From cvs at cvs.gnupg.org Thu Sep 1 10:07:33 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 01 Sep 2016 10:07:33 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.24-4-gbf7eb97 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via bf7eb978597ba07906f0a7490e626c071af1987f (commit) via bc3e817bd7e671975f94bae20cbbf9a91fe3353b (commit) from b2640cb1f7b3b056ea4f8fe4b79d58fcd10ef93b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bf7eb978597ba07906f0a7490e626c071af1987f Author: Werner Koch Date: Thu Sep 1 09:48:39 2016 +0200 Check the size of the time_t. * configure.ac (AC_HEADER_TIME): New. (AC_CHECK_SIZEOF): Check size of time_t. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 61b3b47..1caf655 100644 --- a/configure.ac +++ b/configure.ac @@ -184,6 +184,20 @@ AC_C_CONST AC_CHECK_SIZEOF(int) AC_CHECK_SIZEOF(long) AC_CHECK_SIZEOF(long long) +AC_HEADER_TIME +AC_CHECK_SIZEOF(time_t,,[[ +#include +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +]]) # Find a 64 bit integer type to be used instead of off_t. We prefer # the standard integer types over int64_t and finally try long long. commit bc3e817bd7e671975f94bae20cbbf9a91fe3353b Author: Werner Koch Date: Thu Sep 1 09:47:38 2016 +0200 Add error WINDOW_TOO_SMALL, WINDOW_TOO_LARGE, and MISSING_ENVVAR. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 31b2b75..f7e1af6 100644 --- a/NEWS +++ b/NEWS @@ -3,7 +3,10 @@ Noteworthy changes in version 1.25 (unreleased) [C19/A19/R_) * Interface changes relative to the 1.23 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - GPG_ERR_ENGINE_TOO_OLD NEW. + GPG_ERR_ENGINE_TOO_OLD NEW. + GPG_ERR_WINDOW_TOO_SMALL NEW. + GPG_ERR_WINDOW_TOO_LARGE NEW. + GPG_ERR_MISSING_ENVVAR NEW. Noteworthy changes in version 1.24 (2016-07-14) [C19/A19/R1) diff --git a/doc/errorref.txt b/doc/errorref.txt index 5044572..b943c67 100644 --- a/doc/errorref.txt +++ b/doc/errorref.txt @@ -805,6 +805,45 @@ GPG_ERR_FALSE False Used to return the boolean value False. + +GPG_ERR_ASS_GENERAL (257) General IPC error +GPG_ERR_ASS_ACCEPT_FAILED (258) IPC accept call failed +GPG_ERR_ASS_CONNECT_FAILED (259) IPC connect call failed +GPG_ERR_ASS_INV_RESPONSE (260) Invalid IPC response +GPG_ERR_ASS_INV_VALUE (261) Invalid value passed to IPC +GPG_ERR_ASS_INCOMPLETE_LINE (262) Incomplete line passed to IPC +GPG_ERR_ASS_LINE_TOO_LONG (263) Line passed to IPC too long +GPG_ERR_ASS_NESTED_COMMANDS (264) Nested IPC commands +GPG_ERR_ASS_NO_DATA_CB (265) No data callback in IPC +GPG_ERR_ASS_NO_INQUIRE_CB (266) No inquire callback in IPC +GPG_ERR_ASS_NOT_A_SERVER (267) Not an IPC server +GPG_ERR_ASS_NOT_A_CLIENT (268) Not an IPC client +GPG_ERR_ASS_SERVER_START (269) Problem starting IPC server +GPG_ERR_ASS_READ_ERROR (270) IPC read error +GPG_ERR_ASS_WRITE_ERROR (271) IPC write error +GPG_ERR_ASS_TOO_MUCH_DATA (273) Too much data for IPC layer +GPG_ERR_ASS_UNEXPECTED_CMD (274) Unexpected IPC command +GPG_ERR_ASS_UNKNOWN_CMD (275) Unknown IPC command +GPG_ERR_ASS_SYNTAX (276) IPC syntax error +GPG_ERR_ASS_CANCELED (277) IPC call has been cancelled +GPG_ERR_ASS_NO_INPUT (278) No input source for IPC +GPG_ERR_ASS_NO_OUTPUT (279) No output source for IPC +GPG_ERR_ASS_PARAMETER (280) IPC parameter error +GPG_ERR_ASS_UNKNOWN_INQUIRE (281) Unknown IPC inquire + + +GPG_ERR_ENGINE_TOO_OLD (300) Crypto engine too old + +GPG_ERR_WINDOW_TOO_SMALL(301) Screen or window too small + + Pinentry: - The size of the screen is too small. + +GPG_ERR_WINDOW_TOO_LARGE (302) Screen or window too large + +GPG_ERR_MISSING_ENVVAR (303) Required environment variable not set + + Pinentry: - The size of the screen can't be determined. + GPG_ERR_LDAP_GENERAL LDAP General error Catch all error for LDAP. Use if if can't map an erro rocde to an diff --git a/src/err-codes.h.in b/src/err-codes.h.in index b44ac3f..dcbc0a3 100644 --- a/src/err-codes.h.in +++ b/src/err-codes.h.in @@ -320,7 +320,11 @@ # 282 to 299 are reserved for future assuan codes. 300 GPG_ERR_ENGINE_TOO_OLD Crypto engine too old -# 301 to 720 are free to be used. +301 GPG_ERR_WINDOW_TOO_SMALL Screen or window too small +302 GPG_ERR_WINDOW_TOO_LARGE Screen or window too large +303 GPG_ERR_MISSING_ENVVAR Required environment variable not set + +# This range is free for use. # # Mapping of LDAP error codes ----------------------------------------------------------------------- Summary of changes: NEWS | 5 ++++- configure.ac | 14 ++++++++++++++ doc/errorref.txt | 39 +++++++++++++++++++++++++++++++++++++++ src/err-codes.h.in | 6 +++++- 4 files changed, 62 insertions(+), 2 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 10:07:45 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 01 Sep 2016 10:07:45 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-27-g4c5ae72 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 4c5ae72d481ffd24ff93accee0b42e9b264285f2 (commit) from c032ea2dcb4ac3ce970e62eae88fd24bec822f9c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4c5ae72d481ffd24ff93accee0b42e9b264285f2 Author: Werner Koch Date: Thu Sep 1 10:03:22 2016 +0200 curses: Return better error codes for bad ttynames * pinentry/pinentry-curses.c (dialog_create): Return better error codes. -- With this change the error message is now $ MYTTY=$(tty) $ echo getpin | env -i pinentry-curses -d --ttyname "$MYTTY" OK Pleased to meet you pinentry-curses: no LC_CTYPE known - assuming UTF-8 ERR 83886383 Required environment variable not set Note that with the current released libgcrypt an unknown error code will be printed. GnuPG-bug-id: 2452 Signed-off-by: Werner Koch diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 659fa47..9882cbf 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -50,6 +50,12 @@ #include "pinentry.h" +#if GPG_ERROR_VERSION_NUMBER < 0x011900 /* 1.25 */ +# define GPG_ERR_WINDOW_TOO_SMALL 301 +# define GPG_ERR_MISSING_ENVVAR 303 +#endif + + /* FIXME: We should allow configuration of these button labels and in any case use the default_ok, default_cancel values if available. However, I have no clue about curses and localization. */ @@ -370,7 +376,8 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) if (y > size_y) { err = 1; - pinentry->specific_err = gpg_error (GPG_ERR_ASS_LINE_TOO_LONG); + pinentry->specific_err = gpg_error (size_y < 0? GPG_ERR_MISSING_ENVVAR + /* */ : GPG_ERR_WINDOW_TOO_SMALL); goto out; } @@ -425,7 +432,8 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) if (x > size_x) { err = 1; - pinentry->specific_err = gpg_error (GPG_ERR_ASS_LINE_TOO_LONG); + pinentry->specific_err = gpg_error (size_x < 0? GPG_ERR_MISSING_ENVVAR + /* */ : GPG_ERR_WINDOW_TOO_SMALL); goto out; } ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry-curses.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 11:20:42 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 01 Sep 2016 11:20:42 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-36-gbabeb6f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via babeb6f8a9b1f8341652145bad58be6cd49e0712 (commit) from 04c042f3f2a631bc6e772c33f8da5e7aa7b1902a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit babeb6f8a9b1f8341652145bad58be6cd49e0712 Author: Werner Koch Date: Thu Sep 1 11:18:10 2016 +0200 tests: Run test requiring the network only in maintainer-mode. * dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests. (module_tests): Move t-dns-test to ... (module_net_tests): here. -- Debian-bug-id: 836259 Signed-off-by: Werner Koch diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 64bc058..6b0a1e1 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -28,8 +28,8 @@ if USE_LDAPWRAPPER libexec_PROGRAMS = dirmngr_ldap endif -noinst_PROGRAMS = $(module_tests) $(module_maint_tests) -TESTS = $(module_tests) +noinst_PROGRAMS = $(module_tests) $(module_net_tests) $(module_maint_tests) +TESTS = $(module_tests) $(module_net_tests) AM_CPPFLAGS = -I$(top_srcdir)/common @@ -114,12 +114,20 @@ t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \ $(DNSLIBS) $(LIBINTL) $(LIBICONV) -module_tests = t-dns-stuff +module_tests = if USE_LDAP module_tests += t-ldap-parse-uri endif +# Test which need a network connections are only used in maintainer mode. +if MAINTAINER_MODE +module_net_tests = t-dns-stuff +else +module_net_tests = +endif + +# Tests which are only for manually testing are only build in maintainer-mode. if MAINTAINER_MODE module_maint_tests = t-http else ----------------------------------------------------------------------- Summary of changes: dirmngr/Makefile.am | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 12:46:25 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 01 Sep 2016 12:46:25 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-37-g4cbd2a6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4cbd2a690c5e5ed2dff49c1f4fc867b31fca689a (commit) from babeb6f8a9b1f8341652145bad58be6cd49e0712 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4cbd2a690c5e5ed2dff49c1f4fc867b31fca689a Author: Neal H. Walfield Date: Thu Sep 1 12:42:44 2016 +0200 g10: Be careful to not be in a transaction during long operations * g10/tofu.c (begin_transaction): New parameter only_batch. If set, only start a batch transaction if there is none and one has been requested. Update callers. (tofu_suspend_batch_transaction): New function. (tofu_resume_batch_transaction): Likewise. (ask_about_binding): Take a ctrl_t, not a tofu_dbs_t. Update callers. Gather statistics within a transaction. Suspend any batch transaction when getting user input. (get_trust): Take a ctrl_t, not a tofu_dbs_t. Update callers. Enclose in a transaction. (tofu_get_validity): Use a batch transaction, not a normal transaction. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 74777b5..de685a6 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -162,9 +162,11 @@ tofu_policy_to_trust_level (enum tofu_policy policy) -/* Start a transaction on DB. */ +/* Start a transaction on DB. If ONLY_BATCH is set, then this will + start a batch transaction if we haven't started a batch transaction + and one has been requested. */ static gpg_error_t -begin_transaction (ctrl_t ctrl) +begin_transaction (ctrl_t ctrl, int only_batch) { tofu_dbs_t dbs = ctrl->tofu.dbs; int rc; @@ -220,6 +222,9 @@ begin_transaction (ctrl_t ctrl) dbs->batch_update_started = gnupg_get_time (); } + if (only_batch) + return 0; + log_assert(dbs->in_transaction >= 0); dbs->in_transaction ++; @@ -289,6 +294,9 @@ end_transaction (ctrl_t ctrl, int only_batch) rc = gpgsql_exec_printf (dbs->db, NULL, NULL, &err, "release inner%d;", dbs->in_transaction); + + dbs->in_transaction --; + if (rc) { log_error (_("error committing transaction on TOFU database: %s\n"), @@ -297,8 +305,6 @@ end_transaction (ctrl_t ctrl, int only_batch) return gpg_error (GPG_ERR_GENERAL); } - dbs->in_transaction --; - return 0; } @@ -343,11 +349,28 @@ tofu_end_batch_update (ctrl_t ctrl) { log_assert (ctrl->tofu.batch_updated_wanted > 0); ctrl->tofu.batch_updated_wanted --; + end_transaction (ctrl, 1); +} - if (!ctrl->tofu.batch_updated_wanted) - end_transaction (ctrl, 1); +/* Suspend any extant batch transaction (it is safe to call this even + no batch transaction has been started). Note: you cannot suspend a + batch transaction if you are in a normal transaction. The batch + transaction can be resumed explicitly by calling + tofu_resume_batch_transaction or implicitly by starting a normal + transaction. */ +static void +tofu_suspend_batch_transaction (ctrl_t ctrl) +{ + end_transaction (ctrl, 2); } +/* Resume a batch transaction if there is no extant batch transaction + and one has been requested using tofu_begin_batch_transaction. */ +static void +tofu_resume_batch_transaction (ctrl_t ctrl) +{ + begin_transaction (ctrl, 1); +} @@ -1193,9 +1216,11 @@ format_conflict_msg_part1 (int policy, const char *conflict, * * - The policy is ask (the user deferred last time) (policy == * TOFU_POLICY_ASK). + * + * Note: this function must not be called while in a transaction! */ static void -ask_about_binding (tofu_dbs_t dbs, +ask_about_binding (ctrl_t ctrl, enum tofu_policy *policy, int *trust_level, int bindings_with_this_email_count, @@ -1205,6 +1230,7 @@ ask_about_binding (tofu_dbs_t dbs, const char *email, const char *user_id) { + tofu_dbs_t dbs; char *sqerr = NULL; int rc; estream_t fp; @@ -1214,6 +1240,10 @@ ask_about_binding (tofu_dbs_t dbs, char *prompt; char *choices; + dbs = ctrl->tofu.dbs; + log_assert (dbs); + log_assert (dbs->in_transaction == 0); + fp = es_fopenmem (0, "rw,samethread"); if (!fp) log_fatal ("error creating memory stream: %s\n", @@ -1227,6 +1257,8 @@ ask_about_binding (tofu_dbs_t dbs, xfree (text); } + begin_transaction (ctrl, 0); + /* Find other user ids associated with this key and whether the * bindings are marked as good or bad. */ rc = gpgsql_stepx @@ -1495,6 +1527,7 @@ ask_about_binding (tofu_dbs_t dbs, } } + end_transaction (ctrl, 0); if ((*policy == TOFU_POLICY_NONE && bindings_with_this_email_count > 0) || (*policy == TOFU_POLICY_ASK @@ -1536,6 +1569,10 @@ ask_about_binding (tofu_dbs_t dbs, * wrong choise (because he does not see that either). As a small * benefit we allow C-L to redisplay everything. */ tty_printf ("%s", prompt); + + /* Suspend any transaction: it could take a while until the user + responds. */ + tofu_suspend_batch_transaction (ctrl); while (1) { char *response; @@ -1599,6 +1636,7 @@ ask_about_binding (tofu_dbs_t dbs, } xfree (response); } + tofu_resume_batch_transaction (ctrl); xfree (prompt); @@ -1619,12 +1657,15 @@ ask_about_binding (tofu_dbs_t dbs, * necessary if there is a conflict or the binding's policy is * TOFU_POLICY_ASK. In the case of a conflict, we set the new * conflicting binding's policy to TOFU_POLICY_ASK. In either case, - * we return TRUST_UNDEFINED. */ + * we return TRUST_UNDEFINED. Note: if MAY_ASK is set, then this + * function must not be called while in a transaction! */ static enum tofu_policy -get_trust (tofu_dbs_t dbs, PKT_public_key *pk, +get_trust (ctrl_t ctrl, PKT_public_key *pk, const char *fingerprint, const char *email, const char *user_id, int may_ask) { + tofu_dbs_t dbs = ctrl->tofu.dbs; + int in_transaction = 0; enum tofu_policy policy; char *conflict = NULL; int rc; @@ -1634,6 +1675,11 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, int change_conflicting_to_ask = 0; int trust_level = TRUST_UNKNOWN; + log_assert (dbs); + + if (may_ask) + log_assert (dbs->in_transaction == 0); + if (opt.batch) may_ask = 0; @@ -1647,6 +1693,9 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, && _tofu_GET_TRUST_ERROR != TRUST_FULLY && _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE); + begin_transaction (ctrl, 0); + in_transaction = 1; + policy = get_policy (dbs, fingerprint, email, &conflict); { /* See if the key is ultimately trusted. If so, we're done. */ @@ -1813,8 +1862,12 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, goto out; } + /* We can't be in a normal transaction in ask_about_binding. */ + end_transaction (ctrl, 0); + in_transaction = 0; + /* If we get here, we need to ask the user about the binding. */ - ask_about_binding (dbs, + ask_about_binding (ctrl, &policy, &trust_level, bindings_with_this_email_count, @@ -1825,6 +1878,9 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, user_id); out: + if (in_transaction) + end_transaction (ctrl, 0); + if (change_conflicting_to_ask) { if (! may_ask) @@ -2334,7 +2390,7 @@ tofu_register (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, /* We do a query and then an insert. Make sure they are atomic by wrapping them in a transaction. */ - rc = begin_transaction (ctrl); + rc = begin_transaction (ctrl, 0); if (rc) return rc; @@ -2356,7 +2412,7 @@ tofu_register (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, /* Make sure the binding exists and record any TOFU conflicts. */ - if (get_trust (dbs, pk, fingerprint, email, user_id->d, 0) + if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0) == _tofu_GET_TRUST_ERROR) { rc = gpg_error (GPG_ERR_GENERAL); @@ -2557,8 +2613,8 @@ tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, PK is the primary key packet. If MAY_ASK is 1 and the policy is TOFU_POLICY_ASK, then the user - will be prompted to choose a different policy. If MAY_ASK is 0 and - the policy is TOFU_POLICY_ASK, then TRUST_UNKNOWN is returned. + will be prompted to choose a policy. If MAY_ASK is 0 and the + policy is TOFU_POLICY_ASK, then TRUST_UNKNOWN is returned. Returns TRUST_UNDEFINED if an error occurs. */ int @@ -2582,7 +2638,8 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, fingerprint = hexfingerprint (pk, NULL, 0); - begin_transaction (ctrl); + tofu_begin_batch_update (ctrl); + tofu_resume_batch_transaction (ctrl); for (user_id = user_id_list; user_id; user_id = user_id->next, bindings ++) { @@ -2590,7 +2647,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, /* Always call get_trust to make sure the binding is registered. */ - int tl = get_trust (dbs, pk, fingerprint, email, user_id->d, may_ask); + int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, may_ask); if (tl == _tofu_GET_TRUST_ERROR) { /* An error. */ @@ -2639,7 +2696,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, } die: - end_transaction (ctrl, 0); + tofu_end_batch_update (ctrl); xfree (fingerprint); @@ -2689,7 +2746,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) fingerprint = hexfingerprint (pk, NULL, 0); - begin_transaction (ctrl); + begin_transaction (ctrl, 0); for (; kb; kb = kb->next) { ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 75 insertions(+), 18 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 12:54:53 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 01 Sep 2016 12:54:53 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-38-g3e67b50 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3e67b50490aef087b5769bb35145d23f6657780f (commit) from 4cbd2a690c5e5ed2dff49c1f4fc867b31fca689a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3e67b50490aef087b5769bb35145d23f6657780f Author: Werner Koch Date: Thu Sep 1 12:41:27 2016 +0200 gpg: Copy the correct digest for use by TOFU. * g10/mainproc.c (do_check_sig): Use the current digest algo. -- Note that the digest context may have several algos enabled, which is is case if keys with different hash preferences signed the data. Signed-off-by: Werner Koch diff --git a/g10/mainproc.c b/g10/mainproc.c index 2626189..f861a3e 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -938,7 +938,7 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig, if (md_good) { - unsigned char *buffer = gcry_md_read (md_good, 0); + unsigned char *buffer = gcry_md_read (md_good, sig->digest_algo); sig->digest_len = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (algo)); memcpy (sig->digest, buffer, sig->digest_len); } ----------------------------------------------------------------------- Summary of changes: g10/mainproc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 13:17:56 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 01 Sep 2016 13:17:56 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-40-g0cb0ea1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0cb0ea1633955fb7acd33fe993a4ae4e96e83ae3 (commit) via 00c2850393ecc320f591f511c3534286964780c2 (commit) from 3e67b50490aef087b5769bb35145d23f6657780f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0cb0ea1633955fb7acd33fe993a4ae4e96e83ae3 Author: Neal H. Walfield Date: Thu Sep 1 13:17:54 2016 +0200 g10: Improve text. * g10/tofu.c (show_statistics): Improve the text (key and user id, not just key). -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 14d361b..2161cee 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2281,10 +2281,10 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, if (messages == 0) log_info (_("Warning: we've have yet to see" - " a message signed by this key!\n")); + " a message signed by this key and user id!\n")); else if (messages == 1) - log_info (_("Warning: we've only seen a" - " single message signed by this key!\n")); + log_info (_("Warning: we've only seen a single message" + " signed by this key and user id!\n")); set_policy_command = xasprintf ("gpg --tofu-policy bad %s", fingerprint); @@ -2292,8 +2292,8 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, tmpmsg = xasprintf (ngettext ("Warning: if you think you've seen more than %ld message " - "signed by this key, then this key might be a forgery! " - "Carefully examine the email address for small " + "signed by this key and user id, then this key might be a " + "forgery! Carefully examine the email address for small " "variations. If the key is suspect, then use\n" " %s\n" "to mark it as being bad.\n", commit 00c2850393ecc320f591f511c3534286964780c2 Author: Neal H. Walfield Date: Thu Sep 1 13:17:06 2016 +0200 g10: Remove unused parameter. * g10/tofu.c (show_statistics): Remove unused parameter sig_exclude. Update callers. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index de685a6..14d361b 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2108,7 +2108,7 @@ write_stats_status (estream_t fp, long messages, enum tofu_policy policy, static void show_statistics (tofu_dbs_t dbs, const char *fingerprint, const char *email, const char *user_id, - const char *sig_exclude, estream_t outfp) + estream_t outfp) { char *fingerprint_pp; int rc; @@ -2122,13 +2122,8 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, "select count (*), min (signatures.time), max (signatures.time)\n" " from signatures\n" " left join bindings on signatures.binding = bindings.oid\n" - " where fingerprint = %Q and email = %Q and sig_digest %s%s%s;", - fingerprint, email, - /* We want either: sig_digest != 'SIG_EXCLUDE' or sig_digest is - not NULL. */ - sig_exclude ? "!= '" : "is not NULL", - sig_exclude ? sig_exclude : "", - sig_exclude ? "'" : ""); + " where fingerprint = %Q and email = %Q;", + fingerprint, email); if (rc) { log_error (_("error reading TOFU database: %s\n"), err); @@ -2598,7 +2593,7 @@ tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, fingerprint = hexfingerprint (pk, NULL, 0); email = email_from_user_id (user_id); - show_statistics (dbs, fingerprint, email, user_id, NULL, fp); + show_statistics (dbs, fingerprint, email, user_id, fp); xfree (email); xfree (fingerprint); @@ -2669,7 +2664,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, bindings_valid ++; if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED) - show_statistics (dbs, fingerprint, email, user_id->d, NULL, NULL); + show_statistics (dbs, fingerprint, email, user_id->d, NULL); if (tl == TRUST_NEVER) trust_level = TRUST_NEVER; ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 13:29:58 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 01 Sep 2016 13:29:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-41-gf2e5cb6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb (commit) from 0cb0ea1633955fb7acd33fe993a4ae4e96e83ae3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb Author: Neal H. Walfield Date: Thu Sep 1 13:29:56 2016 +0200 g10: Add support for TRUST_NEVER. * g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be returned by the TOFU trust model. (do_we_trust_pre): Print a different message if TRUSTLEVEL is TRUST_NEVER. (check_signatures_trust): Improve comment. -- Signed-off-by: Neal H. Walfield diff --git a/g10/pkclist.c b/g10/pkclist.c index 63d32d1..f7b2483 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -449,6 +449,13 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel ) if( opt.verbose ) log_info(_("This key belongs to us\n")); return 1; /* yes */ + + case TRUST_NEVER: + /* This is retruned can be returned by TOFU, which can return + negative assertions. */ + log_info(_("%s: This key is bad! It has been marked as untrusted!\n"), + keystr_from_pk(pk)); + return 0; /* no */ } return 1; /*NOTREACHED*/ @@ -472,10 +479,16 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel ) print_fingerprint (NULL, pk, 2); tty_printf("\n"); - tty_printf( - _("It is NOT certain that the key belongs to the person named\n" - "in the user ID. If you *really* know what you are doing,\n" - "you may answer the next question with yes.\n")); + if ((trustlevel & TRUST_MASK) == TRUST_NEVER) + tty_printf( + _("This key has is bad! It has been marked as untrusted! If you\n" + "*really* know what you are doing, you may answer the next\n" + "question with yes.\n")); + else + tty_printf( + _("It is NOT certain that the key belongs to the person named\n" + "in the user ID. If you *really* know what you are doing,\n" + "you may answer the next question with yes.\n")); tty_printf("\n"); @@ -654,7 +667,8 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig) break; case TRUST_NEVER: - /* currently we won't get that status */ + /* This level can be returned by TOFU, which supports negative + * assertions. */ write_trust_status (STATUS_TRUST_NEVER, trustlevel); log_info(_("WARNING: We do NOT trust this key!\n")); log_info(_(" The signature is probably a FORGERY.\n")); ----------------------------------------------------------------------- Summary of changes: g10/pkclist.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 14:31:35 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 01 Sep 2016 14:31:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-42-g3d44e5e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3d44e5e8a8d1d8bf6cf5d387f50d75f84d804412 (commit) from f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3d44e5e8a8d1d8bf6cf5d387f50d75f84d804412 Author: Neal H. Walfield Date: Thu Sep 1 14:31:31 2016 +0200 g10: When asking about a TOFU binding conflict, default to unknown. * g10/tofu.c (ask_about_binding): Default to unknown. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 2161cee..47c68fe 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1591,9 +1591,17 @@ ask_about_binding (ctrl_t ctrl, cpr_kill_prompt (); if (*response == CONTROL_L) tty_printf ("%s", prompt); - else if (strlen (response) == 1) + else if (!response[0]) + /* Default to unknown. Don't save it. */ + { + tty_printf (_("Defaulting to unknown.")); + *policy = TOFU_POLICY_UNKNOWN; + break; + } + else if (!response[1]) { char *choice = strchr (choices, *response); + if (choice) { int c = ((size_t) choice - (size_t) choices) / 2; ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 14:31:58 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 01 Sep 2016 14:31:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-43-g44690be Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 44690befad49589e5083b4998a1a79eebf297d01 (commit) from 3d44e5e8a8d1d8bf6cf5d387f50d75f84d804412 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 44690befad49589e5083b4998a1a79eebf297d01 Author: Neal H. Walfield Date: Thu Sep 1 14:31:55 2016 +0200 g10: Fix typo. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 47c68fe..214782d 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2288,7 +2288,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, char *tmpmsg; if (messages == 0) - log_info (_("Warning: we've have yet to see" + log_info (_("Warning: we have yet to see" " a message signed by this key and user id!\n")); else if (messages == 1) log_info (_("Warning: we've only seen a single message" ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 16:42:35 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 01 Sep 2016 16:42:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-46-gfde9fa8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fde9fa81d3d3b25a929b532cc1960d9d9f454a0c (commit) via 6bdadae00512b4907826f6754cdb220d06e1ac6d (commit) via 37e3c897252babc203447be9d2f286a4507875ad (commit) from 44690befad49589e5083b4998a1a79eebf297d01 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fde9fa81d3d3b25a929b532cc1960d9d9f454a0c Author: Werner Koch Date: Thu Sep 1 16:34:08 2016 +0200 gpg: Simplify code to print VALIDSIG. * g10/mainproc.c (check_sig_and_print): Use hexfingerprint and write_status_printf. Signed-off-by: Werner Koch diff --git a/g10/mainproc.c b/g10/mainproc.c index 716363f..7bb4350 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -2104,35 +2104,26 @@ check_sig_and_print (CTX c, kbnode_t node) } /* For good signatures print the VALIDSIG status line. */ - if (!rc && is_status_enabled ()) - { - if (pk) - { - byte array[MAX_FINGERPRINT_LEN], *p; - char buf[MAX_FINGERPRINT_LEN*4+90], *bufp; - size_t i, n; - - bufp = buf; - fingerprint_from_pk (pk, array, &n); - p = array; - for(i=0; i < n ; i++, p++, bufp += 2) - sprintf (bufp, "%02X", *p ); - /* TODO: Replace the reserved '0' in the field below - with bits for status flags (policy url, notation, - etc.). Remember to make the buffer larger to match! */ - sprintf (bufp, " %s %lu %lu %d 0 %d %d %02X ", - strtimestamp( sig->timestamp ), - (ulong)sig->timestamp,(ulong)sig->expiredate, - sig->version,sig->pubkey_algo,sig->digest_algo, - sig->sig_class); - bufp = bufp + strlen (bufp); - if (!pk->flags.primary) - fingerprint_from_pk (mainpk, array, &n); - p = array; - for (i=0; i < n ; i++, p++, bufp += 2) - sprintf(bufp, "%02X", *p ); - write_status_text (STATUS_VALIDSIG, buf); - } + if (!rc && is_status_enabled () && pk) + { + char pkhex[MAX_FINGERPRINT_LEN*2+1]; + char mainpkhex[MAX_FINGERPRINT_LEN*2+1]; + + hexfingerprint (pk, pkhex, sizeof pkhex); + hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex); + + /* TODO: Replace the reserved '0' in the field below with + bits for status flags (policy url, notation, etc.). */ + write_status_printf (STATUS_VALIDSIG, + "%s %s %lu %lu %d 0 %d %d %02X %s", + pkhex, + strtimestamp (sig->timestamp), + (ulong)sig->timestamp, + (ulong)sig->expiredate, + sig->version, sig->pubkey_algo, + sig->digest_algo, + sig->sig_class, + mainpkhex); } /* For good signatures compute and print the trust information. commit 6bdadae00512b4907826f6754cdb220d06e1ac6d Author: Werner Koch Date: Thu Sep 1 16:33:21 2016 +0200 gpg: Add new function write_status_printf. * g10/cpr.c (write_status_printf): New. -- Signed-off-by: Werner Koch diff --git a/g10/cpr.c b/g10/cpr.c index 9d8fec9..80af2c0 100644 --- a/g10/cpr.c +++ b/g10/cpr.c @@ -183,6 +183,33 @@ write_status_text (int no, const char *text) write_status_strings (no, text, NULL); } + +/* Write a status line with code NO followed by the outout of the + * printf style FORMAT. The caller needs to make sure that LFs and + * CRs are not printed. */ +void +write_status_printf (int no, const char *format, ...) +{ + va_list arg_ptr; + + if (!statusfp || !status_currently_allowed (no) ) + return; /* Not enabled or allowed. */ + + es_fputs ("[GNUPG:] ", statusfp); + es_fputs (get_status_string (no), statusfp); + if (format) + { + es_putc ( ' ', statusfp); + va_start (arg_ptr, format); + es_vfprintf (statusfp, format, arg_ptr); + va_end (arg_ptr); + } + es_putc ('\n', statusfp); + if (es_fflush (statusfp) && opt.exit_on_status_write_error) + g10_exit (0); +} + + /* Write an ERROR status line using a full gpg-error error value. */ void write_status_error (const char *where, gpg_error_t err) diff --git a/g10/main.h b/g10/main.h index 0956f66..340f3b3 100644 --- a/g10/main.h +++ b/g10/main.h @@ -191,6 +191,8 @@ void write_status_error (const char *where, gpg_error_t err); void write_status_errcode (const char *where, int errcode); void write_status_failure (const char *where, gpg_error_t err); void write_status_text ( int no, const char *text ); +void write_status_printf (int no, const char *format, + ...) GPGRT_ATTR_PRINTF(2,3); void write_status_strings (int no, const char *text, ...) GPGRT_ATTR_SENTINEL(0); void write_status_buffer ( int no, commit 37e3c897252babc203447be9d2f286a4507875ad Author: Werner Koch Date: Thu Sep 1 16:00:06 2016 +0200 gpg: Fix printing of pubkey algo in --verbose signature verify. * g10/sig-check.c (check_signature2): Replace arg PK by R_PK and change the semantics. Also clear the other R_ args on function entry, use gpg_error() and change retturn type to gpg_error_t. * g10/mainproc.c (do_check_sig): Add arg R_PK. (list_node): Pass NULL for new arg. (check_sig_and_print): Rework to make use of the returned PK. -- The output gpg: textmode signature, digest algorithm SHA256, key algorithm rsa2048 showed the pubkey algo of the primary key which was surprising. Changed to print the algo of the subkey used for verification. Signed-off-by: Werner Koch diff --git a/g10/mainproc.c b/g10/mainproc.c index f861a3e..716363f 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -839,12 +839,13 @@ proc_compressed (CTX c, PACKET *pkt) /* - * check the signature - * Returns: 0 = valid signature or an error code + * Check the signature. If R_PK is not NULL a copy of the public key + * used to verify the signature will be stored tehre, or NULL if not + * found. Returns: 0 = valid signature or an error code */ static int do_check_sig (CTX c, kbnode_t node, int *is_selfsig, - int *is_expkey, int *is_revkey) + int *is_expkey, int *is_revkey, PKT_public_key **r_pk) { PKT_signature *sig; gcry_md_hd_t md = NULL; @@ -852,6 +853,9 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig, gcry_md_hd_t md_good = NULL; int algo, rc; + if (r_pk) + *r_pk = NULL; + log_assert (node->pkt->pkttype == PKT_SIGNATURE); if (is_selfsig) *is_selfsig = 0; @@ -926,14 +930,24 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig, /* We only get here if we are checking the signature of a binary (0x00) or text document (0x01). */ - rc = check_signature2 (sig, md, NULL, is_expkey, is_revkey, NULL); + rc = check_signature2 (sig, md, NULL, is_expkey, is_revkey, r_pk); if (! rc) md_good = md; else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2) { - rc = check_signature2 (sig, md2, NULL, is_expkey, is_revkey, NULL); - if (! rc) - md_good = md2; + PKT_public_key *pk2; + + rc = check_signature2 (sig, md2, NULL, is_expkey, is_revkey, + r_pk? &pk2 : NULL); + if (!rc) + { + md_good = md2; + if (r_pk) + { + free_public_key (*r_pk); + *r_pk = pk2; + } + } } if (md_good) @@ -1096,7 +1110,7 @@ list_node (CTX c, kbnode_t node) if (opt.check_sigs) { fflush (stdout); - rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL); + rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL, NULL); switch (gpg_err_code (rc2)) { case 0: sigrc = '!'; break; @@ -1603,10 +1617,8 @@ check_sig_and_print (CTX c, kbnode_t node) int rc; int is_expkey = 0; int is_revkey = 0; - char pkstrbuf[PUBKEY_STRING_SIZE]; char *issuer_fpr; - - *pkstrbuf = 0; + PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */ if (opt.skip_verify) { @@ -1754,7 +1766,7 @@ check_sig_and_print (CTX c, kbnode_t node) if (sig->signers_uid) log_info (_(" issuer \"%s\"\n"), sig->signers_uid); - rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); + rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk); /* If the key isn't found, check for a preferred keyserver. */ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && sig->flags.pref_ks) @@ -1783,11 +1795,14 @@ check_sig_and_print (CTX c, kbnode_t node) { int res; + free_public_key (pk); + pk = NULL; glo_ctrl.in_auto_key_retrieve++; res = keyserver_import_keyid (c->ctrl, sig->keyid,spec); glo_ctrl.in_auto_key_retrieve--; if (!res) - rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey ); + rc = do_check_sig (c, node, NULL, + &is_expkey, &is_revkey, &pk); free_keyserver_spec (spec); if (!rc) @@ -1815,12 +1830,14 @@ check_sig_and_print (CTX c, kbnode_t node) spec = parse_keyserver_uri (uri, 1); if (spec) { + free_public_key (pk); + pk = NULL; glo_ctrl.in_auto_key_retrieve++; res = keyserver_import_keyid (c->ctrl, sig->keyid, spec); glo_ctrl.in_auto_key_retrieve--; free_keyserver_spec (spec); if (!res) - rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); + rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk); } } } @@ -1844,11 +1861,13 @@ check_sig_and_print (CTX c, kbnode_t node) if (p && n == 21 && p[0] == 4) { /* v4 packet with a SHA-1 fingerprint. */ + free_public_key (pk); + pk = NULL; glo_ctrl.in_auto_key_retrieve++; res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver); glo_ctrl.in_auto_key_retrieve--; if (!res) - rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); + rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk); } } @@ -1862,13 +1881,15 @@ check_sig_and_print (CTX c, kbnode_t node) { int res; + free_public_key (pk); + pk = NULL; glo_ctrl.in_auto_key_retrieve++; res = keyserver_import_wkd (c->ctrl, sig->signers_uid, NULL, NULL); glo_ctrl.in_auto_key_retrieve--; /* Fixme: If the fingerprint is embedded in the signature, * compare it to the fingerprint of the returned key. */ if (!res) - rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); + rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk); } /* If the above methods did't work, our next try is to use a @@ -1879,11 +1900,13 @@ check_sig_and_print (CTX c, kbnode_t node) { int res; + free_public_key (pk); + pk = NULL; glo_ctrl.in_auto_key_retrieve++; res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver ); glo_ctrl.in_auto_key_retrieve--; if (!res) - rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); + rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk); } if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE) @@ -1892,7 +1915,7 @@ check_sig_and_print (CTX c, kbnode_t node) int count = 0; int statno; char keyid_str[50]; - PKT_public_key *pk = NULL; + PKT_public_key *mainpk = NULL; if (rc) statno = STATUS_BADSIG; @@ -1905,6 +1928,10 @@ check_sig_and_print (CTX c, kbnode_t node) else statno = STATUS_GOODSIG; + /* FIXME: We should have the public key in PK and thus the + * keyboock has already been fetched. Thus we could use the + * fingerprint or PK itself to lookup the entire keyblock. That + * would best be done with a cache. */ keyblock = get_pubkeyblock (sig->keyid); snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ", @@ -1918,7 +1945,7 @@ check_sig_and_print (CTX c, kbnode_t node) if (un->pkt->pkttype==PKT_PUBLIC_KEY) { - pk=un->pkt->pkt.public_key; + mainpk = un->pkt->pkt.public_key; continue; } if (un->pkt->pkttype != PKT_USER_ID) @@ -1935,7 +1962,7 @@ check_sig_and_print (CTX c, kbnode_t node) if (un->pkt->pkt.user_id->attrib_data) continue; - log_assert (pk); + log_assert (mainpk); /* Since this is just informational, don't actually ask the user to update any trust information. (Note: we register @@ -1943,7 +1970,8 @@ check_sig_and_print (CTX c, kbnode_t node) does not print a LF we need to compute the validity before calling that function. */ if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY)) - valid = get_validity (c->ctrl, pk, un->pkt->pkt.user_id, sig, 0); + valid = get_validity (c->ctrl, mainpk, un->pkt->pkt.user_id, + sig, 0); else valid = 0; /* Not used. */ @@ -1956,13 +1984,11 @@ check_sig_and_print (CTX c, kbnode_t node) else log_printf ("\n"); - /* Get a string description of the algo for informational - output we want to print later. It is convenient to do it - here because we already have the right public key. */ - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf); count++; } + log_assert (mainpk); + /* In case we did not found a valid valid textual userid above we print the first user id packet or a "[?]" instead along with the "Good|Expired|Bad signature" line. */ @@ -2019,13 +2045,13 @@ check_sig_and_print (CTX c, kbnode_t node) /* If this user id has attribute data, print that. */ if (un->pkt->pkt.user_id->attrib_data) { - dump_attribs (un->pkt->pkt.user_id, pk); + dump_attribs (un->pkt->pkt.user_id, mainpk); if (opt.verify_options&VERIFY_SHOW_PHOTOS) show_photos (c->ctrl, un->pkt->pkt.user_id->attribs, un->pkt->pkt.user_id->numattribs, - pk ,un->pkt->pkt.user_id); + mainpk ,un->pkt->pkt.user_id); } p = utf8_to_native (un->pkt->pkt.user_id->name, @@ -2046,7 +2072,7 @@ check_sig_and_print (CTX c, kbnode_t node) actually ask the user to update any trust information. */ valid = (trust_value_to_string - (get_validity (c->ctrl, pk, + (get_validity (c->ctrl, mainpk, un->pkt->pkt.user_id, sig, 0))); log_printf (" [%s]\n",valid); } @@ -2054,7 +2080,6 @@ check_sig_and_print (CTX c, kbnode_t node) log_printf ("\n"); } } - release_kbnode( keyblock ); /* For good signatures print notation data. */ if (!rc) @@ -2081,16 +2106,14 @@ check_sig_and_print (CTX c, kbnode_t node) /* For good signatures print the VALIDSIG status line. */ if (!rc && is_status_enabled ()) { - PKT_public_key *vpk = xmalloc_clear (sizeof *vpk); - - if (!get_pubkey (vpk, sig->keyid)) + if (pk) { byte array[MAX_FINGERPRINT_LEN], *p; char buf[MAX_FINGERPRINT_LEN*4+90], *bufp; size_t i, n; bufp = buf; - fingerprint_from_pk (vpk, array, &n); + fingerprint_from_pk (pk, array, &n); p = array; for(i=0; i < n ; i++, p++, bufp += 2) sprintf (bufp, "%02X", *p ); @@ -2103,29 +2126,13 @@ check_sig_and_print (CTX c, kbnode_t node) sig->version,sig->pubkey_algo,sig->digest_algo, sig->sig_class); bufp = bufp + strlen (bufp); - if (!vpk->flags.primary) - { - u32 akid[2]; - - akid[0] = vpk->main_keyid[0]; - akid[1] = vpk->main_keyid[1]; - free_public_key (vpk); - vpk = xmalloc_clear (sizeof *vpk); - if (get_pubkey (vpk, akid)) - { - /* Impossible error, we simply return a zeroed out fpr */ - n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20; - memset (array, 0, n); - } - else - fingerprint_from_pk( vpk, array, &n ); - } + if (!pk->flags.primary) + fingerprint_from_pk (mainpk, array, &n); p = array; for (i=0; i < n ; i++, p++, bufp += 2) sprintf(bufp, "%02X", *p ); write_status_text (STATUS_VALIDSIG, buf); } - free_public_key (vpk); } /* For good signatures compute and print the trust information. @@ -2148,12 +2155,20 @@ check_sig_and_print (CTX c, kbnode_t node) log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate)); if (opt.verbose) - log_info (_("%s signature, digest algorithm %s%s%s\n"), - sig->sig_class==0x00?_("binary"): - sig->sig_class==0x01?_("textmode"):_("unknown"), - gcry_md_algo_name (sig->digest_algo), - *pkstrbuf?_(", key algorithm "):"", - pkstrbuf); + { + char pkstrbuf[PUBKEY_STRING_SIZE]; + + if (pk) + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf); + else + *pkstrbuf = 0; + + log_info (_("%s signature, digest algorithm %s%s%s\n"), + sig->sig_class==0x00?_("binary"): + sig->sig_class==0x01?_("textmode"):_("unknown"), + gcry_md_algo_name (sig->digest_algo), + *pkstrbuf?_(", key algorithm "):"", pkstrbuf); + } /* Print final warnings. */ if (!rc && !c->signed_data.used) @@ -2194,6 +2209,7 @@ check_sig_and_print (CTX c, kbnode_t node) } } + release_kbnode( keyblock ); if (rc) g10_errors_seen = 1; if (opt.batch && rc) diff --git a/g10/packet.h b/g10/packet.h index 9c9e909..60af2a2 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -802,13 +802,13 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b ); int check_signature (PKT_signature *sig, gcry_md_hd_t digest); /* Check a signature. Looks up the public key from the key db. (If - RET_PK is not NULL, it is returned in *RET_PK.) DIGEST contains a - valid hash context that already includes the signed data. This - function adds the relevant meta-data to the hash before finalizing - it and verifying the signature. */ -int check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, - u32 *r_expiredate, int *r_expired, int *r_revoked, - PKT_public_key *ret_pk); + * R_PK is not NULL, it is stored at RET_PK.) DIGEST contains a + * valid hash context that already includes the signed data. This + * function adds the relevant meta-data to the hash before finalizing + * it and verifying the signature. */ +gpg_error_t check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, + u32 *r_expiredate, int *r_expired, int *r_revoked, + PKT_public_key **r_pk); /*-- pubkey-enc.c --*/ diff --git a/g10/sig-check.c b/g10/sig-check.c index 334add7..4d39e09 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -84,23 +84,29 @@ check_signature (PKT_signature *sig, gcry_md_hd_t digest) * revoked (0 otherwise). Note: PK being revoked does not cause this * function to fail. * - * If PK is not NULL, the public key is saved in *PK on success. + * If R_PK is not NULL, the public key is stored at that address if it + * was found; other wise NULL is stored. * * Returns 0 on success. An error code otherwise. */ -int +gpg_error_t check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, - int *r_expired, int *r_revoked, PKT_public_key *pk ) + int *r_expired, int *r_revoked, PKT_public_key **r_pk) { int rc=0; - int pk_internal; + PKT_public_key *pk; - if (pk) - pk_internal = 0; - else - { - pk_internal = 1; - pk = xmalloc_clear( sizeof *pk ); - } + if (r_expiredate) + *r_expiredate = 0; + if (r_expired) + *r_expired = 0; + if (r_revoked) + *r_revoked = 0; + if (r_pk) + *r_pk = NULL; + + pk = xtrycalloc (1, sizeof *pk); + if (!pk) + return gpg_error_from_syserror (); if ( (rc=openpgp_md_test_algo(sig->digest_algo)) ) ; /* We don't have this digest. */ @@ -114,14 +120,14 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, header is missing or does not match the actual sig. */ log_info(_("WARNING: signature digest conflict in message\n")); - rc = GPG_ERR_GENERAL; + rc = gpg_error (GPG_ERR_GENERAL); } else if( get_pubkey( pk, sig->keyid ) ) - rc = GPG_ERR_NO_PUBKEY; + rc = gpg_error (GPG_ERR_NO_PUBKEY); else if(!pk->flags.valid) { /* You cannot have a good sig from an invalid key. */ - rc = GPG_ERR_BAD_PUBKEY; + rc = gpg_error (GPG_ERR_BAD_PUBKEY); } else { @@ -136,7 +142,7 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, them as their own. The attacker couldn't actually use the subkey, but they could try and claim ownership of any signatures issued by it. */ - if(rc==0 && !pk->flags.primary && pk->flags.backsig < 2) + if (!rc && !pk->flags.primary && pk->flags.backsig < 2) { if (!pk->flags.backsig) { @@ -148,27 +154,17 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, error. TODO: change the default to require this after more keys have backsigs. */ if(opt.flags.require_cross_cert) - rc = GPG_ERR_GENERAL; + rc = gpg_error (GPG_ERR_GENERAL); } else if(pk->flags.backsig == 1) { log_info(_("WARNING: signing subkey %s has an invalid" " cross-certification\n"),keystr_from_pk(pk)); - rc = GPG_ERR_GENERAL; + rc = gpg_error (GPG_ERR_GENERAL); } } } - if (pk_internal || rc) - { - release_public_key_parts (pk); - if (pk_internal) - xfree (pk); - else - /* Be very sure that the caller doesn't try to use *PK. */ - memset (pk, 0, sizeof (*pk)); - } - if( !rc && sig->sig_class < 2 && is_status_enabled() ) { /* This signature id works best with DLP algorithms because * they use a random parameter for every signature. Instead of @@ -235,6 +231,14 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, xfree (buffer); } + if (r_pk) + *r_pk = pk; + else + { + release_public_key_parts (pk); + xfree (pk); + } + return rc; } ----------------------------------------------------------------------- Summary of changes: g10/cpr.c | 27 +++++++++ g10/main.h | 2 + g10/mainproc.c | 169 +++++++++++++++++++++++++++++--------------------------- g10/packet.h | 14 ++--- g10/sig-check.c | 58 ++++++++++--------- 5 files changed, 155 insertions(+), 115 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 19:25:24 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 01 Sep 2016 19:25:24 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-47-g38d369d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 38d369de13acb95208a0ed8d1cf82ac19173688f (commit) from fde9fa81d3d3b25a929b532cc1960d9d9f454a0c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 38d369de13acb95208a0ed8d1cf82ac19173688f Author: Werner Koch Date: Thu Sep 1 19:22:48 2016 +0200 gpg: Avoid homedir creation by --list-config * g10/gpg.c (main): Do not register a key for the list config commands. Signed-off-by: Werner Koch diff --git a/g10/gpg.c b/g10/gpg.c index a9770d7..0b0fb7e 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2377,11 +2377,16 @@ main (int argc, char **argv) { switch( pargs.r_opt ) { - case aCheckKeys: case aListConfig: case aListGcryptConfig: case aGPGConfList: case aGPGConfTest: + set_cmd (&cmd, pargs.r_opt); + /* Do not register a keyring for these commands. */ + default_keyring = -1; + break; + + case aCheckKeys: case aListPackets: case aImport: case aFastImport: @@ -3789,6 +3794,8 @@ main (int argc, char **argv) case aGenRandom: case aDeArmor: case aEnArmor: + case aListConfig: + case aListGcryptConfig: break; case aFixTrustDB: case aExportOwnerTrust: ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 1 23:34:42 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 01 Sep 2016 23:34:42 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-49-g85fad6c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 85fad6c34c08b2850580e0644faba62d3a501b84 (commit) via b410a3cb7683fc7c2a253e23130c44df42a6203c (commit) from 38d369de13acb95208a0ed8d1cf82ac19173688f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 85fad6c34c08b2850580e0644faba62d3a501b84 Author: Neal H. Walfield Date: Thu Sep 1 23:31:53 2016 +0200 g10: End transaction earlier. * g10/tofu.c (ask_about_binding): End the transaction earlier. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 2ac6065..75df30a 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1414,6 +1414,7 @@ ask_about_binding (ctrl_t ctrl, " order by fingerprint = ? asc, fingerprint desc, time_ago desc;\n", GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_END); + end_transaction (ctrl, 0); if (rc) { strlist_t strlist_iter; @@ -1680,8 +1681,6 @@ ask_about_binding (ctrl_t ctrl, } } - end_transaction (ctrl, 0); - if ((*policy == TOFU_POLICY_NONE && bindings_with_this_email_count > 0) || (*policy == TOFU_POLICY_ASK && (conflict || bindings_with_this_email_count > 0))) commit b410a3cb7683fc7c2a253e23130c44df42a6203c Author: Neal H. Walfield Date: Thu Sep 1 23:31:18 2016 +0200 g10: Don't consider cross-signed keys to be in conflict. * g10/tofu.c (cross_sigs): New function. (ask_about_binding): If apparently conflicting keys are cross signed, then don't mark them as conflicting. -- Signed-off-by: Neal H. Walfield If two keys are cross signed, then the same person (probably) controlled them both. In this case, don't raise a TOFU conflict. This usually occurs when someone transitions to a new key. When that person rotates to a third key, she will typically only cross sign it with the second key. As such, we check this transitively to avoid declaring a conflict between the 1st and 3rd key. diff --git a/g10/tofu.c b/g10/tofu.c index 214782d..2ac6065 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1204,6 +1204,80 @@ format_conflict_msg_part1 (int policy, const char *conflict, } +/* Return 1 if A signed B and B signed A. */ +int +cross_sigs (kbnode_t a, kbnode_t b) +{ + int i; + + PKT_public_key *a_pk = a->pkt->pkt.public_key; + PKT_public_key *b_pk = b->pkt->pkt.public_key; + + char a_keyid[33]; + char b_keyid[33]; + + if (DBG_TRUST) + { + format_keyid (pk_main_keyid (a_pk), + KF_DEFAULT, a_keyid, sizeof (a_keyid)); + format_keyid (pk_main_keyid (b_pk), + KF_DEFAULT, b_keyid, sizeof (b_keyid)); + } + + for (i = 0; i < 2; i ++) + { + /* See if SIGNER signed SIGNEE. */ + + kbnode_t signer = i == 0 ? a : b; + kbnode_t signee = i == 0 ? b : a; + + PKT_public_key *signer_pk = signer->pkt->pkt.public_key; + u32 *signer_kid = pk_main_keyid (signer_pk); + kbnode_t n; + + /* Iterate over SIGNEE's keyblock and see if there is a valid + signature from SIGNER. */ + for (n = signee; n; n = n->next) + { + PKT_signature *sig; + + if (n->pkt->pkttype != PKT_SIGNATURE) + continue; + + sig = n->pkt->pkt.signature; + + if (! (sig->sig_class == 0x10 + || sig->sig_class == 0x11 + || sig->sig_class == 0x12 + || sig->sig_class == 0x13)) + /* Not a signature over a user id. */ + continue; + + /* SIG is on SIGNEE's keyblock. If SIG was generated by the + signer, then it's a match. */ + if (keyid_cmp (sig->keyid, signer_kid) == 0) + /* Match! */ + break; + } + if (! n) + /* We didn't find a signature from signer over signee. */ + { + if (DBG_TRUST) + log_info ("No cross sig between %s and %s\n", + a_keyid, b_keyid); + return 0; + } + } + + /* A signed B and B signed A. */ + if (DBG_TRUST) + log_info ("Cross sig between %s and %s\n", + a_keyid, b_keyid); + + return 1; +} + + /* Ask the user about the binding. There are three ways we could end * up here: * @@ -1237,7 +1311,7 @@ ask_about_binding (ctrl_t ctrl, strlist_t other_user_ids = NULL; struct signature_stats *stats = NULL; struct signature_stats *stats_iter = NULL; - char *prompt; + char *prompt = NULL; char *choices; dbs = ctrl->tofu.dbs; @@ -1361,9 +1435,17 @@ ask_about_binding (ctrl_t ctrl, } else { + int stats_count = 0; + kbnode_t *kb_all; KEYDB_HANDLE hd; + int i; char *key = NULL; + /* Get the keyblock for each key. */ + for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next) + stats_count ++; + kb_all = xcalloc (sizeof (kb_all[0]), stats_count); + if (! stats || strcmp (stats->fingerprint, fingerprint)) { /* If we have already added this key to the DB, then it will @@ -1375,7 +1457,9 @@ ask_about_binding (ctrl_t ctrl, /* Figure out which user ids are revoked or expired. */ hd = keydb_new (); - for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next) + for (stats_iter = stats, i = 0; + stats_iter; + stats_iter = stats_iter->next, i ++) { KEYDB_SEARCH_DESC desc; kbnode_t kb; @@ -1420,6 +1504,9 @@ ask_about_binding (ctrl_t ctrl, merge_keys_and_selfsig (kb); log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY); + + kb_all[i] = kb; + pk = kb->pkt->pkt.public_key; if (pk->has_expired) @@ -1451,7 +1538,6 @@ ask_about_binding (ctrl_t ctrl, xfree (email2); } - release_kbnode (kb); if (! found_user_id) log_info (_("TOFU db may be corrupted: user id (%s)" @@ -1460,7 +1546,74 @@ ask_about_binding (ctrl_t ctrl, } keydb_release (hd); - es_fprintf (fp, _("Statistics for keys with the email address \"%s\":\n"), + { + int j; + struct signature_stats **stats_prevp; + struct signature_stats *stats_iter_next; + int die[stats_count]; + + memset (die, 0, sizeof (die)); + + for (i = 0; i < stats_count; i ++) + { + /* i or a key that has cross sigs with i (possible + indirectly)? */ + if (! (i == 0 || die[i])) + continue; + + for (j = i + 1; j < stats_count; j ++) + if (cross_sigs (kb_all[i], kb_all[j])) + die[j] = 1; + } + + /* Free the dead stat structures. */ + for (stats_iter = stats, stats_prevp = &stats, i = 0; + stats_iter; + stats_iter = stats_iter_next, i ++) + { + stats_iter_next = stats_iter->next; + + release_kbnode (kb_all[i]); + + if (die[i]) + { + *stats_prevp = stats_iter_next; + stats_iter->next = NULL; + signature_stats_free (stats_iter); + + bindings_with_this_email_count --; + } + else + { + stats_prevp = &stats_iter->next; + } + } + } + + log_assert (stats); + log_assert (bindings_with_this_email_count >= 1); + + if ((*policy == TOFU_POLICY_NONE && bindings_with_this_email_count == 1) + || (*policy == TOFU_POLICY_ASK && conflict)) + if (bindings_with_this_email_count == 1) + { + /* All "conflicts" were not really conflicts. */ + log_assert (! stats->next); + + if (DBG_TRUST) + log_debug ("%s: all apparent TOFU conflicts are legitimate " + "(cross sigs), setting policy to auto.\n", + stats_iter->fingerprint); + + *policy = TOFU_POLICY_AUTO; + record_binding (dbs, fingerprint, email, user_id, *policy, 0); + *trust_level = tofu_policy_to_trust_level (*policy); + + goto out; + } + + es_fprintf (fp, _("Statistics for potentially conflicting keys" + " with the email address \"%s\":\n"), email); for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next) { @@ -1644,6 +1797,7 @@ ask_about_binding (ctrl_t ctrl, } xfree (response); } + out: tofu_resume_batch_transaction (ctrl); xfree (prompt); ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 165 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 159 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 2 03:08:15 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 02 Sep 2016 03:08:15 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-50-gafdfc95 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via afdfc954b35370fbf03aaf8dc0e496410923aa4e (commit) from 85fad6c34c08b2850580e0644faba62d3a501b84 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit afdfc954b35370fbf03aaf8dc0e496410923aa4e Author: NIIBE Yutaka Date: Fri Sep 2 10:08:02 2016 +0900 po: Update Japanese translation. diff --git a/po/ja.po b/po/ja.po index 9048df6..bbcf6d4 100644 --- a/po/ja.po +++ b/po/ja.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.1.15\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2016-08-04 17:30+0900\n" +"PO-Revision-Date: 2016-09-02 10:06+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -2041,10 +2041,9 @@ msgstr "*??*: ??%s??????!\n" msgid "'%s' is not a valid signature expiration\n" msgstr "'%s'????????????????\n" -#, fuzzy, c-format -#| msgid "line %d: not a valid email address\n" +#, c-format msgid "\"%s\" is not a proper mail address\n" -msgstr "? %d: ????????????????????\n" +msgstr "\"%s\"???????????????????\n" #, c-format msgid "invalid pinentry mode '%s'\n" @@ -4289,10 +4288,9 @@ msgstr " %s?%s???\n" msgid "Signature made %s using %s key ID %s\n" msgstr "%s?%s?ID %s???????\n" -#, fuzzy, c-format -#| msgid " aka \"%s\"" +#, c-format msgid " issuer \"%s\"\n" -msgstr " ??\"%s\"" +msgstr " ???\"%s\"" msgid "Key available at: " msgstr "?????????: " ----------------------------------------------------------------------- Summary of changes: po/ja.po | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 2 06:47:49 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 02 Sep 2016 06:47:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-51-g8b6c0ba Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8b6c0bae33bdc36892f4595806665ce61f77dfd2 (commit) from afdfc954b35370fbf03aaf8dc0e496410923aa4e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8b6c0bae33bdc36892f4595806665ce61f77dfd2 Author: NIIBE Yutaka Date: Fri Sep 2 13:41:19 2016 +0900 agent: invoke scdaemon with --homedir. * agent/call-scd.c (start_scd): Supply --homedir option when it's not default homedir. -- Signed-off-by: NIIBE Yutaka diff --git a/agent/call-scd.c b/agent/call-scd.c index b776840..934ab4c 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -195,10 +195,11 @@ start_scd (ctrl_t ctrl) gpg_error_t err = 0; const char *pgmname; assuan_context_t ctx = NULL; - const char *argv[3]; + const char *argv[5]; assuan_fd_t no_close_list[3]; int i; int rc; + char *abs_homedir = NULL; if (opt.disable_scdaemon) return gpg_error (GPG_ERR_NOT_SUPPORTED); @@ -313,7 +314,22 @@ start_scd (ctrl_t ctrl) argv[0] = pgmname; argv[1] = "--multi-server"; - argv[2] = NULL; + if (gnupg_default_homedir_p ()) + argv[2] = NULL; + else + { + abs_homedir = make_absfilename_try (gnupg_homedir (), NULL); + if (!abs_homedir) + { + log_error ("error building filename: %s\n", + gpg_strerror (gpg_error_from_syserror ())); + goto leave; + } + + argv[2] = "--homedir"; + argv[3] = abs_homedir; + argv[4] = NULL; + } i=0; if (!opt.running_detached) @@ -393,6 +409,7 @@ start_scd (ctrl_t ctrl) primary_scd_ctx_reusable = 0; leave: + xfree (abs_homedir); if (err) { unlock_scd (ctrl, err); ----------------------------------------------------------------------- Summary of changes: agent/call-scd.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 2 07:01:13 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 02 Sep 2016 07:01:13 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-52-gd1ae710 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d1ae7103352fbda2a05f098379cd3043a0ab5566 (commit) from 8b6c0bae33bdc36892f4595806665ce61f77dfd2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d1ae7103352fbda2a05f098379cd3043a0ab5566 Author: NIIBE Yutaka Date: Fri Sep 2 13:58:33 2016 +0900 scd: Clean up unused shutdown method. * scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove. (reset_ccid_reader): Don't set shutdown_reader. * scd/ccid-driver.c (ccid_shutdown_reader): Remove. -- Signed-off-by: NIIBE Yutaka diff --git a/scd/apdu.c b/scd/apdu.c index 268a2c6..c139d76 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -101,7 +101,6 @@ struct reader_table_s { int (*connect_card)(int); int (*disconnect_card)(int); int (*close_reader)(int); - int (*shutdown_reader)(int); int (*reset_reader)(int); int (*get_status_reader)(int, unsigned int *); int (*send_apdu_reader)(int,unsigned char *,size_t, @@ -462,7 +461,6 @@ new_reader_slot (void) reader_table[reader].connect_card = NULL; reader_table[reader].disconnect_card = NULL; reader_table[reader].close_reader = NULL; - reader_table[reader].shutdown_reader = NULL; reader_table[reader].reset_reader = NULL; reader_table[reader].get_status_reader = NULL; reader_table[reader].send_apdu_reader = NULL; @@ -2476,14 +2474,6 @@ close_ccid_reader (int slot) static int -shutdown_ccid_reader (int slot) -{ - ccid_shutdown_reader (reader_table[slot].ccid.handle); - return 0; -} - - -static int reset_ccid_reader (int slot) { int err; @@ -2649,7 +2639,6 @@ open_ccid_reader (const char *portstr) } reader_table[slot].close_reader = close_ccid_reader; - reader_table[slot].shutdown_reader = shutdown_ccid_reader; reader_table[slot].reset_reader = reset_ccid_reader; reader_table[slot].get_status_reader = get_status_ccid; reader_table[slot].send_apdu_reader = send_apdu_ccid; @@ -3264,43 +3253,6 @@ apdu_prepare_exit (void) } -/* Shutdown a reader; that is basically the same as a close but keeps - the handle ready for later use. A apdu_reset_reader or apdu_connect - should be used to get it active again. */ -int -apdu_shutdown_reader (int slot) -{ - int sw; - - if (DBG_READER) - log_debug ("enter: apdu_shutdown_reader: slot=%d\n", slot); - - if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) - { - if (DBG_READER) - log_debug ("leave: apdu_shutdown_reader => SW_HOST_NO_DRIVER\n"); - return SW_HOST_NO_DRIVER; - } - sw = apdu_disconnect (slot); - if (sw) - { - if (DBG_READER) - log_debug ("leave: apdu_shutdown_reader => 0x%x (apdu_disconnect)\n", - sw); - return sw; - } - if (reader_table[slot].shutdown_reader) - { - sw = reader_table[slot].shutdown_reader (slot); - if (DBG_READER) - log_debug ("leave: apdu_shutdown_reader => 0x%x (close_reader)\n", sw); - return sw; - } - if (DBG_READER) - log_debug ("leave: apdu_shutdown_reader => SW_HOST_NOT_SUPPORTED\n"); - return SW_HOST_NOT_SUPPORTED; -} - /* Enumerate all readers and return information on whether this reader is in use. The caller should start with SLOT set to 0 and increment it with each call until an error is returned. */ diff --git a/scd/apdu.h b/scd/apdu.h index 1694eac..7ca4c14 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -96,7 +96,6 @@ int apdu_open_remote_reader (const char *portstr, void *writefnc_value, void (*closefnc) (void *opaque), void *closefnc_value); -int apdu_shutdown_reader (int slot); int apdu_close_reader (int slot); void apdu_prepare_exit (void); int apdu_enum_reader (int slot, int *used); diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index b1523cb..478e038 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1717,78 +1717,6 @@ do_close_reader (ccid_driver_t handle) } -/* Reset a reader on HANDLE. This is useful in case a reader has been - plugged of and inserted at a different port. By resetting the - handle, the same reader will be get used. Note, that on error the - handle won't get released. - - This does not return an ATR, so ccid_get_atr should be called right - after this one. -*/ -int -ccid_shutdown_reader (ccid_driver_t handle) -{ - int rc = 0; - libusb_device_handle *idev = NULL; - unsigned char *ifcdesc_extra = NULL; - size_t ifcdesc_extra_len; - int ifc_no, ep_bulk_out, ep_bulk_in, ep_intr; - - if (!handle || !handle->rid) - return CCID_DRIVER_ERR_INV_VALUE; - - do_close_reader (handle); - - if (scan_or_find_devices (-1, handle->rid, NULL, NULL, - &ifcdesc_extra, &ifcdesc_extra_len, - &ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr, - &idev, NULL) || !idev) - { - DEBUGOUT_1 ("no CCID reader with ID %s\n", handle->rid); - return CCID_DRIVER_ERR_NO_READER; - } - - if (idev) - { - handle->idev = idev; - handle->ifc_no = ifc_no; - handle->ep_bulk_out = ep_bulk_out; - handle->ep_bulk_in = ep_bulk_in; - handle->ep_intr = ep_intr; - - if (parse_ccid_descriptor (handle, ifcdesc_extra, ifcdesc_extra_len)) - { - DEBUGOUT ("device not supported\n"); - rc = CCID_DRIVER_ERR_NO_READER; - goto leave; - } - - rc = libusb_claim_interface (idev, ifc_no); - if (rc) - { - DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc); - rc = CCID_DRIVER_ERR_CARD_IO_ERROR; - goto leave; - } - } - - leave: - free (ifcdesc_extra); - if (rc) - { - if (handle->idev) - libusb_close (handle->idev); - handle->idev = NULL; - if (handle->dev_fd != -1) - close (handle->dev_fd); - handle->dev_fd = -1; - } - - return rc; - -} - - int ccid_set_progress_cb (ccid_driver_t handle, void (*cb)(void *, const char *, int, int, int), ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 48 ------------------------------------- scd/apdu.h | 1 - scd/ccid-driver.c | 72 ------------------------------------------------------- 3 files changed, 121 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 2 07:52:56 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 02 Sep 2016 07:52:56 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-53-g8fe8105 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 (commit) from d1ae7103352fbda2a05f098379cd3043a0ab5566 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 Author: NIIBE Yutaka Date: Fri Sep 2 14:45:26 2016 +0900 scd: Release the card reader after card removal. * scd/command.c (update_reader_status_file): Call apdu_close_reader. -- GnuPG-bug-id: 2651 Signed-off-by: NIIBE Yutaka diff --git a/scd/command.c b/scd/command.c index 239480b..2909330 100644 --- a/scd/command.c +++ b/scd/command.c @@ -2340,7 +2340,10 @@ update_reader_status_file (int set_card_removed_flag) /* Set the card removed flag for all current sessions. */ if (vr->any && vr->status == 0 && set_card_removed_flag) - update_card_removed (idx, 1); + { + apdu_close_reader (vr->slot); + update_card_removed (idx, 1); + } vr->any = 1; ----------------------------------------------------------------------- Summary of changes: scd/command.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 2 17:02:24 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 02 Sep 2016 17:02:24 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-57-g18a808b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 18a808bccf543d563239f93257aee40aa1b5a475 (commit) via 46362cbc0e2260e989820795a6e4245c72335172 (commit) via 505ee45106d6aa2902bbdd6326f8eb7527c273c4 (commit) via fc445b36fafc8a4cc3ce5a675ac42df7a9d9a02a (commit) from 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 18a808bccf543d563239f93257aee40aa1b5a475 Author: Werner Koch Date: Fri Sep 2 16:59:49 2016 +0200 po: Fix line ending mismatch in Japanese translation. -- Signed-off-by: Werner Koch diff --git a/po/ja.po b/po/ja.po index bbcf6d4..b7cefa8 100644 --- a/po/ja.po +++ b/po/ja.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.1.15\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2016-09-02 10:06+0900\n" +"PO-Revision-Date: 2016-09-02 16:58+0200\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -4290,7 +4290,7 @@ msgstr "%s?%s?ID %s???????\n" #, c-format msgid " issuer \"%s\"\n" -msgstr " ???\"%s\"" +msgstr " ???\"%s\"\n" msgid "Key available at: " msgstr "?????????: " commit 46362cbc0e2260e989820795a6e4245c72335172 Author: Werner Koch Date: Fri Sep 2 16:54:42 2016 +0200 wks: Add framework for policy flags. * tools/call-dirmngr.c (wkd_get_policy_flags): New. * tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New. * tools/wks-util.c (wks_parse_policy): New. * tools/gpg-wks-client.c (command_send): Get the policy flags to show a new info line. * tools/gpg-wks-server.c (get_policy_flags): New. (process_new_key): get policy flag and add a stub for "auth-submit". (command_list_domains): Check policy flags. Signed-off-by: Werner Koch diff --git a/tools/call-dirmngr.c b/tools/call-dirmngr.c index 0e591dd..9142350 100644 --- a/tools/call-dirmngr.c +++ b/tools/call-dirmngr.c @@ -203,3 +203,58 @@ wkd_get_submission_address (const char *addrspec, char **r_addrspec) assuan_release (ctx); return err; } + + +/* Ask the dirmngr for the policy flags and return them as an estream + * memory stream. If no policy flags are set, NULL is stored at + * R_BUFFER. */ +gpg_error_t +wkd_get_policy_flags (const char *addrspec, estream_t *r_buffer) +{ + gpg_error_t err; + assuan_context_t ctx; + struct wkd_get_parm_s parm; + char *line = NULL; + char *buffer = NULL; + + memset (&parm, 0, sizeof parm); + *r_buffer = NULL; + + err = connect_dirmngr (&ctx); + if (err) + return err; + + line = es_bsprintf ("WKD_GET --policy-flags -- %s", addrspec); + if (!line) + { + err = gpg_error_from_syserror (); + goto leave; + } + if (strlen (line) + 2 >= ASSUAN_LINELENGTH) + { + err = gpg_error (GPG_ERR_TOO_LARGE); + goto leave; + } + + parm.memfp = es_fopenmem (0, "rwb"); + if (!parm.memfp) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = assuan_transact (ctx, line, wkd_get_data_cb, &parm, + NULL, NULL, wkd_get_status_cb, &parm); + if (err) + goto leave; + + es_rewind (parm.memfp); + *r_buffer = parm.memfp; + parm.memfp = 0; + + leave: + es_free (buffer); + es_fclose (parm.memfp); + xfree (line); + assuan_release (ctx); + return err; +} diff --git a/tools/call-dirmngr.h b/tools/call-dirmngr.h index f1bc368..6c866e7 100644 --- a/tools/call-dirmngr.h +++ b/tools/call-dirmngr.h @@ -23,6 +23,7 @@ void set_dirmngr_options (int verbose, int debug_ipc, int autostart); gpg_error_t wkd_get_submission_address (const char *addrspec, char **r_addrspec); +gpg_error_t wkd_get_policy_flags (const char *addrspec, estream_t *r_buffer); #endif /*GNUPG_TOOLS_CALL_DIRMNGR_H*/ diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 34b26ea..c0e34c4 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -447,6 +447,9 @@ command_send (const char *fingerprint, char *userid) estream_t key = NULL; char *submission_to = NULL; mime_maker_t mime = NULL; + struct policy_flags_s policy; + + memset (&policy, 0, sizeof policy); if (classify_user_id (fingerprint, &desc, 1) || !(desc.mode == KEYDB_SEARCH_MODE_FPR @@ -473,6 +476,29 @@ command_send (const char *fingerprint, char *userid) goto leave; log_info ("submitting request to '%s'\n", submission_to); + /* Get the policy flags. */ + { + estream_t mbuf; + + err = wkd_get_policy_flags (addrspec, &mbuf); + if (err) + { + log_error ("error reading policy flags for '%s': %s\n", + submission_to, gpg_strerror (err)); + goto leave; + } + if (mbuf) + { + err = wks_parse_policy (&policy, mbuf, 1); + es_fclose (mbuf); + if (err) + goto leave; + } + } + + if (policy.auth_submit) + log_info ("no confirmation required for '%s'\n", addrspec); + /* Send the key. */ err = mime_maker_new (&mime, NULL); if (err) diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 221db05..678000c 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -766,6 +766,50 @@ get_submission_address (const char *mbox) } +/* Get the policy flags for address MBOX and store them in POLICY. */ +static gpg_error_t +get_policy_flags (policy_flags_t policy, const char *mbox) +{ + gpg_error_t err; + const char *domain; + char *fname; + estream_t fp; + + memset (policy, 0, sizeof *policy); + + domain = strchr (mbox, '@'); + if (!domain) + return gpg_error (GPG_ERR_INV_USER_ID); + domain++; + + fname = make_filename_try (opt.directory, domain, "policy", NULL); + if (!fname) + { + err = gpg_error_from_syserror (); + log_error ("make_filename failed in %s: %s\n", + __func__, gpg_strerror (err)); + return err; + } + + fp = es_fopen (fname, "r"); + if (!fp) + { + err = gpg_error_from_syserror (); + if (gpg_err_code (err) == GPG_ERR_ENOENT) + err = 0; + else + log_error ("error reading '%s': %s\n", fname, gpg_strerror (err)); + xfree (fname); + return err; + } + + err = wks_parse_policy (policy, fp, 0); + es_fclose (fp); + xfree (fname); + return err; +} + + /* We store the key under the name of the nonce we will then send to * the user. On success the nonce is stored at R_NONCE and the file * name at R_FNAME. */ @@ -1005,6 +1049,7 @@ process_new_key (server_ctx_t ctx, estream_t key) char *dname = NULL; char *nonce = NULL; char *fname = NULL; + struct policy_flags_s policybuf; /* First figure out the user id from the key. */ err = list_key (ctx, key); @@ -1035,23 +1080,40 @@ process_new_key (server_ctx_t ctx, estream_t key) err = gpg_error_from_syserror (); goto leave; } - /* Fixme: check for proper directory permissions. */ + if (access (dname, W_OK)) { log_info ("skipping address '%s': Domain not configured\n", sl->d); continue; } - log_info ("storing address '%s'\n", sl->d); + if (get_policy_flags (&policybuf, sl->d)) + { + log_info ("skipping address '%s': Bad policy flags\n", sl->d); + continue; + } - xfree (nonce); - xfree (fname); - err = store_key_as_pending (dname, key, &nonce, &fname); - if (err) - goto leave; + if (policybuf.auth_submit) + { + /* Bypass the confirmation stuff and publish the the key as is. */ + log_info ("publishing address '%s'\n", sl->d); + /* FIXME: We need to make sure that we do this only for the + * address in the mail. */ + log_debug ("auth-submit not yet working!\n"); + } + else + { + log_info ("storing address '%s'\n", sl->d); - err = send_confirmation_request (ctx, sl->d, nonce, fname); - if (err) - goto leave; + xfree (nonce); + xfree (fname); + err = store_key_as_pending (dname, key, &nonce, &fname); + if (err) + goto leave; + + err = send_confirmation_request (ctx, sl->d, nonce, fname); + if (err) + goto leave; + } } leave: @@ -1639,6 +1701,7 @@ command_list_domains (void) const char *domain; char *fname = NULL; int i; + estream_t fp; err = get_domain_list (&domaindirs); if (err) @@ -1686,7 +1749,7 @@ command_list_domains (void) } } - /* Print a warning if the sumbission address is not configured. */ + /* Print a warning if the submission address is not configured. */ xfree (fname); fname = make_filename_try (sl->d, "submission-address", NULL); if (!fname) @@ -1704,6 +1767,38 @@ command_list_domains (void) log_error ("domain %s: problem with '%s': %s\n", domain, fname, gpg_strerror (err)); } + + /* Check the syntax of the optional policy file. */ + xfree (fname); + fname = make_filename_try (sl->d, "policy", NULL); + if (!fname) + { + err = gpg_error_from_syserror (); + goto leave; + } + fp = es_fopen (fname, "r"); + if (!fp) + { + err = gpg_error_from_syserror (); + if (gpg_err_code (err) != GPG_ERR_ENOENT) + log_error ("domain %s: error in policy file: %s\n", + domain, gpg_strerror (err)); + } + else + { + struct policy_flags_s policy; + err = wks_parse_policy (&policy, fp, 0); + es_fclose (fp); + if (!err) + { + struct policy_flags_s empty_policy; + memset (&empty_policy, 0, sizeof empty_policy); + if (!memcmp (&empty_policy, &policy, sizeof policy)) + log_error ("domain %s: empty policy file\n", domain); + } + } + + } err = 0; diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h index be85eec..85000cc 100644 --- a/tools/gpg-wks.h +++ b/tools/gpg-wks.h @@ -46,8 +46,22 @@ struct #define DBG_EXTPROG_VALUE 16384 /* debug external program calls */ +/* The parsed policy flags. */ +struct policy_flags_s +{ + unsigned int mailbox_only : 1; + unsigned int dane_only : 1; + unsigned int auth_submit : 1; + unsigned int max_pending; /* Seconds to wait for a confirmation. */ +}; +typedef struct policy_flags_s *policy_flags_t; + + + /*-- wks-util.c --*/ gpg_error_t wks_send_mime (mime_maker_t mime); +gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream, + int ignore_unknown); /*-- wks-receive.c --*/ gpg_error_t wks_receive (estream_t fp, diff --git a/tools/wks-util.c b/tools/wks-util.c index 8d9f92b..7a87a27 100644 --- a/tools/wks-util.c +++ b/tools/wks-util.c @@ -63,3 +63,111 @@ wks_send_mime (mime_maker_t mime) es_fclose (mail); return err; } + + +/* Parse the policy flags by reading them from STREAM and storing them + * into FLAGS. If IGNORE_UNKNOWN is iset unknown keywords are + * ignored. */ +gpg_error_t +wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown) +{ + enum tokens { + TOK_MAILBOX_ONLY, + TOK_DANE_ONLY, + TOK_AUTH_SUBMIT, + TOK_MAX_PENDING + }; + static struct { + const char *name; + enum tokens token; + } keywords[] = { + { "mailbox-only", TOK_MAILBOX_ONLY }, + { "dane-only", TOK_DANE_ONLY }, + { "auth-submit", TOK_AUTH_SUBMIT }, + { "max-pending", TOK_MAX_PENDING } + }; + gpg_error_t err = 0; + int lnr = 0; + char line[1024]; + char *p, *keyword, *value; + int i, n; + + memset (flags, 0, sizeof *flags); + + while (es_fgets (line, DIM(line)-1, stream) ) + { + lnr++; + n = strlen (line); + if (!n || line[n-1] != '\n') + { + err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG + : GPG_ERR_INCOMPLETE_LINE); + break; + } + trim_trailing_spaces (line); + /* Skip empty and comment lines. */ + for (p=line; spacep (p); p++) + ; + if (!*p || *p == '#') + continue; + + if (*p == ':') + { + err = gpg_error (GPG_ERR_SYNTAX); + break; + } + + keyword = p; + value = NULL; + if ((p = strchr (p, ':'))) + { + /* Colon found: Keyword with value. */ + *p++ = 0; + for (; spacep (p); p++) + ; + if (!*p) + { + err = gpg_error (GPG_ERR_MISSING_VALUE); + break; + } + value = p; + } + + for (i=0; i < DIM (keywords); i++) + if (!ascii_strcasecmp (keywords[i].name, keyword)) + break; + if (!(i < DIM (keywords))) + { + if (ignore_unknown) + continue; + err = gpg_error (GPG_ERR_INV_NAME); + break; + } + + switch (keywords[i].token) + { + case TOK_MAILBOX_ONLY: flags->mailbox_only = 1; break; + case TOK_DANE_ONLY: flags->dane_only = 1; break; + case TOK_AUTH_SUBMIT: flags->auth_submit = 1; break; + case TOK_MAX_PENDING: + if (!value) + { + err = gpg_error (GPG_ERR_SYNTAX); + goto leave; + } + /* FIXME: Define whether these are seconds, hours, or days + * and decide whether to allow other units. */ + flags->max_pending = atoi (value); + break; + } + } + + if (!err && !es_feof (stream)) + err = gpg_error_from_syserror (); + leave: + if (err) + log_error ("error reading '%s', line %d: %s\n", + es_fname_get (stream), lnr, gpg_strerror (err)); + + return err; +} commit 505ee45106d6aa2902bbdd6326f8eb7527c273c4 Author: Werner Koch Date: Fri Sep 2 16:52:17 2016 +0200 dirmngr: Add --policy-flags option to WKD_GET. * dirmngr/server.c (cmd_wkd_get): Add new option. Signed-off-by: Werner Koch diff --git a/dirmngr/server.c b/dirmngr/server.c index 3ac4160..03adc61 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -794,10 +794,10 @@ cmd_dns_cert (assuan_context_t ctx, char *line) static const char hlp_wkd_get[] = - "WKD_GET [--submission-address] \n" + "WKD_GET [--submission-address|--policy-flags] \n" "\n" - "Return the key or the submission address for \n" - "from a Web Key Directory."; + "Return the key or other info for \n" + "from the Web Key Directory."; static gpg_error_t cmd_wkd_get (assuan_context_t ctx, char *line) { @@ -809,8 +809,10 @@ cmd_wkd_get (assuan_context_t ctx, char *line) char *uri = NULL; char *encodedhash = NULL; int opt_submission_addr; + int opt_policy_flags; opt_submission_addr = has_option (line, "--submission-address"); + opt_policy_flags = has_option (line, "--policy-flags"); line = skip_options (line); mbox = mailbox_from_userid (line); @@ -836,6 +838,13 @@ cmd_wkd_get (assuan_context_t ctx, char *line) "/.well-known/openpgpkey/submission-address", NULL); } + else if (opt_policy_flags) + { + uri = strconcat ("https://", + domain, + "/.well-known/openpgpkey/policy", + NULL); + } else { uri = strconcat ("https://", commit fc445b36fafc8a4cc3ce5a675ac42df7a9d9a02a Author: Werner Koch Date: Fri Sep 2 15:33:34 2016 +0200 common: Check read errors in name-value.c * common/name-value.c: Check for read errors. Signed-off-by: Werner Koch diff --git a/common/name-value.c b/common/name-value.c index 0b32a44..ebc48e5 100644 --- a/common/name-value.c +++ b/common/name-value.c @@ -665,7 +665,7 @@ do_nvc_parse (nvc_t *result, int *errlinep, estream_t stream, if (errlinep) *errlinep = 0; - while ((len = es_read_line (stream, &buf, &buf_len, NULL))) + while ((len = es_read_line (stream, &buf, &buf_len, NULL)) > 0) { char *p; if (errlinep) @@ -735,6 +735,11 @@ do_nvc_parse (nvc_t *result, int *errlinep, estream_t stream, goto leave; } } + if (len < 0) + { + err = gpg_error_from_syserror (); + goto leave; + } /* Add the final entry. */ if (raw_value) ----------------------------------------------------------------------- Summary of changes: common/name-value.c | 7 ++- dirmngr/server.c | 15 +++++-- po/ja.po | 4 +- tools/call-dirmngr.c | 55 +++++++++++++++++++++++ tools/call-dirmngr.h | 1 + tools/gpg-wks-client.c | 26 +++++++++++ tools/gpg-wks-server.c | 117 ++++++++++++++++++++++++++++++++++++++++++++----- tools/gpg-wks.h | 14 ++++++ tools/wks-util.c | 108 +++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 330 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Sep 3 08:35:55 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Sat, 03 Sep 2016 08:35:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-58-gf9e49c8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f9e49c80e706a27d5e30d4b3237ff26367a67130 (commit) from 18a808bccf543d563239f93257aee40aa1b5a475 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f9e49c80e706a27d5e30d4b3237ff26367a67130 Author: NIIBE Yutaka Date: Sat Sep 3 15:27:30 2016 +0900 scd: Fix an action after card removal. * scd/command.c (update_card_removed): Call apdu_close_reader here. -- This is update of the commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 It is better apdu_close_reader is called in update_card_removed. The commit 1598a4476466822e7e9c757ac471089d3db4b545 introduced a regression, it doesn't close the reader after removal of the card, while the code before the commit call apdu_close_reader in do_reset. So, this fix. GnuPG-bug-id: 2449 Signed-off-by: NIIBE Yutaka diff --git a/scd/command.c b/scd/command.c index 2909330..9d978ab 100644 --- a/scd/command.c +++ b/scd/command.c @@ -223,8 +223,11 @@ update_card_removed (int vrdr, int value) /* Let the card application layer know about the removal. */ if (value) { + int slot = vreader_slot (vrdr); + log_debug ("Removal of a card: %d\n", vrdr); - application_notify_card_reset (vreader_slot (vrdr)); + apdu_close_reader (slot); + application_notify_card_reset (slot); vreader_table[vrdr].slot = -1; } } @@ -2340,10 +2343,7 @@ update_reader_status_file (int set_card_removed_flag) /* Set the card removed flag for all current sessions. */ if (vr->any && vr->status == 0 && set_card_removed_flag) - { - apdu_close_reader (vr->slot); - update_card_removed (idx, 1); - } + update_card_removed (idx, 1); vr->any = 1; ----------------------------------------------------------------------- Summary of changes: scd/command.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Sep 4 20:27:42 2016 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Sun, 04 Sep 2016 20:27:42 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.4.3-2-g8ab3b92 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e (commit) from bf39d04238c0ae43f6cf2b04baf394c2f1e1d838 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e Author: Ben Kibbey Date: Sun Sep 4 14:22:25 2016 -0400 EPROTO portability fix. * src/assuan-socket.c(socks5_connect): Return EPROTONOSUPPORT rather than EPROTO. -- OpenBSD, and maybe other systems, doesn't define EPROTO. Signed-off-by: Ben Kibbey diff --git a/src/assuan-socket.c b/src/assuan-socket.c index d5e4ee4..d7616ce 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -803,7 +803,7 @@ socks5_connect (assuan_context_t ctx, assuan_fd_t sock, if (buffer[0] != 1) { /* SOCKS server returned wrong version. */ - gpg_err_set_errno (EPROTO); + gpg_err_set_errno (EPROTONOSUPPORT); return -1; } if (buffer[1]) @@ -863,7 +863,7 @@ socks5_connect (assuan_context_t ctx, assuan_fd_t sock, { /* Socks server returned wrong version or the reserved field is not zero. */ - gpg_err_set_errno (EPROTO); + gpg_err_set_errno (EPROTONOSUPPORT); return -1; } if (buffer[1]) ----------------------------------------------------------------------- Summary of changes: src/assuan-socket.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 10:00:08 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 05 Sep 2016 10:00:08 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-61-g0a4a03e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0a4a03e5310946b0866a0f6a34031eda7a240162 (commit) via 959cd8903fd012e63dbb156db56708dd3934b5df (commit) via c8e0d37f4152d1341ef562a190fce93a0386a759 (commit) from f9e49c80e706a27d5e30d4b3237ff26367a67130 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0a4a03e5310946b0866a0f6a34031eda7a240162 Author: Werner Koch Date: Mon Sep 5 09:51:16 2016 +0200 gpg: New export filter drop-subkey. * g10/import.c (impex_filter_getval): Add properties for key packets. * g10/export.c (export_drop_subkey): New var. (cleanup_export_globals): Release that var. (parse_and_set_export_filter): Add filter "drop-subkey". (apply_drop_subkey_filter): New. (do_export_stream): Run that filter. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 901d1ee..8864a0a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2254,6 +2254,10 @@ The available filter types are: This filter will keep a user id packet and its dependent packets in the keyblock if the expression evaluates to true. + @item drop-subkey + This filter drops the selected subkeys. + Currently only implemented for --export-filter. + @item drop-sig This filter drops the selected key signatures on user ids. Self-signatures are not consideres. @@ -2276,9 +2280,23 @@ The available properties are: The addr-spec part of a user id with mailbox or the empty string. (keep-uid) + @item key_algo + A number with the public key algorithm of a key or subkey packet. + (drop-subkey) + + @item key_created + @itemx key_created_d + The first is the timestamp a public key or subkey packet was + created. The second is the same but given as an ISO string, + e.g. "2016-08-17". (drop-subkey) + @item primary Boolean indicating whether the user id is the primary one. (keep-uid) + @item secret + Boolean indicating whether a key or subkey is a secret one. + drop-subkey) + @item sig_created @itemx sig_created_d The first is the timestamp a signature packet was created. The diff --git a/g10/export.c b/g10/export.c index e0699db..78cb85f 100644 --- a/g10/export.c +++ b/g10/export.c @@ -62,11 +62,13 @@ struct export_stats_s /* A global variable to store the selector created from * --export-filter keep-uid=EXPR. + * --export-filter drop-subkey=EXPR. * * FIXME: We should put this into the CTRL object but that requires a * lot more changes right now. */ static recsel_expr_t export_keep_uid; +static recsel_expr_t export_drop_subkey; @@ -88,6 +90,8 @@ cleanup_export_globals (void) { recsel_release (export_keep_uid); export_keep_uid = NULL; + recsel_release (export_drop_subkey); + export_drop_subkey = NULL; } @@ -142,6 +146,14 @@ parse_export_options(char *str,unsigned int *options,int noisy) * - uid :: The entire user ID. * - mbox :: The mail box part of the user ID. * - primary :: Evaluate to true for the primary user ID. + * + * - drop-subkey :: If the expression evaluates to true for a subkey + * packet that subkey and all it dependencies will be + * remove from the keyblock. The expression may use these + * variables: + * + * - secret :: 1 for a secret subkey, else 0. + * - key_algo :: Public key algorithm id */ gpg_error_t parse_and_set_export_filter (const char *string) @@ -153,6 +165,8 @@ parse_and_set_export_filter (const char *string) if (!strncmp (string, "keep-uid=", 9)) err = recsel_parse_expr (&export_keep_uid, string+9); + else if (!strncmp (string, "drop-subkey=", 12)) + err = recsel_parse_expr (&export_drop_subkey, string+12); else err = gpg_error (GPG_ERR_INV_NAME); @@ -1329,6 +1343,38 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) } +/* + * Apply the drop-subkey filter to the keyblock. The deleted nodes are + * marked and thus the caller should call commit_kbnode afterwards. + * KEYBLOCK must not have any blocks marked as deleted. + */ +static void +apply_drop_subkey_filter (kbnode_t keyblock, recsel_expr_t selector) +{ + kbnode_t node; + + for (node = keyblock->next; node; node = node->next ) + { + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY) + { + if (recsel_select (selector, impex_filter_getval, node)) + { + log_debug ("drop-subkey: deleting a key\n"); + /* The subkey packet and all following packets up to the + * next subkey. */ + delete_kbnode (node); + for (; node->next + && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY + && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ; + node = node->next) + delete_kbnode (node->next); + } + } + } +} + + /* Print DANE or PKA records for all user IDs in KEYBLOCK to OUT. The * data for the record is taken from (DATA,DATELEN). PK is the public * key packet with the primary key. */ @@ -1922,6 +1968,13 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, commit_kbnode (&keyblock); } + if (export_drop_subkey) + { + commit_kbnode (&keyblock); + apply_drop_subkey_filter (keyblock, export_drop_subkey); + commit_kbnode (&keyblock); + } + /* And write it. */ err = do_export_one_keyblock (ctrl, keyblock, keyid, out_help? out_help : out, diff --git a/g10/import.c b/g10/import.c index 14abd2b..f32a3da 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1157,6 +1157,35 @@ impex_filter_getval (void *cookie, const char *propname) else result = NULL; } + else if (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_SECRET_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY) + { + PKT_public_key *pk = node->pkt->pkt.public_key; + + if (!strcmp (propname, "secret")) + { + result = (node->pkt->pkttype == PKT_SECRET_KEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY)? "1":"0"; + } + else if (!strcmp (propname, "key_algo")) + { + snprintf (numbuf, sizeof numbuf, "%d", pk->pubkey_algo); + result = numbuf; + } + if (!strcmp (propname, "key_created")) + { + snprintf (numbuf, sizeof numbuf, "%lu", (ulong)pk->timestamp); + result = numbuf; + } + else if (!strcmp (propname, "key_created_d")) + { + result = datestr_from_pk (pk); + } + else + result = NULL; + } else result = NULL; commit 959cd8903fd012e63dbb156db56708dd3934b5df Author: Werner Koch Date: Mon Sep 5 09:49:06 2016 +0200 common: Add string operator gt,ge,le,lt to recsel. * common/recsel.c (recsel_parse_expr): Add them. (recsel_dump): Print them. (recsel_select): Evaluate them. Signed-off-by: Werner Koch diff --git a/common/recsel.c b/common/recsel.c index 5dc685f..866861b 100644 --- a/common/recsel.c +++ b/common/recsel.c @@ -48,7 +48,11 @@ typedef enum SELECT_LE, SELECT_GE, SELECT_LT, - SELECT_GT + SELECT_GT, + SELECT_STRLE, /* String is less or equal. */ + SELECT_STRGE, + SELECT_STRLT, + SELECT_STRGT } select_op_t; @@ -347,6 +351,26 @@ recsel_parse_expr (recsel_expr_t *selector, const char *expression) se->op = SELECT_ISTRUE; s += 2; } + else if (!strncmp (s, "-le", 3)) + { + se->op = SELECT_STRLE; + s += 3; + } + else if (!strncmp (s, "-ge", 3)) + { + se->op = SELECT_STRGE; + s += 3; + } + else if (!strncmp (s, "-lt", 3)) + { + se->op = SELECT_STRLT; + s += 3; + } + else if (!strncmp (s, "-gt", 3)) + { + se->op = SELECT_STRGT; + s += 3; + } else { log_error ("invalid operator in expression\n"); @@ -467,7 +491,12 @@ recsel_dump (recsel_expr_t selector) se->op == SELECT_LT? "< ": se->op == SELECT_LE? "<=": se->op == SELECT_GT? "> ": - se->op == SELECT_GE? ">=":"[oops]", + se->op == SELECT_GE? ">=": + se->op == SELECT_STRLT? "-lt": + se->op == SELECT_STRLE? "-le": + se->op == SELECT_STRGT? "-gt": + se->op == SELECT_STRGE? "-ge": + /**/ "[oops]", se->value); } log_debug ("--- End selectors ---\n"); @@ -541,6 +570,30 @@ recsel_select (recsel_expr_t selector, case SELECT_LE: result = (numvalue <= se->numvalue); break; + case SELECT_STRGT: + if (se->xcase) + result = strcmp (value, se->value) > 0; + else + result = strcasecmp (value, se->value) > 0; + break; + case SELECT_STRGE: + if (se->xcase) + result = strcmp (value, se->value) >= 0; + else + result = strcasecmp (value, se->value) >= 0; + break; + case SELECT_STRLT: + if (se->xcase) + result = strcmp (value, se->value) < 0; + else + result = strcasecmp (value, se->value) < 0; + break; + case SELECT_STRLE: + if (se->xcase) + result = strcmp (value, se->value) <= 0; + else + result = strcasecmp (value, se->value) <= 0; + break; } } diff --git a/common/t-recsel.c b/common/t-recsel.c index fe2a7b9..faddc97 100644 --- a/common/t-recsel.c +++ b/common/t-recsel.c @@ -171,6 +171,8 @@ test_2_getval (void *cookie, const char *name) return " "; else if (!strcmp (name, "letters")) return "abcde"; + else if (!strcmp (name, "str1")) + return "aaa"; else return cookie; } @@ -264,6 +266,37 @@ run_test_2 (void) FREEEXPR(); + ADDEXPR ("str1 -gt aa"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("str1 -gt aaa"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("str1 -ge aaa"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("str1 -lt aab"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("str1 -le aaa"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + FREEEXPR(); + ADDEXPR ("-c str1 -lt AAB"); + if (recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + FREEEXPR(); + ADDEXPR ("str1 -lt AAB"); + if (!recsel_select (se, test_2_getval, NULL)) + fail (0, 0); + + + FREEEXPR(); ADDEXPR ("uid -n"); if (!recsel_select (se, test_2_getval, NULL)) fail (0, 0); diff --git a/doc/gpg.texi b/doc/gpg.texi index 68b21b6..901d1ee 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3500,12 +3500,24 @@ The supported operators (@var{op}) are: @item < The numerical value of the field must be LT than the value. - @item >= + @item > The numerical value of the field must be GT than the value. @item >= The numerical value of the field must be GE than the value. + @item -le + The string value of the field must be less or equal than the value. + + @item -lt + The string value of the field must be less than the value. + + @item -gt + The string value of the field must be greater than the value. + + @item -ge + The string value of the field must be greater or equal than the value. + @item -n True if value is not empty (no value allowed). commit c8e0d37f4152d1341ef562a190fce93a0386a759 Author: Werner Koch Date: Mon Sep 5 08:31:25 2016 +0200 gpg: Use a common filter_getval for import and export. * g10/import.c (filter_getval): Rename to ... (impex_filter_getval): this. Make global. (apply_keep_uid_filter, apply_drop_sig_filter): Adjust. * g10/export.c (filter_getval): Remove. (apply_drop_sig_filter): Use impex_filter_getval. Signed-off-by: Werner Koch diff --git a/g10/export.c b/g10/export.c index 8c15868..e0699db 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1293,37 +1293,6 @@ write_keyblock_to_output (kbnode_t keyblock, int with_armor, } -/* Helper for apply_keep_uid_filter. */ -static const char * -filter_getval (void *cookie, const char *propname) -{ - kbnode_t node = cookie; - const char *result; - - if (node->pkt->pkttype == PKT_USER_ID) - { - if (!strcmp (propname, "uid")) - result = node->pkt->pkt.user_id->name; - else if (!strcmp (propname, "mbox")) - { - if (!node->pkt->pkt.user_id->mbox) - { - node->pkt->pkt.user_id->mbox - = mailbox_from_userid (node->pkt->pkt.user_id->name); - } - return node->pkt->pkt.user_id->mbox; - } - else if (!strcmp (propname, "primary")) - result = node->pkt->pkt.user_id->is_primary? "1":"0"; - else - result = NULL; - } - else - result = NULL; - - return result; -} - /* * Apply the keep-uid filter to the keyblock. The deleted nodes are * marked and thus the caller should call commit_kbnode afterwards. @@ -1338,7 +1307,7 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) { if (node->pkt->pkttype == PKT_USER_ID) { - if (!recsel_select (selector, filter_getval, node)) + if (!recsel_select (selector, impex_filter_getval, node)) { /* log_debug ("keep-uid: deleting '%s'\n", */ /* node->pkt->pkt.user_id->name); */ diff --git a/g10/import.c b/g10/import.c index f7cb923..14abd2b 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1103,9 +1103,9 @@ check_prefs (ctrl_t ctrl, kbnode_t keyblock) } -/* Helper for apply_keep_uid_filter and apply_drop_sig_filter. */ -static const char * -filter_getval (void *cookie, const char *propname) +/* Helper for apply_*_filter in im,port.c and export.c. */ +const char * +impex_filter_getval (void *cookie, const char *propname) { /* FIXME: Malloc our static buffers and access them via the cookie. */ kbnode_t node = cookie; @@ -1178,7 +1178,7 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) { if (node->pkt->pkttype == PKT_USER_ID) { - if (!recsel_select (selector, filter_getval, node)) + if (!recsel_select (selector, impex_filter_getval, node)) { /* log_debug ("keep-uid: deleting '%s'\n", */ @@ -1237,7 +1237,7 @@ apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_t selector) if (IS_UID_SIG(sig) || IS_UID_REV(sig)) { - if (recsel_select (selector, filter_getval, node)) + if (recsel_select (selector, impex_filter_getval, node)) delete_kbnode (node); } } diff --git a/g10/main.h b/g10/main.h index 340f3b3..b1563d2 100644 --- a/g10/main.h +++ b/g10/main.h @@ -368,6 +368,7 @@ gpg_error_t import_old_secring (ctrl_t ctrl, const char *fname); import_stats_t import_new_stats_handle (void); void import_release_stats_handle (import_stats_t hd); void import_print_stats (import_stats_t hd); +const char *impex_filter_getval (void *cookie, const char *propname); gpg_error_t transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, kbnode_t sec_keyblock, int batch, int force); ----------------------------------------------------------------------- Summary of changes: common/recsel.c | 57 ++++++++++++++++++++++++++++++++++-- common/t-recsel.c | 33 +++++++++++++++++++++ doc/gpg.texi | 32 ++++++++++++++++++++- g10/export.c | 86 ++++++++++++++++++++++++++++++++++--------------------- g10/import.c | 39 +++++++++++++++++++++---- g10/main.h | 1 + 6 files changed, 208 insertions(+), 40 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 10:47:06 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 05 Sep 2016 10:47:06 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-321-g8a39a59 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8a39a595eb802b80a6ad756b0ee8939e9733e86f (commit) via e3a4697894cc5a93c295e84bb10c743bc7fdc87e (commit) from 05570bd3d05fb3d7934c1122f0d5ef5fdbaa7974 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8a39a595eb802b80a6ad756b0ee8939e9733e86f Author: Andre Heinecke Date: Mon Sep 5 10:44:41 2016 +0200 qt: Add missing header redirection * lang/qt/src/keyformailboxjob.h, lang/qt/src/qgpgmekeyformailboxjob.h: Fix includes. -- This ensures that when building qgpgme you do not need an installed gpgme++. diff --git a/lang/qt/src/keyformailboxjob.h b/lang/qt/src/keyformailboxjob.h index 9e76df5..d8b6c6b 100644 --- a/lang/qt/src/keyformailboxjob.h +++ b/lang/qt/src/keyformailboxjob.h @@ -36,7 +36,12 @@ #include "job.h" -#include +#ifdef BUILDING_QGPGME +# include "key.h" +#else +# include +#endif + namespace GpgME { class Error; diff --git a/lang/qt/src/qgpgmekeyformailboxjob.h b/lang/qt/src/qgpgmekeyformailboxjob.h index 02a16d3..8ac2c1f 100644 --- a/lang/qt/src/qgpgmekeyformailboxjob.h +++ b/lang/qt/src/qgpgmekeyformailboxjob.h @@ -38,8 +38,13 @@ #include "threadedjobmixin.h" -#include -#include +#ifdef BUILDING_QGPGME +# include "keylistresult.h" +# include "key.h" +#else +# include +# include +#endif namespace QGpgME { commit e3a4697894cc5a93c295e84bb10c743bc7fdc87e Author: Andre Heinecke Date: Mon Sep 5 10:42:02 2016 +0200 qt: Include cpp before core directory * lang/qt/src/Makefile.am (AM_CPPFLAGS): Include cpp before core. -- Both core and cpp have headers that have the same names, this can lead to the wrong headers beeing included when qt bindings are built. diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index 59206ed..f63b295 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -199,7 +199,7 @@ nodist_include_HEADERS = qgpgme_version.h libqgpgme_la_SOURCES = $(qgpgme_sources) $(qgpgme_headers) $(private_qgpgme_headers) -AM_CPPFLAGS = -I$(top_builddir)/src -I$(top_srcdir)/lang/cpp/src \ +AM_CPPFLAGS = -I$(top_srcdir)/lang/cpp/src -I$(top_builddir)/src \ @GPGME_QT_CFLAGS@ @GPG_ERROR_CFLAGS@ @LIBASSUAN_CFLAGS@ \ -DBUILDING_QGPGME ----------------------------------------------------------------------- Summary of changes: lang/qt/src/Makefile.am | 2 +- lang/qt/src/keyformailboxjob.h | 7 ++++++- lang/qt/src/qgpgmekeyformailboxjob.h | 9 +++++++-- 3 files changed, 14 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 12:59:55 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 05 Sep 2016 12:59:55 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-324-g965b842 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 965b842fad6ec6fbd8902f3a32119abcd0728fe4 (commit) via 79439e76cc5b302222874a1f9e93665cb12801ac (commit) via 444d85ace0dddff5c511961927052d9946035b00 (commit) from 8a39a595eb802b80a6ad756b0ee8939e9733e86f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 965b842fad6ec6fbd8902f3a32119abcd0728fe4 Author: Andre Heinecke Date: Mon Sep 5 12:58:35 2016 +0200 qt: Enable signcount checks in tofuinfo test * lang/qt/tests/t-tofuinfo.cpp: Enable checks for signcount. -- Signcount for userIDs works now as expected with gnupg 2.1.16. diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index 30f7bea..f7238f3 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -89,13 +89,12 @@ class TofuInfoTest: public QGpgMETest auto sigResult = job->exec(keys, what.toUtf8(), NormalSignatureMode, signedData); delete job; - auto info = keys[0].userID(0).tofuInfo(); - if (expected != -1) { + Q_ASSERT(!sigResult.error()); + foreach (const auto uid, keys[0].userIDs()) { + auto info = uid.tofuInfo(); Q_ASSERT(info.signCount() == expected - 1); } - Q_ASSERT(!sigResult.error()); - auto verifyJob = openpgp()->verifyOpaqueJob(); QByteArray verified; @@ -114,9 +113,13 @@ class TofuInfoTest: public QGpgMETest Q_ASSERT(!strcmp (key.primaryFingerprint(), sig.fingerprint())); auto stats = key2.userID(0).tofuInfo(); Q_ASSERT(!stats.isNull()); - if (expected != -1) { - Q_ASSERT(stats.signCount() == expected); + if (stats.signCount() != expected) { + std::cout << "################ Key before verify: " + << key + << "################ Key after verify: " + << key2; } + Q_ASSERT(stats.signCount() == expected); } private Q_SLOTS: @@ -218,6 +221,7 @@ private Q_SLOTS: return; } auto *job = openpgp()->keyListJob(false, false, false); + job->addMode(GpgME::WithTofu); std::vector keys; GpgME::KeyListResult result = job->exec(QStringList() << QStringLiteral("zulu at example.net"), true, keys); @@ -226,10 +230,13 @@ private Q_SLOTS: Key key = keys[0]; Q_ASSERT(!key.isNull()); - signAndVerify(QStringLiteral("Hello"), key, -1); - signAndVerify(QStringLiteral("Hello2"), key, -1); - signAndVerify(QStringLiteral("Hello3"), key, -1); - signAndVerify(QStringLiteral("Hello4"), key, -1); + signAndVerify(QStringLiteral("Hello"), key, 1); + key.update(); + signAndVerify(QStringLiteral("Hello2"), key, 2); + key.update(); + signAndVerify(QStringLiteral("Hello3"), key, 3); + key.update(); + signAndVerify(QStringLiteral("Hello4"), key, 4); } void testTofuKeyList() @@ -248,8 +255,16 @@ private Q_SLOTS: auto key = keys[0]; Q_ASSERT(!key.isNull()); Q_ASSERT(key.userID(0).tofuInfo().isNull()); - signAndVerify(QStringLiteral("Hello"), key, -1); - signAndVerify(QStringLiteral("Hello"), key, -1); + auto keyCopy = key; + keyCopy.update(); + auto sigCnt = keyCopy.userID(0).tofuInfo().signCount(); + signAndVerify(QStringLiteral("Hello"), keyCopy, + sigCnt + 1); + keyCopy.update(); + /* For some reason if you remove the " World" part of + * the next message the test fails. */ + signAndVerify(QStringLiteral("Hello World"), keyCopy, + sigCnt + 2); /* Now another one but with tofu */ job = openpgp()->keyListJob(false, false, false); commit 79439e76cc5b302222874a1f9e93665cb12801ac Author: Andre Heinecke Date: Mon Sep 5 12:53:02 2016 +0200 cpp: Add convenience update function to a key * lang/cpp/src/key.cpp (Key::update): New. * lang/cpp/src/key.h: Update accordingly. -- This function helps if you have an incomplete key or want to make sure all info in a key is complete (e.g. validity / tofuinfo) diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 204eeca..cfa1ba3 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -24,6 +24,7 @@ #include "util.h" #include "tofuinfo.h" +#include "context.h" #include @@ -322,6 +323,27 @@ const Key &Key::mergeWith(const Key &other) return *this; } +void Key::update() +{ + auto ctx = Context::createForProtocol(protocol()); + if (!ctx) { + return; + } + ctx->setKeyListMode(KeyListMode::Local | + KeyListMode::Signatures | + KeyListMode::SignatureNotations | + KeyListMode::Validate | + KeyListMode::WithTofu); + Error err; + auto newKey = ctx->key(primaryFingerprint(), err, hasSecret()); + delete ctx; + if (err) { + return; + } + swap(newKey); + return; +} + // // // class Subkey diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h index 85b16df..f193093 100644 --- a/lang/cpp/src/key.h +++ b/lang/cpp/src/key.h @@ -146,6 +146,12 @@ public: unsigned int keyListMode() const; + /*! Update information about this key. + * Starts a keylisting for this key with validity + * and tofu information gathering. Blocks for + * how long the keylisting takes.*/ + void update(); + private: gpgme_key_t impl() const { commit 444d85ace0dddff5c511961927052d9946035b00 Author: Andre Heinecke Date: Mon Sep 5 11:57:09 2016 +0200 cpp: Add ostream operators for key and uid * lang/cpp/src/key.cpp (Key, UserID): Add ostream operator. * lang/cpp/src/key.h: Update accordingly. -- This is helpful debugging / showing the state of a key / uid and tofuinfo. diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 6f40f66..204eeca 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -28,6 +28,8 @@ #include #include +#include +#include const GpgME::Key::Null GpgME::Key::null; @@ -848,4 +850,41 @@ const char *UserID::Signature::policyURL() const return 0; } +std::ostream &operator<<(std::ostream &os, const UserID &uid) +{ + os << "GpgME::UserID("; + if (!uid.isNull()) { + os << "\n name: " << protect(uid.name()) + << "\n email: " << protect(uid.email()) + << "\n comment: " << protect(uid.comment()) + << "\n validity: " << uid.validityAsString() + << "\n revoked: " << uid.isRevoked() + << "\n invalid: " << uid.isInvalid() + << "\n numsigs: " << uid.numSignatures() + << "\n tofuinfo:\n" << uid.tofuInfo(); + } + return os << ')'; +} + +std::ostream &operator<<(std::ostream &os, const Key &key) +{ + os << "GpgME::Key("; + if (!key.isNull()) { + os << "\n protocol: " << protect(key.protocolAsString()) + << "\n ownertrust: " << key.ownerTrustAsString() + << "\n issuer: " << protect(key.issuerName()) + << "\n fingerprint:" << protect(key.primaryFingerprint()) + << "\n listmode: " << key.keyListMode() + << "\n canSign: " << key.canReallySign() + << "\n canEncrypt: " << key.canEncrypt() + << "\n canCertify: " << key.canCertify() + << "\n canAuth: " << key.canAuthenticate() + << "\n uids:\n"; + const std::vector uids = key.userIDs(); + std::copy(uids.begin(), uids.end(), + std::ostream_iterator(os, "\n")); + } + return os << ')'; +} + } // namespace GpgME diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h index e8d7ee2..85b16df 100644 --- a/lang/cpp/src/key.h +++ b/lang/cpp/src/key.h @@ -391,6 +391,9 @@ private: gpgme_key_sig_t sig; }; +GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const UserID &uid); +GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const Key &key); + } // namespace GpgME GPGMEPP_MAKE_STD_SWAP_SPECIALIZATION(Key) ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/key.cpp | 61 ++++++++++++++++++++++++++++++++++++++++++++ lang/cpp/src/key.h | 9 +++++++ lang/qt/tests/t-tofuinfo.cpp | 39 +++++++++++++++++++--------- 3 files changed, 97 insertions(+), 12 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 13:09:49 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 05 Sep 2016 13:09:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-63-gde62347 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via de623474db3ba402c9bbd872ab6f932f46cbdde9 (commit) via 0ac671f8a2b65a4b339f615c6420287a549779fa (commit) from 0a4a03e5310946b0866a0f6a34031eda7a240162 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit de623474db3ba402c9bbd872ab6f932f46cbdde9 Author: Werner Koch Date: Mon Sep 5 12:50:35 2016 +0200 dirmngr: Exclude D lines from the IPC debug output. * dirmngr/dirmngr.h: Include asshelp.h. * dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields. (data_line_write): Implement logging inhibit. (data_line_cookie_close): Print non-logged D lines. (cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines. (dirmngr_assuan_log_monitor): New. * dirmngr/dirmngr.c (main): Register monitor function. -- In particular with large keys the D lines clutter the log output and make it unusable. Signed-off-by: Werner Koch diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 2bb57b2..7f989a5 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -702,7 +702,7 @@ main (int argc, char **argv) assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); assuan_sock_init (); - setup_libassuan_logging (&opt.debug, NULL); + setup_libassuan_logging (&opt.debug, dirmngr_assuan_log_monitor); setup_libgcrypt_logging (); diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 6127386..d823519 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -32,6 +32,7 @@ #include "../common/util.h" #include "../common/membuf.h" #include "../common/sysutils.h" /* (gnupg_fd_t) */ +#include "../common/asshelp.h" /* (assuan_context_t) */ #include "../common/i18n.h" #include "http.h" /* (parsed_uri_t) */ @@ -196,6 +197,8 @@ ksba_cert_t get_issuing_cert_local (ctrl_t ctrl, const char *issuer); ksba_cert_t get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid); gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr); +int dirmngr_assuan_log_monitor (assuan_context_t ctx, unsigned int cat, + const char *msg); void start_command_handler (gnupg_fd_t fd); gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...); gpg_error_t dirmngr_status_help (ctrl_t ctrl, const char *text); diff --git a/dirmngr/server.c b/dirmngr/server.c index 03adc61..b29628a 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -95,6 +95,13 @@ struct server_local_s /* State variable private to is_tor_running. */ int tor_state; + + /* If the first both flags are set the assuan logging of data lines + * is suppressed. The count variable is used to show the number of + * non-logged bytes. */ + size_t inhibit_data_logging_count; + unsigned int inhibit_data_logging : 1; + unsigned int inhibit_data_logging_now : 1; }; @@ -175,9 +182,14 @@ leave_cmd (assuan_context_t ctx, gpg_error_t err) static gpg_error_t data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size) { + ctrl_t ctrl = assuan_get_pointer (ctx); const char *buffer = buffer_arg; gpg_error_t err; + /* If we do not want logging, enable it it here. */ + if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging) + ctrl->server_local->inhibit_data_logging_now = 1; + if (opt.verbose && buffer && size) { /* Ease reading of output by sending a physical line at each LF. */ @@ -193,14 +205,14 @@ data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size) if (err) { gpg_err_set_errno (EIO); - return err; + goto leave; } buffer += n; nbytes -= n; if (nbytes && (err=assuan_send_data (ctx, NULL, 0))) /* Flush line. */ { gpg_err_set_errno (EIO); - return err; + goto leave; } } while (nbytes); @@ -211,11 +223,18 @@ data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size) if (err) { gpg_err_set_errno (EIO); /* For use by data_line_cookie_write. */ - return err; + goto leave; } } - return 0; + leave: + if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging) + { + ctrl->server_local->inhibit_data_logging_now = 0; + ctrl->server_local->inhibit_data_logging_count += size; + } + + return err; } @@ -237,6 +256,16 @@ data_line_cookie_close (void *cookie) { assuan_context_t ctx = cookie; + if (DBG_IPC) + { + ctrl_t ctrl = assuan_get_pointer (ctx); + + if (ctrl && ctrl->server_local + && ctrl->server_local->inhibit_data_logging + && ctrl->server_local->inhibit_data_logging_count) + log_debug ("(%zu bytes sent via D lines not shown)\n", + ctrl->server_local->inhibit_data_logging_count); + } if (assuan_send_data (ctx, NULL, 0)) { gpg_err_set_errno (EIO); @@ -810,6 +839,7 @@ cmd_wkd_get (assuan_context_t ctx, char *line) char *encodedhash = NULL; int opt_submission_addr; int opt_policy_flags; + int no_log = 0; opt_submission_addr = has_option (line, "--submission-address"); opt_policy_flags = has_option (line, "--policy-flags"); @@ -852,6 +882,7 @@ cmd_wkd_get (assuan_context_t ctx, char *line) "/.well-known/openpgpkey/hu/", encodedhash, NULL); + no_log = 1; } if (!uri) { @@ -869,8 +900,13 @@ cmd_wkd_get (assuan_context_t ctx, char *line) "error setting up a data stream"); else { + if (no_log) + ctrl->server_local->inhibit_data_logging = 1; + ctrl->server_local->inhibit_data_logging_now = 0; + ctrl->server_local->inhibit_data_logging_count = 0; err = ks_action_fetch (ctrl, uri, outfp); es_fclose (outfp); + ctrl->server_local->inhibit_data_logging = 0; } } @@ -2079,8 +2115,12 @@ cmd_ks_get (assuan_context_t ctx, char *line) err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); else { + ctrl->server_local->inhibit_data_logging = 1; + ctrl->server_local->inhibit_data_logging_now = 0; + ctrl->server_local->inhibit_data_logging_count = 0; err = ks_action_get (ctrl, ctrl->server_local->keyservers, list, outfp); es_fclose (outfp); + ctrl->server_local->inhibit_data_logging = 0; } leave: @@ -2113,8 +2153,12 @@ cmd_ks_fetch (assuan_context_t ctx, char *line) err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); else { + ctrl->server_local->inhibit_data_logging = 1; + ctrl->server_local->inhibit_data_logging_now = 0; + ctrl->server_local->inhibit_data_logging_count = 0; err = ks_action_fetch (ctrl, line, outfp); es_fclose (outfp); + ctrl->server_local->inhibit_data_logging = 0; } leave: @@ -2356,6 +2400,30 @@ reset_notify (assuan_context_t ctx, char *line) } +/* This function is called by our assuan log handler to test whether a + * log message shall really be printed. The function must return + * false to inhibit the logging of MSG. CAT gives the requested log + * category. MSG might be NULL. */ +int +dirmngr_assuan_log_monitor (assuan_context_t ctx, unsigned int cat, + const char *msg) +{ + ctrl_t ctrl = assuan_get_pointer (ctx); + + (void)cat; + (void)msg; + + if (!ctrl || !ctrl->server_local) + return 1; /* Can't decide - allow logging. */ + + if (!ctrl->server_local->inhibit_data_logging) + return 1; /* Not requested - allow logging. */ + + /* Disallow logging if *_now is true. */ + return !ctrl->server_local->inhibit_data_logging_now; +} + + /* Startup the server and run the main command loop. With FD = -1, use stdin/stdout. */ void commit 0ac671f8a2b65a4b339f615c6420287a549779fa Author: Werner Koch Date: Mon Sep 5 10:55:10 2016 +0200 common: Add an assuan logging monitor. * common/asshelp.c (my_log_monitor): New var. (my_libassuan_log_handler): Run that monitor. (setup_libassuan_logging): Add arg to set a log monitor and change all callers. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index b8a5a3e..79c83a5 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -771,7 +771,7 @@ main (int argc, char **argv ) assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); assuan_sock_init (); - setup_libassuan_logging (&opt.debug); + setup_libassuan_logging (&opt.debug, NULL); setup_libgcrypt_logging (); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); diff --git a/common/asshelp.c b/common/asshelp.c index c03e67b..bb01a03 100644 --- a/common/asshelp.c +++ b/common/asshelp.c @@ -69,6 +69,12 @@ static int log_cats; #define TEST_LOG_CAT(x) (!! (log_cats & (1 << (x - 1)))) +/* The assuan log monitor used to temporary inhibit log messages from + * assuan. */ +static int (*my_log_monitor) (assuan_context_t ctx, + unsigned int cat, + const char *msg); + static int my_libassuan_log_handler (assuan_context_t ctx, void *hook, @@ -76,8 +82,6 @@ my_libassuan_log_handler (assuan_context_t ctx, void *hook, { unsigned int dbgval; - (void)ctx; - if (! TEST_LOG_CAT (cat)) return 0; @@ -85,6 +89,9 @@ my_libassuan_log_handler (assuan_context_t ctx, void *hook, if (!(dbgval & 1024)) return 0; /* Assuan debugging is not enabled. */ + if (ctx && my_log_monitor && !my_log_monitor (ctx, cat, msg)) + return 0; /* Temporary disabled. */ + if (msg) log_string (GPGRT_LOG_DEBUG, msg); @@ -95,7 +102,10 @@ my_libassuan_log_handler (assuan_context_t ctx, void *hook, /* Setup libassuan to use our own logging functions. Should be used early at startup. */ void -setup_libassuan_logging (unsigned int *debug_var_address) +setup_libassuan_logging (unsigned int *debug_var_address, + int (*log_monitor)(assuan_context_t ctx, + unsigned int cat, + const char *msg)) { char *flagstr; @@ -104,9 +114,11 @@ setup_libassuan_logging (unsigned int *debug_var_address) log_cats = atoi (flagstr); else /* Default to log the control channel. */ log_cats = (1 << (ASSUAN_LOG_CONTROL - 1)); + my_log_monitor = log_monitor; assuan_set_log_cb (my_libassuan_log_handler, debug_var_address); } + /* Change the Libassuan log categories to those given by NEWCATS. NEWCATS is 0 the default category of ASSUAN_LOG_CONTROL is selected. Note, that setup_libassuan_logging overrides the values diff --git a/common/asshelp.h b/common/asshelp.h index 4eb1d92..609b203 100644 --- a/common/asshelp.h +++ b/common/asshelp.h @@ -38,7 +38,10 @@ /*-- asshelp.c --*/ -void setup_libassuan_logging (unsigned int *debug_var_address); +void setup_libassuan_logging (unsigned int *debug_var_address, + int (*log_monitor)(assuan_context_t ctx, + unsigned int cat, + const char *msg)); void set_libassuan_log_cats (unsigned int newcats); diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 0667e59..2bb57b2 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -702,7 +702,7 @@ main (int argc, char **argv) assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); assuan_sock_init (); - setup_libassuan_logging (&opt.debug); + setup_libassuan_logging (&opt.debug, NULL); setup_libgcrypt_logging (); diff --git a/g10/gpg.c b/g10/gpg.c index 0b0fb7e..9f7da05 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2317,7 +2317,7 @@ main (int argc, char **argv) malloc_hooks.free = gcry_free; assuan_set_malloc_hooks (&malloc_hooks); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); - setup_libassuan_logging (&opt.debug); + setup_libassuan_logging (&opt.debug, NULL); /* Try for a version specific config file first */ default_configname = get_default_configname (); diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c index 7976be4..7b46239 100644 --- a/g13/g13-syshelp.c +++ b/g13/g13-syshelp.c @@ -302,7 +302,7 @@ main ( int argc, char **argv) /* Prepare libassuan. */ assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); /*assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);*/ - setup_libassuan_logging (&opt.debug); + setup_libassuan_logging (&opt.debug, NULL); /* Setup a default control structure for command line mode. */ memset (&ctrl, 0, sizeof ctrl); diff --git a/g13/g13.c b/g13/g13.c index 7744855..33f82d6 100644 --- a/g13/g13.c +++ b/g13/g13.c @@ -431,7 +431,7 @@ main ( int argc, char **argv) /* Prepare libassuan. */ assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); - setup_libassuan_logging (&opt.debug); + setup_libassuan_logging (&opt.debug, NULL); /* Setup a default control structure for command line mode. */ memset (&ctrl, 0, sizeof ctrl); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 514e3c2..bf54d95 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -433,7 +433,7 @@ main (int argc, char **argv ) assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); assuan_sock_init (); - setup_libassuan_logging (&opt.debug); + setup_libassuan_logging (&opt.debug, NULL); setup_libgcrypt_logging (); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); diff --git a/sm/gpgsm.c b/sm/gpgsm.c index e3b1e88..9bb3053 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1006,7 +1006,7 @@ main ( int argc, char **argv) malloc_hooks.free = gcry_free; assuan_set_malloc_hooks (&malloc_hooks); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); - setup_libassuan_logging (&opt.debug); + setup_libassuan_logging (&opt.debug, NULL); keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index c0e34c4..660d1bd 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -211,7 +211,7 @@ main (int argc, char **argv) init_common_subsystems (&argc, &argv); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); - setup_libassuan_logging (&opt.debug); + setup_libassuan_logging (&opt.debug, NULL); /* Parse the command line. */ pargs.argc = &argc; ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 2 +- common/asshelp.c | 18 ++++++++++-- common/asshelp.h | 5 +++- dirmngr/dirmngr.c | 2 +- dirmngr/dirmngr.h | 3 ++ dirmngr/server.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++--- g10/gpg.c | 2 +- g13/g13-syshelp.c | 2 +- g13/g13.c | 2 +- scd/scdaemon.c | 2 +- sm/gpgsm.c | 2 +- tools/gpg-wks-client.c | 2 +- 12 files changed, 102 insertions(+), 16 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 14:05:59 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 05 Sep 2016 14:05:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-67-g65a7563 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 65a7563edbbab8f93fe901f932065687508788de (commit) via 059c79d8b447a3baa9ad0b4d3367bdb64dd2ef3b (commit) via e33111fcdac08ed2ddfbdf59b1f790569b42f695 (commit) via c39be0add8835c9bcc25bdd40e99e828aca56204 (commit) from de623474db3ba402c9bbd872ab6f932f46cbdde9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 65a7563edbbab8f93fe901f932065687508788de Author: Justus Winter Date: Mon Sep 5 13:59:29 2016 +0200 tests: Update README. * tests/openpgp/README: Update. Signed-off-by: Justus Winter diff --git a/tests/openpgp/README b/tests/openpgp/README index 9b384be..84faf1c 100644 --- a/tests/openpgp/README +++ b/tests/openpgp/README @@ -1,22 +1,36 @@ # Emacs, this is an -*- org -*- file. * How to run the test suite -** using the legacy driver -On POSIX you can just use +From your build directory, run - $ make -C tests/openpgp check + obj $ make -C tests/openpgp check -or +to run all tests or - $ make -C tests/openpgp check XTESTS="setup.scm your-test.scm finish.scm" + obj $ make -C tests/openpgp check XTESTS=your-test.scm -as before. -** using the Scheme driver +to run a specific test (or any number of tests separated by spaces). + +If you want to debug a test, add verbose=1 to see messages printed by +spawned programs to their standard error stream, verbose=2 to see what +programs are executed, or verbose=3 to see even more program output +and exit codes. + +** Passing options to the test driver + +You can set TESTFLAGS to pass flags to 'run-tests.scm'. For example, +to speed up the test suite when bisecting, do + + obj $ make -C tests/openpgp check TESTFLAGS=--parallel + +See below for the arguments supported by the driver. + +** Calling the test driver directly This is a bit tricky because one needs to manually set some environment variables. We should make that easier. See discussion below. From your build directory, do: - obj $ srcdir=/tests/openpgp \ + obj $ TMP=/tmp srcdir=/tests/openpgp \ GPGSCM_PATH=/tests/gpgscm:/tests/openpgp \ $(pwd)/tests/gpgscm/gpgscm [gpgscm args] \ run-tests.scm [test suite runner args] commit 059c79d8b447a3baa9ad0b4d3367bdb64dd2ef3b Author: Justus Winter Date: Mon Sep 5 13:58:37 2016 +0200 tests: Pass flags to test driver. * tests/openpgp/Makefile.am (xcheck): Pass flags to 'run-tests.scm'. Signed-off-by: Justus Winter diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 5d8acbf..43de31e 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -98,7 +98,7 @@ check: xcheck .PHONY: xcheck xcheck: $(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm \ - run-tests.scm $(XTESTS) + run-tests.scm $(TESTFLAGS) $(XTESTS) TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \ commit e33111fcdac08ed2ddfbdf59b1f790569b42f695 Author: Justus Winter Date: Mon Sep 5 13:50:17 2016 +0200 common: Improve waiting for processes on POSIX. * common/exechelp-posix.c (struct terminated_child): New definition. (terminated_children): New variable. (store_result): New function. (get_result): Likewise. (gnupg_wait_process): Store results that were not requested and consider previously stored results. waitpid(2) may return information about terminated children that we did not yet request, and there is no portable way to wait for a specific set of children. As a workaround, we store the results of children for later use. Signed-off-by: Justus Winter diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index 943f20a..32c4203 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -583,6 +583,66 @@ gnupg_spawn_process_fd (const char *pgmname, const char *argv[], } + + +/* Waiting for child processes. + + waitpid(2) may return information about terminated children that we + did not yet request, and there is no portable way to wait for a + specific set of children. + + As a workaround, we store the results of children for later use. + + XXX: This assumes that PIDs are not reused too quickly. */ + +struct terminated_child +{ + pid_t pid; + int exitcode; + struct terminated_child *next; +}; + +struct terminated_child *terminated_children; + + +static gpg_error_t +store_result (pid_t pid, int exitcode) +{ + struct terminated_child *c; + + c = xmalloc (sizeof *c); + if (c == NULL) + return gpg_err_code_from_syserror (); + + c->pid = pid; + c->exitcode = exitcode; + c->next = terminated_children; + terminated_children = c; + + return 0; +} + + +static int +get_result (pid_t pid, int *r_exitcode) +{ + struct terminated_child *c, **prevp; + + for (prevp = &terminated_children, c = terminated_children; + c; + prevp = &c->next, c = c->next) + if (c->pid == pid) + { + *prevp = c->next; + *r_exitcode = c->exitcode; + xfree (c); + return 1; + } + + return 0; +} + + /* See exechelp.h for a description. */ gpg_error_t gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode) @@ -597,17 +657,25 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, { gpg_err_code_t ec = 0; size_t i, left; + int *dummy = NULL; - for (i = 0; i < count; i++) + if (r_exitcodes == NULL) + dummy = r_exitcodes = xmalloc (sizeof *r_exitcodes * count); + + for (i = 0, left = count; i < count; i++) { - if (r_exitcodes) - r_exitcodes[i] = -1; + int status = -1; if (pids[i] == (pid_t)(-1)) return my_error (GPG_ERR_INV_VALUE); + + /* See if there was a previously stored result for this pid. */ + if (get_result (pids[i], &status)) + left -= 1; + + r_exitcodes[i] = status; } - left = count; while (left > 0) { pid_t pid; @@ -639,43 +707,57 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, break; if (i == count) - /* No match, ignore this pid. */ - continue; - - /* Process PIDS[i] died. */ - left -= 1; - - if (WIFEXITED (status) && WEXITSTATUS (status) == 127) { - log_error (_("error running '%s': probably not installed\n"), - pgmnames[i]); - ec = GPG_ERR_CONFIGURATION; - } - else if (WIFEXITED (status) && WEXITSTATUS (status)) - { - if (!r_exitcodes) - log_error (_("error running '%s': exit status %d\n"), - pgmnames[i], WEXITSTATUS (status)); - else - r_exitcodes[i] = WEXITSTATUS (status); - ec = GPG_ERR_GENERAL; + /* No match, store this result. */ + ec = store_result (pid, status); + if (ec) + break; + continue; } - else if (!WIFEXITED (status)) + + /* Process PIDS[i] died. */ + if (r_exitcodes[i] != (pid_t) -1) { - log_error (_("error running '%s': terminated\n"), pgmnames[i]); + log_error ("PID %d was reused", pid); ec = GPG_ERR_GENERAL; + break; } - else - { - if (r_exitcodes) - r_exitcodes[i] = 0; - } + + left -= 1; + r_exitcodes[i] = status; } } + if (ec == 0) + for (i = 0; i < count; i++) + { + if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) + { + log_error (_("error running '%s': probably not installed\n"), + pgmnames[i]); + ec = GPG_ERR_CONFIGURATION; + } + else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i])) + { + if (dummy) + log_error (_("error running '%s': exit status %d\n"), + pgmnames[i], WEXITSTATUS (r_exitcodes[i])); + else + r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]); + ec = GPG_ERR_GENERAL; + } + else if (!WIFEXITED (r_exitcodes[i])) + { + log_error (_("error running '%s': terminated\n"), pgmnames[i]); + ec = GPG_ERR_GENERAL; + } + } + + xfree (dummy); return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec); } + void gnupg_release_process (pid_t pid) commit c39be0add8835c9bcc25bdd40e99e828aca56204 Author: Justus Winter Date: Mon Sep 5 11:22:10 2016 +0200 common: Fix typo. -- Signed-off-by: Justus Winter diff --git a/common/get-passphrase.c b/common/get-passphrase.c index 8f3137b..68361ec 100644 --- a/common/get-passphrase.c +++ b/common/get-passphrase.c @@ -203,7 +203,7 @@ gnupg_get_passphrase (const char *cache_id, default_inq_cb, NULL, NULL, NULL); /* Older Pinentries return the old assuan error code for canceled - which gets translated bt libassuan to GPG_ERR_ASS_CANCELED and + which gets translated by libassuan to GPG_ERR_ASS_CANCELED and not to the code for a user cancel. Fix this here. */ if (err && gpg_err_source (err) && gpg_err_code (err) == GPG_ERR_ASS_CANCELED) ----------------------------------------------------------------------- Summary of changes: common/exechelp-posix.c | 142 ++++++++++++++++++++++++++++++++++++---------- common/get-passphrase.c | 2 +- tests/openpgp/Makefile.am | 2 +- tests/openpgp/README | 30 +++++++--- 4 files changed, 136 insertions(+), 40 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 15:14:31 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 05 Sep 2016 15:14:31 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-68-g1f1f56e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1f1f56e606c1cb28eec68c60bd8bcb7ab30805de (commit) from 65a7563edbbab8f93fe901f932065687508788de (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f1f56e606c1cb28eec68c60bd8bcb7ab30805de Author: Neal H. Walfield Date: Fri Sep 2 22:33:47 2016 +0200 g10: Refactor cross sig check code. * g10/tofu.c (BINDING_NEW): New enum value. (BINDING_CONFLICT): Likewise. (BINDING_EXPIRED): Likewise. (BINDING_REVOKED): Likewise. (ask_about_binding): Move cross sig check from here... (get_trust): ... and the conflict set building from here... (build_conflict_set): ... to this new function. (format_conflict_msg_part1): Replace parameter conflict with conflict_set. Drop parameter fingerprint. Update callers. (ask_about_binding): Drop unused parameter conflict and redundant parameter bindings_with_this_email_count. Rename parameter bindings_with_this_email to conflict_set. Update callers. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 75df30a..d4f6876 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1146,14 +1146,18 @@ get_policy (tofu_dbs_t dbs, const char *fingerprint, const char *email, /* Format the first part of a conflict message and return that as a * malloced string. */ static char * -format_conflict_msg_part1 (int policy, const char *conflict, - const char *fingerprint, const char *email) +format_conflict_msg_part1 (int policy, strlist_t conflict_set, + const char *email) { estream_t fp; + char *fingerprint; char *binding; int binding_shown = 0; char *tmpstr, *text; + log_assert (conflict_set); + + fingerprint = conflict_set->d; binding = xasprintf ("<%s, %s>", fingerprint, email); fp = es_fopenmem (0, "rw,samethread"); @@ -1167,17 +1171,18 @@ format_conflict_msg_part1 (int policy, const char *conflict, es_fputs (" ", fp); binding_shown = 1; } - else if (policy == TOFU_POLICY_ASK - /* If there the conflict is with itself, then don't - * display this message. */ - && conflict && strcmp (conflict, fingerprint)) + else if (policy == TOFU_POLICY_ASK && conflict_set->next) { + int conflicts = strlist_length (conflict_set) - 1; es_fprintf (fp, - _("The key with fingerprint %s raised a conflict " - "with the binding %s." - " Since this binding's policy was 'auto', it was " - "changed to 'ask'."), - conflict, binding); + ngettext("The binding raised a " + "conflict with %d other binding.", + "The binding raised a " + "conflict with %d other bindings.", conflicts), + fingerprint, email, conflicts); + es_fprintf (fp, + _(" Since this binding's policy was 'auto', it has been " + "changed to 'ask'.")); es_fputs (" ", fp); binding_shown = 1; } @@ -1219,9 +1224,9 @@ cross_sigs (kbnode_t a, kbnode_t b) if (DBG_TRUST) { format_keyid (pk_main_keyid (a_pk), - KF_DEFAULT, a_keyid, sizeof (a_keyid)); + KF_LONG, a_keyid, sizeof (a_keyid)); format_keyid (pk_main_keyid (b_pk), - KF_DEFAULT, b_keyid, sizeof (b_keyid)); + KF_LONG, b_keyid, sizeof (b_keyid)); } for (i = 0; i < 2; i ++) @@ -1263,26 +1268,35 @@ cross_sigs (kbnode_t a, kbnode_t b) /* We didn't find a signature from signer over signee. */ { if (DBG_TRUST) - log_info ("No cross sig between %s and %s\n", - a_keyid, b_keyid); + log_debug ("No cross sig between %s and %s\n", + a_keyid, b_keyid); return 0; } } /* A signed B and B signed A. */ if (DBG_TRUST) - log_info ("Cross sig between %s and %s\n", - a_keyid, b_keyid); + log_debug ("Cross sig between %s and %s\n", + a_keyid, b_keyid); return 1; } +enum + { + BINDING_NEW = 1 << 0, + BINDING_CONFLICT = 1 << 1, + BINDING_EXPIRED = 1 << 2, + BINDING_REVOKED = 1 << 3 + }; + + /* Ask the user about the binding. There are three ways we could end * up here: * * - This is a new binding and there is a conflict - * (policy == TOFU_POLICY_NONE && bindings_with_this_email_count > 0), + * (policy == TOFU_POLICY_NONE && conflict_set_count > 1), * * - This is a new binding and opt.tofu_default_policy is set to * ask. (policy == TOFU_POLICY_NONE && opt.tofu_default_policy == @@ -1292,19 +1306,23 @@ cross_sigs (kbnode_t a, kbnode_t b) * TOFU_POLICY_ASK). * * Note: this function must not be called while in a transaction! + * + * CONFLICT_SET includes all of the conflicting bindings + * with FINGERPRINT first. FLAGS is a bit-wise or of + * BINDING_NEW, etc. */ static void ask_about_binding (ctrl_t ctrl, enum tofu_policy *policy, int *trust_level, - int bindings_with_this_email_count, - strlist_t bindings_with_this_email, - char *conflict, + strlist_t conflict_set, const char *fingerprint, const char *email, const char *user_id) { tofu_dbs_t dbs; + strlist_t iter; + int conflict_set_count = strlist_length (conflict_set); char *sqerr = NULL; int rc; estream_t fp; @@ -1324,8 +1342,7 @@ ask_about_binding (ctrl_t ctrl, gpg_strerror (gpg_error_from_syserror())); { - char *text = format_conflict_msg_part1 (*policy, conflict, - fingerprint, email); + char *text = format_conflict_msg_part1 (*policy, conflict_set, email); es_fputs (text, fp); es_fputc ('\n', fp); xfree (text); @@ -1375,46 +1392,59 @@ ask_about_binding (ctrl_t ctrl, free_strlist (other_user_ids); } - /* Find other keys associated with this email address. */ + /* Get the stats for all the keys in CONFLICT_SET. */ /* FIXME: When generating the statistics, do we want the time embedded in the signature (column 'sig_time') or the time that we first verified the signature (column 'time'). */ - rc = gpgsql_stepx - (dbs->db, &dbs->s.get_trust_gather_other_keys, - signature_stats_collect_cb, &stats, &sqerr, - "select fingerprint, policy, time_ago, count(*)\n" - " from (select bindings.*,\n" - " case\n" - /* From the future (but if its just a couple of hours in the - * future don't turn it into a warning)? Or should we use - * small, medium or large units? (Note: whatever we do, we - * keep the value in seconds. Then when we group, everything - * that rounds to the same number of seconds is grouped.) */ - " when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then -1\n" - " when delta < ("STRINGIFY (TIME_AGO_MEDIUM_THRESHOLD)")\n" - " then max(0,\n" - " round(delta / ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" - " * ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" - " when delta < ("STRINGIFY (TIME_AGO_LARGE_THRESHOLD)")\n" - " then round(delta / ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)"))\n" - " * ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)")\n" - " else round(delta / ("STRINGIFY (TIME_AGO_UNIT_LARGE)"))\n" - " * ("STRINGIFY (TIME_AGO_UNIT_LARGE)")\n" - " end time_ago,\n" - " delta time_ago_raw\n" - " from bindings\n" - " left join\n" - " (select *,\n" - " cast(strftime('%s','now') - sig_time as real) delta\n" - " from signatures) ss\n" - " on ss.binding = bindings.oid)\n" - " where email = ?