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZAaIEP/I1CBEEAL8pJ97q +5V8OADcGsak0uFXFP/K3BcykEjykR1OJjSNaditv9i7zC0J5n0YC7H9kD+1537ul +2Jsdd9fk/MN+BRNnCsglrns5SlbAjzvwDNnE2ydW/Ug/q58bIRIowTg9RA7mF4qH +ABvSBDAXACtLe/ih5isSWOEnv2Sm3fX0kQATAKD6FOSfKVjBgZP88RVDgmUs+haa +pQQAmfUdfU53m3Kgrg4QAzkb7AfPdIGPgUyidk1azUi3Tckoegzm6VDYWARaYFUg +9MpIOb+NBc9gCnPkOnGmgZhtMJoSjrN8TfYATOhcOYYBkT3ReGr/BwQ34lwekfK0 +AD+f6FhpHexh6BDnaZYxH691330o7RXSMtFxySAEDtnaOUUD/3xzLLadi3RAjlN/ +6393hYF6JvbI1ZW1kf+PtekOoctkOBUBiRrMIDpkXsG8t10ESpUCHVfm2q5rgBdf +0vhIZhvsHQtFXvZqWFiJZYd7PXboqNWDBFNTG0QngSceZglFF4uVeiw8hGFdLPsc +UCpqU9cnQO8L2TNNCeeM87KXIw9NtCNUZXN0IG9uZSAocHA9ZGVmKSA8b25lQGV4 +YW1wbGUuY29tPohaBBMRAgAaBQI/8jUIAhsDAgsCAxUCAwMWAgECHgECF4AACgkQ +DvdwltdMXyJQ7gCcDzAdvd6syt9ZXeKPR39wSJIkBgUAn19xtKGBNcM3V0hVm8tJ +bkT3dN8LsAIAA4haBBMRAgAaBQI/8jUIAhsDAgsCAxUCAwMWAgECHgECF4AACgkQ +DvdwltdMXyJQ7gCfcOplS9yv3a1gj4TCPiNybMWs0owAnjJhNmPvm3h3taFS/VaO +0OAmSQCbsAIAA7kBDQQ/8jUNEAQA6AJLWnjvNx15zRS9ULSmF7BqUdRTp/ua6Vav +SPRljVFTQg4/XwcB5Psg1zA9xRpS8L0ph6deZhu87WLuw01QI6wpRqbCD6hI0xxs +zcDA3DGWCBPIlLU3pbMhfsyNEtSVSq1stGE8MaUKW23rJ4CNLSllPrjpMA1oEOJE +iCT3gAMAAwUD/0aHZfVLL7gin9G0wkM9k5j5jqxZQ3s6IzYGR1SYIs6Zo5V+CuwR +68p1IEGPShVY3zVTTaLuNDOGEAje1kwUmY/+GUXsCVLkdJouPb63WccAorLvRCGy +Qg1HjUIK/2wcBzmA3Vatjk0Ol4jXYaaqxYw9BU9QexNN7RCxPpdsfO8LiEkEGBEC +AAkFAj/yNQ0CGwwACgkQDvdwltdMXyJweACgyg+QbpR0V29OMpz+mFnpeiNoN30A +oKiRCS6FDXCBd7adoxdowa/NFpjNsAIAA5kBogQ/8lJrEQQArHGqWD0rP0Nn/c3n +YELTD4m1gqR7f2+l1ZUMdHcweYwn/fVjaJKmbR+9GzeHWP398FWYs5mCU1DIfrZL +F0nJnAJ6WRnN9TL+oub1BqqLvCmDSngRuZZ2gUX8DVmD8xTsPnDnG74QDUnvtnpD +IAs32sg5dnusstrriXD8xXgt0g8AoLjj2G0ltunmuQke8EOzhjEQiSTnA/9fiE8a +UjDk+UeuwbuF1qGFO51XmFEaW+iyfCytgle8oBAsBXURXbpIhhQfmkz/Jxesbbl2 +pWgbnq5CqeEF1SqjiJKezFjdkwDjoPXhERz0//8Ia8n+PZnjWDDy7ygHutLnR2O+ +hpZvmbKPtuFpxMF19qHdTx1VdwiLVkW+2JoYBgP6AgXt40h2lpiIHTjbu6fiCBzb +r5j2eQX3cNoydkRphJ66bqD+DsPW/Ag0WBCQxgRaLgMrdb64fQT+fyjbTBLbC8yt +t5hpCbm/q5x3TTXDAUNjoB3CnA/tQItBy7qqq/A0d3FZgrr6AixK58uZ4wauy8LR +ZCph67UZ8akcgwJkmVm0IlRlc3QgdHdvIChubyBwcCkgPHR3b0BleGFtcGxlLmNv +bT6IXwQTEQIAHwUCP/JSawIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQlz1Q +4cQP3s+AQwCfQXxEYOueZe/uuozb6mJzagPPWSkAnRJY8fF2MkdbOgYyseqhwDL/ +fAWLsAIAA7kBDQQ/8lJvEAQAzNix+drHTYCMxS8NiUZNpVTGnWfzMjxCqVyZYt9C +Em7A4JcfSbgRUppqKunwreuDmmNGFc1W+lT1oLfvJaDi/oQ/oubgIcq0EZ5gOUyd +aj961PV3ltNmaaUSZsJ6jRxaa0FB1cgx6EVB88gR6JB4mAM4KV+Ct/f9QzPv2TMS +8qsAAwYD/jdzptnsiJ124yTW5ewhvUVpmDGuT9CuA3ggW65bjOhfravX5rfHMCXL +PXMNXFgpA012vghVwun/ekkj7/rxapZmlE28YpSDj8Pwn/lkqNAjy466My+wUeoC +gg7mEg/75is2ogKzx1L52nay7BGmfS415m7BBjWHsiUA6KRtFXt1iEkEGBECAAkF +Aj/yUm8CGwwACgkQlz1Q4cQP3s8svgCgmWcpVwvtDN3nAVT1dMFTvCz0hfwAoI4V +szJBesG/8GyLW+e2E+LiQXVqsAIAA5iMBD/yU70BBACoUlZ27OTXX+bQBz8r+Zpv +STPOvdRSivVuTGHi9zEkc5NkXdr1jq3VZSnCU5d4I2Rj3y1FhSDoDjTAWCQrP/iN +05qIO0dbZs6qu8mYn/Af/nN2YOm2G7nckSBdQo//6PZ1+u9hNljHLabXUMDrxAr2 +I9IGaSyCUUxATYglq3AQAQAJAQG0JlRlc3QgdGhyZWUgKG5vIHBwKSA8dGhyZWVA +ZXhhbXBsZS5jb20+iLUEEwECAB8FAj/yU70CGwMHCwkIBwMCAQMVAgMDFgIBAh4B +AheAAAoJENEgtibsq/UdakMD/2wg19VhpNbtM5CiVif1V57h945OmXr5Lh2SAsI5 +agMb9XXuT9yXsmv+JD5hEE6LRL98XAwGfvaQS9062aJQCocZAWdPJeEEsu+pMn/I +QdHqGdkr7Oy6xjwSa+gh19JMg4mqR4AIQSkKvRoTSqSAGbi+gytnTmkA7aEUltog +dYeJsAIAA2aUTbxilIOPw/Cf+WSo0CPLjrozL7BR6gKCDuYSD/vmKzaiArPHUvna +drLsEaZ9LjXmbsEGNYeyJQDopG0Ve3WISQQYEQIACQUCP/JSbwIbDAAKCRCXPVDh +xA/ezyy+AKCZZylXC+0M3ecBVPV0wVO8LPSF/ACgjhWzMkF6wb/wbItb57YT4uJB +dWqwAgADmIwEP/JTvQEEAKhSVnbs5Ndf5tAHPyv5mm9JM8691FKK9W5MYeL3MSRz +k2Rd2vWOrdVlKcJTl3gjZGPfLUWFIOgONMBYJCs/+I3Tmog7R1tmzqq7yZif8B/+ +c3Zg6bYbudyRIF1Cj//o9nX672E2WMctptdQwOvECvYj0gZpLIJRTEBNiCWrcBAB +c2VjcmluZy5ncGcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAADAwMDA2NDQAMDAwMTc1MAAwMDAxNzUwADAwMDAwMDA1NjIyADEyNzM2NzI0 +NjE3ADAxMzU3NwAgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMHRleXRob29uAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAdGV5dGhvb24AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVAekEP/I1CBEEAL8pJ97q +5V8OADcGsak0uFXFP/K3BcykEjykR1OJjSNaditv9i7zC0J5n0YC7H9kD+1537ul +2Jsdd9fk/MN+BRNnCsglrns5SlbAjzvwDNnE2ydW/Ug/q58bIRIowTg9RA7mF4qH +ABvSBDAXACtLe/ih5isSWOEnv2Sm3fX0kQATAKD6FOSfKVjBgZP88RVDgmUs+haa +pQQAmfUdfU53m3Kgrg4QAzkb7AfPdIGPgUyidk1azUi3Tckoegzm6VDYWARaYFUg +9MpIOb+NBc9gCnPkOnGmgZhtMJoSjrN8TfYATOhcOYYBkT3ReGr/BwQ34lwekfK0 +AD+f6FhpHexh6BDnaZYxH691330o7RXSMtFxySAEDtnaOUUD/3xzLLadi3RAjlN/ +6393hYF6JvbI1ZW1kf+PtekOoctkOBUBiRrMIDpkXsG8t10ESpUCHVfm2q5rgBdf +0vhIZhvsHQtFXvZqWFiJZYd7PXboqNWDBFNTG0QngSceZglFF4uVeiw8hGFdLPsc +UCpqU9cnQO8L2TNNCeeM87KXIw9N/gcDAj7oyv528Gle1lUdsF3XFQ8dCX/5wggF +XrDcQVC5HrDs6isJgTo4esd8SwXAKLc80blZSwxgiPZ51067JFa0VH9CxqW0I1Rl +c3Qgb25lIChwcD1kZWYpIDxvbmVAZXhhbXBsZS5jb20+iFoEExECABoFAj/yNQgC +GwMCCwIDFQIDAxYCAQIeAQIXgAAKCRAO93CW10xfIlDuAJwPMB293qzK31ld4o9H +f3BIkiQGBQCfX3G0oYE1wzdXSFWby0luRPd03wuwAgAAiFoEExECABoFAj/yNQgC +GwMCCwIDFQIDAxYCAQIeAQIXgAAKCRAO93CW10xfIlDuAJ9w6mVL3K/drWCPhMI+ +I3JsxazSjACeMmE2Y++beHe1oVL9Vo7Q4CZJAJuwAgAAnQFfBD/yNQ0QBADoAkta +eO83HXnNFL1QtKYXsGpR1FOn+5rpVq9I9GWNUVNCDj9fBwHk+yDXMD3FGlLwvSmH +p15mG7ztYu7DTVAjrClGpsIPqEjTHGzNwMDcMZYIE8iUtTelsyF+zI0S1JVKrWy0 +YTwxpQpbbesngI0tKWU+uOkwDWgQ4kSIJPeAAwADBQP/Rodl9UsvuCKf0bTCQz2T +mPmOrFlDezojNgZHVJgizpmjlX4K7BHrynUgQY9KFVjfNVNNou40M4YQCN7WTBSZ +j/4ZRewJUuR0mi49vrdZxwCisu9EIbJCDUeNQgr/bBwHOYDdVq2OTQ6XiNdhpqrF +jD0FT1B7E03tELE+l2x87wv+BwMCttRWOjAmU0DWufLA9tGTIB8kNjybr6zWgzno +8gKLw38TdMz/QDZ84RJuxN9bp4oKasgHdUOdRG1VRO9ZLvU4oCqF12QPy1S1VBZ0 +pcvliEkEGBECAAkFAj/yNQ0CGwwACgkQDvdwltdMXyJweACgyg+QbpR0V29OMpz+ +mFnpeiNoN30AoKiRCS6FDXCBd7adoxdowa/NFpjNsAIAAJUB6QQ/8lJrEQQArHGq +WD0rP0Nn/c3nYELTD4m1gqR7f2+l1ZUMdHcweYwn/fVjaJKmbR+9GzeHWP398FWY +s5mCU1DIfrZLF0nJnAJ6WRnN9TL+oub1BqqLvCmDSngRuZZ2gUX8DVmD8xTsPnDn +G74QDUnvtnpDIAs32sg5dnusstrriXD8xXgt0g8AoLjj2G0ltunmuQke8EOzhjEQ +iSTnA/9fiE8aUjDk+UeuwbuF1qGFO51XmFEaW+iyfCytgle8oBAsBXURXbpIhhQf +mkz/Jxesbbl2pWgbnq5CqeEF1SqjiJKezFjdkwDjoPXhERz0//8Ia8n+PZnjWDDy +7ygHutLnR2O+hpZvmbKPtuFpxMF19qHdTx1VdwiLVkW+2JoYBgP6AgXt40h2lpiI +HTjbu6fiCBzbr5j2eQX3cNoydkRphJ66bqD+DsPW/Ag0WBCQxgRaLgMrdb64fQT+ +fyjbTBLbC8ytt5hpCbm/q5x3TTXDAUNjoB3CnA/tQItBy7qqq/A0d3FZgrr6AixK +58uZ4wauy8LRZCph67UZ8akcgwJkmVn+BwMC3SR2q0+Uo8bW50KPitdV/4lYQ6xt +1KyeKZGHutxITmSyH8nOKewT2ub0VFjXXYBZ/M9qP33QkC5oM7Ofh3/q09ScdrQi +VGVzdCB0d28gKG5vIHBwKSA8dHdvQGV4YW1wbGUuY29tPohfBBMRAgAfBQI/8lJr +AhsDBwsJCAcDAgEDFQIDAxYCAQIeAQIXgAAKCRCXPVDhxA/ez4BDAJ9BfERg655l +7+66jNvqYnNqA89ZKQCdEljx8XYyR1s6BjKx6qHAMv98BYuwAgAAnQFfBD/yUm8Q +BADM2LH52sdNgIzFLw2JRk2lVMadZ/MyPEKpXJli30ISbsDglx9JuBFSmmoq6fCt +64OaY0YVzVb6VPWgt+8loOL+hD+i5uAhyrQRnmA5TJ1qP3rU9XeW02ZppRJmwnqN +HFprQUHVyDHoRUHzyBHokHiYAzgpX4K39/1DM+/ZMxLyqwADBgP+N3Om2eyInXbj +JNbl7CG9RWmYMa5P0K4DeCBbrluM6F+tq9fmt8cwJcs9cw1cWCkDTXa+CFXC6f96 +SSPv+vFqlmaUTbxilIOPw/Cf+WSo0CPLjrozL7BR6gKCDuYSD/vmKzaiArPHUvna +drLsEaZ9LjXmbsEGNYeyJQDopG0Ve3X+BwMCnpwl1WHbzsTWjVsIKmUsEGMYA9F1 +ZiWdmgldefs5RMdNK8xCQRmECAM4oiKLALzwOuWT5tKb0yeBNbticGytF8gaGlLE +txhJ4yTbG7ybiEkEGBECAAkFAj/yUm8CGwwACgkQlz1Q4cQP3s8svgCgmWcpVwvt +DN3nAVT1dMFTvCz0hfwAoI4VszJBesG/8GyLW+e2E+LiQXVqsAIAAJUCBAQ/8lO9 +AQQAqFJWduzk11/m0Ac/K/mab0kzzr3UUor1bkxh4vcxJHOTZF3a9Y6t1WUpwlOX +eCNkY98tRYUg6A40wFgkKz/4jdOaiDtHW2bOqrvJmJ/wH/5zdmDpthu53JEgXUKP +/+j2dfrvYTZYxy2m11DA68QK9iPSBmksglFMQE2IJatwEAEACQEB/gcDAvf7pVB4 +dGre1moI6K7E9y5pKVOlRHNsskFrvRCl4BstmM4iNuZ1C40HObFhk17lXyZ/fera +Cf8/2+OSLRn+T3qok5cGAtImTIrgU+LZ22oqSs6ieTGsW/YBnoa3fManp03eZ5i8 +bwYiIi8WJmYpg6u3j9ewCc+Fd61s3be87d0nGq4P2zA7ymHBHa7qKLvz2dteMPq8 +7LK/tZyiBRVBMcL2klCs6QNf1ozGJVYe++/ajYU5T+clqfAv9A3gnSwvfrK0uiqG +xSdrKGEdsA/lMD5VuT0la/A77qfwoOJQ6TJojMNo6CsG9TV4xK/z0yJgfwmI1T2c +726eBPSHEkyf07AVytcYJdnrFdy33I3ieVVXSvXrTfYMTubQlC7CgubhLs6RAQEe +W+1+z9ZnMxaQVt245qs+vW7N/3YFpKOlAsQAoIWBfX/ME+eaoM6c50vgAhlxhH6r +69a9AsjVGhhIKKh181C3uKrYhEXyPiqKzzxAL8kxvrQmVGVzdCB0aHJlZSAobm8g +cHApIDx0aHJlZUBleGFtcGxlLmNvbT6ItQQTAQIAHwUCP/JTvQIbAwcLCQgHAwIB +AxUCAwMWAgECHgECF4AACgkQ0SC2Juyr9R1qQwP/bCDX1WGk1u0zkKJWJ/VXnuH3 +jk6ZevkuHZICwjlqAxv1de5P3Jeya/4kPmEQTotEv3xcDAZ+9pBL3TrZolAKhxkB +Z08l4QSy76kyf8hB0eoZ2Svs7LrGPBJr6CHX0kyDiapHgAhBKQq9GhNKpIAZuL6D +K2dOaQDtoRSW2iB1h4mwAgAA9gGehrd8xqenTd5nmLxvBiIiLxYmZimDq7eP17AJ +z4V3rWzdt7zt3Scarg/bMDvKYcEdruoou/PZ214w+rzssr+1nKIFFUExwvaSUKzp +A1/WjMYlVh7779qNhTlP5yWp8C/0DeCdLC9+srS6KoZ0cnVzdGRiLmdwZwAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDAwMDY0NAAwMDAx +NzUwADAwMDE3NTAAMDAwMDAwMDIyNjAAMTI3MzY3MjQ2MTcAMDEzNjI3ACAwAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AHVzdGFyADAwdGV5dGhvb24AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0ZXl0aG9v +bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAFncGcDAwEFAQIAAFcXZyEAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAEKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= +=nYpX +-----END PGP ARMORED FILE----- commit 0b8a3358798b7028be872a923da2e275da67d592 Author: Justus Winter Date: Tue Jul 5 14:29:29 2016 +0200 tools/gpgtar: Provide --create and --extract. * tools/gpgtar.c (cmd_and_opt_values): New values. (opts): New actions. (parse_arguments): Handle new actions. * tests/openpgp/gpgtar.scm: Test new interface. Signed-off-by: Justus Winter diff --git a/tests/openpgp/gpgtar.scm b/tests/openpgp/gpgtar.scm index d406079..07f2fd7 100755 --- a/tests/openpgp/gpgtar.scm +++ b/tests/openpgp/gpgtar.scm @@ -47,7 +47,6 @@ (with-temporary-working-directory (call-check `(,(tool 'gpgtar) --gpg ,(tool 'gpg) --gpg-args ,gpgargs --tar-args --directory=. - --decrypt , at extract-flags ,archive)) @@ -57,17 +56,21 @@ testfiles)))) (info "Checking gpgtar without encryption") -(do-test `(--skip-crypto --encrypt) '(--skip-crypto) '(--skip-crypto)) +(do-test '(--skip-crypto --encrypt) '(--skip-crypto) + '(--skip-crypto --decrypt)) + +(info "Checking gpgtar without encryption with nicer actions") +(do-test '(--create) '(--skip-crypto) '(--extract)) (info "Checking gpgtar with asymmetric encryption") -(do-test `(--encrypt --recipient ,usrname2) '() '()) +(do-test `(--encrypt --recipient ,usrname2) '() '(--decrypt)) (info "Checking gpgtar with asymmetric encryption and signature") (do-test `(--encrypt --recipient ,usrname2 --sign --local-user ,usrname3) - '() '()) + '() '(--decrypt)) (info "Checking gpgtar with signature") -(do-test `(--sign --local-user ,usrname3) '() '()) +(do-test `(--sign --local-user ,usrname3) '() '(--decrypt)) (lettmp (passphrasefile) (letfd ((fd (open passphrasefile (logior O_WRONLY O_CREAT O_BINARY) #o600))) @@ -76,13 +79,14 @@ (let ((ppflags `(--gpg-args ,(string-append "--passphrase-file=" passphrasefile)))) (info "Checking gpgtar with symmetric encryption") - (do-test `(, at ppflags --symmetric) ppflags ppflags) + (do-test `(, at ppflags --symmetric) ppflags (cons '--decrypt ppflags)) (info "Checking gpgtar with symmetric encryption and chosen cipher") (do-test `(, at ppflags --symmetric --gpg-args ,(string-append "--cipher=" (car all-cipher-algos))) - ppflags ppflags) + ppflags (cons '--decrypt ppflags)) (info "Checking gpgtar with both symmetric and asymmetric encryption") (do-test `(, at ppflags --symmetric --encrypt --recipient ,usrname2 - --sign --local-user ,usrname3) ppflags ppflags))) + --sign --local-user ,usrname3) + ppflags (cons '--decrypt ppflags)))) diff --git a/tools/gpgtar.c b/tools/gpgtar.c index a3429de..fcbee50 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -48,6 +48,8 @@ enum cmd_and_opt_values { aNull = 0, + aCreate = 600, + aExtract, aEncrypt = 'e', aDecrypt = 'd', aSign = 's', @@ -84,8 +86,10 @@ enum cmd_and_opt_values static ARGPARSE_OPTS opts[] = { ARGPARSE_group (300, N_("@Commands:\n ")), - ARGPARSE_c (aEncrypt, "encrypt", N_("create an archive")), - ARGPARSE_c (aDecrypt, "decrypt", N_("extract an archive")), + ARGPARSE_c (aCreate, "create", N_("create an archive")), + ARGPARSE_c (aExtract, "extract", N_("extract an archive")), + ARGPARSE_c (aEncrypt, "encrypt", N_("create an encrypted archive")), + ARGPARSE_c (aDecrypt, "decrypt", N_("extract an encrypted archive")), ARGPARSE_c (aSign, "sign", N_("create a signed archive")), ARGPARSE_c (aList, "list-archive", N_("list an archive")), @@ -317,6 +321,16 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) set_cmd (&cmd, pargs->r_opt); break; + case aCreate: + set_cmd (&cmd, aEncrypt); + skip_crypto = 1; + break; + + case aExtract: + set_cmd (&cmd, aDecrypt); + skip_crypto = 1; + break; + case oRecipient: add_to_strlist (&opt.recipients, pargs->r.ret_str); break; ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/ffi.c | 10 +- tests/gpgscm/tests.scm | 20 +- tests/migrations/Makefile.am | 21 +- tests/migrations/common.scm | 7 +- ...ded-private-key-format.scm => extended-pkf.scm} | 17 +- tests/migrations/extended-pkf.tar.asc | 220 +++++++++++++++++++++ ...3FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc | 27 --- ...43D8AF79796EE107D645A2787A9D9252F924E6F.key.asc | 17 -- ...B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc | 20 -- .../pubring.kbx.asc | 39 ---- .../trustdb.gpg.asc | 31 --- .../from-classic.gpghome/pubring.gpg.asc | 54 ----- .../from-classic.gpghome/secring.gpg.asc | 68 ------- .../from-classic.gpghome/trustdb.gpg.asc | 31 --- tests/migrations/from-classic.scm | 8 +- tests/migrations/from-classic.tar.asc | 209 ++++++++++++++++++++ tests/openpgp/Makefile.am | 3 + tests/openpgp/gpgtar.scm | 20 +- tools/gpgtar.c | 18 +- 19 files changed, 500 insertions(+), 340 deletions(-) rename tests/migrations/{extended-private-key-format.scm => extended-pkf.scm} (69%) create mode 100644 tests/migrations/extended-pkf.tar.asc delete mode 100644 tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc delete mode 100644 tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc delete mode 100644 tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc delete mode 100644 tests/migrations/extended-private-key-format.gpghome/pubring.kbx.asc delete mode 100644 tests/migrations/extended-private-key-format.gpghome/trustdb.gpg.asc delete mode 100644 tests/migrations/from-classic.gpghome/pubring.gpg.asc delete mode 100644 tests/migrations/from-classic.gpghome/secring.gpg.asc delete mode 100644 tests/migrations/from-classic.gpghome/trustdb.gpg.asc create mode 100644 tests/migrations/from-classic.tar.asc hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 5 18:52:49 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 05 Jul 2016 18:52:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-115-g5d1a9c4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5d1a9c4dc823b418db6c4686da55ee3abdf023b0 (commit) from 8270580a5a70874beeffcdd16221937db4bcdc93 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5d1a9c4dc823b418db6c4686da55ee3abdf023b0 Author: Werner Koch Date: Tue Jul 5 18:49:06 2016 +0200 gpg: Fix possible out-of-bounds read in is_armored. * g10/armor.c (check_input): Call is_armored only if LEN >= 2. (unarmor_pump): Use a 2 byte buffer for is_armored. -- Fixes-commit: 605276ef8cd449bfd574ae6c498fa5d7d265c5c7 Signed-off-by: Werner Koch diff --git a/g10/armor.c b/g10/armor.c index e4503b8..9e58520 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -190,13 +190,18 @@ initialize(void) is_initialized=1; } -/**************** - * Check whether this is an armored file or not See also + +/* + * Check whether this is an armored file. See also * parse-packet.c for details on this code. + * + * Note that the buffer BUF needs to be at least 2 bytes long. If in + * doubt that the second byte to 0. + * * Returns: True if it seems to be armored */ static int -is_armored( const byte *buf ) +is_armored (const byte *buf) { int ctb, pkttype; int indeterminate_length_allowed; @@ -532,7 +537,7 @@ check_input( armor_filter_context_t *afx, IOBUF a ) /* (the line is always a C string but maybe longer) */ if( *line == '\n' || ( len && (*line == '\r' && line[1]=='\n') ) ) ; - else if( !is_armored( line ) ) { + else if (len >= 2 && !is_armored (line)) { afx->inp_checked = 1; afx->inp_bypass = 1; return 0; @@ -1411,8 +1416,9 @@ unarmor_pump (UnarmorPump x, int c) switch (x->state) { case STA_init: { - byte tmp[1]; + byte tmp[2]; tmp[0] = c; + tmp[1] = 0; if ( is_armored (tmp) ) x->state = c == '-'? STA_first_dash : STA_wait_newline; else { ----------------------------------------------------------------------- Summary of changes: g10/armor.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 5 22:12:46 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 05 Jul 2016 22:12:46 +0200 Subject: [git] GPGME - branch, gpgme-1.4-branch, updated. gpgme-1.4.4-1-g7a0e7f9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, gpgme-1.4-branch has been updated via 7a0e7f93f727e82d9404655b96abb0a8558cb2e5 (commit) from 998e454a320db77361feddf0dcc5ba39ebd9a49b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7a0e7f93f727e82d9404655b96abb0a8558cb2e5 Author: Werner Koch Date: Tue Aug 12 10:36:30 2014 +0200 Handle modern keyserver output which may emit the fingerprint. * src/engine-gpg.c (read_colon_line): Split preprocessed lines. (gpg_keylist_preprocess): Limit keyid field and print fingerprint. diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 36f035a..924ba44 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1237,10 +1237,26 @@ read_colon_line (engine_gpg_t gpg) } assert (gpg->colon.fnc); - gpg->colon.fnc (gpg->colon.fnc_value, line ? line : buffer); - if (line) - free (line); - } + if (line) + { + char *linep = line; + char *endp; + + do + { + endp = strchr (linep, '\n'); + if (endp) + *endp++ = 0; + gpg->colon.fnc (gpg->colon.fnc_value, linep); + linep = endp; + } + while (linep && *linep); + + free (line); + } + else + gpg->colon.fnc (gpg->colon.fnc_value, buffer); + } /* To reuse the buffer for the next line we have to shift the remaining data to the buffer start and @@ -2059,6 +2075,7 @@ gpg_keylist_preprocess (char *line, char **r_line) #define NR_FIELDS 16 char *field[NR_FIELDS]; int fields = 0; + size_t n; *r_line = NULL; @@ -2094,16 +2111,34 @@ gpg_keylist_preprocess (char *line, char **r_line) pub:::::: as defined in 5.2. Machine Readable Indexes of the OpenPGP - HTTP Keyserver Protocol (draft). + HTTP Keyserver Protocol (draft). Modern versions of the SKS + keyserver return the fingerprint instead of the keyid. We + detect this here and use the v4 fingerprint format to convert + it to a key id. We want: pub:o::::::::::::: */ - if (asprintf (r_line, "pub:o%s:%s:%s:%s:%s:%s::::::::", - field[6], field[3], field[2], field[1], - field[4], field[5]) < 0) - return gpg_error_from_syserror (); + n = strlen (field[1]); + if (n > 16) + { + if (asprintf (r_line, + "pub:o%s:%s:%s:%s:%s:%s::::::::\n" + "fpr:::::::::%s:", + field[6], field[3], field[2], field[1] + n - 16, + field[4], field[5], field[1]) < 0) + return gpg_error_from_syserror (); + } + else + { + if (asprintf (r_line, + "pub:o%s:%s:%s:%s:%s:%s::::::::", + field[6], field[3], field[2], field[1], + field[4], field[5]) < 0) + return gpg_error_from_syserror (); + } + return 0; case RT_UID: ----------------------------------------------------------------------- Summary of changes: src/engine-gpg.c | 53 ++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 9 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 5 22:12:48 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 05 Jul 2016 22:12:48 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-199-g49a6ee5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 49a6ee50587c9d4b6f07e60ce1a939c863e7f15c (commit) via 47bfbc9026b49b9918359af5fcc1621aab0d1065 (commit) via 72b83ffc4d7581f4efef3bd7c261d7d7424bcf0e (commit) from 329ab93f7ed862d7f4c0501fca5355936a74ac52 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 49a6ee50587c9d4b6f07e60ce1a939c863e7f15c Author: Andre Heinecke Date: Tue Jul 5 22:11:42 2016 +0200 Qt: Fix test build with Qt < 5.4.0 * lang/qt/tests/t-keylist.cpp, lang/qt/tests/t-keylocate.cpp, lang/qt/tests/t-ownertrust.cpp: Use old style SIGNAl syntax for QSignalSpy diff --git a/lang/qt/tests/t-keylist.cpp b/lang/qt/tests/t-keylist.cpp index 40cb13c..5d63fca 100644 --- a/lang/qt/tests/t-keylist.cpp +++ b/lang/qt/tests/t-keylist.cpp @@ -69,7 +69,7 @@ private Q_SLOTS: Q_EMIT asyncDone(); }); job->start(QStringList() << "alfa at example.net"); - QSignalSpy spy (this, &KeyListTest::asyncDone); + QSignalSpy spy (this, SIGNAL(asyncDone())); Q_ASSERT(spy.wait()); } diff --git a/lang/qt/tests/t-keylocate.cpp b/lang/qt/tests/t-keylocate.cpp index 12ab551..682f722 100644 --- a/lang/qt/tests/t-keylocate.cpp +++ b/lang/qt/tests/t-keylocate.cpp @@ -80,7 +80,7 @@ private Q_SLOTS: Q_EMIT asyncDone(); }); job->start(QStringList() << mTestpattern); - QSignalSpy spy (this, &KeyLocateTest::asyncDone); + QSignalSpy spy (this, SIGNAL(asyncDone())); Q_ASSERT(spy.wait()); qputenv("GNUPGHOME", oldHome.toUtf8()); } @@ -111,7 +111,7 @@ private Q_SLOTS: Q_EMIT asyncDone(); }); job->start(QStringList() << mTestpattern); - QSignalSpy spy (this, &KeyLocateTest::asyncDone); + QSignalSpy spy (this, SIGNAL(asyncDone())); Q_ASSERT(spy.wait()); } diff --git a/lang/qt/tests/t-ownertrust.cpp b/lang/qt/tests/t-ownertrust.cpp index eb6c3db..9a0c1cd 100644 --- a/lang/qt/tests/t-ownertrust.cpp +++ b/lang/qt/tests/t-ownertrust.cpp @@ -70,7 +70,7 @@ private Q_SLOTS: Q_EMIT asyncDone(); }); job2->start(key, Key::Ultimate); - QSignalSpy spy (this, &ChangeOwnerTrustTest::asyncDone); + QSignalSpy spy (this, SIGNAL(asyncDone())); Q_ASSERT(spy.wait()); job = openpgp()->keyListJob(false, true, true); commit 47bfbc9026b49b9918359af5fcc1621aab0d1065 Author: Andre Heinecke Date: Tue Jul 5 22:10:18 2016 +0200 Qt: More robust lookup of Cpp's context.h * lang/qt/src/threadedjobmixin.h: When building qgpgme look for context.h in the full cpp subdirectory. -- Gpgme core also contains a context.h that can lead to confusion otherwise. diff --git a/lang/qt/src/threadedjobmixin.h b/lang/qt/src/threadedjobmixin.h index 62d7f1c..b29b827 100644 --- a/lang/qt/src/threadedjobmixin.h +++ b/lang/qt/src/threadedjobmixin.h @@ -41,7 +41,7 @@ #include #ifdef BUILDING_QGPGME -# include "context.h" +# include "lang/cpp/src/context.h" # include "interfaces/progressprovider.h" #else # include commit 72b83ffc4d7581f4efef3bd7c261d7d7424bcf0e Author: Andre Heinecke Date: Tue Mar 1 13:11:13 2016 +0100 w32: Fallback to 2.1 reg key for gpgconf search * src/w32-util.c (_gpgme_get_gpgconf_path): Fallback to 2.1 installer registry key. -- Finding gpgconf is utterly important so we should be as compatible as possible. diff --git a/src/w32-util.c b/src/w32-util.c index a27955b..0086fe3 100644 --- a/src/w32-util.c +++ b/src/w32-util.c @@ -563,15 +563,26 @@ _gpgme_get_gpgconf_path (void) gpgconf = find_program_at_standard_place (name2); } - /* 3. Try to find gpgconf.exe using that ancient registry key. This - should eventually be removed. */ + /* 3. Try to find gpgconf.exe using the Windows registry. */ if (!gpgconf) { char *dir; - dir = read_w32_registry_string ("HKEY_LOCAL_MACHINE", + dir = read_w32_registry_string (NULL, "Software\\GNU\\GnuPG", "Install Directory"); + if (!dir) + { + char *tmp = read_w32_registry_string (NULL, + "Software\\GnuPG", + "Install Directory"); + if (tmp) + { + if (gpgrt_asprintf (&dir, "%s\\bin", tmp) == -1) + return NULL; + free (tmp); + } + } if (dir) { gpgconf = find_program_in_dir (dir, name); ----------------------------------------------------------------------- Summary of changes: lang/qt/src/threadedjobmixin.h | 2 +- lang/qt/tests/t-keylist.cpp | 2 +- lang/qt/tests/t-keylocate.cpp | 4 ++-- lang/qt/tests/t-ownertrust.cpp | 2 +- src/w32-util.c | 17 ++++++++++++++--- 5 files changed, 19 insertions(+), 8 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 6 04:50:33 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 06 Jul 2016 04:50:33 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.20-13-gca1fc59 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via ca1fc596267b42a894a3fc85c3733007c672ed1f (commit) from 39e32d375ef72874848f138d941d6d17f5aff85c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ca1fc596267b42a894a3fc85c3733007c672ed1f Author: NIIBE Yutaka Date: Wed Jul 6 11:45:05 2016 +0900 g10: Fix keysize with --expert. * g10/keygen.c (ask_keysize): It's 768 only for DSA. -- GnuPG-bug-id: 2238 Signed-off-by: NIIBE Yutaka diff --git a/g10/keygen.c b/g10/keygen.c index 76ee74e..268fce5 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1582,8 +1582,8 @@ ask_keysize (int algo, unsigned int primary_keysize) int for_subkey = !!primary_keysize; int autocomp = 0; - if(opt.expert) - min=512; + if(opt.expert && algo == PUBKEY_ALGO_DSA) + min=768; else min=1024; ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 6 05:09:09 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 06 Jul 2016 05:09:09 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.30-8-g1c15136 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 1c151368956e4558946d29d1698d9ae5028e62a7 (commit) from 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1c151368956e4558946d29d1698d9ae5028e62a7 Author: NIIBE Yutaka Date: Wed Jul 6 11:45:05 2016 +0900 g10: Fix keysize with --expert. * g10/keygen.c (ask_keysize): It's 768 only for DSA. -- (forwardport of 1.4 commit ca1fc596267b42a894a3fc85c3733007c672ed1f) GnuPG-bug-id: 2238 Signed-off-by: NIIBE Yutaka diff --git a/g10/keygen.c b/g10/keygen.c index 560480d..1ad39bf 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1802,8 +1802,8 @@ ask_keysize (int algo, unsigned int primary_keysize) int for_subkey = !!primary_keysize; int autocomp = 0; - if(opt.expert) - min=512; + if(opt.expert && algo == PUBKEY_ALGO_DSA) + min=768; else min=1024; ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 6 11:30:57 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 06 Jul 2016 11:30:57 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-201-g4934893 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 4934893e27a50f5715dcd4d2907ecbe629921b32 (commit) via 7a8c04f66d382dc49d962ad18c46d7ad332ccc0f (commit) from 49a6ee50587c9d4b6f07e60ce1a939c863e7f15c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4934893e27a50f5715dcd4d2907ecbe629921b32 Author: Andre Heinecke Date: Wed Jul 6 11:28:11 2016 +0200 Qt: Fix include order when buildin test * lang/qt/tests/Makefile.am (AM_CPPFLAGS): Include cpp before gpgme src directory. -- This fixes a problem where context.h would be picked up from gpgme/src instead of including the context.h from gpgme++. diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index c228000..379abb3 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -34,10 +34,10 @@ LDADD = ../../cpp/src/libgpgmepp.la ../src/libqgpgme.la \ ../../../src/libgpgme.la @GPGME_QT_LIBS@ @GPG_ERROR_LIBS@ \ @GPGME_QTTEST_LIBS@ -lstdc++ -AM_CPPFLAGS = -I$(top_builddir)/src @GPG_ERROR_CFLAGS@ \ - @GPGME_QT_CFLAGS@ @GPG_ERROR_CFLAGS@ @LIBASSUAN_CFLAGS@ \ - @GPGME_QTTEST_CFLAGS@ -DBUILDING_QGPGME \ - -I$(top_srcdir)/lang/cpp/src -I$(top_srcdir)/lang/qt/src \ +AM_CPPFLAGS = -I$(top_srcdir)/lang/cpp/src -I$(top_builddir)/src \ + @GPG_ERROR_CFLAGS@ @GPGME_QT_CFLAGS@ @GPG_ERROR_CFLAGS@ \ + @LIBASSUAN_CFLAGS@ @GPGME_QTTEST_CFLAGS@ -DBUILDING_QGPGME \ + -I$(top_srcdir)/lang/qt/src \ -DTOP_SRCDIR="$(top_srcdir)" check-local: ./pubring-stamp commit 7a8c04f66d382dc49d962ad18c46d7ad332ccc0f Author: Andre Heinecke Date: Wed Jul 6 11:22:10 2016 +0200 Revert "Qt: More robust lookup of Cpp's context.h" * lang/qt/src/threadedjobmixin.h: Revert using full path for context.h -- This reverts commit 47bfbc9026b49b9918359af5fcc1621aab0d1065 as it causes problems depending on the include path. The proper fix will be to ensure that cpp/src is included before gpgme/src. diff --git a/lang/qt/src/threadedjobmixin.h b/lang/qt/src/threadedjobmixin.h index b29b827..62d7f1c 100644 --- a/lang/qt/src/threadedjobmixin.h +++ b/lang/qt/src/threadedjobmixin.h @@ -41,7 +41,7 @@ #include #ifdef BUILDING_QGPGME -# include "lang/cpp/src/context.h" +# include "context.h" # include "interfaces/progressprovider.h" #else # include ----------------------------------------------------------------------- Summary of changes: lang/qt/src/threadedjobmixin.h | 2 +- lang/qt/tests/Makefile.am | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 6 11:33:38 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Jul 2016 11:33:38 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-118-gfdfde91 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fdfde91595109e51a5b8fafd292244ad41dfb83d (commit) via 7e0c48eb6f18a80142ca2a0f76fe8d270a4e5b33 (commit) via 9385dfeb9dd6d83608a10c7896c341f585a25a2b (commit) from 5d1a9c4dc823b418db6c4686da55ee3abdf023b0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fdfde91595109e51a5b8fafd292244ad41dfb83d Author: Werner Koch Date: Wed Jul 6 10:35:36 2016 +0200 gpg: Document use of node flags in import.c and remove unused args. * g10/import.c (NODE_GOOD_SELFSIG): New. Use instead of 1. (NODE_BAD_SELFSIG): New. Use instead of 2. (NODE_DELETION_MARK): New. Use instead of 4. (NODE_FLAG_A): New. Use to mark new nodes in merge_blocks. (chk_self_sigs): Remove unused args FNAME and PK. (import_one): Adjust call. Simplify error return because chk_self_sigs does not return an error code. (append_uid, append_key, merge_sigs, merge_keysigs): Remove unsued args FNAME and KEYID. (merge_blocks, import_one, import_secret_one) (import_revoke_cert): Remove unused arg FNAME. -- Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index e4b05f7..8cfd6ea 100644 --- a/g10/import.c +++ b/g10/import.c @@ -64,6 +64,18 @@ struct import_stats_s }; +/* Node flag to indicate that a user ID or a subkey has a + * valid self-signature. */ +#define NODE_GOOD_SELFSIG 1 +/* Node flag to indicate that a user ID or subkey has + * an invalid self-signature. */ +#define NODE_BAD_SELFSIG 2 +/* Node flag to indicate that the node shall be deleted. */ +#define NODE_DELETION_MARK 4 +/* A node flag used to temporary mark a node. */ +#define NODE_FLAG_A 8 + + /* A global variable to store the selector created from * --import-filter keep-uid=EXPR. * @@ -82,32 +94,26 @@ static int read_block (IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys); static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); static int import_one (ctrl_t ctrl, - const char *fname, kbnode_t keyblock, + kbnode_t keyblock, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, int from_sk, int silent, import_screener_t screener, void *screener_arg); -static int import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock, +static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, int batch, unsigned int options, int for_migration, import_screener_t screener, void *screener_arg); -static int import_revoke_cert( const char *fname, kbnode_t node, - struct import_stats_s *stats); -static int chk_self_sigs (const char *fname, kbnode_t keyblock, - PKT_public_key *pk, u32 *keyid, int *non_self ); -static int delete_inv_parts (const char *fname, kbnode_t keyblock, - u32 *keyid, unsigned int options ); -static int merge_blocks (const char *fname, kbnode_t keyblock_orig, +static int import_revoke_cert (kbnode_t node, struct import_stats_s *stats); +static int chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self); +static int delete_inv_parts (kbnode_t keyblock, + u32 *keyid, unsigned int options); +static int merge_blocks (kbnode_t keyblock_orig, kbnode_t keyblock, u32 *keyid, int *n_uids, int *n_sigs, int *n_subk ); -static int append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs, - const char *fname, u32 *keyid ); -static int append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs, - const char *fname, u32 *keyid ); -static int merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs, - const char *fname, u32 *keyid ); -static int merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs, - const char *fname, u32 *keyid ); +static int append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs); +static int append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs); +static int merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs); +static int merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs); @@ -391,16 +397,16 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, { stats->v3keys += v3keys; if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) - rc = import_one (ctrl, fname, keyblock, + rc = import_one (ctrl, keyblock, stats, fpr, fpr_len, options, 0, 0, screener, screener_arg); else if (keyblock->pkt->pkttype == PKT_SECRET_KEY) - rc = import_secret_one (ctrl, fname, keyblock, stats, + rc = import_secret_one (ctrl, keyblock, stats, opt.batch, options, 0, screener, screener_arg); else if (keyblock->pkt->pkttype == PKT_SIGNATURE && keyblock->pkt->pkt.signature->sig_class == 0x20 ) - rc = import_revoke_cert( fname, keyblock, stats ); + rc = import_revoke_cert (keyblock, stats); else { log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype); @@ -464,7 +470,7 @@ import_old_secring (ctrl_t ctrl, const char *fname) while (!(err = read_block (inp, &pending_pkt, &keyblock, &v3keys))) { if (keyblock->pkt->pkttype == PKT_SECRET_KEY) - err = import_secret_one (ctrl, fname, keyblock, stats, 1, 0, 1, + err = import_secret_one (ctrl, keyblock, stats, 1, 0, 1, NULL, NULL); release_kbnode (keyblock); if (err) @@ -770,8 +776,8 @@ fix_pks_corruption (kbnode_t keyblock) } else { - sknode->flag |= 1; /* Mark it good so we don't need to - check it again */ + /* Mark it good so we don't need to check it again */ + sknode->flag |= NODE_GOOD_SELFSIG; changed = 1; break; } @@ -1118,7 +1124,7 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) */ static int import_one (ctrl_t ctrl, - const char *fname, kbnode_t keyblock, struct import_stats_s *stats, + kbnode_t keyblock, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, int from_sk, int silent, import_screener_t screener, void *screener_arg) @@ -1208,26 +1214,28 @@ import_one (ctrl_t ctrl, log_info (_("key %s: PKS subkey corruption repaired\n"), keystr_from_pk(pk)); - rc = chk_self_sigs( fname, keyblock , pk, keyid, &non_self ); - if (rc ) - return rc== -1? 0:rc; + if (chk_self_sigs (keyblock, keyid, &non_self)) + return 0; /* Invalid keyblock - error already printed. */ /* If we allow such a thing, mark unsigned uids as valid */ if (opt.allow_non_selfsigned_uid) { for (node=keyblock; node; node = node->next ) - if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) ) + if (node->pkt->pkttype == PKT_USER_ID + && !(node->flag & NODE_GOOD_SELFSIG) + && !(node->flag & NODE_BAD_SELFSIG) ) { char *user=utf8_to_native(node->pkt->pkt.user_id->name, node->pkt->pkt.user_id->len,0); - node->flag |= 1; + /* Fake a good signature status for the user id. */ + node->flag |= NODE_GOOD_SELFSIG; log_info( _("key %s: accepted non self-signed user ID \"%s\"\n"), keystr_from_pk(pk),user); xfree(user); } } - if (!delete_inv_parts( fname, keyblock, keyid, options ) ) + if (!delete_inv_parts (keyblock, keyid, options ) ) { if (!silent) { @@ -1399,7 +1407,7 @@ import_one (ctrl_t ctrl, clear_kbnode_flags( keyblock_orig ); clear_kbnode_flags( keyblock ); n_uids = n_sigs = n_subk = n_uids_cleaned = 0; - rc = merge_blocks( fname, keyblock_orig, keyblock, + rc = merge_blocks (keyblock_orig, keyblock, keyid, &n_uids, &n_sigs, &n_subk ); if (rc ) { @@ -1884,7 +1892,7 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) * with the trust calculation. */ static int -import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock, +import_secret_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, int batch, unsigned int options, int for_migration, import_screener_t screener, void *screener_arg) @@ -1984,7 +1992,7 @@ import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock, /* Note that this outputs an IMPORT_OK status message for the public key block, and below we will output another one for the secret keys. FIXME? */ - import_one (ctrl, fname, pub_keyblock, stats, + import_one (ctrl, pub_keyblock, stats, NULL, NULL, options, 1, for_migration, screener, screener_arg); @@ -2052,8 +2060,7 @@ import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock, * Import a revocation certificate; this is a single signature packet. */ static int -import_revoke_cert (const char *fname, kbnode_t node, - struct import_stats_s *stats) +import_revoke_cert (kbnode_t node, struct import_stats_s *stats) { PKT_public_key *pk = NULL; kbnode_t onode; @@ -2062,8 +2069,6 @@ import_revoke_cert (const char *fname, kbnode_t node, u32 keyid[2]; int rc = 0; - (void)fname; - log_assert (!node->next ); log_assert (node->pkt->pkttype == PKT_SIGNATURE ); log_assert (node->pkt->pkt.signature->sig_class == 0x20 ); @@ -2179,18 +2184,21 @@ import_revoke_cert (const char *fname, kbnode_t node, } -/* - * Loop over the keyblock and check all self signatures. - * Mark all user-ids with a self-signature by setting flag bit 0. - * Mark all user-ids with an invalid self-signature by setting bit 1. - * This works also for subkeys, here the subkey is marked. Invalid or - * extra subkey sigs (binding or revocation) are marked for deletion. - * non_self is set to true if there are any sigs other than self-sigs +/* Loop over the keyblock and check all self signatures. On return + * the following bis in the node flags are set: + * + * - NODE_GOOD_SELFSIG :: User ID or subkey has a self-signature + * - NODE_BAD_SELFSIG :: Used ID or subkey has an invalid self-signature + * - NODE_DELETION_MARK :: This node shall be deleted + * + * NON_SELF is set to true if there are any sigs other than self-sigs * in this keyblock. + * + * Returns 0 on success or -1 (but not an error code) if the keyblock + * is invalid. */ static int -chk_self_sigs (const char *fname, kbnode_t keyblock, - PKT_public_key *pk, u32 *keyid, int *non_self ) +chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self ) { kbnode_t n, knode = NULL; PKT_signature *sig; @@ -2198,9 +2206,6 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, u32 bsdate=0, rsdate=0; kbnode_t bsnode = NULL, rsnode = NULL; - (void)fname; - (void)pk; - for (n=keyblock; (n = find_next_kbnode (n, 0)); ) { if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY) @@ -2239,7 +2244,7 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, } /* If it hasn't been marked valid yet, keep trying. */ - if (!(unode->flag&1)) + if (!