[git] GnuPG - branch, master, updated. gnupg-2.1.15-383-gbd91f92
by Werner Koch
cvs at cvs.gnupg.org
Thu Nov 17 10:17:08 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via bd91f92ace09263e3a91177f2a1644379baeb08a (commit)
via c45ca316a54665915ae08399484db271566db7c0 (commit)
via d8da5bc50b856db3445435780311c9f8e52a5144 (commit)
from 52c10a280af6ce06eb1732ff35b095f2b8d24b9f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bd91f92ace09263e3a91177f2a1644379baeb08a
Author: Werner Koch <wk at gnupg.org>
Date: Thu Nov 17 10:14:14 2016 +0100
dirmngr: Auto-sownload the swdb.lst
* dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
* dirmngr/dirmngr.c (oAllowVersionCheck): New.
(opts): Add --allow-version-check.
(network_activity_seen): New variable.
(parse_rereadable_options): Set opt.allow_version_check.
(main) <aGPGConfList>: Do not anymore set the no change flag for
Windows. Add allow-version-check.
(netactivity_action): Set network_activity_seen.
(housekeeping_thread): Call dirmngr_load_swdb.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
Make "use-tor" available at Basic level.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index db5079c..9d4fb14 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -131,6 +131,7 @@ enum cmd_and_opt_values {
oFakedSystemTime,
oForce,
oAllowOCSP,
+ oAllowVersionCheck,
oSocketName,
oLDAPWrapperProgram,
oHTTPWrapperProgram,
@@ -176,6 +177,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oBatch, "batch", N_("run without asking a user")),
ARGPARSE_s_n (oForce, "force", N_("force loading of outdated CRLs")),
ARGPARSE_s_n (oAllowOCSP, "allow-ocsp", N_("allow sending OCSP requests")),
+ ARGPARSE_s_n (oAllowVersionCheck, "allow-version-check",
+ N_("allow online software version check")),
ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")),
ARGPARSE_s_n (oDisableLDAP, "disable-ldap", N_("inhibit the use of LDAP")),
ARGPARSE_s_n (oIgnoreHTTPDP,"ignore-http-dp",
@@ -289,6 +292,10 @@ static int disable_check_own_socket;
/* Counter for the active connections. */
static int active_connections;
+/* This flag is set by any network access and used by the housekeeping
+ * thread to run background network tasks. */
+static int network_activity_seen;
+
/* The timer tick used for housekeeping stuff. For Windows we use a
longer period as the SetWaitableTimer seems to signal earlier than
the 2 seconds. All values are in seconds. */
@@ -526,6 +533,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.ignore_ldap_dp = 0;
opt.ignore_ocsp_service_url = 0;
opt.allow_ocsp = 0;
+ opt.allow_version_check = 0;
opt.ocsp_responder = NULL;
opt.ocsp_max_clock_skew = 10 * 60; /* 10 minutes. */
opt.ocsp_max_period = 90 * 86400; /* 90 days. */
@@ -588,6 +596,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oIgnoreOCSPSvcUrl: opt.ignore_ocsp_service_url = 1; break;
case oAllowOCSP: opt.allow_ocsp = 1; break;
+ case oAllowVersionCheck: opt.allow_version_check = 1; break;
case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
case oOCSPSigner:
opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str);
@@ -1329,15 +1338,6 @@ main (int argc, char **argv)
char *filename;
char *filename_esc;
-#ifdef HAVE_W32_SYSTEM
- /* On Windows systems, dirmngr always runs as system daemon, and
- the per-user configuration is never used. So we short-cut
- everything to use the global system configuration of dirmngr
- above, and here we set the no change flag to make these
- read-only. */
- flags |= GC_OPT_FLAG_NO_CHANGE;
-#endif
-
/* First the configuration file. This is not an option, but it
is vital information for GPG Conf. */
if (!opt.config_filename)
@@ -1375,6 +1375,7 @@ main (int argc, char **argv)
es_printf ("max-replies:%lu:%u\n",
flags | GC_OPT_FLAG_DEFAULT, DEFAULT_MAX_REPLIES);
es_printf ("allow-ocsp:%lu:\n", flags | GC_OPT_FLAG_NONE);
+ es_printf ("allow-version-check:%lu:\n", flags | GC_OPT_FLAG_NONE);
es_printf ("ocsp-responder:%lu:\n", flags | GC_OPT_FLAG_NONE);
es_printf ("ocsp-signer:%lu:\n", flags | GC_OPT_FLAG_NONE);
@@ -1723,7 +1724,7 @@ dirmngr_sighup_action (void)
static void
netactivity_action (void)
{
- log_debug ("network activity seen\n");
+ network_activity_seen = 1;
}
@@ -1782,6 +1783,7 @@ housekeeping_thread (void *arg)
{
static int sentinel;
time_t curtime;
+ struct server_control_s ctrlbuf;
(void)arg;
@@ -1795,7 +1797,18 @@ housekeeping_thread (void *arg)
if (opt.verbose > 1)
log_info ("starting housekeeping\n");
+ memset (&ctrlbuf, 0, sizeof ctrlbuf);
+ dirmngr_init_default_ctrl (&ctrlbuf);
+
ks_hkp_housekeeping (curtime);
+ if (network_activity_seen)
+ {
+ network_activity_seen = 0;
+ if (opt.use_tor || opt.allow_version_check)
+ dirmngr_load_swdb (&ctrlbuf, 0);
+ }
+
+ dirmngr_deinit_default_ctrl (&ctrlbuf);
if (opt.verbose > 1)
log_info ("ready with housekeeping\n");
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 42b3b2b..da1c4be 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -92,6 +92,7 @@ struct
int running_detached; /* We are running in detached mode. */
int use_tor; /* Tor mode has been enabled. */
+ int allow_version_check; /* --allow-version-check is active. */
int force; /* Force loading outdated CRLs. */
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 300068e..73afbc3 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -244,6 +244,15 @@ this still leaks the DNS queries; e.g. to lookup the hosts in a
keyserver pool. Certain other features are disabled if this mode is
active.