\n" - " group by fingerprint, time_ago\n" - /* Make sure the current key is first. */ - " order by fingerprint = ? asc, fingerprint desc, time_ago desc;\n", - GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, - GPGSQL_ARG_END); + strlist_rev (&conflict_set); + for (iter = conflict_set; iter && ! rc; iter = iter->next) + { + rc = gpgsql_stepx + (dbs->db, &dbs->s.get_trust_gather_other_keys, + signature_stats_collect_cb, &stats, &sqerr, + "select fingerprint, policy, time_ago, count(*)\n" + " from\n" + " (select bindings.*,\n" + " case\n" + /* From the future (but if its just a couple of hours in the + * future don't turn it into a warning)? Or should we use + * small, medium or large units? (Note: whatever we do, we + * keep the value in seconds. Then when we group, everything + * that rounds to the same number of seconds is grouped.) */ + " when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then -1\n" + " when delta < ("STRINGIFY (TIME_AGO_MEDIUM_THRESHOLD)")\n" + " then max(0,\n" + " round(delta / ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" + " * ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" + " when delta < ("STRINGIFY (TIME_AGO_LARGE_THRESHOLD)")\n" + " then round(delta / ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)"))\n" + " * ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)")\n" + " else round(delta / ("STRINGIFY (TIME_AGO_UNIT_LARGE)"))\n" + " * ("STRINGIFY (TIME_AGO_UNIT_LARGE)")\n" + " end time_ago,\n" + " delta time_ago_raw\n" + " from bindings\n" + " left join\n" + " (select *,\n" + " cast(strftime('%s','now') - sig_time as real) delta\n" + " from signatures) ss\n" + " on ss.binding = bindings.oid)\n" + " where email = ? and fingerprint = ?\n" + " group by time_ago\n" + /* Make sure the current key is first. */ + " order by time_ago desc;\n", + GPGSQL_ARG_STRING, email, + GPGSQL_ARG_STRING, iter->d, + GPGSQL_ARG_END); + if (rc) + break; + + if (!stats || strcmp (iter->d, stats->fingerprint) != 0) + /* No stats for this binding. Add a dummy entry. */ + signature_stats_prepend (&stats, iter->d, TOFU_POLICY_AUTO, 0, 0); + } end_transaction (ctrl, 0); + strlist_rev (&conflict_set); if (rc) { strlist_t strlist_iter; @@ -1427,193 +1457,19 @@ ask_about_binding (ctrl_t ctrl, " associated with %d key:\n", "The email address \"%s\" is" " associated with %d keys:\n", - bindings_with_this_email_count), - email, bindings_with_this_email_count); - for (strlist_iter = bindings_with_this_email; + conflict_set_count), + email, conflict_set_count); + for (strlist_iter = conflict_set; strlist_iter; strlist_iter = strlist_iter->next) es_fprintf (fp, " %s\n", strlist_iter->d); } else { - int stats_count = 0; - kbnode_t *kb_all; - KEYDB_HANDLE hd; - int i; char *key = NULL; + strlist_t binding; - /* Get the keyblock for each key. */ - for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next) - stats_count ++; - kb_all = xcalloc (sizeof (kb_all[0]), stats_count); - - if (! stats || strcmp (stats->fingerprint, fingerprint)) - { - /* If we have already added this key to the DB, then it will - * be first (see the above select). Since the first key on - * the list is not this key, we must not yet have verified any - * messages signed by this key. Add a dummy entry. */ - signature_stats_prepend (&stats, fingerprint, TOFU_POLICY_AUTO, 0, 0); - } - - /* Figure out which user ids are revoked or expired. */ - hd = keydb_new (); - for (stats_iter = stats, i = 0; - stats_iter; - stats_iter = stats_iter->next, i ++) - { - KEYDB_SEARCH_DESC desc; - kbnode_t kb; - PKT_public_key *pk; - kbnode_t n; - int found_user_id; - - rc = keydb_search_reset (hd); - if (rc) - { - log_error (_("resetting keydb: %s\n"), - gpg_strerror (rc)); - continue; - } - - rc = classify_user_id (stats_iter->fingerprint, &desc, 0); - if (rc) - { - log_error (_("error parsing key specification '%s': %s\n"), - stats_iter->fingerprint, gpg_strerror (rc)); - continue; - } - - rc = keydb_search (hd, &desc, 1, NULL); - if (rc) - { - log_error (_("key \"%s\" not found: %s\n"), - stats_iter->fingerprint, - gpg_strerror (rc)); - continue; - } - - rc = keydb_get_keyblock (hd, &kb); - if (rc) - { - log_error (_("error reading keyblock: %s\n"), - gpg_strerror (rc)); - print_further_info ("fingerprint: %s", stats_iter->fingerprint); - continue; - } - - merge_keys_and_selfsig (kb); - - log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY); - - kb_all[i] = kb; - - pk = kb->pkt->pkt.public_key; - - if (pk->has_expired) - stats_iter->is_expired = 1; - if (pk->flags.revoked) - stats_iter->is_revoked = 1; - - n = kb; - found_user_id = 0; - while ((n = find_next_kbnode (n, PKT_USER_ID)) && ! found_user_id) - { - PKT_user_id *user_id2 = n->pkt->pkt.user_id; - char *email2; - - if (user_id2->attrib_data) - continue; - - email2 = email_from_user_id (user_id2->name); - - if (strcmp (email, email2) == 0) - { - found_user_id = 1; - - if (user_id2->is_revoked) - stats_iter->is_revoked = 1; - if (user_id2->is_expired) - stats_iter->is_expired = 1; - } - - xfree (email2); - } - - if (! found_user_id) - log_info (_("TOFU db may be corrupted: user id (%s)" - " not on key block (%s)\n"), - email, fingerprint); - } - keydb_release (hd); - - { - int j; - struct signature_stats **stats_prevp; - struct signature_stats *stats_iter_next; - int die[stats_count]; - - memset (die, 0, sizeof (die)); - - for (i = 0; i < stats_count; i ++) - { - /* i or a key that has cross sigs with i (possible - indirectly)? */ - if (! (i == 0 || die[i])) - continue; - - for (j = i + 1; j < stats_count; j ++) - if (cross_sigs (kb_all[i], kb_all[j])) - die[j] = 1; - } - - /* Free the dead stat structures. */ - for (stats_iter = stats, stats_prevp = &stats, i = 0; - stats_iter; - stats_iter = stats_iter_next, i ++) - { - stats_iter_next = stats_iter->next; - - release_kbnode (kb_all[i]); - - if (die[i]) - { - *stats_prevp = stats_iter_next; - stats_iter->next = NULL; - signature_stats_free (stats_iter); - - bindings_with_this_email_count --; - } - else - { - stats_prevp = &stats_iter->next; - } - } - } - - log_assert (stats); - log_assert (bindings_with_this_email_count >= 1); - - if ((*policy == TOFU_POLICY_NONE && bindings_with_this_email_count == 1) - || (*policy == TOFU_POLICY_ASK && conflict)) - if (bindings_with_this_email_count == 1) - { - /* All "conflicts" were not really conflicts. */ - log_assert (! stats->next); - - if (DBG_TRUST) - log_debug ("%s: all apparent TOFU conflicts are legitimate " - "(cross sigs), setting policy to auto.\n", - stats_iter->fingerprint); - - *policy = TOFU_POLICY_AUTO; - record_binding (dbs, fingerprint, email, user_id, *policy, 0); - *trust_level = tofu_policy_to_trust_level (*policy); - - goto out; - } - - es_fprintf (fp, _("Statistics for potentially conflicting keys" + es_fprintf (fp, _("Statistics for keys" " with the email address \"%s\":\n"), email); for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next) @@ -1628,12 +1484,20 @@ ask_about_binding (ctrl_t ctrl, key_pp = format_hexfingerprint (key, NULL, 0); es_fprintf (fp, " %s (", key_pp); - if (stats_iter->is_revoked) + /* Find the associated binding. */ + for (binding = conflict_set; + binding; + binding = binding->next) + if (strcmp (key, binding->d) == 0) + break; + log_assert (binding); + + if ((binding->flags & BINDING_REVOKED)) { es_fprintf (fp, _("revoked")); es_fprintf (fp, _(", ")); } - else if (stats_iter->is_expired) + else if ((binding->flags & BINDING_EXPIRED)) { es_fprintf (fp, _("expired")); es_fprintf (fp, _(", ")); @@ -1681,9 +1545,7 @@ ask_about_binding (ctrl_t ctrl, } } - if ((*policy == TOFU_POLICY_NONE && bindings_with_this_email_count > 0) - || (*policy == TOFU_POLICY_ASK - && (conflict || bindings_with_this_email_count > 0))) + if (conflict_set_count > 1 || (conflict_set->flags & BINDING_CONFLICT)) { /* This is a conflict. */ @@ -1796,7 +1658,7 @@ ask_about_binding (ctrl_t ctrl, } xfree (response); } - out: + tofu_resume_batch_transaction (ctrl); xfree (prompt); @@ -1804,6 +1666,258 @@ ask_about_binding (ctrl_t ctrl, signature_stats_free (stats); } +/* Return the set of keys that conflict with the binding (including the binding itself, which will be first in the + list). For each returned key also sets BINDING_NEW, etc. */ +static strlist_t +build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email) +{ + gpg_error_t rc; + char *sqerr; + strlist_t conflict_set = NULL; + int conflict_set_count; + strlist_t iter; + kbnode_t *kb_all; + KEYDB_HANDLE hd; + int i; + + /* Get the fingerprints of any bindings that share the email address + * and whether the bindings have a known conflict. + * + * Note: if the binding in question is in the DB, it will also be + * returned. Thus, if the result set is empty, then is a new binding. */ + rc = gpgsql_stepx + (dbs->db, &dbs->s.get_trust_bindings_with_this_email, + strings_collect_cb2, &conflict_set, &sqerr, + "select" + /* A binding should only appear once, but try not to break in the + * case of corruption. */ + " fingerprint || case sum(conflict ISNULL) when 0 then '' else '!' end" + " from bindings where email = ?" + " group by fingerprint" + /* Make sure the current key comes first in the result list (if + it is present). */ + " order by fingerprint = ? asc, fingerprint desc;", + GPGSQL_ARG_STRING, email, + GPGSQL_ARG_STRING, fingerprint, + GPGSQL_ARG_END); + if (rc) + { + log_error (_("error reading TOFU database: %s\n"), sqerr); + print_further_info ("listing fingerprints"); + sqlite3_free (sqerr); + return NULL; + } + + /* If the current binding has not yet been recorded, add it to the + * list. (The order by above ensures that if it is present, it will + * be first.) */ + if (! (conflict_set && strcmp (conflict_set->d, fingerprint) == 0)) + { + add_to_strlist (&conflict_set, fingerprint); + conflict_set->flags |= BINDING_NEW; + } + + /* Set BINDING_CONFLICT if the binding has a known conflict. This + * allows us to distinguish between bindings where the user + * explicitly set the policy to ask and bindings where we set the + * policy to ask due to a conflict. */ + for (iter = conflict_set; iter; iter = iter->next) + { + int l = strlen (iter->d); + if (!(l == 2 * MAX_FINGERPRINT_LEN + || l == 2 * MAX_FINGERPRINT_LEN + 1)) + { + log_error (_("TOFU db corruption detected.\n")); + print_further_info ("fingerprint '%s' is not %d characters long", + iter->d, 2 * MAX_FINGERPRINT_LEN); + } + + if (l >= 1 && iter->d[l - 1] == '!') + { + iter->flags |= BINDING_CONFLICT; + /* Remove the !. */ + iter->d[l - 1] = 0; + } + } + + conflict_set_count = strlist_length (conflict_set); + + /* Eliminate false conflicts. */ + + /* If two keys have cross signatures, then they are controlled by + * the same person and thus are not in conflict. */ + kb_all = xcalloc (sizeof (kb_all[0]), conflict_set_count); + hd = keydb_new (); + for (i = 0, iter = conflict_set; + i < conflict_set_count; + i ++, iter = iter->next) + { + char *fp = iter->d; + KEYDB_SEARCH_DESC desc; + kbnode_t kb; + PKT_public_key *binding_pk; + kbnode_t n; + int found_user_id; + + rc = keydb_search_reset (hd); + if (rc) + { + log_error (_("resetting keydb: %s\n"), + gpg_strerror (rc)); + continue; + } + + rc = classify_user_id (fp, &desc, 0); + if (rc) + { + log_error (_("error parsing key specification '%s': %s\n"), + fp, gpg_strerror (rc)); + continue; + } + + rc = keydb_search (hd, &desc, 1, NULL); + if (rc) + { + /* Note: it is entirely possible that we don't have the key + corresponding to an entry in the TOFU DB. This can + happen if we merge two TOFU DBs, but not the key + rings. */ + log_info (_("key \"%s\" not found: %s\n"), + fp, gpg_strerror (rc)); + continue; + } + + rc = keydb_get_keyblock (hd, &kb); + if (rc) + { + log_error (_("error reading keyblock: %s\n"), + gpg_strerror (rc)); + print_further_info ("fingerprint: %s", fp); + continue; + } + + merge_keys_and_selfsig (kb); + + log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY); + + kb_all[i] = kb; + + /* Since we have the key block, use this opportunity to figure + * out if the binding is expired or revoked. */ + binding_pk = kb->pkt->pkt.public_key; + + /* The binding is always expired/revoked if the key is + * expired/revoked. */ + if (binding_pk->has_expired) + iter->flags &= BINDING_EXPIRED; + if (binding_pk->flags.revoked) + iter->flags &= BINDING_REVOKED; + + /* The binding is also expired/revoked if the user id is + * expired/revoked. */ + n = kb; + found_user_id = 0; + while ((n = find_next_kbnode (n, PKT_USER_ID)) && ! found_user_id) + { + PKT_user_id *user_id2 = n->pkt->pkt.user_id; + char *email2; + + if (user_id2->attrib_data) + continue; + + email2 = email_from_user_id (user_id2->name); + + if (strcmp (email, email2) == 0) + { + found_user_id = 1; + + if (user_id2->is_revoked) + iter->flags &= BINDING_REVOKED; + if (user_id2->is_expired) + iter->flags &= BINDING_EXPIRED; + } + + xfree (email2); + } + + if (! found_user_id) + { + log_info (_("TOFU db corruption detected.\n")); + print_further_info ("user id '%s' not on key block '%s'", + email, fingerprint); + } + } + keydb_release (hd); + + /* Now that we have the key blocks, check for cross sigs. */ + { + int j; + strlist_t *prevp; + strlist_t iter_next; + int die[conflict_set_count]; + + memset (die, 0, sizeof (die)); + + for (i = 0; i < conflict_set_count; i ++) + { + /* Look for cross sigs between this key (i == 0) or a key + * that has cross sigs with i == 0 (i.e., transitively) */ + if (! (i == 0 || die[i])) + continue; + + for (j = i + 1; j < conflict_set_count; j ++) + /* Be careful: we might not have a key block for a key. */ + if (kb_all[i] && kb_all[j] && cross_sigs (kb_all[i], kb_all[j])) + die[j] = 1; + } + + /* Free unconflicting bindings (and all of the key blocks). */ + for (iter = conflict_set, prevp = &conflict_set, i = 0; + iter; + iter = iter_next, i ++) + { + iter_next = iter->next; + + release_kbnode (kb_all[i]); + + if (die[i]) + { + *prevp = iter_next; + iter->next = NULL; + free_strlist (iter); + conflict_set_count --; + } + else + { + prevp = &iter->next; + } + } + + /* We shouldn't have removed the head. */ + log_assert (conflict_set); + log_assert (conflict_set_count >= 1); + } + + if (DBG_TRUST) + { + log_debug ("binding conflicts:\n", + fingerprint, email); + for (iter = conflict_set; iter; iter = iter->next) + { + log_debug (" %s:%s%s%s%s\n", + iter->d, + (iter->flags & BINDING_NEW) ? " new" : "", + (iter->flags & BINDING_CONFLICT) ? " known_conflict" : "", + (iter->flags & BINDING_EXPIRED) ? " expired" : "", + (iter->flags & BINDING_REVOKED) ? " revoked" : ""); + } + } + + return conflict_set; +} + /* Return the trust level (TRUST_NEVER, etc.) for the binding * (email is already normalized). If no policy @@ -1828,13 +1942,13 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, tofu_dbs_t dbs = ctrl->tofu.dbs; int in_transaction = 0; enum tofu_policy policy; - char *conflict = NULL; int rc; char *sqerr = NULL; - strlist_t bindings_with_this_email = NULL; - int bindings_with_this_email_count; int change_conflicting_to_ask = 0; + strlist_t conflict_set = NULL; + int conflict_set_count; int trust_level = TRUST_UNKNOWN; + strlist_t iter; log_assert (dbs); @@ -1857,7 +1971,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, begin_transaction (ctrl, 0); in_transaction = 1; - policy = get_policy (dbs, fingerprint, email, &conflict); + policy = get_policy (dbs, fingerprint, email, NULL); { /* See if the key is ultimately trusted. If so, we're done. */ u32 kid[2]; @@ -1887,7 +2001,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, { policy = opt.tofu_default_policy; if (DBG_TRUST) - log_debug ("TOFU: binding 's policy is " + log_debug ("TOFU: binding 's policy is" " auto (default: %s).\n", fingerprint, email, tofu_policy_str (opt.tofu_default_policy)); @@ -1943,41 +2057,29 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, * * 3. We don't have a saved policy (policy == TOFU_POLICY_NONE) * (need to check for a conflict). + * + * In summary: POLICY is ask or none. */ - /* Look for conflicts. This is needed in all 3 cases. - * - * Get the fingerprints of any bindings that share the email - * address. Note: if the binding in question is in the DB, it will - * also be returned. Thus, if the result set is empty, then this is - * a new binding. */ - rc = gpgsql_stepx - (dbs->db, &dbs->s.get_trust_bindings_with_this_email, - strings_collect_cb2, &bindings_with_this_email, &sqerr, - "select distinct fingerprint from bindings where email = ?;", - GPGSQL_ARG_STRING, email, GPGSQL_ARG_END); - if (rc) + /* Look for conflicts. This is needed in all 3 cases. */ + conflict_set = build_conflict_set (dbs, fingerprint, email); + conflict_set_count = strlist_length (conflict_set); + if (conflict_set_count == 0) { - log_error (_("error reading TOFU database: %s\n"), sqerr); - print_further_info ("listing fingerprints"); - sqlite3_free (sqerr); + /* We should always at least have the current binding. */ + trust_level = _tofu_GET_TRUST_ERROR; goto out; } - bindings_with_this_email_count = strlist_length (bindings_with_this_email); - if (bindings_with_this_email_count == 0 + if (conflict_set_count == 1 + && (conflict_set->flags & BINDING_NEW) && opt.tofu_default_policy != TOFU_POLICY_ASK) { - /* New binding with no conflict and a concrete default policy. - * - * We've never observed a binding with this email address - * BINDINGS_WITH_THIS_EMAIL_COUNT is 0 and the above query would - * return the current binding if it were in the DB) and we have - * a default policy, which is not to ask the user. - */ + /* We've never observed a binding with this email address and we + * have a default policy, which is not to ask the user. */ /* If we've seen this binding, then we've seen this email and - policy couldn't possibly be TOFU_POLICY_NONE. */ + * policy couldn't possibly be TOFU_POLICY_NONE. */ log_assert (policy == TOFU_POLICY_NONE); if (DBG_TRUST) @@ -1997,16 +2099,37 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, goto out; } - if (policy == TOFU_POLICY_NONE) + if (conflict_set_count == 1 + && (conflict_set->flags & BINDING_CONFLICT)) { - /* This is a new binding and we have a conflict. Mark any - * conflicting bindings that have an automatic policy as now - * requiring confirmation. Note: we delay this until after we - * ask for confirmation so that when the current policy is - * printed, it is correct. */ - change_conflicting_to_ask = 1; + /* No known conflicts now, but there was a conflict. This means + * at somepoint, there was a conflict and we changed this + * binding's policy to ask and set the conflicting key. The + * conflict can go away if there is not a cross sig between the + * two keys. In this case, just silently clear the conflict and + * reset the policy to auto. */ + + log_assert (policy == TOFU_POLICY_ASK); + + if (DBG_TRUST) + log_debug ("TOFU: binding had a conflict, but it's been resolved (probably via cross sig).\n", + fingerprint, email); + + if (record_binding (dbs, fingerprint, email, user_id, + TOFU_POLICY_AUTO, 0) != 0) + log_error (_("error setting TOFU binding's trust level to %s\n"), + "auto"); + + trust_level = tofu_policy_to_trust_level (TOFU_POLICY_AUTO); + goto out; } + /* We have a conflict. Mark any conflicting bindings that have an + * automatic policy as now requiring confirmation. Note: we delay + * this until after we ask for confirmation so that when the current + * policy is printed, it is correct. */ + change_conflicting_to_ask = 1; + if (! may_ask) { /* We can only get here in the third case (no saved policy) and @@ -2031,51 +2154,53 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, ask_about_binding (ctrl, &policy, &trust_level, - bindings_with_this_email_count, - bindings_with_this_email, - conflict, + conflict_set, fingerprint, email, user_id); out: - if (in_transaction) - end_transaction (ctrl, 0); if (change_conflicting_to_ask) { - if (! may_ask) + /* Mark any conflicting bindings that have an automatic policy as + * now requiring confirmation. */ + + if (! in_transaction) { - /* If we weren't allowed to ask, also update this key as - conflicting with itself. */ - rc = gpgsql_exec_printf - (dbs->db, NULL, NULL, &sqerr, - "update bindings set policy = %d, conflict = %Q" - " where email = %Q" - " and (policy = %d or (policy = %d and fingerprint = %Q));", - TOFU_POLICY_ASK, fingerprint, email, TOFU_POLICY_AUTO, - TOFU_POLICY_ASK, fingerprint); + begin_transaction (ctrl, 0); + in_transaction = 1; } - else + + /* If we weren't allowed to ask, also update this key as + * conflicting with itself. */ + for (iter = may_ask ? conflict_set->next : conflict_set; + iter; iter = iter->next) { rc = gpgsql_exec_printf (dbs->db, NULL, NULL, &sqerr, "update bindings set policy = %d, conflict = %Q" - " where email = %Q and fingerprint != %Q and policy = %d;", - TOFU_POLICY_ASK, fingerprint, email, fingerprint, - TOFU_POLICY_AUTO); + " where email = %Q and fingerprint = %Q and policy = %d;", + TOFU_POLICY_ASK, fingerprint, + email, iter->d, TOFU_POLICY_AUTO); + if (rc) + { + log_error (_("error changing TOFU policy: %s\n"), sqerr); + print_further_info ("binding: ", + fingerprint, user_id); + sqlite3_free (sqerr); + sqerr = NULL; + } + else if (DBG_TRUST) + log_debug ("Set %s to conflict with %s\n", + iter->d, fingerprint); } - - if (rc) - { - log_error (_("error changing TOFU policy: %s\n"), sqerr); - sqlite3_free (sqerr); - sqerr = NULL; - } } - xfree (conflict); - free_strlist (bindings_with_this_email); + if (in_transaction) + end_transaction (ctrl, 0); + + free_strlist (conflict_set); return trust_level; } ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 743 ++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 434 insertions(+), 309 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 16:31:11 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 05 Sep 2016 16:31:11 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-70-g0b99d1f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0b99d1fd2a80b8efaacc731027d2b2ecd9eca699 (commit) via 2eeb5551c37659fdd59e8537fc77a9e7fb6a9204 (commit) from 1f1f56e606c1cb28eec68c60bd8bcb7ab30805de (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0b99d1fd2a80b8efaacc731027d2b2ecd9eca699 Author: Werner Koch Date: Mon Sep 5 16:13:41 2016 +0200 agent: Silence --debug IPC output for connections from self. * agent/command.c (server_local_s): Add fields 'greeting_seen' and 'connect_from_self'. (io_monitor): Do not log connections from self. (start_command_handler): Set flag 'connect_from_self'. * agent/gpg-agent.c (check_own_socket_thread): Disable logging. (do_start_connection_thread): Do not log conection start and termination if IPC debugging is enabled. Signed-off-by: Werner Koch diff --git a/agent/command.c b/agent/command.c index e66f1ed..7e651bf 100644 --- a/agent/command.c +++ b/agent/command.c @@ -76,9 +76,16 @@ struct server_local_s takes precedence over this flag. */ unsigned int use_cache_for_signing : 1; - /* Flags to suppress I/O logging during a command. */ + /* Flag to suppress I/O logging during a command. */ unsigned int pause_io_logging : 1; + /* Flag indicating that the connection is from ourselves. */ + unsigned int connect_from_self : 1; + + /* Helper flag for io_monitor to allow suppressing of our own + * greeting in some cases. See io_monitor for details. */ + unsigned int greeting_seen : 1; + /* If this flag is set to true the agent will be terminated after the end of the current session. */ unsigned int stopme : 1; @@ -3052,6 +3059,29 @@ io_monitor (assuan_context_t ctx, void *hook, int direction, (void) hook; + /* We want to suppress all Assuan log messages for connections from + * self. However, assuan_get_pid works only after + * assuan_accept. Now, assuan_accept already logs a line ending with + * the process id. We use this hack here to get the peers pid so + * that we can compare it to our pid. We should add an assuan + * function to return the pid for a file descriptor and use that to + * detect connections to self. */ + if (ctx && !ctrl->server_local->greeting_seen + && direction == ASSUAN_IO_TO_PEER) + { + ctrl->server_local->greeting_seen = 1; + if (linelen > 32 + && !strncmp (line, "OK Pleased to meet you, process ", 32) + && strtoul (line+32, NULL, 10) == getpid ()) + return ASSUAN_IO_MONITOR_NOLOG; + } + + + /* Do not log self-connections. This makes the log cleaner because + * we won't see the check-our-own-socket calls. */ + if (ctx && ctrl->server_local->connect_from_self) + return ASSUAN_IO_MONITOR_NOLOG; + /* Note that we only check for the uppercase name. This allows the user to see the logging for debugging if using a non-upercase command name. */ @@ -3202,6 +3232,7 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) ctrl->server_local = xcalloc (1, sizeof *ctrl->server_local); ctrl->server_local->assuan_ctx = ctx; ctrl->server_local->use_cache_for_signing = 1; + ctrl->digest.raw_value = 0; assuan_set_io_monitor (ctx, io_monitor, NULL); @@ -3220,6 +3251,8 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) break; } + ctrl->server_local->connect_from_self = (assuan_get_pid (ctx)==getpid ()); + rc = assuan_process (ctx); if (rc) { diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 79c83a5..e119975 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -2303,12 +2303,12 @@ do_start_connection_thread (ctrl_t ctrl) { active_connections++; agent_init_default_ctrl (ctrl); - if (opt.verbose) + if (opt.verbose && !DBG_IPC) log_info (_("handler 0x%lx for fd %d started\n"), (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd)); start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd); - if (opt.verbose) + if (opt.verbose && !DBG_IPC) log_info (_("handler 0x%lx for fd %d terminated\n"), (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd)); @@ -2657,6 +2657,7 @@ check_own_socket_thread (void *arg) log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc)); goto leave; } + assuan_set_flag (ctx, ASSUAN_NO_LOGGING, 1); rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0); if (rc) commit 2eeb5551c37659fdd59e8537fc77a9e7fb6a9204 Author: Werner Koch Date: Mon Sep 5 14:43:42 2016 +0200 agent: Small improvement of the server's local state. * agent/command.c (sserver_local_s): Change flags to use only one bit. (option_handler): Make an atoi return 1 or 0. Signed-off-by: Werner Koch diff --git a/agent/command.c b/agent/command.c index 9522f89..e66f1ed 100644 --- a/agent/command.c +++ b/agent/command.c @@ -74,21 +74,21 @@ struct server_local_s operations. It defaults to true but may be set on a per connection base. The global option opt.ignore_cache_for_signing takes precedence over this flag. */ - int use_cache_for_signing; - - /* An allocated description for the next key operation. This is - used if a pinnetry needs to be popped up. */ - char *keydesc; + unsigned int use_cache_for_signing : 1; /* Flags to suppress I/O logging during a command. */ - int pause_io_logging; + unsigned int pause_io_logging : 1; - /* If this flags is set to true the agent will be terminated after + /* If this flag is set to true the agent will be terminated after the end of the current session. */ - int stopme; + unsigned int stopme : 1; /* Flag indicating whether pinentry notifications shall be done. */ - int allow_pinentry_notify; + unsigned int allow_pinentry_notify : 1; + + /* An allocated description for the next key operation. This is + used if a pinnetry needs to be popped up. */ + char *keydesc; /* Malloced KEK (Key-Encryption-Key) for the import_key command. */ void *import_key; @@ -2992,7 +2992,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) err = session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", value); } else if (!strcmp (key, "use-cache-for-signing")) - ctrl->server_local->use_cache_for_signing = *value? atoi (value) : 0; + ctrl->server_local->use_cache_for_signing = *value? !!atoi (value) : 0; else if (!strcmp (key, "allow-pinentry-notify")) ctrl->server_local->allow_pinentry_notify = 1; else if (!strcmp (key, "pinentry-mode")) ----------------------------------------------------------------------- Summary of changes: agent/command.c | 53 +++++++++++++++++++++++++++++++++++++++++++---------- agent/gpg-agent.c | 5 +++-- 2 files changed, 46 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 16:51:28 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 05 Sep 2016 16:51:28 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-71-g9082bde Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9082bde01cc18e32504ce39d55ea6dd3c05dddec (commit) from 0b99d1fd2a80b8efaacc731027d2b2ecd9eca699 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9082bde01cc18e32504ce39d55ea6dd3c05dddec Author: Neal H. Walfield Date: Mon Sep 5 16:44:09 2016 +0200 g10: Don't add user attributes to the TOFU DB. * g10/trustdb.c (tdb_get_validity_core): Skip user attributes. -- Signed-off-by: Neal H. Walfield diff --git a/g10/trustdb.c b/g10/trustdb.c index 4181240..6f63c34 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1040,6 +1040,14 @@ tdb_get_validity_core (ctrl_t ctrl, else user_id = n->pkt->pkt.user_id; + if (user_id->attrib_data) + { + /* Skip user attributes. */ + if (uid) + break; + continue; + } + /* If the user id is revoked or expired, then skip it. */ if (user_id->is_revoked || user_id->is_expired) { ----------------------------------------------------------------------- Summary of changes: g10/trustdb.c | 8 ++++++++ 1 file changed, 8 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 16:56:08 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 05 Sep 2016 16:56:08 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-325-gab3fbdb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ab3fbdbd05cfd1b039bb5b1eb3941fbb4bcf6307 (commit) from 965b842fad6ec6fbd8902f3a32119abcd0728fe4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ab3fbdbd05cfd1b039bb5b1eb3941fbb4bcf6307 Author: Andre Heinecke Date: Mon Sep 5 16:54:50 2016 +0200 qt: Clarify comment and strings in tofuinfo test * lang/qt/tests/t-tofuinfo.cpp (testTofuSignCount) (testTofuKeyList): Ensure distinct messages. Clarify comment. diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index f7238f3..5646f70 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -230,6 +230,12 @@ private Q_SLOTS: Key key = keys[0]; Q_ASSERT(!key.isNull()); + /* As we sign & verify quickly here we need different + * messages to avoid having them treated as the same + * message if they were created within the same second. + * Alternatively we could use the same message and wait + * a second between each call. But this would slow down + * the testsuite. */ signAndVerify(QStringLiteral("Hello"), key, 1); key.update(); signAndVerify(QStringLiteral("Hello2"), key, 2); @@ -258,12 +264,10 @@ private Q_SLOTS: auto keyCopy = key; keyCopy.update(); auto sigCnt = keyCopy.userID(0).tofuInfo().signCount(); - signAndVerify(QStringLiteral("Hello"), keyCopy, + signAndVerify(QStringLiteral("Hello5"), keyCopy, sigCnt + 1); keyCopy.update(); - /* For some reason if you remove the " World" part of - * the next message the test fails. */ - signAndVerify(QStringLiteral("Hello World"), keyCopy, + signAndVerify(QStringLiteral("Hello6"), keyCopy, sigCnt + 2); /* Now another one but with tofu */ ----------------------------------------------------------------------- Summary of changes: lang/qt/tests/t-tofuinfo.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 5 17:28:53 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 05 Sep 2016 17:28:53 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-74-g46c4333 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 46c4333c372f0e1ad2aadc411490c2a330b4c5a6 (commit) via c97bde2dfeab23a84b4788d998934ac49ff5b797 (commit) via 845e2cc201d6a2cdb151e39e29516d26cb49311c (commit) from 9082bde01cc18e32504ce39d55ea6dd3c05dddec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 46c4333c372f0e1ad2aadc411490c2a330b4c5a6 Author: Justus Winter Date: Mon Sep 5 17:17:24 2016 +0200 tests: Speed up the test suite. * tests/openpgp/run-tests.scm (test::run-sync): Pass additional arguments to the test. (test::run-sync-quiet): Likewise. (test::run-async): Likewise. (run-tests-{parallel,sequential}-isolated): Create a tarball of the gnupghome, then extract it for each test. * tests/openpgp/setup.scm: Refactor into functions, add an interface to tar-up the created environment, and untar it multiple times. Signed-off-by: Justus Winter diff --git a/tests/openpgp/run-tests.scm b/tests/openpgp/run-tests.scm index e3b6b6a..3334f61 100644 --- a/tests/openpgp/run-tests.scm +++ b/tests/openpgp/run-tests.scm @@ -82,10 +82,10 @@ (new name directory command pid x)) (define (set-pid x) (new name directory command x retcode)) - (define (run-sync) + (define (run-sync . args) (with-working-directory directory (let* ((p (inbound-pipe)) - (pid (spawn-process-fd command CLOSED_FD + (pid (spawn-process-fd (append command args) CLOSED_FD (:write-end p) (:write-end p)))) (close (:write-end p)) (splice (:read-end p) STDERR_FILENO) @@ -93,14 +93,16 @@ (let ((t' (set-retcode (wait-process name pid #t)))) (t'::report) t')))) - (define (run-sync-quiet) + (define (run-sync-quiet . args) (with-working-directory directory (set-retcode (wait-process - name (spawn-process-fd command CLOSED_FD CLOSED_FD CLOSED_FD) #t)))) - (define (run-async) + name (spawn-process-fd (append command args) + CLOSED_FD CLOSED_FD CLOSED_FD) #t)))) + (define (run-async . args) (with-working-directory directory - (set-pid (spawn-process-fd command CLOSED_FD CLOSED_FD CLOSED_FD)))) + (set-pid (spawn-process-fd (append command args) + CLOSED_FD CLOSED_FD CLOSED_FD)))) (define (status) (let ((t (assoc retcode '((0 "PASS") (77 "SKIP") (99 "ERROR"))))) (if (not t) "FAIL" (cadr t)))) @@ -119,21 +121,24 @@ (loop (pool::add (test::run-async)) (cdr tests')))))) (define (run-tests-parallel-isolated setup teardown . tests) - (let loop ((pool (test-pool::new '())) (tests' tests)) - (if (null? tests') - (let ((results (pool::wait))) - (for-each (lambda (t) - (let ((teardown' (teardown::set-directory t::directory))) - (teardown'::run-sync-quiet)) - (unlink-recursively t::directory) - (t::report)) results::procs) - (exit (results::report))) - (let* ((wd (mkdtemp)) - (test (car tests')) - (test' (test::set-directory wd)) - (setup' (setup::set-directory wd))) - (setup'::run-sync-quiet) - (loop (pool::add (test'::run-async)) (cdr tests')))))) + (lettmp (gpghome-tar) + (setup::run-sync '--create-tarball gpghome-tar) + (let loop ((pool (test-pool::new '())) (tests' tests)) + (if (null? tests') + (let ((results (pool::wait))) + (for-each (lambda (t) + (let ((teardown' (teardown::set-directory + t::directory))) + (teardown'::run-sync-quiet)) + (unlink-recursively t::directory) + (t::report)) results::procs) + (exit (results::report))) + (let* ((wd (mkdtemp)) + (test (car tests')) + (test' (test::set-directory wd)) + (setup' (setup::set-directory wd))) + (setup'::run-sync-quiet '--unpack-tarball gpghome-tar) + (loop (pool::add (test'::run-async)) (cdr tests'))))))) (define (run-tests-sequential-shared setup teardown . tests) (let loop ((pool (test-pool::new '())) @@ -145,21 +150,24 @@ (loop (pool::add (test::run-sync)) (cdr tests')))))) (define (run-tests-sequential-isolated setup teardown . tests) - (let loop ((pool (test-pool::new '())) (tests' tests)) - (if (null? tests') - (let ((results (pool::wait))) - (for-each (lambda (t) - (let ((teardown' (teardown::set-directory t::directory))) - (teardown'::run-sync-quiet)) - (unlink-recursively t::directory)) - results::procs) - (exit (results::report))) - (let* ((wd (mkdtemp)) - (test (car tests')) - (test' (test::set-directory wd)) - (setup' (setup::set-directory wd))) - (setup'::run-sync-quiet) - (loop (pool::add (test'::run-sync)) (cdr tests')))))) + (lettmp (gpghome-tar) + (setup::run-sync '--create-tarball gpghome-tar) + (let loop ((pool (test-pool::new '())) (tests' tests)) + (if (null? tests') + (let ((results (pool::wait))) + (for-each (lambda (t) + (let ((teardown' (teardown::set-directory + t::directory))) + (teardown'::run-sync-quiet)) + (unlink-recursively t::directory)) + results::procs) + (exit (results::report))) + (let* ((wd (mkdtemp)) + (test (car tests')) + (test' (test::set-directory wd)) + (setup' (setup::set-directory wd))) + (setup'::run-sync-quiet '--unpack-tarball gpghome-tar) + (loop (pool::add (test'::run-sync)) (cdr tests'))))))) (define all-tests '("version.scm" diff --git a/tests/openpgp/setup.scm b/tests/openpgp/setup.scm index 8fc1543..d4a3e37 100755 --- a/tests/openpgp/setup.scm +++ b/tests/openpgp/setup.scm @@ -19,103 +19,119 @@ (load (with-path "defs.scm")) -(echo "Creating test environment...") +(define (create-gpghome) + (echo "Creating test environment...") -(letfd ((fd (open "random_seed" (logior O_WRONLY O_CREAT O_BINARY) #o600))) - (call-with-fds (list (tool 'mktdata) "600") CLOSED_FD fd STDERR_FILENO)) + (letfd ((fd (open "random_seed" (logior O_WRONLY O_CREAT O_BINARY) #o600))) + (call-with-fds (list (tool 'mktdata) "600") CLOSED_FD fd STDERR_FILENO)) -(for-each-p - "Creating configuration files" - (lambda (name) - (file-copy (in-srcdir (string-append name ".tmpl")) name) - (let ((p (open-input-output-file name))) - (cond - ((string=? "gpg.conf" name) - (if have-opt-always-trust - (display "no-auto-check-trustdb\n" p)) - (display (string-append "agent-program " - (tool 'gpg-agent) - "|--debug-quick-random\n") p) - (display "allow-weak-digest-algos\n" p)) - ((string=? "gpg-agent.conf" name) - (display (string-append "pinentry-program " PINENTRY "\n") p))))) - '("gpg.conf" "gpg-agent.conf")) + (for-each-p + "Creating configuration files" + (lambda (name) + (file-copy (in-srcdir (string-append name ".tmpl")) name) + (let ((p (open-input-output-file name))) + (cond + ((string=? "gpg.conf" name) + (if have-opt-always-trust + (display "no-auto-check-trustdb\n" p)) + (display (string-append "agent-program " + (tool 'gpg-agent) + "|--debug-quick-random\n") p) + (display "allow-weak-digest-algos\n" p)) + ((string=? "gpg-agent.conf" name) + (display (string-append "pinentry-program " PINENTRY "\n") p))))) + '("gpg.conf" "gpg-agent.conf")) -(echo "Starting gpg-agent...") -(call-check `(,(tool 'gpg-connect-agent) --verbose - ,(string-append "--agent-program=" (tool 'gpg-agent) - "|--debug-quick-random") - /bye)) + (for-each-p "Creating sample data files" + (lambda (size) + (letfd ((fd (open (string-append "data-" (number->string size)) + (logior O_WRONLY O_CREAT O_BINARY) #o600))) + (call-with-fds (list (tool 'mktdata) (number->string size)) + CLOSED_FD fd STDERR_FILENO))) + '(500 9000 32000 80000)) -(for-each-p "Creating sample data files" - (lambda (size) - (letfd ((fd (open (string-append "data-" (number->string size)) - (logior O_WRONLY O_CREAT O_BINARY) #o600))) - (call-with-fds (list (tool 'mktdata) (number->string size)) - CLOSED_FD fd STDERR_FILENO))) - '(500 9000 32000 80000)) + (for-each-p "Unpacking samples" + (lambda (name) + (dearmor (in-srcdir (string-append name "o.asc")) name)) + '("plain-1" "plain-2" "plain-3" "plain-large")) -(for-each-p "Unpacking samples" - (lambda (name) - (dearmor (in-srcdir (string-append name "o.asc")) name)) - '("plain-1" "plain-2" "plain-3" "plain-large")) + ;; XXX implement cleanup + (catch '() + (mkdir "private-keys-v1.d" "-rwx")) -;; XXX implement cleanup -(catch '() - (mkdir "private-keys-v1.d" "-rwx")) + (define counter (make-counter)) + (for-each-p' "Storing private keys" + (lambda (name) + (dearmor (in-srcdir (string-append "/privkeys/" name ".asc")) + (string-append "private-keys-v1.d/" name ".key"))) + (lambda (name) (counter)) + '("50B2D4FA4122C212611048BC5FC31BD44393626E" + "7E201E28B6FEB2927B321F443205F4724EBE637E" + "13FDB8809B17C5547779F9D205C45F47CE0217CE" + "343D8AF79796EE107D645A2787A9D9252F924E6F" + "8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34" + "0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255" + "FD692BD59D6640A84C8422573D469F84F3B98E53" + "76F7E2B35832976B50A27A282D9B87E44577EB66" + "A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD" + "00FE67F28A52A8AA08FFAED20AF832DA916D1985" + "1DF48228FEFF3EC2481B106E0ACA8C465C662CC5" + "A2832820DC9F40751BDCD375BB0945BA33EC6B4C" + "ADE710D74409777B7729A7653373D820F67892E0" + "CEFC51AF91F68A2904FBFF62C4F075A4785B803F" + "1E28F20E41B54C2D1234D896096495FF57E08D18" + "EB33B687EB8581AB64D04852A54453E85F3DF62D" + "C6A6390E9388CDBAD71EAEA698233FE5E04F001E" + "D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3")) -(define counter (make-counter)) -(for-each-p' "Storing private keys" - (lambda (name) - (dearmor (in-srcdir (string-append "/privkeys/" name ".asc")) - (string-append "private-keys-v1.d/" name ".key"))) - (lambda (name) (counter)) - '("50B2D4FA4122C212611048BC5FC31BD44393626E" - "7E201E28B6FEB2927B321F443205F4724EBE637E" - "13FDB8809B17C5547779F9D205C45F47CE0217CE" - "343D8AF79796EE107D645A2787A9D9252F924E6F" - "8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34" - "0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255" - "FD692BD59D6640A84C8422573D469F84F3B98E53" - "76F7E2B35832976B50A27A282D9B87E44577EB66" - "A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD" - "00FE67F28A52A8AA08FFAED20AF832DA916D1985" - "1DF48228FEFF3EC2481B106E0ACA8C465C662CC5" - "A2832820DC9F40751BDCD375BB0945BA33EC6B4C" - "ADE710D74409777B7729A7653373D820F67892E0" - "CEFC51AF91F68A2904FBFF62C4F075A4785B803F" - "1E28F20E41B54C2D1234D896096495FF57E08D18" - "EB33B687EB8581AB64D04852A54453E85F3DF62D" - "C6A6390E9388CDBAD71EAEA698233FE5E04F001E" - "D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3")) + (info "Importing public demo and test keys") + (call-check `(, at GPG --yes --import + ,(in-srcdir "pubdemo.asc") + ,(in-srcdir "pubring.asc") + ,(in-srcdir key-file1))) + (pipe:do + (pipe:open (in-srcdir "pubring.pkr.asc") (logior O_RDONLY O_BINARY)) + (pipe:spawn `(, at GPG --dearmor)) + (pipe:spawn `(, at GPG --yes --import)))) -(info "Importing public demo and test keys") -(call-check `(, at GPG --yes --import - ,(in-srcdir "pubdemo.asc") - ,(in-srcdir "pubring.asc") - ,(in-srcdir key-file1))) -;; (letfd ((source (open (in-srcdir "pubring.pkr.asc") O_RDONLY))) -;; ((gpg-pipe '(--dearmor) '(--yes --import) STDERR_FILENO) -;; source CLOSED_FD)) -(pipe:do - (pipe:open (in-srcdir "pubring.pkr.asc") (logior O_RDONLY O_BINARY)) - (pipe:spawn `(, at GPG --dearmor)) - (pipe:spawn `(, at GPG --yes --import))) +(define (start-agent) + (echo "Starting gpg-agent...") + (call-check `(,(tool 'gpg-connect-agent) --verbose + ,(string-append "--agent-program=" (tool 'gpg-agent) + "|--debug-quick-random") + /bye)) -(info "Preset passphrases") -;; one at example.com -(call-check `(,(tool 'gpg-preset-passphrase) - --preset --passphrase def - "50B2D4FA4122C212611048BC5FC31BD44393626E")) -(call-check `(,(tool 'gpg-preset-passphrase) - --preset --passphrase def - "7E201E28B6FEB2927B321F443205F4724EBE637E")) -;; alpha at example.net -(call-check `(,(tool 'gpg-preset-passphrase) - --preset --passphrase abc - "76F7E2B35832976B50A27A282D9B87E44577EB66")) -(call-check `(,(tool 'gpg-preset-passphrase) - --preset --passphrase abc - "A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD")) + (info "Preset passphrases") + ;; one at example.com + (call-check `(,(tool 'gpg-preset-passphrase) + --preset --passphrase def + "50B2D4FA4122C212611048BC5FC31BD44393626E")) + (call-check `(,(tool 'gpg-preset-passphrase) + --preset --passphrase def + "7E201E28B6FEB2927B321F443205F4724EBE637E")) + ;; alpha at example.net + (call-check `(,(tool 'gpg-preset-passphrase) + --preset --passphrase abc + "76F7E2B35832976B50A27A282D9B87E44577EB66")) + (call-check `(,(tool 'gpg-preset-passphrase) + --preset --passphrase abc + "A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD")) + (echo "All set up.")) -(echo "All set up.") +(define (kill-agent) + (call-check `(,(tool 'gpg-connect-agent) --verbose killagent /bye))) + +(cond + ((member "--create-tarball" *args*) + (with-temporary-working-directory + (setenv "GNUPGHOME" (getcwd) #t) + (create-gpghome) + (kill-agent) + (call-check `(,(tool 'gpgtar) --create --output ,(cadr *args*) + ,@(glob "*"))))) + ((member "--unpack-tarball" *args*) + (call-check `(,(tool 'gpgtar) --extract --directory=. ,(cadr *args*))) + (start-agent)) + (else + (create-gpghome) + (start-agent))) commit c97bde2dfeab23a84b4788d998934ac49ff5b797 Author: Justus Winter Date: Mon Sep 5 15:34:44 2016 +0200 common: Restore a simpler variant of 'gnupg_wait_process'. * common/exechelp-posix.c (gnupg_wait_process): Use the code prior to 5ba4f604. Signed-off-by: Justus Winter diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index 56380f2..f19dda2 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -647,7 +647,59 @@ get_result (pid_t pid, int *r_exitcode) gpg_error_t gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode) { - return gnupg_wait_processes (&pgmname, &pid, 1, hang, r_exitcode); + gpg_err_code_t ec; + int i, status; + + if (r_exitcode) + *r_exitcode = -1; + + if (pid == (pid_t)(-1)) + return gpg_error (GPG_ERR_INV_VALUE); + +#ifdef USE_NPTH + i = npth_waitpid (pid, &status, hang? 0:WNOHANG); +#else + while ((i=waitpid (pid, &status, hang? 0:WNOHANG)) == (pid_t)(-1) + && errno == EINTR); +#endif + + if (i == (pid_t)(-1)) + { + ec = gpg_err_code_from_errno (errno); + log_error (_("waiting for process %d to terminate failed: %s\n"), + (int)pid, strerror (errno)); + } + else if (!i) + { + ec = GPG_ERR_TIMEOUT; /* Still running. */ + } + else if (WIFEXITED (status) && WEXITSTATUS (status) == 127) + { + log_error (_("error running '%s': probably not installed\n"), pgmname); + ec = GPG_ERR_CONFIGURATION; + } + else if (WIFEXITED (status) && WEXITSTATUS (status)) + { + if (!r_exitcode) + log_error (_("error running '%s': exit status %d\n"), pgmname, + WEXITSTATUS (status)); + else + *r_exitcode = WEXITSTATUS (status); + ec = GPG_ERR_GENERAL; + } + else if (!WIFEXITED (status)) + { + log_error (_("error running '%s': terminated\n"), pgmname); + ec = GPG_ERR_GENERAL; + } + else + { + if (r_exitcode) + *r_exitcode = 0; + ec = 0; + } + + return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec); } /* See exechelp.h for a description. */ commit 845e2cc201d6a2cdb151e39e29516d26cb49311c Author: Justus Winter Date: Mon Sep 5 15:33:51 2016 +0200 common: Fix error handling. * common/exechelp-posix.c (store_result): Use xtrymalloc. (gnupg_wait_processes): Likewise, and check result. Signed-off-by: Justus Winter diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index 32c4203..56380f2 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -610,7 +610,7 @@ store_result (pid_t pid, int exitcode) { struct terminated_child *c; - c = xmalloc (sizeof *c); + c = xtrymalloc (sizeof *c); if (c == NULL) return gpg_err_code_from_syserror (); @@ -660,7 +660,11 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, int *dummy = NULL; if (r_exitcodes == NULL) - dummy = r_exitcodes = xmalloc (sizeof *r_exitcodes * count); + { + dummy = r_exitcodes = xtrymalloc (sizeof *r_exitcodes * count); + if (dummy == NULL) + return gpg_err_code_from_syserror (); + } for (i = 0, left = count; i < count; i++) { ----------------------------------------------------------------------- Summary of changes: common/exechelp-posix.c | 62 +++++++++++++- tests/openpgp/run-tests.scm | 80 ++++++++++-------- tests/openpgp/setup.scm | 196 ++++++++++++++++++++++++-------------------- 3 files changed, 209 insertions(+), 129 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 6 11:03:15 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 06 Sep 2016 11:03:15 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-75-g6503561 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 650356148af43ea619bec12e599a4981b147d5f8 (commit) from 46c4333c372f0e1ad2aadc411490c2a330b4c5a6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 650356148af43ea619bec12e599a4981b147d5f8 Author: Werner Koch Date: Tue Sep 6 10:53:45 2016 +0200 agent: Terminate on deletion of the socket file (Linux only). * configure.ac (AC_CHECK_FUNCS): Chec for inotify_init. * agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h. (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New. (handle_connections) [HAVE_INOTIFY_INIT]: New. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index e119975..75a9283 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -47,6 +47,9 @@ #ifdef HAVE_SIGNAL_H # include #endif +#ifdef HAVE_INOTIFY_INIT +# include +#endif /*HAVE_INOTIFY_INIT*/ #include #define GNUPG_COMMON_NEED_AFLOCAL @@ -2399,6 +2402,31 @@ start_connection_thread_ssh (void *arg) } +#ifdef HAVE_INOTIFY_INIT +/* Read an inotify event and return true if it matches NAME. */ +static int +my_inotify_is_name (int fd, const char *name) +{ + union { + struct inotify_event ev; + char _buf[sizeof (struct inotify_event) + 100 + 1]; + } buf; + int n; + + n = npth_read (fd, &buf, sizeof buf); + if (n < sizeof (struct inotify_event)) + return 0; + if (buf.ev.len < strlen (name)+1) + return 0; + if (strcmp (buf.ev.name, name)) + return 0; /* Not the desired file. */ + + return 1; /* Found. */ +} +#endif /*HAVE_INOTIFY_INIT*/ + + + /* Connection handler loop. Wait for connection requests and spawn a thread after accepting a connection. */ static void @@ -2422,6 +2450,9 @@ handle_connections (gnupg_fd_t listen_fd, HANDLE events[2]; unsigned int events_set; #endif +#ifdef HAVE_INOTIFY_INIT + int my_inotify_fd; +#endif /*HAVE_INOTIFY_INIT*/ struct { const char *name; void *(*func) (void *arg); @@ -2459,6 +2490,28 @@ handle_connections (gnupg_fd_t listen_fd, # endif #endif +#ifdef HAVE_INOTIFY_INIT + if (disable_check_own_socket) + my_inotify_fd = -1; + else if ((my_inotify_fd = inotify_init ()) == -1) + log_info ("error enabling fast daemon termination: %s\n", + strerror (errno)); + else + { + /* We need to watch the directory for the file becuase there + * won't be an IN_DELETE_SELF for a socket file. */ + char *slash = strrchr (socket_name, '/'); + log_assert (slash && slash[1]); + *slash = 0; + if (inotify_add_watch (my_inotify_fd, socket_name, IN_DELETE) == -1) + { + close (my_inotify_fd); + my_inotify_fd = -1; + } + *slash = '/'; + } +#endif /*HAVE_INOTIFY_INIT*/ + /* On Windows we need to fire up a separate thread to listen for requests from Putty (an SSH client), so we can replace Putty's Pageant (its ssh-agent implementation). */ @@ -2500,6 +2553,14 @@ handle_connections (gnupg_fd_t listen_fd, if (FD2INT (listen_fd_ssh) > nfd) nfd = FD2INT (listen_fd_ssh); } +#ifdef HAVE_INOTIFY_INIT + if (my_inotify_fd != -1) + { + FD_SET (my_inotify_fd, &fdset); + if (my_inotify_fd > nfd) + nfd = my_inotify_fd; + } +#endif /*HAVE_INOTIFY_INIT*/ listentbl[0].l_fd = listen_fd; listentbl[1].l_fd = listen_fd_extra; @@ -2574,6 +2635,15 @@ handle_connections (gnupg_fd_t listen_fd, ctrl_t ctrl; npth_t thread; +#ifdef HAVE_INOTIFY_INIT + if (my_inotify_fd != -1 && FD_ISSET (my_inotify_fd, &read_fdset) + && my_inotify_is_name (my_inotify_fd, GPG_AGENT_SOCK_NAME)) + { + shutdown_pending = 1; + log_info ("socket file has been removed - shutting down\n"); + } +#endif /*HAVE_INOTIFY_INIT*/ + for (idx=0; idx < DIM(listentbl); idx++) { if (listentbl[idx].l_fd == GNUPG_INVALID_FD) @@ -2620,6 +2690,10 @@ handle_connections (gnupg_fd_t listen_fd, } } +#ifdef HAVE_INOTIFY_INIT + if (my_inotify_fd != -1) + close (my_inotify_fd); +#endif /*HAVE_INOTIFY_INIT*/ cleanup (); log_info (_("%s %s stopped\n"), strusage(11), strusage(13)); npth_attr_destroy (&tattr); diff --git a/configure.ac b/configure.ac index bd24ea4..b16f837 100644 --- a/configure.ac +++ b/configure.ac @@ -1388,6 +1388,14 @@ AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \ flockfile funlockfile getpwnam getpwuid \ getenv inet_pton strpbrk]) +# See whether libc supports the Linux inotify interface +case "${host}" in + *-*-linux*) + AC_CHECK_FUNCS([inotify_init]) + ;; +esac + + if test "$have_android_system" = yes; then # On Android ttyname is a stub but prints an error message. AC_DEFINE(HAVE_BROKEN_TTYNAME,1, ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 8 ++++++ 2 files changed, 82 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 6 16:52:20 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 06 Sep 2016 16:52:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-77-gf2249b7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f2249b737055f84842778285bbeff5e61fa55225 (commit) via 213b3cf465fb091dc0a205d1a08b88b950ffb85f (commit) from 650356148af43ea619bec12e599a4981b147d5f8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f2249b737055f84842778285bbeff5e61fa55225 Author: Justus Winter Date: Tue Sep 6 16:35:40 2016 +0200 gpgscm: Fix detection of unbalanced parenthesis. * tests/gpgscm/main.c (load): Print error message. * tests/gpgscm/scheme.c (opexe_0): Correctly report nesting level when loading files. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c index 34ebb9f..9aef1f3 100644 --- a/tests/gpgscm/main.c +++ b/tests/gpgscm/main.c @@ -32,6 +32,7 @@ #include "private.h" #include "scheme.h" +#include "scheme-private.h" #include "ffi.h" #include "i18n.h" #include "../../common/argparse.h" @@ -176,6 +177,13 @@ load (scheme *sc, char *file_name, scheme_load_named_file (sc, h, qualified_name); fclose (h); + if (sc->retcode) + { + if (sc->nesting) + fprintf (stderr, "%s: Unbalanced parenthesis\n", qualified_name); + return gpg_error (GPG_ERR_GENERAL); + } + if (file_name != qualified_name) free (qualified_name); return 0; diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 987f5af..1fc7643 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -2592,6 +2592,7 @@ static pointer opexe_0(scheme *sc, enum scheme_opcodes op) { if(sc->file_i == 0) { sc->args=sc->NIL; + sc->nesting = sc->nesting_stack[0]; s_goto(sc,OP_QUIT); } else commit 213b3cf465fb091dc0a205d1a08b88b950ffb85f Author: Justus Winter Date: Tue Sep 6 16:45:56 2016 +0200 tests: Fix test. * tests/openpgp/multisig.scm: Add missing parenthesis. Signed-off-by: Justus Winter diff --git a/tests/openpgp/multisig.scm b/tests/openpgp/multisig.scm index 53c905f..31cdc77 100755 --- a/tests/openpgp/multisig.scm +++ b/tests/openpgp/multisig.scm @@ -163,6 +163,6 @@ cnksIEkgY2FuJ3QgZG8gdGhhdAo= (pipe:write-to file (logior O_WRONLY O_CREAT O_BINARY) #o600)) (if (= 0 (call `(, at GPG --verify ,file))) - (error "Bad signature verified ok"))) + (error "Bad signature verified ok")))) '(sig-1ls1ls-valid sig-ls-valid sig-1lsls-invalid sig-lsls-invalid sig-lss-invalid sig-slsl-invalid)) ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/main.c | 8 ++++++++ tests/gpgscm/scheme.c | 1 + tests/openpgp/multisig.scm | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 6 17:02:44 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 06 Sep 2016 17:02:44 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-328-g151da95 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 151da95470f174dc770b2111890ad650a1697276 (commit) via e8cb143c8337b122a6790f769ddb0a97c4baccd3 (commit) via efe7e11dfa2ff911b477ce748292e53e7a50347e (commit) from ab3fbdbd05cfd1b039bb5b1eb3941fbb4bcf6307 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 151da95470f174dc770b2111890ad650a1697276 Author: Andre Heinecke Date: Tue Sep 6 16:32:01 2016 +0200 tests: Set passphrase cb in t-encrypt-mixed * tests/gpg/t-encrypt-mixed.c (main): Set passphrase cb. -- This fixes the test when run without an agent and our faked pinentry program. diff --git a/tests/gpg/t-encrypt-mixed.c b/tests/gpg/t-encrypt-mixed.c index 6ad976a..488b1ce 100644 --- a/tests/gpg/t-encrypt-mixed.c +++ b/tests/gpg/t-encrypt-mixed.c @@ -59,6 +59,8 @@ main (int argc, char *argv[]) err = gpgme_data_new (&out); fail_if_err (err); + gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); + /* A recipient for which we don't have a secret key */ err = gpgme_get_key (ctx, "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", &key[0], 0); commit e8cb143c8337b122a6790f769ddb0a97c4baccd3 Author: Andre Heinecke Date: Tue Sep 6 16:30:24 2016 +0200 core: Check for gpg version for loopback mode * src/engine-gpg.c (build_argv): Check for version 2.1.0 before adding pinentry-mode. -- This is a compatibility fix for older versions that don't support this flag which would otherwise result in an invalid argument error. diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 7036ee0..3f77ba8 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -866,7 +866,7 @@ build_argv (engine_gpg_t gpg, const char *pgmname) argc++; } - if (gpg->pinentry_mode) + if (gpg->pinentry_mode && have_gpg_version (gpg, "2.1.0")) { const char *s = NULL; switch (gpg->pinentry_mode) commit efe7e11dfa2ff911b477ce748292e53e7a50347e Author: Andre Heinecke Date: Tue Sep 6 16:28:45 2016 +0200 core: Fix passphrase cb for mixed sym encrypt * src/encrypt.c (encrypt_start): Handle SYMMETRIC flag. * src/encrypt-sign.c (encrypt_sign_start): Ditto. -- This causes the passphrace command handler to be properly registered which in turn will result in the passphrase callback beeing called. diff --git a/src/encrypt-sign.c b/src/encrypt-sign.c index 4f484e9..af6de63 100644 --- a/src/encrypt-sign.c +++ b/src/encrypt-sign.c @@ -72,7 +72,7 @@ encrypt_sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_key_t recp[], if (err) return err; - symmetric = !recp; + symmetric = !recp || (flags & GPGME_ENCRYPT_SYMMETRIC); if (!plain) return gpg_error (GPG_ERR_NO_DATA); diff --git a/src/encrypt.c b/src/encrypt.c index 307c862..4023654 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -228,8 +228,7 @@ encrypt_start (gpgme_ctx_t ctx, int synchronous, gpgme_key_t recp[], if (err) return err; - if (!recp) - symmetric = 1; + symmetric = !recp || (flags & GPGME_ENCRYPT_SYMMETRIC); if (!plain) return gpg_error (GPG_ERR_NO_DATA); ----------------------------------------------------------------------- Summary of changes: src/encrypt-sign.c | 2 +- src/encrypt.c | 3 +-- src/engine-gpg.c | 2 +- tests/gpg/t-encrypt-mixed.c | 2 ++ 4 files changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 6 21:37:54 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 06 Sep 2016 21:37:54 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-79-g875ac92 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 875ac9216f1383851a82bd240cadb17c7112f6a8 (commit) via a9e6db6c7e23d9f4b8de59f5cabbf9eb6a59e626 (commit) from f2249b737055f84842778285bbeff5e61fa55225 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 875ac9216f1383851a82bd240cadb17c7112f6a8 Author: Neal H. Walfield Date: Tue Sep 6 15:45:38 2016 +0200 g10: Record and show statistics for encrypted messages when using TOFU * g10/tofu.c: Include "sqrtu32.h". (struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to get_trust_gather_signature_stats. Add new field get_trust_gather_encryption_stats. (initdb): Create the encryptions table. (ask_about_binding): Show the encryption statistics too. (tofu_register): Rename from this... (tofu_register_signature): ... to this and update callers. (tofu_register_encryption): New function. (write_stats_status): Add parameters encryption_count, encryption_first_done and encryption_most_recent. Update callers. Compute the trust using the euclidean distance of the signature and signature count. Compare with twice the threshold. Include encryption count information in the TFS and TOFU_STATS lines. (show_statistics): Also get information about the encrypted messages. * g10/trustdb.c (tdb_get_validity_core): Use it. -- Signed-off-by: Neal H. Walfield diff --git a/doc/DETAILS b/doc/DETAILS index cf779d2..b5431d0 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -238,8 +238,10 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - Field 4 :: signcount - The number of signatures seen. - Field 5 :: encrcount - The number of encryptions done. - Field 6 :: policy - A string with the policy - - Field 7 :: first-seen - a timestamp or 0 if not known. - - Field 8 :: most-recent-seen - a timestamp or 0 if not known. + - Field 7 :: signture-first-seen - a timestamp or 0 if not known. + - Field 8 :: signature-most-recent-seen - a timestamp or 0 if not known. + - Field 9 :: encryption-first-done - a timestamp or 0 if not known. + - Field 10 :: encryption-most-recent-done - a timestamp or 0 if not known. *** TRU - Trust database information Example for a "tru" trust base record: @@ -715,7 +717,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: userid encoded in UTF-8 and percent escaped. The fingerprint is indentical for all TOFU_USER lines up to a NEWSIG line. -*** TOFU_STATS 0 [ [ ]] +*** TOFU_STATS 0 [ [ ]] Statistics for the current user id. @@ -734,9 +736,11 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - ask :: Policy is "ask" - unknown :: Policy is not known. - TM1 ist the time the first messages was verified. TM2 is the time - the most recent message was verified. Both may either be seconds - since Epoch or an ISO time string (yyyymmddThhmmss). + TM1 ist the time the first message was verified. TM2 is the time + the most recent message was verified. TM3 is the time the first + message was encrypted. TM4 is the most recent encryption. All may + either be seconds since Epoch or an ISO time string + (yyyymmddThhmmss). *** TOFU_STATS_SHORT diff --git a/g10/Makefile.am b/g10/Makefile.am index fc33e83..7b87e6a 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -74,7 +74,7 @@ trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h endif if USE_TOFU -tofu_source = tofu.h tofu.c gpgsql.c gpgsql.h +tofu_source = tofu.h tofu.c gpgsql.c gpgsql.h sqrtu32.c sqrtu32.h else tofu_source = endif diff --git a/g10/pkclist.c b/g10/pkclist.c index f7b2483..62f5b7f 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1314,6 +1314,29 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list) rc = GPG_ERR_NO_USER_ID; } +#ifdef USE_TOFU + if (! rc && (opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)) + { + PK_LIST iter; + for (iter = pk_list; iter; iter = iter->next) + { + int rc2; + + /* Note: we already resolved any conflict when looking up + the key. Don't annoy the user again if she selected + accept once. */ + rc2 = tofu_register_encryption (ctrl, iter->pk, NULL, 0); + if (rc2) + log_info ("WARNING: Failed to register encryption to %s" + " with TOFU engine\n", + keystr (pk_main_keyid (iter->pk))); + else if (DBG_TRUST) + log_debug ("Registered encryption to %s with TOFU DB.\n", + keystr (pk_main_keyid (iter->pk))); + } + } +#endif /*USE_TOFU*/ + fail: if ( rc ) diff --git a/g10/tofu.c b/g10/tofu.c index 083f5ef..defc54f 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -41,6 +41,7 @@ #include "mkdir_p.h" #include "gpgsql.h" #include "status.h" +#include "sqrtu32.h" #include "tofu.h" @@ -76,7 +77,8 @@ struct tofu_dbs_s sqlite3_stmt *get_policy_select_policy_and_conflict; sqlite3_stmt *get_trust_bindings_with_this_email; sqlite3_stmt *get_trust_gather_other_user_ids; - sqlite3_stmt *get_trust_gather_other_keys; + sqlite3_stmt *get_trust_gather_signature_stats; + sqlite3_stmt *get_trust_gather_encryption_stats; sqlite3_stmt *register_already_seen; sqlite3_stmt *register_insert; } s; @@ -649,6 +651,19 @@ initdb (sqlite3 *db) } out: + if (! rc) + { + /* Early version of the v1 format did not include the encryption + table. Add it. */ + sqlite3_exec (db, + "create table if not exists encryptions" + " (binding INTEGER NOT NULL," + " time INTEGER);" + "create index if not exists encryptions_binding" + " on encryptions (binding);\n", + NULL, NULL, &err); + } + if (rc) { rc = sqlite3_exec (db, "rollback;", NULL, NULL, &err); @@ -1384,39 +1399,42 @@ ask_about_binding (ctrl_t ctrl, strlist_rev (&conflict_set); for (iter = conflict_set; iter && ! rc; iter = iter->next) { +#define STATS_SQL(table, time, sign) \ + "select fingerprint, policy, time_ago, count(*)\n" \ + " from\n" \ + " (select bindings.*,\n" \ + " "sign" case\n" \ + " when delta ISNULL then 1\n" \ + /* From the future (but if its just a couple of hours in the \ + * future don't turn it into a warning)? Or should we use \ + * small, medium or large units? (Note: whatever we do, we \ + * keep the value in seconds. Then when we group, everything \ + * that rounds to the same number of seconds is grouped.) */ \ + " when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then 2\n" \ + " when delta < ("STRINGIFY (TIME_AGO_SMALL_THRESHOLD)")\n" \ + " then 3\n" \ + " when delta < ("STRINGIFY (TIME_AGO_MEDIUM_THRESHOLD)")\n" \ + " then 4\n" \ + " when delta < ("STRINGIFY (TIME_AGO_LARGE_THRESHOLD)")\n" \ + " then 5\n" \ + " else 6\n" \ + " end time_ago,\n" \ + " delta time_ago_raw\n" \ + " from bindings\n" \ + " left join\n" \ + " (select *,\n" \ + " cast(strftime('%s','now') - " time " as real) delta\n" \ + " from " table ") ss\n" \ + " on ss.binding = bindings.oid)\n" \ + " where email = ? and fingerprint = ?\n" \ + " group by time_ago\n" \ + /* Make sure the current key is first. */ \ + " order by time_ago desc;\n" + rc = gpgsql_stepx - (dbs->db, &dbs->s.get_trust_gather_other_keys, + (dbs->db, &dbs->s.get_trust_gather_signature_stats, signature_stats_collect_cb, &stats, &sqerr, - "select fingerprint, policy, time_ago, count(*)\n" - " from\n" - " (select bindings.*,\n" - " case\n" - " when delta ISNULL then 1\n" - /* From the future (but if its just a couple of hours in the - * future don't turn it into a warning)? Or should we use - * small, medium or large units? (Note: whatever we do, we - * keep the value in seconds. Then when we group, everything - * that rounds to the same number of seconds is grouped.) */ - " when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then 2\n" - " when delta < ("STRINGIFY (TIME_AGO_SMALL_THRESHOLD)")\n" - " then 3\n" - " when delta < ("STRINGIFY (TIME_AGO_MEDIUM_THRESHOLD)")\n" - " then 4\n" - " when delta < ("STRINGIFY (TIME_AGO_LARGE_THRESHOLD)")\n" - " then 5\n" - " else 6\n" - " end time_ago,\n" - " delta time_ago_raw\n" - " from bindings\n" - " left join\n" - " (select *,\n" - " cast(strftime('%s','now') - sig_time as real) delta\n" - " from signatures) ss\n" - " on ss.binding = bindings.oid)\n" - " where email = ? and fingerprint = ?\n" - " group by time_ago\n" - /* Make sure the current key is first. */ - " order by time_ago desc;\n", + STATS_SQL ("signatures", "sig_time", ""), GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, iter->d, GPGSQL_ARG_END); @@ -1426,6 +1444,23 @@ ask_about_binding (ctrl_t ctrl, if (!stats || strcmp (iter->d, stats->fingerprint) != 0) /* No stats for this binding. Add a dummy entry. */ signature_stats_prepend (&stats, iter->d, TOFU_POLICY_AUTO, 1, 1); + + rc = gpgsql_stepx + (dbs->db, &dbs->s.get_trust_gather_encryption_stats, + signature_stats_collect_cb, &stats, &sqerr, + STATS_SQL ("encryptions", "time", "-"), + GPGSQL_ARG_STRING, email, + GPGSQL_ARG_STRING, iter->d, + GPGSQL_ARG_END); + if (rc) + break; + +#undef STATS_SQL + + if (!stats || strcmp (iter->d, stats->fingerprint) != 0 + || stats->time_ago > 0) + /* No stats for this binding. Add a dummy entry. */ + signature_stats_prepend (&stats, iter->d, TOFU_POLICY_AUTO, -1, 1); } end_transaction (ctrl, 0); strlist_rev (&conflict_set); @@ -1459,6 +1494,13 @@ ask_about_binding (ctrl_t ctrl, email); for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next) { +#if 0 + log_debug ("%s: time_ago: %ld; count: %ld\n", + stats_iter->fingerprint, + stats_iter->time_ago, + stats_iter->count); +#endif + if (! key || strcmp (key, stats_iter->fingerprint)) { int this_key; @@ -1499,7 +1541,7 @@ ask_about_binding (ctrl_t ctrl, seen_in_past = 0; } - if (stats_iter->time_ago == 1) + if (abs(stats_iter->time_ago) == 1) { /* The 1 in this case is the NULL entry. */ log_assert (stats_iter->count == 1); @@ -1510,12 +1552,18 @@ ask_about_binding (ctrl_t ctrl, es_fputs (" ", fp); /* TANSLATORS: This string is concatenated with one of * the day/week/month strings to form one sentence. */ - es_fprintf (fp, ngettext("Verified %d message", - "Verified %d messages", - seen_in_past), seen_in_past); + if (stats_iter->time_ago > 0) + es_fprintf (fp, ngettext("Verified %d message", + "Verified %d messages", + seen_in_past), seen_in_past); + else + es_fprintf (fp, ngettext("Encrypted %d message", + "Encrypted %d messages", + seen_in_past), seen_in_past); + if (!stats_iter->count) es_fputs (".", fp); - else if (stats_iter->time_ago == 2) + else if (abs(stats_iter->time_ago) == 2) { es_fprintf (fp, "in the future."); /* Reset it. */ @@ -1523,25 +1571,25 @@ ask_about_binding (ctrl_t ctrl, } else { - if (stats_iter->time_ago == 3) + if (abs(stats_iter->time_ago) == 3) es_fprintf (fp, ngettext(" over the past days.", " over the past %d days.", seen_in_past), TIME_AGO_SMALL_THRESHOLD / TIME_AGO_UNIT_SMALL); - else if (stats_iter->time_ago == 4) + else if (abs(stats_iter->time_ago) == 4) es_fprintf (fp, ngettext(" over the past month.", " over the past %d months.", seen_in_past), TIME_AGO_MEDIUM_THRESHOLD / TIME_AGO_UNIT_MEDIUM); - else if (stats_iter->time_ago == 5) + else if (abs(stats_iter->time_ago) == 5) es_fprintf (fp, ngettext(" over the past year.", " over the past %d years.", seen_in_past), TIME_AGO_LARGE_THRESHOLD / TIME_AGO_UNIT_LARGE); - else if (stats_iter->time_ago == 6) + else if (abs(stats_iter->time_ago) == 6) es_fprintf (fp, _(" in the past.")); else log_assert (! "Broken SQL.\n"); @@ -2349,46 +2397,59 @@ time_ago_str (long long int t) /* If FP is NULL, write TOFU_STATS status line. If FP is not NULL * write a "tfs" record to that stream. */ static void -write_stats_status (estream_t fp, long messages, enum tofu_policy policy, - unsigned long first_seen, - unsigned long most_recent_seen) +write_stats_status (estream_t fp, + enum tofu_policy policy, + unsigned long signature_count, + unsigned long signature_first_seen, + unsigned long signature_most_recent, + unsigned long encryption_count, + unsigned long encryption_first_done, + unsigned long encryption_most_recent) { const char *validity; + /* Use the euclidean distance rather then the sum of the magnitudes + to ensure a balance between verified signatures and encrypted + messages. */ + float messages = sqrtu32 (signature_count) + sqrtu32 (encryption_count); + if (messages < 1) validity = "1"; /* Key without history. */ - else if (messages < BASIC_TRUST_THRESHOLD) + else if (messages < sqrtu32 (2 * BASIC_TRUST_THRESHOLD)) validity = "2"; /* Key with too little history. */ - else if (messages < FULL_TRUST_THRESHOLD) + else if (messages < sqrtu32 (2 * FULL_TRUST_THRESHOLD)) validity = "3"; /* Key with enough history for basic trust. */ else validity = "4"; /* Key with a lot of history. */ if (fp) { - es_fprintf (fp, "tfs:1:%s:%ld:0:%s:%lu:%lu:\n", - validity, messages, + es_fprintf (fp, "tfs:1:%s:%ld:%ld:%s:%lu:%lu:%lu:%lu:\n", + validity, signature_count, encryption_count, tofu_policy_str (policy), - first_seen, most_recent_seen); + signature_first_seen, signature_most_recent, + encryption_first_done, encryption_most_recent); } else { char numbuf1[35]; char numbuf2[35]; char numbuf3[35]; + char numbuf4[35]; + char numbuf5[35]; + char numbuf6[35]; - snprintf (numbuf1, sizeof numbuf1, " %ld", messages); - *numbuf2 = *numbuf3 = 0; - if (first_seen && most_recent_seen) - { - snprintf (numbuf2, sizeof numbuf2, " %lu", first_seen); - snprintf (numbuf3, sizeof numbuf3, " %lu", most_recent_seen); - } + snprintf (numbuf1, sizeof numbuf1, " %ld", signature_count); + snprintf (numbuf2, sizeof numbuf2, " %ld", encryption_count); + snprintf (numbuf3, sizeof numbuf3, " %lu", signature_first_seen); + snprintf (numbuf4, sizeof numbuf4, " %lu", signature_most_recent); + snprintf (numbuf5, sizeof numbuf5, " %lu", encryption_first_done); + snprintf (numbuf6, sizeof numbuf6, " %lu", encryption_most_recent); write_status_strings (STATUS_TOFU_STATS, - validity, numbuf1, " 0", + validity, numbuf1, numbuf2, " ", tofu_policy_str (policy), - numbuf2, numbuf3, + numbuf3, numbuf4, numbuf5, numbuf6, NULL); } } @@ -2401,13 +2462,24 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, const char *email, const char *user_id, estream_t outfp) { + unsigned long now = gnupg_get_time (); + enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL); + char *fingerprint_pp; int rc; strlist_t strlist = NULL; char *err = NULL; + unsigned long signature_first_seen = 0; + unsigned long signature_most_recent = 0; + unsigned long signature_count = 0; + unsigned long encryption_first_done = 0; + unsigned long encryption_most_recent = 0; + unsigned long encryption_count = 0; + fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); + /* Get the signature stats. */ rc = gpgsql_exec_printf (dbs->db, strings_collect_cb, &strlist, &err, "select count (*), min (signatures.time), max (signatures.time)\n" @@ -2423,191 +2495,217 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, goto out; } - if (!outfp) - write_status_text_and_buffer (STATUS_TOFU_USER, fingerprint, - email, strlen (email), 0); + if (strlist) + { + log_assert (strlist->next); + log_assert (strlist->next->next); + log_assert (! strlist->next->next->next); + + string_to_long (&signature_count, strlist->d, -1, __LINE__); + string_to_long (&signature_first_seen, strlist->next->d, -1, __LINE__); + string_to_long (&signature_most_recent, + strlist->next->next->d, -1, __LINE__); + + free_strlist (strlist); + strlist = NULL; + } - if (! strlist) + /* Get the encryption stats. */ + rc = gpgsql_exec_printf + (dbs->db, strings_collect_cb, &strlist, &err, + "select count (*), min (encryptions.time), max (encryptions.time)\n" + " from encryptions\n" + " left join bindings on encryptions.binding = bindings.oid\n" + " where fingerprint = %Q and email = %Q;", + fingerprint, email); + if (rc) { - if (!outfp) - log_info (_("Have never verified a message signed by key %s!\n"), - fingerprint_pp); - write_stats_status (outfp, 0, TOFU_POLICY_NONE, 0, 0); + log_error (_("error reading TOFU database: %s\n"), err); + print_further_info ("getting statistics"); + sqlite3_free (err); + goto out; } - else + + if (strlist) { - unsigned long now = gnupg_get_time (); - signed long messages; - unsigned long first_seen; - unsigned long most_recent_seen; + log_assert (strlist->next); + log_assert (strlist->next->next); + log_assert (! strlist->next->next->next); + + string_to_long (&encryption_count, strlist->d, -1, __LINE__); + string_to_long (&encryption_first_done, strlist->next->d, -1, __LINE__); + string_to_long (&encryption_most_recent, + strlist->next->next->d, -1, __LINE__); + + free_strlist (strlist); + strlist = NULL; + } - log_assert (strlist_length (strlist) == 3); + if (!outfp) + write_status_text_and_buffer (STATUS_TOFU_USER, fingerprint, + email, strlen (email), 0); - string_to_long (&messages, strlist->d, -1, __LINE__); + write_stats_status (outfp, policy, + signature_count, + signature_first_seen, + signature_most_recent, + encryption_count, + encryption_first_done, + encryption_most_recent); - if (messages == 0 && *strlist->next->d == '\0') - { /* min(NULL) => NULL => "". */ - first_seen = 0; - most_recent_seen = 0; + if (!outfp) + { + estream_t fp; + char *msg; + + fp = es_fopenmem (0, "rw,samethread"); + if (! fp) + log_fatal ("error creating memory stream: %s\n", + gpg_strerror (gpg_error_from_syserror())); + + if (signature_count == 0) + { + es_fprintf (fp, _("Verified %ld messages signed by \"%s\"."), + 0L, user_id); + es_fputc ('\n', fp); } else - { - string_to_ulong (&first_seen, strlist->next->d, -1, __LINE__); - if (first_seen > now) - { - log_debug ("time-warp - tofu DB has a future value (%lu, %lu)\n", - first_seen, now); - first_seen = now; - } - string_to_ulong (&most_recent_seen, strlist->next->next->d, -1, - __LINE__); - if (most_recent_seen > now) + { + char *first_seen_ago_str = time_ago_str (now - signature_first_seen); + + /* TRANSLATORS: The final %s is replaced by a string like + "7 months, 1 day, 5 minutes, 0 seconds". */ + es_fprintf (fp, + ngettext("Verified %ld message signed by \"%s\"\n" + "in the past %s.", + "Verified %ld messages signed by \"%s\"\n" + "in the past %s.", + signature_count), + signature_count, user_id, first_seen_ago_str); + + if (signature_count > 1) { - log_debug ("time-warp - tofu DB has a future value (%lu, %lu)\n", - most_recent_seen, now); - most_recent_seen = now; + char *tmpstr = time_ago_str (now - signature_most_recent); + es_fputs (" ", fp); + es_fprintf (fp, _("The most recent message was" + " verified %s ago."), tmpstr); + xfree (tmpstr); } + xfree (first_seen_ago_str); + } - } + es_fprintf (fp, " "); - if (messages == -1 || first_seen == -1) + if (encryption_count == 0) { - write_stats_status (outfp, 0, TOFU_POLICY_NONE, 0, 0); - if (!outfp) - log_info (_("Failed to collect signature statistics for \"%s\"\n" - "(key %s)\n"), - user_id, fingerprint_pp); - } - else if (outfp) - { - write_stats_status (outfp, messages, - get_policy (dbs, fingerprint, email, NULL), - first_seen, most_recent_seen); + es_fprintf (fp, _("Encrypted %ld messages to \"%s\"."), + 0L, user_id); + es_fputc ('\n', fp); } else - { - enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL); - estream_t fp; - char *msg; - - write_stats_status (NULL, messages, - policy, - first_seen, most_recent_seen); - - fp = es_fopenmem (0, "rw,samethread"); - if (! fp) - log_fatal ("error creating memory stream: %s\n", - gpg_strerror (gpg_error_from_syserror())); - - if (messages == 0) + { + char *first_done_ago_str = time_ago_str (now - encryption_first_done); + + /* TRANSLATORS: The final %s is replaced by a string like + "7 months, 1 day, 5 minutes, 0 seconds". */ + es_fprintf (fp, + ngettext("Encrypted %ld message to \"%s\"\n" + "in the past %s.", + "Encrypted %ld messages to \"%s\"\n" + "in the past %s.", + encryption_count), + encryption_count, user_id, first_done_ago_str); + + if (encryption_count > 1) { - es_fprintf (fp, _("Verified %ld messages signed by \"%s\"."), - 0L, user_id); - es_fputc ('\n', fp); + char *tmpstr = time_ago_str (now - encryption_most_recent); + es_fputs (" ", fp); + es_fprintf (fp, _("The most recent message was" + " verified %s ago."), tmpstr); + xfree (tmpstr); } - else - { - char *first_seen_ago_str = time_ago_str (now - first_seen); - - /* TRANSLATORS: The final %s is replaced by a string like - "7 months, 1 day, 5 minutes, 0 seconds". */ - es_fprintf (fp, - ngettext("Verified %ld message signed by \"%s\"\n" - "in the past %s.", - "Verified %ld messages signed by \"%s\"\n" - "in the past %s.", - messages), - messages, user_id, first_seen_ago_str); - - if (messages > 1) - { - char *tmpstr = time_ago_str (now - most_recent_seen); - es_fputs (" ", fp); - es_fprintf (fp, _("The most recent message was" - " verified %s ago."), tmpstr); - xfree (tmpstr); - } - xfree (first_seen_ago_str); + xfree (first_done_ago_str); + } - if (opt.verbose) - { - es_fputs (" ", fp); - es_fputc ('(', fp); - es_fprintf (fp, _("policy: %s"), tofu_policy_str (policy)); - es_fputs (")\n", fp); - } - else - es_fputs ("\n", fp); - } + if (opt.verbose) + { + es_fputs (" ", fp); + es_fputc ('(', fp); + es_fprintf (fp, _("policy: %s"), tofu_policy_str (policy)); + es_fputs (")\n", fp); + } + else + es_fputs ("\n", fp); - { - char *tmpmsg, *p; - es_fputc (0, fp); - if (es_fclose_snatch (fp, (void **) &tmpmsg, NULL)) - log_fatal ("error snatching memory stream\n"); - msg = format_text (tmpmsg, 0, 72, 80); - es_free (tmpmsg); - - /* Print a status line but suppress the trailing LF. - * Spaces are not percent escaped. */ - if (*msg) - write_status_buffer (STATUS_TOFU_STATS_LONG, - msg, strlen (msg)-1, -1); - - /* Remove the non-breaking space markers. */ - for (p=msg; *p; p++) - if (*p == '~') - *p = ' '; - } + { + char *tmpmsg, *p; + es_fputc (0, fp); + if (es_fclose_snatch (fp, (void **) &tmpmsg, NULL)) + log_fatal ("error snatching memory stream\n"); + msg = format_text (tmpmsg, 0, 72, 80); + es_free (tmpmsg); + + /* Print a status line but suppress the trailing LF. + * Spaces are not percent escaped. */ + if (*msg) + write_status_buffer (STATUS_TOFU_STATS_LONG, + msg, strlen (msg)-1, -1); + + /* Remove the non-breaking space markers. */ + for (p=msg; *p; p++) + if (*p == '~') + *p = ' '; + } - log_string (GPGRT_LOG_INFO, msg); - xfree (msg); - - if (policy == TOFU_POLICY_AUTO && messages < BASIC_TRUST_THRESHOLD) - { - char *set_policy_command; - char *text; - char *tmpmsg; - - if (messages == 0) - log_info (_("Warning: we have yet to see" - " a message signed by this key and user id!\n")); - else if (messages == 1) - log_info (_("Warning: we've only seen a single message" - " signed by this key and user id!\n")); - - set_policy_command = - xasprintf ("gpg --tofu-policy bad %s", fingerprint); - - tmpmsg = xasprintf - (ngettext - ("Warning: if you think you've seen more than %ld message " - "signed by this key and user id, then this key might be a " - "forgery! Carefully examine the email address for small " - "variations. If the key is suspect, then use\n" - " %s\n" - "to mark it as being bad.\n", - "Warning: if you think you've seen more than %ld messages " - "signed by this key, then this key might be a forgery! " - "Carefully examine the email address for small " - "variations. If the key is suspect, then use\n" - " %s\n" - "to mark it as being bad.\n", - messages), - messages, set_policy_command); - text = format_text (tmpmsg, 0, 72, 80); - xfree (tmpmsg); - log_string (GPGRT_LOG_INFO, text); - xfree (text); - - es_free (set_policy_command); - } - } + log_string (GPGRT_LOG_INFO, msg); + xfree (msg); + + if (policy == TOFU_POLICY_AUTO + /* Cf. write_stats_status */ + && (sqrtu32 (encryption_count) + sqrtu32 (signature_count) + < sqrtu32 (2 * BASIC_TRUST_THRESHOLD))) + { + char *set_policy_command; + char *text; + char *tmpmsg; + + if (signature_count == 0) + log_info (_("Warning: we have yet to see" + " a message signed by this key and user id!\n")); + else if (signature_count == 1) + log_info (_("Warning: we've only seen a single message" + " signed by this key and user id!\n")); + + set_policy_command = + xasprintf ("gpg --tofu-policy bad %s", fingerprint); + + tmpmsg = xasprintf + (ngettext + ("Warning: if you think you've seen more than %ld message " + "signed by this key and user id, then this key might be a " + "forgery! Carefully examine the email address for small " + "variations. If the key is suspect, then use\n" + " %s\n" + "to mark it as being bad.\n", + "Warning: if you think you've seen more than %ld messages " + "signed by this key, then this key might be a forgery! " + "Carefully examine the email address for small " + "variations. If the key is suspect, then use\n" + " %s\n" + "to mark it as being bad.\n", + signature_count), + signature_count, set_policy_command); + text = format_text (tmpmsg, 0, 72, 80); + xfree (tmpmsg); + log_string (GPGRT_LOG_INFO, text); + xfree (text); + + es_free (set_policy_command); + } } out: - free_strlist (strlist); xfree (fingerprint_pp); return; @@ -2652,9 +2750,10 @@ email_from_user_id (const char *user_id) This function returns 0 on success and an error code if an error occured. */ gpg_error_t -tofu_register (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, - const byte *sig_digest_bin, int sig_digest_bin_len, - time_t sig_time, const char *origin) +tofu_register_signature (ctrl_t ctrl, + PKT_public_key *pk, strlist_t user_id_list, + const byte *sig_digest_bin, int sig_digest_bin_len, + time_t sig_time, const char *origin) { gpg_error_t rc; tofu_dbs_t dbs; @@ -2797,6 +2896,114 @@ tofu_register (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, return rc; } +gpg_error_t +tofu_register_encryption (ctrl_t ctrl, + PKT_public_key *pk, strlist_t user_id_list, + int may_ask) +{ + gpg_error_t rc = 0; + tofu_dbs_t dbs; + kbnode_t kb = NULL; + int free_user_id_list = 0; + char *fingerprint = NULL; + strlist_t user_id; + char *err = NULL; + + dbs = opendbs (ctrl); + if (! dbs) + { + rc = gpg_error (GPG_ERR_GENERAL); + log_error (_("error opening TOFU database: %s\n"), + gpg_strerror (rc)); + return rc; + } + + /* Make sure PK is a primary key. */ + if (keyid_cmp (pk_keyid (pk), pk->main_keyid) != 0 + || user_id_list) + kb = get_pubkeyblock (pk->keyid); + + if (keyid_cmp (pk_keyid (pk), pk->main_keyid) != 0) + pk = kb->pkt->pkt.public_key; + + if (! user_id_list) + { + /* Use all non-revoked user ids. Do use expired user ids. */ + kbnode_t n = kb; + + while ((n = find_next_kbnode (n, PKT_USER_ID))) + { + PKT_user_id *uid = n->pkt->pkt.user_id; + + if (uid->is_revoked) + continue; + + add_to_strlist (&user_id_list, uid->name); + } + + free_user_id_list = 1; + + if (! user_id_list) + log_info ("WARNING: Encrypting to %s, which has no" + "non-revoked user ids.\n", + keystr (pk->keyid)); + } + + fingerprint = hexfingerprint (pk, NULL, 0); + + tofu_begin_batch_update (ctrl); + tofu_resume_batch_transaction (ctrl); + + for (user_id = user_id_list; user_id; user_id = user_id->next) + { + char *email = email_from_user_id (user_id->d); + + /* Make sure the binding exists and that we recognize any + conflicts. */ + int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, + may_ask); + if (tl == _tofu_GET_TRUST_ERROR) + { + /* An error. */ + xfree (email); + goto die; + } + + rc = gpgsql_stepx + (dbs->db, &dbs->s.register_insert, NULL, NULL, &err, + "insert into encryptions\n" + " (binding, time)\n" + " values\n" + " ((select oid from bindings\n" + " where fingerprint = ? and email = ?),\n" + " strftime('%s', 'now'));", + GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, + GPGSQL_ARG_END); + if (rc) + { + log_error (_("error updating TOFU database: %s\n"), err); + print_further_info ("insert encryption"); + sqlite3_free (err); + } + + xfree (email); + } + + die: + tofu_end_batch_update (ctrl); + + if (kb) + release_kbnode (kb); + + if (free_user_id_list) + free_strlist (user_id_list); + + xfree (fingerprint); + + return rc; +} + + /* Combine a trust level returned from the TOFU trust model with a trust level returned by the PGP trust model. This is primarily of interest when the trust model is tofu+pgp (TM_TOFU_PGP). diff --git a/g10/tofu.h b/g10/tofu.h index b9826c9..df69a7a 100644 --- a/g10/tofu.h +++ b/g10/tofu.h @@ -78,13 +78,24 @@ int tofu_policy_to_trust_level (enum tofu_policy policy); data came from, e.g., "email:claws" (default: "unknown"). Note: this function does not interact with the user, If there is a conflict, or if the binding's policy is ask, the actual interaction - is deferred until tofu_get_validity is called.. Set the string + is deferred until tofu_get_validity is called. Set the string list FLAG to indicate that a specified user id is expired. This function returns 0 on success and an error code on failure. */ -gpg_error_t tofu_register (ctrl_t ctrl, PKT_public_key *pk, - strlist_t user_id_list, - const byte *sigs_digest, int sigs_digest_len, - time_t sig_time, const char *origin); +gpg_error_t tofu_register_signature (ctrl_t ctrl, PKT_public_key *pk, + strlist_t user_id_list, + const byte *sigs_digest, + int sigs_digest_len, + time_t sig_time, const char *origin); + +/* Note that an encrypted mail was sent to , for each + USER_ID in USER_ID_LIST. (If USER_ID_LIST is NULL, then all + non-revoked user ids associated with PK are used.) If MAY_ASK is + set, then may interact with the user to resolve a TOFU + conflict. */ +gpg_error_t tofu_register_encryption (ctrl_t ctrl, + PKT_public_key *pk, + strlist_t user_id_list, + int may_ask); /* Combine a trust level returned from the TOFU trust model with a trust level returned by the PGP trust model. This is primarily of diff --git a/g10/trustdb.c b/g10/trustdb.c index 6f63c34..5457ea1 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1090,9 +1090,9 @@ tdb_get_validity_core (ctrl_t ctrl, into account. */ if (sig) { - err = tofu_register (ctrl, main_pk, user_id_list, - sig->digest, sig->digest_len, - sig->timestamp, "unknown"); + err = tofu_register_signature (ctrl, main_pk, user_id_list, + sig->digest, sig->digest_len, + sig->timestamp, "unknown"); if (err) { log_error ("TOFU: error registering signature: %s\n", commit a9e6db6c7e23d9f4b8de59f5cabbf9eb6a59e626 Author: Neal H. Walfield Date: Tue Sep 6 14:49:14 2016 +0200 g10: Simplify the binding statistics shown for a TOFU conflict. * g10/tofu.c (ask_about_binding): Simplify binding statistics. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index d4f6876..083f5ef 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -95,19 +95,15 @@ struct tofu_dbs_s /* If a message is signed a couple of hours in the future, just assume some clock skew. */ #define TIME_AGO_FUTURE_IGNORE (2 * 60 * 60) -#if 0 -# define TIME_AGO_UNIT_SMALL 60 -# define TIME_AGO_MEDIUM_THRESHOLD (60 * TIME_AGO_UNIT_SMALL) -# define TIME_AGO_UNIT_MEDIUM (60 * 60) -# define TIME_AGO_LARGE_THRESHOLD (24 * 60 * TIME_AGO_UNIT_SMALL) -# define TIME_AGO_UNIT_LARGE (24 * 60 * 60) -#else -# define TIME_AGO_UNIT_SMALL (24 * 60 * 60) -# define TIME_AGO_MEDIUM_THRESHOLD (4 * TIME_AGO_UNIT_SMALL) -# define TIME_AGO_UNIT_MEDIUM (7 * 24 * 60 * 60) -# define TIME_AGO_LARGE_THRESHOLD (28 * TIME_AGO_UNIT_SMALL) -# define TIME_AGO_UNIT_LARGE (30 * 24 * 60 * 60) -#endif +/* Days. */ +#define TIME_AGO_UNIT_SMALL (24 * 60 * 60) +#define TIME_AGO_SMALL_THRESHOLD (7 * TIME_AGO_UNIT_SMALL) +/* Months. */ +#define TIME_AGO_UNIT_MEDIUM (30 * 24 * 60 * 60) +#define TIME_AGO_MEDIUM_THRESHOLD (2 * TIME_AGO_UNIT_MEDIUM) +/* Years. */ +#define TIME_AGO_UNIT_LARGE (365 * 24 * 60 * 60) +#define TIME_AGO_LARGE_THRESHOLD (2 * TIME_AGO_UNIT_LARGE) /* Local prototypes. */ static gpg_error_t end_transaction (ctrl_t ctrl, int only_batch); @@ -1151,14 +1147,10 @@ format_conflict_msg_part1 (int policy, strlist_t conflict_set, { estream_t fp; char *fingerprint; - char *binding; - int binding_shown = 0; char *tmpstr, *text; log_assert (conflict_set); - fingerprint = conflict_set->d; - binding = xasprintf ("<%s, %s>", fingerprint, email); fp = es_fopenmem (0, "rw,samethread"); if (!fp) @@ -1167,38 +1159,31 @@ format_conflict_msg_part1 (int policy, strlist_t conflict_set, if (policy == TOFU_POLICY_NONE) { - es_fprintf (fp, _("The binding %s is NOT known."), binding); + es_fprintf (fp, + _("This is the first time the email address \"%s\" is " + "being used with key %s."), + email, fingerprint); es_fputs (" ", fp); - binding_shown = 1; } else if (policy == TOFU_POLICY_ASK && conflict_set->next) { - int conflicts = strlist_length (conflict_set) - 1; - es_fprintf (fp, - ngettext("The binding raised a " - "conflict with %d other binding.", - "The binding raised a " - "conflict with %d other bindings.", conflicts), - fingerprint, email, conflicts); - es_fprintf (fp, - _(" Since this binding's policy was 'auto', it has been " - "changed to 'ask'.")); + int conflicts = strlist_length (conflict_set); + es_fprintf (fp, _("The email address \"%s\" is associated with %d keys!"), + email, conflicts); + if (opt.verbose) + es_fprintf (fp, + _(" Since this binding's policy was 'auto', it has been " + "changed to 'ask'.")); es_fputs (" ", fp); - binding_shown = 1; } - /* TRANSLATORS: The %s%s is replaced by either a fingerprint and a - blank or by two empty strings. */ es_fprintf (fp, - _("Please indicate whether you believe the binding %s%s" - "is legitimate (the key belongs to the stated owner) " - "or a forgery (bad)."), - binding_shown ? "" : binding, - binding_shown ? "" : " "); + _("Please indicate whether this email address should" + " be associated with key %s or whether you think someone" + " is impersonating \"%s\"."), + fingerprint, email); es_fputc ('\n', fp); - xfree (binding); - es_fputc (0, fp); if (es_fclose_snatch (fp, (void **)&tmpstr, NULL)) log_fatal ("error snatching memory stream\n"); @@ -1368,7 +1353,7 @@ ask_about_binding (ctrl_t ctrl, { strlist_t strlist_iter; - es_fprintf (fp, _("Known user IDs associated with this key:\n")); + es_fprintf (fp, _("This key's user IDs:\n")); for (strlist_iter = other_user_ids; strlist_iter; strlist_iter = strlist_iter->next) @@ -1406,21 +1391,20 @@ ask_about_binding (ctrl_t ctrl, " from\n" " (select bindings.*,\n" " case\n" + " when delta ISNULL then 1\n" /* From the future (but if its just a couple of hours in the * future don't turn it into a warning)? Or should we use * small, medium or large units? (Note: whatever we do, we * keep the value in seconds. Then when we group, everything * that rounds to the same number of seconds is grouped.) */ - " when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then -1\n" + " when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then 2\n" + " when delta < ("STRINGIFY (TIME_AGO_SMALL_THRESHOLD)")\n" + " then 3\n" " when delta < ("STRINGIFY (TIME_AGO_MEDIUM_THRESHOLD)")\n" - " then max(0,\n" - " round(delta / ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" - " * ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" + " then 4\n" " when delta < ("STRINGIFY (TIME_AGO_LARGE_THRESHOLD)")\n" - " then round(delta / ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)"))\n" - " * ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)")\n" - " else round(delta / ("STRINGIFY (TIME_AGO_UNIT_LARGE)"))\n" - " * ("STRINGIFY (TIME_AGO_UNIT_LARGE)")\n" + " then 5\n" + " else 6\n" " end time_ago,\n" " delta time_ago_raw\n" " from bindings\n" @@ -1441,7 +1425,7 @@ ask_about_binding (ctrl_t ctrl, if (!stats || strcmp (iter->d, stats->fingerprint) != 0) /* No stats for this binding. Add a dummy entry. */ - signature_stats_prepend (&stats, iter->d, TOFU_POLICY_AUTO, 0, 0); + signature_stats_prepend (&stats, iter->d, TOFU_POLICY_AUTO, 1, 1); } end_transaction (ctrl, 0); strlist_rev (&conflict_set); @@ -1468,6 +1452,7 @@ ask_about_binding (ctrl_t ctrl, { char *key = NULL; strlist_t binding; + int seen_in_past = 0; es_fprintf (fp, _("Statistics for keys" " with the email address \"%s\":\n"), @@ -1510,36 +1495,56 @@ ask_about_binding (ctrl_t ctrl, tofu_policy_str (stats_iter->policy)); es_fputs ("):\n", fp); xfree (key_pp); + + seen_in_past = 0; } + if (stats_iter->time_ago == 1) + { + /* The 1 in this case is the NULL entry. */ + log_assert (stats_iter->count == 1); + stats_iter->count = 0; + } + seen_in_past += stats_iter->count; + es_fputs (" ", fp); - if (stats_iter->time_ago == -1) - es_fprintf (fp, ngettext("%ld message signed in the future.", - "%ld messages signed in the future.", - stats_iter->count), stats_iter->count); + /* TANSLATORS: This string is concatenated with one of + * the day/week/month strings to form one sentence. */ + es_fprintf (fp, ngettext("Verified %d message", + "Verified %d messages", + seen_in_past), seen_in_past); + if (!stats_iter->count) + es_fputs (".", fp); + else if (stats_iter->time_ago == 2) + { + es_fprintf (fp, "in the future."); + /* Reset it. */ + seen_in_past = 0; + } else { - long t_scaled = time_ago_scale (stats_iter->time_ago); - - /* TANSLATORS: This string is concatenated with one of - * the day/week/month strings to form one sentence. */ - es_fprintf (fp, ngettext("%ld message signed", - "%ld messages signed", - stats_iter->count), stats_iter->count); - if (!stats_iter->count) - es_fputs (".", fp); - else if (stats_iter->time_ago < TIME_AGO_UNIT_MEDIUM) - es_fprintf (fp, ngettext(" over the past %ld day.", - " over the past %ld days.", - t_scaled), t_scaled); - else if (stats_iter->time_ago < TIME_AGO_UNIT_LARGE) - es_fprintf (fp, ngettext(" over the past %ld week.", - " over the past %ld weeks.", - t_scaled), t_scaled); + if (stats_iter->time_ago == 3) + es_fprintf (fp, ngettext(" over the past days.", + " over the past %d days.", + seen_in_past), + TIME_AGO_SMALL_THRESHOLD + / TIME_AGO_UNIT_SMALL); + else if (stats_iter->time_ago == 4) + es_fprintf (fp, ngettext(" over the past month.", + " over the past %d months.", + seen_in_past), + TIME_AGO_MEDIUM_THRESHOLD + / TIME_AGO_UNIT_MEDIUM); + else if (stats_iter->time_ago == 5) + es_fprintf (fp, ngettext(" over the past year.", + " over the past %d years.", + seen_in_past), + TIME_AGO_LARGE_THRESHOLD + / TIME_AGO_UNIT_LARGE); + else if (stats_iter->time_ago == 6) + es_fprintf (fp, _(" in the past.")); else - es_fprintf (fp, ngettext(" over the past %ld month.", - " over the past %ld months.", - t_scaled), t_scaled); + log_assert (! "Broken SQL.\n"); } es_fputs ("\n", fp); } @@ -1558,11 +1563,11 @@ ask_about_binding (ctrl_t ctrl, { /* No translation. Use the English text. */ text = - "Normally, there is only a single key associated with an email " - "address. However, people sometimes generate a new key if " + "Normally, an email address is associated with a single key. " + "However, people sometimes generate a new key if " "their key is too old or they think it might be compromised. " "Alternatively, a new key may indicate a man-in-the-middle " - "attack! Before accepting this key, you should talk to or " + "attack! Before accepting this association, you should talk to or " "call the person to make sure this new key is legitimate."; } textbuf = format_text (text, 0, 72, 80); ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 16 +- g10/Makefile.am | 2 +- g10/pkclist.c | 23 ++ g10/tofu.c | 774 ++++++++++++++++++++++++++++++++++++-------------------- g10/tofu.h | 21 +- g10/trustdb.c | 6 +- 6 files changed, 546 insertions(+), 296 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 6 22:41:02 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 06 Sep 2016 22:41:02 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-82-g13ddc17 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 13ddc17ddb266d74033d5739fec932034fa85c72 (commit) via ee19eacd1d688d3a98cd66e5ef2f42079eb829f1 (commit) via 67cef405cbfad2e53fc388dd6591ee4f7cb0d973 (commit) from 875ac9216f1383851a82bd240cadb17c7112f6a8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 13ddc17ddb266d74033d5739fec932034fa85c72 Author: Neal H. Walfield Date: Tue Sep 6 22:40:59 2016 +0200 g10: Make sure some functions are passed a primary key. * g10/tofu.c (get_trust): Make sure the caller provides a primary key. (tofu_register_signature): Likewise. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 0fda536..9e07d21 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2011,6 +2011,8 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, if (opt.batch) may_ask = 0; + log_assert (keyid_cmp (pk_keyid (pk), pk->main_keyid) == 0); + /* Make sure _tofu_GET_TRUST_ERROR isn't equal to any of the trust levels. */ log_assert (_tofu_GET_TRUST_ERROR != TRUST_UNKNOWN @@ -2778,6 +2780,8 @@ tofu_register_signature (ctrl_t ctrl, if (rc) return rc; + log_assert (keyid_cmp (pk_keyid (pk), pk->main_keyid) == 0); + sig_digest = make_radix64_string (sig_digest_bin, sig_digest_bin_len); fingerprint = hexfingerprint (pk, NULL, 0); commit ee19eacd1d688d3a98cd66e5ef2f42079eb829f1 Author: Neal H. Walfield Date: Tue Sep 6 22:27:40 2016 +0200 g10: Tweak TOFU's verbosity. * g10/tofu.c (time_ago_str): Only show the most significant unit. * g10/tofu.c (show_statistics): Tweak the output. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index f5e3273..0fda536 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2343,7 +2343,7 @@ time_ago_str (long long int t) first = i; } i ++; - if ((first == -1 || i - first <= 3) && months) + if ((first == -1 || i - first <= 3) && count <= 0 && months) { if (count) es_fprintf (fp, ", "); @@ -2352,7 +2352,7 @@ time_ago_str (long long int t) first = i; } i ++; - if ((first == -1 || i - first <= 3) && count < 2 && days) + if ((first == -1 || i - first <= 3) && count <= 0 && days) { if (count) es_fprintf (fp, ", "); @@ -2361,7 +2361,7 @@ time_ago_str (long long int t) first = i; } i ++; - if ((first == -1 || i - first <= 3) && count < 2 && hours) + if ((first == -1 || i - first <= 3) && count <= 0 && hours) { if (count) es_fprintf (fp, ", "); @@ -2370,7 +2370,7 @@ time_ago_str (long long int t) first = i; } i ++; - if ((first == -1 || i - first <= 3) && count < 2 && minutes) + if ((first == -1 || i - first <= 3) && count <= 0 && minutes) { if (count) es_fprintf (fp, ", "); @@ -2379,7 +2379,7 @@ time_ago_str (long long int t) first = i; } i ++; - if ((first == -1 || i - first <= 3) && count < 2) + if ((first == -1 || i - first <= 3) && count <= 0) { if (count) es_fprintf (fp, ", "); @@ -2482,6 +2482,8 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, int show_warning = 0; + (void) user_id; + fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); /* Get the signature stats. */ @@ -2568,10 +2570,11 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, log_fatal ("error creating memory stream: %s\n", gpg_strerror (gpg_error_from_syserror())); + es_fprintf (fp, _("%s: "), email); + if (signature_count == 0) { - es_fprintf (fp, _("Verified %ld messages signed by \"%s\"."), - 0L, user_id); + es_fprintf (fp, _("Verified %ld signatures"), 0L); es_fputc ('\n', fp); } else @@ -2581,31 +2584,17 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, /* TRANSLATORS: The final %s is replaced by a string like "7 months, 1 day, 5 minutes, 0 seconds". */ es_fprintf (fp, - ngettext("Verified %ld message signed by \"%s\"\n" - "in the past %s.", - "Verified %ld messages signed by \"%s\"\n" - "in the past %s.", + ngettext("Verified %ld signature in the past %s", + "Verified %ld signatures in the past %s", signature_count), - signature_count, user_id, first_seen_ago_str); + signature_count, first_seen_ago_str); - if (signature_count > 1) - { - char *tmpstr = time_ago_str (now - signature_most_recent); - es_fputs (" ", fp); - es_fprintf (fp, _("The most recent message was" - " verified %s ago."), tmpstr); - xfree (tmpstr); - } xfree (first_seen_ago_str); } - es_fprintf (fp, " "); - if (encryption_count == 0) { - es_fprintf (fp, _("Encrypted %ld messages to \"%s\"."), - 0L, user_id); - es_fputc ('\n', fp); + es_fprintf (fp, _(", and encrypted %ld messages"), 0L); } else { @@ -2614,21 +2603,11 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, /* TRANSLATORS: The final %s is replaced by a string like "7 months, 1 day, 5 minutes, 0 seconds". */ es_fprintf (fp, - ngettext("Encrypted %ld message to \"%s\"\n" - "in the past %s.", - "Encrypted %ld messages to \"%s\"\n" - "in the past %s.", + ngettext(", and encrypted %ld message in the past %s", + ", and encrypted %ld messages in the past %s", encryption_count), - encryption_count, user_id, first_done_ago_str); + encryption_count, first_done_ago_str); - if (encryption_count > 1) - { - char *tmpstr = time_ago_str (now - encryption_most_recent); - es_fputs (" ", fp); - es_fprintf (fp, _("The most recent message was" - " verified %s ago."), tmpstr); - xfree (tmpstr); - } xfree (first_done_ago_str); } @@ -2637,10 +2616,10 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, es_fputs (" ", fp); es_fputc ('(', fp); es_fprintf (fp, _("policy: %s"), tofu_policy_str (policy)); - es_fputs (")\n", fp); + es_fputs (").\n", fp); } else - es_fputs ("\n", fp); + es_fputs (".\n", fp); { @@ -2666,19 +2645,26 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, log_string (GPGRT_LOG_INFO, msg); xfree (msg); - if (policy == TOFU_POLICY_AUTO - /* Cf. write_stats_status */ - && (sqrtu32 (encryption_count) + sqrtu32 (signature_count) - < sqrtu32 (2 * BASIC_TRUST_THRESHOLD))) + if (policy == TOFU_POLICY_AUTO) { if (signature_count == 0) log_info (_("Warning: we have yet to see" " a message signed using this key and user id!\n")); else if (signature_count == 1) - log_info (_("Warning: we've only seen a single message" + log_info (_("Warning: we've only seen one message" " signed using this key and user id!\n")); - show_warning = 1; + if (encryption_count == 0) + log_info (_("Warning: you have yet to encrypt" + " a message to this key and user id!\n")); + else if (encryption_count == 1) + log_info (_("Warning: you have only encrypted" + " one message to this key and user id!\n")); + + /* Cf. write_stats_status */ + if (sqrtu32 (encryption_count) + sqrtu32 (signature_count) + < sqrtu32 (2 * BASIC_TRUST_THRESHOLD)) + show_warning = 1; } } commit 67cef405cbfad2e53fc388dd6591ee4f7cb0d973 Author: Neal H. Walfield Date: Tue Sep 6 22:10:57 2016 +0200 g10: Only show the TOFU warning once per key. * g10/tofu.c (show_statistics): Return whether to call show_warning. Move the warning from here... (show_warning): ... to this new function. (tofu_get_validity): If show_statistics returns a non-zero value, call show_warning. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index defc54f..f5e3273 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2454,10 +2454,13 @@ write_stats_status (estream_t fp, } } - /* Note: If OUTFP is not NULL, this function merely prints a "tfs" record - * to OUTFP. In this case USER_ID is not required. */ -static void + * to OUTFP. In this case USER_ID is not required. + * + * Returns whether the caller should call show_warning after iterating + * over all user ids. + */ +static int show_statistics (tofu_dbs_t dbs, const char *fingerprint, const char *email, const char *user_id, estream_t outfp) @@ -2477,6 +2480,8 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, unsigned long encryption_most_recent = 0; unsigned long encryption_count = 0; + int show_warning = 0; + fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); /* Get the signature stats. */ @@ -2666,51 +2671,59 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, && (sqrtu32 (encryption_count) + sqrtu32 (signature_count) < sqrtu32 (2 * BASIC_TRUST_THRESHOLD))) { - char *set_policy_command; - char *text; - char *tmpmsg; - if (signature_count == 0) log_info (_("Warning: we have yet to see" - " a message signed by this key and user id!\n")); + " a message signed using this key and user id!\n")); else if (signature_count == 1) log_info (_("Warning: we've only seen a single message" - " signed by this key and user id!\n")); - - set_policy_command = - xasprintf ("gpg --tofu-policy bad %s", fingerprint); - - tmpmsg = xasprintf - (ngettext - ("Warning: if you think you've seen more than %ld message " - "signed by this key and user id, then this key might be a " - "forgery! Carefully examine the email address for small " - "variations. If the key is suspect, then use\n" - " %s\n" - "to mark it as being bad.\n", - "Warning: if you think you've seen more than %ld messages " - "signed by this key, then this key might be a forgery! " - "Carefully examine the email address for small " - "variations. If the key is suspect, then use\n" - " %s\n" - "to mark it as being bad.\n", - signature_count), - signature_count, set_policy_command); - text = format_text (tmpmsg, 0, 72, 80); - xfree (tmpmsg); - log_string (GPGRT_LOG_INFO, text); - xfree (text); - - es_free (set_policy_command); + " signed using this key and user id!\n")); + + show_warning = 1; } } out: xfree (fingerprint_pp); - return; + return show_warning; } +static void +show_warning (const char *fingerprint, strlist_t user_id_list) +{ + char *set_policy_command; + char *text; + char *tmpmsg; + + set_policy_command = + xasprintf ("gpg --tofu-policy bad %s", fingerprint); + + tmpmsg = xasprintf + (ngettext + ("Warning: if you think you've seen more signatures " + "by this key and user id, then this key might be a " + "forgery! Carefully examine the email address for small " + "variations. If the key is suspect, then use\n" + " %s\n" + "to mark it as being bad.\n", + "Warning: if you think you've seen more signatures " + "by this key and these user ids, then this key might be a " + "forgery! Carefully examine the email addresses for small " + "variations. If the key is suspect, then use\n" + " %s\n" + "to mark it as being bad.\n", + strlist_length (user_id_list)), + set_policy_command); + + text = format_text (tmpmsg, 0, 72, 80); + xfree (tmpmsg); + log_string (GPGRT_LOG_INFO, text); + xfree (text); + + es_free (set_policy_command); +} + + /* Extract the email address from a user id and normalize it. If the user id doesn't contain an email address, then we use the whole user_id and normalize that. The returned string must be freed. */ @@ -3120,6 +3133,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, int trust_level = TRUST_UNKNOWN; int bindings = 0; int bindings_valid = 0; + int need_warning = 0; dbs = opendbs (ctrl); if (! dbs) @@ -3162,7 +3176,8 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, bindings_valid ++; if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED) - show_statistics (dbs, fingerprint, email, user_id->d, NULL); + need_warning |= + show_statistics (dbs, fingerprint, email, user_id->d, NULL); if (tl == TRUST_NEVER) trust_level = TRUST_NEVER; @@ -3188,6 +3203,9 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, xfree (email); } + if (need_warning) + show_warning (fingerprint, user_id_list); + die: tofu_end_batch_update (ctrl); ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 172 ++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 90 insertions(+), 82 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 7 08:44:45 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 07 Sep 2016 08:44:45 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-84-g97a67d4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 97a67d42dc946b2d6ed81723d86e37002b5931b3 (commit) via c894fa8d375e94d5577249c729e48ce882c07a56 (commit) from 13ddc17ddb266d74033d5739fec932034fa85c72 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 97a67d42dc946b2d6ed81723d86e37002b5931b3 Author: Werner Koch Date: Wed Sep 7 08:41:48 2016 +0200 gpg: Fix format string issues in tofu. * g10/tofu.c (write_stats_status): Use ulong for MESSSAGES. Fix format strings. Simplify by using the new write_status_printf. Signed-off-by: Werner Koch diff --git a/g10/tofu.c b/g10/tofu.c index 3dc0365..6ec7f7c 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2411,11 +2411,12 @@ write_stats_status (estream_t fp, unsigned long encryption_most_recent) { const char *validity; + unsigned long messages; /* Use the euclidean distance rather then the sum of the magnitudes to ensure a balance between verified signatures and encrypted messages. */ - float messages = sqrtu32 (signature_count) + sqrtu32 (encryption_count); + messages = sqrtu32 (signature_count) + sqrtu32 (encryption_count); if (messages < 1) validity = "1"; /* Key without history. */ @@ -2428,7 +2429,7 @@ write_stats_status (estream_t fp, if (fp) { - es_fprintf (fp, "tfs:1:%s:%ld:%ld:%s:%lu:%lu:%lu:%lu:\n", + es_fprintf (fp, "tfs:1:%s:%lu:%lu:%s:%lu:%lu:%lu:%lu:\n", validity, signature_count, encryption_count, tofu_policy_str (policy), signature_first_seen, signature_most_recent, @@ -2436,25 +2437,16 @@ write_stats_status (estream_t fp, } else { - char numbuf1[35]; - char numbuf2[35]; - char numbuf3[35]; - char numbuf4[35]; - char numbuf5[35]; - char numbuf6[35]; - - snprintf (numbuf1, sizeof numbuf1, " %ld", signature_count); - snprintf (numbuf2, sizeof numbuf2, " %ld", encryption_count); - snprintf (numbuf3, sizeof numbuf3, " %lu", signature_first_seen); - snprintf (numbuf4, sizeof numbuf4, " %lu", signature_most_recent); - snprintf (numbuf5, sizeof numbuf5, " %lu", encryption_first_done); - snprintf (numbuf6, sizeof numbuf6, " %lu", encryption_most_recent); - - write_status_strings (STATUS_TOFU_STATS, - validity, numbuf1, numbuf2, - " ", tofu_policy_str (policy), - numbuf3, numbuf4, numbuf5, numbuf6, - NULL); + write_status_printf (STATUS_TOFU_STATS, + "%s %lu %lu %s %lu %lu %lu %lu", + validity, + signature_count, + encryption_count, + tofu_policy_str (policy), + signature_first_seen, + signature_most_recent, + encryption_first_done, + encryption_most_recent); } } commit c894fa8d375e94d5577249c729e48ce882c07a56 Author: Werner Koch Date: Wed Sep 7 08:40:18 2016 +0200 g10: Temporary hack to repalce missing sqrtu32. -- Signed-off-by: Werner Koch diff --git a/g10/Makefile.am b/g10/Makefile.am index 7b87e6a..95944b8 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -74,7 +74,8 @@ trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h endif if USE_TOFU -tofu_source = tofu.h tofu.c gpgsql.c gpgsql.h sqrtu32.c sqrtu32.h +tofu_source = tofu.h tofu.c gpgsql.c gpgsql.h +#sqrtu32.c sqrtu32.h else tofu_source = endif diff --git a/g10/tofu.c b/g10/tofu.c index 9e07d21..3dc0365 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -41,7 +41,9 @@ #include "mkdir_p.h" #include "gpgsql.h" #include "status.h" -#include "sqrtu32.h" +/* #include "sqrtu32.h" */ +#define sqrtu32(a) (a) /* TEMP hack due to missing commit. */ + #include "tofu.h" ----------------------------------------------------------------------- Summary of changes: g10/Makefile.am | 3 ++- g10/tofu.c | 38 ++++++++++++++++---------------------- 2 files changed, 18 insertions(+), 23 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 7 08:55:21 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 07 Sep 2016 08:55:21 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-85-g1f90d3c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1f90d3c71e3e48d0c4b7722a607464876bb71794 (commit) from 97a67d42dc946b2d6ed81723d86e37002b5931b3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f90d3c71e3e48d0c4b7722a607464876bb71794 Author: Neal H. Walfield Date: Wed Sep 7 08:55:17 2016 +0200 g10: Add missing sqrtu32.h and sqrtu32.c. -- Signed-off-by: Neal H. Walfield Fixes-commit: 875ac92. diff --git a/g10/Makefile.am b/g10/Makefile.am index 95944b8..7b87e6a 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -74,8 +74,7 @@ trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h endif if USE_TOFU -tofu_source = tofu.h tofu.c gpgsql.c gpgsql.h -#sqrtu32.c sqrtu32.h +tofu_source = tofu.h tofu.c gpgsql.c gpgsql.h sqrtu32.c sqrtu32.h else tofu_source = endif diff --git a/g10/sqrtu32.c b/g10/sqrtu32.c new file mode 100644 index 0000000..11513b0 --- /dev/null +++ b/g10/sqrtu32.c @@ -0,0 +1,244 @@ +/* sqrtu32.c - Return the very approximate sqrt of an unsigned integer. + * + * This file by g10 Code GmbH + * + * To the extent possible under law, the person who associated CC0 with + * g10 Code GmbH has waived all copyright and related or neighboring rights + * to this file. + * + * You should have received a copy of the CC0 legalcode along with this + * work. If not, see . + */ + +/* The R code to generate the following table. */ +#if 0 +{ + m = 2^32 - 1 + last.i = 0 + last.sqrt = 0 + i = 0 + while (i < m) { + if (sqrt(i) - last.sqrt > 0.05 * last.sqrt) { + cat(paste0(" if (i <= ", last.i, "u) return ", last.sqrt, ";\n")); + last.i = i + last.sqrt = sqrt(i) + } + i = i + max(1, floor(last.sqrt / 10)) + } + cat(paste0(" return ", sqrt(m), ";\n")) +} +#endif + +float +sqrtu32 (unsigned int i) +{ + if (i <= 0u) return 0; + if (i <= 1u) return 1; + if (i <= 2u) return 1.4142135623731; + if (i <= 3u) return 1.73205080756888; + if (i <= 4u) return 2; + if (i <= 5u) return 2.23606797749979; + if (i <= 6u) return 2.44948974278318; + if (i <= 7u) return 2.64575131106459; + if (i <= 8u) return 2.82842712474619; + if (i <= 9u) return 3; + if (i <= 10u) return 3.16227766016838; + if (i <= 12u) return 3.46410161513775; + if (i <= 14u) return 3.74165738677394; + if (i <= 16u) return 4; + if (i <= 18u) return 4.24264068711928; + if (i <= 20u) return 4.47213595499958; + if (i <= 23u) return 4.79583152331272; + if (i <= 26u) return 5.09901951359278; + if (i <= 29u) return 5.3851648071345; + if (i <= 32u) return 5.65685424949238; + if (i <= 36u) return 6; + if (i <= 40u) return 6.32455532033676; + if (i <= 45u) return 6.70820393249937; + if (i <= 50u) return 7.07106781186548; + if (i <= 56u) return 7.48331477354788; + if (i <= 62u) return 7.87400787401181; + if (i <= 69u) return 8.30662386291807; + if (i <= 77u) return 8.77496438739212; + if (i <= 85u) return 9.21954445729289; + if (i <= 94u) return 9.69535971483266; + if (i <= 104u) return 10.1980390271856; + if (i <= 115u) return 10.7238052947636; + if (i <= 127u) return 11.2694276695846; + if (i <= 141u) return 11.8743420870379; + if (i <= 156u) return 12.4899959967968; + if (i <= 172u) return 13.114877048604; + if (i <= 190u) return 13.7840487520902; + if (i <= 210u) return 14.4913767461894; + if (i <= 232u) return 15.2315462117278; + if (i <= 256u) return 16; + if (i <= 283u) return 16.8226038412607; + if (i <= 313u) return 17.6918060129541; + if (i <= 346u) return 18.6010752377383; + if (i <= 382u) return 19.5448202856921; + if (i <= 422u) return 20.5426385841741; + if (i <= 466u) return 21.5870331449229; + if (i <= 514u) return 22.6715680975093; + if (i <= 568u) return 23.832750575626; + if (i <= 628u) return 25.0599281722833; + if (i <= 694u) return 26.343879744639; + if (i <= 766u) return 27.6767050061961; + if (i <= 846u) return 29.086079144498; + if (i <= 934u) return 30.5614135798723; + if (i <= 1030u) return 32.0936130717624; + if (i <= 1138u) return 33.734255586866; + if (i <= 1255u) return 35.4259791678367; + if (i <= 1384u) return 37.2021504754766; + if (i <= 1528u) return 39.0896405713841; + if (i <= 1687u) return 41.0731055558257; + if (i <= 1863u) return 43.1624837098145; + if (i <= 2055u) return 45.3321078265725; + if (i <= 2267u) return 47.6130234284697; + if (i <= 2503u) return 50.029991005396; + if (i <= 2763u) return 52.5642464038057; + if (i <= 3048u) return 55.208694967369; + if (i <= 3363u) return 57.9913786695919; + if (i <= 3708u) return 60.8933493905533; + if (i <= 4092u) return 63.9687423668779; + if (i <= 4512u) return 67.1714224949867; + if (i <= 4980u) return 70.5691150575094; + if (i <= 5491u) return 74.1012820401914; + if (i <= 6058u) return 77.8331548891602; + if (i <= 6681u) return 81.7373843476778; + if (i <= 7369u) return 85.842879728024; + if (i <= 8129u) return 90.160967164289; + if (i <= 8966u) return 94.6889645101265; + if (i <= 9893u) return 99.4635611668917; + if (i <= 10910u) return 104.450945424156; + if (i <= 12030u) return 109.68135666557; + if (i <= 13270u) return 115.195486022674; + if (i <= 14634u) return 120.971070921936; + if (i <= 16134u) return 127.019683514013; + if (i <= 17790u) return 133.379158791769; + if (i <= 19623u) return 140.08211877324; + if (i <= 21639u) return 147.102005424807; + if (i <= 23865u) return 154.483008774428; + if (i <= 26325u) return 162.24980739588; + if (i <= 29029u) return 170.378989314997; + if (i <= 32021u) return 178.94412535761; + if (i <= 35319u) return 187.933498876597; + if (i <= 38955u) return 197.370210518204; + if (i <= 42964u) return 207.277591649459; + if (i <= 47384u) return 217.678662252413; + if (i <= 52256u) return 228.595712995673; + if (i <= 57624u) return 240.049994792751; + if (i <= 63552u) return 252.09522010542; + if (i <= 70077u) return 264.720607433573; + if (i <= 77279u) return 277.991007048789; + if (i <= 85217u) return 291.919509454233; + if (i <= 93975u) return 306.553421119387; + if (i <= 103635u) return 321.923904051874; + if (i <= 114259u) return 338.022188620806; + if (i <= 125974u) return 354.928161745444; + if (i <= 138889u) return 372.678145321134; + if (i <= 153134u) return 391.323395671662; + if (i <= 168851u) return 410.914833025044; + if (i <= 186194u) return 431.5020278052; + if (i <= 205286u) return 453.084980991425; + if (i <= 226346u) return 475.758342018298; + if (i <= 249564u) return 499.563809738055; + if (i <= 275191u) return 524.586503829445; + if (i <= 303427u) return 550.842082633489; + if (i <= 334557u) return 578.409024825858; + if (i <= 368871u) return 607.347511726195; + if (i <= 406731u) return 637.754655020251; + if (i <= 448437u) return 669.654388472143; + if (i <= 494439u) return 703.163565609027; + if (i <= 545119u) return 738.321745582507; + if (i <= 601037u) return 775.265760884614; + if (i <= 662714u) return 814.072478345755; + if (i <= 730673u) return 854.794127261062; + if (i <= 805643u) return 897.576180610872; + if (i <= 888235u) return 942.46220083354; + if (i <= 979321u) return 989.60648744842; + if (i <= 1079771u) return 1039.1203010239; + if (i <= 1190496u) return 1091.09852900643; + if (i <= 1312576u) return 1145.67709237813; + if (i <= 1447210u) return 1203.00041562753; + if (i <= 1595650u) return 1263.19040528338; + if (i <= 1759324u) return 1326.3951145869; + if (i <= 1939768u) return 1392.75554208195; + if (i <= 2138677u) return 1462.42162183141; + if (i <= 2357969u) return 1535.5679730966; + if (i <= 2599709u) return 1612.3613118653; + if (i <= 2866325u) return 1693.02244521448; + if (i <= 3160216u) return 1777.69963717159; + if (i <= 3484303u) return 1866.62877937741; + if (i <= 3841609u) return 1960.00229591702; + if (i <= 4235569u) return 2058.04980503388; + if (i <= 4669759u) return 2160.962517028; + if (i <= 5148415u) return 2269.011899484; + if (i <= 5676351u) return 2382.50939137708; + if (i <= 6258261u) return 2501.65165440754; + if (i <= 6899761u) return 2626.73961404628; + if (i <= 7607161u) return 2758.10822847835; + if (i <= 8387061u) return 2896.04229941484; + if (i <= 9246836u) return 3040.86106226509; + if (i <= 10194708u) return 3192.91528230863; + if (i <= 11239752u) return 3352.57393654487; + if (i <= 12392152u) return 3520.24885483967; + if (i <= 13662520u) return 3696.2846210756; + if (i <= 15063244u) return 3881.13952338743; + if (i <= 16607484u) return 4075.22809177597; + if (i <= 18309965u) return 4279.01448934214; + if (i <= 20187057u) return 4493.00089027367; + if (i <= 22256498u) return 4717.67930236891; + if (i <= 24538022u) return 4953.58678131311; + if (i <= 27053612u) return 5201.30868147623; + if (i <= 29826772u) return 5461.3892005606; + if (i <= 32884372u) return 5734.48968958878; + if (i <= 36255331u) return 6021.23998857378; + if (i <= 39972079u) return 6322.34758614235; + if (i <= 44069335u) return 6638.47384569677; + if (i <= 48587017u) return 6970.43879537006; + if (i <= 53567779u) return 7319.00122967608; + if (i <= 59059051u) return 7684.98867923694; + if (i <= 65113195u) return 8069.27475055844; + if (i <= 71787681u) return 8472.76112020161; + if (i <= 79146417u) return 8896.4272042208; + if (i <= 87259431u) return 9341.27566234934; + if (i <= 96204349u) return 9808.38156884203; + if (i <= 106066089u) return 10298.8392064349; + if (i <= 116938503u) return 10813.8107529215; + if (i <= 128925712u) return 11354.5458737899; + if (i <= 142141652u) return 11922.3173921851; + if (i <= 156711468u) return 12518.445111115; + if (i <= 172775559u) return 13144.4117023167; + if (i <= 190485651u) return 13801.6539226283; + if (i <= 210011271u) return 14491.7656274175; + if (i <= 231537615u) return 15216.360110092; + if (i <= 255271299u) return 15977.2118656542; + if (i <= 281438144u) return 16776.1182637701; + if (i <= 310285898u) return 17614.9339482156; + if (i <= 342091319u) return 18495.710827108; + if (i <= 377155755u) return 19420.4983200741; + if (i <= 415815149u) return 20391.5460178967; + if (i <= 458436366u) return 21411.1271538889; + if (i <= 505427034u) return 22481.7044282679; + if (i <= 557234442u) return 23605.8137330616; + if (i <= 614351162u) return 24786.1082463544; + if (i <= 677324576u) return 26025.4601496304; + if (i <= 746751140u) return 27326.7477025716; + if (i <= 823293584u) return 28693.0929667751; + if (i <= 907682350u) return 30127.7670928331; + if (i <= 1000720018u) return 31634.1590373444; + if (i <= 1103296108u) return 33215.9014328981; + if (i <= 1216386121u) return 34876.7274984337; + if (i <= 1341067293u) return 36620.5856452351; + if (i <= 1478527787u) return 38451.6291852504; + if (i <= 1630078462u) return 40374.2301722274; + if (i <= 1797161818u) return 42392.9453800983; + if (i <= 1981371802u) return 44512.60273226; + if (i <= 2184466481u) return 46738.2764016817; + if (i <= 2408377949u) return 49075.2274472569; + if (i <= 2655239305u) return 51529.014205591; + if (i <= 2927404009u) return 54105.4896382983; + if (i <= 3227464249u) return 56810.7758176211; + if (i <= 3558280241u) return 59651.3222066368; + return 65535.9999923706; +} diff --git a/g10/sqrtu32.h b/g10/sqrtu32.h new file mode 100644 index 0000000..566784d --- /dev/null +++ b/g10/sqrtu32.h @@ -0,0 +1,14 @@ +/* sqrtu32.h - Return the very approximate sqrt of an unsigned integer. + * + * This file by g10 Code GmbH + * + * To the extent possible under law, the person who associated CC0 with + * g10 Code GmbH has waived all copyright and related or neighboring rights + * to this file. + * + * You should have received a copy of the CC0 legalcode along with this + * work. If not, see . + */ + +/* Return the very approximate square root of an unsigned integer. */ +float sqrtu32 (unsigned int i); diff --git a/g10/tofu.c b/g10/tofu.c index 6ec7f7c..2a4fcd7 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -41,9 +41,7 @@ #include "mkdir_p.h" #include "gpgsql.h" #include "status.h" -/* #include "sqrtu32.h" */ -#define sqrtu32(a) (a) /* TEMP hack due to missing commit. */ - +#include "sqrtu32.h" #include "tofu.h" ----------------------------------------------------------------------- Summary of changes: g10/Makefile.am | 3 +- g10/sqrtu32.c | 244 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ g10/sqrtu32.h | 14 ++++ g10/tofu.c | 4 +- 4 files changed, 260 insertions(+), 5 deletions(-) create mode 100644 g10/sqrtu32.c create mode 100644 g10/sqrtu32.h hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 7 09:29:39 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 07 Sep 2016 09:29:39 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-329-g120b147 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 120b14783c0312d782dc08ce4949a6209d5ccc7b (commit) from 151da95470f174dc770b2111890ad650a1697276 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 120b14783c0312d782dc08ce4949a6209d5ccc7b Author: Werner Koch Date: Wed Sep 7 09:26:11 2016 +0200 core,cpp: Extend the TOFU information. * src/gpgme.h.in (struct _gpeme_tofu_info): Rename FIRSTSEEN to SIGNFIRST and LASTSEEN to SIGNLAST. Add ENCRFIST and ENCRLAST. * src/keylist.c (parse_tfs_record): Parse to ENCRFIRST and ENCRLAST. * src/verify.c (parse_tofu_stats): Ditto. * tests/run-keylist.c (main): Adjust and print encrypt stats. * tests/run-verify.c (print_result): Ditto. * lang/cpp/src/tofuinfo.h (TofuInfo): Rename firstSeen to signFirst and lastSeen to signLast. Add encrCount, encrFirst and encrLast. * lang/cpp/src/tofuinfo.cpp (encrCount, encrFirst, encrLast): New. -- The latest GnuPG commits have the needed changes but we also allow the use of currently released GnuPG version. Signed-off-by: Werner Koch diff --git a/lang/cpp/src/tofuinfo.cpp b/lang/cpp/src/tofuinfo.cpp index ade262b..bb67fc8 100644 --- a/lang/cpp/src/tofuinfo.cpp +++ b/lang/cpp/src/tofuinfo.cpp @@ -123,14 +123,29 @@ unsigned short GpgME::TofuInfo::signCount() const return isNull() ? 0 : d->mInfo->signcount; } -unsigned long GpgME::TofuInfo::firstSeen() const +unsigned short GpgME::TofuInfo::encrCount() const { - return isNull() ? 0 : d->mInfo->firstseen; + return isNull() ? 0 : d->mInfo->encrcount; } -unsigned long GpgME::TofuInfo::lastSeen() const +unsigned long GpgME::TofuInfo::signFirst() const { - return isNull() ? 0 : d->mInfo->lastseen; + return isNull() ? 0 : d->mInfo->signfirst; +} + +unsigned long GpgME::TofuInfo::signLast() const +{ + return isNull() ? 0 : d->mInfo->signlast; +} + +unsigned long GpgME::TofuInfo::encrFirst() const +{ + return isNull() ? 0 : d->mInfo->encrfirst; +} + +unsigned long GpgME::TofuInfo::encrLast() const +{ + return isNull() ? 0 : d->mInfo->encrlast; } std::ostream &GpgME::operator<<(std::ostream &os, const GpgME::TofuInfo &info) @@ -141,8 +156,11 @@ std::ostream &GpgME::operator<<(std::ostream &os, const GpgME::TofuInfo &info) << "\n validity: " << info.validity() << "\n policy: " << info.policy() << "\n signcount: "<< info.signCount() - << "\n firstseen: "<< info.firstSeen() - << "\n lastseen: " << info.lastSeen() + << "\n signfirst: "<< info.signFirst() + << "\n signlast: " << info.signLast() + << "\n encrcount: "<< info.encrCount() + << "\n encrfirst: "<< info.encrFirst() + << "\n encrlast: " << info.encrLast() << '\n'; } return os << ")"; diff --git a/lang/cpp/src/tofuinfo.h b/lang/cpp/src/tofuinfo.h index eb5dbcc..ec253e9 100644 --- a/lang/cpp/src/tofuinfo.h +++ b/lang/cpp/src/tofuinfo.h @@ -93,11 +93,20 @@ public: /* Number of signatures seen for this binding. Capped at USHRT_MAX. */ unsigned short signCount() const; + /* Number of encryption done to this binding. Capped at USHRT_MAX. */ + unsigned short encrCount() const; + /** Number of seconds since epoch when the first message was verified */ - unsigned long firstSeen() const; + unsigned long signFirst() const; /** Number of seconds since epoch when the last message was verified */ - unsigned long lastSeen() const; + unsigned long signLast() const; + + /** Number of seconds since epoch when the first message was encrypted */ + unsigned long encrFirst() const; + + /** Number of seconds since epoch when the last message was encrypted */ + unsigned long encrLast() const; /* If non-NULL a human readable string summarizing the TOFU data. */ const char *description() const; diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 57f3446..00a4bed 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -650,9 +650,11 @@ struct _gpgme_tofu_info unsigned short encrcount; /* Number of seconds since Epoch when the first and the most - * recently seen message were verified. 0 means unknown. */ - unsigned long firstseen; - unsigned long lastseen; + * recently seen message were verified/decrypted. 0 means unknown. */ + unsigned long signfirst; + unsigned long signlast; + unsigned long encrfirst; + unsigned long encrlast; /* If non-NULL a human readable string summarizing the TOFU data. */ char *description; diff --git a/src/keylist.c b/src/keylist.c index 9f1e68d..f7912e6 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -466,11 +466,25 @@ parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield) err = _gpgme_strtoul_field (field[6], &uval); if (err) goto inv_engine; - ti->firstseen = uval; + ti->signfirst = uval; err = _gpgme_strtoul_field (field[7], &uval); if (err) goto inv_engine; - ti->lastseen = uval; + ti->signlast = uval; + + if (nfield > 9) + { + /* This condition is only to allow for gpg 2.1.15 - can + * eventually be removed. */ + err = _gpgme_strtoul_field (field[8], &uval); + if (err) + goto inv_engine; + ti->encrfirst = uval; + err = _gpgme_strtoul_field (field[9], &uval); + if (err) + goto inv_engine; + ti->encrlast = uval; + } /* Ready. */ uid->tofu = ti; diff --git a/src/verify.c b/src/verify.c index 92eb333..5ac937d 100644 --- a/src/verify.c +++ b/src/verify.c @@ -755,20 +755,21 @@ parse_tofu_user (gpgme_signature_t sig, char *args, gpgme_protocol_t protocol) /* Parse a TOFU_STATS line and store it in the last tofu info of SIG. * - * TOFU_STATS [ [ ]] + * TOFU_STATS \ + * [ [ ]] */ static gpgme_error_t parse_tofu_stats (gpgme_signature_t sig, char *args) { gpgme_error_t err; gpgme_tofu_info_t ti; - char *field[6]; + char *field[8]; int nfields; unsigned long uval; if (!sig->key || !sig->key->_last_uid || !(ti = sig->key->_last_uid->tofu)) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* No TOFU_USER seen. */ - if (ti->firstseen || ti->signcount || ti->validity || ti->policy) + if (ti->signfirst || ti->signcount || ti->validity || ti->policy) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Already set. */ nfields = _gpgme_split_fields (args, field, DIM (field)); @@ -824,11 +825,24 @@ parse_tofu_stats (gpgme_signature_t sig, char *args) err = _gpgme_strtoul_field (field[4], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); - ti->firstseen = uval; + ti->signfirst = uval; err = _gpgme_strtoul_field (field[5], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); - ti->lastseen = uval; + ti->signlast = uval; + if (nfields > 7) + { + /* This condition is only to allow for gpg 2.1.15 - can + * eventually be removed. */ + err = _gpgme_strtoul_field (field[6], &uval); + if (err) + return trace_gpg_error (GPG_ERR_INV_ENGINE); + ti->encrfirst = uval; + err = _gpgme_strtoul_field (field[7], &uval); + if (err) + return trace_gpg_error (GPG_ERR_INV_ENGINE); + ti->encrlast = uval; + } return 0; } diff --git a/tests/run-keylist.c b/tests/run-keylist.c index 00f874d..647a9ed 100644 --- a/tests/run-keylist.c +++ b/tests/run-keylist.c @@ -291,9 +291,11 @@ main (int argc, char **argv) ti->policy == GPGME_TOFU_POLICY_BAD? "bad" : ti->policy == GPGME_TOFU_POLICY_ASK? "ask" : "?"); printf (" nsigs: %hu\n", ti->signcount); + printf (" first: %s\n", isotimestr (ti->signfirst)); + printf (" last: %s\n", isotimestr (ti->signlast)); printf (" nencr: %hu\n", ti->encrcount); - printf (" first: %s\n", isotimestr (ti->firstseen)); - printf (" last: %s\n", isotimestr (ti->lastseen)); + printf (" first: %s\n", isotimestr (ti->encrfirst)); + printf (" last: %s\n", isotimestr (ti->encrlast)); } } diff --git a/tests/run-verify.c b/tests/run-verify.c index 3c18d3b..ebc20d9 100644 --- a/tests/run-verify.c +++ b/tests/run-verify.c @@ -197,9 +197,12 @@ print_result (gpgme_verify_result_t result) ti->policy == GPGME_TOFU_POLICY_UNKNOWN? "unknown" : ti->policy == GPGME_TOFU_POLICY_BAD? "bad" : ti->policy == GPGME_TOFU_POLICY_ASK? "ask" : "?"); - printf (" sigcount : %hu\n", ti->signcount); - printf (" firstseen: %s\n", isotimestr (ti->firstseen)); - printf (" lastseen : %s\n", isotimestr (ti->lastseen)); + printf (" signcount: %hu\n", ti->signcount); + printf (" first..: %s\n", isotimestr (ti->signfirst)); + printf (" last ..: %s\n", isotimestr (ti->signlast)); + printf (" encrcount: %hu\n", ti->encrcount); + printf (" first..: %s\n", isotimestr (ti->encrfirst)); + printf (" last ..: %s\n", isotimestr (ti->encrlast)); printf (" desc ....: "); print_description (nonnull (ti->description), 15); } ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/tofuinfo.cpp | 30 ++++++++++++++++++++++++------ lang/cpp/src/tofuinfo.h | 13 +++++++++++-- src/gpgme.h.in | 8 +++++--- src/keylist.c | 18 ++++++++++++++++-- src/verify.c | 24 +++++++++++++++++++----- tests/run-keylist.c | 6 ++++-- tests/run-verify.c | 9 ++++++--- 7 files changed, 85 insertions(+), 23 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 7 10:07:01 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 07 Sep 2016 10:07:01 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-86-g56c1840 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 56c18408d4955713d9c4e634367c7912d6564651 (commit) from 1f90d3c71e3e48d0c4b7722a607464876bb71794 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 56c18408d4955713d9c4e634367c7912d6564651 Author: Neal H. Walfield Date: Wed Sep 7 10:06:58 2016 +0200 g10: Use the correct conversion function. * g10/tofu.c (show_statistics): Use string_to_ulong, not string_to_long. -- Signed-off-by: Neal H. Walfield Fixes-commit: 875ac921 diff --git a/g10/tofu.c b/g10/tofu.c index 2a4fcd7..afecd0c 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2502,10 +2502,10 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, log_assert (strlist->next->next); log_assert (! strlist->next->next->next); - string_to_long (&signature_count, strlist->d, -1, __LINE__); - string_to_long (&signature_first_seen, strlist->next->d, -1, __LINE__); - string_to_long (&signature_most_recent, - strlist->next->next->d, -1, __LINE__); + string_to_ulong (&signature_count, strlist->d, -1, __LINE__); + string_to_ulong (&signature_first_seen, strlist->next->d, -1, __LINE__); + string_to_ulong (&signature_most_recent, + strlist->next->next->d, -1, __LINE__); free_strlist (strlist); strlist = NULL; @@ -2533,10 +2533,10 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, log_assert (strlist->next->next); log_assert (! strlist->next->next->next); - string_to_long (&encryption_count, strlist->d, -1, __LINE__); - string_to_long (&encryption_first_done, strlist->next->d, -1, __LINE__); - string_to_long (&encryption_most_recent, - strlist->next->next->d, -1, __LINE__); + string_to_ulong (&encryption_count, strlist->d, -1, __LINE__); + string_to_ulong (&encryption_first_done, strlist->next->d, -1, __LINE__); + string_to_ulong (&encryption_most_recent, + strlist->next->next->d, -1, __LINE__); free_strlist (strlist); strlist = NULL; ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 7 10:53:31 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 07 Sep 2016 10:53:31 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-88-gee06b3f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ee06b3f7889bd99c28ac68f4781bda77d67eed00 (commit) via 7b3e8572e3bb8a65d20577a48009251fdc7b1910 (commit) from 56c18408d4955713d9c4e634367c7912d6564651 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ee06b3f7889bd99c28ac68f4781bda77d67eed00 Author: Neal H. Walfield Date: Wed Sep 7 10:53:28 2016 +0200 g10: Check for a new binding a bit later. * g10/tofu.c (build_conflict_set): Check for the current key after looking for conflicts and removing any '!'