(unode->flag & NODE_GOOD_SELFSIG)) { rc = check_key_signature (keyblock, n, NULL); if ( rc ) @@ -2259,7 +2264,7 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, } } else - unode->flag |= 1; /* Mark that signature checked. */ + unode->flag |= NODE_GOOD_SELFSIG; } } else if (IS_KEY_SIG (sig)) @@ -2272,7 +2277,7 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, _("key %s: unsupported public key algorithm\n"): _("key %s: invalid direct key signature\n"), keystr (keyid)); - n->flag |= 4; + n->flag |= NODE_DELETION_MARK; } } else if ( IS_SUBKEY_SIG (sig) ) @@ -2286,7 +2291,7 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, if (opt.verbose) log_info (_("key %s: no subkey for key binding\n"), keystr (keyid)); - n->flag |= 4; /* delete this */ + n->flag |= NODE_DELETION_MARK; } else { @@ -2299,19 +2304,19 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, " algorithm\n"): _("key %s: invalid subkey binding\n"), keystr (keyid)); - n->flag |= 4; + n->flag |= NODE_DELETION_MARK; } else { /* It's valid, so is it newer? */ if (sig->timestamp >= bsdate) { - knode->flag |= 1; /* The subkey is valid. */ + knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ if (bsnode) { /* Delete the last binding sig since this one is newer */ - bsnode->flag |= 4; + bsnode->flag |= NODE_DELETION_MARK; if (opt.verbose) log_info (_("key %s: removed multiple subkey" " binding\n"),keystr(keyid)); @@ -2321,7 +2326,7 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, bsdate = sig->timestamp; } else - n->flag |= 4; /* older */ + n->flag |= NODE_DELETION_MARK; /* older */ } } } @@ -2337,7 +2342,7 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, if (opt.verbose) log_info (_("key %s: no subkey for key revocation\n"), keystr(keyid)); - n->flag |= 4; /* delete this */ + n->flag |= NODE_DELETION_MARK; } else { @@ -2350,7 +2355,7 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, " key algorithm\n"): _("key %s: invalid subkey revocation\n"), keystr(keyid)); - n->flag |= 4; + n->flag |= NODE_DELETION_MARK; } else { @@ -2361,7 +2366,7 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, { /* Delete the last revocation sig since this one is newer. */ - rsnode->flag |= 4; + rsnode->flag |= NODE_DELETION_MARK; if (opt.verbose) log_info (_("key %s: removed multiple subkey" " revocation\n"),keystr(keyid)); @@ -2371,7 +2376,7 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, rsdate = sig->timestamp; } else - n->flag |= 4; /* older */ + n->flag |= NODE_DELETION_MARK; /* older */ } } } @@ -2381,28 +2386,25 @@ chk_self_sigs (const char *fname, kbnode_t keyblock, } -/**************** - * delete all parts which are invalid and those signatures whose - * public key algorithm is not available in this implemenation; - * but consider RSA as valid, because parse/build_packets knows - * about it. - * returns: true if at least one valid user-id is left over. +/* Delete all parts which are invalid and those signatures whose + * public key algorithm is not available in this implemenation; but + * consider RSA as valid, because parse/build_packets knows about it. + * + * Returns: True if at least one valid user-id is left over. */ static int -delete_inv_parts( const char *fname, kbnode_t keyblock, - u32 *keyid, unsigned int options) +delete_inv_parts (kbnode_t keyblock, u32 *keyid, unsigned int options) { kbnode_t node; int nvalid=0, uid_seen=0, subkey_seen=0; - (void)fname; - for (node=keyblock->next; node; node = node->next ) { if (node->pkt->pkttype == PKT_USER_ID) { uid_seen = 1; - if ((node->flag & 2) || !(node->flag & 1) ) + if ((node->flag & NODE_BAD_SELFSIG) + || !(node->flag & NODE_GOOD_SELFSIG)) { if (opt.verbose ) { @@ -2428,7 +2430,8 @@ delete_inv_parts( const char *fname, kbnode_t keyblock, else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY || node->pkt->pkttype == PKT_SECRET_SUBKEY ) { - if ((node->flag & 2) || !(node->flag & 1) ) + if ((node->flag & NODE_BAD_SELFSIG) + || !(node->flag & NODE_GOOD_SELFSIG)) { if (opt.verbose ) log_info( _("key %s: skipped subkey\n"),keystr(keyid)); @@ -2516,7 +2519,7 @@ delete_inv_parts( const char *fname, kbnode_t keyblock, node->pkt->pkt.signature->sig_class); delete_kbnode(node); } - else if ((node->flag & 4) ) /* marked for deletion */ + else if ((node->flag & NODE_DELETION_MARK)) delete_kbnode( node ); } @@ -2743,10 +2746,10 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) * the signature's public key yet; verification is done when putting it * into the trustdb, which is done automagically as soon as this pubkey * is used. - * Note: We indicate newly inserted packets with flag bit 0 + * Note: We indicate newly inserted packets with NODE_FLAG_A. */ static int -merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, +merge_blocks (kbnode_t keyblock_orig, kbnode_t keyblock, u32 *keyid, int *n_uids, int *n_sigs, int *n_subk ) { kbnode_t onode, node; @@ -2779,7 +2782,7 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, { kbnode_t n2 = clone_kbnode(node); insert_kbnode( keyblock_orig, n2, 0 ); - n2->flag |= 1; + n2->flag |= NODE_FLAG_A; ++*n_sigs; if(!opt.quiet) { @@ -2819,7 +2822,7 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, { kbnode_t n2 = clone_kbnode(node); insert_kbnode( keyblock_orig, n2, 0 ); - n2->flag |= 1; + n2->flag |= NODE_FLAG_A; ++*n_sigs; if(!opt.quiet) log_info( _("key %s: direct key signature added\n"), @@ -2831,7 +2834,7 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, /* 3rd: try to merge new certificates in */ for (onode=keyblock_orig->next; onode; onode=onode->next) { - if (!(onode->flag & 1) && onode->pkt->pkttype == PKT_USER_ID) + if (!(onode->flag & NODE_FLAG_A) && onode->pkt->pkttype == PKT_USER_ID) { /* find the user id in the imported keyblock */ for (node=keyblock->next; node; node=node->next) @@ -2841,7 +2844,7 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, break; if (node ) /* found: merge */ { - rc = merge_sigs( onode, node, n_sigs, fname, keyid ); + rc = merge_sigs (onode, node, n_sigs); if (rc ) return rc; } @@ -2861,7 +2864,7 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, break; if (!onode ) /* this is a new user id: append */ { - rc = append_uid( keyblock_orig, node, n_sigs, fname, keyid); + rc = append_uid (keyblock_orig, node, n_sigs); if (rc ) return rc; ++*n_uids; @@ -2883,7 +2886,7 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, break; if (!onode ) /* This is a new subkey: append. */ { - rc = append_key (keyblock_orig, node, n_sigs, fname, keyid); + rc = append_key (keyblock_orig, node, n_sigs); if (rc) return rc; ++*n_subk; @@ -2899,7 +2902,7 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, break; if (!onode ) /* This is a new subkey: append. */ { - rc = append_key (keyblock_orig, node, n_sigs, fname, keyid); + rc = append_key (keyblock_orig, node, n_sigs); if (rc ) return rc; ++*n_subk; @@ -2910,7 +2913,7 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, /* 6th: merge subkey certificates */ for (onode=keyblock_orig->next; onode; onode=onode->next) { - if (!(onode->flag & 1) + if (!(onode->flag & NODE_FLAG_A) && (onode->pkt->pkttype == PKT_PUBLIC_SUBKEY || onode->pkt->pkttype == PKT_SECRET_SUBKEY)) { @@ -2925,7 +2928,7 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, } if (node) /* Found: merge. */ { - rc = merge_keysigs( onode, node, n_sigs, fname, keyid ); + rc = merge_keysigs( onode, node, n_sigs); if (rc ) return rc; } @@ -2936,19 +2939,15 @@ merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock, } -/* +/* Helper function for merge_blocks. * Append the userid starting with NODE and all signatures to KEYBLOCK. */ static int -append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs, - const char *fname, u32 *keyid ) +append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs) { kbnode_t n; kbnode_t n_where = NULL; - (void)fname; - (void)keyid; - log_assert (node->pkt->pkttype == PKT_USER_ID ); /* find the position */ @@ -2974,8 +2973,8 @@ append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs, } else add_kbnode( keyblock, n ); - n->flag |= 1; - node->flag |= 1; + n->flag |= NODE_FLAG_A; + node->flag |= NODE_FLAG_A; if (n->pkt->pkttype == PKT_SIGNATURE ) ++*n_sigs; @@ -2988,20 +2987,16 @@ append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs, } -/* +/* Helper function for merge_blocks * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_USER_ID. * (how should we handle comment packets here?) */ static int -merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs, - const char *fname, u32 *keyid) +merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs) { kbnode_t n, n2; int found = 0; - (void)fname; - (void)keyid; - log_assert (dst->pkt->pkttype == PKT_USER_ID); log_assert (src->pkt->pkttype == PKT_USER_ID); @@ -3027,8 +3022,8 @@ merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs, * one is released first */ n2 = clone_kbnode(n); insert_kbnode( dst, n2, PKT_SIGNATURE ); - n2->flag |= 1; - n->flag |= 1; + n2->flag |= NODE_FLAG_A; + n->flag |= NODE_FLAG_A; ++*n_sigs; } } @@ -3037,19 +3032,15 @@ merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs, } -/* +/* Helper function for merge_blocks * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_xxx_SUBKEY. */ static int -merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs, - const char *fname, u32 *keyid) +merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs) { kbnode_t n, n2; int found = 0; - (void)fname; - (void)keyid; - log_assert (dst->pkt->pkttype == PKT_PUBLIC_SUBKEY || dst->pkt->pkttype == PKT_SECRET_SUBKEY); @@ -3088,8 +3079,8 @@ merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs, * one is released first */ n2 = clone_kbnode(n); insert_kbnode( dst, n2, PKT_SIGNATURE ); - n2->flag |= 1; - n->flag |= 1; + n2->flag |= NODE_FLAG_A; + n->flag |= NODE_FLAG_A; ++*n_sigs; } } @@ -3098,19 +3089,15 @@ merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs, } -/* +/* Helper function for merge_blocks. * Append the subkey starting with NODE and all signatures to KEYBLOCK. * Mark all new and copied packets by setting flag bit 0. */ static int -append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs, - const char *fname, u32 *keyid) +append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs) { kbnode_t n; - (void)fname; - (void)keyid; - log_assert (node->pkt->pkttype == PKT_PUBLIC_SUBKEY || node->pkt->pkttype == PKT_SECRET_SUBKEY); @@ -3120,8 +3107,8 @@ append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs, * one is released first */ n = clone_kbnode(node); add_kbnode( keyblock, n ); - n->flag |= 1; - node->flag |= 1; + n->flag |= NODE_FLAG_A; + node->flag |= NODE_FLAG_A; if (n->pkt->pkttype == PKT_SIGNATURE ) ++*n_sigs; commit 7e0c48eb6f18a80142ca2a0f76fe8d270a4e5b33 Author: Werner Koch Date: Wed Jul 6 08:46:14 2016 +0200 gpg: Get rid of an unused arg in a function in getkey.c. * g10/getkey.c (pk_from_block): Remove unused arg CTX. Change all callers. Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 9e044ce..f34127d 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -659,12 +659,9 @@ get_pubkeys (ctrl_t ctrl, static void -pk_from_block (GETKEY_CTX ctx, PKT_public_key * pk, KBNODE keyblock, - KBNODE found_key) +pk_from_block (PKT_public_key *pk, kbnode_t keyblock, kbnode_t found_key) { - KBNODE a = found_key ? found_key : keyblock; - - (void) ctx; + kbnode_t a = found_key ? found_key : keyblock; log_assert (a->pkt->pkttype == PKT_PUBLIC_KEY || a->pkt->pkttype == PKT_PUBLIC_SUBKEY); @@ -749,7 +746,7 @@ get_pubkey (PKT_public_key * pk, u32 * keyid) rc = lookup (&ctx, &kb, &found_key, 0); if (!rc) { - pk_from_block (&ctx, pk, kb, found_key); + pk_from_block (pk, kb, found_key); } getkey_end (&ctx); release_kbnode (kb); @@ -912,7 +909,7 @@ get_seckey (PKT_public_key *pk, u32 *keyid) err = lookup (&ctx, &keyblock, &found_key, 1); if (!err) { - pk_from_block (&ctx, pk, keyblock, found_key); + pk_from_block (pk, keyblock, found_key); } getkey_end (&ctx); release_kbnode (keyblock); @@ -1118,7 +1115,7 @@ key_byname (GETKEY_CTX *retctx, strlist_t namelist, rc = lookup (ctx, ret_kb, &found_key, want_secret); if (!rc && pk) { - pk_from_block (ctx, pk, *ret_kb, found_key); + pk_from_block (pk, *ret_kb, found_key); } release_kbnode (help_kb); @@ -1513,7 +1510,7 @@ get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock, memcpy (ctx.items[0].u.fpr, fprint, fprint_len); rc = lookup (&ctx, &kb, &found_key, 0); if (!rc && pk) - pk_from_block (&ctx, pk, kb, found_key); + pk_from_block (pk, kb, found_key); if (!rc && r_keyblock) { *r_keyblock = kb; @@ -1903,7 +1900,7 @@ getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock) rc = lookup (ctx, ret_keyblock, &found_key, ctx->want_secret); if (!rc && pk && ret_keyblock) - pk_from_block (ctx, pk, *ret_keyblock, found_key); + pk_from_block (pk, *ret_keyblock, found_key); return rc; } commit 9385dfeb9dd6d83608a10c7896c341f585a25a2b Author: Werner Koch Date: Wed Jul 6 08:53:49 2016 +0200 gpg: Change calling convention for a function in getkey.c * g10/getkey.c (merge_selfsigs): Remove arg CTX. Add args REQ_USAGE and WANT_EXACT. (finish_lookup): Adjust caller. Set LOOKUP_NOT_SELECTED here... (lookup): and not here. Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index ad0148e..9e044ce 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3053,31 +3053,33 @@ merge_selfsigs (KBNODE keyblock) /* See whether the key satisfies any additional requirements specified - * in CTX. If so, return 1 and set CTX->FOUND_KEY to an appropriate - * key or subkey. Otherwise, return 0 if there was no appropriate - * key. + * in CTX. If so, return the node of an appropriate key or subkey. + * Otherwise, return NULL if there was no appropriate key. * * In case the primary key is not required, select a suitable subkey. - * We need the primary key if PUBKEY_USAGE_CERT is set in - * CTX->REQ_USAGE or we are in PGP6 or PGP7 mode and PUBKEY_USAGE_SIG - * is set in CTX->REQ_USAGE. + * We need the primary key if PUBKEY_USAGE_CERT is set in REQ_USAGE or + * we are in PGP6 or PGP7 mode and PUBKEY_USAGE_SIG is set in + * REQ_USAGE. * * If any of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT - * are set in CTX->REQ_USAGE, we filter by the key's function. - * Concretely, if PUBKEY_USAGE_SIG and PUBKEY_USAGE_CERT are set, then - * we only return a key if it is (at least) either a signing or a + * are set in REQ_USAGE, we filter by the key's function. Concretely, + * if PUBKEY_USAGE_SIG and PUBKEY_USAGE_CERT are set, then we only + * return a key if it is (at least) either a signing or a * certification key. * - * If CTX->REQ_USAGE is set, then we reject any keys that are not good + * If REQ_USAGE is set, then we reject any keys that are not good * (i.e., valid, not revoked, not expired, etc.). This allows the * getkey functions to be used for plain key listings. * * Sets the matched key's user id field (pk->user_id) to the user id - * that matched the low-level search criteria or NULL. If R_FLAGS is - * not NULL set certain flags for more detailed error reporting. Used - * flags are: + * that matched the low-level search criteria or NULL. + * + * If R_FLAGS is not NULL set certain flags for more detailed error + * reporting. Used flags are: + * * - LOOKUP_ALL_SUBKEYS_EXPIRED :: All Subkeys are expired or have * been revoked. + * - LOOKUP_NOT_SELECTED :: No suitable key found * * This function needs to handle several different cases: * @@ -3094,40 +3096,41 @@ merge_selfsigs (KBNODE keyblock) * */ static kbnode_t -finish_lookup (getkey_ctx_t ctx, kbnode_t keyblock, unsigned int *r_flags) +finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, + unsigned int *r_flags) { kbnode_t k; - /* If CTX->EXACT is set, the key or subkey that actually matched the + /* If WANT_EXACT is set, the key or subkey that actually matched the low-level search criteria. */ kbnode_t foundk = NULL; /* The user id (if any) that matched the low-level search criteria. */ PKT_user_id *foundu = NULL; -#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT) - unsigned int req_usage = (ctx->req_usage & USAGE_MASK); - - /* Request the primary if we're certifying another key, and also - if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7 - do not understand signatures made by a signing subkey. PGP 8 - does. */ - int req_prim = ((ctx->req_usage & PUBKEY_USAGE_CERT) - || ((PGP6 || PGP7) && (ctx->req_usage & PUBKEY_USAGE_SIG))); - - u32 curtime = make_timestamp (); - u32 latest_date; kbnode_t latest_key; PKT_public_key *pk; - - log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY); + int req_prim; + u32 curtime = make_timestamp (); if (r_flags) *r_flags = 0; +#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT) + req_usage &= USAGE_MASK; + + /* Request the primary if we're certifying another key, and also if + * signing data while --pgp6 or --pgp7 is on since pgp 6 and 7 do + * not understand signatures made by a signing subkey. PGP 8 does. */ + req_prim = ((req_usage & PUBKEY_USAGE_CERT) + || ((PGP6 || PGP7) && (req_usage & PUBKEY_USAGE_SIG))); + + + log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY); + /* For an exact match mark the primary or subkey that matched the low-level search criteria. */ - if (ctx->exact) + if (want_exact) { for (k = keyblock; k; k = k->next) { @@ -3262,7 +3265,7 @@ finish_lookup (getkey_ctx_t ctx, kbnode_t keyblock, unsigned int *r_flags) * primary key, or, * * - we're just considering the primary key. */ - if ((!latest_key && !ctx->exact) || foundk == keyblock || req_prim) + if ((!latest_key && !want_exact) || foundk == keyblock || req_prim) { if (DBG_LOOKUP && !foundk && !req_prim) log_debug ("\tno suitable subkeys found - trying primary\n"); @@ -3300,10 +3303,12 @@ finish_lookup (getkey_ctx_t ctx, kbnode_t keyblock, unsigned int *r_flags) { if (DBG_LOOKUP) log_debug ("\tno suitable key found - giving up\n"); + if (r_flags) + *r_flags |= LOOKUP_NOT_SELECTED; return NULL; /* Not found. */ } -found: + found: if (DBG_LOOKUP) log_debug ("\tusing key %08lX\n", (ulong) keyid_from_pk (latest_key->pkt->pkt.public_key, NULL)); @@ -3408,12 +3413,10 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key, goto skip; /* No secret key available. */ /* Warning: node flag bits 0 and 1 should be preserved by - * merge_selfsigs. For secret keys, premerge transferred the - * keys to the keyblock. */ + * merge_selfsigs. */ merge_selfsigs (keyblock); - found_key = finish_lookup (ctx, keyblock, &infoflags); - if (!found_key) - infoflags |= LOOKUP_NOT_SELECTED; + found_key = finish_lookup (keyblock, ctx->req_usage, ctx->exact, + &infoflags); print_status_key_considered (keyblock, infoflags); if (found_key) { ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 94 ++++++++++++------------- g10/import.c | 221 ++++++++++++++++++++++++++++------------------------------- 2 files changed, 151 insertions(+), 164 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 6 15:10:14 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 06 Jul 2016 15:10:14 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-205-gfc02672 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via fc0267233239b42e9fb74a8acd7511503e287a9e (commit) via e41ae4db9e70d9aebf80ebbd4ce03977435c2ccf (commit) via 9f93346d21271b916f15d80420669f5d659a40de (commit) via c28007d0407bcc3621b8266d6d77eb0d069aec35 (commit) from 4934893e27a50f5715dcd4d2907ecbe629921b32 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fc0267233239b42e9fb74a8acd7511503e287a9e Author: Andre Heinecke Date: Wed Jul 6 15:09:16 2016 +0200 Qt: Add test for publicKeyAlgorithmAsString * lang/qt/tests/t-keylist.cpp (testPubkeyAlgoAsString): New. diff --git a/lang/qt/tests/t-keylist.cpp b/lang/qt/tests/t-keylist.cpp index 591a552..38d315f 100644 --- a/lang/qt/tests/t-keylist.cpp +++ b/lang/qt/tests/t-keylist.cpp @@ -32,6 +32,7 @@ #include #include #include +#include #include "keylistjob.h" #include "qgpgmebackend.h" #include "keylistresult.h" @@ -64,6 +65,27 @@ private Q_SLOTS: Q_ASSERT (keys[0].subkeys()[1].publicKeyAlgorithm() == Subkey::AlgoELG_E); } + void testPubkeyAlgoAsString() + { + static const QMap expected { + { Subkey::AlgoRSA, QStringLiteral("RSA") }, + { Subkey::AlgoRSA_E, QStringLiteral("RSA-E") }, + { Subkey::AlgoRSA_S, QStringLiteral("RSA-S") }, + { Subkey::AlgoELG_E, QStringLiteral("ELG-E") }, + { Subkey::AlgoDSA, QStringLiteral("DSA") }, + { Subkey::AlgoECC, QStringLiteral("ECC") }, + { Subkey::AlgoELG, QStringLiteral("ELG") }, + { Subkey::AlgoECDSA, QStringLiteral("ECDSA") }, + { Subkey::AlgoECDH, QStringLiteral("ECDH") }, + { Subkey::AlgoEDDSA, QStringLiteral("EdDSA") }, + { Subkey::AlgoUnknown, QString() } + }; + Q_FOREACH (Subkey::PubkeyAlgo algo, expected.keys()) { + Q_ASSERT(QString::fromUtf8(Subkey::publicKeyAlgorithmAsString(algo)) == + expected.value(algo)); + } + } + void testKeyListAsync() { KeyListJob *job = openpgp()->keyListJob(); commit e41ae4db9e70d9aebf80ebbd4ce03977435c2ccf Author: Andre Heinecke Date: Wed Jul 6 15:07:34 2016 +0200 Cpp: Expose gpgme_pubkey_algo_name * lang/cpp/src/key.cpp (Subkey::publicKeyAlgorithmAsString): New static variant. * lang/cpp/src/key.h: Declare function. Clarify comment about name mismatch. diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 9e57013..d99c5ec 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -383,6 +383,15 @@ const char *Subkey::publicKeyAlgorithmAsString() const return gpgme_pubkey_algo_name(subkey ? subkey->pubkey_algo : (gpgme_pubkey_algo_t)0); } +/* static */ +const char *Subkey::publicKeyAlgorithmAsString(PubkeyAlgo algo) +{ + if (algo == AlgoUnknown) { + return NULL; + } + return gpgme_pubkey_algo_name(static_cast(algo)); +} + std::string Subkey::algoName() const { char *gpgmeStr; diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h index 845b5db..bb0487b 100644 --- a/lang/cpp/src/key.h +++ b/lang/cpp/src/key.h @@ -233,11 +233,16 @@ public: */ const char *publicKeyAlgorithmAsString() const; + /** @brief Same as publicKeyAlgorithmAsString but static. */ + static const char *publicKeyAlgorithmAsString(PubkeyAlgo algo); + /** @brief Get the key algo string like GnuPG 2.1 prints it. This returns combinations of size and algorithm. Like - bp512 or rsa2048 + bp512 or rsa2048. Misnamed because publicKeyAlgorithmAsString + already used the older pubkey_algo_name. + Actually uses gpgme_pubkey_algo_string. @returns the key algorithm as string. Empty string on error. */ commit 9f93346d21271b916f15d80420669f5d659a40de Author: Andre Heinecke Date: Wed Jul 6 13:39:43 2016 +0200 Qt: Add check for pubkeyAlgo in t-keylist * lang/qt/tests/t-keylist.cpp (testSingleKeyListSync): Check pubkeyAlgo. diff --git a/lang/qt/tests/t-keylist.cpp b/lang/qt/tests/t-keylist.cpp index 5d63fca..591a552 100644 --- a/lang/qt/tests/t-keylist.cpp +++ b/lang/qt/tests/t-keylist.cpp @@ -58,6 +58,10 @@ private Q_SLOTS: Q_ASSERT (keys.size() == 1); const QString kId = QLatin1String(keys.front().keyID()); Q_ASSERT (kId == QStringLiteral("2D727CC768697734")); + + Q_ASSERT (keys[0].subkeys().size() == 2); + Q_ASSERT (keys[0].subkeys()[0].publicKeyAlgorithm() == Subkey::AlgoDSA); + Q_ASSERT (keys[0].subkeys()[1].publicKeyAlgorithm() == Subkey::AlgoELG_E); } void testKeyListAsync() commit c28007d0407bcc3621b8266d6d77eb0d069aec35 Author: Andre Heinecke Date: Wed Jul 6 13:38:20 2016 +0200 Cpp: Add PubkeyAlgo enum * lang/cpp/src/key.h (Subkey::PubkeyAlgo): New enum. (Subkey::publicKeyAlgorithm): Change return type. * lang/cpp/src/key.cpp (Subkey::publicKeyAlgorithm): Use enum. diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 55eb058..9e57013 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -373,9 +373,9 @@ const char *Subkey::fingerprint() const return subkey ? subkey->fpr : 0 ; } -unsigned int Subkey::publicKeyAlgorithm() const +Subkey::PubkeyAlgo Subkey::publicKeyAlgorithm() const { - return subkey ? subkey->pubkey_algo : 0 ; + return subkey ? static_cast(subkey->pubkey_algo) : AlgoUnknown; } const char *Subkey::publicKeyAlgorithmAsString() const diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h index 7322f65..845b5db 100644 --- a/lang/cpp/src/key.h +++ b/lang/cpp/src/key.h @@ -205,7 +205,23 @@ public: bool isSecret() const; - unsigned int publicKeyAlgorithm() const; + /** Same as gpgme_pubkey_algo_t */ + enum PubkeyAlgo { + AlgoUnknown = 0, + AlgoRSA = 1, + AlgoRSA_E = 2, + AlgoRSA_S = 3, + AlgoELG_E = 16, + AlgoDSA = 17, + AlgoECC = 18, + AlgoELG = 20, + AlgoECDSA = 301, + AlgoECDH = 302, + AlgoEDDSA = 303, + AlgoMax = 1 << 31 + }; + + PubkeyAlgo publicKeyAlgorithm() const; /** @brief Get the public key algorithm name. ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/key.cpp | 13 +++++++++++-- lang/cpp/src/key.h | 25 +++++++++++++++++++++++-- lang/qt/tests/t-keylist.cpp | 26 ++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 6 15:39:41 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Jul 2016 15:39:41 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-120-ga479804 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a479804c86bc24bfab101f39464db3ecfbaedf6d (commit) via 073be51a866cb5600479c504a44ae5ac94a449a2 (commit) from fdfde91595109e51a5b8fafd292244ad41dfb83d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a479804c86bc24bfab101f39464db3ecfbaedf6d Author: Werner Koch Date: Wed Jul 6 14:03:50 2016 +0200 gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 9a60890..11d3a65 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2037,6 +2037,22 @@ limited countermeasure against traffic analysis. If this option or @option{--recipient} is not specified, GnuPG asks for the user ID unless @option{--default-recipient} is given. + at item --recipient-file @var{file} + at itemx -f + at opindex recipient-file +This option is similar to @option{--recipient} except that it +encrypts to a key stored in the given file. @var{file} must be the +name of a file containing exactly one key. @command{gpg} assumes that +the key in this file is fully valid. + + at item --hidden-recipient-file @var{file} + at itemx -F + at opindex hidden-recipient-file +This option is similar to @option{--hidden-recipient} except that it +encrypts to a key stored in the given file. @var{file} must be the +name of a file containing exactly one key. @command{gpg} assumes that +the key in this file is fully valid. + @item --encrypt-to @code{name} @opindex encrypt-to Same as @option{--recipient} but this one is intended for use in the @@ -2055,11 +2071,6 @@ recipients given either by use of @option{--recipient} or by the asked user id. No trust checking is performed for these user ids and even disabled keys can be used. - at item --encrypt-to-default-key - at opindex encrypt-to-default-key -If the default secret key is taken from @option{--default-key}, then -also encrypt to that key. - @item --no-encrypt-to @opindex no-encrypt-to Disable the use of all @option{--encrypt-to} and diff --git a/g10/getkey.c b/g10/getkey.c index f34127d..90fd175 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1,7 +1,7 @@ /* getkey.c - Get a key from the database * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, * 2007, 2008, 2010 Free Software Foundation, Inc. - * Copyright (C) 2015 g10 Code GmbH + * Copyright (C) 2015, 2016 g10 Code GmbH * * This file is part of GnuPG. * @@ -143,6 +143,11 @@ static void merge_selfsigs (kbnode_t keyblock); static int lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key, int want_secret); +static kbnode_t finish_lookup (kbnode_t keyblock, + unsigned int req_usage, int want_exact, + unsigned int *r_flags); +static void print_status_key_considered (kbnode_t keyblock, unsigned int flags); + #if 0 static void @@ -1454,6 +1459,53 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk, } +/* Get a public key from a file. + * + * PK is the buffer to store the key. The caller needs to make sure + * that PK->REQ_USAGE is valid. PK->REQ_USAGE is passed through to + * the lookup function and is a mask of PUBKEY_USAGE_SIG, + * PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT. If this is non-zero, only + * keys with the specified usage will be returned. + * + * FNAME is the file name. That file should contain exactly one + * keyblock. + * + * This function returns 0 on success. Otherwise, an error code is + * returned. In particular, GPG_ERR_NO_PUBKEY is returned if the key + * is not found. + * + * The self-signed data has already been merged into the public key + * using merge_selfsigs. The caller must release the content of PK by + * calling release_public_key_parts (or, if PK was malloced, using + * free_public_key). + */ +gpg_error_t +get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname) +{ + gpg_error_t err; + kbnode_t keyblock; + kbnode_t found_key; + unsigned int infoflags; + + err = read_key_from_file (ctrl, fname, &keyblock); + if (!err) + { + /* Warning: node flag bits 0 and 1 should be preserved by + * merge_selfsigs. FIXME: Check whether this still holds. */ + merge_selfsigs (keyblock); + found_key = finish_lookup (keyblock, pk->req_usage, 0, &infoflags); + print_status_key_considered (keyblock, infoflags); + if (found_key) + pk_from_block (pk, keyblock, found_key); + else + err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY); + } + + release_kbnode (keyblock); + return err; +} + + /* Lookup a key with the specified fingerprint. * * If PK is not NULL, the public key of the first result is returned diff --git a/g10/gpg.c b/g10/gpg.c index cf0e645..34009bb 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -81,6 +81,8 @@ enum cmd_and_opt_values aSym = 'c', aDecrypt = 'd', aEncr = 'e', + oRecipientFile = 'f', + oHiddenRecipientFile = 'F', oInteractive = 'i', aListKeys = 'k', oDryRun = 'n', @@ -506,6 +508,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")), ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"), + ARGPARSE_s_s (oRecipientFile, "recipient-file", "@"), + ARGPARSE_s_s (oHiddenRecipientFile, "hidden-recipient-file", "@"), ARGPARSE_s_s (oRecipient, "remote-user", "@"), /* (old option name) */ ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"), ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", "@"), @@ -2838,37 +2842,45 @@ main (int argc, char **argv) else opt.s2k_count = 0; /* Auto-calibrate when needed. */ break; - case oNoEncryptTo: opt.no_encrypt_to = 1; break; - case oEncryptTo: /* store the recipient in the second list */ + + case oRecipient: + case oHiddenRecipient: + case oRecipientFile: + case oHiddenRecipientFile: + /* Store the recipient. Note that we also store the + * option as private data in the flags. This is achieved + * by shifting the option value to the left so to keep + * enough space for the flags. */ sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); - sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_ENCRYPT_TO); + sl->flags = (pargs.r_opt << PK_LIST_SHIFT); if (configfp) sl->flags |= PK_LIST_CONFIG; + if (pargs.r_opt == oHiddenRecipient + || pargs.r_opt == oHiddenRecipientFile) + sl->flags |= PK_LIST_HIDDEN; + if (pargs.r_opt == oRecipientFile + || pargs.r_opt == oHiddenRecipientFile) + sl->flags |= PK_LIST_FROM_FILE; + any_explicit_recipient = 1; break; - case oHiddenEncryptTo: /* store the recipient in the second list */ + + case oEncryptTo: + case oHiddenEncryptTo: + /* Store an additional recipient. */ sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); - sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) - | PK_LIST_ENCRYPT_TO|PK_LIST_HIDDEN); + sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_ENCRYPT_TO); if (configfp) sl->flags |= PK_LIST_CONFIG; + if (pargs.r_opt == oHiddenEncryptTo) + sl->flags |= PK_LIST_HIDDEN; break; + + case oNoEncryptTo: + opt.no_encrypt_to = 1; + break; case oEncryptToDefaultKey: opt.encrypt_to_default_key = configfp ? 2 : 1; break; - case oRecipient: /* store the recipient */ - sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); - sl->flags = (pargs.r_opt << PK_LIST_SHIFT); - if (configfp) - sl->flags |= PK_LIST_CONFIG; - any_explicit_recipient = 1; - break; - case oHiddenRecipient: /* store the recipient with a flag */ - sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); - sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_HIDDEN); - if (configfp) - sl->flags |= PK_LIST_CONFIG; - any_explicit_recipient = 1; - break; case oTrySecretKey: add_to_strlist2 (&opt.secret_keys_to_try, diff --git a/g10/gpgv.c b/g10/gpgv.c index 9ccc0da..d238ee0 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -416,6 +416,17 @@ keyserver_import_ldap (const char *name) return -1; } + +gpg_error_t +read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock) +{ + (void)ctrl; + (void)fname; + (void)r_keyblock; + return -1; +} + + /* Stub: * No encryption here but mainproc links to these functions. */ diff --git a/g10/import.c b/g10/import.c index 8cfd6ea..e035328 100644 --- a/g10/import.c +++ b/g10/import.c @@ -220,6 +220,113 @@ import_release_stats_handle (import_stats_t p) } +/* Read a key from a file. Only the first key in the file is + * considered and stored at R_KEYBLOCK. FNAME is the name of the + * file. + */ +gpg_error_t +read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock) +{ + gpg_error_t err; + iobuf_t inp; + PACKET *pending_pkt = NULL; + kbnode_t keyblock = NULL; + u32 keyid[2]; + int v3keys; /* Dummy */ + int non_self; /* Dummy */ + + (void)ctrl; + + *r_keyblock = NULL; + + inp = iobuf_open (fname); + if (!inp) + err = gpg_error_from_syserror (); + else if (is_secured_file (iobuf_get_fd (inp))) + { + iobuf_close (inp); + inp = NULL; + err = gpg_error (GPG_ERR_EPERM); + } + else + err = 0; + if (err) + { + log_error (_("can't open '%s': %s\n"), + iobuf_is_pipe_filename (fname)? "[stdin]": fname, + gpg_strerror (err)); + if (gpg_err_code (err) == GPG_ERR_ENOENT) + err = gpg_error (GPG_ERR_NO_PUBKEY); + goto leave; + } + + /* Push the armor filter. */ + { + armor_filter_context_t *afx; + afx = new_armor_context (); + afx->only_keyblocks = 1; + push_armor_filter (afx, inp); + release_armor_context (afx); + } + + /* Read the first non-v3 keyblock. */ + while (!(err = read_block (inp, &pending_pkt, &keyblock, &v3keys))) + { + if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) + break; + log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype); + release_kbnode (keyblock); + keyblock = NULL; + } + if (err) + { + if (gpg_err_code (err) != GPG_ERR_INV_KEYRING) + log_error (_("error reading '%s': %s\n"), + iobuf_is_pipe_filename (fname)? "[stdin]": fname, + gpg_strerror (err)); + goto leave; + } + + keyid_from_pk (keyblock->pkt->pkt.public_key, keyid); + + if (!find_next_kbnode (keyblock, PKT_USER_ID)) + { + err = gpg_error (GPG_ERR_NO_USER_ID); + goto leave; + } + + collapse_uids (&keyblock); + + clear_kbnode_flags (keyblock); + if (chk_self_sigs (keyblock, keyid, &non_self)) + { + err = gpg_error (GPG_ERR_INV_KEYRING); + goto leave; + } + + if (!delete_inv_parts (keyblock, keyid, 0) ) + { + err = gpg_error (GPG_ERR_NO_USER_ID); + goto leave; + } + + *r_keyblock = keyblock; + keyblock = NULL; + + leave: + if (inp) + { + iobuf_close (inp); + /* Must invalidate that ugly cache to actually close the file. */ + iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname); + } + release_kbnode (keyblock); + /* FIXME: Do we need to free PENDING_PKT ? */ + return err; +} + + + /* * Import the public keys from the given filename. Input may be armored. * This function rejects all keys which are not validly self signed on at diff --git a/g10/keydb.h b/g10/keydb.h index a30cf7a..4e8f3f2 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -70,15 +70,16 @@ enum resource_type { /* Bit flags used with build_pk_list. */ enum { - PK_LIST_ENCRYPT_TO=1, /* This is an encrypt-to recipient. */ - PK_LIST_HIDDEN=2, /* This is a hidden recipient. */ - PK_LIST_CONFIG=4 /* Specified via config file. */ + PK_LIST_ENCRYPT_TO = 1, /* This is an encrypt-to recipient. */ + PK_LIST_HIDDEN = 2, /* This is a hidden recipient. */ + PK_LIST_CONFIG = 4, /* Specified via config file. */ + PK_LIST_FROM_FILE = 8 /* Take key from file with that name. */ }; -/* To store private data in the flags they must be left shifted by - this value. */ +/* To store private data in the flags the private data must be left + shifted by this value. */ enum { - PK_LIST_SHIFT=3 + PK_LIST_SHIFT = 4 }; /**************** @@ -104,7 +105,7 @@ struct pk_list { PK_LIST next; PKT_public_key *pk; - int flags; /* flag bit 1==throw_keyid */ + int flags; /* See PK_LIST_ constants. */ }; /* Structure to hold a list of secret key certificates. */ @@ -228,7 +229,8 @@ void release_pk_list (PK_LIST pk_list); int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list); gpg_error_t find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, - int mark_hidden, pk_list_t *pk_list_addr); + int mark_hidden, int from_file, + pk_list_t *pk_list_addr); int algo_available( preftype_t preftype, int algo, const union pref_hint *hint ); @@ -322,6 +324,10 @@ int get_pubkey_byname (ctrl_t ctrl, KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd, int include_unusable, int no_akl ); +/* Get a public key directly from file FNAME. */ +gpg_error_t get_pubkey_fromfile (ctrl_t ctrl, + PKT_public_key *pk, const char *fname); + /* Return the public key with the key id KEYID iff the secret key is * available and store it at PK. */ gpg_error_t get_seckey (PKT_public_key *pk, u32 *keyid); diff --git a/g10/main.h b/g10/main.h index 3ee2762..ec20b28 100644 --- a/g10/main.h +++ b/g10/main.h @@ -350,6 +350,8 @@ typedef gpg_error_t (*import_screener_t)(kbnode_t keyblock, void *arg); int parse_import_options(char *str,unsigned int *options,int noisy); gpg_error_t parse_and_set_import_filter (const char *string); +gpg_error_t read_key_from_file (ctrl_t ctrl, const char *fname, + kbnode_t *r_keyblock); void import_keys (ctrl_t ctrl, char **fnames, int nnames, import_stats_t stats_hd, unsigned int options); int import_keys_stream (ctrl_t ctrl, iobuf_t inp, import_stats_t stats_hd, diff --git a/g10/pkclist.c b/g10/pkclist.c index 8efa954..6315a6d 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -775,14 +775,16 @@ expand_id(const char *id,strlist_t *into,unsigned int flags) } /* For simplicity, and to avoid potential loops, we only expand once - - you can't make an alias that points to an alias. */ + * you can't make an alias that points to an alias. */ static strlist_t -expand_group(strlist_t input) +expand_group (strlist_t input) { - strlist_t sl,output=NULL,rover; + strlist_t output = NULL; + strlist_t sl, rover; - for(rover=input;rover;rover=rover->next) - if(expand_id(rover->d,&output,rover->flags)==0) + for (rover = input; rover; rover = rover->next) + if (!(rover->flags & PK_LIST_FROM_FILE) + && !expand_id(rover->d,&output,rover->flags)) { /* Didn't find any groups, so use the existing string */ sl=add_to_strlist(&output,rover->d); @@ -794,17 +796,18 @@ expand_group(strlist_t input) /* Helper for build_pk_list to find and check one key. This helper is - also used directly in server mode by the RECIPIENTS command. On - success the new key is added to PK_LIST_ADDR. NAME is the user id - of the key. USE the requested usage and a set MARK_HIDDEN will mark - the key in the updated list as a hidden recipient. */ + * also used directly in server mode by the RECIPIENTS command. On + * success the new key is added to PK_LIST_ADDR. NAME is the user id + * of the key. USE the requested usage and a set MARK_HIDDEN will + * mark the key in the updated list as a hidden recipient. If + * FROM_FILE is true, NAME is is not a user ID but the name of a file + * holding a key. */ gpg_error_t find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, - int mark_hidden, pk_list_t *pk_list_addr) + int mark_hidden, int from_file, pk_list_t *pk_list_addr) { int rc; PKT_public_key *pk; - int trustlevel; if (!name || !