+ at item --allow-version-check
+ at opindex allow-version-check
+Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get
+the list of current software versions. If this option is enabled, or
+if @option{use-tor} is active, the list is retrieved when the local
+copy does not exist or is older than 5 to 7 days. See the option
+ at option{--query-swdb} of the command @command{gpgconf} for more
+details.
+
@item --keyserver @var{name}
@opindex keyserver
Use @var{name} as your keyserver. This is the server that @command{gpg}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 48c1b68..cd99c81 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -909,11 +909,14 @@ static gc_option_t gc_options_dirmngr[] =
{ "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"dirmngr", "force loading of outdated CRLs",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "allow online software version check",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "Tor",
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
"gnupg", N_("Options controlling the use of Tor") },
- { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"dirmngr", "route all network traffic via TOR",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
commit c45ca316a54665915ae08399484db271566db7c0
Author: Werner Koch <wk at gnupg.org>
Date: Thu Nov 17 10:07:11 2016 +0100
dirmngr: Improve downloading of swdb.lst.
* dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified"
timestamp.
(dirmngr_load_swdb): Avoid unnecessary disk or network access witout
FORCE. Do not update swdb.lst if it did not change.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/loadswdb.c b/dirmngr/loadswdb.c
index 57a7e04..bc56c2a 100644
--- a/dirmngr/loadswdb.c
+++ b/dirmngr/loadswdb.c
@@ -30,11 +30,11 @@
#include "ks-engine.h"
-/* Get the time from the current swdb file and store it at R_TIME. If
- * the file does not exist 0 is stored at R_TIME. The function
- * returns 0 on sucess or an error code. */
+/* Get the time from the current swdb file and store it at R_FILEDATE
+ * and R_VERIFIED. If the file does not exist 0 is stored at there.
+ * The function returns 0 on sucess or an error code. */
static gpg_error_t
-time_of_saved_swdb (const char *fname, time_t *r_time)
+time_of_saved_swdb (const char *fname, time_t *r_filedate, time_t *r_verified)
{
gpg_error_t err;
estream_t fp = NULL;
@@ -43,9 +43,12 @@ time_of_saved_swdb (const char *fname, time_t *r_time)
size_t maxlen;
ssize_t len;
char *fields[2];
- time_t t = (time_t)(-1);
+ gnupg_isotime_t isot;
+ time_t filedate = (time_t)(-1);
+ time_t verified = (time_t)(-1);
- *r_time = 0;
+ *r_filedate = 0;
+ *r_verified = 0;
fp = es_fopen (fname, "r");
err = fp? 0 : gpg_error_from_syserror ();
@@ -76,12 +79,15 @@ time_of_saved_swdb (const char *fname, time_t *r_time)
continue; /* Skip comments. */
/* Record the meta data. */
- if (!strcmp (fields[0], ".filedate"))
+ if (filedate == (time_t)(-1) && !strcmp (fields[0], ".filedate"))
{
- gnupg_isotime_t isot;
- if (string2isotime (isot, fields[1])
- && (t = isotime2epoch (isot)) != (time_t)(-1))
- break; /* Got the time - stop reading. */
+ if (string2isotime (isot, fields[1]))
+ filedate = isotime2epoch (isot);
+ }
+ else if (verified == (time_t)(-1) && !strcmp (fields[0], ".verified"))
+ {
+ if (string2isotime (isot, fields[1]))
+ verified = isotime2epoch (isot);
}
}
if (len < 0 || es_ferror (fp))
@@ -89,13 +95,14 @@ time_of_saved_swdb (const char *fname, time_t *r_time)
err = gpg_error_from_syserror ();
goto leave;
}
- if (t == (time_t)(-1))
+ if (filedate == (time_t)(-1) || verified == (time_t)(-1))
{
err = gpg_error (GPG_ERR_INV_TIME);
goto leave;
}
- *r_time = t;
+ *r_filedate = filedate;
+ *r_verified = verified;
leave:
if (err)
@@ -214,6 +221,8 @@ dirmngr_load_swdb (ctrl_t ctrl, int force)
struct verify_status_parm_s verify_status_parm = { (time_t)(-1), 0 };
estream_t outfp = NULL;
time_t now = gnupg_get_time ();
+ time_t filedate = 0; /* ".filedate" from our swdb. */
+ time_t verified = 0; /* ".verified" from our swdb. */