. -- Signed-off-by: Neal H. Walfield Fixes-commit: 1f1f56e6 diff --git a/g10/tofu.c b/g10/tofu.c index 2976c6b..5b20269 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1769,15 +1769,6 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email) return NULL; } - /* If the current binding has not yet been recorded, add it to the - * list. (The order by above ensures that if it is present, it will - * be first.) */ - if (! (conflict_set && strcmp (conflict_set->d, fingerprint) == 0)) - { - add_to_strlist (&conflict_set, fingerprint); - conflict_set->flags |= BINDING_NEW; - } - /* Set BINDING_CONFLICT if the binding has a known conflict. This * allows us to distinguish between bindings where the user * explicitly set the policy to ask and bindings where we set the @@ -1801,6 +1792,15 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email) } } + /* If the current binding has not yet been recorded, add it to the + * list. (The order by above ensures that if it is present, it will + * be first.) */ + if (! (conflict_set && strcmp (conflict_set->d, fingerprint) == 0)) + { + add_to_strlist (&conflict_set, fingerprint); + conflict_set->flags |= BINDING_NEW; + } + conflict_set_count = strlist_length (conflict_set); /* Eliminate false conflicts. */ commit 7b3e8572e3bb8a65d20577a48009251fdc7b1910 Author: Neal H. Walfield Date: Wed Sep 7 10:28:39 2016 +0200 g10: Change TOFU code to respect --faked-system-time. * g10/tofu.c (record_binding): New parameter now. Update callers. Don't use SQLite's strftime('%s','now') to get the current time, use NOW. (ask_about_binding): Likewise. (get_trust): New parameter now. Update callers. (show_statistics): Likewise. (tofu_register_signature): Don't use SQLite's strftime('%s','now') to get the current time, use gnupg_get_time(). (tofu_register_encryption): Likewise. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index afecd0c..2976c6b 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -797,7 +797,8 @@ get_single_long_cb2 (void *cookie, int argc, char **argv, char **azColName, If SHOW_OLD is set, the binding's old policy is displayed. */ static gpg_error_t record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email, - const char *user_id, enum tofu_policy policy, int show_old) + const char *user_id, enum tofu_policy policy, int show_old, + time_t now) { char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); gpg_error_t rc; @@ -873,10 +874,12 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email, reallocate a new one. We just need to search for the OID based on the fingerprint and email since they are unique. */ " (select oid from bindings where fingerprint = ? and email = ?),\n" - " ?, ?, ?, strftime('%s','now'), ?);", + " ?, ?, ?, ?, ?);", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, - GPGSQL_ARG_STRING, user_id, GPGSQL_ARG_INT, (int) policy, + GPGSQL_ARG_STRING, user_id, + GPGSQL_ARG_LONG_LONG, (long long) now, + GPGSQL_ARG_INT, (int) policy, GPGSQL_ARG_END); if (rc) { @@ -1318,7 +1321,8 @@ ask_about_binding (ctrl_t ctrl, strlist_t conflict_set, const char *fingerprint, const char *email, - const char *user_id) + const char *user_id, + time_t now) { tofu_dbs_t dbs; strlist_t iter; @@ -1423,7 +1427,7 @@ ask_about_binding (ctrl_t ctrl, " from bindings\n" \ " left join\n" \ " (select *,\n" \ - " cast(strftime('%s','now') - " time " as real) delta\n" \ + " cast(? - " time " as real) delta\n" \ " from " table ") ss\n" \ " on ss.binding = bindings.oid)\n" \ " where email = ? and fingerprint = ?\n" \ @@ -1435,6 +1439,7 @@ ask_about_binding (ctrl_t ctrl, (dbs->db, &dbs->s.get_trust_gather_signature_stats, signature_stats_collect_cb, &stats, &sqerr, STATS_SQL ("signatures", "sig_time", ""), + GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, iter->d, GPGSQL_ARG_END); @@ -1449,6 +1454,7 @@ ask_about_binding (ctrl_t ctrl, (dbs->db, &dbs->s.get_trust_gather_encryption_stats, signature_stats_collect_cb, &stats, &sqerr, STATS_SQL ("encryptions", "time", "-"), + GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, iter->d, GPGSQL_ARG_END); @@ -1700,7 +1706,7 @@ ask_about_binding (ctrl_t ctrl, } if (record_binding (dbs, fingerprint, email, user_id, - *policy, 0)) + *policy, 0, now)) { /* If there's an error registering the * binding, don't save the signature. */ @@ -1990,7 +1996,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email) static enum tofu_policy get_trust (ctrl_t ctrl, PKT_public_key *pk, const char *fingerprint, const char *email, - const char *user_id, int may_ask) + const char *user_id, int may_ask, time_t now) { tofu_dbs_t dbs = ctrl->tofu.dbs; int in_transaction = 0; @@ -2038,7 +2044,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, if (policy == TOFU_POLICY_NONE) { if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_AUTO, 0) != 0) + TOFU_POLICY_AUTO, 0, now) != 0) { log_error (_("error setting TOFU binding's trust level" " to %s\n"), "auto"); @@ -2142,7 +2148,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, fingerprint, email); if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_AUTO, 0) != 0) + TOFU_POLICY_AUTO, 0, now) != 0) { log_error (_("error setting TOFU binding's trust level to %s\n"), "auto"); @@ -2171,7 +2177,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, fingerprint, email); if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_AUTO, 0) != 0) + TOFU_POLICY_AUTO, 0, now) != 0) log_error (_("error setting TOFU binding's trust level to %s\n"), "auto"); @@ -2193,7 +2199,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, log_assert (policy == TOFU_POLICY_NONE); if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_ASK, 0) != 0) + TOFU_POLICY_ASK, 0, now) != 0) log_error (_("error setting TOFU binding's trust level to %s\n"), "ask"); @@ -2212,7 +2218,8 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, conflict_set, fingerprint, email, - user_id); + user_id, + now); out: @@ -2457,9 +2464,8 @@ write_stats_status (estream_t fp, static int show_statistics (tofu_dbs_t dbs, const char *fingerprint, const char *email, const char *user_id, - estream_t outfp) + estream_t outfp, time_t now) { - unsigned long now = gnupg_get_time (); enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL); char *fingerprint_pp; @@ -2748,6 +2754,7 @@ tofu_register_signature (ctrl_t ctrl, const byte *sig_digest_bin, int sig_digest_bin_len, time_t sig_time, const char *origin) { + time_t now = gnupg_get_time (); gpg_error_t rc; tofu_dbs_t dbs; char *fingerprint = NULL; @@ -2792,7 +2799,7 @@ tofu_register_signature (ctrl_t ctrl, /* Make sure the binding exists and record any TOFU conflicts. */ - if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0) + if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0, now) == _tofu_GET_TRUST_ERROR) { rc = gpg_error (GPG_ERR_GENERAL); @@ -2861,10 +2868,11 @@ tofu_register_signature (ctrl_t ctrl, " values\n" " ((select oid from bindings\n" " where fingerprint = ? and email = ?),\n" - " ?, ?, ?, strftime('%s', 'now'));", + " ?, ?, ?, ?);", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, sig_digest, GPGSQL_ARG_STRING, origin, GPGSQL_ARG_LONG_LONG, (long long) sig_time, + GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_END); if (rc) { @@ -2896,6 +2904,7 @@ tofu_register_encryption (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, int may_ask) { + time_t now = gnupg_get_time (); gpg_error_t rc = 0; tofu_dbs_t dbs; kbnode_t kb = NULL; @@ -2956,7 +2965,7 @@ tofu_register_encryption (ctrl_t ctrl, /* Make sure the binding exists and that we recognize any conflicts. */ int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, - may_ask); + may_ask, now); if (tl == _tofu_GET_TRUST_ERROR) { /* An error. */ @@ -2971,8 +2980,9 @@ tofu_register_encryption (ctrl_t ctrl, " values\n" " ((select oid from bindings\n" " where fingerprint = ? and email = ?),\n" - " strftime('%s', 'now'));", + " ?);", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, + GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_END); if (rc) { @@ -3067,6 +3077,7 @@ gpg_error_t tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, const char *user_id) { + time_t now = gnupg_get_time (); gpg_error_t err; tofu_dbs_t dbs; char *fingerprint; @@ -3086,7 +3097,7 @@ tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, fingerprint = hexfingerprint (pk, NULL, 0); email = email_from_user_id (user_id); - show_statistics (dbs, fingerprint, email, user_id, fp); + show_statistics (dbs, fingerprint, email, user_id, fp, now); xfree (email); xfree (fingerprint); @@ -3109,6 +3120,7 @@ int tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, int may_ask) { + time_t now = gnupg_get_time (); tofu_dbs_t dbs; char *fingerprint = NULL; strlist_t user_id; @@ -3136,7 +3148,8 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, /* Always call get_trust to make sure the binding is registered. */ - int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, may_ask); + int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, + may_ask, now); if (tl == _tofu_GET_TRUST_ERROR) { /* An error. */ @@ -3159,7 +3172,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED) need_warning |= - show_statistics (dbs, fingerprint, email, user_id->d, NULL); + show_statistics (dbs, fingerprint, email, user_id->d, NULL, now); if (tl == TRUST_NEVER) trust_level = TRUST_NEVER; @@ -3215,6 +3228,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, gpg_error_t tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) { + time_t now = gnupg_get_time (); tofu_dbs_t dbs; PKT_public_key *pk; char *fingerprint = NULL; @@ -3257,7 +3271,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) email = email_from_user_id (user_id->name); - record_binding (dbs, fingerprint, email, user_id->name, policy, 1); + record_binding (dbs, fingerprint, email, user_id->name, policy, 1, now); xfree (email); } ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 76 +++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 45 insertions(+), 31 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 7 11:02:58 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 07 Sep 2016 11:02:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-89-ga937eef Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a937eef2d4e80cd43095802176d3db5e7fd94008 (commit) from ee06b3f7889bd99c28ac68f4781bda77d67eed00 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a937eef2d4e80cd43095802176d3db5e7fd94008 Author: Neal H. Walfield Date: Wed Sep 7 11:02:51 2016 +0200 tests: Don't use --tofu-db-format. * tests/openpgp/tofu.scm: Remove use of --tofu-db-format, which is deprecated. -- Signed-off-by: Neal H. Walfield diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index 448c253..cf2b389 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -44,11 +44,10 @@ ;; passed to GPG. ;; ;; This function only supports keys with a single user id. -(define (getpolicy keyid format . args) +(define (getpolicy keyid . args) (let ((policy (list-ref (assoc "tfs" (gpg-with-colons - `(--tofu-db-format ,format - --trust-model=tofu --with-tofu-info + `(--trust-model=tofu --with-tofu-info , at args --list-keys ,keyid))) 5))) (unless (member policy '("auto" "good" "unknown" "bad" "ask")) @@ -59,8 +58,8 @@ ;; remaining arguments are simply passed to GPG. ;; ;; This function only supports keys with a single user id. -(define (checkpolicy keyid format expected-policy . args) - (let ((policy (apply getpolicy `(,keyid ,format , at args)))) +(define (checkpolicy keyid expected-policy . args) + (let ((policy (apply getpolicy `(,keyid , at args)))) (unless (string=? policy expected-policy) (error keyid ": Expected policy to be" expected-policy "but got" policy)))) @@ -69,11 +68,10 @@ ;; passed to GPG. ;; ;; This function only supports keys with a single user id. -(define (gettrust keyid format . args) +(define (gettrust keyid . args) (let ((trust (list-ref (assoc "pub" (gpg-with-colons - `(--tofu-db-format ,format - --trust-model=tofu + `(--trust-model=tofu , at args --list-keys ,keyid))) 1))) (unless (and (= 1 (string-length trust)) @@ -85,41 +83,40 @@ ;; remaining arguments are simply passed to GPG. ;; ;; This function only supports keys with a single user id. -(define (checktrust keyid format expected-trust . args) - (let ((trust (apply gettrust `(,keyid ,format , at args)))) +(define (checktrust keyid expected-trust . args) + (let ((trust (apply gettrust `(,keyid , at args)))) (unless (string=? trust expected-trust) (error keyid ": Expected trust to be" expected-trust "but got" trust)))) ;; Set key KEYID's policy to POLICY. Any remaining arguments are ;; passed as options to gpg. -(define (setpolicy keyid format policy . args) - (call-check `(, at GPG --tofu-db-format ,format - --trust-model=tofu , at args +(define (setpolicy keyid policy . args) + (call-check `(, at GPG --trust-model=tofu , at args --tofu-policy ,policy ,keyid))) (for-each-p - "Testing tofu db formats" - (lambda (format) + "Testing tofu db" + (lambda (1) ;; Carefully remove the TOFU db. (catch '() (unlink (string-append GNUPGHOME "/tofu.db"))) (catch '() (unlink-recursively (string-append GNUPGHOME "/tofu.d"))) ;; Verify a message. There should be no conflict and the trust ;; policy should be set to auto. - (call-check `(, at GPG --tofu-db-format ,format --trust-model=tofu + (call-check `(, at GPG --trust-model=tofu --verify ,(in-srcdir "tofu-2183839A-1.txt"))) - (checkpolicy "2183839A" format "auto") + (checkpolicy "2183839A" "auto") ;; Check default trust. - (checktrust "2183839A" format "m") + (checktrust "2183839A" "m") ;; Trust should be derived lazily. Thus, if the policy is set to ;; auto and we change --tofu-default-policy, then the trust should ;; change as well. Try it. - (checktrust "2183839A" format "f" '--tofu-default-policy=good) - (checktrust "2183839A" format "-" '--tofu-default-policy=unknown) - (checktrust "2183839A" format "n" '--tofu-default-policy=bad) + (checktrust "2183839A" "f" '--tofu-default-policy=good) + (checktrust "2183839A" "-" '--tofu-default-policy=unknown) + (checktrust "2183839A" "n" '--tofu-default-policy=bad) ;; Change the policy to something other than auto and make sure the ;; policy and the trust are correct. @@ -131,16 +128,16 @@ ((string=? "good" policy) "f") ((string=? "unknown" policy) "-") (else "n")))) - (setpolicy "2183839A" format policy) + (setpolicy "2183839A" policy) ;; Since we have a fixed policy, the trust level shouldn't ;; change if we change the default policy. (for-each-p "" (lambda (default-policy) - (checkpolicy "2183839A" format policy + (checkpolicy "2183839A" policy '--tofu-default-policy default-policy) - (checktrust "2183839A" format expected-trust + (checktrust "2183839A" expected-trust '--tofu-default-policy default-policy)) '("auto" "good" "unknown" "bad" "ask")))) '("good" "unknown" "bad")) @@ -148,20 +145,20 @@ ;; BC15C85A conflicts with 2183839A. On conflict, this will set ;; BC15C85A to ask. If 2183839A is auto (it's not, it's bad), then ;; it will be set to ask. - (call-check `(, at GPG --tofu-db-format ,format --trust-model=tofu + (call-check `(, at GPG --trust-model=tofu --verify ,(in-srcdir "tofu-BC15C85A-1.txt"))) - (checkpolicy "BC15C85A" format "ask") - (checkpolicy "2183839A" format "bad") + (checkpolicy "BC15C85A" "ask") + (checkpolicy "2183839A" "bad") ;; EE37CF96 conflicts with 2183839A and BC15C85A. We change ;; BC15C85A's policy to auto and leave 2183839A's policy at bad. ;; This conflict should cause BC15C85A's policy to be changed to ;; ask (since it is auto), but not affect 2183839A's policy. - (setpolicy "BC15C85A" format "auto") - (checkpolicy "BC15C85A" format "auto") - (call-check `(, at GPG --tofu-db-format ,format --trust-model=tofu + (setpolicy "BC15C85A" "auto") + (checkpolicy "BC15C85A" "auto") + (call-check `(, at GPG --trust-model=tofu --verify ,(in-srcdir "tofu-EE37CF96-1.txt"))) - (checkpolicy "BC15C85A" format "ask") - (checkpolicy "2183839A" format "bad") - (checkpolicy "EE37CF96" format "ask")) + (checkpolicy "BC15C85A" "ask") + (checkpolicy "2183839A" "bad") + (checkpolicy "EE37CF96" "ask")) '("flat")) ----------------------------------------------------------------------- Summary of changes: tests/openpgp/tofu.scm | 63 ++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 33 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 7 11:17:51 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 07 Sep 2016 11:17:51 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-90-gbde29a4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via bde29a46cedbbd2a5dfe7c91a6277c0a4ff50825 (commit) from a937eef2d4e80cd43095802176d3db5e7fd94008 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bde29a46cedbbd2a5dfe7c91a6277c0a4ff50825 Author: Neal H. Walfield Date: Wed Sep 7 11:17:47 2016 +0200 g10: Use the time a signature was seen, not the embedded time, for stats * g10/tofu.c (ask_about_binding): Use the time that a signature was seen, not allegedly generated, when generating statistics. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 5b20269..7cf3fc7 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1397,9 +1397,6 @@ ask_about_binding (ctrl_t ctrl, } /* Get the stats for all the keys in CONFLICT_SET. */ - /* FIXME: When generating the statistics, do we want the time - embedded in the signature (column 'sig_time') or the time that - we first verified the signature (column 'time'). */ strlist_rev (&conflict_set); for (iter = conflict_set; iter && ! rc; iter = iter->next) { @@ -1435,10 +1432,12 @@ ask_about_binding (ctrl_t ctrl, /* Make sure the current key is first. */ \ " order by time_ago desc;\n" + /* Use the time when we saw the signature, not when the + signature was created as that can be forged. */ rc = gpgsql_stepx (dbs->db, &dbs->s.get_trust_gather_signature_stats, signature_stats_collect_cb, &stats, &sqerr, - STATS_SQL ("signatures", "sig_time", ""), + STATS_SQL ("signatures", "time", ""), GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, iter->d, ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 7 12:39:44 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 07 Sep 2016 12:39:44 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-91-g6308c30 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6308c300196ae85fd82ed383217219e0206640a4 (commit) from bde29a46cedbbd2a5dfe7c91a6277c0a4ff50825 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6308c300196ae85fd82ed383217219e0206640a4 Author: Werner Koch Date: Wed Sep 7 12:36:48 2016 +0200 dirmngr: Terminate on deletion of the socket file (Linux only). * dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h. (oDisableCheckOwnSocket): New. (opts): Add --disable-check-own-socket. (disable_check_own_socket): New var. (parse_rereadable_options): Set that var. (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New. (handle_connections) [HAVE_INOTIFY_INIT]: New. Signed-off-by: Werner Koch diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 7f989a5..499115f 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -39,6 +39,9 @@ #ifdef HAVE_SIGNAL_H # include #endif +#ifdef HAVE_INOTIFY_INIT +# include +#endif /*HAVE_INOTIFY_INIT*/ #include #include "dirmngr-err.h" @@ -134,6 +137,7 @@ enum cmd_and_opt_values { oUseTor, oKeyServer, oNameServer, + oDisableCheckOwnSocket, aTest }; @@ -218,6 +222,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_i (oGnutlsDebug, "gnutls-debug", "@"), ARGPARSE_s_i (oGnutlsDebug, "tls-debug", "@"), ARGPARSE_s_i (oDebugWait, "debug-wait", "@"), + ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"), ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"), ARGPARSE_s_s (oHomedir, "homedir", "@"), ARGPARSE_s_s (oLDAPWrapperProgram, "ldap-wrapper-program", "@"), @@ -274,6 +279,9 @@ static int opt_gnutls_debug = -1; /* Flag indicating that a shutdown has been requested. */ static volatile int shutdown_pending; +/* Flags to indicate that we shall not watch our own socket. */ +static int disable_check_own_socket; + /* Counter for the active connections. */ static int active_connections; @@ -528,6 +536,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) http_register_tls_ca (NULL); FREE_STRLIST (opt.keyserver); /* Note: We do not allow resetting of opt.use_tor at runtime. */ + disable_check_own_socket = 0; return 1; } @@ -554,6 +563,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) } break; + case oDisableCheckOwnSocket: disable_check_own_socket = 1; break; + case oLDAPWrapperProgram: opt.ldap_wrapper_program = pargs->r.ret_str; break; @@ -1840,6 +1851,35 @@ start_connection_thread (void *arg) } +#ifdef HAVE_INOTIFY_INIT +/* Read an inotify event and return true if it matches NAME. */ +static int +my_inotify_is_name (int fd, const char *name) +{ + union { + struct inotify_event ev; + char _buf[sizeof (struct inotify_event) + 100 + 1]; + } buf; + int n; + const char *s; + + s = strrchr (name, '/'); + if (s && s[1]) + name = s + 1; + + n = npth_read (fd, &buf, sizeof buf); + if (n < sizeof (struct inotify_event)) + return 0; + if (buf.ev.len < strlen (name)+1) + return 0; + if (strcmp (buf.ev.name, name)) + return 0; /* Not the desired file. */ + + return 1; /* Found. */ +} +#endif /*HAVE_INOTIFY_INIT*/ + + /* Main loop in daemon mode. */ static void handle_connections (assuan_fd_t listen_fd) @@ -1857,6 +1897,9 @@ handle_connections (assuan_fd_t listen_fd) struct timespec curtime; struct timespec timeout; int saved_errno; +#ifdef HAVE_INOTIFY_INIT + int my_inotify_fd; +#endif /*HAVE_INOTIFY_INIT*/ npth_attr_init (&tattr); npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED); @@ -1871,12 +1914,43 @@ handle_connections (assuan_fd_t listen_fd) npth_sigev_fini (); #endif +#ifdef HAVE_INOTIFY_INIT + if (disable_check_own_socket) + my_inotify_fd = -1; + else if ((my_inotify_fd = inotify_init ()) == -1) + log_info ("error enabling fast daemon termination: %s\n", + strerror (errno)); + else + { + /* We need to watch the directory for the file because there + * won't be an IN_DELETE_SELF for a socket file. */ + char *slash = strrchr (socket_name, '/'); + log_assert (slash && slash[1]); + *slash = 0; + if (inotify_add_watch (my_inotify_fd, socket_name, IN_DELETE) == -1) + { + close (my_inotify_fd); + my_inotify_fd = -1; + } + *slash = '/'; + } +#endif /*HAVE_INOTIFY_INIT*/ + + /* Setup the fdset. It has only one member. This is because we use pth_select instead of pth_accept to properly sync timeouts with to full second. */ FD_ZERO (&fdset); FD_SET (FD2INT (listen_fd), &fdset); nfd = FD2INT (listen_fd); +#ifdef HAVE_INOTIFY_INIT + if (my_inotify_fd != -1) + { + FD_SET (my_inotify_fd, &fdset); + if (my_inotify_fd > nfd) + nfd = my_inotify_fd; + } +#endif /*HAVE_INOTIFY_INIT*/ npth_clock_gettime (&abstime); abstime.tv_sec += TIMERTICK_INTERVAL; @@ -1928,11 +2002,28 @@ handle_connections (assuan_fd_t listen_fd) } if (ret <= 0) - /* Interrupt or timeout. Will be handled when calculating the - next timeout. */ - continue; + { + /* Interrupt or timeout. Will be handled when calculating the + next timeout. */ + continue; + } + + if (shutdown_pending) + { + /* Do not anymore accept connections. */ + continue; + } + +#ifdef HAVE_INOTIFY_INIT + if (my_inotify_fd != -1 && FD_ISSET (my_inotify_fd, &read_fdset) + && my_inotify_is_name (my_inotify_fd, socket_name)) + { + shutdown_pending = 1; + log_info ("socket file has been removed - shutting down\n"); + } +#endif /*HAVE_INOTIFY_INIT*/ - if (!shutdown_pending && FD_ISSET (FD2INT (listen_fd), &read_fdset)) + if (FD_ISSET (FD2INT (listen_fd), &read_fdset)) { plen = sizeof paddr; fd = INT2FD (npth_accept (FD2INT(listen_fd), @@ -1967,6 +2058,10 @@ handle_connections (assuan_fd_t listen_fd) } } +#ifdef HAVE_INOTIFY_INIT + if (my_inotify_fd != -1) + close (my_inotify_fd); +#endif /*HAVE_INOTIFY_INIT*/ npth_attr_destroy (&tattr); cleanup (); log_info ("%s %s stopped\n", strusage(11), strusage(13)); diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index b6b70ea..d442103 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -214,6 +214,12 @@ When running in server mode, wait @var{n} seconds before entering the actual processing loop and print the pid. This gives time to attach a debugger. + at item --disable-check-own-socket + at opindex disable-check-own-socket +On some platforms @command{dirmngr} is able to detect the removal of +its socket file and shutdown itself. This option disable this +self-test for debugging purposes. + @item -s @itemx --sh @itemx -c ----------------------------------------------------------------------- Summary of changes: dirmngr/dirmngr.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++--- doc/dirmngr.texi | 6 ++++ 2 files changed, 105 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 8 00:48:59 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 08 Sep 2016 00:48:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-92-gbbe940c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via bbe940c095f2bca7a1ca5f8e68ca1af98350a885 (commit) from 6308c300196ae85fd82ed383217219e0206640a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bbe940c095f2bca7a1ca5f8e68ca1af98350a885 Author: Werner Koch Date: Thu Sep 8 00:45:45 2016 +0200 gpg: Make --output work with --verify. * g10/mainproc.c (proc_plaintext): Handle opt.output. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 8864a0a..74977c5 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3438,13 +3438,15 @@ show fingerprint @item gpg --verify @code{pgpfile} @itemx gpg --verify @code{sigfile} -Verify the signature of the file but do not output the data. The -second form is used for detached signatures, where @code{sigfile} -is the detached signature (either ASCII armored or binary) and -are the signed data; if this is not given, the name of -the file holding the signed data is constructed by cutting off the -extension (".asc" or ".sig") of @code{sigfile} or by asking the -user for the filename. +Verify the signature of the file but do not output the data unless +requested. The second form is used for detached signatures, where + at code{sigfile} is the detached signature (either ASCII armored or +binary) and are the signed data; if this is not given, the name of the +file holding the signed data is constructed by cutting off the +extension (".asc" or ".sig") of @code{sigfile} or by asking the user +for the filename. If the option @option{--output} is also used the +signed data is written to the file specified by that option; use + at code{-} to write the signed data to stdout. @end table diff --git a/g10/mainproc.c b/g10/mainproc.c index 7bb4350..929e18a 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -757,7 +757,12 @@ proc_plaintext( CTX c, PACKET *pkt ) if (!rc) { - rc = handle_plaintext (pt, &c->mfx, c->sigs_only, clearsig); + /* It we are in --verify mode, we do not want to output the + * signed text. However, if --output is also used we do what + * has been requested and write out the signed data. */ + rc = handle_plaintext (pt, &c->mfx, + (opt.outfp || opt.outfile)? 0 : c->sigs_only, + clearsig); if (gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only) { /* Can't write output but we hash it anyway to check the ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 16 +++++++++------- g10/mainproc.c | 7 ++++++- 2 files changed, 15 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 8 11:00:31 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 08 Sep 2016 11:00:31 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-93-ga8363b7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a8363b7d0bcc77b55226d5fe8f972214c968ddc3 (commit) from bbe940c095f2bca7a1ca5f8e68ca1af98350a885 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a8363b7d0bcc77b55226d5fe8f972214c968ddc3 Author: Werner Koch Date: Thu Sep 8 10:50:51 2016 +0200 gpg: Add options --output and --yes to gpgv. * g10/gpgv.c (oOutput, oAnswerYes): New. (opts): Add --output and --yes. (main): Implement options. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 74977c5..5889c2f 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2153,7 +2153,8 @@ Assume the input data is not in ASCII armored format. @item --output @var{file} @itemx -o @var{file} @opindex output -Write output to @var{file}. +Write output to @var{file}. To write to stdout use @code{-} as the +filename. @item --max-output @code{n} @opindex max-output diff --git a/doc/gpgv.texi b/doc/gpgv.texi index 1d9a81e..6676bde 100644 --- a/doc/gpgv.texi +++ b/doc/gpgv.texi @@ -92,6 +92,16 @@ are replaced by the HOME directory. If the filename does not contain a slash, it is assumed to be in the home-directory ("~/.gnupg" if --homedir is not used). + at item --output @var{file} + at itemx -o @var{file} + at opindex output +Write output to @var{file}. This option can be used to get the signed +text from a cleartext or binary signature; it also works for detached +signatures, but in that case this option is in general not +useful. Unless you write to stdout (using @code{-} for @var{file}) you +should also use the option @option{--yes} to force overwriting an +existing file. + @item --status-fd @var{n} @opindex status-fd Write special status strings to the file descriptor @var{n}. See the diff --git a/g10/gpgv.c b/g10/gpgv.c index 1f2cecb..aa1fcea 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -55,6 +55,7 @@ enum cmd_and_opt_values { aNull = 0, oQuiet = 'q', oVerbose = 'v', + oOutput = 'o', oBatch = 500, oKeyring, oIgnoreTimeConflict, @@ -62,6 +63,8 @@ enum cmd_and_opt_values { oLoggerFD, oHomedir, oWeakDigest, + oAnswerYes, + oAnswerNo, aTest }; @@ -73,6 +76,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), ARGPARSE_s_s (oKeyring, "keyring", N_("|FILE|take the keys from the keyring FILE")), + ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")), ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", N_("make timestamp conflicts only a warning")), ARGPARSE_s_i (oStatusFD, "status-fd", @@ -81,6 +85,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oHomedir, "homedir", "@"), ARGPARSE_s_s (oWeakDigest, "weak-digest", N_("|ALGO|reject signatures made with ALGO")), + ARGPARSE_s_n (oAnswerYes, "yes", "@"), ARGPARSE_end () }; @@ -188,6 +193,8 @@ main( int argc, char **argv ) gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); break; case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break; + case oOutput: opt.outfile = pargs.r.ret_str; break; + case oAnswerYes: opt.answer_yes = 1; break; case oStatusFD: set_status_fd( pargs.r.ret_int ); break; case oLoggerFD: log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1)); ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 3 ++- doc/gpgv.texi | 10 ++++++++++ g10/gpgv.c | 7 +++++++ 3 files changed, 19 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 8 14:37:43 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 08 Sep 2016 14:37:43 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-94-g30a9f53 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 30a9f53a0f2af6b98c26b8ddc0b4b87c38416f2a (commit) from a8363b7d0bcc77b55226d5fe8f972214c968ddc3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 30a9f53a0f2af6b98c26b8ddc0b4b87c38416f2a Author: Werner Koch Date: Thu Sep 8 14:34:07 2016 +0200 gpg: Remove option --yes from gpgv * g10/gpgv.c (opts): Remove --yes. (main): Always set opt.ANSWER_YES. Signed-off-by: Werner Koch diff --git a/doc/gpgv.texi b/doc/gpgv.texi index 6676bde..9a74c27 100644 --- a/doc/gpgv.texi +++ b/doc/gpgv.texi @@ -95,12 +95,12 @@ home-directory ("~/.gnupg" if --homedir is not used). @item --output @var{file} @itemx -o @var{file} @opindex output -Write output to @var{file}. This option can be used to get the signed -text from a cleartext or binary signature; it also works for detached -signatures, but in that case this option is in general not -useful. Unless you write to stdout (using @code{-} for @var{file}) you -should also use the option @option{--yes} to force overwriting an -existing file. +Write output to @var{file}; to write to stdout use @code{-}. This +option can be used to get the signed text from a cleartext or binary +signature; it also works for detached signatures, but in that case +this option is in general not useful. Note that an existing file will +be overwritten. + @item --status-fd @var{n} @opindex status-fd diff --git a/g10/gpgv.c b/g10/gpgv.c index aa1fcea..2f34e72 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -63,8 +63,6 @@ enum cmd_and_opt_values { oLoggerFD, oHomedir, oWeakDigest, - oAnswerYes, - oAnswerNo, aTest }; @@ -85,7 +83,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oHomedir, "homedir", "@"), ARGPARSE_s_s (oWeakDigest, "weak-digest", N_("|ALGO|reject signatures made with ALGO")), - ARGPARSE_s_n (oAnswerYes, "yes", "@"), ARGPARSE_end () }; @@ -170,6 +167,7 @@ main( int argc, char **argv ) opt.no_sig_cache = 1; opt.flags.require_cross_cert = 1; opt.batch = 1; + opt.answer_yes = 1; opt.weak_digests = NULL; @@ -194,7 +192,6 @@ main( int argc, char **argv ) break; case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break; case oOutput: opt.outfile = pargs.r.ret_str; break; - case oAnswerYes: opt.answer_yes = 1; break; case oStatusFD: set_status_fd( pargs.r.ret_int ); break; case oLoggerFD: log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1)); ----------------------------------------------------------------------- Summary of changes: doc/gpgv.texi | 12 ++++++------ g10/gpgv.c | 5 +---- 2 files changed, 7 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 9 08:41:59 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Fri, 09 Sep 2016 08:41:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-95-gd757009 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d757009a24eb856770fc3a3729e2f21f54d2a618 (commit) from 30a9f53a0f2af6b98c26b8ddc0b4b87c38416f2a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d757009a24eb856770fc3a3729e2f21f54d2a618 Author: Daniel Kahn Gillmor Date: Thu Sep 8 14:47:04 2016 +0200 gpg: print fingerprint regardless of keyid-format * g10/keylist.c (print_fingerprint): use compact format independent of keyid-format; (print_key_line): always print the fingerprint -- The choice of fingerprint display should be independent of the keyid-format. Currently, the representation of the fingerprint changes depending on whether the user has specified --keyid-format to anything besides "none". (this is common, for example, if someone happens to have "keyid-format long" in their gpg.conf for interoperability with older versions of gpg) With this changeset, keyid-format governs only the format of the displayed keyID, while the fingerprint display is governed only by the fingerprint options: [default]:: compact fpr of pubkey only --with-fingerprint:: human-readable form of fpr of pubkey only --with-fingerprint --with-fingerprint:: human-readable form of pubkey and subkey --with-subkey-fingerprint: compact fpr for pubkey and subkeys Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/keylist.c b/g10/keylist.c index a34ef64..dea9b17 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1677,7 +1677,7 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) } if (!opt.fingerprint && !opt.with_fingerprint - && opt.with_subkey_fingerprint && opt.keyid_format == KF_NONE) + && opt.with_subkey_fingerprint) compact = 1; if (pk->main_keyid[0] == pk->keyid[0] @@ -1869,7 +1869,10 @@ print_key_line (estream_t fp, PKT_public_key *pk, int secret) tty_fprintf (fp, "\n"); - if (pk->flags.primary && opt.keyid_format == KF_NONE) + /* if the user hasn't explicitly asked for human-readable + fingerprints, show compact fpr of primary key: */ + if (pk->flags.primary && + !opt.fingerprint && !opt.with_fingerprint) print_fingerprint (fp, pk, 20); } ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Sep 10 20:09:12 2016 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Sat, 10 Sep 2016 20:09:12 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-97-geddcba0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via eddcba038025cdbd58aaf67cafd6d83f0ea042d5 (commit) via 937ec53eff290c3d916faebc23218c9272671c02 (commit) from d757009a24eb856770fc3a3729e2f21f54d2a618 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eddcba038025cdbd58aaf67cafd6d83f0ea042d5 Author: Ben Kibbey Date: Sat Sep 10 13:42:09 2016 -0400 Portability build fix. * kbx/Makefile.am: Add NETLIBS. * dirmngr/Makefile.am: Ditto for dirmngr_ldap. -- Fixes OpenIndiana (Solaris) builds. Signed-off-by: Ben Kibbey diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 6b0a1e1..b7bc21d 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -95,7 +95,7 @@ dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) dirmngr_ldap_LDFLAGS = dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o \ $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(LDAPLIBS) \ - $(LBER_LIBS) $(LIBINTL) $(LIBICONV) + $(LBER_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) endif dirmngr_client_SOURCES = dirmngr-client.c diff --git a/kbx/Makefile.am b/kbx/Makefile.am index 95138e0..912dd76 100644 --- a/kbx/Makefile.am +++ b/kbx/Makefile.am @@ -61,6 +61,7 @@ kbxutil_SOURCES = kbxutil.c $(common_sources) kbxutil_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1 kbxutil_LDADD = ../common/libcommon.a \ $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(extra_libs) \ - $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) + $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) \ + $(NETLIBS) $(PROGRAMS) : ../common/libcommon.a commit 937ec53eff290c3d916faebc23218c9272671c02 Author: Ben Kibbey Date: Sat Sep 10 13:42:09 2016 -0400 Fix symbol conflict. * g10/gpgcompose.c: Rename struct siginfo to signinfo. -- Fixes android-ndk and OpenIndiana (Solaris) builds. Signed-off-by: Ben Kibbey diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c index e3bb013..6c44e32 100644 --- a/g10/gpgcompose.c +++ b/g10/gpgcompose.c @@ -710,7 +710,7 @@ public_key (const char *option, int argc, char *argv[], void *cookie) return processed; } -struct siginfo +struct signinfo { /* Key with which to sign. */ kbnode_t issuer_kb; @@ -789,7 +789,7 @@ sig_issuer (const char *option, int argc, char *argv[], void *cookie) gpg_error_t err; KEYDB_HANDLE hd; KEYDB_SEARCH_DESC desc; - struct siginfo *si = cookie; + struct signinfo *si = cookie; if (argc == 0) log_fatal ("Usage: %s KEYID\n", option); @@ -824,7 +824,7 @@ sig_issuer_keyid (const char *option, int argc, char *argv[], void *cookie) { gpg_error_t err; KEYDB_SEARCH_DESC desc; - struct siginfo *si = cookie; + struct signinfo *si = cookie; if (argc == 0) log_fatal ("Usage: %s KEYID|self\n", option); @@ -853,7 +853,7 @@ sig_issuer_keyid (const char *option, int argc, char *argv[], void *cookie) static int sig_pk (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int i; char *tail = NULL; @@ -893,7 +893,7 @@ sig_pk (const char *option, int argc, char *argv[], void *cookie) static int sig_user_id (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int i; char *tail = NULL; @@ -922,7 +922,7 @@ sig_user_id (const char *option, int argc, char *argv[], void *cookie) static int sig_class (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int i; char *tail = NULL; @@ -942,7 +942,7 @@ sig_class (const char *option, int argc, char *argv[], void *cookie) static int sig_digest (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int i; char *tail = NULL; @@ -962,7 +962,7 @@ sig_digest (const char *option, int argc, char *argv[], void *cookie) static int sig_timestamp (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; char *tail = NULL; if (argc == 0) @@ -979,7 +979,7 @@ sig_timestamp (const char *option, int argc, char *argv[], void *cookie) static int sig_expiration (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int is_expiration = strcmp (option, "--expiration") == 0; u32 *i = is_expiration ? &si->expiration : &si->key_expiration; @@ -999,7 +999,7 @@ sig_expiration (const char *option, int argc, char *argv[], void *cookie) static int sig_int_list (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int nvalues = 1; char *values = xmalloc (nvalues * sizeof (values[0])); char *tail = argv[0]; @@ -1069,7 +1069,7 @@ sig_int_list (const char *option, int argc, char *argv[], void *cookie) static int sig_flag (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int range[2] = {0, 255}; char *tail; int v; @@ -1115,7 +1115,7 @@ sig_flag (const char *option, int argc, char *argv[], void *cookie) static int sig_trust_level (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int i; char *tail; @@ -1143,7 +1143,7 @@ sig_trust_level (const char *option, int argc, char *argv[], void *cookie) static int sig_string_arg (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; char *p = argv[0]; char **s; @@ -1173,7 +1173,7 @@ static int sig_revocation_key (const char *option, int argc, char *argv[], void *cookie) { gpg_error_t err; - struct siginfo *si = cookie; + struct signinfo *si = cookie; int v; char *tail; PKT_public_key pk; @@ -1213,7 +1213,7 @@ sig_revocation_key (const char *option, int argc, char *argv[], void *cookie) static int sig_notation (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int is_blob = strcmp (option, "--notation") != 0; struct notation *notation; char *p = argv[0]; @@ -1330,7 +1330,7 @@ sig_notation (const char *option, int argc, char *argv[], void *cookie) static int sig_big_endian_arg (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; char *p = argv[0]; int i; int l; @@ -1385,7 +1385,7 @@ sig_big_endian_arg (const char *option, int argc, char *argv[], void *cookie) static int sig_reason_for_revocation (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int v; char *tail; @@ -1410,7 +1410,7 @@ sig_reason_for_revocation (const char *option, int argc, char *argv[], void *coo static int sig_corrupt (const char *option, int argc, char *argv[], void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; (void) option; (void) argc; @@ -1560,7 +1560,7 @@ static struct option sig_options[] = { static int mksubpkt_callback (PKT_signature *sig, void *cookie) { - struct siginfo *si = cookie; + struct signinfo *si = cookie; int i; if (si->key_expiration) @@ -1675,7 +1675,7 @@ signature (const char *option, int argc, char *argv[], void *cookie) { gpg_error_t err; iobuf_t out = cookie; - struct siginfo si; + struct signinfo si; int processed; PKT_public_key *pk; PKT_signature *sig; ----------------------------------------------------------------------- Summary of changes: dirmngr/Makefile.am | 2 +- g10/gpgcompose.c | 40 ++++++++++++++++++++-------------------- kbx/Makefile.am | 3 ++- 3 files changed, 23 insertions(+), 22 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Sep 11 17:31:25 2016 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 11 Sep 2016 17:31:25 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-8-g5418d9c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5418d9ca4c0e087fd6872ad350a996fe74880d86 (commit) via de73a2e7237ba7c34ce48bb5fb671aa3993de832 (commit) from 4cd8d40d698564d24ece2af24546e34c58bf2961 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5418d9ca4c0e087fd6872ad350a996fe74880d86 Author: Jussi Kivilinna Date: Wed Apr 27 18:18:54 2016 +0300 Add Aarch64 assembly implementation of Twofish * cipher/Makefile.am: Add 'twofish-aarch64.S'. * cipher/twofish-aarch64.S: New. * cipher/twofish.c: Enable USE_ARM_ASM if __AARCH64EL__ and HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined. * configure.ac [host=aarch64]: Add 'twofish-aarch64.lo'. -- Patch adds ARMv8/Aarch64 implementation of Twofish. Benchmark on Cortex-A53 (1152 Mhz): Before: TWOFISH | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 27.51 ns/B 34.67 MiB/s 31.69 c/B ECB dec | 26.37 ns/B 36.17 MiB/s 30.38 c/B CBC enc | 28.64 ns/B 33.29 MiB/s 33.00 c/B CBC dec | 26.21 ns/B 36.39 MiB/s 30.19 c/B CFB enc | 28.54 ns/B 33.42 MiB/s 32.88 c/B CFB dec | 27.40 ns/B 34.81 MiB/s 31.56 c/B OFB enc | 28.38 ns/B 33.61 MiB/s 32.69 c/B OFB dec | 28.37 ns/B 33.61 MiB/s 32.69 c/B CTR enc | 27.57 ns/B 34.60 MiB/s 31.76 c/B CTR dec | 27.57 ns/B 34.60 MiB/s 31.76 c/B CCM enc | 55.28 ns/B 17.25 MiB/s 63.69 c/B CCM dec | 55.29 ns/B 17.25 MiB/s 63.70 c/B CCM auth | 27.83 ns/B 34.27 MiB/s 32.06 c/B GCM enc | 28.86 ns/B 33.04 MiB/s 33.25 c/B GCM dec | 28.87 ns/B 33.04 MiB/s 33.25 c/B GCM auth | 1.30 ns/B 731.9 MiB/s 1.50 c/B OCB enc | 29.69 ns/B 32.12 MiB/s 34.20 c/B OCB dec | 28.50 ns/B 33.47 MiB/s 32.83 c/B OCB auth | 29.04 ns/B 32.84 MiB/s 33.45 c/B = After (~1.3x faster): TWOFISH | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 19.97 ns/B 47.77 MiB/s 23.00 c/B ECB dec | 18.29 ns/B 52.16 MiB/s 21.06 c/B CBC enc | 20.94 ns/B 45.54 MiB/s 24.13 c/B CBC dec | 18.34 ns/B 52.00 MiB/s 21.13 c/B CFB enc | 20.83 ns/B 45.77 MiB/s 24.00 c/B CFB dec | 19.97 ns/B 47.76 MiB/s 23.00 c/B OFB enc | 20.94 ns/B 45.54 MiB/s 24.13 c/B OFB dec | 20.94 ns/B 45.54 MiB/s 24.13 c/B CTR enc | 20.19 ns/B 47.24 MiB/s 23.26 c/B CTR dec | 20.19 ns/B 47.24 MiB/s 23.26 c/B CCM enc | 40.53 ns/B 23.53 MiB/s 46.69 c/B CCM dec | 40.53 ns/B 23.53 MiB/s 46.69 c/B CCM auth | 20.40 ns/B 46.74 MiB/s 23.50 c/B GCM enc | 21.49 ns/B 44.39 MiB/s 24.75 c/B GCM dec | 21.48 ns/B 44.39 MiB/s 24.75 c/B GCM auth | 1.30 ns/B 731.8 MiB/s 1.50 c/B OCB enc | 22.15 ns/B 43.05 MiB/s 25.52 c/B OCB dec | 20.47 ns/B 46.58 MiB/s 23.59 c/B OCB auth | 21.64 ns/B 44.07 MiB/s 24.93 c/B = Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 305a3b9..ac0ec58 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -99,7 +99,7 @@ keccak.c keccak_permute_32.h keccak_permute_64.h keccak-armv7-neon.S \ stribog.c \ tiger.c \ whirlpool.c whirlpool-sse2-amd64.S \ -twofish.c twofish-amd64.S twofish-arm.S \ +twofish.c twofish-amd64.S twofish-arm.S twofish-aarch64.S \ rfc2268.c \ camellia.c camellia.h camellia-glue.c camellia-aesni-avx-amd64.S \ camellia-aesni-avx2-amd64.S camellia-arm.S camellia-aarch64.S diff --git a/cipher/twofish-aarch64.S b/cipher/twofish-aarch64.S new file mode 100644 index 0000000..99c4675 --- /dev/null +++ b/cipher/twofish-aarch64.S @@ -0,0 +1,317 @@ +/* twofish-aarch64.S - ARMv8/AArch64 assembly implementation of Twofish cipher + * + * Copyright (C) 2016 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include + +#if defined(__AARCH64EL__) +#ifdef HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS + +.text + +/* structure of TWOFISH_context: */ +#define s0 0 +#define s1 ((s0) + 4 * 256) +#define s2 ((s1) + 4 * 256) +#define s3 ((s2) + 4 * 256) +#define w ((s3) + 4 * 256) +#define k ((w) + 4 * 8) + +/* register macros */ +#define CTX x0 +#define RDST x1 +#define RSRC x2 +#define CTXs0 CTX +#define CTXs1 x3 +#define CTXs2 x4 +#define CTXs3 x5 +#define CTXw x17 + +#define RA w6 +#define RB w7 +#define RC w8 +#define RD w9 + +#define RX w10 +#define RY w11 + +#define xRX x10 +#define xRY x11 + +#define RMASK w12 + +#define RT0 w13 +#define RT1 w14 +#define RT2 w15 +#define RT3 w16 + +#define xRT0 x13 +#define xRT1 x14 +#define xRT2 x15 +#define xRT3 x16 + +/* helper macros */ +#ifndef __AARCH64EL__ + /* bswap on big-endian */ + #define host_to_le(reg) \ + rev reg, reg; + #define le_to_host(reg) \ + rev reg, reg; +#else + /* nop on little-endian */ + #define host_to_le(reg) /*_*/ + #define le_to_host(reg) /*_*/ +#endif + +#define ldr_input_aligned_le(rin, a, b, c, d) \ + ldr a, [rin, #0]; \ + ldr b, [rin, #4]; \ + le_to_host(a); \ + ldr c, [rin, #8]; \ + le_to_host(b); \ + ldr d, [rin, #12]; \ + le_to_host(c); \ + le_to_host(d); + +#define str_output_aligned_le(rout, a, b, c, d) \ + le_to_host(a); \ + le_to_host(b); \ + str a, [rout, #0]; \ + le_to_host(c); \ + str b, [rout, #4]; \ + le_to_host(d); \ + str c, [rout, #8]; \ + str d, [rout, #12]; + +/* unaligned word reads/writes allowed */ +#define ldr_input_le(rin, ra, rb, rc, rd, rtmp) \ + ldr_input_aligned_le(rin, ra, rb, rc, rd) + +#define str_output_le(rout, ra, rb, rc, rd, rtmp0, rtmp1) \ + str_output_aligned_le(rout, ra, rb, rc, rd) + +/********************************************************************** + 1-way twofish + **********************************************************************/ +#define encrypt_round(a, b, rc, rd, n, ror_a, adj_a) \ + and RT0, RMASK, b, lsr#(8 - 2); \ + and RY, RMASK, b, lsr#(16 - 2); \ + and RT1, RMASK, b, lsr#(24 - 2); \ + ldr RY, [CTXs3, xRY]; \ + and RT2, RMASK, b, lsl#(2); \ + ldr RT0, [CTXs2, xRT0]; \ + and RT3, RMASK, a, lsr#(16 - 2 + (adj_a)); \ + ldr RT1, [CTXs0, xRT1]; \ + and RX, RMASK, a, lsr#(8 - 2 + (adj_a)); \ + ldr RT2, [CTXs1, xRT2]; \ + ldr RX, [CTXs1, xRX]; \ + ror_a(a); \ + \ + eor RY, RY, RT0; \ + ldr RT3, [CTXs2, xRT3]; \ + and RT0, RMASK, a, lsl#(2); \ + eor RY, RY, RT1; \ + and RT1, RMASK, a, lsr#(24 - 2); \ + eor RY, RY, RT2; \ + ldr RT0, [CTXs0, xRT0]; \ + eor RX, RX, RT3; \ + ldr RT1, [CTXs3, xRT1]; \ + eor RX, RX, RT0; \ + \ + ldr RT3, [CTXs3, #(k - s3 + 8 * (n) + 4)]; \ + eor RX, RX, RT1; \ + ldr RT2, [CTXs3, #(k - s3 + 8 * (n))]; \ + \ + add RT0, RX, RY, lsl #1; \ + add RX, RX, RY; \ + add RT0, RT0, RT3; \ + add RX, RX, RT2; \ + eor rd, RT0, rd, ror #31; \ + eor rc, rc, RX; + +#define dummy(x) /*_*/ + +#define ror1(r) \ + ror r, r, #1; + +#define decrypt_round(a, b, rc, rd, n, ror_b, adj_b) \ + and RT3, RMASK, b, lsl#(2 - (adj_b)); \ + and RT1, RMASK, b, lsr#(8 - 2 + (adj_b)); \ + ror_b(b); \ + and RT2, RMASK, a, lsl#(2); \ + and RT0, RMASK, a, lsr#(8 - 2); \ + \ + ldr RY, [CTXs1, xRT3]; \ + ldr RX, [CTXs0, xRT2]; \ + and RT3, RMASK, b, lsr#(16 - 2); \ + ldr RT1, [CTXs2, xRT1]; \ + and RT2, RMASK, a, lsr#(16 - 2); \ + ldr RT0, [CTXs1, xRT0]; \ + \ + ldr RT3, [CTXs3, xRT3]; \ + eor RY, RY, RT1; \ + \ + and RT1, RMASK, b, lsr#(24 - 2); \ + eor RX, RX, RT0; \ + ldr RT2, [CTXs2, xRT2]; \ + and RT0, RMASK, a, lsr#(24 - 2); \ + \ + ldr RT1, [CTXs0, xRT1]; \ + \ + eor RY, RY, RT3; \ + ldr RT0, [CTXs3, xRT0]; \ + eor RX, RX, RT2; \ + eor RY, RY, RT1; \ + \ + ldr RT1, [CTXs3, #(k - s3 + 8 * (n) + 4)]; \ + eor RX, RX, RT0; \ + ldr RT2, [CTXs3, #(k - s3 + 8 * (n))]; \ + \ + add RT0, RX, RY, lsl #1; \ + add RX, RX, RY; \ + add RT0, RT0, RT1; \ + add RX, RX, RT2; \ + eor rd, rd, RT0; \ + eor rc, RX, rc, ror #31; + +#define first_encrypt_cycle(nc) \ + encrypt_round(RA, RB, RC, RD, (nc) * 2, dummy, 0); \ + encrypt_round(RC, RD, RA, RB, (nc) * 2 + 1, ror1, 1); + +#define encrypt_cycle(nc) \ + encrypt_round(RA, RB, RC, RD, (nc) * 2, ror1, 1); \ + encrypt_round(RC, RD, RA, RB, (nc) * 2 + 1, ror1, 1); + +#define last_encrypt_cycle(nc) \ + encrypt_round(RA, RB, RC, RD, (nc) * 2, ror1, 1); \ + encrypt_round(RC, RD, RA, RB, (nc) * 2 + 1, ror1, 1); \ + ror1(RA); + +#define first_decrypt_cycle(nc) \ + decrypt_round(RC, RD, RA, RB, (nc) * 2 + 1, dummy, 0); \ + decrypt_round(RA, RB, RC, RD, (nc) * 2, ror1, 1); + +#define decrypt_cycle(nc) \ + decrypt_round(RC, RD, RA, RB, (nc) * 2 + 1, ror1, 1); \ + decrypt_round(RA, RB, RC, RD, (nc) * 2, ror1, 1); + +#define last_decrypt_cycle(nc) \ + decrypt_round(RC, RD, RA, RB, (nc) * 2 + 1, ror1, 1); \ + decrypt_round(RA, RB, RC, RD, (nc) * 2, ror1, 1); \ + ror1(RD); + +.globl _gcry_twofish_arm_encrypt_block +.type _gcry_twofish_arm_encrypt_block,%function; + +_gcry_twofish_arm_encrypt_block: + /* input: + * x0: ctx + * x1: dst + * x2: src + */ + + add CTXw, CTX, #(w); + + ldr_input_le(RSRC, RA, RB, RC, RD, RT0); + + /* Input whitening */ + ldp RT0, RT1, [CTXw, #(0*8)]; + ldp RT2, RT3, [CTXw, #(1*8)]; + add CTXs3, CTX, #(s3); + add CTXs2, CTX, #(s2); + add CTXs1, CTX, #(s1); + mov RMASK, #(0xff << 2); + eor RA, RA, RT0; + eor RB, RB, RT1; + eor RC, RC, RT2; + eor RD, RD, RT3; + + first_encrypt_cycle(0); + encrypt_cycle(1); + encrypt_cycle(2); + encrypt_cycle(3); + encrypt_cycle(4); + encrypt_cycle(5); + encrypt_cycle(6); + last_encrypt_cycle(7); + + /* Output whitening */ + ldp RT0, RT1, [CTXw, #(2*8)]; + ldp RT2, RT3, [CTXw, #(3*8)]; + eor RC, RC, RT0; + eor RD, RD, RT1; + eor RA, RA, RT2; + eor RB, RB, RT3; + + str_output_le(RDST, RC, RD, RA, RB, RT0, RT1); + + ret; +.ltorg +.size _gcry_twofish_arm_encrypt_block,.-_gcry_twofish_arm_encrypt_block; + +.globl _gcry_twofish_arm_decrypt_block +.type _gcry_twofish_arm_decrypt_block,%function; + +_gcry_twofish_arm_decrypt_block: + /* input: + * %r0: ctx + * %r1: dst + * %r2: src + */ + + add CTXw, CTX, #(w); + + ldr_input_le(RSRC, RC, RD, RA, RB, RT0); + + /* Input whitening */ + ldp RT0, RT1, [CTXw, #(2*8)]; + ldp RT2, RT3, [CTXw, #(3*8)]; + add CTXs3, CTX, #(s3); + add CTXs2, CTX, #(s2); + add CTXs1, CTX, #(s1); + mov RMASK, #(0xff << 2); + eor RC, RC, RT0; + eor RD, RD, RT1; + eor RA, RA, RT2; + eor RB, RB, RT3; + + first_decrypt_cycle(7); + decrypt_cycle(6); + decrypt_cycle(5); + decrypt_cycle(4); + decrypt_cycle(3); + decrypt_cycle(2); + decrypt_cycle(1); + last_decrypt_cycle(0); + + /* Output whitening */ + ldp RT0, RT1, [CTXw, #(0*8)]; + ldp RT2, RT3, [CTXw, #(1*8)]; + eor RA, RA, RT0; + eor RB, RB, RT1; + eor RC, RC, RT2; + eor RD, RD, RT3; + + str_output_le(RDST, RA, RB, RC, RD, RT0, RT1); + + ret; +.size _gcry_twofish_arm_decrypt_block,.-_gcry_twofish_arm_decrypt_block; + +#endif /*HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS*/ +#endif /*__AARCH64EL__*/ diff --git a/cipher/twofish.c b/cipher/twofish.c index f6ecd67..7a4d26a 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -66,6 +66,11 @@ # define USE_ARM_ASM 1 # endif #endif +# if defined(__AARCH64EL__) +# ifdef HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS +# define USE_ARM_ASM 1 +# endif +# endif /* Prototype for the self-test function. */ diff --git a/configure.ac b/configure.ac index 3e926a5..7bbf4bd 100644 --- a/configure.ac +++ b/configure.ac @@ -2075,6 +2075,10 @@ if test "$found" = "1" ; then # Build with the assembly implementation GCRYPT_CIPHERS="$GCRYPT_CIPHERS twofish-arm.lo" ;; + aarch64-*-*) + # Build with the assembly implementation + GCRYPT_CIPHERS="$GCRYPT_CIPHERS twofish-aarch64.lo" + ;; esac fi commit de73a2e7237ba7c34ce48bb5fb671aa3993de832 Author: Jussi Kivilinna Date: Wed Apr 27 18:18:54 2016 +0300 Add Aarch64 assembly implementation of Camellia * cipher/Makefile.am: Add 'camellia-aarch64.S'. * cipher/camellia-aarch64.S: New. * cipher/camellia-glue.c [USE_ARM_ASM][__aarch64__]: Set stack burn size to zero. * cipher/camellia.h: Enable USE_ARM_ASM if __AARCH64EL__ and HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined. * configure.ac [host=aarch64]: Add 'rijndael-aarch64.lo'. -- Patch adds ARMv8/Aarch64 implementation of Camellia. Benchmark on Cortex-A53 (1152 Mhz): Before: CAMELLIA128 | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 39.71 ns/B 24.01 MiB/s 45.75 c/B ECB dec | 39.72 ns/B 24.01 MiB/s 45.75 c/B CBC enc | 40.80 ns/B 23.38 MiB/s 47.00 c/B CBC dec | 39.66 ns/B 24.05 MiB/s 45.69 c/B CFB enc | 40.69 ns/B 23.44 MiB/s 46.88 c/B CFB dec | 39.66 ns/B 24.05 MiB/s 45.69 c/B OFB enc | 40.69 ns/B 23.44 MiB/s 46.88 c/B OFB dec | 40.69 ns/B 23.44 MiB/s 46.88 c/B CTR enc | 39.88 ns/B 23.91 MiB/s 45.94 c/B CTR dec | 39.88 ns/B 23.91 MiB/s 45.94 c/B CCM enc | 79.97 ns/B 11.92 MiB/s 92.13 c/B CCM dec | 79.97 ns/B 11.93 MiB/s 92.13 c/B CCM auth | 40.20 ns/B 23.72 MiB/s 46.31 c/B GCM enc | 41.18 ns/B 23.16 MiB/s 47.44 c/B GCM dec | 41.18 ns/B 23.16 MiB/s 47.44 c/B GCM auth | 1.30 ns/B 732.7 MiB/s 1.50 c/B OCB enc | 42.04 ns/B 22.69 MiB/s 48.43 c/B OCB dec | 42.03 ns/B 22.69 MiB/s 48.42 c/B OCB auth | 41.38 ns/B 23.05 MiB/s 47.67 c/B = CAMELLIA256 | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 52.36 ns/B 18.22 MiB/s 60.31 c/B ECB dec | 52.36 ns/B 18.22 MiB/s 60.31 c/B CBC enc | 53.39 ns/B 17.86 MiB/s 61.50 c/B CBC dec | 52.14 ns/B 18.29 MiB/s 60.06 c/B CFB enc | 53.28 ns/B 17.90 MiB/s 61.38 c/B CFB dec | 52.14 ns/B 18.29 MiB/s 60.06 c/B OFB enc | 53.17 ns/B 17.94 MiB/s 61.25 c/B OFB dec | 53.17 ns/B 17.94 MiB/s 61.25 c/B CTR enc | 52.36 ns/B 18.21 MiB/s 60.32 c/B CTR dec | 52.36 ns/B 18.21 MiB/s 60.32 c/B CCM enc | 105.0 ns/B 9.08 MiB/s 120.9 c/B CCM dec | 105.0 ns/B 9.08 MiB/s 120.9 c/B CCM auth | 52.74 ns/B 18.08 MiB/s 60.75 c/B GCM enc | 53.66 ns/B 17.77 MiB/s 61.81 c/B GCM dec | 53.66 ns/B 17.77 MiB/s 61.82 c/B GCM auth | 1.30 ns/B 732.3 MiB/s 1.50 c/B OCB enc | 54.54 ns/B 17.49 MiB/s 62.83 c/B OCB dec | 54.48 ns/B 17.50 MiB/s 62.77 c/B OCB auth | 53.89 ns/B 17.70 MiB/s 62.09 c/B = After (~1.7x faster): CAMELLIA128 | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 22.25 ns/B 42.87 MiB/s 25.63 c/B ECB dec | 22.25 ns/B 42.87 MiB/s 25.63 c/B CBC enc | 23.27 ns/B 40.97 MiB/s 26.81 c/B CBC dec | 22.14 ns/B 43.08 MiB/s 25.50 c/B CFB enc | 23.17 ns/B 41.17 MiB/s 26.69 c/B CFB dec | 22.14 ns/B 43.08 MiB/s 25.50 c/B OFB enc | 23.11 ns/B 41.26 MiB/s 26.63 c/B OFB dec | 23.11 ns/B 41.26 MiB/s 26.63 c/B CTR enc | 22.36 ns/B 42.65 MiB/s 25.76 c/B CTR dec | 22.36 ns/B 42.65 MiB/s 25.76 c/B CCM enc | 44.87 ns/B 21.26 MiB/s 51.69 c/B CCM dec | 44.87 ns/B 21.25 MiB/s 51.69 c/B CCM auth | 22.62 ns/B 42.15 MiB/s 26.06 c/B GCM enc | 23.66 ns/B 40.31 MiB/s 27.25 c/B GCM dec | 23.66 ns/B 40.31 MiB/s 27.25 c/B GCM auth | 1.30 ns/B 732.0 MiB/s 1.50 c/B OCB enc | 24.32 ns/B 39.21 MiB/s 28.02 c/B OCB dec | 24.32 ns/B 39.21 MiB/s 28.02 c/B OCB auth | 23.75 ns/B 40.15 MiB/s 27.36 c/B = CAMELLIA256 | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 29.08 ns/B 32.79 MiB/s 33.50 c/B ECB dec | 29.19 ns/B 32.67 MiB/s 33.63 c/B CBC enc | 30.11 ns/B 31.67 MiB/s 34.69 c/B CBC dec | 29.05 ns/B 32.83 MiB/s 33.47 c/B CFB enc | 30.00 ns/B 31.79 MiB/s 34.56 c/B CFB dec | 28.97 ns/B 32.91 MiB/s 33.38 c/B OFB enc | 29.95 ns/B 31.84 MiB/s 34.50 c/B OFB dec | 29.95 ns/B 31.84 MiB/s 34.50 c/B CTR enc | 29.19 ns/B 32.67 MiB/s 33.63 c/B CTR dec | 29.19 ns/B 32.67 MiB/s 33.63 c/B CCM enc | 58.54 ns/B 16.29 MiB/s 67.43 c/B CCM dec | 58.54 ns/B 16.29 MiB/s 67.44 c/B CCM auth | 29.46 ns/B 32.37 MiB/s 33.94 c/B GCM enc | 30.49 ns/B 31.28 MiB/s 35.12 c/B GCM dec | 30.49 ns/B 31.27 MiB/s 35.13 c/B GCM auth | 1.30 ns/B 731.6 MiB/s 1.50 c/B OCB enc | 31.16 ns/B 30.61 MiB/s 35.90 c/B OCB dec | 31.22 ns/B 30.55 MiB/s 35.96 c/B OCB auth | 30.59 ns/B 31.18 MiB/s 35.24 c/B = Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index db606ca..305a3b9 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -102,7 +102,7 @@ whirlpool.c whirlpool-sse2-amd64.S \ twofish.c twofish-amd64.S twofish-arm.S \ rfc2268.c \ camellia.c camellia.h camellia-glue.c camellia-aesni-avx-amd64.S \ - camellia-aesni-avx2-amd64.S camellia-arm.S + camellia-aesni-avx2-amd64.S camellia-arm.S camellia-aarch64.S gost28147.lo: gost-sb.h gost-sb.h: gost-s-box diff --git a/cipher/camellia-aarch64.S b/cipher/camellia-aarch64.S new file mode 100644 index 0000000..440f69f --- /dev/null +++ b/cipher/camellia-aarch64.S @@ -0,0 +1,557 @@ +/* camellia-aarch64.S - ARMv8/AArch64 assembly implementation of Camellia + * cipher + * + * Copyright (C) 2016 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include + +#if defined(__AARCH64EL__) +#ifdef HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS + +.text + +/* struct camellia_ctx: */ +#define key_table 0 + +/* register macros */ +#define CTX x0 +#define RDST x1 +#define RSRC x2 +#define RKEYBITS x3 + +#define RTAB1 x4 +#define RTAB2 x5 +#define RTAB3 x6 +#define RTAB4 x7 +#define RMASK w8 + +#define IL w9 +#define IR w10 + +#define xIL x9 +#define xIR x10 + +#define XL w11 +#define XR w12 +#define YL w13 +#define YR w14 + +#define RT0 w15 +#define RT1 w16 +#define RT2 w17 +#define RT3 w18 + +#define xRT0 x15 +#define xRT1 x16 +#define xRT2 x17 +#define xRT3 x18 + +#ifdef __AARCH64EL__ + #define host_to_be(reg, rtmp) \ + rev reg, reg; + #define be_to_host(reg, rtmp) \ + rev reg, reg; +#else + /* nop on big-endian */ + #define host_to_be(reg, rtmp) /*_*/ + #define be_to_host(reg, rtmp) /*_*/ +#endif + +#define ldr_input_aligned_be(rin, a, b, c, d, rtmp) \ + ldr a, [rin, #0]; \ + ldr b, [rin, #4]; \ + be_to_host(a, rtmp); \ + ldr c, [rin, #8]; \ + be_to_host(b, rtmp); \ + ldr d, [rin, #12]; \ + be_to_host(c, rtmp); \ + be_to_host(d, rtmp); + +#define str_output_aligned_be(rout, a, b, c, d, rtmp) \ + be_to_host(a, rtmp); \ + be_to_host(b, rtmp); \ + str a, [rout, #0]; \ + be_to_host(c, rtmp); \ + str b, [rout, #4]; \ + be_to_host(d, rtmp); \ + str c, [rout, #8]; \ + str d, [rout, #12]; + +/* unaligned word reads/writes allowed */ +#define ldr_input_be(rin, ra, rb, rc, rd, rtmp) \ + ldr_input_aligned_be(rin, ra, rb, rc, rd, rtmp) + +#define str_output_be(rout, ra, rb, rc, rd, rtmp0, rtmp1) \ + str_output_aligned_be(rout, ra, rb, rc, rd, rtmp0) + +/********************************************************************** + 1-way camellia + **********************************************************************/ +#define roundsm(xl, xr, kl, kr, yl, yr) \ + ldr RT2, [CTX, #(key_table + ((kl) * 4))]; \ + and IR, RMASK, xr, lsl#(4); /*sp1110*/ \ + ldr RT3, [CTX, #(key_table + ((kr) * 4))]; \ + and IL, RMASK, xl, lsr#(24 - 4); /*sp1110*/ \ + and RT0, RMASK, xr, lsr#(16 - 4); /*sp3033*/ \ + ldr IR, [RTAB1, xIR]; \ + and RT1, RMASK, xl, lsr#(8 - 4); /*sp3033*/ \ + eor yl, yl, RT2; \ + ldr IL, [RTAB1, xIL]; \ + eor yr, yr, RT3; \ + \ + ldr RT0, [RTAB3, xRT0]; \ + ldr RT1, [RTAB3, xRT1]; \ + \ + and RT2, RMASK, xr, lsr#(24 - 4); /*sp0222*/ \ + and RT3, RMASK, xl, lsr#(16 - 4); /*sp0222*/ \ + \ + eor IR, IR, RT0; \ + eor IL, IL, RT1; \ + \ + ldr RT2, [RTAB2, xRT2]; \ + and RT0, RMASK, xr, lsr#(8 - 4); /*sp4404*/ \ + ldr RT3, [RTAB2, xRT3]; \ + and RT1, RMASK, xl, lsl#(4); /*sp4404*/ \ + \ + ldr RT0, [RTAB4, xRT0]; \ + ldr RT1, [RTAB4, xRT1]; \ + \ + eor IR, IR, RT2; \ + eor IL, IL, RT3; \ + eor IR, IR, RT0; \ + eor IL, IL, RT1; \ + \ + eor IR, IR, IL; \ + eor yr, yr, IL, ror#8; \ + eor yl, yl, IR; \ + eor yr, yr, IR; + +#define enc_rounds(n) \ + roundsm(XL, XR, ((n) + 2) * 2 + 0, ((n) + 2) * 2 + 1, YL, YR); \ + roundsm(YL, YR, ((n) + 3) * 2 + 0, ((n) + 3) * 2 + 1, XL, XR); \ + roundsm(XL, XR, ((n) + 4) * 2 + 0, ((n) + 4) * 2 + 1, YL, YR); \ + roundsm(YL, YR, ((n) + 5) * 2 + 0, ((n) + 5) * 2 + 1, XL, XR); \ + roundsm(XL, XR, ((n) + 6) * 2 + 0, ((n) + 6) * 2 + 1, YL, YR); \ + roundsm(YL, YR, ((n) + 7) * 2 + 0, ((n) + 7) * 2 + 1, XL, XR); + +#define dec_rounds(n) \ + roundsm(XL, XR, ((n) + 7) * 2 + 0, ((n) + 7) * 2 + 1, YL, YR); \ + roundsm(YL, YR, ((n) + 6) * 2 + 0, ((n) + 6) * 2 + 1, XL, XR); \ + roundsm(XL, XR, ((n) + 5) * 2 + 0, ((n) + 5) * 2 + 1, YL, YR); \ + roundsm(YL, YR, ((n) + 4) * 2 + 0, ((n) + 4) * 2 + 1, XL, XR); \ + roundsm(XL, XR, ((n) + 3) * 2 + 0, ((n) + 3) * 2 + 1, YL, YR); \ + roundsm(YL, YR, ((n) + 2) * 2 + 0, ((n) + 2) * 2 + 1, XL, XR); + +/* perform FL and FL?? */ +#define fls(ll, lr, rl, rr, kll, klr, krl, krr) \ + ldr RT0, [CTX, #(key_table + ((kll) * 4))]; \ + ldr RT2, [CTX, #(key_table + ((krr) * 4))]; \ + and RT0, RT0, ll; \ + ldr RT3, [CTX, #(key_table + ((krl) * 4))]; \ + orr RT2, RT2, rr; \ + ldr RT1, [CTX, #(key_table + ((klr) * 4))]; \ + eor rl, rl, RT2; \ + eor lr, lr, RT0, ror#31; \ + and RT3, RT3, rl; \ + orr RT1, RT1, lr; \ + eor ll, ll, RT1; \ + eor rr, rr, RT3, ror#31; + +#define enc_fls(n) \ + fls(XL, XR, YL, YR, \ + (n) * 2 + 0, (n) * 2 + 1, \ + (n) * 2 + 2, (n) * 2 + 3); + +#define dec_fls(n) \ + fls(XL, XR, YL, YR, \ + (n) * 2 + 2, (n) * 2 + 3, \ + (n) * 2 + 0, (n) * 2 + 1); + +#define inpack(n) \ + ldr_input_be(RSRC, XL, XR, YL, YR, RT0); \ + ldr RT0, [CTX, #(key_table + ((n) * 8) + 0)]; \ + ldr RT1, [CTX, #(key_table + ((n) * 8) + 4)]; \ + eor XL, XL, RT0; \ + eor XR, XR, RT1; + +#define outunpack(n) \ + ldr RT0, [CTX, #(key_table + ((n) * 8) + 0)]; \ + ldr RT1, [CTX, #(key_table + ((n) * 8) + 4)]; \ + eor YL, YL, RT0; \ + eor YR, YR, RT1; \ + str_output_be(RDST, YL, YR, XL, XR, RT0, RT1); + +.globl _gcry_camellia_arm_encrypt_block +.type _gcry_camellia_arm_encrypt_block, at function; + +_gcry_camellia_arm_encrypt_block: + /* input: + * x0: keytable + * x1: dst + * x2: src + * x3: keybitlen + */ + + adr RTAB1, _gcry_camellia_arm_tables; + mov RMASK, #(0xff<<4); /* byte mask */ + add RTAB2, RTAB1, #(1 * 4); + add RTAB3, RTAB1, #(2 * 4); + add RTAB4, RTAB1, #(3 * 4); + + inpack(0); + + enc_rounds(0); + enc_fls(8); + enc_rounds(8); + enc_fls(16); + enc_rounds(16); + + cmp RKEYBITS, #(16 * 8); + bne .Lenc_256; + + outunpack(24); + + ret; +.ltorg + +.Lenc_256: + enc_fls(24); + enc_rounds(24); + + outunpack(32); + + ret; +.ltorg +.size _gcry_camellia_arm_encrypt_block,.-_gcry_camellia_arm_encrypt_block; + +.globl _gcry_camellia_arm_decrypt_block +.type _gcry_camellia_arm_decrypt_block, at function; + +_gcry_camellia_arm_decrypt_block: + /* input: + * x0: keytable + * x1: dst + * x2: src + * x3: keybitlen + */ + + adr RTAB1, _gcry_camellia_arm_tables; + mov RMASK, #(0xff<<4); /* byte mask */ + add RTAB2, RTAB1, #(1 * 4); + add RTAB3, RTAB1, #(2 * 4); + add RTAB4, RTAB1, #(3 * 4); + + cmp RKEYBITS, #(16 * 8); + bne .Ldec_256; + + inpack(24); + +.Ldec_128: + dec_rounds(16); + dec_fls(16); + dec_rounds(8); + dec_fls(8); + dec_rounds(0); + + outunpack(0); + + ret; +.ltorg + +.Ldec_256: + inpack(32); + dec_rounds(24); + dec_fls(24); + + b .Ldec_128; +.ltorg +.size _gcry_camellia_arm_decrypt_block,.-_gcry_camellia_arm_decrypt_block; + +/* Encryption/Decryption tables */ +.globl _gcry_camellia_arm_tables +.type _gcry_camellia_arm_tables, at object; +.balign 32 +_gcry_camellia_arm_tables: +.Lcamellia_sp1110: +.long 0x70707000 +.Lcamellia_sp0222: + .long 0x00e0e0e0 +.Lcamellia_sp3033: + .long 0x38003838 +.Lcamellia_sp4404: + .long 0x70700070 +.long 0x82828200, 0x00050505, 0x41004141, 0x2c2c002c +.long 0x2c2c2c00, 0x00585858, 0x16001616, 0xb3b300b3 +.long 0xececec00, 0x00d9d9d9, 0x76007676, 0xc0c000c0 +.long 0xb3b3b300, 0x00676767, 0xd900d9d9, 0xe4e400e4 +.long 0x27272700, 0x004e4e4e, 0x93009393, 0x57570057 +.long 0xc0c0c000, 0x00818181, 0x60006060, 0xeaea00ea +.long 0xe5e5e500, 0x00cbcbcb, 0xf200f2f2, 0xaeae00ae +.long 0xe4e4e400, 0x00c9c9c9, 0x72007272, 0x23230023 +.long 0x85858500, 0x000b0b0b, 0xc200c2c2, 0x6b6b006b +.long 0x57575700, 0x00aeaeae, 0xab00abab, 0x45450045 +.long 0x35353500, 0x006a6a6a, 0x9a009a9a, 0xa5a500a5 +.long 0xeaeaea00, 0x00d5d5d5, 0x75007575, 0xeded00ed +.long 0x0c0c0c00, 0x00181818, 0x06000606, 0x4f4f004f +.long 0xaeaeae00, 0x005d5d5d, 0x57005757, 0x1d1d001d +.long 0x41414100, 0x00828282, 0xa000a0a0, 0x92920092 +.long 0x23232300, 0x00464646, 0x91009191, 0x86860086 +.long 0xefefef00, 0x00dfdfdf, 0xf700f7f7, 0xafaf00af +.long 0x6b6b6b00, 0x00d6d6d6, 0xb500b5b5, 0x7c7c007c +.long 0x93939300, 0x00272727, 0xc900c9c9, 0x1f1f001f +.long 0x45454500, 0x008a8a8a, 0xa200a2a2, 0x3e3e003e +.long 0x19191900, 0x00323232, 0x8c008c8c, 0xdcdc00dc +.long 0xa5a5a500, 0x004b4b4b, 0xd200d2d2, 0x5e5e005e +.long 0x21212100, 0x00424242, 0x90009090, 0x0b0b000b +.long 0xededed00, 0x00dbdbdb, 0xf600f6f6, 0xa6a600a6 +.long 0x0e0e0e00, 0x001c1c1c, 0x07000707, 0x39390039 +.long 0x4f4f4f00, 0x009e9e9e, 0xa700a7a7, 0xd5d500d5 +.long 0x4e4e4e00, 0x009c9c9c, 0x27002727, 0x5d5d005d +.long 0x1d1d1d00, 0x003a3a3a, 0x8e008e8e, 0xd9d900d9 +.long 0x65656500, 0x00cacaca, 0xb200b2b2, 0x5a5a005a +.long 0x92929200, 0x00252525, 0x49004949, 0x51510051 +.long 0xbdbdbd00, 0x007b7b7b, 0xde00dede, 0x6c6c006c +.long 0x86868600, 0x000d0d0d, 0x43004343, 0x8b8b008b +.long 0xb8b8b800, 0x00717171, 0x5c005c5c, 0x9a9a009a +.long 0xafafaf00, 0x005f5f5f, 0xd700d7d7, 0xfbfb00fb +.long 0x8f8f8f00, 0x001f1f1f, 0xc700c7c7, 0xb0b000b0 +.long 0x7c7c7c00, 0x00f8f8f8, 0x3e003e3e, 0x74740074 +.long 0xebebeb00, 0x00d7d7d7, 0xf500f5f5, 0x2b2b002b +.long 0x1f1f1f00, 0x003e3e3e, 0x8f008f8f, 0xf0f000f0 +.long 0xcecece00, 0x009d9d9d, 0x67006767, 0x84840084 +.long 0x3e3e3e00, 0x007c7c7c, 0x1f001f1f, 0xdfdf00df +.long 0x30303000, 0x00606060, 0x18001818, 0xcbcb00cb +.long 0xdcdcdc00, 0x00b9b9b9, 0x6e006e6e, 0x34340034 +.long 0x5f5f5f00, 0x00bebebe, 0xaf00afaf, 0x76760076 +.long 0x5e5e5e00, 0x00bcbcbc, 0x2f002f2f, 0x6d6d006d +.long 0xc5c5c500, 0x008b8b8b, 0xe200e2e2, 0xa9a900a9 +.long 0x0b0b0b00, 0x00161616, 0x85008585, 0xd1d100d1 +.long 0x1a1a1a00, 0x00343434, 0x0d000d0d, 0x04040004 +.long 0xa6a6a600, 0x004d4d4d, 0x53005353, 0x14140014 +.long 0xe1e1e100, 0x00c3c3c3, 0xf000f0f0, 0x3a3a003a +.long 0x39393900, 0x00727272, 0x9c009c9c, 0xdede00de +.long 0xcacaca00, 0x00959595, 0x65006565, 0x11110011 +.long 0xd5d5d500, 0x00ababab, 0xea00eaea, 0x32320032 +.long 0x47474700, 0x008e8e8e, 0xa300a3a3, 0x9c9c009c +.long 0x5d5d5d00, 0x00bababa, 0xae00aeae, 0x53530053 +.long 0x3d3d3d00, 0x007a7a7a, 0x9e009e9e, 0xf2f200f2 +.long 0xd9d9d900, 0x00b3b3b3, 0xec00ecec, 0xfefe00fe +.long 0x01010100, 0x00020202, 0x80008080, 0xcfcf00cf +.long 0x5a5a5a00, 0x00b4b4b4, 0x2d002d2d, 0xc3c300c3 +.long 0xd6d6d600, 0x00adadad, 0x6b006b6b, 0x7a7a007a +.long 0x51515100, 0x00a2a2a2, 0xa800a8a8, 0x24240024 +.long 0x56565600, 0x00acacac, 0x2b002b2b, 0xe8e800e8 +.long 0x6c6c6c00, 0x00d8d8d8, 0x36003636, 0x60600060 +.long 0x4d4d4d00, 0x009a9a9a, 0xa600a6a6, 0x69690069 +.long 0x8b8b8b00, 0x00171717, 0xc500c5c5, 0xaaaa00aa +.long 0x0d0d0d00, 0x001a1a1a, 0x86008686, 0xa0a000a0 +.long 0x9a9a9a00, 0x00353535, 0x4d004d4d, 0xa1a100a1 +.long 0x66666600, 0x00cccccc, 0x33003333, 0x62620062 +.long 0xfbfbfb00, 0x00f7f7f7, 0xfd00fdfd, 0x54540054 +.long 0xcccccc00, 0x00999999, 0x66006666, 0x1e1e001e +.long 0xb0b0b000, 0x00616161, 0x58005858, 0xe0e000e0 +.long 0x2d2d2d00, 0x005a5a5a, 0x96009696, 0x64640064 +.long 0x74747400, 0x00e8e8e8, 0x3a003a3a, 0x10100010 +.long 0x12121200, 0x00242424, 0x09000909, 0x00000000 +.long 0x2b2b2b00, 0x00565656, 0x95009595, 0xa3a300a3 +.long 0x20202000, 0x00404040, 0x10001010, 0x75750075 +.long 0xf0f0f000, 0x00e1e1e1, 0x78007878, 0x8a8a008a +.long 0xb1b1b100, 0x00636363, 0xd800d8d8, 0xe6e600e6 +.long 0x84848400, 0x00090909, 0x42004242, 0x09090009 +.long 0x99999900, 0x00333333, 0xcc00cccc, 0xdddd00dd +.long 0xdfdfdf00, 0x00bfbfbf, 0xef00efef, 0x87870087 +.long 0x4c4c4c00, 0x00989898, 0x26002626, 0x83830083 +.long 0xcbcbcb00, 0x00979797, 0xe500e5e5, 0xcdcd00cd +.long 0xc2c2c200, 0x00858585, 0x61006161, 0x90900090 +.long 0x34343400, 0x00686868, 0x1a001a1a, 0x73730073 +.long 0x7e7e7e00, 0x00fcfcfc, 0x3f003f3f, 0xf6f600f6 +.long 0x76767600, 0x00ececec, 0x3b003b3b, 0x9d9d009d +.long 0x05050500, 0x000a0a0a, 0x82008282, 0xbfbf00bf +.long 0x6d6d6d00, 0x00dadada, 0xb600b6b6, 0x52520052 +.long 0xb7b7b700, 0x006f6f6f, 0xdb00dbdb, 0xd8d800d8 +.long 0xa9a9a900, 0x00535353, 0xd400d4d4, 0xc8c800c8 +.long 0x31313100, 0x00626262, 0x98009898, 0xc6c600c6 +.long 0xd1d1d100, 0x00a3a3a3, 0xe800e8e8, 0x81810081 +.long 0x17171700, 0x002e2e2e, 0x8b008b8b, 0x6f6f006f +.long 0x04040400, 0x00080808, 0x02000202, 0x13130013 +.long 0xd7d7d700, 0x00afafaf, 0xeb00ebeb, 0x63630063 +.long 0x14141400, 0x00282828, 0x0a000a0a, 0xe9e900e9 +.long 0x58585800, 0x00b0b0b0, 0x2c002c2c, 0xa7a700a7 +.long 0x3a3a3a00, 0x00747474, 0x1d001d1d, 0x9f9f009f +.long 0x61616100, 0x00c2c2c2, 0xb000b0b0, 0xbcbc00bc +.long 0xdedede00, 0x00bdbdbd, 0x6f006f6f, 0x29290029 +.long 0x1b1b1b00, 0x00363636, 0x8d008d8d, 0xf9f900f9 +.long 0x11111100, 0x00222222, 0x88008888, 0x2f2f002f +.long 0x1c1c1c00, 0x00383838, 0x0e000e0e, 0xb4b400b4 +.long 0x32323200, 0x00646464, 0x19001919, 0x78780078 +.long 0x0f0f0f00, 0x001e1e1e, 0x87008787, 0x06060006 +.long 0x9c9c9c00, 0x00393939, 0x4e004e4e, 0xe7e700e7 +.long 0x16161600, 0x002c2c2c, 0x0b000b0b, 0x71710071 +.long 0x53535300, 0x00a6a6a6, 0xa900a9a9, 0xd4d400d4 +.long 0x18181800, 0x00303030, 0x0c000c0c, 0xabab00ab +.long 0xf2f2f200, 0x00e5e5e5, 0x79007979, 0x88880088 +.long 0x22222200, 0x00444444, 0x11001111, 0x8d8d008d +.long 0xfefefe00, 0x00fdfdfd, 0x7f007f7f, 0x72720072 +.long 0x44444400, 0x00888888, 0x22002222, 0xb9b900b9 +.long 0xcfcfcf00, 0x009f9f9f, 0xe700e7e7, 0xf8f800f8 +.long 0xb2b2b200, 0x00656565, 0x59005959, 0xacac00ac +.long 0xc3c3c300, 0x00878787, 0xe100e1e1, 0x36360036 +.long 0xb5b5b500, 0x006b6b6b, 0xda00dada, 0x2a2a002a +.long 0x7a7a7a00, 0x00f4f4f4, 0x3d003d3d, 0x3c3c003c +.long 0x91919100, 0x00232323, 0xc800c8c8, 0xf1f100f1 +.long 0x24242400, 0x00484848, 0x12001212, 0x40400040 +.long 0x08080800, 0x00101010, 0x04000404, 0xd3d300d3 +.long 0xe8e8e800, 0x00d1d1d1, 0x74007474, 0xbbbb00bb +.long 0xa8a8a800, 0x00515151, 0x54005454, 0x43430043 +.long 0x60606000, 0x00c0c0c0, 0x30003030, 0x15150015 +.long 0xfcfcfc00, 0x00f9f9f9, 0x7e007e7e, 0xadad00ad +.long 0x69696900, 0x00d2d2d2, 0xb400b4b4, 0x77770077 +.long 0x50505000, 0x00a0a0a0, 0x28002828, 0x80800080 +.long 0xaaaaaa00, 0x00555555, 0x55005555, 0x82820082 +.long 0xd0d0d000, 0x00a1a1a1, 0x68006868, 0xecec00ec +.long 0xa0a0a000, 0x00414141, 0x50005050, 0x27270027 +.long 0x7d7d7d00, 0x00fafafa, 0xbe00bebe, 0xe5e500e5 +.long 0xa1a1a100, 0x00434343, 0xd000d0d0, 0x85850085 +.long 0x89898900, 0x00131313, 0xc400c4c4, 0x35350035 +.long 0x62626200, 0x00c4c4c4, 0x31003131, 0x0c0c000c +.long 0x97979700, 0x002f2f2f, 0xcb00cbcb, 0x41410041 +.long 0x54545400, 0x00a8a8a8, 0x2a002a2a, 0xefef00ef +.long 0x5b5b5b00, 0x00b6b6b6, 0xad00adad, 0x93930093 +.long 0x1e1e1e00, 0x003c3c3c, 0x0f000f0f, 0x19190019 +.long 0x95959500, 0x002b2b2b, 0xca00caca, 0x21210021 +.long 0xe0e0e000, 0x00c1c1c1, 0x70007070, 0x0e0e000e +.long 0xffffff00, 0x00ffffff, 0xff00ffff, 0x4e4e004e +.long 0x64646400, 0x00c8c8c8, 0x32003232, 0x65650065 +.long 0xd2d2d200, 0x00a5a5a5, 0x69006969, 0xbdbd00bd +.long 0x10101000, 0x00202020, 0x08000808, 0xb8b800b8 +.long 0xc4c4c400, 0x00898989, 0x62006262, 0x8f8f008f +.long 0x00000000, 0x00000000, 0x00000000, 0xebeb00eb +.long 0x48484800, 0x00909090, 0x24002424, 0xcece00ce +.long 0xa3a3a300, 0x00474747, 0xd100d1d1, 0x30300030 +.long 0xf7f7f700, 0x00efefef, 0xfb00fbfb, 0x5f5f005f +.long 0x75757500, 0x00eaeaea, 0xba00baba, 0xc5c500c5 +.long 0xdbdbdb00, 0x00b7b7b7, 0xed00eded, 0x1a1a001a +.long 0x8a8a8a00, 0x00151515, 0x45004545, 0xe1e100e1 +.long 0x03030300, 0x00060606, 0x81008181, 0xcaca00ca +.long 0xe6e6e600, 0x00cdcdcd, 0x73007373, 0x47470047 +.long 0xdadada00, 0x00b5b5b5, 0x6d006d6d, 0x3d3d003d +.long 0x09090900, 0x00121212, 0x84008484, 0x01010001 +.long 0x3f3f3f00, 0x007e7e7e, 0x9f009f9f, 0xd6d600d6 +.long 0xdddddd00, 0x00bbbbbb, 0xee00eeee, 0x56560056 +.long 0x94949400, 0x00292929, 0x4a004a4a, 0x4d4d004d +.long 0x87878700, 0x000f0f0f, 0xc300c3c3, 0x0d0d000d +.long 0x5c5c5c00, 0x00b8b8b8, 0x2e002e2e, 0x66660066 +.long 0x83838300, 0x00070707, 0xc100c1c1, 0xcccc00cc +.long 0x02020200, 0x00040404, 0x01000101, 0x2d2d002d +.long 0xcdcdcd00, 0x009b9b9b, 0xe600e6e6, 0x12120012 +.long 0x4a4a4a00, 0x00949494, 0x25002525, 0x20200020 +.long 0x90909000, 0x00212121, 0x48004848, 0xb1b100b1 +.long 0x33333300, 0x00666666, 0x99009999, 0x99990099 +.long 0x73737300, 0x00e6e6e6, 0xb900b9b9, 0x4c4c004c +.long 0x67676700, 0x00cecece, 0xb300b3b3, 0xc2c200c2 +.long 0xf6f6f600, 0x00ededed, 0x7b007b7b, 0x7e7e007e +.long 0xf3f3f300, 0x00e7e7e7, 0xf900f9f9, 0x05050005 +.long 0x9d9d9d00, 0x003b3b3b, 0xce00cece, 0xb7b700b7 +.long 0x7f7f7f00, 0x00fefefe, 0xbf00bfbf, 0x31310031 +.long 0xbfbfbf00, 0x007f7f7f, 0xdf00dfdf, 0x17170017 +.long 0xe2e2e200, 0x00c5c5c5, 0x71007171, 0xd7d700d7 +.long 0x52525200, 0x00a4a4a4, 0x29002929, 0x58580058 +.long 0x9b9b9b00, 0x00373737, 0xcd00cdcd, 0x61610061 +.long 0xd8d8d800, 0x00b1b1b1, 0x6c006c6c, 0x1b1b001b +.long 0x26262600, 0x004c4c4c, 0x13001313, 0x1c1c001c +.long 0xc8c8c800, 0x00919191, 0x64006464, 0x0f0f000f +.long 0x37373700, 0x006e6e6e, 0x9b009b9b, 0x16160016 +.long 0xc6c6c600, 0x008d8d8d, 0x63006363, 0x18180018 +.long 0x3b3b3b00, 0x00767676, 0x9d009d9d, 0x22220022 +.long 0x81818100, 0x00030303, 0xc000c0c0, 0x44440044 +.long 0x96969600, 0x002d2d2d, 0x4b004b4b, 0xb2b200b2 +.long 0x6f6f6f00, 0x00dedede, 0xb700b7b7, 0xb5b500b5 +.long 0x4b4b4b00, 0x00969696, 0xa500a5a5, 0x91910091 +.long 0x13131300, 0x00262626, 0x89008989, 0x08080008 +.long 0xbebebe00, 0x007d7d7d, 0x5f005f5f, 0xa8a800a8 +.long 0x63636300, 0x00c6c6c6, 0xb100b1b1, 0xfcfc00fc +.long 0x2e2e2e00, 0x005c5c5c, 0x17001717, 0x50500050 +.long 0xe9e9e900, 0x00d3d3d3, 0xf400f4f4, 0xd0d000d0 +.long 0x79797900, 0x00f2f2f2, 0xbc00bcbc, 0x7d7d007d +.long 0xa7a7a700, 0x004f4f4f, 0xd300d3d3, 0x89890089 +.long 0x8c8c8c00, 0x00191919, 0x46004646, 0x97970097 +.long 0x9f9f9f00, 0x003f3f3f, 0xcf00cfcf, 0x5b5b005b +.long 0x6e6e6e00, 0x00dcdcdc, 0x37003737, 0x95950095 +.long 0xbcbcbc00, 0x00797979, 0x5e005e5e, 0xffff00ff +.long 0x8e8e8e00, 0x001d1d1d, 0x47004747, 0xd2d200d2 +.long 0x29292900, 0x00525252, 0x94009494, 0xc4c400c4 +.long 0xf5f5f500, 0x00ebebeb, 0xfa00fafa, 0x48480048 +.long 0xf9f9f900, 0x00f3f3f3, 0xfc00fcfc, 0xf7f700f7 +.long 0xb6b6b600, 0x006d6d6d, 0x5b005b5b, 0xdbdb00db +.long 0x2f2f2f00, 0x005e5e5e, 0x97009797, 0x03030003 +.long 0xfdfdfd00, 0x00fbfbfb, 0xfe00fefe, 0xdada00da +.long 0xb4b4b400, 0x00696969, 0x5a005a5a, 0x3f3f003f +.long 0x59595900, 0x00b2b2b2, 0xac00acac, 0x94940094 +.long 0x78787800, 0x00f0f0f0, 0x3c003c3c, 0x5c5c005c +.long 0x98989800, 0x00313131, 0x4c004c4c, 0x02020002 +.long 0x06060600, 0x000c0c0c, 0x03000303, 0x4a4a004a +.long 0x6a6a6a00, 0x00d4d4d4, 0x35003535, 0x33330033 +.long 0xe7e7e700, 0x00cfcfcf, 0xf300f3f3, 0x67670067 +.long 0x46464600, 0x008c8c8c, 0x23002323, 0xf3f300f3 +.long 0x71717100, 0x00e2e2e2, 0xb800b8b8, 0x7f7f007f +.long 0xbababa00, 0x00757575, 0x5d005d5d, 0xe2e200e2 +.long 0xd4d4d400, 0x00a9a9a9, 0x6a006a6a, 0x9b9b009b +.long 0x25252500, 0x004a4a4a, 0x92009292, 0x26260026 +.long 0xababab00, 0x00575757, 0xd500d5d5, 0x37370037 +.long 0x42424200, 0x00848484, 0x21002121, 0x3b3b003b +.long 0x88888800, 0x00111111, 0x44004444, 0x96960096 +.long 0xa2a2a200, 0x00454545, 0x51005151, 0x4b4b004b +.long 0x8d8d8d00, 0x001b1b1b, 0xc600c6c6, 0xbebe00be +.long 0xfafafa00, 0x00f5f5f5, 0x7d007d7d, 0x2e2e002e +.long 0x72727200, 0x00e4e4e4, 0x39003939, 0x79790079 +.long 0x07070700, 0x000e0e0e, 0x83008383, 0x8c8c008c +.long 0xb9b9b900, 0x00737373, 0xdc00dcdc, 0x6e6e006e +.long 0x55555500, 0x00aaaaaa, 0xaa00aaaa, 0x8e8e008e +.long 0xf8f8f800, 0x00f1f1f1, 0x7c007c7c, 0xf5f500f5 +.long 0xeeeeee00, 0x00dddddd, 0x77007777, 0xb6b600b6 +.long 0xacacac00, 0x00595959, 0x56005656, 0xfdfd00fd +.long 0x0a0a0a00, 0x00141414, 0x05000505, 0x59590059 +.long 0x36363600, 0x006c6c6c, 0x1b001b1b, 0x98980098 +.long 0x49494900, 0x00929292, 0xa400a4a4, 0x6a6a006a +.long 0x2a2a2a00, 0x00545454, 0x15001515, 0x46460046 +.long 0x68686800, 0x00d0d0d0, 0x34003434, 0xbaba00ba +.long 0x3c3c3c00, 0x00787878, 0x1e001e1e, 0x25250025 +.long 0x38383800, 0x00707070, 0x1c001c1c, 0x42420042 +.long 0xf1f1f100, 0x00e3e3e3, 0xf800f8f8, 0xa2a200a2 +.long 0xa4a4a400, 0x00494949, 0x52005252, 0xfafa00fa +.long 0x40404000, 0x00808080, 0x20002020, 0x07070007 +.long 0x28282800, 0x00505050, 0x14001414, 0x55550055 +.long 0xd3d3d300, 0x00a7a7a7, 0xe900e9e9, 0xeeee00ee +.long 0x7b7b7b00, 0x00f6f6f6, 0xbd00bdbd, 0x0a0a000a +.long 0xbbbbbb00, 0x00777777, 0xdd00dddd, 0x49490049 +.long 0xc9c9c900, 0x00939393, 0xe400e4e4, 0x68680068 +.long 0x43434300, 0x00868686, 0xa100a1a1, 0x38380038 +.long 0xc1c1c100, 0x00838383, 0xe000e0e0, 0xa4a400a4 +.long 0x15151500, 0x002a2a2a, 0x8a008a8a, 0x28280028 +.long 0xe3e3e300, 0x00c7c7c7, 0xf100f1f1, 0x7b7b007b +.long 0xadadad00, 0x005b5b5b, 0xd600d6d6, 0xc9c900c9 +.long 0xf4f4f400, 0x00e9e9e9, 0x7a007a7a, 0xc1c100c1 +.long 0x77777700, 0x00eeeeee, 0xbb00bbbb, 0xe3e300e3 +.long 0xc7c7c700, 0x008f8f8f, 0xe300e3e3, 0xf4f400f4 +.long 0x80808000, 0x00010101, 0x40004040, 0xc7c700c7 +.long 0x9e9e9e00, 0x003d3d3d, 0x4f004f4f, 0x9e9e009e +.size _gcry_camellia_arm_tables,.-_gcry_camellia_arm_tables; + +#endif /*HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS*/ +#endif /*__AARCH64EL__*/ diff --git a/cipher/camellia-glue.c b/cipher/camellia-glue.c index dfddb4a..1be35c9 100644 --- a/cipher/camellia-glue.c +++ b/cipher/camellia-glue.c @@ -285,12 +285,19 @@ static void Camellia_DecryptBlock(const int keyBitLength, keyBitLength); } +#ifdef __aarch64__ +# define CAMELLIA_encrypt_stack_burn_size (0) +# define CAMELLIA_decrypt_stack_burn_size (0) +#else +# define CAMELLIA_encrypt_stack_burn_size (15*4) +# define CAMELLIA_decrypt_stack_burn_size (15*4) +#endif + static unsigned int camellia_encrypt(void *c, byte *outbuf, const byte *inbuf) { CAMELLIA_context *ctx = c; Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf); -#define CAMELLIA_encrypt_stack_burn_size (15*4) return /*burn_stack*/ (CAMELLIA_encrypt_stack_burn_size); } @@ -299,7 +306,6 @@ camellia_decrypt(void *c, byte *outbuf, const byte *inbuf) { CAMELLIA_context *ctx=c; Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf); -#define CAMELLIA_decrypt_stack_burn_size (15*4) return /*burn_stack*/ (CAMELLIA_decrypt_stack_burn_size); } diff --git a/cipher/camellia.h b/cipher/camellia.h index d0e3c18..d7a1e6f 100644 --- a/cipher/camellia.h +++ b/cipher/camellia.h @@ -37,6 +37,11 @@ # define USE_ARM_ASM 1 # endif # endif +# if defined(__AARCH64EL__) +# ifdef HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS +# define USE_ARM_ASM 1 +# endif +# endif #endif #ifdef CAMELLIA_EXT_SYM_PREFIX #define CAMELLIA_PREFIX1(x,y) x ## y @@ -80,7 +85,7 @@ void Camellia_DecryptBlock(const int keyBitLength, const unsigned char *cipherText, const KEY_TABLE_TYPE keyTable, unsigned char *plaintext); -#endif /*!USE_ARMV6_ASM*/ +#endif /*!USE_ARM_ASM*/ #ifdef __cplusplus diff --git a/configure.ac b/configure.ac index ca82af9..3e926a5 100644 --- a/configure.ac +++ b/configure.ac @@ -2123,6 +2123,10 @@ if test "$found" = "1" ; then # Build with the assembly implementation GCRYPT_CIPHERS="$GCRYPT_CIPHERS camellia-arm.lo" ;; + aarch64-*-*) + # Build with the assembly implementation + GCRYPT_CIPHERS="$GCRYPT_CIPHERS camellia-aarch64.lo" + ;; esac if test x"$avxsupport" = xyes ; then ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 4 +- cipher/{camellia-arm.S => camellia-aarch64.S} | 291 ++++++++++---------------- cipher/camellia-glue.c | 10 +- cipher/camellia.h | 7 +- cipher/{twofish-arm.S => twofish-aarch64.S} | 214 ++++++++----------- cipher/twofish.c | 5 + configure.ac | 8 + 7 files changed, 224 insertions(+), 315 deletions(-) copy cipher/{camellia-arm.S => camellia-aarch64.S} (80%) copy cipher/{twofish-arm.S => twofish-aarch64.S} (60%) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 12 10:27:35 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 12 Sep 2016 10:27:35 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-330-g7b9e6ea Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7b9e6ea376d04fb4694ed22369abaae92ce3ec86 (commit) from 120b14783c0312d782dc08ce4949a6209d5ccc7b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7b9e6ea376d04fb4694ed22369abaae92ce3ec86 Author: Justus Winter Date: Mon Sep 12 10:11:44 2016 +0200 qt: Fix tofu test. * lang/qt/tests/t-tofuinfo.cpp: Adjust member names. Fixes-commit: 120b1478 Signed-off-by: Justus Winter diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index 5646f70..2e1f1f8 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -69,7 +69,7 @@ class TofuInfoTest: public QGpgMETest { Q_ASSERT(!orig.isNull()); Q_ASSERT(!other.isNull()); - Q_ASSERT(orig.lastSeen() == other.lastSeen()); + Q_ASSERT(orig.signLast() == other.signLast()); Q_ASSERT(orig.signCount() == other.signCount()); Q_ASSERT(orig.validity() == other.validity()); Q_ASSERT(orig.policy() == other.policy()); @@ -132,8 +132,8 @@ private Q_SLOTS: Q_ASSERT(tofu.isNull()); Q_ASSERT(!tofu.description()); Q_ASSERT(!tofu.signCount()); - Q_ASSERT(!tofu.lastSeen()); - Q_ASSERT(!tofu.firstSeen()); + Q_ASSERT(!tofu.signLast()); + Q_ASSERT(!tofu.signFirst()); Q_ASSERT(tofu.validity() == TofuInfo::ValidityUnknown); Q_ASSERT(tofu.policy() == TofuInfo::PolicyUnknown); } @@ -164,7 +164,7 @@ private Q_SLOTS: Q_ASSERT(sig.key().primaryFingerprint()); Q_ASSERT(sig.fingerprint()); Q_ASSERT(!strcmp(sig.key().primaryFingerprint(), sig.fingerprint())); - Q_ASSERT(stats.firstSeen() == stats.lastSeen()); + Q_ASSERT(stats.signFirst() == stats.signLast()); Q_ASSERT(stats.signCount() == 1); Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); @@ -188,7 +188,7 @@ private Q_SLOTS: stats = sig.key().userID(0).tofuInfo(); Q_ASSERT(!stats.isNull()); Q_ASSERT(!strcmp(sig.key().primaryFingerprint(), sig.fingerprint())); - Q_ASSERT(stats.firstSeen() == stats.lastSeen()); + Q_ASSERT(stats.signFirst() == stats.signLast()); Q_ASSERT(stats.signCount() == 1); Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); @@ -209,7 +209,7 @@ private Q_SLOTS: stats = sig.key().userID(0).tofuInfo(); Q_ASSERT(!stats.isNull()); Q_ASSERT(!strcmp(sig.key().primaryFingerprint(), sig.fingerprint())); - Q_ASSERT(stats.firstSeen() == stats.lastSeen()); + Q_ASSERT(stats.signFirst() == stats.signLast()); Q_ASSERT(stats.signCount() == 1); Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); ----------------------------------------------------------------------- Summary of changes: lang/qt/tests/t-tofuinfo.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 12 11:08:52 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 12 Sep 2016 11:08:52 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-98-gaa81e32 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via aa81e32df7189c3eb44d4c602fd63f5b3f6a9e49 (commit) from eddcba038025cdbd58aaf67cafd6d83f0ea042d5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit aa81e32df7189c3eb44d4c602fd63f5b3f6a9e49 Author: Justus Winter Date: Mon Sep 12 11:07:48 2016 +0200 tests: Simplify tofu test. * tests/openpgp/tofu.scm: Simplify now that we only have one db format. Signed-off-by: Justus Winter diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index cf2b389..f4de1d8 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -95,70 +95,68 @@ (call-check `(, at GPG --trust-model=tofu , at args --tofu-policy ,policy ,keyid))) +(info "Checking tofu policies and trust...") + +;; Carefully remove the TOFU db. +(catch '() (unlink (string-append GNUPGHOME "/tofu.db"))) +(catch '() (unlink-recursively (string-append GNUPGHOME "/tofu.d"))) + +;; Verify a message. There should be no conflict and the trust +;; policy should be set to auto. +(call-check `(, at GPG --trust-model=tofu + --verify ,(in-srcdir "tofu-2183839A-1.txt"))) + +(checkpolicy "2183839A" "auto") +;; Check default trust. +(checktrust "2183839A" "m") + +;; Trust should be derived lazily. Thus, if the policy is set to +;; auto and we change --tofu-default-policy, then the trust should +;; change as well. Try it. +(checktrust "2183839A" "f" '--tofu-default-policy=good) +(checktrust "2183839A" "-" '--tofu-default-policy=unknown) +(checktrust "2183839A" "n" '--tofu-default-policy=bad) + +;; Change the policy to something other than auto and make sure the +;; policy and the trust are correct. (for-each-p - "Testing tofu db" - (lambda (1) - ;; Carefully remove the TOFU db. - (catch '() (unlink (string-append GNUPGHOME "/tofu.db"))) - (catch '() (unlink-recursively (string-append GNUPGHOME "/tofu.d"))) - - ;; Verify a message. There should be no conflict and the trust - ;; policy should be set to auto. - (call-check `(, at GPG --trust-model=tofu - --verify ,(in-srcdir "tofu-2183839A-1.txt"))) - - (checkpolicy "2183839A" "auto") - ;; Check default trust. - (checktrust "2183839A" "m") - - ;; Trust should be derived lazily. Thus, if the policy is set to - ;; auto and we change --tofu-default-policy, then the trust should - ;; change as well. Try it. - (checktrust "2183839A" "f" '--tofu-default-policy=good) - (checktrust "2183839A" "-" '--tofu-default-policy=unknown) - (checktrust "2183839A" "n" '--tofu-default-policy=bad) - - ;; Change the policy to something other than auto and make sure the - ;; policy and the trust are correct. - (for-each-p - "" - (lambda (policy) - (let ((expected-trust - (cond - ((string=? "good" policy) "f") - ((string=? "unknown" policy) "-") - (else "n")))) - (setpolicy "2183839A" policy) - - ;; Since we have a fixed policy, the trust level shouldn't - ;; change if we change the default policy. - (for-each-p - "" - (lambda (default-policy) - (checkpolicy "2183839A" policy - '--tofu-default-policy default-policy) - (checktrust "2183839A" expected-trust - '--tofu-default-policy default-policy)) - '("auto" "good" "unknown" "bad" "ask")))) - '("good" "unknown" "bad")) - - ;; BC15C85A conflicts with 2183839A. On conflict, this will set - ;; BC15C85A to ask. If 2183839A is auto (it's not, it's bad), then - ;; it will be set to ask. - (call-check `(, at GPG --trust-model=tofu - --verify ,(in-srcdir "tofu-BC15C85A-1.txt"))) - (checkpolicy "BC15C85A" "ask") - (checkpolicy "2183839A" "bad") - - ;; EE37CF96 conflicts with 2183839A and BC15C85A. We change - ;; BC15C85A's policy to auto and leave 2183839A's policy at bad. - ;; This conflict should cause BC15C85A's policy to be changed to - ;; ask (since it is auto), but not affect 2183839A's policy. - (setpolicy "BC15C85A" "auto") - (checkpolicy "BC15C85A" "auto") - (call-check `(, at GPG --trust-model=tofu - --verify ,(in-srcdir "tofu-EE37CF96-1.txt"))) - (checkpolicy "BC15C85A" "ask") - (checkpolicy "2183839A" "bad") - (checkpolicy "EE37CF96" "ask")) - '("flat")) + "Setting a fixed policy..." + (lambda (policy) + (let ((expected-trust + (cond + ((string=? "good" policy) "f") + ((string=? "unknown" policy) "-") + (else "n")))) + (setpolicy "2183839A" policy) + + ;; Since we have a fixed policy, the trust level shouldn't + ;; change if we change the default policy. + (for-each-p + "" + (lambda (default-policy) + (checkpolicy "2183839A" policy + '--tofu-default-policy default-policy) + (checktrust "2183839A" expected-trust + '--tofu-default-policy default-policy)) + '("auto" "good" "unknown" "bad" "ask")))) + '("good" "unknown" "bad")) + +;; BC15C85A conflicts with 2183839A. On conflict, this will set +;; BC15C85A to ask. If 2183839A is auto (it's not, it's bad), then +;; it will be set to ask. +(call-check `(, at GPG --trust-model=tofu + --verify ,(in-srcdir "tofu-BC15C85A-1.txt"))) +(checkpolicy "BC15C85A" "ask") +(checkpolicy "2183839A" "bad") + +;; EE37CF96 conflicts with 2183839A and BC15C85A. We change +;; BC15C85A's policy to auto and leave 2183839A's policy at bad. +;; This conflict should cause BC15C85A's policy to be changed to +;; ask (since it is auto), but not affect 2183839A's policy. +(setpolicy "BC15C85A" "auto") +(checkpolicy "BC15C85A" "auto") +(call-check `(, at GPG --trust-model=tofu + --verify ,(in-srcdir "tofu-EE37CF96-1.txt"))) +(checkpolicy "BC15C85A" "ask") +(checkpolicy "2183839A" "bad") +(checkpolicy "EE37CF96" "ask") ----------------------------------------------------------------------- Summary of changes: tests/openpgp/tofu.scm | 130 ++++++++++++++++++++++++------------------------- 1 file changed, 64 insertions(+), 66 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 12 11:09:35 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 12 Sep 2016 11:09:35 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-331-gd480f6b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via d480f6b701894f78f3f4016d69c0e3b87939930b (commit) from 7b9e6ea376d04fb4694ed22369abaae92ce3ec86 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d480f6b701894f78f3f4016d69c0e3b87939930b Author: Andre Heinecke Date: Mon Sep 12 10:52:10 2016 +0200 qt: Fix some includes * lang/qt/src/qgpgmekeyformailboxjob.cpp: Explicitly include QStringList. * lang/qt/tests/t-support.h, lang/qt/tests/t-support.cpp: Move includes into impl. Explicitly include QDir. -- This fixes build against Qt versions where the includes are less implicit. diff --git a/lang/qt/src/qgpgmekeyformailboxjob.cpp b/lang/qt/src/qgpgmekeyformailboxjob.cpp index 0702a36..803d0e6 100644 --- a/lang/qt/src/qgpgmekeyformailboxjob.cpp +++ b/lang/qt/src/qgpgmekeyformailboxjob.cpp @@ -33,6 +33,8 @@ #include "qgpgmekeyformailboxjob.h" #include "qgpgmekeylistjob.h" +#include + #include using namespace GpgME; diff --git a/lang/qt/tests/t-support.cpp b/lang/qt/tests/t-support.cpp index 2b21ce7..86372f7 100644 --- a/lang/qt/tests/t-support.cpp +++ b/lang/qt/tests/t-support.cpp @@ -33,6 +33,11 @@ #include +#include +#include +#include +#include + void QGpgMETest::initTestCase() { const QString gpgHome = qgetenv("GNUPGHOME"); diff --git a/lang/qt/tests/t-support.h b/lang/qt/tests/t-support.h index 74163b1..59d9a4d 100644 --- a/lang/qt/tests/t-support.h +++ b/lang/qt/tests/t-support.h @@ -32,9 +32,6 @@ #define T_SUPPORT_H #include "interfaces/passphraseprovider.h" -#include -#include -#include #include namespace GpgME ----------------------------------------------------------------------- Summary of changes: lang/qt/src/qgpgmekeyformailboxjob.cpp | 2 ++ lang/qt/tests/t-support.cpp | 5 +++++ lang/qt/tests/t-support.h | 3 --- 3 files changed, 7 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 12 15:04:40 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 12 Sep 2016 15:04:40 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-332-ga0263ad Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a0263ad282d350b548cbbc27e96f196d9217d040 (commit) from d480f6b701894f78f3f4016d69c0e3b87939930b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a0263ad282d350b548cbbc27e96f196d9217d040 Author: Justus Winter Date: Mon Sep 12 14:53:08 2016 +0200 tests: Make signature notation test compatible with older GnuPGs. * lang/python/tests/t-sig-notation.py: Only check the critical flag when GnuPG >= 2.1.13 is used. * tests/gpg/t-sig-notation.c: Likewise. Fixes-commit: c88c9ef3 Signed-off-by: Justus Winter diff --git a/lang/python/tests/t-sig-notation.py b/lang/python/tests/t-sig-notation.py index 0f77e37..b024bb5 100755 --- a/lang/python/tests/t-sig-notation.py +++ b/lang/python/tests/t-sig-notation.py @@ -29,6 +29,14 @@ expected_notations = { None: ("http://www.gnu.org/policy/", 0), } +# GnuPG prior to 2.1.13 did not report the critical flag correctly. +with core.Context() as c: + version = c.engine_info.version + have_correct_sig_data = not (version.startswith("1.") + or version == "2.1.1" + or (version.startswith("2.1.1") + and version[5] < '3')) + def check_result(result): assert len(result.signatures) == 1, "Unexpected number of signatures" sig = result.signatures[0] @@ -45,7 +53,8 @@ def check_result(result): assert r.human_readable \ == bool(flags&constants.SIG_NOTATION_HUMAN_READABLE) assert r.critical \ - == bool(flags&constants.SIG_NOTATION_CRITICAL) + == (bool(flags&constants.SIG_NOTATION_CRITICAL) + if have_correct_sig_data else False) assert len(expected_notations) == 0 diff --git a/tests/gpg/t-sig-notation.c b/tests/gpg/t-sig-notation.c index 843606a..798ad24 100644 --- a/tests/gpg/t-sig-notation.c +++ b/tests/gpg/t-sig-notation.c @@ -24,6 +24,7 @@ #include #endif +#include #include #include #include @@ -33,6 +34,11 @@ #include "t-support.h" + +/* GnuPG prior to 2.1.13 did not report the critical flag + correctly. */ +int have_correct_sig_data; + static struct { const char *name; const char *value; @@ -83,11 +89,17 @@ check_result (gpgme_verify_result_t result) && r->value && !strcmp (r->value, expected_notations[i].value) && r->value_len == strlen (expected_notations[i].value) - && r->flags == expected_notations[i].flags + && r->flags + == (have_correct_sig_data + ? expected_notations[i].flags + : expected_notations[i].flags + & ~GPGME_SIG_NOTATION_CRITICAL) && r->human_readable == !!(r->flags & GPGME_SIG_NOTATION_HUMAN_READABLE) && r->critical - == !!(r->flags & GPGME_SIG_NOTATION_CRITICAL)) + == (have_correct_sig_data + ? !!(r->flags & GPGME_SIG_NOTATION_CRITICAL) + : 0)) { expected_notations[i].seen++; any++; @@ -121,9 +133,25 @@ main (int argc, char *argv[]) gpgme_verify_result_t result; char *agent_info; int i; + gpgme_engine_info_t engine_info; init_gpgme (GPGME_PROTOCOL_OpenPGP); + err = gpgme_get_engine_info (&engine_info); + fail_if_err (err); + for (; engine_info; engine_info = engine_info->next) + if (engine_info->protocol == GPGME_PROTOCOL_OpenPGP) + break; + assert (engine_info); + + /* GnuPG prior to 2.1.13 did not report the critical flag + correctly. */ + have_correct_sig_data = + ! (strncmp ("1.", engine_info->version, 2) + || (strncmp ("2.1.1", engine_info->version, 5) + && (engine_info->version[5] == 0 + || engine_info->version[5] < '3'))); + err = gpgme_new (&ctx); fail_if_err (err); ----------------------------------------------------------------------- Summary of changes: lang/python/tests/t-sig-notation.py | 11 ++++++++++- tests/gpg/t-sig-notation.c | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 12 15:44:10 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 12 Sep 2016 15:44:10 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-333-gdfd99ab Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via dfd99ab50c3bc1d6745b6f682791e4885e8d8a9a (commit) from a0263ad282d350b548cbbc27e96f196d9217d040 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dfd99ab50c3bc1d6745b6f682791e4885e8d8a9a Author: Justus Winter Date: Mon Sep 12 15:42:07 2016 +0200 tests: Fix version comparison. * tests/gpg/t-sig-notation.c: Fix version comparison. Fixes-commit: a0263ad2 Signed-off-by: Justus Winter diff --git a/tests/gpg/t-sig-notation.c b/tests/gpg/t-sig-notation.c index 798ad24..98d5095 100644 --- a/tests/gpg/t-sig-notation.c +++ b/tests/gpg/t-sig-notation.c @@ -147,8 +147,8 @@ main (int argc, char *argv[]) /* GnuPG prior to 2.1.13 did not report the critical flag correctly. */ have_correct_sig_data = - ! (strncmp ("1.", engine_info->version, 2) - || (strncmp ("2.1.1", engine_info->version, 5) + ! (strncmp ("1.", engine_info->version, 2) == 0 + || (strncmp ("2.1.1", engine_info->version, 5) == 0 && (engine_info->version[5] == 0 || engine_info->version[5] < '3'))); ----------------------------------------------------------------------- Summary of changes: tests/gpg/t-sig-notation.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 12 17:28:17 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 12 Sep 2016 17:28:17 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-337-gc0c5031 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c0c50318bd8ef6c8119ad9fdc53ad9087ded4c32 (commit) via 1d5bbbf1185a0d1f82750f10b69dad3999f7ef4c (commit) via 70999d81618b3d3ae6b61a43be2ce703ad284275 (commit) via b48b852a846129914d6c63ec7b47388cdcf6acca (commit) from dfd99ab50c3bc1d6745b6f682791e4885e8d8a9a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c0c50318bd8ef6c8119ad9fdc53ad9087ded4c32 Author: Justus Winter Date: Mon Sep 12 17:21:34 2016 +0200 python: Avoid Python3-only form of super(). * lang/python/pyme/core.py (GpgmeWrapper.__repr__): Use more compatible form of super. (GpgmeWrapper.__setattr__): Likewise. (Context.__init__): Likewise. (Data.__init__): Likewise. Signed-off-by: Justus Winter diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index f9df6e8..4bbbc17 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -45,7 +45,8 @@ class GpgmeWrapper(object): self.wrapped = wrapped def __repr__(self): - return '<{}/{!r}>'.format(super().__repr__(), self.wrapped) + return '<{}/{!r}>'.format(super(GpgmeWrapper, self).__repr__(), + self.wrapped) def __str__(self): acc = ['{}.{}'.format(__name__, self.__class__.__name__)] @@ -153,7 +154,7 @@ class GpgmeWrapper(object): if key in self._boolean_properties: self.__wrap_boolean_property(key, True, value) else: - super().__setattr__(key, value) + super(GpgmeWrapper, self).__setattr__(key, value) class Context(GpgmeWrapper): """Context for cryptographic operations @@ -191,7 +192,7 @@ class Context(GpgmeWrapper): wrapped = gpgme.gpgme_ctx_t_p_value(tmp) gpgme.delete_gpgme_ctx_t_p(tmp) self.own = True - super().__init__(wrapped) + super(Context, self).__init__(wrapped) self.armor = armor self.textmode = textmode self.offline = offline @@ -873,7 +874,7 @@ class Data(GpgmeWrapper): that file. """ - super().__init__(None) + super(Data, self).__init__(None) self.data_cbs = None if cbs != None: commit 1d5bbbf1185a0d1f82750f10b69dad3999f7ef4c Author: Justus Winter Date: Mon Sep 12 17:11:19 2016 +0200 python: Make type translation compatible with Python 2.7. * lang/python/gpgme.i: Avoid functions not available in Python 2.7. * lang/python/helpers.c: Likewise. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index dfa3775..bc957e5 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -36,11 +36,16 @@ /* Allow use of Unicode objects, bytes, and None for strings. */ -%typemap(in) const char * { +%typemap(in) const char *(PyObject *encodedInput = NULL) { if ($input == Py_None) $1 = NULL; else if (PyUnicode_Check($input)) - $1 = PyUnicode_AsUTF8($input); + { + encodedInput = PyUnicode_AsUTF8String($input); + if (encodedInput == NULL) + return NULL; + $1 = PyBytes_AsString(encodedInput); + } else if (PyBytes_Check($input)) $1 = PyBytes_AsString($input); else { @@ -50,19 +55,35 @@ return NULL; } } -%typemap(freearg) const char * ""; +%typemap(freearg) const char * { + Py_XDECREF(encodedInput$argnum); +} /* Likewise for a list of strings. */ -%typemap(in) const char *[] (void *vector = NULL) { +%typemap(in) const char *[] (void *vector = NULL, + size_t size, + PyObject **pyVector = NULL) { /* Check if is a list */ if (PyList_Check($input)) { - size_t i, size = PyList_Size($input); + size_t i, j; + size = PyList_Size($input); $1 = (char **) (vector = malloc((size+1) * sizeof(char *))); + pyVector = calloc(sizeof *pyVector, size); for (i = 0; i < size; i++) { PyObject *o = PyList_GetItem($input,i); if (PyUnicode_Check(o)) - $1[i] = PyUnicode_AsUTF8(o); + { + pyVector[i] = PyUnicode_AsUTF8String(o); + if (pyVector[i] == NULL) + { + free(vector); + for (j = 0; j < i; j++) + Py_XDECREF(pyVector[j]); + return NULL; + } + $1[i] = PyBytes_AsString(pyVector[i]); + } else if (PyString_Check(o)) $1[i] = PyString_AsString(o); else { @@ -83,7 +104,10 @@ } } %typemap(freearg) const char *[] { + size_t i; free(vector$argnum); + for (i = 0; i < size$argnum; i++) + Py_XDECREF(pyVector$argnum[i]); } // Release returned buffers as necessary. @@ -296,13 +320,22 @@ } /* For gpgme_data_write, but should be universal. */ -%typemap(in) (const void *buffer, size_t size) { +%typemap(in) (const void *buffer, size_t size)(PyObject *encodedInput = NULL) { Py_ssize_t ssize; if ($input == Py_None) $1 = NULL, $2 = 0; else if (PyUnicode_Check($input)) - $1 = PyUnicode_AsUTF8AndSize($input, &ssize); + { + encodedInput = PyUnicode_AsUTF8String($input); + if (encodedInput == NULL) + return NULL; + if (PyBytes_AsStringAndSize(encodedInput, (char **) &$1, &ssize) == -1) + { + Py_DECREF(encodedInput); + return NULL; + } + } else if (PyBytes_Check($input)) PyBytes_AsStringAndSize($input, (char **) &$1, &ssize); else { @@ -320,7 +353,9 @@ $2 = (size_t) ssize; } } -%typemap(freearg) (const void *buffer, size_t size) ""; +%typemap(freearg) (const void *buffer, size_t size) { + Py_XDECREF(encodedInput$argnum); +} // Make types containing 'next' field to be lists %ignore next; diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 0b4a773..6e63c97 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -191,14 +191,17 @@ _pyme_obj2gpgme_t(PyObject *input, const char *objtype, int argnum) pyname = PyObject_GetAttrString(input, "_ctype"); if (pyname && PyUnicode_Check(pyname)) { - if (strcmp(PyUnicode_AsUTF8(pyname), objtype) != 0) + PyObject *encoded = PyUnicode_AsUTF8String(pyname); + if (strcmp(PyBytes_AsString(encoded), objtype) != 0) { PyErr_Format(PyExc_TypeError, "arg %d: Expected value of type %s, but got %s", - argnum, objtype, PyUnicode_AsUTF8(pyname)); + argnum, objtype, PyBytes_AsString(encoded)); + Py_DECREF(encoded); Py_DECREF(pyname); return NULL; } + Py_DECREF(encoded); } else return NULL; @@ -334,6 +337,7 @@ static gpgme_error_t pyPassphraseCb(void *hook, PyObject *args = NULL; PyObject *retval = NULL; PyObject *dataarg = NULL; + PyObject *encoded = NULL; gpgme_error_t err_status = 0; _pyme_exception_init(); @@ -388,7 +392,17 @@ static gpgme_error_t pyPassphraseCb(void *hook, else if (PyUnicode_Check(retval)) { Py_ssize_t ssize; - buf = PyUnicode_AsUTF8AndSize(retval, &ssize); + encoded = PyUnicode_AsUTF8String(retval); + if (encoded == NULL) + { + err_status = gpg_error(GPG_ERR_GENERAL); + goto leave; + } + if (PyBytes_AsStringAndSize(encoded, &buf, &ssize) == -1) + { + err_status = gpg_error(GPG_ERR_GENERAL); + goto leave; + } assert (! buf || ssize >= 0); len = (size_t) ssize; } @@ -418,6 +432,7 @@ static gpgme_error_t pyPassphraseCb(void *hook, if (err_status) _pyme_stash_callback_exception(self); + Py_XDECREF(encoded); return err_status; } @@ -676,10 +691,23 @@ gpgme_error_t _pyme_edit_cb(void *opaque, gpgme_status_code_t status, err_status = _pyme_exception2code(); } else { if (fd>=0 && retval && PyUnicode_Check(retval)) { + PyObject *encoded = NULL; const char *buffer; Py_ssize_t size; - buffer = PyUnicode_AsUTF8AndSize(retval, &size); + encoded = PyUnicode_AsUTF8String(retval); + if (encoded == NULL) + { + err_status = gpg_error(GPG_ERR_GENERAL); + goto leave; + } + if (PyBytes_AsStringAndSize(encoded, &buffer, &size) == -1) + { + Py_DECREF(encoded); + err_status = gpg_error(GPG_ERR_GENERAL); + goto leave; + } + if (write(fd, buffer, size) < 0) { err_status = gpgme_error_from_syserror (); _pyme_raise_exception (err_status); @@ -688,8 +716,10 @@ gpgme_error_t _pyme_edit_cb(void *opaque, gpgme_status_code_t status, err_status = gpgme_error_from_syserror (); _pyme_raise_exception (err_status); } + Py_DECREF(encoded); } } + leave: if (err_status) _pyme_stash_callback_exception(self); commit 70999d81618b3d3ae6b61a43be2ce703ad284275 Author: Justus Winter Date: Mon Sep 12 16:19:07 2016 +0200 python: Avoid hardcoding the interpreter. * lang/python/setup.py.in: Avoid hardcoding the interpreter. Signed-off-by: Justus Winter diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index 4477e09..22035cb 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -88,9 +88,9 @@ if not os.path.exists(gpg_error_h): print("Building pyme3 using {} and {}.".format(gpgme_h, gpg_error_h)) # Cleanup gpgme.h from deprecated functions and typedefs. -subprocess.check_call(["python3", "gpgme-h-clean.py", gpgme_h], +subprocess.check_call([sys.executable, "gpgme-h-clean.py", gpgme_h], stdout=open("gpgme.h", "w")) -subprocess.check_call(["python3", "gpgme-h-clean.py", gpg_error_h], +subprocess.check_call([sys.executable, "gpgme-h-clean.py", gpg_error_h], stdout=open("errors.i", "w")) include_dirs = [os.getcwd()] commit b48b852a846129914d6c63ec7b47388cdcf6acca Author: Justus Winter Date: Mon Sep 12 16:18:31 2016 +0200 python: Do not rely on subprocess.DEVNULL. * lang/python/setup.py.in: Do not rely on subprocess.DEVNULL. Signed-off-by: Justus Winter diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index a524c95..4477e09 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -43,16 +43,21 @@ if os.path.exists("../../src/gpgme-config"): IN_TREE_BUILD=1, ) +if hasattr(subprocess, "DEVNULL"): + devnull = subprocess.DEVNULL +else: + devnull = open(os.devnull, "w") + try: subprocess.check_call([gpg_error_config, '--version'], - stdout=subprocess.DEVNULL) + stdout=devnull) except: sys.exit("Could not find gpg-error-config. " + "Please install the libgpg-error development package.") try: subprocess.check_call([gpgme_config, '--version'], - stdout=subprocess.DEVNULL) + stdout=devnull) except: sys.exit("Could not find gpgme-config. " + "Please install the libgpgme development package.") ----------------------------------------------------------------------- Summary of changes: lang/python/gpgme.i | 53 ++++++++++++++++++++++++++++++++++++++++-------- lang/python/helpers.c | 38 ++++++++++++++++++++++++++++++---- lang/python/pyme/core.py | 9 ++++---- lang/python/setup.py.in | 13 ++++++++---- 4 files changed, 92 insertions(+), 21 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 12 17:49:33 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 12 Sep 2016 17:49:33 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-99-g31fc420 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 31fc420727f45dd081f8ad5d056da6675dad29f2 (commit) from aa81e32df7189c3eb44d4c602fd63f5b3f6a9e49 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 31fc420727f45dd081f8ad5d056da6675dad29f2 Author: Werner Koch Date: Mon Sep 12 17:42:50 2016 +0200 gpg: Avoid mixing up status and colon line output. * g10/keylist.c (list_keyblock_colon): Avoid calling functions which trigger a status line output before having printed a LF. -- Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the colons output, like here: pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...] Reported-by: Andreas Stieger Signed-off-by: Werner Koch diff --git a/g10/keylist.c b/g10/keylist.c index dea9b17..bef1e07 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1183,9 +1183,10 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk; u32 keyid[2]; int trustletter = 0; + int trustletter_print; + int ownertrust_print; int ulti_hack = 0; int i; - char *p; char *hexgrip_buffer = NULL; const char *hexgrip = NULL; char *serialno = NULL; @@ -1217,31 +1218,38 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, stubkey = 1; /* Key not found. */ keyid_from_pk (pk, keyid); - es_fputs (secret? "sec:":"pub:", es_stdout); if (!pk->flags.valid) - es_putc ('i', es_stdout); + trustletter_print = 'i'; else if (pk->flags.revoked) - es_putc ('r', es_stdout); + trustletter_print = 'r'; else if (pk->has_expired) - es_putc ('e', es_stdout); + trustletter_print = 'e'; else if (opt.fast_list_mode || opt.no_expensive_trust_checks) - ; + trustletter_print = 0; else { trustletter = get_validity_info (ctrl, pk, NULL); if (trustletter == 'u') ulti_hack = 1; - es_putc (trustletter, es_stdout); + trustletter_print = trustletter; } + if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) + ownertrust_print = get_ownertrust_info (pk); + else + ownertrust_print = 0; + + es_fputs (secret? "sec:":"pub:", es_stdout); + if (trustletter_print) + es_putc (trustletter_print, es_stdout); es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::", nbits_from_pk (pk), pk->pubkey_algo, (ulong) keyid[0], (ulong) keyid[1], colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); - if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) - es_putc (get_ownertrust_info (pk), es_stdout); + if (ownertrust_print) + es_putc (ownertrust_print, es_stdout); es_putc (':', es_stdout); es_putc (':', es_stdout); @@ -1286,31 +1294,27 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, { if (node->pkt->pkttype == PKT_USER_ID) { - char *str; PKT_user_id *uid = node->pkt->pkt.user_id; + int uid_validity; if (attrib_fp && uid->attrib_data != NULL) dump_attribs (uid, pk); - /* - * Fixme: We need a valid flag here too - */ - str = uid->attrib_data ? "uat" : "uid"; + if (uid->is_revoked) - es_fprintf (es_stdout, "%s:r::::", str); + uid_validity = 'r'; else if (uid->is_expired) - es_fprintf (es_stdout, "%s:e::::", str); + uid_validity = 'e'; else if (opt.no_expensive_trust_checks) - es_fprintf (es_stdout, "%s:::::", str); - else - { - int uid_validity; + uid_validity = 0; + else if (ulti_hack) + uid_validity = 'u'; + else + uid_validity = get_validity_info (ctrl, pk, uid); - if (!ulti_hack) - uid_validity = get_validity_info (ctrl, pk, uid); - else - uid_validity = 'u'; - es_fprintf (es_stdout, "%s:%c::::", str, uid_validity); - } + es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout); + if (uid_validity) + es_putc (uid_validity, es_stdout); + es_fputs ("::::", es_stdout); es_fprintf (es_stdout, "%s:", colon_strtime (uid->created)); es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate)); @@ -1423,6 +1427,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, char *sigstr; size_t fplen; byte fparray[MAX_FINGERPRINT_LEN]; + char *siguid; + size_t siguidlen; if (sig->sig_class == 0x20 || sig->sig_class == 0x28 || sig->sig_class == 0x30) @@ -1482,6 +1488,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, rc = 0; sigrc = ' '; } + + if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode) + siguid = get_user_id (sig->keyid, &siguidlen); + else + { + siguid = NULL; + siguidlen = 0; + } + + es_fputs (sigstr, es_stdout); es_putc (':', es_stdout); if (sigrc != ' ') @@ -1502,17 +1518,11 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, if (sigrc == '%') es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc)); - else if (sigrc == '?') - ; - else if (!opt.fast_list_mode) - { - size_t n; - p = get_user_id (sig->keyid, &n); - es_write_sanitized (es_stdout, p, n, ":", NULL); - xfree (p); - } + else if (siguid) + es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL); + es_fprintf (es_stdout, ":%02x%c::", sig->sig_class, - sig->flags.exportable ? 'x' : 'l'); + sig->flags.exportable ? 'x' : 'l'); if (opt.no_sig_cache && opt.check_sigs && fprokay) { @@ -1526,6 +1536,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, print_subpackets_colon (sig); /* fixme: check or list other sigs here */ + xfree (siguid); } } ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 83 +++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 47 insertions(+), 36 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 13 08:29:55 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 13 Sep 2016 08:29:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-100-g9da780e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9da780e5c4b32ea81ba47bf36f17100d208b8b4f (commit) from 31fc420727f45dd081f8ad5d056da6675dad29f2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9da780e5c4b32ea81ba47bf36f17100d208b8b4f Author: Werner Koch Date: Tue Sep 13 08:26:56 2016 +0200 tools: Minor fix to the usbmon debugging tool. -- * tools/ccidmon.c (GNUPG_NAME): Define if not defined. (digitp, hexdigitp): Change to our common semantics. -- Note that this tool only exists in the repo. GnuPG-bug-id: 2678 Signed-off-by: Werner Koch diff --git a/tools/ccidmon.c b/tools/ccidmon.c index 4e39b5c..92673f4 100644 --- a/tools/ccidmon.c +++ b/tools/ccidmon.c @@ -45,6 +45,9 @@ # define PACKAGE_BUGREPORT "devnull at example.org" #endif #define PGM "ccidmon" +#ifndef GNUPG_NAME +# define GNUPG_NAME "GnuPG" +#endif /* Option flags. */ static int verbose; @@ -94,10 +97,10 @@ enum { }; -#define digitp(p) ((p) >= '0' && (p) <= '9') +#define digitp(p) (*(p) >= '0' && *(p) <= '9') #define hexdigitp(a) (digitp (a) \ - || ((a) >= 'A' && (a) <= 'F') \ - || ((a) >= 'a' && (a) <= 'f')) + || (*(a) >= 'A' && *(a) <= 'F') \ + || (*(a) >= 'a' && *(a) <= 'f')) #define ascii_isspace(a) ((a)==' ' || (a)=='\n' || (a)=='\r' || (a)=='\t') #define xtoi_1(p) ((p) <= '9'? ((p)- '0'): \ (p) <= 'F'? ((p)-'A'+10):((p)-'a'+10)) @@ -172,7 +175,7 @@ print_pr_data (const unsigned char *data, size_t datalen, size_t off) { if (needlf) putchar ('\n'); - printf (" [%04d] ", off); + printf (" [%04lu] ", (unsigned long)off); } printf (" %02X", data[off]); needlf = 1; @@ -608,14 +611,14 @@ collect_data (char *hexdata, const char *address, unsigned int lineno) { if (ascii_isspace (*s)) continue; - if (!hexdigitp (*s)) + if (!hexdigitp (s)) { err ("invalid hex digit in line %u - line skipped", lineno); break; } value = xtoi_1 (*s) * 16; s++; - if (!hexdigitp (*s)) + if (!hexdigitp (s)) { err ("invalid hex digit in line %u - line skipped", lineno); break; @@ -712,8 +715,8 @@ parse_line_sniffusb (char *line, unsigned int lineno) if (!p) return; - if (hexdigitp (p[0]) && hexdigitp (p[1]) - && hexdigitp (p[2]) && hexdigitp (p[3]) + if (hexdigitp (p+0) && hexdigitp (p+1) + && hexdigitp (p+2) && hexdigitp (p+3) && p[4] == ':' && !p[5]) { size_t length; @@ -722,7 +725,7 @@ parse_line_sniffusb (char *line, unsigned int lineno) length = databuffer.count; while ((p=strtok (NULL, " \t"))) { - if (!hexdigitp (p[0]) || !hexdigitp (p[1])) + if (!hexdigitp (p+0) || !hexdigitp (p+1)) { err ("invalid hex digit in line %u (%s)", lineno,p); break; @@ -810,7 +813,7 @@ main (int argc, char **argv) } else if (!strcmp (*argv, "--version")) { - fputs (PGM " ("GNUPG_NAME") " PACKAGE_VERSION "\n", stdout); + fputs (PGM " (" GNUPG_NAME ") " PACKAGE_VERSION "\n", stdout); exit (0); } else if (!strcmp (*argv, "--help")) ----------------------------------------------------------------------- Summary of changes: tools/ccidmon.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 13 11:33:44 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 13 Sep 2016 11:33:44 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-101-g30a011c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 30a011cfd6ec172cc460e59f0904a26fe2d68632 (commit) from 9da780e5c4b32ea81ba47bf36f17100d208b8b4f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 30a011cfd6ec172cc460e59f0904a26fe2d68632 Author: Werner Koch Date: Tue Sep 13 11:30:54 2016 +0200 gpg: Improve usability of --quick-gen-key. * g10/keygen.c (FUTURE_STD_): New constants. (parse_expire_string): Handle special keywords. (parse_algo_usage_expire): Allow "future-default". Simplify call to parse_expire_string. (quick_generate_keypair): Always allow an expiration date. Replace former "test-default" by "future-default". -- Using an expiration date is pretty common, thus we now allow the creation of a standard key with expiration date. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 5889c2f..8107100 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -615,12 +615,14 @@ answer to a ``Continue?'' style confirmation prompt is required. In case the user id already exists in the key ring a second prompt to force the creation of the key will show up. -If any of the optional arguments are given, only the primary key is -created and no prompts are shown. For a description of these optional -arguments see the command @code{--quick-addkey}. The @code{usage} -accepts also the value ``cert'' which can be used to create a -certification only primary key; the default is to a create -certification and signing key. +If @code{algo} or @code{usage} are given, only the primary key is +created and no prompts are shown. To specify an expiration date but +still create a primary and subkey use ``default'' or +``future-default'' for @code{algo} and ``default'' for @code{usage}. +For a description of these optional arguments see the command + at code{--quick-addkey}. The @code{usage} accepts also the value +``cert'' which can be used to create a certification only primary key; +the default is to a create certification and signing key. If this command is used with @option{--batch}, @option{--pinentry-mode} has been set to @code{loopback}, and one of @@ -637,13 +639,15 @@ Directly add a subkey to the key identified by the fingerprint added. If any of the arguments are given a more specific subkey is added. - at code{algo} may be any of the supported algorithms or curve names given -in the format as used by key listings. To use the default algorithm -the string ``default'' or ``-'' can be used. Supported algorithms are -``rsa'', ``dsa'', ``elg'', ``ed25519'', ``cv25519'', and other ECC -curves. For example the string ``rsa'' adds an RSA key with the -default key length; a string ``rsa4096'' requests that the key length -is 4096 bits. + at code{algo} may be any of the supported algorithms or curve names +given in the format as used by key listings. To use the default +algorithm the string ``default'' or ``-'' can be used. Supported +algorithms are ``rsa'', ``dsa'', ``elg'', ``ed25519'', ``cv25519'', +and other ECC curves. For example the string ``rsa'' adds an RSA key +with the default key length; a string ``rsa4096'' requests that the +key length is 4096 bits. The string ``future-default'' is an alias +for the algorithm which will likely be used as default algorithm in +future versions of gpg. Depending on the given @code{algo} the subkey may either be an encryption subkey or a signing subkey. If an algorithm is capable of diff --git a/g10/keyedit.c b/g10/keyedit.c index 4c833f8..baee180 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -3304,7 +3304,7 @@ keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr, goto leave; } - /* Create the subkey. Noet that the called function already prints + /* Create the subkey. Note that the called function already prints * an error message. */ if (!generate_subkeypair (ctrl, keyblock, algostr, usagestr, expirestr)) modified = 1; diff --git a/g10/keygen.c b/g10/keygen.c index 2b3d328..e897075 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -58,6 +58,15 @@ #define DEFAULT_STD_SUBKEYUSE PUBKEY_USAGE_ENC #define DEFAULT_STD_SUBCURVE NULL +#define FUTURE_STD_ALGO PUBKEY_ALGO_EDDSA +#define FUTURE_STD_KEYSIZE 0 +#define FUTURE_STD_KEYUSE (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG) +#define FUTURE_STD_CURVE "Ed25519" +#define FUTURE_STD_SUBALGO PUBKEY_ALGO_ECDH +#define FUTURE_STD_SUBKEYSIZE 0 +#define FUTURE_STD_SUBKEYUSE PUBKEY_USAGE_ENC +#define FUTURE_STD_SUBCURVE "Curve25519" + /* Flag bits used during key generation. */ #define KEYGEN_FLAG_NO_PROTECTION 1 #define KEYGEN_FLAG_TRANSIENT_KEY 2 @@ -2330,7 +2339,8 @@ parse_expire_string( const char *string ) u32 curtime = make_timestamp (); time_t tt; - if (!*string) + if (!string || !*string || !strcmp (string, "none") + || !strcmp (string, "never") || !strcmp (string, "-")) seconds = 0; else if (!strncmp (string, "seconds=", 8)) seconds = atoi (string+8); @@ -2347,7 +2357,7 @@ parse_expire_string( const char *string ) return seconds; } -/* Parsean Creation-Date string which is either "1986-04-26" or +/* Parse a Creation-Date string which is either "1986-04-26" or "19860426T042640". Returns 0 on error. */ static u32 parse_creation_string (const char *string) @@ -3612,12 +3622,49 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr, } - if (!strcmp (algostr, "test-default")) + if ((!*algostr || !strcmp (algostr, "default") + || !strcmp (algostr, "future-default")) + && (!*usagestr || !strcmp (usagestr, "default") + || !strcmp (usagestr, "-"))) { - para = quickgen_set_para (para, 0, PUBKEY_ALGO_EDDSA, 0, "Ed25519", 0); - para = quickgen_set_para (para, 1, PUBKEY_ALGO_ECDH, 0, "Curve25519", 0); + if (!strcmp (algostr, "future-default")) + { + para = quickgen_set_para (para, 0, + FUTURE_STD_ALGO, FUTURE_STD_KEYSIZE, + FUTURE_STD_CURVE, 0); + para = quickgen_set_para (para, 1, + FUTURE_STD_SUBALGO, FUTURE_STD_SUBKEYSIZE, + FUTURE_STD_SUBCURVE, 0); + } + else + { + para = quickgen_set_para (para, 0, + DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE, + DEFAULT_STD_CURVE, 0); + para = quickgen_set_para (para, 1, + DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE, + DEFAULT_STD_SUBCURVE, 0); + } + + if (*expirestr) + { + u32 expire; + + expire = parse_expire_string (expirestr); + if (expire == (u32)-1 ) + { + err = gpg_error (GPG_ERR_INV_VALUE); + log_error (_("Key generation failed: %s\n"), gpg_strerror (err)); + goto leave; + } + r = xmalloc_clear (sizeof *r + 20); + r->key = pKEYEXPIRE; + r->u.expire = expire; + r->next = para; + para = r; + } } - else if (*algostr || *usagestr || *expirestr) + else { /* Extended unattended mode. Creates only the primary key. */ int algo; @@ -3641,15 +3688,6 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr, r->next = para; para = r; } - else - { - para = quickgen_set_para (para, 0, - DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE, - DEFAULT_STD_CURVE, 0); - para = quickgen_set_para (para, 1, - DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE, - DEFAULT_STD_SUBCURVE, 0); - } /* If the pinentry loopback mode is not and we have a static passphrase (i.e. set with --passphrase{,-fd,-file} while in batch @@ -4416,9 +4454,15 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, if (!algostr || !*algostr || !strcmp (algostr, "default") || !strcmp (algostr, "-")) { - algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO; - use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE; - nbits = for_subkey?DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE; + algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO; + use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE; + nbits = for_subkey? DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE; + } + else if (!strcmp (algostr, "future-default")) + { + algo = for_subkey? FUTURE_STD_SUBALGO : FUTURE_STD_ALGO; + use = for_subkey? FUTURE_STD_SUBKEYUSE : FUTURE_STD_KEYUSE; + nbits = for_subkey? FUTURE_STD_SUBKEYSIZE : FUTURE_STD_KEYSIZE; } else if (*algostr == '&' && strlen (algostr) == 41) { @@ -4490,11 +4534,7 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, return gpg_error (GPG_ERR_WRONG_KEY_USAGE); /* Parse the expire string. */ - if (!expirestr || !*expirestr || !strcmp (expirestr, "none") - || !strcmp (expirestr, "never") || !strcmp (expirestr, "-")) - expire = 0; - else - expire = parse_expire_string (expirestr); + expire = parse_expire_string (expirestr); if (expire == (u32)-1 ) return gpg_error (GPG_ERR_INV_VALUE); ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 30 ++++++++++++--------- g10/keyedit.c | 2 +- g10/keygen.c | 86 +++++++++++++++++++++++++++++++++++++++++++---------------- 3 files changed, 81 insertions(+), 37 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 13 13:32:13 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 13 Sep 2016 13:32:13 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-339-g70a3be2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 70a3be27a509a1b5ea7372bee93d83c5019427ff (commit) via 4abff7d750a1abf5b388a4c87ec321fc3e4aed10 (commit) from c0c50318bd8ef6c8119ad9fdc53ad9087ded4c32 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 70a3be27a509a1b5ea7372bee93d83c5019427ff Author: Justus Winter Date: Tue Sep 13 10:44:14 2016 +0200 python: Handle slight differences between Python 2 and 3. * lang/python/helpers.c (pyDataWriteCb): Handle Python integers being returned on Python 2. (pyDataSeekCb): Likewise. * lang/python/pyme/core.py (Data.__init__): Fix testing for string argument. (Data.new_from_filepart): Likewise. * lang/python/pyme/util.py (is_a_string): New function. * lang/python/tests/t-encrypt-large.py (read_cb): Force evaluation of generator. * lang/python/tests/t-idiomatic.py: Partly skip test on Python 2. * lang/python/tests/t-verify.py (check_result): Here, the difference between 2 and 3 really matters. We cannot change the char * conversion in Python 2 without breaking all existing applications, and using bytestrings in Python 3 would be very inconvenient. Signed-off-by: Justus Winter diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 5b13fee..bc8aed4 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -833,17 +833,21 @@ static ssize_t pyDataWriteCb(void *hook, const void *buffer, size_t size) goto leave; } - if (! PyLong_Check(retval)) { +#if PY_MAJOR_VERSION < 3 + if (PyInt_Check(retval)) + result = PyInt_AsSsize_t(retval); + else +#endif + if (PyLong_Check(retval)) + result = PyLong_AsSsize_t(retval); + else { PyErr_Format(PyExc_TypeError, - "expected int from read callback, got %s", + "expected int from write callback, got %s", retval->ob_type->tp_name); _pyme_stash_callback_exception(self); result = -1; - goto leave; } - result = PyLong_AsSsize_t(retval); - leave: Py_XDECREF(retval); return result; @@ -894,21 +898,25 @@ static off_t pyDataSeekCb(void *hook, off_t offset, int whence) goto leave; } - if (! PyLong_Check(retval)) { +#if PY_MAJOR_VERSION < 3 + if (PyInt_Check(retval)) + result = PyInt_AsLong(retval); + else +#endif + if (PyLong_Check(retval)) +#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 + result = PyLong_AsLongLong(retval); +#else + result = PyLong_AsLong(retval); +#endif + else { PyErr_Format(PyExc_TypeError, - "expected int from read callback, got %s", + "expected int from seek callback, got %s", retval->ob_type->tp_name); _pyme_stash_callback_exception(self); result = -1; - goto leave; } -#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 - result = PyLong_AsLongLong(retval); -#else - result = PyLong_AsLong(retval); -#endif - leave: Py_XDECREF(retval); return result; diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 4bbbc17..a71426b 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -884,7 +884,7 @@ class Data(GpgmeWrapper): elif file != None and offset != None and length != None: self.new_from_filepart(file, offset, length) elif file != None: - if type(file) == type("x"): + if util.is_a_string(file): self.new_from_file(file, copy) else: self.new_from_fd(file) @@ -961,7 +961,7 @@ class Data(GpgmeWrapper): filename = None fp = None - if type(file) == type("x"): + if util.is_a_string(file): filename = file else: fp = gpgme.fdopen(file.fileno(), file.mode) diff --git a/lang/python/pyme/util.py b/lang/python/pyme/util.py index c4c9e18..bf25ccb 100644 --- a/lang/python/pyme/util.py +++ b/lang/python/pyme/util.py @@ -16,6 +16,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +import sys + def process_constants(prefix, scope): """Called by the constant modules to load up the constants from the C library starting with PREFIX. Matching constants will be inserted @@ -36,3 +38,13 @@ def percent_escape(s): '%{0:2x}'.format(ord(c)) if c == '+' or c == '"' or c == '%' or ord(c) <= 0x20 else c for c in s) + +# Python2/3 compatibility +if sys.version_info[0] == 3: + # Python3 + def is_a_string(x): + return isinstance(x, str) +else: + # Python2 + def is_a_string(x): + return isinstance(x, basestring) diff --git a/lang/python/tests/t-encrypt-large.py b/lang/python/tests/t-encrypt-large.py index 69aed48..29f9de2 100755 --- a/lang/python/tests/t-encrypt-large.py +++ b/lang/python/tests/t-encrypt-large.py @@ -37,7 +37,7 @@ def read_cb(amount): ntoread -= chunk assert ntoread >= 0 assert chunk >= 0 - return bytes(random.randrange(256) for i in range(chunk)) + return bytes(bytearray(random.randrange(256) for i in range(chunk))) nwritten = 0 def write_cb(data): diff --git a/lang/python/tests/t-idiomatic.py b/lang/python/tests/t-idiomatic.py index 1989c92..726bbb9 100755 --- a/lang/python/tests/t-idiomatic.py +++ b/lang/python/tests/t-idiomatic.py @@ -17,6 +17,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +import sys import io import os import tempfile @@ -60,17 +61,21 @@ with tempfile.TemporaryFile() as source, \ sign_and_verify(source, signed, sink) -# XXX: Python's io.BytesIo.truncate does not work as advertised. -# http://bugs.python.org/issue27261 -bio = io.BytesIO() -bio.truncate(1) -if len(bio.getvalue()) != 1: - # This version of Python is affected, preallocate buffer. - preallocate = 128*b'\x00' -else: - preallocate = b'' +if sys.version_info[0] == 3: + # Python2's io.BytesIO does not implement the buffer interface, + # hence we cannot use it as sink. -# Demonstrate automatic wrapping of objects implementing the buffer -# interface, and the use of data objects with the 'with' statement. -with io.BytesIO(preallocate) as signed, pyme.Data() as sink: - sign_and_verify(b"Hallo Leute\n", signed, sink) + # XXX: Python's io.BytesIo.truncate does not work as advertised. + # http://bugs.python.org/issue27261 + bio = io.BytesIO() + bio.truncate(1) + if len(bio.getvalue()) != 1: + # This version of Python is affected, preallocate buffer. + preallocate = 128*b'\x00' + else: + preallocate = b'' + + # Demonstrate automatic wrapping of objects implementing the buffer + # interface, and the use of data objects with the 'with' statement. + with io.BytesIO(preallocate) as signed, pyme.Data() as sink: + sign_and_verify(b"Hallo Leute\n", signed, sink) diff --git a/lang/python/tests/t-verify.py b/lang/python/tests/t-verify.py index b88bd07..ed5a91a 100755 --- a/lang/python/tests/t-verify.py +++ b/lang/python/tests/t-verify.py @@ -17,6 +17,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +import sys import os import pyme from pyme import core, constants, errors @@ -67,8 +68,11 @@ def check_result(result, summary, validity, fpr, status, notation): if notation: expected_notations = { - "bar": b"\xc3\xb6\xc3\xa4\xc3\xbc\xc3\x9f".decode() + - " das waren Umlaute und jetzt ein prozent%-Zeichen", + "bar": (b"\xc3\xb6\xc3\xa4\xc3\xbc\xc3\x9f" + + b" das waren Umlaute und jetzt ein prozent%-Zeichen" + if sys.version_info[0] < 3 else + b"\xc3\xb6\xc3\xa4\xc3\xbc\xc3\x9f".decode() + + " das waren Umlaute und jetzt ein prozent%-Zeichen"), "foobar.1": "this is a notation data with 2 lines", None: "http://www.gu.org/policy/", } commit 4abff7d750a1abf5b388a4c87ec321fc3e4aed10 Author: Justus Winter Date: Tue Sep 13 13:25:15 2016 +0200 python: Fix types and error handling. * lang/python/helpers.c (_pyme_edit_cb): Drop the const. (_pyme_assuan_{data,inquire,status}_cb): Fix error handling. Signed-off-by: Justus Winter diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 6e63c97..5b13fee 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -692,7 +692,7 @@ gpgme_error_t _pyme_edit_cb(void *opaque, gpgme_status_code_t status, } else { if (fd>=0 && retval && PyUnicode_Check(retval)) { PyObject *encoded = NULL; - const char *buffer; + char *buffer; Py_ssize_t size; encoded = PyUnicode_AsUTF8String(retval); @@ -999,7 +999,10 @@ _pyme_assuan_data_cb (void *hook, const void *data, size_t datalen) py_data = PyBytes_FromStringAndSize(data, datalen); if (py_data == NULL) - return NULL; /* raise */ + { + err = _pyme_exception2code(); + goto leave; + } retval = PyObject_CallFunctionObjArgs(func, py_data, NULL); if (PyErr_Occurred()) @@ -1033,23 +1036,29 @@ _pyme_assuan_inquire_cb (void *hook, const char *name, const char *args, py_name = PyUnicode_FromString(name); if (py_name == NULL) - return NULL; /* raise */ + { + err = _pyme_exception2code(); + goto leave; + } py_args = PyUnicode_FromString(args); if (py_args == NULL) - return NULL; /* raise */ + { + err = _pyme_exception2code(); + goto leave; + } retval = PyObject_CallFunctionObjArgs(func, py_name, py_args, NULL); if (PyErr_Occurred()) err = _pyme_exception2code(); - Py_DECREF(py_name); - Py_DECREF(py_args); Py_XDECREF(retval); /* FIXME: Returning data is not yet implemented. */ - r_data = NULL; + *r_data = NULL; leave: + Py_XDECREF(py_name); + Py_XDECREF(py_args); if (err) _pyme_stash_callback_exception(self); return err; @@ -1074,20 +1083,26 @@ _pyme_assuan_status_cb (void *hook, const char *status, const char *args) py_status = PyUnicode_FromString(status); if (py_status == NULL) - return NULL; /* raise */ + { + err = _pyme_exception2code(); + goto leave; + } py_args = PyUnicode_FromString(args); if (py_args == NULL) - return NULL; /* raise */ + { + err = _pyme_exception2code(); + goto leave; + } retval = PyObject_CallFunctionObjArgs(func, py_status, py_args, NULL); if (PyErr_Occurred()) err = _pyme_exception2code(); - Py_DECREF(py_status); - Py_DECREF(py_args); Py_XDECREF(retval); leave: + Py_XDECREF(py_status); + Py_XDECREF(py_args); if (err) _pyme_stash_callback_exception(self); return err; ----------------------------------------------------------------------- Summary of changes: lang/python/helpers.c | 73 ++++++++++++++++++++++++------------ lang/python/pyme/core.py | 4 +- lang/python/pyme/util.py | 12 ++++++ lang/python/tests/t-encrypt-large.py | 2 +- lang/python/tests/t-idiomatic.py | 31 ++++++++------- lang/python/tests/t-verify.py | 8 +++- 6 files changed, 87 insertions(+), 43 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 13 19:02:51 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 13 Sep 2016 19:02:51 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-340-g00c501d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 00c501d296da287bec2fd6a0e3912abfbde90a98 (commit) from 70a3be27a509a1b5ea7372bee93d83c5019427ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 00c501d296da287bec2fd6a0e3912abfbde90a98 Author: Werner Koch Date: Tue Sep 13 18:57:38 2016 +0200 core: New function gpgme_op_create_key. * src/engine-backend.h (engine_ops): Change prototype of genkey. * src/engine-gpgsm.c (gpgsm_genkey): Change accordingly. * src/engine-gpg.c (gpg_genkey): Change it to a dispatcher. (gpg_createkey_from_param): New for the old functionality. (gpg_createkey_legacy): New. Stub for now. (gpg_createkey): New. (gpg_addkey): New. Stub for now. (gpg_adduid): New. Stub for now. * src/engine.c (_gpgme_engine_op_genkey): Add new args. * src/genkey.c (op_data_t): Add field ERROR_CODE. (parse_error): New. (genkey_status_handler): Parse ERROR status line. (genkey_start): Use NULL/0 for the new args. (createkey_start): New. (gpgme_op_createkey_start, gpgme_op_createkey): New. * src/gpgme.def, src/libgpgme.vers: Add gpgme_op_createkey_start and gpgme_op_createkey. * src/gpgme.h.in (_gpgme_op_genkey_result): Add fields PUBKEY and SECKEY. (GPGME_CREATE_SIGN): New. (GPGME_CREATE_ENCR): New. (GPGME_CREATE_CERT): New. (GPGME_CREATE_AUTH): New. (GPGME_CREATE_NOPASSWD): New. (GPGME_CREATE_SELFSIGNED): New. (GPGME_CREATE_NOSTORE): New. (GPGME_CREATE_WANTPUB): New. (GPGME_CREATE_WANTSEC): New. (GPGME_CREATE_FORCE): New. * tests/run-genkey.c: New. * tests/Makefile.am (noinst_PROGRAMS): Add it. -- This function uses the new --quick-gen-key API of gpg. A limited compatibility mode to use older gpg versions and gpgsm will eventually be provided. Not all flags are currently implemented. ./run-genkey --unprotected --force test at example.com Create a new standard key with the given user id. --force is used to allow creating more than one key with that user id in the keyring. ./run-genkey --unprotected --force \ test at example.com default default 2145826800 Creates a new standard key with an expiration date of 2037-12-31. ./run-genkey --unprotected --force \ test at example.com future-default default 2145826800 Create a standard key using the fugure default algorithms. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index da331b4..d3639c8 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,9 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_PK_EDDSA NEW. gpgme_set_ctx_flag NEW. gpgme_data_set_flag NEW. + gpgme_op_createkey NEW. + gpgme_op_createkey_start NEW. + gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey. gpgme_signature_t EXTENDED: New field key. gpgme_key_t EXTENDED: New field fpr. gpgme_subkey_t EXTENDED: New field keygrip. @@ -31,6 +34,16 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_DATA_TYPE_PGP_SIGNATURE NEW. GPGME_DATA_ENCODING_MIME NEW. GPGME_ENCRYPT_SYMMETRIC NEW. + GPGME_CREATE_SIGN NEW. + GPGME_CREATE_ENCR NEW. + GPGME_CREATE_CERT NEW. + GPGME_CREATE_AUTH NEW. + GPGME_CREATE_NOPASSWD NEW. + GPGME_CREATE_SELFSIGNED NEW. + GPGME_CREATE_NOSTORE NEW. + GPGME_CREATE_WANTPUB NEW. + GPGME_CREATE_WANTSEC NEW. + GPGME_CREATE_FORCE NEW. Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] diff --git a/src/engine-backend.h b/src/engine-backend.h index a15194e..842292d 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -82,7 +82,11 @@ struct engine_ops gpgme_error_t (*export_ext) (void *engine, const char *pattern[], gpgme_export_mode_t mode, gpgme_data_t keydata, int use_armor); - gpgme_error_t (*genkey) (void *engine, gpgme_data_t help_data, int use_armor, + gpgme_error_t (*genkey) (void *engine, + const char *userid, const char *algo, + unsigned long reserved, unsigned long expires, + gpgme_key_t key, unsigned int flags, + gpgme_data_t help_data, int use_armor, gpgme_data_t pubkey, gpgme_data_t seckey); gpgme_error_t (*import) (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray); diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 3f77ba8..289578b 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1964,22 +1964,11 @@ gpg_export_ext (void *engine, const char *pattern[], gpgme_export_mode_t mode, static gpgme_error_t -gpg_genkey (void *engine, gpgme_data_t help_data, int use_armor, - gpgme_data_t pubkey, gpgme_data_t seckey) +gpg_createkey_from_param (engine_gpg_t gpg, + gpgme_data_t help_data, int use_armor) { - engine_gpg_t gpg = engine; gpgme_error_t err; - if (!gpg) - return gpg_error (GPG_ERR_INV_VALUE); - - /* We need a special mechanism to get the fd of a pipe here, so that - we can use this for the %pubring and %secring parameters. We - don't have this yet, so we implement only the adding to the - standard keyrings. */ - if (pubkey || seckey) - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - err = add_arg (gpg, "--gen-key"); if (!err && use_armor) err = add_arg (gpg, "--armor"); @@ -1987,9 +1976,156 @@ gpg_genkey (void *engine, gpgme_data_t help_data, int use_armor, err = add_arg (gpg, "--"); if (!err) err = add_data (gpg, help_data, -1, 0); + if (!err) + err = start (gpg); + return err; +} + + +/* This is used for gpg versions which do not support the quick-genkey + * command to emulate the gpgme_op_createkey API. */ +static gpgme_error_t +gpg_createkey_legacy (engine_gpg_t gpg, + const char *userid, const char *algo, + unsigned long expires, + unsigned int flags, + int use_armor) +{ + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +} + + +static gpgme_error_t +gpg_createkey (engine_gpg_t gpg, + const char *userid, const char *algo, + unsigned long expires, + unsigned int flags, + int use_armor) +{ + gpgme_error_t err; + + err = add_arg (gpg, "--quick-gen-key"); + if (!err && use_armor) + err = add_arg (gpg, "--armor"); + if (!err && (flags & GPGME_CREATE_NOPASSWD)) + { + err = add_arg (gpg, "--passphrase"); + if (!err) + err = add_arg (gpg, ""); + } + if (!err && (flags & GPGME_CREATE_FORCE)) + err = add_arg (gpg, "--yes"); + if (!err) + err = add_arg (gpg, "--"); + if (!err) + err = add_arg (gpg, userid); + + /* This condition is only required to allow the use of gpg < 2.1.16 */ + if (algo + || (flags & (GPGME_CREATE_SIGN | GPGME_CREATE_ENCR + | GPGME_CREATE_CERT | GPGME_CREATE_AUTH)) + || expires) + { + + if (!err) + err = add_arg (gpg, algo? algo : "default"); + if (!err) + { + char tmpbuf[5*4+1]; + snprintf (tmpbuf, sizeof tmpbuf, "%s%s%s%s", + (flags & GPGME_CREATE_SIGN)? " sign":"", + (flags & GPGME_CREATE_ENCR)? " encr":"", + (flags & GPGME_CREATE_CERT)? " cert":"", + (flags & GPGME_CREATE_AUTH)? " auth":""); + err = add_arg (gpg, *tmpbuf? tmpbuf : "default"); + } + if (!err && expires) + { + char tmpbuf[8+20]; + snprintf (tmpbuf, sizeof tmpbuf, "seconds=%lu", expires); + err = add_arg (gpg, tmpbuf); + } + } if (!err) err = start (gpg); + return err; +} + + +static gpgme_error_t +gpg_addkey (engine_gpg_t gpg, + const char *algo, + unsigned long expires, + gpgme_key_t key, + unsigned int flags, + int use_armor) +{ + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +} + + +static gpgme_error_t +gpg_adduid (engine_gpg_t gpg, + const char *userid, + unsigned int flags, + int use_armor) +{ + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +} + + +static gpgme_error_t +gpg_genkey (void *engine, + const char *userid, const char *algo, + unsigned long reserved, unsigned long expires, + gpgme_key_t key, unsigned int flags, + gpgme_data_t help_data, int use_armor, + gpgme_data_t pubkey, gpgme_data_t seckey) +{ + engine_gpg_t gpg = engine; + gpgme_error_t err; + + (void)reserved; + + if (!gpg) + return gpg_error (GPG_ERR_INV_VALUE); + + /* If HELP_DATA is given the use of the old interface + * (gpgme_op_genkey) has been requested. The other modes are: + * + * USERID && !KEY - Create a new keyblock. + * !USERID && KEY - Add a new subkey to KEY (gpg >= 2.1.14) + * USERID && KEY && !ALGO - Add a new user id to KEY (gpg >= 2.1.14). + * + */ + if (help_data) + { + /* We need a special mechanism to get the fd of a pipe here, so + that we can use this for the %pubring and %secring + parameters. We don't have this yet, so we implement only the + adding to the standard keyrings. */ + if (pubkey || seckey) + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + else + err = gpg_createkey_from_param (gpg, help_data, use_armor); + } + else if (userid && !key) + { + if (!have_gpg_version (gpg, "2.1.13")) + err = gpg_createkey_legacy (gpg, userid, algo, expires, flags, + use_armor); + else + err = gpg_createkey (gpg, userid, algo, expires, flags, use_armor); + } + else if (!have_gpg_version (gpg, "2.1.13")) + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + else if (!userid && key) + err = gpg_addkey (gpg, algo, expires, key, flags, use_armor); + else if (userid && key && !algo) + err = gpg_adduid (gpg, userid, flags, use_armor); + else + err = gpg_error (GPG_ERR_INV_VALUE); return err; } diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index d4a1cf7..3f3230b 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1433,29 +1433,49 @@ gpgsm_export_ext (void *engine, const char *pattern[], gpgme_export_mode_t mode, static gpgme_error_t -gpgsm_genkey (void *engine, gpgme_data_t help_data, int use_armor, +gpgsm_genkey (void *engine, + const char *userid, const char *algo, + unsigned long reserved, unsigned long expires, + gpgme_key_t key, unsigned int flags, + gpgme_data_t help_data, int use_armor, gpgme_data_t pubkey, gpgme_data_t seckey) { engine_gpgsm_t gpgsm = engine; gpgme_error_t err; - if (!gpgsm || !pubkey || seckey) + (void)reserved; + + if (!gpgsm) return gpg_error (GPG_ERR_INV_VALUE); - gpgsm->input_cb.data = help_data; - err = gpgsm_set_fd (gpgsm, INPUT_FD, map_data_enc (gpgsm->input_cb.data)); - if (err) - return err; - gpgsm->output_cb.data = pubkey; - err = gpgsm_set_fd (gpgsm, OUTPUT_FD, use_armor ? "--armor" - : map_data_enc (gpgsm->output_cb.data)); - if (err) - return err; - gpgsm_clear_fd (gpgsm, MESSAGE_FD); - gpgsm->inline_data = NULL; + if (help_data) + { + if (!pubkey || seckey) + return gpg_error (GPG_ERR_INV_VALUE); - err = start (gpgsm, "GENKEY"); - return err; + gpgsm->input_cb.data = help_data; + err = gpgsm_set_fd (gpgsm, INPUT_FD, map_data_enc (gpgsm->input_cb.data)); + if (err) + return err; + gpgsm->output_cb.data = pubkey; + err = gpgsm_set_fd (gpgsm, OUTPUT_FD, use_armor ? "--armor" + : map_data_enc (gpgsm->output_cb.data)); + if (err) + return err; + gpgsm_clear_fd (gpgsm, MESSAGE_FD); + gpgsm->inline_data = NULL; + + err = start (gpgsm, "GENKEY"); + return err; + } + + (void)userid; + (void)expires; + (void)key; + (void)flags; + + /* The new interface has not yet been implemented, */ + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); } diff --git a/src/engine.c b/src/engine.c index f428034..1ff8698 100644 --- a/src/engine.c +++ b/src/engine.c @@ -773,7 +773,11 @@ _gpgme_engine_op_export_ext (engine_t engine, const char *pattern[], gpgme_error_t -_gpgme_engine_op_genkey (engine_t engine, gpgme_data_t help_data, +_gpgme_engine_op_genkey (engine_t engine, + const char *userid, const char *algo, + unsigned long reserved, unsigned long expires, + gpgme_key_t key, unsigned int flags, + gpgme_data_t help_data, int use_armor, gpgme_data_t pubkey, gpgme_data_t seckey) { @@ -783,7 +787,9 @@ _gpgme_engine_op_genkey (engine_t engine, gpgme_data_t help_data, if (!engine->ops->genkey) return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - return (*engine->ops->genkey) (engine->engine, help_data, use_armor, + return (*engine->ops->genkey) (engine->engine, + userid, algo, reserved, expires, key, flags, + help_data, use_armor, pubkey, seckey); } diff --git a/src/engine.h b/src/engine.h index b713d96..857dff4 100644 --- a/src/engine.h +++ b/src/engine.h @@ -108,6 +108,10 @@ gpgme_error_t _gpgme_engine_op_export_ext (engine_t engine, gpgme_data_t keydata, int use_armor); gpgme_error_t _gpgme_engine_op_genkey (engine_t engine, + const char *userid, const char *algo, + unsigned long reserved, + unsigned long expires, + gpgme_key_t key, unsigned int flags, gpgme_data_t help_data, int use_armor, gpgme_data_t pubkey, gpgme_data_t seckey); diff --git a/src/export.c b/src/export.c index a29fbde..41a9eba 100644 --- a/src/export.c +++ b/src/export.c @@ -34,7 +34,7 @@ /* Local operation data. */ typedef struct { - gpg_error_t err; /* Error encountred during the export. */ + gpg_error_t err; /* Error encountered during the export. */ } *op_data_t; diff --git a/src/genkey.c b/src/genkey.c index 34cc5af..0b795f4 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -1,23 +1,22 @@ /* genkey.c - Key generation. - Copyright (C) 2000 Werner Koch (dd9jn) - Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH - - This file is part of GPGME. - - GPGME is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation; either version 2.1 of - the License, or (at your option) any later version. - - GPGME is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA - 02111-1307, USA. */ + * Copyright (C) 2000 Werner Koch (dd9jn) + * Copyright (C) 2001, 2002, 2003, 2004, 2016 g10 Code GmbH + * + * This file is part of GPGME. + * + * GPGME is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * GPGME is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ #if HAVE_CONFIG_H #include @@ -40,6 +39,9 @@ typedef struct /* The error code from a FAILURE status line or 0. */ gpg_error_t failure_code; + /* The error code from certain ERROR status lines or 0. */ + gpg_error_t error_code; + /* The key parameters passed to the crypto engine. */ gpgme_data_t key_parameter; } *op_data_t; @@ -82,7 +84,39 @@ gpgme_op_genkey_result (gpgme_ctx_t ctx) return &opd->result; } + +/* Parse an error status line. Return the error location and the + error code. The function may modify ARGS. */ +static char * +parse_error (char *args, gpg_error_t *r_err) +{ + char *where = strchr (args, ' '); + char *which; + + if (where) + { + *where = '\0'; + which = where + 1; + + where = strchr (which, ' '); + if (where) + *where = '\0'; + + where = args; + } + else + { + *r_err = trace_gpg_error (GPG_ERR_INV_ENGINE); + return NULL; + } + + *r_err = atoi (which); + + return where; +} + + static gpgme_error_t genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) { @@ -90,6 +124,7 @@ genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) gpgme_error_t err; void *hook; op_data_t opd; + char *loc; /* Pipe the status code through the progress status handler. */ err = _gpgme_progress_status_handler (ctx, code, args); @@ -121,13 +156,22 @@ genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) } break; + case GPGME_STATUS_ERROR: + loc = parse_error (args, &err); + if (!loc) + return err; + if (!opd->error_code) + opd->error_code = err; + break; + case GPGME_STATUS_FAILURE: opd->failure_code = _gpgme_parse_failure (args); break; case GPGME_STATUS_EOF: - /* FIXME: Should return some more useful error value. */ - if (!opd->result.primary && !opd->result.sub) + if (opd->error_code) + return opd->error_code; + else if (!opd->result.primary && !opd->result.sub) return gpg_error (GPG_ERR_GENERAL); else if (opd->failure_code) return opd->failure_code; @@ -212,7 +256,9 @@ genkey_start (gpgme_ctx_t ctx, int synchronous, const char *parms, return err; } - return _gpgme_engine_op_genkey (ctx->engine, opd->key_parameter, + return _gpgme_engine_op_genkey (ctx->engine, + NULL, NULL, 0, 0, NULL, 0, + opd->key_parameter, ctx->use_armor, pubkey, seckey); } @@ -259,3 +305,85 @@ gpgme_op_genkey (gpgme_ctx_t ctx, const char *parms, gpgme_data_t pubkey, err = _gpgme_wait_one (ctx); return TRACE_ERR (err); } + + + +static gpgme_error_t +createkey_start (gpgme_ctx_t ctx, int synchronous, + const char *userid, const char *algo, + unsigned long reserved, unsigned long expires, + gpgme_key_t anchorkey, unsigned int flags) +{ + gpgme_error_t err; + void *hook; + op_data_t opd; + + err = _gpgme_op_reset (ctx, synchronous); + if (err) + return err; + + if (reserved || anchorkey || !userid) + return gpg_error (GPG_ERR_INV_VALUE); + + err = _gpgme_op_data_lookup (ctx, OPDATA_GENKEY, &hook, + sizeof (*opd), release_op_data); + opd = hook; + if (err) + return err; + + _gpgme_engine_set_status_handler (ctx->engine, genkey_status_handler, ctx); + + if (ctx->passphrase_cb) + { + err = _gpgme_engine_set_command_handler + (ctx->engine, _gpgme_passphrase_command_handler, ctx, NULL); + if (err) + return err; + } + + return _gpgme_engine_op_genkey (ctx->engine, + userid, algo, reserved, expires, + anchorkey, flags, + NULL, ctx->use_armor, NULL, NULL); + +} + + +gpgme_error_t +gpgme_op_createkey_start (gpgme_ctx_t ctx, const char *userid, const char *algo, + unsigned long reserved, unsigned long expires, + gpgme_key_t anchorkey, unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG3 (DEBUG_CTX, "gpgme_op_createkey_start", ctx, + "userid='%s', algo='%s' flags=0x%x", userid, algo, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + err = createkey_start (ctx, 0, + userid, algo, reserved, expires, anchorkey, flags); + return TRACE_ERR (err); +} + + +gpgme_error_t +gpgme_op_createkey (gpgme_ctx_t ctx, const char *userid, const char *algo, + unsigned long reserved, unsigned long expires, + gpgme_key_t anchorkey, unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG3 (DEBUG_CTX, "gpgme_op_createkey", ctx, + "userid='%s', algo='%s' flags=0x%x", userid, algo, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + err = createkey_start (ctx, 1, + userid, algo, reserved, expires, anchorkey, flags); + if (!err) + err = _gpgme_wait_one (ctx); + return TRACE_ERR (err); +} diff --git a/src/gpgme.def b/src/gpgme.def index a15c35b..a56b9ef 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -229,5 +229,8 @@ EXPORTS gpgme_data_set_flag @171 + gpgme_op_createkey_start @172 + gpgme_op_createkey @173 + ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 00a4bed..0fdc927 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1815,6 +1815,18 @@ gpgme_error_t gpgme_op_export_keys (gpgme_ctx_t ctx, * Key generation. */ +/* Flags for the key creation functions. */ +#define GPGME_CREATE_SIGN (1 << 0) /* Allow usage: signing. */ +#define GPGME_CREATE_ENCR (1 << 1) /* Allow usage: encryption. */ +#define GPGME_CREATE_CERT (1 << 2) /* Allow usage: certification. */ +#define GPGME_CREATE_AUTH (1 << 3) /* Allow usage: authentication. */ +#define GPGME_CREATE_NOPASSWD (1 << 7) /* Create w/o passphrase. */ +#define GPGME_CREATE_SELFSIGNED (1 << 8) /* Create self-signed cert. */ +#define GPGME_CREATE_NOSTORE (1 << 9) /* Do not store the key. */ +#define GPGME_CREATE_WANTPUB (1 << 10) /* Return the public key. */ +#define GPGME_CREATE_WANTSEC (1 << 11) /* Return the secret key. */ +#define GPGME_CREATE_FORCE (1 << 12) /* Force creation. */ + struct _gpgme_op_genkey_result { /* A primary key was generated. */ @@ -1828,6 +1840,14 @@ struct _gpgme_op_genkey_result /* The fingerprint of the generated key. */ char *fpr; + + /* A memory data object with the created public key. Only set when + * GPGME_CREATE_WANTPUB has been used. */ + gpgme_data_t pubkey; + + /* A memory data object with the created secret key. Only set when + * GPGME_CREATE_WANTSEC has been used. */ + gpgme_data_t seckey; }; typedef struct _gpgme_op_genkey_result *gpgme_genkey_result_t; @@ -1839,7 +1859,39 @@ gpgme_error_t gpgme_op_genkey_start (gpgme_ctx_t ctx, const char *parms, gpgme_error_t gpgme_op_genkey (gpgme_ctx_t ctx, const char *parms, gpgme_data_t pubkey, gpgme_data_t seckey); -/* Retrieve a pointer to the result of the genkey operation. */ +/* Generate a key pair using the modern interface. */ +gpgme_error_t gpgme_op_createkey_start (gpgme_ctx_t ctx, + const char *userid, + const char *algo, + unsigned long reserved, + unsigned long expires, + gpgme_key_t certkey, + unsigned int flags); +gpgme_error_t gpgme_op_createkey (gpgme_ctx_t ctx, + const char *userid, + const char *algo, + unsigned long reserved, + unsigned long expires, + gpgme_key_t certkey, + unsigned int flags); +/* Add a new subkey to KEY. */ +gpgme_error_t gpgme_op_createsubkey_start (gpgme_ctx_t ctx, + gpgme_key_t key, + const char *algo, + unsigned long reserved, + unsigned long expires, + unsigned int flags); +gpgme_error_t gpgme_op_createsubkey (gpgme_ctx_t ctx, + gpgme_key_t key, + const char *algo, + unsigned long reserved, + unsigned long expires, + unsigned int flags); + + + +/* Retrieve a pointer to the result of a genkey, createkey, or + * createsubkey operation. */ gpgme_genkey_result_t gpgme_op_genkey_result (gpgme_ctx_t ctx); @@ -2177,7 +2229,7 @@ typedef struct gpgme_conf_arg } *gpgme_conf_arg_t; -/* The flags of a configuration option. See the gpg-conf +/* The flags of a configuration option. See the gpgconf documentation for details. */ #define GPGME_CONF_GROUP (1 << 0) #define GPGME_CONF_OPTIONAL (1 << 1) diff --git a/src/libgpgme.vers b/src/libgpgme.vers index d29bc14..b06c9c6 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -101,6 +101,10 @@ GPGME_1.1 { gpgme_pubkey_algo_string; gpgme_set_ctx_flag; + gpgme_data_set_flag; + + gpgme_op_createkey_start; + gpgme_op_createkey; }; @@ -230,8 +234,6 @@ GPGME_1.0 { gpgme_err_code_from_syserror; gpgme_err_set_errno; - gpgme_data_set_flag; - local: *; diff --git a/tests/Makefile.am b/tests/Makefile.am index a450f2a..f3a1604 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -32,7 +32,7 @@ LDADD = ../src/libgpgme.la @GPG_ERROR_LIBS@ noinst_HEADERS = run-support.h noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import run-sign \ - run-verify run-encrypt run-identify run-decrypt + run-verify run-encrypt run-identify run-decrypt run-genkey if RUN_GPG_TESTS diff --git a/tests/run-genkey.c b/tests/run-genkey.c new file mode 100644 index 0000000..74d4038 --- /dev/null +++ b/tests/run-genkey.c @@ -0,0 +1,348 @@ +/* run-genkey.c - Test tool to perform key generation + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GPGME. + * + * GPGME is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * GPGME is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* We need to include config.h so that we know whether we are building + with large file system (LFS) support. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include + +#define PGM "run-genkey" + +#include "run-support.h" + + +static int verbose; + + +/* Tokenize STRING using the set of delimiters in DELIM. Leading + * spaces and tabs are removed from all tokens. The caller must free + * the result. + * + * Returns: A malloced and NULL delimited array with the tokens. On + * memory error NULL is returned and ERRNO is set. + */ +static char ** +strtokenize (const char *string, const char *delim) +{ + const char *s; + size_t fields; + size_t bytes, n; + char *buffer; + char *p, *px, *pend; + char **result; + + /* Count the number of fields. */ + for (fields = 1, s = strpbrk (string, delim); s; s = strpbrk (s + 1, delim)) + fields++; + fields++; /* Add one for the terminating NULL. */ + + /* Allocate an array for all fields, a terminating NULL, and space + for a copy of the string. */ + bytes = fields * sizeof *result; + if (bytes / sizeof *result != fields) + { + gpg_err_set_errno (ENOMEM); + return NULL; + } + n = strlen (string) + 1; + bytes += n; + if (bytes < n) + { + gpg_err_set_errno (ENOMEM); + return NULL; + } + result = malloc (bytes); + if (!result) + return NULL; + buffer = (char*)(result + fields); + + /* Copy and parse the string. */ + strcpy (buffer, string); + for (n = 0, p = buffer; (pend = strpbrk (p, delim)); p = pend + 1) + { + *pend = 0; + while (*p == ' ' || *p == '\t') + p++; + for (px = pend - 1; px >= p && (*px == ' ' || *px == '\t'); px--) + *px = 0; + result[n++] = p; + } + while (*p == ' ' || *p == '\t') + p++; + for (px = p + strlen (p) - 1; px >= p && (*px == ' ' || *px == '\t'); px--) + *px = 0; + result[n++] = p; + result[n] = NULL; + + assert ((char*)(result + n + 1) == buffer); + + return result; +} + + +static gpg_error_t +status_cb (void *opaque, const char *keyword, const char *value) +{ + (void)opaque; + fprintf (stderr, "status_cb: %s %s\n", nonnull(keyword), nonnull(value)); + return 0; +} + + +static void +progress_cb (void *opaque, const char *what, int type, int current, int total) +{ + (void)opaque; + (void)type; + + if (total) + fprintf (stderr, "progress for '%s' %u%% (%d of %d)\n", + nonnull (what), + (unsigned)(((double)current / total) * 100), current, total); + else + fprintf (stderr, "progress for '%s' %d\n", nonnull(what), current); + fflush (stderr); +} + + +static unsigned long +parse_expire_string (const char *string) +{ + unsigned long seconds; + + if (!string || !*string || !strcmp (string, "none") + || !strcmp (string, "never") || !strcmp (string, "-")) + seconds = 0; + else if (strspn (string, "01234567890") == strlen (string)) + seconds = strtoul (string, NULL, 10); + else + { + fprintf (stderr, PGM ": invalid value '%s'\n", string); + exit (1); + } + + return seconds; +} + + +/* Parse a usage string and return flags for gpgme_op_createkey. */ +static unsigned int +parse_usage_string (const char *string) +{ + gpg_error_t err; + char **tokens = NULL; + const char *s; + int i; + unsigned int flags = 0; + + tokens = strtokenize (string, " \t,"); + if (!tokens) + { + err = gpg_error_from_syserror (); + fprintf (stderr, PGM": strtokenize failed: %s\n", gpg_strerror (err)); + exit (1); + } + + for (i=0; (s = tokens[i]); i++) + { + if (!*s) + ; + else if (!strcmp (s, "default")) + ; + else if (!strcmp (s, "sign")) + flags |= GPGME_CREATE_SIGN; + else if (!strcmp (s, "encr")) + flags |= GPGME_CREATE_ENCR; + else if (!strcmp (s, "cert")) + flags |= GPGME_CREATE_CERT; + else if (!strcmp (s, "auth")) + flags |= GPGME_CREATE_AUTH; + else + { + free (tokens); + fprintf (stderr, PGM": invalid value '%s': %s\n", + string, "bad usage"); + exit (1); + } + } + + free (tokens); + return flags; +} + + + +static int +show_usage (int ex) +{ + fputs ("usage: " PGM " [options] USERID [ALGO [USAGE [EXPIRESECONDS]]]\n\n" + "Options:\n" + " --verbose run in verbose mode\n" + " --status print status lines from the backend\n" + " --progress print progress info\n" + " --openpgp use the OpenPGP protocol (default)\n" + " --cms use the CMS protocol\n" + " --loopback use a loopback pinentry\n" + " --unprotected do not use a passphrase\n" + " --force do not check for a duplicated user id\n" + , stderr); + exit (ex); +} + + +int +main (int argc, char **argv) +{ + int last_argc = -1; + gpgme_error_t err; + gpgme_ctx_t ctx; + gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; + int print_status = 0; + int print_progress = 0; + int use_loopback = 0; + const char *userid; + const char *algo = NULL; + unsigned int flags = 0; + unsigned long expire = 0; + gpgme_genkey_result_t result; + + if (argc) + { argc--; argv++; } + + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + show_usage (0); + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--status")) + { + print_status = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--progress")) + { + print_progress = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--openpgp")) + { + protocol = GPGME_PROTOCOL_OpenPGP; + argc--; argv++; + } + else if (!strcmp (*argv, "--cms")) + { + protocol = GPGME_PROTOCOL_CMS; + argc--; argv++; + } + else if (!strcmp (*argv, "--loopback")) + { + use_loopback = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--unprotected")) + { + flags |= GPGME_CREATE_NOPASSWD; + argc--; argv++; + } + else if (!strcmp (*argv, "--force")) + { + flags |= GPGME_CREATE_FORCE; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + show_usage (1); + } + + if (!argc || argc > 4) + show_usage (1); + userid = argv[0]; + if (argc > 1) + algo = argv[1]; + if (argc > 2) + flags |= parse_usage_string (argv[2]); + if (argc > 3) + expire = parse_expire_string (argv[3]); + + init_gpgme (protocol); + + err = gpgme_new (&ctx); + fail_if_err (err); + gpgme_set_protocol (ctx, protocol); + gpgme_set_armor (ctx, 1); + if (print_status) + { + gpgme_set_status_cb (ctx, status_cb, NULL); + gpgme_set_ctx_flag (ctx, "full-status", "1"); + } + if (print_progress) + gpgme_set_progress_cb (ctx, progress_cb, NULL); + if (use_loopback) + { + gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK); + gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); + } + + err = gpgme_op_createkey (ctx, userid, algo, 0, expire, NULL, flags); + if (err) + { + fprintf (stderr, PGM ": gpgme_op_createkey failed: %s\n", + gpg_strerror (err)); + exit (1); + } + + result = gpgme_op_genkey_result (ctx); + if (!result) + { + fprintf (stderr, PGM": gpgme_op_genkey_result returned NULL\n"); + exit (1); + } + + printf ("Generated key: %s (%s)\n", + result->fpr ? result->fpr : "none", + result->primary ? (result->sub ? "primary, sub" : "primary") + /**/ : (result->sub ? "sub" : "none")); + + if (result->fpr && strlen (result->fpr) < 40) + fprintf (stderr, PGM": generated key has unexpected fingerprint\n"); + if (!result->primary) + fprintf (stderr, PGM": primary key was not generated\n"); + if (!result->sub) + fprintf (stderr, PGM": sub key was not generated\n"); + + gpgme_release (ctx); + return 0; +} ----------------------------------------------------------------------- Summary of changes: NEWS | 13 ++ src/engine-backend.h | 6 +- src/engine-gpg.c | 162 ++++++++++++++++++++++-- src/engine-gpgsm.c | 50 +++++--- src/engine.c | 10 +- src/engine.h | 4 + src/export.c | 2 +- src/genkey.c | 172 +++++++++++++++++++++---- src/gpgme.def | 3 + src/gpgme.h.in | 56 ++++++++- src/libgpgme.vers | 6 +- tests/Makefile.am | 2 +- tests/run-genkey.c | 348 +++++++++++++++++++++++++++++++++++++++++++++++++++ 13 files changed, 775 insertions(+), 59 deletions(-) create mode 100644 tests/run-genkey.c hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 13 21:02:41 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 13 Sep 2016 21:02:41 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-348-g51f9acb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 51f9acbca935c5287d9a28205037b0923e9a65f5 (commit) via 686a065f639ef006e33c164e282d787bcd169754 (commit) via 3009e6162eaa39adaaf45f06fc4f88c7153360ee (commit) via 4a200146b602349eebb4eac2e102357748d7ba5b (commit) via 9064eebdc05e7149c2c8cc899fbd7874622fb769 (commit) via 4491ef0a9a15d3b307d1ade37ff620ef9fcb2478 (commit) via 3972f476e00f27d41a0aeabcb66600905b6737bd (commit) via 0510591c36591816a6ff3f87a04451001b7ed46f (commit) from 00c501d296da287bec2fd6a0e3912abfbde90a98 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 51f9acbca935c5287d9a28205037b0923e9a65f5 Author: Werner Koch Date: Tue Sep 13 20:59:07 2016 +0200 core: Use const char * where appropriate. Signed-off-by: Werner Koch diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 1f48173..5f0ea06 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -359,7 +359,7 @@ llass_set_locale (void *engine, int category, const char *value) gpgme_error_t err; engine_llass_t llass = engine; char *optstr; - char *catstr; + const char *catstr; if (!llass->opt.gpg_agent) return 0; diff --git a/src/engine-g13.c b/src/engine-g13.c index ce98b1b..7f225eb 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -356,7 +356,7 @@ g13_set_locale (void *engine, int category, const char *value) engine_g13_t g13 = engine; gpgme_error_t err; char *optstr; - char *catstr; + const char *catstr; /* FIXME: If value is NULL, we need to reset the option to default. But we can't do this. So we error out here. G13 needs support @@ -405,7 +405,7 @@ g13_set_locale (void *engine, int category, const char *value) #if USE_DESCRIPTOR_PASSING static gpgme_error_t -g13_assuan_simple_command (assuan_context_t ctx, char *cmd, +g13_assuan_simple_command (assuan_context_t ctx, const char *cmd, engine_status_handler_t status_fnc, void *status_fnc_value) { diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 7270e36..f22d8b4 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1574,6 +1574,8 @@ gpg_passwd (void *engine, gpgme_key_t key, unsigned int flags) engine_gpg_t gpg = engine; gpgme_error_t err; + (void)flags; + if (!key || !key->subkeys || !key->subkeys->fpr) return gpg_error (GPG_ERR_INV_CERT_OBJ); diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 1cf5046..0610c7a 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -517,7 +517,7 @@ gpgsm_set_locale (void *engine, int category, const char *value) engine_gpgsm_t gpgsm = engine; gpgme_error_t err; char *optstr; - char *catstr; + const char *catstr; /* FIXME: If value is NULL, we need to reset the option to default. But we can't do this. So we error out here. GPGSM needs support @@ -565,7 +565,7 @@ gpgsm_set_locale (void *engine, int category, const char *value) static gpgme_error_t -gpgsm_assuan_simple_command (engine_gpgsm_t gpgsm, char *cmd, +gpgsm_assuan_simple_command (engine_gpgsm_t gpgsm, const char *cmd, engine_status_handler_t status_fnc, void *status_fnc_value) { @@ -674,7 +674,7 @@ gpgsm_set_fd (engine_gpgsm_t gpgsm, fd_type_t fd_type, const char *opt) { gpg_error_t err = 0; char line[COMMANDLINELEN]; - char *which; + const char *which; iocb_data_t *iocb_data; #if USE_DESCRIPTOR_PASSING int dir; @@ -1480,6 +1480,7 @@ gpgsm_genkey (void *engine, } (void)userid; + (void)algo; (void)expires; (void)key; (void)flags; @@ -2017,6 +2018,8 @@ gpgsm_passwd (void *engine, gpgme_key_t key, unsigned int flags) gpgme_error_t err; char *line; + (void)flags; + if (!key || !key->subkeys || !key->subkeys->fpr) return gpg_error (GPG_ERR_INV_CERT_OBJ); diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 215dbe3..2817527 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -251,6 +251,7 @@ uiserver_new (void **engine, const char *file_name, const char *home_dir, char *dft_ttytype = NULL; char *optstr; + (void)home_dir; (void)version; /* Not yet used. */ uiserver = calloc (1, sizeof *uiserver); @@ -400,7 +401,7 @@ uiserver_set_locale (void *engine, int category, const char *value) engine_uiserver_t uiserver = engine; gpgme_error_t err; char *optstr; - char *catstr; + const char *catstr; /* FIXME: If value is NULL, we need to reset the option to default. But we can't do this. So we error out here. UISERVER needs support @@ -459,7 +460,7 @@ uiserver_set_protocol (void *engine, gpgme_protocol_t protocol) static gpgme_error_t -uiserver_assuan_simple_command (engine_uiserver_t uiserver, char *cmd, +uiserver_assuan_simple_command (engine_uiserver_t uiserver, const char *cmd, engine_status_handler_t status_fnc, void *status_fnc_value) { @@ -534,7 +535,7 @@ uiserver_set_fd (engine_uiserver_t uiserver, fd_type_t fd_type, const char *opt) { gpg_error_t err = 0; char line[COMMANDLINELEN]; - char *which; + const char *which; iocb_data_t *iocb_data; int dir; diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index 80d7d72..fb158f1 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -202,7 +202,7 @@ peek_membuf (membuf_t *mb, size_t *len) /* SUPPORT. */ FILE *log_stream; -char *program_name = "gpgme-tool"; +char program_name[] = "gpgme-tool"; #define spacep(p) (*(p) == ' ' || *(p) == '\t') @@ -308,7 +308,7 @@ struct result_xml_state #define MAX_TAGS 20 int next_tag; - char *tag[MAX_TAGS]; + const char *tag[MAX_TAGS]; int had_data[MAX_TAGS]; }; @@ -492,7 +492,8 @@ result_xml_tag_end (struct result_xml_state *state) gpg_error_t -result_add_error (struct result_xml_state *state, char *name, gpg_error_t err) +result_add_error (struct result_xml_state *state, + const char *name, gpg_error_t err) { char code[20]; char msg[1024]; @@ -508,7 +509,7 @@ result_add_error (struct result_xml_state *state, char *name, gpg_error_t err) gpg_error_t result_add_pubkey_algo (struct result_xml_state *state, - char *name, gpgme_pubkey_algo_t algo) + const char *name, gpgme_pubkey_algo_t algo) { char code[20]; char msg[80]; @@ -524,10 +525,11 @@ result_add_pubkey_algo (struct result_xml_state *state, gpg_error_t result_add_hash_algo (struct result_xml_state *state, - char *name, gpgme_hash_algo_t algo) + const char *name, gpgme_hash_algo_t algo) { char code[20]; char msg[80]; + snprintf (code, sizeof (code) - 1, "0x%x", algo); snprintf (msg, sizeof (msg) - 1, "%s", gpgme_hash_algo_name (algo)); @@ -539,7 +541,8 @@ result_add_hash_algo (struct result_xml_state *state, gpg_error_t -result_add_keyid (struct result_xml_state *state, char *name, char *keyid) +result_add_keyid (struct result_xml_state *state, + const char *name, const char *keyid) { result_xml_tag_start (state, name, NULL); result_xml_tag_data (state, keyid); @@ -549,7 +552,8 @@ result_add_keyid (struct result_xml_state *state, char *name, char *keyid) gpg_error_t -result_add_fpr (struct result_xml_state *state, char *name, char *fpr) +result_add_fpr (struct result_xml_state *state, + const char *name, const char *fpr) { result_xml_tag_start (state, name, NULL); result_xml_tag_data (state, fpr); @@ -559,7 +563,7 @@ result_add_fpr (struct result_xml_state *state, char *name, char *fpr) gpg_error_t -result_add_timestamp (struct result_xml_state *state, char *name, +result_add_timestamp (struct result_xml_state *state, const char *name, unsigned int timestamp) { char code[20]; @@ -572,10 +576,10 @@ result_add_timestamp (struct result_xml_state *state, char *name, gpg_error_t -result_add_sig_mode (struct result_xml_state *state, char *name, +result_add_sig_mode (struct result_xml_state *state, const char *name, gpgme_sig_mode_t sig_mode) { - char *mode; + const char *mode; char code[20]; snprintf (code, sizeof (code) - 1, "%i", sig_mode); @@ -602,7 +606,7 @@ result_add_sig_mode (struct result_xml_state *state, char *name, gpg_error_t -result_add_protocol (struct result_xml_state *state, char *name, +result_add_protocol (struct result_xml_state *state, const char *name, gpgme_protocol_t protocol) { const char *str; @@ -620,7 +624,7 @@ result_add_protocol (struct result_xml_state *state, char *name, gpg_error_t -result_add_validity (struct result_xml_state *state, char *name, +result_add_validity (struct result_xml_state *state, const char *name, gpgme_validity_t validity) { const char *str; @@ -657,7 +661,7 @@ result_add_validity (struct result_xml_state *state, char *name, gpg_error_t result_add_value (struct result_xml_state *state, - char *name, unsigned int val) + const char *name, unsigned int val) { char code[20]; @@ -670,7 +674,7 @@ result_add_value (struct result_xml_state *state, gpg_error_t result_add_string (struct result_xml_state *state, - char *name, char *str) + const char *name, const char *str) { if (!str) str = ""; diff --git a/src/posix-io.c b/src/posix-io.c index 258e8ea..c0b2f4f 100644 --- a/src/posix-io.c +++ b/src/posix-io.c @@ -282,7 +282,7 @@ _gpgme_io_set_nonblocking (int fd) static long int get_max_fds (void) { - char *source = NULL; + const char *source = NULL; long int fds = -1; int rc; diff --git a/src/version.c b/src/version.c index a9bf7b8..8bc898f 100644 --- a/src/version.c +++ b/src/version.c @@ -196,7 +196,7 @@ _gpgme_compare_versions (const char *my_version, const char * gpgme_check_version (const char *req_version) { - char *result; + const char *result; do_subsystem_inits (); /* Catch-22: We need to get at least the debug subsystem ready commit 686a065f639ef006e33c164e282d787bcd169754 Author: Werner Koch Date: Tue Sep 13 20:57:15 2016 +0200 core: Cast away the common const problem with spawn and argv. * src/dirinfo.c (read_gpgconf_dirs): Use a cast to assignd to ARGV. Signed-off-by: Werner Koch diff --git a/src/dirinfo.c b/src/dirinfo.c index ecb1c0c..b24a8a0 100644 --- a/src/dirinfo.c +++ b/src/dirinfo.c @@ -193,7 +193,7 @@ read_gpgconf_dirs (const char *pgmname, int components) char *mark = NULL; argv[0] = (char *)pgmname; - argv[1] = components? "--list-components" : "--list-dirs"; + argv[1] = (char*)(components? "--list-components" : "--list-dirs"); argv[2] = NULL; if (_gpgme_io_pipe (rp, 1) < 0) diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c index d5e7e2b..015ef00 100644 --- a/src/engine-gpgconf.c +++ b/src/engine-gpgconf.c @@ -200,7 +200,7 @@ gpgconf_config_release (gpgme_conf_comp_t conf) allow for quite a long "group" line, which is usually the longest line (mine is currently ~3k). */ static gpgme_error_t -gpgconf_read (void *engine, char *arg1, char *arg2, +gpgconf_read (void *engine, const char *arg1, char *arg2, gpgme_error_t (*cb) (void *hook, char *line), void *hook) { @@ -217,7 +217,7 @@ gpgconf_read (void *engine, char *arg1, char *arg2, int nread; char *mark = NULL; - argv[1] = arg1; + argv[1] = (char*)arg1; argv[2] = arg2; @@ -678,14 +678,14 @@ _gpgme_conf_opt_change (gpgme_conf_opt_t opt, int reset, gpgme_conf_arg_t arg) /* FIXME: Major problem: We don't get errors from gpgconf. */ static gpgme_error_t -gpgconf_write (void *engine, char *arg1, char *arg2, gpgme_data_t conf) +gpgconf_write (void *engine, const char *arg1, char *arg2, gpgme_data_t conf) { struct engine_gpgconf *gpgconf = engine; gpgme_error_t err = 0; #define BUFLEN 1024 char buf[BUFLEN]; int buflen = 0; - char *argv[] = { NULL /* file_name */, arg1, arg2, 0 }; + char *argv[] = { NULL /* file_name */, (char*)arg1, arg2, 0 }; int rp[2]; struct spawn_fd_item_s cfd[] = { {-1, 0 /* STDIN_FILENO */}, {-1, -1} }; int status; commit 3009e6162eaa39adaaf45f06fc4f88c7153360ee Author: Werner Koch Date: Tue Sep 13 20:54:55 2016 +0200 core: Fix condition-always-true warning in trace macro. * src/data-compat.c (old_user_read): Cast AMT. Signed-off-by: Werner Koch diff --git a/src/data-compat.c b/src/data-compat.c index ec80172..5c7d543 100644 --- a/src/data-compat.c +++ b/src/data-compat.c @@ -187,7 +187,7 @@ old_user_read (gpgme_data_t dh, void *buffer, size_t size) buffer, size, &amt); if (err) return TRACE_SYSRES (gpgme_error_to_errno (err)); - return TRACE_SYSRES (amt); + return TRACE_SYSRES ((gpgme_ssize_t)amt); } commit 4a200146b602349eebb4eac2e102357748d7ba5b Author: Werner Koch Date: Tue Sep 13 20:53:14 2016 +0200 core: Mark unused function args. Signed-off-by: Werner Koch diff --git a/src/assuan-support.c b/src/assuan-support.c index 745d2aa..2cfdc35 100644 --- a/src/assuan-support.c +++ b/src/assuan-support.c @@ -26,6 +26,10 @@ int _gpgme_assuan_log_cb (assuan_context_t ctx, void *hook, unsigned int cat, const char *msg) { + (void)ctx; + (void)hook; + (void)cat; + if (msg == NULL) return 1; @@ -49,6 +53,8 @@ my_pipe (assuan_context_t ctx, assuan_fd_t fds[2], int inherit_idx) int res; int gfds[2]; + (void)ctx; + res = _gpgme_io_pipe (gfds, inherit_idx); /* For now... */ @@ -64,6 +70,7 @@ my_pipe (assuan_context_t ctx, assuan_fd_t fds[2], int inherit_idx) static int my_close (assuan_context_t ctx, assuan_fd_t fd) { + (void)ctx; return _gpgme_io_close ((int) fd); } @@ -71,6 +78,7 @@ my_close (assuan_context_t ctx, assuan_fd_t fd) static gpgme_ssize_t my_read (assuan_context_t ctx, assuan_fd_t fd, void *buffer, size_t size) { + (void)ctx; return _gpgme_io_read ((int) fd, buffer, size); } @@ -78,6 +86,7 @@ my_read (assuan_context_t ctx, assuan_fd_t fd, void *buffer, size_t size) static gpgme_ssize_t my_write (assuan_context_t ctx, assuan_fd_t fd, const void *buffer, size_t size) { + (void)ctx; return _gpgme_io_write ((int) fd, buffer, size); } @@ -86,6 +95,7 @@ static int my_recvmsg (assuan_context_t ctx, assuan_fd_t fd, assuan_msghdr_t msg, int flags) { + (void)ctx; #ifdef HAVE_W32_SYSTEM gpg_err_set_errno (ENOSYS); return -1; @@ -100,6 +110,7 @@ static int my_sendmsg (assuan_context_t ctx, assuan_fd_t fd, const assuan_msghdr_t msg, int flags) { + (void)ctx; #ifdef HAVE_W32_SYSTEM gpg_err_set_errno (ENOSYS); return -1; @@ -124,6 +135,9 @@ my_spawn (assuan_context_t ctx, pid_t *r_pid, const char *name, struct spawn_fd_item_s *fd_items; int i; + (void)ctx; + (void)flags; + assert (name); if (! name) @@ -194,6 +208,7 @@ static pid_t my_waitpid (assuan_context_t ctx, pid_t pid, int nowait, int *status, int options) { + (void)ctx; #ifdef HAVE_W32_SYSTEM CloseHandle ((HANDLE) pid); #else @@ -226,6 +241,7 @@ my_socketpair (assuan_context_t ctx, int namespace, int style, static int my_socket (assuan_context_t ctx, int namespace, int style, int protocol) { + (void)ctx; return _gpgme_io_socket (namespace, style, protocol); } @@ -234,6 +250,7 @@ static int my_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, socklen_t length) { + (void)ctx; return _gpgme_io_connect (sock, addr, length); } diff --git a/src/data-identify.c b/src/data-identify.c index 1edfb9b..a5da7f5 100644 --- a/src/data-identify.c +++ b/src/data-identify.c @@ -489,6 +489,8 @@ gpgme_data_identify (gpgme_data_t dh, int reserved) int n; gpgme_off_t off; + (void)reserved; + /* Check whether we can seek the data object. */ off = gpgme_data_seek (dh, 0, SEEK_CUR); if (off == (gpgme_off_t)(-1)) diff --git a/src/delete.c b/src/delete.c index d7fdf50..fc99aac 100644 --- a/src/delete.c +++ b/src/delete.c @@ -33,6 +33,8 @@ static gpgme_error_t delete_status_handler (void *priv, gpgme_status_code_t code, char *args) { + (void)priv; + if (code == GPGME_STATUS_DELETE_PROBLEM) { enum delete_problem diff --git a/src/engine-assuan.c b/src/engine-assuan.c index c4a84a3..1f48173 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -131,6 +131,7 @@ llass_get_home_dir (void) static char * llass_get_version (const char *file_name) { + (void)file_name; return NULL; } diff --git a/src/engine-g13.c b/src/engine-g13.c index afb085d..ce98b1b 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -413,6 +413,9 @@ g13_assuan_simple_command (assuan_context_t ctx, char *cmd, char *line; size_t linelen; + (void)status_fnc; + (void)status_fnc_value; + err = assuan_write_line (ctx, cmd); if (err) return err; diff --git a/src/engine-gpg.c b/src/engine-gpg.c index c528d05..7270e36 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2540,6 +2540,8 @@ gpg_keylist (void *engine, const char *pattern, int secret_only, engine_gpg_t gpg = engine; gpgme_error_t err; + (void)engine_flags; + err = gpg_keylist_build_options (gpg, secret_only, mode); if (!err && pattern && *pattern) @@ -2559,6 +2561,8 @@ gpg_keylist_ext (void *engine, const char *pattern[], int secret_only, engine_gpg_t gpg = engine; gpgme_error_t err; + (void)engine_flags; + if (reserved) return gpg_error (GPG_ERR_INV_VALUE); @@ -2585,6 +2589,8 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out, engine_gpg_t gpg = engine; gpgme_error_t err; + (void)include_certs; + if (mode == GPGME_SIG_MODE_CLEAR) err = add_arg (gpg, "--clearsign"); else diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c index 2e25d76..d5e7e2b 100644 --- a/src/engine-gpgconf.c +++ b/src/engine-gpgconf.c @@ -912,6 +912,8 @@ gpgconf_conf_save (void *engine, gpgme_conf_comp_t comp) static void gpgconf_set_io_cbs (void *engine, gpgme_io_cbs_t io_cbs) { + (void)engine; + (void)io_cbs; /* Nothing to do. */ } diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 81e8fab..1cf5046 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -185,6 +185,8 @@ close_notify_handler (int fd, void *opaque) static gpgme_error_t default_inq_cb (engine_gpgsm_t gpgsm, const char *line) { + (void)gpgsm; + if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17])) { _gpgme_allow_set_foreground_window ((pid_t)strtoul (line+17, NULL, 10)); @@ -660,6 +662,9 @@ gpgsm_clear_fd (engine_gpgsm_t gpgsm, fd_type_t fd_type) _gpgme_io_close (gpgsm->message_cb.fd); break; } +#else + (void)gpgsm; + (void)fd_type; #endif } @@ -1133,6 +1138,8 @@ gpgsm_delete (void *engine, gpgme_key_t key, int allow_secret) char *line; int length = 8; /* "DELKEYS " */ + (void)allow_secret; + if (!fpr) return gpg_error (GPG_ERR_INV_VALUE); @@ -1816,6 +1823,8 @@ gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out, int i; gpgme_key_t key; + (void)use_textmode; + if (!gpgsm) return gpg_error (GPG_ERR_INV_VALUE); diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 2ed7825..215dbe3 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -187,6 +187,8 @@ close_notify_handler (int fd, void *opaque) static gpgme_error_t default_inq_cb (engine_uiserver_t uiserver, const char *line) { + (void)uiserver; + if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17])) { _gpgme_allow_set_foreground_window ((pid_t)strtoul (line+17, NULL, 10)); @@ -1151,6 +1153,9 @@ uiserver_sign (void *engine, gpgme_data_t in, gpgme_data_t out, char *cmd; gpgme_key_t key; + (void)use_textmode; + (void)include_certs; + if (!uiserver || !in || !out) return gpg_error (GPG_ERR_INV_VALUE); if (uiserver->protocol == GPGME_PROTOCOL_DEFAULT) diff --git a/src/getauditlog.c b/src/getauditlog.c index 3bb4138..e2ba25e 100644 --- a/src/getauditlog.c +++ b/src/getauditlog.c @@ -31,6 +31,9 @@ static gpgme_error_t getauditlog_status_handler (void *priv, gpgme_status_code_t code, char *args) { + (void)priv; + (void)code; + (void)args; return 0; } diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index ec85039..80d7d72 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -1809,6 +1809,8 @@ server_passphrase_cb (void *opaque, const char *uid_hint, const char *info, unsigned char *buf = NULL; size_t buflen = 0; + (void)was_bad; + if (server && server->assuan_ctx) { if (uid_hint) @@ -1983,6 +1985,9 @@ static gpg_error_t reset_notify (assuan_context_t ctx, char *line) { struct server *server = assuan_get_pointer (ctx); + + (void)line; + server_reset_fds (server); gt_reset (server->gt); return 0; @@ -2306,6 +2311,8 @@ cmd_signers_clear (assuan_context_t ctx, char *line) { struct server *server = assuan_get_pointer (ctx); + (void)line; + return gt_signers_clear (server->gt); } @@ -2322,6 +2329,8 @@ _cmd_decrypt_verify (assuan_context_t ctx, char *line, int verify) gpgme_data_t inp_data; gpgme_data_t out_data; + (void)line; + inp_fd = server->input_fd; inp_fn = server->input_filename; if (inp_fd == ASSUAN_INVALID_FD && !inp_fn) @@ -2548,6 +2557,8 @@ cmd_verify (assuan_context_t ctx, char *line) gpgme_data_t msg_data = NULL; gpgme_data_t out_data = NULL; + (void)line; + inp_fd = server->input_fd; inp_fn = server->input_filename; if (inp_fd == ASSUAN_INVALID_FD && !inp_fn) @@ -2723,6 +2734,8 @@ cmd_genkey (assuan_context_t ctx, char *line) gpgme_data_t parms_data = NULL; const char *parms; + (void)line; + inp_fd = server->input_fd; inp_fn = server->input_filename; if (inp_fd == ASSUAN_INVALID_FD && !inp_fn) @@ -3038,6 +3051,9 @@ static gpg_error_t cmd_result (assuan_context_t ctx, char *line) { struct server *server = assuan_get_pointer (ctx); + + (void)line; + return gt_result (server->gt, GT_RESULT_ALL); } @@ -3093,6 +3109,8 @@ cmd_identify (assuan_context_t ctx, char *line) char *inp_fn; gpgme_data_t inp_data; + (void)line; + inp_fd = server->input_fd; inp_fn = server->input_filename; if (inp_fd == ASSUAN_INVALID_FD && !inp_fn) diff --git a/src/keylist.c b/src/keylist.c index f7912e6..8a0c5a3 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -122,6 +122,8 @@ keylist_status_handler (void *priv, gpgme_status_code_t code, char *args) void *hook; op_data_t opd; + (void)args; + err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL); opd = hook; if (err) diff --git a/src/op-support.c b/src/op-support.c index a74405e..9f10cd3 100644 --- a/src/op-support.c +++ b/src/op-support.c @@ -213,6 +213,8 @@ _gpgme_parse_inv_recp (char *args, int for_signing, char *tail; long int reason; + (void)for_signing; + inv_key = calloc (1, sizeof (*inv_key)); if (!inv_key) return gpg_error_from_syserror (); diff --git a/src/posix-util.c b/src/posix-util.c index 0fce5c2..889c6aa 100644 --- a/src/posix-util.c +++ b/src/posix-util.c @@ -145,6 +145,8 @@ _gpgme_get_gpgconf_path (void) int _gpgme_get_conf_int (const char *key, int *value) { + (void)key; + (void)value; return 0; } diff --git a/src/trustlist.c b/src/trustlist.c index d456780..c85ef87 100644 --- a/src/trustlist.c +++ b/src/trustlist.c @@ -52,6 +52,9 @@ typedef struct static gpgme_error_t trustlist_status_handler (void *priv, gpgme_status_code_t code, char *args) { + (void)priv; + (void)code; + (void)args; return 0; } diff --git a/src/verify.c b/src/verify.c index 5ac937d..6bdbe66 100644 --- a/src/verify.c +++ b/src/verify.c @@ -1264,6 +1264,8 @@ gpgme_get_sig_ulong_attr (gpgme_ctx_t ctx, int idx, gpgme_verify_result_t result; gpgme_signature_t sig; + (void)whatidx; + result = gpgme_op_verify_result (ctx); sig = result->signatures; diff --git a/src/version.c b/src/version.c index e2f1c35..a9bf7b8 100644 --- a/src/version.c +++ b/src/version.c @@ -307,7 +307,7 @@ _gpgme_get_program_version (const char *const file_name) char *mark = NULL; int rp[2]; int nread; - char *argv[] = {NULL /* file_name */, "--version", 0}; + char *argv[] = {NULL /* file_name */, (char*)"--version", 0}; struct spawn_fd_item_s cfd[] = { {-1, 1 /* STDOUT_FILENO */, -1, 0}, {-1, -1} }; int status; diff --git a/src/vfs-create.c b/src/vfs-create.c index 48931b9..a01d4da 100644 --- a/src/vfs-create.c +++ b/src/vfs-create.c @@ -118,6 +118,8 @@ _gpgme_op_vfs_create (gpgme_ctx_t ctx, gpgme_key_t recp[], char *container_file_esc = NULL; int i; + (void)flags; + /* We want to encourage people to check error values, so not getting them is discouraged here. Also makes our code easier. */ if (! op_err) diff --git a/src/vfs-mount.c b/src/vfs-mount.c index b9b1b4d..5d2f2a9 100644 --- a/src/vfs-mount.c +++ b/src/vfs-mount.c @@ -173,6 +173,8 @@ _gpgme_op_vfs_mount (gpgme_ctx_t ctx, const char *container_file, char *cmd; char *container_file_esc = NULL; + (void)flags; + /* We want to encourage people to check error values, so not getting them is discouraged here. Also makes our code easier. */ if (! op_err) diff --git a/src/wait-user.c b/src/wait-user.c index ba28761..c7bc80f 100644 --- a/src/wait-user.c +++ b/src/wait-user.c @@ -46,6 +46,8 @@ _gpgme_user_io_cb_handler (void *data, int fd) struct tag *tag = (struct tag *) data; gpgme_ctx_t ctx; + (void)fd; + assert (data); ctx = tag->ctx; assert (ctx); commit 9064eebdc05e7149c2c8cc899fbd7874622fb769 Author: Werner Koch Date: Tue Sep 13 20:48:06 2016 +0200 tests: Mark lots of unused vars and fix const mismatches. Signed-off-by: Werner Koch diff --git a/tests/gpg/t-decrypt-verify.c b/tests/gpg/t-decrypt-verify.c index 823655f..b774cfd 100644 --- a/tests/gpg/t-decrypt-verify.c +++ b/tests/gpg/t-decrypt-verify.c @@ -37,7 +37,7 @@ static void check_verify_result (gpgme_verify_result_t result, unsigned int summary, - char *fpr, gpgme_error_t status) + const char *fpr, gpgme_error_t status) { gpgme_signature_t sig; @@ -104,6 +104,9 @@ main (int argc, char *argv[]) char *cipher_2_asc = make_filename ("cipher-2.asc"); char *agent_info; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); diff --git a/tests/gpg/t-decrypt.c b/tests/gpg/t-decrypt.c index b085e04..92fadd6 100644 --- a/tests/gpg/t-decrypt.c +++ b/tests/gpg/t-decrypt.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -36,7 +36,7 @@ #include "t-support.h" -int +int main (int argc, char *argv[]) { gpgme_ctx_t ctx; @@ -46,6 +46,9 @@ main (int argc, char *argv[]) char *cipher_1_asc = make_filename ("cipher-1.asc"); char *agent_info; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); @@ -61,7 +64,7 @@ main (int argc, char *argv[]) err = gpgme_data_new (&out); fail_if_err (err); - + err = gpgme_op_decrypt (ctx, in, out); fail_if_err (err); result = gpgme_op_decrypt_result (ctx); @@ -72,7 +75,7 @@ main (int argc, char *argv[]) exit (1); } print_data (out); - + gpgme_data_release (in); gpgme_data_release (out); gpgme_release (ctx); diff --git a/tests/gpg/t-edit.c b/tests/gpg/t-edit.c index 545db73..8b5f7cb 100644 --- a/tests/gpg/t-edit.c +++ b/tests/gpg/t-edit.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -43,7 +43,7 @@ flush_data (gpgme_data_t dh) { char buf[100]; int ret; - + ret = gpgme_data_seek (dh, 0, SEEK_SET); if (ret) fail_if_err (gpgme_error_from_errno (errno)); @@ -57,11 +57,11 @@ flush_data (gpgme_data_t dh) gpgme_error_t edit_fnc (void *opaque, gpgme_status_code_t status, const char *args, int fd) { - char *result = NULL; + const char *result = NULL; gpgme_data_t out = (gpgme_data_t) opaque; fputs ("[-- Response --]\n", stdout); - flush_data (out); + flush_data (out); fprintf (stdout, "[-- Code: %i, %s --]\n", status, args); @@ -70,7 +70,7 @@ edit_fnc (void *opaque, gpgme_status_code_t status, const char *args, int fd) if (!strcmp (args, "keyedit.prompt")) { static int step = 0; - + switch (step) { case 0: @@ -110,7 +110,7 @@ edit_fnc (void *opaque, gpgme_status_code_t status, const char *args, int fd) } -int +int main (int argc, char **argv) { gpgme_ctx_t ctx; @@ -120,6 +120,9 @@ main (int argc, char **argv) const char *pattern = "Alpha"; char *agent_info; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); diff --git a/tests/gpg/t-encrypt-large.c b/tests/gpg/t-encrypt-large.c index 6cc6138..8d78a04 100644 --- a/tests/gpg/t-encrypt-large.c +++ b/tests/gpg/t-encrypt-large.c @@ -2,17 +2,17 @@ Copyright (C) 2005 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -50,7 +50,7 @@ read_cb (void *handle, void *buffer, size_t size) for (; size && parms->bytes_to_send; size--, parms->bytes_to_send--) *p++ = rand (); - + return (p - (char*)buffer); } @@ -60,6 +60,8 @@ write_cb (void *handle, const void *buffer, size_t size) { struct cb_parms *parms = handle; + (void)buffer; + parms->bytes_received += size; return size; @@ -70,13 +72,18 @@ static void progress_cb (void *opaque, const char *what, int type, int current, int total) { /* This is just a dummy. */ + (void)opaque; + (void)what; + (void)type; + (void)current; + (void)total; } -int +int main (int argc, char *argv[]) { gpgme_ctx_t ctx; @@ -94,7 +101,7 @@ main (int argc, char *argv[]) nbytes = 100000; init_gpgme (GPGME_PROTOCOL_OpenPGP); - + memset (&cbs, 0, sizeof cbs); cbs.read = read_cb; cbs.write = write_cb; @@ -131,7 +138,7 @@ main (int argc, char *argv[]) result->invalid_recipients->fpr); exit (1); } - printf ("plaintext=%u bytes, ciphertext=%u bytes\n", + printf ("plaintext=%u bytes, ciphertext=%u bytes\n", (unsigned int)nbytes, (unsigned int)parms.bytes_received); gpgme_key_unref (key[0]); diff --git a/tests/gpg/t-encrypt-mixed.c b/tests/gpg/t-encrypt-mixed.c index 488b1ce..afe5ba2 100644 --- a/tests/gpg/t-encrypt-mixed.c +++ b/tests/gpg/t-encrypt-mixed.c @@ -34,7 +34,7 @@ that an encrypted message can be decrypted without the secret key but that the recipient is also set correctly. */ int -main (int argc, char *argv[]) +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; diff --git a/tests/gpg/t-encrypt-sign.c b/tests/gpg/t-encrypt-sign.c index 1e1262f..41d16a0 100644 --- a/tests/gpg/t-encrypt-sign.c +++ b/tests/gpg/t-encrypt-sign.c @@ -94,6 +94,9 @@ main (int argc, char **argv) gpgme_sign_result_t sign_result; char *agent_info; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); diff --git a/tests/gpg/t-encrypt-sym.c b/tests/gpg/t-encrypt-sym.c index 42dc3ca..8e5e7ff 100644 --- a/tests/gpg/t-encrypt-sym.c +++ b/tests/gpg/t-encrypt-sym.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -36,7 +36,7 @@ #include "t-support.h" -int +int main (int argc, char *argv[]) { gpgme_ctx_t ctx; @@ -47,6 +47,9 @@ main (int argc, char *argv[]) char *p; size_t len; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); diff --git a/tests/gpg/t-encrypt.c b/tests/gpg/t-encrypt.c index 09474fe..6eafc00 100644 --- a/tests/gpg/t-encrypt.c +++ b/tests/gpg/t-encrypt.c @@ -43,6 +43,9 @@ main (int argc, char *argv[]) gpgme_key_t key[3] = { NULL, NULL, NULL }; gpgme_encrypt_result_t result; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); diff --git a/tests/gpg/t-eventloop.c b/tests/gpg/t-eventloop.c index cb1e57c..74af35f 100644 --- a/tests/gpg/t-eventloop.c +++ b/tests/gpg/t-eventloop.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -167,8 +167,8 @@ struct gpgme_io_cbs io_cbs = }; -int -main (int argc, char *argv[]) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; @@ -214,7 +214,7 @@ main (int argc, char *argv[]) fputs ("Begin Result:\n", stdout); print_data (out); fputs ("End Result.\n", stdout); - + gpgme_key_unref (key[0]); gpgme_key_unref (key[1]); gpgme_data_release (in); diff --git a/tests/gpg/t-export.c b/tests/gpg/t-export.c index 85cff23..eaed829 100644 --- a/tests/gpg/t-export.c +++ b/tests/gpg/t-export.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -35,7 +35,7 @@ #include "t-support.h" -int +int main (int argc, char **argv) { gpgme_ctx_t ctx; @@ -44,6 +44,9 @@ main (int argc, char **argv) const char *pattern[] = { "Alpha", "Bob", NULL }; gpgme_key_t keyarray[3]; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); @@ -60,7 +63,7 @@ main (int argc, char **argv) fputs ("Begin Result:\n", stdout); print_data (out); fputs ("End Result.\n", stdout); - + gpgme_data_release (out); /* Again. Now using a key array. */ @@ -84,11 +87,11 @@ main (int argc, char **argv) fputs ("Begin Result:\n", stdout); print_data (out); fputs ("End Result.\n", stdout); - + gpgme_data_release (out); gpgme_release (ctx); - + return 0; } diff --git a/tests/gpg/t-file-name.c b/tests/gpg/t-file-name.c index dad4bd9..3c2a796 100644 --- a/tests/gpg/t-file-name.c +++ b/tests/gpg/t-file-name.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -36,8 +36,8 @@ #define TESTNAME "abcde12345" -int -main (int argc, char *argv[]) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; @@ -47,7 +47,7 @@ main (int argc, char *argv[]) char *agent_info; init_gpgme (GPGME_PROTOCOL_OpenPGP); - + err = gpgme_new (&ctx); fail_if_err (err); gpgme_set_armor (ctx, 1); diff --git a/tests/gpg/t-genkey.c b/tests/gpg/t-genkey.c index 407824f..f0127f7 100644 --- a/tests/gpg/t-genkey.c +++ b/tests/gpg/t-genkey.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -40,6 +40,8 @@ static int progress_called; static void progress (void *self, const char *what, int type, int current, int total) { + (void)self; + if (!strcmp (what, "primegen") && !current && !total && (type == '.' || type == '+' || type == '!' || type == '^' || type == '<' || type == '>')) @@ -57,7 +59,7 @@ progress (void *self, const char *what, int type, int current, int total) } -int +int main (int argc, char **argv) { gpgme_ctx_t ctx; @@ -75,13 +77,16 @@ main (int argc, char **argv) "\n"; gpgme_genkey_result_t result; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); fail_if_err (err); gpgme_set_progress_cb (ctx, progress, NULL); - + err = gpgme_op_genkey (ctx, parms, NULL, NULL); fail_if_err (err); diff --git a/tests/gpg/t-gpgconf.c b/tests/gpg/t-gpgconf.c index 8e487b7..55033bf 100644 --- a/tests/gpg/t-gpgconf.c +++ b/tests/gpg/t-gpgconf.c @@ -7,12 +7,12 @@ under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -172,8 +172,8 @@ dump_opt (gpgme_conf_opt_t opt) { if (opt->argname) { - char *more = (opt->flags & GPGME_CONF_LIST) ? "..." : ""; - + const char *more = (opt->flags & GPGME_CONF_LIST) ? "..." : ""; + if (opt->flags & GPGME_CONF_OPTIONAL) { printf ("%c%c --%s [%s%s] %s", level, runtime, opt->name, opt->argname, more, @@ -187,7 +187,7 @@ dump_opt (gpgme_conf_opt_t opt) } else printf ("%c%c --%s%s", level, runtime, opt->name, spaces (opt->name, 5)); - + if (opt->description) printf ("%s", opt->description); printf ("\n"); @@ -250,8 +250,8 @@ dump_comp (gpgme_conf_comp_t comp) } -int -main (int argc, char **argv) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; @@ -302,13 +302,13 @@ main (int argc, char **argv) opt = comp->options; while (opt && strcmp (opt->name, "verbose")) opt = opt->next; - + /* Allow for the verbose option not to be there. */ if (opt) { err = gpgme_conf_opt_change (opt, 0, arg); fail_if_err (err); - + err = gpgme_op_conf_save (ctx, comp); fail_if_err (err); } diff --git a/tests/gpg/t-import.c b/tests/gpg/t-import.c index 41cfd23..89a5815 100644 --- a/tests/gpg/t-import.c +++ b/tests/gpg/t-import.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -36,7 +36,7 @@ void -check_result (gpgme_import_result_t result, char *fpr, int secret) +check_result (gpgme_import_result_t result, const char *fpr, int secret) { if (result->considered != 1 && (secret && result->considered != 3)) { @@ -207,7 +207,7 @@ check_result (gpgme_import_result_t result, char *fpr, int secret) } -int +int main (int argc, char *argv[]) { gpgme_ctx_t ctx; @@ -217,6 +217,9 @@ main (int argc, char *argv[]) char *pubkey_1_asc = make_filename ("pubkey-1.asc"); char *seckey_1_asc = make_filename ("seckey-1.asc"); + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); diff --git a/tests/gpg/t-keylist-sig.c b/tests/gpg/t-keylist-sig.c index ec30624..fdec7ca 100644 --- a/tests/gpg/t-keylist-sig.c +++ b/tests/gpg/t-keylist-sig.c @@ -36,20 +36,20 @@ struct { - char *fpr; - char *sec_keyid; + const char *fpr; + const char *sec_keyid; struct { - char *name; - char *comment; - char *email; + const char *name; + const char *comment; + const char *email; struct { gpgme_pubkey_algo_t algo; - char *keyid; - char *name; - char *comment; - char *email; + const char *keyid; + const char *name; + const char *comment; + const char *email; unsigned int sig_class; int exportable; } sig; @@ -72,7 +72,7 @@ keys[] = int -main (int argc, char **argv) +main (void) { gpgme_error_t err; gpgme_ctx_t ctx; diff --git a/tests/gpg/t-keylist.c b/tests/gpg/t-keylist.c index 67844cb..6ee023c 100644 --- a/tests/gpg/t-keylist.c +++ b/tests/gpg/t-keylist.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -36,13 +36,13 @@ struct key_info_s { - char *fpr; - char *sec_keyid; + const char *fpr; + const char *sec_keyid; struct { - char *name; - char *comment; - char *email; + const char *name; + const char *comment; + const char *email; } uid[3]; int n_subkeys; void (*misc_check)(struct key_info_s *keyinfo, gpgme_key_t key); @@ -121,7 +121,7 @@ struct key_info_s keys[] = }; -int +int main (int argc, char **argv) { gpgme_error_t err; @@ -132,6 +132,9 @@ main (int argc, char **argv) int n; gpgme_subkey_t subkey; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); @@ -139,7 +142,7 @@ main (int argc, char **argv) err = gpgme_op_keylist_start (ctx, NULL, 0); fail_if_err (err); - + while (!(err = gpgme_op_keylist_next (ctx, &key))) { if (!keys[i].fpr) @@ -223,7 +226,7 @@ main (int argc, char **argv) exit (1); } - for (n=0, subkey = key->subkeys; subkey; subkey = subkey->next) + for (n=0, subkey = key->subkeys; subkey; subkey = subkey->next) n++; if (!n || n-1 != keys[i].n_subkeys) { @@ -583,7 +586,7 @@ check_whisky (struct key_info_s *keyinfo, gpgme_key_t key) { const char *name = keyinfo->uid[0].name; gpgme_subkey_t sub1, sub2; - + sub1 = key->subkeys->next->next; sub2 = sub1->next; diff --git a/tests/gpg/t-sig-notation.c b/tests/gpg/t-sig-notation.c index 98d5095..aee7551 100644 --- a/tests/gpg/t-sig-notation.c +++ b/tests/gpg/t-sig-notation.c @@ -2,17 +2,17 @@ Copyright (C) 2005 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -44,14 +44,14 @@ static struct { const char *value; gpgme_sig_notation_flags_t flags; int seen; -} expected_notations[] = { +} expected_notations[] = { { "laughing at me", "Just Squeeze Me", GPGME_SIG_NOTATION_HUMAN_READABLE }, { "preferred-email-encoding at pgp.com", "pgpmime", GPGME_SIG_NOTATION_HUMAN_READABLE | GPGME_SIG_NOTATION_CRITICAL }, - { NULL, + { NULL, "http://www.gnu.org/policy/", 0 } }; @@ -61,7 +61,7 @@ check_result (gpgme_verify_result_t result) { int i; gpgme_sig_notation_t r; - + gpgme_signature_t sig; sig = result->signatures; @@ -74,7 +74,7 @@ check_result (gpgme_verify_result_t result) for (i=0; i < DIM(expected_notations); i++ ) expected_notations[i].seen = 0; - + for (r = result->signatures->notations; r; r = r->next) { int any = 0; @@ -124,7 +124,7 @@ check_result (gpgme_verify_result_t result) } -int +int main (int argc, char *argv[]) { gpgme_ctx_t ctx; @@ -135,6 +135,9 @@ main (int argc, char *argv[]) int i; gpgme_engine_info_t engine_info; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_get_engine_info (&engine_info); @@ -172,7 +175,7 @@ main (int argc, char *argv[]) expected_notations[i].flags); fail_if_err (err); } - + err = gpgme_op_sign (ctx, in, out, GPGME_SIG_MODE_NORMAL); fail_if_err (err); diff --git a/tests/gpg/t-sign.c b/tests/gpg/t-sign.c index bdd3323..66f54ea 100644 --- a/tests/gpg/t-sign.c +++ b/tests/gpg/t-sign.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -82,7 +82,7 @@ check_result (gpgme_sign_result_t result, gpgme_sig_mode_t type) } -int +int main (int argc, char **argv) { gpgme_ctx_t ctx; @@ -91,6 +91,9 @@ main (int argc, char **argv) gpgme_sign_result_t result; char *agent_info; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); @@ -102,7 +105,7 @@ main (int argc, char **argv) gpgme_set_textmode (ctx, 1); gpgme_set_armor (ctx, 1); - + #if 0 { gpgme_key_t akey; @@ -126,8 +129,8 @@ main (int argc, char **argv) check_result (result, GPGME_SIG_MODE_NORMAL); print_data (out); gpgme_data_release (out); - - /* Now a detached signature. */ + + /* Now a detached signature. */ gpgme_data_seek (in, 0, SEEK_SET); err = gpgme_data_new (&out); fail_if_err (err); diff --git a/tests/gpg/t-signers.c b/tests/gpg/t-signers.c index c75c1d4..b1eb191 100644 --- a/tests/gpg/t-signers.c +++ b/tests/gpg/t-signers.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -93,7 +93,7 @@ check_result (gpgme_sign_result_t result, gpgme_sig_mode_t type) } -int +int main (int argc, char *argv[]) { gpgme_ctx_t ctx; @@ -103,6 +103,9 @@ main (int argc, char *argv[]) gpgme_sign_result_t result; char *agent_info; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); @@ -141,7 +144,7 @@ main (int argc, char *argv[]) check_result (result, GPGME_SIG_MODE_NORMAL); print_data (out); gpgme_data_release (out); - + /* Now a detached signature. */ gpgme_data_seek (in, 0, SEEK_SET); err = gpgme_data_new (&out); @@ -152,7 +155,7 @@ main (int argc, char *argv[]) check_result (result, GPGME_SIG_MODE_DETACH); print_data (out); gpgme_data_release (out); - + /* And finally a cleartext signature. */ gpgme_data_seek (in, 0, SEEK_SET); err = gpgme_data_new (&out); @@ -161,10 +164,10 @@ main (int argc, char *argv[]) fail_if_err (err); result = gpgme_op_sign_result (ctx); check_result (result, GPGME_SIG_MODE_CLEAR); - print_data (out); + print_data (out); gpgme_data_release (out); gpgme_data_seek (in, 0, SEEK_SET); - + gpgme_data_release (in); gpgme_release (ctx); diff --git a/tests/gpg/t-support.h b/tests/gpg/t-support.h index 7a0b9f9..db69dd0 100644 --- a/tests/gpg/t-support.h +++ b/tests/gpg/t-support.h @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -61,7 +61,7 @@ print_data (gpgme_data_t dh) #define BUF_SIZE 512 char buf[BUF_SIZE + 1]; int ret; - + ret = gpgme_data_seek (dh, 0, SEEK_SET); if (ret) fail_if_err (gpgme_err_code_from_errno (errno)); @@ -107,7 +107,7 @@ make_filename (const char *fname) if (!srcdir) srcdir = "."; buf = malloc (strlen(srcdir) + strlen(fname) + 2); - if (!buf) + if (!buf) exit (8); strcpy (buf, srcdir); strcat (buf, "/"); diff --git a/tests/gpg/t-thread1.c b/tests/gpg/t-thread1.c index 0d4b2de..2f9ee5d 100644 --- a/tests/gpg/t-thread1.c +++ b/tests/gpg/t-thread1.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -68,7 +68,7 @@ thread_one (void *name) err = gpgme_get_key (ctx, "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", &key[1], 0); fail_if_err (err); - + err = gpgme_op_encrypt (ctx, key, GPGME_ENCRYPT_ALWAYS_TRUST, in, out); fail_if_err (err); result = gpgme_op_encrypt_result (ctx); @@ -119,7 +119,7 @@ thread_two (void *name) err = gpgme_data_new (&out); fail_if_err (err); - + err = gpgme_op_decrypt (ctx, in, out); fail_if_err (err); result = gpgme_op_decrypt_result (ctx); @@ -130,7 +130,7 @@ thread_two (void *name) exit (1); } printf ("Decrypt %s %i\n", (char *) name, i); - + gpgme_data_release (in); gpgme_data_release (out); gpgme_release (ctx); @@ -139,16 +139,18 @@ thread_two (void *name) return NULL; } -int -main (int argc, char *argv[]) +int +main (void) { pthread_t tone; pthread_t ttwo; + char arg_A[] = "A"; + char arg_B[] = "B"; init_gpgme (GPGME_PROTOCOL_OpenPGP); - pthread_create (&tone, NULL, thread_one, "A"); - pthread_create (&ttwo, NULL, thread_two, "B"); + pthread_create (&tone, NULL, thread_one, arg_A); + pthread_create (&ttwo, NULL, thread_two, arg_B); pthread_join (tone, NULL); pthread_join (ttwo, NULL); diff --git a/tests/gpg/t-trustlist.c b/tests/gpg/t-trustlist.c index 5d24518..eeab85e 100644 --- a/tests/gpg/t-trustlist.c +++ b/tests/gpg/t-trustlist.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -34,13 +34,16 @@ #include "t-support.h" -int +int main (int argc, char *argv[]) { gpgme_ctx_t ctx; gpgme_error_t err; gpgme_trust_item_t item; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); diff --git a/tests/gpg/t-verify.c b/tests/gpg/t-verify.c index dceabac..9842d3a 100644 --- a/tests/gpg/t-verify.c +++ b/tests/gpg/t-verify.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -77,7 +77,7 @@ static const char test_sig2[] = "-----END PGP MESSAGE-----\n"; /* A message with a prepended but unsigned plaintext packet. */ -static const char double_plaintext_sig[] = +static const char double_plaintext_sig[] = "-----BEGIN PGP MESSAGE-----\n" "\n" "rDRiCmZvb2Jhci50eHRF4pxNVGhpcyBpcyBteSBzbmVha3kgcGxhaW50ZXh0IG1l\n" @@ -92,7 +92,8 @@ static const char double_plaintext_sig[] = static void -check_result (gpgme_verify_result_t result, unsigned int summary, char *fpr, +check_result (gpgme_verify_result_t result, unsigned int summary, + const char *fpr, gpgme_error_t status, int notation) { gpgme_signature_t sig; @@ -135,7 +136,7 @@ check_result (gpgme_verify_result_t result, unsigned int summary, char *fpr, " das waren Umlaute und jetzt ein prozent%-Zeichen" }, { "foobar.1", "this is a notation data with 2 lines" }, - { NULL, + { NULL, "http://www.gu.org/policy/" } }; int i; @@ -201,7 +202,7 @@ check_result (gpgme_verify_result_t result, unsigned int summary, char *fpr, } -int +int main (int argc, char *argv[]) { gpgme_ctx_t ctx; @@ -209,6 +210,9 @@ main (int argc, char *argv[]) gpgme_data_t sig, text; gpgme_verify_result_t result; + (void)argc; + (void)argv; + init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); diff --git a/tests/gpg/t-wait.c b/tests/gpg/t-wait.c index e58adad..352b9bf 100644 --- a/tests/gpg/t-wait.c +++ b/tests/gpg/t-wait.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -38,8 +38,8 @@ #include "t-support.h" -int -main (int argc, char *argv[]) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; diff --git a/tests/gpgsm/t-decrypt.c b/tests/gpgsm/t-decrypt.c index 654c7e1..658809c 100644 --- a/tests/gpgsm/t-decrypt.c +++ b/tests/gpgsm/t-decrypt.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -48,8 +48,8 @@ static const char test_cip1[] = "-----END CMS OBJECT-----\n"; -int -main (int argc, char *argv[]) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; @@ -78,7 +78,7 @@ main (int argc, char *argv[]) exit (1); } print_data (out); - + gpgme_data_release (in); gpgme_data_release (out); gpgme_release (ctx); diff --git a/tests/gpgsm/t-encrypt.c b/tests/gpgsm/t-encrypt.c index 45c772b..50c7a33 100644 --- a/tests/gpgsm/t-encrypt.c +++ b/tests/gpgsm/t-encrypt.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -33,8 +33,8 @@ #include "t-support.h" -int -main (int argc, char **argv) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; @@ -54,7 +54,7 @@ main (int argc, char **argv) err = gpgme_data_new (&out); fail_if_err (err); - + err = gpgme_get_key (ctx, "3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E", &key[0], 0); fail_if_err (err); diff --git a/tests/gpgsm/t-export.c b/tests/gpgsm/t-export.c index d8856f2..120df6b 100644 --- a/tests/gpgsm/t-export.c +++ b/tests/gpgsm/t-export.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -34,15 +34,15 @@ #include "t-support.h" -int -main (int argc, char *argv[]) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; gpgme_data_t out; const char *pattern1[] = { "DFN Top Level Certification Authority", NULL }; const char *pattern2[] = { "3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E", - "DFN Server Certification Authority", + "DFN Server Certification Authority", NULL }; init_gpgme (GPGME_PROTOCOL_CMS); diff --git a/tests/gpgsm/t-genkey.c b/tests/gpgsm/t-genkey.c index 9de9d54..fb05034 100644 --- a/tests/gpgsm/t-genkey.c +++ b/tests/gpgsm/t-genkey.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -40,6 +40,8 @@ static int progress_called; static void progress (void *self, const char *what, int type, int current, int total) { + (void)self; + if (!strcmp (what, "primegen") && !current && !total && (type == '.' || type == '+' || type == '!' || type == '^' || type == '<' || type == '>')) @@ -57,8 +59,8 @@ progress (void *self, const char *what, int type, int current, int total) } -int -main (int argc, char *argv[]) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; @@ -83,7 +85,7 @@ main (int argc, char *argv[]) gpgme_set_armor (ctx, 1); gpgme_set_progress_cb (ctx, progress, NULL); - + err = gpgme_op_genkey (ctx, parms, certreq, NULL); fail_if_err (err); diff --git a/tests/gpgsm/t-import.c b/tests/gpgsm/t-import.c index adfebaa..a8dfcca 100644 --- a/tests/gpgsm/t-import.c +++ b/tests/gpgsm/t-import.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -36,9 +36,11 @@ void -check_result (gpgme_import_result_t result, char *fpr, int total, +check_result (gpgme_import_result_t result, const char *fpr, int total, int total_stat) { + (void)fpr; + if (result->considered != total) { fprintf (stderr, "Unexpected number of considered keys %i\n", @@ -118,14 +120,14 @@ check_result (gpgme_import_result_t result, char *fpr, int total, result->not_imported); exit (1); } - + { int n; gpgme_import_status_t r; for (n=0, r=result->imports; r; r=r->next) n++; - + if (n != total_stat) { fprintf (stderr, "Unexpected number of status reports\n"); @@ -135,8 +137,8 @@ check_result (gpgme_import_result_t result, char *fpr, int total, } -int -main (int argc, char **argv) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; @@ -149,7 +151,7 @@ main (int argc, char **argv) err = gpgme_new (&ctx); fail_if_err (err); - + gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS); err = gpgme_data_new_from_file (&in, cert_1, 1); diff --git a/tests/gpgsm/t-keylist.c b/tests/gpgsm/t-keylist.c index 5204ab2..314109c 100644 --- a/tests/gpgsm/t-keylist.c +++ b/tests/gpgsm/t-keylist.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -36,15 +36,15 @@ struct { - char *fpr; + const char *fpr; int secret; long timestamp; long expires; - char *issuer_serial; - char *issuer_name; - char *chain_id; - char *uid; - char *email; + const char *issuer_serial; + const char *issuer_name; + const char *chain_id; + const char *uid; + const char *email; gpgme_validity_t validity; unsigned int key_length; } @@ -80,8 +80,8 @@ keys[] = }; -int -main (int argc, char **argv) +int +main (void) { gpgme_error_t err; gpgme_ctx_t ctx; @@ -97,7 +97,7 @@ main (int argc, char **argv) err = gpgme_op_keylist_start (ctx, NULL, 0); fail_if_err (err); - + while (!(err = gpgme_op_keylist_next (ctx, &key))) { if (!keys[i].fpr) diff --git a/tests/gpgsm/t-sign.c b/tests/gpgsm/t-sign.c index dc2d841..d4e143d 100644 --- a/tests/gpgsm/t-sign.c +++ b/tests/gpgsm/t-sign.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -80,8 +80,8 @@ check_result (gpgme_sign_result_t result, gpgme_sig_mode_t type) } -int -main (int argc, char *argv[]) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; @@ -109,8 +109,8 @@ main (int argc, char *argv[]) check_result (result, GPGME_SIG_MODE_NORMAL); print_data (out); gpgme_data_release (out); - - /* Now a detached signature. */ + + /* Now a detached signature. */ gpgme_data_seek (in, 0, SEEK_SET); err = gpgme_data_new (&out); fail_if_err (err); diff --git a/tests/gpgsm/t-support.h b/tests/gpgsm/t-support.h index ae3ad1f..c3074db 100644 --- a/tests/gpgsm/t-support.h +++ b/tests/gpgsm/t-support.h @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -47,7 +47,7 @@ print_data (gpgme_data_t dh) #define BUF_SIZE 512 char buf[BUF_SIZE + 1]; int ret; - + ret = gpgme_data_seek (dh, 0, SEEK_SET); if (ret) fail_if_err (gpgme_error_from_errno (errno)); @@ -93,7 +93,7 @@ make_filename (const char *fname) if (!srcdir) srcdir = "."; buf = malloc (strlen(srcdir) + strlen(fname) + 2); - if (!buf) + if (!buf) exit (8); strcpy (buf, srcdir); strcat (buf, "/"); diff --git a/tests/gpgsm/t-verify.c b/tests/gpgsm/t-verify.c index 901b46f..004a125 100644 --- a/tests/gpgsm/t-verify.c +++ b/tests/gpgsm/t-verify.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -52,7 +52,7 @@ static const char test_sig1[] = static void -check_result (gpgme_verify_result_t result, int summary, char *fpr, +check_result (gpgme_verify_result_t result, int summary, const char *fpr, gpgme_error_t status, gpgme_validity_t validity) { gpgme_signature_t sig; @@ -134,8 +134,8 @@ show_auditlog (gpgme_ctx_t ctx) -int -main (int argc, char **argv) +int +main (void) { gpgme_ctx_t ctx; gpgme_error_t err; @@ -147,7 +147,7 @@ main (int argc, char **argv) err = gpgme_new (&ctx); fail_if_err (err); gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS); - + /* Checking a valid message. */ err = gpgme_data_new_from_mem (&text, test_text1, strlen (test_text1), 0); fail_if_err (err); @@ -179,6 +179,6 @@ main (int argc, char **argv) gpgme_data_release (text); gpgme_data_release (sig); - gpgme_release (ctx); + gpgme_release (ctx); return got_errors? 1 : 0; } diff --git a/tests/opassuan/t-command.c b/tests/opassuan/t-command.c index 87f8202..9c791ee 100644 --- a/tests/opassuan/t-command.c +++ b/tests/opassuan/t-command.c @@ -7,12 +7,12 @@ under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, see . */ @@ -46,9 +46,12 @@ static gpgme_error_t data_cb (void *opaque, const void *data, size_t datalen) { + (void)opaque; + (void)data; + printf ("DATA_CB: datalen=%d\n", (int)datalen); return 0; -} +} static gpgme_error_t @@ -58,12 +61,14 @@ inq_cb (void *opaque, const char *name, const char *args, gpgme_data_t data; gpgme_error_t err; + (void)opaque; + if (name) { printf ("INQ_CB: name=`%s' args=`%s'\n", name, args); /* There shall be no data object. */ assert (!*r_data); - + err = gpgme_data_new (&data); fail_if_err (err); *r_data = data; @@ -85,19 +90,21 @@ inq_cb (void *opaque, const char *name, const char *args, return 0; -} +} static gpgme_error_t status_cb (void *opaque, const char *status, const char *args) { + (void)opaque; + printf ("STATUS_CB: status=`%s' args=`%s'\n", status, args); return 0; -} +} -int +int main (int argc, char **argv) { gpgme_error_t err; @@ -118,7 +125,7 @@ main (int argc, char **argv) argv++; } command = argc? *argv : "NOP"; - + err = gpgme_new (&ctx); fail_if_err (err); diff --git a/tests/run-sign.c b/tests/run-sign.c index c59c356..70853ed 100644 --- a/tests/run-sign.c +++ b/tests/run-sign.c @@ -51,6 +51,8 @@ print_result (gpgme_sign_result_t result, gpgme_sig_mode_t type) gpgme_invalid_key_t invkey; gpgme_new_signature_t sig; + (void)type; + for (invkey = result->invalid_signers; invkey; invkey = invkey->next) printf ("Signing key `%s' not used: %s <%s>\n", nonnull (invkey->fpr), diff --git a/tests/t-data.c b/tests/t-data.c index 178675c..fe2d59e 100644 --- a/tests/t-data.c +++ b/tests/t-data.c @@ -86,6 +86,8 @@ read_cb (void *cb_value, char *buffer, size_t count, size_t *nread) unsigned int amount = strlen (text) - off; /* round_t round = *((round_t *) cb_value); */ + (void)cb_value; + if (!buffer && !count && !nread) { /* Rewind requested. */ @@ -190,8 +192,9 @@ write_test (round_t round, gpgme_data_t data) } } + int -main (int argc, char **argv) +main (void) { round_t round = TEST_INITIALIZER; char *text_filename = make_filename ("t-data-1.txt"); commit 4491ef0a9a15d3b307d1ade37ff620ef9fcb2478 Author: Werner Koch Date: Tue Sep 13 20:46:41 2016 +0200 tests: Use gpgme_io_write in passhrase callbacks. * tests/gpg/t-support.h (passphrase_cb): Use gpgme_io_write. * tests/gpgsm/t-support.h (passphrase_cb): Ditto. * tests/run-support.h (passphrase_cb): Ditto. Signed-off-by: Werner Koch diff --git a/tests/gpg/t-support.h b/tests/gpg/t-support.h index 6a18b5c..7a0b9f9 100644 --- a/tests/gpg/t-support.h +++ b/tests/gpg/t-support.h @@ -76,27 +76,25 @@ gpgme_error_t passphrase_cb (void *opaque, const char *uid_hint, const char *passphrase_info, int last_was_bad, int fd) { -#ifdef HAVE_W32_SYSTEM - DWORD written; - WriteFile ((HANDLE) fd, "abc\n", 4, &written, 0); -#else int res; - char *pass = "abc\n"; + char pass[] = "abc\n"; int passlen = strlen (pass); int off = 0; + (void)opaque; + (void)uid_hint; + (void)passphrase_info; + (void)last_was_bad; + do { - res = write (fd, &pass[off], passlen - off); + res = gpgme_io_write (fd, &pass[off], passlen - off); if (res > 0) off += res; } while (res > 0 && off != passlen); return off == passlen ? 0 : gpgme_error_from_errno (errno); -#endif - - return 0; } diff --git a/tests/gpgsm/t-support.h b/tests/gpgsm/t-support.h index cc1a7db..ae3ad1f 100644 --- a/tests/gpgsm/t-support.h +++ b/tests/gpgsm/t-support.h @@ -63,13 +63,18 @@ passphrase_cb (void *opaque, const char *uid_hint, const char *passphrase_info, int last_was_bad, int fd) { int res; - char *pass = "abc\n"; + char pass[] = "abc\n"; int passlen = strlen (pass); int off = 0; + (void)opaque; + (void)uid_hint; + (void)passphrase_info; + (void)last_was_bad; + do { - res = write (fd, &pass[off], passlen - off); + res = gpgme_io_write (fd, &pass[off], passlen - off); if (res > 0) off += res; } diff --git a/tests/run-support.h b/tests/run-support.h index b1aea4b..e4a4f70 100644 --- a/tests/run-support.h +++ b/tests/run-support.h @@ -75,27 +75,25 @@ gpgme_error_t passphrase_cb (void *opaque, const char *uid_hint, const char *passphrase_info, int last_was_bad, int fd) { -#ifdef HAVE_W32_SYSTEM - DWORD written; - WriteFile ((HANDLE) fd, "abc\n", 4, &written, 0); -#else int res; - char *pass = "abc\n"; + char pass[] = "abc\n"; int passlen = strlen (pass); int off = 0; + (void)opaque; + (void)uid_hint; + (void)passphrase_info; + (void)last_was_bad; + do { - res = write (fd, &pass[off], passlen - off); + res = gpgme_io_write (fd, &pass[off], passlen - off); if (res > 0) off += res; } while (res > 0 && off != passlen); return off == passlen ? 0 : gpgme_error_from_errno (errno); -#endif - - return 0; } commit 3972f476e00f27d41a0aeabcb66600905b6737bd Author: Werner Koch Date: Tue Sep 13 20:44:59 2016 +0200 core: Do not pass const char* to functions taking a char*. Signed-off-by: Werner Koch diff --git a/src/argparse.c b/src/argparse.c index b6abf86..003334f 100644 --- a/src/argparse.c +++ b/src/argparse.c @@ -895,6 +895,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) char **argv; char *s, *s2; int i; + char string_with_x[] = "x"; initialize( arg, NULL, NULL ); argc = *arg->argc; @@ -1106,7 +1107,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) argc--; argv++; idx++; /* Skip one. */ } } - s = "x"; /* This is so that !s[1] yields false. */ + s = string_with_x; /* This is so that !s[1] yields false. */ } else { diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 289578b..c528d05 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1081,7 +1081,11 @@ read_status (engine_gpg_t gpg) err = gpg->status.mon_cb (gpg->status.mon_cb_value, GPGME_STATUS_EOF, ""); if (gpg->status.fnc) - err = gpg->status.fnc (gpg->status.fnc_value, GPGME_STATUS_EOF, ""); + { + char emptystring[1] = {0}; + err = gpg->status.fnc (gpg->status.fnc_value, + GPGME_STATUS_EOF, emptystring); + } return err; } diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 3f3230b..81e8fab 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -818,8 +818,11 @@ status_handler (void *opaque, int fd) && (line[2] == '\0' || line[2] == ' ')) { if (gpgsm->status.fnc) - err = gpgsm->status.fnc (gpgsm->status.fnc_value, - GPGME_STATUS_EOF, ""); + { + char emptystring[1] = {0}; + err = gpgsm->status.fnc (gpgsm->status.fnc_value, + GPGME_STATUS_EOF, emptystring); + } if (!err && gpgsm->colon.fnc && gpgsm->colon.any) { diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index de12f2b..2ed7825 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -669,8 +669,11 @@ status_handler (void *opaque, int fd) && (line[2] == '\0' || line[2] == ' ')) { if (uiserver->status.fnc) - err = uiserver->status.fnc (uiserver->status.fnc_value, - GPGME_STATUS_EOF, ""); + { + char emptystring[1] = {0}; + err = uiserver->status.fnc (uiserver->status.fnc_value, + GPGME_STATUS_EOF, emptystring); + } if (!err && uiserver->colon.fnc && uiserver->colon.any) { diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index 5ad5b25..ec85039 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -337,13 +337,14 @@ result_xml_indent (struct result_xml_state *state) gpg_error_t -result_xml_tag_start (struct result_xml_state *state, char *name, ...) +result_xml_tag_start (struct result_xml_state *state, const char *name, ...) { result_xml_write_cb_t cb = state->cb; void *hook = state->hook; va_list ap; char *attr; char *attr_val; + char string_null[] = "(null)"; va_start (ap, name); @@ -374,7 +375,7 @@ result_xml_tag_start (struct result_xml_state *state, char *name, ...) attr_val = va_arg (ap, char *); if (attr_val == NULL) - attr_val = "(null)"; + attr_val = string_null; (*cb) (hook, " ", 1); (*cb) (hook, attr, strlen (attr)); commit 0510591c36591816a6ff3f87a04451001b7ed46f Author: Werner Koch Date: Tue Sep 13 20:41:16 2016 +0200 build: Use more compiler warnings * configure.ac: Add useful compiler warnings. -- It is strange that this seems to be the only GnuPG package which does not use modern warning. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 744b52a..bac7908 100644 --- a/configure.ac +++ b/configure.ac @@ -512,6 +512,35 @@ AM_SUBST_NOTMAKE(API__SSIZE_T) # Checks for compiler features. if test "$GCC" = yes; then CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" + if test "$USE_MAINTAINER_MODE" = "yes"; then + CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security" + + # If -Wno-missing-field-initializers is supported we can enable a + # a bunch of really useful warnings. + AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wno-missing-field-initializers" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_wopt" = xyes ; then + CFLAGS="$CFLAGS -W -Wextra -Wbad-function-cast" + CFLAGS="$CFLAGS -Wwrite-strings" + CFLAGS="$CFLAGS -Wdeclaration-after-statement" + CFLAGS="$CFLAGS -Wno-missing-field-initializers" + CFLAGS="$CFLAGS -Wno-sign-compare" + fi + + AC_MSG_CHECKING([if gcc supports -Wpointer-arith]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wpointer-arith" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_wopt" = xyes ; then + CFLAGS="$CFLAGS -Wpointer-arith" + fi + fi if test "$have_w32_system" = yes; then CFLAGS="$CFLAGS -mms-bitfields" fi ----------------------------------------------------------------------- Summary of changes: configure.ac | 29 +++++++++++++++++++++++ src/argparse.c | 3 ++- src/assuan-support.c | 17 ++++++++++++++ src/data-compat.c | 2 +- src/data-identify.c | 2 ++ src/delete.c | 2 ++ src/dirinfo.c | 2 +- src/engine-assuan.c | 3 ++- src/engine-g13.c | 7 ++++-- src/engine-gpg.c | 14 ++++++++++- src/engine-gpgconf.c | 10 ++++---- src/engine-gpgsm.c | 25 ++++++++++++++++---- src/engine-uiserver.c | 19 +++++++++++---- src/getauditlog.c | 3 +++ src/gpgme-tool.c | 55 +++++++++++++++++++++++++++++++------------- src/keylist.c | 2 ++ src/op-support.c | 2 ++ src/posix-io.c | 2 +- src/posix-util.c | 2 ++ src/trustlist.c | 3 +++ src/verify.c | 2 ++ src/version.c | 4 ++-- src/vfs-create.c | 2 ++ src/vfs-mount.c | 2 ++ src/wait-user.c | 2 ++ tests/gpg/t-decrypt-verify.c | 5 +++- tests/gpg/t-decrypt.c | 15 +++++++----- tests/gpg/t-edit.c | 19 ++++++++------- tests/gpg/t-encrypt-large.c | 21 +++++++++++------ tests/gpg/t-encrypt-mixed.c | 2 +- tests/gpg/t-encrypt-sign.c | 3 +++ tests/gpg/t-encrypt-sym.c | 11 +++++---- tests/gpg/t-encrypt.c | 3 +++ tests/gpg/t-eventloop.c | 12 +++++----- tests/gpg/t-export.c | 17 ++++++++------ tests/gpg/t-file-name.c | 12 +++++----- tests/gpg/t-genkey.c | 15 ++++++++---- tests/gpg/t-gpgconf.c | 18 +++++++-------- tests/gpg/t-import.c | 13 +++++++---- tests/gpg/t-keylist-sig.c | 20 ++++++++-------- tests/gpg/t-keylist.c | 27 ++++++++++++---------- tests/gpg/t-sig-notation.c | 21 +++++++++-------- tests/gpg/t-sign.c | 17 ++++++++------ tests/gpg/t-signers.c | 19 ++++++++------- tests/gpg/t-support.h | 26 ++++++++++----------- tests/gpg/t-thread1.c | 22 ++++++++++-------- tests/gpg/t-trustlist.c | 11 +++++---- tests/gpg/t-verify.c | 18 +++++++++------ tests/gpg/t-wait.c | 10 ++++---- tests/gpgsm/t-decrypt.c | 12 +++++----- tests/gpgsm/t-encrypt.c | 12 +++++----- tests/gpgsm/t-export.c | 12 +++++----- tests/gpgsm/t-genkey.c | 14 ++++++----- tests/gpgsm/t-import.c | 20 ++++++++-------- tests/gpgsm/t-keylist.c | 24 +++++++++---------- tests/gpgsm/t-sign.c | 14 +++++------ tests/gpgsm/t-support.h | 19 +++++++++------ tests/gpgsm/t-verify.c | 16 ++++++------- tests/opassuan/t-command.c | 23 +++++++++++------- tests/run-sign.c | 2 ++ tests/run-support.h | 16 ++++++------- tests/t-data.c | 5 +++- 62 files changed, 486 insertions(+), 276 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 09:49:23 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Sep 2016 09:49:23 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-102-g0fd332b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0fd332bc1f6f1f10c96da0cc91203925d3ac81eb (commit) from 30a011cfd6ec172cc460e59f0904a26fe2d68632 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0fd332bc1f6f1f10c96da0cc91203925d3ac81eb Author: Werner Koch Date: Wed Sep 14 09:46:10 2016 +0200 gpg: Allow use of "default" algo for--quick-addkey. * g10/keygen.c (quick_generate_keypair): Write a status error. (parse_algo_usage_expire): Set a default curve. Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index e897075..9cf314d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3614,6 +3614,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr, || !cpr_get_answer_is_yes_def ("quick_keygen.force", _("Create anyway? (y/N) "), 0)) { + write_status_error ("genkey", gpg_error (304)); log_inc_errorcount (); /* we used log_info */ goto leave; } @@ -4457,12 +4458,14 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO; use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE; nbits = for_subkey? DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE; + curve = for_subkey? DEFAULT_STD_SUBCURVE : DEFAULT_STD_CURVE; } else if (!strcmp (algostr, "future-default")) { algo = for_subkey? FUTURE_STD_SUBALGO : FUTURE_STD_ALGO; use = for_subkey? FUTURE_STD_SUBKEYUSE : FUTURE_STD_KEYUSE; nbits = for_subkey? FUTURE_STD_SUBKEYSIZE : FUTURE_STD_KEYSIZE; + curve = for_subkey? FUTURE_STD_SUBCURVE : FUTURE_STD_CURVE; } else if (*algostr == '&' && strlen (algostr) == 41) { ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 09:54:47 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Sep 2016 09:54:47 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-349-gcc35370 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via cc353701b0fde4c811ddc1e9a91b852dfe9f4e06 (commit) from 51f9acbca935c5287d9a28205037b0923e9a65f5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cc353701b0fde4c811ddc1e9a91b852dfe9f4e06 Author: Werner Koch Date: Wed Sep 14 09:51:16 2016 +0200 core: New function gpgme_op_createsubkey. * src/genkey.c (createsubkey_start): New. (gpgme_op_createsubkey_start, gpgme_op_createsubkey): New. * src/gpgme.def, src/libgpgme.vers: Add them. * src/engine-gpg.c (gpg_createkey): Factor some code out to ... (gpg_add_algo_usage_expire): new. (gpg_addkey): Implement. * tests/run-genkey.c: Add option --addkey. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index d3639c8..9445f7f 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,8 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] gpgme_data_set_flag NEW. gpgme_op_createkey NEW. gpgme_op_createkey_start NEW. + gpgme_op_createsubkey NEW. + gpgme_op_createsubkey_start NEW. gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey. gpgme_signature_t EXTENDED: New field key. gpgme_key_t EXTENDED: New field fpr. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index dfc9548..ef39d81 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3792,7 +3792,7 @@ The function @code{gpgme_op_genkey} generates a new key pair in the context @var{ctx}. The meaning of @var{public} and @var{secret} depends on the crypto backend. -GnuPG does not support @var{public} and @var{secret}, they should be +GPG does not support @var{public} and @var{secret}, they should be @code{NULL}. GnuPG will generate a key pair and add it to the standard key ring. The fingerprint of the generated key is available with @code{gpgme_op_genkey_result}. diff --git a/src/engine-gpg.c b/src/engine-gpg.c index f22d8b4..5a16f80 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1969,6 +1969,47 @@ gpg_export_ext (void *engine, const char *pattern[], gpgme_export_mode_t mode, } + +/* Helper to add algo, usage, and expire to the list of args. */ +static gpgme_error_t +gpg_add_algo_usage_expire (engine_gpg_t gpg, + const char *algo, + unsigned long expires, + unsigned int flags) +{ + gpg_error_t err; + + /* This condition is only required to allow the use of gpg < 2.1.16 */ + if (algo + || (flags & (GPGME_CREATE_SIGN | GPGME_CREATE_ENCR + | GPGME_CREATE_CERT | GPGME_CREATE_AUTH)) + || expires) + { + err = add_arg (gpg, algo? algo : "default"); + if (!err) + { + char tmpbuf[5*4+1]; + snprintf (tmpbuf, sizeof tmpbuf, "%s%s%s%s", + (flags & GPGME_CREATE_SIGN)? " sign":"", + (flags & GPGME_CREATE_ENCR)? " encr":"", + (flags & GPGME_CREATE_CERT)? " cert":"", + (flags & GPGME_CREATE_AUTH)? " auth":""); + err = add_arg (gpg, *tmpbuf? tmpbuf : "default"); + } + if (!err && expires) + { + char tmpbuf[8+20]; + snprintf (tmpbuf, sizeof tmpbuf, "seconds=%lu", expires); + err = add_arg (gpg, tmpbuf); + } + } + else + err = 0; + + return err; +} + + static gpgme_error_t gpg_createkey_from_param (engine_gpg_t gpg, gpgme_data_t help_data, int use_armor) @@ -2026,32 +2067,8 @@ gpg_createkey (engine_gpg_t gpg, if (!err) err = add_arg (gpg, userid); - /* This condition is only required to allow the use of gpg < 2.1.16 */ - if (algo - || (flags & (GPGME_CREATE_SIGN | GPGME_CREATE_ENCR - | GPGME_CREATE_CERT | GPGME_CREATE_AUTH)) - || expires) - { - - if (!err) - err = add_arg (gpg, algo? algo : "default"); - if (!err) - { - char tmpbuf[5*4+1]; - snprintf (tmpbuf, sizeof tmpbuf, "%s%s%s%s", - (flags & GPGME_CREATE_SIGN)? " sign":"", - (flags & GPGME_CREATE_ENCR)? " encr":"", - (flags & GPGME_CREATE_CERT)? " cert":"", - (flags & GPGME_CREATE_AUTH)? " auth":""); - err = add_arg (gpg, *tmpbuf? tmpbuf : "default"); - } - if (!err && expires) - { - char tmpbuf[8+20]; - snprintf (tmpbuf, sizeof tmpbuf, "seconds=%lu", expires); - err = add_arg (gpg, tmpbuf); - } - } + if (!err) + err = gpg_add_algo_usage_expire (gpg, algo, expires, flags); if (!err) err = start (gpg); @@ -2067,7 +2084,31 @@ gpg_addkey (engine_gpg_t gpg, unsigned int flags, int use_armor) { - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + gpgme_error_t err; + + if (!key || !key->fpr) + return gpg_error (GPG_ERR_INV_ARG); + + err = add_arg (gpg, "--quick-addkey"); + if (!err && use_armor) + err = add_arg (gpg, "--armor"); + if (!err && (flags & GPGME_CREATE_NOPASSWD)) + { + err = add_arg (gpg, "--passphrase"); + if (!err) + err = add_arg (gpg, ""); + } + if (!err) + err = add_arg (gpg, "--"); + if (!err) + err = add_arg (gpg, key->fpr); + + if (!err) + err = gpg_add_algo_usage_expire (gpg, algo, expires, flags); + + if (!err) + err = start (gpg); + return err; } diff --git a/src/genkey.c b/src/genkey.c index 0b795f4..26bcca6 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -387,3 +387,88 @@ gpgme_op_createkey (gpgme_ctx_t ctx, const char *userid, const char *algo, err = _gpgme_wait_one (ctx); return TRACE_ERR (err); } + + + +static gpgme_error_t +createsubkey_start (gpgme_ctx_t ctx, int synchronous, + gpgme_key_t key, + const char *algo, + unsigned long reserved, unsigned long expires, + unsigned int flags) +{ + gpgme_error_t err; + void *hook; + op_data_t opd; + + if (ctx->protocol != GPGME_PROTOCOL_OPENPGP) + return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL); + + err = _gpgme_op_reset (ctx, synchronous); + if (err) + return err; + + if (reserved || !key) + return gpg_error (GPG_ERR_INV_VALUE); + + err = _gpgme_op_data_lookup (ctx, OPDATA_GENKEY, &hook, + sizeof (*opd), release_op_data); + opd = hook; + if (err) + return err; + + _gpgme_engine_set_status_handler (ctx->engine, genkey_status_handler, ctx); + + if (ctx->passphrase_cb) + { + err = _gpgme_engine_set_command_handler + (ctx->engine, _gpgme_passphrase_command_handler, ctx, NULL); + if (err) + return err; + } + + return _gpgme_engine_op_genkey (ctx->engine, + NULL, algo, reserved, expires, + key, flags, + NULL, ctx->use_armor, NULL, NULL); + +} + + +/* Add a subkey to an existing KEY. */ +gpgme_error_t +gpgme_op_createsubkey_start (gpgme_ctx_t ctx, gpgme_key_t key, const char *algo, + unsigned long reserved, unsigned long expires, + unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG3 (DEBUG_CTX, "gpgme_op_createsubkey_start", ctx, + "key=%p, algo='%s' flags=0x%x", key, algo, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + err = createsubkey_start (ctx, 0, key, algo, reserved, expires, flags); + return TRACE_ERR (err); +} + + +gpgme_error_t +gpgme_op_createsubkey (gpgme_ctx_t ctx, gpgme_key_t key, const char *algo, + unsigned long reserved, unsigned long expires, + unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG3 (DEBUG_CTX, "gpgme_op_createsubkey", ctx, + "key=%p, algo='%s' flags=0x%x", key, algo, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + err = createsubkey_start (ctx, 1, key, algo, reserved, expires, flags); + if (!err) + err = _gpgme_wait_one (ctx); + return TRACE_ERR (err); +} diff --git a/src/gpgme.def b/src/gpgme.def index a56b9ef..7b7b1f2 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -231,6 +231,8 @@ EXPORTS gpgme_op_createkey_start @172 gpgme_op_createkey @173 + gpgme_op_createsubkey_start @174 + gpgme_op_createsubkey @175 ; END diff --git a/src/libgpgme.vers b/src/libgpgme.vers index b06c9c6..2a3e9fc 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -105,6 +105,8 @@ GPGME_1.1 { gpgme_op_createkey_start; gpgme_op_createkey; + gpgme_op_createsubkey_start; + gpgme_op_createsubkey; }; diff --git a/tests/run-genkey.c b/tests/run-genkey.c index 74d4038..3b64502 100644 --- a/tests/run-genkey.c +++ b/tests/run-genkey.c @@ -201,6 +201,7 @@ show_usage (int ex) { fputs ("usage: " PGM " [options] USERID [ALGO [USAGE [EXPIRESECONDS]]]\n\n" "Options:\n" + " --addkey add a subkey to the key with USERID\n" " --verbose run in verbose mode\n" " --status print status lines from the backend\n" " --progress print progress info\n" @@ -224,6 +225,7 @@ main (int argc, char **argv) int print_status = 0; int print_progress = 0; int use_loopback = 0; + int addkey = 0; const char *userid; const char *algo = NULL; unsigned int flags = 0; @@ -243,6 +245,11 @@ main (int argc, char **argv) } else if (!strcmp (*argv, "--help")) show_usage (0); + else if (!strcmp (*argv, "--addkey")) + { + addkey = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--verbose")) { verbose = 1; @@ -316,12 +323,36 @@ main (int argc, char **argv) gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); } - err = gpgme_op_createkey (ctx, userid, algo, 0, expire, NULL, flags); - if (err) + if (addkey) { - fprintf (stderr, PGM ": gpgme_op_createkey failed: %s\n", - gpg_strerror (err)); - exit (1); + gpgme_key_t akey; + + err = gpgme_get_key (ctx, userid, &akey, 1); + if (err) + { + fprintf (stderr, PGM ": error getting secret key for '%s': %s\n", + userid, gpg_strerror (err)); + exit (1); + } + + err = gpgme_op_createsubkey (ctx, akey, algo, 0, expire, flags); + if (err) + { + fprintf (stderr, PGM ": gpgme_op_createsubkey failed: %s\n", + gpg_strerror (err)); + exit (1); + } + gpgme_key_unref (akey); + } + else + { + err = gpgme_op_createkey (ctx, userid, algo, 0, expire, NULL, flags); + if (err) + { + fprintf (stderr, PGM ": gpgme_op_createkey failed: %s\n", + gpg_strerror (err)); + exit (1); + } } result = gpgme_op_genkey_result (ctx); ----------------------------------------------------------------------- Summary of changes: NEWS | 2 ++ doc/gpgme.texi | 2 +- src/engine-gpg.c | 95 ++++++++++++++++++++++++++++++++++++++---------------- src/genkey.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++ src/gpgme.def | 2 ++ src/libgpgme.vers | 2 ++ tests/run-genkey.c | 41 ++++++++++++++++++++--- 7 files changed, 196 insertions(+), 33 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 11:43:55 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Sep 2016 11:43:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-103-gf4e11f2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f4e11f2e9e8f58fd5f0df3148e6d7ccef0f84232 (commit) from 0fd332bc1f6f1f10c96da0cc91203925d3ac81eb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f4e11f2e9e8f58fd5f0df3148e6d7ccef0f84232 Author: Werner Koch Date: Wed Sep 14 10:59:18 2016 +0200 gpg: Emit a new error status line in --quick-adduid. * g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing user id. Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index baee180..25f61ec 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -4308,7 +4308,10 @@ menu_adduid (ctrl_t ctrl, kbnode_t pub_keyblock, if (!uid) { if (uidstring) - log_error ("%s", _("Such a user ID already exists on this key!\n")); + { + write_status_error ("adduid", gpg_error (304)); + log_error ("%s", _("Such a user ID already exists on this key!\n")); + } return 0; } ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 11:44:33 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Sep 2016 11:44:33 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-350-g3210f3e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 3210f3e4725afc5ee2810b9a1361918ec9c42ca4 (commit) from cc353701b0fde4c811ddc1e9a91b852dfe9f4e06 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3210f3e4725afc5ee2810b9a1361918ec9c42ca4 Author: Werner Koch Date: Wed Sep 14 11:40:34 2016 +0200 core: New function gpgme_op_adduid. * src/genkey.c: Replace most error codes GPG_ERR_INV_VALUE by GPG_ERR_INV_ARG. (struct op_data_t): Add field UIDMODE. (genkey_status_handler): Use UIDMODE. (adduid_start): New. (gpgme_op_adduid_start, gpgme_op_adduid): New. * src/gpgme.def, src/libgpgme.vers: Add them. * tests/run-genkey.c: Add option --adduid. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 9445f7f..621ce3f 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,8 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] gpgme_op_createkey_start NEW. gpgme_op_createsubkey NEW. gpgme_op_createsubkey_start NEW. + gpgme_op_adduid_start NEW. + gpgme_op_adduid NEW. gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey. gpgme_signature_t EXTENDED: New field key. gpgme_key_t EXTENDED: New field fpr. diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 5a16f80..d2b6dd3 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2114,11 +2114,25 @@ gpg_addkey (engine_gpg_t gpg, static gpgme_error_t gpg_adduid (engine_gpg_t gpg, - const char *userid, - unsigned int flags, - int use_armor) + gpgme_key_t key, + const char *userid) { - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + gpgme_error_t err; + + if (!key || !key->fpr || !userid) + return gpg_error (GPG_ERR_INV_ARG); + + err = add_arg (gpg, "--quick-adduid"); + if (!err) + err = add_arg (gpg, "--"); + if (!err) + err = add_arg (gpg, key->fpr); + if (!err) + err = add_arg (gpg, userid); + + if (!err) + err = start (gpg); + return err; } @@ -2170,7 +2184,7 @@ gpg_genkey (void *engine, else if (!userid && key) err = gpg_addkey (gpg, algo, expires, key, flags, use_armor); else if (userid && key && !algo) - err = gpg_adduid (gpg, userid, flags, use_armor); + err = gpg_adduid (gpg, key, userid); else err = gpg_error (GPG_ERR_INV_VALUE); diff --git a/src/genkey.c b/src/genkey.c index 26bcca6..b93abb8 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -42,6 +42,9 @@ typedef struct /* The error code from certain ERROR status lines or 0. */ gpg_error_t error_code; + /* Flag to indicate that a UID is to be added. */ + gpg_error_t uidmode; + /* The key parameters passed to the crypto engine. */ gpgme_data_t key_parameter; } *op_data_t; @@ -142,7 +145,10 @@ genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) if (args && *args) { if (*args == 'B' || *args == 'P') - opd->result.primary = 1; + { + opd->result.primary = 1; + opd->result.uid = 1; + } if (*args == 'B' || *args == 'S') opd->result.sub = 1; if (args[1] == ' ') @@ -171,10 +177,12 @@ genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) case GPGME_STATUS_EOF: if (opd->error_code) return opd->error_code; - else if (!opd->result.primary && !opd->result.sub) + else if (!opd->uidmode && !opd->result.primary && !opd->result.sub) return gpg_error (GPG_ERR_GENERAL); else if (opd->failure_code) return opd->failure_code; + else if (opd->uidmode) + opd->result.uid = 1; /* We have no status line, thus this hack. */ break; case GPGME_STATUS_INQUIRE_MAXLEN: @@ -277,7 +285,7 @@ gpgme_op_genkey_start (gpgme_ctx_t ctx, const char *parms, TRACE_LOGBUF (parms, strlen (parms)); if (!ctx) - return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); err = genkey_start (ctx, 0, parms, pubkey, seckey); return TRACE_ERR (err); @@ -298,7 +306,7 @@ gpgme_op_genkey (gpgme_ctx_t ctx, const char *parms, gpgme_data_t pubkey, TRACE_LOGBUF (parms, strlen (parms)); if (!ctx) - return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); err = genkey_start (ctx, 1, parms, pubkey, seckey); if (!err) @@ -323,7 +331,7 @@ createkey_start (gpgme_ctx_t ctx, int synchronous, return err; if (reserved || anchorkey || !userid) - return gpg_error (GPG_ERR_INV_VALUE); + return gpg_error (GPG_ERR_INV_ARG); err = _gpgme_op_data_lookup (ctx, OPDATA_GENKEY, &hook, sizeof (*opd), release_op_data); @@ -360,7 +368,7 @@ gpgme_op_createkey_start (gpgme_ctx_t ctx, const char *userid, const char *algo, "userid='%s', algo='%s' flags=0x%x", userid, algo, flags); if (!ctx) - return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); err = createkey_start (ctx, 0, userid, algo, reserved, expires, anchorkey, flags); @@ -379,7 +387,7 @@ gpgme_op_createkey (gpgme_ctx_t ctx, const char *userid, const char *algo, "userid='%s', algo='%s' flags=0x%x", userid, algo, flags); if (!ctx) - return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); err = createkey_start (ctx, 1, userid, algo, reserved, expires, anchorkey, flags); @@ -409,7 +417,7 @@ createsubkey_start (gpgme_ctx_t ctx, int synchronous, return err; if (reserved || !key) - return gpg_error (GPG_ERR_INV_VALUE); + return gpg_error (GPG_ERR_INV_ARG); err = _gpgme_op_data_lookup (ctx, OPDATA_GENKEY, &hook, sizeof (*opd), release_op_data); @@ -447,7 +455,7 @@ gpgme_op_createsubkey_start (gpgme_ctx_t ctx, gpgme_key_t key, const char *algo, "key=%p, algo='%s' flags=0x%x", key, algo, flags); if (!ctx) - return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); err = createsubkey_start (ctx, 0, key, algo, reserved, expires, flags); return TRACE_ERR (err); @@ -465,10 +473,92 @@ gpgme_op_createsubkey (gpgme_ctx_t ctx, gpgme_key_t key, const char *algo, "key=%p, algo='%s' flags=0x%x", key, algo, flags); if (!ctx) - return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); err = createsubkey_start (ctx, 1, key, algo, reserved, expires, flags); if (!err) err = _gpgme_wait_one (ctx); return TRACE_ERR (err); } + + + +static gpgme_error_t +adduid_start (gpgme_ctx_t ctx, int synchronous, + gpgme_key_t key, const char *userid, unsigned int flags) +{ + gpgme_error_t err; + void *hook; + op_data_t opd; + + if (ctx->protocol != GPGME_PROTOCOL_OPENPGP) + return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL); + + if (!key || !userid) + return gpg_error (GPG_ERR_INV_ARG); + + err = _gpgme_op_reset (ctx, synchronous); + if (err) + return err; + + err = _gpgme_op_data_lookup (ctx, OPDATA_GENKEY, &hook, + sizeof (*opd), release_op_data); + opd = hook; + if (err) + return err; + + opd->uidmode = 1; + + _gpgme_engine_set_status_handler (ctx->engine, genkey_status_handler, ctx); + + if (ctx->passphrase_cb) + { + err = _gpgme_engine_set_command_handler + (ctx->engine, _gpgme_passphrase_command_handler, ctx, NULL); + if (err) + return err; + } + + return _gpgme_engine_op_genkey (ctx->engine, + userid, NULL, 0, 0, + key, flags, + NULL, ctx->use_armor, NULL, NULL); + +} + + +/* Add USERID to an existing KEY. */ +gpgme_error_t +gpgme_op_adduid_start (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG2 (DEBUG_CTX, "gpgme_op_adduid_start", ctx, + "uid='%s' flags=0x%x", userid, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); + + err = adduid_start (ctx, 0, key, userid, flags); + return TRACE_ERR (err); +} + + +gpgme_error_t +gpgme_op_adduid (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG2 (DEBUG_CTX, "gpgme_op_adduid", ctx, + "uid='%s' flags=0x%x", userid, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); + + err = adduid_start (ctx, 1, key, userid, flags); + if (!err) + err = _gpgme_wait_one (ctx); + return TRACE_ERR (err); +} diff --git a/src/gpgme.def b/src/gpgme.def index 7b7b1f2..54b04e0 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -233,6 +233,8 @@ EXPORTS gpgme_op_createkey @173 gpgme_op_createsubkey_start @174 gpgme_op_createsubkey @175 + gpgme_op_adduid_start @176 + gpgme_op_adduid @177 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 0fdc927..ec436c8 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1835,8 +1835,11 @@ struct _gpgme_op_genkey_result /* A sub key was generated. */ unsigned int sub : 1; + /* A user id was generated. */ + unsigned int uid : 1; + /* Internal to GPGME, do not use. */ - unsigned int _unused : 30; + unsigned int _unused : 29; /* The fingerprint of the generated key. */ char *fpr; @@ -1888,6 +1891,14 @@ gpgme_error_t gpgme_op_createsubkey (gpgme_ctx_t ctx, unsigned long expires, unsigned int flags); +/* Add USERID to an existing KEY. */ +gpgme_error_t gpgme_op_adduid_start (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + unsigned int flags); +gpgme_error_t gpgme_op_adduid (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + unsigned int flags); + /* Retrieve a pointer to the result of a genkey, createkey, or diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 2a3e9fc..0cef9e0 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -107,6 +107,8 @@ GPGME_1.1 { gpgme_op_createkey; gpgme_op_createsubkey_start; gpgme_op_createsubkey; + gpgme_op_adduid_start; + gpgme_op_adduid; }; diff --git a/tests/run-genkey.c b/tests/run-genkey.c index 3b64502..959e2ea 100644 --- a/tests/run-genkey.c +++ b/tests/run-genkey.c @@ -199,9 +199,13 @@ parse_usage_string (const char *string) static int show_usage (int ex) { - fputs ("usage: " PGM " [options] USERID [ALGO [USAGE [EXPIRESECONDS]]]\n\n" + fputs ("usage: " PGM " [options] ARGS\n" + " args: USERID [ALGO [USAGE [EXPIRESECONDS]]]\n" + " for addkey: FPR [ALGO [USAGE [EXPIRESECONDS]]]\n" + " for adduid: FPR USERID\n" "Options:\n" - " --addkey add a subkey to the key with USERID\n" + " --addkey add a subkey to the key with FPR\n" + " --adduid add a user id to the key with FPR\n" " --verbose run in verbose mode\n" " --status print status lines from the backend\n" " --progress print progress info\n" @@ -226,8 +230,10 @@ main (int argc, char **argv) int print_progress = 0; int use_loopback = 0; int addkey = 0; + int adduid = 0; const char *userid; const char *algo = NULL; + const char *newuserid = NULL; unsigned int flags = 0; unsigned long expire = 0; gpgme_genkey_result_t result; @@ -248,6 +254,13 @@ main (int argc, char **argv) else if (!strcmp (*argv, "--addkey")) { addkey = 1; + adduid = 0; + argc--; argv++; + } + else if (!strcmp (*argv, "--adduid")) + { + addkey = 0; + adduid = 1; argc--; argv++; } else if (!strcmp (*argv, "--verbose")) @@ -294,15 +307,25 @@ main (int argc, char **argv) show_usage (1); } - if (!argc || argc > 4) - show_usage (1); - userid = argv[0]; - if (argc > 1) - algo = argv[1]; - if (argc > 2) - flags |= parse_usage_string (argv[2]); - if (argc > 3) - expire = parse_expire_string (argv[3]); + if (adduid) + { + if (argc != 2) + show_usage (1); + userid = argv[0]; + newuserid = argv[1]; + } + else + { + if (!argc || argc > 4) + show_usage (1); + userid = argv[0]; + if (argc > 1) + algo = argv[1]; + if (argc > 2) + flags |= parse_usage_string (argv[2]); + if (argc > 3) + expire = parse_expire_string (argv[3]); + } init_gpgme (protocol); @@ -323,7 +346,7 @@ main (int argc, char **argv) gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); } - if (addkey) + if (addkey || adduid) { gpgme_key_t akey; @@ -335,12 +358,25 @@ main (int argc, char **argv) exit (1); } - err = gpgme_op_createsubkey (ctx, akey, algo, 0, expire, flags); - if (err) + if (addkey) { - fprintf (stderr, PGM ": gpgme_op_createsubkey failed: %s\n", - gpg_strerror (err)); - exit (1); + err = gpgme_op_createsubkey (ctx, akey, algo, 0, expire, flags); + if (err) + { + fprintf (stderr, PGM ": gpgme_op_createsubkey failed: %s\n", + gpg_strerror (err)); + exit (1); + } + } + else if (adduid) + { + err = gpgme_op_adduid (ctx, akey, newuserid, flags); + if (err) + { + fprintf (stderr, PGM ": gpgme_op_adduid failed: %s\n", + gpg_strerror (err)); + exit (1); + } } gpgme_key_unref (akey); } @@ -373,6 +409,8 @@ main (int argc, char **argv) fprintf (stderr, PGM": primary key was not generated\n"); if (!result->sub) fprintf (stderr, PGM": sub key was not generated\n"); + if (!result->uid) + fprintf (stderr, PGM": uid was not generated\n"); gpgme_release (ctx); return 0; ----------------------------------------------------------------------- Summary of changes: NEWS | 2 + src/engine-gpg.c | 24 +++++++++--- src/genkey.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++----- src/gpgme.def | 2 + src/gpgme.h.in | 13 ++++++- src/libgpgme.vers | 2 + tests/run-genkey.c | 72 ++++++++++++++++++++++++++--------- 7 files changed, 192 insertions(+), 33 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 12:20:08 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 14 Sep 2016 12:20:08 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-353-g24b4162 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 24b4162d908b48a92660020be0b776c2874fb05a (commit) via dc23fdf55561659f9e9cff51668ac9c6c027c885 (commit) via 3b37c4efcf68657a856dbce60c0bd0fc78dd0770 (commit) from 3210f3e4725afc5ee2810b9a1361918ec9c42ca4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 24b4162d908b48a92660020be0b776c2874fb05a Author: Justus Winter Date: Wed Sep 14 10:22:07 2016 +0200 python: Build for both Python2 and Python3. * NEWS: Update. * configure.ac: Check for multiple Python versions. * lang/python/Makefile.am: Build and install for both Python versions. * lang/python/tests/Makefile.am: Test both versions. * lang/python/tests/run-tests.py: New test runner. Signed-off-by: Justus Winter diff --git a/NEWS b/NEWS index 621ce3f..e428bd5 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,7 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] * Notation flags are now correctly set on verify. - * Bindings for Python 3 are now included. + * Bindings for Python 2 and 3 are now included. * New global flag "require-gnupg" to set a minimal gnupg version. diff --git a/configure.ac b/configure.ac index bac7908..bcac13f 100644 --- a/configure.ac +++ b/configure.ac @@ -176,7 +176,7 @@ have_w32_system=no have_w64_system=no build_w32_glib=no build_w32_qt=no -available_languages="cl cpp python qt" +available_languages="cl cpp python python2 python3 qt" default_languages="cl cpp python qt" case "${host}" in x86_64-*mingw32*) @@ -369,8 +369,13 @@ fi AC_SUBST(HAVE_DOT) # Python bindings. +LIST_MEMBER("python2", $enabled_languages) +found_py2=$found +LIST_MEMBER("python3", $enabled_languages) +found_py3=$found LIST_MEMBER("python", $enabled_languages) -if test "$found" = "1"; then +found_py=$found +if test "$found_py" = "1" -o "$found_py2" = "1" -o "$found_py3" = "1"; then AX_PKG_SWIG if test -z "$SWIG"; then if test "$explicit_languages" = "1"; then @@ -382,11 +387,49 @@ if test "$found" = "1"; then enabled_languages=$(echo $enabled_languages | sed 's/python//') fi else - AM_PATH_PYTHON([3.4]) - AX_SWIG_PYTHON - if test -z "$PYTHON_VERSION"; then - if test "$explicit_languages" = "1"; then - AC_MSG_ERROR([[ + # Reset all the stuff, just to be sure. + PYTHONS= + PYTHON_VERSIONS= + unset PYTHON + unset PYTHON_VERSION + unset ac_cv_path_PYTHON + unset am_cv_pathless_PYTHON + unset am_cv_python_version + unset am_cv_python_platform + unset am_cv_python_pythondir + unset am_cv_python_pyexecdir + + if test "$found_py" = "1" -o "$found_py2" = "1"; then + AM_PATH_PYTHON([2.7]) + if test "$PYTHON"; then + PYTHONS="$(echo $PYTHONS $PYTHON)" + PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" + fi + fi + + if test "$found_py" = "1" -o "$found_py3" = "1"; then + # Reset everything, so that we can look for another Python. + unset PYTHON + unset PYTHON_VERSION + unset ac_cv_path_PYTHON + unset am_cv_pathless_PYTHON + unset am_cv_python_version + unset am_cv_python_platform + unset am_cv_python_pythondir + unset am_cv_python_pyexecdir + AM_PATH_PYTHON([3.4]) + if test "$PYTHON"; then + PYTHONS="$(echo $PYTHONS $PYTHON)" + PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" + fi + fi + + if test "$PYTHON_VERSIONS"; then + enabled_languages_v=$(echo $enabled_languages | sed "s/python\([[23]]\)\?/python ($PYTHON_VERSIONS)/") + enabled_languages=$(echo $enabled_languages | sed "s/python\([[23]]\)\?/python/") + else + if test "$explicit_languages" = "1"; then + AC_MSG_ERROR([[ *** *** Please install the python development packages. ***]]) @@ -394,6 +437,9 @@ if test "$found" = "1"; then enabled_languages=$(echo $enabled_languages | sed 's/python//') fi fi + + AC_SUBST(PYTHONS, $PYTHONS) + AC_SUBST(PYTHON_VERSIONS, $PYTHON_VERSIONS) fi fi @@ -843,7 +889,7 @@ echo " FD Passing: $use_descriptor_passing GPGME Pthread: $have_pthread - Language bindings: $enabled_languages + Language bindings: ${enabled_languages_v:-$enabled_languages} " if test "x${gpg_config_script_warn}" != x; then cat <> install_files.txt ; \ + rm files.txt ; \ + done + mv install_files.txt $(DESTDIR)$(pythondir)/pyme uninstall-local: xargs <$(DESTDIR)$(pythondir)/pyme/install_files.txt -- rm -rf -- diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 83c4d8e..6a315d7 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -26,8 +26,8 @@ test_srcdir = $(top_srcdir)/tests/gpg TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) \ LC_ALL=C GPG_AGENT_INFO= \ top_srcdir=$(top_srcdir) \ - LD_LIBRARY_PATH="../../../src/.libs:$(LD_LIBRARY_PATH)" \ - PYTHONPATH=`echo $(abs_builddir)/../build/lib.*` + srcdir=$(srcdir) \ + LD_LIBRARY_PATH="../../../src/.libs:$(LD_LIBRARY_PATH)" py_tests = t-wrapper.py \ t-callbacks.py \ @@ -52,8 +52,23 @@ py_tests = t-wrapper.py \ t-idiomatic.py \ t-protocol-assuan.py -TESTS = initial.py $(py_tests) final.py -EXTRA_DIST = support.py $(TESTS) encrypt-only.asc sign-only.asc +XTESTS = initial.py $(py_tests) final.py +EXTRA_DIST = support.py $(XTESTS) encrypt-only.asc sign-only.asc \ + run-tests.py + +# XXX: Currently, one cannot override automake's 'check' target. As a +# workaround, we avoid defining 'TESTS', thus automake will not emit +# the 'check' target. For extra robustness, we merely define a +# dependency on 'xcheck', so this hack should also work even if +# automake would emit the 'check' target, as adding dependencies to +# targets is okay. +check: xcheck + +.PHONY: xcheck +xcheck: + $(TESTS_ENVIRONMENT) $(PYTHON) $(srcdir)/run-tests.py \ + --interpreters="$(PYTHONS)" --srcdir=$(srcdir) $(TESTFLAGS) \ + $(XTESTS) CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ gpg.conf pubring.gpg~ \ diff --git a/lang/python/tests/run-tests.py b/lang/python/tests/run-tests.py new file mode 100644 index 0000000..55d3f11 --- /dev/null +++ b/lang/python/tests/run-tests.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python + +# Copyright (C) 2016 g10 Code GmbH +# +# This file is part of GPGME. +# +# GPGME is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +# Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . + +from __future__ import absolute_import +from __future__ import division +from __future__ import print_function +from __future__ import unicode_literals + +import argparse +import glob +import os +import subprocess +import sys + +class SplitAndAccumulate(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + current = getattr(namespace, self.dest, list()) + current.extend(values.split()) + setattr(namespace, self.dest, current) + +parser = argparse.ArgumentParser(description='Run tests.') +parser.add_argument('tests', metavar='TEST', type=str, nargs='+', + help='A test to run') +parser.add_argument('-v', '--verbose', action="store_true", default=False, + help='Be verbose.') +parser.add_argument('--interpreters', metavar='PYTHON', type=str, + default=[], action=SplitAndAccumulate, + help='Use these interpreters to run the tests, ' + + 'separated by spaces.') +parser.add_argument('--srcdir', type=str, + default=os.environ.get("srcdir", ""), + help='Location of the tests.') +parser.add_argument('--builddir', type=str, + default=os.environ.get("abs_builddir", ""), + help='Location of the tests.') + +args = parser.parse_args() +if not args.interpreters: + args.interpreters = [sys.executable] + +out = sys.stdout if args.verbose else None +err = sys.stderr if args.verbose else None + +def status_to_str(code): + return {0: "PASS", 77: "SKIP", 99: "ERROR"}.get(code, "FAIL") + +results = list() +for interpreter in args.interpreters: + version = subprocess.check_output( + [interpreter, "-c", "import sys; print('{0}.{1}'.format(sys.version_info[0], sys.version_info[1]))"]).strip().decode() + + builddirs = glob.glob(os.path.join(args.builddir, "..", "build", + "lib*"+version)) + assert len(builddirs) == 1, \ + "Expected one build directory, got {0}".format(builddirs) + env = dict(os.environ) + env["PYTHONPATH"] = builddirs[0] + + print("Running tests using {0} ({1})...".format(interpreter, version)) + for test in args.tests: + status = subprocess.call( + [interpreter, os.path.join(args.srcdir, test)], + env=env, stdout=out, stderr=err) + print("{0}: {1}".format(status_to_str(status), test)) + results.append(status) + +def count(status): + return len(list(filter(lambda x: x == status, results))) +def failed(): + return len(list(filter(lambda x: x not in (0, 77, 99), results))) + +print("{0} tests run, {1} succeeded, {2} failed, {3} skipped.".format( + len(results), count(0), failed(), count(77))) +sys.exit(len(results) - count(0)) commit dc23fdf55561659f9e9cff51668ac9c6c027c885 Author: Justus Winter Date: Wed Sep 14 11:39:00 2016 +0200 python: Import from __future__ to align behavior of Python 2.7. -- Signed-off-by: Justus Winter diff --git a/lang/python/examples/assuan.py b/lang/python/examples/assuan.py index e4822b7..22960d3 100644 --- a/lang/python/examples/assuan.py +++ b/lang/python/examples/assuan.py @@ -17,6 +17,9 @@ """Demonstrate the use of the Assuan protocol engine""" +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import pyme with pyme.Context(protocol=pyme.constants.PROTOCOL_ASSUAN) as c: diff --git a/lang/python/examples/decryption-filter.py b/lang/python/examples/decryption-filter.py index dbd66fc..3007c2b 100644 --- a/lang/python/examples/decryption-filter.py +++ b/lang/python/examples/decryption-filter.py @@ -24,6 +24,9 @@ be used like this: """ +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import pyme pyme.Context().decrypt(sys.stdin, sink=sys.stdout) diff --git a/lang/python/examples/delkey.py b/lang/python/examples/delkey.py index 491f38a..a02f412 100755 --- a/lang/python/examples/delkey.py +++ b/lang/python/examples/delkey.py @@ -19,6 +19,9 @@ # Sample of key deletion # It deletes keys for joe at example.org generated by genkey.py script +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import pyme with pyme.Context() as c: diff --git a/lang/python/examples/encrypt-to-all.py b/lang/python/examples/encrypt-to-all.py index 304b474..bb8225b 100755 --- a/lang/python/examples/encrypt-to-all.py +++ b/lang/python/examples/encrypt-to-all.py @@ -22,6 +22,9 @@ This program will try to encrypt a simple message to each key on your keyring. If your keyring has any invalid keys on it, those keys will be skipped and it will re-try the encryption.""" +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import os import pyme diff --git a/lang/python/examples/exportimport.py b/lang/python/examples/exportimport.py index 8d76fa1..bc946bc 100755 --- a/lang/python/examples/exportimport.py +++ b/lang/python/examples/exportimport.py @@ -19,6 +19,9 @@ # Sample of export and import of keys # It uses keys for joe+pyme at example.org generated by genkey.py script +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import os import pyme diff --git a/lang/python/examples/genkey.py b/lang/python/examples/genkey.py index 972fed7..ee70303 100755 --- a/lang/python/examples/genkey.py +++ b/lang/python/examples/genkey.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import pyme # This is the example from the GPGME manual. diff --git a/lang/python/examples/inter-edit.py b/lang/python/examples/inter-edit.py index 2f8e4ef..459df11 100644 --- a/lang/python/examples/inter-edit.py +++ b/lang/python/examples/inter-edit.py @@ -18,6 +18,9 @@ """Simple interactive editor to test editor scripts""" +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import pyme import pyme.constants.status diff --git a/lang/python/examples/sign.py b/lang/python/examples/sign.py index d376683..2f235ba 100755 --- a/lang/python/examples/sign.py +++ b/lang/python/examples/sign.py @@ -16,6 +16,9 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import pyme from pyme.constants.sig import mode diff --git a/lang/python/examples/signverify.py b/lang/python/examples/signverify.py index e7bf0c9..f12e065 100755 --- a/lang/python/examples/signverify.py +++ b/lang/python/examples/signverify.py @@ -19,6 +19,9 @@ # Sample of unattended signing/verifying of a message. # It uses keys for joe+pyme at example.org generated by genkey.py script +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import os import pyme diff --git a/lang/python/examples/simple.py b/lang/python/examples/simple.py index ca72cf1..ccd7cb4 100755 --- a/lang/python/examples/simple.py +++ b/lang/python/examples/simple.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import os import pyme diff --git a/lang/python/examples/testCMSgetkey.py b/lang/python/examples/testCMSgetkey.py index fbaa042..4467b6c 100644 --- a/lang/python/examples/testCMSgetkey.py +++ b/lang/python/examples/testCMSgetkey.py @@ -18,6 +18,9 @@ """A test applicaton for the CMS protocol.""" +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import pyme diff --git a/lang/python/examples/verifydetails.py b/lang/python/examples/verifydetails.py index 1cd538c..63f40c1 100755 --- a/lang/python/examples/verifydetails.py +++ b/lang/python/examples/verifydetails.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import os from pyme import core diff --git a/lang/python/gpgme-h-clean.py b/lang/python/gpgme-h-clean.py index ce368f0..0ec7ab5 100755 --- a/lang/python/gpgme-h-clean.py +++ b/lang/python/gpgme-h-clean.py @@ -17,6 +17,9 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys, re if len(sys.argv) != 2: diff --git a/lang/python/pyme/__init__.py b/lang/python/pyme/__init__.py index f9e12d0..12c96c2 100644 --- a/lang/python/pyme/__init__.py +++ b/lang/python/pyme/__init__.py @@ -99,6 +99,9 @@ GPGME documentation: https://www.gnupg.org/documentation/manuals/gpgme/ """ +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from . import core from . import errors from . import constants diff --git a/lang/python/pyme/callbacks.py b/lang/python/pyme/callbacks.py index 09f8226..b25a9a7 100644 --- a/lang/python/pyme/callbacks.py +++ b/lang/python/pyme/callbacks.py @@ -15,6 +15,9 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from getpass import getpass def passphrase_stdin(hint, desc, prev_bad, hook=None): diff --git a/lang/python/pyme/constants/__init__.py b/lang/python/pyme/constants/__init__.py index 2e91d76..96465de 100644 --- a/lang/python/pyme/constants/__init__.py +++ b/lang/python/pyme/constants/__init__.py @@ -1,4 +1,7 @@ +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_', globals()) diff --git a/lang/python/pyme/constants/data/__init__.py b/lang/python/pyme/constants/data/__init__.py index ed7b67b..8274ab9 100644 --- a/lang/python/pyme/constants/data/__init__.py +++ b/lang/python/pyme/constants/data/__init__.py @@ -1,3 +1,6 @@ +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from . import encoding __all__ = ['encoding'] diff --git a/lang/python/pyme/constants/data/encoding.py b/lang/python/pyme/constants/data/encoding.py index ac6079c..a05dbb4 100644 --- a/lang/python/pyme/constants/data/encoding.py +++ b/lang/python/pyme/constants/data/encoding.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_DATA_ENCODING_', globals()) diff --git a/lang/python/pyme/constants/event.py b/lang/python/pyme/constants/event.py index 3ce234e..2e30c5e 100644 --- a/lang/python/pyme/constants/event.py +++ b/lang/python/pyme/constants/event.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_EVENT_', globals()) diff --git a/lang/python/pyme/constants/import.py b/lang/python/pyme/constants/import.py index a824f7b..10e7d3c 100644 --- a/lang/python/pyme/constants/import.py +++ b/lang/python/pyme/constants/import.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_IMPORT_', globals()) diff --git a/lang/python/pyme/constants/keylist/__init__.py b/lang/python/pyme/constants/keylist/__init__.py index 8752bb2..2ce0edf 100644 --- a/lang/python/pyme/constants/keylist/__init__.py +++ b/lang/python/pyme/constants/keylist/__init__.py @@ -1,3 +1,6 @@ +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from . import mode __all__ = ['mode'] diff --git a/lang/python/pyme/constants/keylist/mode.py b/lang/python/pyme/constants/keylist/mode.py index 7c3cd09..000dd79 100644 --- a/lang/python/pyme/constants/keylist/mode.py +++ b/lang/python/pyme/constants/keylist/mode.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_KEYLIST_MODE_', globals()) diff --git a/lang/python/pyme/constants/md.py b/lang/python/pyme/constants/md.py index 700d872..dbd762c 100644 --- a/lang/python/pyme/constants/md.py +++ b/lang/python/pyme/constants/md.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_MD_', globals()) diff --git a/lang/python/pyme/constants/pk.py b/lang/python/pyme/constants/pk.py index f0e3937..cfc5309 100644 --- a/lang/python/pyme/constants/pk.py +++ b/lang/python/pyme/constants/pk.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_PK_', globals()) diff --git a/lang/python/pyme/constants/protocol.py b/lang/python/pyme/constants/protocol.py index e9f9a48..a4b6583 100644 --- a/lang/python/pyme/constants/protocol.py +++ b/lang/python/pyme/constants/protocol.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_PROTOCOL_', globals()) diff --git a/lang/python/pyme/constants/sig/__init__.py b/lang/python/pyme/constants/sig/__init__.py index 8752bb2..2ce0edf 100644 --- a/lang/python/pyme/constants/sig/__init__.py +++ b/lang/python/pyme/constants/sig/__init__.py @@ -1,3 +1,6 @@ +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from . import mode __all__ = ['mode'] diff --git a/lang/python/pyme/constants/sig/mode.py b/lang/python/pyme/constants/sig/mode.py index 631bd7c..fb534bc 100644 --- a/lang/python/pyme/constants/sig/mode.py +++ b/lang/python/pyme/constants/sig/mode.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_SIG_MODE_', globals()) diff --git a/lang/python/pyme/constants/sigsum.py b/lang/python/pyme/constants/sigsum.py index 5164347..3d94745 100644 --- a/lang/python/pyme/constants/sigsum.py +++ b/lang/python/pyme/constants/sigsum.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_SIGSUM_', globals()) diff --git a/lang/python/pyme/constants/status.py b/lang/python/pyme/constants/status.py index c1859b2..ee52259 100644 --- a/lang/python/pyme/constants/status.py +++ b/lang/python/pyme/constants/status.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_STATUS_', globals()) diff --git a/lang/python/pyme/constants/validity.py b/lang/python/pyme/constants/validity.py index fde2eee..4ecd4d3 100644 --- a/lang/python/pyme/constants/validity.py +++ b/lang/python/pyme/constants/validity.py @@ -15,5 +15,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import util util.process_constants('GPGME_VALIDITY_', globals()) diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index a71426b..55e8687 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -24,6 +24,9 @@ and the 'Data' class describing buffers of data. """ +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import re import os import weakref diff --git a/lang/python/pyme/errors.py b/lang/python/pyme/errors.py index 9c58207..e26c747 100644 --- a/lang/python/pyme/errors.py +++ b/lang/python/pyme/errors.py @@ -15,6 +15,9 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from . import gpgme from . import util diff --git a/lang/python/pyme/results.py b/lang/python/pyme/results.py index 374d982..bfc26cc 100644 --- a/lang/python/pyme/results.py +++ b/lang/python/pyme/results.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + """Robust result objects Results returned by the underlying library are fragile, i.e. they are diff --git a/lang/python/pyme/util.py b/lang/python/pyme/util.py index bf25ccb..e4fca4c 100644 --- a/lang/python/pyme/util.py +++ b/lang/python/pyme/util.py @@ -16,6 +16,9 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys def process_constants(prefix, scope): diff --git a/lang/python/pyme/version.py.in b/lang/python/pyme/version.py.in index e4a5a27..5fd9ce2 100644 --- a/lang/python/pyme/version.py.in +++ b/lang/python/pyme/version.py.in @@ -16,6 +16,9 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from __future__ import absolute_import, print_function +del absolute_import, print_function + from . import gpgme productname = 'pyme' diff --git a/lang/python/tests/final.py b/lang/python/tests/final.py index 15010af..8e7ab33 100755 --- a/lang/python/tests/final.py +++ b/lang/python/tests/final.