*name) return gpg_error (GPG_ERR_INV_USER_ID); @@ -814,7 +817,10 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, return gpg_error_from_syserror (); pk->req_usage = use; - rc = get_pubkey_byname (ctrl, NULL, pk, name, NULL, NULL, 0, 0); + if (from_file) + rc = get_pubkey_fromfile (ctrl, pk, name); + else + rc = get_pubkey_byname (ctrl, NULL, pk, name, NULL, NULL, 0, 0); if (rc) { int code; @@ -844,24 +850,28 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, } /* Key found and usable. Check validity. */ - trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1); - if ( (trustlevel & TRUST_FLAG_DISABLED) ) + if (!from_file) { - /* Key has been disabled. */ - send_status_inv_recp (13, name); - log_info (_("%s: skipped: public key is disabled\n"), name); - free_public_key (pk); - return GPG_ERR_UNUSABLE_PUBKEY; - } + int trustlevel; - if ( !do_we_trust_pre (pk, trustlevel) ) - { - /* We don't trust this key. */ - send_status_inv_recp (10, name); - free_public_key (pk); - return GPG_ERR_UNUSABLE_PUBKEY; + trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1); + if ( (trustlevel & TRUST_FLAG_DISABLED) ) + { + /* Key has been disabled. */ + send_status_inv_recp (13, name); + log_info (_("%s: skipped: public key is disabled\n"), name); + free_public_key (pk); + return GPG_ERR_UNUSABLE_PUBKEY; + } + + if ( !do_we_trust_pre (pk, trustlevel) ) + { + /* We don't trust this key. */ + send_status_inv_recp (10, name); + free_public_key (pk); + return GPG_ERR_UNUSABLE_PUBKEY; + } } - /* Note: do_we_trust may have changed the trustlevel. */ /* Skip the actual key if the key is already present in the list. */ @@ -894,22 +904,24 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, /* This is the central function to collect the keys for recipients. - It is thus used to prepare a public key encryption. encrypt-to - keys, default keys and the keys for the actual recipients are all - collected here. When not in batch mode and no recipient has been - passed on the commandline, the function will also ask for - recipients. - - RCPTS is a string list with the recipients; NULL is an allowed - value but not very useful. Group expansion is done on these names; - they may be in any of the user Id formats we can handle. The flags - bits for each string in the string list are used for: - Bit 0 (PK_LIST_ENCRYPT_TO): This is an encrypt-to recipient. - Bit 1 (PK_LIST_HIDDEN) : This is a hidden recipient. - - On success a list of keys is stored at the address RET_PK_LIST; the - caller must free this list. On error the value at this address is - not changed. + * It is thus used to prepare a public key encryption. encrypt-to + * keys, default keys and the keys for the actual recipients are all + * collected here. When not in batch mode and no recipient has been + * passed on the commandline, the function will also ask for + * recipients. + * + * RCPTS is a string list with the recipients; NULL is an allowed + * value but not very useful. Group expansion is done on these names; + * they may be in any of the user Id formats we can handle. The flags + * bits for each string in the string list are used for: + * + * - PK_LIST_ENCRYPT_TO :: This is an encrypt-to recipient. + * - PK_LIST_HIDDEN :: This is a hidden recipient. + * - PK_LIST_FROM_FILE :: The argument is a file with a key. + * + * On success a list of keys is stored at the address RET_PK_LIST; the + * caller must free this list. On error the value at this address is + * not changed. */ int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list) @@ -1269,6 +1281,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list) rc = find_and_check_key (ctrl, remusr->d, PUBKEY_USAGE_ENC, !!(remusr->flags&PK_LIST_HIDDEN), + !!(remusr->flags&PK_LIST_FROM_FILE), &pk_list); if (rc) goto fail; diff --git a/g10/server.c b/g10/server.c index 771a8a7..258f08a 100644 --- a/g10/server.c +++ b/g10/server.c @@ -177,6 +177,7 @@ output_notify (assuan_context_t ctx, char *line) /* RECIPIENT [--hidden] + RECIPIENT [--hidden] --file Set the recipient for the encryption. should be the internal representation of the key; the server may accept any other @@ -192,9 +193,10 @@ cmd_recipient (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; - int hidden; + int hidden, file; hidden = has_option (line,"--hidden"); + file = has_option (line,"--file"); line = skip_options (line); /* FIXME: Expand groups @@ -204,7 +206,7 @@ cmd_recipient (assuan_context_t ctx, char *line) remusr = rcpts; */ - err = find_and_check_key (ctrl, line, PUBKEY_USAGE_ENC, hidden, + err = find_and_check_key (ctrl, line, PUBKEY_USAGE_ENC, hidden, file, &ctrl->server_local->recplist); if (err) diff --git a/g10/test-stubs.c b/g10/test-stubs.c index f4d9526..6f50759 100644 --- a/g10/test-stubs.c +++ b/g10/test-stubs.c @@ -228,6 +228,15 @@ keyserver_import_ldap (const char *name) return -1; } +gpg_error_t +read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock) +{ + (void)ctrl; + (void)fname; + (void)r_keyblock; + return -1; +} + /* Stub: * No encryption here but mainproc links to these functions. */ diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 4257b28..8ceffc8 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -35,6 +35,9 @@ ;; first and then search for the encryption subkey.) (define dsa-usrname2 "0xCB879DE9") +(define key-file1 "samplekeys/rsa-rsa-sample-1.asc") +(define key-file2 "samplekeys/ed25519-cv25519-sample-1.asc") + (define plain-files '("plain-1" "plain-2" "plain-3")) (define data-files '("data-500" "data-9000" "data-32000" "data-80000")) (define exp-files '()) diff --git a/tests/openpgp/encrypt.scm b/tests/openpgp/encrypt.scm index 5a3e178..7452fc5 100755 --- a/tests/openpgp/encrypt.scm +++ b/tests/openpgp/encrypt.scm @@ -43,3 +43,18 @@ (tr:assert-identity source))) (append plain-files data-files))) all-cipher-algos) + + +;; We encrypt to two keys and we have also put the first key into our +;; pubring, so that decryption will work. +(for-each-p + "Checking encryption using a key from file" + (lambda (source) + (tr:do + (tr:open source) + (tr:gpg "" `(--yes -v --no-keyring --encrypt + --recipient-file ,(in-srcdir key-file1) + --hidden-recipient-file ,(in-srcdir key-file2))) + (tr:gpg "" '(--yes)) + (tr:assert-identity source))) + plain-files) diff --git a/tests/openpgp/setup.scm b/tests/openpgp/setup.scm index ce2e42c..9ad19c2 100755 --- a/tests/openpgp/setup.scm +++ b/tests/openpgp/setup.scm @@ -91,12 +91,17 @@ "1DF48228FEFF3EC2481B106E0ACA8C465C662CC5" "A2832820DC9F40751BDCD375BB0945BA33EC6B4C" "ADE710D74409777B7729A7653373D820F67892E0" - "CEFC51AF91F68A2904FBFF62C4F075A4785B803F")) + "CEFC51AF91F68A2904FBFF62C4F075A4785B803F" + "1E28F20E41B54C2D1234D896096495FF57E08D18" + "EB33B687EB8581AB64D04852A54453E85F3DF62D" + "C6A6390E9388CDBAD71EAEA698233FE5E04F001E" + "D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3")) (info "Importing public demo and test keys") (call-check `(, at GPG --yes --import ,(in-srcdir "pubdemo.asc") - ,(in-srcdir "pubring.asc"))) + ,(in-srcdir "pubring.asc") + ,(in-srcdir key-file1))) ;; (letfd ((source (open (in-srcdir "pubring.pkr.asc") O_RDONLY))) ;; ((gpg-pipe '(--dearmor) '(--yes --import) STDERR_FILENO) ;; source CLOSED_FD)) commit 073be51a866cb5600479c504a44ae5ac94a449a2 Author: Werner Koch Date: Wed Jul 6 15:33:40 2016 +0200 gpg: New option --no-keyring. * g10/gpg.c (oNoKeyring): New. (opts): Add "--no-keyring". (main): Do not register any keyring if the option is used. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 7dff333..9a60890 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1371,6 +1371,10 @@ Note that this adds a keyring to the current list. If the intent is to use the specified keyring alone, use @option{--keyring} along with @option{--no-default-keyring}. +If the the option @option{--no-keyring} has been used no keyrings will +be used at all. + + @item --secret-keyring @code{file} @opindex secret-keyring This is an obsolete option and ignored. All secret keys are stored in @@ -3008,6 +3012,10 @@ and do not provide alternate keyrings via @option{--keyring} or @option{--secret-keyring}, then GnuPG will still use the default public or secret keyrings. + at item --no-keyring + at opindex no-keyring +Do not add use any keyrings even if specified as options. + @item --skip-verify @opindex skip-verify Skip the signature verification step. This may be diff --git a/g10/gpg.c b/g10/gpg.c index 154d39a..cf0e645 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -248,6 +248,7 @@ enum cmd_and_opt_values oNoMDCWarn, oNoArmor, oNoDefKeyring, + oNoKeyring, oNoGreeting, oNoTTY, oNoOptions, @@ -681,6 +682,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoArmor, "no-armor", "@"), ARGPARSE_s_n (oNoArmor, "no-armour", "@"), ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"), + ARGPARSE_s_n (oNoKeyring, "no-keyring", "@"), ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"), ARGPARSE_s_n (oNoOptions, "no-options", "@"), ARGPARSE_s_s (oHomedir, "homedir", "@"), @@ -2609,7 +2611,15 @@ main (int argc, char **argv) } break; case oNoArmor: opt.no_armor=1; opt.armor=0; break; - case oNoDefKeyring: default_keyring = 0; break; + + case oNoDefKeyring: + if (default_keyring > 0) + default_keyring = 0; + break; + case oNoKeyring: + default_keyring = -1; + break; + case oNoGreeting: nogreeting = 1; break; case oNoVerbose: opt.verbose = 0; @@ -3703,14 +3713,15 @@ main (int argc, char **argv) if( opt.verbose > 1 ) set_packet_list_mode(1); - /* Add the keyrings, but not for some special commands. - We always need to add the keyrings if we are running under - SELinux, this is so that the rings are added to the list of - secured files. */ - if( ALWAYS_ADD_KEYRINGS - || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) ) + /* Add the keyrings, but not for some special commands. We always + * need to add the keyrings if we are running under SELinux, this + * is so that the rings are added to the list of secured files. + * We do not add any keyring if --no-keyring has been used. */ + if (default_keyring >= 0 + && (ALWAYS_ADD_KEYRINGS + || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest))) { - if (!nrings || default_keyring) /* Add default ring. */ + if (!nrings || default_keyring > 0) /* Add default ring. */ keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG, KEYDB_RESOURCE_FLAG_DEFAULT); for (sl = nrings; sl; sl = sl->next ) ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 29 ++++++++++--- g10/getkey.c | 54 ++++++++++++++++++++++- g10/gpg.c | 79 ++++++++++++++++++++++------------ g10/gpgv.c | 11 +++++ g10/import.c | 107 ++++++++++++++++++++++++++++++++++++++++++++++ g10/keydb.h | 22 ++++++---- g10/main.h | 2 + g10/pkclist.c | 99 +++++++++++++++++++++++------------------- g10/server.c | 6 ++- g10/test-stubs.c | 9 ++++ tests/openpgp/defs.scm | 3 ++ tests/openpgp/encrypt.scm | 15 +++++++ tests/openpgp/setup.scm | 9 +++- 13 files changed, 356 insertions(+), 89 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 6 15:53:08 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Jul 2016 15:53:08 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-121-ge5896da Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e5896da666551da5322b2ae5458d429b9e60241e (commit) from a479804c86bc24bfab101f39464db3ecfbaedf6d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e5896da666551da5322b2ae5458d429b9e60241e Author: Werner Koch Date: Wed Jul 6 15:50:57 2016 +0200 wks: Let the server take the encrytion key from the file. * tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to 'keyfile'. (store_key_as_pending): Add arg 'r_fname' to make of the keyfile. (send_confirmation_request): Add arg 'keyfile'. (process_new_key): Pass on the name of the keyfile. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 305b454..e46eafa 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -500,9 +500,9 @@ encrypt_stream_status_cb (void *opaque, const char *keyword, char *args) /* Encrypt the INPUT stream to a new stream which is stored at success - * at R_OUTPUT. Encryption is done for the key with FINGERPRINT. */ + * at R_OUTPUT. Encryption is done for the key in file KEYFIL. */ static gpg_error_t -encrypt_stream (estream_t *r_output, estream_t input, const char *fingerprint) +encrypt_stream (estream_t *r_output, estream_t input, const char *keyfile) { gpg_error_t err; ccparray_t ccp; @@ -529,9 +529,10 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *fingerprint) ccparray_put (&ccp, "--batch"); ccparray_put (&ccp, "--status-fd=2"); ccparray_put (&ccp, "--always-trust"); + ccparray_put (&ccp, "--no-keyring"); ccparray_put (&ccp, "--armor"); - ccparray_put (&ccp, "--recipient"); - ccparray_put (&ccp, fingerprint); + ccparray_put (&ccp, "--recipient-file"); + ccparray_put (&ccp, keyfile); ccparray_put (&ccp, "--encrypt"); ccparray_put (&ccp, "--"); @@ -631,9 +632,11 @@ get_submission_address (const char *mbox) /* We store the key under the name of the nonce we will then send to - * the user. On success the nonce is stored at R_NONCE. */ + * the user. On success the nonce is stored at R_NONCE and the file + * name at R_FNAME. */ static gpg_error_t -store_key_as_pending (const char *dir, estream_t key, char **r_nonce) +store_key_as_pending (const char *dir, estream_t key, + char **r_nonce, char **r_fname) { gpg_error_t err; char *dname = NULL; @@ -644,6 +647,7 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce) size_t nbytes, nwritten; *r_nonce = NULL; + *r_fname = NULL; dname = make_filename_try (dir, "pending", NULL); if (!dname) @@ -728,11 +732,15 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce) } if (!err) - *r_nonce = nonce; + { + *r_nonce = nonce; + *r_fname = fname; + } else - xfree (nonce); - - xfree (fname); + { + xfree (nonce); + xfree (fname); + } xfree (dname); return err; } @@ -740,10 +748,11 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce) /* Send a confirmation rewqyest. DIR is the directory used for the * address MBOX. NONCE is the nonce we want to see in the response to - * this mail. */ + * this mail. FNAME the name of the file with the key. */ static gpg_error_t send_confirmation_request (server_ctx_t ctx, - const char *mbox, const char *nonce) + const char *mbox, const char *nonce, + const char *keyfile) { gpg_error_t err; estream_t body = NULL; @@ -791,7 +800,7 @@ send_confirmation_request (server_ctx_t ctx, nonce); es_rewind (body); - err = encrypt_stream (&bodyenc, body, ctx->fpr); + err = encrypt_stream (&bodyenc, body, keyfile); if (err) goto leave; es_fclose (body); @@ -863,6 +872,7 @@ process_new_key (server_ctx_t ctx, estream_t key) const char *s; char *dname = NULL; char *nonce = NULL; + char *fname = NULL; /* First figure out the user id from the key. */ err = list_key (ctx, key); @@ -902,11 +912,12 @@ process_new_key (server_ctx_t ctx, estream_t key) log_info ("storing address '%s'\n", sl->d); xfree (nonce); - err = store_key_as_pending (dname, key, &nonce); + xfree (fname); + err = store_key_as_pending (dname, key, &nonce, &fname); if (err) goto leave; - err = send_confirmation_request (ctx, sl->d, nonce); + err = send_confirmation_request (ctx, sl->d, nonce, fname); if (err) goto leave; } @@ -915,6 +926,7 @@ process_new_key (server_ctx_t ctx, estream_t key) if (nonce) wipememory (nonce, strlen (nonce)); xfree (nonce); + xfree (fname); xfree (dname); return err; } ----------------------------------------------------------------------- Summary of changes: tools/gpg-wks-server.c | 42 +++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 6 19:37:27 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Jul 2016 19:37:27 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-122-g511c252 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 511c2522b95333226a5e45e538fed29dd44c9be3 (commit) from e5896da666551da5322b2ae5458d429b9e60241e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 511c2522b95333226a5e45e538fed29dd44c9be3 Author: Werner Koch Date: Wed Jul 6 19:35:15 2016 +0200 doc: Escape file names in generated macros. * doc/mkdefsinc.c (print_filename): New. (main): Use it here. -- Our Jenkins uses an @ in directory names and thus our builds break. Signed-off-by: Werner Koch diff --git a/doc/mkdefsinc.c b/doc/mkdefsinc.c index f3e2f35..b8fbed6 100644 --- a/doc/mkdefsinc.c +++ b/doc/mkdefsinc.c @@ -140,6 +140,27 @@ get_date_from_files (char **files) } +/* We need to escape file names for Texinfo. */ +static void +print_filename (const char *prefix, const char *name) +{ + const char *s; + + fputs (prefix, stdout); + for (s=name; *s; s++) + switch (*s) + { + case '@': fputs ("@atchar{}", stdout); break; + case '{': fputs ("@lbracechar{}", stdout); break; + case '}': fputs ("@rbracechar{}", stdout); break; + case ',': fputs ("@comma{}", stdout); break; + case '\\':fputs ("@backslashchar{}", stdout); break; + case '#': fputs ("@hashchar{}", stdout); break; + default: putchar (*s); break; + } + putchar('\n'); +} + int main (int argc, char **argv) @@ -288,17 +309,16 @@ main (int argc, char **argv) fputs ("\n at c Directories\n\n", stdout); - fputs ("@set BINDIR " GNUPG_BINDIR "\n" - "@set LIBEXECDIR " GNUPG_LIBEXECDIR "\n" - "@set LIBDIR " GNUPG_LIBDIR "\n" - "@set DATADIR " GNUPG_DATADIR "\n" - "@set SYSCONFDIR " GNUPG_SYSCONFDIR "\n" - "@set LOCALSTATEDIR " GNUPG_LOCALSTATEDIR "\n" - "@set LOCALCACHEDIR " GNUPG_LOCALSTATEDIR - /* */ "/cache/" PACKAGE_NAME "\n" - "@set LOCALRUNDIR " GNUPG_LOCALSTATEDIR - /* */ "/run/" PACKAGE_NAME "\n" - , stdout); + print_filename ("@set BINDIR ", GNUPG_BINDIR ); + print_filename ("@set LIBEXECDIR ", GNUPG_LIBEXECDIR ); + print_filename ("@set LIBDIR ", GNUPG_LIBDIR ); + print_filename ("@set DATADIR ", GNUPG_DATADIR ); + print_filename ("@set SYSCONFDIR ", GNUPG_SYSCONFDIR ); + print_filename ("@set LOCALSTATEDIR ", GNUPG_LOCALSTATEDIR ); + print_filename ("@set LOCALCACHEDIR ", (GNUPG_LOCALSTATEDIR + "/cache/" PACKAGE_NAME)); + print_filename ("@set LOCALRUNDIR ", (GNUPG_LOCALSTATEDIR + "/run/" PACKAGE_NAME)); p = xstrdup (GNUPG_SYSCONFDIR); pend = strrchr (p, '/'); ----------------------------------------------------------------------- Summary of changes: doc/mkdefsinc.c | 42 +++++++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 7 14:19:52 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 07 Jul 2016 14:19:52 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-208-g52efcf1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 52efcf1ee9fc8ba4c6bd23d8fe4f5f7993ba9fb1 (commit) via 38c408560c6ebc3ea5eeeade01d38750bf5799e5 (commit) via 49286ac1c82c480e2c718f828c57da9778ccd0b9 (commit) from fc0267233239b42e9fb74a8acd7511503e287a9e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 52efcf1ee9fc8ba4c6bd23d8fe4f5f7993ba9fb1 Author: Justus Winter Date: Wed Jul 6 10:59:18 2016 +0200 python: Fix distcheck. * lang/python/INSTALL: Drop obsolete file. * lang/python/Makefile.am (EXTRA_DIST): Add missing files. (CLEANFILES): Remove generated files. (clean-local): Fix permissions of copied files. * lang/python/tests/Makefile.am (TESTS): Use our own setup and teardown scripts. (EXTRA_DIST): Add missing files. * lang/python/tests/final.py: New file. * lang/python/tests/initial.py: Likewise. Signed-off-by: Justus Winter diff --git a/lang/python/INSTALL b/lang/python/INSTALL deleted file mode 100644 index 18ece20..0000000 --- a/lang/python/INSTALL +++ /dev/null @@ -1,15 +0,0 @@ -To build pyme module without installing it run 'make'. - -To install pyme module run 'make install'. The module will be installed in the -site-packages subdirectory of the python library directory. - -To delete all files generated during build run 'make reallyclean' - -To build documentation run 'make docs'. HTML files will be generated in 'doc' -subdirectory. - -To build distribution files including Debian packages run 'make dist' -To build distribution archive without Debian packages and without debian - subdirectory run 'make nondeb-dist' -Note, Debian packages and distribution archive will be generated in the parent - directory. diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 8f0e74f..527212a 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -16,7 +16,13 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . -EXTRA_DIST = README +EXTRA_DIST = \ + README \ + gpgme.i \ + helpers.c helpers.h \ + gpgme-h-clean.py \ + pyme + SUBDIRS = tests COPY_FILES = \ @@ -48,11 +54,18 @@ all-local: gpgme_wrap.c pyme/pygpgme.py copystamp CFLAGS="$(CFLAGS) -I$(top_srcdir)" \ $(PYTHON) setup.py build --verbose -clean-local: - rm -rf -- build gpgme.h errors.i gpgme_wrap.c pyme/pygpgme.py \ +CLEANFILES = gpgme.h errors.i gpgme_wrap.c pyme/pygpgme.py \ copystamp + +# Remove the rest. +# +# 'make distclean' clears the write bit, breaking rm -rf. Fix the +# permissions. +clean-local: + rm -rf -- build if test "$(srcdir)" != "$(builddir)" ; then \ - rm -rf pyme helpers.c helpers.h ; \ + find . -type d ! -perm -200 -exec chmod u+w {} ';' ; \ + rm -rf README pyme helpers.c helpers.h ; \ fi install-exec-local: diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index b51562c..69985bb 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -49,9 +49,8 @@ py_tests = t-wrapper.py \ t-file-name.py \ t-idiomatic.py -TESTS = $(top_srcdir)/tests/gpg/initial.test \ - $(py_tests) \ - $(top_srcdir)/tests/gpg/final.test +TESTS = initial.py $(py_tests) final.py +EXTRA_DIST = support.py $(TESTS) CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ gpg.conf pubring.gpg~ \ @@ -73,7 +72,7 @@ check-local: ./gpg.conf ./gpg-agent.conf ./pubring-stamp \ # To guarantee that check-local is run before any tests we # add this dependency: -$(top_srcdir)/tests/gpg/initial.test: check-local +initial.py: check-local ./private-keys-v1.d/gpg-sample.stamp: $(private_keys) test -d ./private-keys-v1.d || mkdir ./private-keys-v1.d diff --git a/lang/python/tests/final.py b/lang/python/tests/final.py new file mode 100755 index 0000000..f75c200 --- /dev/null +++ b/lang/python/tests/final.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python3 + +# Copyright (C) 2016 g10 Code GmbH +# +# This file is part of GPGME. +# +# GPGME is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +# Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . + +import os +import subprocess + +subprocess.check_call([os.path.join(os.getenv('top_srcdir'), + "tests", "start-stop-agent"), "--stop"]) diff --git a/lang/python/tests/initial.py b/lang/python/tests/initial.py new file mode 100755 index 0000000..9d72cbc --- /dev/null +++ b/lang/python/tests/initial.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python3 + +# Copyright (C) 2016 g10 Code GmbH +# +# This file is part of GPGME. +# +# GPGME is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +# Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . + +import os +import subprocess + +subprocess.check_call([os.path.join(os.getenv('top_srcdir'), + "tests", "start-stop-agent"), "--start"]) commit 38c408560c6ebc3ea5eeeade01d38750bf5799e5 Author: Justus Winter Date: Wed Jul 6 11:01:55 2016 +0200 qt: Fix distcheck. * lang/qt/src/Makefile.am (qgpgme_headers): Add missing file. (CLEANFILES): Add generated file. * lang/qt/tests/Makefile.am (clean-local): Remove private keys. Signed-off-by: Justus Winter diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index 7de3ef6..187bc7f 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -63,7 +63,8 @@ qgpgme_headers= \ importjob.h \ keygenerationjob.h \ keylistjob.h \ - listallkeysjob.h + listallkeysjob.h \ + verifydetachedjob.h private_qgpgme_headers = \ qgpgme_export.h \ @@ -187,7 +188,7 @@ uninstall-local: uninstall-cmake-files BUILT_SOURCES = $(qgpgme_moc_sources) -CLEANFILES = $(qgpgme_moc_sources) +CLEANFILES = $(qgpgme_moc_sources) QGpgmeConfig.cmake nodist_libqgpgme_la_SOURCES = $(qgpgme_moc_sources) diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index 379abb3..c49d85f 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -61,6 +61,9 @@ CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \ random_seed S.gpg-agent .gpg-v21-migrated pubring-stamp $(moc_files) +clean-local: + -rm -fR -- private-keys-v1.d + export GNUPGHOME := $(abs_builddir) ./pubring-stamp: $(top_srcdir)/tests/gpg/pubdemo.asc \ commit 49286ac1c82c480e2c718f828c57da9778ccd0b9 Author: Justus Winter Date: Thu Jul 7 13:23:05 2016 +0200 cpp: Fix distcheck. * lang/cpp/src/Makefile.am (CLEANFILES): Remove generated file. Signed-off-by: Justus Winter diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index 364d2ca..e9deca9 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -93,3 +93,5 @@ uninstall-cmake-files: install-data-local: install-cmake-files uninstall-local: uninstall-cmake-files + +CLEANFILES = GpgmeppConfig.cmake ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/Makefile.am | 2 ++ lang/python/INSTALL | 15 --------------- lang/python/Makefile.am | 21 +++++++++++++++++---- lang/python/tests/Makefile.am | 7 +++---- lang/python/tests/{t-wrapper.py => final.py} | 9 ++++----- lang/python/tests/{t-wrapper.py => initial.py} | 9 ++++----- lang/qt/src/Makefile.am | 5 +++-- lang/qt/tests/Makefile.am | 3 +++ 8 files changed, 36 insertions(+), 35 deletions(-) delete mode 100644 lang/python/INSTALL copy lang/python/tests/{t-wrapper.py => final.py} (76%) copy lang/python/tests/{t-wrapper.py => initial.py} (76%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 7 16:58:05 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 07 Jul 2016 16:58:05 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-123-g2f61aa0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2f61aa0ff11b194d20307751ab686c87cd47dd56 (commit) from 511c2522b95333226a5e45e538fed29dd44c9be3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2f61aa0ff11b194d20307751ab686c87cd47dd56 Author: Justus Winter Date: Thu Jul 7 16:18:10 2016 +0200 gpgscm: Capture output of spawned processes. * tests/gpgscm/tests.scm (call-check): Capture stdout and stderr, and return stdout if the child exited successfully, or include stderr in the error. * tests/openpgp/version.scm: Demonstrate this by checking the stdout. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index 2728817..c32e2fa 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -94,9 +94,6 @@ CLOSED_FD (if (< *verbose* 0) STDOUT_FILENO CLOSED_FD) (if (< *verbose* 0) STDERR_FILENO CLOSED_FD))) -(define (call-check what) - (if (not (= 0 (call what))) - (throw (list what "failed")))) ;; Accessor functions for the results of 'spawn-process'. (define :stdin car) @@ -119,6 +116,12 @@ ;; ':stderr' can also be used. (define :retcode car) +(define (call-check what) + (let ((result (call-with-io what ""))) + (if (= 0 (:retcode result)) + (:stdout result) + (throw (list what "failed:" (:stderr result)))))) + (define (call-popen command input-string) (let ((result (call-with-io command input-string))) (if (= 0 (:retcode result)) diff --git a/tests/openpgp/version.scm b/tests/openpgp/version.scm index dbcb484..57efb93 100755 --- a/tests/openpgp/version.scm +++ b/tests/openpgp/version.scm @@ -20,6 +20,5 @@ (load (with-path "defs.scm")) (info "Printing the GPG version") -(assert (= 0 (call `(, at GPG --version)))) - -;; fixme: check that the output is as expected +(assert (string-contains? (call-check `(, at GPG --version)) + "gpg (GnuPG) 2.")) ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/tests.scm | 9 ++++++--- tests/openpgp/version.scm | 5 ++--- 2 files changed, 8 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 7 17:39:31 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 07 Jul 2016 17:39:31 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-125-gcbe467e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cbe467e794f3be81b8da2bcb1732b5514b13b71d (commit) via b05878f32aa507aa9087d7c992b630840b5ad71c (commit) from 2f61aa0ff11b194d20307751ab686c87cd47dd56 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cbe467e794f3be81b8da2bcb1732b5514b13b71d Author: Werner Koch Date: Thu Jul 7 17:02:58 2016 +0200 gpg: Add export options "export-pka" and "export-dane". * g10/options.h (EXPORT_PKA_FORMAT): New. * g10/keylist.c (list_keyblock_pka): Do not use DANE flag. * g10/export.c: Include zb32.h. (parse_export_options): Add options "export-pka" and "export-dane". (do_export): Do not armor if either of these option is set. (print_pka_or_dane_records): New. (do_export_stream): Implement new options. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 11d3a65..ae860d7 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2320,6 +2320,18 @@ opposite meaning. The options are: most recent self-signature on each user ID. This option is the same as running the @option{--edit-key} command "minimize" before export except that the local copy of the key is not modified. Defaults to no. + + @item export-pka + Instead of outputting the key material output PKA records suitable + to put into DNS zone files. An ORIGIN line is printed before each + record to allow diverting the records to the corresponding zone file. + + @item export-dane + Instead of outputting the key material output OpenPGP DANE records + suitable to put into DNS zone files. An ORIGIN line is printed before + each record to allow diverting the records to the corresponding zone + file. + @end table @item --with-colons diff --git a/g10/export.c b/g10/export.c index c5b7328..d31b09a 100644 --- a/g10/export.c +++ b/g10/export.c @@ -35,6 +35,7 @@ #include "i18n.h" #include "membuf.h" #include "host2net.h" +#include "zb32.h" #include "recsel.h" #include "mbox-util.h" #include "init.h" @@ -103,6 +104,10 @@ parse_export_options(char *str,unsigned int *options,int noisy) N_("remove unusable parts from key during export")}, {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL, N_("remove as much as possible from key during export")}, + + {"export-pka", EXPORT_PKA_FORMAT, NULL, NULL }, + {"export-dane", EXPORT_DANE_FORMAT, NULL, NULL }, + /* Aliases for backward compatibility */ {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL}, {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL}, @@ -316,7 +321,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options, if (rc) return rc; - if ( opt.armor ) + if ( opt.armor && !(options & (EXPORT_PKA_FORMAT|EXPORT_DANE_FORMAT)) ) { afx = new_armor_context (); afx->what = secret? 5 : 1; @@ -1245,9 +1250,8 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) { if (!recsel_select (selector, filter_getval, node)) { - - log_debug ("keep-uid: deleting '%s'\n", - node->pkt->pkt.user_id->name); + /* log_debug ("keep-uid: deleting '%s'\n", */ + /* node->pkt->pkt.user_id->name); */ /* The UID packet and all following packets up to the * next UID or a subkey. */ delete_kbnode (node); @@ -1258,14 +1262,101 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) node = node->next) delete_kbnode (node->next); } - else - log_debug ("keep-uid: keeping '%s'\n", - node->pkt->pkt.user_id->name); + /* else */ + /* log_debug ("keep-uid: keeping '%s'\n", */ + /* node->pkt->pkt.user_id->name); */ } } } +/* Print DANE or PKA records for all user IDs in KEYBLOCK to the + * stream FP. The data for the record is taken from HEXDATA. HEXFPR + * is the fingerprint of the primary key. */ +static gpg_error_t +print_pka_or_dane_records (kbnode_t keyblock, const char *hexdata, + const char *hexfpr, estream_t fp, + int print_pka, int print_dane) +{ + gpg_error_t err = 0; + kbnode_t kbctx, node; + PKT_user_id *uid; + char *mbox = NULL; + char hashbuf[32]; + char *hash = NULL; + char *domain; + const char *s; + unsigned int len; + + for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) + { + if (node->pkt->pkttype != PKT_USER_ID) + continue; + uid = node->pkt->pkt.user_id; + + if (uid->is_expired || uid->is_revoked) + continue; + + xfree (mbox); + mbox = mailbox_from_userid (uid->name); + if (!mbox) + continue; + + domain = strchr (mbox, '@'); + *domain++ = 0; + + if (print_pka) + { + es_fprintf (fp, "$ORIGIN _pka.%s.\n; %s\n; ", domain, hexfpr); + print_utf8_buffer (fp, uid->name, uid->len); + es_putc ('\n', fp); + gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox)); + xfree (hash); + hash = zb32_encode (hashbuf, 8*20); + if (!hash) + { + err = gpg_error_from_syserror (); + goto leave; + } + len = strlen (hexfpr)/2; + es_fprintf (fp, "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n\n", + hash, 6 + len, len, hexfpr); + } + + if (print_dane && hexdata) + { + es_fprintf (fp, "$ORIGIN _openpgpkey.%s.\n; %s\n; ", domain, hexfpr); + print_utf8_buffer (fp, uid->name, uid->len); + es_putc ('\n', fp); + gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf, mbox, strlen (mbox)); + xfree (hash); + hash = bin2hex (hashbuf, 28, NULL); + if (!hash) + { + err = gpg_error_from_syserror (); + goto leave; + } + ascii_strlwr (hash); + len = strlen (hexdata)/2; + es_fprintf (fp, "%s TYPE61 \\# %u (\n", hash, len); + for (s = hexdata; ;) + { + es_fprintf (fp, "\t%.64s\n", s); + if (strlen (s) < 64) + break; + s += 64; + } + es_fputs ("\t)\n\n", fp); + } + } + + leave: + xfree (hash); + xfree (mbox); + return err; +} + + /* Helper for do_export_stream which writes one keyblock to OUT. */ static gpg_error_t do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, @@ -1572,6 +1663,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, strlist_t sl; gcry_cipher_hd_t cipherhd = NULL; struct export_stats_s dummystats; + iobuf_t out_help = NULL; if (!stats) stats = &dummystats; @@ -1581,10 +1673,14 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, if (!kdbhd) return gpg_error_from_syserror (); - /* For the DANE format override the options. */ - if ((options & EXPORT_DANE_FORMAT)) - options = (EXPORT_DANE_FORMAT | EXPORT_MINIMAL | EXPORT_CLEAN); - + /* For the PKA and DANE format open a helper iobuf and for DANE + * enforce some options. */ + if ((options & (EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT))) + { + out_help = iobuf_temp (); + if ((options & EXPORT_DANE_FORMAT)) + options |= EXPORT_MINIMAL | EXPORT_CLEAN; + } if (!users) { @@ -1731,8 +1827,9 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, } /* And write it. */ - err = do_export_one_keyblock (ctrl, keyblock, keyid, out, secret, - options, stats, any, + err = do_export_one_keyblock (ctrl, keyblock, keyid, + out_help? out_help : out, + secret, options, stats, any, desc, ndesc, descindex, cipherhd); if (err) break; @@ -1742,11 +1839,65 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, *keyblock_out = keyblock; break; } + + if (out_help) + { + /* We want to write PKA or DANE records. OUT_HELP has the + * keyblock and we print a record for each uid to OUT. */ + char *hexdata; + const void *data; + void *vp; + size_t datalen; + estream_t fp; + + iobuf_flush_temp (out_help); + data = iobuf_get_temp_buffer (out_help); + datalen = iobuf_get_temp_length (out_help); + hexdata = bin2hex (data, datalen, NULL); + if (!hexdata) + { + err = gpg_error_from_syserror (); + goto leave; + } + iobuf_close (out_help); + out_help = iobuf_temp (); + ascii_strlwr (hexdata); + fp = es_fopenmem (0, "rw,samethread"); + if (!fp) + { + err = gpg_error_from_syserror (); + xfree (hexdata); + goto leave; + } + + { + char *hexfpr = hexfingerprint (pk, NULL, 0); + err = print_pka_or_dane_records (keyblock, hexdata, hexfpr, fp, + (options & EXPORT_PKA_FORMAT), + (options & EXPORT_DANE_FORMAT)); + xfree (hexfpr); + } + xfree (hexdata); + if (err) + { + es_fclose (fp); + goto leave; + } + es_fputc (0, fp); + if (es_fclose_snatch (fp, &vp, NULL)) + { + err = gpg_error_from_syserror (); + goto leave; + } + iobuf_writestr (out, vp); + } + } if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) err = 0; leave: + iobuf_cancel (out_help); gcry_cipher_close (cipherhd); xfree(desc); keydb_release (kdbhd); diff --git a/g10/keylist.c b/g10/keylist.c index e595fe3..b8f97f5 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -921,7 +921,7 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock) /* We do not have an export function which allows to pass a keyblock, thus we need to search the key again. */ err = export_pubkey_buffer (ctrl, hexfpr, - EXPORT_DANE_FORMAT, NULL, + (EXPORT_MINIMAL | EXPORT_CLEAN), NULL, &dummy_keyblock, &data, &datalen); release_kbnode (dummy_keyblock); if (!err) diff --git a/g10/options.h b/g10/options.h index fc333cd..2b3cabd 100644 --- a/g10/options.h +++ b/g10/options.h @@ -348,7 +348,8 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define EXPORT_RESET_SUBKEY_PASSWD (1<<3) #define EXPORT_MINIMAL (1<<4) #define EXPORT_CLEAN (1<<5) -#define EXPORT_DANE_FORMAT (1<<6) +#define EXPORT_PKA_FORMAT (1<<6) +#define EXPORT_DANE_FORMAT (1<<7) #define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_POLICY_URLS (1<<1) commit b05878f32aa507aa9087d7c992b630840b5ad71c Author: Werner Koch Date: Thu Jul 7 14:16:21 2016 +0200 gpg: Split a too large export function. * g10/export.c (do_export_stream): Factor some code out to ... (do_export_one_keyblock): new. Signed-off-by: Werner Koch diff --git a/g10/export.c b/g10/export.c index 2a50b32..c5b7328 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1266,8 +1266,290 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) } +/* Helper for do_export_stream which writes one keyblock to OUT. */ +static gpg_error_t +do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, + iobuf_t out, int secret, unsigned int options, + export_stats_t stats, int *any, + KEYDB_SEARCH_DESC *desc, size_t ndesc, + size_t descindex, gcry_cipher_hd_t cipherhd) +{ + gpg_error_t err; + char *cache_nonce = NULL; + subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */ + int skip_until_subkey = 0; + int cleartext = 0; + char *hexgrip = NULL; + char *serialno = NULL; + PKT_public_key *pk; + u32 subkidbuf[2], *subkid; + kbnode_t kbctx, node; + + for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); ) + { + if (skip_until_subkey) + { + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + skip_until_subkey = 0; + else + continue; + } + + /* We used to use comment packets, but not any longer. In + * case we still have comments on a key, strip them here + * before we call build_packet(). */ + if (node->pkt->pkttype == PKT_COMMENT) + continue; + + /* Make sure that ring_trust packets never get exported. */ + if (node->pkt->pkttype == PKT_RING_TRUST) + continue; + + /* If exact is set, then we only export what was requested + * (plus the primary key, if the user didn't specifically + * request it). */ + if (desc[descindex].exact && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + if (!exact_subkey_match_p (desc+descindex, node)) + { + /* Before skipping this subkey, check whether any + * other description wants an exact match on a + * subkey and include that subkey into the output + * too. Need to add this subkey to a list so that + * it won't get processed a second time. + * + * So the first step here is to check that list and + * skip in any case if the key is in that list. + * + * We need this whole mess because the import + * function of GnuPG < 2.1 is not able to merge + * secret keys and thus it is useless to output them + * as two separate keys and have import merge them. + */ + if (subkey_in_list_p (subkey_list, node)) + skip_until_subkey = 1; /* Already processed this one. */ + else + { + size_t j; + + for (j=0; j < ndesc; j++) + if (j != descindex && desc[j].exact + && exact_subkey_match_p (desc+j, node)) + break; + if (!