gnupg_isotime_t isotime;
@@ -227,15 +236,37 @@ dirmngr_load_swdb (ctrl_t ctrl, int force)
/* Check whether there is a need to get an update. */
if (!force)
{
- time_t filetime;
+ static int not_older_than;
+ static time_t lastcheck;
+
+ if (!not_older_than)
+ {
+ /* To balance access to the server we use a random time from
+ * 5 to 7 days for update checks. */
+ not_older_than = 5 * 86400;
+ not_older_than += (get_uint_nonce () % (2*86400));
+ }
- err = time_of_saved_swdb (fname, &filetime);
+ if (now - lastcheck < 3600)
+ {
+ /* We checked our swdb file in the last hour - don't check
+ * again to avoid unnecessary disk access. */
+ err = 0;
+ goto leave;
+ }
+ lastcheck = now;
+
+ err = time_of_saved_swdb (fname, &filedate, &verified);
+ if (gpg_err_code (err) == GPG_ERR_INV_TIME)
+ err = 0; /* Force reading. */
if (err)
goto leave;
- if (filetime >= now)
+ if (filedate >= now)
goto leave; /* Current or newer. */
- if (now - filetime < 3*86400)
- goto leave; /* Not older than 3 days. */
+ if (now - filedate < not_older_than)
+ goto leave; /* Our copy is pretty new (not older than 7 days). */
+ if (verified > now && now - verified < 3*3600)
+ goto leave; /* We downloaded and verified in the last 3 hours. */
}
/* Create the filename of the file with the keys. */
@@ -277,6 +308,11 @@ dirmngr_load_swdb (ctrl_t ctrl, int force)
if (err)
goto leave;
+ /* If our swdb is not older than the downloaded one. We don't
+ * bother to update. */
+ if (!force && filedate >= verify_status_parm.sigtime)
+ goto leave;
+
/* Create a file name for a temporary file in the home directory.
* We will later rename that file to the real name. */
{
diff --git a/doc/tools.texi b/doc/tools.texi
index 6e578a3..b1ed615 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -307,7 +307,15 @@ is given, check that file instead.
@item --query-swdb @var{package_name} [@var{version_string}]
Returns the current version for @var{package_name} and if
@var{version_string} is given also an indicator on whether an update
-is available.
+is available. The actual file with the software version is
+automatically downloaded and checked by @command{dirmngr}.
+ at command{dirmngr} uses a thresholds to avoid download the file too
+often and it does this by default only if it can be done via Tor. To
+force an update of that file this command can be used:
+
+ at example
+ gpg-connect-agent --dirmngr 'loadswdb --force' /bye
+ at end example
@item --reload [@var{component}]
commit d8da5bc50b856db3445435780311c9f8e52a5144
Author: Werner Koch <wk at gnupg.org>
Date: Thu Nov 17 09:56:32 2016 +0100
gpgconf: Change the displayed names of the components.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 55e822c..48c1b68 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -1060,12 +1060,12 @@ static struct
gc_option_t *options;
} gc_component[] =
{
- { "gpg", "gnupg", N_("GPG for OpenPGP"), gc_options_gpg },
- { "gpg-agent","gnupg", N_("GPG Agent"), gc_options_gpg_agent },
- { "scdaemon", "gnupg", N_("Smartcard Daemon"), gc_options_scdaemon },
- { "gpgsm", "gnupg", N_("GPG for S/MIME"), gc_options_gpgsm },
- { "dirmngr", "gnupg", N_("Key Acquirer"), gc_options_dirmngr },
- { "pinentry", "gnupg", N_("PIN and Passphrase Entry"), gc_options_pinentry }
+ { "gpg", "gnupg", N_("OpenPGP"), gc_options_gpg },
+ { "gpg-agent","gnupg", N_("Private Keys"), gc_options_gpg_agent },
+ { "scdaemon", "gnupg", N_("Smartcards"), gc_options_scdaemon },
+ { "gpgsm", "gnupg", N_("S/MIME"), gc_options_gpgsm },
+ { "dirmngr", "gnupg", N_("Network"), gc_options_dirmngr },
+ { "pinentry", "gnupg", N_("Passphrase Entry"), gc_options_pinentry }
};
-----------------------------------------------------------------------
Summary of changes:
dirmngr/dirmngr.c | 33 ++++++++++++++++--------
dirmngr/dirmngr.h | 1 +
dirmngr/loadswdb.c | 72 +++++++++++++++++++++++++++++++++++++++-------------
doc/dirmngr.texi | 9 +++++++
doc/tools.texi | 10 +++++++-
tools/gpgconf-comp.c | 17 ++++++++-----
6 files changed, 106 insertions(+), 36 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list