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import os import subprocess diff --git a/lang/python/tests/initial.py b/lang/python/tests/initial.py index 7adaa91..2d4827a 100755 --- a/lang/python/tests/initial.py +++ b/lang/python/tests/initial.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import os import subprocess import pyme diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index f42fc2e..4d7135e 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -15,6 +15,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import os from pyme import core diff --git a/lang/python/tests/t-callbacks.py b/lang/python/tests/t-callbacks.py index fc58683..b3b4349 100755 --- a/lang/python/tests/t-callbacks.py +++ b/lang/python/tests/t-callbacks.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import os from pyme import core, constants import support diff --git a/lang/python/tests/t-data.py b/lang/python/tests/t-data.py index 6e05d13..4812a2e 100755 --- a/lang/python/tests/t-data.py +++ b/lang/python/tests/t-data.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import io import os import tempfile diff --git a/lang/python/tests/t-decrypt-verify.py b/lang/python/tests/t-decrypt-verify.py index 6518d79..a38a965 100755 --- a/lang/python/tests/t-decrypt-verify.py +++ b/lang/python/tests/t-decrypt-verify.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import pyme from pyme import core, constants, errors import support diff --git a/lang/python/tests/t-decrypt.py b/lang/python/tests/t-decrypt.py index 3b0c484..2d85bc2 100755 --- a/lang/python/tests/t-decrypt.py +++ b/lang/python/tests/t-decrypt.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import pyme from pyme import core, constants import support diff --git a/lang/python/tests/t-edit.py b/lang/python/tests/t-edit.py index 8bebe67..9ba187d 100755 --- a/lang/python/tests/t-edit.py +++ b/lang/python/tests/t-edit.py @@ -18,6 +18,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import os from pyme import core, constants diff --git a/lang/python/tests/t-encrypt-large.py b/lang/python/tests/t-encrypt-large.py index d5b9dc9..b9cc3b5 100755 --- a/lang/python/tests/t-encrypt-large.py +++ b/lang/python/tests/t-encrypt-large.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import random from pyme import core, constants diff --git a/lang/python/tests/t-encrypt-sign.py b/lang/python/tests/t-encrypt-sign.py index 8c4b5d9..a453f79 100755 --- a/lang/python/tests/t-encrypt-sign.py +++ b/lang/python/tests/t-encrypt-sign.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import pyme from pyme import core, constants diff --git a/lang/python/tests/t-encrypt-sym.py b/lang/python/tests/t-encrypt-sym.py index c279d6a..d577184 100755 --- a/lang/python/tests/t-encrypt-sym.py +++ b/lang/python/tests/t-encrypt-sym.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import os import pyme from pyme import core, constants diff --git a/lang/python/tests/t-encrypt.py b/lang/python/tests/t-encrypt.py index 456f2c1..65e7d24 100755 --- a/lang/python/tests/t-encrypt.py +++ b/lang/python/tests/t-encrypt.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import pyme from pyme import core, constants import support diff --git a/lang/python/tests/t-export.py b/lang/python/tests/t-export.py index f8d02f2..db36b98 100755 --- a/lang/python/tests/t-export.py +++ b/lang/python/tests/t-export.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import core, constants import support diff --git a/lang/python/tests/t-file-name.py b/lang/python/tests/t-file-name.py index 09eb1f9..e93b120 100755 --- a/lang/python/tests/t-file-name.py +++ b/lang/python/tests/t-file-name.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import os from pyme import core, constants import support diff --git a/lang/python/tests/t-idiomatic.py b/lang/python/tests/t-idiomatic.py index 6dbe620..f063206 100755 --- a/lang/python/tests/t-idiomatic.py +++ b/lang/python/tests/t-idiomatic.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import io import os diff --git a/lang/python/tests/t-import.py b/lang/python/tests/t-import.py index b267fc8..0b50d02 100755 --- a/lang/python/tests/t-import.py +++ b/lang/python/tests/t-import.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import core, constants import support diff --git a/lang/python/tests/t-keylist.py b/lang/python/tests/t-keylist.py index 7b7bbae..5e8b333 100755 --- a/lang/python/tests/t-keylist.py +++ b/lang/python/tests/t-keylist.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import core, constants import support diff --git a/lang/python/tests/t-protocol-assuan.py b/lang/python/tests/t-protocol-assuan.py index a86146b..172c7d0 100755 --- a/lang/python/tests/t-protocol-assuan.py +++ b/lang/python/tests/t-protocol-assuan.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import pyme with pyme.Context(protocol=pyme.constants.PROTOCOL_ASSUAN) as c: diff --git a/lang/python/tests/t-sig-notation.py b/lang/python/tests/t-sig-notation.py index c523006..777bc0b 100755 --- a/lang/python/tests/t-sig-notation.py +++ b/lang/python/tests/t-sig-notation.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import os from pyme import core, constants import support diff --git a/lang/python/tests/t-sign.py b/lang/python/tests/t-sign.py index 5f26ff3..b0e211a 100755 --- a/lang/python/tests/t-sign.py +++ b/lang/python/tests/t-sign.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import os import pyme from pyme import core, constants diff --git a/lang/python/tests/t-signers.py b/lang/python/tests/t-signers.py index 7b064c9..11403af 100755 --- a/lang/python/tests/t-signers.py +++ b/lang/python/tests/t-signers.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import pyme from pyme import core, constants import support diff --git a/lang/python/tests/t-trustlist.py b/lang/python/tests/t-trustlist.py index a33e35e..4253bd7 100755 --- a/lang/python/tests/t-trustlist.py +++ b/lang/python/tests/t-trustlist.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + from pyme import core, constants import support diff --git a/lang/python/tests/t-verify.py b/lang/python/tests/t-verify.py index 25c8c0c..39f6176 100755 --- a/lang/python/tests/t-verify.py +++ b/lang/python/tests/t-verify.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import sys import os import pyme diff --git a/lang/python/tests/t-wait.py b/lang/python/tests/t-wait.py index 9f3a7ed..b7d9a34 100755 --- a/lang/python/tests/t-wait.py +++ b/lang/python/tests/t-wait.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + import time from pyme import core, constants, errors import support commit 3b37c4efcf68657a856dbce60c0bd0fc78dd0770 Author: Justus Winter Date: Wed Sep 14 10:51:49 2016 +0200 python: Use more generic shebang. -- Signed-off-by: Justus Winter diff --git a/lang/python/examples/assuan.py b/lang/python/examples/assuan.py index 82b1e1d..e4822b7 100644 --- a/lang/python/examples/assuan.py +++ b/lang/python/examples/assuan.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/examples/decryption-filter.py b/lang/python/examples/decryption-filter.py index 1647ca3..dbd66fc 100644 --- a/lang/python/examples/decryption-filter.py +++ b/lang/python/examples/decryption-filter.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/examples/delkey.py b/lang/python/examples/delkey.py index e607f21..491f38a 100755 --- a/lang/python/examples/delkey.py +++ b/lang/python/examples/delkey.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi diff --git a/lang/python/examples/encrypt-to-all.py b/lang/python/examples/encrypt-to-all.py index 4586f93..304b474 100755 --- a/lang/python/examples/encrypt-to-all.py +++ b/lang/python/examples/encrypt-to-all.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2008 Igor Belyi diff --git a/lang/python/examples/exportimport.py b/lang/python/examples/exportimport.py index 39b1595..8d76fa1 100755 --- a/lang/python/examples/exportimport.py +++ b/lang/python/examples/exportimport.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi diff --git a/lang/python/examples/genkey.py b/lang/python/examples/genkey.py index 66e382b..972fed7 100755 --- a/lang/python/examples/genkey.py +++ b/lang/python/examples/genkey.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004 Igor Belyi diff --git a/lang/python/examples/inter-edit.py b/lang/python/examples/inter-edit.py index 8199cc6..2f8e4ef 100644 --- a/lang/python/examples/inter-edit.py +++ b/lang/python/examples/inter-edit.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2005 Igor Belyi diff --git a/lang/python/examples/sign.py b/lang/python/examples/sign.py index 0dd6a7c..d376683 100755 --- a/lang/python/examples/sign.py +++ b/lang/python/examples/sign.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2002 John Goerzen diff --git a/lang/python/examples/signverify.py b/lang/python/examples/signverify.py index 7a24d71..e7bf0c9 100755 --- a/lang/python/examples/signverify.py +++ b/lang/python/examples/signverify.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi diff --git a/lang/python/examples/simple.py b/lang/python/examples/simple.py index 50a3938..ca72cf1 100755 --- a/lang/python/examples/simple.py +++ b/lang/python/examples/simple.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2005 Igor Belyi diff --git a/lang/python/examples/testCMSgetkey.py b/lang/python/examples/testCMSgetkey.py index 7c642e6..fbaa042 100644 --- a/lang/python/examples/testCMSgetkey.py +++ b/lang/python/examples/testCMSgetkey.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2008 Bernhard Reiter diff --git a/lang/python/examples/verifydetails.py b/lang/python/examples/verifydetails.py index b57ed84..1cd538c 100755 --- a/lang/python/examples/verifydetails.py +++ b/lang/python/examples/verifydetails.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi diff --git a/lang/python/gpgme-h-clean.py b/lang/python/gpgme-h-clean.py index b29b2e1..ce368f0 100755 --- a/lang/python/gpgme-h-clean.py +++ b/lang/python/gpgme-h-clean.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index 22035cb..a9c7691 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004 Igor Belyi diff --git a/lang/python/tests/final.py b/lang/python/tests/final.py index f75c200..15010af 100755 --- a/lang/python/tests/final.py +++ b/lang/python/tests/final.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/initial.py b/lang/python/tests/initial.py index 169c3df..7adaa91 100755 --- a/lang/python/tests/initial.py +++ b/lang/python/tests/initial.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-callbacks.py b/lang/python/tests/t-callbacks.py index 3219463..fc58683 100755 --- a/lang/python/tests/t-callbacks.py +++ b/lang/python/tests/t-callbacks.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-data.py b/lang/python/tests/t-data.py index 3774f09..6e05d13 100755 --- a/lang/python/tests/t-data.py +++ b/lang/python/tests/t-data.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-decrypt-verify.py b/lang/python/tests/t-decrypt-verify.py index 0f615dc..6518d79 100755 --- a/lang/python/tests/t-decrypt-verify.py +++ b/lang/python/tests/t-decrypt-verify.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-decrypt.py b/lang/python/tests/t-decrypt.py index b5c4700..3b0c484 100755 --- a/lang/python/tests/t-decrypt.py +++ b/lang/python/tests/t-decrypt.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-edit.py b/lang/python/tests/t-edit.py index 64255c9..8bebe67 100755 --- a/lang/python/tests/t-edit.py +++ b/lang/python/tests/t-edit.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2005 Igor Belyi # Copyright (C) 2016 g10 Code GmbH diff --git a/lang/python/tests/t-encrypt-large.py b/lang/python/tests/t-encrypt-large.py index 29f9de2..d5b9dc9 100755 --- a/lang/python/tests/t-encrypt-large.py +++ b/lang/python/tests/t-encrypt-large.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-encrypt-sign.py b/lang/python/tests/t-encrypt-sign.py index 31cc94f..8c4b5d9 100755 --- a/lang/python/tests/t-encrypt-sign.py +++ b/lang/python/tests/t-encrypt-sign.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-encrypt-sym.py b/lang/python/tests/t-encrypt-sym.py index c5be183..c279d6a 100755 --- a/lang/python/tests/t-encrypt-sym.py +++ b/lang/python/tests/t-encrypt-sym.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-encrypt.py b/lang/python/tests/t-encrypt.py index 4c77f39..456f2c1 100755 --- a/lang/python/tests/t-encrypt.py +++ b/lang/python/tests/t-encrypt.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-export.py b/lang/python/tests/t-export.py index a102425..f8d02f2 100755 --- a/lang/python/tests/t-export.py +++ b/lang/python/tests/t-export.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-file-name.py b/lang/python/tests/t-file-name.py index 6f9294e..09eb1f9 100755 --- a/lang/python/tests/t-file-name.py +++ b/lang/python/tests/t-file-name.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-idiomatic.py b/lang/python/tests/t-idiomatic.py index 726bbb9..6dbe620 100755 --- a/lang/python/tests/t-idiomatic.py +++ b/lang/python/tests/t-idiomatic.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-import.py b/lang/python/tests/t-import.py index 03b576b..b267fc8 100755 --- a/lang/python/tests/t-import.py +++ b/lang/python/tests/t-import.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-keylist.py b/lang/python/tests/t-keylist.py index 40d9c80..7b7bbae 100755 --- a/lang/python/tests/t-keylist.py +++ b/lang/python/tests/t-keylist.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-protocol-assuan.py b/lang/python/tests/t-protocol-assuan.py index 30907a1..a86146b 100755 --- a/lang/python/tests/t-protocol-assuan.py +++ b/lang/python/tests/t-protocol-assuan.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-sig-notation.py b/lang/python/tests/t-sig-notation.py index b024bb5..c523006 100755 --- a/lang/python/tests/t-sig-notation.py +++ b/lang/python/tests/t-sig-notation.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-sign.py b/lang/python/tests/t-sign.py index e066a29..5f26ff3 100755 --- a/lang/python/tests/t-sign.py +++ b/lang/python/tests/t-sign.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-signers.py b/lang/python/tests/t-signers.py index 9d2cbdc..7b064c9 100755 --- a/lang/python/tests/t-signers.py +++ b/lang/python/tests/t-signers.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-trustlist.py b/lang/python/tests/t-trustlist.py index a24eab8..a33e35e 100755 --- a/lang/python/tests/t-trustlist.py +++ b/lang/python/tests/t-trustlist.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-verify.py b/lang/python/tests/t-verify.py index ed5a91a..25c8c0c 100755 --- a/lang/python/tests/t-verify.py +++ b/lang/python/tests/t-verify.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-wait.py b/lang/python/tests/t-wait.py index 7eaa46a..9f3a7ed 100755 --- a/lang/python/tests/t-wait.py +++ b/lang/python/tests/t-wait.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # diff --git a/lang/python/tests/t-wrapper.py b/lang/python/tests/t-wrapper.py index fab0d81..d260264 100755 --- a/lang/python/tests/t-wrapper.py +++ b/lang/python/tests/t-wrapper.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # Copyright (C) 2016 g10 Code GmbH # ----------------------------------------------------------------------- Summary of changes: NEWS | 2 +- configure.ac | 62 +++++++++++++++--- lang/python/Makefile.am | 18 ++++-- lang/python/examples/assuan.py | 5 +- lang/python/examples/decryption-filter.py | 5 +- lang/python/examples/delkey.py | 5 +- lang/python/examples/encrypt-to-all.py | 5 +- lang/python/examples/exportimport.py | 5 +- lang/python/examples/genkey.py | 5 +- lang/python/examples/inter-edit.py | 5 +- lang/python/examples/sign.py | 5 +- lang/python/examples/signverify.py | 5 +- lang/python/examples/simple.py | 5 +- lang/python/examples/testCMSgetkey.py | 5 +- lang/python/examples/verifydetails.py | 5 +- lang/python/gpgme-h-clean.py | 5 +- lang/python/pyme/__init__.py | 3 + lang/python/pyme/callbacks.py | 3 + lang/python/pyme/constants/__init__.py | 3 + lang/python/pyme/constants/data/__init__.py | 3 + lang/python/pyme/constants/data/encoding.py | 3 + lang/python/pyme/constants/event.py | 3 + lang/python/pyme/constants/import.py | 3 + lang/python/pyme/constants/keylist/__init__.py | 3 + lang/python/pyme/constants/keylist/mode.py | 3 + lang/python/pyme/constants/md.py | 3 + lang/python/pyme/constants/pk.py | 3 + lang/python/pyme/constants/protocol.py | 3 + lang/python/pyme/constants/sig/__init__.py | 3 + lang/python/pyme/constants/sig/mode.py | 3 + lang/python/pyme/constants/sigsum.py | 3 + lang/python/pyme/constants/status.py | 3 + lang/python/pyme/constants/validity.py | 3 + lang/python/pyme/core.py | 3 + lang/python/pyme/errors.py | 3 + lang/python/pyme/results.py | 3 + lang/python/pyme/util.py | 3 + lang/python/pyme/version.py.in | 3 + lang/python/setup.py.in | 2 +- lang/python/tests/Makefile.am | 23 +++++-- lang/python/tests/final.py | 5 +- lang/python/tests/initial.py | 5 +- lang/python/tests/run-tests.py | 90 ++++++++++++++++++++++++++ lang/python/tests/support.py | 3 + lang/python/tests/t-callbacks.py | 5 +- lang/python/tests/t-data.py | 5 +- lang/python/tests/t-decrypt-verify.py | 5 +- lang/python/tests/t-decrypt.py | 5 +- lang/python/tests/t-edit.py | 5 +- lang/python/tests/t-encrypt-large.py | 5 +- lang/python/tests/t-encrypt-sign.py | 5 +- lang/python/tests/t-encrypt-sym.py | 5 +- lang/python/tests/t-encrypt.py | 5 +- lang/python/tests/t-export.py | 5 +- lang/python/tests/t-file-name.py | 5 +- lang/python/tests/t-idiomatic.py | 5 +- lang/python/tests/t-import.py | 5 +- lang/python/tests/t-keylist.py | 5 +- lang/python/tests/t-protocol-assuan.py | 5 +- lang/python/tests/t-sig-notation.py | 5 +- lang/python/tests/t-sign.py | 5 +- lang/python/tests/t-signers.py | 5 +- lang/python/tests/t-trustlist.py | 5 +- lang/python/tests/t-verify.py | 5 +- lang/python/tests/t-wait.py | 5 +- lang/python/tests/t-wrapper.py | 2 +- 66 files changed, 392 insertions(+), 56 deletions(-) create mode 100644 lang/python/tests/run-tests.py hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 12:46:05 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Sep 2016 12:46:05 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-355-gc943380 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c943380b7a2cc9b32f81c22224fc6f92e8ea8469 (commit) via c22f5884c50557f54704f4becc5a8c1ee0749547 (commit) from 24b4162d908b48a92660020be0b776c2874fb05a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c943380b7a2cc9b32f81c22224fc6f92e8ea8469 Author: Werner Koch Date: Wed Sep 14 12:41:16 2016 +0200 core: New function gpgme_op_revuid. * src/engine.h (GENKEY_EXTRAFLAG_REVOKE): New. * src/genkey.c (adduid_start): Rename to addrevuid_start. Add arg REVOKE and pass it as extraflags. Remove useless ARMOR extraflag. Adjust callers. (gpgme_op_revuid_start, gpgme_op_revuid): New. * src/gpgme.def, src/libgpgme.vers: Add them. * tests/run-genkey.c: Add option --revuid. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index e428bd5..10296ff 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,8 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] gpgme_op_createsubkey_start NEW. gpgme_op_adduid_start NEW. gpgme_op_adduid NEW. + gpgme_op_revuid_start NEW. + gpgme_op_revuid NEW. gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey. gpgme_signature_t EXTENDED: New field key. gpgme_key_t EXTENDED: New field fpr. diff --git a/src/engine-gpg.c b/src/engine-gpg.c index db6637a..534d5d1 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2115,14 +2115,19 @@ gpg_addkey (engine_gpg_t gpg, static gpgme_error_t gpg_adduid (engine_gpg_t gpg, gpgme_key_t key, - const char *userid) + const char *userid, + unsigned int extraflags) { gpgme_error_t err; if (!key || !key->fpr || !userid) return gpg_error (GPG_ERR_INV_ARG); - err = add_arg (gpg, "--quick-adduid"); + if ((extraflags & GENKEY_EXTRAFLAG_REVOKE)) + err = add_arg (gpg, "--quick-revuid"); + else + err = add_arg (gpg, "--quick-adduid"); + if (!err) err = add_arg (gpg, "--"); if (!err) @@ -2184,7 +2189,7 @@ gpg_genkey (void *engine, else if (!userid && key) err = gpg_addkey (gpg, algo, expires, key, flags, extraflags); else if (userid && key && !algo) - err = gpg_adduid (gpg, key, userid); + err = gpg_adduid (gpg, key, userid, extraflags); else err = gpg_error (GPG_ERR_INV_VALUE); diff --git a/src/engine.h b/src/engine.h index 391caf2..eb37da8 100644 --- a/src/engine.h +++ b/src/engine.h @@ -25,7 +25,8 @@ #include "gpgme.h" /* Flags used by the EXTRAFLAGS arg of _gpgme_engine_op_genkey. */ -#define GENKEY_EXTRAFLAG_ARMOR 1 +#define GENKEY_EXTRAFLAG_ARMOR 1 +#define GENKEY_EXTRAFLAG_REVOKE 2 struct engine; diff --git a/src/genkey.c b/src/genkey.c index 100e655..9dcf0be 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -181,7 +181,7 @@ genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) return gpg_error (GPG_ERR_GENERAL); else if (opd->failure_code) return opd->failure_code; - else if (opd->uidmode) + else if (opd->uidmode == 1) opd->result.uid = 1; /* We have no status line, thus this hack. */ break; @@ -489,8 +489,8 @@ gpgme_op_createsubkey (gpgme_ctx_t ctx, gpgme_key_t key, const char *algo, static gpgme_error_t -adduid_start (gpgme_ctx_t ctx, int synchronous, - gpgme_key_t key, const char *userid, unsigned int flags) +addrevuid_start (gpgme_ctx_t ctx, int synchronous, int revoke, + gpgme_key_t key, const char *userid, unsigned int flags) { gpgme_error_t err; void *hook; @@ -512,7 +512,7 @@ adduid_start (gpgme_ctx_t ctx, int synchronous, if (err) return err; - opd->uidmode = 1; + opd->uidmode = revoke? 2 : 1; _gpgme_engine_set_status_handler (ctx->engine, genkey_status_handler, ctx); @@ -528,7 +528,7 @@ adduid_start (gpgme_ctx_t ctx, int synchronous, userid, NULL, 0, 0, key, flags, NULL, - ctx->use_armor? GENKEY_EXTRAFLAG_ARMOR:0, + revoke? GENKEY_EXTRAFLAG_REVOKE : 0, NULL, NULL); } @@ -547,7 +547,7 @@ gpgme_op_adduid_start (gpgme_ctx_t ctx, if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); - err = adduid_start (ctx, 0, key, userid, flags); + err = addrevuid_start (ctx, 0, 0, key, userid, flags); return TRACE_ERR (err); } @@ -564,7 +564,44 @@ gpgme_op_adduid (gpgme_ctx_t ctx, if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); - err = adduid_start (ctx, 1, key, userid, flags); + err = addrevuid_start (ctx, 1, 0, key, userid, flags); + if (!err) + err = _gpgme_wait_one (ctx); + return TRACE_ERR (err); +} + + +/* Revoke USERID from KEY. */ +gpgme_error_t +gpgme_op_revuid_start (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG2 (DEBUG_CTX, "gpgme_op_revuid_start", ctx, + "uid='%s' flags=0x%x", userid, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); + + err = addrevuid_start (ctx, 0, 1, key, userid, flags); + return TRACE_ERR (err); +} + + +gpgme_error_t +gpgme_op_revuid (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG2 (DEBUG_CTX, "gpgme_op_revuid", ctx, + "uid='%s' flags=0x%x", userid, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); + + err = addrevuid_start (ctx, 1, 1, key, userid, flags); if (!err) err = _gpgme_wait_one (ctx); return TRACE_ERR (err); diff --git a/src/gpgme.def b/src/gpgme.def index 54b04e0..4c7ff41 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -235,6 +235,8 @@ EXPORTS gpgme_op_createsubkey @175 gpgme_op_adduid_start @176 gpgme_op_adduid @177 + gpgme_op_revuid_start @178 + gpgme_op_revuid @179 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index ec436c8..a26b432 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1894,10 +1894,18 @@ gpgme_error_t gpgme_op_createsubkey (gpgme_ctx_t ctx, /* Add USERID to an existing KEY. */ gpgme_error_t gpgme_op_adduid_start (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, - unsigned int flags); + unsigned int reserved); gpgme_error_t gpgme_op_adduid (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, - unsigned int flags); + unsigned int reserved); + +/* Revoke a USERID from a KEY. */ +gpgme_error_t gpgme_op_revuid_start (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + unsigned int reserved); +gpgme_error_t gpgme_op_revuid (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + unsigned int reserved); diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 0cef9e0..8193ee4 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -109,6 +109,8 @@ GPGME_1.1 { gpgme_op_createsubkey; gpgme_op_adduid_start; gpgme_op_adduid; + gpgme_op_revuid_start; + gpgme_op_revuid; }; diff --git a/tests/run-genkey.c b/tests/run-genkey.c index 959e2ea..20e7db5 100644 --- a/tests/run-genkey.c +++ b/tests/run-genkey.c @@ -203,9 +203,11 @@ show_usage (int ex) " args: USERID [ALGO [USAGE [EXPIRESECONDS]]]\n" " for addkey: FPR [ALGO [USAGE [EXPIRESECONDS]]]\n" " for adduid: FPR USERID\n" + " for revuid: FPR USERID\n" "Options:\n" " --addkey add a subkey to the key with FPR\n" " --adduid add a user id to the key with FPR\n" + " --revuid Revoke a user id from the key with FPR\n" " --verbose run in verbose mode\n" " --status print status lines from the backend\n" " --progress print progress info\n" @@ -231,6 +233,7 @@ main (int argc, char **argv) int use_loopback = 0; int addkey = 0; int adduid = 0; + int revuid = 0; const char *userid; const char *algo = NULL; const char *newuserid = NULL; @@ -255,12 +258,21 @@ main (int argc, char **argv) { addkey = 1; adduid = 0; + revuid = 0; argc--; argv++; } else if (!strcmp (*argv, "--adduid")) { addkey = 0; adduid = 1; + revuid = 0; + argc--; argv++; + } + else if (!strcmp (*argv, "--revuid")) + { + addkey = 0; + adduid = 0; + revuid = 1; argc--; argv++; } else if (!strcmp (*argv, "--verbose")) @@ -307,7 +319,7 @@ main (int argc, char **argv) show_usage (1); } - if (adduid) + if (adduid || revuid) { if (argc != 2) show_usage (1); @@ -346,7 +358,7 @@ main (int argc, char **argv) gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); } - if (addkey || adduid) + if (addkey || adduid || revuid) { gpgme_key_t akey; @@ -378,6 +390,16 @@ main (int argc, char **argv) exit (1); } } + else if (revuid) + { + err = gpgme_op_revuid (ctx, akey, newuserid, flags); + if (err) + { + fprintf (stderr, PGM ": gpgme_op_revuid failed: %s\n", + gpg_strerror (err)); + exit (1); + } + } gpgme_key_unref (akey); } else commit c22f5884c50557f54704f4becc5a8c1ee0749547 Author: Werner Koch Date: Wed Sep 14 12:15:35 2016 +0200 core: Change a parameter for the engine's genkey function. * src/engine.h (GENKEY_EXTRAFLAG_ARMOR): New. * src/engine-backend.h (engine_ops): Rename USE_ARMOR in genkey to EXTRAFLAGS. * src/engine.c (_gpgme_engine_op_genkey): Ditto. * src/engine-gpg.c (gpg_createkey_from_param): Ditto and test the flags. (gpg_createkey_legacy): Ditto. (gpg_createkey): Ditto. (gpg_addkey): Ditto. (gpg_genkey): Ditto. Signed-off-by: Werner Koch diff --git a/src/engine-backend.h b/src/engine-backend.h index 842292d..ec1a58c 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -86,7 +86,8 @@ struct engine_ops const char *userid, const char *algo, unsigned long reserved, unsigned long expires, gpgme_key_t key, unsigned int flags, - gpgme_data_t help_data, int use_armor, + gpgme_data_t help_data, + unsigned int extraflags, gpgme_data_t pubkey, gpgme_data_t seckey); gpgme_error_t (*import) (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray); diff --git a/src/engine-gpg.c b/src/engine-gpg.c index d2b6dd3..db6637a 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2012,12 +2012,12 @@ gpg_add_algo_usage_expire (engine_gpg_t gpg, static gpgme_error_t gpg_createkey_from_param (engine_gpg_t gpg, - gpgme_data_t help_data, int use_armor) + gpgme_data_t help_data, unsigned int extraflags) { gpgme_error_t err; err = add_arg (gpg, "--gen-key"); - if (!err && use_armor) + if (!err && (extraflags & GENKEY_EXTRAFLAG_ARMOR)) err = add_arg (gpg, "--armor"); if (!err) err = add_arg (gpg, "--"); @@ -2036,7 +2036,7 @@ gpg_createkey_legacy (engine_gpg_t gpg, const char *userid, const char *algo, unsigned long expires, unsigned int flags, - int use_armor) + unsigned int extraflags) { return gpg_error (GPG_ERR_NOT_IMPLEMENTED); } @@ -2047,12 +2047,12 @@ gpg_createkey (engine_gpg_t gpg, const char *userid, const char *algo, unsigned long expires, unsigned int flags, - int use_armor) + unsigned int extraflags) { gpgme_error_t err; err = add_arg (gpg, "--quick-gen-key"); - if (!err && use_armor) + if (!err && (extraflags & GENKEY_EXTRAFLAG_ARMOR)) err = add_arg (gpg, "--armor"); if (!err && (flags & GPGME_CREATE_NOPASSWD)) { @@ -2082,7 +2082,7 @@ gpg_addkey (engine_gpg_t gpg, unsigned long expires, gpgme_key_t key, unsigned int flags, - int use_armor) + unsigned int extraflags) { gpgme_error_t err; @@ -2090,7 +2090,7 @@ gpg_addkey (engine_gpg_t gpg, return gpg_error (GPG_ERR_INV_ARG); err = add_arg (gpg, "--quick-addkey"); - if (!err && use_armor) + if (!err && (extraflags & GENKEY_EXTRAFLAG_ARMOR)) err = add_arg (gpg, "--armor"); if (!err && (flags & GPGME_CREATE_NOPASSWD)) { @@ -2141,7 +2141,7 @@ gpg_genkey (void *engine, const char *userid, const char *algo, unsigned long reserved, unsigned long expires, gpgme_key_t key, unsigned int flags, - gpgme_data_t help_data, int use_armor, + gpgme_data_t help_data, unsigned int extraflags, gpgme_data_t pubkey, gpgme_data_t seckey) { engine_gpg_t gpg = engine; @@ -2169,20 +2169,20 @@ gpg_genkey (void *engine, if (pubkey || seckey) err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); else - err = gpg_createkey_from_param (gpg, help_data, use_armor); + err = gpg_createkey_from_param (gpg, help_data, extraflags); } else if (userid && !key) { if (!have_gpg_version (gpg, "2.1.13")) err = gpg_createkey_legacy (gpg, userid, algo, expires, flags, - use_armor); + extraflags); else - err = gpg_createkey (gpg, userid, algo, expires, flags, use_armor); + err = gpg_createkey (gpg, userid, algo, expires, flags, extraflags); } else if (!have_gpg_version (gpg, "2.1.13")) err = gpg_error (GPG_ERR_NOT_SUPPORTED); else if (!userid && key) - err = gpg_addkey (gpg, algo, expires, key, flags, use_armor); + err = gpg_addkey (gpg, algo, expires, key, flags, extraflags); else if (userid && key && !algo) err = gpg_adduid (gpg, key, userid); else diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 0610c7a..071626a 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1447,7 +1447,7 @@ gpgsm_genkey (void *engine, const char *userid, const char *algo, unsigned long reserved, unsigned long expires, gpgme_key_t key, unsigned int flags, - gpgme_data_t help_data, int use_armor, + gpgme_data_t help_data, unsigned int extraflags, gpgme_data_t pubkey, gpgme_data_t seckey) { engine_gpgsm_t gpgsm = engine; @@ -1468,7 +1468,8 @@ gpgsm_genkey (void *engine, if (err) return err; gpgsm->output_cb.data = pubkey; - err = gpgsm_set_fd (gpgsm, OUTPUT_FD, use_armor ? "--armor" + err = gpgsm_set_fd (gpgsm, OUTPUT_FD, + (extraflags & GENKEY_EXTRAFLAG_ARMOR)? "--armor" : map_data_enc (gpgsm->output_cb.data)); if (err) return err; diff --git a/src/engine.c b/src/engine.c index 1ff8698..b3bbcab 100644 --- a/src/engine.c +++ b/src/engine.c @@ -778,8 +778,8 @@ _gpgme_engine_op_genkey (engine_t engine, unsigned long reserved, unsigned long expires, gpgme_key_t key, unsigned int flags, gpgme_data_t help_data, - int use_armor, gpgme_data_t pubkey, - gpgme_data_t seckey) + unsigned int extraflags, + gpgme_data_t pubkey, gpgme_data_t seckey) { if (!engine) return gpg_error (GPG_ERR_INV_VALUE); @@ -789,7 +789,7 @@ _gpgme_engine_op_genkey (engine_t engine, return (*engine->ops->genkey) (engine->engine, userid, algo, reserved, expires, key, flags, - help_data, use_armor, + help_data, extraflags, pubkey, seckey); } diff --git a/src/engine.h b/src/engine.h index 857dff4..391caf2 100644 --- a/src/engine.h +++ b/src/engine.h @@ -24,6 +24,10 @@ #include "gpgme.h" +/* Flags used by the EXTRAFLAGS arg of _gpgme_engine_op_genkey. */ +#define GENKEY_EXTRAFLAG_ARMOR 1 + + struct engine; typedef struct engine *engine_t; @@ -113,7 +117,8 @@ gpgme_error_t _gpgme_engine_op_genkey (engine_t engine, unsigned long expires, gpgme_key_t key, unsigned int flags, gpgme_data_t help_data, - int use_armor, gpgme_data_t pubkey, + unsigned int extraflags, + gpgme_data_t pubkey, gpgme_data_t seckey); gpgme_error_t _gpgme_engine_op_import (engine_t engine, gpgme_data_t keydata, diff --git a/src/genkey.c b/src/genkey.c index b93abb8..100e655 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -267,7 +267,8 @@ genkey_start (gpgme_ctx_t ctx, int synchronous, const char *parms, return _gpgme_engine_op_genkey (ctx->engine, NULL, NULL, 0, 0, NULL, 0, opd->key_parameter, - ctx->use_armor, pubkey, seckey); + ctx->use_armor? GENKEY_EXTRAFLAG_ARMOR:0, + pubkey, seckey); } @@ -352,7 +353,9 @@ createkey_start (gpgme_ctx_t ctx, int synchronous, return _gpgme_engine_op_genkey (ctx->engine, userid, algo, reserved, expires, anchorkey, flags, - NULL, ctx->use_armor, NULL, NULL); + NULL, + ctx->use_armor? GENKEY_EXTRAFLAG_ARMOR:0, + NULL, NULL); } @@ -438,7 +441,9 @@ createsubkey_start (gpgme_ctx_t ctx, int synchronous, return _gpgme_engine_op_genkey (ctx->engine, NULL, algo, reserved, expires, key, flags, - NULL, ctx->use_armor, NULL, NULL); + NULL, + ctx->use_armor? GENKEY_EXTRAFLAG_ARMOR:0, + NULL, NULL); } @@ -522,7 +527,9 @@ adduid_start (gpgme_ctx_t ctx, int synchronous, return _gpgme_engine_op_genkey (ctx->engine, userid, NULL, 0, 0, key, flags, - NULL, ctx->use_armor, NULL, NULL); + NULL, + ctx->use_armor? GENKEY_EXTRAFLAG_ARMOR:0, + NULL, NULL); } ----------------------------------------------------------------------- Summary of changes: NEWS | 2 ++ src/engine-backend.h | 3 ++- src/engine-gpg.c | 35 ++++++++++++++++------------ src/engine-gpgsm.c | 5 ++-- src/engine.c | 6 ++--- src/engine.h | 8 ++++++- src/genkey.c | 64 ++++++++++++++++++++++++++++++++++++++++++++-------- src/gpgme.def | 2 ++ src/gpgme.h.in | 12 ++++++++-- src/libgpgme.vers | 2 ++ tests/run-genkey.c | 26 +++++++++++++++++++-- 11 files changed, 129 insertions(+), 36 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 13:11:13 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 14 Sep 2016 13:11:13 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-356-g99db351 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 99db351288d5bb075f124ef10e540e25bc36b70a (commit) from c943380b7a2cc9b32f81c22224fc6f92e8ea8469 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 99db351288d5bb075f124ef10e540e25bc36b70a Author: Justus Winter Date: Wed Sep 14 13:00:20 2016 +0200 python: Improve build system integration. * configure.ac: Try to compile a Python module for each version. * m4/m4_ax_swig_python.m4: Drop unused file. Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index bcac13f..352ac8b 100644 --- a/configure.ac +++ b/configure.ac @@ -392,6 +392,11 @@ if test "$found_py" = "1" -o "$found_py2" = "1" -o "$found_py3" = "1"; then PYTHON_VERSIONS= unset PYTHON unset PYTHON_VERSION + unset PYTHON_CPPFLAGS + unset PYTHON_LDFLAGS + unset PYTHON_SITE_PKG + unset PYTHON_EXTRA_LIBS + unset PYTHON_EXTRA_LDFLAGS unset ac_cv_path_PYTHON unset am_cv_pathless_PYTHON unset am_cv_python_version @@ -401,6 +406,7 @@ if test "$found_py" = "1" -o "$found_py2" = "1" -o "$found_py3" = "1"; then if test "$found_py" = "1" -o "$found_py2" = "1"; then AM_PATH_PYTHON([2.7]) + AX_PYTHON_DEVEL if test "$PYTHON"; then PYTHONS="$(echo $PYTHONS $PYTHON)" PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" @@ -411,6 +417,11 @@ if test "$found_py" = "1" -o "$found_py2" = "1" -o "$found_py3" = "1"; then # Reset everything, so that we can look for another Python. unset PYTHON unset PYTHON_VERSION + unset PYTHON_CPPFLAGS + unset PYTHON_LDFLAGS + unset PYTHON_SITE_PKG + unset PYTHON_EXTRA_LIBS + unset PYTHON_EXTRA_LDFLAGS unset ac_cv_path_PYTHON unset am_cv_pathless_PYTHON unset am_cv_python_version @@ -418,6 +429,7 @@ if test "$found_py" = "1" -o "$found_py2" = "1" -o "$found_py3" = "1"; then unset am_cv_python_pythondir unset am_cv_python_pyexecdir AM_PATH_PYTHON([3.4]) + AX_PYTHON_DEVEL if test "$PYTHON"; then PYTHONS="$(echo $PYTHONS $PYTHON)" PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" diff --git a/m4/m4_ax_swig_python.m4 b/m4/m4_ax_swig_python.m4 deleted file mode 100644 index bf22558..0000000 --- a/m4/m4_ax_swig_python.m4 +++ /dev/null @@ -1,64 +0,0 @@ -# =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_swig_python.html -# =========================================================================== -# -# SYNOPSIS -# -# AX_SWIG_PYTHON([use-shadow-classes = {no, yes}]) -# -# DESCRIPTION -# -# Checks for Python and provides the $(AX_SWIG_PYTHON_CPPFLAGS), and -# $(AX_SWIG_PYTHON_OPT) output variables. -# -# $(AX_SWIG_PYTHON_OPT) contains all necessary SWIG options to generate -# code for Python. Shadow classes are enabled unless the value of the -# optional first argument is exactly 'no'. If you need multi module -# support (provided by the AX_SWIG_MULTI_MODULE_SUPPORT macro) use -# $(AX_SWIG_PYTHON_LIBS) to link against the appropriate library. It -# contains the SWIG Python runtime library that is needed by the type -# check system for example. -# -# LICENSE -# -# Copyright (c) 2008 Sebastian Huber -# Copyright (c) 2008 Alan W. Irwin -# Copyright (c) 2008 Rafael Laboissiere -# Copyright (c) 2008 Andrew Collier -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General -# Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program. If not, see . -# -# As a special exception, the respective Autoconf Macro's copyright owner -# gives unlimited permission to copy, distribute and modify the configure -# scripts that are the output of Autoconf when processing the Macro. You -# need not follow the terms of the GNU General Public License when using -# or distributing such scripts, even though portions of the text of the -# Macro appear in them. The GNU General Public License (GPL) does govern -# all other use of the material that constitutes the Autoconf Macro. -# -# This special exception to the GPL applies to versions of the Autoconf -# Macro released by the Autoconf Archive. When you make and distribute a -# modified version of the Autoconf Macro, you may extend this special -# exception to the GPL to apply to your modified version as well. - -#serial 10 - -AU_ALIAS([SWIG_PYTHON], [AX_SWIG_PYTHON]) -AC_DEFUN([AX_SWIG_PYTHON],[ - AC_REQUIRE([AX_PKG_SWIG]) - AC_REQUIRE([AX_PYTHON_DEVEL]) - test "x$1" != "xno" || swig_shadow=" -noproxy" - AC_SUBST([AX_SWIG_PYTHON_OPT],[-python$swig_shadow]) - AC_SUBST([AX_SWIG_PYTHON_CPPFLAGS],[$PYTHON_CPPFLAGS]) -]) ----------------------------------------------------------------------- Summary of changes: configure.ac | 12 ++++++++++ m4/m4_ax_swig_python.m4 | 64 ------------------------------------------------- 2 files changed, 12 insertions(+), 64 deletions(-) delete mode 100644 m4/m4_ax_swig_python.m4 hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 14:23:54 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 14 Sep 2016 14:23:54 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-23-g3985969 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via 3985969e5557b472f74ac4cd7e247aeeb555b1fe (commit) via 4229a56e2e3b1018cafec9a833eb36d948041f51 (commit) from 553db6ba3cfaca7275669abbc5024037363630be (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3985969e5557b472f74ac4cd7e247aeeb555b1fe Author: Andre Heinecke Date: Wed Sep 14 14:18:44 2016 +0200 Start refactoring mimeparser into mimedataprovider * src/mail.cpp (Mail::parsing_done): Use new API. * src/mailparser.cpp: Move out body / attachment handling. * src/mailparser.h: Update accordingly. * src/mapihelp.cpp (mapi_mark_or_create_moss_attach): Fix return for multipart/signed. * src/mimedataprovider.cpp, src/mimedataprovider.h: Rework. -- The MimeDataprovider now handles the transition from a MIME Message into a signed / signature or for crypto messages into a (html)body with attachments. It can be wrapped into GpgME::Data. After creation of a MimeDataprovider no more MAPI structures are needed and everything is currently done in memory. The mimeparser code is based on the old mimeparser.c but a bit simplyfied and restructured to split out the actual mime parsing from the crypto calls. This is a first working version and is not fully working yet. diff --git a/src/mail.cpp b/src/mail.cpp index 6043ed1..98a0be6 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -327,10 +327,10 @@ void Mail::parsing_done() { m_needs_wipe = true; /* Update the body */ - const auto html = m_parser->get_utf8_html_body(); - if (!html->empty()) + const auto html = m_parser->get_html_body(); + if (!html.empty()) { - if (put_oom_string (m_mailitem, "HTMLBody", html->c_str())) + if (put_oom_string (m_mailitem, "HTMLBody", html.c_str())) { log_error ("%s:%s: Failed to modify html body of item.", SRCNAME, __func__); @@ -339,8 +339,8 @@ void Mail::parsing_done() } else { - const auto body = m_parser->get_utf8_text_body(); - if (put_oom_string (m_mailitem, "Body", body->c_str())) + const auto body = m_parser->get_body(); + if (put_oom_string (m_mailitem, "Body", body.c_str())) { log_error ("%s:%s: Failed to modify body of item.", SRCNAME, __func__); diff --git a/src/mailparser.cpp b/src/mailparser.cpp index c73de1f..e34c749 100644 --- a/src/mailparser.cpp +++ b/src/mailparser.cpp @@ -33,9 +33,8 @@ using namespace GpgME; MailParser::MailParser(LPSTREAM instream, msgtype_t type): - m_body (std::shared_ptr(new std::string())), - m_htmlbody (std::shared_ptr(new std::string())), - m_input (Data(new MimeDataProvider(instream))), + m_inputprovider (new MimeDataProvider(instream)), + m_outputprovider (new MimeDataProvider()), m_type (type), m_error (false) { @@ -46,6 +45,8 @@ MailParser::MailParser(LPSTREAM instream, msgtype_t type): MailParser::~MailParser() { log_debug ("%s:%s", SRCNAME, __func__); + delete m_inputprovider; + delete m_outputprovider; } static void @@ -91,29 +92,37 @@ MailParser::parse() auto ctx = Context::createForProtocol (protocol); ctx->setArmor(true); + Data output(m_outputprovider); + Data input(m_inputprovider); + log_debug ("%s:%s: decrypt: %i verify: %i with protocol: %s", + SRCNAME, __func__, + decrypt, verify, + protocol == OpenPGP ? "OpenPGP" : + protocol == CMS ? "CMS" : "Unknown"); if (decrypt) { - Data output; - log_debug ("%s:%s: Decrypting with protocol: %s", - SRCNAME, __func__, - protocol == OpenPGP ? "OpenPGP" : - protocol == CMS ? "CMS" : "Unknown"); - auto combined_result = ctx->decryptAndVerify(m_input, output); + auto combined_result = ctx->decryptAndVerify(input, output); m_decrypt_result = combined_result.first; m_verify_result = combined_result.second; - if (m_decrypt_result.error()) + } + else + { + const auto sig = m_inputprovider->signature(); + /* Ignore the first two bytes if we did not decrypt. */ + input.seek (2, SEEK_SET); + if (sig) { - MessageBox (NULL, "Decryption failed.", "Failed", MB_OK); + sig->seek (0, SEEK_SET); + m_verify_result = ctx->verifyDetachedSignature(*sig, input); } - char buf[2048]; - size_t bRead; - output.seek (0, SEEK_SET); - while ((bRead = output.read (buf, 2048)) > 0) + else { - (*m_body).append(buf, bRead); + m_verify_result = ctx->verifyOpaqueSignature(input, output); } - log_debug ("Body is: %s", m_body->c_str()); } + log_debug ("%s:%s: decrypt err: %i verify err: %i", + SRCNAME, __func__, m_decrypt_result.error().code(), + m_verify_result.error().code()); if (opt.enable_debug) { @@ -121,27 +130,50 @@ MailParser::parse() ss << m_decrypt_result << '\n' << m_verify_result; log_debug ("Decrypt / Verify result: %s", ss.str().c_str()); } + /* Attachment *att = new Attachment (); att->write ("Hello attachment", strlen ("Hello attachment")); att->set_display_name ("The Attachment.txt"); m_attachments.push_back (std::shared_ptr(att)); + */ return std::string(); } -std::shared_ptr -MailParser::get_utf8_html_body() +const std::string +MailParser::get_html_body() const { - return m_htmlbody; + if (m_outputprovider) + { + return m_outputprovider->get_html_body(); + } + else + { + return std::string(); + } } -std::shared_ptr -MailParser::get_utf8_text_body() +const std::string +MailParser::get_body() const { - return m_body; + if (m_outputprovider) + { + return m_outputprovider->get_body(); + } + else + { + return std::string(); + } } std::vector > -MailParser::get_attachments() +MailParser::get_attachments() const { - return m_attachments; + if (m_outputprovider) + { + return m_outputprovider->get_attachments(); + } + else + { + return std::vector >(); + } } diff --git a/src/mailparser.h b/src/mailparser.h index f92c313..53fb25d 100644 --- a/src/mailparser.h +++ b/src/mailparser.h @@ -34,6 +34,7 @@ #include class Attachment; +class MimeDataProvider; class MailParser { @@ -53,22 +54,19 @@ public: * empty string on success or an error message on failure. */ std::string parse(); - /** Get the Body converted to utf8. Call parse first. */ - std::shared_ptr get_utf8_text_body(); + /** Get the Body. Call parse first. */ + const std::string get_body() const; - /** Get an alternative? HTML Body converted to utf8. Call parse first. */ - std::shared_ptr get_utf8_html_body(); + /** Get an alternative? HTML Body. Call parse first. */ + const std::string get_html_body() const; /** Get the decrypted / verified attachments. Call parse first. */ - std::vector > get_attachments(); + std::vector > get_attachments() const; private: - std::vector > m_attachments; - std::shared_ptr m_body; - std::shared_ptr m_htmlbody; - /* State variables */ - GpgME::Data m_input; + MimeDataProvider *m_inputprovider; + MimeDataProvider *m_outputprovider; msgtype_t m_type; bool m_error; GpgME::DecryptionResult m_decrypt_result; diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index 854e6f4..9c25abc 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -3530,7 +3530,9 @@ mapi_mark_or_create_moss_attach (LPMESSAGE message, msgtype_t msgtype) { /* Found existing moss attachment */ mapi_release_attach_table (table); - return part2; + if (part2) + return part2; + return part1; } if (msgtype == MSGTYPE_GPGOL_CLEAR_SIGNED || diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index d6628f3..56622d6 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -20,31 +20,454 @@ #include "common.h" #include "mimedataprovider.h" +#include "parsetlv.h" +#include "rfc822parse.h" +#include "rfc2047parse.h" +#include "attachment.h" /* The maximum length of a line we are able to process. RFC822 allows only for 1000 bytes; thus 2000 seems to be a reasonable value. */ #define LINEBUFSIZE 2000 -/* How much data is read from the underlying stream in a collect - call. */ +/* How much data is read at once in collect */ #define BUFSIZE 8192 #include +/* To keep track of the MIME message structures we use a linked list + with each item corresponding to one part. */ +struct mimestruct_item_s; +typedef struct mimestruct_item_s *mimestruct_item_t; +struct mimestruct_item_s +{ + mimestruct_item_t next; + unsigned int level; /* Level in the hierarchy of that part. 0 + indicates the outer body. */ + char *filename; /* Malloced filename or NULL. */ + char *charset; /* Malloced charset or NULL. */ + char content_type[1]; /* String with the content type. */ +}; + +/* The context object we use to track information. */ +struct mime_context +{ + rfc822parse_t msg; /* The handle of the RFC822 parser. */ + + int verify_mode; /* True if we want to verify a signature. */ + int no_mail_header; /* True if we want to bypass all MIME parsing. */ + + int nesting_level; /* Current MIME nesting level. */ + int in_data; /* We are currently in data (body or attachment). */ + int body_seen; /* True if we have seen a part we consider the + body of the message. */ + + int collect_attachment; /* True if we are collecting an attachment */ + std::shared_ptr current_attachment; /* A pointer to the current + attachment */ + int collect_body; /* True if we are collcting the body */ + int collect_html_body; /* True if we are collcting the html body */ + int collect_signeddata; /* True if we are collecting the signed data. */ + int collect_signature; /* True if we are collecting a signature. */ + int start_hashing; /* Flag used to start collecting signed data. */ + int hashing_level; /* MIME level where we started hashing. */ + int is_qp_encoded; /* Current part is QP encoded. */ + int is_base64_encoded; /* Current part is base 64 encoded. */ + int is_body; /* The current part belongs to the body. */ + int is_opaque_signed; /* Flag indicating opaque signed S/MIME. */ + int may_be_opaque_signed;/* Hack, see code. */ + protocol_t protocol; /* The detected crypto protocol. */ + + int part_counter; /* Counts the number of processed parts. */ + int any_boundary; /* Indicates whether we have seen any + boundary which means that we are actually + working on a MIME message and not just on + plain rfc822 message. */ + + /* A linked list describing the structure of the mime message. This + list gets build up while parsing the message. */ + mimestruct_item_t mimestruct; + mimestruct_item_t *mimestruct_tail; + mimestruct_item_t mimestruct_cur; + + int any_attachments_created; /* True if we created a new atatchment. */ + + b64_state_t base64; /* The state of the Base-64 decoder. */ + + gpg_error_t parser_error; /* Indicates that we encountered a error from + the parser. */ +}; +typedef struct mime_context *mime_context_t; + +/* Print the message event EVENT. */ +static void +debug_message_event (rfc822parse_event_t event) +{ + const char *s; + + switch (event) + { + case RFC822PARSE_OPEN: s= "Open"; break; + case RFC822PARSE_CLOSE: s= "Close"; break; + case RFC822PARSE_CANCEL: s= "Cancel"; break; + case RFC822PARSE_T2BODY: s= "T2Body"; break; + case RFC822PARSE_FINISH: s= "Finish"; break; + case RFC822PARSE_RCVD_SEEN: s= "Rcvd_Seen"; break; + case RFC822PARSE_LEVEL_DOWN: s= "Level_Down"; break; + case RFC822PARSE_LEVEL_UP: s= "Level_Up"; break; + case RFC822PARSE_BOUNDARY: s= "Boundary"; break; + case RFC822PARSE_LAST_BOUNDARY: s= "Last_Boundary"; break; + case RFC822PARSE_BEGIN_HEADER: s= "Begin_Header"; break; + case RFC822PARSE_PREAMBLE: s= "Preamble"; break; + case RFC822PARSE_EPILOGUE: s= "Epilogue"; break; + default: s= "[unknown event]"; break; + } + log_mime_parser ("%s: rfc822 event %s\n", SRCNAME, s); +} + +/* Returns true if the BER encoded data in BUFFER is CMS signed data. + LENGTH gives the length of the buffer, for correct detection LENGTH + should be at least about 24 bytes. */ +#if 0 +static int +is_cms_signed_data (const char *buffer, size_t length) +{ + const char *p = buffer; + size_t n = length; + tlvinfo_t ti; + + if (parse_tlv (&p, &n, &ti)) + return 0; + if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_SEQUENCE + && ti.is_cons) ) + return 0; + if (parse_tlv (&p, &n, &ti)) + return 0; + if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_OBJECT_ID + && !ti.is_cons && ti.length) || ti.length > n) + return 0; + if (ti.length == 9 && !memcmp (p, "\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02", 9)) + return 1; + return 0; +} +#endif + +/* Process the transition to body event. + + This means we have received the empty line indicating the body and + should now check the headers to see what to do about this part. */ +static int +t2body (MimeDataProvider *provider, rfc822parse_t msg) +{ + rfc822parse_field_t field; + mime_context_t ctx = provider->mime_context (); + const char *ctmain, *ctsub; + const char *s; + size_t off; + char *p; + int is_text = 0; + int not_inline_text = 0; + char *filename = NULL; + char *charset = NULL; + + /* Figure out the encoding. */ + ctx->is_qp_encoded = 0; + ctx->is_base64_encoded = 0; + p = rfc822parse_get_field (msg, "Content-Transfer-Encoding", -1, &off); + if (p) + { + if (!stricmp (p+off, "quoted-printable")) + ctx->is_qp_encoded = 1; + else if (!stricmp (p+off, "base64")) + { + ctx->is_base64_encoded = 1; + b64_init (&ctx->base64); + } + free (p); + } + + /* Get the filename from the header. */ + field = rfc822parse_parse_field (msg, "Content-Disposition", -1); + if (field) + { + s = rfc822parse_query_parameter (field, "filename", 0); + if (s) + filename = rfc2047_parse (s); + s = rfc822parse_query_parameter (field, NULL, 1); + if (s && strcmp (s, "inline")) + not_inline_text = 1; + rfc822parse_release_field (field); + } + + /* Process the Content-type and all its parameters. */ + ctmain = ctsub = NULL; + field = rfc822parse_parse_field (msg, "Content-Type", -1); + if (field) + ctmain = rfc822parse_query_media_type (field, &ctsub); + if (!ctmain) + { + /* Either there is no content type field or it is faulty; in + both cases we fall back to text/plain. */ + ctmain = "text"; + ctsub = "plain"; + } + + log_mime_parser ("%s:%s: ctx=%p, ct=`%s/%s'\n", + SRCNAME, __func__, ctx, ctmain, ctsub); + + s = rfc822parse_query_parameter (field, "charset", 0); + if (s) + charset = xstrdup (s); + + if (!filename) + { + /* Check for Content-Type name if Content-Disposition filename + was not found */ + s = rfc822parse_query_parameter (field, "name", 0); + if (s) + filename = rfc2047_parse (s); + } + + /* Update our idea of the entire MIME structure. */ + { + mimestruct_item_t ms; + + ms = (mimestruct_item_t) xmalloc (sizeof *ms + strlen (ctmain) + 1 + strlen (ctsub)); + ctx->mimestruct_cur = ms; + *ctx->mimestruct_tail = ms; + ctx->mimestruct_tail = &ms->next; + ms->next = NULL; + strcpy (stpcpy (stpcpy (ms->content_type, ctmain), "/"), ctsub); + ms->level = ctx->nesting_level; + ms->filename = filename; + filename = NULL; + ms->charset = charset; + charset = NULL; + } + + if (!strcmp (ctmain, "multipart")) + { + /* We don't care about the top level multipart layer but wait + until it comes to the actual parts which then will get stored + as attachments. + + For now encapsulated signed or encrypted containers are not + processed in a special way as they should. Except for the + simple verify mode. */ + if (!provider->signature() + && !strcmp (ctsub, "signed") + && (s = rfc822parse_query_parameter (field, "protocol", 0))) + { + if (!strcmp (s, "application/pgp-signature")) + ctx->protocol = PROTOCOL_OPENPGP; + else if (!strcmp (s, "application/pkcs7-signature") + || !strcmp (s, "application/x-pkcs7-signature")) + ctx->protocol = PROTOCOL_SMIME; + else + ctx->protocol = PROTOCOL_UNKNOWN; + + /* Need to start the hashing after the next boundary. */ + ctx->start_hashing = 1; + } + } + else if (!strcmp (ctmain, "text")) + { + is_text = !strcmp (ctsub, "html")? 2:1; + } + else if (ctx->nesting_level == 1 && !provider->signature() + && !strcmp (ctmain, "application") + && ((ctx->protocol == PROTOCOL_OPENPGP + && !strcmp (ctsub, "pgp-signature")) + || (ctx->protocol == PROTOCOL_SMIME + && (!strcmp (ctsub, "pkcs7-signature") + || !strcmp (ctsub, "x-pkcs7-signature"))))) + { + /* This is the second part of a MOSS signature. We only support + here full messages thus checking the nesting level is + sufficient. We do this only for the first signature (i.e. if + sig_data has not been set yet). We also do this only while + in verify mode because we don't want to write a full MUA. */ + ctx->collect_signature = 1; + log_mime_parser ("Collecting signature now"); + } + else /* Other type. */ + { + /* Check whether this attachment is an opaque signed S/MIME + part. We use a counter to later check that there is only one + such part. */ + if (!strcmp (ctmain, "application") + && (!strcmp (ctsub, "pkcs7-mime") + || !strcmp (ctsub, "x-pkcs7-mime"))) + { + const char *smtype = rfc822parse_query_parameter (field, + "smime-type", 0); + if (smtype && !strcmp (smtype, "signed-data")) + ctx->is_opaque_signed++; + else + { + /* CryptoEx is notorious in setting wrong MIME header. + Mark that so we can test later if possible. */ + ctx->may_be_opaque_signed++; + } + } + + ctx->collect_attachment = 1; + } + rfc822parse_release_field (field); /* (Content-type) */ + ctx->in_data = 1; + + /* Need to start an attachment if we have seen a content disposition + other then the inline type. */ + if (is_text && not_inline_text) + ctx->collect_attachment = 1; + + log_mime_parser ("%s:%s: this body: nesting=%d partno=%d is_text=%d, is_opq=%d" + " charset=\"%s\"\n", + SRCNAME, __func__, + ctx->nesting_level, ctx->part_counter, is_text, + ctx->is_opaque_signed, + ctx->mimestruct_cur->charset?ctx->mimestruct_cur->charset:""); + + /* If this is a text part, decide whether we treat it as our body. */ + if (is_text && !not_inline_text) + { + ctx->collect_attachment = 1; + ctx->body_seen = 1; + if (is_text == 2) + { + ctx->collect_html_body = 1; + ctx->collect_body = 0; + } + else + { + ctx->collect_body = 1; + ctx->collect_html_body = 0; + } + } + else if (ctx->collect_attachment) + { + /* Now that if we have an attachment prepare a new MAPI + attachment. */ + ctx->current_attachment = provider->create_attachment(); + } + + return 0; +} + static int message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg) { - (void) opaque; - (void) event; - (void) msg; - return 0; + int retval = 0; + + MimeDataProvider *provider = static_cast (opaque); + + mime_context_t ctx = provider->mime_context(); + + debug_message_event (event); + if (ctx->no_mail_header) + { + /* Assume that this is not a regular mail but plain text. */ + if (event == RFC822PARSE_OPEN) + return 0; /* We need to skip the OPEN event. */ + if (!ctx->body_seen) + { + log_mime_parser ("%s:%s: assuming this is plain text without headers\n", + SRCNAME, __func__); + ctx->in_data = 1; + ctx->collect_attachment = 2; /* 2 so we don't skip the first line. */ + ctx->body_seen = 1; + /* Create a fake MIME structure. */ + /* Fixme: We might want to take it from the enclosing message. */ + { + const char ctmain[] = "text"; + const char ctsub[] = "plain"; + mimestruct_item_t ms; + + ms = (mimestruct_item_t) xmalloc (sizeof *ms + strlen (ctmain) + 1 + strlen (ctsub)); + ctx->mimestruct_cur = ms; + *ctx->mimestruct_tail = ms; + ctx->mimestruct_tail = &ms->next; + ms->next = NULL; + strcpy (stpcpy (stpcpy (ms->content_type, ctmain), "/"), ctsub); + ms->level = 0; + ms->filename = NULL; + ms->charset = NULL; + } + ctx->collect_body = 1; + } + return 0; + } + + if (event == RFC822PARSE_BEGIN_HEADER || event == RFC822PARSE_T2BODY) + { + /* We need to check here whether to start collecting signed data + because attachments might come without header lines and thus + we won't see the BEGIN_HEADER event. */ + if (ctx->start_hashing == 1) + { + ctx->start_hashing = 2; + ctx->hashing_level = ctx->nesting_level; + ctx->collect_signeddata = 1; + } + } + + + switch (event) + { + case RFC822PARSE_T2BODY: + retval = t2body (provider, msg); + break; + + case RFC822PARSE_LEVEL_DOWN: + ctx->nesting_level++; + break; + + case RFC822PARSE_LEVEL_UP: + if (ctx->nesting_level) + ctx->nesting_level--; + else + { + log_error ("%s: ctx=%p, invalid structure: bad nesting level\n", + SRCNAME, ctx); + ctx->parser_error = gpg_error (GPG_ERR_GENERAL); + } + break; + + case RFC822PARSE_BOUNDARY: + case RFC822PARSE_LAST_BOUNDARY: + ctx->any_boundary = 1; + ctx->in_data = 0; + ctx->collect_attachment = 0; + ctx->collect_body = 0; + + if (ctx->start_hashing == 2 && ctx->hashing_level == ctx->nesting_level) + { + ctx->start_hashing = 3; /* Avoid triggering it again. */ + ctx->collect_signeddata = 0; + } + break; + + case RFC822PARSE_BEGIN_HEADER: + ctx->part_counter++; + break; + + default: /* Ignore all other events. */ + break; + } + + return retval; +} + +MimeDataProvider::MimeDataProvider() : + m_signature(nullptr) +{ + m_mime_ctx = (mime_context_t) xcalloc (1, sizeof *m_mime_ctx); + m_mime_ctx->msg = rfc822parse_open (message_cb, this); + m_mime_ctx->mimestruct_tail = &m_mime_ctx->mimestruct; } MimeDataProvider::MimeDataProvider(LPSTREAM stream): - m_collect(true), - m_parser(rfc822parse_open (message_cb, this)), - m_current_encoding(None) + MimeDataProvider() { if (stream) { @@ -55,7 +478,6 @@ MimeDataProvider::MimeDataProvider(LPSTREAM stream): log_error ("%s:%s called without stream ", SRCNAME, __func__); return; } - b64_init (&m_base64_context); log_mime_parser ("%s:%s Collecting data.", SRCNAME, __func__); collect_data (stream); log_mime_parser ("%s:%s Data collected.", SRCNAME, __func__); @@ -65,6 +487,11 @@ MimeDataProvider::MimeDataProvider(LPSTREAM stream): MimeDataProvider::~MimeDataProvider() { log_debug ("%s:%s", SRCNAME, __func__); + free (m_mime_ctx); + if (m_signature) + { + delete m_signature; + } } bool @@ -80,7 +507,7 @@ MimeDataProvider::read(void *buffer, size_t size) { log_mime_parser ("%s:%s: Reading: " SIZE_T_FORMAT "Bytes", SRCNAME, __func__, size); - ssize_t bRead = m_data.read (buffer, size); + ssize_t bRead = m_crypto_data.read (buffer, size); if (opt.enable_debug & DBG_MIME_PARSER) { std::string buf ((char *)buffer, bRead); @@ -90,29 +517,6 @@ MimeDataProvider::read(void *buffer, size_t size) return bRead; } -void -MimeDataProvider::decode_and_collect(char *line, size_t pos) -{ - /* We are inside the data. That should be the actual - ciphertext in the given encoding. Add it to our internal - cache. */ - int slbrk = 0; - size_t len; - - if (m_current_encoding == Quoted) - len = qp_decode (line, pos, &slbrk); - else if (m_current_encoding == Base64) - len = b64_decode (&m_base64_context, line, pos); - else - len = pos; - m_data.write (line, len); - if (m_current_encoding != Encoding::Base64 && !slbrk) - { - m_data.write ("\r\n", 2); - } - return; -} - /* Split some raw data into lines and handle them accordingly. returns the amount of bytes not taken from the input buffer. */ @@ -124,6 +528,7 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) size_t pos = 0; size_t nleft = insize; size_t not_taken = nleft; + size_t len = 0; /* Split the raw data into lines */ for (; nleft; nleft--, s++) @@ -146,7 +551,10 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) pos--; } - if (rfc822parse_insert (m_parser, + log_mime_parser("%s:%s: Parsing line=`%.*s'\n", + SRCNAME, __func__, (int)pos, linebuf); + /* Check the next state */ + if (rfc822parse_insert (m_mime_ctx->msg, (unsigned char*) linebuf, pos)) { @@ -154,11 +562,107 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) SRCNAME, __func__, strerror (errno)); return not_taken; } + /* If we are currently in a collecting state actually collect that line */ - if (m_collect) + if (m_mime_ctx->collect_signeddata) { - decode_and_collect (linebuf, pos); + /* Save the signed data. Note that we need to delay + the CR/LF because the last line ending belongs to the + next boundary. */ + if (m_mime_ctx->collect_signeddata == 2) + { + m_crypto_data.write ("\r\n", 2); + } + log_debug ("Writing signeddata: %s pos: %i", linebuf, pos); + m_crypto_data.write (linebuf, pos); + m_mime_ctx->collect_signeddata = 2; + } + if (m_mime_ctx->in_data && m_mime_ctx->collect_attachment) + { + /* We are inside of an attachment part. Write it out. */ + if (m_mime_ctx->collect_attachment == 1) /* Skip the first line. */ + m_mime_ctx->collect_attachment = 2; + + int slbrk = 0; + if (m_mime_ctx->is_qp_encoded) + len = qp_decode (linebuf, pos, &slbrk); + else if (m_mime_ctx->is_base64_encoded) + len = b64_decode (&m_mime_ctx->base64, linebuf, pos); + else + len = pos; + + if (m_mime_ctx->collect_body) + { + m_body += std::string(linebuf, len); + if (!m_mime_ctx->is_base64_encoded && !slbrk) + { + m_body += "\r\n"; + } + } + else if (m_mime_ctx->collect_html_body) + { + m_html_body += std::string(linebuf, len); + if (!m_mime_ctx->is_base64_encoded && !slbrk) + { + m_body += "\r\n"; + } + } + else if (m_mime_ctx->current_attachment && len) + { + m_mime_ctx->current_attachment->write(linebuf, len); + if (!m_mime_ctx->is_base64_encoded && !slbrk) + { + m_mime_ctx->current_attachment->write("\r\n", 2); + } + } + else + { + log_mime_parser ("%s:%s Collecting ended / failed.", + SRCNAME, __func__); + } + } + else if (m_mime_ctx->in_data && m_mime_ctx->collect_signature) + { + /* We are inside of a signature attachment part. */ + if (m_mime_ctx->collect_signature == 1) /* Skip the first line. */ + m_mime_ctx->collect_signature = 2; + else + { + int slbrk = 0; + + if (m_mime_ctx->is_qp_encoded) + len = qp_decode (linebuf, pos, &slbrk); + else if (m_mime_ctx->is_base64_encoded) + len = b64_decode (&m_mime_ctx->base64, linebuf, pos); + else + len = pos; + if (!m_signature) + { + m_signature = new GpgME::Data(); + } + if (len) + m_signature->write(linebuf, len); + if (!m_mime_ctx->is_base64_encoded && !slbrk) + m_signature->write("\r\n", 2); + } + } + else if (m_mime_ctx->in_data) + { + /* We are inside the data. That should be the actual + ciphertext in the given encoding. */ + int slbrk = 0; + + if (m_mime_ctx->is_qp_encoded) + len = qp_decode (linebuf, pos, &slbrk); + else if (m_mime_ctx->is_base64_encoded) + len = b64_decode (&m_mime_ctx->base64, linebuf, pos); + else + len = pos; + if (len) + m_crypto_data.write(linebuf, len); + if (!m_mime_ctx->is_base64_encoded && !slbrk) + m_crypto_data.write("\r\n", 2); } /* Continue with next line. */ pos = 0; @@ -206,8 +710,63 @@ MimeDataProvider::collect_data(LPSTREAM stream) } } +ssize_t MimeDataProvider::write(const void *buffer, size_t bufSize) +{ + m_rawbuf += std::string ((const char*)buffer, bufSize); + size_t not_taken = collect_input_lines (m_rawbuf.c_str(), + m_rawbuf.size()); + + if (not_taken == m_rawbuf.size()) + { + log_error ("%s:%s: Write failed to consume anything.\n" + "Buffer too small?", + SRCNAME, __func__); + return bufSize; + } + log_mime_parser ("%s:%s: Write Consumed: " SIZE_T_FORMAT " bytes", + SRCNAME, __func__, m_rawbuf.size() - not_taken); + m_rawbuf.erase (0, m_rawbuf.size() - not_taken); + return bufSize; +} + off_t MimeDataProvider::seek(off_t offset, int whence) { - return m_data.seek (offset, whence); + return m_crypto_data.seek (offset, whence); +} + +GpgME::Data * +MimeDataProvider::signature() const +{ + return m_signature; +} + +std::shared_ptr +MimeDataProvider::create_attachment() +{ + log_mime_parser ("%s:%s: Creating attachment.", + SRCNAME, __func__); + + auto attach = std::shared_ptr (new Attachment()); + attach->set_attach_type (ATTACHTYPE_FROMMOSS); + m_mime_ctx->any_attachments_created = 1; + + /* And now for the real name. We avoid storing the name "smime.p7m" + because that one is used at several places in the mapi conversion + functions. */ + if (m_mime_ctx->mimestruct_cur && m_mime_ctx->mimestruct_cur->filename) + { + if (!strcmp (m_mime_ctx->mimestruct_cur->filename, "smime.p7m")) + { + attach->set_display_name ("x-smime.p7m"); + } + else + { + attach->set_display_name (m_mime_ctx->mimestruct_cur->filename); + } + } + m_attachments.push_back (attach); + + return attach; + /* TODO handle encoding */ } diff --git a/src/mimedataprovider.h b/src/mimedataprovider.h index 8b9d8ee..9722d00 100644 --- a/src/mimedataprovider.h +++ b/src/mimedataprovider.h @@ -26,19 +26,38 @@ #include "rfc822parse.h" #include +struct mime_context; +typedef struct mime_context *mime_context_t; +class Attachment; /** This class does simple one level mime parsing to find crypto data. Use the mimedataprovider on a body or attachment stream. It will do the conversion from MIME to PGP / CMS data on the fly. + Similarly when writing it will split up the data into a body / + html body and attachments. - The raw mime data from the underlying stream is "collected" and - parsed into Crypto data which is then buffered in "databuf". + A detached signature will be made available through the + signature function. + + When reading the raw mime data from the underlying stream is + "collected" and parsed into crypto data which is then + buffered in an internal gpgme data stucture. + + For historicial reasons this class both provides reading + and writing to be able to reuse the same mimeparser code. + Similarly using the C-Style parsing code is for historic + reason because as this class was created to have a data + container unrelated of the Outlook Object model (after + creation) the mimeparser code already existed and was + stable. */ class MimeDataProvider : public GpgME::DataProvider { public: + /* Create an empty dataprovider, useful for writing to. */ + MimeDataProvider(); /* Read and parse the stream. Does not hold a reference to the stream but releases it after read. */ MimeDataProvider(LPSTREAM stream); @@ -51,33 +70,53 @@ public: the conversion code interanally to convert mime data into PGP/CMS Data that GpgME can work with. */ ssize_t read(void *buffer, size_t bufSize); - ssize_t write(const void *buffer, size_t bufSize) { - (void)buffer; (void)bufSize; return -1; - } + + ssize_t write(const void *buffer, size_t bufSize); + /* Seek the underlying stream. This discards the internal buffers as the offset is not mapped. Should not really be used but can be used to reset the DataProvider. */ off_t seek(off_t offset, int whence); + /* Noop */ void release() {} - /* The the data of the signature part. */ - const GpgME::Data &get_signature_data(); + /* The the data of the signature part. + + If not null then this is a pointer to the signature + data that is valid for the lifetime of this object. + */ + GpgME::Data *signature() const; + + /* Add an attachment to the list */ + std::shared_ptr create_attachment(); + + mime_context_t mime_context() {return m_mime_ctx;} + + const std::string get_body() const {return m_body;} + const std::string get_html_body() const {return m_html_body;} + const std::vector > get_attachments() const + {return m_attachments;} private: /* Collect the crypto data from mime. */ void collect_data(LPSTREAM stream); /* Collect a single line. */ size_t collect_input_lines(const char *input, size_t size); - /* Move actual data into the databuffer. */ - void decode_and_collect(char *line, size_t pos); - enum Encoding {None, Base64, Quoted}; + /* A detached signature found in the input */ std::string m_sig_data; - GpgME::Data m_data; - GpgME::Data m_signature; + /* The data to be passed to the crypto operation */ + GpgME::Data m_crypto_data; + /* The plaintext body. */ + std::string m_body; + /* The plaintext html body. */ + std::string m_html_body; + /* A detachted signature found in the mail */ + GpgME::Data *m_signature; + /* Internal helper to read line based */ std::string m_rawbuf; - bool m_collect; - rfc822parse_t m_parser; - Encoding m_current_encoding; - b64_state_t m_base64_context; + /* The mime context */ + mime_context_t m_mime_ctx; + /* List of attachments. */ + std::vector > m_attachments; }; #endif // MIMEDATAPROVIDER_H commit 4229a56e2e3b1018cafec9a833eb36d948041f51 Author: Andre Heinecke Date: Wed Sep 14 14:16:30 2016 +0200 Fix c++ linkage of rfc2047parse * src/rfc2047parse.h: Add Include Guard and c++ linkage. diff --git a/src/rfc2047parse.h b/src/rfc2047parse.h index 593b6fd..f5c9af5 100644 --- a/src/rfc2047parse.h +++ b/src/rfc2047parse.h @@ -1,3 +1,5 @@ +#ifndef SRC_RFC2047PARSE_H +#define SRC_RFC2047PARSE_H /* @file rfc2047parse.h * @brief Parser for filenames encoded according to rfc2047 * @@ -19,6 +21,13 @@ * along with this program; if not, see . */ +#ifdef __cplusplus +extern "C" { +#if 0 +} +#endif +#endif + /** @brief Try to parse a string according to rfc2047. * * On error the error is logged and a copy of the original @@ -29,3 +38,7 @@ */ char * rfc2047_parse (const char *input); +#ifdef __cplusplus +} +#endif +#endif // SRC_RFC2047PARSE_H ----------------------------------------------------------------------- Summary of changes: src/mail.cpp | 10 +- src/mailparser.cpp | 82 ++++-- src/mailparser.h | 18 +- src/mapihelp.cpp | 4 +- src/mimedataprovider.cpp | 635 ++++++++++++++++++++++++++++++++++++++++++++--- src/mimedataprovider.h | 71 ++++-- src/rfc2047parse.h | 13 + 7 files changed, 738 insertions(+), 95 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 14:39:31 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 14 Sep 2016 14:39:31 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-360-g594c3b8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 594c3b8b052e60b6be77ed532fe46549133a9726 (commit) via 4011b2b2a1050f0837e989da3db9b5459e71ccd6 (commit) via 44d18200d5ffe8691e18d93ce6c534660702b982 (commit) via f6cd560ca74248dd719a37cfb34386148727a92d (commit) from 99db351288d5bb075f124ef10e540e25bc36b70a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 594c3b8b052e60b6be77ed532fe46549133a9726 Author: Justus Winter Date: Wed Sep 14 14:36:29 2016 +0200 python: Clarify that we support Python 2.7 too. * lang/python/README: Use 'Python' instead of 'Python 3'. * lang/python/pyme/version.py.in: Likewise. * lang/python/setup.py.in: Add classifier for 2.7, drop 3 only. Signed-off-by: Justus Winter diff --git a/lang/python/README b/lang/python/README index 7ce8894..08e9863 100644 --- a/lang/python/README +++ b/lang/python/README @@ -6,7 +6,7 @@ https://www.gnupg.org/related_software/gpgme/ PyMe uses SWIG to create wrapper functions with automatic type conversions. This way most of the functions and types are converted -from C into Python 3 automatically by SWIG, reducing the maintenance +from C into Python automatically by SWIG, reducing the maintenance cost of the binginds. * Authors diff --git a/lang/python/pyme/version.py.in b/lang/python/pyme/version.py.in index 5fd9ce2..cfb9510 100644 --- a/lang/python/pyme/version.py.in +++ b/lang/python/pyme/version.py.in @@ -41,7 +41,7 @@ Copyright (C) 2002 John Goerzen""" author = "The GnuPG hackers" author_email = "gnupg-devel at gnupg.org" -description = "Python 3 support for GPGME GnuPG cryptography library" +description = "Python support for GPGME GnuPG cryptography library" homepage = "https://gnupg.org" license = """Copyright (C) 2016 g10 Code GmbH diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index a9c7691..933e780 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -175,8 +175,8 @@ setup(name="pyme3", 'Development Status :: 4 - Beta', 'Intended Audience :: Developers', 'License :: OSI Approved :: GNU Lesser General Public License v2 or later (LGPLv2+)', + 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3 :: Only', 'Programming Language :: Python :: 3.4', 'Programming Language :: Python :: 3.5', 'Programming Language :: Python :: 3.6', commit 4011b2b2a1050f0837e989da3db9b5459e71ccd6 Author: Justus Winter Date: Wed Sep 14 14:35:00 2016 +0200 python: Trim imports. * lang/python/examples/encrypt-to-all.py: Drop unused import of 'os'. * lang/python/examples/signverify.py: Likewise. * lang/python/examples/simple.py: Likewise. * lang/python/examples/verifydetails.py: Likewise. Signed-off-by: Justus Winter diff --git a/lang/python/examples/encrypt-to-all.py b/lang/python/examples/encrypt-to-all.py index bb8225b..35873bd 100755 --- a/lang/python/examples/encrypt-to-all.py +++ b/lang/python/examples/encrypt-to-all.py @@ -26,7 +26,6 @@ from __future__ import absolute_import, print_function, unicode_literals del absolute_import, print_function, unicode_literals import sys -import os import pyme with pyme.Context(armor=True) as c: diff --git a/lang/python/examples/signverify.py b/lang/python/examples/signverify.py index f12e065..03bc0a6 100755 --- a/lang/python/examples/signverify.py +++ b/lang/python/examples/signverify.py @@ -23,7 +23,6 @@ from __future__ import absolute_import, print_function, unicode_literals del absolute_import, print_function, unicode_literals import sys -import os import pyme from pyme.constants.sig import mode diff --git a/lang/python/examples/simple.py b/lang/python/examples/simple.py index ccd7cb4..5598487 100755 --- a/lang/python/examples/simple.py +++ b/lang/python/examples/simple.py @@ -21,7 +21,6 @@ from __future__ import absolute_import, print_function, unicode_literals del absolute_import, print_function, unicode_literals import sys -import os import pyme with pyme.Context(armor=True) as c: diff --git a/lang/python/examples/verifydetails.py b/lang/python/examples/verifydetails.py index 63f40c1..fa34926 100755 --- a/lang/python/examples/verifydetails.py +++ b/lang/python/examples/verifydetails.py @@ -21,7 +21,6 @@ from __future__ import absolute_import, print_function, unicode_literals del absolute_import, print_function, unicode_literals import sys -import os from pyme import core from pyme.constants import protocol commit 44d18200d5ffe8691e18d93ce6c534660702b982 Author: Justus Winter Date: Wed Sep 14 14:34:14 2016 +0200 python: Improve error handling. * lang/python/gpgme.i (gpgme_engine_info_t): Improve error handling. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index bc957e5..458ae7f 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -452,14 +452,24 @@ size++; } $result = PyList_New(size); + if ($result == NULL) + return NULL; /* raise */ for (i=0,curr=$1; inext) { PyObject *fragile, *o; fragile = SWIG_NewPointerObj(SWIG_as_voidptr(curr), $1_descriptor, %newpointer_flags); + if (fragile == NULL) + { + Py_DECREF($result); + return NULL; /* raise */ + } o = _pyme_wrap_result(fragile, "EngineInfo"); - if (o == NULL) - return NULL; /* raise */ Py_DECREF(fragile); + if (o == NULL) + { + Py_DECREF($result); + return NULL; /* raise */ + } PyList_SetItem($result, i, o); } } commit f6cd560ca74248dd719a37cfb34386148727a92d Author: Justus Winter Date: Wed Sep 14 14:32:48 2016 +0200 python: Adapt to TOFU changes. * lang/python/pyme/results.py (TofuInfo): Drop. (Signature): The TOFU information moved to the key. Signed-off-by: Justus Winter diff --git a/lang/python/pyme/results.py b/lang/python/pyme/results.py index bfc26cc..3383896 100644 --- a/lang/python/pyme/results.py +++ b/lang/python/pyme/results.py @@ -92,12 +92,9 @@ class SignResult(Result): class Notation(Result): pass -class TofuInfo(Result): - pass - class Signature(Result): _type = dict(wrong_key_usage=bool, chain_model=bool) - _map = dict(notations=Notation, tofu=TofuInfo) + _map = dict(notations=Notation) class VerifyResult(Result): _map = dict(signatures=Signature) ----------------------------------------------------------------------- Summary of changes: lang/python/README | 2 +- lang/python/examples/encrypt-to-all.py | 1 - lang/python/examples/signverify.py | 1 - lang/python/examples/simple.py | 1 - lang/python/examples/verifydetails.py | 1 - lang/python/gpgme.i | 14 ++++++++++++-- lang/python/pyme/results.py | 5 +---- lang/python/pyme/version.py.in | 2 +- lang/python/setup.py.in | 2 +- 9 files changed, 16 insertions(+), 13 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 15:31:40 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 14 Sep 2016 15:31:40 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-108-g9799b5d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9799b5d18f8fd29872b75c4d70d370af2b4e9a89 (commit) via 05b2b13efd8ecea86d31af863cbf82c8b38dc94f (commit) via ca91caabb5798f67c69ee96657c7cb402e7db0df (commit) via 9d62b79e62ef2690e6522fe1621140fbfc10695c (commit) via 8df8aa13c795e400324a782fbaea578c8f2a1398 (commit) from f4e11f2e9e8f58fd5f0df3148e6d7ccef0f84232 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9799b5d18f8fd29872b75c4d70d370af2b4e9a89 Author: Neal H. Walfield Date: Wed Sep 14 15:21:14 2016 +0200 g10: Fix whitespace. * g10/tofu.c (show_statistics): Fix whitespace. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 5cc1c22..0cd3f12 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2756,7 +2756,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, " a message to this key and user id!\n")); else if (encryption_count == 1) log_info (_("Warning: you have only encrypted" - " one message to this key and user id!\n")); + " one message to this key and user id!\n")); /* Cf. write_stats_status */ if (sqrtu32 (encryption_count * encryption_count commit 05b2b13efd8ecea86d31af863cbf82c8b38dc94f Author: Neal H. Walfield Date: Wed Sep 14 15:20:33 2016 +0200 g10: Correctly compute the euclidean distance. * g10/tofu.c (write_stats_status): Correctly compute the euclidean distance. (show_statistics): Likewise. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index ed0d92c..5cc1c22 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2514,16 +2514,17 @@ write_stats_status (estream_t fp, const char *validity; unsigned long messages; - /* Use the euclidean distance rather then the sum of the magnitudes - to ensure a balance between verified signatures and encrypted - messages. */ - messages = sqrtu32 (signature_count) + sqrtu32 (encryption_count); + /* Use the euclidean distance (m = sqrt(a^2 + b^2)) rather then the + sum of the magnitudes (m = a + b) to ensure a balance between + verified signatures and encrypted messages. */ + messages = sqrtu32 (signature_count * signature_count + + encryption_count * encryption_count); if (messages < 1) validity = "1"; /* Key without history. */ - else if (messages < sqrtu32 (2 * BASIC_TRUST_THRESHOLD)) + else if (messages < 2 * BASIC_TRUST_THRESHOLD) validity = "2"; /* Key with too little history. */ - else if (messages < sqrtu32 (2 * FULL_TRUST_THRESHOLD)) + else if (messages < 2 * FULL_TRUST_THRESHOLD) validity = "3"; /* Key with enough history for basic trust. */ else validity = "4"; /* Key with a lot of history. */ @@ -2758,8 +2759,9 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, " one message to this key and user id!\n")); /* Cf. write_stats_status */ - if (sqrtu32 (encryption_count) + sqrtu32 (signature_count) - < sqrtu32 (2 * BASIC_TRUST_THRESHOLD)) + if (sqrtu32 (encryption_count * encryption_count + + signature_count * signature_count) + < 2 * BASIC_TRUST_THRESHOLD) show_warning = 1; } } commit ca91caabb5798f67c69ee96657c7cb402e7db0df Author: Neal H. Walfield Date: Wed Sep 14 15:19:18 2016 +0200 g10: Change the default TOFU policy for UTKs to good. * g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to good. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 5c99b73..ed0d92c 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2085,10 +2085,10 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, if (policy == TOFU_POLICY_NONE) { if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_AUTO, 0, now) != 0) + TOFU_POLICY_GOOD, 0, now) != 0) { log_error (_("error setting TOFU binding's trust level" - " to %s\n"), "auto"); + " to %s\n"), "good"); trust_level = _tofu_GET_TRUST_ERROR; goto out; } commit 9d62b79e62ef2690e6522fe1621140fbfc10695c Author: Neal H. Walfield Date: Wed Sep 14 15:18:25 2016 +0200 g10: Add missing static qualifier. * g10/tofu.c (cross_sigs): Add missing static qualifier. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index da11d40..5c99b73 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1213,7 +1213,7 @@ format_conflict_msg_part1 (int policy, strlist_t conflict_set, /* Return 1 if A signed B and B signed A. */ -int +static int cross_sigs (kbnode_t a, kbnode_t b) { int i; commit 8df8aa13c795e400324a782fbaea578c8f2a1398 Author: Neal H. Walfield Date: Wed Sep 14 15:17:27 2016 +0200 g10: Default to the "good" TOFU policy for keys signed by a UTK. * g10/tofu.c (signed_by_utk): New function. (get_trust): If a key is signed by an ultimately trusted key, then set any bindings to good. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 7cf3fc7..da11d40 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1285,6 +1285,48 @@ cross_sigs (kbnode_t a, kbnode_t b) return 1; } +/* Return whether the key was signed by an ultimately trusted key. */ +static int +signed_by_utk (kbnode_t a) +{ + kbnode_t n; + + for (n = a; n; n = n->next) + { + PKT_signature *sig; + + if (n->pkt->pkttype != PKT_SIGNATURE) + continue; + + sig = n->pkt->pkt.signature; + + if (! (sig->sig_class == 0x10 + || sig->sig_class == 0x11 + || sig->sig_class == 0x12 + || sig->sig_class == 0x13)) + /* Not a signature over a user id. */ + continue; + + /* SIG is on SIGNEE's keyblock. If SIG was generated by the + signer, then it's a match. */ + if (tdb_keyid_is_utk (sig->keyid)) + { + /* Match! */ + if (DBG_TRUST) + log_debug ("TOFU: %s is signed by an ultimately trusted key.\n", + pk_keyid_str (a->pkt->pkt.public_key)); + + return 1; + } + } + + if (DBG_TRUST) + log_debug ("TOFU: %s is NOT signed by an ultimately trusted key.\n", + pk_keyid_str (a->pkt->pkt.public_key)); + + return 0; +} + enum { @@ -2121,6 +2163,61 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, * In summary: POLICY is ask or none. */ + /* Before continuing, see if the key is signed by an ultimately + trusted key. */ + { + int fingerprint_raw_len = strlen (fingerprint) / 2; + char fingerprint_raw[fingerprint_raw_len]; + int len = 0; + int is_signed_by_utk = 0; + + if (fingerprint_raw_len != 20 + || ((len = hex2bin (fingerprint, + fingerprint_raw, fingerprint_raw_len)) + != strlen (fingerprint))) + { + if (DBG_TRUST) + log_debug ("TOFU: Bad fingerprint: %s (len: %zd, parsed: %d)\n", + fingerprint, strlen (fingerprint), len); + } + else + { + int lookup_err; + kbnode_t kb; + + lookup_err = get_pubkey_byfprint (NULL, &kb, + fingerprint_raw, + fingerprint_raw_len); + if (lookup_err) + { + if (DBG_TRUST) + log_debug ("TOFU: Looking up %s: %s\n", + fingerprint, gpg_strerror (lookup_err)); + } + else + { + is_signed_by_utk = signed_by_utk (kb); + release_kbnode (kb); + } + } + + if (is_signed_by_utk) + { + if (record_binding (dbs, fingerprint, email, user_id, + TOFU_POLICY_GOOD, 0, now) != 0) + { + log_error (_("error setting TOFU binding's trust level" + " to %s\n"), "good"); + trust_level = _tofu_GET_TRUST_ERROR; + } + else + trust_level = TRUST_FULLY; + + goto out; + } + } + + /* Look for conflicts. This is needed in all 3 cases. */ conflict_set = build_conflict_set (dbs, fingerprint, email); conflict_set_count = strlist_length (conflict_set); ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 111 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 19:05:50 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Sep 2016 19:05:50 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-362-gd79dcb7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via d79dcb78d867aaf55b85aea117c4ae6035a1531a (commit) via bfd2bd0ccc9fed8284ef932ac788d4ca0dba0336 (commit) from 594c3b8b052e60b6be77ed532fe46549133a9726 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d79dcb78d867aaf55b85aea117c4ae6035a1531a Author: Werner Koch Date: Wed Sep 14 19:02:40 2016 +0200 core: Defer implementation of gpgme_op_createkey with gpg < 2.1 * src/engine-gpg.c (gpg_createkey_legacy): Mark unused variables. Signed-off-by: Werner Koch diff --git a/src/engine-gpg.c b/src/engine-gpg.c index dc0906d..ac85c4d 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2056,6 +2056,12 @@ gpg_createkey_legacy (engine_gpg_t gpg, unsigned int flags, unsigned int extraflags) { + (void)gpg; + (void)userid; + (void)algo; + (void)expires; + (void)flags; + (void)extraflags; return gpg_error (GPG_ERR_NOT_IMPLEMENTED); } commit bfd2bd0ccc9fed8284ef932ac788d4ca0dba0336 Author: Werner Koch Date: Wed Sep 14 18:44:33 2016 +0200 core: New function gpgme_op_keysign. * src/gpgme.h.in (gpgme_op_keysign_start, gpgme_op_keysign): New. (GPGME_KEYSIGN_LOCAL): New. (GPGME_KEYSIGN_LFSEP): New. (GPGME_KEYSIGN_NOEXPIRE): New. * src/context.h (ctx_op_data_id_t): Add OPDATA_KEYSIGN. * src/keysign.c: New. * src/Makefile.am (main_sources): Add keysig. * src/libgpgme.vers, src/gpgme.def: Add gpgme_op_keysign_start. * src/engine.c (_gpgme_engine_op_keysign): New. * src/engine-backend.h (engine_ops): Add 'keysign' and adjust all engine initializers. * src/engine-gpg.c (_add_arg): Add args PREFIX and ARGLEN and change callers to set them. (add_arg_pfx): New. (add_arg_len): New. (gpg_keysign): New. (_gpgme_engine_ops_gpg): Set keysign to gpg_keysign. * tests/run-keysign.c: New. * tests/Makefile.am (noinst_PROGRAMS): Add run-keysign. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 10296ff..fd9b20c 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,8 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] gpgme_op_adduid NEW. gpgme_op_revuid_start NEW. gpgme_op_revuid NEW. + gpgme_op_keysign_start NEW. + gpgme_op_keysign NEW. gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey. gpgme_signature_t EXTENDED: New field key. gpgme_key_t EXTENDED: New field fpr. @@ -50,6 +52,8 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_CREATE_WANTPUB NEW. GPGME_CREATE_WANTSEC NEW. GPGME_CREATE_FORCE NEW. + GPGME_KEYSIGN_LOCAL NEW. + GPGME_KEYSIGN_LFSEP NEW. Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] diff --git a/src/Makefile.am b/src/Makefile.am index d541f87..39752b3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -84,7 +84,7 @@ main_sources = \ op-support.c \ encrypt.c encrypt-sign.c decrypt.c decrypt-verify.c verify.c \ sign.c passphrase.c progress.c \ - key.c keylist.c trust-item.c trustlist.c \ + key.c keylist.c keysign.c trust-item.c trustlist.c \ import.c export.c genkey.c delete.c edit.c getauditlog.c \ opassuan.c passwd.c spawn.c assuan-support.c \ engine.h engine-backend.h engine.c engine-gpg.c status-table.c \ diff --git a/src/context.h b/src/context.h index de69a7a..c099d66 100644 --- a/src/context.h +++ b/src/context.h @@ -38,7 +38,7 @@ typedef enum OPDATA_DECRYPT, OPDATA_SIGN, OPDATA_ENCRYPT, OPDATA_PASSPHRASE, OPDATA_IMPORT, OPDATA_GENKEY, OPDATA_KEYLIST, OPDATA_EDIT, OPDATA_VERIFY, OPDATA_TRUSTLIST, OPDATA_ASSUAN, OPDATA_VFS_MOUNT, - OPDATA_PASSWD, OPDATA_EXPORT + OPDATA_PASSWD, OPDATA_EXPORT, OPDATA_KEYSIGN } ctx_op_data_id_t; diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 5f0ea06..6f11cc0 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -775,6 +775,7 @@ struct engine_ops _gpgme_engine_ops_assuan = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keysign */ NULL, /* sign */ NULL, /* trustlist */ NULL, /* verify */ diff --git a/src/engine-backend.h b/src/engine-backend.h index ec1a58c..ed3e303 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -98,6 +98,10 @@ struct engine_ops int secret_only, int reserved, gpgme_keylist_mode_t mode, int engine_flags); + gpgme_error_t (*keysign) (void *engine, + gpgme_key_t key, const char *userid, + unsigned long expires, unsigned int flags, + gpgme_ctx_t ctx); gpgme_error_t (*sign) (void *engine, gpgme_data_t in, gpgme_data_t out, gpgme_sig_mode_t mode, int use_armor, int use_textmode, int include_certs, diff --git a/src/engine-g13.c b/src/engine-g13.c index 7f225eb..0da00f7 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -792,6 +792,7 @@ struct engine_ops _gpgme_engine_ops_g13 = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keysign */ NULL, /* sign */ NULL, /* trustlist */ NULL, /* verify */ diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 534d5d1..dc0906d 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -206,14 +206,16 @@ close_notify_handler (int fd, void *opaque) /* If FRONT is true, push at the front of the list. Use this for options added late in the process. */ static gpgme_error_t -_add_arg (engine_gpg_t gpg, const char *arg, int front, int *arg_locp) +_add_arg (engine_gpg_t gpg, const char *prefix, const char *arg, size_t arglen, + int front, int *arg_locp) { struct arg_and_data_s *a; + size_t prefixlen = prefix? strlen (prefix) : 0; assert (gpg); assert (arg); - a = malloc (sizeof *a + strlen (arg)); + a = malloc (sizeof *a + prefixlen + arglen); if (!a) return gpg_error_from_syserror (); @@ -221,7 +223,10 @@ _add_arg (engine_gpg_t gpg, const char *arg, int front, int *arg_locp) a->dup_to = -1; a->arg_locp = arg_locp; - strcpy (a->arg, arg); + if (prefixlen) + memcpy (a->arg, prefix, prefixlen); + memcpy (a->arg + prefixlen, arg, arglen); + a->arg[prefixlen + arglen] = 0; if (front) { a->next = gpg->arglist; @@ -243,24 +248,36 @@ _add_arg (engine_gpg_t gpg, const char *arg, int front, int *arg_locp) return 0; } + static gpgme_error_t add_arg_ext (engine_gpg_t gpg, const char *arg, int front) { - return _add_arg (gpg, arg, front, NULL); + return _add_arg (gpg, NULL, arg, strlen (arg), front, NULL); } - static gpgme_error_t add_arg_with_locp (engine_gpg_t gpg, const char *arg, int *locp) { - return _add_arg (gpg, arg, 0, locp); + return _add_arg (gpg, NULL, arg, strlen (arg), 0, locp); } - static gpgme_error_t add_arg (engine_gpg_t gpg, const char *arg) { - return add_arg_ext (gpg, arg, 0); + return _add_arg (gpg, NULL, arg, strlen (arg), 0, NULL); +} + +static gpgme_error_t +add_arg_pfx (engine_gpg_t gpg, const char *prefix, const char *arg) +{ + return _add_arg (gpg, prefix, arg, strlen (arg), 0, NULL); +} + +static gpgme_error_t +add_arg_len (engine_gpg_t gpg, const char *prefix, + const char *arg, size_t arglen) +{ + return _add_arg (gpg, prefix, arg, arglen, 0, NULL); } @@ -1606,7 +1623,8 @@ append_args_from_signers (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */) err = add_arg (gpg, s); } gpgme_key_unref (key); - if (err) break; + if (err) + break; } return err; } @@ -2644,6 +2662,71 @@ gpg_keylist_ext (void *engine, const char *pattern[], int secret_only, static gpgme_error_t +gpg_keysign (void *engine, gpgme_key_t key, const char *userid, + unsigned long expire, unsigned int flags, + gpgme_ctx_t ctx) +{ + engine_gpg_t gpg = engine; + gpgme_error_t err; + const char *s; + + if (!key || !key->fpr) + return gpg_error (GPG_ERR_INV_ARG); + + if (!have_gpg_version (gpg, "2.1.12")) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + if ((flags & GPGME_KEYSIGN_LOCAL)) + err = add_arg (gpg, "--quick-lsign-key"); + else + err = add_arg (gpg, "--quick-sign-key"); + + if (!err) + err = append_args_from_signers (gpg, ctx); + + /* If an expiration time has been given use that. If none has been + * given the default from gpg.conf is used. To make sure not to set + * an expiration time at all the flag GPGME_KEYSIGN_NOEXPIRE can be + * used. */ + if (!err && (expire || (flags & GPGME_KEYSIGN_NOEXPIRE))) + { + char tmpbuf[8+20]; + + if ((flags & GPGME_KEYSIGN_NOEXPIRE)) + expire = 0; + snprintf (tmpbuf, sizeof tmpbuf, "seconds=%lu", expire); + err = add_arg (gpg, "--default-cert-expire"); + if (!err) + err = add_arg (gpg, tmpbuf); + } + + if (!err) + err = add_arg (gpg, "--"); + + if (!err) + err = add_arg (gpg, key->fpr); + if (!err && userid) + { + if ((flags & GPGME_KEYSIGN_LFSEP)) + { + for (; !err && (s = strchr (userid, '\n')); userid = s + 1) + if ((s - userid)) + err = add_arg_len (gpg, "=", userid, s - userid); + if (!err && *userid) + err = add_arg_pfx (gpg, "=", userid); + } + else + err = add_arg_pfx (gpg, "=", userid); + } + + if (!err) + err = start (gpg); + + return err; +} + + +static gpgme_error_t gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out, gpgme_sig_mode_t mode, int use_armor, int use_textmode, int include_certs, gpgme_ctx_t ctx /* FIXME */) @@ -2816,6 +2899,7 @@ struct engine_ops _gpgme_engine_ops_gpg = gpg_import, gpg_keylist, gpg_keylist_ext, + gpg_keysign, gpg_sign, gpg_trustlist, gpg_verify, diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c index 015ef00..8be76cb 100644 --- a/src/engine-gpgconf.c +++ b/src/engine-gpgconf.c @@ -957,6 +957,7 @@ struct engine_ops _gpgme_engine_ops_gpgconf = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keysign */ NULL, /* sign */ NULL, /* trustlist */ NULL, /* verify */ diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 071626a..aae9d28 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -2074,6 +2074,7 @@ struct engine_ops _gpgme_engine_ops_gpgsm = gpgsm_import, gpgsm_keylist, gpgsm_keylist_ext, + NULL, /* keysign */ gpgsm_sign, NULL, /* trustlist */ gpgsm_verify, diff --git a/src/engine-spawn.c b/src/engine-spawn.c index e2ee8ba..82dbc0b 100644 --- a/src/engine-spawn.c +++ b/src/engine-spawn.c @@ -460,6 +460,7 @@ struct engine_ops _gpgme_engine_ops_spawn = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keysign */ NULL, /* sign */ NULL, /* trustlist */ NULL, /* verify */ diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 2817527..827c347 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -1364,6 +1364,7 @@ struct engine_ops _gpgme_engine_ops_uiserver = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keysign */ uiserver_sign, NULL, /* trustlist */ uiserver_verify, diff --git a/src/engine.c b/src/engine.c index b3bbcab..47bb23c 100644 --- a/src/engine.c +++ b/src/engine.c @@ -795,6 +795,22 @@ _gpgme_engine_op_genkey (engine_t engine, gpgme_error_t +_gpgme_engine_op_keysign (engine_t engine, gpgme_key_t key, const char *userid, + unsigned long expires, unsigned int flags, + gpgme_ctx_t ctx) +{ + if (!engine) + return gpg_error (GPG_ERR_INV_VALUE); + + if (!engine->ops->keysign) + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + + return (*engine->ops->keysign) (engine->engine, + key, userid, expires, flags, ctx); +} + + +gpgme_error_t _gpgme_engine_op_import (engine_t engine, gpgme_data_t keydata, gpgme_key_t *keyarray) { diff --git a/src/engine.h b/src/engine.h index eb37da8..6f33835 100644 --- a/src/engine.h +++ b/src/engine.h @@ -121,6 +121,11 @@ gpgme_error_t _gpgme_engine_op_genkey (engine_t engine, unsigned int extraflags, gpgme_data_t pubkey, gpgme_data_t seckey); +gpgme_error_t _gpgme_engine_op_keysign (engine_t engine, + gpgme_key_t key, const char *userid, + unsigned long expires, + unsigned int flags, + gpgme_ctx_t ctx); gpgme_error_t _gpgme_engine_op_import (engine_t engine, gpgme_data_t keydata, gpgme_key_t *keyarray); diff --git a/src/gpgme.def b/src/gpgme.def index 4c7ff41..f987b38 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -237,6 +237,8 @@ EXPORTS gpgme_op_adduid @177 gpgme_op_revuid_start @178 gpgme_op_revuid @179 + gpgme_op_keysign_start @180 + gpgme_op_keysign @181 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index a26b432..121e2ce 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1921,10 +1921,32 @@ gpgme_error_t gpgme_op_delete_start (gpgme_ctx_t ctx, const gpgme_key_t key, gpgme_error_t gpgme_op_delete (gpgme_ctx_t ctx, const gpgme_key_t key, int allow_secret); + +/* + * Key signing interface + */ + +/* Flags for the key signing functions. */ +#define GPGME_KEYSIGN_LOCAL (1 << 7) /* Create a local signature. */ +#define GPGME_KEYSIGN_LFSEP (1 << 8) /* Indicate LF separated user ids. */ +#define GPGME_KEYSIGN_NOEXPIRE (1 << 9) /* Force no expiration. */ + + +/* Sign the USERID of KEY using the current set of signers. */ +gpgme_error_t gpgme_op_keysign_start (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + unsigned long expires, + unsigned int flags); +gpgme_error_t gpgme_op_keysign (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + unsigned long expires, + unsigned int flags); + + /* - * Key Edit interface + * Key edit interface */ /* Edit the key KEY. Send status and command requests to FNC and diff --git a/src/keysign.c b/src/keysign.c new file mode 100644 index 0000000..7d08c11 --- /dev/null +++ b/src/keysign.c @@ -0,0 +1,218 @@ +/* keysign.c - OpenPGP key signing + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GPGME. + * + * GPGME is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * GPGME is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#if HAVE_CONFIG_H +#include +#endif +#include +#include +#include + +#include "gpgme.h" +#include "debug.h" +#include "context.h" +#include "ops.h" +#include "util.h" + + +typedef struct +{ + /* The error code from a FAILURE status line or 0. */ + gpg_error_t failure_code; + + /* The error code from certain ERROR status lines or 0. */ + gpg_error_t error_code; + +} *op_data_t; + + +static void +release_op_data (void *hook) +{ + op_data_t opd = (op_data_t) hook; + + (void)opd; +} + + +/* Parse an error status line. Return the error location and the + error code. The function may modify ARGS. */ +static char * +parse_error (char *args, gpg_error_t *r_err) +{ + char *where = strchr (args, ' '); + char *which; + + if (where) + { + *where = '\0'; + which = where + 1; + + where = strchr (which, ' '); + if (where) + *where = '\0'; + + where = args; + } + else + { + *r_err = trace_gpg_error (GPG_ERR_INV_ENGINE); + return NULL; + } + + *r_err = atoi (which); + + return where; +} + + +static gpgme_error_t +keysign_status_handler (void *priv, gpgme_status_code_t code, char *args) +{ + gpgme_ctx_t ctx = (gpgme_ctx_t) priv; + gpgme_error_t err; + void *hook; + op_data_t opd; + char *loc; + + /* Pipe the status code through the progress status handler. */ + err = _gpgme_progress_status_handler (ctx, code, args); + if (err) + return err; + + err = _gpgme_op_data_lookup (ctx, OPDATA_KEYSIGN, &hook, -1, NULL); + opd = hook; + if (err) + return err; + + switch (code) + { + case GPGME_STATUS_ERROR: + loc = parse_error (args, &err); + if (!loc) + return err; + if (!opd->error_code) + opd->error_code = err; + break; + + case GPGME_STATUS_FAILURE: + opd->failure_code = _gpgme_parse_failure (args); + break; + + case GPGME_STATUS_EOF: + if (opd->error_code) + return opd->error_code; + else if (opd->failure_code) + return opd->failure_code; + break; + + case GPGME_STATUS_INQUIRE_MAXLEN: + if (ctx->status_cb && !ctx->full_status) + { + err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", args); + if (err) + return err; + } + break; + + default: + break; + } + return 0; +} + + +/* Sign the USERID of KEY using the current set of signers. If USERID + * is NULL, sign all user ids. To put several user ids into USERID, + * separate them by LF and set the flag GPGME_KEYSIGN_LFSEP. */ +static gpgme_error_t +keysign_start (gpgme_ctx_t ctx, int synchronous, + gpgme_key_t key, const char *userid, + unsigned long expires, unsigned int flags) +{ + gpgme_error_t err; + void *hook; + op_data_t opd; + + if (ctx->protocol != GPGME_PROTOCOL_OPENPGP) + return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL); + + err = _gpgme_op_reset (ctx, synchronous); + if (err) + return err; + + if (!key) + return gpg_error (GPG_ERR_INV_ARG); + + err = _gpgme_op_data_lookup (ctx, OPDATA_KEYSIGN, &hook, + sizeof (*opd), release_op_data); + opd = hook; + if (err) + return err; + + _gpgme_engine_set_status_handler (ctx->engine, keysign_status_handler, ctx); + + if (ctx->passphrase_cb) + { + err = _gpgme_engine_set_command_handler + (ctx->engine, _gpgme_passphrase_command_handler, ctx, NULL); + if (err) + return err; + } + + return _gpgme_engine_op_keysign (ctx->engine, + key, userid, expires, flags, ctx); +} + + +/* Sign the USERID of KEY using the current set of signers. */ +gpgme_error_t +gpgme_op_keysign_start (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, + unsigned long expires, unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG3 (DEBUG_CTX, "gpgme_op_keysign_start", ctx, + "key=%p, uid='%s' flags=0x%x", key, userid, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); + + err = keysign_start (ctx, 0, key, userid, expires, flags); + return TRACE_ERR (err); +} + + +gpgme_error_t +gpgme_op_keysign (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, + unsigned long expires, unsigned int flags) +{ + gpgme_error_t err; + + TRACE_BEG3 (DEBUG_CTX, "gpgme_op_keysign", ctx, + "key=%p, uid='%s' flags=0x%x", key, userid, flags); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); + + err = keysign_start (ctx, 1, key, userid, expires, flags); + if (!err) + err = _gpgme_wait_one (ctx); + return TRACE_ERR (err); +} diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 8193ee4..d86eee8 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -111,6 +111,8 @@ GPGME_1.1 { gpgme_op_adduid; gpgme_op_revuid_start; gpgme_op_revuid; + gpgme_op_keysign_start; + gpgme_op_keysign; }; diff --git a/tests/Makefile.am b/tests/Makefile.am index f3a1604..1370efd 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -32,7 +32,8 @@ LDADD = ../src/libgpgme.la @GPG_ERROR_LIBS@ noinst_HEADERS = run-support.h noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import run-sign \ - run-verify run-encrypt run-identify run-decrypt run-genkey + run-verify run-encrypt run-identify run-decrypt run-genkey \ + run-keysign if RUN_GPG_TESTS diff --git a/tests/run-keysign.c b/tests/run-keysign.c new file mode 100644 index 0000000..f5a13e4 --- /dev/null +++ b/tests/run-keysign.c @@ -0,0 +1,261 @@ +/* run-keysign.c - Test tool to sign a key + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GPGME. + * + * GPGME is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * GPGME is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* We need to include config.h so that we know whether we are building + with large file system (LFS) support. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include + +#define PGM "run-keysign" + +#include "run-support.h" + + +static int verbose; + + +static gpg_error_t +status_cb (void *opaque, const char *keyword, const char *value) +{ + (void)opaque; + fprintf (stderr, "status_cb: %s %s\n", nonnull(keyword), nonnull(value)); + return 0; +} + + +static unsigned long +parse_expire_string (const char *string) +{ + unsigned long seconds; + + if (!string || !*string || !strcmp (string, "none") + || !strcmp (string, "never") || !strcmp (string, "-")) + seconds = 0; + else if (strspn (string, "01234567890") == strlen (string)) + seconds = strtoul (string, NULL, 10); + else + { + fprintf (stderr, PGM ": invalid value '%s'\n", string); + exit (1); + } + + return seconds; +} + + + +static int +show_usage (int ex) +{ + fputs ("usage: " PGM " [options] FPR USERIDS\n\n" + "Options:\n" + " --verbose run in verbose mode\n" + " --status print status lines from the backend\n" + " --loopback use a loopback pinentry\n" + " --signer NAME use key NAME for signing\n" + " --local create a local signature\n" + " --noexpire force no expiration\n" + " --expire EPOCH expire the signature at EPOCH\n" + , stderr); + exit (ex); +} + + +int +main (int argc, char **argv) +{ + int last_argc = -1; + gpgme_error_t err; + gpgme_ctx_t ctx; + gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; + const char *signer_string = NULL; + int print_status = 0; + int use_loopback = 0; + const char *userid; + unsigned int flags = 0; + unsigned long expire = 0; + gpgme_key_t thekey; + int i; + size_t n; + char *userid_buffer = NULL; + + if (argc) + { argc--; argv++; } + + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + show_usage (0); + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--status")) + { + print_status = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--signer")) + { + argc--; argv++; + if (!argc) + show_usage (1); + signer_string = *argv; + argc--; argv++; + } + else if (!strcmp (*argv, "--loopback")) + { + use_loopback = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--local")) + { + flags |= GPGME_KEYSIGN_LOCAL; + argc--; argv++; + } + else if (!strcmp (*argv, "--noexpire")) + { + flags |= GPGME_KEYSIGN_NOEXPIRE; + argc--; argv++; + } + else if (!strcmp (*argv, "--expire")) + { + argc--; argv++; + if (!argc) + show_usage (1); + expire = parse_expire_string (*argv); + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + show_usage (1); + } + + if (!argc) + show_usage (1); + userid = argv[0]; + argc--; argv++; + + init_gpgme (protocol); + + err = gpgme_new (&ctx); + fail_if_err (err); + gpgme_set_protocol (ctx, protocol); + gpgme_set_armor (ctx, 1); + if (print_status) + { + gpgme_set_status_cb (ctx, status_cb, NULL); + gpgme_set_ctx_flag (ctx, "full-status", "1"); + } + if (use_loopback) + { + gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK); + gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); + } + + if (signer_string) + { + gpgme_key_t akey; + + err = gpgme_get_key (ctx, signer_string, &akey, 1); + if (err) + { + fprintf (stderr, PGM ": error getting signer key '%s': %s\n", + signer_string, gpg_strerror (err)); + exit (1); + } + err = gpgme_signers_add (ctx, akey); + if (err) + { + fprintf (stderr, PGM ": error adding signer key: %s\n", + gpg_strerror (err)); + exit (1); + } + gpgme_key_unref (akey); + } + + + err = gpgme_get_key (ctx, userid, &thekey, 0); + if (err) + { + fprintf (stderr, PGM ": error getting key for '%s': %s\n", + userid, gpg_strerror (err)); + exit (1); + } + + if (argc > 1) + { + /* Several user ids given */ + for (i=0, n = 0; i < argc; i++) + n += strlen (argv[1]) + 1; + n++; + userid_buffer = malloc (n); + if (!userid_buffer) + { + fprintf (stderr, PGM ": malloc failed: %s\n", + gpg_strerror (gpg_error_from_syserror ())); + exit (1); + } + *userid_buffer = 0; + for (i=0; i < argc; i++) + { + strcat (userid_buffer, argv[i]); + strcat (userid_buffer, "\n"); + } + userid = userid_buffer; + flags |= GPGME_KEYSIGN_LFSEP; + } + else if (argc) + { + /* One user id given */ + userid = *argv; + } + else + { + /* No user id given. */ + userid = NULL; + } + + err = gpgme_op_keysign (ctx, thekey, userid, expire, flags); + if (err) + { + fprintf (stderr, PGM ": gpgme_op_adduid failed: %s\n", + gpg_strerror (err)); + exit (1); + } + + free (userid_buffer); + gpgme_key_unref (thekey); + gpgme_release (ctx); + return 0; +} ----------------------------------------------------------------------- Summary of changes: NEWS | 4 + src/Makefile.am | 2 +- src/context.h | 2 +- src/engine-assuan.c | 1 + src/engine-backend.h | 4 + src/engine-g13.c | 1 + src/engine-gpg.c | 108 +++++++++++++++++++-- src/engine-gpgconf.c | 1 + src/engine-gpgsm.c | 1 + src/engine-spawn.c | 1 + src/engine-uiserver.c | 1 + src/engine.c | 16 ++++ src/engine.h | 5 + src/gpgme.def | 2 + src/gpgme.h.in | 24 ++++- src/keysign.c | 218 +++++++++++++++++++++++++++++++++++++++++ src/libgpgme.vers | 2 + tests/Makefile.am | 3 +- tests/run-keysign.c | 261 ++++++++++++++++++++++++++++++++++++++++++++++++++ 19 files changed, 644 insertions(+), 13 deletions(-) create mode 100644 src/keysign.c create mode 100644 tests/run-keysign.c hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 14 20:25:52 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Sep 2016 20:25:52 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-363-g7c37719 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7c37719d79345a665ec2f4570e3f257033b58c62 (commit) from d79dcb78d867aaf55b85aea117c4ae6035a1531a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7c37719d79345a665ec2f4570e3f257033b58c62 Author: Werner Koch Date: Wed Sep 14 20:21:19 2016 +0200 core: New function gpgme_op_tofu_policy * src/gpgme.h.in (gpgme_op_tofu_policy_start): New function. (gpgme_op_tofu_policy): New function. * src/libgpgme.vers, src/gpgme.def: Add new functions. * src/tofupolicy.c: New. * src/Makefile.am (main_sources): Add that file. * src/context.h (ctx_op_data_id_t): Add OPDATA_TOFU_POLICY. * src/engine.c (_gpgme_engine_op_tofu_policy): New. * src/engine-backend.h (engine_ops): Add funcptr 'tofu_policy'. Adjust all engine initializations. * src/engine-gpg.c (gpg_tofu_policy): New. (_gpgme_engine_ops_gpg): Register this function. * tests/run-tofu.c: New. * tests/Makefile.am (noinst_PROGRAMS): Add it. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index fd9b20c..6499f5e 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,8 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] gpgme_op_revuid NEW. gpgme_op_keysign_start NEW. gpgme_op_keysign NEW. + gpgme_op_tofu_policy_start NEW. + gpgme_op_tofu_policy NEW. gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey. gpgme_signature_t EXTENDED: New field key. gpgme_key_t EXTENDED: New field fpr. diff --git a/src/Makefile.am b/src/Makefile.am index 39752b3..c57ec8f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -84,7 +84,7 @@ main_sources = \ op-support.c \ encrypt.c encrypt-sign.c decrypt.c decrypt-verify.c verify.c \ sign.c passphrase.c progress.c \ - key.c keylist.c keysign.c trust-item.c trustlist.c \ + key.c keylist.c keysign.c trust-item.c trustlist.c tofupolicy.c \ import.c export.c genkey.c delete.c edit.c getauditlog.c \ opassuan.c passwd.c spawn.c assuan-support.c \ engine.h engine-backend.h engine.c engine-gpg.c status-table.c \ diff --git a/src/context.h b/src/context.h index c099d66..4b12c3b 100644 --- a/src/context.h +++ b/src/context.h @@ -38,7 +38,7 @@ typedef enum OPDATA_DECRYPT, OPDATA_SIGN, OPDATA_ENCRYPT, OPDATA_PASSPHRASE, OPDATA_IMPORT, OPDATA_GENKEY, OPDATA_KEYLIST, OPDATA_EDIT, OPDATA_VERIFY, OPDATA_TRUSTLIST, OPDATA_ASSUAN, OPDATA_VFS_MOUNT, - OPDATA_PASSWD, OPDATA_EXPORT, OPDATA_KEYSIGN + OPDATA_PASSWD, OPDATA_EXPORT, OPDATA_KEYSIGN, OPDATA_TOFU_POLICY } ctx_op_data_id_t; diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 6f11cc0..f5e202a 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -776,6 +776,7 @@ struct engine_ops _gpgme_engine_ops_assuan = NULL, /* keylist */ NULL, /* keylist_ext */ NULL, /* keysign */ + NULL, /* tofu_policy */ NULL, /* sign */ NULL, /* trustlist */ NULL, /* verify */ diff --git a/src/engine-backend.h b/src/engine-backend.h index ed3e303..ccab0e3 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -102,6 +102,9 @@ struct engine_ops gpgme_key_t key, const char *userid, unsigned long expires, unsigned int flags, gpgme_ctx_t ctx); + gpgme_error_t (*tofu_policy) (void *engine, + gpgme_key_t key, + gpgme_tofu_policy_t policy); gpgme_error_t (*sign) (void *engine, gpgme_data_t in, gpgme_data_t out, gpgme_sig_mode_t mode, int use_armor, int use_textmode, int include_certs, diff --git a/src/engine-g13.c b/src/engine-g13.c index 0da00f7..313e2ad 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -793,6 +793,7 @@ struct engine_ops _gpgme_engine_ops_g13 = NULL, /* keylist */ NULL, /* keylist_ext */ NULL, /* keysign */ + NULL, /* tofu_policy */ NULL, /* sign */ NULL, /* trustlist */ NULL, /* verify */ diff --git a/src/engine-gpg.c b/src/engine-gpg.c index ac85c4d..9a0dab0 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2733,6 +2733,46 @@ gpg_keysign (void *engine, gpgme_key_t key, const char *userid, static gpgme_error_t +gpg_tofu_policy (void *engine, gpgme_key_t key, gpgme_tofu_policy_t policy) +{ + engine_gpg_t gpg = engine; + gpgme_error_t err; + const char *policystr = NULL; + + if (!key || !key->fpr) + return gpg_error (GPG_ERR_INV_ARG); + + switch (policy) + { + case GPGME_TOFU_POLICY_NONE: break; + case GPGME_TOFU_POLICY_AUTO: policystr = "auto"; break; + case GPGME_TOFU_POLICY_GOOD: policystr = "good"; break; + case GPGME_TOFU_POLICY_BAD: policystr = "bad"; break; + case GPGME_TOFU_POLICY_ASK: policystr = "ask"; break; + case GPGME_TOFU_POLICY_UNKNOWN: policystr = "unknown"; break; + } + if (!policystr) + return gpg_error (GPG_ERR_INV_VALUE); + + if (!have_gpg_version (gpg, "2.1.10")) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + err = add_arg (gpg, "--tofu-policy"); + if (!err) + err = add_arg (gpg, "--"); + if (!err) + err = add_arg (gpg, policystr); + if (!err) + err = add_arg (gpg, key->fpr); + + if (!err) + err = start (gpg); + + return err; +} + + +static gpgme_error_t gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out, gpgme_sig_mode_t mode, int use_armor, int use_textmode, int include_certs, gpgme_ctx_t ctx /* FIXME */) @@ -2906,6 +2946,7 @@ struct engine_ops _gpgme_engine_ops_gpg = gpg_keylist, gpg_keylist_ext, gpg_keysign, + gpg_tofu_policy, /* tofu_policy */ gpg_sign, gpg_trustlist, gpg_verify, diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c index 8be76cb..90f32c7 100644 --- a/src/engine-gpgconf.c +++ b/src/engine-gpgconf.c @@ -958,6 +958,7 @@ struct engine_ops _gpgme_engine_ops_gpgconf = NULL, /* keylist */ NULL, /* keylist_ext */ NULL, /* keysign */ + NULL, /* tofu_policy */ NULL, /* sign */ NULL, /* trustlist */ NULL, /* verify */ diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index aae9d28..5fcfbf1 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -2075,6 +2075,7 @@ struct engine_ops _gpgme_engine_ops_gpgsm = gpgsm_keylist, gpgsm_keylist_ext, NULL, /* keysign */ + NULL, /* tofu_policy */ gpgsm_sign, NULL, /* trustlist */ gpgsm_verify, diff --git a/src/engine-spawn.c b/src/engine-spawn.c index 82dbc0b..df90cb2 100644 --- a/src/engine-spawn.c +++ b/src/engine-spawn.c @@ -461,6 +461,7 @@ struct engine_ops _gpgme_engine_ops_spawn = NULL, /* keylist */ NULL, /* keylist_ext */ NULL, /* keysign */ + NULL, /* tofu_policy */ NULL, /* sign */ NULL, /* trustlist */ NULL, /* verify */ diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 827c347..318d32e 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -1365,6 +1365,7 @@ struct engine_ops _gpgme_engine_ops_uiserver = NULL, /* keylist */ NULL, /* keylist_ext */ NULL, /* keysign */ + NULL, /* tofu_policy */ uiserver_sign, NULL, /* trustlist */ uiserver_verify, diff --git a/src/engine.c b/src/engine.c index 47bb23c..a1173a0 100644 --- a/src/engine.c +++ b/src/engine.c @@ -811,6 +811,20 @@ _gpgme_engine_op_keysign (engine_t engine, gpgme_key_t key, const char *userid, gpgme_error_t +_gpgme_engine_op_tofu_policy (engine_t engine, + gpgme_key_t key, gpgme_tofu_policy_t policy) +{ + if (!engine) + return gpg_error (GPG_ERR_INV_VALUE); + + if (!engine->ops->tofu_policy) + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + + return (*engine->ops->tofu_policy) (engine->engine, key, policy); +} + + +gpgme_error_t _gpgme_engine_op_import (engine_t engine, gpgme_data_t keydata, gpgme_key_t *keyarray) { diff --git a/src/engine.h b/src/engine.h index 6f33835..4ce2bed 100644 --- a/src/engine.h +++ b/src/engine.h @@ -126,6 +126,9 @@ gpgme_error_t _gpgme_engine_op_keysign (engine_t engine, unsigned long expires, unsigned int flags, gpgme_ctx_t ctx); +gpgme_error_t _gpgme_engine_op_tofu_policy (engine_t engine, + gpgme_key_t key, + gpgme_tofu_policy_t policy); gpgme_error_t _gpgme_engine_op_import (engine_t engine, gpgme_data_t keydata, gpgme_key_t *keyarray); diff --git a/src/gpgme.def b/src/gpgme.def index f987b38..7882af6 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -239,6 +239,8 @@ EXPORTS gpgme_op_revuid @179 gpgme_op_keysign_start @180 gpgme_op_keysign @181 + gpgme_op_tofu_policy_start @182 + gpgme_op_tofu_policy @183 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 121e2ce..5ed0890 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1968,6 +1968,16 @@ gpgme_error_t gpgme_op_card_edit (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_data_t out); +/* Set the Tofu policy of KEY to POLCIY. */ +gpgme_error_t gpgme_op_tofu_policy_start (gpgme_ctx_t ctx, + gpgme_key_t key, + gpgme_tofu_policy_t policy); +gpgme_error_t gpgme_op_tofu_policy (gpgme_ctx_t ctx, + gpgme_key_t key, + gpgme_tofu_policy_t policy); + + + /* * Key listing diff --git a/src/libgpgme.vers b/src/libgpgme.vers index d86eee8..d635b6b 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -113,6 +113,8 @@ GPGME_1.1 { gpgme_op_revuid; gpgme_op_keysign_start; gpgme_op_keysign; + gpgme_op_tofu_policy_start; + gpgme_op_tofu_policy; }; diff --git a/src/tofupolicy.c b/src/tofupolicy.c new file mode 100644 index 0000000..799779e --- /dev/null +++ b/src/tofupolicy.c @@ -0,0 +1,184 @@ +/* tofupolicy.c - Tofu policy helpers. + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GPGME. + * + * GPGME is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * GPGME is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#if HAVE_CONFIG_H +#include +#endif +#include + +#include "gpgme.h" +#include "debug.h" +#include "context.h" +#include "ops.h" + + +typedef struct +{ + /* The error code from a FAILURE status line or 0. */ + gpg_error_t failure_code; + + /* The error code from an ERROR status line or 0. */ + gpg_error_t error_code; + +} *op_data_t; + + + +/* Parse an error status line. Return the error location and the + error code. The function may modify ARGS. */ +static char * +parse_error (char *args, gpg_error_t *r_err) +{ + char *where = strchr (args, ' '); + char *which; + + if (where) + { + *where = '\0'; + which = where + 1; + + where = strchr (which, ' '); + if (where) + *where = '\0'; + + where = args; + } + else + { + *r_err = trace_gpg_error (GPG_ERR_INV_ENGINE); + return NULL; + } + + *r_err = atoi (which); + + return where; +} + + +static gpgme_error_t +tofu_policy_status_handler (void *priv, gpgme_status_code_t code, char *args) +{ + gpgme_ctx_t ctx = (gpgme_ctx_t) priv; + gpgme_error_t err; + void *hook; + op_data_t opd; + char *loc; + + err = _gpgme_op_data_lookup (ctx, OPDATA_TOFU_POLICY, &hook, -1, NULL); + opd = hook; + if (err) + return err; + + switch (code) + { + case GPGME_STATUS_ERROR: + loc = parse_error (args, &err); + if (!loc) + return err; + if (!opd->error_code) + opd->error_code = err; + break; + + case GPGME_STATUS_FAILURE: + opd->failure_code = _gpgme_parse_failure (args); + break; + + case GPGME_STATUS_EOF: + if (opd->error_code) + err = opd->error_code; + else if (opd->failure_code) + err = opd->failure_code; + break; + + default: + break; + } + + return err; +} + + +/* Set the TOFU policy for KEY to POLICY. */ +static gpgme_error_t +tofu_policy_start (gpgme_ctx_t ctx, int synchronous, + gpgme_key_t key, gpgme_tofu_policy_t policy) +{ + gpgme_error_t err; + void *hook; + op_data_t opd; + + if (ctx->protocol != GPGME_PROTOCOL_OPENPGP) + return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL); + + if (!key) + return gpg_error (GPG_ERR_INV_VALUE); + + err = _gpgme_op_reset (ctx, synchronous); + if (err) + return err; + + err = _gpgme_op_data_lookup (ctx, OPDATA_TOFU_POLICY, &hook, + sizeof (*opd), NULL); + opd = hook; + if (err) + return err; + + _gpgme_engine_set_status_handler (ctx->engine, tofu_policy_status_handler, + ctx); + + return _gpgme_engine_op_tofu_policy (ctx->engine, key, policy); +} + + + +/* Set the TOFU policy of KEY to POLCIY. This is the asynchronous + * variant. */ +gpgme_error_t +gpgme_op_tofu_policy_start (gpgme_ctx_t ctx, + gpgme_key_t key, gpgme_tofu_policy_t policy) +{ + gpg_error_t err; + TRACE_BEG2 (DEBUG_CTX, "gpgme_op_tofu_policy_start", ctx, + "key=%p, policy=%u", key, (unsigned int)policy); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + err = tofu_policy_start (ctx, 0, key, policy); + return TRACE_ERR (err); +} + + +/* This is the synchronous variant of gpgme_op_tofu_policy_start. */ +gpgme_error_t +gpgme_op_tofu_policy (gpgme_ctx_t ctx, + gpgme_key_t key, gpgme_tofu_policy_t policy) +{ + gpgme_error_t err; + TRACE_BEG2 (DEBUG_CTX, "gpgme_op_tofu_policy", ctx, + "key=%p, policy=%u", key, (unsigned int)policy); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + err = tofu_policy_start (ctx, 1, key, policy); + if (!err) + err = _gpgme_wait_one (ctx); + return TRACE_ERR (err); +} diff --git a/tests/Makefile.am b/tests/Makefile.am index 1370efd..c71914f 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -33,7 +33,7 @@ noinst_HEADERS = run-support.h noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import run-sign \ run-verify run-encrypt run-identify run-decrypt run-genkey \ - run-keysign + run-keysign run-tofu if RUN_GPG_TESTS diff --git a/tests/run-tofu.c b/tests/run-tofu.c new file mode 100644 index 0000000..ff55789 --- /dev/null +++ b/tests/run-tofu.c @@ -0,0 +1,178 @@ +/* run-tofu.c - Test tool for Tofu functions + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GPGME. + * + * GPGME is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * GPGME is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* We need to include config.h so that we know whether we are building + with large file system (LFS) support. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include + +#define PGM "run-tofu" + +#include "run-support.h" + + +static int verbose; + + +static gpg_error_t +status_cb (void *opaque, const char *keyword, const char *value) +{ + (void)opaque; + fprintf (stderr, "status_cb: %s %s\n", nonnull(keyword), nonnull(value)); + return 0; +} + + + +static gpgme_tofu_policy_t +parse_policy_string (const char *string) +{ + gpgme_tofu_policy_t policy; + + if (!strcmp (string, "auto")) + policy = GPGME_TOFU_POLICY_AUTO; + else if (!strcmp (string, "good")) + policy = GPGME_TOFU_POLICY_GOOD; + else if (!strcmp (string, "bad")) + policy = GPGME_TOFU_POLICY_BAD; + else if (!strcmp (string, "ask")) + policy = GPGME_TOFU_POLICY_ASK; + else if (!strcmp (string, "unknown")) + policy = GPGME_TOFU_POLICY_UNKNOWN; + else + { + fprintf (stderr, PGM ": invalid policy value '%s'\n", string); + exit (1); + } + + return policy; +} + + + +static int +show_usage (int ex) +{ + fputs ("usage: " PGM " [options] FPR\n\n" + "Options:\n" + " --policy NAME Set tofu policy for key to NAME\n" + " --verbose run in verbose mode\n" + " --status print status lines from the backend\n" + , stderr); + exit (ex); +} + + +int +main (int argc, char **argv) +{ + int last_argc = -1; + gpgme_error_t err; + gpgme_ctx_t ctx; + gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; + int print_status = 0; + gpgme_key_t thekey; + const char *fpr; + const char *policystr = NULL; + gpgme_tofu_policy_t policy; + + if (argc) + { argc--; argv++; } + + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + show_usage (0); + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--status")) + { + print_status = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--policy")) + { + argc--; argv++; + if (!argc) + show_usage (1); + policystr = *argv; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + show_usage (1); + } + + if (argc != 1) + show_usage (1); + fpr = argv[0]; + + init_gpgme (protocol); + + err = gpgme_new (&ctx); + fail_if_err (err); + gpgme_set_protocol (ctx, protocol); + gpgme_set_armor (ctx, 1); + if (print_status) + { + gpgme_set_status_cb (ctx, status_cb, NULL); + gpgme_set_ctx_flag (ctx, "full-status", "1"); + } + + err = gpgme_get_key (ctx, fpr, &thekey, 0); + if (err) + { + fprintf (stderr, PGM ": error getting key '%s': %s\n", + fpr, gpg_strerror (err)); + exit (1); + } + + if (policystr) + { + policy = parse_policy_string (policystr); + + err = gpgme_op_tofu_policy (ctx, thekey, policy); + if (err) + { + fprintf (stderr, PGM ": gpgme_op_tofu_polciy failed: %s\n", + gpg_strerror (err)); + exit (1); + } + } + + gpgme_key_unref (thekey); + gpgme_release (ctx); + return 0; +} ----------------------------------------------------------------------- Summary of changes: NEWS | 2 + src/Makefile.am | 2 +- src/context.h | 2 +- src/engine-assuan.c | 1 + src/engine-backend.h | 3 + src/engine-g13.c | 1 + src/engine-gpg.c | 41 +++++++++ src/engine-gpgconf.c | 1 + src/engine-gpgsm.c | 1 + src/engine-spawn.c | 1 + src/engine-uiserver.c | 1 + src/engine.c | 14 ++++ src/engine.h | 3 + src/gpgme.def | 2 + src/gpgme.h.in | 10 +++ src/libgpgme.vers | 2 + src/{keysign.c => tofupolicy.c} | 110 +++++++++---------------- tests/Makefile.am | 2 +- tests/run-tofu.c | 178 ++++++++++++++++++++++++++++++++++++++++ 19 files changed, 302 insertions(+), 75 deletions(-) copy src/{keysign.c => tofupolicy.c} (50%) create mode 100644 tests/run-tofu.c hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 15 02:24:47 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 15 Sep 2016 02:24:47 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-109-g68eb5fb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 68eb5fbd37c31ed7c0c916656131eea7bb58d13d (commit) from 9799b5d18f8fd29872b75c4d70d370af2b4e9a89 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 68eb5fbd37c31ed7c0c916656131eea7bb58d13d Author: NIIBE Yutaka Date: Thu Sep 15 09:17:59 2016 +0900 tests/gpgscm: Fix use of pointer. * tests/gpgscm/scheme-private.h (struct scheme): Use (void *) for alloc_seg. * tests/gpgscm/scheme.c (alloc_cellseg): Use (void *) for cp. Use (void *) for coercion of address calculation. -- In old C language, (char *) means an address. In modern C, it's specifically an address with alignment=1. It's good to use (void *) for an address, because newer compiler emits warnings. Note: in this particular case, it is just a warning and the code is safe against invalid alignment, though. Signed-off-by: NIIBE Yutaka diff --git a/tests/gpgscm/scheme-private.h b/tests/gpgscm/scheme-private.h index 9eafe76..727e0c0 100644 --- a/tests/gpgscm/scheme-private.h +++ b/tests/gpgscm/scheme-private.h @@ -78,7 +78,7 @@ int tracing; #ifndef CELL_NSEGMENT #define CELL_NSEGMENT 10 /* # of segments for cells */ #endif -char *alloc_seg[CELL_NSEGMENT]; +void *alloc_seg[CELL_NSEGMENT]; pointer cell_seg[CELL_NSEGMENT]; int last_cell_seg; diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 1fc7643..8833950 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -602,7 +602,7 @@ static int alloc_cellseg(scheme *sc, int n) { pointer newp; pointer last; pointer p; - char *cp; + void *cp; long i; int k; int adj=ADJ; @@ -614,14 +614,14 @@ static int alloc_cellseg(scheme *sc, int n) { for (k = 0; k < n; k++) { if (sc->last_cell_seg >= CELL_NSEGMENT - 1) return k; - cp = (char*) sc->malloc(CELL_SEGSIZE * sizeof(struct cell)+adj); + cp = sc->malloc(CELL_SEGSIZE * sizeof(struct cell)+adj); if (cp == 0) return k; i = ++sc->last_cell_seg ; sc->alloc_seg[i] = cp; /* adjust in TYPE_BITS-bit boundary */ if(((unsigned long)cp)%adj!=0) { - cp=(char*)(adj*((unsigned long)cp/adj+1)); + cp=(void *)(adj*((unsigned long)cp/adj+1)); } /* insert new segment in address order */ newp=(pointer)cp; ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/scheme-private.h | 2 +- tests/gpgscm/scheme.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 15 10:11:04 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 15 Sep 2016 10:11:04 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-111-g167273e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 167273ee9d3c04f29835aa2d12fde52eebf61efb (commit) via 7fafc3c49901c118b47d4d13a41fb3575c1f9e4b (commit) from 68eb5fbd37c31ed7c0c916656131eea7bb58d13d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 167273ee9d3c04f29835aa2d12fde52eebf61efb Author: Daniel Kahn Gillmor Date: Wed Sep 14 17:21:19 2016 -0400 spelling: conenction should be connection * dirmngr/server.c, sm/server.c: s/conenction/connection/ Signed-off-by: Daniel Kahn Gillmor diff --git a/dirmngr/server.c b/dirmngr/server.c index b29628a..e5cf2c3 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -304,7 +304,7 @@ strcpy_escaped_plus (char *d, const unsigned char *s) /* This function returns true if a Tor server is running. The sattus - is cached for the current conenction. */ + is cached for the current connection. */ static int is_tor_running (ctrl_t ctrl) { diff --git a/sm/server.c b/sm/server.c index ce8085d..b4fcb43 100644 --- a/sm/server.c +++ b/sm/server.c @@ -1099,7 +1099,7 @@ static const char hlp_getinfo[] = " agent-check - Return success if the agent is running.\n" " cmd_has_option CMD OPT\n" " - Returns OK if the command CMD implements the option OPT.\n" - " offline - Returns OK if the conenction is in offline mode."; + " offline - Returns OK if the connection is in offline mode."; static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) { commit 7fafc3c49901c118b47d4d13a41fb3575c1f9e4b Author: Daniel Kahn Gillmor Date: Wed Sep 14 17:23:09 2016 -0400 spelling: correct achived to achieved Signed-off-by: Daniel Kahn Gillmor diff --git a/doc/gpg.texi b/doc/gpg.texi index 8107100..118066a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2198,7 +2198,7 @@ opposite meaning. The options are: a formerly deleted key does not automatically gain an ownertrust values merely due to import. On the other hand it is sometimes necessary to re-import a trusted set of keys again but keeping - already assigned ownertrust values. This can be achived by using + already assigned ownertrust values. This can be achieved by using this option. @item repair-pks-subkey-bug ----------------------------------------------------------------------- Summary of changes: dirmngr/server.c | 2 +- doc/gpg.texi | 2 +- sm/server.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 15 10:28:39 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 15 Sep 2016 10:28:39 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-112-g3248182 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3248182d1b5a03098ee797c980fa0f0ec06e716f (commit) from 167273ee9d3c04f29835aa2d12fde52eebf61efb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3248182d1b5a03098ee797c980fa0f0ec06e716f Author: Daniel Kahn Gillmor Date: Wed Sep 14 15:55:13 2016 -0400 tests/fake-pinentries: fake pinentries for downstream developers. * tests/fake-pinentries/README.txt and tests/fake-pinentries/fake-pinentry.{sh,py,pl,php}}: New public domain (CC0) files to encourage better test suite practices from downstream developers. * tests/fake-pinentries/COPYING (new): a copy of https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt Signed-off-by: Daniel Kahn Gillmor diff --git a/tests/fake-pinentries/COPYING b/tests/fake-pinentries/COPYING new file mode 100644 index 0000000..0e259d4 --- /dev/null +++ b/tests/fake-pinentries/COPYING @@ -0,0 +1,121 @@ +Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. diff --git a/tests/fake-pinentries/README.txt b/tests/fake-pinentries/README.txt new file mode 100644 index 0000000..1b447c4 --- /dev/null +++ b/tests/fake-pinentries/README.txt @@ -0,0 +1,37 @@ +Fake Pinentries for Test Suites +=============================== + +If you're writing a test suite, it should use one of these pinentries +by setting the following line in $GNUPGHOME/gpg-agent.conf: + + pinentry-program /path/to/fake-pinentry.ext + +Note that different fake-pinentry programs have been supplied here in +different languages, with the intent of making them available to +developers who have different languages available. + +They are all licensed Creative Commons Zero (CC0-1.0-Universal, see +the COPYING file in this directory), so they should be reusable by any +project. Feel free to copy them into your own project's test suite. + +Rationale +--------- + +If you're implementing software that uses GnuPG, you probably want a +test suite that exercises your code, and you may have some that +involve secret key material locked with a passphrase. However, you +don't want to require your developers to manually enter a passphrase +while tests are run, and you probably also don't want to deal with +alternate codepaths/workflows like using gpg's loopback pinentry. + +The solution for this is to use a fake pinentry in your test suite, +one that simply returns a pre-selected passphrase. In this case, all +the other code follows the same path as normal, but the user +interaction is bypassed because the fake-pinentry is used instead. + +Troubleshooting +--------------- + +If you have any trouble with this technique, please drop a line to the +GnuPG development mailing list or open a +report on the GnuPG bug tracker at https://bugs.gnupg.org/gnupg diff --git a/tests/fake-pinentries/fake-pinentry.php b/tests/fake-pinentries/fake-pinentry.php new file mode 100755 index 0000000..bc4088f --- /dev/null +++ b/tests/fake-pinentries/fake-pinentry.php @@ -0,0 +1,27 @@ +#!/usr/bin/php + +# +# License: Creative Commons Zero ("Public Domain Dedication") -- +# Anyone may reuse it, modify it, redistribute it for any purpose. + +print("OK This is only for test suites, and should never be used in production\n"); +while (true) { + $line = fgets(STDIN); + if (False === $line) + break; + $line = strtolower(trim($line)); + if (($line === "") || ($line[0] == '#')) + continue; + if ((0 === strncmp("getpin", $line, 6))) + print("D passphrase\n"); + print("OK\n"); + if ((0 === strncmp("bye", $line, 3))) + break; +} +?> diff --git a/tests/fake-pinentries/fake-pinentry.pl b/tests/fake-pinentries/fake-pinentry.pl new file mode 100755 index 0000000..8cb337d --- /dev/null +++ b/tests/fake-pinentries/fake-pinentry.pl @@ -0,0 +1,27 @@ +#!/usr/bin/perl -w +# Use this for your test suites when a perl interpreter is available. +# +# The encrypted keys in your test suite that you expect to work must +# be locked with a passphrase of "passphrase" +# +# Author: Daniel Kahn Gillmor +# +# License: Creative Commons Zero ("Public Domain Dedication") -- +# Anyone may reuse it, modify it, redistribute it for any purpose. + +use strict; +use warnings; + +# turn off buffering +$| = 1; + +print "OK This is only for test suites, and should never be used in production\n"; +while () { + chomp; + next if (/^$/); + next if (/^#/); + print ("D passphrase\n") if (/^getpin/i); + print "OK\n"; + exit if (/^bye/i); +} +1; diff --git a/tests/fake-pinentries/fake-pinentry.py b/tests/fake-pinentries/fake-pinentry.py new file mode 100755 index 0000000..78735c9 --- /dev/null +++ b/tests/fake-pinentries/fake-pinentry.