(j < ndesc)) + skip_until_subkey = 1; /* No other one matching. */ + } + } + + if (skip_until_subkey) + continue; + + /* Mark this one as processed. */ + { + subkey_list_t tmp = new_subkey_list_item (node); + tmp->next = subkey_list; + subkey_list = tmp; + } + } + + if (node->pkt->pkttype == PKT_SIGNATURE) + { + /* Do not export packets which are marked as not + * exportable. */ + if (!(options & EXPORT_LOCAL_SIGS) + && !node->pkt->pkt.signature->flags.exportable) + continue; /* not exportable */ + + /* Do not export packets with a "sensitive" revocation key + * unless the user wants us to. Note that we do export + * these when issuing the actual revocation (see revoke.c). */ + if (!(options & EXPORT_SENSITIVE_REVKEYS) + && node->pkt->pkt.signature->revkey) + { + int i; + + for (i = 0; i < node->pkt->pkt.signature->numrevkeys; i++) + if ((node->pkt->pkt.signature->revkey[i].class & 0x40)) + break; + if (i < node->pkt->pkt.signature->numrevkeys) + continue; + } + } + + /* Don't export attribs? */ + if (!(options & EXPORT_ATTRIBUTES) + && node->pkt->pkttype == PKT_USER_ID + && node->pkt->pkt.user_id->attrib_data) + { + /* Skip until we get to something that is not an attrib or a + * signature on an attrib. */ + while (kbctx->next && kbctx->next->pkt->pkttype == PKT_SIGNATURE) + kbctx = kbctx->next; + + continue; + } + + if (secret && (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)) + { + pk = node->pkt->pkt.public_key; + if (node->pkt->pkttype == PKT_PUBLIC_KEY) + subkid = NULL; + else + { + keyid_from_pk (pk, subkidbuf); + subkid = subkidbuf; + } + + if (pk->seckey_info) + { + log_error ("key %s: oops: seckey_info already set" + " - skipped\n", keystr_with_sub (keyid, subkid)); + skip_until_subkey = 1; + continue; + } + + xfree (hexgrip); + err = hexkeygrip_from_pk (pk, &hexgrip); + if (err) + { + log_error ("key %s: error computing keygrip: %s" + " - skipped\n", keystr_with_sub (keyid, subkid), + gpg_strerror (err)); + skip_until_subkey = 1; + err = 0; + continue; + } + + xfree (serialno); + serialno = NULL; + if (secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY) + { + /* We are asked not to export the secret parts of the + * primary key. Make up an error code to create the + * stub. */ + err = GPG_ERR_NOT_FOUND; + } + else + err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext); + + if ((!err && serialno) + && secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY) + { + /* It does not make sense to export a key with its + * primary key on card using a non-key stub. Thus we + * skip those keys when used with --export-secret-subkeys. */ + log_info (_("key %s: key material on-card - skipped\n"), + keystr_with_sub (keyid, subkid)); + skip_until_subkey = 1; + } + else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND + || (!err && serialno)) + { + /* Create a key stub. */ + struct seckey_info *ski; + const char *s; + + pk->seckey_info = ski = xtrycalloc (1, sizeof *ski); + if (!ski) + { + err = gpg_error_from_syserror (); + goto leave; + } + + ski->is_protected = 1; + if (err) + ski->s2k.mode = 1001; /* GNU dummy (no secret key). */ + else + { + ski->s2k.mode = 1002; /* GNU-divert-to-card. */ + for (s=serialno; sizeof (ski->ivlen) && *s && s[1]; + ski->ivlen++, s += 2) + ski->iv[ski->ivlen] = xtoi_2 (s); + } + + err = build_packet (out, node->pkt); + if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) + { + stats->exported++; + print_status_exported (node->pkt->pkt.public_key); + } + } + else if (!err) + { + err = receive_seckey_from_agent (ctrl, cipherhd, + cleartext, &cache_nonce, + hexgrip, pk); + if (err) + { + if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) + goto leave; + skip_until_subkey = 1; + err = 0; + } + else + { + err = build_packet (out, node->pkt); + if (node->pkt->pkttype == PKT_PUBLIC_KEY) + { + stats->exported++; + print_status_exported (node->pkt->pkt.public_key); + } + } + } + else + { + log_error ("key %s: error getting keyinfo from agent: %s" + " - skipped\n", keystr_with_sub (keyid, subkid), + gpg_strerror (err)); + skip_until_subkey = 1; + err = 0; + } + + xfree (pk->seckey_info); + pk->seckey_info = NULL; + { + int i; + for (i = pubkey_get_npkey (pk->pubkey_algo); + i < pubkey_get_nskey (pk->pubkey_algo); i++) + { + gcry_mpi_release (pk->pkey[i]); + pk->pkey[i] = NULL; + } + } + } + else /* Not secret or common packets. */ + { + err = build_packet (out, node->pkt); + if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) + { + stats->exported++; + print_status_exported (node->pkt->pkt.public_key); + } + } + + if (err) + { + log_error ("build_packet(%d) failed: %s\n", + node->pkt->pkttype, gpg_strerror (err)); + goto leave; + } + + if (!skip_until_subkey) + *any = 1; + } + + leave: + release_subkey_list (subkey_list); + xfree (serialno); + xfree (hexgrip); + xfree (cache_nonce); + return err; +} + + /* Export the keys identified by the list of strings in USERS to the - stream OUT. If Secret is false public keys will be exported. With + stream OUT. If SECRET is false public keys will be exported. With secret true secret keys will be exported; in this case 1 means the entire secret keyblock and 2 only the subkeys. OPTIONS are the export options to apply. If KEYBLOCK_OUT is not NULL, AND the exit @@ -1282,17 +1564,14 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, { gpg_error_t err = 0; PACKET pkt; - KBNODE keyblock = NULL; - KBNODE kbctx, node; + kbnode_t keyblock = NULL; + kbnode_t node; size_t ndesc, descindex; KEYDB_SEARCH_DESC *desc = NULL; - subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */ KEYDB_HANDLE kdbhd; strlist_t sl; gcry_cipher_hd_t cipherhd = NULL; - char *cache_nonce = NULL; struct export_stats_s dummystats; - int cleartext = 0; if (!stats) stats = &dummystats; @@ -1377,7 +1656,6 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, for (;;) { - int skip_until_subkey = 0; u32 keyid[2]; PKT_public_key *pk; @@ -1453,268 +1731,11 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, } /* And write it. */ - xfree (cache_nonce); - cache_nonce = NULL; - for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); ) - { - if (skip_until_subkey) - { - if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - skip_until_subkey = 0; - else - continue; - } - - /* We used to use comment packets, but not any longer. In - case we still have comments on a key, strip them here - before we call build_packet(). */ - if (node->pkt->pkttype == PKT_COMMENT) - continue; - - /* Make sure that ring_trust packets never get exported. */ - if (node->pkt->pkttype == PKT_RING_TRUST) - continue; - - /* If exact is set, then we only export what was requested - (plus the primary key, if the user didn't specifically - request it). */ - if (desc[descindex].exact - && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - { - if (!exact_subkey_match_p (desc+descindex, node)) - { - /* Before skipping this subkey, check whether any - other description wants an exact match on a - subkey and include that subkey into the output - too. Need to add this subkey to a list so that - it won't get processed a second time. - - So the first step here is to check that list and - skip in any case if the key is in that list. - - We need this whole mess because the import - function of GnuPG < 2.1 is not able to merge - secret keys and thus it is useless to output them - as two separate keys and have import merge them. */ - if (subkey_in_list_p (subkey_list, node)) - skip_until_subkey = 1; /* Already processed this one. */ - else - { - size_t j; - - for (j=0; j < ndesc; j++) - if (j != descindex && desc[j].exact - && exact_subkey_match_p (desc+j, node)) - break; - if (!(j < ndesc)) - skip_until_subkey = 1; /* No other one matching. */ - } - } - - if(skip_until_subkey) - continue; - - /* Mark this one as processed. */ - { - subkey_list_t tmp = new_subkey_list_item (node); - tmp->next = subkey_list; - subkey_list = tmp; - } - } - - if (node->pkt->pkttype == PKT_SIGNATURE) - { - /* Do not export packets which are marked as not - exportable. */ - if (!(options&EXPORT_LOCAL_SIGS) - && !node->pkt->pkt.signature->flags.exportable) - continue; /* not exportable */ - - /* Do not export packets with a "sensitive" revocation - key unless the user wants us to. Note that we do - export these when issuing the actual revocation - (see revoke.c). */ - if (!(options&EXPORT_SENSITIVE_REVKEYS) - && node->pkt->pkt.signature->revkey) - { - int i; - - for (i=0;ipkt->pkt.signature->numrevkeys;i++) - if ( (node->pkt->pkt.signature->revkey[i].class & 0x40)) - break; - - if (i < node->pkt->pkt.signature->numrevkeys) - continue; - } - } - - /* Don't export attribs? */ - if (!(options&EXPORT_ATTRIBUTES) - && node->pkt->pkttype == PKT_USER_ID - && node->pkt->pkt.user_id->attrib_data ) - { - /* Skip until we get to something that is not an attrib - or a signature on an attrib */ - while (kbctx->next && kbctx->next->pkt->pkttype==PKT_SIGNATURE) - kbctx = kbctx->next; - - continue; - } - - if (secret && (node->pkt->pkttype == PKT_PUBLIC_KEY - || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)) - { - u32 subkidbuf[2], *subkid; - char *hexgrip, *serialno; - - pk = node->pkt->pkt.public_key; - if (node->pkt->pkttype == PKT_PUBLIC_KEY) - subkid = NULL; - else - { - keyid_from_pk (pk, subkidbuf); - subkid = subkidbuf; - } - - if (pk->seckey_info) - { - log_error ("key %s: oops: seckey_info already set" - " - skipped\n", keystr_with_sub (keyid, subkid)); - skip_until_subkey = 1; - continue; - } - - err = hexkeygrip_from_pk (pk, &hexgrip); - if (err) - { - log_error ("key %s: error computing keygrip: %s" - " - skipped\n", keystr_with_sub (keyid, subkid), - gpg_strerror (err)); - skip_until_subkey = 1; - err = 0; - continue; - } - - if (secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY) - { - /* We are asked not to export the secret parts of - the primary key. Make up an error code to create - the stub. */ - err = GPG_ERR_NOT_FOUND; - serialno = NULL; - } - else - err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext); - - if ((!err && serialno) - && secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY) - { - /* It does not make sense to export a key with its - primary key on card using a non-key stub. Thus - we skip those keys when used with - --export-secret-subkeys. */ - log_info (_("key %s: key material on-card - skipped\n"), - keystr_with_sub (keyid, subkid)); - skip_until_subkey = 1; - } - else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND - || (!err && serialno)) - { - /* Create a key stub. */ - struct seckey_info *ski; - const char *s; - - pk->seckey_info = ski = xtrycalloc (1, sizeof *ski); - if (!ski) - { - err = gpg_error_from_syserror (); - xfree (hexgrip); - goto leave; - } - - ski->is_protected = 1; - if (err) - ski->s2k.mode = 1001; /* GNU dummy (no secret key). */ - else - { - ski->s2k.mode = 1002; /* GNU-divert-to-card. */ - for (s=serialno; sizeof (ski->ivlen) && *s && s[1]; - ski->ivlen++, s += 2) - ski->iv[ski->ivlen] = xtoi_2 (s); - } - - err = build_packet (out, node->pkt); - if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) - { - stats->exported++; - print_status_exported (node->pkt->pkt.public_key); - } - } - else if (!err) - { - err = receive_seckey_from_agent (ctrl, cipherhd, - cleartext, &cache_nonce, - hexgrip, pk); - if (err) - { - if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) - goto leave; - skip_until_subkey = 1; - err = 0; - } - else - { - err = build_packet (out, node->pkt); - if (node->pkt->pkttype == PKT_PUBLIC_KEY) - { - stats->exported++; - print_status_exported (node->pkt->pkt.public_key); - } - } - } - else - { - log_error ("key %s: error getting keyinfo from agent: %s" - " - skipped\n", keystr_with_sub (keyid, subkid), - gpg_strerror (err)); - skip_until_subkey = 1; - err = 0; - } - - xfree (pk->seckey_info); - pk->seckey_info = NULL; - { - int i; - for (i = pubkey_get_npkey (pk->pubkey_algo); - i < pubkey_get_nskey (pk->pubkey_algo); i++) - { - gcry_mpi_release (pk->pkey[i]); - pk->pkey[i] = NULL; - } - } - xfree (hexgrip); - } - else - { - err = build_packet (out, node->pkt); - if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) - { - stats->exported++; - print_status_exported (node->pkt->pkt.public_key); - } - } - - - if (err) - { - log_error ("build_packet(%d) failed: %s\n", - node->pkt->pkttype, gpg_strerror (err)); - goto leave; - } - - if (!skip_until_subkey) - *any = 1; - } + err = do_export_one_keyblock (ctrl, keyblock, keyid, out, secret, + options, stats, any, + desc, ndesc, descindex, cipherhd); + if (err) + break; if (keyblock_out) { @@ -1727,12 +1748,10 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, leave: gcry_cipher_close (cipherhd); - release_subkey_list (subkey_list); xfree(desc); keydb_release (kdbhd); if (err || !keyblock_out) release_kbnode( keyblock ); - xfree (cache_nonce); if( !*any ) log_info(_("WARNING: nothing exported\n")); return err; ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 12 + g10/export.c | 720 ++++++++++++++++++++++++++++++++++++---------------------- g10/keylist.c | 2 +- g10/options.h | 3 +- 4 files changed, 460 insertions(+), 277 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 8 11:46:51 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 08 Jul 2016 11:46:51 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-209-g8a93f34 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8a93f345b701332270c9829a4d0a93537f98a8d8 (commit) from 52efcf1ee9fc8ba4c6bd23d8fe4f5f7993ba9fb1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8a93f345b701332270c9829a4d0a93537f98a8d8 Author: Justus Winter Date: Fri Jul 8 11:45:08 2016 +0200 python: Fix raising stashed exceptions. Fixes an issue with newer versions of Python. * lang/python/helpers.c (pygpgme_raise_callback_exception): Be more careful when restoring the exception. Signed-off-by: Justus Winter diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 1b66146..43a55d0 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -150,12 +150,18 @@ PyObject *pygpgme_raise_callback_exception(PyObject *self) else Py_INCREF(ptraceback); + /* We now have references for the extracted items. */ Py_DECREF(excinfo); - PyErr_Restore(ptype, pvalue, ptraceback); + /* Clear the exception information. It is important to do this + before setting the error, because setting the attribute may + execute python code, and the runtime system raises a SystemError + if an exception is set but values are returned. */ Py_INCREF(Py_None); PyObject_SetAttrString(self, EXCINFO, Py_None); + /* Restore exception. */ + PyErr_Restore(ptype, pvalue, ptraceback); return NULL; /* Raise exception. */ leave: ----------------------------------------------------------------------- Summary of changes: lang/python/helpers.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 8 12:31:13 2016 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Fri, 08 Jul 2016 12:31:13 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-17-g1111d31 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 1111d311fd6452abd4080d1072c75ddb1b5a3dd1 (commit) via 496790940753226f96b731a43d950bd268acd97a (commit) from cb79630ec567a5f2e03e5f863cda168faa7b8cc8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1111d311fd6452abd4080d1072c75ddb1b5a3dd1 Author: Jussi Kivilinna Date: Fri Jul 8 01:22:58 2016 +0300 Fix unaligned accesses with ldm/stm in ChaCha20 and Poly1305 ARM/NEON * cipher/chacha20-armv7-neon.S (UNALIGNED_STMIA8) (UNALIGNED_LDMIA4): New. (_gcry_chacha20_armv7_neon_blocks): Use new helper macros instead of ldm/stm instructions directly. * cipher/poly1305-armv7-neon.S (UNALIGNED_LDMIA2) (UNALIGNED_LDMIA4): New. (_gcry_poly1305_armv7_neon_init_ext, _gcry_poly1305_armv7_neon_blocks) (_gcry_poly1305_armv7_neon_finish_ext): Use new helper macros instead of ldm instruction directly. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/chacha20-armv7-neon.S b/cipher/chacha20-armv7-neon.S index 1a395ba..4d3340b 100644 --- a/cipher/chacha20-armv7-neon.S +++ b/cipher/chacha20-armv7-neon.S @@ -33,6 +33,40 @@ .fpu neon .arm +#define UNALIGNED_STMIA8(ptr, l0, l1, l2, l3, l4, l5, l6, l7) \ + tst ptr, #3; \ + beq 1f; \ + vpush {d0-d3}; \ + vmov s0, l0; \ + vmov s1, l1; \ + vmov s2, l2; \ + vmov s3, l3; \ + vmov s4, l4; \ + vmov s5, l5; \ + vmov s6, l6; \ + vmov s7, l7; \ + vst1.32 {d0-d3}, [ptr]; \ + add ptr, #32; \ + vpop {d0-d3}; \ + b 2f; \ + 1: stmia ptr!, {l0-l7}; \ + 2: ; + +#define UNALIGNED_LDMIA4(ptr, l0, l1, l2, l3) \ + tst ptr, #3; \ + /*beq 1f;*/ \ + vpush {d0-d1}; \ + vld1.32 {d0-d1}, [ptr]; \ + add ptr, #16; \ + vmov l0, s0; \ + vmov l1, s1; \ + vmov l2, s2; \ + vmov l3, s3; \ + vpop {d0-d1}; \ + b 2f; \ + 1: ldmia ptr!, {l0-l3}; \ + 2: ; + .text .globl _gcry_chacha20_armv7_neon_blocks @@ -352,7 +386,8 @@ _gcry_chacha20_armv7_neon_blocks: add r7, r7, r11 vadd.i32 q11, q11, q14 beq .Lchacha_blocks_neon_nomessage11 - ldmia r12!, {r8-r11} + UNALIGNED_LDMIA4(r12, r8, r9, r10, r11) + tst r12, r12 eor r0, r0, r8 eor r1, r1, r9 eor r2, r2, r10 @@ -367,7 +402,8 @@ _gcry_chacha20_armv7_neon_blocks: add r12, r12, #16 eor r7, r7, r11 .Lchacha_blocks_neon_nomessage11: - stmia r14!, {r0-r7} + UNALIGNED_STMIA8(r14, r0, r1, r2, r3, r4, r5, r6, r7) + tst r12, r12 ldm sp, {r0-r7} ldr r8, [sp, #(64 +32)] ldr r9, [sp, #(64 +36)] @@ -391,7 +427,8 @@ _gcry_chacha20_armv7_neon_blocks: tst r12, r12 str r9, [sp, #(64 +52)] beq .Lchacha_blocks_neon_nomessage12 - ldmia r12!, {r8-r11} + UNALIGNED_LDMIA4(r12, r8, r9, r10, r11) + tst r12, r12 eor r0, r0, r8 eor r1, r1, r9 eor r2, r2, r10 @@ -406,7 +443,8 @@ _gcry_chacha20_armv7_neon_blocks: add r12, r12, #16 eor r7, r7, r11 .Lchacha_blocks_neon_nomessage12: - stmia r14!, {r0-r7} + UNALIGNED_STMIA8(r14, r0, r1, r2, r3, r4, r5, r6, r7) + tst r12, r12 beq .Lchacha_blocks_neon_nomessage13 vld1.32 {q12,q13}, [r12]! vld1.32 {q14,q15}, [r12]! @@ -613,7 +651,8 @@ _gcry_chacha20_armv7_neon_blocks: tst r12, r12 add r7, r7, r11 beq .Lchacha_blocks_neon_nomessage21 - ldmia r12!, {r8-r11} + UNALIGNED_LDMIA4(r12, r8, r9, r10, r11) + tst r12, r12 eor r0, r0, r8 eor r1, r1, r9 eor r2, r2, r10 @@ -628,7 +667,7 @@ _gcry_chacha20_armv7_neon_blocks: add r12, r12, #16 eor r7, r7, r11 .Lchacha_blocks_neon_nomessage21: - stmia r14!, {r0-r7} + UNALIGNED_STMIA8(r14, r0, r1, r2, r3, r4, r5, r6, r7) ldm sp, {r0-r7} ldr r8, [sp, #(64 +32)] ldr r9, [sp, #(64 +36)] @@ -652,7 +691,8 @@ _gcry_chacha20_armv7_neon_blocks: tst r12, r12 str r9, [sp, #(64 +52)] beq .Lchacha_blocks_neon_nomessage22 - ldmia r12!, {r8-r11} + UNALIGNED_LDMIA4(r12, r8, r9, r10, r11) + tst r12, r12 eor r0, r0, r8 eor r1, r1, r9 eor r2, r2, r10 @@ -667,7 +707,7 @@ _gcry_chacha20_armv7_neon_blocks: add r12, r12, #16 eor r7, r7, r11 .Lchacha_blocks_neon_nomessage22: - stmia r14!, {r0-r7} + UNALIGNED_STMIA8(r14, r0, r1, r2, r3, r4, r5, r6, r7) str r12, [sp, #48] str r14, [sp, #40] ldr r3, [sp, #52] diff --git a/cipher/poly1305-armv7-neon.S b/cipher/poly1305-armv7-neon.S index b1554ed..13cb4a5 100644 --- a/cipher/poly1305-armv7-neon.S +++ b/cipher/poly1305-armv7-neon.S @@ -46,6 +46,32 @@ # define GET_DATA_POINTER(reg, name, rtmp) ldr reg, =name #endif +#define UNALIGNED_LDMIA2(ptr, l0, l1) \ + tst ptr, #3; \ + beq 1f; \ + vpush {d0}; \ + vld1.32 {d0}, [ptr]!; \ + vmov l0, s0; \ + vmov l1, s1; \ + vpop {d0}; \ + b 2f; \ + 1: ldmia ptr!, {l0-l1}; \ + 2: ; + +#define UNALIGNED_LDMIA4(ptr, l0, l1, l2, l3) \ + tst ptr, #3; \ + beq 1f; \ + vpush {d0-d1}; \ + vld1.32 {d0-d1}, [ptr]!; \ + vmov l0, s0; \ + vmov l1, s1; \ + vmov l2, s2; \ + vmov l3, s3; \ + vpop {d0-d1}; \ + b 2f; \ + 1: ldmia ptr!, {l0-l3}; \ + 2: ; + .text .p2align 2 @@ -64,7 +90,7 @@ _gcry_poly1305_armv7_neon_init_ext: mov r14, r2 and r2, r2, r2 moveq r14, #-1 - ldmia r1!, {r2-r5} + UNALIGNED_LDMIA4(r1, r2, r3, r4, r5) GET_DATA_POINTER(r7,.Lpoly1305_init_constants_neon,r8) mov r6, r2 mov r8, r2, lsr #26 @@ -175,7 +201,7 @@ _gcry_poly1305_armv7_neon_init_ext: eor r6, r6, r6 stmia r0!, {r2-r6} stmia r0!, {r2-r6} - ldmia r1!, {r2-r5} + UNALIGNED_LDMIA4(r1, r2, r3, r4, r5) stmia r0, {r2-r6} add sp, sp, #32 ldmfd sp!, {r4-r11, lr} @@ -286,7 +312,7 @@ _gcry_poly1305_armv7_neon_blocks: vmov d14, d12 vmul.i32 q6, q5, d0[0] .Lpoly1305_blocks_neon_mainloop: - ldmia r0!, {r2-r5} + UNALIGNED_LDMIA4(r0, r2, r3, r4, r5) vmull.u32 q0, d25, d12[0] mov r7, r2, lsr #26 vmlal.u32 q0, d24, d12[1] @@ -302,7 +328,7 @@ _gcry_poly1305_armv7_neon_blocks: orr r4, r8, r4, lsl #12 orr r5, r9, r5, lsl #18 vmlal.u32 q1, d24, d13[0] - ldmia r0!, {r7-r10} + UNALIGNED_LDMIA4(r0, r7, r8, r9, r10) vmlal.u32 q1, d23, d13[1] mov r1, r7, lsr #26 vmlal.u32 q1, d22, d14[0] @@ -344,7 +370,7 @@ _gcry_poly1305_armv7_neon_blocks: vmlal.u32 q4, d21, d11[1] vld1.64 {d21-d24}, [r14, :256]! vld1.64 {d25}, [r14, :64] - ldmia r0!, {r2-r5} + UNALIGNED_LDMIA4(r0, r2, r3, r4, r5) vmlal.u32 q0, d25, d26 mov r7, r2, lsr #26 vmlal.u32 q0, d24, d27 @@ -360,7 +386,7 @@ _gcry_poly1305_armv7_neon_blocks: orr r4, r8, r4, lsl #12 orr r5, r9, r5, lsl #18 vmlal.u32 q1, d24, d28 - ldmia r0!, {r7-r10} + UNALIGNED_LDMIA4(r0, r7, r8, r9, r10) vmlal.u32 q1, d23, d29 mov r1, r7, lsr #26 vmlal.u32 q1, d22, d20 @@ -643,7 +669,7 @@ _gcry_poly1305_armv7_neon_finish_ext: .Lpoly1305_finish_ext_neon_skip16: tst r7, #8 beq .Lpoly1305_finish_ext_neon_skip8 - ldmia r1!, {r10-r11} + UNALIGNED_LDMIA2(r1, r10, r11) stmia r9!, {r10-r11} .Lpoly1305_finish_ext_neon_skip8: tst r7, #4 commit 496790940753226f96b731a43d950bd268acd97a Author: Jussi Kivilinna Date: Sun Jul 3 18:39:40 2016 +0300 bench-slope: add unaligned buffer mode * tests/bench-slope.c (unaligned_mode): New. (do_slope_benchmark): Unalign buffer if in unaligned mode enabled. (print_help, main): Add '--unaligned' parameter. -- Patch adds --unaligned parameter to allow measurement of unaligned buffer overhead. Signed-off-by: Jussi Kivilinna diff --git a/tests/bench-slope.c b/tests/bench-slope.c index d97494c..cdd0fa6 100644 --- a/tests/bench-slope.c +++ b/tests/bench-slope.c @@ -42,6 +42,7 @@ static int verbose; static int csv_mode; +static int unaligned_mode; static int num_measurement_repetitions; /* CPU Ghz value provided by user, allows constructing cycles/byte and other @@ -411,12 +412,14 @@ do_slope_benchmark (struct bench_obj *obj) obj->max_bufsize < 1 || obj->min_bufsize > obj->max_bufsize) goto err_free; - real_buffer = malloc (obj->max_bufsize + 128); + real_buffer = malloc (obj->max_bufsize + 128 + unaligned_mode); if (!real_buffer) goto err_free; /* Get aligned buffer */ buffer = real_buffer; buffer += 128 - ((real_buffer - (unsigned char *) 0) & (128 - 1)); + if (unaligned_mode) + buffer += unaligned_mode; /* Make buffer unaligned */ for (i = 0; i < obj->max_bufsize; i++) buffer[i] = 0x55 ^ (-i); @@ -1748,6 +1751,7 @@ print_help (void) " for benchmarking.", " --repetitions Use N repetitions (default " STR2(NUM_MEASUREMENT_REPETITIONS) ")", + " --unaligned Use unaligned input buffers.", " --csv Use CSV output format", NULL }; @@ -1832,6 +1836,12 @@ main (int argc, char **argv) argc--; argv++; } + else if (!strcmp (*argv, "--unaligned")) + { + unaligned_mode = 1; + argc--; + argv++; + } else if (!strcmp (*argv, "--disable-hwf")) { argc--; ----------------------------------------------------------------------- Summary of changes: cipher/chacha20-armv7-neon.S | 56 +++++++++++++++++++++++++++++++++++++------- cipher/poly1305-armv7-neon.S | 40 +++++++++++++++++++++++++------ tests/bench-slope.c | 12 +++++++++- 3 files changed, 92 insertions(+), 16 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 8 18:04:35 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 08 Jul 2016 18:04:35 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-210-gde74fe5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via de74fe59feef9adc858ac04004880bfd44315d0d (commit) from 8a93f345b701332270c9829a4d0a93537f98a8d8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit de74fe59feef9adc858ac04004880bfd44315d0d Author: Justus Winter Date: Fri Jul 8 18:00:01 2016 +0200 src: Fix error handling. * src/encrypt.c (encrypt_status_handler): Fix error handling, || conflates errors. Signed-off-by: Justus Winter diff --git a/src/encrypt.c b/src/encrypt.c index 8672cd3..307c862 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -184,8 +184,13 @@ encrypt_sym_status_handler (void *priv, gpgme_status_code_t code, char *args) static gpgme_error_t encrypt_status_handler (void *priv, gpgme_status_code_t code, char *args) { - return _gpgme_progress_status_handler (priv, code, args) - || _gpgme_encrypt_status_handler (priv, code, args); + gpgme_error_t err; + + err = _gpgme_progress_status_handler (priv, code, args); + if (!err) + err = _gpgme_encrypt_status_handler (priv, code, args); + + return err; } ----------------------------------------------------------------------- Summary of changes: src/encrypt.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jul 9 03:36:49 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Sat, 09 Jul 2016 03:36:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-126-ge32c575 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e32c575e0f3704e7563048eea6d26844bdfc494b (commit) from cbe467e794f3be81b8da2bcb1732b5514b13b71d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e32c575e0f3704e7563048eea6d26844bdfc494b Author: NIIBE Yutaka Date: Sat Jul 9 10:20:02 2016 +0900 gpgv: Tweak default options for extra security. * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on cached status. Similarly, set opt.flags.require_cross_cert for backsig validation for subkey signature. -- It is common that an organization distributes binary keyrings with signature cache (Tag 12, Trust Packet) and people use gpgv to validate signature with such keyrings. In such a use case, it is possible that the key validation itself is skipped. For the purpose of gpgv validation of signatures, we should not depend on signature cache in keyrings (if any), but we should validate the key by its self signature for primary key, and back signature for subkey. Signed-off-by: NIIBE Yutaka diff --git a/g10/gpgv.c b/g10/gpgv.c index d238ee0..d08dc5a 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -167,6 +167,8 @@ main( int argc, char **argv ) opt.command_fd = -1; /* no command fd */ opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE; opt.trust_model = TM_ALWAYS; + opt.no_sig_cache = 1; + opt.flags.require_cross_cert = 1; opt.batch = 1; opt.weak_digests = NULL; ----------------------------------------------------------------------- Summary of changes: g10/gpgv.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jul 9 03:44:13 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Sat, 09 Jul 2016 03:44:13 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.20-14-gcf01cf8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via cf01cf8b88abb6ed5fea300c28e2a1e6a7c67804 (commit) from ca1fc596267b42a894a3fc85c3733007c672ed1f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cf01cf8b88abb6ed5fea300c28e2a1e6a7c67804 Author: NIIBE Yutaka Date: Sat Jul 9 10:20:02 2016 +0900 gpgv: Tweak default options for extra security. * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on cached status. Similarly, set opt.flags.require_cross_cert for backsig validation for subkey signature. -- (backport of master commit e32c575e0f3704e7563048eea6d26844bdfc494b) It is common that an organization distributes binary keyrings with signature cache (Tag 12, Trust Packet) and people use gpgv to validate signature with such keyrings. In such a use case, it is possible that the key validation itself is skipped. For the purpose of gpgv validation of signatures, we should not depend on signature cache in keyrings (if any), but we should validate the key by its self signature for primary key, and back signature for subkey. Signed-off-by: NIIBE Yutaka diff --git a/g10/gpgv.c b/g10/gpgv.c index b2721ba..f2899bf 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -144,6 +144,8 @@ main( int argc, char **argv ) opt.pgp2_workarounds = 1; opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE; opt.trust_model = TM_ALWAYS; + opt.no_sig_cache = 1; + opt.flags.require_cross_cert = 1; opt.batch = 1; opt.weak_digests = NULL; ----------------------------------------------------------------------- Summary of changes: g10/gpgv.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jul 9 03:44:26 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Sat, 09 Jul 2016 03:44:26 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.30-9-gb531f2f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via b531f2fd75be3f616073cba714d73324525fd3e4 (commit) from 1c151368956e4558946d29d1698d9ae5028e62a7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b531f2fd75be3f616073cba714d73324525fd3e4 Author: NIIBE Yutaka Date: Sat Jul 9 10:20:02 2016 +0900 gpgv: Tweak default options for extra security. * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on cached status. Similarly, set opt.flags.require_cross_cert for backsig validation for subkey signature. -- (backport of master commit e32c575e0f3704e7563048eea6d26844bdfc494b) It is common that an organization distributes binary keyrings with signature cache (Tag 12, Trust Packet) and people use gpgv to validate signature with such keyrings. In such a use case, it is possible that the key validation itself is skipped. For the purpose of gpgv validation of signatures, we should not depend on signature cache in keyrings (if any), but we should validate the key by its self signature for primary key, and back signature for subkey. Signed-off-by: NIIBE Yutaka diff --git a/g10/gpgv.c b/g10/gpgv.c index b700f17..3b48a0e 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -163,6 +163,8 @@ main( int argc, char **argv ) opt.pgp2_workarounds = 1; opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE; opt.trust_model = TM_ALWAYS; + opt.no_sig_cache = 1; + opt.flags.require_cross_cert = 1; opt.batch = 1; opt.homedir = default_homedir (); ----------------------------------------------------------------------- Summary of changes: g10/gpgv.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jul 9 11:32:37 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Sat, 09 Jul 2016 11:32:37 +0200 Subject: [git] GPGME - branch, justus/idiomatic-py-0, created. gpgme-1.6.0-212-gd6408ce Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, justus/idiomatic-py-0 has been created at d6408ce471c294c3e6f901d183b87d521b9bcc56 (commit) - Log ----------------------------------------------------------------- commit d6408ce471c294c3e6f901d183b87d521b9bcc56 Author: Justus Winter Date: Wed Jun 8 18:58:57 2016 +0200 python: idiomatic interface prototype Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index 335a33a..94a9d10 100644 --- a/configure.ac +++ b/configure.ac @@ -363,7 +363,7 @@ if test "$found" = "1"; then enabled_languages=$(echo $enabled_languages | sed 's/python//') fi else - AM_PATH_PYTHON([3.3]) + AM_PATH_PYTHON([3.4]) AX_SWIG_PYTHON if test -z "$PYTHON_VERSION"; then if test "$explicit_languages" = "1"; then diff --git a/lang/python/pyme/__init__.py b/lang/python/pyme/__init__.py index e377f59..880f6a1 100644 --- a/lang/python/pyme/__init__.py +++ b/lang/python/pyme/__init__.py @@ -134,3 +134,7 @@ Base classes are documented at pyme.core. """ __all__ = ['core', 'errors', 'constants', 'util', 'callbacks', 'version'] + +from .core import Context +from .core import Data +from .errors import GPGMEError diff --git a/lang/python/pyme/constants/__init__.py b/lang/python/pyme/constants/__init__.py index 2e91d76..875b6dc 100644 --- a/lang/python/pyme/constants/__init__.py +++ b/lang/python/pyme/constants/__init__.py @@ -1,6 +1,25 @@ +#!/usr/bin/env python3 + +# Copyright (C) 2016 g10 Code GmbH +# Copyright (C) 2004 Igor Belyi +# Copyright (C) 2002 John Goerzen +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . from pyme import util -util.process_constants('GPGME_', globals()) +constants = util.process_constants('GPGME_', globals()) -__all__ = ['data', 'event', 'import', 'keylist', 'md', 'pk', +__all__ = constants + \ + ['data', 'event', 'import', 'keylist', 'md', 'pk', 'protocol', 'sig', 'sigsum', 'status', 'validity'] diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 09f71a1..365d342 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -25,6 +25,7 @@ and the 'Data' class describing buffers of data. """ import re +import os import weakref from . import pygpgme from .errors import errorcheck, GPGMEError @@ -166,6 +167,291 @@ class Context(GpgmeWrapper): """ + def __init__(self, armor=False, textmode=False, offline=False, + signers=[], pinentry_mode=constants.PINENTRY_MODE_DEFAULT, + wrapped=None): + """Construct a context object. + + Keyword arguments: + armor -- enable ASCII armoring (default False) + textmode -- enable canonical text mode (default False) + offline -- do not contact external key sources (default False) + signers -- list of keys used for signing (default []) + pinentry_mode -- pinentry mode (default PINENTRY_MODE_DEFAULT) + + """ + if wrapped: + self.own = False + else: + tmp = pygpgme.new_gpgme_ctx_t_p() + errorcheck(pygpgme.gpgme_new(tmp)) + wrapped = pygpgme.gpgme_ctx_t_p_value(tmp) + pygpgme.delete_gpgme_ctx_t_p(tmp) + self.own = True + super().__init__(wrapped) + self.armor = armor + self.textmode = textmode + self.offline = offline + self.signers = signers + self.pinentry_mode = pinentry_mode + + def encrypt(self, plaintext, recipients=[], sign=True, sink=None, + passphrase=None, always_trust=False, add_encrypt_to=False, + prepare=False, expect_sign=False, compress=True): + """Encrypt data + + Encrypt the given plaintext. + + Keyword arguments: + recipients -- list of keys to encrypt to + sign -- sign plaintext (default True) + sink -- write result to sink instead of returning it + passphrase -- for symmetric encryption + always_trust -- always trust the keys (default False) + add_encrypt_to -- encrypt to configured additional keys (default False) + prepare -- (ui) prepare for encryption (default False) + expect_sign -- (ui) prepare for signing (default False) + compress -- compress plaintext (default True) + + Returns: + ciphertext -- the encrypted data (or None if sink is given) + result -- additional information about the encryption + sign_result -- additional information about the signature(s) + + Raises: + InvalidRecipients -- if encryption using a particular key failed + InvalidSigners -- if signing using a particular key failed + GPGMEError -- as signaled by the underlying library + + """ + ciphertext = sink if sink else Data() + flags = 0 + flags |= always_trust * constants.ENCRYPT_ALWAYS_TRUST + flags |= (not add_encrypt_to) * constants.ENCRYPT_NO_ENCRYPT_TO + flags |= prepare * constants.ENCRYPT_PREPARE + flags |= expect_sign * constants.ENCRYPT_EXPECT_SIGN + flags |= (not compress) * constants.ENCRYPT_NO_COMPRESS + + if passphrase != None: + old_pinentry_mode = self.pinentry_mode + old_passphrase_cb = getattr(self, '_passphrase_cb', None) + self.pinentry_mode = constants.PINENTRY_MODE_LOOPBACK + def passphrase_cb(hint, desc, prev_bad, hook=None): + return passphrase + self.set_passphrase_cb(passphrase_cb) + + try: + if sign: + self.op_encrypt_sign(recipients, flags, plaintext, ciphertext) + else: + self.op_encrypt(recipients, flags, plaintext, ciphertext) + except errors.GPGMEError as e: + if e.getcode() == errors.UNUSABLE_PUBKEY: + result = self.op_encrypt_result() + if result.invalid_recipients: + raise errors.InvalidRecipients(result.invalid_recipients) + if e.getcode() == errors.UNUSABLE_SECKEY: + sig_result = self.op_sign_result() + if sig_result.invalid_signers: + raise errors.InvalidSigners(sig_result.invalid_signers) + raise + finally: + if passphrase != None: + self.pinentry_mode = old_pinentry_mode + if old_passphrase_cb: + self.set_passphrase_cb(*old_passphrase_cb[1:]) + + result = self.op_encrypt_result() + assert not result.invalid_recipients + sig_result = self.op_sign_result() if sign else None + assert not sig_result or not sig_result.invalid_signers + + cipherbytes = None + if not sink: + ciphertext.seek(0, os.SEEK_SET) + cipherbytes = ciphertext.read() + return cipherbytes, result, sig_result + + def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True): + """Decrypt data + + Decrypt the given ciphertext and verify any signatures. If + VERIFY is an iterable of keys, the ciphertext must be signed + by all those keys, otherwise an error is raised. + + Keyword arguments: + sink -- write result to sink instead of returning it + passphrase -- for symmetric decryption or accessing the key + verify -- check signatures (default True) + + Returns: + plainttext -- the decrypted data (or None if sink is given) + result -- additional information about the decryption + + Raises: + UnsupportedAlgorithm -- if an unsupported algorithm was used + BadSignatures -- if a bad signature is encountered + MissingSignatures -- if expected signatures are missing or bad + GPGMEError -- as signaled by the underlying library + + """ + plaintext = sink if sink else Data() + + if passphrase != None: + old_pinentry_mode = self.pinentry_mode + old_passphrase_cb = getattr(self, '_passphrase_cb', None) + self.pinentry_mode = constants.PINENTRY_MODE_LOOPBACK + def passphrase_cb(hint, desc, prev_bad, hook=None): + return passphrase + self.set_passphrase_cb(passphrase_cb) + + try: + if verify: + self.op_decrypt_verify(ciphertext, plaintext) + else: + self.op_decrypt(ciphertext, plaintext) + finally: + if passphrase != None: + self.pinentry_mode = old_pinentry_mode + if old_passphrase_cb: + self.set_passphrase_cb(*old_passphrase_cb[1:]) + + result = self.op_decrypt_result() + verify_result = self.op_verify_result() if verify else None + if result.unsupported_algorithm: + raise errors.UnsupportedAlgorithm(result.unsupported_algorithm) + + if verify: + if any(s.status != errors.NO_ERROR + for s in verify_result.signatures): + raise errors.BadSignatures(verify_result) + + if verify and verify != True: + missing = list() + for key in verify: + ok = False + for subkey in key.subkeys: + for sig in verify_result.signatures: + if sig.summary & constants.SIGSUM_VALID == 0: + continue + if subkey.can_sign and subkey.fpr == sig.fpr: + ok = True + break + if ok: + break + if not ok: + missing.append(key) + if missing: + raise errors.MissingSignatures(verify_result, missing) + + plainbytes = None + if not sink: + plaintext.seek(0, os.SEEK_SET) + plainbytes = plaintext.read() + return plainbytes, result, verify_result + + def sign(self, data, sink=None, mode=constants.SIG_MODE_NORMAL): + """Sign data + + Sign the given data. + + Keyword arguments: + mode -- signature mode (default: normal, see below) + sink -- write result to sink instead of returning it + + Returns: + either + signed_data -- encoded data and signature (normal mode) + signature -- only the signature data (detached mode) + cleartext -- data and signature as text (cleartext mode) + (or None if sink is given) + result -- additional information about the signature(s) + + Raises: + InvalidSigners -- if signing using a particular key failed + GPGMEError -- as signaled by the underlying library + + """ + signeddata = sink if sink else Data() + + try: + self.op_sign(data, signeddata, mode) + except errors.GPGMEError as e: + if e.getcode() == errors.UNUSABLE_SECKEY: + result = self.op_sign_result() + if result.invalid_signers: + raise errors.InvalidSigners(result.invalid_signers) + raise + + result = self.op_sign_result() + assert not result.invalid_signers + + signedbytes = None + if not sink: + signeddata.seek(0, os.SEEK_SET) + signedbytes = signeddata.read() + return signedbytes, result + + def verify(self, signed_data, signature=None, sink=None, verify=[]): + """Verify signatures + + Verify signatures over data. If VERIFY is an iterable of + keys, the ciphertext must be signed by all those keys, + otherwise an error is raised. + + Keyword arguments: + signature -- detached signature data + sink -- write result to sink instead of returning it + + Returns: + data -- the plain data + (or None if sink is given, or we verified a detached signature) + result -- additional information about the signature(s) + + Raises: + BadSignatures -- if a bad signature is encountered + MissingSignatures -- if expected signatures are missing or bad + GPGMEError -- as signaled by the underlying library + + """ + if signature: + # Detached signature, we don't return the plain text. + data = None + else: + data = sink if sink else Data() + + if signature: + self.op_verify(signature, signed_data, None) + else: + self.op_verify(signed_data, None, data) + + result = self.op_verify_result() + if any(s.status != errors.NO_ERROR for s in result.signatures): + raise errors.BadSignatures(result) + + missing = list() + for key in verify: + ok = False + for subkey in key.subkeys: + for sig in result.signatures: + if sig.summary & constants.SIGSUM_VALID == 0: + continue + if subkey.can_sign and subkey.fpr == sig.fpr: + ok = True + break + if ok: + break + if not ok: + missing.append(key) + if missing: + raise errors.MissingSignatures(result, missing) + + plainbytes = None + if data and not sink: + data.seek(0, os.SEEK_SET) + plainbytes = data.read() + return plainbytes, result + @property def signers(self): """Keys used for signing""" @@ -204,32 +490,6 @@ class Context(GpgmeWrapper): return 0 _boolean_properties = {'armor', 'textmode', 'offline'} - def __init__(self, armor=False, textmode=False, offline=False, - signers=[], pinentry_mode=constants.PINENTRY_MODE_DEFAULT, - wrapped=None): - """Construct a context object - - Keyword arguments: - armor -- enable ASCII armoring (default False) - textmode -- enable canonical text mode (default False) - offline -- do not contact external key sources (default False) - signers -- list of keys used for signing (default []) - pinentry_mode -- pinentry mode (default PINENTRY_MODE_DEFAULT) - """ - if wrapped: - self.own = False - else: - tmp = pygpgme.new_gpgme_ctx_t_p() - errorcheck(pygpgme.gpgme_new(tmp)) - wrapped = pygpgme.gpgme_ctx_t_p_value(tmp) - pygpgme.delete_gpgme_ctx_t_p(tmp) - self.own = True - super().