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python +# Use this for your test suites when a python interpreter is available. +# +# The encrypted keys in your test suite that you expect to work must +# be locked with a passphrase of "passphrase" +# +# Author: Daniel Kahn Gillmor +# +# License: Creative Commons Zero ("Public Domain Dedication") -- +# Anyone may reuse it, modify it, redistribute it for any purpose. + +import sys, os + +# turn off buffering: +sys.stdin = os.fdopen(sys.stdin.fileno(), 'r', 0) +sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0) + +print("OK This is only for test suites, and should never be used in production") +while True: + ln = sys.stdin.readline() + if (ln == ''): + break + ln = ln.lower() + if (ln.strip() == '') or (ln.startswith('#')): + continue + if (ln.startswith('getpin')): + sys.stdout.write('D passphrase\n') + sys.stdout.write('OK\n') + if (ln.startswith('bye')): + break diff --git a/tests/fake-pinentries/fake-pinentry.sh b/tests/fake-pinentries/fake-pinentry.sh new file mode 100755 index 0000000..44aca21 --- /dev/null +++ b/tests/fake-pinentries/fake-pinentry.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# Use this for your test suites when a POSIX shell is available. +# +# The encrypted keys in your test suite that you expect to work must +# be locked with a passphrase of "passphrase" +# +# Author: Daniel Kahn Gillmor +# +# License: Creative Commons Zero ("Public Domain Dedication") -- +# Anyone may reuse it, modify it, redistribute it for any purpose. + +echo "OK This is only for test suites, and should never be used in production" +while read cmd rest; do + cmd=$(printf "%s" "$cmd" | tr 'A-Z' 'a-z') + if [ -z "$cmd" ]; then + continue; + fi + case "$cmd" in + \#*) + ;; + getpin) + echo "D passphrase" + echo "OK" + ;; + bye) + echo "OK" + exit 0 + ;; + *) + echo "OK" + ;; + esac +done ----------------------------------------------------------------------- Summary of changes: tests/fake-pinentries/COPYING | 121 ++++++++++++++++++++++++++++++++ tests/fake-pinentries/README.txt | 37 ++++++++++ tests/fake-pinentries/fake-pinentry.php | 27 +++++++ tests/fake-pinentries/fake-pinentry.pl | 27 +++++++ tests/fake-pinentries/fake-pinentry.py | 30 ++++++++ tests/fake-pinentries/fake-pinentry.sh | 33 +++++++++ 6 files changed, 275 insertions(+) create mode 100644 tests/fake-pinentries/COPYING create mode 100644 tests/fake-pinentries/README.txt create mode 100755 tests/fake-pinentries/fake-pinentry.php create mode 100755 tests/fake-pinentries/fake-pinentry.pl create mode 100755 tests/fake-pinentries/fake-pinentry.py create mode 100755 tests/fake-pinentries/fake-pinentry.sh hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 15 11:42:39 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 15 Sep 2016 11:42:39 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-365-ged1f270 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ed1f2700a73060e2615697491ea9e49ded4293e6 (commit) via d2b72d3cc19fe2a7d548dac38d55e069e0c9a904 (commit) from 7c37719d79345a665ec2f4570e3f257033b58c62 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ed1f2700a73060e2615697491ea9e49ded4293e6 Author: Werner Koch Date: Thu Sep 15 10:45:04 2016 +0200 core: New function gpgme_op_interact, deprecate gpgme_op_edit. * src/gpgme.h.in (gpgme_interact_cb_t): New. (GPGME_INTERACT_CARD): New. (gpgme_op_interact_start, gpgme_op_interact): New. * src/libgpgme.vers, src/gpgme.def: Add new functions. * src/edit.c (op_data_t): Rename fnc to fnc_old and change users. Add fnc. (edit_status_handler): Call old or new callback. (command_handler): Ditto. (interact_start): New. (gpgme_op_interact_start, gpgme_op_interact_start): New. * src/status-table.c (_gpgme_status_to_string): New. * tests/gpg/t-edit.c (edit_fnc): Rename to interact_fnc and change type of STATUS. Use gpgme_io_writen. (main): s/gpgme_op_edit/gpgme_op_interact/. -- This change will eventually allow us to remove all those status codes from gpgme.h. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 6499f5e..5332432 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,9 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] * New global flag "require-gnupg" to set a minimal gnupg version. + * New function gpgme_op_interact to replace the deprecated functions + gpgme_op_edit and gpgme_op_card_edit. + * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_pubkey_algo_string NEW. @@ -27,6 +30,15 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] gpgme_op_keysign NEW. gpgme_op_tofu_policy_start NEW. gpgme_op_tofu_policy NEW. + gpgme_op_interact_start NEW. + gpgme_op_interact NEW. + gpgme_interact_cb_t NEW. + gpgme_op_edit_start DEPRECATED. + gpgme_op_edit DEPRECATED. + gpgme_op_card_edit_start DEPRECATED. + gpgme_op_card_edit DEPRECATED. + gpgme_edit_cb_t DEPRECATED. + gpgme_status_code_t DEPRECATED. gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey. gpgme_signature_t EXTENDED: New field key. gpgme_key_t EXTENDED: New field fpr. @@ -56,6 +68,7 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_CREATE_FORCE NEW. GPGME_KEYSIGN_LOCAL NEW. GPGME_KEYSIGN_LFSEP NEW. + GPGME_INTERACT_CARD NEW. Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] diff --git a/doc/gpgme.texi b/doc/gpgme.texi index a4a0814..5971e48 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -15,7 +15,7 @@ @copying Copyright @copyright{} 2002, 2003, 2004, 2005, 2006, 2007, -2008, 2010, 2012, 2013, 2014 g10 Code GmbH. +2008, 2010, 2012, 2013, 2014, 2016 g10 Code GmbH. @quotation Permission is granted to copy, distribute and/or modify this document @@ -71,7 +71,7 @@ This is Edition @value{EDITION}, last updated @value{UPDATED}, of @center for version @value{VERSION} @page @vskip 0pt plus 1filll -Published by g10 Code GmbH@* H??ttenstr. 61@* 40699 Erkrath, Germany +Published by g10 Code GmbH@* H?ttenstr. 61@* 40699 Erkrath, Germany @insertcopying @end titlepage @@ -4301,7 +4301,79 @@ could not be started. @subsection Advanced Key Editing @cindex key, edit - at deftp {Data type} {gpgme_error_t (*gpgme_edit_cb_t) (@w{void *@var{handle}}, @w{gpgme_status_code_t @var{status}}, @w{const char *@var{args}}, @w{int @var{fd}})} + at deftp {Data type} {gpgme_error_t (*gpgme_interact_cb_t) @ + (@w{void *@var{handle}}, @ + @w{const char *@var{status}}, @ + @w{const char *@var{args}}, @ + @w{int @var{fd}})} + at tindex gpgme_interact_cb_t +The @code{gpgme_interact_cb_t} type is the type of functions which + at acronym{GPGME} calls if it a key interact operation is on-going. The +status keyword @var{status} and the argument line @var{args} are passed +through by @acronym{GPGME} from the crypto engine. The file +descriptor @var{fd} is -1 for normal status messages. If @var{status} +indicates a command rather than a status message, the response to the +command should be written to @var{fd}. The @var{handle} is provided +by the user at start of operation. + +The function should return @code{GPG_ERR_FALSE} if it did not handle +the status code, @code{0} for success, or any other error value. + at end deftp + + at deftypefun gpgme_error_t gpgme_op_interact (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{unsigned int @var{flags}}, @ + @w{gpgme_interact_cb_t @var{fnc}}, @ + @w{void *@var{handle}}, @ + @w{gpgme_data_t @var{out}}) +The function @code{gpgme_op_interact} processes the key @var{KEY} +interactively, using the interact callback function @var{FNC} with the +handle @var{HANDLE}. The callback is invoked for every status and +command request from the crypto engine. The output of the crypto +engine is written to the data object @var{out}. + +Note that the protocol between the callback function and the crypto +engine is specific to the crypto engine and no further support in +implementing this protocol correctly is provided by @acronym{GPGME}. + + at var{flags} modifies the behaviour of the function; the only defined +bit value is: + + at table @code + at item GPGME_INTERACT_CARD +This is used for smartcard based keys and uses gpg?s + at code{--card-edit} command. + + at end table + +The function returns @code{0} if the edit operation completes +successfully, @code{GPG_ERR_INV_VALUE} if @var{ctx} or @var{key} is +not a valid pointer, and any error returned by the crypto engine or +the edit callback handler. + at end deftypefun + + + at deftypefun gpgme_error_t gpgme_op_interact_start (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{unsigned int @var{flags}}, @ + @w{gpgme_interact_cb_t @var{fnc}}, @ + @w{void *@var{handle}}, @ + @w{gpgme_data_t @var{out}}) +The function @code{gpgme_op_interact_start} initiates a + at code{gpgme_op_interact} operation. It can be completed by calling + at code{gpgme_wait} on the context. @xref{Waiting For Completion}. + +The function returns @code{0} if the operation was started +successfully, and @code{GPG_ERR_INV_VALUE} if @var{ctx} or @var{key} +is not a valid pointer. + at end deftypefun + + + at deftp {Data type} {gpgme_error_t (*gpgme_edit_cb_t) @ + (@w{void *@var{handle}}, @ + @w{gpgme_status_code_t @var{status}}, @ + @w{const char *@var{args}}, @ + @w{int @var{fd}})} @tindex gpgme_edit_cb_t The @code{gpgme_edit_cb_t} type is the type of functions which @acronym{GPGME} calls if it a key edit operation is on-going. The @@ -4317,6 +4389,9 @@ the status code, @code{0} for success, or any other error value. @end deftp @deftypefun gpgme_error_t gpgme_op_edit (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) +Note: This function is deprecated, please use + at code{gpgme_op_interact} instead. + The function @code{gpgme_op_edit} processes the key @var{KEY} interactively, using the edit callback function @var{FNC} with the handle @var{HANDLE}. The callback is invoked for every status and @@ -4334,6 +4409,9 @@ by the crypto engine or the edit callback handler. @end deftypefun @deftypefun gpgme_error_t gpgme_op_edit_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) +Note: This function is deprecated, please use + at code{gpgme_op_interact_start} instead. + The function @code{gpgme_op_edit_start} initiates a @code{gpgme_op_edit} operation. It can be completed by calling @code{gpgme_wait} on the context. @xref{Waiting For Completion}. @@ -4345,11 +4423,17 @@ operation was started successfully, and @code{GPG_ERR_INV_VALUE} if @deftypefun gpgme_error_t gpgme_op_card_edit (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) +Note: This function is deprecated, please use @code{gpgme_op_interact} +with the flag @code{GPGME_INTERACT_CARD} instead. + The function @code{gpgme_op_card_edit} is analogous to @code{gpgme_op_edit}, but should be used to process the smart card corresponding to the key @var{key}. @end deftypefun @deftypefun gpgme_error_t gpgme_op_card_edit_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) +Note: This function is deprecated, please use @code{gpgme_op_interact_start} +with the flag @code{GPGME_INTERACT_CARD} instead. + The function @code{gpgme_op_card_edit_start} initiates a @code{gpgme_op_card_edit} operation. It can be completed by calling @code{gpgme_wait} on the context. @xref{Waiting For Completion}. diff --git a/src/edit.c b/src/edit.c index 1be60c4..887af73 100644 --- a/src/edit.c +++ b/src/edit.c @@ -27,12 +27,15 @@ #include "debug.h" #include "context.h" #include "ops.h" +#include "util.h" + typedef struct { /* The user callback function and its hook value. */ - gpgme_edit_cb_t fnc; + gpgme_interact_cb_t fnc; + gpgme_edit_cb_t fnc_old; void *fnc_value; } *op_data_t; @@ -58,7 +61,11 @@ edit_status_handler (void *priv, gpgme_status_code_t status, char *args) if (err) return err; - return (*opd->fnc) (opd->fnc_value, status, args, -1); + if (opd->fnc_old) + return (*opd->fnc_old) (opd->fnc_value, status, args, -1); + + return (*opd->fnc) (opd->fnc_value, _gpgme_status_to_string (status), + args, -1); } @@ -90,7 +97,12 @@ command_handler (void *priv, gpgme_status_code_t status, const char *args, if (err) return err; - err = (*opd->fnc) (opd->fnc_value, status, args, fd); + if (opd->fnc_old) + err = (*opd->fnc_old) (opd->fnc_value, status, args, fd); + else + err = (*opd->fnc) (opd->fnc_value, _gpgme_status_to_string (status), + args, fd); + if (gpg_err_code (err) == GPG_ERR_FALSE) err = 0; else @@ -103,6 +115,87 @@ command_handler (void *priv, gpgme_status_code_t status, const char *args, static gpgme_error_t +interact_start (gpgme_ctx_t ctx, int synchronous, gpgme_key_t key, + unsigned int flags, + gpgme_interact_cb_t fnc, void *fnc_value, gpgme_data_t out) +{ + gpgme_error_t err; + void *hook; + op_data_t opd; + + err = _gpgme_op_reset (ctx, synchronous); + if (err) + return err; + + if (!fnc || !out) + return gpg_error (GPG_ERR_INV_VALUE); + + err = _gpgme_op_data_lookup (ctx, OPDATA_EDIT, &hook, sizeof (*opd), NULL); + opd = hook; + if (err) + return err; + + opd->fnc = fnc; + opd->fnc_old = NULL; + opd->fnc_value = fnc_value; + + err = _gpgme_engine_set_command_handler (ctx->engine, command_handler, + ctx, out); + if (err) + return err; + + _gpgme_engine_set_status_handler (ctx->engine, edit_status_handler, ctx); + + return _gpgme_engine_op_edit (ctx->engine, + (flags & GPGME_INTERACT_CARD)? 1: 0, + key, out, ctx); +} + + +gpgme_error_t +gpgme_op_interact_start (gpgme_ctx_t ctx, gpgme_key_t key, unsigned int flags, + gpgme_interact_cb_t fnc, void *fnc_value, + gpgme_data_t out) +{ + gpgme_error_t err; + + TRACE_BEG5 (DEBUG_CTX, "gpgme_op_interact_start", ctx, + "key=%p flags=0x%x fnc=%p fnc_value=%p, out=%p", + key, flags,fnc, fnc_value, out); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + err = interact_start (ctx, 0, key, flags, fnc, fnc_value, out); + return err; +} + + +gpgme_error_t +gpgme_op_interact (gpgme_ctx_t ctx, gpgme_key_t key, unsigned int flags, + gpgme_interact_cb_t fnc, void *fnc_value, + gpgme_data_t out) +{ + gpgme_error_t err; + + TRACE_BEG5 (DEBUG_CTX, "gpgme_op_interact", ctx, + "key=%p flags=0x%x fnc=%p fnc_value=%p, out=%p", + key, flags,fnc, fnc_value, out); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + err = interact_start (ctx, 1, key, flags, fnc, fnc_value, out); + if (!err) + err = _gpgme_wait_one (ctx); + return err; +} + + + + +/* The deprectated interface. */ +static gpgme_error_t edit_start (gpgme_ctx_t ctx, int synchronous, int type, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, gpgme_data_t out) { @@ -122,7 +215,8 @@ edit_start (gpgme_ctx_t ctx, int synchronous, int type, gpgme_key_t key, if (err) return err; - opd->fnc = fnc; + opd->fnc = NULL; + opd->fnc_old = fnc; opd->fnc_value = fnc_value; err = _gpgme_engine_set_command_handler (ctx->engine, command_handler, diff --git a/src/gpgme.def b/src/gpgme.def index 7882af6..9815a83 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -241,6 +241,8 @@ EXPORTS gpgme_op_keysign @181 gpgme_op_tofu_policy_start @182 gpgme_op_tofu_policy @183 + gpgme_op_interact_start @184 + gpgme_op_interact @185 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 5ed0890..9c87b7b 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -444,7 +444,9 @@ typedef unsigned int gpgme_export_mode_t; #define GPGME_AUDITLOG_HTML 1 #define GPGME_AUDITLOG_WITH_HELP 128 -/* The possible stati for the edit operation. */ + +/* The possible stati for gpgme_op_edit. The use of that function and + * these status codes are deprecated in favor of gpgme_op_interact. */ typedef enum { GPGME_STATUS_EOF = 0, @@ -967,8 +969,13 @@ typedef void (*gpgme_progress_cb_t) (void *opaque, const char *what, typedef gpgme_error_t (*gpgme_status_cb_t) (void *opaque, const char *keyword, const char *args); - /* Interact with the user about an edit operation. */ +typedef gpgme_error_t (*gpgme_interact_cb_t) (void *opaque, + const char *keyword, + const char *args, int fd); + +/* The callback type used by the deprecated functions gpgme_op_card + * and gpgme_of_card_edit. */ typedef gpgme_error_t (*gpgme_edit_cb_t) (void *opaque, gpgme_status_code_t status, const char *args, int fd); @@ -1217,7 +1224,7 @@ void gpgme_set_io_cbs (gpgme_ctx_t ctx, gpgme_io_cbs_t io_cbs); void gpgme_get_io_cbs (gpgme_ctx_t ctx, gpgme_io_cbs_t io_cbs); /* Wrappers around the internal I/O functions for use with - gpgme_passphrase_cb_t and gpgme_edit_cb_t. */ + gpgme_passphrase_cb_t and gpgme_interact_cb_t. */ @API__SSIZE_T@ gpgme_io_read (int fd, void *buffer, size_t count); @API__SSIZE_T@ gpgme_io_write (int fd, const void *buffer, size_t count); int gpgme_io_writen (int fd, const void *buffer, size_t count); @@ -1949,23 +1956,36 @@ gpgme_error_t gpgme_op_keysign (gpgme_ctx_t ctx, * Key edit interface */ -/* Edit the key KEY. Send status and command requests to FNC and +/* Flags to select the mode of the interact. */ +#define GPGME_INTERACT_CARD (1 << 0) /* Use --card-edit mode. */ + + +/* Edit the KEY. Send status and command requests to FNC and output of edit commands to OUT. */ +gpgme_error_t gpgme_op_interact_start (gpgme_ctx_t ctx, + gpgme_key_t key, + unsigned int flags, + gpgme_interact_cb_t fnc, + void *fnc_value, + gpgme_data_t out); +gpgme_error_t gpgme_op_interact (gpgme_ctx_t ctx, gpgme_key_t key, + unsigned int flags, + gpgme_interact_cb_t fnc, + void *fnc_value, + gpgme_data_t out); + gpgme_error_t gpgme_op_edit_start (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, - gpgme_data_t out); + gpgme_data_t out) _GPGME_DEPRECATED; gpgme_error_t gpgme_op_edit (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, - gpgme_data_t out); - -/* Edit the card for the key KEY. Send status and command requests to - FNC and output of edit commands to OUT. */ + gpgme_data_t out) _GPGME_DEPRECATED; gpgme_error_t gpgme_op_card_edit_start (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, - gpgme_data_t out); + gpgme_data_t out) _GPGME_DEPRECATED; gpgme_error_t gpgme_op_card_edit (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, - gpgme_data_t out); + gpgme_data_t out) _GPGME_DEPRECATED; /* Set the Tofu policy of KEY to POLCIY. */ diff --git a/src/libgpgme.vers b/src/libgpgme.vers index d635b6b..aec9090 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -115,6 +115,8 @@ GPGME_1.1 { gpgme_op_keysign; gpgme_op_tofu_policy_start; gpgme_op_tofu_policy; + gpgme_op_interact_start; + gpgme_op_interact; }; diff --git a/src/status-table.c b/src/status-table.c index 1318c8e..f44a08f 100644 --- a/src/status-table.c +++ b/src/status-table.c @@ -169,3 +169,15 @@ _gpgme_parse_status (const char *name) sizeof t, status_cmp); return r ? r->code : -1; } + + +const char * +_gpgme_status_to_string (gpgme_status_code_t code) +{ + int i; + + for (i=0; i < DIM(status_table); i++) + if (status_table[i].code == code) + return status_table[i].name; + return "status_code_lost"; +} diff --git a/src/util.h b/src/util.h index a59700f..88e7750 100644 --- a/src/util.h +++ b/src/util.h @@ -185,6 +185,7 @@ gpgme_error_t _gpgme_getenv (const char *name, char **value); /* Convert a status string to a status code. */ void _gpgme_status_init (void); gpgme_status_code_t _gpgme_parse_status (const char *name); +const char *_gpgme_status_to_string (gpgme_status_code_t code); #ifdef HAVE_W32_SYSTEM diff --git a/tests/gpg/t-edit.c b/tests/gpg/t-edit.c index 8b5f7cb..7b444fa 100644 --- a/tests/gpg/t-edit.c +++ b/tests/gpg/t-edit.c @@ -55,7 +55,7 @@ flush_data (gpgme_data_t dh) gpgme_error_t -edit_fnc (void *opaque, gpgme_status_code_t status, const char *args, int fd) +interact_fnc (void *opaque, const char *status, const char *args, int fd) { const char *result = NULL; gpgme_data_t out = (gpgme_data_t) opaque; @@ -63,7 +63,7 @@ edit_fnc (void *opaque, gpgme_status_code_t status, const char *args, int fd) fputs ("[-- Response --]\n", stdout); flush_data (out); - fprintf (stdout, "[-- Code: %i, %s --]\n", status, args); + fprintf (stdout, "[-- Code: %s, %s --]\n", status, args); if (fd >= 0) { @@ -103,8 +103,8 @@ edit_fnc (void *opaque, gpgme_status_code_t status, const char *args, int fd) if (result) { - gpgme_io_write (fd, result, strlen (result)); - gpgme_io_write (fd, "\n", 1); + gpgme_io_writen (fd, result, strlen (result)); + gpgme_io_writen (fd, "\n", 1); } return 0; } @@ -141,7 +141,7 @@ main (int argc, char **argv) err = gpgme_op_keylist_end (ctx); fail_if_err (err); - err = gpgme_op_edit (ctx, key, edit_fnc, out, out); + err = gpgme_op_interact (ctx, key, 0, interact_fnc, out, out); fail_if_err (err); fputs ("[-- Last response --]\n", stdout); commit d2b72d3cc19fe2a7d548dac38d55e069e0c9a904 Author: Werner Koch Date: Thu Sep 15 09:24:29 2016 +0200 core: Minor change of the gpgme_op_edit semantics. * src/edit.c (command_handler): Handle special error code. * src/engine-gpg.c (read_status): Ditto. * src/engine-gpgsm.c (status_handler): Ditto. * src/engine-uiserver.c (status_handler): Ditto. * src/util.h (GPG_ERR_FALSE): Define for older libgpg-error versions. -- An edit callback may now simply return GPG_ERR_FALSE to indicate that it did not handled the status code. GPGME will the do the appropriate action, which is to send an empty line. Note that it is highly unlikely that GPG_ERR_FALSE has ever been used by an application as return value from an edit interactor. Signed-off-by: Werner Koch diff --git a/doc/gpgme.texi b/doc/gpgme.texi index ef39d81..a4a0814 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -4312,7 +4312,8 @@ indicates a command rather than a status message, the response to the command should be written to @var{fd}. The @var{handle} is provided by the user at start of operation. -The function should return @code{GPG_ERR_NO_ERROR} or an error value. +The function should return @code{GPG_ERR_FALSE} if it did not handle +the status code, @code{0} for success, or any other error value. @end deftp @deftypefun gpgme_error_t gpgme_op_edit (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) diff --git a/src/edit.c b/src/edit.c index 72fa458..1be60c4 100644 --- a/src/edit.c +++ b/src/edit.c @@ -77,6 +77,8 @@ command_handler (void *priv, gpgme_status_code_t status, const char *args, if (err) return err; } + else + err = 0; if (!processed) { @@ -88,16 +90,15 @@ command_handler (void *priv, gpgme_status_code_t status, const char *args, if (err) return err; - /* FIXME: We expect the user to handle _all_ status codes. - Later, we may fix the callback interface to allow the user - indicate if it processed the status code or not. */ - *processed_r = 1; - - return (*opd->fnc) (opd->fnc_value, status, args, fd); + err = (*opd->fnc) (opd->fnc_value, status, args, fd); + if (gpg_err_code (err) == GPG_ERR_FALSE) + err = 0; + else + processed = 1; } *processed_r = processed; - return 0; + return err; } diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 9a0dab0..d2741cb 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1102,6 +1102,8 @@ read_status (engine_gpg_t gpg) char emptystring[1] = {0}; err = gpg->status.fnc (gpg->status.fnc_value, GPGME_STATUS_EOF, emptystring); + if (gpg_err_code (err) == GPG_ERR_FALSE) + err = 0; /* Drop special error code. */ } return err; @@ -1169,6 +1171,8 @@ read_status (engine_gpg_t gpg) { err = gpg->status.fnc (gpg->status.fnc_value, r, rest); + if (gpg_err_code (err) == GPG_ERR_FALSE) + err = 0; /* Drop special error code. */ if (err) return err; } diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 5fcfbf1..49cf061 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -827,6 +827,8 @@ status_handler (void *opaque, int fd) char emptystring[1] = {0}; err = gpgsm->status.fnc (gpgsm->status.fnc_value, GPGME_STATUS_EOF, emptystring); + if (gpg_err_code (err) == GPG_ERR_FALSE) + err = 0; /* Drop special error code. */ } if (!err && gpgsm->colon.fnc && gpgsm->colon.any) @@ -978,7 +980,11 @@ status_handler (void *opaque, int fd) if (r >= 0) { if (gpgsm->status.fnc) - err = gpgsm->status.fnc (gpgsm->status.fnc_value, r, rest); + { + err = gpgsm->status.fnc (gpgsm->status.fnc_value, r, rest); + if (gpg_err_code (err) == GPG_ERR_FALSE) + err = 0; /* Drop special error code. */ + } } else fprintf (stderr, "[UNKNOWN STATUS]%s %s", line + 2, rest); diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 318d32e..d855c74 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -676,6 +676,8 @@ status_handler (void *opaque, int fd) char emptystring[1] = {0}; err = uiserver->status.fnc (uiserver->status.fnc_value, GPGME_STATUS_EOF, emptystring); + if (gpg_err_code (err) == GPG_ERR_FALSE) + err = 0; /* Drop special error code. */ } if (!err && uiserver->colon.fnc && uiserver->colon.any) @@ -827,7 +829,12 @@ status_handler (void *opaque, int fd) if (r >= 0) { if (uiserver->status.fnc) - err = uiserver->status.fnc (uiserver->status.fnc_value, r, rest); + { + err = uiserver->status.fnc (uiserver->status.fnc_value, + r, rest); + if (gpg_err_code (err) == GPG_ERR_FALSE) + err = 0; /* Drop special error code. */ + } } else fprintf (stderr, "[UNKNOWN STATUS]%s %s", line + 2, rest); diff --git a/src/util.h b/src/util.h index a3425f0..a59700f 100644 --- a/src/util.h +++ b/src/util.h @@ -45,6 +45,11 @@ #define DIM(v) (sizeof(v)/sizeof((v)[0])) +#if GPG_ERROR_VERSION_NUMBER < 0x011500 /* 1.21 */ +# define GPG_ERR_FALSE 256 +#endif + + /*-- {posix,w32}-util.c --*/ int _gpgme_get_conf_int (const char *key, int *value); ----------------------------------------------------------------------- Summary of changes: NEWS | 13 ++++++ doc/gpgme.texi | 93 +++++++++++++++++++++++++++++++++++++++-- src/edit.c | 113 ++++++++++++++++++++++++++++++++++++++++++++++---- src/engine-gpg.c | 4 ++ src/engine-gpgsm.c | 8 +++- src/engine-uiserver.c | 9 +++- src/gpgme.def | 2 + src/gpgme.h.in | 42 ++++++++++++++----- src/libgpgme.vers | 2 + src/status-table.c | 12 ++++++ src/util.h | 6 +++ tests/gpg/t-edit.c | 10 ++--- 12 files changed, 283 insertions(+), 31 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 15 12:23:55 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 15 Sep 2016 12:23:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-114-g3f7f744 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3f7f7447316f57d002d683af4ad30ac5730b9ebe (commit) via dcc64663051f8af82abc11e2699649c3b35936db (commit) from 3248182d1b5a03098ee797c980fa0f0ec06e716f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3f7f7447316f57d002d683af4ad30ac5730b9ebe Author: Neal H. Walfield Date: Thu Sep 15 12:21:15 2016 +0200 g10: Only consider bindings matching the signer's user id. * g10/trustdb.c (tdb_get_validity_core): If the signer's user id subpacket is present, only consider matching user ids. -- Signed-off-by: Neal H. Walfield diff --git a/g10/trustdb.c b/g10/trustdb.c index 5457ea1..029c8c3 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1025,27 +1025,50 @@ tdb_get_validity_core (ctrl_t ctrl, kbnode_t kb = NULL; kbnode_t n = NULL; strlist_t user_id_list = NULL; + int done = 0; /* If the caller didn't supply a user id then use all uids. */ if (! uid) kb = n = get_pubkeyblock (main_pk->keyid); - while (uid || (n = find_next_kbnode (n, PKT_USER_ID))) + if (DBG_TRUST && sig && sig->signers_uid) + log_debug ("TOFU: only considering user id: '%s'\n", + sig->signers_uid); + + while (!done && (uid || (n = find_next_kbnode (n, PKT_USER_ID)))) { PKT_user_id *user_id; int expired = 0; if (uid) - user_id = uid; + { + user_id = uid; + /* If the caller specified a user id, then we only + process the specified user id and are done after the + first iteration. */ + done = 1; + } else user_id = n->pkt->pkt.user_id; if (user_id->attrib_data) + /* Skip user attributes. */ + continue; + + if (sig && sig->signers_uid) + /* Make sure the UID matches. */ { - /* Skip user attributes. */ - if (uid) - break; - continue; + char *email = mailbox_from_userid (user_id->name); + if (!email || !*email || strcmp (sig->signers_uid, email) != 0) + { + if (DBG_TRUST) + log_debug ("TOFU: skipping user id '%s', which does" + " not match the signer's email ('%s')\n", + email, sig->signers_uid); + xfree (email); + continue; + } + xfree (email); } /* If the user id is revoked or expired, then skip it. */ @@ -1073,11 +1096,6 @@ tdb_get_validity_core (ctrl_t ctrl, add_to_strlist (&user_id_list, user_id->name); user_id_list->flags = expired; - - if (uid) - /* If the caller specified a user id, then we stop - now. */ - break; } /* Process the user ids in the order they appear in the key commit dcc64663051f8af82abc11e2699649c3b35936db Author: Neal H. Walfield Date: Thu Sep 15 12:19:29 2016 +0200 g10: Don't include the signature when printing a binding's validity. * g10/mainproc.c (check_sig_and_print): When printing information about a binding don't include the current signature. -- Signed-off-by: Neal H. Walfield diff --git a/g10/mainproc.c b/g10/mainproc.c index 929e18a..e663af8 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1976,7 +1976,7 @@ check_sig_and_print (CTX c, kbnode_t node) before calling that function. */ if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY)) valid = get_validity (c->ctrl, mainpk, un->pkt->pkt.user_id, - sig, 0); + NULL, 0); else valid = 0; /* Not used. */ @@ -2078,7 +2078,7 @@ check_sig_and_print (CTX c, kbnode_t node) information. */ valid = (trust_value_to_string (get_validity (c->ctrl, mainpk, - un->pkt->pkt.user_id, sig, 0))); + un->pkt->pkt.user_id, NULL, 0))); log_printf (" [%s]\n",valid); } else ----------------------------------------------------------------------- Summary of changes: g10/mainproc.c | 4 ++-- g10/trustdb.c | 40 +++++++++++++++++++++++++++++----------- 2 files changed, 31 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 15 14:46:34 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 15 Sep 2016 14:46:34 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-39-g487288b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via 487288bf5fe607949913a90d582bc9407d25a0f1 (commit) via 4e54e266a582cddbcfd3b88c65822913cbc9d0ce (commit) via a4a113aed3dda2525181796ef4bc5765db0a5391 (commit) via e4ea280498f406a24973d16917a94dea1ff18d06 (commit) via baa0515e7fb4b4ec2ee000afd69096156bc86d9f (commit) from 28116b887c2ae7a3f3e12b6dd372fdd5ba341646 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 487288bf5fe607949913a90d582bc9407d25a0f1 Author: Andre Heinecke Date: Thu Sep 15 14:45:22 2016 +0200 Add first real unit test for pgp/inline/encrypted * tests/Makefile.am: Update GNUPGHOME and data handling. * tests/data/inlinepgpencrypted.mbox: New. * tests/data/inlinepgpencrypted.plain: New. * tests/run-parser.cpp (main): Fix output of bodies. * tests/t-parser.cpp (main): Prepare generic tests. -- Let's start with a simple one :-) diff --git a/tests/Makefile.am b/tests/Makefile.am index dfb5222..8df8d27 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -20,15 +20,14 @@ GPG = gpg -TESTS_ENVIRONMENT = GNUPGHOME=$(abs_srcdir)/tests/gnupg_home - -TESTS = initial.test t-parser +TESTS = t-parser AM_LDFLAGS = @GPGME_LIBS@ -lgpgmepp AM_CFLAGS = -I$(top_srcdir)/src $(GPGME_CFLAGS) $(LIBASSUAN_CFLAGS) AM_CXXFLAGS = -I$(top_srcdir)/src $(GPGME_CFLAGS) $(GPGME_CFLAGS)/gpgme++ \ - $(LIBASSUAN_CFLAGS) -std=c++11 + $(LIBASSUAN_CFLAGS) -std=c++11 -DDATADIR=\"$(abs_srcdir)/data\" \ + -DGPGHOMEDIR=\"$(abs_srcdir)/gnupg_home\" parser_SRC= ../src/parsecontroller.cpp \ ../src/parsecontroller.h \ @@ -43,5 +42,3 @@ t_parser_SOURCES = t-parser.cpp $(parser_SRC) run_parser_SOURCES = run-parser.cpp $(parser_SRC) noinst_PROGRAMS = t-parser run-parser - -export GNUPGHOME := $(abs_srcdir)/tests/gnupg_home diff --git a/tests/data/inlinepgpencrypted.mbox b/tests/data/inlinepgpencrypted.mbox new file mode 100644 index 0000000..f8347d3 --- /dev/null +++ b/tests/data/inlinepgpencrypted.mbox @@ -0,0 +1,28 @@ +From test at kolab.org Wed, 25 May 2011 23:49:40 +0100 +From: OpenPGP Test +To: test at kolab.org +Subject: inlinepgpencrypted +Date: Wed, 25 May 2011 23:49:40 +0100 +Message-ID: <1786696.yKXrOjjflF at herrwackelpudding.localhost> +X-KMail-Transport: GMX +X-KMail-Fcc: 28 +X-KMail-Drafts: 7 +X-KMail-Templates: 9 +User-Agent: KMail/4.6 beta5 (Linux/2.6.34.7-0.7-desktop; KDE/4.6.41; x86_64; git-0269848; 2011-04-19) +MIME-Version: 1.0 +Content-Transfer-Encoding: 7Bit +Content-Type: text/plain; charset="us-ascii" + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.0.15 (GNU/Linux) + +hQEMAwzOQ1qnzNo7AQf/a3aNTLpQBfcUr+4AKsZQLj4h6z7e7a5AaCW8AG0wrbxN +kBYB7E5jdZh45DX/99gvoZslthWryUCX2kKZ3LtIllxKVjqNuK5hSt+SAuKkwiMR +Xcbf1KFKENKupgGSO9B2NJRbjoExdJ+fC3mGXnO3dT7xJJAo3oLE8Nivu+Bj1peY +E1wCf+vcTwVHFrA7SV8eMRb9Z9wBXmU8Q8e9ekJ7ZsRX3tMeBs6jvscVvfMf6DYY +N14snZBZuGNKT9a3DPny7IC1S0lHcaam34ogWwMi3FxPGJt/Lg52kARlkF5TDhcP +N6H0EB/iqDRjOOUoEVm8um5XOSR1FpEiAdD0DON3y9JPATnrYq7sgYZz3BVImYY+ +N/jV8fEiN0a34pcOq8NQedMuOsJHNBS5MtbQH/kJLq0MXBpXekGlHo4MKw0trISc +Rw3pW6/BFfhPJLni29g9tw== +=fRFW +-----END PGP MESSAGE----- diff --git a/tests/data/inlinepgpencrypted.plain b/tests/data/inlinepgpencrypted.plain new file mode 100644 index 0000000..7a9ecd0 --- /dev/null +++ b/tests/data/inlinepgpencrypted.plain @@ -0,0 +1 @@ +some random text \ No newline at end of file diff --git a/tests/run-parser.cpp b/tests/run-parser.cpp index 5ded8c4..3144d4a 100644 --- a/tests/run-parser.cpp +++ b/tests/run-parser.cpp @@ -45,6 +45,7 @@ int main(int argc, char **argv) msgtype_t msgtype = MSGTYPE_UNKNOWN; FILE *fp_in = NULL; + putenv ((char*) "GNUPGHOME=" GPGHOMEDIR); gpgme_check_version (NULL); if (argc) @@ -104,8 +105,8 @@ int main(int argc, char **argv) fp_in = fopen (argv[0], "rb"); ParseController parser(fp_in, msgtype); - std::cout << "Parse result: " << parser.parse() - << "\nDecrypt result:\n" << parser.decrypt_result() + std::cout << "Parse result: " << parser.parse(); + std::cout << "\nDecrypt result:\n" << parser.decrypt_result() << "\nVerify result:\n" << parser.verify_result() << "\nBEGIN BODY\n" << parser.get_body() << "\nEND BODY" << "\nBEGIN HTML\n" << parser.get_html_body() << "\nEND HTML"; diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index 6c1d99a..fdef25a 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -17,7 +17,118 @@ * along with this program; if not, see . */ +#include +#include "parsecontroller.h" +#include +#include "attachment.h" +#include + +struct +{ + const char *input_file; + msgtype_t type; + const char *expected_body_file; + const char *expected_html_body_file; + const char *expected_return; + int attachment_cnt; +} test_data[] = { + { DATADIR "/inlinepgpencrypted.mbox", + MSGTYPE_GPGOL_PGP_MESSAGE, + DATADIR "/inlinepgpencrypted.plain", + NULL, + NULL, + 0 }, + { NULL, MSGTYPE_UNKNOWN, NULL, NULL, 0 } +}; + + int main() { - return 0; + int i = 0; + putenv ((char*) "GNUPGHOME=" GPGHOMEDIR); + gpgme_check_version (NULL); + + while (test_data[i].input_file) + { + auto input = fopen (test_data[i].input_file, "rb"); + if (!input) + { + fprintf (stderr, "Failed to open input file: %s\n", + test_data[i].input_file); + exit(1); + } + ParseController parser (input, test_data[i].type); + + auto result = parser.parse(); + + auto decResult = parser.decrypt_result(); + auto verifyResult = parser.verify_result(); + + if (decResult.error() || verifyResult.error()) + { + std::cerr << "Decrypt or verify error:\n" + << decResult + << verifyResult; + exit(1); + } + + if (test_data[i].expected_return) + { + if (result != test_data[i].expected_return) + { + fprintf (stderr, "Failed to get expected return. Return was: %s\n", + result.c_str()); + exit(1); + } + } + if (test_data[i].expected_body_file) + { + auto expected_body = fopen (test_data[i].expected_body_file, "rb"); + if (!expected_body) + { + fprintf (stderr, "Failed to open input file: %s\n", + test_data[i].expected_body_file); + exit(1); + } + char bodybuf[16000]; + fread (bodybuf, 1, 16000, expected_body); + if (parser.get_body() != bodybuf) + { + fprintf (stderr, "Body was: \n\"%s\"\nExpected:\n\"%s\"\n", + parser.get_body().c_str(), bodybuf); + exit(1); + } + } + if (test_data[i].expected_html_body_file) + { + auto expected_html_body = fopen (test_data[i].expected_html_body_file, "rb"); + if (!expected_html_body) + { + fprintf (stderr, "Failed to open input file: %s\n", + test_data[i].expected_html_body_file); + exit(1); + } + char bodybuf[16000]; + fread (bodybuf, 1, 16000, expected_html_body); + if (parser.get_html_body() != bodybuf) + { + fprintf (stderr, "HTML was: \n\"%s\"\nExpected:\n\"%s\"\n", + parser.get_html_body().c_str(), bodybuf); + exit(1); + } + } + if (test_data[i].attachment_cnt) + { + int actual = (int)parser.get_attachments().size(); + if (actual != test_data[i].attachment_cnt) + { + fprintf (stderr, "Attachment count mismatch. Actual: %i Expected: %i\n", + actual, test_data[i].attachment_cnt); + exit(1); + } + } + fprintf (stderr, "Pass: %s\n", test_data[i].input_file); + i++; + } + exit(0); } commit 4e54e266a582cddbcfd3b88c65822913cbc9d0ce Author: Andre Heinecke Date: Thu Sep 15 14:42:30 2016 +0200 Use body to decrypt / verify inline msgs * src/parsecontroller.cpp (parse): Use body for inline msgs. diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index 3d4c405..e9c61a5 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -111,7 +111,20 @@ ParseController::parse() ctx->setArmor(true); Data output(m_outputprovider); - Data input(m_inputprovider); + + Data input; + if (m_type == MSGTYPE_GPGOL_CLEAR_SIGNED || + m_type == MSGTYPE_GPGOL_PGP_MESSAGE) + { + /* For clearsigned and PGP Message take the body. + This does not copy the data. */ + input = Data (m_inputprovider->get_body().c_str(), + m_inputprovider->get_body().size(), false); + } + else + { + input = Data (m_inputprovider); + } log_debug ("%s:%s: decrypt: %i verify: %i with protocol: %s", SRCNAME, __func__, decrypt, verify, commit a4a113aed3dda2525181796ef4bc5765db0a5391 Author: Andre Heinecke Date: Thu Sep 15 14:40:51 2016 +0200 Fix FILE read and enable write for mimedataprovider * src/mimedataprovider.cpp (isSupported): Add write. (collect_data(FILE*)): Fix fread call. (get_body, get_html_body): Fix truncated output when a mail body did not end with a newline. * src/mimedataprovider.h: Update accordingly. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index 3f525a9..d75bd51 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -515,6 +515,7 @@ MimeDataProvider::isSupported(GpgME::DataProvider::Operation op) const { return op == GpgME::DataProvider::Read || op == GpgME::DataProvider::Seek || + op == GpgME::DataProvider::Write || op == GpgME::DataProvider::Release; } @@ -738,7 +739,7 @@ MimeDataProvider::collect_data(FILE *stream) } char buf[BUFSIZE]; size_t bRead; - while ((bRead = fread (buf, BUFSIZE, 1, stream)) > 0) + while ((bRead = fread (buf, 1, BUFSIZE, stream)) > 0) { log_mime_parser ("%s:%s: Read " SIZE_T_FORMAT " bytes.", SRCNAME, __func__, bRead); @@ -769,7 +770,7 @@ ssize_t MimeDataProvider::write(const void *buffer, size_t bufSize) if (not_taken == m_rawbuf.size()) { log_error ("%s:%s: Write failed to consume anything.\n" - "Buffer too small?", + "Buffer too small? or no newlines in text?", SRCNAME, __func__); return bufSize; } @@ -820,3 +821,31 @@ MimeDataProvider::create_attachment() return attach; /* TODO handle encoding */ } + +const std::string &MimeDataProvider::get_body() +{ + if (m_rawbuf.size()) + { + /* If there was some data left in the rawbuf this could + mean that some plaintext was not finished with a linefeed. + In that case we append it to the bodies. */ + m_body += m_rawbuf; + m_html_body += m_rawbuf; + m_rawbuf.clear(); + } + return m_body; +} + +const std::string &MimeDataProvider::get_html_body() +{ + if (m_rawbuf.size()) + { + /* If there was some data left in the rawbuf this could + mean that some plaintext was not finished with a linefeed. + In that case we append it to the bodies. */ + m_body += m_rawbuf; + m_html_body += m_rawbuf; + m_rawbuf.clear(); + } + return m_html_body; +} diff --git a/src/mimedataprovider.h b/src/mimedataprovider.h index 9f52a88..2311881 100644 --- a/src/mimedataprovider.h +++ b/src/mimedataprovider.h @@ -101,8 +101,8 @@ public: mime_context_t mime_context() {return m_mime_ctx;} - const std::string get_body() const {return m_body;} - const std::string get_html_body() const {return m_html_body;} + const std::string &get_body(); + const std::string &get_html_body(); const std::vector > get_attachments() const {return m_attachments;} private: commit e4ea280498f406a24973d16917a94dea1ff18d06 Author: Andre Heinecke Date: Thu Sep 15 14:38:54 2016 +0200 Add test gnupg_home from messagelib * tests/gnupg_home: New. -- Reusing Messagelibs test keys will allow us to reuse the same test data as KMail's messagelib uses. diff --git a/tests/gnupg_home/.gpg-v21-migrated b/tests/gnupg_home/.gpg-v21-migrated new file mode 100644 index 0000000..e69de29 diff --git a/tests/gnupg_home/dirmngr-cache.d/DIR.txt b/tests/gnupg_home/dirmngr-cache.d/DIR.txt new file mode 100644 index 0000000..1a45a6b --- /dev/null +++ b/tests/gnupg_home/dirmngr-cache.d/DIR.txt @@ -0,0 +1,3 @@ +v:1: +c:4E31CEB57DDD4A7B9991AB05507B1ED4293FF952:CN=Test-ZS 7,O=Intevation GmbH,C=DE:ldap%3A//ca.intevation.org/cn=Test-ZS 7, o=Intevation GmbH, c=DE?certificateRevocationList:20100615T181523:20100707T181523:72FEF3FD88455A1D4C6796A6499D4422:::: +c:7F2A402CBB016A9146D613568C89D3596A4111AA:CN=Wurzel ZS 3,O=Intevation GmbH,C=DE:ldap%3A//ca.intevation.org/cn=Wurzel ZS 3, o=Intevation GmbH, c=DE?certificateRevocationList:20100625T102134:20100814T102134:44E60EEC02EF2FBF7A5C77E9BD565667:::: diff --git a/tests/gnupg_home/dirmngr-cache.d/crl-4E31CEB57DDD4A7B9991AB05507B1ED4293FF952.db b/tests/gnupg_home/dirmngr-cache.d/crl-4E31CEB57DDD4A7B9991AB05507B1ED4293FF952.db new file mode 100644 index 0000000..0b7e2dd Binary files /dev/null and b/tests/gnupg_home/dirmngr-cache.d/crl-4E31CEB57DDD4A7B9991AB05507B1ED4293FF952.db differ diff --git a/tests/gnupg_home/dirmngr-cache.d/crl-7F2A402CBB016A9146D613568C89D3596A4111AA.db b/tests/gnupg_home/dirmngr-cache.d/crl-7F2A402CBB016A9146D613568C89D3596A4111AA.db new file mode 100644 index 0000000..47474a2 Binary files /dev/null and b/tests/gnupg_home/dirmngr-cache.d/crl-7F2A402CBB016A9146D613568C89D3596A4111AA.db differ diff --git a/tests/gnupg_home/dirmngr.conf b/tests/gnupg_home/dirmngr.conf new file mode 100644 index 0000000..a17a035 --- /dev/null +++ b/tests/gnupg_home/dirmngr.conf @@ -0,0 +1,8 @@ + +###+++--- GPGConf ---+++### +debug-level basic +log-file socket:///home/leo/kde/src/kdepim/messagecomposer/tests/gnupg_home/log-socket +###+++--- GPGConf ---+++### Tue 29 Jun 2010 10:23:13 AM EDT +# GPGConf edited this configuration file. +# It will disable options before this marked block, but it will +# never change anything below these lines. diff --git a/tests/gnupg_home/gpg-agent.conf b/tests/gnupg_home/gpg-agent.conf new file mode 100644 index 0000000..ded0954 --- /dev/null +++ b/tests/gnupg_home/gpg-agent.conf @@ -0,0 +1,3 @@ +allow-mark-trusted +debug-level basic +faked-system-time 20130110T154812 diff --git a/tests/gnupg_home/gpg.conf b/tests/gnupg_home/gpg.conf new file mode 100644 index 0000000..ec839d4 --- /dev/null +++ b/tests/gnupg_home/gpg.conf @@ -0,0 +1,244 @@ +# Options for GnuPG +# Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Unless you specify which option file to use (with the command line +# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf +# by default. +# +# An options file can contain any long options which are available in +# GnuPG. If the first non white space character of a line is a '#', +# this line is ignored. Empty lines are also ignored. +# +# See the man page for a list of options. + +# Uncomment the following option to get rid of the copyright notice + +#no-greeting + +# If you have more than 1 secret key in your keyring, you may want to +# uncomment the following option and set your preferred keyid. + +#default-key 621CC013 + +# If you do not pass a recipient to gpg, it will ask for one. Using +# this option you can encrypt to a default key. Key validation will +# not be done in this case. The second form uses the default key as +# default recipient. + +#default-recipient some-user-id +#default-recipient-self + +# Use --encrypt-to to add the specified key as a recipient to all +# messages. This is useful, for example, when sending mail through a +# mail client that does not automatically encrypt mail to your key. +# In the example, this option allows you to read your local copy of +# encrypted mail that you've sent to others. + +#encrypt-to some-key-id + +# By default GnuPG creates version 3 signatures for data files. This +# is not strictly OpenPGP compliant but PGP 6 and most versions of PGP +# 7 require them. To disable this behavior, you may use this option +# or --openpgp. + +#no-force-v3-sigs + +# Because some mailers change lines starting with "From " to ">From " +# it is good to handle such lines in a special way when creating +# cleartext signatures; all other PGP versions do it this way too. + +#no-escape-from-lines + +# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell +# GnuPG which is the native character set. Please check the man page +# for supported character sets. This character set is only used for +# metadata and not for the actual message which does not undergo any +# translation. Note that future version of GnuPG will change to UTF-8 +# as default character set. In most cases this option is not required +# as GnuPG is able to figure out the correct charset at runtime. + +#charset utf-8 + +# Group names may be defined like this: +# group mynames = paige 0x12345678 joe patti +# +# Any time "mynames" is a recipient (-r or --recipient), it will be +# expanded to the names "paige", "joe", and "patti", and the key ID +# "0x12345678". Note there is only one level of expansion - you +# cannot make an group that points to another group. Note also that +# if there are spaces in the recipient name, this will appear as two +# recipients. In these cases it is better to use the key ID. + +#group mynames = paige 0x12345678 joe patti + +# Lock the file only once for the lifetime of a process. If you do +# not define this, the lock will be obtained and released every time +# it is needed, which is usually preferable. + +#lock-once + +# GnuPG can send and receive keys to and from a keyserver. These +# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP +# support). +# +# Example HKP keyserver: +# hkp://keys.gnupg.net +# hkp://subkeys.pgp.net +# +# Example email keyserver: +# mailto:pgp-public-keys at keys.pgp.net +# +# Example LDAP keyservers: +# ldap://keyserver.pgp.com +# +# Regular URL syntax applies, and you can set an alternate port +# through the usual method: +# hkp://keyserver.example.net:22742 +# +# Most users just set the name and type of their preferred keyserver. +# Note that most servers (with the notable exception of +# ldap://keyserver.pgp.com) synchronize changes with each other. Note +# also that a single server name may actually point to multiple +# servers via DNS round-robin. hkp://keys.gnupg.net is an example of +# such a "server", which spreads the load over a number of physical +# servers. To see the IP address of the server actually used, you may use +# the "--keyserver-options debug". + +keyserver hkp://keys.gnupg.net +#keyserver mailto:pgp-public-keys at keys.nl.pgp.net +#keyserver ldap://keyserver.pgp.com + +# Common options for keyserver functions: +# +# include-disabled : when searching, include keys marked as "disabled" +# on the keyserver (not all keyservers support this). +# +# no-include-revoked : when searching, do not include keys marked as +# "revoked" on the keyserver. +# +# verbose : show more information as the keys are fetched. +# Can be used more than once to increase the amount +# of information shown. +# +# use-temp-files : use temporary files instead of a pipe to talk to the +# keyserver. Some platforms (Win32 for one) always +# have this on. +# +# keep-temp-files : do not delete temporary files after using them +# (really only useful for debugging) +# +# http-proxy="proxy" : set the proxy to use for HTTP and HKP keyservers. +# This overrides the "http_proxy" environment variable, +# if any. +# +# auto-key-retrieve : automatically fetch keys as needed from the keyserver +# when verifying signatures or when importing keys that +# have been revoked by a revocation key that is not +# present on the keyring. +# +# no-include-attributes : do not include attribute IDs (aka "photo IDs") +# when sending keys to the keyserver. + +#keyserver-options auto-key-retrieve + +# Display photo user IDs in key listings + +# list-options show-photos + +# Display photo user IDs when a signature from a key with a photo is +# verified + +# verify-options show-photos + +# Use this program to display photo user IDs +# +# %i is expanded to a temporary file that contains the photo. +# %I is the same as %i, but the file isn't deleted afterwards by GnuPG. +# %k is expanded to the key ID of the key. +# %K is expanded to the long OpenPGP key ID of the key. +# %t is expanded to the extension of the image (e.g. "jpg"). +# %T is expanded to the MIME type of the image (e.g. "image/jpeg"). +# %f is expanded to the fingerprint of the key. +# %% is %, of course. +# +# If %i or %I are not present, then the photo is supplied to the +# viewer on standard input. If your platform supports it, standard +# input is the best way to do this as it avoids the time and effort in +# generating and then cleaning up a secure temp file. +# +# If no photo-viewer is provided, GnuPG will look for xloadimage, eog, +# or display (ImageMagick). On Mac OS X and Windows, the default is +# to use your regular JPEG image viewer. +# +# Some other viewers: +# photo-viewer "qiv %i" +# photo-viewer "ee %i" +# +# This one saves a copy of the photo ID in your home directory: +# photo-viewer "cat > ~/photoid-for-key-%k.%t" +# +# Use your MIME handler to view photos: +# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" + +# Passphrase agent +# +# We support the old experimental passphrase agent protocol as well as +# the new Assuan based one (currently available in the "newpg" package +# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, +# you have to run an agent as daemon and use the option +# +# use-agent +# +# which tries to use the agent but will fallback to the regular mode +# if there is a problem connecting to the agent. The normal way to +# locate the agent is by looking at the environment variable +# GPG_AGENT_INFO which should have been set during gpg-agent startup. +# In certain situations the use of this variable is not possible, thus +# the option +# +# --gpg-agent-info=::1 +# +# may be used to override it. + +# Automatic key location +# +# GnuPG can automatically locate and retrieve keys as needed using the +# auto-key-locate option. This happens when encrypting to an email +# address (in the "user at example.com" form), and there are no +# user at example.com keys on the local keyring. This option takes the +# following arguments, in the order they are to be tried: +# +# cert = locate a key using DNS CERT, as specified in RFC-4398. +# GnuPG can handle both the PGP (key) and IPGP (URL + fingerprint) +# CERT methods. +# +# pka = locate a key using DNS PKA. +# +# ldap = locate a key using the PGP Universal method of checking +# "ldap://keys.(thedomain)". For example, encrypting to +# user at example.com will check ldap://keys.example.com. +# +# keyserver = locate a key using whatever keyserver is defined using +# the keyserver option. +# +# You may also list arbitrary keyservers here by URL. +# +# Try CERT, then PKA, then LDAP, then hkp://subkeys.net: +#auto-key-locate cert pka ldap hkp://subkeys.pgp.net + +###+++--- GPGConf ---+++### +utf8-strings +#debug-level basic +#log-file socket:///home/leo/kde/src/kdepim/messagecomposer/tests/gnupg_home/log-socket +###+++--- GPGConf ---+++### Tue 29 Jun 2010 10:23:13 AM EDT +# GPGConf edited this configuration file. +# It will disable options before this marked block, but it will +# never change anything below these lines. diff --git a/tests/gnupg_home/gpgsm.conf b/tests/gnupg_home/gpgsm.conf new file mode 100644 index 0000000..3783f53 --- /dev/null +++ b/tests/gnupg_home/gpgsm.conf @@ -0,0 +1,3 @@ +disable-crl-checks +debug-level basic +faked-system-time 20130110T154812 diff --git a/tests/gnupg_home/pinentry-fake.sh b/tests/gnupg_home/pinentry-fake.sh new file mode 100755 index 0000000..7135a94 --- /dev/null +++ b/tests/gnupg_home/pinentry-fake.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +echo "OK Your orders please" +while : +do + read cmd + echo "OK" + [ "$cmd" = "BYE" ] && break +done diff --git a/tests/gnupg_home/private-keys-v1.d/01A7EA42DB00E28D85BB27378D7A47829B63FDB6.key b/tests/gnupg_home/private-keys-v1.d/01A7EA42DB00E28D85BB27378D7A47829B63FDB6.key new file mode 100644 index 0000000..87619f0 Binary files /dev/null and b/tests/gnupg_home/private-keys-v1.d/01A7EA42DB00E28D85BB27378D7A47829B63FDB6.key differ diff --git a/tests/gnupg_home/private-keys-v1.d/1AA8BA52430E51AE249AF0DA97D59F869E4101A8.key b/tests/gnupg_home/private-keys-v1.d/1AA8BA52430E51AE249AF0DA97D59F869E4101A8.key new file mode 100644 index 0000000..39ac307 Binary files /dev/null and b/tests/gnupg_home/private-keys-v1.d/1AA8BA52430E51AE249AF0DA97D59F869E4101A8.key differ diff --git a/tests/gnupg_home/private-keys-v1.d/3BD9080DE9C88A88A67965B8E49F677004D6F6B7.key b/tests/gnupg_home/private-keys-v1.d/3BD9080DE9C88A88A67965B8E49F677004D6F6B7.key new file mode 100644 index 0000000..d197aad Binary files /dev/null and b/tests/gnupg_home/private-keys-v1.d/3BD9080DE9C88A88A67965B8E49F677004D6F6B7.key differ diff --git a/tests/gnupg_home/private-keys-v1.d/53F70182AE3A9CFDDA3DA5B3A1742B875F43524B.key b/tests/gnupg_home/private-keys-v1.d/53F70182AE3A9CFDDA3DA5B3A1742B875F43524B.key new file mode 100644 index 0000000..af872d9 Binary files /dev/null and b/tests/gnupg_home/private-keys-v1.d/53F70182AE3A9CFDDA3DA5B3A1742B875F43524B.key differ diff --git a/tests/gnupg_home/private-keys-v1.d/61A7BB3E7F89151CFB8B18AC27668585CE77A7A7.key b/tests/gnupg_home/private-keys-v1.d/61A7BB3E7F89151CFB8B18AC27668585CE77A7A7.key new file mode 100644 index 0000000..55b5e89 Binary files /dev/null and b/tests/gnupg_home/private-keys-v1.d/61A7BB3E7F89151CFB8B18AC27668585CE77A7A7.key differ diff --git a/tests/gnupg_home/private-keys-v1.d/B8E914E1B03F0238FF0A999E69DE8C8D1FDFFFCD.key b/tests/gnupg_home/private-keys-v1.d/B8E914E1B03F0238FF0A999E69DE8C8D1FDFFFCD.key new file mode 100644 index 0000000..a828627 Binary files /dev/null and b/tests/gnupg_home/private-keys-v1.d/B8E914E1B03F0238FF0A999E69DE8C8D1FDFFFCD.key differ diff --git a/tests/gnupg_home/private-keys-v1.d/EC06D8C339EF73304D5B2CCF5363B437E0C915F2.key b/tests/gnupg_home/private-keys-v1.d/EC06D8C339EF73304D5B2CCF5363B437E0C915F2.key new file mode 100644 index 0000000..bb0a4f6 Binary files /dev/null and b/tests/gnupg_home/private-keys-v1.d/EC06D8C339EF73304D5B2CCF5363B437E0C915F2.key differ diff --git a/tests/gnupg_home/pubring.gpg b/tests/gnupg_home/pubring.gpg new file mode 100644 index 0000000..2e00fa2 Binary files /dev/null and b/tests/gnupg_home/pubring.gpg differ diff --git a/tests/gnupg_home/pubring.kbx b/tests/gnupg_home/pubring.kbx new file mode 100644 index 0000000..0230f31 Binary files /dev/null and b/tests/gnupg_home/pubring.kbx differ diff --git a/tests/gnupg_home/scdaemon.conf b/tests/gnupg_home/scdaemon.conf new file mode 100644 index 0000000..a17a035 --- /dev/null +++ b/tests/gnupg_home/scdaemon.conf @@ -0,0 +1,8 @@ + +###+++--- GPGConf ---+++### +debug-level basic +log-file socket:///home/leo/kde/src/kdepim/messagecomposer/tests/gnupg_home/log-socket +###+++--- GPGConf ---+++### Tue 29 Jun 2010 10:23:13 AM EDT +# GPGConf edited this configuration file. +# It will disable options before this marked block, but it will +# never change anything below these lines. diff --git a/tests/gnupg_home/secring.gpg b/tests/gnupg_home/secring.gpg new file mode 100644 index 0000000..cfd3387 Binary files /dev/null and b/tests/gnupg_home/secring.gpg differ diff --git a/tests/gnupg_home/trustdb.gpg b/tests/gnupg_home/trustdb.gpg new file mode 100644 index 0000000..70089c1 Binary files /dev/null and b/tests/gnupg_home/trustdb.gpg differ diff --git a/tests/gnupg_home/trustlist.txt b/tests/gnupg_home/trustlist.txt new file mode 100644 index 0000000..76d47bd --- /dev/null +++ b/tests/gnupg_home/trustlist.txt @@ -0,0 +1,9 @@ +5E:7C:B2:F4:9F:70:05:43:42:32:5D:75:74:70:00:09:B9:D8:08:61 S + + + +# CN=unittest cert +# O=KDAB +# C=US +# EMail=test at example.com +24:D2:FC:A2:2E:B3:B8:0A:1E:37:71:D1:4C:C6:58:E3:21:2B:49:DC S commit baa0515e7fb4b4ec2ee000afd69096156bc86d9f Author: Andre Heinecke Date: Thu Sep 15 11:46:52 2016 +0200 tests: Add messagetypes as command line args * tests/run-parser.cpp (main): Add cmd line args for msgtype. diff --git a/tests/run-parser.cpp b/tests/run-parser.cpp index c7a5b3a..5ded8c4 100644 --- a/tests/run-parser.cpp +++ b/tests/run-parser.cpp @@ -28,8 +28,13 @@ show_usage (int ex) { fputs ("usage: run-parser [options] FILE\n\n" "Options:\n" - " --verbose run in verbose mode\n" - " --type GPGOL_MESSAGETYPE\n" + " --verbose run in verbose mode\n" + " --multipart-signed multipart/signed\n" + " --multipart-encrypted multipart/encrypted\n" + " --opaque-signed SMIME opaque signed\n" + " --opaque-encrypted SMIME opaque encrypted\n" + " --clear-signed clearsigned\n" + " --pgp-message inline pgp message\n" , stderr); exit (ex); } @@ -37,7 +42,7 @@ show_usage (int ex) int main(int argc, char **argv) { int last_argc = -1; - int msgtype = 0; + msgtype_t msgtype = MSGTYPE_UNKNOWN; FILE *fp_in = NULL; gpgme_check_version (NULL); @@ -58,13 +63,38 @@ int main(int argc, char **argv) else if (!strcmp (*argv, "--verbose")) { opt.enable_debug |= DBG_MIME_PARSER; + opt.enable_debug |= 1; set_log_file ("stderr"); argc--; argv++; } - else if (!strcmp (*argv, "--type")) + else if (!strcmp (*argv, "--multipart-signed")) { - msgtype = atoi (*(argv + 1)); + msgtype = MSGTYPE_GPGOL_MULTIPART_SIGNED; argc--; argv++; + } + else if (!strcmp (*argv, "--multipart-encrypted")) + { + msgtype = MSGTYPE_GPGOL_MULTIPART_ENCRYPTED; + argc--; argv++; + } + else if (!strcmp (*argv, "--opaque-signed")) + { + msgtype = MSGTYPE_GPGOL_OPAQUE_SIGNED; + argc--; argv++; + } + else if (!strcmp (*argv, "--opaque-encrypted")) + { + msgtype = MSGTYPE_GPGOL_OPAQUE_ENCRYPTED; + argc--; argv++; + } + else if (!strcmp (*argv, "--clear-signed")) + { + msgtype = MSGTYPE_GPGOL_CLEAR_SIGNED; + argc--; argv++; + } + else if (!strcmp (*argv, "--pgp-message")) + { + msgtype = MSGTYPE_GPGOL_PGP_MESSAGE; argc--; argv++; } } @@ -73,12 +103,12 @@ int main(int argc, char **argv) fp_in = fopen (argv[0], "rb"); - ParseController parser(fp_in, (msgtype_t)msgtype); - parser.parse(); - std::cout << "Decrypt result:\n" << parser.decrypt_result(); - std::cout << "Verify result:\n" << parser.verify_result(); - std::cout << "BEGIN BODY\n" << parser.get_body() << "\nEND BODY"; - std::cout << "BEGIN HTML\n" << parser.get_html_body() << "\nEND HTML"; + ParseController parser(fp_in, msgtype); + std::cout << "Parse result: " << parser.parse() + << "\nDecrypt result:\n" << parser.decrypt_result() + << "\nVerify result:\n" << parser.verify_result() + << "\nBEGIN BODY\n" << parser.get_body() << "\nEND BODY" + << "\nBEGIN HTML\n" << parser.get_html_body() << "\nEND HTML"; for (auto attach: parser.get_attachments()) { std::cout << "Attachment: " << attach->get_display_name(); ----------------------------------------------------------------------- Summary of changes: src/mimedataprovider.cpp | 33 ++- src/mimedataprovider.h | 4 +- src/parsecontroller.cpp | 15 +- tests/Makefile.am | 9 +- tests/data/inlinepgpencrypted.mbox | 28 +++ tests/data/inlinepgpencrypted.plain | 1 + tests/gnupg_home/.gpg-v21-migrated | 0 tests/gnupg_home/dirmngr-cache.d/DIR.txt | 3 + ...crl-4E31CEB57DDD4A7B9991AB05507B1ED4293FF952.db | Bin 0 -> 2130 bytes ...crl-7F2A402CBB016A9146D613568C89D3596A4111AA.db | Bin 0 -> 2048 bytes tests/gnupg_home/dirmngr.conf | 8 + tests/gnupg_home/gpg-agent.conf | 3 + tests/gnupg_home/gpg.conf | 244 +++++++++++++++++++++ tests/gnupg_home/gpgsm.conf | 3 + tests/gnupg_home/pinentry-fake.sh | 9 + .../01A7EA42DB00E28D85BB27378D7A47829B63FDB6.key | Bin 0 -> 797 bytes .../1AA8BA52430E51AE249AF0DA97D59F869E4101A8.key | Bin 0 -> 528 bytes .../3BD9080DE9C88A88A67965B8E49F677004D6F6B7.key | Bin 0 -> 797 bytes .../53F70182AE3A9CFDDA3DA5B3A1742B875F43524B.key | Bin 0 -> 1377 bytes .../61A7BB3E7F89151CFB8B18AC27668585CE77A7A7.key | Bin 0 -> 797 bytes .../B8E914E1B03F0238FF0A999E69DE8C8D1FDFFFCD.key | Bin 0 -> 798 bytes .../EC06D8C339EF73304D5B2CCF5363B437E0C915F2.key | Bin 0 -> 978 bytes tests/gnupg_home/pubring.gpg | Bin 0 -> 6757 bytes tests/gnupg_home/pubring.kbx | Bin 0 -> 2017 bytes tests/gnupg_home/scdaemon.conf | 8 + tests/gnupg_home/secring.gpg | Bin 0 -> 5163 bytes tests/gnupg_home/trustdb.gpg | Bin 0 -> 1440 bytes tests/gnupg_home/trustlist.txt | 9 + tests/run-parser.cpp | 53 ++++- tests/t-parser.cpp | 113 +++++++++- 30 files changed, 520 insertions(+), 23 deletions(-) create mode 100644 tests/data/inlinepgpencrypted.mbox create mode 100644 tests/data/inlinepgpencrypted.plain create mode 100644 tests/gnupg_home/.gpg-v21-migrated create mode 100644 tests/gnupg_home/dirmngr-cache.d/DIR.txt create mode 100644 tests/gnupg_home/dirmngr-cache.d/crl-4E31CEB57DDD4A7B9991AB05507B1ED4293FF952.db create mode 100644 tests/gnupg_home/dirmngr-cache.d/crl-7F2A402CBB016A9146D613568C89D3596A4111AA.db create mode 100644 tests/gnupg_home/dirmngr.conf create mode 100644 tests/gnupg_home/gpg-agent.conf create mode 100644 tests/gnupg_home/gpg.conf create mode 100644 tests/gnupg_home/gpgsm.conf create mode 100755 tests/gnupg_home/pinentry-fake.sh create mode 100644 tests/gnupg_home/private-keys-v1.d/01A7EA42DB00E28D85BB27378D7A47829B63FDB6.key create mode 100644 tests/gnupg_home/private-keys-v1.d/1AA8BA52430E51AE249AF0DA97D59F869E4101A8.key create mode 100644 tests/gnupg_home/private-keys-v1.d/3BD9080DE9C88A88A67965B8E49F677004D6F6B7.key create mode 100644 tests/gnupg_home/private-keys-v1.d/53F70182AE3A9CFDDA3DA5B3A1742B875F43524B.key create mode 100644 tests/gnupg_home/private-keys-v1.d/61A7BB3E7F89151CFB8B18AC27668585CE77A7A7.key create mode 100644 tests/gnupg_home/private-keys-v1.d/B8E914E1B03F0238FF0A999E69DE8C8D1FDFFFCD.key create mode 100644 tests/gnupg_home/private-keys-v1.d/EC06D8C339EF73304D5B2CCF5363B437E0C915F2.key create mode 100644 tests/gnupg_home/pubring.gpg create mode 100644 tests/gnupg_home/pubring.kbx create mode 100644 tests/gnupg_home/scdaemon.conf create mode 100644 tests/gnupg_home/secring.gpg create mode 100644 tests/gnupg_home/trustdb.gpg create mode 100644 tests/gnupg_home/trustlist.txt hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 15 14:55:14 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 15 Sep 2016 14:55:14 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-115-gc0e620c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c0e620cee86b5dacc941964bd187bba0dfa90eea (commit) from 3f7f7447316f57d002d683af4ad30ac5730b9ebe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c0e620cee86b5dacc941964bd187bba0dfa90eea Author: Justus Winter Date: Thu Sep 15 14:46:06 2016 +0200 g10: Add missing header. * g10/trustdb.c: Include 'mbox-util.h'. Signed-off-by: Justus Winter diff --git a/g10/trustdb.c b/g10/trustdb.c index 029c8c3..f5b4008 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -36,6 +36,7 @@ #include "options.h" #include "packet.h" #include "main.h" +#include "mbox-util.h" #include "i18n.h" #include "tdbio.h" #include "trustdb.h" ----------------------------------------------------------------------- Summary of changes: g10/trustdb.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 15 16:56:33 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 15 Sep 2016 16:56:33 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-43-g03353e6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via 03353e62d35b54051198f1ef2f076c2fdbdf3136 (commit) via 0059fed320744657ab758b6b87b53c2121f6ec6c (commit) via 66ff2a0a37f61da5561a12926ea4846025c00686 (commit) via 1c75086691a62c79c95a142acf61cd84724876c7 (commit) from 487288bf5fe607949913a90d582bc9407d25a0f1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 03353e62d35b54051198f1ef2f076c2fdbdf3136 Author: Andre Heinecke Date: Thu Sep 15 16:55:46 2016 +0200 Fix shared ptr leak in freed ctx * src/mimedataprovider.cpp (~MimeDataProvider): Set attachment to NULL to unref the shared pointer. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index efdab94..bf84b7a 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -529,6 +529,7 @@ MimeDataProvider::~MimeDataProvider() m_mime_ctx->mimestruct = tmp; } rfc822parse_close (m_mime_ctx->msg); + m_mime_ctx->current_attachment = NULL; xfree (m_mime_ctx); if (m_signature) { commit 0059fed320744657ab758b6b87b53c2121f6ec6c Author: Andre Heinecke Date: Thu Sep 15 16:51:30 2016 +0200 Fix memory leaks in mimedataprovider * src/mimedataprovider.cpp (~MimeDataProvider): Fix memory leaks. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index 46e4687..efdab94 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -520,7 +520,16 @@ MimeDataProvider::MimeDataProvider(FILE *stream): MimeDataProvider::~MimeDataProvider() { log_debug ("%s:%s", SRCNAME, __func__); - free (m_mime_ctx); + while (m_mime_ctx->mimestruct) + { + mimestruct_item_t tmp = m_mime_ctx->mimestruct->next; + xfree (m_mime_ctx->mimestruct->filename); + xfree (m_mime_ctx->mimestruct->charset); + xfree (m_mime_ctx->mimestruct); + m_mime_ctx->mimestruct = tmp; + } + rfc822parse_close (m_mime_ctx->msg); + xfree (m_mime_ctx); if (m_signature) { delete m_signature; commit 66ff2a0a37f61da5561a12926ea4846025c00686 Author: Andre Heinecke Date: Thu Sep 15 15:37:24 2016 +0200 Add simple test for multipart/encrypted * tests/data/openpgp-encrypted.mbox: New. * tests/data/openpgp-encrypted.plain: New. * tests/t-parser.cpp: Add test. diff --git a/tests/data/openpgp-encrypted.mbox b/tests/data/openpgp-encrypted.mbox new file mode 100644 index 0000000..5102fa7 --- /dev/null +++ b/tests/data/openpgp-encrypted.mbox @@ -0,0 +1,36 @@ +From test at kolab.org Wed, 08 Sep 2010 17:02:52 +0200 +From: OpenPGP Test +To: test at kolab.org +Subject: OpenPGP encrypted +Date: Wed, 08 Sep 2010 17:02:52 +0200 +User-Agent: KMail/4.6 pre (Linux/2.6.34-rc2-2-default; KDE/4.5.60; x86_64; ; ) +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="nextPart1357031.ppLHckZtsp"; protocol="application/pgp-encrypted" +Content-Transfer-Encoding: 7Bit + + +--nextPart1357031.ppLHckZtsp +Content-Type: application/pgp-encrypted +Content-Disposition: attachment + +Version: 1 +--nextPart1357031.ppLHckZtsp +Content-Type: application/octet-stream +Content-Disposition: inline; filename="msg.asc" + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.0.15 (GNU/Linux) + +hQEMAwzOQ1qnzNo7AQgAtWfDWWI2JUGuptpackiIxpWViEEpGAeruETubiIPwxNb +DNmXrMDhbm/zIbPntIGWJDgUMfABZCUgmlJLWhsceDTt+tXnWGha2VYrN2/WsF6/ +Pqs/TavTvMIJQHDaIH5yDDCaMoq/mGSbcu7go2H8Sw7aBEYlM8jGlqc1HziXnZ1q +3vDiA+4qWfvbNoSRo1kb9Pcq997yg6WqZXH2hJ7cp+hIQ4uTP1/+qgYHMvfPlzQk +XcDguGbIer88ELhuR5622unGBAB4dqp+5w6n9c6rrCH81qhV4W0nqSEvj1tBj78S +ZTi6VBAo5eS0e3iOJqMpwUZz6hQUpJw2wnNRGvLgI9KZAag0HkgPdMeANowg7vpE +L4nU7B0ybhswA2Y7QT/wwCDZu9N1JGeBmy0dgy4sA38Ki27rn2/lIaP0j14JycwM +RTJ1uwI+ZuQiwXlyYtdFZJWe8nraWARch0oKqhaR7aSsxGWo63eiGEQhkQCBFBb3 +Vg0nNCZRBauEqIESEW5EV2zrJqdfNYcz+f9IP125dnQEKgLZ6FxTt3+v +=mhNl +-----END PGP MESSAGE----- + +--nextPart1357031.ppLHckZtsp-- diff --git a/tests/data/openpgp-encrypted.plain b/tests/data/openpgp-encrypted.plain new file mode 100644 index 0000000..7faf7d0 --- /dev/null +++ b/tests/data/openpgp-encrypted.plain @@ -0,0 +1 @@ +encrypted message text \ No newline at end of file diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index fdef25a..bd41395 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -38,6 +38,12 @@ struct NULL, NULL, 0 }, + { DATADIR "/openpgp-encrypted.mbox", + MSGTYPE_GPGOL_MULTIPART_ENCRYPTED, + DATADIR "/openpgp-encrypted.plain", + NULL, + NULL, + 0 }, { NULL, MSGTYPE_UNKNOWN, NULL, NULL, 0 } }; commit 1c75086691a62c79c95a142acf61cd84724876c7 Author: Andre Heinecke Date: Thu Sep 15 15:35:35 2016 +0200 Handle multipart/encrypted pgp mails * src/mimedataprovider.cpp (mime_context): Add field for is_encrypted. * src/parsecontroller.cpp (parse): Reset input stream. -- Now that we mix the handler for ciphertext and plaintext we need to check if we are on encrypted data when collecting. Also we don't save the body in an attachment anymore. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index d75bd51..46e4687 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -72,8 +72,9 @@ struct mime_context attachment */ int collect_body; /* True if we are collcting the body */ int collect_html_body; /* True if we are collcting the html body */ - int collect_signeddata; /* True if we are collecting the signed data. */ + int collect_crypto_data; /* True if we are collecting the signed data. */ int collect_signature; /* True if we are collecting a signature. */ + int is_encrypted; /* True if we are working on an encrypted mail. */ int start_hashing; /* Flag used to start collecting signed data. */ int hashing_level; /* MIME level where we started hashing. */ int is_qp_encoded; /* Current part is QP encoded. */ @@ -274,6 +275,14 @@ t2body (MimeDataProvider *provider, rfc822parse_t msg) /* Need to start the hashing after the next boundary. */ ctx->start_hashing = 1; } + else if (!strcmp (ctsub, "encrypted") && + (s = rfc822parse_query_parameter (field, "protocol", 0))) + { + if (!strcmp (s, "application/pgp-encrypted")) + ctx->protocol = PROTOCOL_OPENPGP; + /* We expect an encrypted mime part. */ + ctx->is_encrypted = 1; + } } else if (!strcmp (ctmain, "text")) { @@ -295,6 +304,14 @@ t2body (MimeDataProvider *provider, rfc822parse_t msg) ctx->collect_signature = 1; log_mime_parser ("Collecting signature now"); } + else if (ctx->nesting_level == 1 && ctx->is_encrypted + && !strcmp (ctmain, "application") + && (ctx->protocol == PROTOCOL_OPENPGP + && !strcmp (ctsub, "octet-stream"))) + { + log_mime_parser ("Collecting encrypted data from now on"); + ctx->collect_crypto_data = 1; + } else /* Other type. */ { /* Check whether this attachment is an opaque signed S/MIME @@ -413,7 +430,7 @@ message_cb (void *opaque, rfc822parse_event_t event, { ctx->start_hashing = 2; ctx->hashing_level = ctx->nesting_level; - ctx->collect_signeddata = 1; + ctx->collect_crypto_data = 1; } } @@ -449,7 +466,7 @@ message_cb (void *opaque, rfc822parse_event_t event, if (ctx->start_hashing == 2 && ctx->hashing_level == ctx->nesting_level) { ctx->start_hashing = 3; /* Avoid triggering it again. */ - ctx->collect_signeddata = 0; + ctx->collect_crypto_data = 0; } break; @@ -582,21 +599,22 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) /* If we are currently in a collecting state actually collect that line */ - if (m_mime_ctx->collect_signeddata) + if (m_mime_ctx->collect_crypto_data && m_mime_ctx->start_hashing) { /* Save the signed data. Note that we need to delay the CR/LF because the last line ending belongs to the next boundary. */ - if (m_mime_ctx->collect_signeddata == 2) + if (m_mime_ctx->collect_crypto_data == 2) { m_crypto_data.write ("\r\n", 2); } - log_debug ("Writing signeddata: %s pos: " SIZE_T_FORMAT, - linebuf, pos); + log_mime_parser ("Writing raw crypto data: %.*s", + (int)pos, linebuf); m_crypto_data.write (linebuf, pos); - m_mime_ctx->collect_signeddata = 2; + m_mime_ctx->collect_crypto_data = 2; } - if (m_mime_ctx->in_data && m_mime_ctx->collect_attachment) + if (m_mime_ctx->in_data && m_mime_ctx->collect_attachment + && !m_mime_ctx->collect_crypto_data) { /* We are inside of an attachment part. Write it out. */ if (m_mime_ctx->collect_attachment == 1) /* Skip the first line. */ @@ -612,19 +630,27 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) if (m_mime_ctx->collect_body) { - m_body += std::string(linebuf, len); - if (!m_mime_ctx->is_base64_encoded && !slbrk) + if (m_mime_ctx->collect_body == 2) { - m_body += "\r\n"; + m_body += std::string(linebuf, len); + if (!m_mime_ctx->is_base64_encoded && !slbrk) + { + m_body += "\r\n"; + } } + m_mime_ctx->collect_body = 2; } else if (m_mime_ctx->collect_html_body) { - m_html_body += std::string(linebuf, len); - if (!m_mime_ctx->is_base64_encoded && !slbrk) + if (m_mime_ctx->collect_html_body == 2) { - m_body += "\r\n"; + m_html_body += std::string(linebuf, len); + if (!m_mime_ctx->is_base64_encoded && !slbrk) + { + m_body += "\r\n"; + } } + m_mime_ctx->collect_html_body = 2; } else if (m_mime_ctx->current_attachment && len) { @@ -677,6 +703,8 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) len = b64_decode (&m_mime_ctx->base64, linebuf, pos); else len = pos; + log_debug ("Writing crypto data: %.*s", + (int)pos, linebuf); if (len) m_crypto_data.write(linebuf, len); if (!m_mime_ctx->is_base64_encoded && !slbrk) diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index e9c61a5..1ee6ad1 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -132,6 +132,7 @@ ParseController::parse() protocol == CMS ? "CMS" : "Unknown"); if (decrypt) { + input.seek (0, SEEK_SET); auto combined_result = ctx->decryptAndVerify(input, output); m_decrypt_result = combined_result.first; m_verify_result = combined_result.second; ----------------------------------------------------------------------- Summary of changes: src/mimedataprovider.cpp | 70 +++++++++++++++++++++++++++++--------- src/parsecontroller.cpp | 1 + tests/data/openpgp-encrypted.mbox | 36 ++++++++++++++++++++ tests/data/openpgp-encrypted.plain | 1 + tests/t-parser.cpp | 6 ++++ 5 files changed, 98 insertions(+), 16 deletions(-) create mode 100644 tests/data/openpgp-encrypted.mbox create mode 100644 tests/data/openpgp-encrypted.plain hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 08:44:36 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 16 Sep 2016 08:44:36 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-116-gdd06d33 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via dd06d33655bc872a6310edac8e448419479d3312 (commit) from c0e620cee86b5dacc941964bd187bba0dfa90eea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd06d33655bc872a6310edac8e448419479d3312 Author: NIIBE Yutaka Date: Fri Sep 16 15:20:32 2016 +0900 scd: Add support of ECC pubkey attribute. * scd/app-openpgp.c (ECC_FLAG_PUBKEY): New. (send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher) (parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK. (build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN. Support offering public key when ECC_FLAG_PUBKEY sets. (ecc_writekey): Supply ECC_Q and ECC_Q_LEN. (parse_algorithm_attribute): Parse pubkey-required byte. -- OpenPGPcard protocol specification version 3.2 supports algorithm attributes for ECC key which specifies public key data is required for "keytocard" command. This change supports the feature. Signed-off-by: NIIBE Yutaka diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 7dd1566..563a045 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -236,6 +236,7 @@ struct app_local_s { }; #define ECC_FLAG_DJB_TWEAK (1 << 0) +#define ECC_FLAG_PUBKEY (1 << 1) /***** Local prototypes *****/ @@ -910,7 +911,7 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno) snprintf (buffer, sizeof buffer, "%d %d %s", keyno+1, keyno==1? PUBKEY_ALGO_ECDH : - app->app_local->keyattr[keyno].ecc.flags? + (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)? PUBKEY_ALGO_EDDSA : PUBKEY_ALGO_ECDSA, openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 0)); } @@ -1387,7 +1388,7 @@ get_public_key (app_t app, int keyno) if ((app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA || (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC - && !app->app_local->keyattr[keyno].ecc.flags)) + && !(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))) && mlen && (*m & 0x80)) { /* Prepend numbers with a 0 if needed for MPI. */ *mbuf = 0; @@ -1395,7 +1396,7 @@ get_public_key (app_t app, int keyno) mlen++; } else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC - && app->app_local->keyattr[keyno].ecc.flags) + && (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)) { /* Prepend 0x40 prefix. */ *mbuf = 0x40; memcpy (mbuf+1, m, mlen); @@ -1429,7 +1430,7 @@ get_public_key (app_t app, int keyno) { char *format; - if (!app->app_local->keyattr[keyno].ecc.flags) + if (!(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)) format = "(public-key(ecc(curve%s)(q%b)))"; else if (keyno == 1) format = "(public-key(ecc(curve%s)(flags djb-tweak)(q%b)))"; @@ -2633,9 +2634,10 @@ build_privkey_template (app_t app, int keyno, static gpg_error_t build_ecc_privkey_template (app_t app, int keyno, const unsigned char *ecc_d, size_t ecc_d_len, + const unsigned char *ecc_q, size_t ecc_q_len, unsigned char **result, size_t *resultlen) { - unsigned char privkey[2]; + unsigned char privkey[2+2]; size_t privkey_len; unsigned char exthdr[2+2+1]; size_t exthdr_len; @@ -2645,8 +2647,10 @@ build_ecc_privkey_template (app_t app, int keyno, size_t datalen; unsigned char *template; size_t template_size; + int pubkey_required; - (void)app; + pubkey_required = !!(app->app_local->keyattr[keyno].ecc.flags + & ECC_FLAG_PUBKEY); *result = NULL; *resultlen = 0; @@ -2658,8 +2662,15 @@ build_ecc_privkey_template (app_t app, int keyno, tp += add_tlv (tp, 0x92, ecc_d_len); datalen += ecc_d_len; + if (pubkey_required) + { + tp += add_tlv (tp, 0x99, ecc_q_len); + datalen += ecc_q_len; + } + privkey_len = tp - privkey; + /* Build the extended header list without the private key template. */ tp = exthdr; *tp++ = keyno ==0 ? 0xb6 : keyno == 1? 0xb8 : 0xa4; @@ -2693,6 +2704,12 @@ build_ecc_privkey_template (app_t app, int keyno, memcpy (tp, ecc_d, ecc_d_len); tp += ecc_d_len; + if (pubkey_required) + { + memcpy (tp, ecc_q, ecc_q_len); + tp += ecc_q_len; + } + assert (tp - template == template_size); *result = template; @@ -3348,7 +3365,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_ECC || app->app_local->keyattr[keyno].ecc.oid != oidstr - || app->app_local->keyattr[keyno].ecc.flags != flag_djb_tweak) + || (flag_djb_tweak != + (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))) { if (app->app_local->extcap.algo_attr_change) { @@ -3387,6 +3405,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), err = build_ecc_privkey_template (app, keyno, ecc_d, ecc_d_len, + ecc_q, ecc_q_len, &template, &template_len); if (err) goto leave; @@ -3991,7 +4010,7 @@ do_auth (app_t app, const char *keyidstr, if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC) { - if (!app->app_local->keyattr[2].ecc.flags + if (!(app->app_local->keyattr[2].ecc.flags & ECC_FLAG_DJB_TWEAK) && (indatalen == 51 || indatalen == 67 || indatalen == 83)) { const char *p = (const char *)indata + 19; @@ -4190,7 +4209,7 @@ do_decipher (app_t app, const char *keyidstr, { int old_format_len = 0; - if (app->app_local->keyattr[1].ecc.flags) + if ((app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK)) { if (indatalen > 32 && (indatalen % 2)) { /* @@ -4258,7 +4277,7 @@ do_decipher (app_t app, const char *keyidstr, outdata, outdatalen); xfree (fixbuf); if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC - && app->app_local->keyattr[1].ecc.flags) + && (app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK)) { /* Add the prefix 0x40 */ fixbuf = xtrymalloc (*outdatalen + 1); if (!fixbuf) @@ -4550,7 +4569,19 @@ parse_algorithm_attribute (app_t app, int keyno) else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA || *buffer == PUBKEY_ALGO_EDDSA) { - const char *oid = ecc_oid (buffer + 1, buflen - 1); + const char *oid; + int oidlen = buflen - 1; + + app->app_local->keyattr[keyno].ecc.flags = 0; + + if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) + { /* Found "pubkey required"-byte for private key template. */ + oidlen--; + if (buffer[buflen-1] == 0xff) + app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; + } + + oid = ecc_oid (buffer + 1, oidlen); if (!oid) log_printhex ("Curve with OID not supported: ", buffer+1, buflen-1); @@ -4562,14 +4593,12 @@ parse_algorithm_attribute (app_t app, int keyno) || (*buffer == PUBKEY_ALGO_ECDH && !strcmp (app->app_local->keyattr[keyno].ecc.oid, "1.3.6.1.4.1.3029.1.5.1"))) - app->app_local->keyattr[keyno].ecc.flags = ECC_FLAG_DJB_TWEAK; - else - app->app_local->keyattr[keyno].ecc.flags = 0; + app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_DJB_TWEAK; if (opt.verbose) log_printf ("ECC, curve=%s%s\n", app->app_local->keyattr[keyno].ecc.oid, - !app->app_local->keyattr[keyno].ecc.flags ? "": - keyno==1? " (djb-tweak)": " (eddsa)"); + !(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)? + "": keyno==1? " (djb-tweak)": " (eddsa)"); } } else if (opt.verbose) ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 61 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 45 insertions(+), 16 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 11:46:27 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 16 Sep 2016 11:46:27 +0200 Subject: [git] gnupg-doc - branch, master, updated. acf44a0babcabf2dc6aaf21d15431c022c585211 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via acf44a0babcabf2dc6aaf21d15431c022c585211 (commit) from 1d36db1e021124124758952c6cf156b9dc172d46 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit acf44a0babcabf2dc6aaf21d15431c022c585211 Author: Justus Winter Date: Fri Sep 16 11:45:51 2016 +0200 blog: Update pyme3 blog entry. -- Signed-off-by: Justus Winter diff --git a/misc/blog.gnupg.org/drafts/20160812-python-bindings-for-gpgme.org b/misc/blog.gnupg.org/drafts/20160812-python-bindings-for-gpgme.org index 971bbaf..88216ab 100644 --- a/misc/blog.gnupg.org/drafts/20160812-python-bindings-for-gpgme.org +++ b/misc/blog.gnupg.org/drafts/20160812-python-bindings-for-gpgme.org @@ -1,17 +1,16 @@ # Python bindings for GPGME #+AUTHOR: Justus -#+DATE: August 12th, 2016 +#+DATE: September 16th, 2016 ** Python bindings for GPGME -GPGME 1.7 includes bindings for Python >= 3.4. The bindings are a -port of the [[https://bitbucket.org/malb/pyme][~pyme~]] bindings to Python 3, with a small shim on top to -provide a more idiomatic interface. For the purposes of this post I -will refer to the preexisting bindings that are for Python 2 only -~pyme2~, and to our new bindings as ~pyme3~. - -Existing applications using ~pyme2~ should continue to work with -little to no changes beyond what is needed to port them to Python 3. +GPGME 1.7 includes bindings for Python >= 2.7. The bindings are a +port of the [[https://bitbucket.org/malb/pyme][~pyme~]] bindings to Python 3 retaining compatibility with +Python 2.7, with a small shim on top to provide a more idiomatic +interface. For the purposes of this post I will refer to the +preexisting bindings that are for Python 2 only ~pyme2~, and to our +new bindings as ~pyme3~. Existing applications using ~pyme2~ should +continue to work no changes. ~pyme2~ offers an interface that is very close to that of GPGME. This interface exposes all features of the underlying library, but it is @@ -34,7 +33,7 @@ with pyme.Context(armor=True) as c: This will encrypt the given plaintext using symmetric encryption and the given passphrase, wrap it up using the OpenPGP protocol, and -encode it using ascii-armor. The plaintext is easily recovered using: +encode it using ASCII-armor. The plaintext is easily recovered using: #+BEGIN_SRC python with pyme.Context() as c: ----------------------------------------------------------------------- Summary of changes: .../drafts/20160812-python-bindings-for-gpgme.org | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 11:48:39 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 16 Sep 2016 11:48:39 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-367-g268e251 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 268e251b802cc7c19831722d7e3a52777a0f412f (commit) via 1f9641dd0fb08e4a3df3b507b974a3f78887920f (commit) from ed1f2700a73060e2615697491ea9e49ded4293e6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 268e251b802cc7c19831722d7e3a52777a0f412f Author: Werner Koch Date: Fri Sep 16 11:45:07 2016 +0200 core: Remove stub to try implementing gpg < 2.1 support for createkey. * src/engine-gpg.c (gpg_createkey_legacy): Remove. (gpg_genkey): Remove call. Signed-off-by: Werner Koch diff --git a/src/engine-gpg.c b/src/engine-gpg.c index d2741cb..a7431d5 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2051,25 +2051,6 @@ gpg_createkey_from_param (engine_gpg_t gpg, } -/* This is used for gpg versions which do not support the quick-genkey - * command to emulate the gpgme_op_createkey API. */ -static gpgme_error_t -gpg_createkey_legacy (engine_gpg_t gpg, - const char *userid, const char *algo, - unsigned long expires, - unsigned int flags, - unsigned int extraflags) -{ - (void)gpg; - (void)userid; - (void)algo; - (void)expires; - (void)flags; - (void)extraflags; - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); -} - - static gpgme_error_t gpg_createkey (engine_gpg_t gpg, const char *userid, const char *algo, @@ -2204,16 +2185,10 @@ gpg_genkey (void *engine, else err = gpg_createkey_from_param (gpg, help_data, extraflags); } - else if (userid && !key) - { - if (!have_gpg_version (gpg, "2.1.13")) - err = gpg_createkey_legacy (gpg, userid, algo, expires, flags, - extraflags); - else - err = gpg_createkey (gpg, userid, algo, expires, flags, extraflags); - } else if (!have_gpg_version (gpg, "2.1.13")) err = gpg_error (GPG_ERR_NOT_SUPPORTED); + else if (userid && !key) + err = gpg_createkey (gpg, userid, algo, expires, flags, extraflags); else if (!userid && key) err = gpg_addkey (gpg, algo, expires, key, flags, extraflags); else if (userid && key && !algo) commit 1f9641dd0fb08e4a3df3b507b974a3f78887920f Author: Werner Koch Date: Fri Sep 16 11:43:32 2016 +0200 core: Fix setting og the verification result. * src/verify.c (parse_new_sig): Proberly handle the RC in an ERRSIG status. Signed-off-by: Werner Koch diff --git a/src/verify.c b/src/verify.c index 6bdbe66..eb1cc10 100644 --- a/src/verify.c +++ b/src/verify.c @@ -366,25 +366,10 @@ parse_new_sig (op_data_t opd, gpgme_status_code_t code, char *args, end++; /* Parse the return code. */ - if (end[0] && (!end[1] || end[1] == ' ')) - { - switch (end[0]) - { - case '4': - sig->status = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); - break; - - case '9': - sig->status = gpg_error (GPG_ERR_NO_PUBKEY); - break; - - default: - sig->status = gpg_error (GPG_ERR_GENERAL); - } - } - else + if (!*end) goto parse_err_sig_fail; + sig->status = strtoul (end, NULL, 10); goto parse_err_sig_ok; parse_err_sig_fail: ----------------------------------------------------------------------- Summary of changes: src/engine-gpg.c | 29 ++--------------------------- src/verify.c | 19 ++----------------- 2 files changed, 4 insertions(+), 44 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 11:51:16 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 16 Sep 2016 11:51:16 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-368-ge6405df Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via e6405df62495300b13340fc9d1961a2934b0a749 (commit) from 268e251b802cc7c19831722d7e3a52777a0f412f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e6405df62495300b13340fc9d1961a2934b0a749 Author: Werner Koch Date: Fri Sep 16 11:48:29 2016 +0200 doc: Document the recently added --quick-foo related functions. -- diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 5971e48..ad1a23a 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -198,15 +198,18 @@ Context Attributes Key Management +* Key objects:: Description of the key structures. * Listing Keys:: Browsing the list of available keys. * Information About Keys:: Requesting detailed information about keys. * Key Signatures:: Listing the signatures on a key. * Manipulating Keys:: Operations on keys. * Generating Keys:: Creating new key pairs. +* Signing Keys:: Adding key signatures to public keys. * Exporting Keys:: Retrieving key data from the key ring. * Importing Keys:: Adding keys to the key ring. * Deleting Keys:: Removing keys from the key ring. * Changing Passphrases:: Change the passphrase of a key. +* Changing TOFU Data:: Changing data pertaining to TOFU. * Advanced Key Editing:: Advanced key edit operation. Trust Item Management @@ -2959,9 +2962,121 @@ signers are specified. This is always done by specifying the respective keys that should be used for the operation. The following section describes how such keys can be selected and manipulated. + + at menu +* Key objects:: Description of the key structures. +* Listing Keys:: Browsing the list of available keys. +* Information About Keys:: Requesting detailed information about keys. +* Key Signatures:: Listing the signatures on a key. +* Manipulating Keys:: Operations on keys. +* Generating Keys:: Creating new key pairs. +* Signing Keys:: Adding key signatures to public keys. +* Exporting Keys:: Retrieving key data from the key ring. +* Importing Keys:: Adding keys to the key ring. +* Deleting Keys:: Removing keys from the key ring. +* Changing Passphrases:: Change the passphrase of a key. +* Changing TOFU Data:: Changing data pertaining to TOFU. +* Advanced Key Editing:: Advanced key edit operation. + at end menu + + at node Key objects + at subsection Key objects + +The keys are represented in GPGME by structures which may only be read +by the application but never be allocated or changed. They are valid +as long as the key object itself is valid. + + at deftp {Data type} gpgme_key_t + +The @code{gpgme_key_t} type is a pointer to a key object. It has the +following members: + + at table @code + at item gpgme_keylist_mode_t keylist_mode +The keylist mode that was active when the key was retrieved. + + at item unsigned int revoked : 1 +This is true if the key is revoked. + + at item unsigned int expired : 1 +This is true if the key is expired. + + at item unsigned int disabled : 1 +This is true if the key is disabled. + + at item unsigned int invalid : 1 +This is true if the key is invalid. This might have several reasons, +for a example for the S/MIME backend, it will be set during key +listings if the key could not be validated due to missing +certificates or unmatched policies. + + at item unsigned int can_encrypt : 1 +This is true if the key (ie one of its subkeys) can be used for +encryption. + + at item unsigned int can_sign : 1 +This is true if the key (ie one of its subkeys) can be used to create +data signatures. + + at item unsigned int can_certify : 1 +This is true if the key (ie one of its subkeys) can be used to create +key certificates. + + at item unsigned int can_authenticate : 1 +This is true if the key (ie one of its subkeys) can be used for +authentication. + + at item unsigned int is_qualified : 1 +This is true if the key can be used for qualified signatures according +to local government regulations. + + at item unsigned int secret : 1 +This is true if the key is a secret key. Note, that this will always +be true even if the corresponding subkey flag may be false +(offline/stub keys). This is only set if a listing of secret keys has +been requested or if @code{GPGME_KEYLIST_MODE_WITH_SECRET} is active. + + at item gpgme_protocol_t protocol +This is the protocol supported by this key. + + at item char *issuer_serial +If @code{protocol} is @code{GPGME_PROTOCOL_CMS}, then this is the +issuer serial. + + at item char *issuer_name +If @code{protocol} is @code{GPGME_PROTOCOL_CMS}, then this is the +issuer name. + + at item char *chain_id +If @code{protocol} is @code{GPGME_PROTOCOL_CMS}, then this is the +chain ID, which can be used to built the certificate chain. + + at item gpgme_validity_t owner_trust +If @code{protocol} is @code{GPGME_PROTOCOL_OpenPGP}, then this is the +owner trust. + + at item gpgme_subkey_t subkeys +This is a linked list with the subkeys of the key. The first subkey +in the list is the primary key and usually available. + + at item gpgme_user_id_t uids +This is a linked list with the user IDs of the key. The first user ID +in the list is the main (or primary) user ID. + + at item char *fpr +This field gives the fingerprint of the primary key. Note that +this is a copy of the fingerprint of the first subkey. For an +incomplete key (for example from a verification result) a subkey may +be missing but this field may be set nevertheless. + + at end table + at end deftp + + @deftp {Data type} gpgme_subkey_t + The @code{gpgme_subkey_t} type is a pointer to a subkey structure. -Sub keys are one component of a @code{gpgme_key_t} object. In fact, +Subkeys are one component of a @code{gpgme_key_t} object. In fact, subkeys are those parts that contains the real information about the individual cryptographic keys that belong to the same key object. One @code{gpgme_key_t} can contain several subkeys. The first subkey in @@ -3046,10 +3161,61 @@ For ECC algorithms the name of the curve. @end table @end deftp + at deftp {Data type} gpgme_user_id_t + +A user ID is a component of a @code{gpgme_key_t} object. One key can +have many user IDs. The first one in the list is the main (or +primary) user ID. + +The user ID structure has the following members. + + at table @code + at item gpgme_user_id_t next +This is a pointer to the next user ID structure in the linked list, or + at code{NULL} if this is the last element. + + at item unsigned int revoked : 1 +This is true if the user ID is revoked. + + at item unsigned int invalid : 1 +This is true if the user ID is invalid. + + at item gpgme_validity_t validity +This specifies the validity of the user ID. + + at item char *uid +This is the user ID string. + + at item char *name +This is the name component of @code{uid}, if available. + + at item char *comment +This is the comment component of @code{uid}, if available. + + at item char *email +This is the email component of @code{uid}, if available. + + at item char *address; +The mail address (addr-spec from RFC-5322) of the user ID string. +This is general the same as the @code{email} part of this structure +but might be slightly different. If no mail address is available + at code{NULL} is stored. + + at item gpgme_tofu_info_t tofu +If not @code{NULL} information from the TOFU database pertaining to +this user id. + + at item gpgme_key_sig_t signatures +This is a linked list with the signatures on this user ID. + at end table + at end deftp + + @deftp {Data type} gpgme_key_sig_t + The @code{gpgme_key_sig_t} type is a pointer to a key signature structure. Key signatures are one component of a @code{gpgme_key_t} object, and -validate user IDs on the key. +validate user IDs on the key in the OpenPGP protocol. The signatures on a key are only available if the key was retrieved via a listing operation with the @code{GPGME_KEYLIST_MODE_SIGS} mode @@ -3120,151 +3286,6 @@ This is a linked list with the notation data and policy URLs. @end table @end deftp - at deftp {Data type} gpgme_user_id_t -A user ID is a component of a @code{gpgme_key_t} object. One key can -have many user IDs. The first one in the list is the main (or -primary) user ID. - -The user ID structure has the following members. - - at table @code - at item gpgme_user_id_t next -This is a pointer to the next user ID structure in the linked list, or - at code{NULL} if this is the last element. - - at item unsigned int revoked : 1 -This is true if the user ID is revoked. - - at item unsigned int invalid : 1 -This is true if the user ID is invalid. - - at item gpgme_validity_t validity -This specifies the validity of the user ID. - - at item char *uid -This is the user ID string. - - at item char *name -This is the name component of @code{uid}, if available. - - at item char *comment -This is the comment component of @code{uid}, if available. - - at item char *email -This is the email component of @code{uid}, if available. - - at item char *address; -The mail address (addr-spec from RFC-5322) of the user ID string. -This is general the same as the @code{email} part of this structure -but might be slightly different. If no mail address is available - at code{NULL} is stored. - - at item gpgme_tofu_info_t tofu -If not @code{NULL} information from the TOFU database pertaining to -this user id. - - at item gpgme_key_sig_t signatures -This is a linked list with the signatures on this user ID. - at end table - at end deftp - - at deftp {Data type} gpgme_key_t -The @code{gpgme_key_t} type is a pointer to a key object. It has the -following members: - - at table @code - at item gpgme_keylist_mode_t keylist_mode -The keylist mode that was active when the key was retrieved. - - at item unsigned int revoked : 1 -This is true if the key is revoked. - - at item unsigned int expired : 1 -This is true if the key is expired. - - at item unsigned int disabled : 1 -This is true if the key is disabled. - - at item unsigned int invalid : 1 -This is true if the key is invalid. This might have several reasons, -for a example for the S/MIME backend, it will be set during key -listings if the key could not be validated due to missing -certificates or unmatched policies. - - at item unsigned int can_encrypt : 1 -This is true if the key (ie one of its subkeys) can be used for -encryption. - - at item unsigned int can_sign : 1 -This is true if the key (ie one of its subkeys) can be used to create -data signatures. - - at item unsigned int can_certify : 1 -This is true if the key (ie one of its subkeys) can be used to create -key certificates. - - at item unsigned int can_authenticate : 1 -This is true if the key (ie one of its subkeys) can be used for -authentication. - - at item unsigned int is_qualified : 1 -This is true if the key can be used for qualified signatures according -to local government regulations. - - at item unsigned int secret : 1 -This is true if the key is a secret key. Note, that this will always -be true even if the corresponding subkey flag may be false -(offline/stub keys). This is only set if a listing of secret keys has -been requested or if @code{GPGME_KEYLIST_MODE_WITH_SECRET} is active. - - at item gpgme_protocol_t protocol -This is the protocol supported by this key. - - at item char *issuer_serial -If @code{protocol} is @code{GPGME_PROTOCOL_CMS}, then this is the -issuer serial. - - at item char *issuer_name -If @code{protocol} is @code{GPGME_PROTOCOL_CMS}, then this is the -issuer name. - - at item char *chain_id -If @code{protocol} is @code{GPGME_PROTOCOL_CMS}, then this is the -chain ID, which can be used to built the certificate chain. - - at item gpgme_validity_t owner_trust -If @code{protocol} is @code{GPGME_PROTOCOL_OpenPGP}, then this is the -owner trust. - - at item gpgme_subkey_t subkeys -This is a linked list with the subkeys of the key. The first subkey -in the list is the primary key and usually available. - - at item gpgme_user_id_t uids -This is a linked list with the user IDs of the key. The first user ID -in the list is the main (or primary) user ID. - - at item char *fpr -This field gives the fingerprint of the primary key. Note that -this is a copy of the fingerprint of the first subkey. For an -incomplete key (for example from a verification result) a subkey may -be missing but this field may be set nevertheless. - - at end table - at end deftp - - at menu -* Listing Keys:: Browsing the list of available keys. -* Information About Keys:: Requesting detailed information about keys. -* Key Signatures:: Listing the signatures on a key. -* Manipulating Keys:: Operations on keys. -* Generating Keys:: Creating new key pairs. -* Exporting Keys:: Retrieving key data from the key ring. -* Importing Keys:: Adding keys to the key ring. -* Deleting Keys:: Removing keys from the key ring. -* Changing Passphrases:: Change the passphrase of a key. -* Advanced Key Editing:: Advanced key edit operation. - at end menu @node Listing Keys @@ -3787,7 +3808,298 @@ The function @code{gpgme_key_release} is equivalent to @cindex key, creation @cindex key ring, add - at deftypefun gpgme_error_t gpgme_op_genkey (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{parms}}, @w{gpgme_data_t @var{public}}, @w{gpgme_data_t @var{secret}}) +GPGME provides a set of functions to create public key pairs. Most of +these functions require the use of GnuPG 2.1 and later; for older +GnuPG versions the @code{gpgme_op_genkey} function can be used. +Existing code which wants to update to the new functions or new code +which shall supports older GnuPG versions may try the new functions +first and provide a fallback to the old function if the error code + at code{GPG_ERR_NOT_SUPPORTED} is received. + + at c + at c gpgme_op_createkey + at c + at deftypefun gpgme_error_t gpgme_op_createkey @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{const char *@var{userid}}, @ + @w{const char *@var{algo}}, @ + @w{unsigned long @var{reserved}}, @ + @w{unsigned long @var{expires}}, @ + @w{gpgme_key_t @var{extrakey}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_createkey} generates a new key for the +procotol active in the context @var{ctx}. As of now this function +does only work for OpenPGP and requires at least version 2.1.13 of +GnuPG. + + at var{userid} is commonly the mail address associated with the key. +GPGME does not require a specificy syntax but if more than a mail +address is given, RFC-822 style format is suggested. The value is +expected to be in UTF-8 encoding (i.e. no IDN encoding for mail +addresses). This is a required parameter. + + at var{algo} specifies the algorithm for the new key (actually a keypair +of public and private key). For a list of supported algorithms, see +the GnuPG manual. If @var{algo} is @code{NULL} or the string +"default", the key is generated using the default algorithm of the +engine. If the string "future-default" is used the engine may use an +algorithm which is planned to be the default in a future release of +the engine; however existing implementation of the protocol may not be +able to already handle such future algorithms. For the OpenPGP +protocol, the specification of a default algorithm, without requesting +a non-default usage via @var{flags}, triggers the creation of a +primary key plus a secondary key (subkey). + + at var{reserved} must be set to zero. + + at var{expires} can be set to the number of seconds since Epoch of the +desired expiration date in UTC for the new key. Using 0 does not +set an expiration date. Note that this parameter takes an unsigned long +value and not a @code{time_t} to avoid problems on systems which use a +signed 32 bit @code{time_t}. Note further that the OpenPGP protocol +uses 32 bit values for timestamps and thus can only encode dates up to +the year 2106. + + at var{extrakey} is currently not used and must be set to @code{NULL}. +A future version of GPGME may use this parameter to create X.509 keys. + + at var{flags} can be set to the bit-wise OR of the following flags: + + at table @code + at item GPGME_CREATE_SIGN + at itemx GPGME_CREATE_ENCR + at itemx GPGME_CREATE_CERT + at itemx GPGME_CREATE_AUTH +Do not create the key with the default capabilities (key usage) of the +requested algorithm but use those explicitly given by these flags: +``signing'', ``encryption'', ``certification'', or ``authentication''. +The allowed combinations depend on the algorithm. + +If any of these flags are set and a default algorithm has been +selected only one key is created in the case of the OpenPGP +protocol. + + at item GPGME_CREATE_NOPASSWD +Request generation of the key without password protection. + + at item GPGME_CREATE_SELFSIGNED +For an X.509 key do not create a CSR but a self-signed certificate. +This has not yet been implemented. + + at item GPGME_CREATE_NOSTORE +Do not store the created key in the local key database. +This has not yet been implemented. + + at item GPGME_CREATE_WANTPUB + at itemx GPGME_CREATE_WANTSEC +Return the public or secret key as part of the result structure. +This has not yet been implemented. + + at item GPGME_CREATE_FORCE +The engine does not allow the creation of a key with a user ID +already existing in the local key database. This flag can be used to +override this check. + + at end table + +After the operation completed successfully, information about the +created key can be retrieved with @code{gpgme_op_genkey_result}. + +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. + + at end deftypefun + + + at deftypefun gpgme_error_t gpgme_op_createkey_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{const char *@var{userid}}, @ + @w{const char *@var{algo}}, @ + @w{unsigned long @var{reserved}}, @ + @w{unsigned long @var{expires}}, @ + @w{gpgme_key_t @var{extrakey}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_createkey_start} initiates a + at code{gpgme_op_createkey} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. + + at end deftypefun + + at c + at c gpgme_op_createsubkey + at c + at deftypefun gpgme_error_t gpgme_op_createsubkey @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{algo}}, @ + @w{unsigned long @var{reserved}}, @ + @w{unsigned long @var{expires}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_createsubkey} creates and adds a new +subkey to the primary OpenPGP key given by @var{KEY}. The only +allowed protocol in @var{ctx} is @code{GPGME_PROTOCOL_OPENPGP}. +Subkeys (aka secondary keys) are a concept in the OpenPGP protocol to +bind several keys to a primary key. As of now this function requires +at least version 2.1.13 of GnuPG. + + at var{key} specifies the key to operate on. + + at var{algo} specifies the algorithm for the new subkey. For a list of +supported algorithms, see the GnuPG manual. If @var{algo} is + at code{NULL} or the string "default", the subkey is generated using the +default algorithm for an encryption subkey of the engine. If the +string "future-default" is used the engine may use an encryption +algorithm which is planned to be the default in a future release of +the engine; however existing implementation of the protocol may not be +able to already handle such future algorithms. + + at var{reserved} must be set to zero. + + at var{expires} can be set to the number of seconds since Epoch of the +desired expiration date in UTC for the new subkey. Using 0 does not +set an expiration date. Note that this parameter takes an unsigned long +value and not a @code{time_t} to avoid problems on systems which use a +signed 32 bit @code{time_t}. Note further that the OpenPGP protocol +uses 32 bit values for timestamps and thus can only encode dates up to +the year 2106. + + at var{flags} takes the same values as described above for + at code{gpgme_op_createkey}. + +After the operation completed successfully, information about the +created key can be retrieved with @code{gpgme_op_genkey_result}. + +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. + + + at end deftypefun + + at deftypefun gpgme_error_t gpgme_op_createsubkey_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{algo}}, @ + @w{unsigned long @var{reserved}}, @ + @w{unsigned long @var{expires}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_createsubkey_start} initiates a + at code{gpgme_op_createsubkey} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. + + at end deftypefun + + + at c + at c gpgme_op_adduid + at c + at deftypefun gpgme_error_t gpgme_op_adduid @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_adduid} adds a new user ID to the OpenPGP +key given by @var{KEY}. Adding additional user IDs after key creation +is a feature of the OpenPGP protocol and thus the protocol for the +context @var{ctx} must be set to OpenPGP. As of now this function +requires at least version 2.1.13 of GnuPG. + + at var{key} specifies the key to operate on. + + at var{userid} is the user ID to add to the key. A user ID is commonly +the mail address to be associated with the key. GPGME does not +require a specificy syntax but if more than a mail address is given, +RFC-822 style format is suggested. The value is expected to be in +UTF-8 encoding (i.e. no IDN encoding for mail addresses). This is a +required parameter. + + at var{flags} are currently not used and must be set to zero. + +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. + + at end deftypefun + + at deftypefun gpgme_error_t gpgme_op_adduid_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_adduid_start} initiates a + at code{gpgme_op_adduid} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. + + at end deftypefun + + + at c + at c gpgme_op_revuid + at c + at deftypefun gpgme_error_t gpgme_op_revuid @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_revuid} revokes a user ID from the OpenPGP +key given by @var{KEY}. Revoking user IDs after key creation is a +feature of the OpenPGP protocol and thus the protocol for the context + at var{ctx} must be set to OpenPGP. As of now this function requires at +least version 2.1.13 of GnuPG. + + at var{key} specifies the key to operate on. + + at var{userid} is the user ID to be revoked from the key. The user ID +must be given verbatim because the engine does an exact and case +sensitive match. Thus the @code{uid} field from the user ID object +(@code{gpgme_user_id_t}) is to be used. This is a required parameter. + + at var{flags} are currently not used and must be set to zero. + +Note that the engine won't allow to revoke the last valid user ID. To +change a user ID is better to first add the new user ID, then revoke +the old one, and finally publish the key. + +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. + + at end deftypefun + + at deftypefun gpgme_error_t gpgme_op_revuid_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_revuid_start} initiates a + at code{gpgme_op_revuid} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. + + at end deftypefun + + + at c + at c gpgme_op_genkey + at c + at deftypefun gpgme_error_t gpgme_op_genkey @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{const char *@var{parms}}, @ + @w{gpgme_data_t @var{public}}, @ + @w{gpgme_data_t @var{secret}}) + The function @code{gpgme_op_genkey} generates a new key pair in the context @var{ctx}. The meaning of @var{public} and @var{secret} depends on the crypto backend. @@ -3849,6 +4161,7 @@ if no key was created by the backend. @end deftypefun @deftypefun gpgme_error_t gpgme_op_genkey_start (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{parms}}, @w{gpgme_data_t @var{public}}, @w{gpgme_data_t @var{secret}}) + The function @code{gpgme_op_genkey_start} initiates a @code{gpgme_op_genkey} operation. It can be completed by calling @code{gpgme_wait} on the context. @xref{Waiting For Completion}. @@ -3860,7 +4173,12 @@ operation could be started successfully, @code{GPG_ERR_INV_VALUE} if @code{NULL}. @end deftypefun + + at c + at c gpgme_op_genkey_result + at c @deftp {Data type} {gpgme_genkey_result_t} + This is a pointer to a structure used to store the result of a @code{gpgme_op_genkey} operation. After successfully generating a key, you can retrieve the pointer to the result with @@ -3869,22 +4187,34 @@ members: @table @code @item unsigned int primary : 1 -This is a flag that is set to 1 if a primary key was created and to 0 +This flag is set to 1 if a primary key was created and to 0 if not. @item unsigned int sub : 1 -This is a flag that is set to 1 if a subkey was created and to 0 -if not. +This flag is set to 1 if a subkey was created and to 0 if not. + + at item unsigned int uid : 1 +This flag is set to 1 if a user ID was created and to 0 if not. @item char *fpr This is the fingerprint of the key that was created. If both a -primary and a sub key were generated, the fingerprint of the primary +primary and a subkey were generated, the fingerprint of the primary key will be returned. If the crypto engine does not provide the fingerprint, @code{fpr} will be a null pointer. + + at item gpgme_data_t pubkey +This will eventually be used to return the public key. It is +currently not used. + + at item gpgme_data_t seckey +This will eventually be used to return the secret key. It is +currently not used. + @end table @end deftp @deftypefun gpgme_genkey_result_t gpgme_op_genkey_result (@w{gpgme_ctx_t @var{ctx}}) + The function @code{gpgme_op_genkey_result} returns a @code{gpgme_genkey_result_t} pointer to a structure holding the result of a @code{gpgme_op_genkey} operation. The pointer is only valid if the @@ -3892,9 +4222,110 @@ last operation on the context was a @code{gpgme_op_genkey} or @code{gpgme_op_genkey_start} operation, and if this operation finished successfully. The returned pointer is only valid until the next operation is started on the context. + + at end deftypefun + + + at c + at c SIGNING KEYS + at c + at node Signing Keys + at subsection Signing Keys + at cindex key, signing + +Key signatures are a unique concept of the OpenPGP protocol. They can +be used to certify the validity of a key and are used to create the +Web-of-Trust (WoT). Instead of using the @code{gpgme_op_interact} +function along with a finite state machine, GPGME provides a +convenient function to create key signatures when using modern GnuPG +versions. + + + at c + at c gpgme_op_keysign + at c + at deftypefun gpgme_error_t gpgme_op_keysign @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned long @var{expires}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_keysign} adds a new key signature to the +public key @var{KEY}. This function requires at least version 2.1.12 of +GnuPG. + + at var{CTX} is the usual context which describes the protocol to use +(which must be OpenPGP) and has also the list of signer keys to be +used for the signature. The common case is to use the default key for +signing other keys. If another key or more than one key shall be used +for a key signature, @code{gpgme_signers_add} can be used. + at xref{Selecting Signers}. + + at var{key} specifies the key to operate on. + + at var{userid} selects the user ID or user IDs to be signed. If + at var{userid} is set to @code{NULL} all valid user IDs are signed. The +user ID must be given verbatim because the engine does an exact and +case sensitive match. Thus the @code{uid} field from the user ID +object (@code{gpgme_user_id_t}) is to be used. To select more than +one user ID put them all into one string separated by linefeeds +characters (@code{\n}) and set the flag @code{GPGME_KEYSIGN_LFSEP}. + + at var{expires} can be set to the number of seconds since Epoch of the +desired expiration date in UTC for the new signature. The common case +is to use 0 to not set an expiration date. However, if the +configuration of the engine defines a default expiration for key +signatures, that is still used unless the flag + at code{GPGME_KEYSIGN_NOEXPIRE} is used. Note that this parameter takes +an unsigned long value and not a @code{time_t} to avoid problems on +systems which use a signed 32 bit @code{time_t}. Note further that +the OpenPGP protocol uses 32 bit values for timestamps and thus can +only encode dates up to the year 2106. + + at var{flags} can be set to the bit-wise OR of the following flags: + + at table @code + at item GPGME_KEYSIGN_LOCAL +Instead of creating an exportable key signature, create a key +signature which is is marked as non-exportable. + + at item GPGME_KEYSIGN_LFSEP +Although linefeeds are uncommon in user IDs this flag is required to +explicitly declare that @var{userid} may contain several linefeed +separated user IDs. + + at item GPGME_KEYSIGN_NOEXPIRE +Force the creation of a key signature without an expiration date. This +overrides @var{expire} and any local configuration of the engine. + + at end table + +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. + + at end deftypefun + + + at deftypefun gpgme_error_t gpgme_op_keysign_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned long @var{expires}}, @ + @w{unsigned int @var{flags}}); + +The function @code{gpgme_op_keysign_start} initiates a + at code{gpgme_op_keysign} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. + @end deftypefun + at c + at c EXPORTING KEYS + at c @node Exporting Keys @subsection Exporting Keys @cindex key, export @@ -4263,7 +4694,7 @@ operation was started successfully, and @code{GPG_ERR_INV_VALUE} if @node Changing Passphrases - at subsection Changing Passphrases + at subsection Changing Passphrases @cindex passphrase, change @deftypefun gpgme_error_t gpgme_op_passwd @ @@ -4297,6 +4728,72 @@ could not be started. @end deftypefun + at c + at c CHANGING TOFU DATA + at c + at node Changing TOFU Data + at subsection Changing TOFU Data + at cindex validity, TOFU + +The OpenPGP engine features a Trust-On-First-Use (TOFU) key validation +model. For resolving clonflics it is necessary to declare the policy +for a key. See the GnuPG manual for details on the TOFU +implementation. + + at deftp {Data type} {enum gpgme_tofu_policy_t} + at tindex gpgme_tofu_policy_t +The @code{gpgme_tofu_policy_t} type specifies the set of possible +policy values that are supported by @acronym{GPGME}: + + at table @code + at item GPGME_TOFU_POLICY_AUTO +Set the policy to ``auto''. + at item GPGME_TOFU_POLICY_GOOD +Set the policy to ``goog''. + at item GPGME_TOFU_POLICY_BAD +Set the policy to ``bad''. + at item GPGME_TOFU_POLICY_ASK +Set the policy to ``ask''. + at item GPGME_TOFU_POLICY_UNKNOWN +Set the policy to ``unknown''. + at end table + + at end deftp + +To change the policy for a key the following functions can be used: + + at deftypefun gpgme_error_t gpgme_op_tofu_policy @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{const gpgme_key_t @var{key}}, @ + @w{gpgme_tofu_policy_t @var{policy}}) + +The function @code{gpgme_op_tofu_policy} changes the TOFU policy of + at var{key}. The valid values for @var{policy} are listed above. As of +now this function does only work for OpenPGP and requires at least +version 2.1.10 of GnuPG. + +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. + + at end deftypefun + + at deftypefun gpgme_error_t gpgme_op_tofu_policy_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{const gpgme_key_t @var{key}}, @ + @w{gpgme_tofu_policy_t @var{policy}}) + +The function @code{gpgme_op_tofu_policy_start} initiates a + at code{gpgme_op_tofu_policy} operation. It can be completed by calling + at code{gpgme_wait} on the context. @xref{Waiting For Completion}. + +The function returns @code{0} if the operation was started successfully, +and an error code if one of the arguments is not valid or the oepration +could not be started. + + at end deftypefun + + @node Advanced Key Editing @subsection Advanced Key Editing @cindex key, edit @@ -5325,6 +5822,11 @@ set is changed). @cindex signature, selecting signers @cindex signers, selecting +The key or the keys used to create a signature are stored in the +context. The following functions can be used to manipulate this list. +If no signer has been set into the context a default key is used for +signing. + @deftypefun void gpgme_signers_clear (@w{gpgme_ctx_t @var{ctx}}) The function @code{gpgme_signers_clear} releases a reference for each key on the signers list and removes the list of signers from the ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 808 ++++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 655 insertions(+), 153 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 12:24:48 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 16 Sep 2016 12:24:48 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-369-g00f95e0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 00f95e0fad2ef438f78eabb7881b56568466f666 (commit) from e6405df62495300b13340fc9d1961a2934b0a749 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 00f95e0fad2ef438f78eabb7881b56568466f666 Author: Werner Koch Date: Fri Sep 16 12:20:33 2016 +0200 doc: Move description of most deprecated functions to a new appendix. -- Signed-off-by: Werner Koch diff --git a/doc/gpgme.texi b/doc/gpgme.texi index ad1a23a..dc5a140 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -14,8 +14,7 @@ @syncodeindex pg fn @copying -Copyright @copyright{} 2002, 2003, 2004, 2005, 2006, 2007, -2008, 2010, 2012, 2013, 2014, 2016 g10 Code GmbH. +Copyright @copyright{} 2002--2008, 2010, 2012--2016 g10 Code GmbH. @quotation Permission is granted to copy, distribute and/or modify this document @@ -71,7 +70,7 @@ This is Edition @value{EDITION}, last updated @value{UPDATED}, of @center for version @value{VERSION} @page @vskip 0pt plus 1filll -Published by g10 Code GmbH@* H?ttenstr. 61@* 40699 Erkrath, Germany +Published by The GnuPG Project@* c/o g10 Code GmbH@* H?ttenstr. 