__init__(wrapped) - self.armor = armor - self.textmode = textmode - self.offline = offline - self.signers = signers - self.pinentry_mode = pinentry_mode def __del__(self): if not pygpgme: @@ -420,6 +680,7 @@ class Context(GpgmeWrapper): pygpgme.pygpgme_raise_callback_exception(self) errorcheck(result) + class Data(GpgmeWrapper): """Data buffer diff --git a/lang/python/pyme/errors.py b/lang/python/pyme/errors.py index f96877b..0194931 100644 --- a/lang/python/pyme/errors.py +++ b/lang/python/pyme/errors.py @@ -20,7 +20,10 @@ from . import util util.process_constants('GPG_ERR_', globals()) -class GPGMEError(Exception): +class PymeError(Exception): + pass + +class GPGMEError(PymeError): def __init__(self, error = None, message = None): self.error = error self.message = message @@ -43,8 +46,60 @@ class GPGMEError(Exception): return pygpgme.gpgme_err_source(self.error) def __str__(self): - return "%s (%d,%d)"%(self.getstring(), self.getsource(), self.getcode()) + return self.getstring() def errorcheck(retval, extradata = None): if retval: raise GPGMEError(retval, extradata) + +# These errors are raised in the idiomatic interface code. + +class EncryptionError(PymeError): + pass + +class InvalidRecipients(EncryptionError): + def __init__(self, recipients): + self.recipients = recipients + def __str__(self): + return ", ".join("{}: {}".format(r.fpr, + pygpgme.gpgme_strerror(r.reason)) + for r in self.recipients) + +class DeryptionError(PymeError): + pass + +class UnsupportedAlgorithm(DeryptionError): + def __init__(self, algorithm): + self.algorithm = algorithm + def __str__(self): + return self.algorithm + +class SigningError(PymeError): + pass + +class InvalidSigners(SigningError): + def __init__(self, signers): + self.signers = signers + def __str__(self): + return ", ".join("{}: {}".format(s.fpr, + pygpgme.gpgme_strerror(s.reason)) + for s in self.signers) + +class VerificationError(PymeError): + pass + +class BadSignatures(VerificationError): + def __init__(self, result): + self.result = result + def __str__(self): + return ", ".join("{}: {}".format(s.fpr, + pygpgme.gpgme_strerror(s.status)) + for s in self.result.signatures + if s.status != NO_ERROR) + +class MissingSignatures(VerificationError): + def __init__(self, result, missing): + self.result = result + self.missing = missing + def __str__(self): + return ", ".join(k.subkeys[0].fpr for k in self.missing) diff --git a/lang/python/pyme/util.py b/lang/python/pyme/util.py index 5527a1a..bbd28fe 100644 --- a/lang/python/pyme/util.py +++ b/lang/python/pyme/util.py @@ -1,3 +1,4 @@ +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi # Copyright (C) 2002 John Goerzen # @@ -17,12 +18,16 @@ from . import pygpgme -def process_constants(starttext, dict): - """Called by the constant libraries to load up the appropriate constants - from the C library.""" - index = len(starttext) - for identifier in dir(pygpgme): - if not identifier.startswith(starttext): - continue - name = identifier[index:] - dict[name] = getattr(pygpgme, identifier) +def process_constants(prefix, scope): + """Called by the constant modules to load up the constants from the C + library starting with PREFIX. Matching constants will be inserted + into SCOPE with PREFIX stripped from the names. Returns the names + of inserted constants. + + """ + index = len(prefix) + constants = {identifier[index:]: getattr(pygpgme, identifier) + for identifier in dir(pygpgme) + if identifier.startswith(prefix)} + scope.update(constants) + return list(constants.keys()) diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 74020ad..5cbc2f8 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -51,7 +51,7 @@ py_tests = t-wrapper.py \ t-idiomatic.py TESTS = initial.py $(py_tests) final.py -EXTRA_DIST = support.py $(TESTS) +EXTRA_DIST = support.py $(TESTS) encrypt-only.asc sign-only.asc CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ gpg.conf pubring.gpg~ \ diff --git a/lang/python/tests/encrypt-only.asc b/lang/python/tests/encrypt-only.asc new file mode 100644 index 0000000..6e068a0 --- /dev/null +++ b/lang/python/tests/encrypt-only.asc @@ -0,0 +1,33 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v2 + +lQPGBFd/jL0BCAD8jfoblIrlHS0shDCbSiO7RFaT6sEa/6tSPkv6XzBba9oXOkuO +FLTkNpIwPb92U8SOS+27j7n9v6U5NW2tyZwIoeLb8lUyKnCBr22IUhTFVXf7fros +zmPugsJaDBi9f7RL0bqiCn4EV3DGKyAukZklk1k1JV4Ec3dEPMAmL9LmnvXreEjU +pQZZN9sJV32ew8CYkZ6AB8foFQwfxn4x0iUoKvj8kW9RsY1KMPucp4YiFhHeMZW1 +5wGAZdEIZYKyWEp4bi/wC9yn/TUR5uNWc0uVJzQvuHwaYjolPW89DinjBkPEJCBr +RwumaOWfbu/hb51wBoUTmUr9diVw93L2ROLPABEBAAH+BwMC1bmUAoPJKI/WBiHm +P6tSNRLdd+7etfjAFvKL7Ob2pNTrc3hbtyOLIQ9tuEaqXEyfnCms/DCg8QdkaFUv +Nkoj0W5+G/MQuR2jIvrq/wyL/4jIw0AFbp9/V1JbSXZh2g1eJLnnykn7uPxCbDFY +FrVeFmkhoxZ3pid6ZQSWlxXsdW+YMvbUfNIIZpbygI/alIBvbDS1YJYEBDCwFZjU +7quE2Ufxo8dm34EHcmbpYpn4r3DUrU5AHQ2fIprLIVqHn4+NUrR8WZS9nCnIeu/z +OaJUZ2lJFRjUC6Gpsbsw6Xwh4Ntwzyt2SsXc+UVZngjozw3yw0VpDifxMBqcd+9x +baSc7dfbOZF2BCZOwnB7/QrFZDaqe5b3n6rTdj1va/CrJMuxbgaNAjvLpdT2EUPZ +fHDAdPAjASofxBREv+HIKwksuPJ9cvavZU6Q4KQA7buo25hd7yjuba4WbLQhp0jH +AT1P7SdakMhk/IFcUKFdB3ZyZZZ1JTTPa2xZn9yDa3Jb1t7IMLYLwY6EFbjvaxH5 +WEGZvOAq2iEa941mxv4miwgf7MQPx6g9u0+dXc7iZApwWs9MNfJo3J25sKhWK5Be +Bu3w7c6nrlg40GtPuDRgaBvYWbVerJcepTA/EPfugEJtRsDJkt7wZq1H9lWHU7Ih +Up6/+XKtBzlCIqYjorzFLnC721pcKFcPhLgvtjjNJvUsLXbr9CwnBub/eTFcfRb2 +ro60H9cOhf0fQSQyvkZWfzq0BN6rG27G1KhyprsJAmpW0fTHHkB4V19788C2sTQv +D93VU3Nd6MWocwAYtPWmtwXPpuOAU9IcwAvVTxBeBJCXxbH3uyx1frwDXA7lf4Pb +a8hMoMMVU+rAG1uepKI5h4seBIKP7qKEKAPloI6/Vtf7/Ump4DKprS1QpfOW+lsX +aR48lgNR6sQXtDdFbmNyeXB0aW9uIE9ubHkgKHRlc3Qga2V5LCBkbyBub3QgdXNl +KSA8ZW9AZXhhbXBsZS5vcmc+iQE3BBMBCAAhBQJXf4y9AhsNBQsJCAcCBhUICQoL +AgQWAgMBAh4BAheAAAoJEJIFcnabn+Gc/KgH/07wzrsBzTqdI5L6cIqQ81Vq8ASj +tsuYoVfFxymB8F/AxpnLMhYRuWQTcoUHQ/olG2yA0C6o4e1JPAmh6LQGwr0eRnc2 +2tr4cbnQAhXpJ8xOR6kH9eE8nGeC7tlEeeV/Wnj3SLZOXOjYjnA9bA3JX9DP3qcz +w1sKQPEHsGkMJuT0ZadnlJ1qw8AnnNKLDlG4kIO9hz3qB8BjxFZf+j5f/nhFNv5I +pnNdMcDwQqHVrwD6WO+Xmmdykab0awL9To0S9DG9ohcXuJiTMa8vtXFSBM0koUDk +BWajEq+QAcDpmdFsQr4/gbzvHkAIVTQb0seJr4gpmXFZu3TMuGVD9j13GaI= +=38ri +-----END PGP PRIVATE KEY BLOCK----- diff --git a/lang/python/tests/initial.py b/lang/python/tests/initial.py index 9d72cbc..169c3df 100755 --- a/lang/python/tests/initial.py +++ b/lang/python/tests/initial.py @@ -19,6 +19,20 @@ import os import subprocess +import pyme +import support +support.init_gpgme(pyme.constants.PROTOCOL_OpenPGP) subprocess.check_call([os.path.join(os.getenv('top_srcdir'), "tests", "start-stop-agent"), "--start"]) + +with pyme.Context() as c: + alpha = c.get_key("A0FF4590BB6122EDEF6E3C542D727CC768697734", False) + bob = c.get_key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", False) + + # Mark alpha as trusted. The signature verification tests expect + # this. + support.mark_key_trusted(c, alpha) + + c.op_import(open(support.in_srcdir("encrypt-only.asc"))) + c.op_import(open(support.in_srcdir("sign-only.asc"))) diff --git a/lang/python/tests/sign-only.asc b/lang/python/tests/sign-only.asc new file mode 100644 index 0000000..6e2a6f3 --- /dev/null +++ b/lang/python/tests/sign-only.asc @@ -0,0 +1,33 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v2 + +lQPFBFd/jO8BCADiull4EVJiKmJqclPyU6GhTlbJXw7Ch0zbFAauOWYT3ACmgr1U +KfJlZ2sPe2EezZkVSACxgIjTCzcgKQLh/swXdhO8uEgWEIN8f07WcSVDrcRGYwDS +KFSRsK0bfO/OQQDUsSkNQSHjcOdLnCHCinMrQi1mBZOs+Y/DXOkkEV1zbFFV7q6X +4vX9HSWwTRQTdOV9CFZykbwM+X1YIZlVtpOAKqSNJi3P17uQF7P9zko6HWKKKQ5S +96BfXUOIpBRl82R85/yQgeGrWlvZ2BT2ittscNQlBKqLHJ7LIeDr9ctbKlKZjHTn +Da7NYg+PoMHspbizjSONbEzpcR/9ZUq16oJJABEBAAH+BwMC7hQZNJSmlX/W6sfL +0wakX6kTsiCEMy2vMCRcZ769JKT234avHtkL/g7MBJEzqdG9HSEp7+LHGuOWJhfa +20f61WvPT5ujUIy//QXJ9a8z877jCm+fHKCTDXGYLLfCkJLfr3/GfTRy6gaIGTSw +BqZaRelPvHbMp+eiFqDkf8W/E1LO3/83k87+pXggjz4p0OasyMw8RcDmy+IKBMGG +bzet5WIKHIhpblIzuuucQHOjtwA8vCedub3F4lcRuULe2GW6sNuCB9kjSC9g6D1d +bJ+WYi5GiUUQARGSNXiWVoVPLpEo0i6/2bKJ7vBYGRewNp42ebVQU2bFW7uzhaIq +4itzNTjFNTpcxX3Lo0/mzJpe7pVRJwN+HGahNGT0EtPDsT/nNTFDUq8e8nt0U9/8 +0eekg4MRBJEzE3A+wosIHPjzCkQgu98+nh79rPMbCpZVxNfLb136cTkubmHCWptN +T2MbqK2L4hMcOxHGGOmI9SjFltNeKtTsVtkxh3Vj67UESPdN550centfasJYA0bj +guRQfHWHJXYIfFwblIFkl8xtIVLTeWlQMEvc7oI8jcJOc2ri8Zdjj/55xxv/RvjC +ZKzfjPpdkLYcN1zP/hETLD68u7WmiMAYCr8Eq9YQ3oKklUpWxRMCAAtmgjGGpm5P +QQW+36s96Q3cuG8R0Z4Wo8y89FgWzCEzuAhemCdffoUA8kn0HJQaVndnExJb1Ebz +wp+zsX/JqiOFvcKHJAWCaXkk0oXVi1aIV4tQyCPfhyjnd846K7g8UabAz51IJHvF +CXRAmqJvu26NqjYOfWBJJxZQsPH4FjPfYx+e/MFPZa+UTKCfzaOHClrePHUDHw58 +Ez5ItcORYn51IWW33r+c4tlhW5mrjMD7FcjFOuYT4EIivd5BSnwLP0fjBz8TBVAY +yyFO+YAXTQ+0MVNpZ24gT25seSAodGVzdCBrZXksIGRvIG5vdCB1c2UpIDxzb0Bl +eGFtcGxlLm9yZz6JATcEEwEIACEFAld/jO8CGwMFCwkIBwIGFQgJCgsCBBYCAwEC +HgECF4AACgkQ/tFT8S8Y9F3PAwgAvKav6+luvcAhrpBMO4z/Q8kDMtO5AW1KTEcz +neqpj5eTVJVbYUgDuBlEXbFYtcZmYyYtJC5KQkN3bxPmehVUzGk27UYWMWbPIWyU +riGcFL5BWWQaKSqiWUypzhNVnxYoiWVhHeJ36LICVMpLBaubgcpwCSW/j58yZo/7 +XRwf40OblXr4cevIW4Oq5GSxKOQF+DCErF6BeikC2i+NoqSxwNiIO/1NUxs8QfAI +z8UT/bSUXr62BWLfeCIDGgXutMMPth3tKi4DlvLCzI6eYJrd8E3Rt7iUZm9IH8OQ +Djv2DKnL/E/AP8oITItrOmICqfEWcj+Tk2Xep4pCCMNU+Pa0yg== +=gG5b +-----END PGP PRIVATE KEY BLOCK----- diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index 8bafea8..f42fc2e 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -19,14 +19,48 @@ import sys import os from pyme import core +# known keys +alpha = "A0FF4590BB6122EDEF6E3C542D727CC768697734" +bob = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2" +encrypt_only = "F52770D5C4DB41408D918C9F920572769B9FE19C" +sign_only = "7CCA20CCDE5394CEE71C9F0BFED153F12F18F45D" + def make_filename(name): return os.path.join(os.environ['top_srcdir'], 'tests', 'gpg', name) +def in_srcdir(name): + return os.path.join(os.environ['srcdir'], name) + def init_gpgme(proto): core.engine_check_version(proto) verbose = int(os.environ.get('verbose', 0)) > 1 def print_data(data): if verbose: - data.seek(0, os.SEEK_SET) - sys.stdout.buffer.write(data.read()) + try: + # See if it is a file-like object. + data.seek(0, os.SEEK_SET) + data = data.read() + except: + # Hope for the best. + pass + sys.stdout.buffer.write(data) + +def mark_key_trusted(ctx, key): + class Editor(object): + def __init__(self): + self.steps = ["trust", "save"] + def edit(self, status, args, out): + if args == "keyedit.prompt": + result = self.steps.pop(0) + elif args == "edit_ownertrust.value": + result = "5" + elif args == "edit_ownertrust.set_ultimate.okay": + result = "Y" + elif args == "keyedit.save.okay": + result = "Y" + else: + result = None + return result + with core.Data() as sink: + ctx.op_edit(key, Editor().edit, sink, sink) diff --git a/lang/python/tests/t-decrypt-verify.py b/lang/python/tests/t-decrypt-verify.py index 433e0a1..0f615dc 100755 --- a/lang/python/tests/t-decrypt-verify.py +++ b/lang/python/tests/t-decrypt-verify.py @@ -17,6 +17,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +import pyme from pyme import core, constants, errors import support @@ -28,7 +29,7 @@ def check_verify_result(result, summary, fpr, status): assert errors.GPGMEError(sig.status).getcode() == status assert len(sig.notations) == 0 assert not sig.wrong_key_usage - assert sig.validity == constants.VALIDITY_UNKNOWN + assert sig.validity == constants.VALIDITY_FULL assert errors.GPGMEError(sig.validity_reason).getcode() == errors.NO_ERROR support.init_gpgme(constants.PROTOCOL_OpenPGP) @@ -45,6 +46,29 @@ assert not result.unsupported_algorithm, \ support.print_data(sink) verify_result = c.op_verify_result() -check_verify_result(verify_result, 0, +check_verify_result(verify_result, + constants.SIGSUM_VALID | constants.SIGSUM_GREEN, "A0FF4590BB6122EDEF6E3C542D727CC768697734", errors.NO_ERROR) + +# Idiomatic interface. +with pyme.Context() as c: + alpha = c.get_key("A0FF4590BB6122EDEF6E3C542D727CC768697734", False) + bob = c.get_key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", False) + plaintext, _, verify_result = \ + c.decrypt(open(support.make_filename("cipher-2.asc")), verify=[alpha]) + assert plaintext.find(b'Wenn Sie dies lesen k') >= 0, \ + 'Plaintext not found' + check_verify_result(verify_result, + constants.SIGSUM_VALID | constants.SIGSUM_GREEN, + "A0FF4590BB6122EDEF6E3C542D727CC768697734", + errors.NO_ERROR) + + try: + c.decrypt(open(support.make_filename("cipher-2.asc")), + verify=[alpha, bob]) + except errors.MissingSignatures as e: + assert len(e.missing) == 1 + assert e.missing[0] == bob + else: + assert False, "Expected an error, got none" diff --git a/lang/python/tests/t-decrypt.py b/lang/python/tests/t-decrypt.py index bd7b59f..b5c4700 100755 --- a/lang/python/tests/t-decrypt.py +++ b/lang/python/tests/t-decrypt.py @@ -17,6 +17,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +import pyme from pyme import core, constants import support @@ -32,3 +33,10 @@ assert not result.unsupported_algorithm, \ "Unsupported algorithm: {}".format(result.unsupported_algorithm) support.print_data(sink) + +# Idiomatic interface. +with pyme.Context() as c: + plaintext, _, _ = c.decrypt(open(support.make_filename("cipher-1.asc"))) + assert len(plaintext) > 0 + assert plaintext.find(b'Wenn Sie dies lesen k') >= 0, \ + 'Plaintext not found' diff --git a/lang/python/tests/t-encrypt-sign.py b/lang/python/tests/t-encrypt-sign.py index cba697c..31cc94f 100755 --- a/lang/python/tests/t-encrypt-sign.py +++ b/lang/python/tests/t-encrypt-sign.py @@ -18,6 +18,7 @@ # License along with this program; if not, see . import sys +import pyme from pyme import core, constants import support @@ -69,3 +70,26 @@ for recipients in (keys, []): check_result(result, constants.SIG_MODE_NORMAL) support.print_data(sink) + + +# Idiomatic interface. +with pyme.Context(armor=True) as c: + message = "Hallo Leute\n".encode() + ciphertext, _, sig_result = c.encrypt(message, + recipients=keys, + always_trust=True) + assert len(ciphertext) > 0 + assert ciphertext.find(b'BEGIN PGP MESSAGE') > 0, 'Marker not found' + check_result(sig_result, constants.SIG_MODE_NORMAL) + + c.signers = [c.get_key(support.sign_only, True)] + c.encrypt(message, recipients=keys, always_trust=True) + + c.signers = [c.get_key(support.encrypt_only, True)] + try: + c.encrypt(message, recipients=keys, always_trust=True) + except pyme.errors.InvalidSigners as e: + assert len(e.signers) == 1 + assert support.encrypt_only.endswith(e.signers[0].fpr) + else: + assert False, "Expected an InvalidSigners error, got none" diff --git a/lang/python/tests/t-encrypt-sym.py b/lang/python/tests/t-encrypt-sym.py index 0b24fd5..c5be183 100755 --- a/lang/python/tests/t-encrypt-sym.py +++ b/lang/python/tests/t-encrypt-sym.py @@ -18,6 +18,7 @@ # License along with this program; if not, see . import os +import pyme from pyme import core, constants import support @@ -61,3 +62,22 @@ for passphrase in ("abc", b"abc"): plaintext = plain.read() assert plaintext == b"Hallo Leute\n", \ "Wrong plaintext {!r}".format(plaintext) + +# Idiomatic interface. +for passphrase in ("abc", b"abc"): + with pyme.Context(armor=True) as c: + # Check that the passphrase callback is not altered. + def f(*args): + assert False + c.set_passphrase_cb(f) + + message = "Hallo Leute\n".encode() + ciphertext, _, _ = c.encrypt(message, + passphrase=passphrase, + sign=False) + assert ciphertext.find(b'BEGIN PGP MESSAGE') > 0, 'Marker not found' + + plaintext, _, _ = c.decrypt(ciphertext, passphrase=passphrase) + assert plaintext == message, 'Message body not recovered' + + assert c._passphrase_cb[1] == f, "Passphrase callback not restored" diff --git a/lang/python/tests/t-encrypt.py b/lang/python/tests/t-encrypt.py index 24869fc..4c77f39 100755 --- a/lang/python/tests/t-encrypt.py +++ b/lang/python/tests/t-encrypt.py @@ -17,6 +17,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +import pyme from pyme import core, constants import support @@ -34,6 +35,28 @@ keys.append(c.get_key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", False)) c.op_encrypt(keys, constants.ENCRYPT_ALWAYS_TRUST, source, sink) result = c.op_encrypt_result() assert not result.invalid_recipients, \ - "Invalid recipient encountered: {}".format(result.invalid_recipients.fpr) - + "Invalid recipients: {}".format(", ".join(r.fpr for r in result.recipients)) support.print_data(sink) + +# Idiomatic interface. +with pyme.Context(armor=True) as c: + ciphertext, _, _ = c.encrypt("Hallo Leute\n".encode(), + recipients=keys, + sign=False, + always_trust=True) + assert len(ciphertext) > 0 + assert ciphertext.find(b'BEGIN PGP MESSAGE') > 0, 'Marker not found' + + c.encrypt("Hallo Leute\n".encode(), + recipients=[c.get_key(support.encrypt_only, False)], + sign=False, always_trust=True) + + try: + c.encrypt("Hallo Leute\n".encode(), + recipients=[c.get_key(support.sign_only, False)], + sign=False, always_trust=True) + except pyme.errors.InvalidRecipients as e: + assert len(e.recipients) == 1 + assert support.sign_only.endswith(e.recipients[0].fpr) + else: + assert False, "Expected an InvalidRecipients error, got none" diff --git a/lang/python/tests/t-idiomatic.py b/lang/python/tests/t-idiomatic.py index b252690..bcd25aa 100755 --- a/lang/python/tests/t-idiomatic.py +++ b/lang/python/tests/t-idiomatic.py @@ -20,13 +20,13 @@ import io import os import tempfile -from pyme import core, constants, errors +import pyme import support -support.init_gpgme(constants.PROTOCOL_OpenPGP) +support.init_gpgme(pyme.constants.PROTOCOL_OpenPGP) # Both Context and Data can be used as context manager: -with core.Context() as c, core.Data() as d: +with pyme.Context() as c, pyme.Data() as d: c.get_engine_info() d.write(b"Halloechen") leak_c = c @@ -35,16 +35,17 @@ assert leak_c.wrapped == None assert leak_d.wrapped == None def sign_and_verify(source, signed, sink): - with core.Context() as c: - c.op_sign(source, signed, constants.SIG_MODE_NORMAL) + with pyme.Context() as c: + c.op_sign(source, signed, pyme.constants.SIG_MODE_NORMAL) signed.seek(0, os.SEEK_SET) c.op_verify(signed, None, sink) result = c.op_verify_result() assert len(result.signatures) == 1, "Unexpected number of signatures" sig = result.signatures[0] - assert sig.summary == 0 - assert errors.GPGMEError(sig.status).getcode() == errors.NO_ERROR + assert sig.summary == (pyme.constants.SIGSUM_VALID | + pyme.constants.SIGSUM_GREEN) + assert pyme.GPGMEError(sig.status).getcode() == pyme.errors.NO_ERROR sink.seek(0, os.SEEK_SET) assert sink.read() == b"Hallo Leute\n" @@ -71,5 +72,5 @@ else: # Demonstrate automatic wrapping of objects implementing the buffer # interface, and the use of data objects with the 'with' statement. -with io.BytesIO(preallocate) as signed, core.Data() as sink: +with io.BytesIO(preallocate) as signed, pyme.Data() as sink: sign_and_verify(b"Hallo Leute\n", signed, sink) diff --git a/lang/python/tests/t-sign.py b/lang/python/tests/t-sign.py index a721f03..802a32d 100755 --- a/lang/python/tests/t-sign.py +++ b/lang/python/tests/t-sign.py @@ -19,34 +19,38 @@ import sys import os +import pyme from pyme import core, constants import support +def fail(msg): + raise RuntimeError(msg) + def check_result(r, typ): if r.invalid_signers: - sys.exit("Invalid signer found: {}".format(r.invalid_signers.fpr)) + fail("Invalid signer found: {}".format(r.invalid_signers.fpr)) if len(r.signatures) != 1: - sys.exit("Unexpected number of signatures created") + fail("Unexpected number of signatures created") signature = r.signatures[0] if signature.type != typ: - sys.exit("Wrong type of signature created") + fail("Wrong type of signature created") if signature.pubkey_algo != constants.PK_DSA: - sys.exit("Wrong pubkey algorithm reported: {}".format( + fail("Wrong pubkey algorithm reported: {}".format( signature.pubkey_algo)) if signature.hash_algo != constants.MD_SHA1: - sys.exit("Wrong hash algorithm reported: {}".format( + fail("Wrong hash algorithm reported: {}".format( signature.hash_algo)) if signature.sig_class != 1: - sys.exit("Wrong signature class reported: {}".format( + fail("Wrong signature class reported: {}".format( signature.sig_class)) if signature.fpr != "A0FF4590BB6122EDEF6E3C542D727CC768697734": - sys.exit("Wrong fingerprint reported: {}".format(signature.fpr)) + fail("Wrong fingerprint reported: {}".format(signature.fpr)) support.init_gpgme(constants.PROTOCOL_OpenPGP) @@ -82,3 +86,35 @@ c.op_sign(source, sink, constants.SIG_MODE_CLEAR) result = c.op_sign_result() check_result(result, constants.SIG_MODE_CLEAR) support.print_data(sink) + +# Idiomatic interface. +with pyme.Context(armor=True, textmode=True) as c: + message = "Hallo Leute\n".encode() + signed, _ = c.sign(message) + assert len(signed) > 0 + assert signed.find(b'BEGIN PGP MESSAGE') > 0, 'Message not found' + + signed, _ = c.sign(message, mode=pyme.constants.SIG_MODE_DETACH) + assert len(signed) > 0 + assert signed.find(b'BEGIN PGP SIGNATURE') > 0, 'Signature not found' + + signed, _ = c.sign(message, mode=pyme.constants.SIG_MODE_CLEAR) + assert len(signed) > 0 + assert signed.find(b'BEGIN PGP SIGNED MESSAGE') > 0, 'Message not found' + assert signed.find(message) > 0, 'Message content not found' + assert signed.find(b'BEGIN PGP SIGNATURE') > 0, 'Signature not found' + +with pyme.Context() as c: + message = "Hallo Leute\n".encode() + + c.signers = [c.get_key(support.sign_only, True)] + c.sign(message) + + c.signers = [c.get_key(support.encrypt_only, True)] + try: + c.sign(message) + except pyme.errors.InvalidSigners as e: + assert len(e.signers) == 1 + assert support.encrypt_only.endswith(e.signers[0].fpr) + else: + assert False, "Expected an InvalidSigners error, got none" diff --git a/lang/python/tests/t-signers.py b/lang/python/tests/t-signers.py index 26dded5..15e8011 100755 --- a/lang/python/tests/t-signers.py +++ b/lang/python/tests/t-signers.py @@ -18,35 +18,39 @@ # License along with this program; if not, see . import sys +import pyme from pyme import core, constants import support +def fail(msg): + raise RuntimeError(msg) + def check_result(r, typ): if r.invalid_signers: - sys.exit("Invalid signer found: {}".format(r.invalid_signers.fpr)) + fail("Invalid signer found: {}".format(r.invalid_signers.fpr)) if len(r.signatures) != 2: - sys.exit("Unexpected number of signatures created") + fail("Unexpected number of signatures created") for signature in r.signatures: if signature.type != typ: - sys.exit("Wrong type of signature created") + fail("Wrong type of signature created") if signature.pubkey_algo != constants.PK_DSA: - sys.exit("Wrong pubkey algorithm reported: {}".format( + fail("Wrong pubkey algorithm reported: {}".format( signature.pubkey_algo)) if signature.hash_algo != constants.MD_SHA1: - sys.exit("Wrong hash algorithm reported: {}".format( + fail("Wrong hash algorithm reported: {}".format( signature.hash_algo)) if signature.sig_class != 1: - sys.exit("Wrong signature class reported: {}".format( - signature.sig_class)) + fail("Wrong signature class reported: got {}, want {}".format( + signature.sig_class, 1)) if signature.fpr not in ("A0FF4590BB6122EDEF6E3C542D727CC768697734", "23FD347A419429BACCD5E72D6BC4778054ACD246"): - sys.exit("Wrong fingerprint reported: {}".format(signature.fpr)) + fail("Wrong fingerprint reported: {}".format(signature.fpr)) support.init_gpgme(constants.PROTOCOL_OpenPGP) @@ -73,3 +77,20 @@ for mode in (constants.SIG_MODE_NORMAL, constants.SIG_MODE_DETACH, result = c.op_sign_result() check_result(result, mode) support.print_data(sink) + +# Idiomatic interface. +with pyme.Context(armor=True, textmode=True, signers=keys) as c: + message = "Hallo Leute\n".encode() + signed, result = c.sign(message) + check_result(result, constants.SIG_MODE_NORMAL) + assert signed.find(b'BEGIN PGP MESSAGE') > 0, 'Message not found' + + signed, result = c.sign(message, mode=constants.SIG_MODE_DETACH) + check_result(result, constants.SIG_MODE_DETACH) + assert signed.find(b'BEGIN PGP SIGNATURE') > 0, 'Signature not found' + + signed, result = c.sign(message, mode=constants.SIG_MODE_CLEAR) + check_result(result, constants.SIG_MODE_CLEAR) + assert signed.find(b'BEGIN PGP SIGNED MESSAGE') > 0, 'Message not found' + assert signed.find(message) > 0, 'Message content not found' + assert signed.find(b'BEGIN PGP SIGNATURE') > 0, 'Signature not found' diff --git a/lang/python/tests/t-verify.py b/lang/python/tests/t-verify.py index 333ee4e..b88bd07 100755 --- a/lang/python/tests/t-verify.py +++ b/lang/python/tests/t-verify.py @@ -18,12 +18,13 @@ # License along with this program; if not, see . import os +import pyme from pyme import core, constants, errors import support -test_text1 = "Just GNU it!\n" -test_text1f= "Just GNU it?\n" -test_sig1 = """-----BEGIN PGP SIGNATURE----- +test_text1 = b"Just GNU it!\n" +test_text1f= b"Just GNU it?\n" +test_sig1 = b"""-----BEGIN PGP SIGNATURE----- iN0EABECAJ0FAjoS+i9FFIAAAAAAAwA5YmFyw7bDpMO8w58gZGFzIHdhcmVuIFVt bGF1dGUgdW5kIGpldHp0IGVpbiBwcm96ZW50JS1aZWljaGVuNRSAAAAAAAgAJGZv @@ -34,7 +35,7 @@ dADGKXF/Hcb+AKCJWPphZCphduxSvrzH0hgzHdeQaA== -----END PGP SIGNATURE----- """ -test_sig2 = """-----BEGIN PGP MESSAGE----- +test_sig2 = b"""-----BEGIN PGP MESSAGE----- owGbwMvMwCSoW1RzPCOz3IRxjXQSR0lqcYleSUWJTZOvjVdpcYmCu1+oQmaJIleH GwuDIBMDGysTSIqBi1MApi+nlGGuwDeHao53HBr+FoVGP3xX+kvuu9fCMJvl6IOf @@ -44,7 +45,7 @@ y1kvP4y+8D5a11ang0udywsA """ # A message with a prepended but unsigned plaintext packet. -double_plaintext_sig = """-----BEGIN PGP MESSAGE----- +double_plaintext_sig = b"""-----BEGIN PGP MESSAGE----- rDRiCmZvb2Jhci50eHRF4pxNVGhpcyBpcyBteSBzbmVha3kgcGxhaW50ZXh0IG1l c3NhZ2UKowGbwMvMwCSoW1RzPCOz3IRxTWISa6JebnG666MFD1wzSzJSixQ81XMV @@ -55,10 +56,12 @@ UqVooWlGXHwNw/xg/fVzt9VNbtjtJ/fhUqYo0/LyCGEA -----END PGP MESSAGE----- """ -def check_result(result, summary, fpr, status, notation): +def check_result(result, summary, validity, fpr, status, notation): assert len(result.signatures) == 1, "Unexpected number of signatures" sig = result.signatures[0] - assert sig.summary == summary, "Unexpected signature summary" + assert sig.summary == summary, \ + "Unexpected signature summary: {}, want: {}".format(sig.summary, + summary) assert sig.fpr == fpr assert errors.GPGMEError(sig.status).getcode() == status @@ -83,7 +86,9 @@ def check_result(result, summary, fpr, status, notation): assert len(expected_notations) == 0 assert not sig.wrong_key_usage - assert sig.validity == constants.VALIDITY_UNKNOWN + assert sig.validity == validity, \ + "Unexpected signature validity: {}, want: {}".format( + sig.validity, validity) assert errors.GPGMEError(sig.validity_reason).getcode() == errors.NO_ERROR @@ -96,7 +101,9 @@ text = core.Data(test_text1) sig = core.Data(test_sig1) c.op_verify(sig, text, None) result = c.op_verify_result() -check_result(result, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", +check_result(result, constants.SIGSUM_VALID | constants.SIGSUM_GREEN, + constants.VALIDITY_FULL, + "A0FF4590BB6122EDEF6E3C542D727CC768697734", errors.NO_ERROR, True) @@ -105,15 +112,17 @@ text = core.Data(test_text1f) sig.seek(0, os.SEEK_SET) c.op_verify(sig, text, None) result = c.op_verify_result() -check_result(result, constants.SIGSUM_RED, "2D727CC768697734", - errors.BAD_SIGNATURE, False) +check_result(result, constants.SIGSUM_RED, constants.VALIDITY_UNKNOWN, + "2D727CC768697734", errors.BAD_SIGNATURE, False) # Checking a normal signature. text = core.Data() sig = core.Data(test_sig2) c.op_verify(sig, None, text) result = c.op_verify_result() -check_result(result, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", +check_result(result, constants.SIGSUM_VALID | constants.SIGSUM_GREEN, + constants.VALIDITY_FULL, + "A0FF4590BB6122EDEF6E3C542D727CC768697734", errors.NO_ERROR, False) # Checking an invalid message. @@ -126,3 +135,54 @@ except Exception as e: assert e.getcode() == errors.BAD_DATA else: assert False, "Expected an error but got none." + + +# Idiomatic interface. +with pyme.Context(armor=True) as c: + # Checking a valid message. + _, result = c.verify(test_text1, test_sig1) + check_result(result, constants.SIGSUM_VALID | constants.SIGSUM_GREEN, + constants.VALIDITY_FULL, + "A0FF4590BB6122EDEF6E3C542D727CC768697734", + errors.NO_ERROR, True) + + # Checking a manipulated message. + try: + c.verify(test_text1f, test_sig1) + except errors.BadSignatures as e: + check_result(e.result, constants.SIGSUM_RED, + constants.VALIDITY_UNKNOWN, + "2D727CC768697734", errors.BAD_SIGNATURE, False) + else: + assert False, "Expected an error but got none." + + # Checking a normal signature. + sig = core.Data(test_sig2) + data, result = c.verify(test_sig2) + check_result(result, constants.SIGSUM_VALID | constants.SIGSUM_GREEN, + constants.VALIDITY_FULL, + "A0FF4590BB6122EDEF6E3C542D727CC768697734", + errors.NO_ERROR, False) + assert data == test_text1 + + # Checking an invalid message. + try: + c.verify(double_plaintext_sig) + except errors.GPGMEError as e: + assert e.getcode() == errors.BAD_DATA + else: + assert False, "Expected an error but got none." + + alpha = c.get_key("A0FF4590BB6122EDEF6E3C542D727CC768697734", False) + bob = c.get_key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", False) + + # Checking a valid message. + c.verify(test_text1, test_sig1, verify=[alpha]) + + try: + c.verify(test_text1, test_sig1, verify=[alpha, bob]) + except errors.MissingSignatures as e: + assert len(e.missing) == 1 + assert e.missing[0] == bob + else: + assert False, "Expected an error, got none" commit 004026a94fea9c4f87068c1c17e519df5cbb8d8e Author: Justus Winter Date: Mon Jun 6 12:49:11 2016 +0200 python: Port more tests. * lang/python/tests/Makefile.am (pytests): Add new file. * lang/python/tests/t-import.py: New file. Signed-off-by: Justus Winter diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 69985bb..74020ad 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -42,6 +42,7 @@ py_tests = t-wrapper.py \ t-decrypt-verify.py \ t-sig-notation.py \ t-export.py \ + t-import.py \ t-trustlist.py \ t-edit.py \ t-wait.py \ diff --git a/lang/python/tests/t-import.py b/lang/python/tests/t-import.py new file mode 100755 index 0000000..03b576b --- /dev/null +++ b/lang/python/tests/t-import.py @@ -0,0 +1,76 @@ +#!/usr/bin/env python3 + +# Copyright (C) 2016 g10 Code GmbH +# +# This file is part of GPGME. +# +# GPGME is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +# Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . + +from pyme import core, constants +import support + +def check_result(result, fpr, secret): + assert result.considered == 1 or (secret and result.considered == 3) + assert result.no_user_id == 0 + assert not ((secret and result.imported != 0) + or (not secret and (result.imported != 0 + and result.imported != 1))) + assert result.imported_rsa == 0 + assert not ((secret and (result.unchanged != 0 and result.unchanged != 1)) + or (not secret and ((result.imported == 0 + and result.unchanged != 1) + or (result.imported == 1 + and result.unchanged != 0)))) + assert result.new_user_ids == 0 + assert result.new_sub_keys == 0 + assert not ((secret + and ((result.secret_imported == 0 + and result.new_signatures != 0) + or (result.secret_imported == 1 + and result.new_signatures > 1))) + or (not secret and result.new_signatures != 0)) + assert result.new_revocations == 0 + assert not ((secret and result.secret_read != 1 and result.secret_read != 3) + or (not secret and result.secret_read != 0)) + assert not ((secret and result.secret_imported != 0 + and result.secret_imported != 1 + and result.secret_imported != 2) + or (not secret and result.secret_imported != 0)) + assert not ((secret + and ((result.secret_imported == 0 + and result.secret_unchanged != 1 + and result.secret_unchanged != 2) + or (result.secret_imported == 1 + and result.secret_unchanged != 0))) + or (not secret and result.secret_unchanged != 0)) + assert result.not_imported == 0 + if secret: + assert not (len(result.imports) in (0, 3)) + else: + assert not (len(result.imports) in (0, 2)) + + assert fpr == result.imports[0].fpr + assert len(result.imports) == 1 or fpr == result.imports[1].fpr + assert result.imports[0].result == 0 + +support.init_gpgme(constants.PROTOCOL_OpenPGP) +c = core.Context() + +c.op_import(core.Data(file=support.make_filename("pubkey-1.asc"))) +result = c.op_import_result() +check_result(result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", False) + +c.op_import(core.Data(file=support.make_filename("seckey-1.asc"))) +result = c.op_import_result() +check_result(result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", True) ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 11 12:04:36 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 11 Jul 2016 12:04:36 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-211-g02babb2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 02babb29612d554c37b63a49f78acc45653b557e (commit) from de74fe59feef9adc858ac04004880bfd44315d0d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 02babb29612d554c37b63a49f78acc45653b557e Author: Andre Heinecke Date: Mon Jul 11 12:01:35 2016 +0200 Qt: Disable t-tofuinfo tests * lang/qt/tests/t-tofuinfo.cpp: Disable tests. -- Even with the wait this test could fail and anyway the delay was not nice. So we remove the wait hack and just wait for the bug (2405) to be fixed in GnuPG or GpgME core. diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index a27dd93..f9634b2 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -100,14 +100,12 @@ class TofuInfoTest: public QObject Q_ASSERT(!strcmp(stats.fingerprint(), sig.fingerprint())); Q_ASSERT(stats.signCount() == expected); } - /* FIXME: GnuPG-Bug-Id 2405 makes the wait necessary. */ - QTest::qWait(1000); } private: QTemporaryDir mDir; -private Q_SLOTS: +private /* FIXME Disabled until GnuPG-Bug-Id 2405 is fixed Q_SLOTS */: void testTofuNull() { TofuInfo tofu; @@ -156,8 +154,6 @@ private Q_SLOTS: /* Another verify */ - /* FIXME: GnuPG-Bug-Id 2405 makes the wait necessary. */ - QTest::qWait(1000); job = openpgp()->verifyOpaqueJob(true); result = job->exec(data1, plaintext); ----------------------------------------------------------------------- Summary of changes: lang/qt/tests/t-tofuinfo.cpp | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 11 13:10:16 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 Jul 2016 13:10:16 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-127-g7732b33 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7732b332886792b2bbf47ecf7430e953f1c55a2c (commit) from e32c575e0f3704e7563048eea6d26844bdfc494b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7732b332886792b2bbf47ecf7430e953f1c55a2c Author: Werner Koch Date: Mon Jul 11 13:05:37 2016 +0200 gpgconf: Enhance --list-dirs. * tools/gpgconf.c (main) : Factor code out to ... (list_dirs): new. Rewrite to use a table. Allow selection of a items. Add "agent-ssh-socket". -- This change makes the use of gpgconf in scripts easier. For example, to set the envvar with the name of the socket used by ssh, it is now possible to do this: SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" which guarantees that the right name is used. Signed-off-by: Werner Koch diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 37774dd..cd5d751 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -815,7 +815,7 @@ it by adding this to your init script: @example unset SSH_AGENT_PID if [ "$@{gnupg_SSH_AUTH_SOCK_by:-0@}" -ne $$ ]; then - export SSH_AUTH_SOCK="$@{HOME@}/.gnupg/S.gpg-agent.ssh" + export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" fi @end example @end cartouche diff --git a/doc/tools.texi b/doc/tools.texi index 8fdaa96..577df8e 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -280,7 +280,7 @@ Check the options for the component @var{component}. Update all configuration files with values taken from the global configuration file (usually @file{/etc/gnupg/gpgconf.conf}). - at item --list-dirs + at item --list-dirs [@var{names}] Lists the directories used by @command{gpgconf}. One directory is listed per line, and each line consists of a colon-separated list where the first field names the directory type (for example @code{sysconfdir}) @@ -288,7 +288,9 @@ and the second field contains the percent-escaped directory. Although they are not directories, the socket file names used by @command{gpg-agent} and @command{dirmngr} are printed as well. Note that the socket file names and the @code{homedir} lines are the default -names and they may be overridden by command line switches. +names and they may be overridden by command line switches. If + at var{names} are given only the directories or file names specified by +the list names are printed without any escaping. @item --list-config [@var{filename}] List the global configuration file in a colon separated format. If diff --git a/tools/gpgconf.c b/tools/gpgconf.c index 2b177e2..ad61511 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -147,6 +147,64 @@ get_outfp (estream_t *fp) } +static void +list_dirs (estream_t fp, char **names) +{ + static struct { + const char *name; + const char *(*fnc)(void); + const char *extra; + int special; + } list[] = { + { "sysconfdir", gnupg_sysconfdir, NULL }, + { "bindir", gnupg_bindir, NULL }, + { "libexecdir", gnupg_libexecdir, NULL }, + { "libdir", gnupg_libdir, NULL }, + { "datadir", gnupg_datadir, NULL }, + { "localedir", gnupg_localedir, NULL }, + { "dirmngr-socket", dirmngr_user_socket_name, NULL, 1 }, + { "dirmngr-socket", dirmngr_sys_socket_name, NULL, 2 }, + { "dirmngr-sys-socket", dirmngr_sys_socket_name, NULL, 1 }, + { "agent-ssh-socket", gnupg_socketdir, GPG_AGENT_SSH_SOCK_NAME }, + { "agent-socket", gnupg_socketdir, GPG_AGENT_SOCK_NAME }, + { "homedir", gnupg_homedir, NULL } + }; + int idx, j; + char *tmp; + const char *s; + + + for (idx = 0; idx < DIM (list); idx++) + { + if (list[idx].special == 1 && dirmngr_user_socket_name ()) + ; + else if (list[idx].special == 2 && !dirmngr_user_socket_name ()) + ; + else if (list[idx].special == 1 || list[idx].special == 2) + continue; + + s = list[idx].fnc (); + if (list[idx].extra) + { + tmp = make_filename (s, list[idx].extra, NULL); + s = tmp; + } + else + tmp = NULL; + if (!names) + es_fprintf (fp, "%s:%s\n", list[idx].name, gc_percent_escape (s)); + else + { + for (j=0; names[j]; j++) + if (!strcmp (names[j], list[idx].name)) + es_fprintf (fp, "%s\n", s); + } + + xfree (tmp); + } +} + + /* gpgconf main. */ int main (int argc, char **argv) @@ -357,43 +415,7 @@ main (int argc, char **argv) case aListDirs: /* Show the system configuration directories for gpgconf. */ get_outfp (&outfp); - es_fprintf (outfp, "sysconfdir:%s\n", - gc_percent_escape (gnupg_sysconfdir ())); - es_fprintf (outfp, "bindir:%s\n", - gc_percent_escape (gnupg_bindir ())); - es_fprintf (outfp, "libexecdir:%s\n", - gc_percent_escape (gnupg_libexecdir ())); - es_fprintf (outfp, "libdir:%s\n", - gc_percent_escape (gnupg_libdir ())); - es_fprintf (outfp, "datadir:%s\n", - gc_percent_escape (gnupg_datadir ())); - es_fprintf (outfp, "localedir:%s\n", - gc_percent_escape (gnupg_localedir ())); - - if (dirmngr_user_socket_name ()) - { - es_fprintf (outfp, "dirmngr-socket:%s\n", - gc_percent_escape (dirmngr_user_socket_name ())); - es_fprintf (outfp, "dirmngr-sys-socket:%s\n", - gc_percent_escape (dirmngr_sys_socket_name ())); - } - else - { - es_fprintf (outfp, "dirmngr-socket:%s\n", - gc_percent_escape (dirmngr_sys_socket_name ())); - } - - { - char *tmp = make_filename (gnupg_socketdir (), - GPG_AGENT_SOCK_NAME, NULL); - es_fprintf (outfp, "agent-socket:%s\n", gc_percent_escape (tmp)); - xfree (tmp); - } - { - char *tmp = xstrdup (gnupg_homedir ()); - es_fprintf (outfp, "homedir:%s\n", gc_percent_escape (tmp)); - xfree (tmp); - } + list_dirs (outfp, argc? argv : NULL); break; case aCreateSocketDir: ----------------------------------------------------------------------- Summary of changes: doc/gpg-agent.texi | 2 +- doc/tools.texi | 6 ++-- tools/gpgconf.c | 96 +++++++++++++++++++++++++++++++++--------------------- 3 files changed, 64 insertions(+), 40 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 11 16:53:32 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 11 Jul 2016 16:53:32 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-213-gbfa8ac7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via bfa8ac7e02c16790ee5bd3b42c26699f4821d72e (commit) via b1f42e8f25ada220ec8e4762cfebc3a49b1f7d56 (commit) from 02babb29612d554c37b63a49f78acc45653b557e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bfa8ac7e02c16790ee5bd3b42c26699f4821d72e Author: Andre Heinecke Date: Mon Jul 11 16:47:30 2016 +0200 Qt: Fix memleaks in tests * lang/qt/tests/t-keylist.cpp(cleanupTestCase): Ensure that posted events are handled for autodeletion. (testSingleKeylistSync): delete job. * lang/qt/tests/t-ownertrust.cpp(cleanupTestCase): Ditto * lang/qt/tests/t-ownertrust.cpp(testChangeOwnerTrust): Delete keylistjobs. * lang/qt/tests/t-keylocate.cpp(cleanupTestCase): Ditto diff --git a/lang/qt/tests/t-keylist.cpp b/lang/qt/tests/t-keylist.cpp index 38d315f..adc997a 100644 --- a/lang/qt/tests/t-keylist.cpp +++ b/lang/qt/tests/t-keylist.cpp @@ -55,6 +55,7 @@ private Q_SLOTS: std::vector keys; GpgME::KeyListResult result = job->exec(QStringList() << QStringLiteral("alfa at example.net"), false, keys); + delete job; Q_ASSERT (!result.error()); Q_ASSERT (keys.size() == 1); const QString kId = QLatin1String(keys.front().keyID()); @@ -104,6 +105,11 @@ private Q_SLOTS: const QString gpgHome = qgetenv("GNUPGHOME"); QVERIFY2(!gpgHome.isEmpty(), "GNUPGHOME environment variable is not set."); } + + void cleanupTestCase() + { + QCoreApplication::sendPostedEvents(); + } }; QTEST_MAIN(KeyListTest) diff --git a/lang/qt/tests/t-keylocate.cpp b/lang/qt/tests/t-keylocate.cpp index 682f722..43aaf1c 100644 --- a/lang/qt/tests/t-keylocate.cpp +++ b/lang/qt/tests/t-keylocate.cpp @@ -120,6 +120,11 @@ private Q_SLOTS: const QString gpgHome = qgetenv("GNUPGHOME"); QVERIFY2(!gpgHome.isEmpty(), "GNUPGHOME environment variable is not set."); } + + void cleanupTestCase() + { + QCoreApplication::sendPostedEvents(); + } private: QString mTestpattern; }; diff --git a/lang/qt/tests/t-ownertrust.cpp b/lang/qt/tests/t-ownertrust.cpp index 9a0c1cd..8784a79 100644 --- a/lang/qt/tests/t-ownertrust.cpp +++ b/lang/qt/tests/t-ownertrust.cpp @@ -55,6 +55,7 @@ private Q_SLOTS: std::vector keys; GpgME::KeyListResult result = job->exec(QStringList() << QStringLiteral("alfa at example.net"), false, keys); + delete job; Q_ASSERT (!result.error()); Q_ASSERT (keys.size() == 1); Key key = keys.front(); @@ -76,6 +77,7 @@ private Q_SLOTS: job = openpgp()->keyListJob(false, true, true); result = job->exec(QStringList() << QStringLiteral("alfa at example.net"), false, keys); + delete job; key = keys.front(); Q_ASSERT (key.ownerTrust() == Key::Ultimate); @@ -91,6 +93,8 @@ private Q_SLOTS: job = openpgp()->keyListJob(false, true, true); result = job->exec(QStringList() << QStringLiteral("alfa at example.net"), false, keys); + delete job; + key = keys.front(); Q_ASSERT (key.ownerTrust() == Key::Unknown); } @@ -100,6 +104,11 @@ private Q_SLOTS: const QString gpgHome = qgetenv("GNUPGHOME"); QVERIFY2(!gpgHome.isEmpty(), "GNUPGHOME environment variable is not set."); } + + void cleanupTestCase() + { + QCoreApplication::sendPostedEvents(); + } }; QTEST_MAIN(ChangeOwnerTrustTest) commit b1f42e8f25ada220ec8e4762cfebc3a49b1f7d56 Author: Andre Heinecke Date: Mon Jul 11 16:41:09 2016 +0200 Qt: Add some general Protocol documentation * lang/qt/src/protocol.h (Protocol): Add doc. -- This explicitly documents that syncs run with exec need deletion. diff --git a/lang/qt/src/protocol.h b/lang/qt/src/protocol.h index e5153b5..64146b8 100644 --- a/lang/qt/src/protocol.h +++ b/lang/qt/src/protocol.h @@ -63,6 +63,41 @@ class ChangePasswdJob; class AddUserIDJob; class SpecialJob; +/** The main entry point for QGpgME Comes in OpenPGP and SMIME(CMS) flavors. + * + * Use the proctocol class to obtain an instance of a job. Jobs + * provide async API for GnuPG that can be connected to signals / slots. + * + * A job is usually started with start() and emits a result signal. + * The parameters of the result signal depend on the job but the last + * two are always a QString for the auditlog and an GpgME::Error for + * an eventual error. + * + * In case async API is used and the result signal is emited a + * job schedules its own deletion. + * + * Most jobs also provide a synchronous call exec in which case + * you have to explicitly delete the job if you don't need it anymore. + * + * \code + * // Async example: + * KeyListJob *job = openpgp()->keyListJob(); + * connect(job, &KeyListJob::result, job, [this, job](KeyListResult, std::vector keys, QString, Error) + * { + * // keys and resuls can now be used. + * }); + * \endcode + * + * \code + * // Sync eaxmple: + * KeyListJob *job = openpgp()->keyListJob(false, false, false); + * std::vector keys; + * GpgME::KeyListResult result = job->exec(QStringList() << + * QStringLiteral("alfa at example.net"), + * false, keys); + * delete job; + * \endcode + */ class QGPGME_EXPORT Protocol { public: ----------------------------------------------------------------------- Summary of changes: lang/qt/src/protocol.h | 35 +++++++++++++++++++++++++++++++++++ lang/qt/tests/t-keylist.cpp | 6 ++++++ lang/qt/tests/t-keylocate.cpp | 5 +++++ lang/qt/tests/t-ownertrust.cpp | 9 +++++++++ 4 files changed, 55 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 11 18:18:23 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 11 Jul 2016 18:18:23 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-216-g007382c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 007382ce94a6318557370c440f7d609a030a119e (commit) via 98cba522c906115efcba1f8cc0bec7e5edb51ecd (commit) via c53f87c5f9ca63119152f41dcebfb175d4df2cef (commit) from bfa8ac7e02c16790ee5bd3b42c26699f4821d72e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 007382ce94a6318557370c440f7d609a030a119e Author: Justus Winter Date: Mon Jul 11 16:38:37 2016 +0200 python: Enable out-of-tree build of pyme bindings. * lang/python/MANIFEST.in: Update manifest template. * lang/python/Makefile.am: Copy more files, move generation of files to Python build script, add 'sdist' target to build a Python source distribution. * lang/python/gpgme-h-clean.py: Add code to build 'errors.i'. * lang/python/setup.py.in: Generate files, enable out-of-tree builds. Signed-off-by: Justus Winter diff --git a/lang/python/MANIFEST.in b/lang/python/MANIFEST.in index f079538..abdc08f 100644 --- a/lang/python/MANIFEST.in +++ b/lang/python/MANIFEST.in @@ -1,5 +1,4 @@ -recursive-include examples *.py *.glade *.gladep +recursive-include examples *.py include gpgme-h-clean.py gpgme.i include helpers.c helpers.h -include Makefile recursive-include pyme *.py diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 527212a..89b1c28 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -26,34 +26,30 @@ EXTRA_DIST = \ SUBDIRS = tests COPY_FILES = \ + $(srcdir)/gpgme.i \ $(srcdir)/README \ + $(srcdir)/MANIFEST.in \ + $(srcdir)/gpgme-h-clean.py \ $(srcdir)/pyme \ + $(srcdir)/examples \ $(srcdir)/helpers.c $(srcdir)/helpers.h -# Cleanup gpgme.h from deprecated functions and typedefs. -gpgme.h: ../../src/gpgme.h $(srcdir)/gpgme-h-clean.py - $(PYTHON) $(srcdir)/gpgme-h-clean.py $< >$@ - # For VPATH builds we need to copy some files because Python's # distutils are not VPATH-aware. copystamp: $(COPY_FILES) if test "$(srcdir)" != "$(builddir)" ; then cp -r $^ . ; fi touch $@ -errors.i: - sed -n -e \ - '/GPG_ERR_[^ ]* =/s/ *$.*$ = .*/%constant long \1 = \1;/p' \ - `$(GPG_ERROR_CONFIG) --prefix`/include/gpg-error.h >$@ - -gpgme_wrap.c pyme/pygpgme.py: gpgme.i errors.i gpgme.h copystamp - $(SWIG) -python -py3 -builtin $(SWIGOPT) \ - -o $(builddir)/gpgme_wrap.c -outdir $(builddir)/pyme \ - $< - -all-local: gpgme_wrap.c pyme/pygpgme.py copystamp +all-local: copystamp CFLAGS="$(CFLAGS) -I$(top_srcdir)" \ $(PYTHON) setup.py build --verbose +dist/pyme3-$(VERSION).tar.gz: copystamp + CFLAGS="$(CFLAGS) -I$(top_srcdir)" \ + $(PYTHON) setup.py sdist --verbose + +sdist: dist/pyme3-$(VERSION).tar.gz + CLEANFILES = gpgme.h errors.i gpgme_wrap.c pyme/pygpgme.py \ copystamp @@ -65,7 +61,7 @@ clean-local: rm -rf -- build if test "$(srcdir)" != "$(builddir)" ; then \ find . -type d ! -perm -200 -exec chmod u+w {} ';' ; \ - rm -rf README pyme helpers.c helpers.h ; \ + for F in $(COPY_FILES); do rm -rf -- `basename $$F` ; done ; \ fi install-exec-local: diff --git a/lang/python/gpgme-h-clean.py b/lang/python/gpgme-h-clean.py index b7052ff..b29b2e1 100755 --- a/lang/python/gpgme-h-clean.py +++ b/lang/python/gpgme-h-clean.py @@ -19,8 +19,8 @@ import sys, re -if len(sys.argv) < 2: - sys.stderr.write("Usage: %s gpgme.h\n" % sys.argv[0]) +if len(sys.argv) != 2: + sys.stderr.write("Usage: %s path/to/[gpgme|gpg-error].h\n" % sys.argv[0]) sys.exit(1) deprec_func = re.compile(r'^(.*typedef.*|.*$.*$|[^#]+\s+.+)' @@ -28,7 +28,7 @@ deprec_func = re.compile(r'^(.*typedef.*|.*$.*$|[^#]+\s+.+)' re.S) line_break = re.compile(';|\\$|\\x0c|^\s*#|{'); -try: +if 'gpgme.h' in sys.argv[1]: gpgme = open(sys.argv[1]) tmp = gpgme.readline() text = '' @@ -41,6 +41,10 @@ try: tmp = gpgme.readline() sys.stdout.write(text) gpgme.close() -except IOError as errmsg: - sys.stderr.write("%s: %s\n" % (sys.argv[0], errmsg)) - sys.exit(1) +else: + filter_re = re.compile(r'GPG_ERR_[^ ]* =') + rewrite_re = re.compile(r' *(.*) = .*') + for line in open(sys.argv[1]): + if not filter_re.search(line): + continue + print(rewrite_re.sub(r'%constant long \1 = \1;', line.strip())) diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index 9e6e008..4667a9d 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -20,16 +20,71 @@ from distutils.core import setup, Extension import os, os.path, sys +import glob import subprocess -def getconfig(what): - confdata = subprocess.Popen(["../../src/gpgme-config", "--%s" % what], +# Out-of-tree build of the pyme3 bindings. +gpg_error_config = "gpg-error-config" +gpgme_config = "gpgme-config" +gpgme_h = "" +library_dirs = [] +extra_swig_opts = [] + +if os.path.exists("../../src/gpgme-config"): + # In-tree build. + in_tree = True + gpgme_config = "../../src/gpgme-config" + gpgme_h = "../../src/gpgme.h" + library_dirs = ["../../src/.libs"] # XXX uses libtool internals + extra_swig_opts = ["-DHAVE_DATA_H=1"] + +try: + subprocess.check_call([gpg_error_config, '--version'], + stdout=subprocess.DEVNULL) +except: + sys.exit("Could not find gpg-error-config. " + + "Please install the libgpg-error development package.") + +try: + subprocess.check_call([gpgme_config, '--version'], + stdout=subprocess.DEVNULL) +except: + sys.exit("Could not find gpgme-config. " + + "Please install the libgpgme development package.") + +def getconfig(what, config=gpgme_config): + confdata = subprocess.Popen([config, "--%s" % what], stdout=subprocess.PIPE).communicate()[0] return [x for x in confdata.decode('utf-8').split() if x != ''] +version = version_raw = getconfig("version")[0] +if '-' in version: + version = version.split('-')[0] +major, minor, patch = map(int, version.split('.')) + +if not (major > 1 or (major == 1 and minor >= 6)): + sys.exit('Need at least GPGME version 1.6, found {}.'.format(version_raw)) + +if not gpgme_h: + gpgme_h = os.path.join(getconfig("prefix")[0], "include", "gpgme.h") + +gpg_error_prefix = getconfig("prefix", config=gpg_error_config)[0] +gpg_error_h = os.path.join(gpg_error_prefix, "include", "gpg-error.h") +if not os.path.exists(gpg_error_h): + gpg_error_h = \ + glob.glob(os.path.join(gpg_error_prefix, "include", + "*", "gpg-error.h"))[0] + +print("Building pyme3 using {} and {}.".format(gpgme_h, gpg_error_h)) + +# Cleanup gpgme.h from deprecated functions and typedefs. +subprocess.check_call(["python3", "gpgme-h-clean.py", gpgme_h], + stdout=open("gpgme.h", "w")) +subprocess.check_call(["python3", "gpgme-h-clean.py", gpg_error_h], + stdout=open("errors.i", "w")) + include_dirs = [os.getcwd()] define_macros = [] -library_dirs = ["../../src/.libs"] # XXX uses libtool internals libs = getconfig('libs') for item in getconfig('cflags'): @@ -67,13 +122,29 @@ if uname_s.startswith("MINGW32"): library_dirs.append(os.path.join(tgt, item)) break -swige = Extension("pyme._pygpgme", ["gpgme_wrap.c", "helpers.c"], +# We build an Extension using SWIG, which generates a Python module. +# By default, the 'build_py' step is run before 'build_ext', and +# therefore the generated Python module is not copied into the build +# directory. +# Bug: http://bugs.python.org/issue1016626 +# Workaround: +# http://stackoverflow.com/questions/12491328/python-distutils-not-include-the-swig-generated-module +from distutils.command.build import build +class BuildExtFirstHack(build): + def run(self): + self.run_command('build_ext') + build.run(self) + +swige = Extension("pyme._pygpgme", ["gpgme.i", "helpers.c"], + swig_opts = ['-py3', '-builtin', + '-outdir', 'pyme'] + extra_swig_opts, include_dirs = include_dirs, define_macros = define_macros, library_dirs = library_dirs, extra_link_args = libs) -setup(name = "pyme", +setup(name="pyme3", + cmdclass={'build': BuildExtFirstHack}, version="@VERSION@", description='Python bindings for GPGME GnuPG cryptography library', author='The GnuPG hackers', commit 98cba522c906115efcba1f8cc0bec7e5edb51ecd Author: Justus Winter Date: Mon Jul 11 16:34:15 2016 +0200 python: Do not depend on access to internal data structures. * lang/python/gpgme.i (gpgme_data_t): Rework so that it works without access to the definition of 'struct gpgme_data'. * lang/python/helpers.c (object_to_gpgme_data_t): Add assertion. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 8dbb0c2..c1e0074 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -125,7 +125,8 @@ // Special handling for references to our objects. %typemap(in) gpgme_data_t DATAIN (gpgme_data_t wrapper = NULL, - PyObject *bytesio = NULL, Py_buffer view) { + PyObject *bytesio = NULL, + Py_buffer view, int have_view = 0) { /* If we create a temporary wrapper object, we will store it in wrapperN, where N is $argnum. Here in this fragment, SWIG will automatically append $argnum. */ @@ -138,6 +139,7 @@ &bytesio, &view); if (pypointer == NULL) return NULL; + have_view = !! view.obj; /* input = $input, 1 = $1, 1_descriptor = $1_descriptor */ @@ -152,79 +154,108 @@ } } +#if HAVE_DATA_H +/* If we are doing an in-tree build, we can use the internal + representation of struct gpgme_data for an very efficient check if + the buffer has been modified. */ +%{ +#include "src/data.h" /* For struct gpgme_data. */ +%} +#endif + %typemap(freearg) gpgme_data_t DATAIN { /* See whether we need to update the Python buffer. */ - if (resultobj && wrapper$argnum && view$argnum.buf - && wrapper$argnum->data.mem.buffer != NULL) + if (resultobj && wrapper$argnum && view$argnum.buf) { - /* The buffer is dirty. */ - if (view$argnum.readonly) + int dirty; + char *new_data = NULL; + size_t new_size; + +#if HAVE_DATA_H + new_data = wrapper$argnum->data.mem.buffer; + new_size = wrapper$argnum->data.mem.length; + dirty = new_data != NULL; +#else + new_data = gpgme_data_release_and_get_mem (wrapper$argnum, &new_size); + wrapper$argnum = NULL; + dirty = new_size != view$argnum.len + || memcmp (new_data, view$argnum.buf, view$argnum.len); +#endif + + if (dirty) { - Py_XDECREF(resultobj); - resultobj = NULL; - PyErr_SetString(PyExc_ValueError, "cannot update read-only buffer"); - } - - /* See if we need to truncate the buffer. */ - if (resultobj && view$argnum.len != wrapper$argnum->data.mem.length) - { - if (bytesio$argnum == NULL) + /* The buffer is dirty. */ + if (view$argnum.readonly) { Py_XDECREF(resultobj); resultobj = NULL; - PyErr_SetString(PyExc_ValueError, "cannot resize buffer"); + PyErr_SetString(PyExc_ValueError, + "cannot update read-only buffer"); } - else + + /* See if we need to truncate the buffer. */ + if (resultobj && view$argnum.len != new_size) { - PyObject *retval; - PyBuffer_Release(&view$argnum); - retval = PyObject_CallMethod(bytesio$argnum, "truncate", "l", - (long) - wrapper$argnum->data.mem.length); - if (retval == NULL) + if (bytesio$argnum == NULL) { Py_XDECREF(resultobj); resultobj = NULL; + PyErr_SetString(PyExc_ValueError, "cannot resize buffer"); } else { - Py_DECREF(retval); - - retval = PyObject_CallMethod(bytesio$argnum, "getbuffer", NULL); - if (retval == NULL - || PyObject_GetBuffer(retval, &view$argnum, - PyBUF_SIMPLE|PyBUF_WRITABLE) < 0) + PyObject *retval; + PyBuffer_Release(&view$argnum); + assert(view$argnum.obj == NULL); + retval = PyObject_CallMethod(bytesio$argnum, "truncate", + "l", (long) new_size); + if (retval == NULL) { Py_XDECREF(resultobj); resultobj = NULL; } - - Py_XDECREF(retval); - - if (resultobj && view$argnum.len - != wrapper$argnum->data.mem.length) + else { - Py_XDECREF(resultobj); - resultobj = NULL; - PyErr_Format(PyExc_ValueError, - "Expected buffer of length %zu, got %zi", - wrapper$argnum->data.mem.length, - view$argnum.len); + Py_DECREF(retval); + + retval = PyObject_CallMethod(bytesio$argnum, + "getbuffer", NULL); + if (retval == NULL + || PyObject_GetBuffer(retval, &view$argnum, + PyBUF_SIMPLE|PyBUF_WRITABLE) < 0) + { + Py_XDECREF(resultobj); + resultobj = NULL; + } + + Py_XDECREF(retval); + + if (resultobj && view$argnum.len + != new_size) + { + Py_XDECREF(resultobj); + resultobj = NULL; + PyErr_Format(PyExc_ValueError, + "Expected buffer of length %zu, got %zi", + new_size, + view$argnum.len); + } } } } + if (resultobj) + memcpy(view$argnum.buf, new_data, new_size); } - - if (resultobj) - memcpy(view$argnum.buf, wrapper$argnum->data.mem.buffer, - wrapper$argnum->data.mem.length); +#if ! HAVE_DATA_H + free (new_data); +#endif } /* Free the temporary wrapper, if any. */ if (wrapper$argnum) gpgme_data_release(wrapper$argnum); Py_XDECREF (bytesio$argnum); - if (wrapper$argnum && view$argnum.buf) + if (have_view$argnum && view$argnum.buf) PyBuffer_Release(&view$argnum); } @@ -398,7 +429,6 @@ SWIG. */ %{ #include -#include "src/data.h" /* For struct gpgme_data. */ %} /* This is for notations, where we want to hide the length fields, and diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 43a55d0..d6cbb88 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -254,6 +254,7 @@ object_to_gpgme_data_t(PyObject *input, int argnum, gpgme_data_t *wrapper, if (data != input) Py_DECREF(data); + assert (view->obj); assert (view->ndim == 1); assert (view->shape == NULL); assert (view->strides == NULL); commit c53f87c5f9ca63119152f41dcebfb175d4df2cef Author: Justus Winter Date: Mon Jul 11 12:29:17 2016 +0200 python: Make result wrapping backwards compatible. * lang/python/pyme/results.py (Result.__init__): Skip missing fields. Signed-off-by: Justus Winter diff --git a/lang/python/pyme/results.py b/lang/python/pyme/results.py index e6e8968..aa9b38e 100644 --- a/lang/python/pyme/results.py +++ b/lang/python/pyme/results.py @@ -46,13 +46,12 @@ class Result(object): } def __init__(self, fragile): for key, func in self._type.items(): - setattr(self, key, func(getattr(fragile, key))) + if hasattr(fragile, key): + setattr(self, key, func(getattr(fragile, key))) for key, func in self._map.items(): - setattr(self, key, list(map(func, getattr(fragile, key)))) - - for key, func in self._map.items(): - setattr(self, key, list(map(func, getattr(fragile, key)))) + if hasattr(fragile, key): + setattr(self, key, list(map(func, getattr(fragile, key)))) for key in dir(fragile): if key.startswith('_') or key in self._blacklist: ----------------------------------------------------------------------- Summary of changes: lang/python/MANIFEST.in | 3 +- lang/python/Makefile.am | 28 +++++----- lang/python/gpgme-h-clean.py | 16 +++--- lang/python/gpgme.i | 120 +++++++++++++++++++++++++++---------------- lang/python/helpers.c | 1 + lang/python/pyme/results.py | 9 ++-- lang/python/setup.py.in | 81 +++++++++++++++++++++++++++-- 7 files changed, 179 insertions(+), 79 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 11 18:48:47 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 11 Jul 2016 18:48:47 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-217-ged07031 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ed070313155a1c79a57ba69f4299f2aefc65fad7 (commit) from 007382ce94a6318557370c440f7d609a030a119e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ed070313155a1c79a57ba69f4299f2aefc65fad7 Author: Andre Heinecke Date: Mon Jul 11 18:47:11 2016 +0200 m4: Add compile / link check for qt * m4/qt.m4 (FIND_QT): Check if a qt application can be compiled and linked. -- In case gpgme is cross compiled pkg-config may pick up qt for the build system and not for the host system. To avoid that we check that we can compile a qt program for host. diff --git a/m4/qt.m4 b/m4/qt.m4 index d3be7f8..1acae81 100644 --- a/m4/qt.m4 +++ b/m4/qt.m4 @@ -52,5 +52,27 @@ AC_DEFUN([FIND_QT], MOC=$MOC2 fi fi + AC_MSG_RESULT([$mocversion]) + dnl Check that a binary can actually be build with this qt. + dnl pkg-config may be set up in a way that it looks also for libaries + dnl of the build system and not only for the host system. In that case + dnl we check here that we can actually compile / link a qt application + dnl for host. + OLDCPPFLAGS=$CPPFLAGS + CPPFLAGS=$GPGME_QT_CFLAGS + OLDLDFLAGS=$LDFLAGS + LDFLAGS=$GPGME_QT_LIBS + AC_LANG_PUSH(C++) + AC_MSG_CHECKING([whether a simple qt program can be built]) + AC_LINK_IFELSE([AC_LANG_SOURCE([ + #include + int main (int argc, char **argv) { + QCoreApplication app(argc, argv); + app.exec(); + }])], [have_qt5_libs='yes'], [have_qt5_libs='no']) + AC_MSG_RESULT([$have_qt5_libs]) + AC_LANG_POP() + CPPFLAGS=$OLDCPPFLAGS + LDFLAGS=$OLDLDFLAGS fi ]) ----------------------------------------------------------------------- Summary of changes: m4/qt.m4 | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 11 19:43:34 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 11 Jul 2016 19:43:34 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-218-gce66289 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ce662891373eba6cce1cf8df516cb2370970737e (commit) from ed070313155a1c79a57ba69f4299f2aefc65fad7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ce662891373eba6cce1cf8df516cb2370970737e Author: Justus Winter Date: Mon Jul 11 19:42:56 2016 +0200 python: Fix distcheck. * lang/python/Makefile.am (EXTRA_DIST): Add missing files. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 89b1c28..eecc7d4 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -18,9 +18,11 @@ EXTRA_DIST = \ README \ + MANIFEST.in \ gpgme.i \ helpers.c helpers.h \ gpgme-h-clean.py \ + examples \ pyme SUBDIRS = tests ----------------------------------------------------------------------- Summary of changes: lang/python/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 10:45:25 2016 From: cvs at cvs.gnupg.org (by Yann E. MORIN) Date: Tue, 12 Jul 2016 10:45:25 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.23-9-gd57a16c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via d57a16c3779eca84dedcf2423b26e41172cd5a96 (commit) via abcdfa7964da62b92984516608faf8941038b71d (commit) from 65e967627b3d60f550c7d302227dcf9f797e437f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d57a16c3779eca84dedcf2423b26e41172cd5a96 Author: Yann E. MORIN Date: Sun Jul 10 11:38:47 2016 +0200 Add an option to disable tests * configure.ac: add an option to enable/disable building tests * Makefile.am: conditionally build tests -- On an embeded device, there is no reason to have the tests present in a production release build. Add a configure-time option to disable them. Signed-off-by: "Yann E. MORIN" diff --git a/Makefile.am b/Makefile.am index baeba14..5abd97d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -39,7 +39,13 @@ else doc = endif -SUBDIRS = m4 src $(doc) tests po $(lang_subdirs) +if BUILD_TESTS +tests = tests +else +tests = +endif + +SUBDIRS = m4 src $(doc) $(tests) po $(lang_subdirs) dist-hook: gen-ChangeLog diff --git a/configure.ac b/configure.ac index 682fd84..d19943d 100644 --- a/configure.ac +++ b/configure.ac @@ -533,6 +533,11 @@ AC_ARG_ENABLE([doc], AC_HELP_STRING([--disable-doc], build_doc=$enableval, build_doc=yes) AM_CONDITIONAL([BUILD_DOC], [test "x$build_doc" != xno]) +build_tests=yes +AC_ARG_ENABLE([tests], AC_HELP_STRING([--disable-tests], + [do not build the tests]), + build_tests=$enableval, build_tests=yes) +AM_CONDITIONAL([BUILD_TESTS], [test "x$build_tests" != xno]) # # Substitution commit abcdfa7964da62b92984516608faf8941038b71d Author: Yann E. MORIN Date: Sun Jul 10 11:38:46 2016 +0200 Fix build without threads * src/gen-posix-lock-obj.c: properly guard inclusioin of pthread.h * tests/t-lock.c: likewise * tests/t-poll.c: likewise -- Although ./configure checks for thread support, gen-posix-lock-obj and two tests still include pthread.h unconditionally. Guard that inclusion using the same condition as all other uses of pthread-related code. Signed-off-by: "Yann E. MORIN" diff --git a/src/gen-posix-lock-obj.c b/src/gen-posix-lock-obj.c index e32a3cd..e6f33ae 100644 --- a/src/gen-posix-lock-obj.c +++ b/src/gen-posix-lock-obj.c @@ -29,7 +29,9 @@ #include #include #include -#include +#ifdef USE_POSIX_THREADS +# include +#endif #include "posix-lock-obj.h" diff --git a/tests/t-lock.c b/tests/t-lock.c index 38c9cec..6add18b 100644 --- a/tests/t-lock.c +++ b/tests/t-lock.c @@ -31,7 +31,9 @@ # include # include #else -# include +# ifdef USE_POSIX_THREADS +# include +# endif #endif #define PGM "t-lock" diff --git a/tests/t-poll.c b/tests/t-poll.c index 811f895..a26cbfa 100644 --- a/tests/t-poll.c +++ b/tests/t-poll.c @@ -34,7 +34,9 @@ # include # include #else -# include +# ifdef USE_POSIX_THREADS +# include +# endif #endif #define PGM "t-lock" ----------------------------------------------------------------------- Summary of changes: Makefile.am | 8 +++++++- configure.ac | 5 +++++ src/gen-posix-lock-obj.c | 4 +++- tests/t-lock.c | 4 +++- tests/t-poll.c | 4 +++- 5 files changed, 21 insertions(+), 4 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 11:49:28 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 12 Jul 2016 11:49:28 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-222-gfd87c46 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via fd87c4679c4bfe19390fa2047dff23bb213a4b18 (commit) via 86ab2ee2d603111d24500b8d64a9a1dd82f8bdc0 (commit) via b03c48cfb06faae7d7033a0532f319cbcf13f18a (commit) via 362b8cdf4e0d5cd54ec2b325508dcdefac686f2c (commit) from ce662891373eba6cce1cf8df516cb2370970737e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fd87c4679c4bfe19390fa2047dff23bb213a4b18 Author: Andre Heinecke Date: Tue Jul 12 11:47:33 2016 +0200 Qt: Install CamelCase forward includes * lang/qt/src/Makefile.am (camelcase_headers): New. Create and install CamelCase headers. -- For Qt Libraries it is a common pattern that headers are installed additionally under their Namespace / Class Name so that automated inclusion works once a class is used in code. This was also done for QGpgME headers when they lived in Libkleo so this increases compatibility. diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index 3f5025c..ae316ba 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -35,6 +35,7 @@ qgpgme_sources = \ qgpgmeverifyopaquejob.cpp threadedjobmixin.cpp \ gpgme_backend_debug.cpp +# If you add one here make sure that you also add one in camelcase qgpgme_headers= \ adduseridjob.h \ changeexpiryjob.h \ @@ -66,6 +67,36 @@ qgpgme_headers= \ listallkeysjob.h \ verifydetachedjob.h +camelcase_headers= \ + AddUserIDJob \ + ChangeExpiryJob \ + ChangeOwnerTrustJob \ + ChangePasswdJob \ + DataProvider \ + DecryptJob \ + DecryptVerifyJob \ + DownloadJob \ + EncryptJob \ + ExportJob \ + HierarchicalKeyKistJob \ + Job \ + MultiDeleteJob \ + Protocol \ + QGpgMENewCryptoConfig \ + SignJob \ + SignKeyJob \ + SignEncryptJob \ + VerifyOpaqueJob \ + RefreshKeysJob \ + CryptoConfig \ + DeleteJob \ + ImportFromKeyserverJob \ + ImportJob \ + KeyGenerationJob \ + KeyListJob \ + ListAllKeysJob \ + VerifyDetachedJob + private_qgpgme_headers = \ qgpgme_export.h \ abstractimportjob.h \ @@ -148,6 +179,8 @@ qgpgme_moc_sources = \ qgpgmeincludedir = $(includedir)/qgpgme qgpgmeinclude_HEADERS = $(qgpgme_headers) +camelcaseincludedir = $(includedir)/QGpgME +camelcaseinclude_HEADERS = $(camelcase_headers) nodist_include_HEADERS = qgpgme_version.h libqgpgme_la_SOURCES = $(qgpgme_sources) $(qgpgme_headers) $(private_qgpgme_headers) @@ -171,6 +204,11 @@ QGpgmeConfig.cmake: QGpgmeConfig.cmake.in sed -e 's|[@]libsuffix@|$(libsuffix)|g' < "$@" > "$@".2 mv "$@".2 "$@" +$(camelcase_headers): Makefile.am + echo -n "#include \"qgpgme/" > "$@" + echo -n "$@" | tr '[:upper:]' '[:lower:]' >> "$@" + echo ".h\"" >> "$@" + install-cmake-files: QGpgmeConfig.cmake QGpgmeConfigVersion.cmake -$(INSTALL) -d $(DESTDIR)$(libdir)/cmake/Gpgmepp $(INSTALL) QGpgmeConfig.cmake \ @@ -187,9 +225,9 @@ install-data-local: install-cmake-files uninstall-local: uninstall-cmake-files -BUILT_SOURCES = $(qgpgme_moc_sources) +BUILT_SOURCES = $(qgpgme_moc_sources) $(camelcase_headers) -CLEANFILES = $(qgpgme_moc_sources) QGpgmeConfig.cmake +CLEANFILES = $(qgpgme_moc_sources) $(camelcase_headers) QGpgmeConfig.cmake nodist_libqgpgme_la_SOURCES = $(qgpgme_moc_sources) commit 86ab2ee2d603111d24500b8d64a9a1dd82f8bdc0 Author: Andre Heinecke Date: Tue Jul 12 11:47:04 2016 +0200 Qt: Export VerifyDetachedJob * lang/qt/src/verifydetachedjob.h (VerifyDetachedJob): Export it. diff --git a/lang/qt/src/verifydetachedjob.h b/lang/qt/src/verifydetachedjob.h index fc5bc69..0cb92e6 100644 --- a/lang/qt/src/verifydetachedjob.h +++ b/lang/qt/src/verifydetachedjob.h @@ -63,7 +63,7 @@ namespace QGpgME After result() is emitted, the VerifyDetachedJob will schedule it's own destruction by calling QObject::deleteLater(). */ -class VerifyDetachedJob : public Job +class QGPGME_EXPORT VerifyDetachedJob : public Job { Q_OBJECT protected: commit b03c48cfb06faae7d7033a0532f319cbcf13f18a Author: Andre Heinecke Date: Tue Jul 12 11:09:44 2016 +0200 Qt/Cpp: Add version headers * lang/cpp/src/gpgmepp_version.h.in, lang/qt/src/qgpgme_version.h.in: New. Version information. * lang/qt/src/Makefile.am, lang/cpp/src/Makefile.am: Add them. * configure.ac: Configure them. -- The version headers are common practice in KDE Frameworks and were installed for KF5Gpgmepp and Libkleo respectively. diff --git a/configure.ac b/configure.ac index 335a33a..52ba87f 100644 --- a/configure.ac +++ b/configure.ac @@ -768,10 +768,12 @@ AC_CONFIG_FILES(src/gpgme-config, chmod +x src/gpgme-config) AC_CONFIG_FILES(lang/cpp/Makefile lang/cpp/src/Makefile) AC_CONFIG_FILES(lang/cpp/src/GpgmeppConfig.cmake.in) AC_CONFIG_FILES(lang/cpp/src/GpgmeppConfigVersion.cmake) +AC_CONFIG_FILES(lang/cpp/src/gpgmepp_version.h) AC_CONFIG_FILES(lang/qt/Makefile lang/qt/src/Makefile) AC_CONFIG_FILES(lang/qt/src/QGpgmeConfig.cmake.in) AC_CONFIG_FILES(lang/qt/src/QGpgmeConfigVersion.cmake) AC_CONFIG_FILES(lang/qt/tests/Makefile) +AC_CONFIG_FILES(lang/qt/src/qgpgme_version.h) AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd]) AM_COND_IF([HAVE_DOXYGEN], [AC_CONFIG_FILES([lang/qt/doc/Doxyfile])]) AC_CONFIG_FILES(lang/qt/doc/Makefile) diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index e9deca9..188585a 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -18,7 +18,8 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA -EXTRA_DIST = GpgmeppConfig.cmake.in.in GpgmeppConfigVersion.cmake.in +EXTRA_DIST = GpgmeppConfig.cmake.in.in GpgmeppConfigVersion.cmake.in \ + gpgmepp_version.h.in lib_LTLIBRARIES = libgpgmepp.la @@ -56,6 +57,7 @@ interface_headers= \ gpgmeppincludedir = $(includedir)/gpgme++ gpgmeppinclude_HEADERS = $(gpgmepp_headers) nobase_gpgmeppinclude_HEADERS = $(interface_headers) +nodist_include_HEADERS = gpgmepp_version.h libgpgmepp_la_SOURCES = $(main_sources) $(gpgmepp_headers) context_vanilla.cpp \ $(interface_headers) $(private_gpgmepp_headers) diff --git a/lang/cpp/src/gpgmepp_version.h.in b/lang/cpp/src/gpgmepp_version.h.in new file mode 100644 index 0000000..3c33a30 --- /dev/null +++ b/lang/cpp/src/gpgmepp_version.h.in @@ -0,0 +1,32 @@ +/*gpgmepp_version.h - Version macros for gpgmepp + Copyright (C) 2016, Intevation GmbH + + This file is part of GPGME++. + + GPGME++ is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + GPGME++ is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with GPGME++; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + + +#ifndef GPGMEPP_VERSION_H +#define GPGMEPP_VERSION_H + +#define GPGMEPP_VERSION_STRING "@LIBGPGMEPP_LT_CURRENT at .@LIBGPGMEPP_LT_AGE at .@LIBGPGMEPP_LT_REVISION@" +#define GPGMEPP_VERSION_MAJOR @LIBGPGMEPP_LT_CURRENT@ +#define GPGMEPP_VERSION_MINOR @LIBGPGMEPP_LT_AGE@ +#define GPGMEPP_VERSION_PATCH @LIBGPGMEPP_LT_REVISION@ +#define GPGMEPP_VERSION ((@LIBGPGMEPP_LT_CURRENT@<<16)|(@LIBGPGMEPP_LT_AGE@<<8)|(@LIBGPGMEPP_LT_REVISION@)) + +#endif diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index 187bc7f..3f5025c 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -19,7 +19,7 @@ # 02111-1307, USA lib_LTLIBRARIES = libqgpgme.la EXTRA_DIST = QGpgmeConfig.cmake.in.in QGpgmeConfigVersion.cmake.in \ - gpgme_backend_debug.h + gpgme_backend_debug.h qgpgme_version.h.in qgpgme_sources = \ dataprovider.cpp job.cpp qgpgmeadduseridjob.cpp \ @@ -148,6 +148,7 @@ qgpgme_moc_sources = \ qgpgmeincludedir = $(includedir)/qgpgme qgpgmeinclude_HEADERS = $(qgpgme_headers) +nodist_include_HEADERS = qgpgme_version.h libqgpgme_la_SOURCES = $(qgpgme_sources) $(qgpgme_headers) $(private_qgpgme_headers) diff --git a/lang/qt/src/qgpgme_version.h.in b/lang/qt/src/qgpgme_version.h.in new file mode 100644 index 0000000..9fbe965 --- /dev/null +++ b/lang/qt/src/qgpgme_version.h.in @@ -0,0 +1,32 @@ +/*qgpgme_version.h - Version macros for qgpgme + Copyright (C) 2016, Intevation GmbH + + This file is part of GPGME++. + + GPGME++ is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + GPGME++ is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with GPGME++; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + + +#ifndef QGPGME_VERSION_H +#define QGPGME_VERSION_H + +#define QGPGME_VERSION_STRING "@LIBQGPGME_LT_CURRENT at .