61@* 40699 Erkrath, Germany @insertcopying @end titlepage @@ -101,6 +100,7 @@ Appendices * UI Server Protocol:: The GnuPG UI Server Protocol. * Debugging:: How to solve problems. +* Deprecated Functions:: Documentation of deprecated functions. * Library Copying:: The GNU Lesser General Public License says how you can copy and share `GnuPG Made Easy'. @@ -201,7 +201,6 @@ Key Management * Key objects:: Description of the key structures. * Listing Keys:: Browsing the list of available keys. * Information About Keys:: Requesting detailed information about keys. -* Key Signatures:: Listing the signatures on a key. * Manipulating Keys:: Operations on keys. * Generating Keys:: Creating new key pairs. * Signing Keys:: Adding key signatures to public keys. @@ -215,7 +214,6 @@ Key Management Trust Item Management * Listing Trust Items:: Browsing the list of available trust items. -* Information About Trust Items:: Requesting information about trust items. * Manipulating Trust Items:: Operations on trust items. Crypto Operations @@ -1984,33 +1982,6 @@ data object was successfully created, and @code{GPG_ERR_ENOMEM} if not enough memory is available. @end deftypefun -The following interface is deprecated and only provided for backward -compatibility. Don't use it. It will be removed in a future version -of @acronym{GPGME}. - - at deftypefun gpgme_error_t gpgme_data_new_with_read_cb (@w{gpgme_data_t *@var{dh}}, @w{int (*@var{readfunc})} (@w{void *@var{hook}}, @w{char *@var{buffer}}, @w{size_t @var{count}}, @w{size_t *@var{nread}}), @w{void *@var{hook_value}}) -The function @code{gpgme_data_new_with_read_cb} creates a new - at code{gpgme_data_t} object and uses the callback function @var{readfunc} -to retrieve the data on demand. As the callback function can supply -the data in any way it wants, this is the most flexible data type - at acronym{GPGME} provides. However, it can not be used to write data. - -The callback function receives @var{hook_value} as its first argument -whenever it is invoked. It should return up to @var{count} bytes in - at var{buffer}, and return the number of bytes actually read in - at var{nread}. It may return @code{0} in @var{nread} if no data is -currently available. To indicate @code{EOF} the function should -return with an error code of @code{-1} and set @var{nread} to - at code{0}. The callback function may support to reset its internal -read pointer if it is invoked with @var{buffer} and @var{nread} being - at code{NULL} and @var{count} being @code{0}. - -The function returns the error code @code{GPG_ERR_NO_ERROR} if the -data object was successfully created, @code{GPG_ERR_INV_VALUE} if - at var{dh} or @var{readfunc} is not a valid pointer, and - at code{GPG_ERR_ENOMEM} if not enough memory is available. - at end deftypefun - @node Destroying Data Buffers @section Destroying Data Buffers @@ -2122,20 +2093,6 @@ read/write position. If the function fails, -1 is returned and @var{errno} is set. @end deftypefun -The following function is deprecated and should not be used. It will -be removed in a future version of @acronym{GPGME}. - - at deftypefun gpgme_error_t gpgme_data_rewind (@w{gpgme_data_t @var{dh}}) -The function @code{gpgme_data_rewind} is equivalent to: - - at example - return (gpgme_data_seek (dh, 0, SEEK_SET) == -1) - ? gpgme_error_from_errno (errno) : 0; - at end example - at end deftypefun - - - @node Data Buffer Meta-Data @subsection Data Buffer Meta-Data @@ -2967,7 +2924,6 @@ section describes how such keys can be selected and manipulated. * Key objects:: Description of the key structures. * Listing Keys:: Browsing the list of available keys. * Information About Keys:: Requesting detailed information about keys. -* Key Signatures:: Listing the signatures on a key. * Manipulating Keys:: Operations on keys. * Generating Keys:: Creating new key pairs. * Signing Keys:: Adding key signatures to public keys. @@ -3505,750 +3461,470 @@ validity is ``u''. @end deftp -The following interfaces are deprecated and only provided for backward -compatibility. Don't use them. They will be removed in a future -version of @acronym{GPGME}. - at deftp {Data type} gpgme_attr_t -The @code{gpgme_attr_t} type is used to specify a key or trust item -attribute. The following attributes are defined: - at table @code - at item GPGME_ATTR_KEYID -This is the key ID of a sub key. It is representable as a string. + at node Manipulating Keys + at subsection Manipulating Keys + at cindex key, manipulation -For trust items, the trust item refers to the key with this ID. + at deftypefun void gpgme_key_ref (@w{gpgme_key_t @var{key}}) +The function @code{gpgme_key_ref} acquires an additional reference for +the key @var{key}. + at end deftypefun - at item GPGME_ATTR_FPR -This is the fingerprint of a sub key. It is representable as a -string. + at deftypefun void gpgme_key_unref (@w{gpgme_key_t @var{key}}) +The function @code{gpgme_key_unref} releases a reference for the key + at var{key}. If this was the last reference, the key will be destroyed +and all resources associated to it will be released. + at end deftypefun - at item GPGME_ATTR_ALGO -This is the crypto algorithm for which the sub key can be used. It -is representable as a string and as a number. The numbers correspond -to the @code{enum gcry_pk_algos} values in the gcrypt library. - at item GPGME_ATTR_LEN -This is the key length of a sub key. It is representable as a -number. + at node Generating Keys + at subsection Generating Keys + at cindex key, creation + at cindex key ring, add - at item GPGME_ATTR_CREATED -This is the timestamp at creation time of a sub key. It is -representable as a number. +GPGME provides a set of functions to create public key pairs. Most of +these functions require the use of GnuPG 2.1 and later; for older +GnuPG versions the @code{gpgme_op_genkey} function can be used. +Existing code which wants to update to the new functions or new code +which shall supports older GnuPG versions may try the new functions +first and provide a fallback to the old function if the error code + at code{GPG_ERR_NOT_SUPPORTED} is received. - at item GPGME_ATTR_EXPIRE -This is the expiration time of a sub key. It is representable as a -number. + at c + at c gpgme_op_createkey + at c + at deftypefun gpgme_error_t gpgme_op_createkey @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{const char *@var{userid}}, @ + @w{const char *@var{algo}}, @ + @w{unsigned long @var{reserved}}, @ + @w{unsigned long @var{expires}}, @ + @w{gpgme_key_t @var{extrakey}}, @ + @w{unsigned int @var{flags}}); - at item GPGME_ATTR_OTRUST -XXX FIXME (also for trust items) +The function @code{gpgme_op_createkey} generates a new key for the +procotol active in the context @var{ctx}. As of now this function +does only work for OpenPGP and requires at least version 2.1.13 of +GnuPG. - at item GPGME_ATTR_USERID -This is a user ID. There can be more than one user IDs in a - at var{gpgme_key_t} object. The first one (with index 0) is the primary -user ID. The user ID is representable as a number. + at var{userid} is commonly the mail address associated with the key. +GPGME does not require a specificy syntax but if more than a mail +address is given, RFC-822 style format is suggested. The value is +expected to be in UTF-8 encoding (i.e. no IDN encoding for mail +addresses). This is a required parameter. -For trust items, this is the user ID associated with this trust item. + at var{algo} specifies the algorithm for the new key (actually a keypair +of public and private key). For a list of supported algorithms, see +the GnuPG manual. If @var{algo} is @code{NULL} or the string +"default", the key is generated using the default algorithm of the +engine. If the string "future-default" is used the engine may use an +algorithm which is planned to be the default in a future release of +the engine; however existing implementation of the protocol may not be +able to already handle such future algorithms. For the OpenPGP +protocol, the specification of a default algorithm, without requesting +a non-default usage via @var{flags}, triggers the creation of a +primary key plus a secondary key (subkey). - at item GPGME_ATTR_NAME -This is the name belonging to a user ID. It is representable as a string. + at var{reserved} must be set to zero. - at item GPGME_ATTR_EMAIL -This is the email address belonging to a user ID. It is representable -as a string. + at var{expires} can be set to the number of seconds since Epoch of the +desired expiration date in UTC for the new key. Using 0 does not +set an expiration date. Note that this parameter takes an unsigned long +value and not a @code{time_t} to avoid problems on systems which use a +signed 32 bit @code{time_t}. Note further that the OpenPGP protocol +uses 32 bit values for timestamps and thus can only encode dates up to +the year 2106. - at item GPGME_ATTR_COMMENT -This is the comment belonging to a user ID. It is representable as a -string. + at var{extrakey} is currently not used and must be set to @code{NULL}. +A future version of GPGME may use this parameter to create X.509 keys. - at item GPGME_ATTR_VALIDITY -This is the validity belonging to a user ID. It is representable as a -string and as a number. See below for a list of available validities. + at var{flags} can be set to the bit-wise OR of the following flags: -For trust items, this is the validity that is associated with this -trust item. + at table @code + at item GPGME_CREATE_SIGN + at itemx GPGME_CREATE_ENCR + at itemx GPGME_CREATE_CERT + at itemx GPGME_CREATE_AUTH +Do not create the key with the default capabilities (key usage) of the +requested algorithm but use those explicitly given by these flags: +``signing'', ``encryption'', ``certification'', or ``authentication''. +The allowed combinations depend on the algorithm. - at item GPGME_ATTR_UID_REVOKED -This specifies if a user ID is revoked. It is representable as a -number, and is @code{1} if the user ID is revoked, and @code{0} -otherwise. +If any of these flags are set and a default algorithm has been +selected only one key is created in the case of the OpenPGP +protocol. - at item GPGME_ATTR_UID_INVALID -This specifies if a user ID is invalid. It is representable as a -number, and is @code{1} if the user ID is invalid, and @code{0} -otherwise. + at item GPGME_CREATE_NOPASSWD +Request generation of the key without password protection. - at item GPGME_ATTR_LEVEL -This is the trust level of a trust item. + at item GPGME_CREATE_SELFSIGNED +For an X.509 key do not create a CSR but a self-signed certificate. +This has not yet been implemented. - at item GPGME_ATTR_TYPE -This returns information about the type of key. For the string function -this will eother be "PGP" or "X.509". The integer function returns 0 -for PGP and 1 for X.509. It is also used for the type of a trust item. + at item GPGME_CREATE_NOSTORE +Do not store the created key in the local key database. +This has not yet been implemented. - at item GPGME_ATTR_IS_SECRET -This specifies if the key is a secret key. It is representable as a -number, and is @code{1} if the key is revoked, and @code{0} otherwise. + at item GPGME_CREATE_WANTPUB + at itemx GPGME_CREATE_WANTSEC +Return the public or secret key as part of the result structure. +This has not yet been implemented. - at item GPGME_ATTR_KEY_REVOKED -This specifies if a sub key is revoked. It is representable as a -number, and is @code{1} if the key is revoked, and @code{0} otherwise. + at item GPGME_CREATE_FORCE +The engine does not allow the creation of a key with a user ID +already existing in the local key database. This flag can be used to +override this check. - at item GPGME_ATTR_KEY_INVALID -This specifies if a sub key is invalid. It is representable as a -number, and is @code{1} if the key is invalid, and @code{0} otherwise. + at end table - at item GPGME_ATTR_KEY_EXPIRED -This specifies if a sub key is expired. It is representable as a -number, and is @code{1} if the key is expired, and @code{0} otherwise. +After the operation completed successfully, information about the +created key can be retrieved with @code{gpgme_op_genkey_result}. - at item GPGME_ATTR_KEY_DISABLED -This specifies if a sub key is disabled. It is representable as a -number, and is @code{1} if the key is disabled, and @code{0} otherwise. +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. - at item GPGME_ATTR_KEY_CAPS -This is a description of the capabilities of a sub key. It is -representable as a string. The string contains the letter ``e'' if -the key can be used for encryption, ``s'' if the key can be used for -signatures, and ``c'' if the key can be used for certifications. + at end deftypefun - at item GPGME_ATTR_CAN_ENCRYPT -This specifies if a sub key can be used for encryption. It is -representable as a number, and is @code{1} if the sub key can be used -for encryption, and @code{0} otherwise. - at item GPGME_ATTR_CAN_SIGN -This specifies if a sub key can be used to create data signatures. It -is representable as a number, and is @code{1} if the sub key can be -used for signatures, and @code{0} otherwise. + at deftypefun gpgme_error_t gpgme_op_createkey_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{const char *@var{userid}}, @ + @w{const char *@var{algo}}, @ + @w{unsigned long @var{reserved}}, @ + @w{unsigned long @var{expires}}, @ + @w{gpgme_key_t @var{extrakey}}, @ + @w{unsigned int @var{flags}}); - at item GPGME_ATTR_CAN_CERTIFY -This specifies if a sub key can be used to create key certificates. -It is representable as a number, and is @code{1} if the sub key can be -used for certifications, and @code{0} otherwise. +The function @code{gpgme_op_createkey_start} initiates a + at code{gpgme_op_createkey} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. - at item GPGME_ATTR_SERIAL -The X.509 issuer serial attribute of the key. It is representable as -a string. + at end deftypefun - at item GPGME_ATTR_ISSUE -The X.509 issuer name attribute of the key. It is representable as a -string. + at c + at c gpgme_op_createsubkey + at c + at deftypefun gpgme_error_t gpgme_op_createsubkey @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{algo}}, @ + @w{unsigned long @var{reserved}}, @ + @w{unsigned long @var{expires}}, @ + @w{unsigned int @var{flags}}); - at item GPGME_ATTR_CHAINID -The X.509 chain ID can be used to build the certification chain. It -is representable as a string. - at end table - at end deftp +The function @code{gpgme_op_createsubkey} creates and adds a new +subkey to the primary OpenPGP key given by @var{KEY}. The only +allowed protocol in @var{ctx} is @code{GPGME_PROTOCOL_OPENPGP}. +Subkeys (aka secondary keys) are a concept in the OpenPGP protocol to +bind several keys to a primary key. As of now this function requires +at least version 2.1.13 of GnuPG. - at deftypefun {const char *} gpgme_key_get_string_attr (@w{gpgme_key_t @var{key}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) -The function @code{gpgme_key_get_string_attr} returns the value of the -string-representable attribute @var{what} of key @var{key}. If the -attribute is an attribute of a sub key or an user ID, @var{idx} -specifies the sub key or user ID of which the attribute value is -returned. The argument @var{reserved} is reserved for later use and -should be @code{NULL}. + at var{key} specifies the key to operate on. -The string returned is only valid as long as the key is valid. + at var{algo} specifies the algorithm for the new subkey. For a list of +supported algorithms, see the GnuPG manual. If @var{algo} is + at code{NULL} or the string "default", the subkey is generated using the +default algorithm for an encryption subkey of the engine. If the +string "future-default" is used the engine may use an encryption +algorithm which is planned to be the default in a future release of +the engine; however existing implementation of the protocol may not be +able to already handle such future algorithms. -The function returns @code{0} if an attribute can't be returned as a -string, @var{key} is not a valid pointer, @var{idx} out of range, -or @var{reserved} not @code{NULL}. - at end deftypefun + at var{reserved} must be set to zero. - at deftypefun {unsigned long} gpgme_key_get_ulong_attr (@w{gpgme_key_t @var{key}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) -The function @code{gpgme_key_get_ulong_attr} returns the value of the -number-representable attribute @var{what} of key @var{key}. If the -attribute is an attribute of a sub key or an user ID, @var{idx} -specifies the sub key or user ID of which the attribute value is -returned. The argument @var{reserved} is reserved for later use and -should be @code{NULL}. + at var{expires} can be set to the number of seconds since Epoch of the +desired expiration date in UTC for the new subkey. Using 0 does not +set an expiration date. Note that this parameter takes an unsigned long +value and not a @code{time_t} to avoid problems on systems which use a +signed 32 bit @code{time_t}. Note further that the OpenPGP protocol +uses 32 bit values for timestamps and thus can only encode dates up to +the year 2106. -The function returns @code{0} if the attribute can't be returned as a -number, @var{key} is not a valid pointer, @var{idx} out of range, or - at var{reserved} not @code{NULL}. - at end deftypefun + at var{flags} takes the same values as described above for + at code{gpgme_op_createkey}. +After the operation completed successfully, information about the +created key can be retrieved with @code{gpgme_op_genkey_result}. - at node Key Signatures - at subsection Key Signatures - at cindex key, signatures - at cindex signatures, on a key +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. -The following interfaces are deprecated and only provided for backward -compatibility. Don't use them. They will be removed in a future -version of @acronym{GPGME}. -The signatures on a key are only available if the key was retrieved -via a listing operation with the @code{GPGME_KEYLIST_MODE_SIGS} mode -enabled, because it is expensive to retrieve all signatures of a key. + at end deftypefun -So, before using the below interfaces to retrieve the signatures on a -key, you have to make sure that the key was listed with signatures -enabled. One convenient, but blocking, way to do this is to use the -function @code{gpgme_get_key}. + at deftypefun gpgme_error_t gpgme_op_createsubkey_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{algo}}, @ + @w{unsigned long @var{reserved}}, @ + @w{unsigned long @var{expires}}, @ + @w{unsigned int @var{flags}}); - at deftp {Data type} gpgme_attr_t -The @code{gpgme_attr_t} type is used to specify a key signature -attribute. The following attributes are defined: +The function @code{gpgme_op_createsubkey_start} initiates a + at code{gpgme_op_createsubkey} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. - at table @code - at item GPGME_ATTR_KEYID -This is the key ID of the key which was used for the signature. It is -representable as a string. + at end deftypefun - at item GPGME_ATTR_ALGO -This is the crypto algorithm used to create the signature. It is -representable as a string and as a number. The numbers correspond to -the @code{enum gcry_pk_algos} values in the gcrypt library. - at item GPGME_ATTR_CREATED -This is the timestamp at creation time of the signature. It is -representable as a number. + at c + at c gpgme_op_adduid + at c + at deftypefun gpgme_error_t gpgme_op_adduid @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned int @var{flags}}); - at item GPGME_ATTR_EXPIRE -This is the expiration time of the signature. It is representable as -a number. +The function @code{gpgme_op_adduid} adds a new user ID to the OpenPGP +key given by @var{KEY}. Adding additional user IDs after key creation +is a feature of the OpenPGP protocol and thus the protocol for the +context @var{ctx} must be set to OpenPGP. As of now this function +requires at least version 2.1.13 of GnuPG. - at item GPGME_ATTR_USERID -This is the user ID associated with the signing key. The user ID is -representable as a number. + at var{key} specifies the key to operate on. - at item GPGME_ATTR_NAME -This is the name belonging to a user ID. It is representable as a string. + at var{userid} is the user ID to add to the key. A user ID is commonly +the mail address to be associated with the key. GPGME does not +require a specificy syntax but if more than a mail address is given, +RFC-822 style format is suggested. The value is expected to be in +UTF-8 encoding (i.e. no IDN encoding for mail addresses). This is a +required parameter. - at item GPGME_ATTR_EMAIL -This is the email address belonging to a user ID. It is representable -as a string. + at var{flags} are currently not used and must be set to zero. - at item GPGME_ATTR_COMMENT -This is the comment belonging to a user ID. It is representable as a -string. +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. - at item GPGME_ATTR_KEY_REVOKED -This specifies if a key signature is a revocation signature. It is -representable as a number, and is @code{1} if the key is revoked, and - at code{0} otherwise. + at end deftypefun - at c @item GPGME_ATTR_KEY_EXPIRED - at c This specifies if a key signature is expired. It is representable as - at c a number, and is @code{1} if the key is revoked, and @code{0} - at c otherwise. - at c - at item GPGME_ATTR_SIG_CLASS -This specifies the signature class of a key signature. It is -representable as a number. The meaning is specific to the crypto -engine. + at deftypefun gpgme_error_t gpgme_op_adduid_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned int @var{flags}}); - at item GPGME_ATTR_SIG_CLASS -This specifies the signature class of a key signature. It is -representable as a number. The meaning is specific to the crypto -engine. +The function @code{gpgme_op_adduid_start} initiates a + at code{gpgme_op_adduid} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. - at item GPGME_ATTR_SIG_STATUS -This is the same value as returned by @code{gpgme_get_sig_status}. - at end table - at end deftp + at end deftypefun - at deftypefun {const char *} gpgme_key_sig_get_string_attr (@w{gpgme_key_t @var{key}}, @w{int @var{uid_idx}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) -The function @code{gpgme_key_sig_get_string_attr} returns the value of -the string-representable attribute @var{what} of the signature - at var{idx} on the user ID @var{uid_idx} in the key @var{key}. The -argument @var{reserved} is reserved for later use and should be - at code{NULL}. -The string returned is only valid as long as the key is valid. + at c + at c gpgme_op_revuid + at c + at deftypefun gpgme_error_t gpgme_op_revuid @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned int @var{flags}}); -The function returns @code{0} if an attribute can't be returned as a -string, @var{key} is not a valid pointer, @var{uid_idx} or @var{idx} -out of range, or @var{reserved} not @code{NULL}. - at end deftypefun +The function @code{gpgme_op_revuid} revokes a user ID from the OpenPGP +key given by @var{KEY}. Revoking user IDs after key creation is a +feature of the OpenPGP protocol and thus the protocol for the context + at var{ctx} must be set to OpenPGP. As of now this function requires at +least version 2.1.13 of GnuPG. - at deftypefun {unsigned long} gpgme_key_sig_get_ulong_attr (@w{gpgme_key_t @var{key}}, @w{int @var{uid_idx}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) -The function @code{gpgme_key_sig_get_ulong_attr} returns the value of -the number-representable attribute @var{what} of the signature - at var{idx} on the user ID @var{uid_idx} in the key @var{key}. The -argument @var{reserved} is reserved for later use and should be - at code{NULL}. + at var{key} specifies the key to operate on. -The function returns @code{0} if an attribute can't be returned as a -string, @var{key} is not a valid pointer, @var{uid_idx} or @var{idx} -out of range, or @var{reserved} not @code{NULL}. - at end deftypefun + at var{userid} is the user ID to be revoked from the key. The user ID +must be given verbatim because the engine does an exact and case +sensitive match. Thus the @code{uid} field from the user ID object +(@code{gpgme_user_id_t}) is to be used. This is a required parameter. + at var{flags} are currently not used and must be set to zero. - at node Manipulating Keys - at subsection Manipulating Keys - at cindex key, manipulation +Note that the engine won't allow to revoke the last valid user ID. To +change a user ID is better to first add the new user ID, then revoke +the old one, and finally publish the key. - at deftypefun void gpgme_key_ref (@w{gpgme_key_t @var{key}}) -The function @code{gpgme_key_ref} acquires an additional reference for -the key @var{key}. - at end deftypefun +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. - at deftypefun void gpgme_key_unref (@w{gpgme_key_t @var{key}}) -The function @code{gpgme_key_unref} releases a reference for the key - at var{key}. If this was the last reference, the key will be destroyed -and all resources associated to it will be released. @end deftypefun + at deftypefun gpgme_error_t gpgme_op_revuid_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{unsigned int @var{flags}}); -The following interface is deprecated and only provided for backward -compatibility. Don't use it. It will be removed in a future version -of @acronym{GPGME}. +The function @code{gpgme_op_revuid_start} initiates a + at code{gpgme_op_revuid} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. - at deftypefun void gpgme_key_release (@w{gpgme_key_t @var{key}}) -The function @code{gpgme_key_release} is equivalent to - at code{gpgme_key_unref}. @end deftypefun - at node Generating Keys - at subsection Generating Keys - at cindex key, creation - at cindex key ring, add - -GPGME provides a set of functions to create public key pairs. Most of -these functions require the use of GnuPG 2.1 and later; for older -GnuPG versions the @code{gpgme_op_genkey} function can be used. -Existing code which wants to update to the new functions or new code -which shall supports older GnuPG versions may try the new functions -first and provide a fallback to the old function if the error code - at code{GPG_ERR_NOT_SUPPORTED} is received. - @c - at c gpgme_op_createkey + at c gpgme_op_genkey @c - at deftypefun gpgme_error_t gpgme_op_createkey @ + at deftypefun gpgme_error_t gpgme_op_genkey @ (@w{gpgme_ctx_t @var{ctx}}, @ - @w{const char *@var{userid}}, @ - @w{const char *@var{algo}}, @ - @w{unsigned long @var{reserved}}, @ - @w{unsigned long @var{expires}}, @ - @w{gpgme_key_t @var{extrakey}}, @ - @w{unsigned int @var{flags}}); - -The function @code{gpgme_op_createkey} generates a new key for the -procotol active in the context @var{ctx}. As of now this function -does only work for OpenPGP and requires at least version 2.1.13 of -GnuPG. - - at var{userid} is commonly the mail address associated with the key. -GPGME does not require a specificy syntax but if more than a mail -address is given, RFC-822 style format is suggested. The value is -expected to be in UTF-8 encoding (i.e. no IDN encoding for mail -addresses). This is a required parameter. - - at var{algo} specifies the algorithm for the new key (actually a keypair -of public and private key). For a list of supported algorithms, see -the GnuPG manual. If @var{algo} is @code{NULL} or the string -"default", the key is generated using the default algorithm of the -engine. If the string "future-default" is used the engine may use an -algorithm which is planned to be the default in a future release of -the engine; however existing implementation of the protocol may not be -able to already handle such future algorithms. For the OpenPGP -protocol, the specification of a default algorithm, without requesting -a non-default usage via @var{flags}, triggers the creation of a -primary key plus a secondary key (subkey). - - at var{reserved} must be set to zero. - - at var{expires} can be set to the number of seconds since Epoch of the -desired expiration date in UTC for the new key. Using 0 does not -set an expiration date. Note that this parameter takes an unsigned long -value and not a @code{time_t} to avoid problems on systems which use a -signed 32 bit @code{time_t}. Note further that the OpenPGP protocol -uses 32 bit values for timestamps and thus can only encode dates up to -the year 2106. - - at var{extrakey} is currently not used and must be set to @code{NULL}. -A future version of GPGME may use this parameter to create X.509 keys. - - at var{flags} can be set to the bit-wise OR of the following flags: - - at table @code - at item GPGME_CREATE_SIGN - at itemx GPGME_CREATE_ENCR - at itemx GPGME_CREATE_CERT - at itemx GPGME_CREATE_AUTH -Do not create the key with the default capabilities (key usage) of the -requested algorithm but use those explicitly given by these flags: -``signing'', ``encryption'', ``certification'', or ``authentication''. -The allowed combinations depend on the algorithm. + @w{const char *@var{parms}}, @ + @w{gpgme_data_t @var{public}}, @ + @w{gpgme_data_t @var{secret}}) -If any of these flags are set and a default algorithm has been -selected only one key is created in the case of the OpenPGP -protocol. +The function @code{gpgme_op_genkey} generates a new key pair in the +context @var{ctx}. The meaning of @var{public} and @var{secret} +depends on the crypto backend. - at item GPGME_CREATE_NOPASSWD -Request generation of the key without password protection. +GPG does not support @var{public} and @var{secret}, they should be + at code{NULL}. GnuPG will generate a key pair and add it to the +standard key ring. The fingerprint of the generated key is available +with @code{gpgme_op_genkey_result}. - at item GPGME_CREATE_SELFSIGNED -For an X.509 key do not create a CSR but a self-signed certificate. -This has not yet been implemented. +GpgSM requires @var{public} to be a writable data object. GpgSM will +generate a secret key (which will be stored by @command{gpg-agent}, +and return a certificate request in @var{public}, which then needs to +be signed by the certification authority and imported before it can be +used. GpgSM does not make the fingerprint available. - at item GPGME_CREATE_NOSTORE -Do not store the created key in the local key database. -This has not yet been implemented. +The argument @var{parms} specifies parameters for the key in an XML +string. The details about the format of @var{parms} are specific to +the crypto engine used by @var{ctx}. Here is an example for GnuPG as +the crypto engine (all parameters of OpenPGP key generation are +documented in the GPG manual): - at item GPGME_CREATE_WANTPUB - at itemx GPGME_CREATE_WANTSEC -Return the public or secret key as part of the result structure. -This has not yet been implemented. + at example + +Key-Type: default +Subkey-Type: default +Name-Real: Joe Tester +Name-Comment: with stupid passphrase +Name-Email: joe@@foo.bar +Expire-Date: 0 +Passphrase: abc + + at end example - at item GPGME_CREATE_FORCE -The engine does not allow the creation of a key with a user ID -already existing in the local key database. This flag can be used to -override this check. +Here is an example for GpgSM as the crypto engine (all parameters of +OpenPGP key generation are documented in the GPGSM manual): - at end table + at example + +Key-Type: RSA +Key-Length: 1024 +Name-DN: C=de,O=g10 code,OU=Testlab,CN=Joe 2 Tester +Name-Email: joe@@foo.bar + + at end example -After the operation completed successfully, information about the -created key can be retrieved with @code{gpgme_op_genkey_result}. +Strings should be given in UTF-8 encoding. The only format supported +for now is ``internal''. The content of the @code{GnupgKeyParms} +container is passed verbatim to the crypto backend. Control +statements are not allowed. -The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if -the engine does not support the command, or a bunch of other error -codes. +After the operation completed successfully, the result can be +retrieved with @code{gpgme_op_genkey_result}. +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +operation could be started successfully, @code{GPG_ERR_INV_VALUE} if + at var{parms} is not a valid XML string, @code{GPG_ERR_NOT_SUPPORTED} if + at var{public} or @var{secret} is not valid, and @code{GPG_ERR_GENERAL} +if no key was created by the backend. @end deftypefun + at deftypefun gpgme_error_t gpgme_op_genkey_start (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{parms}}, @w{gpgme_data_t @var{public}}, @w{gpgme_data_t @var{secret}}) - at deftypefun gpgme_error_t gpgme_op_createkey_start @ - (@w{gpgme_ctx_t @var{ctx}}, @ - @w{const char *@var{userid}}, @ - @w{const char *@var{algo}}, @ - @w{unsigned long @var{reserved}}, @ - @w{unsigned long @var{expires}}, @ - @w{gpgme_key_t @var{extrakey}}, @ - @w{unsigned int @var{flags}}); - -The function @code{gpgme_op_createkey_start} initiates a - at code{gpgme_op_createkey} operation; see there for details. It must -be completed by calling @code{gpgme_wait} on the context. - at xref{Waiting For Completion}. +The function @code{gpgme_op_genkey_start} initiates a + at code{gpgme_op_genkey} operation. It can be completed by calling + at code{gpgme_wait} on the context. @xref{Waiting For Completion}. +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +operation could be started successfully, @code{GPG_ERR_INV_VALUE} if + at var{parms} is not a valid XML string, and + at code{GPG_ERR_NOT_SUPPORTED} if @var{public} or @var{secret} is not + at code{NULL}. @end deftypefun + @c - at c gpgme_op_createsubkey + at c gpgme_op_genkey_result @c - at deftypefun gpgme_error_t gpgme_op_createsubkey @ - (@w{gpgme_ctx_t @var{ctx}}, @ - @w{gpgme_key_t @var{key}}, @ - @w{const char *@var{algo}}, @ - @w{unsigned long @var{reserved}}, @ - @w{unsigned long @var{expires}}, @ - @w{unsigned int @var{flags}}); + at deftp {Data type} {gpgme_genkey_result_t} -The function @code{gpgme_op_createsubkey} creates and adds a new -subkey to the primary OpenPGP key given by @var{KEY}. The only -allowed protocol in @var{ctx} is @code{GPGME_PROTOCOL_OPENPGP}. -Subkeys (aka secondary keys) are a concept in the OpenPGP protocol to -bind several keys to a primary key. As of now this function requires -at least version 2.1.13 of GnuPG. +This is a pointer to a structure used to store the result of a + at code{gpgme_op_genkey} operation. After successfully generating a +key, you can retrieve the pointer to the result with + at code{gpgme_op_genkey_result}. The structure contains the following +members: - at var{key} specifies the key to operate on. + at table @code + at item unsigned int primary : 1 +This flag is set to 1 if a primary key was created and to 0 +if not. - at var{algo} specifies the algorithm for the new subkey. For a list of -supported algorithms, see the GnuPG manual. If @var{algo} is - at code{NULL} or the string "default", the subkey is generated using the -default algorithm for an encryption subkey of the engine. If the -string "future-default" is used the engine may use an encryption -algorithm which is planned to be the default in a future release of -the engine; however existing implementation of the protocol may not be -able to already handle such future algorithms. + at item unsigned int sub : 1 +This flag is set to 1 if a subkey was created and to 0 if not. - at var{reserved} must be set to zero. + at item unsigned int uid : 1 +This flag is set to 1 if a user ID was created and to 0 if not. - at var{expires} can be set to the number of seconds since Epoch of the -desired expiration date in UTC for the new subkey. Using 0 does not -set an expiration date. Note that this parameter takes an unsigned long -value and not a @code{time_t} to avoid problems on systems which use a -signed 32 bit @code{time_t}. Note further that the OpenPGP protocol -uses 32 bit values for timestamps and thus can only encode dates up to -the year 2106. + at item char *fpr +This is the fingerprint of the key that was created. If both a +primary and a subkey were generated, the fingerprint of the primary +key will be returned. If the crypto engine does not provide the +fingerprint, @code{fpr} will be a null pointer. - at var{flags} takes the same values as described above for - at code{gpgme_op_createkey}. + at item gpgme_data_t pubkey +This will eventually be used to return the public key. It is +currently not used. -After the operation completed successfully, information about the -created key can be retrieved with @code{gpgme_op_genkey_result}. + at item gpgme_data_t seckey +This will eventually be used to return the secret key. It is +currently not used. -The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if -the engine does not support the command, or a bunch of other error -codes. + at end table + at end deftp + at deftypefun gpgme_genkey_result_t gpgme_op_genkey_result (@w{gpgme_ctx_t @var{ctx}}) + +The function @code{gpgme_op_genkey_result} returns a + at code{gpgme_genkey_result_t} pointer to a structure holding the result of +a @code{gpgme_op_genkey} operation. The pointer is only valid if the +last operation on the context was a @code{gpgme_op_genkey} or + at code{gpgme_op_genkey_start} operation, and if this operation finished +successfully. The returned pointer is only valid until the next +operation is started on the context. @end deftypefun - at deftypefun gpgme_error_t gpgme_op_createsubkey_start @ - (@w{gpgme_ctx_t @var{ctx}}, @ - @w{gpgme_key_t @var{key}}, @ - @w{const char *@var{algo}}, @ - @w{unsigned long @var{reserved}}, @ - @w{unsigned long @var{expires}}, @ - @w{unsigned int @var{flags}}); -The function @code{gpgme_op_createsubkey_start} initiates a - at code{gpgme_op_createsubkey} operation; see there for details. It must -be completed by calling @code{gpgme_wait} on the context. - at xref{Waiting For Completion}. + at c + at c SIGNING KEYS + at c + at node Signing Keys + at subsection Signing Keys + at cindex key, signing - at end deftypefun +Key signatures are a unique concept of the OpenPGP protocol. They can +be used to certify the validity of a key and are used to create the +Web-of-Trust (WoT). Instead of using the @code{gpgme_op_interact} +function along with a finite state machine, GPGME provides a +convenient function to create key signatures when using modern GnuPG +versions. @c - at c gpgme_op_adduid + at c gpgme_op_keysign @c - at deftypefun gpgme_error_t gpgme_op_adduid @ + at deftypefun gpgme_error_t gpgme_op_keysign @ (@w{gpgme_ctx_t @var{ctx}}, @ @w{gpgme_key_t @var{key}}, @ @w{const char *@var{userid}}, @ - @w{unsigned int @var{flags}}); - -The function @code{gpgme_op_adduid} adds a new user ID to the OpenPGP -key given by @var{KEY}. Adding additional user IDs after key creation -is a feature of the OpenPGP protocol and thus the protocol for the -context @var{ctx} must be set to OpenPGP. As of now this function -requires at least version 2.1.13 of GnuPG. - - at var{key} specifies the key to operate on. - - at var{userid} is the user ID to add to the key. A user ID is commonly -the mail address to be associated with the key. GPGME does not -require a specificy syntax but if more than a mail address is given, -RFC-822 style format is suggested. The value is expected to be in -UTF-8 encoding (i.e. no IDN encoding for mail addresses). This is a -required parameter. - - at var{flags} are currently not used and must be set to zero. - -The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if -the engine does not support the command, or a bunch of other error -codes. - - at end deftypefun - - at deftypefun gpgme_error_t gpgme_op_adduid_start @ - (@w{gpgme_ctx_t @var{ctx}}, @ - @w{gpgme_key_t @var{key}}, @ - @w{const char *@var{userid}}, @ - @w{unsigned int @var{flags}}); - -The function @code{gpgme_op_adduid_start} initiates a - at code{gpgme_op_adduid} operation; see there for details. It must -be completed by calling @code{gpgme_wait} on the context. - at xref{Waiting For Completion}. - - at end deftypefun - - - at c - at c gpgme_op_revuid - at c - at deftypefun gpgme_error_t gpgme_op_revuid @ - (@w{gpgme_ctx_t @var{ctx}}, @ - @w{gpgme_key_t @var{key}}, @ - @w{const char *@var{userid}}, @ - @w{unsigned int @var{flags}}); - -The function @code{gpgme_op_revuid} revokes a user ID from the OpenPGP -key given by @var{KEY}. Revoking user IDs after key creation is a -feature of the OpenPGP protocol and thus the protocol for the context - at var{ctx} must be set to OpenPGP. As of now this function requires at -least version 2.1.13 of GnuPG. - - at var{key} specifies the key to operate on. - - at var{userid} is the user ID to be revoked from the key. The user ID -must be given verbatim because the engine does an exact and case -sensitive match. Thus the @code{uid} field from the user ID object -(@code{gpgme_user_id_t}) is to be used. This is a required parameter. - - at var{flags} are currently not used and must be set to zero. - -Note that the engine won't allow to revoke the last valid user ID. To -change a user ID is better to first add the new user ID, then revoke -the old one, and finally publish the key. - -The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if -the engine does not support the command, or a bunch of other error -codes. - - at end deftypefun - - at deftypefun gpgme_error_t gpgme_op_revuid_start @ - (@w{gpgme_ctx_t @var{ctx}}, @ - @w{gpgme_key_t @var{key}}, @ - @w{const char *@var{userid}}, @ - @w{unsigned int @var{flags}}); - -The function @code{gpgme_op_revuid_start} initiates a - at code{gpgme_op_revuid} operation; see there for details. It must -be completed by calling @code{gpgme_wait} on the context. - at xref{Waiting For Completion}. - - at end deftypefun - - - at c - at c gpgme_op_genkey - at c - at deftypefun gpgme_error_t gpgme_op_genkey @ - (@w{gpgme_ctx_t @var{ctx}}, @ - @w{const char *@var{parms}}, @ - @w{gpgme_data_t @var{public}}, @ - @w{gpgme_data_t @var{secret}}) - -The function @code{gpgme_op_genkey} generates a new key pair in the -context @var{ctx}. The meaning of @var{public} and @var{secret} -depends on the crypto backend. - -GPG does not support @var{public} and @var{secret}, they should be - at code{NULL}. GnuPG will generate a key pair and add it to the -standard key ring. The fingerprint of the generated key is available -with @code{gpgme_op_genkey_result}. - -GpgSM requires @var{public} to be a writable data object. GpgSM will -generate a secret key (which will be stored by @command{gpg-agent}, -and return a certificate request in @var{public}, which then needs to -be signed by the certification authority and imported before it can be -used. GpgSM does not make the fingerprint available. - -The argument @var{parms} specifies parameters for the key in an XML -string. The details about the format of @var{parms} are specific to -the crypto engine used by @var{ctx}. Here is an example for GnuPG as -the crypto engine (all parameters of OpenPGP key generation are -documented in the GPG manual): - - at example - -Key-Type: default -Subkey-Type: default -Name-Real: Joe Tester -Name-Comment: with stupid passphrase -Name-Email: joe@@foo.bar -Expire-Date: 0 -Passphrase: abc - - at end example - -Here is an example for GpgSM as the crypto engine (all parameters of -OpenPGP key generation are documented in the GPGSM manual): - - at example - -Key-Type: RSA -Key-Length: 1024 -Name-DN: C=de,O=g10 code,OU=Testlab,CN=Joe 2 Tester -Name-Email: joe@@foo.bar - - at end example - -Strings should be given in UTF-8 encoding. The only format supported -for now is ``internal''. The content of the @code{GnupgKeyParms} -container is passed verbatim to the crypto backend. Control -statements are not allowed. - -After the operation completed successfully, the result can be -retrieved with @code{gpgme_op_genkey_result}. - -The function returns the error code @code{GPG_ERR_NO_ERROR} if the -operation could be started successfully, @code{GPG_ERR_INV_VALUE} if - at var{parms} is not a valid XML string, @code{GPG_ERR_NOT_SUPPORTED} if - at var{public} or @var{secret} is not valid, and @code{GPG_ERR_GENERAL} -if no key was created by the backend. - at end deftypefun - - at deftypefun gpgme_error_t gpgme_op_genkey_start (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{parms}}, @w{gpgme_data_t @var{public}}, @w{gpgme_data_t @var{secret}}) - -The function @code{gpgme_op_genkey_start} initiates a - at code{gpgme_op_genkey} operation. It can be completed by calling - at code{gpgme_wait} on the context. @xref{Waiting For Completion}. - -The function returns the error code @code{GPG_ERR_NO_ERROR} if the -operation could be started successfully, @code{GPG_ERR_INV_VALUE} if - at var{parms} is not a valid XML string, and - at code{GPG_ERR_NOT_SUPPORTED} if @var{public} or @var{secret} is not - at code{NULL}. - at end deftypefun - - - at c - at c gpgme_op_genkey_result - at c - at deftp {Data type} {gpgme_genkey_result_t} - -This is a pointer to a structure used to store the result of a - at code{gpgme_op_genkey} operation. After successfully generating a -key, you can retrieve the pointer to the result with - at code{gpgme_op_genkey_result}. The structure contains the following -members: - - at table @code - at item unsigned int primary : 1 -This flag is set to 1 if a primary key was created and to 0 -if not. - - at item unsigned int sub : 1 -This flag is set to 1 if a subkey was created and to 0 if not. - - at item unsigned int uid : 1 -This flag is set to 1 if a user ID was created and to 0 if not. - - at item char *fpr -This is the fingerprint of the key that was created. If both a -primary and a subkey were generated, the fingerprint of the primary -key will be returned. If the crypto engine does not provide the -fingerprint, @code{fpr} will be a null pointer. - - at item gpgme_data_t pubkey -This will eventually be used to return the public key. It is -currently not used. - - at item gpgme_data_t seckey -This will eventually be used to return the secret key. It is -currently not used. - - at end table - at end deftp - - at deftypefun gpgme_genkey_result_t gpgme_op_genkey_result (@w{gpgme_ctx_t @var{ctx}}) - -The function @code{gpgme_op_genkey_result} returns a - at code{gpgme_genkey_result_t} pointer to a structure holding the result of -a @code{gpgme_op_genkey} operation. The pointer is only valid if the -last operation on the context was a @code{gpgme_op_genkey} or - at code{gpgme_op_genkey_start} operation, and if this operation finished -successfully. The returned pointer is only valid until the next -operation is started on the context. - - at end deftypefun - - - at c - at c SIGNING KEYS - at c - at node Signing Keys - at subsection Signing Keys - at cindex key, signing - -Key signatures are a unique concept of the OpenPGP protocol. They can -be used to certify the validity of a key and are used to create the -Web-of-Trust (WoT). Instead of using the @code{gpgme_op_interact} -function along with a finite state machine, GPGME provides a -convenient function to create key signatures when using modern GnuPG -versions. - - - at c - at c gpgme_op_keysign - at c - at deftypefun gpgme_error_t gpgme_op_keysign @ - (@w{gpgme_ctx_t @var{ctx}}, @ - @w{gpgme_key_t @var{key}}, @ - @w{const char *@var{userid}}, @ - @w{unsigned long @var{expires}}, @ + @w{unsigned long @var{expires}}, @ @w{unsigned int @var{flags}}); The function @code{gpgme_op_keysign} adds a new key signature to the @@ -4644,24 +4320,6 @@ successfully. The returned pointer is only valid until the next operation is started on the context. @end deftypefun -The following interface is deprecated and only provided for backward -compatibility. Don't use it. It will be removed in a future version -of @acronym{GPGME}. - - at deftypefun gpgme_error_t gpgme_op_import_ext (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{keydata}}, @w{int *@var{nr}}) -The function @code{gpgme_op_import_ext} is equivalent to: - - at example - gpgme_error_t err = gpgme_op_import (ctx, keydata); - if (!err) - @{ - gpgme_import_result_t result = gpgme_op_import_result (ctx); - *nr = result->considered; - @} - at end example - at end deftypefun - - @node Deleting Keys @subsection Deleting Keys @cindex key, delete @@ -4866,80 +4524,6 @@ is not a valid pointer. @end deftypefun - at deftp {Data type} {gpgme_error_t (*gpgme_edit_cb_t) @ - (@w{void *@var{handle}}, @ - @w{gpgme_status_code_t @var{status}}, @ - @w{const char *@var{args}}, @ - @w{int @var{fd}})} - at tindex gpgme_edit_cb_t -The @code{gpgme_edit_cb_t} type is the type of functions which - at acronym{GPGME} calls if it a key edit operation is on-going. The -status code @var{status} and the argument line @var{args} are passed -through by @acronym{GPGME} from the crypto engine. The file -descriptor @var{fd} is -1 for normal status messages. If @var{status} -indicates a command rather than a status message, the response to the -command should be written to @var{fd}. The @var{handle} is provided -by the user at start of operation. - -The function should return @code{GPG_ERR_FALSE} if it did not handle -the status code, @code{0} for success, or any other error value. - at end deftp - - at deftypefun gpgme_error_t gpgme_op_edit (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) -Note: This function is deprecated, please use - at code{gpgme_op_interact} instead. - -The function @code{gpgme_op_edit} processes the key @var{KEY} -interactively, using the edit callback function @var{FNC} with the -handle @var{HANDLE}. The callback is invoked for every status and -command request from the crypto engine. The output of the crypto -engine is written to the data object @var{out}. - -Note that the protocol between the callback function and the crypto -engine is specific to the crypto engine and no further support in -implementing this protocol correctly is provided by @acronym{GPGME}. - -The function returns the error code @code{GPG_ERR_NO_ERROR} if the -edit operation completes successfully, @code{GPG_ERR_INV_VALUE} if - at var{ctx} or @var{key} is not a valid pointer, and any error returned -by the crypto engine or the edit callback handler. - at end deftypefun - - at deftypefun gpgme_error_t gpgme_op_edit_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) -Note: This function is deprecated, please use - at code{gpgme_op_interact_start} instead. - -The function @code{gpgme_op_edit_start} initiates a - at code{gpgme_op_edit} operation. It can be completed by calling - at code{gpgme_wait} on the context. @xref{Waiting For Completion}. - -The function returns the error code @code{GPG_ERR_NO_ERROR} if the -operation was started successfully, and @code{GPG_ERR_INV_VALUE} if - at var{ctx} or @var{key} is not a valid pointer. - at end deftypefun - - - at deftypefun gpgme_error_t gpgme_op_card_edit (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) -Note: This function is deprecated, please use @code{gpgme_op_interact} -with the flag @code{GPGME_INTERACT_CARD} instead. - -The function @code{gpgme_op_card_edit} is analogous to - at code{gpgme_op_edit}, but should be used to process the smart card corresponding to the key @var{key}. - at end deftypefun - - at deftypefun gpgme_error_t gpgme_op_card_edit_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) -Note: This function is deprecated, please use @code{gpgme_op_interact_start} -with the flag @code{GPGME_INTERACT_CARD} instead. - -The function @code{gpgme_op_card_edit_start} initiates a - at code{gpgme_op_card_edit} operation. It can be completed by calling - at code{gpgme_wait} on the context. @xref{Waiting For Completion}. - -The function returns the error code @code{GPG_ERR_NO_ERROR} if the -operation was started successfully, and @code{GPG_ERR_INV_VALUE} if - at var{ctx} or @var{key} is not a valid pointer. - at end deftypefun - @node Trust Item Management @section Trust Item Management @@ -4975,7 +4559,6 @@ The user name if @code{type} is 2. @menu * Listing Trust Items:: Browsing the list of available trust items. -* Information About Trust Items:: Requesting information about trust items. * Manipulating Trust Items:: Operations on trust items. @end menu @@ -5032,47 +4615,6 @@ time during the operation there was not enough memory available. @end deftypefun - at node Information About Trust Items - at subsection Information About Trust Items - at cindex trust item, information about - at cindex trust item, attributes - at cindex attributes, of a trust item - -The following interfaces are deprecated and only provided for backward -compatibility. Don't use them. They will be removed in a future -version of @acronym{GPGME}. - -Trust items have attributes which can be queried using the interfaces -below. The attribute identifiers are shared with those for key -attributes. @xref{Information About Keys}. - - at deftypefun {const char *} gpgme_trust_item_get_string_attr (@w{gpgme_trust_item_t @var{item}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) -The function @code{gpgme_trust_item_get_string_attr} returns the value -of the string-representable attribute @var{what} of trust item - at var{item}. The arguments @var{idx} and @var{reserved} are reserved -for later use and should be @code{0} and @code{NULL} respectively. - -The string returned is only valid as long as the key is valid. - -The function returns @code{0} if an attribute can't be returned as a -string, @var{key} is not a valid pointer, @var{idx} out of range, -or @var{reserved} not @code{NULL}. - at end deftypefun - - at deftypefun int gpgme_trust_item_get_int_attr (@w{gpgme_trust_item_t @var{item}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) -The function @code{gpgme_trust_item_get_int_attr} returns the value of -the number-representable attribute @var{what} of trust item - at var{item}. If the attribute occurs more than once in the trust item, -the index is specified by @var{idx}. However, currently no such -attribute exists, so @var{idx} should be @code{0}. The argument - at var{reserved} is reserved for later use and should be @code{NULL}. - -The function returns @code{0} if the attribute can't be returned as a -number, @var{key} is not a valid pointer, @var{idx} out of range, -or @var{reserved} not @code{NULL}. - at end deftypefun - - @node Manipulating Trust Items @subsection Manipulating Trust Items @cindex trust item, manipulation @@ -5090,16 +4632,6 @@ released. @end deftypefun -The following interface is deprecated and only provided for backward -compatibility. Don't use it. It will be removed in a future version -of @acronym{GPGME}. - - at deftypefun void gpgme_trust_item_release (@w{gpgme_trust_item_t @var{item}}) -The function @code{gpgme_trust_item_release} is an alias for - at code{gpgme_trust_item_unref}. - at end deftypefun - - @node Crypto Operations @section Crypto Operations @cindex cryptographic operation @@ -5521,326 +5053,94 @@ the context. @end deftypefun -The following interfaces are deprecated and only provided for backward -compatibility. Don't use them. They will be removed in a future -version of @acronym{GPGME}. - - at deftp {Data type} {enum gpgme_sig_stat_t} - at tindex gpgme_sig_stat_t -The @code{gpgme_sig_stat_t} type holds the result of a signature check, or -the combined result of all signatures. The following results are -possible: + at node Decrypt and Verify + at subsection Decrypt and Verify + at cindex decryption and verification + at cindex verification and decryption + at cindex signature check + at cindex cryptographic operation, decryption and verification - at table @code - at item GPGME_SIG_STAT_NONE -This status should not occur in normal operation. + at deftypefun gpgme_error_t gpgme_op_decrypt_verify (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{cipher}}, @w{gpgme_data_t @var{plain}}) +The function @code{gpgme_op_decrypt_verify} decrypts the ciphertext in +the data object @var{cipher} and stores it into the data object + at var{plain}. If @var{cipher} contains signatures, they will be +verified. - at item GPGME_SIG_STAT_GOOD -This status indicates that the signature is valid. For the combined -result this status means that all signatures are valid. +After the operation completed, @code{gpgme_op_decrypt_result} and + at code{gpgme_op_verify_result} can be used to retrieve more information +about the signatures. - at item GPGME_SIG_STAT_GOOD_EXP -This status indicates that the signature is valid but expired. For -the combined result this status means that all signatures are valid -and expired. +If the error code @code{GPG_ERR_NO_DATA} is returned, @var{cipher} +does not contain any data to decrypt. However, it might still be +signed. The information about detected signatures is available with + at code{gpgme_op_verify_result} in this case. - at item GPGME_SIG_STAT_GOOD_EXPKEY -This status indicates that the signature is valid but the key used to -verify the signature has expired. For the combined result this status -means that all signatures are valid and all keys are expired. +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +ciphertext could be decrypted successfully, @code{GPG_ERR_INV_VALUE} +if @var{ctx}, @var{cipher} or @var{plain} is not a valid pointer, + at code{GPG_ERR_NO_DATA} if @var{cipher} does not contain any data to +decrypt, @code{GPG_ERR_DECRYPT_FAILED} if @var{cipher} is not a valid +cipher text, @code{GPG_ERR_BAD_PASSPHRASE} if the passphrase for the +secret key could not be retrieved, and passes through any errors that +are reported by the crypto engine support routines. + at end deftypefun - at item GPGME_SIG_STAT_BAD -This status indicates that the signature is invalid. For the combined -result this status means that all signatures are invalid. + at deftypefun gpgme_error_t gpgme_op_decrypt_verify (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{cipher}}, @w{gpgme_data_t @var{plain}}) +The function @code{gpgme_op_decrypt_verify_start} initiates a + at code{gpgme_op_decrypt_verify} operation. It can be completed by +calling @code{gpgme_wait} on the context. @xref{Waiting For +Completion}. - at item GPGME_SIG_STAT_NOKEY -This status indicates that the signature could not be verified due to -a missing key. For the combined result this status means that all -signatures could not be checked due to missing keys. +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +operation could be started successfully, @code{GPG_ERR_INV_VALUE} if + at var{ctx}, @var{cipher}, @var{plain} or @var{r_stat} is not a valid +pointer, and @code{GPG_ERR_NO_DATA} if @var{cipher} does not contain +any data to decrypt. + at end deftypefun - at item GPGME_SIG_STAT_NOSIG -This status indicates that the signature data provided was not a real -signature. - at item GPGME_SIG_STAT_ERROR -This status indicates that there was some other error which prevented -the signature verification. + at node Sign + at subsection Sign + at cindex signature, creation + at cindex sign + at cindex cryptographic operation, signing - at item GPGME_SIG_STAT_DIFF -For the combined result this status means that at least two signatures -have a different status. You can get each key's status with - at code{gpgme_get_sig_status}. - at end table - at end deftp +A signature can contain signatures by one or more keys. The set of +keys used to create a signatures is contained in a context, and is +applied to all following signing operations in this context (until the +set is changed). - at deftypefun {const char *} gpgme_get_sig_status (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_sig_stat_t *@var{r_stat}}, @w{time_t *@var{r_created}}) -The function @code{gpgme_get_sig_status} is equivalent to: + at menu +* Selecting Signers:: How to choose the keys to sign with. +* Creating a Signature:: How to create a signature. +* Signature Notation Data:: How to add notation data to a signature. + at end menu - at example - gpgme_verify_result_t result; - gpgme_signature_t sig; - result = gpgme_op_verify_result (ctx); - sig = result->signatures; + at node Selecting Signers + at subsubsection Selecting Signers + at cindex signature, selecting signers + at cindex signers, selecting - while (sig && idx) - @{ - sig = sig->next; - idx--; - @} - if (!sig || idx) - return NULL; +The key or the keys used to create a signature are stored in the +context. The following functions can be used to manipulate this list. +If no signer has been set into the context a default key is used for +signing. - if (r_stat) - @{ - switch (gpg_err_code (sig->status)) - @{ - case GPG_ERR_NO_ERROR: - *r_stat = GPGME_SIG_STAT_GOOD; - break; + at deftypefun void gpgme_signers_clear (@w{gpgme_ctx_t @var{ctx}}) +The function @code{gpgme_signers_clear} releases a reference for each +key on the signers list and removes the list of signers from the +context @var{ctx}. - case GPG_ERR_BAD_SIGNATURE: - *r_stat = GPGME_SIG_STAT_BAD; - break; +Every context starts with an empty list. + at end deftypefun - case GPG_ERR_NO_PUBKEY: - *r_stat = GPGME_SIG_STAT_NOKEY; - break; + at deftypefun gpgme_error_t gpgme_signers_add (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}) +The function @code{gpgme_signers_add} adds the key @var{key} to the +list of signers in the context @var{ctx}. - case GPG_ERR_NO_DATA: - *r_stat = GPGME_SIG_STAT_NOSIG; - break; - - case GPG_ERR_SIG_EXPIRED: - *r_stat = GPGME_SIG_STAT_GOOD_EXP; - break; - - case GPG_ERR_KEY_EXPIRED: - *r_stat = GPGME_SIG_STAT_GOOD_EXPKEY; - break; - - default: - *r_stat = GPGME_SIG_STAT_ERROR; - break; - @} - @} - if (r_created) - *r_created = sig->timestamp; - return sig->fpr; - at end example - at end deftypefun - - at deftypefun {const char *} gpgme_get_sig_string_attr (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_attr_t @var{what}}, @w{int @var{whatidx}}) -The function @code{gpgme_get_sig_string_attr} is equivalent to: - - at example - gpgme_verify_result_t result; - gpgme_signature_t sig; - - result = gpgme_op_verify_result (ctx); - sig = result->signatures; - - while (sig && idx) - @{ - sig = sig->next; - idx--; - @} - if (!sig || idx) - return NULL; - - switch (what) - @{ - case GPGME_ATTR_FPR: - return sig->fpr; - - case GPGME_ATTR_ERRTOK: - if (whatidx == 1) - return sig->wrong_key_usage ? "Wrong_Key_Usage" : ""; - else - return ""; - default: - break; - @} - - return NULL; - at end example - at end deftypefun - - at deftypefun {const char *} gpgme_get_sig_ulong_attr (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_attr_t @var{waht}}, @w{int @var{whatidx}}) -The function @code{gpgme_get_sig_ulong_attr} is equivalent to: - - at example - gpgme_verify_result_t result; - gpgme_signature_t sig; - - result = gpgme_op_verify_result (ctx); - sig = result->signatures; - - while (sig && idx) - @{ - sig = sig->next; - idx--; - @} - if (!sig || idx) - return 0; - - switch (what) - @{ - case GPGME_ATTR_CREATED: - return sig->timestamp; - - case GPGME_ATTR_EXPIRE: - return sig->exp_timestamp; - - case GPGME_ATTR_VALIDITY: - return (unsigned long) sig->validity; - - case GPGME_ATTR_SIG_STATUS: - switch (sig->status) - @{ - case GPG_ERR_NO_ERROR: - return GPGME_SIG_STAT_GOOD; - - case GPG_ERR_BAD_SIGNATURE: - return GPGME_SIG_STAT_BAD; - - case GPG_ERR_NO_PUBKEY: - return GPGME_SIG_STAT_NOKEY; - - case GPG_ERR_NO_DATA: - return GPGME_SIG_STAT_NOSIG; - - case GPG_ERR_SIG_EXPIRED: - return GPGME_SIG_STAT_GOOD_EXP; - - case GPG_ERR_KEY_EXPIRED: - return GPGME_SIG_STAT_GOOD_EXPKEY; - - default: - return GPGME_SIG_STAT_ERROR; - @} - - case GPGME_ATTR_SIG_SUMMARY: - return sig->summary; - - default: - break; - @} - return 0; - at end example - at end deftypefun - - at deftypefun {const char *} gpgme_get_sig_key (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_key_t *@var{r_key}}) -The function @code{gpgme_get_sig_key} is equivalent to: - - at example - gpgme_verify_result_t result; - gpgme_signature_t sig; - - result = gpgme_op_verify_result (ctx); - sig = result->signatures; - - while (sig && idx) - @{ - sig = sig->next; - idx--; - @} - if (!sig || idx) - return gpg_error (GPG_ERR_EOF); - - return gpgme_get_key (ctx, sig->fpr, r_key, 0); - at end example - at end deftypefun - - - at node Decrypt and Verify - at subsection Decrypt and Verify - at cindex decryption and verification - at cindex verification and decryption - at cindex signature check - at cindex cryptographic operation, decryption and verification - - at deftypefun gpgme_error_t gpgme_op_decrypt_verify (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{cipher}}, @w{gpgme_data_t @var{plain}}) -The function @code{gpgme_op_decrypt_verify} decrypts the ciphertext in -the data object @var{cipher} and stores it into the data object - at var{plain}. If @var{cipher} contains signatures, they will be -verified. - -After the operation completed, @code{gpgme_op_decrypt_result} and - at code{gpgme_op_verify_result} can be used to retrieve more information -about the signatures. - -If the error code @code{GPG_ERR_NO_DATA} is returned, @var{cipher} -does not contain any data to decrypt. However, it might still be -signed. The information about detected signatures is available with - at code{gpgme_op_verify_result} in this case. - -The function returns the error code @code{GPG_ERR_NO_ERROR} if the -ciphertext could be decrypted successfully, @code{GPG_ERR_INV_VALUE} -if @var{ctx}, @var{cipher} or @var{plain} is not a valid pointer, - at code{GPG_ERR_NO_DATA} if @var{cipher} does not contain any data to -decrypt, @code{GPG_ERR_DECRYPT_FAILED} if @var{cipher} is not a valid -cipher text, @code{GPG_ERR_BAD_PASSPHRASE} if the passphrase for the -secret key could not be retrieved, and passes through any errors that -are reported by the crypto engine support routines. - at end deftypefun - - at deftypefun gpgme_error_t gpgme_op_decrypt_verify (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{cipher}}, @w{gpgme_data_t @var{plain}}) -The function @code{gpgme_op_decrypt_verify_start} initiates a - at code{gpgme_op_decrypt_verify} operation. It can be completed by -calling @code{gpgme_wait} on the context. @xref{Waiting For -Completion}. - -The function returns the error code @code{GPG_ERR_NO_ERROR} if the -operation could be started successfully, @code{GPG_ERR_INV_VALUE} if - at var{ctx}, @var{cipher}, @var{plain} or @var{r_stat} is not a valid -pointer, and @code{GPG_ERR_NO_DATA} if @var{cipher} does not contain -any data to decrypt. - at end deftypefun - - - at node Sign - at subsection Sign - at cindex signature, creation - at cindex sign - at cindex cryptographic operation, signing - -A signature can contain signatures by one or more keys. The set of -keys used to create a signatures is contained in a context, and is -applied to all following signing operations in this context (until the -set is changed). - - at menu -* Selecting Signers:: How to choose the keys to sign with. -* Creating a Signature:: How to create a signature. -* Signature Notation Data:: How to add notation data to a signature. - at end menu - - - at node Selecting Signers - at subsubsection Selecting Signers - at cindex signature, selecting signers - at cindex signers, selecting - -The key or the keys used to create a signature are stored in the -context. The following functions can be used to manipulate this list. -If no signer has been set into the context a default key is used for -signing. - - at deftypefun void gpgme_signers_clear (@w{gpgme_ctx_t @var{ctx}}) -The function @code{gpgme_signers_clear} releases a reference for each -key on the signers list and removes the list of signers from the -context @var{ctx}. - -Every context starts with an empty list. - at end deftypefun - - at deftypefun gpgme_error_t gpgme_signers_add (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}) -The function @code{gpgme_signers_add} adds the key @var{key} to the -list of signers in the context @var{ctx}. - -Calling this function acquires an additional reference for the key. - at end deftypefun +Calling this function acquires an additional reference for the key. + at end deftypefun @deftypefun @w{unsigned int} gpgme_signers_count (@w{const gpgme_ctx_t @var{ctx}}) The function @code{gpgme_signers_count} returns the number of signer keys in @@ -7096,6 +6396,682 @@ your application. If you are asked to send a log file, make sure that you run your tests only with play data. + at node Deprecated Functions + at appendix Deprecated Functions + at cindex deprecated + +For backward compatibility @acronym{GPGME} has a number of functions, +data types and constants which are deprecated and should not be used +anymore. We document here those which are really old to help +understanding old code and to allow migration to their modern +counterparts. + + at strong{Warning:} These interfaces will be removed in a future version +of @acronym{GPGME}. + + at deftypefun void gpgme_key_release (@w{gpgme_key_t @var{key}}) +The function @code{gpgme_key_release} is equivalent to + at code{gpgme_key_unref}. + at end deftypefun + + at deftypefun void gpgme_trust_item_release (@w{gpgme_trust_item_t @var{item}}) +The function @code{gpgme_trust_item_release} is an alias for + at code{gpgme_trust_item_unref}. + at end deftypefun + + + at deftypefun gpgme_error_t gpgme_op_import_ext (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{keydata}}, @w{int *@var{nr}}) +The function @code{gpgme_op_import_ext} is equivalent to: + + at example + gpgme_error_t err = gpgme_op_import (ctx, keydata); + if (!err) + @{ + gpgme_import_result_t result = gpgme_op_import_result (ctx); + *nr = result->considered; + @} + at end example + at end deftypefun + + + at deftp {Data type} {gpgme_error_t (*gpgme_edit_cb_t) @ + (@w{void *@var{handle}}, @ + @w{gpgme_status_code_t @var{status}}, @ + @w{const char *@var{args}}, @ + @w{int @var{fd}})} + at tindex gpgme_edit_cb_t +The @code{gpgme_edit_cb_t} type is the type of functions which + at acronym{GPGME} calls if it a key edit operation is on-going. The +status code @var{status} and the argument line @var{args} are passed +through by @acronym{GPGME} from the crypto engine. The file +descriptor @var{fd} is -1 for normal status messages. If @var{status} +indicates a command rather than a status message, the response to the +command should be written to @var{fd}. The @var{handle} is provided +by the user at start of operation. + +The function should return @code{GPG_ERR_FALSE} if it did not handle +the status code, @code{0} for success, or any other error value. + at end deftp + + at deftypefun gpgme_error_t gpgme_op_edit (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) +Note: This function is deprecated, please use + at code{gpgme_op_interact} instead. + +The function @code{gpgme_op_edit} processes the key @var{KEY} +interactively, using the edit callback function @var{FNC} with the +handle @var{HANDLE}. The callback is invoked for every status and +command request from the crypto engine. The output of the crypto +engine is written to the data object @var{out}. + +Note that the protocol between the callback function and the crypto +engine is specific to the crypto engine and no further support in +implementing this protocol correctly is provided by @acronym{GPGME}. + +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +edit operation completes successfully, @code{GPG_ERR_INV_VALUE} if + at var{ctx} or @var{key} is not a valid pointer, and any error returned +by the crypto engine or the edit callback handler. + at end deftypefun + + at deftypefun gpgme_error_t gpgme_op_edit_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) +Note: This function is deprecated, please use + at code{gpgme_op_interact_start} instead. + +The function @code{gpgme_op_edit_start} initiates a + at code{gpgme_op_edit} operation. It can be completed by calling + at code{gpgme_wait} on the context. @xref{Waiting For Completion}. + +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +operation was started successfully, and @code{GPG_ERR_INV_VALUE} if + at var{ctx} or @var{key} is not a valid pointer. + at end deftypefun + + + at deftypefun gpgme_error_t gpgme_op_card_edit (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) +Note: This function is deprecated, please use @code{gpgme_op_interact} +with the flag @code{GPGME_INTERACT_CARD} instead. + +The function @code{gpgme_op_card_edit} is analogous to + at code{gpgme_op_edit}, but should be used to process the smart card corresponding to the key @var{key}. + at end deftypefun + + at deftypefun gpgme_error_t gpgme_op_card_edit_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}}) +Note: This function is deprecated, please use @code{gpgme_op_interact_start} +with the flag @code{GPGME_INTERACT_CARD} instead. + +The function @code{gpgme_op_card_edit_start} initiates a + at code{gpgme_op_card_edit} operation. It can be completed by calling + at code{gpgme_wait} on the context. @xref{Waiting For Completion}. + +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +operation was started successfully, and @code{GPG_ERR_INV_VALUE} if + at var{ctx} or @var{key} is not a valid pointer. + at end deftypefun + + + + at deftypefun gpgme_error_t gpgme_data_new_with_read_cb (@w{gpgme_data_t *@var{dh}}, @w{int (*@var{readfunc})} (@w{void *@var{hook}}, @w{char *@var{buffer}}, @w{size_t @var{count}}, @w{size_t *@var{nread}}), @w{void *@var{hook_value}}) +The function @code{gpgme_data_new_with_read_cb} creates a new + at code{gpgme_data_t} object and uses the callback function @var{readfunc} +to retrieve the data on demand. As the callback function can supply +the data in any way it wants, this is the most flexible data type + at acronym{GPGME} provides. However, it can not be used to write data. + +The callback function receives @var{hook_value} as its first argument +whenever it is invoked. It should return up to @var{count} bytes in + at var{buffer}, and return the number of bytes actually read in + at var{nread}. It may return @code{0} in @var{nread} if no data is +currently available. To indicate @code{EOF} the function should +return with an error code of @code{-1} and set @var{nread} to + at code{0}. The callback function may support to reset its internal +read pointer if it is invoked with @var{buffer} and @var{nread} being + at code{NULL} and @var{count} being @code{0}. + +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +data object was successfully created, @code{GPG_ERR_INV_VALUE} if + at var{dh} or @var{readfunc} is not a valid pointer, and + at code{GPG_ERR_ENOMEM} if not enough memory is available. + at end deftypefun + + at deftypefun gpgme_error_t gpgme_data_rewind (@w{gpgme_data_t @var{dh}}) +The function @code{gpgme_data_rewind} is equivalent to: + + at example + return (gpgme_data_seek (dh, 0, SEEK_SET) == -1) + ? gpgme_error_from_errno (errno) : 0; + at end example + at end deftypefun + + + at deftp {Data type} gpgme_attr_t +The @code{gpgme_attr_t} type is used to specify a key or trust item +attribute. The following attributes are defined: + + at table @code + at item GPGME_ATTR_KEYID +This is the key ID of a sub key. It is representable as a string. + +For trust items, the trust item refers to the key with this ID. + + at item GPGME_ATTR_FPR +This is the fingerprint of a sub key. It is representable as a +string. + + at item GPGME_ATTR_ALGO +This is the crypto algorithm for which the sub key can be used. It +is representable as a string and as a number. The numbers correspond +to the @code{enum gcry_pk_algos} values in the gcrypt library. + + at item GPGME_ATTR_LEN +This is the key length of a sub key. It is representable as a +number. + + at item GPGME_ATTR_CREATED +This is the timestamp at creation time of a sub key. It is +representable as a number. + + at item GPGME_ATTR_EXPIRE +This is the expiration time of a sub key. It is representable as a +number. + + at item GPGME_ATTR_OTRUST +XXX FIXME (also for trust items) + + at item GPGME_ATTR_USERID +This is a user ID. There can be more than one user IDs in a + at var{gpgme_key_t} object. The first one (with index 0) is the primary +user ID. The user ID is representable as a number. + +For trust items, this is the user ID associated with this trust item. + + at item GPGME_ATTR_NAME +This is the name belonging to a user ID. It is representable as a string. + + at item GPGME_ATTR_EMAIL +This is the email address belonging to a user ID. It is representable +as a string. + + at item GPGME_ATTR_COMMENT +This is the comment belonging to a user ID. It is representable as a +string. + + at item GPGME_ATTR_VALIDITY +This is the validity belonging to a user ID. It is representable as a +string and as a number. See below for a list of available validities. + +For trust items, this is the validity that is associated with this +trust item. + + at item GPGME_ATTR_UID_REVOKED +This specifies if a user ID is revoked. It is representable as a +number, and is @code{1} if the user ID is revoked, and @code{0} +otherwise. + + at item GPGME_ATTR_UID_INVALID +This specifies if a user ID is invalid. It is representable as a +number, and is @code{1} if the user ID is invalid, and @code{0} +otherwise. + + at item GPGME_ATTR_LEVEL +This is the trust level of a trust item. + + at item GPGME_ATTR_TYPE +This returns information about the type of key. For the string function +this will eother be "PGP" or "X.509". The integer function returns 0 +for PGP and 1 for X.509. It is also used for the type of a trust item. + + at item GPGME_ATTR_IS_SECRET +This specifies if the key is a secret key. It is representable as a +number, and is @code{1} if the key is revoked, and @code{0} otherwise. + + at item GPGME_ATTR_KEY_REVOKED +This specifies if a sub key is revoked. It is representable as a +number, and is @code{1} if the key is revoked, and @code{0} otherwise. + + at item GPGME_ATTR_KEY_INVALID +This specifies if a sub key is invalid. It is representable as a +number, and is @code{1} if the key is invalid, and @code{0} otherwise. + + at item GPGME_ATTR_KEY_EXPIRED +This specifies if a sub key is expired. It is representable as a +number, and is @code{1} if the key is expired, and @code{0} otherwise. + + at item GPGME_ATTR_KEY_DISABLED +This specifies if a sub key is disabled. It is representable as a +number, and is @code{1} if the key is disabled, and @code{0} otherwise. + + at item GPGME_ATTR_KEY_CAPS +This is a description of the capabilities of a sub key. It is +representable as a string. The string contains the letter ``e'' if +the key can be used for encryption, ``s'' if the key can be used for +signatures, and ``c'' if the key can be used for certifications. + + at item GPGME_ATTR_CAN_ENCRYPT +This specifies if a sub key can be used for encryption. It is +representable as a number, and is @code{1} if the sub key can be used +for encryption, and @code{0} otherwise. + + at item GPGME_ATTR_CAN_SIGN +This specifies if a sub key can be used to create data signatures. It +is representable as a number, and is @code{1} if the sub key can be +used for signatures, and @code{0} otherwise. + + at item GPGME_ATTR_CAN_CERTIFY +This specifies if a sub key can be used to create key certificates. +It is representable as a number, and is @code{1} if the sub key can be +used for certifications, and @code{0} otherwise. + + at item GPGME_ATTR_SERIAL +The X.509 issuer serial attribute of the key. It is representable as +a string. + + at item GPGME_ATTR_ISSUE +The X.509 issuer name attribute of the key. It is representable as a +string. + + at item GPGME_ATTR_CHAINID +The X.509 chain ID can be used to build the certification chain. It +is representable as a string. + at end table + at end deftp + + at deftypefun {const char *} gpgme_key_get_string_attr (@w{gpgme_key_t @var{key}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) +The function @code{gpgme_key_get_string_attr} returns the value of the +string-representable attribute @var{what} of key @var{key}. If the +attribute is an attribute of a sub key or an user ID, @var{idx} +specifies the sub key or user ID of which the attribute value is +returned. The argument @var{reserved} is reserved for later use and +should be @code{NULL}. + +The string returned is only valid as long as the key is valid. + +The function returns @code{0} if an attribute can't be returned as a +string, @var{key} is not a valid pointer, @var{idx} out of range, +or @var{reserved} not @code{NULL}. + at end deftypefun + + at deftypefun {unsigned long} gpgme_key_get_ulong_attr (@w{gpgme_key_t @var{key}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) +The function @code{gpgme_key_get_ulong_attr} returns the value of the +number-representable attribute @var{what} of key @var{key}. If the +attribute is an attribute of a sub key or an user ID, @var{idx} +specifies the sub key or user ID of which the attribute value is +returned. The argument @var{reserved} is reserved for later use and +should be @code{NULL}. + +The function returns @code{0} if the attribute can't be returned as a +number, @var{key} is not a valid pointer, @var{idx} out of range, or + at var{reserved} not @code{NULL}. + at end deftypefun + + + at c + at c Key Signatures + at c +The signatures on a key are only available if the key was retrieved +via a listing operation with the @code{GPGME_KEYLIST_MODE_SIGS} mode +enabled, because it is expensive to retrieve all signatures of a key. + +So, before using the below interfaces to retrieve the signatures on a +key, you have to make sure that the key was listed with signatures +enabled. One convenient, but blocking, way to do this is to use the +function @code{gpgme_get_key}. + + at deftp {Data type} gpgme_attr_t +The @code{gpgme_attr_t} type is used to specify a key signature +attribute. The following attributes are defined: + + at table @code + at item GPGME_ATTR_KEYID +This is the key ID of the key which was used for the signature. It is +representable as a string. + + at item GPGME_ATTR_ALGO +This is the crypto algorithm used to create the signature. It is +representable as a string and as a number. The numbers correspond to +the @code{enum gcry_pk_algos} values in the gcrypt library. + + at item GPGME_ATTR_CREATED +This is the timestamp at creation time of the signature. It is +representable as a number. + + at item GPGME_ATTR_EXPIRE +This is the expiration time of the signature. It is representable as +a number. + + at item GPGME_ATTR_USERID +This is the user ID associated with the signing key. The user ID is +representable as a number. + + at item GPGME_ATTR_NAME +This is the name belonging to a user ID. It is representable as a string. + + at item GPGME_ATTR_EMAIL +This is the email address belonging to a user ID. It is representable +as a string. + + at item GPGME_ATTR_COMMENT +This is the comment belonging to a user ID. It is representable as a +string. + + at item GPGME_ATTR_KEY_REVOKED +This specifies if a key signature is a revocation signature. It is +representable as a number, and is @code{1} if the key is revoked, and + at code{0} otherwise. + + at c @item GPGME_ATTR_KEY_EXPIRED + at c This specifies if a key signature is expired. It is representable as + at c a number, and is @code{1} if the key is revoked, and @code{0} + at c otherwise. + at c + at item GPGME_ATTR_SIG_CLASS +This specifies the signature class of a key signature. It is +representable as a number. The meaning is specific to the crypto +engine. + + at item GPGME_ATTR_SIG_CLASS +This specifies the signature class of a key signature. It is +representable as a number. The meaning is specific to the crypto +engine. + + at item GPGME_ATTR_SIG_STATUS +This is the same value as returned by @code{gpgme_get_sig_status}. + at end table + at end deftp + + at deftypefun {const char *} gpgme_key_sig_get_string_attr (@w{gpgme_key_t @var{key}}, @w{int @var{uid_idx}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) +The function @code{gpgme_key_sig_get_string_attr} returns the value of +the string-representable attribute @var{what} of the signature + at var{idx} on the user ID @var{uid_idx} in the key @var{key}. The +argument @var{reserved} is reserved for later use and should be + at code{NULL}. + +The string returned is only valid as long as the key is valid. + +The function returns @code{0} if an attribute can't be returned as a +string, @var{key} is not a valid pointer, @var{uid_idx} or @var{idx} +out of range, or @var{reserved} not @code{NULL}. + at end deftypefun + + at deftypefun {unsigned long} gpgme_key_sig_get_ulong_attr (@w{gpgme_key_t @var{key}}, @w{int @var{uid_idx}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) +The function @code{gpgme_key_sig_get_ulong_attr} returns the value of +the number-representable attribute @var{what} of the signature + at var{idx} on the user ID @var{uid_idx} in the key @var{key}. The +argument @var{reserved} is reserved for later use and should be + at code{NULL}. + +The function returns @code{0} if an attribute can't be returned as a +string, @var{key} is not a valid pointer, @var{uid_idx} or @var{idx} +out of range, or @var{reserved} not @code{NULL}. + at end deftypefun + + + at c node Information About Trust Items + at c subsection Information About Trust Items + at c cindex trust item, information about + at c cindex trust item, attributes + at c cindex attributes, of a trust item + +Trust items have attributes which can be queried using the interfaces +below. The attribute identifiers are shared with those for key +attributes. @xref{Information About Keys}. + + at deftypefun {const char *} gpgme_trust_item_get_string_attr (@w{gpgme_trust_item_t @var{item}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) +The function @code{gpgme_trust_item_get_string_attr} returns the value +of the string-representable attribute @var{what} of trust item + at var{item}. The arguments @var{idx} and @var{reserved} are reserved +for later use and should be @code{0} and @code{NULL} respectively. + +The string returned is only valid as long as the key is valid. + +The function returns @code{0} if an attribute can't be returned as a +string, @var{key} is not a valid pointer, @var{idx} out of range, +or @var{reserved} not @code{NULL}. + at end deftypefun + + at deftypefun int gpgme_trust_item_get_int_attr (@w{gpgme_trust_item_t @var{item}}, @w{gpgme_attr_t @var{what}}, @w{const void *@var{reserved}}, @w{int @var{idx}}) +The function @code{gpgme_trust_item_get_int_attr} returns the value of +the number-representable attribute @var{what} of trust item + at var{item}. If the attribute occurs more than once in the trust item, +the index is specified by @var{idx}. However, currently no such +attribute exists, so @var{idx} should be @code{0}. The argument + at var{reserved} is reserved for later use and should be @code{NULL}. + +The function returns @code{0} if the attribute can't be returned as a +number, @var{key} is not a valid pointer, @var{idx} out of range, +or @var{reserved} not @code{NULL}. + at end deftypefun + + + at deftp {Data type} {enum gpgme_sig_stat_t} + at tindex gpgme_sig_stat_t +The @code{gpgme_sig_stat_t} type holds the result of a signature check, or +the combined result of all signatures. The following results are +possible: + + at table @code + at item GPGME_SIG_STAT_NONE +This status should not occur in normal operation. + + at item GPGME_SIG_STAT_GOOD +This status indicates that the signature is valid. For the combined +result this status means that all signatures are valid. + + at item GPGME_SIG_STAT_GOOD_EXP +This status indicates that the signature is valid but expired. For +the combined result this status means that all signatures are valid +and expired. + + at item GPGME_SIG_STAT_GOOD_EXPKEY +This status indicates that the signature is valid but the key used to +verify the signature has expired. For the combined result this status +means that all signatures are valid and all keys are expired. + + at item GPGME_SIG_STAT_BAD +This status indicates that the signature is invalid. For the combined +result this status means that all signatures are invalid. + + at item GPGME_SIG_STAT_NOKEY +This status indicates that the signature could not be verified due to +a missing key. For the combined result this status means that all +signatures could not be checked due to missing keys. + + at item GPGME_SIG_STAT_NOSIG +This status indicates that the signature data provided was not a real +signature. + + at item GPGME_SIG_STAT_ERROR +This status indicates that there was some other error which prevented +the signature verification. + + at item GPGME_SIG_STAT_DIFF +For the combined result this status means that at least two signatures +have a different status. You can get each key's status with + at code{gpgme_get_sig_status}. + at end table + at end deftp + + at deftypefun {const char *} gpgme_get_sig_status (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_sig_stat_t *@var{r_stat}}, @w{time_t *@var{r_created}}) +The function @code{gpgme_get_sig_status} is equivalent to: + + at example + gpgme_verify_result_t result; + gpgme_signature_t sig; + + result = gpgme_op_verify_result (ctx); + sig = result->signatures; + + while (sig && idx) + @{ + sig = sig->next; + idx--; + @} + if (!sig || idx) + return NULL; + + if (r_stat) + @{ + switch (gpg_err_code (sig->status)) + @{ + case GPG_ERR_NO_ERROR: + *r_stat = GPGME_SIG_STAT_GOOD; + break; + + case GPG_ERR_BAD_SIGNATURE: + *r_stat = GPGME_SIG_STAT_BAD; + break; + + case GPG_ERR_NO_PUBKEY: + *r_stat = GPGME_SIG_STAT_NOKEY; + break; + + case GPG_ERR_NO_DATA: + *r_stat = GPGME_SIG_STAT_NOSIG; + break; + + case GPG_ERR_SIG_EXPIRED: + *r_stat = GPGME_SIG_STAT_GOOD_EXP; + break; + + case GPG_ERR_KEY_EXPIRED: + *r_stat = GPGME_SIG_STAT_GOOD_EXPKEY; + break; + + default: + *r_stat = GPGME_SIG_STAT_ERROR; + break; + @} + @} + if (r_created) + *r_created = sig->timestamp; + return sig->fpr; + at end example + at end deftypefun + + at deftypefun {const char *} gpgme_get_sig_string_attr (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_attr_t @var{what}}, @w{int @var{whatidx}}) +The function @code{gpgme_get_sig_string_attr} is equivalent to: + + at example + gpgme_verify_result_t result; + gpgme_signature_t sig; + + result = gpgme_op_verify_result (ctx); + sig = result->signatures; + + while (sig && idx) + @{ + sig = sig->next; + idx--; + @} + if (!sig || idx) + return NULL; + + switch (what) + @{ + case GPGME_ATTR_FPR: + return sig->fpr; + + case GPGME_ATTR_ERRTOK: + if (whatidx == 1) + return sig->wrong_key_usage ? "Wrong_Key_Usage" : ""; + else + return ""; + default: + break; + @} + + return NULL; + at end example + at end deftypefun + + at deftypefun {const char *} gpgme_get_sig_ulong_attr (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_attr_t @var{waht}}, @w{int @var{whatidx}}) +The function @code{gpgme_get_sig_ulong_attr} is equivalent to: + + at example + gpgme_verify_result_t result; + gpgme_signature_t sig; + + result = gpgme_op_verify_result (ctx); + sig = result->signatures; + + while (sig && idx) + @{ + sig = sig->next; + idx--; + @} + if (!sig || idx) + return 0; + + switch (what) + @{ + case GPGME_ATTR_CREATED: + return sig->timestamp; + + case GPGME_ATTR_EXPIRE: + return sig->exp_timestamp; + + case GPGME_ATTR_VALIDITY: + return (unsigned long) sig->validity; + + case GPGME_ATTR_SIG_STATUS: + switch (sig->status) + @{ + case GPG_ERR_NO_ERROR: + return GPGME_SIG_STAT_GOOD; + + case GPG_ERR_BAD_SIGNATURE: + return GPGME_SIG_STAT_BAD; + + case GPG_ERR_NO_PUBKEY: + return GPGME_SIG_STAT_NOKEY; + + case GPG_ERR_NO_DATA: + return GPGME_SIG_STAT_NOSIG; + + case GPG_ERR_SIG_EXPIRED: + return GPGME_SIG_STAT_GOOD_EXP; + + case GPG_ERR_KEY_EXPIRED: + return GPGME_SIG_STAT_GOOD_EXPKEY; + + default: + return GPGME_SIG_STAT_ERROR; + @} + + case GPGME_ATTR_SIG_SUMMARY: + return sig->summary; + + default: + break; + @} + return 0; + at end example + at end deftypefun + + at deftypefun {const char *} gpgme_get_sig_key (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_key_t *@var{r_key}}) +The function @code{gpgme_get_sig_key} is equivalent to: + + at example + gpgme_verify_result_t result; + gpgme_signature_t sig; + + result = gpgme_op_verify_result (ctx); + sig = result->signatures; + + while (sig && idx) + @{ + sig = sig->next; + idx--; + @} + if (!sig || idx) + return gpg_error (GPG_ERR_EOF); + + return gpgme_get_key (ctx, sig->fpr, r_key, 0); + at end example + at end deftypefun + + + + @include lesser.texi ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 2226 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 1101 insertions(+), 1125 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 14:58:59 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 16 Sep 2016 14:58:59 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-371-ga458e7f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a458e7fe2006d92bd5a838e2747fb66bbac4b1b8 (commit) via 5259f9de465d683d93268359cf19ce3a8d151566 (commit) from 00f95e0fad2ef438f78eabb7881b56568466f666 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a458e7fe2006d92bd5a838e2747fb66bbac4b1b8 Author: Justus Winter Date: Fri Sep 16 14:56:29 2016 +0200 python: Adapt to 'gpgme_op_interact'. * lang/python/examples/inter-edit.py: Update example. * lang/python/gpgme.i (gpgme_edit_cb_t): Turn into 'gpgme_interact_cb_t'. * lang/python/helpers.c (_pyme_edit_cb): Turn into '_pyme_interact_cb_t'. * lang/python/private.h (_pyme_edit_cb): Likewise. * lang/python/pyme/constants/__init__.py: Replace numeric status codes with the keywords. * lang/python/pyme/constants/status.py: Likewise. * lang/python/pyme/core.py (Context.interact): New method. (Context.op_edit): Deprecate, update docstring, implement using Context.interact. * lang/python/tests/t-edit.py: Test both interfaces. Signed-off-by: Justus Winter diff --git a/lang/python/examples/inter-edit.py b/lang/python/examples/inter-edit.py index 459df11..39d6f17 100644 --- a/lang/python/examples/inter-edit.py +++ b/lang/python/examples/inter-edit.py @@ -23,13 +23,6 @@ del absolute_import, print_function, unicode_literals import sys import pyme -import pyme.constants.status - -# Get names for the status codes -status2str = {} -for name in dir(pyme.constants.status): - if not name.startswith('__') and name != "util": - status2str[getattr(pyme.constants.status, name)] = name if len(sys.argv) != 2: sys.exit("Usage: %s \n" % sys.argv[0]) @@ -46,11 +39,11 @@ with pyme.Context() as c: key = keys[0] print("Editing key {} ({}):".format(key.uids[0].uid, key.subkeys[0].fpr)) - def edit_fnc(status, args): + def edit_fnc(keyword, args): print("Status: {} ({}), args: {} > ".format( - status2str[status], status, args), end='', flush=True) + keyword, status, args), end='', flush=True) - if not 'GET' in status2str[status]: + if not 'GET' in keyword: # no prompt print() return None @@ -60,4 +53,4 @@ with pyme.Context() as c: except EOFError: return "quit" - c.op_edit(key, edit_fnc, None, sys.stdout) + c.interact(key, edit_fnc, sink=sys.stdout) diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 458ae7f..84addae 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -476,15 +476,15 @@ -// Include mapper for edit callbacks -%typemap(in) (gpgme_edit_cb_t fnc, void *fnc_value) { +/* Include mapper for interact callbacks. */ +%typemap(in) (gpgme_interact_cb_t fnc, void *fnc_value) { if (! PyTuple_Check($input)) - return PyErr_Format(PyExc_TypeError, "edit callback must be a tuple"); + return PyErr_Format(PyExc_TypeError, "interact callback must be a tuple"); if (PyTuple_Size($input) != 2 && PyTuple_Size($input) != 3) return PyErr_Format(PyExc_TypeError, - "edit callback must be a tuple of size 2 or 3"); + "interact callback must be a tuple of size 2 or 3"); - $1 = (gpgme_edit_cb_t) _pyme_edit_cb; + $1 = (gpgme_interact_cb_t) _pyme_interact_cb; $2 = $input; } diff --git a/lang/python/helpers.c b/lang/python/helpers.c index bc8aed4..bb2128c 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -656,11 +656,16 @@ pyme_set_status_cb(PyObject *self, PyObject *cb) { Py_INCREF(Py_None); return Py_None; } + -/* Edit callbacks. */ -gpgme_error_t _pyme_edit_cb(void *opaque, gpgme_status_code_t status, - const char *args, int fd) { + +/* Interact callbacks. */ +gpgme_error_t +_pyme_interact_cb(void *opaque, const char *keyword, + const char *args, int fd) +{ PyObject *func = NULL, *dataarg = NULL, *pyargs = NULL, *retval = NULL; + PyObject *py_keyword; PyObject *pyopaque = (PyObject *) opaque; gpgme_error_t err_status = 0; PyObject *self = NULL; @@ -678,7 +683,15 @@ gpgme_error_t _pyme_edit_cb(void *opaque, gpgme_status_code_t status, pyargs = PyTuple_New(2); } - PyTuple_SetItem(pyargs, 0, PyLong_FromLong((long) status)); + if (keyword) + py_keyword = PyUnicode_FromString(keyword); + else + { + Py_INCREF(Py_None); + py_keyword = Py_None; + } + + PyTuple_SetItem(pyargs, 0, py_keyword); PyTuple_SetItem(pyargs, 1, PyUnicode_FromString(args)); if (dataarg) { Py_INCREF(dataarg); /* Because GetItem doesn't give a ref but SetItem taketh away */ @@ -726,7 +739,9 @@ gpgme_error_t _pyme_edit_cb(void *opaque, gpgme_status_code_t status, Py_XDECREF(retval); return err_status; } + + /* Data callbacks. */ /* Read up to SIZE bytes into buffer BUFFER from the data object with diff --git a/lang/python/private.h b/lang/python/private.h index cb4d2f8..3a903c1 100644 --- a/lang/python/private.h +++ b/lang/python/private.h @@ -34,9 +34,8 @@ PyObject *_pyme_obj2gpgme_data_t(PyObject *input, int argnum, PyObject *_pyme_wrap_result(PyObject *fragile, const char *classname); -gpgme_error_t _pyme_edit_cb(void *opaque, gpgme_status_code_t status, - const char *args, int fd); - +gpgme_error_t _pyme_interact_cb(void *opaque, const char *keyword, + const char *args, int fd); gpgme_error_t _pyme_assuan_data_cb (void *hook, const void *data, size_t datalen); gpgme_error_t _pyme_assuan_inquire_cb (void *hook, diff --git a/lang/python/pyme/constants/__init__.py b/lang/python/pyme/constants/__init__.py index 96465de..96d89e4 100644 --- a/lang/python/pyme/constants/__init__.py +++ b/lang/python/pyme/constants/__init__.py @@ -7,3 +7,108 @@ util.process_constants('GPGME_', globals()) __all__ = ['data', 'event', 'import', 'keylist', 'md', 'pk', 'protocol', 'sig', 'sigsum', 'status', 'validity'] + +# GPGME 1.7 replaced gpgme_op_edit with gpgme_op_interact. We +# implement pyme.Context.op_edit using gpgme_op_interact, so the +# callbacks will be called with string keywords instead of numeric +# status messages. Code that is using these constants will continue +# to work. + +STATUS_ABORT = "ABORT" +STATUS_ALREADY_SIGNED = "ALREADY_SIGNED" +STATUS_ATTRIBUTE = "ATTRIBUTE" +STATUS_BACKUP_KEY_CREATED = "BACKUP_KEY_CREATED" +STATUS_BAD_PASSPHRASE = "BAD_PASSPHRASE" +STATUS_BADARMOR = "BADARMOR" +STATUS_BADMDC = "BADMDC" +STATUS_BADSIG = "BADSIG" +STATUS_BEGIN_DECRYPTION = "BEGIN_DECRYPTION" +STATUS_BEGIN_ENCRYPTION = "BEGIN_ENCRYPTION" +STATUS_BEGIN_SIGNING = "BEGIN_SIGNING" +STATUS_BEGIN_STREAM = "BEGIN_STREAM" +STATUS_CARDCTRL = "CARDCTRL" +STATUS_DECRYPTION_FAILED = "DECRYPTION_FAILED" +STATUS_DECRYPTION_INFO = "DECRYPTION_INFO" +STATUS_DECRYPTION_OKAY = "DECRYPTION_OKAY" +STATUS_DELETE_PROBLEM = "DELETE_PROBLEM" +STATUS_ENC_TO = "ENC_TO" +STATUS_END_DECRYPTION = "END_DECRYPTION" +STATUS_END_ENCRYPTION = "END_ENCRYPTION" +STATUS_END_STREAM = "END_STREAM" +STATUS_ENTER = "ENTER" +STATUS_ERRMDC = "ERRMDC" +STATUS_ERROR = "ERROR" +STATUS_ERRSIG = "ERRSIG" +STATUS_EXPKEYSIG = "EXPKEYSIG" +STATUS_EXPSIG = "EXPSIG" +STATUS_FAILURE = "FAILURE" +STATUS_FILE_DONE = "FILE_DONE" +STATUS_FILE_ERROR = "FILE_ERROR" +STATUS_FILE_START = "FILE_START" +STATUS_GET_BOOL = "GET_BOOL" +STATUS_GET_HIDDEN = "GET_HIDDEN" +STATUS_GET_LINE = "GET_LINE" +STATUS_GOOD_PASSPHRASE = "GOOD_PASSPHRASE" +STATUS_GOODMDC = "GOODMDC" +STATUS_GOODSIG = "GOODSIG" +STATUS_GOT_IT = "GOT_IT" +STATUS_IMPORT_OK = "IMPORT_OK" +STATUS_IMPORT_PROBLEM = "IMPORT_PROBLEM" +STATUS_IMPORT_RES = "IMPORT_RES" +STATUS_IMPORTED = "IMPORTED" +STATUS_INQUIRE_MAXLEN = "INQUIRE_MAXLEN" +STATUS_INV_RECP = "INV_RECP" +STATUS_INV_SGNR = "INV_SGNR" +STATUS_KEY_CONSIDERED = "KEY_CONSIDERED" +STATUS_KEY_CREATED = "KEY_CREATED" +STATUS_KEY_NOT_CREATED = "KEY_NOT_CREATED" +STATUS_KEYEXPIRED = "KEYEXPIRED" +STATUS_KEYREVOKED = "KEYREVOKED" +STATUS_LEAVE = "LEAVE" +STATUS_MISSING_PASSPHRASE = "MISSING_PASSPHRASE" +STATUS_MOUNTPOINT = "MOUNTPOINT" +STATUS_NEED_PASSPHRASE = "NEED_PASSPHRASE" +STATUS_NEED_PASSPHRASE_PIN = "NEED_PASSPHRASE_PIN" +STATUS_NEED_PASSPHRASE_SYM = "NEED_PASSPHRASE_SYM" +STATUS_NEWSIG = "NEWSIG" +STATUS_NO_PUBKEY = "NO_PUBKEY" +STATUS_NO_RECP = "NO_RECP" +STATUS_NO_SECKEY = "NO_SECKEY" +STATUS_NO_SGNR = "NO_SGNR" +STATUS_NODATA = "NODATA" +STATUS_NOTATION_DATA = "NOTATION_DATA" +STATUS_NOTATION_FLAGS = "NOTATION_FLAGS" +STATUS_NOTATION_NAME = "NOTATION_NAME" +STATUS_PINENTRY_LAUNCHED = "PINENTRY_LAUNCHED" +STATUS_PKA_TRUST_BAD = "PKA_TRUST_BAD" +STATUS_PKA_TRUST_GOOD = "PKA_TRUST_GOOD" +STATUS_PLAINTEXT = "PLAINTEXT" +STATUS_PLAINTEXT_LENGTH = "PLAINTEXT_LENGTH" +STATUS_POLICY_URL = "POLICY_URL" +STATUS_PROGRESS = "PROGRESS" +STATUS_REVKEYSIG = "REVKEYSIG" +STATUS_RSA_OR_IDEA = "RSA_OR_IDEA" +STATUS_SC_OP_FAILURE = "SC_OP_FAILURE" +STATUS_SC_OP_SUCCESS = "SC_OP_SUCCESS" +STATUS_SESSION_KEY = "SESSION_KEY" +STATUS_SHM_GET = "SHM_GET" +STATUS_SHM_GET_BOOL = "SHM_GET_BOOL" +STATUS_SHM_GET_HIDDEN = "SHM_GET_HIDDEN" +STATUS_SHM_INFO = "SHM_INFO" +STATUS_SIG_CREATED = "SIG_CREATED" +STATUS_SIG_ID = "SIG_ID" +STATUS_SIG_SUBPACKET = "SIG_SUBPACKET" +STATUS_SIGEXPIRED = "SIGEXPIRED" +STATUS_SUCCESS = "SUCCESS" +STATUS_TOFU_STATS = "TOFU_STATS" +STATUS_TOFU_STATS_LONG = "TOFU_STATS_LONG" +STATUS_TOFU_USER = "TOFU_USER" +STATUS_TRUNCATED = "TRUNCATED" +STATUS_TRUST_FULLY = "TRUST_FULLY" +STATUS_TRUST_MARGINAL = "TRUST_MARGINAL" +STATUS_TRUST_NEVER = "TRUST_NEVER" +STATUS_TRUST_ULTIMATE = "TRUST_ULTIMATE" +STATUS_TRUST_UNDEFINED = "TRUST_UNDEFINED" +STATUS_UNEXPECTED = "UNEXPECTED" +STATUS_USERID_HINT = "USERID_HINT" +STATUS_VALIDSIG = "VALIDSIG" diff --git a/lang/python/pyme/constants/status.py b/lang/python/pyme/constants/status.py index ee52259..a04d9aa 100644 --- a/lang/python/pyme/constants/status.py +++ b/lang/python/pyme/constants/status.py @@ -18,5 +18,107 @@ from __future__ import absolute_import, print_function, unicode_literals del absolute_import, print_function, unicode_literals -from pyme import util -util.process_constants('GPGME_STATUS_', globals()) +# GPGME 1.7 replaced gpgme_op_edit with gpgme_op_interact. We +# implement pyme.Context.op_edit using gpgme_op_interact, so the +# callbacks will be called with string keywords instead of numeric +# status messages. Code that is using these constants will continue +# to work. + +ABORT = "ABORT" +ALREADY_SIGNED = "ALREADY_SIGNED" +ATTRIBUTE = "ATTRIBUTE" +BACKUP_KEY_CREATED = "BACKUP_KEY_CREATED" +BAD_PASSPHRASE = "BAD_PASSPHRASE" +BADARMOR = "BADARMOR" +BADMDC = "BADMDC" +BADSIG = "BADSIG" +BEGIN_DECRYPTION = "BEGIN_DECRYPTION" +BEGIN_ENCRYPTION = "BEGIN_ENCRYPTION" +BEGIN_SIGNING = "BEGIN_SIGNING" +BEGIN_STREAM = "BEGIN_STREAM" +CARDCTRL = "CARDCTRL" +DECRYPTION_FAILED = "DECRYPTION_FAILED" +DECRYPTION_INFO = "DECRYPTION_INFO" +DECRYPTION_OKAY = "DECRYPTION_OKAY" +DELETE_PROBLEM = "DELETE_PROBLEM" +ENC_TO = "ENC_TO" +END_DECRYPTION = "END_DECRYPTION" +END_ENCRYPTION = "END_ENCRYPTION" +END_STREAM = "END_STREAM" +ENTER = "ENTER" +ERRMDC = "ERRMDC" +ERROR = "ERROR" +ERRSIG = "ERRSIG" +EXPKEYSIG = "EXPKEYSIG" +EXPSIG = "EXPSIG" +FAILURE = "FAILURE" +FILE_DONE = "FILE_DONE" +FILE_ERROR = "FILE_ERROR" +FILE_START = "FILE_START" +GET_BOOL = "GET_BOOL" +GET_HIDDEN = "GET_HIDDEN" +GET_LINE = "GET_LINE" +GOOD_PASSPHRASE = "GOOD_PASSPHRASE" +GOODMDC = "GOODMDC" +GOODSIG = "GOODSIG" +GOT_IT = "GOT_IT" +IMPORT_OK = "IMPORT_OK" +IMPORT_PROBLEM = "IMPORT_PROBLEM" +IMPORT_RES = "IMPORT_RES" +IMPORTED = "IMPORTED" +INQUIRE_MAXLEN = "INQUIRE_MAXLEN" +INV_RECP = "INV_RECP" +INV_SGNR = "INV_SGNR" +KEY_CONSIDERED = "KEY_CONSIDERED" +KEY_CREATED = "KEY_CREATED" +KEY_NOT_CREATED = "KEY_NOT_CREATED" +KEYEXPIRED = "KEYEXPIRED" +KEYREVOKED = "KEYREVOKED" +LEAVE = "LEAVE" +MISSING_PASSPHRASE = "MISSING_PASSPHRASE" +MOUNTPOINT = "MOUNTPOINT" +NEED_PASSPHRASE = "NEED_PASSPHRASE" +NEED_PASSPHRASE_PIN = "NEED_PASSPHRASE_PIN" +NEED_PASSPHRASE_SYM = "NEED_PASSPHRASE_SYM" +NEWSIG = "NEWSIG" +NO_PUBKEY = "NO_PUBKEY" +NO_RECP = "NO_RECP" +NO_SECKEY = "NO_SECKEY" +NO_SGNR = "NO_SGNR" +NODATA = "NODATA" +NOTATION_DATA = "NOTATION_DATA" +NOTATION_FLAGS = "NOTATION_FLAGS" +NOTATION_NAME = "NOTATION_NAME" +PINENTRY_LAUNCHED = "PINENTRY_LAUNCHED" +PKA_TRUST_BAD = "PKA_TRUST_BAD" +PKA_TRUST_GOOD = "PKA_TRUST_GOOD" +PLAINTEXT = "PLAINTEXT" +PLAINTEXT_LENGTH = "PLAINTEXT_LENGTH" +POLICY_URL = "POLICY_URL" +PROGRESS = "PROGRESS" +REVKEYSIG = "REVKEYSIG" +RSA_OR_IDEA = "RSA_OR_IDEA" +SC_OP_FAILURE = "SC_OP_FAILURE" +SC_OP_SUCCESS = "SC_OP_SUCCESS" +SESSION_KEY = "SESSION_KEY" +SHM_GET = "SHM_GET" +SHM_GET_BOOL = "SHM_GET_BOOL" +SHM_GET_HIDDEN = "SHM_GET_HIDDEN" +SHM_INFO = "SHM_INFO" +SIG_CREATED = "SIG_CREATED" +SIG_ID = "SIG_ID" +SIG_SUBPACKET = "SIG_SUBPACKET" +SIGEXPIRED = "SIGEXPIRED" +SUCCESS = "SUCCESS" +TOFU_STATS = "TOFU_STATS" +TOFU_STATS_LONG = "TOFU_STATS_LONG" +TOFU_USER = "TOFU_USER" +TRUNCATED = "TRUNCATED" +TRUST_FULLY = "TRUST_FULLY" +TRUST_MARGINAL = "TRUST_MARGINAL" +TRUST_NEVER = "TRUST_NEVER" +TRUST_ULTIMATE = "TRUST_ULTIMATE" +TRUST_UNDEFINED = "TRUST_UNDEFINED" +UNEXPECTED = "UNEXPECTED" +USERID_HINT = "USERID_HINT" +VALIDSIG = "VALIDSIG" diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 55e8687..88a086b 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -29,6 +29,7 @@ del absolute_import, print_function, unicode_literals import re import os +import warnings import weakref from . import gpgme from .errors import errorcheck, GPGMEError @@ -536,6 +537,39 @@ class Context(GpgmeWrapper): return GPGMEError(status) if status != 0 else None + def interact(self, key, func, sink=None, flags=0, fnc_value=None): + """Interact with the engine + + This method can be used to edit keys and cards interactively. + KEY is the key to edit, FUNC is called repeatedly with two + unicode arguments, 'keyword' and 'args'. See the GPGME manual + for details. + + Keyword arguments: + sink -- if given, additional output is written here + flags -- use constants.INTERACT_CARD to edit a card + + Raises: + GPGMEError -- as signaled by the underlying library + + """ + if key == None: + raise ValueError("First argument cannot be None") + + if sink == None: + sink = Data() + + if fnc_value: + opaquedata = (weakref.ref(self), func, fnc_value) + else: + opaquedata = (weakref.ref(self), func) + + result = gpgme.gpgme_op_interact(self.wrapped, key, flags, + opaquedata, sink) + if self._callback_excinfo: + gpgme.pyme_raise_callback_exception(self) + errorcheck(result) + @property def signers(self): """Keys used for signing""" @@ -793,18 +827,21 @@ class Context(GpgmeWrapper): errorcheck(status) def op_edit(self, key, func, fnc_value, out): - """Start key editing using supplied callback function""" - if key == None: - raise ValueError("op_edit: First argument cannot be None") - if fnc_value: - opaquedata = (weakref.ref(self), func, fnc_value) - else: - opaquedata = (weakref.ref(self), func) + """Start key editing using supplied callback function + + Note: This interface is deprecated and will be removed with + GPGME 1.8. Please use .interact instead. Furthermore, we + implement this using gpgme_op_interact, so callbacks will get + called with string keywords instead of numeric status + messages. Code that is using constants.STATUS_X or + constants.status.X will continue to work, whereas code using + magic numbers will break as a result. + + """ + warnings.warn("Call to deprecated method op_edit.", + category=DeprecationWarning) + return self.interact(key, func, sink=out, fnc_value=fnc_value) - result = gpgme.gpgme_op_edit(self.wrapped, key, opaquedata, out) - if self._callback_excinfo: - gpgme.pyme_raise_callback_exception(self) - errorcheck(result) class Data(GpgmeWrapper): """Data buffer diff --git a/lang/python/tests/t-edit.py b/lang/python/tests/t-edit.py index 9ba187d..18bcb94 100755 --- a/lang/python/tests/t-edit.py +++ b/lang/python/tests/t-edit.py @@ -33,7 +33,7 @@ class KeyEditor(object): self.done = False self.verbose = int(os.environ.get('verbose', 0)) > 1 - def edit_fnc(self, status, args, out): + def edit_fnc(self, status, args, out=None): if args == "keyedit.prompt": result = self.steps[self.step] self.step += 1 @@ -57,8 +57,15 @@ c = core.Context() c.set_pinentry_mode(constants.PINENTRY_MODE_LOOPBACK) c.set_passphrase_cb(lambda *args: "abc") c.set_armor(True) -sink = core.Data() +# The deprecated interface. +editor = KeyEditor() +c.interact(c.get_key("A0FF4590BB6122EDEF6E3C542D727CC768697734", False), + editor.edit_fnc) +assert editor.done + +# The deprecated interface. +sink = core.Data() editor = KeyEditor() c.op_edit(c.get_key("A0FF4590BB6122EDEF6E3C542D727CC768697734", False), editor.edit_fnc, sink, sink) commit 5259f9de465d683d93268359cf19ce3a8d151566 Author: Justus Winter Date: Fri Sep 16 13:02:55 2016 +0200 core: Fix typos. -- Signed-off-by: Justus Winter diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 9c87b7b..b28a643 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -974,8 +974,8 @@ typedef gpgme_error_t (*gpgme_interact_cb_t) (void *opaque, const char *keyword, const char *args, int fd); -/* The callback type used by the deprecated functions gpgme_op_card - * and gpgme_of_card_edit. */ +/* The callback type used by the deprecated functions gpgme_op_edit + * and gpgme_op_card_edit. */ typedef gpgme_error_t (*gpgme_edit_cb_t) (void *opaque, gpgme_status_code_t status, const char *args, int fd); ----------------------------------------------------------------------- Summary of changes: lang/python/examples/inter-edit.py | 15 ++--- lang/python/gpgme.i | 10 ++-- lang/python/helpers.c | 23 +++++-- lang/python/private.h | 5 +- lang/python/pyme/constants/__init__.py | 105 ++++++++++++++++++++++++++++++++ lang/python/pyme/constants/status.py | 106 ++++++++++++++++++++++++++++++++- lang/python/pyme/core.py | 59 ++++++++++++++---- lang/python/tests/t-edit.py | 11 +++- src/gpgme.h.in | 4 +- 9 files changed, 298 insertions(+), 40 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 15:37:59 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 16 Sep 2016 15:37:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-122-g6e930f0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6e930f0e4077bc7aa3d28b1ba649a82d62427d87 (commit) via 3825847300700a94ac98a24c6db7cf81057b372c (commit) via 221b0bd0e5946edaea7135bc3b6f3c5c0fc6dbca (commit) via c2e563421e4fd4f0910642aa7b171bcf0b374b01 (commit) via af196342bf44ce6dc42111d37539dec7ee3b3d82 (commit) from 4ab8107063b641ed74fc4c9bf98304bcea573178 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6e930f0e4077bc7aa3d28b1ba649a82d62427d87 Author: Neal H. Walfield Date: Fri Sep 16 15:32:03 2016 +0200 g10: On failure, propagate the return code. * g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 6817303..e6a3429 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -3072,6 +3072,7 @@ tofu_register_encryption (ctrl_t ctrl, if (tl == _tofu_GET_TRUST_ERROR) { /* An error. */ + rc = gpg_error (GPG_ERR_GENERAL); xfree (email); goto die; } commit 3825847300700a94ac98a24c6db7cf81057b372c Author: Neal H. Walfield Date: Fri Sep 16 15:31:10 2016 +0200 g10: Improve some comments and a string. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 495f7ef..6817303 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2083,6 +2083,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, if (tdb_keyid_is_utk (kid)) { if (policy == TOFU_POLICY_NONE) + /* New binding. */ { if (record_binding (dbs, fingerprint, email, user_id, TOFU_POLICY_GOOD, 0, now) != 0) @@ -2164,7 +2165,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, */ /* Before continuing, see if the key is signed by an ultimately - trusted key. */ + * trusted key. */ { int fingerprint_raw_len = strlen (fingerprint) / 2; char fingerprint_raw[fingerprint_raw_len]; @@ -2594,13 +2595,14 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, if (rc) { log_error (_("error reading TOFU database: %s\n"), err); - print_further_info ("getting statistics"); + print_further_info ("getting signature statistics"); sqlite3_free (err); goto out; } if (strlist) { + /* We expect exactly 3 elements. */ log_assert (strlist->next); log_assert (strlist->next->next); log_assert (! strlist->next->next->next); @@ -2625,13 +2627,14 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, if (rc) { log_error (_("error reading TOFU database: %s\n"), err); - print_further_info ("getting statistics"); + print_further_info ("getting encryption statistics"); sqlite3_free (err); goto out; } if (strlist) { + /* We expect exactly 3 elements. */ log_assert (strlist->next); log_assert (strlist->next->next); log_assert (! strlist->next->next->next); @@ -2753,10 +2756,10 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, if (encryption_count == 0) log_info (_("Warning: you have yet to encrypt" - " a message to this key and user id!\n")); + " a message to this key!\n")); else if (encryption_count == 1) log_info (_("Warning: you have only encrypted" - " one message to this key and user id!\n")); + " one message to this key!\n")); /* Cf. write_stats_status */ if (sqrtu32 (encryption_count * encryption_count @@ -2930,7 +2933,7 @@ tofu_register_signature (ctrl_t ctrl, because is the primary key! */ log_debug ("SIGNATURES DB contains duplicate records" - " ." " Please report.\n", fingerprint, email, (unsigned long) sig_time, @@ -2939,7 +2942,7 @@ tofu_register_signature (ctrl_t ctrl, { if (DBG_TRUST) log_debug ("Already observed the signature and binding" - " \n", fingerprint, email, (unsigned long) sig_time, sig_digest, origin); @@ -3048,8 +3051,8 @@ tofu_register_encryption (ctrl_t ctrl, free_user_id_list = 1; if (! user_id_list) - log_info ("WARNING: Encrypting to %s, which has no" - "non-revoked user ids.\n", + log_info (_("WARNING: Encrypting to %s, which has no" + "non-revoked user ids.\n"), keystr (pk->keyid)); } @@ -3240,6 +3243,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, fingerprint = hexfingerprint (pk, NULL, 0); tofu_begin_batch_update (ctrl); + /* Start the batch transaction now. */ tofu_resume_batch_transaction (ctrl); for (user_id = user_id_list; user_id; user_id = user_id->next, bindings ++) commit 221b0bd0e5946edaea7135bc3b6f3c5c0fc6dbca Author: Neal H. Walfield Date: Fri Sep 16 15:18:56 2016 +0200 g10: Don't ignore failure. On failure, rollback. * g10/tofu.c (tofu_set_policy): If record_binding fails, fail. If the function fails, rollback the transaction. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 9a60223..495f7ef 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -3328,6 +3328,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, gpg_error_t tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) { + gpg_error_t err; time_t now = gnupg_get_time (); tofu_dbs_t dbs; PKT_public_key *pk; @@ -3370,15 +3371,26 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) email = email_from_user_id (user_id->name); - record_binding (dbs, fingerprint, email, user_id->name, policy, 1, now); + err = record_binding (dbs, fingerprint, email, user_id->name, + policy, 1, now); + if (err) + { + log_error (_("error setting policy for key %s, user id \"%s\": %s"), + fingerprint, email, gpg_strerror (err)); + xfree (email); + break; + } xfree (email); } - end_transaction (ctrl, 0); + if (err) + rollback_transaction (ctrl); + else + end_transaction (ctrl, 0); xfree (fingerprint); - return 0; + return err; } /* Set the TOFU policy for all non-revoked user ids in the KEY with commit c2e563421e4fd4f0910642aa7b171bcf0b374b01 Author: Neal H. Walfield Date: Fri Sep 16 15:17:51 2016 +0200 g10: Load the key block if the supplied user id list is NULL. * g10/tofu.c (tofu_register_encryption): Load the key block if USER_ID_LIST is NULL. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 7f07483..9a60223 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -3023,7 +3023,7 @@ tofu_register_encryption (ctrl_t ctrl, if (/* We need the key block to find the primary key. */ keyid_cmp (pk_keyid (pk), pk_main_keyid (pk)) != 0 /* We need the key block to find all user ids. */ - || user_id_list) + || ! user_id_list) kb = get_pubkeyblock (pk->keyid); /* Make sure PK is a primary key. */ commit af196342bf44ce6dc42111d37539dec7ee3b3d82 Author: Neal H. Walfield Date: Fri Sep 16 15:10:11 2016 +0200 g10: Use the accessor functions for accessing and comparing key ids * g10/tofu.c (get_trust): Use the pk_main_keyid accessor function. (tofu_register_signature): Likewise. (tofu_register_encryption): Likewise. (tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 0cd3f12..7f07483 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2058,7 +2058,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, if (opt.batch) may_ask = 0; - log_assert (keyid_cmp (pk_keyid (pk), pk->main_keyid) == 0); + log_assert (keyid_cmp (pk_keyid (pk), pk_main_keyid (pk)) == 0); /* Make sure _tofu_GET_TRUST_ERROR isn't equal to any of the trust levels. */ @@ -2877,7 +2877,7 @@ tofu_register_signature (ctrl_t ctrl, if (rc) return rc; - log_assert (keyid_cmp (pk_keyid (pk), pk->main_keyid) == 0); + log_assert (keyid_cmp (pk_keyid (pk), pk_main_keyid (pk)) == 0); sig_digest = make_radix64_string (sig_digest_bin, sig_digest_bin_len); fingerprint = hexfingerprint (pk, NULL, 0); @@ -3020,12 +3020,14 @@ tofu_register_encryption (ctrl_t ctrl, return rc; } - /* Make sure PK is a primary key. */ - if (keyid_cmp (pk_keyid (pk), pk->main_keyid) != 0 + if (/* We need the key block to find the primary key. */ + keyid_cmp (pk_keyid (pk), pk_main_keyid (pk)) != 0 + /* We need the key block to find all user ids. */ || user_id_list) kb = get_pubkeyblock (pk->keyid); - if (keyid_cmp (pk_keyid (pk), pk->main_keyid) != 0) + /* Make sure PK is a primary key. */ + if (keyid_cmp (pk_keyid (pk), pk_main_keyid (pk)) != 0) pk = kb->pkt->pkt.public_key; if (! user_id_list) @@ -3345,8 +3347,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) if (DBG_TRUST) log_debug ("Setting TOFU policy for %s to %s\n", keystr (pk->keyid), tofu_policy_str (policy)); - if (! (pk->main_keyid[0] == pk->keyid[0] - && pk->main_keyid[1] == pk->keyid[1])) + if (keyid_cmp (pk_main_keyid (pk), pk_keyid (pk)) != 0) log_bug ("%s: Passed a subkey, but expecting a primary key.\n", __func__); fingerprint = hexfingerprint (pk, NULL, 0); ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 58 ++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 20 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 15:58:36 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 16 Sep 2016 15:58:36 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-372-g6af7bee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 6af7bee076bacbc0cdfe7de342bce43ca5671b3b (commit) from a458e7fe2006d92bd5a838e2747fb66bbac4b1b8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6af7bee076bacbc0cdfe7de342bce43ca5671b3b Author: Justus Winter Date: Fri Sep 16 12:32:24 2016 +0200 python: Release the GIL during calls into GPGME. * lang/python/helpers.c (pyme_raise_callback_exception): Re-acquire the Global Interpreter Lock. (pyPassphraseCb, pyme_set_passphrase_cb, pyProgressCb, pyme_set_progress_cb, pyStatusCb, pyme_set_status_cb, _pyme_interact_cb, pyDataReadCb, pyDataWriteCb, pyDataSeekCb, pyDataReleaseCb, pyme_data_new_from_cbs, _pyme_assuan_data_cb, _pyme_assuan_inquire_cb, _pyme_assuan_status_cb): Likewise. * lang/python/setup.py.in: Make 'gpgme-config' emit the correct cflags, and SWIG generate code to release the GIL before calling us. Co-authored-by: Kai Michaelis Signed-off-by: Justus Winter diff --git a/lang/python/helpers.c b/lang/python/helpers.c index bb2128c..f9aec91 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -134,6 +134,7 @@ static void _pyme_stash_callback_exception(PyObject *weak_self) PyObject *pyme_raise_callback_exception(PyObject *self) { + PyGILState_STATE state = PyGILState_Ensure(); PyObject *ptype, *pvalue, *ptraceback, *excinfo; if (! PyObject_HasAttrString(self, EXCINFO)) @@ -173,10 +174,12 @@ PyObject *pyme_raise_callback_exception(PyObject *self) /* Restore exception. */ PyErr_Restore(ptype, pvalue, ptraceback); + PyGILState_Release(state); return NULL; /* Raise exception. */ leave: Py_INCREF(Py_None); + PyGILState_Release(state); return Py_None; } #undef EXCINFO @@ -331,6 +334,7 @@ static gpgme_error_t pyPassphraseCb(void *hook, const char *passphrase_info, int prev_was_bad, int fd) { + PyGILState_STATE state = PyGILState_Ensure(); PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; PyObject *func = NULL; @@ -433,11 +437,13 @@ static gpgme_error_t pyPassphraseCb(void *hook, _pyme_stash_callback_exception(self); Py_XDECREF(encoded); + PyGILState_Release(state); return err_status; } PyObject * pyme_set_passphrase_cb(PyObject *self, PyObject *cb) { + PyGILState_STATE state = PyGILState_Ensure(); PyObject *wrapped; gpgme_ctx_t ctx; @@ -445,6 +451,7 @@ pyme_set_passphrase_cb(PyObject *self, PyObject *cb) { if (wrapped == NULL) { assert (PyErr_Occurred ()); + PyGILState_Release(state); return NULL; } @@ -476,11 +483,13 @@ pyme_set_passphrase_cb(PyObject *self, PyObject *cb) { out: Py_INCREF(Py_None); + PyGILState_Release(state); return Py_None; } static void pyProgressCb(void *hook, const char *what, int type, int current, int total) { + PyGILState_STATE state = PyGILState_Ensure(); PyObject *func = NULL, *dataarg = NULL, *args = NULL, *retval = NULL; PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; @@ -501,6 +510,7 @@ static void pyProgressCb(void *hook, const char *what, int type, int current, if (PyErr_Occurred()) { _pyme_stash_callback_exception(self); Py_DECREF(args); + PyGILState_Release(state); return; } PyTuple_SetItem(args, 1, PyLong_FromLong((long) type)); @@ -516,10 +526,12 @@ static void pyProgressCb(void *hook, const char *what, int type, int current, _pyme_stash_callback_exception(self); Py_DECREF(args); Py_XDECREF(retval); + PyGILState_Release(state); } PyObject * pyme_set_progress_cb(PyObject *self, PyObject *cb) { + PyGILState_STATE state = PyGILState_Ensure(); PyObject *wrapped; gpgme_ctx_t ctx; @@ -527,6 +539,7 @@ pyme_set_progress_cb(PyObject *self, PyObject *cb) { if (wrapped == NULL) { assert (PyErr_Occurred ()); + PyGILState_Release(state); return NULL; } @@ -557,12 +570,14 @@ pyme_set_progress_cb(PyObject *self, PyObject *cb) { out: Py_INCREF(Py_None); + PyGILState_Release(state); return Py_None; } /* Status callbacks. */ static gpgme_error_t pyStatusCb(void *hook, const char *keyword, const char *args) { + PyGILState_STATE state = PyGILState_Ensure(); gpgme_error_t err = 0; PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; @@ -612,11 +627,13 @@ static gpgme_error_t pyStatusCb(void *hook, const char *keyword, leave: if (err) _pyme_stash_callback_exception(self); + PyGILState_Release(state); return err; } PyObject * pyme_set_status_cb(PyObject *self, PyObject *cb) { + PyGILState_STATE state = PyGILState_Ensure(); PyObject *wrapped; gpgme_ctx_t ctx; @@ -624,6 +641,7 @@ pyme_set_status_cb(PyObject *self, PyObject *cb) { if (wrapped == NULL) { assert (PyErr_Occurred ()); + PyGILState_Release(state); return NULL; } @@ -654,6 +672,7 @@ pyme_set_status_cb(PyObject *self, PyObject *cb) { out: Py_INCREF(Py_None); + PyGILState_Release(state); return Py_None; } @@ -664,6 +683,7 @@ gpgme_error_t _pyme_interact_cb(void *opaque, const char *keyword, const char *args, int fd) { + PyGILState_STATE state = PyGILState_Ensure(); PyObject *func = NULL, *dataarg = NULL, *pyargs = NULL, *retval = NULL; PyObject *py_keyword; PyObject *pyopaque = (PyObject *) opaque; @@ -737,6 +757,7 @@ _pyme_interact_cb(void *opaque, const char *keyword, _pyme_stash_callback_exception(self); Py_XDECREF(retval); + PyGILState_Release(state); return err_status; } @@ -749,6 +770,7 @@ _pyme_interact_cb(void *opaque, const char *keyword, and -1 on error. If an error occurs, errno is set. */ static ssize_t pyDataReadCb(void *hook, void *buffer, size_t size) { + PyGILState_STATE state = PyGILState_Ensure(); ssize_t result; PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; @@ -806,6 +828,7 @@ static ssize_t pyDataReadCb(void *hook, void *buffer, size_t size) leave: Py_XDECREF(retval); + PyGILState_Release(state); return result; } @@ -814,6 +837,7 @@ static ssize_t pyDataReadCb(void *hook, void *buffer, size_t size) on error. If an error occurs, errno is set. */ static ssize_t pyDataWriteCb(void *hook, const void *buffer, size_t size) { + PyGILState_STATE state = PyGILState_Ensure(); ssize_t result; PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; @@ -865,6 +889,7 @@ static ssize_t pyDataWriteCb(void *hook, const void *buffer, size_t size) leave: Py_XDECREF(retval); + PyGILState_Release(state); return result; } @@ -874,6 +899,7 @@ static ssize_t pyDataWriteCb(void *hook, const void *buffer, size_t size) data object. */ static off_t pyDataSeekCb(void *hook, off_t offset, int whence) { + PyGILState_STATE state = PyGILState_Ensure(); off_t result; PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; @@ -934,12 +960,14 @@ static off_t pyDataSeekCb(void *hook, off_t offset, int whence) leave: Py_XDECREF(retval); + PyGILState_Release(state); return result; } /* Close the data object with the handle HOOK. */ static void pyDataReleaseCb(void *hook) { + PyGILState_STATE state = PyGILState_Ensure(); PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; PyObject *func = NULL; @@ -969,6 +997,7 @@ static void pyDataReleaseCb(void *hook) Py_DECREF(pyargs); if (PyErr_Occurred()) _pyme_stash_callback_exception(self); + PyGILState_Release(state); } PyObject * @@ -976,6 +1005,7 @@ pyme_data_new_from_cbs(PyObject *self, PyObject *pycbs, gpgme_data_t *r_data) { + PyGILState_STATE state = PyGILState_Ensure(); static struct gpgme_data_cbs cbs = { pyDataReadCb, pyDataWriteCb, @@ -997,6 +1027,7 @@ pyme_data_new_from_cbs(PyObject *self, PyObject_SetAttrString(self, "_data_cbs", pycbs); Py_INCREF(Py_None); + PyGILState_Release(state); return Py_None; } @@ -1007,6 +1038,7 @@ pyme_data_new_from_cbs(PyObject *self, gpgme_error_t _pyme_assuan_data_cb (void *hook, const void *data, size_t datalen) { + PyGILState_STATE state = PyGILState_Ensure(); gpgme_error_t err = 0; PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; @@ -1036,6 +1068,7 @@ _pyme_assuan_data_cb (void *hook, const void *data, size_t datalen) leave: if (err) _pyme_stash_callback_exception(self); + PyGILState_Release(state); return err; } @@ -1043,6 +1076,7 @@ gpgme_error_t _pyme_assuan_inquire_cb (void *hook, const char *name, const char *args, gpgme_data_t *r_data) { + PyGILState_STATE state = PyGILState_Ensure(); gpgme_error_t err = 0; PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; @@ -1084,12 +1118,14 @@ _pyme_assuan_inquire_cb (void *hook, const char *name, const char *args, Py_XDECREF(py_args); if (err) _pyme_stash_callback_exception(self); + PyGILState_Release(state); return err; } gpgme_error_t _pyme_assuan_status_cb (void *hook, const char *status, const char *args) { + PyGILState_STATE state = PyGILState_Ensure(); gpgme_error_t err = 0; PyObject *pyhook = (PyObject *) hook; PyObject *self = NULL; @@ -1128,5 +1164,6 @@ _pyme_assuan_status_cb (void *hook, const char *status, const char *args) Py_XDECREF(py_args); if (err) _pyme_stash_callback_exception(self); + PyGILState_Release(state); return err; } diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index 933e780..d513c49 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -24,8 +24,9 @@ import glob import subprocess # Out-of-tree build of the pyme3 bindings. -gpg_error_config = "gpg-error-config" -gpgme_config = "gpgme-config" +gpg_error_config = ["gpg-error-config"] +gpgme_config_flags = ["--thread=pthread"] +gpgme_config = ["gpgme-config"] + gpgme_config_flags gpgme_h = "" library_dirs = [] in_tree = False @@ -35,7 +36,7 @@ extra_macros = dict() if os.path.exists("../../src/gpgme-config"): # In-tree build. in_tree = True - gpgme_config = "../../src/gpgme-config" + gpgme_config = ["../../src/gpgme-config"] + gpgme_config_flags gpgme_h = "../../src/gpgme.h" library_dirs = ["../../src/.libs"] # XXX uses libtool internals extra_macros.update( @@ -49,21 +50,21 @@ else: devnull = open(os.devnull, "w") try: - subprocess.check_call([gpg_error_config, '--version'], + subprocess.check_call(gpg_error_config + ['--version'], stdout=devnull) except: sys.exit("Could not find gpg-error-config. " + "Please install the libgpg-error development package.") try: - subprocess.check_call([gpgme_config, '--version'], + subprocess.check_call(gpgme_config + ['--version'], stdout=devnull) except: sys.exit("Could not find gpgme-config. " + "Please install the libgpgme development package.") def getconfig(what, config=gpgme_config): - confdata = subprocess.Popen([config, "--%s" % what], + confdata = subprocess.Popen(config + ["--%s" % what], stdout=subprocess.PIPE).communicate()[0] return [x for x in confdata.decode('utf-8').split() if x != ''] @@ -151,7 +152,7 @@ class BuildExtFirstHack(build): build.run(self) swige = Extension("pyme._gpgme", ["gpgme.i", "helpers.c"], - swig_opts = ['-py3', '-builtin', + swig_opts = ['-py3', '-builtin', '-threads', '-outdir', 'pyme'] + extra_swig_opts, include_dirs = include_dirs, define_macros = define_macros, ----------------------------------------------------------------------- Summary of changes: lang/python/helpers.c | 37 +++++++++++++++++++++++++++++++++++++ lang/python/setup.py.in | 15 ++++++++------- 2 files changed, 45 insertions(+), 7 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 16:04:02 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 16 Sep 2016 16:04:02 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-375-gbd24db3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via bd24db313d860ae46d37776dcf1067455d1b9880 (commit) via b615316168f4d33311909d4056b236d13c69488f (commit) via 3d6340e8c59ee11a95e03fb213ad9b228be47833 (commit) from 6af7bee076bacbc0cdfe7de342bce43ca5671b3b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bd24db313d860ae46d37776dcf1067455d1b9880 Author: Werner Koch Date: Fri Sep 16 15:59:54 2016 +0200 cpp: Silence use of deprecated function warning. * lang/cpp/src/context.cpp (GpgME): Use pragma to silence wardning. Signed-off-by: Werner Koch diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 564cff5..1e134a0 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -693,6 +693,10 @@ Error Context::startPasswd(const Key &key) return Error(d->lasterr = gpgme_op_passwd_start(d->ctx, key.impl(), 0U)); } + +#pragma GCC push_diagnostics +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + Error Context::edit(const Key &key, std::unique_ptr func, Data &data) { d->lastop = Private::Edit; @@ -704,6 +708,7 @@ Error Context::edit(const Key &key, std::unique_ptr func, Data & dp ? dp->data : 0)); } + Error Context::startEditing(const Key &key, std::unique_ptr func, Data &data) { d->lastop = Private::Edit; @@ -715,6 +720,7 @@ Error Context::startEditing(const Key &key, std::unique_ptr func dp ? dp->data : 0)); } + EditInteractor *Context::lastEditInteractor() const { return d->lastEditInteractor.get(); @@ -725,6 +731,7 @@ std::unique_ptr Context::takeLastEditInteractor() return std::move(d->lastEditInteractor); } + Error Context::cardEdit(const Key &key, std::unique_ptr func, Data &data) { d->lastop = Private::CardEdit; @@ -747,6 +754,8 @@ Error Context::startCardEditing(const Key &key, std::unique_ptr dp ? dp->data : 0)); } +#pragma GCC pop_diagnostics + EditInteractor *Context::lastCardEditInteractor() const { return d->lastCardEditInteractor.get(); commit b615316168f4d33311909d4056b236d13c69488f Author: Werner Koch Date: Fri Sep 16 15:59:07 2016 +0200 core: Document the version a function has been deprecated. * src/gpgme.h.in (_GPGME_DEPRECATED): Change to take versio numbers for documentation. Change all places. (_GPGME_DEPRECATED_OUTSIDE_GPGME): Ditto. * lang/python/gpgme-h-clean.py: Adjust RE. Signed-off-by: Werner Koch diff --git a/lang/python/gpgme-h-clean.py b/lang/python/gpgme-h-clean.py index 0ec7ab5..52f8676 100755 --- a/lang/python/gpgme-h-clean.py +++ b/lang/python/gpgme-h-clean.py @@ -27,7 +27,7 @@ if len(sys.argv) != 2: sys.exit(1) deprec_func = re.compile(r'^(.*typedef.*|.*\(.*\)|[^#]+\s+.+)' - + r'\s*_GPGME_DEPRECATED(_OUTSIDE_GPGME)?;\s*', + + r'\s*_GPGME_DEPRECATED(_OUTSIDE_GPGME)?\(.*\);\s*', re.S) line_break = re.compile(';|\\$|\\x0c|^\s*#|{'); diff --git a/src/gpgme.h.in b/src/gpgme.h.in index b28a643..548d360 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -67,29 +67,31 @@ extern "C" { #endif +/* The deprecated macro takes the version number of GPGME which + * introduced the deprecation as parameter for documentation. */ #ifdef GPGRT_ATTR_DEPRECATED -# define _GPGME_DEPRECATED GPGRT_ATTR_DEPRECATED +# define _GPGME_DEPRECATED(a,b) GPGRT_ATTR_DEPRECATED #elif defined(__GNUC__) # define _GPGME_GCC_VERSION (__GNUC__ * 10000 \ + __GNUC_MINOR__ * 100 \ + __GNUC_PATCHLEVEL__) # if _GPGME_GCC_VERSION > 30100 -# define _GPGME_DEPRECATED __attribute__ ((__deprecated__)) +# define _GPGME_DEPRECATED(a,b) __attribute__ ((__deprecated__)) # else -# define _GPGME_DEPRECATED +# define _GPGME_DEPRECATED(a,b) # endif #else -# define _GPGME_DEPRECATED +# define _GPGME_DEPRECATED(a,b) #endif /* The macro _GPGME_DEPRECATED_OUTSIDE_GPGME suppresses warnings for fields we must access in GPGME for ABI compatibility. */ #ifdef _GPGME_IN_GPGME -#define _GPGME_DEPRECATED_OUTSIDE_GPGME +#define _GPGME_DEPRECATED_OUTSIDE_GPGME(a,b) #else -#define _GPGME_DEPRECATED_OUTSIDE_GPGME _GPGME_DEPRECATED +#define _GPGME_DEPRECATED_OUTSIDE_GPGME(a,b) _GPGME_DEPRECATED(a,b) #endif @@ -307,7 +309,7 @@ typedef enum GPGME_SIG_STAT_GOOD_EXPKEY = 8 } _gpgme_sig_stat_t; -typedef _gpgme_sig_stat_t gpgme_sig_stat_t _GPGME_DEPRECATED; +typedef _gpgme_sig_stat_t gpgme_sig_stat_t _GPGME_DEPRECATED(0,4); /* The available signature modes. */ @@ -358,7 +360,7 @@ typedef enum GPGME_ATTR_SIG_CLASS = 32 } _gpgme_attr_t; -typedef _gpgme_attr_t gpgme_attr_t _GPGME_DEPRECATED; +typedef _gpgme_attr_t gpgme_attr_t _GPGME_DEPRECATED(0,4); /* The available validities for a trust item or key. */ @@ -777,10 +779,10 @@ struct _gpgme_key_sig gpgme_error_t status; #ifdef __cplusplus - unsigned int _obsolete_class _GPGME_DEPRECATED; + unsigned int _obsolete_class _GPGME_DEPRECATED(0,4); #else /* Must be set to SIG_CLASS below. */ - unsigned int class _GPGME_DEPRECATED_OUTSIDE_GPGME; + unsigned int class _GPGME_DEPRECATED_OUTSIDE_GPGME(0,4); #endif /* The user ID string. */ @@ -1124,7 +1126,7 @@ gpgme_key_t gpgme_signers_enum (const gpgme_ctx_t ctx, int seq); Deprecated, use verify result directly. */ const char *gpgme_get_sig_status (gpgme_ctx_t ctx, int idx, _gpgme_sig_stat_t *r_stat, - time_t *r_created) _GPGME_DEPRECATED; + time_t *r_created) _GPGME_DEPRECATED(0,4); /* Retrieve certain attributes of a signature. IDX is the index number of the signature after a successful verify operation. WHAT @@ -1132,16 +1134,16 @@ const char *gpgme_get_sig_status (gpgme_ctx_t ctx, int idx, one. WHATIDX is to be passed as 0 for most attributes . */ unsigned long gpgme_get_sig_ulong_attr (gpgme_ctx_t c, int idx, _gpgme_attr_t what, int whatidx) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); const char *gpgme_get_sig_string_attr (gpgme_ctx_t c, int idx, _gpgme_attr_t what, int whatidx) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); /* Get the key used to create signature IDX in CTX and return it in R_KEY. */ gpgme_error_t gpgme_get_sig_key (gpgme_ctx_t ctx, int idx, gpgme_key_t *r_key) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); /* Clear all notation data from the context. */ @@ -1356,7 +1358,7 @@ gpgme_error_t gpgme_data_new_with_read_cb (gpgme_data_t *r_dh, int (*read_cb) (void*,char *, size_t,size_t*), void *read_cb_value) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); /* Create a new data buffer filled with the content of file FNAME. COPY must be non-zero. For delayed read, please use @@ -1374,7 +1376,7 @@ gpgme_error_t gpgme_data_new_from_filepart (gpgme_data_t *r_dh, /* Reset the read pointer in DH. Deprecated, please use gpgme_data_seek instead. */ -gpgme_error_t gpgme_data_rewind (gpgme_data_t dh) _GPGME_DEPRECATED; +gpgme_error_t gpgme_data_rewind (gpgme_data_t dh) _GPGME_DEPRECATED(0,4); @@ -1404,7 +1406,7 @@ void gpgme_key_release (gpgme_key_t key); key structure directly instead. */ const char *gpgme_key_get_string_attr (gpgme_key_t key, _gpgme_attr_t what, const void *reserved, int idx) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of KEY, which has to be representable by an unsigned integer. IDX specifies the sub key or @@ -1412,7 +1414,7 @@ const char *gpgme_key_get_string_attr (gpgme_key_t key, _gpgme_attr_t what, Deprecated, use key structure directly instead. */ unsigned long gpgme_key_get_ulong_attr (gpgme_key_t key, _gpgme_attr_t what, const void *reserved, int idx) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of a signature on user ID UID_IDX in KEY, which has to be representable by a string. IDX @@ -1421,7 +1423,7 @@ unsigned long gpgme_key_get_ulong_attr (gpgme_key_t key, _gpgme_attr_t what, const char *gpgme_key_sig_get_string_attr (gpgme_key_t key, int uid_idx, _gpgme_attr_t what, const void *reserved, int idx) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of a signature on user ID UID_IDX in KEY, which has to be representable by an unsigned @@ -1430,7 +1432,7 @@ const char *gpgme_key_sig_get_string_attr (gpgme_key_t key, int uid_idx, unsigned long gpgme_key_sig_get_ulong_attr (gpgme_key_t key, int uid_idx, _gpgme_attr_t what, const void *reserved, int idx) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); @@ -1572,7 +1574,7 @@ struct _gpgme_new_signature unsigned int _obsolete_class_2; #else /* Must be set to SIG_CLASS below. */ - unsigned int class _GPGME_DEPRECATED_OUTSIDE_GPGME; + unsigned int class _GPGME_DEPRECATED_OUTSIDE_GPGME(0,4); #endif /* Crypto backend specific signature class. */ @@ -1783,7 +1785,7 @@ gpgme_import_result_t gpgme_op_import_result (gpgme_ctx_t ctx); gpgme_error_t gpgme_op_import_start (gpgme_ctx_t ctx, gpgme_data_t keydata); gpgme_error_t gpgme_op_import (gpgme_ctx_t ctx, gpgme_data_t keydata); gpgme_error_t gpgme_op_import_ext (gpgme_ctx_t ctx, gpgme_data_t keydata, - int *nr) _GPGME_DEPRECATED; + int *nr) _GPGME_DEPRECATED(0,4); /* Import the keys from the array KEYS into the keyring. */ gpgme_error_t gpgme_op_import_keys_start (gpgme_ctx_t ctx, gpgme_key_t keys[]); @@ -1976,16 +1978,18 @@ gpgme_error_t gpgme_op_interact (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_error_t gpgme_op_edit_start (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, - gpgme_data_t out) _GPGME_DEPRECATED; -gpgme_error_t gpgme_op_edit (gpgme_ctx_t ctx, gpgme_key_t key, - gpgme_edit_cb_t fnc, void *fnc_value, - gpgme_data_t out) _GPGME_DEPRECATED; + gpgme_data_t out) _GPGME_DEPRECATED(1,7); +gpgme_error_t gpgme_op_edit (gpgme_ctx_t ctx, gpgme_key_t key, + gpgme_edit_cb_t fnc, void *fnc_value, + gpgme_data_t out) _GPGME_DEPRECATED(1,7); gpgme_error_t gpgme_op_card_edit_start (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, - gpgme_data_t out) _GPGME_DEPRECATED; -gpgme_error_t gpgme_op_card_edit (gpgme_ctx_t ctx, gpgme_key_t key, - gpgme_edit_cb_t fnc, void *fnc_value, - gpgme_data_t out) _GPGME_DEPRECATED; + gpgme_data_t out) + _GPGME_DEPRECATED(1,7); +gpgme_error_t gpgme_op_card_edit (gpgme_ctx_t ctx, gpgme_key_t key, + gpgme_edit_cb_t fnc, void *fnc_value, + gpgme_data_t out) + _GPGME_DEPRECATED(1,7); /* Set the Tofu policy of KEY to POLCIY. */ @@ -2098,7 +2102,7 @@ void gpgme_trust_item_unref (gpgme_trust_item_t item); /* Release the trust item ITEM. Deprecated, use gpgme_trust_item_unref. */ -void gpgme_trust_item_release (gpgme_trust_item_t item) _GPGME_DEPRECATED; +void gpgme_trust_item_release (gpgme_trust_item_t item) _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of ITEM, which has to be representable by a string. Deprecated, use trust item structure @@ -2106,7 +2110,7 @@ void gpgme_trust_item_release (gpgme_trust_item_t item) _GPGME_DEPRECATED; const char *gpgme_trust_item_get_string_attr (gpgme_trust_item_t item, _gpgme_attr_t what, const void *reserved, int idx) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of KEY, which has to be representable by an integer. IDX specifies a running index if the @@ -2114,7 +2118,7 @@ const char *gpgme_trust_item_get_string_attr (gpgme_trust_item_t item, item structure directly. */ int gpgme_trust_item_get_int_attr (gpgme_trust_item_t item, _gpgme_attr_t what, const void *reserved, int idx) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(0,4); @@ -2197,14 +2201,14 @@ struct _gpgme_op_assuan_result { /* Deprecated. Use the second value in a DONE event or the synchronous variant gpgme_op_assuan_transact_ext. */ - gpgme_error_t err _GPGME_DEPRECATED_OUTSIDE_GPGME; + gpgme_error_t err _GPGME_DEPRECATED_OUTSIDE_GPGME(1,2); }; typedef struct _gpgme_op_assuan_result *gpgme_assuan_result_t; /* Return the result of the last Assuan command. */ gpgme_assuan_result_t gpgme_op_assuan_result (gpgme_ctx_t ctx) - _GPGME_DEPRECATED; + _GPGME_DEPRECATED(1,2); gpgme_error_t gpgme_op_assuan_transact (gpgme_ctx_t ctx, @@ -2214,7 +2218,7 @@ gpgme_op_assuan_transact (gpgme_ctx_t ctx, gpgme_assuan_inquire_cb_t inq_cb, void *inq_cb_value, gpgme_assuan_status_cb_t status_cb, - void *status_cb_value) _GPGME_DEPRECATED; + void *status_cb_value) _GPGME_DEPRECATED(1,2); /* @@ -2472,44 +2476,44 @@ const char *gpgme_hash_algo_name (gpgme_hash_algo_t algo); /* * Deprecated types. */ -typedef gpgme_ctx_t GpgmeCtx _GPGME_DEPRECATED; -typedef gpgme_data_t GpgmeData _GPGME_DEPRECATED; -typedef gpgme_error_t GpgmeError _GPGME_DEPRECATED; -typedef gpgme_data_encoding_t GpgmeDataEncoding _GPGME_DEPRECATED; -typedef gpgme_pubkey_algo_t GpgmePubKeyAlgo _GPGME_DEPRECATED; -typedef gpgme_hash_algo_t GpgmeHashAlgo _GPGME_DEPRECATED; -typedef gpgme_sig_stat_t GpgmeSigStat _GPGME_DEPRECATED; -typedef gpgme_sig_mode_t GpgmeSigMode _GPGME_DEPRECATED; -typedef gpgme_attr_t GpgmeAttr _GPGME_DEPRECATED; -typedef gpgme_validity_t GpgmeValidity _GPGME_DEPRECATED; -typedef gpgme_protocol_t GpgmeProtocol _GPGME_DEPRECATED; -typedef gpgme_engine_info_t GpgmeEngineInfo _GPGME_DEPRECATED; -typedef gpgme_subkey_t GpgmeSubkey _GPGME_DEPRECATED; -typedef gpgme_key_sig_t GpgmeKeySig _GPGME_DEPRECATED; -typedef gpgme_user_id_t GpgmeUserID _GPGME_DEPRECATED; -typedef gpgme_key_t GpgmeKey _GPGME_DEPRECATED; -typedef gpgme_passphrase_cb_t GpgmePassphraseCb _GPGME_DEPRECATED; -typedef gpgme_progress_cb_t GpgmeProgressCb _GPGME_DEPRECATED; -typedef gpgme_io_cb_t GpgmeIOCb _GPGME_DEPRECATED; -typedef gpgme_register_io_cb_t GpgmeRegisterIOCb _GPGME_DEPRECATED; -typedef gpgme_remove_io_cb_t GpgmeRemoveIOCb _GPGME_DEPRECATED; -typedef gpgme_event_io_t GpgmeEventIO _GPGME_DEPRECATED; -typedef gpgme_event_io_cb_t GpgmeEventIOCb _GPGME_DEPRECATED; +typedef gpgme_ctx_t GpgmeCtx _GPGME_DEPRECATED(0,4); +typedef gpgme_data_t GpgmeData _GPGME_DEPRECATED(0,4); +typedef gpgme_error_t GpgmeError _GPGME_DEPRECATED(0,4); +typedef gpgme_data_encoding_t GpgmeDataEncoding _GPGME_DEPRECATED(0,4); +typedef gpgme_pubkey_algo_t GpgmePubKeyAlgo _GPGME_DEPRECATED(0,4); +typedef gpgme_hash_algo_t GpgmeHashAlgo _GPGME_DEPRECATED(0,4); +typedef gpgme_sig_stat_t GpgmeSigStat _GPGME_DEPRECATED(0,4); +typedef gpgme_sig_mode_t GpgmeSigMode _GPGME_DEPRECATED(0,4); +typedef gpgme_attr_t GpgmeAttr _GPGME_DEPRECATED(0,4); +typedef gpgme_validity_t GpgmeValidity _GPGME_DEPRECATED(0,4); +typedef gpgme_protocol_t GpgmeProtocol _GPGME_DEPRECATED(0,4); +typedef gpgme_engine_info_t GpgmeEngineInfo _GPGME_DEPRECATED(0,4); +typedef gpgme_subkey_t GpgmeSubkey _GPGME_DEPRECATED(0,4); +typedef gpgme_key_sig_t GpgmeKeySig _GPGME_DEPRECATED(0,4); +typedef gpgme_user_id_t GpgmeUserID _GPGME_DEPRECATED(0,4); +typedef gpgme_key_t GpgmeKey _GPGME_DEPRECATED(0,4); +typedef gpgme_passphrase_cb_t GpgmePassphraseCb _GPGME_DEPRECATED(0,4); +typedef gpgme_progress_cb_t GpgmeProgressCb _GPGME_DEPRECATED(0,4); +typedef gpgme_io_cb_t GpgmeIOCb _GPGME_DEPRECATED(0,4); +typedef gpgme_register_io_cb_t GpgmeRegisterIOCb _GPGME_DEPRECATED(0,4); +typedef gpgme_remove_io_cb_t GpgmeRemoveIOCb _GPGME_DEPRECATED(0,4); +typedef gpgme_event_io_t GpgmeEventIO _GPGME_DEPRECATED(0,4); +typedef gpgme_event_io_cb_t GpgmeEventIOCb _GPGME_DEPRECATED(0,4); #define GpgmeIOCbs gpgme_io_cbs -typedef gpgme_data_read_cb_t GpgmeDataReadCb _GPGME_DEPRECATED; -typedef gpgme_data_write_cb_t GpgmeDataWriteCb _GPGME_DEPRECATED; -typedef gpgme_data_seek_cb_t GpgmeDataSeekCb _GPGME_DEPRECATED; -typedef gpgme_data_release_cb_t GpgmeDataReleaseCb _GPGME_DEPRECATED; +typedef gpgme_data_read_cb_t GpgmeDataReadCb _GPGME_DEPRECATED(0,4); +typedef gpgme_data_write_cb_t GpgmeDataWriteCb _GPGME_DEPRECATED(0,4); +typedef gpgme_data_seek_cb_t GpgmeDataSeekCb _GPGME_DEPRECATED(0,4); +typedef gpgme_data_release_cb_t GpgmeDataReleaseCb _GPGME_DEPRECATED(0,4); #define GpgmeDataCbs gpgme_data_cbs -typedef gpgme_encrypt_result_t GpgmeEncryptResult _GPGME_DEPRECATED; -typedef gpgme_sig_notation_t GpgmeSigNotation _GPGME_DEPRECATED; -typedef gpgme_signature_t GpgmeSignature _GPGME_DEPRECATED; -typedef gpgme_verify_result_t GpgmeVerifyResult _GPGME_DEPRECATED; -typedef gpgme_import_status_t GpgmeImportStatus _GPGME_DEPRECATED; -typedef gpgme_import_result_t GpgmeImportResult _GPGME_DEPRECATED; -typedef gpgme_genkey_result_t GpgmeGenKeyResult _GPGME_DEPRECATED; -typedef gpgme_trust_item_t GpgmeTrustItem _GPGME_DEPRECATED; -typedef gpgme_status_code_t GpgmeStatusCode _GPGME_DEPRECATED; +typedef gpgme_encrypt_result_t GpgmeEncryptResult _GPGME_DEPRECATED(0,4); +typedef gpgme_sig_notation_t GpgmeSigNotation _GPGME_DEPRECATED(0,4); +typedef gpgme_signature_t GpgmeSignature _GPGME_DEPRECATED(0,4); +typedef gpgme_verify_result_t GpgmeVerifyResult _GPGME_DEPRECATED(0,4); +typedef gpgme_import_status_t GpgmeImportStatus _GPGME_DEPRECATED(0,4); +typedef gpgme_import_result_t GpgmeImportResult _GPGME_DEPRECATED(0,4); +typedef gpgme_genkey_result_t GpgmeGenKeyResult _GPGME_DEPRECATED(0,4); +typedef gpgme_trust_item_t GpgmeTrustItem _GPGME_DEPRECATED(0,4); +typedef gpgme_status_code_t GpgmeStatusCode _GPGME_DEPRECATED(0,4); #ifdef __cplusplus } commit 3d6340e8c59ee11a95e03fb213ad9b228be47833 Author: Werner Koch Date: Fri Sep 16 15:06:26 2016 +0200 core: Map GPGME_STATUS_EOF to the empty string. * src/status-table.c (_gpgme_status_to_string): Return "" for EOF. * src/engine-gpg.c (read_status): Ditto. The old code accidently used GPGME_STATUS_EOF which is the integer 0 and neiteyr NULL nor a string. Signed-off-by: Werner Koch diff --git a/doc/gpgme.texi b/doc/gpgme.texi index dc5a140..18fb6d5 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -4464,12 +4464,13 @@ could not be started. @tindex gpgme_interact_cb_t The @code{gpgme_interact_cb_t} type is the type of functions which @acronym{GPGME} calls if it a key interact operation is on-going. The -status keyword @var{status} and the argument line @var{args} are passed -through by @acronym{GPGME} from the crypto engine. The file -descriptor @var{fd} is -1 for normal status messages. If @var{status} -indicates a command rather than a status message, the response to the -command should be written to @var{fd}. The @var{handle} is provided -by the user at start of operation. +status keyword @var{status} and the argument line @var{args} are +passed through by @acronym{GPGME} from the crypto engine. An empty +string represents EOF. The file descriptor @var{fd} is -1 for normal +status messages. If @var{status} indicates a command rather than a +status message, the response to the command should be written to + at var{fd}. The @var{handle} is provided by the user at start of +operation. The function should return @code{GPG_ERR_FALSE} if it did not handle the status code, @code{0} for success, or any other error value. diff --git a/src/engine-gpg.c b/src/engine-gpg.c index a7431d5..025657a 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1095,8 +1095,7 @@ read_status (engine_gpg_t gpg) err = 0; gpg->status.eof = 1; if (gpg->status.mon_cb) - err = gpg->status.mon_cb (gpg->status.mon_cb_value, - GPGME_STATUS_EOF, ""); + err = gpg->status.mon_cb (gpg->status.mon_cb_value, "", ""); if (gpg->status.fnc) { char emptystring[1] = {0}; diff --git a/src/status-table.c b/src/status-table.c index f44a08f..c9bf357 100644 --- a/src/status-table.c +++ b/src/status-table.c @@ -178,6 +178,6 @@ _gpgme_status_to_string (gpgme_status_code_t code) for (i=0; i < DIM(status_table); i++) if (status_table[i].code == code) - return status_table[i].name; + return status_table[i].name? status_table[i].name : ""; return "status_code_lost"; } ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 13 ++-- lang/cpp/src/context.cpp | 9 +++ lang/python/gpgme-h-clean.py | 2 +- src/engine-gpg.c | 3 +- src/gpgme.h.in | 148 ++++++++++++++++++++++--------------------- src/status-table.c | 2 +- 6 files changed, 95 insertions(+), 82 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 17:00:17 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 16 Sep 2016 17:00:17 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-379-ga8ff34f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a8ff34fc3025af4079cede7f8f9fdf40189b8638 (commit) via 77aecfb5c97cea1a99f1ff627748cf71767bac5c (commit) via 4d384d7bfef044094695271576ca233625bb520a (commit) via 32baac8cdec6fee51bdfc3c55cb2ee141e086df4 (commit) from bd24db313d860ae46d37776dcf1067455d1b9880 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a8ff34fc3025af4079cede7f8f9fdf40189b8638 Author: Andre Heinecke Date: Fri Sep 16 16:58:00 2016 +0200 qt: Add test for setting tofu policy * lang/qt/tests/t-tofuinfo.cpp (testTofuPolicy): New. diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index 2e1f1f8..f40bf21 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -33,6 +33,7 @@ #include #include "protocol.h" #include "tofuinfo.h" +#include "tofupolicyjob.h" #include "verifyopaquejob.h" #include "verificationresult.h" #include "signingresult.h" @@ -285,6 +286,41 @@ private Q_SLOTS: Q_ASSERT(info.signCount()); } + void testTofuPolicy() + { + if (!testSupported()) { + return; + } + + /* First check that the key has no tofu info. */ + auto *job = openpgp()->keyListJob(false, false, false); + std::vector keys; + job->addMode(GpgME::WithTofu); + auto result = job->exec(QStringList() << QStringLiteral("bravo at example.net"), + false, keys); + + Q_ASSERT(!keys.empty()); + auto key = keys[0]; + Q_ASSERT(!key.isNull()); + Q_ASSERT(key.userID(0).tofuInfo().policy() != TofuInfo::PolicyBad); + auto *tofuJob = openpgp()->tofuPolicyJob(); + auto err = tofuJob->exec(key, TofuInfo::PolicyBad); + Q_ASSERT(!err); + result = job->exec(QStringList() << QStringLiteral("bravo at example.net"), + false, keys); + Q_ASSERT(!keys.empty()); + key = keys[0]; + Q_ASSERT(key.userID(0).tofuInfo().policy() == TofuInfo::PolicyBad); + err = tofuJob->exec(key, TofuInfo::PolicyGood); + + result = job->exec(QStringList() << QStringLiteral("bravo at example.net"), + false, keys); + key = keys[0]; + Q_ASSERT(key.userID(0).tofuInfo().policy() == TofuInfo::PolicyGood); + delete tofuJob; + delete job; + } + void initTestCase() { QGpgMETest::initTestCase(); commit 77aecfb5c97cea1a99f1ff627748cf71767bac5c Author: Andre Heinecke Date: Fri Sep 16 16:55:25 2016 +0200 qt: Add job for tofupolicy * lang/qt/src/job.cpp, lang/qt/src/protocol.h, lang/qt/src/protocol_p.h: Register job. * lang/qt/src/qgpgmetofupolicyjob.cpp, lang/qt/src/qgpgmetofupolicyjob.h, lang/qt/src/tofupolicyjob.h: New. * lang/qt/src/Makefile.am: Update accordingly. diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index f63b295..c15da18 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -34,6 +34,7 @@ qgpgme_sources = \ qgpgmesignjob.cpp qgpgmesignkeyjob.cpp qgpgmeverifydetachedjob.cpp \ qgpgmeverifyopaquejob.cpp threadedjobmixin.cpp \ qgpgmekeyformailboxjob.cpp gpgme_backend_debug.cpp \ + qgpgmetofupolicyjob.cpp \ defaultkeygenerationjob.cpp qgpgmewkspublishjob.cpp # If you add one here make sure that you also add one in camelcase @@ -69,6 +70,7 @@ qgpgme_headers= \ listallkeysjob.h \ verifydetachedjob.h \ defaultkeygenerationjob.h \ + tofupolicyjob.h \ wkspublishjob.h camelcase_headers= \ @@ -102,7 +104,8 @@ camelcase_headers= \ VerifyDetachedJob \ KeyForMailboxJob \ DefaultKeyGenerationJob \ - WKSPublishJob + WKSPublishJob \ + TofuPolicyJob private_qgpgme_headers = \ qgpgme_export.h \ @@ -133,6 +136,7 @@ private_qgpgme_headers = \ qgpgmeverifyopaquejob.h \ qgpgmekeyformailboxjob.h \ qgpgmewkspublishjob.h \ + qgpgmetofupolicyjob.h \ specialjob.h \ threadedjobmixin.h @@ -179,6 +183,8 @@ qgpgme_moc_sources = \ qgpgmeverifydetachedjob.moc \ qgpgmeverifyopaquejob.moc \ qgpgmewkspublishjob.moc \ + tofupolicyjob.moc \ + qgpgmetofupolicyjob.moc \ refreshkeysjob.moc \ signencryptjob.moc \ signjob.moc \ diff --git a/lang/qt/src/job.cpp b/lang/qt/src/job.cpp index 6b355a0..8936ea5 100644 --- a/lang/qt/src/job.cpp +++ b/lang/qt/src/job.cpp @@ -57,6 +57,7 @@ #include "specialjob.h" #include "keyformailboxjob.h" #include "wkspublishjob.h" +#include "tofupolicyjob.h" #include #include @@ -124,6 +125,7 @@ make_job_subclass(AddUserIDJob) make_job_subclass(SpecialJob) make_job_subclass(KeyForMailboxJob) make_job_subclass(WKSPublishJob) +make_job_subclass(TofuPolicyJob) #undef make_job_subclass @@ -154,3 +156,4 @@ make_job_subclass(WKSPublishJob) #include "specialjob.moc" #include "keyformailboxjob.moc" #include "wkspublishjob.moc" +#include "tofupolicyjob.moc" diff --git a/lang/qt/src/protocol.h b/lang/qt/src/protocol.h index b2dee1d..40ddcb5 100644 --- a/lang/qt/src/protocol.h +++ b/lang/qt/src/protocol.h @@ -64,6 +64,7 @@ class AddUserIDJob; class SpecialJob; class KeyForMailboxJob; class WKSPublishJob; +class TofuPolicyJob; /** The main entry point for QGpgME Comes in OpenPGP and SMIME(CMS) flavors. * @@ -152,6 +153,9 @@ public: /** A Job for interacting with gnupg's wks tools. */ virtual WKSPublishJob *wksPublishJob() const = 0; + + /** A Job to set tofu policy */ + virtual TofuPolicyJob *tofuPolicyJob() const = 0; }; /** Obtain a reference to the OpenPGP Protocol. diff --git a/lang/qt/src/protocol_p.h b/lang/qt/src/protocol_p.h index 2ce4182..7f66fa4 100644 --- a/lang/qt/src/protocol_p.h +++ b/lang/qt/src/protocol_p.h @@ -58,6 +58,7 @@ #include "qgpgmeadduseridjob.h" #include "qgpgmekeyformailboxjob.h" #include "qgpgmewkspublishjob.h" +#include "qgpgmetofupolicyjob.h" namespace { @@ -400,6 +401,18 @@ public: } return new QGpgME::QGpgMEWKSPublishJob(context.release()); } + + QGpgME::TofuPolicyJob *tofuPolicyJob() const Q_DECL_OVERRIDE + { + if (mProtocol != GpgME::OpenPGP) { + return Q_NULLPTR; + } + GpgME::Context *context = GpgME::Context::createForProtocol(mProtocol); + if (!context) { + return Q_NULLPTR; + } + return new QGpgME::QGpgMETofuPolicyJob(context); + } }; } diff --git a/lang/qt/src/qgpgmetofupolicyjob.cpp b/lang/qt/src/qgpgmetofupolicyjob.cpp new file mode 100644 index 0000000..a24c946 --- /dev/null +++ b/lang/qt/src/qgpgmetofupolicyjob.cpp @@ -0,0 +1,65 @@ +/* qgpgmetofupolicyjob.cpp + + Copyright (c) 2016 Intevation GmbH + + QGpgME is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + QGpgME is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + In addition, as a special exception, the copyright holders give + permission to link the code of this program with any edition of + the Qt library by Trolltech AS, Norway (or with modified versions + of Qt that use the same license as Qt), and distribute linked + combinations including the two. You must obey the GNU General + Public License in all respects for all of the code used other than + Qt. If you modify this file, you may extend this exception to + your version of the file, but you are not obligated to do so. If + you do not wish to do so, delete this exception statement from + your version. +*/ + +#include "qgpgmetofupolicyjob.h" + +#include "context.h" +#include "key.h" +#include "tofuinfo.h" + + +using namespace QGpgME; +using namespace GpgME; + +QGpgMETofuPolicyJob::QGpgMETofuPolicyJob(Context *context) + : mixin_type(context) +{ + lateInitialization(); +} + +QGpgMETofuPolicyJob::~QGpgMETofuPolicyJob() {} + +static QGpgMETofuPolicyJob::result_type policy_worker(Context *ctx, const Key &key, TofuInfo::Policy policy) +{ + return std::make_tuple (ctx->setTofuPolicy(key, policy), + QString(), Error()); +} + +void QGpgMETofuPolicyJob::start(const Key &key, TofuInfo::Policy policy) +{ + run(std::bind(&policy_worker, std::placeholders::_1, key, policy)); +} + +Error QGpgMETofuPolicyJob::exec(const Key &key, TofuInfo::Policy policy) +{ + return std::get<0>(policy_worker(context(), key, policy)); +} + +#include "qgpgmetofupolicyjob.moc" diff --git a/lang/qt/src/qgpgmetofupolicyjob.h b/lang/qt/src/qgpgmetofupolicyjob.h new file mode 100644 index 0000000..e7272e7 --- /dev/null +++ b/lang/qt/src/qgpgmetofupolicyjob.h @@ -0,0 +1,65 @@ +/* qgpgmetofupolicyjob.h + + Copyright (c) 2016 Intevation GmbH + + QGpgME is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + QGpgME is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + In addition, as a special exception, the copyright holders give + permission to link the code of this program with any edition of + the Qt library by Trolltech AS, Norway (or with modified versions + of Qt that use the same license as Qt), and distribute linked + combinations including the two. You must obey the GNU General + Public License in all respects for all of the code used other than + Qt. If you modify this file, you may extend this exception to + your version of the file, but you are not obligated to do so. If + you do not wish to do so, delete this exception statement from + your version. +*/ +#ifndef QGPGME_QGPGMETOFUPOLICYJOB_H +#define QGPGME_QGPGMETOFUPOLICYJOB_H + +#include "tofupolicyjob.h" + +#include "threadedjobmixin.h" +namespace GpgME +{ + class Key; +} // namespace GpgME + +namespace QGpgME { + +class QGpgMETofuPolicyJob +#ifdef Q_MOC_RUN + : public TofuPolicyJob +#else + : public _detail::ThreadedJobMixin > +#endif +{ + Q_OBJECT +#ifdef Q_MOC_RUN +public Q_SLOTS: + void slotFinished(); +#endif +public: + explicit QGpgMETofuPolicyJob(GpgME::Context *context); + ~QGpgMETofuPolicyJob(); + + void start(const GpgME::Key &key, GpgME::TofuInfo::Policy policy) Q_DECL_OVERRIDE; + GpgME::Error exec(const GpgME::Key &key, GpgME::TofuInfo::Policy policy) Q_DECL_OVERRIDE; +}; + +} + +#endif diff --git a/lang/qt/src/tofupolicyjob.h b/lang/qt/src/tofupolicyjob.h new file mode 100644 index 0000000..3079f91 --- /dev/null +++ b/lang/qt/src/tofupolicyjob.h @@ -0,0 +1,80 @@ +/* tofupolicyjob.h + + Copyright (c) 2016 Intevation GmbH + + QGpgME is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + QGpgME is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + In addition, as a special exception, the copyright holders give + permission to link the code of this program with any edition of + the Qt library by Trolltech AS, Norway (or with modified versions + of Qt that use the same license as Qt), and distribute linked + combinations including the two. You must obey the GNU General + Public License in all respects for all of the code used other than + Qt. If you modify this file, you may extend this exception to + your version of the file, but you are not obligated to do so. If + you do not wish to do so, delete this exception statement from + your version. +*/ +#ifndef QGPGME_TOFUPOLICYJOB_H +#define QGPGME_TOFUPOLICYJOB_H + +#include "job.h" + +#include "qgpgme_export.h" + +#ifdef BUILDING_QGPGME +# include "tofuinfo.h" +#else +# include +#endif + +namespace GpgME +{ + class Key; +} // namespace GpgME + +namespace QGpgME { + +/** + * Set the TOFU Policy for a key + */ +class QGPGME_EXPORT TofuPolicyJob: public Job +{ + Q_OBJECT +protected: + explicit TofuPolicyJob(QObject *parent); +public: + ~TofuPolicyJob(); + + + /* Set the policy to \a policy see the gpgme manual for + * policy explanations. */ + virtual void start(const GpgME::Key &key, GpgME::TofuInfo::Policy policy) = 0; + + virtual GpgME::Error exec(const GpgME::Key &key, GpgME::TofuInfo::Policy policy) = 0; + +Q_SIGNALS: + /* Result of the operation + * + * As usual auditLogAsHtml and auditLogError can be ignored. + **/ + void result(const GpgME::Error &error, + const QString &auditLogAsHtml = QString(), + const GpgME::Error &auditLogError = GpgME::Error()); +}; + +} + +#endif commit 4d384d7bfef044094695271576ca233625bb520a Author: Andre Heinecke Date: Fri Sep 16 16:54:07 2016 +0200 cpp: Add support for gpgme_op_tofu_policy * src/context.cpp, src/context.h (setTofuPolicy, setTofuPolicyStart): New. diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 1e134a0..00f397b 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -41,6 +41,7 @@ #include "data_p.h" #include "context_p.h" #include "util.h" +#include "tofuinfo.h" #include @@ -1329,6 +1330,36 @@ Error Context::setPinentryMode(PinentryMode which) return Error(d->lasterr = gpgme_set_pinentry_mode(d->ctx, mode)); } +static gpgme_tofu_policy_t to_tofu_policy_t(unsigned int policy) +{ + switch (policy) { + case TofuInfo::PolicyNone: + return GPGME_TOFU_POLICY_NONE; + case TofuInfo::PolicyAuto: + return GPGME_TOFU_POLICY_AUTO; + case TofuInfo::PolicyGood: + return GPGME_TOFU_POLICY_GOOD; + case TofuInfo::PolicyBad: + return GPGME_TOFU_POLICY_BAD; + case TofuInfo::PolicyAsk: + return GPGME_TOFU_POLICY_ASK; + case TofuInfo::PolicyUnknown: + return GPGME_TOFU_POLICY_UNKNOWN; + } +} + +Error Context::setTofuPolicy(const Key &k, unsigned int policy) +{ + return Error(d->lasterr = gpgme_op_tofu_policy(d->ctx, + k.impl(), to_tofu_policy_t(policy))); +} + +Error Context::setTofuPolicyStart(const Key &k, unsigned int policy) +{ + return Error(d->lasterr = gpgme_op_tofu_policy_start(d->ctx, + k.impl(), to_tofu_policy_t(policy))); +} + // Engine Spawn stuff Error Context::spawn(const char *file, const char *argv[], Data &input, Data &output, Data &err, diff --git a/lang/cpp/src/context.h b/lang/cpp/src/context.h index f5e2b95..b1e4f5f 100644 --- a/lang/cpp/src/context.h +++ b/lang/cpp/src/context.h @@ -214,6 +214,10 @@ public: GpgME::Error edit(const Key &key, std::unique_ptr function, Data &out); GpgME::Error startEditing(const Key &key, std::unique_ptr function, Data &out); + // using TofuInfo::Policy + Error setTofuPolicy(const Key &k, unsigned int policy); + Error setTofuPolicyStart(const Key &k, unsigned int policy); + EditInteractor *lastEditInteractor() const; std::unique_ptr takeLastEditInteractor(); commit 32baac8cdec6fee51bdfc3c55cb2ee141e086df4 Author: Andre Heinecke Date: Fri Sep 16 16:52:03 2016 +0200 cpp: Declare sizes of tofu-info enums * lang/cpp/src/tofuinfo.h (Policy, Validity): Declare sizes. -- This is a quick ABI break before the release so that we can easier extend them in the future. All new enums in public API should be declared with a size from now on. diff --git a/lang/cpp/src/tofuinfo.h b/lang/cpp/src/tofuinfo.h index ec253e9..c09c82a 100644 --- a/lang/cpp/src/tofuinfo.h +++ b/lang/cpp/src/tofuinfo.h @@ -56,7 +56,7 @@ public: /* @enum Validity * @brief The TOFU Validity. */ - enum Validity { + enum Validity : unsigned int { /*! Unknown (uninitialized).