@LIBQGPGME_LT_AGE at .@LIBQGPGME_LT_REVISION@" +#define QGPGME_VERSION_MAJOR @LIBQGPGME_LT_CURRENT@ +#define QGPGME_VERSION_MINOR @LIBQGPGME_LT_AGE@ +#define QGPGME_VERSION_PATCH @LIBQGPGME_LT_REVISION@ +#define QGPGME_VERSION ((@LIBQGPGME_LT_CURRENT@<<16)|(@LIBQGPGME_LT_AGE@<<8)|(@LIBQGPGME_LT_REVISION@)) + +#endif commit 362b8cdf4e0d5cd54ec2b325508dcdefac686f2c Author: Andre Heinecke Date: Tue Jul 12 11:08:42 2016 +0200 Qt/Cpp: Add license blurb to export headers * lang/cpp/src/gpgmepp_export.h, lang/qt/src/qgpgme_export.h: Add license blurb. diff --git a/lang/cpp/src/gpgmepp_export.h b/lang/cpp/src/gpgmepp_export.h index c24bda0..d660310 100644 --- a/lang/cpp/src/gpgmepp_export.h +++ b/lang/cpp/src/gpgmepp_export.h @@ -1,3 +1,23 @@ +/*gpgmepp_export.h - Export macros for gpgmepp + Copyright (C) 2016, Intevation GmbH + + This file is part of GPGME++. + + GPGME++ is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + GPGME++ is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with GPGME++; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ #ifndef GPGMEPP_EXPORT_H #define GPGMEPP_EXPORT_H diff --git a/lang/qt/src/qgpgme_export.h b/lang/qt/src/qgpgme_export.h index 40630d5..ceb3888 100644 --- a/lang/qt/src/qgpgme_export.h +++ b/lang/qt/src/qgpgme_export.h @@ -1,3 +1,23 @@ +/*qgpgme_export.h - Export macros for qgpgme + Copyright (C) 2016, Intevation GmbH + + This file is part of GPGME++. + + GPGME++ is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + GPGME++ is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with GPGME++; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ #ifndef QGPGME_EXPORT_H #define QGPGME_EXPORT_H ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 + lang/cpp/src/Makefile.am | 4 +- lang/cpp/src/gpgmepp_export.h | 20 ++++++++++ .../progressprovider.h => gpgmepp_version.h.in} | 28 +++++--------- lang/qt/src/Makefile.am | 45 ++++++++++++++++++++-- lang/qt/src/qgpgme_export.h | 20 ++++++++++ .../src/data_p.h => qt/src/qgpgme_version.h.in} | 28 +++++--------- lang/qt/src/verifydetachedjob.h | 2 +- 8 files changed, 108 insertions(+), 41 deletions(-) copy lang/cpp/src/{interfaces/progressprovider.h => gpgmepp_version.h.in} (60%) copy lang/{cpp/src/data_p.h => qt/src/qgpgme_version.h.in} (61%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 12:19:05 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 12 Jul 2016 12:19:05 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-128-ga346dc2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a346dc227515f8da22a2eba000ccf0efe11e5e4d (commit) from 7732b332886792b2bbf47ecf7430e953f1c55a2c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a346dc227515f8da22a2eba000ccf0efe11e5e4d Author: Daniel Kahn Gillmor Date: Mon Jul 11 15:44:56 2016 +0200 dirmngr: Fix typo. -- Signed-off-by: Justus Winter diff --git a/dirmngr/http.c b/dirmngr/http.c index 941ad4f..a512e9a 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -744,7 +744,7 @@ http_session_set_log_cb (http_session_t sess, /* Start a HTTP retrieval and on success store at R_HD a context pointer for completing the request and to wait for the response. - If HTTPHOST is not NULL it is used hor the Host header instead of a + If HTTPHOST is not NULL it is used for the Host header instead of a Host header derived from the URL. */ gpg_error_t http_open (http_t *r_hd, http_req_t reqtype, const char *url, ----------------------------------------------------------------------- Summary of changes: dirmngr/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 12:29:58 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 12 Jul 2016 12:29:58 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-223-gbf742fb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via bf742fb88545689addfca18192baf2f56a1895e1 (commit) from fd87c4679c4bfe19390fa2047dff23bb213a4b18 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bf742fb88545689addfca18192baf2f56a1895e1 Author: Andre Heinecke Date: Tue Jul 12 12:28:41 2016 +0200 Bump version to 1.7.0 * configure.ac(mym4_version_minor), (mym4_version_micro): Next release will be 1.7.0 -- This was already mentioned in NEWS but acidentally not changed in configure.ac diff --git a/configure.ac b/configure.ac index 52ba87f..d395e00 100644 --- a/configure.ac +++ b/configure.ac @@ -28,8 +28,8 @@ min_automake_version="1.14" # commit and push so that the git magic is able to work. See below # for the LT versions. m4_define(mym4_version_major, [1]) -m4_define(mym4_version_minor, [6]) -m4_define(mym4_version_micro, [1]) +m4_define(mym4_version_minor, [7]) +m4_define(mym4_version_micro, [0]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag ----------------------------------------------------------------------- Summary of changes: configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 15:16:00 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Jul 2016 15:16:00 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-131-g9b07557 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9b075575cdc5851b019aed5ca5d5e18416beec8e (commit) via 0f5b105d96780a29cc58893285e6c38482e0cc2d (commit) via 3ccfd58b25a53def9c7e990c4f2f4091b95ae333 (commit) from a346dc227515f8da22a2eba000ccf0efe11e5e4d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9b075575cdc5851b019aed5ca5d5e18416beec8e Author: Werner Koch Date: Tue Jul 12 15:09:18 2016 +0200 gpg: Extend import-option import-export to print PKA or DANE. * g10/export.c (do_export_stream): Move PKA and DANE printing helper code to ... (print_pka_or_dane_records): this fucntion. (write_keyblock_to_output): Add arg OPTIOSN and call print_pka_or_dane_records if requested. -- It is now possible to print a DANE record given a a file with a key without importing the key first: gpg --export-options export-dane \ --import-options import-export \ --import-filter keep-uid='mbox =~ alpha' \ --import FILE_WITH_KEY Using the filter we only print a user id with the substring "alpha" in the addr-spec. Signed-off-by: Werner Koch diff --git a/g10/export.c b/g10/export.c index 3ce8185..92235fb 100644 --- a/g10/export.c +++ b/g10/export.c @@ -77,6 +77,10 @@ static int do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, kbnode_t *keyblock_out, unsigned int options, export_stats_t stats, int *any); +static gpg_error_t print_pka_or_dane_records +/**/ (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk, + const void *data, size_t datalen, + int print_pka, int print_dane); static void @@ -1204,15 +1208,19 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd, /* Write KEYBLOCK either to stdout or to the file set with the - * --output option. */ + * --output option. This is a simplified version of do_export_stream + * which supports only a few export options. */ gpg_error_t -write_keyblock_to_output (kbnode_t keyblock, int with_armor) +write_keyblock_to_output (kbnode_t keyblock, int with_armor, + unsigned int options) { gpg_error_t err; const char *fname; iobuf_t out; kbnode_t node; armor_filter_context_t *afx = NULL; + iobuf_t out_help = NULL; + PKT_public_key *pk = NULL; fname = opt.outfile? opt.outfile : "-"; if (is_secured_filename (fname) ) @@ -1228,6 +1236,12 @@ write_keyblock_to_output (kbnode_t keyblock, int with_armor) if (opt.verbose) log_info (_("writing to '%s'\n"), iobuf_get_fname_nonnull (out)); + if ((options & (EXPORT_PKA_FORMAT|EXPORT_DANE_FORMAT))) + { + with_armor = 0; + out_help = iobuf_temp (); + } + if (with_armor) { afx = new_armor_context (); @@ -1237,24 +1251,43 @@ write_keyblock_to_output (kbnode_t keyblock, int with_armor) for (node = keyblock; node; node = node->next) { - if (!is_deleted_kbnode (node) && node->pkt->pkttype != PKT_RING_TRUST) - { - err = build_packet (out, node->pkt); - if (err) - { - log_error ("build_packet(%d) failed: %s\n", - node->pkt->pkttype, gpg_strerror (err) ); - goto leave; - } - } + if (is_deleted_kbnode (node) || node->pkt->pkttype == PKT_RING_TRUST) + continue; + if (!pk && (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_SECRET_KEY)) + pk = node->pkt->pkt.public_key; + + err = build_packet (out_help? out_help : out, node->pkt); + if (err) + { + log_error ("build_packet(%d) failed: %s\n", + node->pkt->pkttype, gpg_strerror (err) ); + goto leave; + } } err = 0; + if (out_help && pk) + { + const void *data; + size_t datalen; + + iobuf_flush_temp (out_help); + data = iobuf_get_temp_buffer (out_help); + datalen = iobuf_get_temp_length (out_help); + + err = print_pka_or_dane_records (out, + keyblock, pk, data, datalen, + (options & EXPORT_PKA_FORMAT), + (options & EXPORT_DANE_FORMAT)); + } + leave: if (err) iobuf_cancel (out); else iobuf_close (out); + iobuf_cancel (out_help); release_armor_context (afx); return err; } @@ -1327,12 +1360,12 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) } -/* Print DANE or PKA records for all user IDs in KEYBLOCK to the - * stream FP. The data for the record is taken from HEXDATA. HEXFPR - * is the fingerprint of the primary key. */ +/* Print DANE or PKA records for all user IDs in KEYBLOCK to OUT. The + * data for the record is taken from (DATA,DATELEN). PK is the public + * key packet with the primary key. */ static gpg_error_t -print_pka_or_dane_records (kbnode_t keyblock, const char *hexdata, - const char *hexfpr, estream_t fp, +print_pka_or_dane_records (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk, + const void *data, size_t datalen, int print_pka, int print_dane) { gpg_error_t err = 0; @@ -1344,6 +1377,24 @@ print_pka_or_dane_records (kbnode_t keyblock, const char *hexdata, char *domain; const char *s; unsigned int len; + estream_t fp = NULL; + char *hexdata = NULL; + char *hexfpr; + + hexfpr = hexfingerprint (pk, NULL, 0); + hexdata = bin2hex (data, datalen, NULL); + if (!hexdata) + { + err = gpg_error_from_syserror (); + goto leave; + } + ascii_strlwr (hexdata); + fp = es_fopenmem (0, "rw,samethread"); + if (!fp) + { + err = gpg_error_from_syserror (); + goto leave; + } for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) { @@ -1407,9 +1458,28 @@ print_pka_or_dane_records (kbnode_t keyblock, const char *hexdata, } } + /* Make sure it is a string and write it. */ + es_fputc (0, fp); + { + void *vp; + + if (es_fclose_snatch (fp, &vp, NULL)) + { + err = gpg_error_from_syserror (); + goto leave; + } + fp = NULL; + iobuf_writestr (out, vp); + es_free (vp); + } + err = 0; + leave: xfree (hash); xfree (mbox); + es_fclose (fp); + xfree (hexdata); + xfree (hexfpr); return err; } @@ -1901,52 +1971,22 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, { /* We want to write PKA or DANE records. OUT_HELP has the * keyblock and we print a record for each uid to OUT. */ - char *hexdata; const void *data; - void *vp; size_t datalen; - estream_t fp; iobuf_flush_temp (out_help); data = iobuf_get_temp_buffer (out_help); datalen = iobuf_get_temp_length (out_help); - hexdata = bin2hex (data, datalen, NULL); - if (!hexdata) - { - err = gpg_error_from_syserror (); - goto leave; - } - iobuf_close (out_help); - out_help = iobuf_temp (); - ascii_strlwr (hexdata); - fp = es_fopenmem (0, "rw,samethread"); - if (!fp) - { - err = gpg_error_from_syserror (); - xfree (hexdata); - goto leave; - } - { - char *hexfpr = hexfingerprint (pk, NULL, 0); - err = print_pka_or_dane_records (keyblock, hexdata, hexfpr, fp, - (options & EXPORT_PKA_FORMAT), - (options & EXPORT_DANE_FORMAT)); - xfree (hexfpr); - } - xfree (hexdata); + err = print_pka_or_dane_records (out, + keyblock, pk, data, datalen, + (options & EXPORT_PKA_FORMAT), + (options & EXPORT_DANE_FORMAT)); if (err) - { - es_fclose (fp); - goto leave; - } - es_fputc (0, fp); - if (es_fclose_snatch (fp, &vp, NULL)) - { - err = gpg_error_from_syserror (); - goto leave; - } - iobuf_writestr (out, vp); + goto leave; + + iobuf_close (out_help); + out_help = iobuf_temp (); } } diff --git a/g10/import.c b/g10/import.c index 371f095..375bd03 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1330,7 +1330,7 @@ import_one (ctrl_t ctrl, merge_keys_and_selfsig (keyblock); merge_keys_done = 1; } - rc = write_keyblock_to_output (keyblock, opt.armor); + rc = write_keyblock_to_output (keyblock, opt.armor, opt.export_options); goto leave; } diff --git a/g10/main.h b/g10/main.h index 92a26a7..0956f66 100644 --- a/g10/main.h +++ b/g10/main.h @@ -400,7 +400,8 @@ gpg_error_t receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd, const char *hexgrip, PKT_public_key *pk); -gpg_error_t write_keyblock_to_output (kbnode_t keyblock, int with_armor); +gpg_error_t write_keyblock_to_output (kbnode_t keyblock, + int with_armor, unsigned int options); gpg_error_t export_ssh_key (ctrl_t ctrl, const char *userid); commit 0f5b105d96780a29cc58893285e6c38482e0cc2d Author: Werner Koch Date: Tue Jul 12 13:59:10 2016 +0200 gpg: Move a function from import.c to export.c. * g10/import.c (write_keyblock_to_output): Move to ... * g10/export.c (write_keyblock_to_output): here. Add arg WITH_ARMOR. Also make sure never to export ring trust packets. diff --git a/g10/export.c b/g10/export.c index d31b09a..3ce8185 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1203,6 +1203,63 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd, } +/* Write KEYBLOCK either to stdout or to the file set with the + * --output option. */ +gpg_error_t +write_keyblock_to_output (kbnode_t keyblock, int with_armor) +{ + gpg_error_t err; + const char *fname; + iobuf_t out; + kbnode_t node; + armor_filter_context_t *afx = NULL; + + fname = opt.outfile? opt.outfile : "-"; + if (is_secured_filename (fname) ) + return gpg_error (GPG_ERR_EPERM); + + out = iobuf_create (fname, 0); + if (!out) + { + err = gpg_error_from_syserror (); + log_error(_("can't create '%s': %s\n"), fname, gpg_strerror (err)); + return err; + } + if (opt.verbose) + log_info (_("writing to '%s'\n"), iobuf_get_fname_nonnull (out)); + + if (with_armor) + { + afx = new_armor_context (); + afx->what = 1; + push_armor_filter (afx, out); + } + + for (node = keyblock; node; node = node->next) + { + if (!is_deleted_kbnode (node) && node->pkt->pkttype != PKT_RING_TRUST) + { + err = build_packet (out, node->pkt); + if (err) + { + log_error ("build_packet(%d) failed: %s\n", + node->pkt->pkttype, gpg_strerror (err) ); + goto leave; + } + } + } + err = 0; + + leave: + if (err) + iobuf_cancel (out); + else + iobuf_close (out); + release_armor_context (afx); + return err; +} + + /* Helper for apply_keep_uid_filter. */ static const char * filter_getval (void *cookie, const char *propname) diff --git a/g10/import.c b/g10/import.c index e035328..371f095 100644 --- a/g10/import.c +++ b/g10/import.c @@ -937,63 +937,6 @@ fix_bad_direct_key_sigs (kbnode_t keyblock, u32 *keyid) } -/* Write the keyblock either to stdin or to the file set with - * the --output option. */ -static gpg_error_t -write_keyblock_to_output (kbnode_t keyblock) -{ - gpg_error_t err; - const char *fname; - iobuf_t out; - kbnode_t node; - armor_filter_context_t *afx = NULL; - - fname = opt.outfile? opt.outfile : "-"; - if (is_secured_filename (fname) ) - return gpg_error (GPG_ERR_EPERM); - - out = iobuf_create (fname, 0); - if (!out) - { - err = gpg_error_from_syserror (); - log_error(_("can't create '%s': %s\n"), fname, gpg_strerror (err)); - return err; - } - if (opt.verbose) - log_info (_("writing to '%s'\n"), iobuf_get_fname_nonnull (out)); - - if (opt.armor) - { - afx = new_armor_context (); - afx->what = 1; - push_armor_filter (afx, out); - } - - for (node = keyblock; node; node = node->next) - { - if (!is_deleted_kbnode (node)) - { - err = build_packet (out, node->pkt); - if (err) - { - log_error ("build_packet(%d) failed: %s\n", - node->pkt->pkttype, gpg_strerror (err) ); - goto leave; - } - } - } - err = 0; - - leave: - if (err) - iobuf_cancel (out); - else - iobuf_close (out); - release_armor_context (afx); - return err; -} - - static void print_import_ok (PKT_public_key *pk, unsigned int reason) { @@ -1387,7 +1330,7 @@ import_one (ctrl_t ctrl, merge_keys_and_selfsig (keyblock); merge_keys_done = 1; } - rc = write_keyblock_to_output (keyblock); + rc = write_keyblock_to_output (keyblock, opt.armor); goto leave; } diff --git a/g10/main.h b/g10/main.h index ec20b28..92a26a7 100644 --- a/g10/main.h +++ b/g10/main.h @@ -396,9 +396,12 @@ gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, gpg_error_t receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd, int cleartext, - char **cache_nonce_addr, const char *hexgrip, + char **cache_nonce_addr, + const char *hexgrip, PKT_public_key *pk); +gpg_error_t write_keyblock_to_output (kbnode_t keyblock, int with_armor); + gpg_error_t export_ssh_key (ctrl_t ctrl, const char *userid); /*-- dearmor.c --*/ commit 3ccfd58b25a53def9c7e990c4f2f4091b95ae333 Author: Werner Koch Date: Tue Jul 12 13:57:49 2016 +0200 Register DCO for Yann E. MORIN. -- diff --git a/AUTHORS b/AUTHORS index 242d28e..861258f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -194,6 +194,9 @@ Stefan Tomanek Werner Koch 2013-03-29:87620ahchj.fsf at vigenere.g10code.de: +Yann E. MORIN +2016-07-10:20160710093202.GA3688 at free.fr: + Other authors ============= ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 + g10/export.c | 183 +++++++++++++++++++++++++++++++++++++++++++++-------------- g10/import.c | 59 +------------------ g10/main.h | 6 +- 4 files changed, 149 insertions(+), 102 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 15:30:00 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 12 Jul 2016 15:30:00 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-225-g938f7e9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 938f7e9c8b466594d05c0347fe627b225263a6a6 (commit) via 744978cce8f9dfb2363b9d274ee99f25cfcf0e40 (commit) from bf742fb88545689addfca18192baf2f56a1895e1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 938f7e9c8b466594d05c0347fe627b225263a6a6 Author: Andre Heinecke Date: Tue Jul 12 15:26:14 2016 +0200 m4: Don't set fpic for qt on windows * m4/qt.m4 (FIND_QT): Do not set fpic for windows. -- Otherwise each compile call will result in a warning that fpic is ignored for windows. diff --git a/m4/qt.m4 b/m4/qt.m4 index 7a81bff..e7aac41 100644 --- a/m4/qt.m4 +++ b/m4/qt.m4 @@ -23,8 +23,10 @@ AC_DEFUN([FIND_QT], [have_qt5test_libs="yes"], [have_qt5test_libs="no"]) - if "$PKG_CONFIG" --variable qt_config Qt5Core | grep -q "reduce_relocations"; then - GPGME_QT_CFLAGS="$GPGME_QT_CFLAGS -fpic" + if ! test "$have_w32_system" = yes; then + if "$PKG_CONFIG" --variable qt_config Qt5Core | grep -q "reduce_relocations"; then + GPGME_QT_CFLAGS="$GPGME_QT_CFLAGS -fpic" + fi fi if test "$have_qt5_libs" = "yes"; then AC_CHECK_TOOL(MOC, moc) commit 744978cce8f9dfb2363b9d274ee99f25cfcf0e40 Author: Andre Heinecke Date: Tue Jul 12 15:10:16 2016 +0200 m4: Use LIBS instead of LDFLAGS for Qt libs * m4/qt.m4: Modify LIBS instead of LDFLAGS for link test. -- The test would otherwise fail when building for windows because the link order was wrong. diff --git a/m4/qt.m4 b/m4/qt.m4 index 1acae81..7a81bff 100644 --- a/m4/qt.m4 +++ b/m4/qt.m4 @@ -60,8 +60,8 @@ AC_DEFUN([FIND_QT], dnl for host. OLDCPPFLAGS=$CPPFLAGS CPPFLAGS=$GPGME_QT_CFLAGS - OLDLDFLAGS=$LDFLAGS - LDFLAGS=$GPGME_QT_LIBS + OLDLIBS=$LIBS + LIBS=$GPGME_QT_LIBS AC_LANG_PUSH(C++) AC_MSG_CHECKING([whether a simple qt program can be built]) AC_LINK_IFELSE([AC_LANG_SOURCE([ @@ -73,6 +73,6 @@ AC_DEFUN([FIND_QT], AC_MSG_RESULT([$have_qt5_libs]) AC_LANG_POP() CPPFLAGS=$OLDCPPFLAGS - LDFLAGS=$OLDLDFLAGS + LIBS=$OLDLIBS fi ]) ----------------------------------------------------------------------- Summary of changes: m4/qt.m4 | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 18:20:58 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Jul 2016 18:20:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-134-g5de41c4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5de41c4ecef32add89044b8a550a47cce8c6d61e (commit) via d3837e0435921bfa5587a50738f5924a5fdf976a (commit) via 6cb373f37b21505562665408c15210c5d42bed9d (commit) from 9b075575cdc5851b019aed5ca5d5e18416beec8e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5de41c4ecef32add89044b8a550a47cce8c6d61e Author: Werner Koch Date: Tue Jul 12 17:27:15 2016 +0200 wks: Try to send an encrypted confirmation back. * tools/gpg-wks-client.c (encrypt_response_status_cb): New. (encrypt_response): New. (send_confirmation_response): Encrypt the response. * tools/gpg-wks-server.c (send_confirmation_request): Use freeing of BODY and BODYENC. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 20dfa29..ca7ec70 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -452,14 +452,104 @@ command_send (const char *fingerprint, char *userid) +static void +encrypt_response_status_cb (void *opaque, const char *keyword, char *args) +{ + gpg_error_t *failure = opaque; + char *fields[2]; + + if (opt.debug) + log_debug ("%s: %s\n", keyword, args); + + if (!strcmp (keyword, "FAILURE")) + { + if (split_fields (args, fields, DIM (fields)) >= 2 + && !strcmp (fields[0], "encrypt")) + *failure = strtoul (fields[1], NULL, 10); + } + +} + + +/* Encrypt the INPUT stream to a new stream which is stored at success + * at R_OUTPUT. Encryption is done for ADDRSPEC. We currently + * retrieve that key from the WKD, DANE, or from "local". "local" is + * last to prefer the latest key version but use a local copy in case + * we are working offline. It might be useful for the server to send + * the fingerprint of its encryption key - or even the entire key + * back. */ +static gpg_error_t +encrypt_response (estream_t *r_output, estream_t input, const char *addrspec) +{ + gpg_error_t err; + ccparray_t ccp; + const char **argv; + estream_t output; + gpg_error_t gpg_err = 0; + + *r_output = NULL; + + output = es_fopenmem (0, "w+b"); + if (!output) + { + err = gpg_error_from_syserror (); + log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); + return err; + } + + ccparray_init (&ccp, 0); + + ccparray_put (&ccp, "--no-options"); + if (!opt.verbose) + ccparray_put (&ccp, "--quiet"); + else if (opt.verbose > 1) + ccparray_put (&ccp, "--verbose"); + ccparray_put (&ccp, "--batch"); + ccparray_put (&ccp, "--status-fd=2"); + ccparray_put (&ccp, "--always-trust"); + ccparray_put (&ccp, "--armor"); + ccparray_put (&ccp, "--auto-key-locate=clear,wkd,dane,local"); + ccparray_put (&ccp, "--recipient"); + ccparray_put (&ccp, addrspec); + ccparray_put (&ccp, "--encrypt"); + ccparray_put (&ccp, "--"); + + ccparray_put (&ccp, NULL); + argv = ccparray_get (&ccp, NULL); + if (!argv) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = gnupg_exec_tool_stream (opt.gpg_program, argv, input, + NULL, output, + encrypt_response_status_cb, &gpg_err); + if (err) + { + if (gpg_err) + err = gpg_err; + log_error ("encryption failed: %s\n", gpg_strerror (err)); + goto leave; + } + + es_rewind (output); + *r_output = output; + output = NULL; + + leave: + es_fclose (output); + xfree (argv); + return err; +} + + static gpg_error_t send_confirmation_response (const char *sender, const char *address, - const char *nonce) + const char *nonce, int encrypt) { gpg_error_t err; estream_t body = NULL; - /* FIXME: Encrypt and sign the response. */ - /* estream_t bodyenc = NULL; */ + estream_t bodyenc = NULL; mime_maker_t mime = NULL; body = es_fopenmem (0, "w+b"); @@ -469,12 +559,16 @@ send_confirmation_response (const char *sender, const char *address, log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); return err; } - /* It is fine to use 8 bit encosind because that is encrypted and + + /* It is fine to use 8 bit encoding because that is encrypted and * only our client will see it. */ - /* es_fputs ("Content-Type: application/vnd.gnupg.wks\n" */ - /* "Content-Transfer-Encoding: 8bit\n" */ - /* "\n", */ - /* body); */ + if (encrypt) + { + es_fputs ("Content-Type: application/vnd.gnupg.wks\n" + "Content-Transfer-Encoding: 8bit\n" + "\n", + body); + } es_fprintf (body, ("type: confirmation-response\n" "sender: %s\n" @@ -485,12 +579,14 @@ send_confirmation_response (const char *sender, const char *address, nonce); es_rewind (body); - /* err = encrypt_stream (&bodyenc, body, ctx->fpr); */ - /* if (err) */ - /* goto leave; */ - /* es_fclose (body); */ - /* body = NULL; */ - + if (encrypt) + { + err = encrypt_response (&bodyenc, body, address); + if (err) + goto leave; + es_fclose (body); + body = NULL; + } err = mime_maker_new (&mime, NULL); if (err) @@ -505,42 +601,50 @@ send_confirmation_response (const char *sender, const char *address, if (err) goto leave; - /* err = mime_maker_add_header (mime, "Content-Type", */ - /* "multipart/encrypted; " */ - /* "protocol=\"application/pgp-encrypted\""); */ - /* if (err) */ - /* goto leave; */ - /* err = mime_maker_add_container (mime, "multipart/encrypted"); */ - /* if (err) */ - /* goto leave; */ - - /* err = mime_maker_add_header (mime, "Content-Type", */ - /* "application/pgp-encrypted"); */ - /* if (err) */ - /* goto leave; */ - /* err = mime_maker_add_body (mime, "Version: 1\n"); */ - /* if (err) */ - /* goto leave; */ - /* err = mime_maker_add_header (mime, "Content-Type", */ - /* "application/octet-stream"); */ - /* if (err) */ - /* goto leave; */ - - err = mime_maker_add_header (mime, "Content-Type", - "application/vnd.gnupg.wks"); - if (err) - goto leave; + if (encrypt) + { + err = mime_maker_add_header (mime, "Content-Type", + "multipart/encrypted; " + "protocol=\"application/pgp-encrypted\""); + if (err) + goto leave; + err = mime_maker_add_container (mime, "multipart/encrypted"); + if (err) + goto leave; - err = mime_maker_add_stream (mime, &body); - if (err) - goto leave; + err = mime_maker_add_header (mime, "Content-Type", + "application/pgp-encrypted"); + if (err) + goto leave; + err = mime_maker_add_body (mime, "Version: 1\n"); + if (err) + goto leave; + err = mime_maker_add_header (mime, "Content-Type", + "application/octet-stream"); + if (err) + goto leave; + + err = mime_maker_add_stream (mime, &bodyenc); + if (err) + goto leave; + } + else + { + err = mime_maker_add_header (mime, "Content-Type", + "application/vnd.gnupg.wks"); + if (err) + goto leave; + err = mime_maker_add_stream (mime, &body); + if (err) + goto leave; + } err = wks_send_mime (mime); leave: mime_maker_release (mime); - /* xfree (bodyenc); */ - xfree (body); + es_fclose (bodyenc); + es_fclose (body); return err; } @@ -619,8 +723,14 @@ process_confirmation_request (estream_t msg) } nonce = value; - err = send_confirmation_response (sender, address, nonce); - + /* Send the confirmation. If no key was found, try again without + * encryption. */ + err = send_confirmation_response (sender, address, nonce, 1); + if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY) + { + log_info ("no encryption key found - sending response in the clear\n"); + err = send_confirmation_response (sender, address, nonce, 0); + } leave: nvc_release (nvc); diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 88313ec..de1be6a 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -904,8 +904,8 @@ send_confirmation_request (server_ctx_t ctx, leave: mime_maker_release (mime); - xfree (bodyenc); - xfree (body); + es_fclose (bodyenc); + es_fclose (body); xfree (from_buffer); return err; } commit d3837e0435921bfa5587a50738f5924a5fdf976a Author: Werner Koch Date: Tue Jul 12 16:54:55 2016 +0200 wks: Also create DANE record. * tools/gpg-wks-server.c (copy_key_as_dane): New. (check_and_publish): Also publish as DANE record. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index e46eafa..88313ec 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -489,6 +489,55 @@ list_key (server_ctx_t ctx, estream_t key) } +/* Take the key in KEYFILE and write it to DANEFILE using the DANE + * output format. */ +static gpg_error_t +copy_key_as_dane (const char *keyfile, const char *danefile) +{ + gpg_error_t err; + ccparray_t ccp; + const char **argv; + + ccparray_init (&ccp, 0); + + ccparray_put (&ccp, "--no-options"); + if (!opt.verbose) + ccparray_put (&ccp, "--quiet"); + else if (opt.verbose > 1) + ccparray_put (&ccp, "--verbose"); + ccparray_put (&ccp, "--batch"); + ccparray_put (&ccp, "--yes"); + ccparray_put (&ccp, "--always-trust"); + ccparray_put (&ccp, "--no-keyring"); + ccparray_put (&ccp, "--output"); + ccparray_put (&ccp, danefile); + ccparray_put (&ccp, "--export-options=export-dane"); + ccparray_put (&ccp, "--import-options=import-export"); + ccparray_put (&ccp, "--import"); + ccparray_put (&ccp, "--"); + ccparray_put (&ccp, keyfile); + + ccparray_put (&ccp, NULL); + argv = ccparray_get (&ccp, NULL); + if (!argv) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = gnupg_exec_tool_stream (opt.gpg_program, argv, NULL, + NULL, NULL, NULL, NULL); + if (err) + { + log_error ("%s failed: %s\n", __func__, gpg_strerror (err)); + goto leave; + } + + leave: + xfree (argv); + return err; +} + + static void encrypt_stream_status_cb (void *opaque, const char *keyword, char *args) { @@ -782,7 +831,7 @@ send_confirmation_request (server_ctx_t ctx, log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); goto leave; } - /* It is fine to use 8 bit encosind because that is encrypted and + /* It is fine to use 8 bit encoding because that is encrypted and * only our client will see it. */ es_fputs ("Content-Type: application/vnd.gnupg.wks\n" "Content-Transfer-Encoding: 8bit\n" @@ -945,6 +994,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) const char *domain; const char *s; strlist_t sl; + char shaxbuf[32]; /* Used for SHA-1 and SHA-256 */ /* FIXME: There is a bug in name-value.c which adds white space for * the last pair and thus we strip the nonce here until this has @@ -1011,11 +1061,8 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) /* Hash user ID and create filename. */ s = strchr (address, '@'); log_assert (s); - { - char sha1buf[20]; - gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, address, s - address); - hash = zb32_encode (sha1buf, 8*20); - } + gcry_md_hash_buffer (GCRY_MD_SHA1, shaxbuf, address, s - address); + hash = zb32_encode (shaxbuf, 8*20); if (!hash) { err = gpg_error_from_syserror (); @@ -1032,7 +1079,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) goto leave; } if (!gnupg_mkdir (fnewname, "-rwxr-xr-x")) - log_info ("directory '%s' created\n", fname); + log_info ("directory '%s' created\n", fnewname); xfree (fnewname); } fnewname = make_filename_try (opt.directory, domain, "hu", hash, NULL); @@ -1053,6 +1100,43 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) log_info ("key %s published for '%s'\n", ctx->fpr, address); + + /* Try to publish as DANE record if the DANE directory exists. */ + xfree (fname); + fname = fnewname; + fnewname = make_filename_try (opt.directory, domain, "dane", NULL); + if (!fnewname) + { + err = gpg_error_from_syserror (); + goto leave; + } + if (!access (fnewname, W_OK)) + { + /* Yes, we have a dane directory. */ + s = strchr (address, '@'); + log_assert (s); + gcry_md_hash_buffer (GCRY_MD_SHA256, shaxbuf, address, s - address); + xfree (hash); + hash = bin2hex (shaxbuf, 28, NULL); + if (!hash) + { + err = gpg_error_from_syserror (); + goto leave; + } + xfree (fnewname); + fnewname = make_filename_try (opt.directory, domain, "dane", hash, NULL); + if (!fnewname) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = copy_key_as_dane (fname, fnewname); + if (err) + goto leave; + log_info ("key %s published for '%s' (DANE record)\n", ctx->fpr, address); + } + + leave: es_fclose (key); xfree (hash); commit 6cb373f37b21505562665408c15210c5d42bed9d Author: Werner Koch Date: Tue Jul 12 16:11:20 2016 +0200 doc: Update import-export description. -- diff --git a/doc/gpg.texi b/doc/gpg.texi index ae860d7..db11061 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2211,8 +2211,10 @@ opposite meaning. The options are: @item import-export Run the entire import code but instead of storing the key to the - local keyring write it to the output. This option can be used to - remove all invalid parts from a key without the need to store it. + local keyring write it to the output. The export options + @option{export-pka} and @option{export-dane} affect the output. This + option can be used to remove all invalid parts from a key without the + need to store it. @item merge-only During import, allow key updates to existing keys, but do not allow ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 6 +- tools/gpg-wks-client.c | 202 ++++++++++++++++++++++++++++++++++++++----------- tools/gpg-wks-server.c | 102 ++++++++++++++++++++++--- 3 files changed, 253 insertions(+), 57 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 18:34:46 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 12 Jul 2016 18:34:46 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-227-g1bff47e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 1bff47ee58bcf9d0016fb7ac7e37cbf075abd059 (commit) via 57b51685528153f5a50ab0999feec25c83190501 (commit) from 938f7e9c8b466594d05c0347fe627b225263a6a6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1bff47ee58bcf9d0016fb7ac7e37cbf075abd059 Author: Justus Winter Date: Mon Jun 6 12:49:11 2016 +0200 python: Port more tests. * lang/python/pyme/core.py (Context.op_keylist_all): Add missing 'op_keylist_end'. (Context.op_trustlist_all): Fix function. Add missing 'op_trustlist_end'. * lang/python/tests/Makefile.am (pytests): Add new files. * lang/python/tests/t-import.py: New file. * lang/python/tests/t-keylist.py: Likewise. * lang/python/tests/t-trustlist.py: Check alternate interface. Signed-off-by: Justus Winter diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 09f71a1..e5ccf7c 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -255,6 +255,7 @@ class Context(GpgmeWrapper): while key: yield key key = self.op_keylist_next() + self.op_keylist_end() def op_keylist_next(self): """Returns the next key in the list created @@ -285,10 +286,11 @@ class Context(GpgmeWrapper): def op_trustlist_all(self, *args, **kwargs): self.op_trustlist_start(*args, **kwargs) - trust = self.ctx.op_trustlist_next() + trust = self.op_trustlist_next() while trust: yield trust - trust = self.ctx.op_trustlist_next() + trust = self.op_trustlist_next() + self.op_trustlist_end() def op_trustlist_next(self): """Returns the next trust item in the list created diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 69985bb..4a206fd 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -42,8 +42,10 @@ py_tests = t-wrapper.py \ t-decrypt-verify.py \ t-sig-notation.py \ t-export.py \ + t-import.py \ t-trustlist.py \ t-edit.py \ + t-keylist.py \ t-wait.py \ t-encrypt-large.py \ t-file-name.py \ diff --git a/lang/python/tests/t-import.py b/lang/python/tests/t-import.py new file mode 100755 index 0000000..03b576b --- /dev/null +++ b/lang/python/tests/t-import.py @@ -0,0 +1,76 @@ +#!/usr/bin/env python3 + +# Copyright (C) 2016 g10 Code GmbH +# +# This file is part of GPGME. +# +# GPGME is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +# Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . + +from pyme import core, constants +import support + +def check_result(result, fpr, secret): + assert result.considered == 1 or (secret and result.considered == 3) + assert result.no_user_id == 0 + assert not ((secret and result.imported != 0) + or (not secret and (result.imported != 0 + and result.imported != 1))) + assert result.imported_rsa == 0 + assert not ((secret and (result.unchanged != 0 and result.unchanged != 1)) + or (not secret and ((result.imported == 0 + and result.unchanged != 1) + or (result.imported == 1 + and result.unchanged != 0)))) + assert result.new_user_ids == 0 + assert result.new_sub_keys == 0 + assert not ((secret + and ((result.secret_imported == 0 + and result.new_signatures != 0) + or (result.secret_imported == 1 + and result.new_signatures > 1))) + or (not secret and result.new_signatures != 0)) + assert result.new_revocations == 0 + assert not ((secret and result.secret_read != 1 and result.secret_read != 3) + or (not secret and result.secret_read != 0)) + assert not ((secret and result.secret_imported != 0 + and result.secret_imported != 1 + and result.secret_imported != 2) + or (not secret and result.secret_imported != 0)) + assert not ((secret + and ((result.secret_imported == 0 + and result.secret_unchanged != 1 + and result.secret_unchanged != 2) + or (result.secret_imported == 1 + and result.secret_unchanged != 0))) + or (not secret and result.secret_unchanged != 0)) + assert result.not_imported == 0 + if secret: + assert not (len(result.imports) in (0, 3)) + else: + assert not (len(result.imports) in (0, 2)) + + assert fpr == result.imports[0].fpr + assert len(result.imports) == 1 or fpr == result.imports[1].fpr + assert result.imports[0].result == 0 + +support.init_gpgme(constants.PROTOCOL_OpenPGP) +c = core.Context() + +c.op_import(core.Data(file=support.make_filename("pubkey-1.asc"))) +result = c.op_import_result() +check_result(result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", False) + +c.op_import(core.Data(file=support.make_filename("seckey-1.asc"))) +result = c.op_import_result() +check_result(result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", True) diff --git a/lang/python/tests/t-keylist.py b/lang/python/tests/t-keylist.py new file mode 100755 index 0000000..a840d91 --- /dev/null +++ b/lang/python/tests/t-keylist.py @@ -0,0 +1,243 @@ +#!/usr/bin/env python3 + +# Copyright (C) 2016 g10 Code GmbH +# +# This file is part of GPGME. +# +# GPGME is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +# Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . + +import sys +import pyme +from pyme import core, constants +import support + +support.init_gpgme(constants.PROTOCOL_OpenPGP) +c = core.Context() + +# Check expration of keys. This test assumes three subkeys of which +# 2 are expired; it is used with the "Whisky" test key. It has +# already been checked that these 3 subkeys are available. +def check_whisky(name, key): + sub1 = key.subkeys[2] + sub2 = key.subkeys[3] + + assert sub1.expired and sub2.expired, \ + "Subkey of `{}' not flagged as expired".format(name) + assert sub1.expires == 1129636886 and sub2.expires == 1129636939, \ + "Subkey of `{}' has wrong expiration date".format(name) + +keys = [ + [ "A0FF4590BB6122EDEF6E3C542D727CC768697734", "6AE6D7EE46A871F8", + [ [ "Alfa Test", "demo key", "alfa at example.net" ], + [ "Alpha Test", "demo key", "alpha at example.net" ], + [ "Alice", "demo key", "" ] ], 1 ], + [ "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", "5381EA4EE29BA37F", + [ [ "Bob", "demo key", "" ], + [ "Bravo Test", "demo key", "bravo at example.net" ] ], 1 ], + [ "61EE841A2A27EB983B3B3C26413F4AF31AFDAB6C", "E71E72ACBC43DA60", + [ [ "Charlie Test", "demo key", "charlie at example.net" ] ], 1 ], + [ "6560C59C43D031C54D7C588EEBA9F240EB9DC9E6", "06F22880B0C45424", + [ [ "Delta Test", "demo key", "delta at example.net" ] ], 1 ], + [ "3531152DE293E26A07F504BC318C1FAEFAEF6D1B", "B5C79E1A7272144D", + [ [ "Echelon", "demo key", "" ], + [ "Echo Test", "demo key", "echo at example.net" ], + [ "Eve", "demo key", "" ] ], 1 ], + [ "56D33268F7FE693FBB594762D4BF57F37372E243", "0A32EE79EE45198E", + [ [ "Foxtrot Test", "demo key", "foxtrot at example.net" ] ], 1 ], + [ "C9C07DCC6621B9FB8D071B1D168410A48FC282E6", "247491CC9DCAD354", + [ [ "Golf Test", "demo key", "golf at example.net" ] ], 1 ], + [ "9E91CBB11E4D4135583EF90513DB965534C6E3F1", "76E26537D622AD0A", + [ [ "Hotel Test", "demo key", "hotel at example.net" ] ], 1 ], + [ "CD538D6CC9FB3D745ECDA5201FE8FC6F04259677", "C1C8EFDE61F76C73", + [ [ "India Test", "demo key", "india at example.net" ] ], 1 ], + [ "F8F1EDC73995AB739AD54B380C820C71D2699313", "BD0B108735F8F136", + [ [ "Juliet Test", "demo key", "juliet at example.net" ] ], 1 ], + [ "3FD11083779196C2ECDD9594AD1B0FAD43C2D0C7", "86CBB34A9AF64D02", + [ [ "Kilo Test", "demo key", "kilo at example.net" ] ], 1 ], + [ "1DDD28CEF714F5B03B8C246937CAB51FB79103F8", "0363B449FE56350C", + [ [ "Lima Test", "demo key", "lima at example.net" ] ], 1 ], + [ "2686AA191A278013992C72EBBE794852BE5CF886", "5F600A834F31EAE8", + [ [ "Mallory", "demo key", "" ], + [ "Mike Test", "demo key", "mike at example.net" ] ], 1 ], + [ "5AB9D6D7BAA1C95B3BAA3D9425B00FD430CEC684", "4C1D63308B70E472", + [ [ "November Test", "demo key", "november at example.net" ] ], 1 ], + [ "43929E89F8F79381678CAE515F6356BA6D9732AC", "FF0785712681619F", + [ [ "Oscar Test", "demo key", "oscar at example.net" ] ], 1 ], + [ "6FAA9C201E5E26DCBAEC39FD5D15E01D3FF13206", "2764E18263330D9C", + [ [ "Papa test", "demo key", "papa at example.net" ] ], 1 ], + [ "A7969DA1C3297AA96D49843F1C67EC133C661C84", "6CDCFC44A029ACF4", + [ [ "Quebec Test", "demo key", "quebec at example.net" ] ], 1 ], + [ "38FBE1E4BF6A5E1242C8F6A13BDBEDB1777FBED3", "9FAB805A11D102EA", + [ [ "Romeo Test", "demo key", "romeo at example.net" ] ], 1 ], + [ "045B2334ADD69FC221076841A5E67F7FA3AE3EA1", "93B88B0F0F1B50B4", + [ [ "Sierra Test", "demo key", "sierra at example.net" ] ], 1 ], + [ "ECAC774F4EEEB0620767044A58CB9A4C85A81F38", "97B60E01101C0402", + [ [ "Tango Test", "demo key", "tango at example.net" ] ], 1 ], + [ "0DBCAD3F08843B9557C6C4D4A94C0F75653244D6", "93079B915522BDB9", + [ [ "Uniform Test", "demo key", "uniform at example.net" ] ], 1 ], + [ "E8143C489C8D41124DC40D0B47AF4B6961F04784", "04071FB807287134", + [ [ "Victor Test", "demo key", "victor at example.org" ] ], 1 ], + [ "E8D6C90B683B0982BD557A99DEF0F7B8EC67DBDE", "D7FBB421FD6E27F6", + [ [ "Whisky Test", "demo key", "whisky at example.net" ] ], 3, + check_whisky ], + [ "04C1DF62EFA0EBB00519B06A8979A6C5567FB34A", "5CC6F87F41E408BE", + [ [ "XRay Test", "demo key", "xray at example.net" ] ], 1 ], + [ "ED9B316F78644A58D042655A9EEF34CD4B11B25F", "5ADFD255F7B080AD", + [ [ "Yankee Test", "demo key", "yankee at example.net" ] ], 1 ], + [ "23FD347A419429BACCD5E72D6BC4778054ACD246", "EF9DC276A172C881", + [ [ "Zulu Test", "demo key", "zulu at example.net" ] ], 1 ], +] + +def check_global(i, key, uids, n_subkeys): + assert not key.revoked, "Key unexpectedly revoked" + assert not key.expired, "Key unexpectedly expired" + assert not key.disabled, "Key unexpectedly disabled" + assert not key.invalid, "Key unexpectedly invalid" + assert key.can_sign, "Key unexpectedly unusable for signing" + assert key.can_certify, "Key unexpectedly unusable for certifications" + assert not key.secret, "Key unexpectedly secret" + assert not key.protocol != constants.PROTOCOL_OpenPGP, \ + "Key has unexpected protocol: {}".format(key.protocol) + assert not key.issuer_serial, \ + "Key unexpectedly carries issuer serial: {}".format(key.issuer_serial) + assert not key.issuer_name, \ + "Key unexpectedly carries issuer name: {}".format(key.issuer_name) + assert not key.chain_id, \ + "Key unexpectedly carries chain ID: {}".format(key.chain_id) + + # Only key Alfa is trusted + assert i == 0 or key.owner_trust == constants.VALIDITY_UNKNOWN, \ + "Key has unexpected owner trust: {}".format(key.owner_trust) + assert i != 0 or key.owner_trust == constants.VALIDITY_ULTIMATE, \ + "Key has unexpected owner trust: {}".format(key.owner_trust) + + assert len(key.subkeys) - 1 == n_subkeys, \ + "Key `{}' has unexpected number of subkeys".format(uids[0][0]) + + +def check_subkey(fpr, which, subkey): + assert not subkey.revoked, which + " key unexpectedly revoked" + assert not subkey.expired, which + " key unexpectedly expired" + assert not subkey.disabled, which + " key unexpectedly disabled" + assert not subkey.invalid, which + " key unexpectedly invalid" + + if which == "Primary": + assert not subkey.can_encrypt, \ + which + " key unexpectedly usable for encryption" + assert subkey.can_sign, \ + which + " key unexpectedly unusable for signing" + assert subkey.can_certify, \ + which + " key unexpectedly unusable for certifications" + else: + assert subkey.can_encrypt, \ + which + " key unexpectedly unusable for encryption" + assert not subkey.can_sign, \ + which + " key unexpectedly usable for signing" + assert not subkey.can_certify, \ + which + " key unexpectedly usable for certifications" + + assert not subkey.secret, which + " key unexpectedly secret" + assert not subkey.is_cardkey, "Public key marked as card key" + assert not subkey.card_number, "Public key with card number set" + assert not subkey.pubkey_algo != (constants.PK_DSA if which == "Primary" + else constants.PK_ELG_E), \ + which + " key has unexpected public key algo: {}".\ + format(subkey.pubkey_algo) + assert subkey.length == 1024, \ + which + " key has unexpected length: {}".format(subkey.length) + assert fpr.endswith(subkey.keyid), \ + which + " key has unexpected key ID: {}".format(subkey.keyid) + assert which == "Secondary" or subkey.fpr == fpr, \ + which + " key has unexpected fingerprint: {}".format(subkey.fpr) + assert not subkey.expires, \ + which + " key unexpectedly expires: {}".format(subkey.expires) + +def check_uid(which, ref, uid): + assert not uid.revoked, which + " user ID unexpectedly revoked" + assert not uid.invalid, which + " user ID unexpectedly invalid" + assert uid.validity == (constants.VALIDITY_UNKNOWN + if uid.name.split()[0] + not in {'Alfa', 'Alpha', 'Alice'} else + constants.VALIDITY_ULTIMATE), \ + which + " user ID has unexpectedly validity: {}".format(uid.validity) + assert not uid.signatures, which + " user ID unexpectedly signed" + assert uid.name == ref[0], \ + "Unexpected name in {} user ID: {!r}".format(which.lower(), uid.name) + assert uid.comment == ref[1], \ + "Unexpected comment in {} user ID: {!r}".format(which.lower(), + uid.comment) + assert uid.email == ref[2], \ + "Unexpected email in {} user ID: {!r}".format(which.lower(), uid.email) + +i = 0 +c.op_keylist_start(None, False) +key = c.op_keylist_next () +while key: + try: + if len(keys[i]) == 4: + fpr, sec_keyid, uids, n_subkeys = keys[i] + misc_check = None + else: + fpr, sec_keyid, uids, n_subkeys, misc_check = keys[i] + except IndexError: + # There are more keys. We don't check for that. + break + + # Global key flags. + check_global(i, key, uids, n_subkeys) + check_subkey(fpr, "Primary", key.subkeys[0]) + check_subkey(sec_keyid, "Secondary", key.subkeys[1]) + + assert len(key.uids) == len(uids) + check_uid("First", uids[0], key.uids[0]) + if len(key.uids) > 1: + check_uid("Second", uids[1], key.uids[1]) + if len(key.uids) > 2: + check_uid("Third", uids[2], key.uids[2]) + + if misc_check: + misc_check (uids[0][0], key) + key = c.op_keylist_next () + i += 1 + +c.op_keylist_end() +result = c.op_keylist_result() +assert not result.truncated, "Key listing unexpectedly truncated" + + +for i, key in enumerate(c.op_keylist_all(None, False)): + try: + if len(keys[i]) == 4: + fpr, sec_keyid, uids, n_subkeys = keys[i] + misc_check = None + else: + fpr, sec_keyid, uids, n_subkeys, misc_check = keys[i] + except IndexError: + # There are more keys. We don't check for that. + break + + # Global key flags. + check_global(i, key, uids, n_subkeys) + check_subkey(fpr, "Primary", key.subkeys[0]) + check_subkey(sec_keyid, "Secondary", key.subkeys[1]) + + assert len(key.uids) == len(uids) + check_uid("First", uids[0], key.uids[0]) + if len(key.uids) > 1: + check_uid("Second", uids[1], key.uids[1]) + if len(key.uids) > 2: + check_uid("Third", uids[2], key.uids[2]) + + if misc_check: + misc_check (uids[0][0], key) diff --git a/lang/python/tests/t-trustlist.py b/lang/python/tests/t-trustlist.py index 61f8fa5..a24eab8 100755 --- a/lang/python/tests/t-trustlist.py +++ b/lang/python/tests/t-trustlist.py @@ -22,13 +22,19 @@ import support support.init_gpgme(constants.PROTOCOL_OpenPGP) c = core.Context() -c.op_trustlist_start("alice", 0) +def dump_item(item): + print("l={} k={} t={} o={} v={} u={}".format( + item.level, item.keyid, item.type, item.owner_trust, + item.validity, item.name)) + +c.op_trustlist_start("alice", 0) while True: item = c.op_trustlist_next() if not item: break + dump_item(item) +c.op_trustlist_end() - print("l={} k={} t={} o={} v={} u={}".format( - item.level, item.keyid, item.type, item.owner_trust, - item.validity, item.name)) +for item in c.op_trustlist_all("alice", 0): + dump_item(item) commit 57b51685528153f5a50ab0999feec25c83190501 Author: Justus Winter Date: Tue Jul 12 16:20:35 2016 +0200 python: Improve python packaging. * lang/python/Makefile.am: Sign source releases, and upload them. * lang/python/setup.py.in: Add categories. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index eecc7d4..0ac1dd0 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -46,11 +46,17 @@ all-local: copystamp CFLAGS="$(CFLAGS) -I$(top_srcdir)" \ $(PYTHON) setup.py build --verbose -dist/pyme3-$(VERSION).tar.gz: copystamp +dist/pyme3-$(VERSION).tar.gz dist/pyme3-$(VERSION).tar.gz.asc: copystamp CFLAGS="$(CFLAGS) -I$(top_srcdir)" \ $(PYTHON) setup.py sdist --verbose + gpg2 --detach-sign --armor dist/pyme3-$(VERSION).tar.gz -sdist: dist/pyme3-$(VERSION).tar.gz +.PHONY: sdist +sdist: dist/pyme3-$(VERSION).tar.gz dist/pyme3-$(VERSION).tar.gz.asc + +.PHONY: upload +upload: dist/pyme3-$(VERSION).tar.gz dist/pyme3-$(VERSION).tar.gz.asc + twine upload $^ CLEANFILES = gpgme.h errors.i gpgme_wrap.c pyme/pygpgme.py \ copystamp diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index 4667a9d..787d6a3 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -147,11 +147,28 @@ setup(name="pyme3", cmdclass={'build': BuildExtFirstHack}, version="@VERSION@", description='Python bindings for GPGME GnuPG cryptography library', + # XXX add a long description + #long_description=long_description, author='The GnuPG hackers', author_email='gnupg-devel at gnupg.org', url='https://www.gnupg.org', ext_modules=[swige], packages = ['pyme', 'pyme.constants', 'pyme.constants.data', 'pyme.constants.keylist', 'pyme.constants.sig'], - license="LGPL2.1+ (the library), GPL2+ (tests and examples)" + license="LGPL2.1+ (the library), GPL2+ (tests and examples)", + classifiers=[ + 'Development Status :: 4 - Beta', + 'Intended Audience :: Developers', + 'Topic :: Software Development :: Build Tools', + 'License :: OSI Approved :: GNU Lesser General Public License v2 or later (LGPLv2+)', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3 :: Only', + 'Programming Language :: Python :: 3.4', + 'Programming Language :: Python :: 3.5', + 'Programming Language :: Python :: 3.6', + 'Operating System :: POSIX', + 'Operating System :: Microsoft :: Windows', + 'Topic :: Communications :: Email', + 'Topic :: Security :: Cryptography', + ], ) ----------------------------------------------------------------------- Summary of changes: lang/python/Makefile.am | 10 +- lang/python/pyme/core.py | 6 +- lang/python/setup.py.in | 19 ++- lang/python/tests/Makefile.am | 2 + lang/python/tests/t-import.py | 76 ++++++++++++ lang/python/tests/t-keylist.py | 243 +++++++++++++++++++++++++++++++++++++++ lang/python/tests/t-trustlist.py | 14 ++- 7 files changed, 361 insertions(+), 9 deletions(-) create mode 100755 lang/python/tests/t-import.py create mode 100755 lang/python/tests/t-keylist.py hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 20:29:07 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Jul 2016 20:29:07 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-135-g38eb5f8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 38eb5f81d223616e3ee34bdfb41c387ce4e7df22 (commit) from 5de41c4ecef32add89044b8a550a47cce8c6d61e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 38eb5f81d223616e3ee34bdfb41c387ce4e7df22 Author: Werner Koch Date: Tue Jul 12 20:18:22 2016 +0200 wks: Add --cron command to gpg-wks-server. * tools/gpg-wks-server.c (PENDING_TTL): New. (expire_one_domain, expire_pending_confirmations): New. (command_cron): New. (main): Implement --cron. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index de1be6a..6fbcc05 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -27,9 +27,9 @@ #include #include #include -#ifdef HAVE_STAT -# include -#endif +#include +#include +#include #include "util.h" #include "init.h" @@ -44,6 +44,10 @@ #include "gpg-wks.h" +/* The time we wait for a confirmation response. */ +#define PENDING_TTL (86400 * 3) /* 3 days. */ + + /* Constants to identify the commands and options. */ enum cmd_and_opt_values { @@ -116,6 +120,7 @@ typedef struct server_ctx_s *server_ctx_t; static gpg_error_t command_receive_cb (void *opaque, const char *mediatype, estream_t fp); +static gpg_error_t command_cron (void); @@ -316,6 +321,9 @@ main (int argc, char **argv) case aCron: if (argc) wrong_args ("--cron"); + err = command_cron (); + if (err) + log_error ("running --cron failed: %s\n", gpg_strerror (err)); break; default: @@ -1252,3 +1260,154 @@ command_receive_cb (void *opaque, const char *mediatype, estream_t msg) return err; } + + + +static gpg_error_t +expire_one_domain (const char *top_dirname, const char *domain) +{ + gpg_error_t err; + char *dirname; + char *fname = NULL; + DIR *dir = NULL; + struct dirent *dentry; + struct stat sb; + time_t now = gnupg_get_time (); + + dirname = make_filename_try (top_dirname, "pending", NULL); + if (!dirname) + { + err = gpg_error_from_syserror (); + log_error ("make_filename failed in %s: %s\n", + __func__, gpg_strerror (err)); + goto leave; + } + + dir = opendir (dirname); + if (!dir) + { + err = gpg_error_from_syserror (); + log_error (("can't access directory '%s': %s\n"), + dirname, gpg_strerror (err)); + goto leave; + } + + while ((dentry = readdir (dir))) + { + if (*dentry->d_name == '.') + continue; + xfree (fname); + fname = make_filename_try (dirname, dentry->d_name, NULL); + if (!fname) + { + err = gpg_error_from_syserror (); + log_error ("make_filename failed in %s: %s\n", + __func__, gpg_strerror (err)); + goto leave; + } + if (strlen (dentry->d_name) != 32) + { + log_info ("garbage file '%s' ignored\n", fname); + continue; + } + if (stat (fname, &sb)) + { + err = gpg_error_from_syserror (); + log_error ("error accessing '%s': %s\n", fname, gpg_strerror (err)); + continue; + } + if (S_ISDIR(sb.st_mode)) + { + log_info ("garbage directory '%s' ignored\n", fname); + continue; + } + if (sb.st_mtime + PENDING_TTL < now) + { + if (opt.verbose) + log_info ("domain %s: removing pending key '%s'\n", + domain, dentry->d_name); + if (remove (fname)) + { + err = gpg_error_from_syserror (); + /* In case the file has just been renamed or another + * processes is cleaning up, we don't print a diagnostic + * for ENOENT. */ + if (gpg_err_code (err) != GPG_ERR_ENOENT) + log_error ("error removing '%s': %s\n", + fname, gpg_strerror (err)); + } + } + } + err = 0; + + leave: + if (dir) + closedir (dir); + xfree (dirname); + xfree (fname); + return err; + +} + + +/* Scan spool directories and expire too old pending keys. */ +static gpg_error_t +expire_pending_confirmations (void) +{ + gpg_error_t err; + DIR *dir = NULL; + char *fname = NULL; + struct dirent *dentry; + struct stat sb; + + dir = opendir (opt.directory); + if (!dir) + { + err = gpg_error_from_syserror (); + goto leave; + } + + while ((dentry = readdir (dir))) + { + if (*dentry->d_name == '.') + continue; + if (!strchr (dentry->d_name, '.')) + continue; /* No dot - can't be a domain subdir. */ + + xfree (fname); + fname = make_filename_try (opt.directory, dentry->d_name, NULL); + if (!fname) + { + err = gpg_error_from_syserror (); + log_error ("make_filename failed in %s: %s\n", + __func__, gpg_strerror (err)); + goto leave; + } + + if (stat (fname, &sb)) + { + err = gpg_error_from_syserror (); + log_error ("error accessing '%s': %s\n", fname, gpg_strerror (err)); + continue; + } + if (!S_ISDIR(sb.st_mode)) + continue; + + expire_one_domain (fname, dentry->d_name); + } + err = 0; + + leave: + if (dir) + closedir (dir); + xfree (fname); + return err; +} + + +/* Run regular maintenance jobs. */ +static gpg_error_t +command_cron (void) +{ + return expire_pending_confirmations (); +} ----------------------------------------------------------------------- Summary of changes: tools/gpg-wks-server.c | 165 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 162 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 12 23:07:09 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Jul 2016 23:07:09 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-136-gacb2791 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via acb27915f8646a875b6bb507ff46cd1bc330c02b (commit) from 38eb5f81d223616e3ee34bdfb41c387ce4e7df22 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit acb27915f8646a875b6bb507ff46cd1bc330c02b Author: Werner Koch Date: Tue Jul 12 23:04:39 2016 +0200 g13: Fix memleak. * g13/g13tuple.c (create_tupledesc): Init refcount to 1. -- The old code somehow assumed that calloc was used. Signed-off-by: Werner Koch diff --git a/g13/g13tuple.c b/g13/g13tuple.c index fc6644c..ddcb467 100644 --- a/g13/g13tuple.c +++ b/g13/g13tuple.c @@ -114,7 +114,7 @@ create_tupledesc (tupledesc_t *r_desc, void *data, size_t datalen) (*r_desc)->data = data; (*r_desc)->datalen = datalen; (*r_desc)->pos = 0; - (*r_desc)->refcount++; + (*r_desc)->refcount = 1; return 0; } ----------------------------------------------------------------------- Summary of changes: g13/g13tuple.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 13 02:27:51 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 13 Jul 2016 02:27:51 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-137-g7be2181 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7be218177701af316db75057c99ca674d53cf585 (commit) from acb27915f8646a875b6bb507ff46cd1bc330c02b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7be218177701af316db75057c99ca674d53cf585 Author: NIIBE Yutaka Date: Wed Jul 13 09:24:26 2016 +0900 agent: Fix envvars for UPDATESTARTUPTTY. agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames to get the list. -- Debian-bug-id: 801247 Signed-off-by: NIIBE Yutaka diff --git a/agent/command.c b/agent/command.c index de5b184..e5d2268 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2663,14 +2663,13 @@ static const char hlp_updatestartuptty[] = static gpg_error_t cmd_updatestartuptty (assuan_context_t ctx, char *line) { - static const char *names[] = - { "GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL }; ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; session_env_t se; - int idx; char *lc_ctype = NULL; char *lc_messages = NULL; + int iterator; + const char *name; (void)line; @@ -2681,11 +2680,12 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line) if (!se) err = gpg_error_from_syserror (); - for (idx=0; !err && names[idx]; idx++) + iterator = 0; + while (!err && (name = session_env_list_stdenvnames (&iterator, NULL))) { - const char *value = session_env_getenv (ctrl->session_env, names[idx]); + const char *value = session_env_getenv (ctrl->session_env, name); if (value) - err = session_env_setenv (se, names[idx], value); + err = session_env_setenv (se, name, value); } if (!err && ctrl->lc_ctype) ----------------------------------------------------------------------- Summary of changes: agent/command.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 13 11:49:32 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jul 2016 11:49:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-138-g44ecc33 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 44ecc33b4a7147d9c112a72f55a42b65cef4fe67 (commit) from 7be218177701af316db75057c99ca674d53cf585 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 44ecc33b4a7147d9c112a72f55a42b65cef4fe67 Author: Werner Koch Date: Wed Jul 13 11:44:48 2016 +0200 wks: New server command --list-domains * tools/gpg-wks-server.c (aListDomains): New. (opts): Add --list-domains. (parse_arguments): Implement. (main): Ditto. Use only one final diagnostic message. (command_list_domains): New. (check_and_publish): Remove directory creation. (get_domain_list): New. (expire_pending_confirmations): Rewrite using a list of directories. (command_cron): Get domain list and pass to expire_pending_confirmations. -- gpg-wks-server --list-domains is required once to create the sub directories diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 6fbcc05..f15085f 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -61,6 +61,7 @@ enum cmd_and_opt_values aReceive, aCron, + aListDomains, oGpgProgram, oSend, @@ -79,6 +80,8 @@ static ARGPARSE_OPTS opts[] = { ("receive a submission or confirmation")), ARGPARSE_c (aCron, "cron", ("run regular jobs")), + ARGPARSE_c (aListDomains, "list-domains", + ("list configured domains")), ARGPARSE_group (301, ("@\nOptions:\n ")), @@ -116,10 +119,12 @@ struct server_ctx_s }; typedef struct server_ctx_s *server_ctx_t; - +/* Prototypes. */ +static gpg_error_t get_domain_list (strlist_t *r_list); static gpg_error_t command_receive_cb (void *opaque, const char *mediatype, estream_t fp); +static gpg_error_t command_list_domains (void); static gpg_error_t command_cron (void); @@ -201,6 +206,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) case aReceive: case aCron: + case aListDomains: cmd = pargs->r_opt; break; @@ -314,23 +320,26 @@ main (int argc, char **argv) if (argc) wrong_args ("--receive"); err = wks_receive (es_stdin, command_receive_cb, NULL); - if (err) - log_error ("processing mail failed: %s\n", gpg_strerror (err)); break; case aCron: if (argc) wrong_args ("--cron"); err = command_cron (); - if (err) - log_error ("running --cron failed: %s\n", gpg_strerror (err)); + break; + + case aListDomains: + err = command_list_domains (); break; default: usage (1); + err = gpg_error (GPG_ERR_BUG); break; } + if (err) + log_error ("command failed: %s\n", gpg_strerror (err)); return log_get_errorcount (0)? 1:0; } @@ -713,9 +722,6 @@ store_key_as_pending (const char *dir, estream_t key, goto leave; } - if (!gnupg_mkdir (dname, "-rwx")) - log_info ("directory '%s' created\n", dname); - /* Create the nonce. We use 20 bytes so that we don't waste a * character in our zBase-32 encoding. Using the gcrypt's nonce * function is faster than using the strong random function; this is @@ -1077,19 +1083,6 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) goto leave; } - { - /*FIXME: This is a hack to make installation easier. It is better - * to let --cron create the required directories. */ - fnewname = make_filename_try (opt.directory, domain, "hu", NULL); - if (!fnewname) - { - err = gpg_error_from_syserror (); - goto leave; - } - if (!gnupg_mkdir (fnewname, "-rwxr-xr-x")) - log_info ("directory '%s' created\n", fnewname); - xfree (fnewname); - } fnewname = make_filename_try (opt.directory, domain, "hu", hash, NULL); if (!fnewname) { @@ -1263,6 +1256,76 @@ command_receive_cb (void *opaque, const char *mediatype, estream_t msg) +/* Return a list of all configured domains. ECh list element is the + * top directory for for the domain. To figure out the actual domain + * name strrchr(name, '/') can be used. */ +static gpg_error_t +get_domain_list (strlist_t *r_list) +{ + gpg_error_t err; + DIR *dir = NULL; + char *fname = NULL; + struct dirent *dentry; + struct stat sb; + strlist_t list = NULL; + + *r_list = NULL; + + dir = opendir (opt.directory); + if (!dir) + { + err = gpg_error_from_syserror (); + goto leave; + } + + while ((dentry = readdir (dir))) + { + if (*dentry->d_name == '.') + continue; + if (!strchr (dentry->d_name, '.')) + continue; /* No dot - can't be a domain subdir. */ + + xfree (fname); + fname = make_filename_try (opt.directory, dentry->d_name, NULL); + if (!fname) + { + err = gpg_error_from_syserror (); + log_error ("make_filename failed in %s: %s\n", + __func__, gpg_strerror (err)); + goto leave; + } + + if (stat (fname, &sb)) + { + err = gpg_error_from_syserror (); + log_error ("error accessing '%s': %s\n", fname, gpg_strerror (err)); + continue; + } + if (!S_ISDIR(sb.st_mode)) + continue; + + if (!add_to_strlist_try (&list, fname)) + { + err = gpg_error_from_syserror (); + log_error ("add_to_strlist failed in %s: %s\n", + __func__, gpg_strerror (err)); + goto leave; + } + } + err = 0; + *r_list = list; + list = NULL; + + leave: + free_strlist (list); + if (dir) + closedir (dir); + xfree (fname); + return err; +} + + + static gpg_error_t expire_one_domain (const char *top_dirname, const char *domain) { @@ -1352,55 +1415,114 @@ expire_one_domain (const char *top_dirname, const char *domain) /* Scan spool directories and expire too old pending keys. */ static gpg_error_t -expire_pending_confirmations (void) +expire_pending_confirmations (strlist_t domaindirs) +{ + gpg_error_t err = 0; + strlist_t sl; + const char *domain; + + for (sl = domaindirs; sl; sl = sl->next) + { + domain = strrchr (sl->d, '/'); + log_assert (domain); + domain++; + + expire_one_domain (sl->d, domain); + } + + return err; +} + + +/* List all configured domains. */ +static gpg_error_t +command_list_domains (void) { + static struct { + const char *name; + const char *perm; + } requireddirs[] = { + { "pending", "-rwx" }, + { "hu", "-rwxr-xr-x" } + }; + gpg_error_t err; - DIR *dir = NULL; + strlist_t domaindirs; + strlist_t sl; + const char *domain; char *fname = NULL; - struct dirent *dentry; - struct stat sb; + int i; - dir = opendir (opt.directory); - if (!dir) + err = get_domain_list (&domaindirs); + if (err) { - err = gpg_error_from_syserror (); - goto leave; + log_error ("error reading list of domains: %s\n", gpg_strerror (err)); + return err; } - while ((dentry = readdir (dir))) + for (sl = domaindirs; sl; sl = sl->next) { - if (*dentry->d_name == '.') - continue; - if (!strchr (dentry->d_name, '.')) - continue; /* No dot - can't be a domain subdir. */ + domain = strrchr (sl->d, '/'); + log_assert (domain); + domain++; + es_printf ("%s\n", domain); + /* Check that the required directories are there. */ + for (i=0; i < DIM (requireddirs); i++) + { + xfree (fname); + fname = make_filename_try (sl->d, requireddirs[i].name, NULL); + if (!fname) + { + err = gpg_error_from_syserror (); + goto leave; + } + if (access (fname, W_OK)) + { + err = gpg_error_from_syserror (); + if (gpg_err_code (err) == GPG_ERR_ENOENT) + { + if (gnupg_mkdir (fname, requireddirs[i].perm)) + { + err = gpg_error_from_syserror (); + log_error ("domain %s: error creating subdir '%s': %s\n", + domain, requireddirs[i].name, + gpg_strerror (err)); + } + else + log_info ("domain %s: subdir '%s' created\n", + domain, requireddirs[i].name); + } + else if (err) + log_error ("domain %s: problem with subdir '%s': %s\n", + domain, requireddirs[i].name, gpg_strerror (err)); + } + } + + /* Print a warning if the sumbission address is not configured. */ xfree (fname); - fname = make_filename_try (opt.directory, dentry->d_name, NULL); + fname = make_filename_try (sl->d, "submission-address", NULL); if (!fname) { err = gpg_error_from_syserror (); - log_error ("make_filename failed in %s: %s\n", - __func__, gpg_strerror (err)); goto leave; } - - if (stat (fname, &sb)) + if (access (fname, F_OK)) { err = gpg_error_from_syserror (); - log_error ("error accessing '%s': %s\n", fname, gpg_strerror (err)); - continue; + if (gpg_err_code (err) == GPG_ERR_ENOENT) + log_error ("domain %s: submission address not configured\n", + domain); + else + log_error ("domain %s: problem with '%s': %s\n", + domain, fname, gpg_strerror (err)); } - if (!S_ISDIR(sb.st_mode)) - continue; - - expire_one_domain (fname, dentry->d_name); } err = 0; leave: - if (dir) - closedir (dir); xfree (fname); + free_strlist (domaindirs); return err; } @@ -1409,5 +1531,18 @@ expire_pending_confirmations (void) static gpg_error_t command_cron (void) { - return expire_pending_confirmations (); + gpg_error_t err; + strlist_t domaindirs; + + err = get_domain_list (&domaindirs); + if (err) + { + log_error ("error reading list of domains: %s\n", gpg_strerror (err)); + return err; + } + + err = expire_pending_confirmations (domaindirs); + + free_strlist (domaindirs); + return err; } ----------------------------------------------------------------------- Summary of changes: tools/gpg-wks-server.c | 231 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 183 insertions(+), 48 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 13 12:01:35 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 13 Jul 2016 12:01:35 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-228-g537cb87 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 537cb871fd59f3a20c697a046715e6339ff6633b (commit) from 1bff47ee58bcf9d0016fb7ac7e37cbf075abd059 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 537cb871fd59f3a20c697a046715e6339ff6633b Author: Andre Heinecke Date: Wed Jul 13 11:56:18 2016 +0200 Cpp: Add feature enum for new identify * lang/cpp/src/context.cpp (supported_features2): Add BinaryAndFineGrainedIdentify * lang/cpp/src/global.h (Feature2): ditto. -- This is mostly for compatible code with KF5::Gpgmepp where there is no hard requirement against gpgme 1.7. With 1.7 a version check would also suffice. diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 9e31b6a..20d827e 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -1519,6 +1519,7 @@ static const unsigned long supported_features = 0 ; static const unsigned long supported_features2 = 0 + | GpgME::BinaryAndFineGrainedIdentify ; bool GpgME::hasFeature(unsigned long features) diff --git a/lang/cpp/src/global.h b/lang/cpp/src/global.h index 9be5202..508e1d7 100644 --- a/lang/cpp/src/global.h +++ b/lang/cpp/src/global.h @@ -131,8 +131,10 @@ enum Feature { FeatureMaxValue = 0x80000000 }; enum Feature2 { + BinaryAndFineGrainedIdentify = 0x00000001, // gpgme >= 1.7.0 Feature2MaxValue = 0x80000000 }; + // use hasFeature( unsigned long, unsigned long ) instead GPGMEPP_DEPRECATED_EXPORT bool hasFeature(unsigned long feature); GPGMEPP_EXPORT bool hasFeature(unsigned long feature, unsigned long feature2); ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/context.cpp | 1 + lang/cpp/src/global.h | 2 ++ 2 files changed, 3 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 13 12:14:39 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jul 2016 12:14:39 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-139-g9581092 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 95810929f75bd718dbdf2cd1c0181137a45e2456 (commit) from 44ecc33b4a7147d9c112a72f55a42b65cef4fe67 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 95810929f75bd718dbdf2cd1c0181137a45e2456 Author: Werner Koch Date: Wed Jul 13 12:12:21 2016 +0200 wks: Use correct key for the confirmation * tools/gpg-wks-client.c (send_confirmation_response): Actually encrypt to the recipient. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index ca7ec70..2ee23d7 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -581,7 +581,7 @@ send_confirmation_response (const char *sender, const char *address, es_rewind (body); if (encrypt) { - err = encrypt_response (&bodyenc, body, address); + err = encrypt_response (&bodyenc, body, sender); if (err) goto leave; es_fclose (body); ----------------------------------------------------------------------- Summary of changes: tools/gpg-wks-client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 13 14:51:36 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jul 2016 14:51:36 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-230-gd8d5f5a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via d8d5f5a16712244fe6eff860b6ac5f007b1bf870 (commit) via 2095b1573a8196ba3efdf817324d1b3ee05cbb93 (commit) from 537cb871fd59f3a20c697a046715e6339ff6633b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d8d5f5a16712244fe6eff860b6ac5f007b1bf870 Author: Werner Koch Date: Wed Jul 13 14:45:02 2016 +0200 core: New GPGME_DATA_ENCODING_MIME. * src/gpgme.h.in (GPGME_DATA_ENCODING_MIME): New. * src/data.c (gpgme_data_set_encoding): Adjust check. * src/engine-gpg.c (have_gpg_version): New. (gpg_encrypt, gpg_encrypt_sign): Pass flag '--mimemode'. (gpg_sign): Ditto. * lang/cpp/src/data.h (GpgME): Add MimeEncoding. * lang/cpp/src/data.cpp (encoding, setEncoding): Support MimeEncoding. * src/gpgme-tool.c (server_data_encoding): Add flag --mime. -- This feature allows an application to declare that the encrypted or signed data is a valid MIME part. What is missing is a way to return that information to the application after decryption/verification. This can be done by setting the encoding of the output data object; however this requires some internal additions to our processing model. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 32f3c84..bb31a50 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_STATUS_NOTATION_FLAGS NEW. GPGME_DATA_TYPE_PGP_ENCRYPTED NEW. GPGME_DATA_TYPE_PGP_SIGNATURE NEW. + GPGME_DATA_ENCODING_MIME NEW. Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 87322b0..c514ff8 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -2130,6 +2130,9 @@ scheme as used by @acronym{MIME} and other protocols. This specifies that the data is encoded in an armored form as used by OpenPGP and PEM. + at item GPGME_DATA_ENCODING_MIME +This specifies that the data is encoded as a MIME part. + @item GPGME_DATA_ENCODING_URL The data is a list of linefeed delimited URLs. This is only useful with @code{gpgme_op_import}. diff --git a/lang/cpp/src/data.cpp b/lang/cpp/src/data.cpp index af1c479..64acb47 100644 --- a/lang/cpp/src/data.cpp +++ b/lang/cpp/src/data.cpp @@ -146,6 +146,7 @@ GpgME::Data::Encoding GpgME::Data::encoding() const case GPGME_DATA_ENCODING_BINARY: return BinaryEncoding; case GPGME_DATA_ENCODING_BASE64: return Base64Encoding; case GPGME_DATA_ENCODING_ARMOR: return ArmorEncoding; + case GPGME_DATA_ENCODING_MIME: return MimeEncoding; } return AutoEncoding; } @@ -158,6 +159,7 @@ GpgME::Error GpgME::Data::setEncoding(Encoding enc) case BinaryEncoding: ge = GPGME_DATA_ENCODING_BINARY; break; case Base64Encoding: ge = GPGME_DATA_ENCODING_BASE64; break; case ArmorEncoding: ge = GPGME_DATA_ENCODING_ARMOR; break; + case MimeEncoding: ge = GPGME_DATA_ENCODING_MIME; break; } return Error(gpgme_data_set_encoding(d->data, ge)); } diff --git a/lang/cpp/src/data.h b/lang/cpp/src/data.h index d5e54aa..b2f2173 100644 --- a/lang/cpp/src/data.h +++ b/lang/cpp/src/data.h @@ -77,7 +77,8 @@ public: AutoEncoding, BinaryEncoding, Base64Encoding, - ArmorEncoding + ArmorEncoding, + MimeEncoding }; Encoding encoding() const; Error setEncoding(Encoding encoding); diff --git a/src/data.c b/src/data.c index 7123a82..87b619e 100644 --- a/src/data.c +++ b/src/data.c @@ -193,7 +193,7 @@ gpgme_data_set_encoding (gpgme_data_t dh, gpgme_data_encoding_t enc) "encoding=%i", enc); if (!dh) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); - if (enc < 0 || enc > GPGME_DATA_ENCODING_URL0) + if (enc < 0 || enc > GPGME_DATA_ENCODING_MIME) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); dh->encoding = enc; return TRACE_ERR (0); diff --git a/src/engine-gpg.c b/src/engine-gpg.c index e279f04..16571a5 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -294,6 +294,15 @@ add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound) return 0; } + +/* Return true if the engine's version is at least VERSION. */ +static int +have_gpg_version (engine_gpg_t gpg, const char *version) +{ + return _gpgme_compare_versions (gpg->version, version); +} + + static char * gpg_get_version (const char *file_name) @@ -1719,6 +1728,10 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags, if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) err = add_arg (gpg, "--compress-algo=none"); + if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME + && have_gpg_version (gpg, "2.1.14")) + err = add_arg (gpg, "--mimemode"); + if (!symmetric) { /* If we know that all recipients are valid (full or ultimate trust) @@ -1779,6 +1792,10 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[], if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) err = add_arg (gpg, "--compress-algo=none"); + if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME + && have_gpg_version (gpg, "2.1.14")) + err = add_arg (gpg, "--mimemode"); + if (!symmetric) { /* If we know that all recipients are valid (full or ultimate trust) @@ -2381,8 +2398,14 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out, err = add_arg (gpg, "--detach"); if (!err && use_armor) err = add_arg (gpg, "--armor"); - if (!err && use_textmode) - err = add_arg (gpg, "--textmode"); + if (!err) + { + if (gpgme_data_get_encoding (in) == GPGME_DATA_ENCODING_MIME + && have_gpg_version (gpg, "2.1.14")) + err = add_arg (gpg, "--mimemode"); + else if (use_textmode) + err = add_arg (gpg, "--textmode"); + } } if (!err) diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index ccda973..080b306 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -1876,6 +1876,8 @@ server_data_encoding (const char *line) return GPGME_DATA_ENCODING_URLESC; if (strstr (line, "--url0")) return GPGME_DATA_ENCODING_URL0; + if (strstr (line, "--mime")) + return GPGME_DATA_ENCODING_MIME; return GPGME_DATA_ENCODING_NONE; } diff --git a/src/gpgme.h.in b/src/gpgme.h.in index cdb7037..49d56c3 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -228,7 +228,8 @@ typedef enum GPGME_DATA_ENCODING_ARMOR = 3, /* Either PEM or OpenPGP Armor. */ GPGME_DATA_ENCODING_URL = 4, /* LF delimited URL list. */ GPGME_DATA_ENCODING_URLESC = 5, /* Ditto, but percent escaped. */ - GPGME_DATA_ENCODING_URL0 = 6 /* Nul delimited URL list. */ + GPGME_DATA_ENCODING_URL0 = 6, /* Nul delimited URL list. */ + GPGME_DATA_ENCODING_MIME = 7 /* Data is a MIME part. */ } gpgme_data_encoding_t; commit 2095b1573a8196ba3efdf817324d1b3ee05cbb93 Author: Werner Koch