*/ ValidityUnknown, /*! TOFU Conflict.*/ @@ -74,7 +74,7 @@ public: /* @enum Policy * @brief The TOFU Validity. */ - enum Policy { + enum Policy : unsigned int { /*! GPGME_TOFU_POLICY_NONE */ PolicyNone, /*! GPGME_TOFU_POLICY_AUTO */ ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/context.cpp | 31 +++++++++++++ lang/cpp/src/context.h | 4 ++ lang/cpp/src/tofuinfo.h | 4 +- lang/qt/src/Makefile.am | 8 +++- lang/qt/src/job.cpp | 3 ++ lang/qt/src/protocol.h | 4 ++ lang/qt/src/protocol_p.h | 13 ++++++ ...qgpgmedeletejob.cpp => qgpgmetofupolicyjob.cpp} | 34 +++++++------- ...qgpgmewkspublishjob.h => qgpgmetofupolicyjob.h} | 27 +++++------ .../src/{qgpgmewkspublishjob.h => tofupolicyjob.h} | 54 +++++++++++++--------- lang/qt/tests/t-tofuinfo.cpp | 36 +++++++++++++++ 11 files changed, 160 insertions(+), 58 deletions(-) copy lang/qt/src/{qgpgmedeletejob.cpp => qgpgmetofupolicyjob.cpp} (66%) copy lang/qt/src/{qgpgmewkspublishjob.h => qgpgmetofupolicyjob.h} (70%) copy lang/qt/src/{qgpgmewkspublishjob.h => tofupolicyjob.h} (62%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 16 21:14:58 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 16 Sep 2016 21:14:58 +0200 Subject: [git] GPA - branch, master, updated. gpa-0.9.9-7-gd8fd5f4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via d8fd5f4a75668ce25d42af87959cee4b70d80603 (commit) from 774dbffef812c23caa6d76001f10ae184b0e36b1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d8fd5f4a75668ce25d42af87959cee4b70d80603 Author: Werner Koch Date: Fri Sep 16 21:11:59 2016 +0200 Remove the keyid column from two lists. * src/keylist.c (GPA_KEYLIST_COLUMN_KEYID): Remove. (gpa_keylist_init): Remove corresponding entry. (gpa_keylist_next): Remove keyid setting. (search_keylist_function): Remove keyid searching. (setup_columns): Don't fill keyid column. * src/gpakeyselector.c: Include gtktools.h and convert.h. (GPA_KEY_SELECTOR_COLUMN_KEYID): Renamed to GPA_KEY_SELECTOR_COLUMN_CREATED. (gpa_key_selector_init): Show Creation date instead of Keyid. -- Signed-off-by: Werner Koch diff --git a/src/gpakeyselector.c b/src/gpakeyselector.c index b8f56a7..fbdf1fe 100644 --- a/src/gpakeyselector.c +++ b/src/gpakeyselector.c @@ -23,6 +23,8 @@ #include "gpa.h" #include "gpakeyselector.h" #include "keytable.h" +#include "gtktools.h" +#include "convert.h" /* Callbacks */ @@ -35,7 +37,7 @@ static GObjectClass *parent_class = NULL; static void gpa_key_selector_finalize (GObject *object) -{ +{ GpaKeySelector *sel = GPA_KEY_SELECTOR (object); /* Dereference all keys in the list */ @@ -49,7 +51,7 @@ static void gpa_key_selector_class_init (GpaKeySelectorClass *klass) { GObjectClass *object_class = G_OBJECT_CLASS (klass); - + parent_class = g_type_class_peek_parent (klass); object_class->finalize = gpa_key_selector_finalize; @@ -57,7 +59,7 @@ gpa_key_selector_class_init (GpaKeySelectorClass *klass) typedef enum { - GPA_KEY_SELECTOR_COLUMN_KEYID, + GPA_KEY_SELECTOR_COLUMN_CREATED, GPA_KEY_SELECTOR_COLUMN_USERID, GPA_KEY_SELECTOR_COLUMN_KEY, GPA_KEY_SELECTOR_N_COLUMNS @@ -69,7 +71,7 @@ gpa_key_selector_init (GpaKeySelector *selector) GtkListStore *store; GtkTreeViewColumn *column; GtkCellRenderer *renderer; - GtkTreeSelection *selection = + GtkTreeSelection *selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (selector)); selector->secret = FALSE; @@ -83,12 +85,14 @@ gpa_key_selector_init (GpaKeySelector *selector) gtk_tree_view_set_rules_hint (GTK_TREE_VIEW (selector), TRUE); renderer = gtk_cell_renderer_text_new (); - column = gtk_tree_view_column_new_with_attributes (_("Key ID"), renderer, - "text", - GPA_KEY_SELECTOR_COLUMN_KEYID, - NULL); + column = gtk_tree_view_column_new_with_attributes + (NULL, renderer, "text", GPA_KEY_SELECTOR_COLUMN_CREATED, NULL); + gpa_set_column_title + (column, _("Created"), + _("The Creation Date is the date the certificate was created.")); gtk_tree_view_append_column (GTK_TREE_VIEW (selector), column); - gtk_tree_view_column_set_sort_column_id (column, GPA_KEY_SELECTOR_COLUMN_KEYID); + gtk_tree_view_column_set_sort_column_id + (column, GPA_KEY_SELECTOR_COLUMN_CREATED); gtk_tree_view_column_set_sort_indicator (column, TRUE); renderer = gtk_cell_renderer_text_new (); @@ -107,7 +111,7 @@ GType gpa_key_selector_get_type (void) { static GType key_selector_type = 0; - + if (!key_selector_type) { static const GTypeInfo key_selector_info = @@ -122,12 +126,12 @@ gpa_key_selector_get_type (void) 0, /* n_preallocs */ (GInstanceInitFunc) gpa_key_selector_init, }; - + key_selector_type = g_type_register_static (GTK_TYPE_TREE_VIEW, "GpaKeySelector", &key_selector_info, 0); } - + return key_selector_type; } @@ -152,13 +156,13 @@ gpa_key_selector_new (gboolean secret, gboolean only_usable_keys) * shouldn't matter much. */ gpa_keytable_force_reload (gpa_keytable_get_secret_instance (), - gpa_key_selector_next_key, + gpa_key_selector_next_key, gpa_key_selector_done, sel); } else { gpa_keytable_list_keys (gpa_keytable_get_public_instance (), - gpa_key_selector_next_key, + gpa_key_selector_next_key, gpa_key_selector_done, sel); } @@ -170,7 +174,7 @@ gpa_key_selector_new (gboolean secret, gboolean only_usable_keys) GList * gpa_key_selector_get_selected_keys (GpaKeySelector * selector) { - GtkTreeSelection *selection = + GtkTreeSelection *selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (selector)); GtkTreeModel *model = gtk_tree_view_get_model (GTK_TREE_VIEW (selector)); GList *list = gtk_tree_selection_get_selected_rows (selection, &model); @@ -194,43 +198,43 @@ gpa_key_selector_get_selected_keys (GpaKeySelector * selector) g_list_foreach (list, (GFunc) gtk_tree_path_free, NULL); g_list_free (list); - + return keys; } -gboolean +gboolean gpa_key_selector_has_selection (GpaKeySelector * selector) { - int selected = gtk_tree_selection_count_selected_rows + int selected = gtk_tree_selection_count_selected_rows (gtk_tree_view_get_selection (GTK_TREE_VIEW (selector))); return (selected > 0); } /* Internal */ -void +void gpa_key_selector_next_key (gpgme_key_t key, gpointer data) { GpaKeySelector *selector = data; GtkListStore *store; GtkTreeIter iter; - const gchar *keyid; + gchar *created; gchar *userid; if (key && selector->only_usable_keys && (key->revoked || key->disabled || key->expired || key->invalid)) return; - + selector->keys = g_list_prepend (selector->keys, key); store = GTK_LIST_STORE (gtk_tree_view_get_model (GTK_TREE_VIEW (selector))); - /* The Key ID */ - keyid = gpa_gpgme_key_get_short_keyid (key); + /* The Creation date */ + created = gpa_creation_date_string (key->subkeys->timestamp); /* The user ID */ userid = gpa_gpgme_key_get_userid (key->uids); /* Append it to the list */ gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, - GPA_KEY_SELECTOR_COLUMN_KEYID, keyid, + GPA_KEY_SELECTOR_COLUMN_CREATED, created, GPA_KEY_SELECTOR_COLUMN_USERID, userid, GPA_KEY_SELECTOR_COLUMN_KEY, key, -1); /* If this is a secret key selector, select the default key */ @@ -239,21 +243,22 @@ gpa_key_selector_next_key (gpgme_key_t key, gpointer data) const char *key_fpr = key->subkeys->fpr; gpgme_key_t akey; const char *default_key; - + akey = gpa_options_get_default_key (gpa_options_get_instance()); default_key = akey? akey->subkeys->fpr : NULL; - if (default_key && g_str_equal (key_fpr, default_key)) + if (default_key && g_str_equal (key_fpr, default_key)) { - gtk_tree_selection_select_iter + gtk_tree_selection_select_iter (gtk_tree_view_get_selection (GTK_TREE_VIEW (selector)),&iter); } } /* Clean up */ g_free (userid); + g_free (created); } -void +void gpa_key_selector_done (gpointer data) { GpaKeySelector *selector = data; diff --git a/src/keylist.c b/src/keylist.c index 7a89d92..442da08 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -55,7 +55,6 @@ typedef enum /* These are the displayed columns */ GPA_KEYLIST_COLUMN_IMAGE, GPA_KEYLIST_COLUMN_KEYTYPE, - GPA_KEYLIST_COLUMN_KEYID, GPA_KEYLIST_COLUMN_CREATED, GPA_KEYLIST_COLUMN_EXPIRY, GPA_KEYLIST_COLUMN_OWNERTRUST, @@ -201,7 +200,6 @@ gpa_keylist_init (GTypeInstance *instance, void *class_ptr) G_TYPE_STRING, G_TYPE_STRING, G_TYPE_STRING, - G_TYPE_STRING, G_TYPE_POINTER, G_TYPE_INT, G_TYPE_ULONG, @@ -426,7 +424,7 @@ gpa_keylist_next (gpgme_key_t key, gpointer data) GpaKeyList *list = data; GtkListStore *store; GtkTreeIter iter; - const gchar *keyid, *ownertrust, *validity; + const gchar *ownertrust, *validity; gchar *userid, *created, *expiry; gboolean has_secret; long int val_value; @@ -472,7 +470,6 @@ gpa_keylist_next (gpgme_key_t key, gpointer data) list->keys = g_list_append (list->keys, key); store = GTK_LIST_STORE (gtk_tree_view_get_model (GTK_TREE_VIEW (list))); /* Get the column values */ - keyid = gpa_gpgme_key_get_short_keyid (key); keytype = (key->protocol == GPGME_PROTOCOL_OpenPGP? "P" : key->protocol == GPGME_PROTOCOL_CMS? "X" : "?"); created = gpa_creation_date_string (key->subkeys->timestamp); @@ -507,7 +504,6 @@ gpa_keylist_next (gpgme_key_t key, gpointer data) gtk_list_store_set (store, &iter, GPA_KEYLIST_COLUMN_KEYTYPE, keytype, - GPA_KEYLIST_COLUMN_KEYID, keyid, GPA_KEYLIST_COLUMN_CREATED, created, GPA_KEYLIST_COLUMN_EXPIRY, expiry, GPA_KEYLIST_COLUMN_OWNERTRUST, ownertrust, @@ -567,21 +563,17 @@ search_keylist_function (GtkTreeModel *model, gint column, gpointer search_data) { gboolean result = TRUE; - gchar *key_id, *user_id; + gchar *user_id; gint search_len; gtk_tree_model_get (model, iter, - GPA_KEYLIST_COLUMN_KEYID, &key_id, GPA_KEYLIST_COLUMN_USERID, &user_id, -1); search_len = strlen (key_to_search_for); - if (!g_ascii_strncasecmp (key_id, key_to_search_for, search_len)) - result=FALSE; if (!g_ascii_strncasecmp (user_id, key_to_search_for, search_len)) result=FALSE; - g_free (key_id); g_free (user_id); return result; @@ -625,16 +617,6 @@ setup_columns (GpaKeyList *keylist, gboolean detailed) renderer = gtk_cell_renderer_text_new (); column = gtk_tree_view_column_new_with_attributes - (NULL, renderer, "text", GPA_KEYLIST_COLUMN_KEYID, NULL); - gpa_set_column_title - (column, _("Key ID"), - _("The key ID is a short number to identify a certificate.")); - gtk_tree_view_append_column (GTK_TREE_VIEW (keylist), column); - gtk_tree_view_column_set_sort_column_id (column, GPA_KEYLIST_COLUMN_KEYID); - gtk_tree_view_column_set_sort_indicator (column, TRUE); - - renderer = gtk_cell_renderer_text_new (); - column = gtk_tree_view_column_new_with_attributes (NULL, renderer, "text", GPA_KEYLIST_COLUMN_CREATED, NULL); gpa_set_column_title (column, _("Created"), ----------------------------------------------------------------------- Summary of changes: src/gpakeyselector.c | 61 ++++++++++++++++++++++++++++------------------------ src/keylist.c | 22 ++----------------- 2 files changed, 35 insertions(+), 48 deletions(-) hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Sat Sep 17 09:19:29 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Sat, 17 Sep 2016 09:19:29 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-125-g7305d27 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7305d27f36148a7fb8c2f4ef5b94774cbd21b18e (commit) via 0d67241e317b172a258a910c02d90639e2b08fce (commit) via 215180d1ce6c93e2b4969d746c83ac4c055d25ef (commit) from 6e930f0e4077bc7aa3d28b1ba649a82d62427d87 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7305d27f36148a7fb8c2f4ef5b94774cbd21b18e Author: NIIBE Yutaka Date: Sat Sep 17 16:16:41 2016 +0900 Fix comment and format. * agent/protect-tool.c (main): Fix comment. * doc/DETAILS (colon listings): Fix list. * tests/openpgp/multisig.test: Fix comment. -- Signed-off-by: NIIBE Yutaka diff --git a/agent/protect-tool.c b/agent/protect-tool.c index fa97b69..d683f4a 100644 --- a/agent/protect-tool.c +++ b/agent/protect-tool.c @@ -611,7 +611,7 @@ main (int argc, char **argv ) else if (argc > 1) usage (1); - /* Allocate an CTRL object. An empty object should sufficient. */ + /* Allocate an CTRL object. An empty object should be sufficient. */ ctrl = xtrycalloc (1, sizeof *ctrl); if (!ctrl) { diff --git a/doc/DETAILS b/doc/DETAILS index 1e9682d..1411c71 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -16,7 +16,6 @@ parts of the external API for GPG and GPGSM. * Format of the colon listings -* The format is a based on colon separated record, each recods starts with a tag string and extends to the end of the line. Here is an example: diff --git a/tests/openpgp/multisig.test b/tests/openpgp/multisig.test index 9989be5..0b72328 100755 --- a/tests/openpgp/multisig.test +++ b/tests/openpgp/multisig.test @@ -11,7 +11,7 @@ # Check that gpg verifies only signatures where there is no ambiguity # in the order of packets. Needs the Demo Keys Lima and Mike. -# Note: We do son't support multiple signaturess anymore thus this test is +# Note: We do son't support multiple signatures anymore thus this test is # not really needed because verify could do the same. We keep it anyway. . $srcdir/defs.inc || exit 3 commit 0d67241e317b172a258a910c02d90639e2b08fce Author: Daniel Kahn Gillmor Date: Thu Sep 15 14:21:15 2016 -0400 Fix more spelling * NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c, agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c, common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS, doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi, doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c, g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c, g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c, sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt, tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm, tests/openpgp/multisig.test, tests/openpgp/verify.scm, tests/pkits/README, tools/applygnupgdefaults, tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c: minor spelling cleanup. Signed-off-by: Daniel Kahn Gillmor diff --git a/NEWS b/NEWS index 995f583..1a780f8 100644 --- a/NEWS +++ b/NEWS @@ -2604,7 +2604,7 @@ Noteworthy changes in version 0.4.2 (1998-10-18) prime product. * --import now only looks for KEYBLOCK headers, so you can now simply - remove the "- " in front of such a header if someone accidently signed + remove the "- " in front of such a header if someone accidentally signed such a message or the keyblock is part of a cleartext signed message. * --with-colons now lists the key expiration time and not anymore diff --git a/acinclude.m4 b/acinclude.m4 index 724c085..4b48ea2 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -113,7 +113,7 @@ AC_DEFUN([GNUPG_CHECK_ENDIAN], ;; esac fi - AC_MSG_CHECKING(endianess) + AC_MSG_CHECKING(endianness) AC_CACHE_VAL(gnupg_cv_c_endian, [ gnupg_cv_c_endian=unknown # See if sys/param.h defines the BYTE_ORDER macro. diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 83a27ed..083b8d8 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -1253,7 +1253,7 @@ ssh_receive_mpint_list (estream_t stream, int secret, elems_n = strlen (elems); elems_public = spec->elems_key_public; - /* Check that either noth, CERT and the WITH_CERT flag, are given or + /* Check that either both, CERT and the WITH_CERT flag, are given or none of them. */ if (!(!!(spec->flags & SPEC_FLAG_WITH_CERT) ^ !cert)) { diff --git a/agent/command.c b/agent/command.c index 7e651bf..1ecdf20 100644 --- a/agent/command.c +++ b/agent/command.c @@ -3176,7 +3176,7 @@ register_commands (assuan_context_t ctx) /* Startup the server. If LISTEN_FD and FD is given as -1, this is a simple piper server, otherwise it is a regular server. CTRL is the control structure for this connection; it has only the basic - intialization. */ + initialization. */ void start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) { diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 75a9283..d3c3891 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -2498,7 +2498,7 @@ handle_connections (gnupg_fd_t listen_fd, strerror (errno)); else { - /* We need to watch the directory for the file becuase there + /* We need to watch the directory for the file because there * won't be an IN_DELETE_SELF for a socket file. */ char *slash = strrchr (socket_name, '/'); log_assert (slash && slash[1]); diff --git a/agent/keyformat.txt b/agent/keyformat.txt index ddfb44b..e80496e 100644 --- a/agent/keyformat.txt +++ b/agent/keyformat.txt @@ -363,8 +363,8 @@ optional. The oder of the "key" lists and the order of the "value" lists mut match, that is the first "key"-list is associated with the first "value" list in the encrypted_octet_string. -The protection mode etc. is indentical to the protection mode as -decribed for the private key format. +The protection mode etc. is identical to the protection mode as +described for the private key format. list of the secret key parameters. The protected-at expression is optional; the isotimestamp is 15 bytes long (e.g. "19610711T172000"). diff --git a/agent/protect-tool.c b/agent/protect-tool.c index dbf7811..fa97b69 100644 --- a/agent/protect-tool.c +++ b/agent/protect-tool.c @@ -611,7 +611,7 @@ main (int argc, char **argv ) else if (argc > 1) usage (1); - /* Allocate an CTRL object. An empty object should sufficent. */ + /* Allocate an CTRL object. An empty object should sufficient. */ ctrl = xtrycalloc (1, sizeof *ctrl); if (!ctrl) { diff --git a/common/asshelp.c b/common/asshelp.c index bb01a03..b4efcf3 100644 --- a/common/asshelp.c +++ b/common/asshelp.c @@ -689,7 +689,7 @@ start_new_dirmngr (assuan_context_t *r_ctx, 0 is returned and R_VERSION receives a malloced string with the version which must be freed by the caller. On error NULL is stored at R_VERSION and an error code returned. Mode is in general 0 but - certian values may be used to modify the used version command: + certain values may be used to modify the used version command: MODE == 0 = Use "GETINFO version" MODE == 2 - Use "SCD GETINFO version" diff --git a/common/b64enc.c b/common/b64enc.c index af861fc..4150f3e 100644 --- a/common/b64enc.c +++ b/common/b64enc.c @@ -169,7 +169,7 @@ enc_start (struct b64state *state, FILE *fp, estream_t stream, the armor lines, with TITLE being an empty string, we don't write the header lines and furthermore even don't write any linefeeds. If TITLE starts with "PGP " the OpenPGP CRC checksum will be - written as well. With TITLE beeing NULL, we merely don't write + written as well. With TITLE being NULL, we merely don't write header but make sure that lines are not too long. Note, that we don't write any output unless at least one byte get written using b64enc_write. */ diff --git a/common/recsel.c b/common/recsel.c index 866861b..ef71c45 100644 --- a/common/recsel.c +++ b/common/recsel.c @@ -611,7 +611,7 @@ recsel_select (recsel_expr_t selector, else { /* This expression evaluated to false and thus the - * conjuction evaluates to false. We skip over the + * conjunction evaluates to false. We skip over the * remaining expressions of this conjunction and continue * with the next disjunction if any. */ do diff --git a/doc/DETAILS b/doc/DETAILS index b5431d0..1e9682d 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -15,6 +15,8 @@ This is the DETAILS file for GnuPG which specifies some internals and parts of the external API for GPG and GPGSM. * Format of the colon listings + +* The format is a based on colon separated record, each recods starts with a tag string and extends to the end of the line. Here is an example: @@ -91,7 +93,7 @@ described here. ultimately valid. - w :: The key has a well known private part. - s :: The key has special validity. This means that it might be - self-signed and expected to be used in the STEED sytem. + self-signed and expected to be used in the STEED system. If the validity information is given for a UID or UAT record, it describes the validity calculated based on this user ID. If given @@ -120,7 +122,7 @@ described here. The creation date of the key is given in UTC. For UID and UAT records, this is used for the self-signature date. Note that the - date is usally printed in seconds since epoch, however, we are + date is usually printed in seconds since epoch, however, we are migrating to an ISO 8601 format (e.g. "19660205T091500"). This is currently only relevant for X.509. A simple way to detect the new format is to scan for the 'T'. Note that old versions of gpg @@ -136,7 +138,7 @@ described here. Used for serial number in crt records. For UID and UAT records, this is a hash of the user ID contents used to represent that exact user ID. For trust signatures, this is the trust depth - seperated by the trust value by a space. + separated by the trust value by a space. *** Field 9 - Ownertrust @@ -715,7 +717,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: Tofu information. The fingerprint is the fingerprint of the primary key and the mbox is in general the addr-spec part of the userid encoded in UTF-8 and percent escaped. The fingerprint is - indentical for all TOFU_USER lines up to a NEWSIG line. + identical for all TOFU_USER lines up to a NEWSIG line. *** TOFU_STATS 0 [ [ ]] @@ -930,7 +932,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: commencing with a letter or such a string prefixed with a numerical error code and an underscore; e.g.: "151011327_EOF". *** SUCCESS [] - Postive confirmation that an operation succeeded. It is used + Positive confirmation that an operation succeeded. It is used similar to ISO-C's EXIT_SUCCESS. is optional but if given should not contain spaces. Used only with a few commands. @@ -987,7 +989,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: is a percent-plus escaped filename describing the mountpoint for the current operation (e.g. used by "g13 --mount"). This may either be the specified mountpoint or one randomly - choosen by g13. + chosen by g13. *** PINENTRY_LAUNCHED This status line is emitted by gpg to notify a client that a diff --git a/doc/HACKING b/doc/HACKING index 94e65d8..1888b29 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -326,7 +326,7 @@ Note that such a comment will be removed if the git commit option and related constants - g10/openfile.c :: Create/Open Files - g10/keyserver.h :: Keyserver access dispatcher. - - g10/packet.h :: Defintion of OpenPGP structures. + - g10/packet.h :: Definition of OpenPGP structures. - g10/passphrase.c :: Passphrase handling code - g10/pubkey-enc.c :: Process a public key encoded packet. diff --git a/doc/Notes b/doc/Notes index 3598bc7..19241b7 100644 --- a/doc/Notes +++ b/doc/Notes @@ -7,7 +7,7 @@ There are two ways: 1. Let gpg-agent do this for you. Since version 1.9.9 you need to add the option --allow-mark-trusted gpg-agent.conf or when - invoking gpg-agent. Everytime gpgsm notices an untrusted root + invoking gpg-agent. Every time gpgsm notices an untrusted root certificate gpg-agent will pop up a dialog to ask whether this certificate should be trusted. This is similar to whatmost browsers do. @@ -22,7 +22,7 @@ There are two ways: the fingerprints of the trusted root certificates. There are comments on the top explaining the simple format. The current CVS version allows for colons in the fingerprint, so you can - easily cut and paste it from whereever you know that this is the + easily cut and paste it from wherever you know that this is the correct fingerprint. An example for an entry in the trustlist.txt is: @@ -199,12 +199,12 @@ dirmngr libgcrypt libksba libassuan [statically linked] - libldap [system libary] - liblber [system libary] - libsasl [system libary, required by libldap] - libdb2 [system libary, required by libsasl] - libcrypt [system libary, required by libsasl - OOPS] - libpam [system libary, required by libsasl] + libldap [system library] + liblber [system library] + libsasl [system library, required by libldap] + libdb2 [system library, required by libsasl] + libcrypt [system library, required by libsasl - OOPS] + libpam [system library, required by libsasl] [Standard system libraries] pinentry-curses diff --git a/doc/TRANSLATE b/doc/TRANSLATE index eb0de97..7c3e544 100644 --- a/doc/TRANSLATE +++ b/doc/TRANSLATE @@ -8,9 +8,9 @@ strings can accept multiple values that mean essentially the same thing. For example, the string "yes" in English is "s??" in Spanish. However, -some users will type "si" (without the accent). To accomodate both +some users will type "si" (without the accent). To accommodate both users, you can translate the string "yes" as "s??|si". You can have -any number of alternate matches seperated by the | character like +any number of alternate matches separated by the | character like "s??|si|seguro". The strings that can be handled in this way are of the form "yes|yes", diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index d442103..8f984e3 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -496,7 +496,7 @@ This directory may contain extra certificates which are preloaded into the interal cache on startup. Applications using dirmngr (e.g. gpgsm) can request cached certificates to complete a trust chain. This is convenient in cases you have a couple intermediate CA certificates -or certificates ususally used to sign OCSP responses. +or certificates usually used to sign OCSP responses. These certificates are first tried before going out to the net to look for them. These certificates must also be @acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}. @@ -784,7 +784,7 @@ revoked or one of the usual error codes from libgpg-error. @end example Check whether the certificate with @var{fingerprint} (the SHA-1 hash of -the entire X.509 certificate blob) is valid by consulting the appropiate +the entire X.509 certificate blob) is valid by consulting the appropriate OCSP responder. If the fingerprint has not been given or the certificate is not known by Dirmngr, the function inquires the certificate using: @@ -816,7 +816,7 @@ revoked or one of the usual error codes from libgpg-error. Put a certificate into the internal cache. This command might be useful if a client knows in advance certificates required for a test and -wnats to make sure they get added to the internal cache. It is also +wants to make sure they get added to the internal cache. It is also helpful for debugging. To get the actual certificate, this command immediately inquires it using @@ -831,7 +831,7 @@ as a binary blob. @noindent The return code is 0 for success; i.e. the certificate has not been -succesfully cached or one of the usual error codes from libgpg-error. +successfully cached or one of the usual error codes from libgpg-error. @node Dirmngr VALIDATE @subsection Validate a certificate for debugging @@ -883,7 +883,7 @@ as a binary blob. @c @var{fingerprint} is optional and expected to be the SHA-1 has of the @c DER encoding of the certificate under question. It is to be HEX @c encoded. The rationale for sending the fingerprint is that it allows - at c dirmngr to reply immediatly if it has already cached such a request. If + at c dirmngr to reply immediately if it has already cached such a request. If @c this is not the case and no certificate has been found in dirmngr's @c internal certificate storage, dirmngr will request the certificate using @c the Assuan inquiry @@ -905,7 +905,7 @@ as a binary blob. @c available for the certificate and the certificate itself is not listed @c in this CRL, @code{GPG_ERR_CERT_REVOKED} to indicate that the certificate is @c listed in the CRL or @code{GPG_ERR_NO_CRL_KNOWN} in cases where no CRL or no - at c information is available. The first two codes are immediatly returned to + at c information is available. The first two codes are immediately returned to @c the caller and the processing of this request has been done. @c @c Only the @code{GPG_ERR_NO_CRL_KNOWN} needs more attention: Dirmngr now @@ -941,7 +941,7 @@ as a binary blob. @c * Try to load a CRL from all configured servers (ldapservers.conf) @c in turn. The first server returning a CRL is used. @c * @code(crl_cache_insert) is then used to actually insert the CRL - at c into the cache. If this failed we give up immediatley without + at c into the cache. If this failed we give up immediately without @c checking the rest of the servers from the first step. @c * Ready. @c @@ -1013,7 +1013,7 @@ as a binary blob. @c sure that @code{validate_cert_chain} does not try to lookup the CRL we @c are currently processing. This would be a catch-22 and may indicate a @c broken PKI. However, due to overlapping expiring times and imprecise - at c clocks thsi may actually happen. + at c clocks this may actually happen. @c @c For historical reasons the Assuan command ISVALID is a bit different @c to CHECKCRL but this is mainly due to different calling conventions. @@ -1072,8 +1072,8 @@ as a binary blob. @c If the issuer's certificate has been found, the signature of the @c actual certificate is checked and in case this fails the error @c #code{GPG_ERR_BAD_CERT_CHAIN} is returned. If the signature checks out, the - at c maximum cahin length of the issueing certificate is checked as well as - at c the capiblity of the certificate (i.e. whether he may be used for + at c maximum chain length of the issuing certificate is checked as well as + at c the capability of the certificate (i.e. whether he may be used for @c certificate signing). Then the certificate is prepended to our list @c representing the certificate chain. Finally the loop is continued now @c with the issuer's certificate as the current certificate. diff --git a/doc/faq.org b/doc/faq.org index e4e9187..27046ff 100644 --- a/doc/faq.org +++ b/doc/faq.org @@ -73,7 +73,7 @@ update this FAQ in the next month. See the section "Changes" for recent updates item to note is that starting with GnuPG version 1.1.92 the file containing user options and settings has been renamed from "options" to "gpg.conf". Information in the FAQ that relates to the options - file may be interchangable with the newer gpg.conf file in many + file may be interchangeable with the newer gpg.conf file in many instances. See question [[#gnupg-no-longer-installs-a-options-file-is-it-missing][GnuPG no longer installs a ~/.gnupg/options file. Is it missing?]] for details. @@ -491,7 +491,7 @@ update this FAQ in the next month. See the section "Changes" for recent updates On a secure machine: 1. If you want to do automatic signing, create a signing subkey for - your key. Use the interactive key editing menu by issueing the + your key. Use the interactive key editing menu by issuing the command : gpg --edit-key keyID enter "addkey" and select the DSA key type). @@ -651,7 +651,7 @@ update this FAQ in the next month. See the section "Changes" for recent updates :CUSTOM_ID: how-do-i-verify-signed-packages :END: - must first have the vendor, organisation, or issueing person's key + must first have the vendor, organisation, or issuing person's key Before you can verify the signature that accompanies a package, you imported into your public keyring. To prevent GnuPG warning messages the key should also be validated (or locally signed). @@ -1278,7 +1278,7 @@ update this FAQ in the next month. See the section "Changes" for recent updates and where it is easy to exchange the passphrases (e.g. with your boy friend or your wife). The advantage is that you can change the passphrase from time to time and decrease the risk, that many old - messages may be decrypted by people who accidently got your passphrase. + messages may be decrypted by people who accidentally got your passphrase. You can add and copy keys to and from your keyring with the 'gpg --import' and 'gpg --export' command. 'gpg --export-secret-keys' will diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index b890c21..9eb38e0 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -76,7 +76,7 @@ the included Secure Shell Agent you may start the agent using: @c interface that the owner has access to, but the supplicant does not). @c @c The rationale for this separation is that it allows access to the - at c secret key to be tightly controled and audited, and it doesn't permit + at c secret key to be tightly controlled and audited, and it doesn't permit @c the the supplicant to either copy the key or to override the owner's @c intentions. diff --git a/doc/gpg.texi b/doc/gpg.texi index 118066a..64fa60b 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2265,7 +2265,7 @@ The available filter types are: @item drop-sig This filter drops the selected key signatures on user ids. - Self-signatures are not consideres. + Self-signatures are not considered. Currently only implemented for --import-filter. @end table @@ -2423,7 +2423,7 @@ this is implicitly enable for secret keys. @item --with-wkd-hash @opindex with-wkd-hash -Print a Web Key Directory indentifier along with each user ID in key +Print a Web Key Directory identifier along with each user ID in key listings. This is an experimental feature and semantics may change. @item --with-secret diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 7cee0f3..c632ce7 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -852,7 +852,7 @@ updated; new distributions of this software should come with an updated list but it is still the responsibility of the Administrator to check that this list is correct. -Everytime @command{gpgsm} uses a certificate for signing or verification +Every time @command{gpgsm} uses a certificate for signing or verification this file will be consulted to check whether the certificate under question has ultimately been issued by one of these CAs. If this is the case the user will be informed that the verified signature represents a @@ -1110,7 +1110,7 @@ certificate signing request): @item Serial: @var{sn} If this parameter is given an X.509 certificate will be generated. @var{sn} is expected to be a hex string representing an unsigned -integer of arbitary length. The special value @samp{random} can be +integer of arbitrary length. The special value @samp{random} can be used to create a 64 bit random serial number. @item Issuer-DN: @var{issuer-name} diff --git a/doc/instguide.texi b/doc/instguide.texi index 76d8de1..99b8696 100644 --- a/doc/instguide.texi +++ b/doc/instguide.texi @@ -17,7 +17,7 @@ get that whole thing up and running. ** Building the software -Building the software is decribed in the file @file{INSTALL}. Given +Building the software is described in the file @file{INSTALL}. Given that you are already reading this documentation we can only give some extra hints @@ -62,7 +62,7 @@ user installation this can be done once for all users on a machine. Specific changes on a per-user base are also possible. @end itemize - at c decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt. + at c describe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt. @c ** How to get the ssh support running diff --git a/g10/armor.c b/g10/armor.c index 9e58520..55c8425 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -1436,7 +1436,7 @@ unarmor_pump (UnarmorPump x, int c) case STA_wait_dash: x->state = c == '-'? STA_first_dash : STA_wait_newline; break; - case STA_first_dash: /* just need for initalization */ + case STA_first_dash: /* just need for initialization */ x->pos = 0; x->state = STA_compare_header; case STA_compare_header: diff --git a/g10/gpg.c b/g10/gpg.c index 9f7da05..2d5b4ff 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2704,7 +2704,7 @@ main (int argc, char **argv) break; case oRFC4880bis: opt.flags.rfc4880bis = 1; - /* fall thru. */ + /* fall through. */ case oOpenPGP: case oRFC4880: /* This is effectively the same as RFC2440, but with diff --git a/g10/keyedit.c b/g10/keyedit.c index 25f61ec..87e69b0 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2767,7 +2767,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, goto leave; break; } - /* fall thru */ + /* fall through */ case cmdSAVE: if (modified) { diff --git a/g10/mainproc.c b/g10/mainproc.c index e663af8..f0527bc 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -2247,7 +2247,7 @@ proc_tree (CTX c, kbnode_t node) /* We must skip our special plaintext marker packets here because they may be the root packet. These packets are only used in - addional checks and skipping them here doesn't matter. */ + addtional checks and skipping them here doesn't matter. */ while (node && node->pkt->pkttype == PKT_GPG_CONTROL && node->pkt->pkt.gpg_control->control == CTRLPKT_PLAINTEXT_MARK) diff --git a/g10/pkclist.c b/g10/pkclist.c index 62f5b7f..823d670 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -428,7 +428,7 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel ) default: log_error ("invalid trustlevel %u returned from validation layer\n", trustlevel); - /* fall thru */ + /* fall through */ case TRUST_UNKNOWN: case TRUST_UNDEFINED: log_info(_("%s: There is no assurance this key belongs" @@ -655,7 +655,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig) default: log_error ("invalid trustlevel %u returned from validation layer\n", trustlevel); - /* fall thru */ + /* fall through */ case TRUST_UNKNOWN: case TRUST_UNDEFINED: write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel); diff --git a/g10/tofu.c b/g10/tofu.c index e6a3429..b78279e 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2848,7 +2848,7 @@ email_from_user_id (const char *user_id) TOFU_POLICY_ASK. This function returns 0 on success and an error code if an error - occured. */ + occurred. */ gpg_error_t tofu_register_signature (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c index 8214919..6a4a7d8 100644 --- a/g13/sh-cmd.c +++ b/g13/sh-cmd.c @@ -161,7 +161,7 @@ static const char hlp_finddevice[] = "FINDDEVICE \n" "\n" "Find the device matching NAME. NAME be any identifier from\n" - "g13tab permissable for the user. The corresponding block\n" + "g13tab permissible for the user. The corresponding block\n" "device is retruned using a status line."; static gpg_error_t cmd_finddevice (assuan_context_t ctx, char *line) diff --git a/g13/sh-dmcrypt.c b/g13/sh-dmcrypt.c index 201f856..994fbbb 100644 --- a/g13/sh-dmcrypt.c +++ b/g13/sh-dmcrypt.c @@ -55,7 +55,7 @@ /* The length in blocks of the space we put at the start and at the end of the device. This space is used to store N copies of the - setup area for the actual encrypted container inbetween. */ + setup area for the actual encrypted container in between. */ #define HEADER_SECTORS (SETUP_AREA_SECTORS * HEADER_SETUP_AREA_COPIES) #define FOOTER_SECTORS (SETUP_AREA_SECTORS * FOOTER_SETUP_AREA_COPIES) diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index 3b53cd5..35da804 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -1,4 +1,4 @@ -/* keybox-init.c - Initalization of the library +/* keybox-init.c - Initialization of the library * Copyright (C) 2001 Free Software Foundation, Inc. * * This file is part of GnuPG. diff --git a/m4/pkg.m4 b/m4/pkg.m4 index 78953b7..8b115ee 100644 --- a/m4/pkg.m4 +++ b/m4/pkg.m4 @@ -53,7 +53,7 @@ fi[]dnl # to PKG_CHECK_MODULES(), but does not set variables or print errors. # # Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -# only at the first occurence in configure.ac, so if the first place +# only at the first occurrence in configure.ac, so if the first place # it's called might be skipped (such as if it is within an "if", you # have to call PKG_CHECK_EXISTS manually # -------------------------------------------------------------- diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 7e26c3a..91f0c2f 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -220,7 +220,7 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err) line[DIM (line) - 1] = 0; assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); - /* The code below is not required becuase we don't return an error. */ + /* The code below is not required because we don't return an error. */ /* err = [above call] */ /* if (gpg_err_code (err) == GPG_ERR_ASS_UNKNOWN_CMD) */ /* err = 0; /\* Allow the use of old dirmngr versions. *\/ */ diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 9bb3053..6e12b7d 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1279,9 +1279,9 @@ main ( int argc, char **argv) case oStatusFD: ctrl.status_fd = pargs.r.ret_int; break; case oLoggerFD: log_set_fd (pargs.r.ret_int ); break; case oWithMD5Fingerprint: - opt.with_md5_fingerprint=1; /*fall thru*/ + opt.with_md5_fingerprint=1; /*fall through*/ case oWithFingerprint: - with_fpr=1; /*fall thru*/ + with_fpr=1; /*fall through*/ case aFingerprint: opt.fingerprint++; break; @@ -1360,7 +1360,7 @@ main ( int argc, char **argv) opt.def_recipient_self = 0; break; - case oWithKeyData: opt.with_key_data=1; /* fall thru */ + case oWithKeyData: opt.with_key_data=1; /* fall through */ case oWithColons: ctrl.with_colons = 1; break; case oWithSecret: ctrl.with_secret = 1; break; case oWithValidation: ctrl.with_validation=1; break; diff --git a/tests/Makefile.am b/tests/Makefile.am index f349763..1b25b78 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -49,7 +49,7 @@ EXTRA_DIST = runtest inittests $(testscripts) ChangeLog-2011 \ samplekeys/cert_g10code_theo1.pem # We used to run $(testscripts) here but these asschk scripts are not -# completely reliable in all enviroments and thus we better disable +# completely reliable in all environments and thus we better disable # them. The tests are anyway way too minimal. We will eventually # write new tests based on gpg-connect-agent which has a full fledged # script language and thus makes it far easier to write tests than to diff --git a/tests/gpgscm/Manual.txt b/tests/gpgscm/Manual.txt index 9fd294f..b146926 100644 --- a/tests/gpgscm/Manual.txt +++ b/tests/gpgscm/Manual.txt @@ -86,7 +86,7 @@ Please read accompanying file COPYING. Directives (gc) - Performs garbage collection immediatelly. + Performs garbage collection immediately. (gc-verbose) (gc-verbose ) The argument (defaulting to #t) controls whether GC produces diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 8833950..5a85063 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -2777,7 +2777,7 @@ static pointer opexe_0(scheme *sc, enum scheme_opcodes op) { #if 1 case OP_LAMBDA: /* lambda */ /* If the hook is defined, apply it to sc->code, otherwise - set sc->value fall thru */ + set sc->value fall through */ { pointer f=find_slot_in_env(sc,sc->envir,sc->COMPILE_HOOK,1); if(f==sc->NIL) { diff --git a/tests/openpgp/gpgv-forged-keyring.scm b/tests/openpgp/gpgv-forged-keyring.scm index 7094c96..ebe4e40 100755 --- a/tests/openpgp/gpgv-forged-keyring.scm +++ b/tests/openpgp/gpgv-forged-keyring.scm @@ -63,5 +63,5 @@ N1Glbw1OJfP1q+QFPMPKoCsTYmZpuugq2b5gV/eH0Abvk2pG4Fo/YTDPHhec7Jk= (pipe:do (pipe:echo (eval armored-file (current-environment))) (pipe:spawn `(, at GPGV --keyring ,(in-srcdir "forged-keyring.gpg")))) - (error "verification succeded but should not"))) + (error "verification succeeded but should not"))) '(msg_signed_asc)) diff --git a/tests/openpgp/multisig.test b/tests/openpgp/multisig.test index 9ad8676..9989be5 100755 --- a/tests/openpgp/multisig.test +++ b/tests/openpgp/multisig.test @@ -11,8 +11,8 @@ # Check that gpg verifies only signatures where there is no ambiguity # in the order of packets. Needs the Demo Keys Lima and Mike. -# Note: We do son't support multiple signaturess anymore thus thsi test is -# not really needed becuase verify could do the same. We keep it anyway. +# Note: We do son't support multiple signaturess anymore thus this test is +# not really needed because verify could do the same. We keep it anyway. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/verify.scm b/tests/openpgp/verify.scm index 2f03027..e8aa7df 100755 --- a/tests/openpgp/verify.scm +++ b/tests/openpgp/verify.scm @@ -321,7 +321,7 @@ GisM (pipe:defer (lambda (sink) (display armored-file (fdopen sink "w")))) (pipe:spawn `(, at GPG --verify))) - (error "verification succeded but should not"))) + (error "verification succeeded but should not"))) '(msg_olsols_asc_multiple msg_clsclss_asc_multiple)) (for-each-p @@ -331,7 +331,7 @@ GisM (pipe:do (pipe:echo (eval armored-file (current-environment))) (pipe:spawn `(, at GPG --verify))) - (error "verification succeded but should not"))) + (error "verification succeeded but should not"))) '(bad_ls_asc bad_fols_asc bad_olsf_asc bad_ools_asc)) diff --git a/tests/pkits/README b/tests/pkits/README index 3fe238c..17f03ea 100644 --- a/tests/pkits/README +++ b/tests/pkits/README @@ -5,7 +5,7 @@ These are tests based on NIST's Public Key Interoperability Test Suite http://csrc.nist.gov/pki/testing/x509paths.html . README - this file. -PKITS_data.tar.bz2 - the orginal ZIP file, repackaged as a tarball. +PKITS_data.tar.bz2 - the original ZIP file, repackaged as a tarball. Makefile.am - Part of our build system. import-all-certs - Run a simple import test on all certifcates validate-all-certs - Run an import and validate test on all certificates diff --git a/tools/applygnupgdefaults b/tools/applygnupgdefaults index 2f29854..54365ce 100755 --- a/tools/applygnupgdefaults +++ b/tools/applygnupgdefaults @@ -63,7 +63,7 @@ ${cat_passwd} \ | while IFS=: read -r user dmy_a uid dmy_c dmy_d home shell dmy_rest; do # Process only entries with a valid login shell grep /dev/null >/dev/null || continue - # and with an existant gnupg home directory + # and with an pre-existing gnupg home directory [ -d "$home/.gnupg" ] || continue # but not root [ "${uid:-0}" -eq 0 ] && continue diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index 106a8eb..d90365b 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -413,7 +413,7 @@ get_var (const char *name) } -/* Perform some simple arithmentic operations. Caller must release +/* Perform some simple arithmetic operations. Caller must release the return value. On error the return value is NULL. */ static char * arithmetic_op (int operator, const char *operands) diff --git a/tools/mime-maker.c b/tools/mime-maker.c index fa42043..2318891 100644 --- a/tools/mime-maker.c +++ b/tools/mime-maker.c @@ -27,7 +27,7 @@ #include "mime-maker.h" -/* All valid charachters in a header name. */ +/* All valid characters in a header name. */ #define HEADER_NAME_CHARS ("abcdefghijklmnopqrstuvwxyz" \ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ "-01234567890") @@ -203,7 +203,7 @@ find_parent (part_t root, part_t needle) /* Create a boundary string. Outr codes is aware of the general * structure of that string (gebins with "=-=") so that - * it can protect against accidently used boundaries within the + * it can protect against accidentally-used boundaries within the * content. */ static char * generate_boundary (mime_maker_t ctx) @@ -369,7 +369,7 @@ mime_maker_add_header (mime_maker_t ctx, const char *name, const char *value) gpg_error_t err; part_t part, parent; - /* Hack to use this fucntion for a synacx check of NAME and VALUE. */ + /* Hack to use this function for a syntax check of NAME and VALUE. */ if (!ctx) return add_header (NULL, name, value); diff --git a/tools/mime-parser.c b/tools/mime-parser.c index 5f3659e..7ac3c69 100644 --- a/tools/mime-parser.c +++ b/tools/mime-parser.c @@ -123,7 +123,7 @@ show_message_parser_event (rfc822parse_event_t event) /* Do in-place decoding of quoted-printable data of LENGTH in BUFFER. Returns the new length of the buffer and stores true at R_SLBRK if the line ended with a soft line break; false is stored if not. - This fucntion asssumes that a complete line is passed in + This function asssumes that a complete line is passed in buffer. */ static size_t qp_decode (char *buffer, size_t length, int *r_slbrk) commit 215180d1ce6c93e2b4969d746c83ac4c055d25ef Author: Daniel Kahn Gillmor Date: Thu Sep 15 13:34:10 2016 -0400 move some file encodings to UTF-8 * dirmgnr/cdblib.c: comment used unnecesary hyphenation * dirmngr/crlcache.h: comment was iso-8859-1 * doc/contrib.text: list contributors using UTF-8 (now we can acknowledge many more people using their preferred orthography) At least one other files remains in a non-UTF-8 encoding, which i'm not sure what to do with: - build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs it that way? Signed-off-by: Daniel Kahn Gillmor diff --git a/dirmngr/cdblib.c b/dirmngr/cdblib.c index 52c17c9..c04690f 100644 --- a/dirmngr/cdblib.c +++ b/dirmngr/cdblib.c @@ -298,16 +298,15 @@ cdb_find(struct cdb *cdbp, const void *key, cdbi_t klen) possible to have many than one record with the same key in a database, and these routines allow enumeration of all of them. cdb_findinit() initializes search structure pointed to by cdbfp. - It will return negative value on error or 0 on success. cdb_find? - next() attempts to find next matching key, setting value position - and length in cdbfp structure. It will return positive value if - given key was found, 0 if there is no more such key(s), or negative - value on error. To access value position and length after + It will return negative value on error or 0 on success. + cdb_findnext() attempts to find next matching key, setting value + position and length in cdbfp structure. It will return positive + value if given key was found, 0 if there is no more such key(s), or + negative value on error. To access value position and length after successeful call to cdb_findnext() (when it returned positive result), use cdb_datapos() and cdb_datalen() macros with cdbp pointer. It is error to use cdb_findnext() after it returned 0 or - error condition. These routines is a bit slower than - cdb_find(). + error condition. These routines is a bit slower than cdb_find(). Setting KEY to NULL will start a sequential search through the entire DB. diff --git a/dirmngr/crlcache.h b/dirmngr/crlcache.h index 6e9dc28..0e60def 100644 --- a/dirmngr/crlcache.h +++ b/dirmngr/crlcache.h @@ -1,5 +1,5 @@ /* crlcache.h - LDAP access - * Copyright (C) 2002 Klar?lvdalens Datakonsult AB + * Copyright (C) 2002 Klar??lvdalens Datakonsult AB * * This file is part of DirMngr. * diff --git a/doc/contrib.texi b/doc/contrib.texi index bb558bd..0b19766 100644 --- a/doc/contrib.texi +++ b/doc/contrib.texi @@ -13,10 +13,10 @@ the maintainer if you have been left out or some of your contributions are not listed. David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils -Ellmenreich, R?mi Guyomarch, Stefan Bellon, Timo Schulz and Werner +Ellmenreich, R??mi Guyomarch, Stefan Bellon, Timo Schulz and Werner Koch wrote the code. Birger Langkjer, Daniel Resare, Dokianakis -Theofanis, Edmund GRIMLEY EVANS, Ga?l Qu?ri, Gregory Steuck, Nagy -Ferenc L?szl?, Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz +Theofanis, Edmund GRIMLEY EVANS, Ga??l Qu??ri, Gregory Steuck, Nagy +Ferenc L??szl??, Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz Aleksander Urbanowicz, Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, Magda Procha'zkova', Michael Anckaert, Michal Majer, Marco d'Itri, Nilgun Belma Buguner, Pedro Morais, Tedi Heriyanto, Thiago Jung @@ -26,7 +26,7 @@ and maintains the GNU Privacy Handbook. David Scribner is the current FAQ editor. Lorenzo Cappelletti maintains the web site. The new modularized architecture of gnupg 1.9 as well as the X.509/CMS -part has been developed as part of the ?gypten project. Direct +part has been developed as part of the ??gypten project. Direct contributors to this project are: Bernhard Herzog, who did extensive testing and tracked down a lot of bugs. Bernhard Reiter, who made sure that we met the specifications and the deadlines. He did extensive @@ -57,8 +57,8 @@ Lannert, Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas Calvert, Ed Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo Michelangeli, Ernst Molitor, Fabio Coatti, Felix von Leitner, fish stiqz, Florian Weimer, Francesco Potorti, Frank Donahoe, Frank -Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Ga?l -Qu?ri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni, +Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Ga??l +Qu??ri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni, Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian @@ -66,7 +66,7 @@ McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz A. Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J. Michael Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett, John -A. Martin, Johnny Teve?en, J?rg Schilling, Jos Backus, Joseph Walton, +A. Martin, Johnny Teve??en, J??rg Schilling, Jos Backus, Joseph Walton, Juan F. Codagnone, Jun Kuriyama, Kahil D. Jallad, Karl Fogel, Karsten Thygesen, Katsuhiro Kondou, Kazu Yamamoto, Keith Clayton, Kevin Ryde, Klaus Singvogel, Kurt Garloff, Lars Kellogg-Stedman, L. Sassaman, M @@ -77,10 +77,10 @@ Skala, Matthew Wilcox, Matthias Urlichs, Max Valianskiy, Michael Engels, Michael Fischer v. Mollard, Michael Roth, Michael Sobolev, Michael Tokarev, Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye, -Oliver Haakert, Oskari J??skel?inen, Pascal Scheffers, Paul D. Smith, +Oliver Haakert, Oskari J????skel??inen, Pascal Scheffers, Paul D. Smith, Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter Fales, Peter Gutmann, Peter Marschall, Peter Valchev, Piotr Krukowiecki, QingLong, -Ralph Gillen, Rat, Reinhard Wobst, R?mi Guyomarch, Reuben Sumner, +Ralph Gillen, Rat, Reinhard Wobst, R??mi Guyomarch, Reuben Sumner, Richard Outerbridge, Robert Joop, Roddy Strachan, Roger Sondermann, Roland Rosenfeld, Roman Pavlik, Ross Golder, Ryan Malayter, Sam Roberts, Sami Tolvanen, Sean MacLennan, Sebastian Klemke, Serge @@ -89,7 +89,7 @@ Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker, Steven Murdoch, Susanne Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen Klok, Thomas Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA Satoshi, Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen, -Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf M?ller, Urko +Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf M??ller, Urko Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann, Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki IIDA, Yoshihiro Kajiki and Gerlinde Klaes. ----------------------------------------------------------------------- Summary of changes: NEWS | 2 +- acinclude.m4 | 2 +- agent/command-ssh.c | 2 +- agent/command.c | 2 +- agent/gpg-agent.c | 2 +- agent/keyformat.txt | 4 ++-- agent/protect-tool.c | 2 +- common/asshelp.c | 2 +- common/b64enc.c | 2 +- common/recsel.c | 2 +- dirmngr/cdblib.c | 13 ++++++------- dirmngr/crlcache.h | 2 +- doc/DETAILS | 13 +++++++------ doc/HACKING | 2 +- doc/Notes | 16 ++++++++-------- doc/TRANSLATE | 4 ++-- doc/contrib.texi | 20 ++++++++++---------- doc/dirmngr.texi | 20 ++++++++++---------- doc/faq.org | 8 ++++---- doc/gpg-agent.texi | 2 +- doc/gpg.texi | 4 ++-- doc/gpgsm.texi | 4 ++-- doc/instguide.texi | 4 ++-- g10/armor.c | 2 +- g10/gpg.c | 2 +- g10/keyedit.c | 2 +- g10/mainproc.c | 2 +- g10/pkclist.c | 4 ++-- g10/tofu.c | 2 +- g13/sh-cmd.c | 2 +- g13/sh-dmcrypt.c | 2 +- kbx/keybox-init.c | 2 +- m4/pkg.m4 | 2 +- sm/call-dirmngr.c | 2 +- sm/gpgsm.c | 6 +++--- tests/Makefile.am | 2 +- tests/gpgscm/Manual.txt | 2 +- tests/gpgscm/scheme.c | 2 +- tests/openpgp/gpgv-forged-keyring.scm | 2 +- tests/openpgp/multisig.test | 4 ++-- tests/openpgp/verify.scm | 4 ++-- tests/pkits/README | 2 +- tools/applygnupgdefaults | 2 +- tools/gpg-connect-agent.c | 2 +- tools/mime-maker.c | 6 +++--- tools/mime-parser.c | 2 +- 46 files changed, 97 insertions(+), 97 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Sep 17 19:04:00 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Sat, 17 Sep 2016 19:04:00 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-126-g55675fa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 55675fa5a03969a896c8a7b19af22a2fd91d9747 (commit) from 7305d27f36148a7fb8c2f4ef5b94774cbd21b18e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 55675fa5a03969a896c8a7b19af22a2fd91d9747 Author: Daniel Kahn Gillmor Date: Sat Sep 17 11:34:35 2016 -0400 doc: Clarify forward-compatible expectations -- Encourage better parsers/interpreters of with-colons and status-fd output. Signed-off-by: Daniel Kahn Gillmor diff --git a/doc/DETAILS b/doc/DETAILS index 1411c71..a264e53 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -36,7 +36,9 @@ Note that new version of GnuPG or the use of certain options may add new fields to the output. Parsers should not assume a limit on the number of fields per line. Some fields are not yet used or only used with certain record types; parsers should ignore fields they are not -aware of. +aware of. New versions of GnuPG or the use of certain options may add +new types of records as well. Parsers should ignore any record whose +type they do not recognize for forward-compatibility. The double =--with-fingerprint= prints the fingerprint for the subkeys too. Old versions of gpg used a slightly different format and required @@ -358,8 +360,10 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: Every line is prefixed with "[GNUPG:] ", followed by a keyword with the type of the status line and some arguments depending on the type - (maybe none); an application should always be prepared to see new - keyworkds or more arguments in future versions. + (maybe none); an application should always be willing to ignore + unknown keywords that may be emitted by future versions of GnuPG. + Also, new versions of GnuPG may add arguments to existing keywords. + Any additional arguments should be ignored for forward-compatibility. ** General status codes *** NEWSIG [] ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 08:31:08 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 19 Sep 2016 08:31:08 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-127-g18bbefa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 18bbefa27f9e47e1062ee4d7af09487632795ba7 (commit) from 55675fa5a03969a896c8a7b19af22a2fd91d9747 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 18bbefa27f9e47e1062ee4d7af09487632795ba7 Author: Werner Koch Date: Mon Sep 19 08:27:23 2016 +0200 gpg: Avoid malloc failure due to no key signatures * g10/keyedit.c (check_all_keysigs): Check early for no key signatures. Use xtrycalloc. -- GnuPG-bug-id: 2690 Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index 87e69b0..cd16ec9 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -408,20 +408,31 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) /* First we look for duplicates. */ { - int nsigs = 0; - KBNODE *sigs; + int nsigs; + kbnode_t *sigs; int i; int last_i; /* Count the sigs. */ - for (n = kb; n; n = n->next) - if (is_deleted_kbnode (n)) - continue; - else if (n->pkt->pkttype == PKT_SIGNATURE) - nsigs ++; + for (nsigs = 0, n = kb; n; n = n->next) + { + if (is_deleted_kbnode (n)) + continue; + else if (n->pkt->pkttype == PKT_SIGNATURE) + nsigs ++; + } + + if (!nsigs) + return 0; /* No signatures at all. */ /* Add them all to the SIGS array. */ - sigs = xmalloc_clear (sizeof (*sigs) * nsigs); + sigs = xtrycalloc (nsigs, sizeof *sigs); + if (!sigs) + { + log_error (_("error allocating memory: %s\n"), + gpg_strerror (gpg_error_from_syserror ())); + return 0; + } i = 0; for (n = kb; n; n = n->next) ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 08:44:50 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 19 Sep 2016 08:44:50 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-128-g47baeac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 47baeac50ccaaf06dc8b0cebece50f47754de6ca (commit) from 18bbefa27f9e47e1062ee4d7af09487632795ba7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 47baeac50ccaaf06dc8b0cebece50f47754de6ca Author: Werner Koch Date: Mon Sep 19 08:41:51 2016 +0200 gpgscm: Fix gcrypt version check. * tests/gpgscm/main.c (main): Check against required and not installed version. Signed-off-by: Werner Koch diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c index 9aef1f3..02681ff 100644 --- a/tests/gpgscm/main.c +++ b/tests/gpgscm/main.c @@ -230,7 +230,7 @@ main (int argc, char **argv) i18n_init (); init_common_subsystems (&argc, &argv); - if (!gcry_check_version (GCRYPT_VERSION)) + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) { fputs ("libgcrypt version mismatch\n", stderr); exit (2); ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 08:45:02 2016 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Mon, 19 Sep 2016 08:45:02 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-380-g9d62bac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 9d62bacac7826cb73bb18fac7268f3d2df662d7b (commit) from a8ff34fc3025af4079cede7f8f9fdf40189b8638 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9d62bacac7826cb73bb18fac7268f3d2df662d7b Author: Ben Kibbey Date: Sat Sep 3 19:06:36 2016 -0400 core: Check for GPG_TTY as well as DISPLAY. * src/engine-assuan.c (llass_new): Update --ttyname from GPG_TTY. * src/engine-g13.c (g13_new): Ditto. * src/engine-gpg.c (gpg_new): Ditto. * src/engine-uiserver.c (uiserver_new): Ditto. * src/engine-gpgsm.c (gpgsm_new): Ditto. -- Useful when no DISPLAY is set and there is no attached terminal to the current process. Signed-off-by: Ben Kibbey diff --git a/src/engine-assuan.c b/src/engine-assuan.c index f5e202a..65924eb 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -219,6 +219,7 @@ llass_new (void **engine, const char *file_name, const char *home_dir, gpgme_error_t err = 0; engine_llass_t llass; char *optstr; + char *env_tty = NULL; (void)version; /* Not yet used. */ @@ -280,13 +281,24 @@ llass_new (void **engine, const char *file_name, const char *home_dir, } } - if (llass->opt.gpg_agent && isatty (1)) + if (llass->opt.gpg_agent) + err = _gpgme_getenv ("GPG_TTY", &env_tty); + + if (llass->opt.gpg_agent && (isatty (1) || env_tty || err)) { - int rc; + int rc = 0; char dft_ttyname[64]; char *dft_ttytype = NULL; - rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); + if (err) + goto leave; + else if (env_tty) + { + snprintf (dft_ttyname, sizeof (dft_ttyname), "%s", env_tty); + free (env_tty); + } + else + rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); /* Even though isatty() returns 1, ttyname_r() may fail in many ways, e.g., when /dev/pts is not accessible under chroot. */ diff --git a/src/engine-g13.c b/src/engine-g13.c index 313e2ad..d34db82 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -222,6 +222,7 @@ g13_new (void **engine, const char *file_name, const char *home_dir, const char *argv[5]; char *dft_display = NULL; char dft_ttyname[64]; + char *env_tty = NULL; char *dft_ttytype = NULL; char *optstr; @@ -284,11 +285,20 @@ g13_new (void **engine, const char *file_name, const char *home_dir, goto leave; } - if (isatty (1)) + err = _gpgme_getenv ("GPG_TTY", &env_tty); + if (isatty (1) || env_tty || err) { - int rc; + int rc = 0; - rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); + if (err) + goto leave; + else if (env_tty) + { + snprintf (dft_ttyname, sizeof (dft_ttyname), "%s", env_tty); + free (env_tty); + } + else + rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); /* Even though isatty() returns 1, ttyname_r() may fail in many ways, e.g., when /dev/pts is not accessible under chroot. */ diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 025657a..8bb348f 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -454,6 +454,7 @@ gpg_new (void **engine, const char *file_name, const char *home_dir, char *dft_display = NULL; char dft_ttyname[64]; char *dft_ttytype = NULL; + char *env_tty = NULL; gpg = calloc (1, sizeof *gpg); if (!gpg) @@ -560,11 +561,20 @@ gpg_new (void **engine, const char *file_name, const char *home_dir, goto leave; } - if (isatty (1)) + rc = _gpgme_getenv ("GPG_TTY", &env_tty); + if (isatty (1) || env_tty || rc) { - int err; + int err = 0; - err = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); + if (rc) + goto leave; + else if (env_tty) + { + snprintf (dft_ttyname, sizeof (dft_ttyname), "%s", env_tty); + free (env_tty); + } + else + err = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); /* Even though isatty() returns 1, ttyname_r() may fail in many ways, e.g., when /dev/pts is not accessible under chroot. */ diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 49cf061..e7e2a20 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -253,6 +253,7 @@ gpgsm_new (void **engine, const char *file_name, const char *home_dir, #endif char *dft_display = NULL; char dft_ttyname[64]; + char *env_tty = NULL; char *dft_ttytype = NULL; char *optstr; @@ -410,11 +411,20 @@ gpgsm_new (void **engine, const char *file_name, const char *home_dir, goto leave; } - if (isatty (1)) + err = _gpgme_getenv ("GPG_TTY", &env_tty); + if (isatty (1) || env_tty || err) { - int rc; + int rc = 0; - rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); + if (err) + goto leave; + else if (env_tty) + { + snprintf (dft_ttyname, sizeof (dft_ttyname), "%s", env_tty); + free (env_tty); + } + else + rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); /* Even though isatty() returns 1, ttyname_r() may fail in many ways, e.g., when /dev/pts is not accessible under chroot. */ diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index d855c74..63e77de 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -248,6 +248,7 @@ uiserver_new (void **engine, const char *file_name, const char *home_dir, engine_uiserver_t uiserver; char *dft_display = NULL; char dft_ttyname[64]; + char *env_tty = NULL; char *dft_ttytype = NULL; char *optstr; @@ -330,11 +331,20 @@ uiserver_new (void **engine, const char *file_name, const char *home_dir, goto leave; } - if (isatty (1)) + err = _gpgme_getenv ("GPG_TTY", &env_tty); + if (isatty (1) || env_tty || err) { - int rc; + int rc = 0; - rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); + if (err) + goto leave; + else if (env_tty) + { + snprintf (dft_ttyname, sizeof (dft_ttyname), "%s", env_tty); + free (env_tty); + } + else + rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); /* Even though isatty() returns 1, ttyname_r() may fail in many ways, e.g., when /dev/pts is not accessible under chroot. */ ----------------------------------------------------------------------- Summary of changes: src/engine-assuan.c | 18 +++++++++++++++--- src/engine-g13.c | 16 +++++++++++++--- src/engine-gpg.c | 16 +++++++++++++--- src/engine-gpgsm.c | 16 +++++++++++++--- src/engine-uiserver.c | 16 +++++++++++++--- 5 files changed, 67 insertions(+), 15 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 08:46:18 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 19 Sep 2016 08:46:18 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.1.15-128-g47baeac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 47baeac50ccaaf06dc8b0cebece50f47754de6ca (commit) via 18bbefa27f9e47e1062ee4d7af09487632795ba7 (commit) via 55675fa5a03969a896c8a7b19af22a2fd91d9747 (commit) via 7305d27f36148a7fb8c2f4ef5b94774cbd21b18e (commit) via 0d67241e317b172a258a910c02d90639e2b08fce (commit) via 215180d1ce6c93e2b4969d746c83ac4c055d25ef (commit) via 6e930f0e4077bc7aa3d28b1ba649a82d62427d87 (commit) via 3825847300700a94ac98a24c6db7cf81057b372c (commit) via 221b0bd0e5946edaea7135bc3b6f3c5c0fc6dbca (commit) via c2e563421e4fd4f0910642aa7b171bcf0b374b01 (commit) via af196342bf44ce6dc42111d37539dec7ee3b3d82 (commit) via 4ab8107063b641ed74fc4c9bf98304bcea573178 (commit) via dd06d33655bc872a6310edac8e448419479d3312 (commit) via c0e620cee86b5dacc941964bd187bba0dfa90eea (commit) via 3f7f7447316f57d002d683af4ad30ac5730b9ebe (commit) via dcc64663051f8af82abc11e2699649c3b35936db (commit) via 3248182d1b5a03098ee797c980fa0f0ec06e716f (commit) via 167273ee9d3c04f29835aa2d12fde52eebf61efb (commit) via 7fafc3c49901c118b47d4d13a41fb3575c1f9e4b (commit) via 68eb5fbd37c31ed7c0c916656131eea7bb58d13d (commit) via 9799b5d18f8fd29872b75c4d70d370af2b4e9a89 (commit) via 05b2b13efd8ecea86d31af863cbf82c8b38dc94f (commit) via ca91caabb5798f67c69ee96657c7cb402e7db0df (commit) via 9d62b79e62ef2690e6522fe1621140fbfc10695c (commit) via 8df8aa13c795e400324a782fbaea578c8f2a1398 (commit) via f4e11f2e9e8f58fd5f0df3148e6d7ccef0f84232 (commit) via 0fd332bc1f6f1f10c96da0cc91203925d3ac81eb (commit) via 30a011cfd6ec172cc460e59f0904a26fe2d68632 (commit) via 9da780e5c4b32ea81ba47bf36f17100d208b8b4f (commit) via 31fc420727f45dd081f8ad5d056da6675dad29f2 (commit) via aa81e32df7189c3eb44d4c602fd63f5b3f6a9e49 (commit) via eddcba038025cdbd58aaf67cafd6d83f0ea042d5 (commit) via 937ec53eff290c3d916faebc23218c9272671c02 (commit) via d757009a24eb856770fc3a3729e2f21f54d2a618 (commit) via 30a9f53a0f2af6b98c26b8ddc0b4b87c38416f2a (commit) via a8363b7d0bcc77b55226d5fe8f972214c968ddc3 (commit) via bbe940c095f2bca7a1ca5f8e68ca1af98350a885 (commit) via 6308c300196ae85fd82ed383217219e0206640a4 (commit) via bde29a46cedbbd2a5dfe7c91a6277c0a4ff50825 (commit) via a937eef2d4e80cd43095802176d3db5e7fd94008 (commit) via ee06b3f7889bd99c28ac68f4781bda77d67eed00 (commit) via 7b3e8572e3bb8a65d20577a48009251fdc7b1910 (commit) via 56c18408d4955713d9c4e634367c7912d6564651 (commit) via 1f90d3c71e3e48d0c4b7722a607464876bb71794 (commit) via 97a67d42dc946b2d6ed81723d86e37002b5931b3 (commit) via c894fa8d375e94d5577249c729e48ce882c07a56 (commit) via 13ddc17ddb266d74033d5739fec932034fa85c72 (commit) via ee19eacd1d688d3a98cd66e5ef2f42079eb829f1 (commit) via 67cef405cbfad2e53fc388dd6591ee4f7cb0d973 (commit) via 875ac9216f1383851a82bd240cadb17c7112f6a8 (commit) via a9e6db6c7e23d9f4b8de59f5cabbf9eb6a59e626 (commit) via f2249b737055f84842778285bbeff5e61fa55225 (commit) via 213b3cf465fb091dc0a205d1a08b88b950ffb85f (commit) via 650356148af43ea619bec12e599a4981b147d5f8 (commit) via 46c4333c372f0e1ad2aadc411490c2a330b4c5a6 (commit) via c97bde2dfeab23a84b4788d998934ac49ff5b797 (commit) via 845e2cc201d6a2cdb151e39e29516d26cb49311c (commit) via 9082bde01cc18e32504ce39d55ea6dd3c05dddec (commit) via 0b99d1fd2a80b8efaacc731027d2b2ecd9eca699 (commit) via 2eeb5551c37659fdd59e8537fc77a9e7fb6a9204 (commit) via 1f1f56e606c1cb28eec68c60bd8bcb7ab30805de (commit) via 65a7563edbbab8f93fe901f932065687508788de (commit) via 059c79d8b447a3baa9ad0b4d3367bdb64dd2ef3b (commit) via e33111fcdac08ed2ddfbdf59b1f790569b42f695 (commit) via c39be0add8835c9bcc25bdd40e99e828aca56204 (commit) via de623474db3ba402c9bbd872ab6f932f46cbdde9 (commit) via 0ac671f8a2b65a4b339f615c6420287a549779fa (commit) via 0a4a03e5310946b0866a0f6a34031eda7a240162 (commit) via 959cd8903fd012e63dbb156db56708dd3934b5df (commit) via c8e0d37f4152d1341ef562a190fce93a0386a759 (commit) via f9e49c80e706a27d5e30d4b3237ff26367a67130 (commit) via 18a808bccf543d563239f93257aee40aa1b5a475 (commit) via 46362cbc0e2260e989820795a6e4245c72335172 (commit) via 505ee45106d6aa2902bbdd6326f8eb7527c273c4 (commit) via fc445b36fafc8a4cc3ce5a675ac42df7a9d9a02a (commit) via 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 (commit) via d1ae7103352fbda2a05f098379cd3043a0ab5566 (commit) via 8b6c0bae33bdc36892f4595806665ce61f77dfd2 (commit) via afdfc954b35370fbf03aaf8dc0e496410923aa4e (commit) via 85fad6c34c08b2850580e0644faba62d3a501b84 (commit) via b410a3cb7683fc7c2a253e23130c44df42a6203c (commit) via 38d369de13acb95208a0ed8d1cf82ac19173688f (commit) via fde9fa81d3d3b25a929b532cc1960d9d9f454a0c (commit) via 6bdadae00512b4907826f6754cdb220d06e1ac6d (commit) via 37e3c897252babc203447be9d2f286a4507875ad (commit) via 44690befad49589e5083b4998a1a79eebf297d01 (commit) via 3d44e5e8a8d1d8bf6cf5d387f50d75f84d804412 (commit) via f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb (commit) via 0cb0ea1633955fb7acd33fe993a4ae4e96e83ae3 (commit) via 00c2850393ecc320f591f511c3534286964780c2 (commit) via 3e67b50490aef087b5769bb35145d23f6657780f (commit) via 4cbd2a690c5e5ed2dff49c1f4fc867b31fca689a (commit) via babeb6f8a9b1f8341652145bad58be6cd49e0712 (commit) via 04c042f3f2a631bc6e772c33f8da5e7aa7b1902a (commit) via e4eac16330449f3893c11820c15e07d58fb807ff (commit) via edfb6934caf16c6afcfd82d684d8ae9c79674d10 (commit) via b69b2cb082e39a7eb56082fa80219f6f14fbd2b4 (commit) via 28c235ae757e9036b0b96efc28931fa5cc74f7ee (commit) via 5b48960a8a2555db7bf992261de9e922838c9913 (commit) via e4d5e3cb0d10e8f77c7100d42cfdb32051de1c18 (commit) via 247eef005cf4c34e9a82227e4ab7823e04911be4 (commit) via 70df5a8fd781d8774d835384ca28c4d8518bb9d0 (commit) via 268f6b7a3403d036882b4af384ba7ab2f8c8355f (commit) via b8184d2d74e5ddd5eb68836b53fe5568110e14dd (commit) via 76304a971fe507ea659b952932ea899463ab7166 (commit) via 371ae66e9d5c7524431773c4a479fcae1ea3b652 (commit) via 3beeaa70bdbde65f93adbb30d52b9c376963ac42 (commit) via d0451440c036106895a291f9ca1c53c2d5159f8f (commit) via 6052c147091935fc0321ba24f4a44146df70ef01 (commit) via 33e97813d72996d22a295773c64261f5588ce9dd (commit) via 4c2abb221b29c9e8e0876fe986472b562ee1c99f (commit) via 0858f141a8b8d0c098a0c6097176b7225c4a9db8 (commit) via 8dda861ad80228da76cd5c97467008c87b8b6eee (commit) via 8b3e691ffbaaa218d309d5aaf8f37532308558ff (commit) via 8e3fa5a4b205c534de2142e5d071712f957cf06a (commit) via 2aa0701013f703ad93e17da3345c493c08aa04ee (commit) via bdbd03608b6f508ac4732f9986a046de8a85a311 (commit) via 0a5a854510fda6e6990938a3fca424df868fe676 (commit) via 74a082bc10960b2d65d4d1e31152f988a40a2225 (commit) via 19d12be3cea5b4ee8153287a2f2442913a5e07a1 (commit) via 0f1f02acc1cdcc2cf74a97b05507bb1f062f8af2 (commit) via 5eb2682686b32bd82096924eeabd0c5bd347adfd (commit) via 460568d341851ac79dd100e00e4eafcac1318148 (commit) via 95e9a97b32623eeab03cb8e86a00f810c18bcd5f (commit) via 54245979e691129ed9d3a6c642087fb8d3227449 (commit) via c47386a11a32c5ed3b5a31fad5c3e9a9a020ca7b (commit) via 62f3e0027724b23c0de5be6d1e66cfdeef7e7bc9 (commit) from d4bd9743cfb888ee89d2c42eb681788489f52d47 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: NEWS | 2 +- acinclude.m4 | 2 +- agent/call-scd.c | 21 +- agent/command-ssh.c | 2 +- agent/command.c | 55 +- agent/gpg-agent.c | 81 +- agent/keyformat.txt | 4 +- agent/protect-tool.c | 2 +- common/asshelp.c | 20 +- common/asshelp.h | 5 +- common/b64enc.c | 2 +- common/exechelp-posix.c | 200 +- common/get-passphrase.c | 2 +- common/gettime.c | 26 +- common/init.c | 3 + common/logging.c | 53 +- common/logging.h | 1 + common/mbox-util.c | 22 +- common/mbox-util.h | 18 +- common/name-value.c | 7 +- common/openpgp-oid.c | 8 +- common/recsel.c | 59 +- common/simple-pwquery.c | 21 +- common/t-recsel.c | 33 + common/util.h | 2 +- configure.ac | 8 + dirmngr/Makefile.am | 16 +- dirmngr/cdblib.c | 13 +- dirmngr/crlcache.h | 2 +- dirmngr/dirmngr.c | 105 +- dirmngr/dirmngr.h | 3 + dirmngr/server.c | 93 +- doc/DETAILS | 57 +- doc/HACKING | 2 +- doc/Notes | 16 +- doc/TRANSLATE | 4 +- doc/contrib.texi | 20 +- doc/dirmngr.texi | 29 +- doc/faq.org | 8 +- doc/gpg-agent.texi | 13 +- doc/gpg.texi | 92 +- doc/gpgsm.texi | 5 +- doc/gpgv.texi | 10 + doc/help.txt | 15 +- doc/instguide.texi | 4 +- doc/scdaemon.texi | 3 +- doc/tools.texi | 8 +- g10/Makefile.am | 2 +- g10/armor.c | 2 +- g10/cpr.c | 27 + g10/export.c | 86 +- g10/getkey.c | 17 +- g10/gpg.c | 30 +- g10/gpg.h | 3 +- g10/gpgcompose.c | 40 +- g10/gpgsql.c | 10 +- g10/gpgsql.h | 16 +- g10/gpgv.c | 15 + g10/import.c | 39 +- g10/keyedit.c | 36 +- g10/keygen.c | 89 +- g10/keyid.c | 4 +- g10/keylist.c | 112 +- g10/main.h | 3 + g10/mainproc.c | 182 +- g10/options.h | 1 + g10/packet.h | 14 +- g10/pkclist.c | 51 +- g10/pkglue.c | 60 +- g10/sig-check.c | 58 +- g10/sqrtu32.c | 244 ++ g10/sqrtu32.h | 14 + g10/test-stubs.c | 11 + g10/tofu.c | 2225 +++++++++++----- g10/tofu.h | 53 +- g10/trustdb.c | 122 +- g13/g13-syshelp.c | 2 +- g13/g13.c | 2 +- g13/sh-cmd.c | 2 +- g13/sh-dmcrypt.c | 2 +- kbx/Makefile.am | 3 +- kbx/keybox-init.c | 2 +- m4/pkg.m4 | 2 +- po/el.po | 4232 +++++++++++++++---------------- po/eo.po | 2000 +++++++-------- po/es.po | 2516 +++++++++--------- po/et.po | 2716 ++++++++++---------- po/gl.po | 2088 +++++++-------- po/hu.po | 3984 ++++++++++++++--------------- po/it.po | 760 +++--- po/ja.po | 12 +- po/pl.po | 3574 +++++++++++++------------- po/pt.po | 2432 +++++++++--------- po/ro.po | 3426 ++++++++++++------------- po/sk.po | 4038 ++++++++++++++--------------- scd/apdu.c | 48 - scd/apdu.h | 1 - scd/app-openpgp.c | 61 +- scd/ccid-driver.c | 72 - scd/command.c | 5 +- scd/scdaemon.c | 2 +- sm/call-dirmngr.c | 2 +- sm/gpgsm.c | 8 +- sm/server.c | 2 +- tests/Makefile.am | 2 +- tests/fake-pinentries/COPYING | 121 + tests/fake-pinentries/README.txt | 37 + tests/fake-pinentries/fake-pinentry.php | 27 + tests/fake-pinentries/fake-pinentry.pl | 27 + tests/fake-pinentries/fake-pinentry.py | 30 + tests/fake-pinentries/fake-pinentry.sh | 33 + tests/gpgscm/Manual.txt | 2 +- tests/gpgscm/main.c | 10 +- tests/gpgscm/scheme-private.h | 2 +- tests/gpgscm/scheme.c | 9 +- tests/openpgp/Makefile.am | 2 +- tests/openpgp/README | 30 +- tests/openpgp/gpgv-forged-keyring.scm | 2 +- tests/openpgp/multisig.scm | 2 +- tests/openpgp/multisig.test | 4 +- tests/openpgp/run-tests.scm | 80 +- tests/openpgp/setup.scm | 196 +- tests/openpgp/tofu.scm | 157 +- tests/openpgp/verify.scm | 77 +- tests/pkits/README | 2 +- tools/Makefile.am | 7 +- tools/applygnupgdefaults | 2 +- tools/call-dirmngr.c | 55 + tools/call-dirmngr.h | 1 + tools/ccidmon.c | 23 +- tools/gpg-connect-agent.c | 2 +- tools/gpg-wks-client.c | 83 +- tools/gpg-wks-server.c | 244 +- tools/gpg-wks.h | 14 + tools/gpgconf.c | 1 + tools/mime-maker.c | 6 +- tools/mime-parser.c | 2 +- tools/wks-util.c | 108 + 138 files changed, 20548 insertions(+), 17589 deletions(-) create mode 100644 g10/sqrtu32.c create mode 100644 g10/sqrtu32.h create mode 100644 tests/fake-pinentries/COPYING create mode 100644 tests/fake-pinentries/README.txt create mode 100755 tests/fake-pinentries/fake-pinentry.php create mode 100755 tests/fake-pinentries/fake-pinentry.pl create mode 100755 tests/fake-pinentries/fake-pinentry.py create mode 100755 tests/fake-pinentries/fake-pinentry.sh hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 09:17:40 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 19 Sep 2016 09:17:40 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-381-gdb23985 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via db2398512796f28f0f92e32e0de3180d93f76a26 (commit) from 9d62bacac7826cb73bb18fac7268f3d2df662d7b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit db2398512796f28f0f92e32e0de3180d93f76a26 Author: Werner Koch Date: Mon Sep 19 09:06:24 2016 +0200 doc: Mention language bindings in the manual. -- Signed-off-by: Werner Koch diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 18fb6d5..ec7ebb7 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -298,6 +298,13 @@ library. Experienced programmers might want to start looking at the examples at the end of the manual, and then only read up those parts of the interface which are unclear. +The documentation for the language bindings is currently not included +in this manual. Those languages bindings follow the general +programming model of @acronym{GPGME} but may provide some extra high +level abstraction on top of the @acronym{GPGME} style API. For now +please see the README files in the @file{lang/} directory of the +source distribution. + @node Features @section Features @@ -324,8 +331,11 @@ the programmer can focus on the other parts of the program, and still integrate strong cryptography in his application. Once support for @acronym{GPGME} has been added to a program, it is easy to add support for other crypto protocols once @acronym{GPGME} backends provide them. - at end table + at item it's language friendly + at acronym{GPGME} comes with languages bindings for several common +programming languages: Common Lisp, C++, Python 2, and Python 3. + at end table @node Overview @section Overview ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 10:03:31 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 19 Sep 2016 10:03:31 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-382-gd438cb5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via d438cb59a068b6f076e6bd70d3a2c46bc05ccb5c (commit) from db2398512796f28f0f92e32e0de3180d93f76a26 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d438cb59a068b6f076e6bd70d3a2c46bc05ccb5c Author: Andre Heinecke Date: Mon Sep 19 10:01:19 2016 +0200 qt: Add debug output for testTofuPolicy * lang/qt/tests/t-tofuinfo.cpp (testTofuPolicy): Add debug output. -- The debug output is only emitted before a failure of the test in case a keylisting of bravo at example.net fails which it should never do. diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index f40bf21..d76ff7b 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -299,6 +299,26 @@ private Q_SLOTS: auto result = job->exec(QStringList() << QStringLiteral("bravo at example.net"), false, keys); + if (keys.empty()) { + qDebug() << "bravo at example.net not found"; + qDebug() << "Error: " << result.error().asString(); + const auto homedir = QString::fromLocal8Bit(qgetenv("GNUPGHOME")); + qDebug() << "Homedir is: " << homedir; + QFileInfo fi(homedir + "/pubring.gpg"); + qDebug () << "pubring exists: " << fi.exists() << " readable? " + << fi.isReadable() << " size: " << fi.size(); + QFileInfo fi2(homedir + "/pubring.kbx"); + qDebug () << "keybox exists: " << fi2.exists() << " readable? " + << fi2.isReadable() << " size: " << fi2.size(); + + result = job->exec(QStringList(), false, keys); + foreach (const auto key, keys) { + qDebug() << "Key: " << key.userID(0).name() << " <" + << key.userID(0).email() + << ">\n fpr: " << key.primaryFingerprint(); + } + } + Q_ASSERT(!result.error()); Q_ASSERT(!keys.empty()); auto key = keys[0]; Q_ASSERT(!key.isNull()); ----------------------------------------------------------------------- Summary of changes: lang/qt/tests/t-tofuinfo.cpp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 10:06:19 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 19 Sep 2016 10:06:19 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-130-g293d265 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 293d265290e0556f57f4812d66b6be87a3b91b9a (commit) via 3899041cd2877ce9584c7bd149f232f35a07c399 (commit) from 47baeac50ccaaf06dc8b0cebece50f47754de6ca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 293d265290e0556f57f4812d66b6be87a3b91b9a Author: Werner Koch Date: Mon Sep 19 10:01:31 2016 +0200 build: Distribute fake pinentries. -- Signed-off-by: Werner Koch diff --git a/tests/Makefile.am b/tests/Makefile.am index 1b25b78..d72f51e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -41,6 +41,11 @@ EXTRA_DIST = runtest inittests $(testscripts) ChangeLog-2011 \ text-1.txt text-2.txt text-3.txt \ text-1.osig.pem text-1.dsig.pem text-1.osig-bad.pem \ text-2.osig.pem text-2.osig-bad.pem \ + fake-pinentries/README.txt \ + fake-pinentries/fake-pinentry.php \ + fake-pinentries/fake-pinentry.pl \ + fake-pinentries/fake-pinentry.py \ + fake-pinentries/fake-pinentry.sh \ samplekeys/steed-self-signing-nonthority.pem \ samplekeys/68A638998DFABAC510EA645CE34F9686B2EDF7EA.key \ samplekeys/32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key \ commit 3899041cd2877ce9584c7bd149f232f35a07c399 Author: Werner Koch Date: Mon Sep 19 10:03:07 2016 +0200 doc: Update license information. * tests/fake-pinentries/COPYING: Rename to ... * COPYING.CC0: this. Add a note on the scope of this license. * COPYING.LIB: Add a note on the scope of this license. * AUTHORS (License): Mention CC) license. Signed-off-by: Werner Koch diff --git a/AUTHORS b/AUTHORS index 861258f..92b11b3 100644 --- a/AUTHORS +++ b/AUTHORS @@ -227,8 +227,10 @@ or later. Note that some files are under a combination of the GNU Lesser General Public License, version 3 and the GNU General Public License, version -2. A few other files carry the all permissive license note as found -at the bottom of this file. +2. A few files carry an all permissive license note as found at the +bottom of this file. Some small files are distributed under the +Creative Commons Zero (CC0-1.0-Universal) license which basically puts +them into the public domain. ========= diff --git a/tests/fake-pinentries/COPYING b/COPYING.CC0 similarity index 99% rename from tests/fake-pinentries/COPYING rename to COPYING.CC0 index 0e259d4..02ba366 100644 --- a/tests/fake-pinentries/COPYING +++ b/COPYING.CC0 @@ -1,3 +1,5 @@ +[Note that only a few files are distributed under this license.] + Creative Commons Legal Code CC0 1.0 Universal diff --git a/COPYING.LIB b/COPYING.LIB index fc8a5de..75885f4 100644 --- a/COPYING.LIB +++ b/COPYING.LIB @@ -1,3 +1,5 @@ +[Note that only a few files are distributed under this license.] + GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 @@ -10,7 +12,7 @@ the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. - 0. Additional Definitions. + 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU @@ -111,7 +113,7 @@ the following: a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked - Version. + Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the diff --git a/Makefile.am b/Makefile.am index bf12302..b589e72 100644 --- a/Makefile.am +++ b/Makefile.am @@ -25,8 +25,8 @@ DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-g13 \ GITLOG_TO_CHANGELOG=gitlog-to-changelog EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \ - ChangeLog-2011 po/ChangeLog-2011 build-aux/ChangeLog-2011 \ - VERSION README.GIT build-aux/gitlog-to-changelog \ + ChangeLog-2011 po/ChangeLog-2011 build-aux/ChangeLog-2011 \ + VERSION README.GIT build-aux/gitlog-to-changelog COPYING.CC0 \ build-aux/git-log-fix build-aux/git-log-footer \ build-aux/getswdb.sh \ build-aux/speedo.mk \ diff --git a/tests/fake-pinentries/README.txt b/tests/fake-pinentries/README.txt index 1b447c4..9272ae5 100644 --- a/tests/fake-pinentries/README.txt +++ b/tests/fake-pinentries/README.txt @@ -11,8 +11,9 @@ different languages, with the intent of making them available to developers who have different languages available. They are all licensed Creative Commons Zero (CC0-1.0-Universal, see -the COPYING file in this directory), so they should be reusable by any -project. Feel free to copy them into your own project's test suite. +the COPYING.CC0 file in GnuPG's top directory), so they should be +reusable by any project. Feel free to copy them into your own +project's test suite. Rationale --------- ----------------------------------------------------------------------- Summary of changes: AUTHORS | 6 ++++-- tests/fake-pinentries/COPYING => COPYING.CC0 | 2 ++ COPYING.LIB | 6 ++++-- Makefile.am | 4 ++-- tests/Makefile.am | 5 +++++ tests/fake-pinentries/README.txt | 5 +++-- 6 files changed, 20 insertions(+), 8 deletions(-) rename tests/fake-pinentries/COPYING => COPYING.CC0 (99%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 12:34:20 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 19 Sep 2016 12:34:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-131-g086d219 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 086d219d96caa3501048aff82a282481e07c195b (commit) from 293d265290e0556f57f4812d66b6be87a3b91b9a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 086d219d96caa3501048aff82a282481e07c195b Author: Justus Winter Date: Mon Sep 19 12:32:50 2016 +0200 g10: Fix memory leak. * g10/tofu.c (build_conflict_set): Free 'kb_all'. Signed-off-by: Justus Winter diff --git a/g10/tofu.c b/g10/tofu.c index b78279e..1bd8ce2 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1999,6 +1999,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email) log_assert (conflict_set); log_assert (conflict_set_count >= 1); } + xfree (kb_all); if (DBG_TRUST) { ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 12:51:20 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 19 Sep 2016 12:51:20 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-383-g65f6f68 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 65f6f68f0966346bf48475a04ca5c73a2828b6c4 (commit) from d438cb59a068b6f076e6bd70d3a2c46bc05ccb5c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 65f6f68f0966346bf48475a04ca5c73a2828b6c4 Author: Justus Winter Date: Mon Sep 19 12:49:14 2016 +0200 python: Improve metadata and READMEs. -- Signed-off-by: Justus Winter diff --git a/lang/README b/lang/README index 778c417..f7a1595 100644 --- a/lang/README +++ b/lang/README @@ -12,4 +12,4 @@ Directory Language cl Common Lisp cpp C++ qt Qt-Framework API -python Python 3 (port of PyME 0.9.0) +python Python 2 and 3 (port of PyME 0.9.0) diff --git a/lang/python/README b/lang/python/README index 08e9863..98c007e 100644 --- a/lang/python/README +++ b/lang/python/README @@ -1,27 +1,15 @@ -PyME - GPGME for Python emacs, please switch to -*- org -*- mode +PyME - GPGME for Python -*- org -*- ======================= -PyMe is a python interface to the GPGME library: +PyME is a python interface to the GPGME library: https://www.gnupg.org/related_software/gpgme/ -PyMe uses SWIG to create wrapper functions with automatic type -conversions. This way most of the functions and types are converted -from C into Python automatically by SWIG, reducing the maintenance -cost of the binginds. +PyME offers two interfaces, one is a high-level, curated, and +idiomatic interface that is implemented as a shim on top of the +low-level interface automatically created using SWIG. -* Authors - -PyME has been created by John Goerzen, and maintained, developed, and -cherished by Igor Belyi, Martin Albrecht, Ben McGinnes, and everyone -who contributed to it in any way. - -In 2016 we merged a port of PyME to into the GPGME repository, and -development will continue there. Please see the VCS history for the -list of contributors, and if you do find bugs, or want to contribute, -please get in touch and help maintain PyME. - -Please see the section 'History' further down this document for -references to previous versions. +This way we make simple things easy, while still providing the entire +functionality of the underlying library. * Mailing List @@ -37,6 +25,20 @@ Please report bugs using our bug tracker using the category 'gpgme', and topic 'python': https://bugs.gnupg.org/gnupg/ +* Authors + +PyME has been created by John Goerzen, and maintained, developed, and +cherished by Igor Belyi, Martin Albrecht, Ben McGinnes, and everyone +who contributed to it in any way. + +In 2016 we merged a port of PyME to into the GPGME repository, and +development will continue there. Please see the VCS history for the +list of contributors, and if you do find bugs, or want to contribute, +please get in touch and help maintain PyME. + +Please see the section 'History' further down this document for +references to previous versions. + * History - The bindings have been merged into the GPGME repository in 2016. @@ -52,6 +54,6 @@ https://bugs.gnupg.org/gnupg/ http://pyme.sourceforge.net/ - A previous version of PyME v0.5.1 which works with GPGME v0.3.15 - can be found on John Goerzen's PyMe page: + can be found on John Goerzen's PyME page: http://quux.org/devel/pyme/ http://www.complete.org/JohnGoerzen diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index d513c49..31892c1 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -176,6 +176,7 @@ setup(name="pyme3", 'Development Status :: 4 - Beta', 'Intended Audience :: Developers', 'License :: OSI Approved :: GNU Lesser General Public License v2 or later (LGPLv2+)', + 'Programming Language :: Python :: 2', 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3', 'Programming Language :: Python :: 3.4', ----------------------------------------------------------------------- Summary of changes: lang/README | 2 +- lang/python/README | 42 ++++++++++++++++++++++-------------------- lang/python/setup.py.in | 1 + 3 files changed, 24 insertions(+), 21 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 12:51:42 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 19 Sep 2016 12:51:42 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-132-g5bf1fac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5bf1facc973eb6e0bfab0f8f17129534dec56e04 (commit) from 086d219d96caa3501048aff82a282481e07c195b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5bf1facc973eb6e0bfab0f8f17129534dec56e04 Author: Werner Koch Date: Mon Sep 19 11:47:29 2016 +0200 dirmngr: Silence diagnostics about starting housekeeping. * dirmngr/dirmngr.c (housekeeping_thread): Print info only in very verbose mode. Signed-off-by: Werner Koch diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 499115f..64d93b7 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -1715,12 +1715,12 @@ housekeeping_thread (void *arg) return NULL; } sentinel++; - if (opt.verbose) + if (opt.verbose > 1) log_info ("starting housekeeping\n"); ks_hkp_housekeeping (curtime); - if (opt.verbose) + if (opt.verbose > 1) log_info ("ready with housekeeping\n"); sentinel--; return NULL; ----------------------------------------------------------------------- Summary of changes: dirmngr/dirmngr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 14:10:16 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 19 Sep 2016 14:10:16 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-385-g3f92253 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 3f92253e0e476d77aa11463bc51ade367985855f (commit) via 66febf9942c321d30b8770f6aa6cd6ce2315d34f (commit) from 65f6f68f0966346bf48475a04ca5c73a2828b6c4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3f92253e0e476d77aa11463bc51ade367985855f Author: Andre Heinecke Date: Mon Sep 19 14:09:44 2016 +0200 qt: Improve README * lang/qt/README: Add more content. Clearly note license difference. diff --git a/lang/qt/README b/lang/qt/README index f624f60..6360a5b 100644 --- a/lang/qt/README +++ b/lang/qt/README @@ -1,7 +1,109 @@ -Qt API bindings/wrapper for gpgme ----------------------------------------- -Based on KF5gpgmepp QGpgme and libkleo/backends/qgpgme +Qt API bindings/wrapper for GPGME +--------------------------------- +Based on KF5gpgmepp QGpgME and libkleo/backends/qgpgme +Please note that QGpgME has a different license (GPL only) +then GPGME itself. See the License secion in this +document for more information. + +Overview +-------- +QGpgme provides a very high level Qt API around GpgMEpp. +As such it depends on GpgMEpp additionally to GpgME. + +There are two general concepts in QGpgME. Data abstraction +through GpgMEpp's Dataprovider interface and the Job pattern. + +Data can be provided with QByteArrayDataProvider or +QIODeviceDataProvider which can be constructed from their +respective types. This means you can pass a QFile, QProcess, +QString, etc.. directly to GPGME. + +To provide a stable API / ABI and because of historic reasons +in libkleo (Where QGpgME was originally developed as an abstract +crypto backend) QGpgME only provides abstract interfaces as +public API while the actual implementation happens in the +private QGpgME prefixed classes. + +Usage +----- + +To use QGpgME first you need to obtain a Protocol class +either for CMS (S/MIME) or OpenPGP. This Protocol class +can then be used to create a Job. + +Each Job can be started asynchronusly and emits a result +signal when done. The jobs are deleted automatically +with QObject::deleteLater so they can be started without +result handlers. + +The result signal provides a tuple of objects with the +appropiate result information for this job. For historic +reasons each result signal also includes an AuditLog +and an AuditLog Error. These are only useful for +S/MIME signature validation but are part of other jobs +for API stability reasons. + +Some jobs like the verification or decryption jobs have +dedicated result classes. Each result class at least +has the member function error() that can be used +to check if a job failed. Additionally errors are emited +in the result signal. + +Jobs also provide progress signal whenever GnuPG emits +a progress status line. + +Most jobs also provide a way synchronusly execute them. +Please not that synchronus use does not cause the autodeletion +to take place so you have to manually delete them. + +Async usage: + + /* Create a job */ + EncryptJob *job = openpgp()->encryptJob(/*ASCII Armor */false, /* Textmode */ false); + /* Connect something to the result signal */ + connect(job, &EncryptJob::result, this, [] (const GpgME::EncryptionResult &result, + const QByteArray &cipherText, + const QString, + const GpgME::Error) { + /* Handle the result / do something with the ciphertext */ + }); + /* Start the job */ + job->start(keys, inptr, outptr, Context::AlwaysTrust); + /* Do not delete the job as it is autodeleted. */ + +Syncronus usage: + + /* Create a job */ + KeyListJob *listjob = openpgp()->keyListJob(false, false, false); + /* Prepare result vector */ + std::vector keys; + /* Execute it synchronusly */ + KeyListResult result = listjob->exec(QStringList() << QStringLiteral("alfa at example.net"), + false, keys); + /* Delete the job */ + delete listjob; + /* Work with the result */ + +See the generated documentation for more info on the classes +in QGpgME. (Subdir doc) + +Examples / Tests +---------------- + +The tests in the tests subdir can be used to get a better +idea of QGpgME's usage. They also serve to test the C++ +API. Kleopatra and KMails Messagelib also make extensive +use of QGpgME and can be used as further examples. + +Hacking +------- +QGpgME comes from a KDE background. As such it does not use +GNU Coding styles but KDE Coding styles. See: +https://techbase.kde.org/Policies/Frameworks_Coding_Style + +License +------- QGpgME is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the @@ -26,15 +128,3 @@ Qt. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. - -Overview --------- -QGpgme provides Qt API bindings around Gpgmepp. It depends on Gpgmepp. - -See the generated documentation for more info. - -Hacking -------- -QGpgME comes from a KDE background. As such it does not use -GNU Coding styles but KDE Coding styles. See: -https://techbase.kde.org/Policies/Frameworks_Coding_Style commit 66febf9942c321d30b8770f6aa6cd6ce2315d34f Author: Andre Heinecke Date: Mon Sep 19 14:09:19 2016 +0200 cpp: Improve README * lang/cpp/README: Add more content, move license to bottom. diff --git a/lang/cpp/README b/lang/cpp/README index d5f4093..b9a48da 100644 --- a/lang/cpp/README +++ b/lang/cpp/README @@ -1,22 +1,7 @@ -GpgMEpp - C++ bindings/wrapper for gpgme +GpgMEpp - C++ bindings/wrapper for GPGME ---------------------------------------- Based on KF5gpgmepp -GPGMEpp is free software; you can redistribute it and/or -modify it under the terms of the GNU Library General Public -License as published by the Free Software Foundation; either -version 2 of the License, or (at your option) any later version. - -GPGMEpp is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU Library General Public License for more details. - -You should have received a copy of the GNU Library General Public License -along with GPGME++; see the file COPYING.LIB. If not, write to the -Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -Boston, MA 02110-1301, USA. - Overview -------- @@ -41,20 +26,76 @@ The design principles of this library are as follows: itself, anyway (see e.g. Data). A notable exception of the no-virtuals rule is the use of abstract classes to cover C-callbacks. +6. Use of STL containers for improved memory management and + dealing with lists. +7. Complete abstraction of the C-API so "gpgme.h" should not + be needed in your project using GpgME++. +8. Abstraction of GnuPG's edit-key interface by prepared + Editinteractor classes. + +GpgMEpp was originally developed as part of the KDEPIM community. + +Usage +----- + +The usage pattern of GpgMEpp closely follows GPGMEs core usage +pattern so the documentation for GPGME itself provides a good +way to start. + +The context structure in GPGME is mapped to a Context object in +GpgMEpp. Additional convienience code provides Data objects and +a Dataprovider interface that can be used to implement GPGME's +data with any subclass by implementing the right callbacks. -GpgMEpp was originally developed as part of the KDEPIM community -in KDE 4 it was part of kdepimlibs/gpgme++ for KF5 Gpgmepp was -renamed to KF5GpgMEpp and moved into it's own repository. +EditInteractor subclasses provide ready to use classes for +common --edit-key tasks. You can implement your own editinteractor +classes by implementing the EditInteractor interface and using +your subclass as an interactor in the edit function. + +Example to set the ownertrust of a key: + + /* Create an edit interactor */ + EditInteractor *ei = new GpgSetOwnerTrustEditInteractor(Key::Ultimate); + /* Obtain a Context */ + Context *ctx = Context::createForProtocol(Protocol::OpenPGP); + /* Create an in memory data object */ + Data data; + /* Start the edit on some key previously obtained. */ + Error e = ctx->edit(key, std::unique_ptr(ei), data); + /* Errors provide boolean comparision */ + if (!e) + ... + /* Delete the context */ + delete ctx; + +Examples / Tests +---------------- + +GpgMEpp is tested through the Qt API. You can refer to the +tests in qt/tests for examples of usage or refer to +the actual QGpgME*Job.cpp implementations which rely +on GpgMEpp and should cover most use cases. Hacking ------- + GpgMEpp follows KDE Coding styles. See: https://techbase.kde.org/Policies/Frameworks_Coding_Style for more info. License ------- +GPGMEpp is free software; you can redistribute it and/or +modify it under the terms of the GNU Library General Public +License as published by the Free Software Foundation; either +version 2 of the License, or (at your option) any later version. -This library is licensed under the GNU Library General Public -License (LGPL), just as gpgme is. We feel that using a different -license than the one gpgme itself uses doesn't make sense. +GPGMEpp is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Library General Public License for more details. + +You should have received a copy of the GNU Library General Public License +along with GPGME++; see the file COPYING.LIB. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +Boston, MA 02110-1301, USA. ----------------------------------------------------------------------- Summary of changes: lang/cpp/README | 85 ++++++++++++++++++++++++++++----------- lang/qt/README | 120 +++++++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 168 insertions(+), 37 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 14:23:29 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 19 Sep 2016 14:23:29 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-386-ge892794 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via e89279442e3199a433468dd6e7ef9c38f57fece0 (commit) from 3f92253e0e476d77aa11463bc51ade367985855f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e89279442e3199a433468dd6e7ef9c38f57fece0 Author: Andre Heinecke Date: Mon Sep 19 14:21:45 2016 +0200 Add NEWS entry for qt/cpp -- diff --git a/NEWS b/NEWS index 5332432..b258f71 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,8 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] * New function gpgme_op_interact to replace the deprecated functions gpgme_op_edit and gpgme_op_card_edit. + * Bindings for C++ and Qt-Framework API are now included. + * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_pubkey_algo_string NEW. ----------------------------------------------------------------------- Summary of changes: NEWS | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 14:25:14 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 19 Sep 2016 14:25:14 +0200 Subject: [git] gnupg-doc - branch, master, updated. 13367dca28e4aff778ef7a9849e27549a801f22a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 13367dca28e4aff778ef7a9849e27549a801f22a (commit) from acf44a0babcabf2dc6aaf21d15431c022c585211 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 13367dca28e4aff778ef7a9849e27549a801f22a Author: Neal H. Walfield Date: Mon Sep 19 14:14:42 2016 +0200 blog: Add article about the OpenPGP.conf. diff --git a/misc/blog.gnupg.org/20160919-openpgp-conf.org b/misc/blog.gnupg.org/20160919-openpgp-conf.org new file mode 100644 index 0000000..198c2b2 --- /dev/null +++ b/misc/blog.gnupg.org/20160919-openpgp-conf.org @@ -0,0 +1,102 @@ +# OpenPGP.conf: A Success +#+STARTUP: showall +#+AUTHOR: Neal +#+DATE: September 19, 2016 + +On September 8th and 9th, the first [[https://www.gnupg.org/conf/program.html][OpenPGP.conf]] took place in K?ln, +Germany. The conference was organized by the [[German%20Unix%20User%20Group][German Unix User Group]] +(GUUG) and attracted over 50 participants from around the world. The +program consisted of 18 highly technical talks. Lunch and dinner were +provided at the venue, which resulted in lots of time to increase ties +between projects as well as exchange and develop ideas. + +From the GnuPG project, Werner presented an introduction to the new +[[https://www.gnupg.org/blog/20160830-web-key-service.html][web key service (WKS) protocol]], which is being deployed by several +mail providers including [[https://posteo.de][Posteo]]. The basic problem that WKS addresses +is how to find someone's key. Currently, most people just search the +key servers for keys matching the person's email address. Although +this works reasonably well, the [[https://www.ncsc.nl/english/current-topics/factsheets/duplicate-pgp-keys.html][recent evil32 attack]] has reminded many +people that the keyservers provide no guarantees that a returned key +is controlled by the stated owner. In WKS, people upload their keys +to their mail provider. Since only the email account's owner can +change the association, this is guaranteed to not only be the right +key, but the user's preferred key. Of course, users still need to +trust their mail provider to deliver the correct key. But, we believe +this provides a significant improvement both in terms of security and +usability over the status quo. Those requiring stronger guarantees +are still encouraged to either directly verify their communication +partner's key or use the web of trust. The German news site [[http://www.golem.de/news/web-key-service-openpgp-schluessel-ueber-https-verteilen-1609-123194.html][Golem +reported on Werner's presentation]]. Meskio from the LEAP project also +present [[https://meskio.net/openpgp.conf/#/][how LEAP is doing key discovery]]. Phillip Hallam-Baker +discussed [[https://www.gnupg.org/conf/2016/openpgp-2016-the-mathematical-mesh.pptx][key management in the Mesh]]. And, holger krekel discussed +[[https://www.gnupg.org/conf/2016/openpgp-2016-automatic-email-encryption-holger-krekel/index.html#/step-1][how to distribute keys inline]]. + +Justus discussed his proposal for [[https://www.gnupg.org/conf/2016/openpgp-2016-common-openpgp-testsuite.pdf][a common OpenPGP test suite]]. The +main problem that he observed in his recent work on the GPGME Python +bindings is that GPG, GPGME, and each of the GPGME bindings have their +own test suite that tests similar functionality to the other test +suites. His idea is to merge the common parts by defining a simple +interface, and having each component just map the API to its own API. + +Niibe presented his fully free cryptographic token, [[http://www.gniibe.org/pdf/openpgp-2016/gnuk-1_2.html][GnuK]] (pronounced: +???nu?k), which he started developing in 2010. The GnuK is special in +that it is the only cryptographic token that is based entirely on Free +Software, the entire hardware specification is open, and the parts are +relatively easy to buy. This is motivated not only by ethical +concerns, but also security concerns: being able to assemble it +yourself makes it harder for an adversary to inject a trojan during +production. Niibe also avoids specialized hardware. This has less to +do with making it easier to get the components, and more to do with +security: getting documentation for secure chips, for instance, +requires signing an NDA and, due to their specialized nature, are more +likely to have a backdoor. Instead, the GnuK uses a general purpose +CPU. To protect the secret key material, it uses the flash ROM +protection feature. There are currently discussions underway to +further increase the security of this by partially decrypting the +secret key material on the host with its much more capable CPU, which +would make a brute force attack significantly more expensive should +the key material be extracted. The GnuK can currently be ordered +either from [[https://www.seeedstudio.com/FST-01-without-Enclosure-p-1276.html][seeed]] or the [[https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator][FSF]]. + +Andre discussed [[https://files.intevation.de/users/aheinecke/gpgme.pdf][how to use GPGME]]. The main takeaway is that although +GPGME's API is sometimes inconveniently low-level and some features +are missing, it is much easier to interact with GPG using GPGME than +to build another parser to parse GPG's ~--status-fd~ output. +Moreover, language bindings, such as Andre's bindings for Qt, can +significantly simplify working with GPGME. + +Daniel reported on [[https://dkg.fifthhorseman.net/gnupg-in-debian-2016.svg][GnuPG in Debian]]. In particular, he discussed how +Debian is dealing with co-installing GnuPG 1.4 and GnuPG 2.1, +migration from 1.4 to 2.1, managing background processes, and system +integration. He also discussed some issues that he has observed with +packages that use GnuPG. In particular, their test suits often don't +test their use of GnuPG, because this requires so much effort. He +indicated that one thing that would make life easier would be standard +pinentry driver programs for different languages. He's since +submitted those for PHP, Perl, Python and Bash, and they will be part +of the next GnuPG release. + +Another talk included a discussion of encrypted mailing list software +and the current state of Schleuder by Iif and paz. Schleuder is +apparently the only encrypted mailing list software that currently +works (its also actively maintained). Its design, however, requires +that the mailing list server be able to decrypt the messages in order +to reencrypt them to all of the subscribers. The authors would like a +better solution, but, as they point out, there are ideas out there +(including my own proposal for [[http://hssl.cs.jhu.edu/~neal/encrypted-mailing-lists.pdf][practical encrypted mailing lists]]), but +none of them work today. This presentation was also [[http://www.golem.de/news/schleuder-wie-verschluesselt-man-eine-mailingliste-1609-123206.html][reported on by +Golem]]. + +One of my favorite talks was [[http://nskelsey.com/glbc-2016.pdf][Nick Skelsey's talk on GlobaLeaks]]. He +discussed typical leaking interactions, how their leaking platform +works, and the issues they face making the platform secure in the face +of non-technical users. + +Other talks included an overview of some [[http://www.intevation.de/~bernhard/presentations/201609-openpgpconf/20160908-3bsi-contracts.pdf][work that the German BSI has +contracted]], [[https://www.gnupg.org/conf/2016/openpgp-2016-a-few-concerns.pdf][an analysis of OpenPGP]], [[http://altlasten.lutz.donnerhacke.de/mitarb/lutz/vortrag/openpgp-history.pdf][a history of OpenPGP]], [[https://www.gnupg.org/conf/2016/openpgp-2016-openkeychain.pdf][OpenKeychain +UX decisions]], [[https://www.gnupg.org/conf/2016/openpgp-2016-bypass-pinentry.pdf][how to bypass pinentry]], [[https://sks-keyservers.net/files/2016-09_OpenPGP-Conf-sks-keyservers.pdf][an update on the sks keyservers]], +an overview of PEP, and an analysis of the keyserver data. + +Given our very positive reactions from the participants and our own +positive impressions, we expect there to be a second edition of the +conference in the near future. ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20160919-openpgp-conf.org | 102 ++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 misc/blog.gnupg.org/20160919-openpgp-conf.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 14:31:40 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 19 Sep 2016 14:31:40 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-387-ge3c3514 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via e3c35147d6adb754d4eb0781a54af2a8f0803663 (commit) from e89279442e3199a433468dd6e7ef9c38f57fece0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e3c35147d6adb754d4eb0781a54af2a8f0803663 Author: Andre Heinecke Date: Mon Sep 19 14:29:03 2016 +0200 core: Remove moc artifact * src/moc_kdpipeiodevice.cpp: Removed. * src/Makefile.am (EXTRA_DIST): Remove moc_kdpipeiodevice.cpp. -- This file was overlooked in 58ed9c17 which removed the unused and obsolete w32-qt code. See lang/qt QIODeviceDataProvider which replaced kdpipeiodevice. diff --git a/src/Makefile.am b/src/Makefile.am index c57ec8f..f166f3b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -18,9 +18,8 @@ ## Process this file with automake to produce Makefile.in -# Note: moc_kdpipeiodevice should actually be a dependecy below. EXTRA_DIST = gpgme-config.in gpgme.m4 libgpgme.vers ChangeLog-2011 \ - gpgme.h.in versioninfo.rc.in gpgme.def moc_kdpipeiodevice.cpp + gpgme.h.in versioninfo.rc.in gpgme.def bin_SCRIPTS = gpgme-config m4datadir = $(datadir)/aclocal diff --git a/src/moc_kdpipeiodevice.cpp b/src/moc_kdpipeiodevice.cpp deleted file mode 100644 index eac7b23..0000000 --- a/src/moc_kdpipeiodevice.cpp +++ /dev/null @@ -1,60 +0,0 @@ -/**************************************************************************** -** Meta object code from reading C++ file 'kdpipeiodevice.h' -** -** Created: Mon Aug 27 15:17:18 2007 -** by: The Qt Meta Object Compiler version 59 (Qt 4.3.0) -** -** WARNING! All changes made in this file will be lost! -*****************************************************************************/ - -#include "kdpipeiodevice.h" -#if !defined(Q_MOC_OUTPUT_REVISION) -#error "The header file 'kdpipeiodevice.h' doesn't include ." -#elif Q_MOC_OUTPUT_REVISION != 59 -#error "This file was generated using the moc from 4.3.0. It" -#error "cannot be used with the include files from this version of Qt." -#error "(The moc has changed too much.)" -#endif - -static const uint qt_meta_data_KDPipeIODevice[] = { - - // content: - 1, // revision - 0, // classname - 0, 0, // classinfo - 0, 0, // methods - 0, 0, // properties - 0, 0, // enums/sets - - 0 // eod -}; - -static const char qt_meta_stringdata_KDPipeIODevice[] = { - "KDPipeIODevice\0" -}; - -const QMetaObject KDPipeIODevice::staticMetaObject = { - { &QIODevice::staticMetaObject, qt_meta_stringdata_KDPipeIODevice, - qt_meta_data_KDPipeIODevice, 0 } -}; - -const QMetaObject *KDPipeIODevice::metaObject() const -{ - return &staticMetaObject; -} - -void *KDPipeIODevice::qt_metacast(const char *_clname) -{ - if (!_clname) return 0; - if (!strcmp(_clname, qt_meta_stringdata_KDPipeIODevice)) - return static_cast(const_cast< KDPipeIODevice*>(this)); - return QIODevice::qt_metacast(_clname); -} - -int KDPipeIODevice::qt_metacall(QMetaObject::Call _c, int _id, void **_a) -{ - _id = QIODevice::qt_metacall(_c, _id, _a); - if (_id < 0) - return _id; - return _id; -} ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 3 +-- src/moc_kdpipeiodevice.cpp | 60 ---------------------------------------------- 2 files changed, 1 insertion(+), 62 deletions(-) delete mode 100644 src/moc_kdpipeiodevice.cpp hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 17:55:23 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 19 Sep 2016 17:55:23 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-133-g9986436 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 998643666c016dbacf10f813c22efc97deadec65 (commit) from 5bf1facc973eb6e0bfab0f8f17129534dec56e04 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 998643666c016dbacf10f813c22efc97deadec65 Author: Werner Koch Date: Mon Sep 19 17:47:56 2016 +0200 gpg: Fix regression in fingerprint printing. * g10/keylist.c (list_keyblock_print): Do not depend calling print_fingerprint on opt.keyid_format. -- Regression-due-to: d757009a24eb856770fc3a3729e2f21f54d2a618 Debian-bug-id: 838153 Signed-off-by: Werner Koch diff --git a/g10/keylist.c b/g10/keylist.c index bef1e07..212d77e 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -909,7 +909,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, /* Print the "pub" line and in KF_NONE mode the fingerprint. */ print_key_line (es_stdout, pk, secret); - if (fpr && opt.keyid_format != KF_NONE) + if (fpr) print_fingerprint (NULL, pk, 0); if (opt.with_keygrip && hexgrip) ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 18:50:50 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 19 Sep 2016 18:50:50 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-138-g884e78e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 884e78efe1f3ba50513bf81c8b4804d22b25eac4 (commit) via 9a0659a65c52378de1c4736a0eddf8518eb20948 (commit) via 58007e52593e6b0f838de2e464ceeacf22757018 (commit) via ab483eff9a8254adf127cdee178e14ba74f0a2b3 (commit) via 83a406b38a21d0eeb4963db824a27783c212d2fb (commit) from 998643666c016dbacf10f813c22efc97deadec65 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 884e78efe1f3ba50513bf81c8b4804d22b25eac4 Author: Justus Winter Date: Mon Sep 19 18:45:44 2016 +0200 tests: Refine the repl function. * tests/gpgscm/repl.scm (repl): Add an argument 'environment'. (interactive-repl): Add an optional argument 'environment'. -- With this change, we can drop (interactive-repl (current-environment)) anywhere into the code and do some interactive debugging. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/repl.scm b/tests/gpgscm/repl.scm index 896554f..78b8151 100644 --- a/tests/gpgscm/repl.scm +++ b/tests/gpgscm/repl.scm @@ -20,25 +20,24 @@ ;; Interactive repl using 'prompt' function. P must be a function ;; that given the current entered prefix returns the prompt to ;; display. -(define (repl p) - (let ((repl-environment (make-environment))) - (call/cc - (lambda (exit) - (let loop ((prefix "")) - (let ((line (prompt (p prefix)))) - (if (and (not (eof-object? line)) (= 0 (string-length line))) - (exit (loop prefix))) - (if (not (eof-object? line)) - (let* ((next (string-append prefix line)) - (c (catch (begin (echo "Parse error:" *error*) - (loop prefix)) - (read (open-input-string next))))) - (if (not (eof-object? c)) - (begin - (catch (echo "Error:" *error*) - (echo " ===>" (eval c repl-environment))) - (exit (loop "")))) - (exit (loop next)))))))))) +(define (repl p environment) + (call/cc + (lambda (exit) + (let loop ((prefix "")) + (let ((line (prompt (p prefix)))) + (if (and (not (eof-object? line)) (= 0 (string-length line))) + (exit (loop prefix))) + (if (not (eof-object? line)) + (let* ((next (string-append prefix line)) + (c (catch (begin (echo "Parse error:" *error*) + (loop prefix)) + (read (open-input-string next))))) + (if (not (eof-object? c)) + (begin + (catch (echo "Error:" *error*) + (echo " ===>" (eval c environment))) + (exit (loop "")))) + (exit (loop next))))))))) (define (prompt-append-prefix prompt prefix) (string-append prompt (if (> (string-length prefix) 0) @@ -46,5 +45,6 @@ "> "))) ;; Default repl run by main.c. -(define (interactive-repl) - (repl (lambda (p) (prompt-append-prefix "gpgscm " p)))) +(define (interactive-repl . environment) + (repl (lambda (p) (prompt-append-prefix "gpgscm " p)) + (if (null? environment) (interaction-environment) (car environment)))) commit 9a0659a65c52378de1c4736a0eddf8518eb20948 Author: Justus Winter Date: Mon Sep 19 18:42:36 2016 +0200 tests: Implement interpreter shutdown using exceptions. * tests/gpgscm/ffi.c (ffi_init): Rename 'exit' to '_exit'. * tests/gpgscm/ffi.scm (*interpreter-exit*): New variable. (throw): New function. (exit): New function. -- This allows a proper cleanup of resources. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index 0816067..4559f10 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -1255,7 +1255,7 @@ ffi_init (scheme *sc, const char *argv0, const char *scriptname, ffi_define_function (sc, strerror); ffi_define_function (sc, getenv); ffi_define_function (sc, setenv); - ffi_define_function (sc, exit); + ffi_define_function_name (sc, "_exit", exit); ffi_define_function (sc, open); ffi_define_function (sc, fdopen); ffi_define_function (sc, close); diff --git a/tests/gpgscm/ffi.scm b/tests/gpgscm/ffi.scm index 7c2f93a..72a2a8f 100644 --- a/tests/gpgscm/ffi.scm +++ b/tests/gpgscm/ffi.scm @@ -42,3 +42,25 @@ ;; Pseudo-definitions for foreign functions. Evaluates to no code, ;; but serves as documentation. (macro (ffi-define form)) + +;; Runtime support. + +;; Low-level mechanism to terminate the process. +(ffi-define (_exit status)) + +;; High-level mechanism to terminate the process is to throw an error +;; of the form (*interpreter-exit* status). This gives automatic +;; resource management a chance to clean up. +(define *interpreter-exit* (gensym)) +(define (throw . x) + (cond + ((more-handlers?) + (apply (pop-handler) x)) + ((and (= 2 (length x)) (equal? *interpreter-exit* (car x))) + (_exit (cadr x))) + (else + (apply error x)))) + +;; Terminate the process returning STATUS to the parent. +(define (exit status) + (throw *interpreter-exit* status)) commit 58007e52593e6b0f838de2e464ceeacf22757018 Author: Justus Winter Date: Mon Sep 19 17:24:03 2016 +0200 tests: Correctly handle exceptions in resource handling macros. * tests/gpgscm/tests.scm (letfd): Correctly release resources when an exception is thrown. (with-working-directory): Likewise. (with-temporary-working-directory): Likewise. (lettmp): Likewise. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index 7b88e0e..71ca369 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -234,7 +234,9 @@ `((lambda (,(caaadr form)) (let ((,result-sym ,(if (= 1 (length (cadr form))) - `(begin ,@(cddr form)) + `(catch (begin (close ,(caaadr form)) + (apply throw *error*)) + ,@(cddr form)) `(letfd ,(cdadr form) ,@(cddr form))))) (close ,(caaadr form)) ,result-sym)) ,@(cdaadr form)))) @@ -243,7 +245,9 @@ (let ((result-sym (gensym)) (cwd-sym (gensym))) `(let* ((,cwd-sym (getcwd)) (_ (if ,(cadr form) (chdir ,(cadr form)))) - (,result-sym (begin ,@(cddr form)))) + (,result-sym (catch (begin (chdir ,cwd-sym) + (apply throw *error*)) + ,@(cddr form)))) (chdir ,cwd-sym) ,result-sym))) @@ -264,7 +268,10 @@ `(let* ((,cwd-sym (getcwd)) (,tmp-sym (mkdtemp)) (_ (chdir ,tmp-sym)) - (,result-sym (begin ,@(cdr form)))) + (,result-sym (catch (begin (chdir ,cwd-sym) + (unlink-recursively ,tmp-sym) + (apply throw *error*)) + ,@(cdr form)))) (chdir ,cwd-sym) (unlink-recursively ,tmp-sym) ,result-sym))) @@ -293,7 +300,9 @@ `((lambda (,(caadr form)) (let ((,result-sym ,(if (= 1 (length (cadr form))) - `(begin ,@(cddr form)) + `(catch (begin (remove-temporary-file ,(caadr form)) + (apply throw *error*)) + ,@(cddr form)) `(lettmp ,(cdadr form) ,@(cddr form))))) (remove-temporary-file ,(caadr form)) ,result-sym)) (make-temporary-file ,(symbol->string (caadr form)))))) commit ab483eff9a8254adf127cdee178e14ba74f0a2b3 Author: Justus Winter Date: Mon Sep 19 17:19:00 2016 +0200 tests: Refine exception handling. * tests/gpgscm/init.scm (catch): Bind all arguments to '*error*' in the error handler, update and fix comment. (*error-hook*): Revert to original definition. * tests/gpgscm/tests.scm (tr:do): Adapt accordingly. * tests/openpgp/issue2419.scm: Likewise. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/init.scm b/tests/gpgscm/init.scm index b32172b..f8fd71a 100644 --- a/tests/gpgscm/init.scm +++ b/tests/gpgscm/init.scm @@ -544,13 +544,14 @@ ; ; "Catch" establishes a scope spanning multiple call-frames until ; another "catch" is encountered. Within the recovery expression -; the thrown exception is bound to *error*. +; the thrown exception is bound to *error*. Errors can be rethrown +; using (apply throw *error*). ; ; Exceptions are thrown with: ; ; (throw "message") ; -; If used outside a (catch ...), reverts to (error "message) +; If used outside a (catch ...), reverts to (error "message") (define *handlers* (list)) @@ -573,13 +574,12 @@ (macro (catch form) (let ((label (gensym))) `(call/cc (lambda (**exit**) - (push-handler (lambda (*error*) (**exit** ,(cadr form)))) + (push-handler (lambda *error* (**exit** ,(cadr form)))) (let ((,label (begin ,@(cddr form)))) (pop-handler) ,label))))) -(define (*error-hook* . args) - (throw args)) +(define *error-hook* throw) ;;;;; Definition of MAKE-ENVIRONMENT, to be used with two-argument EVAL diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index 0738bc6..7b88e0e 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -411,7 +411,7 @@ (if error (begin (for-each remove-temporary-file tmpfiles') - (throw error))) + (apply throw error))) (loop tmpfiles' sink (cdr cmds)))))) (define (tr:open pathname) diff --git a/tests/openpgp/issue2419.scm b/tests/openpgp/issue2419.scm index efc42a6..1f87d1b 100755 --- a/tests/openpgp/issue2419.scm +++ b/tests/openpgp/issue2419.scm @@ -23,6 +23,6 @@ (lettmp (onebyte) (dearmor (in-srcdir "samplemsgs/issue2419.asc") onebyte) - (catch (assert (string-contains? *error* "invalid packet")) + (catch (assert (string-contains? (car *error*) "invalid packet")) (call-popen `(, at GPG --list-packets ,onebyte) "") (error "Expected an error but got none"))) commit 83a406b38a21d0eeb4963db824a27783c212d2fb Author: Justus Winter Date: Mon Sep 19 15:59:19 2016 +0200 tests: Use descriptive temporary file names. * tests/gpgscm/ffi.c (do_get_isotime): New function. (ffi_init): Add parameter 'scriptname', bind new function and scriptname. * tests/gpgscm/ffi.h (ffi_init): Update prototype. * tests/gpgscm/main.c (main): Hand in the script name. * tests/gpgscm/tests.scm (mkdtemp): Use current time and script name for the names of temporary directories. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index 57de286..0816067 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -460,6 +460,16 @@ do_rmdir (scheme *sc, pointer args) FFI_RETURN (sc); } +static pointer +do_get_isotime (scheme *sc, pointer args) +{ + FFI_PROLOG (); + gnupg_isotime_t timebuf; + FFI_ARGS_DONE_OR_RETURN (sc, args); + gnupg_get_isotime (timebuf); + FFI_RETURN_STRING (sc, timebuf); +} + /* estream functions. */ @@ -1209,7 +1219,8 @@ ffi_scheme_eval (scheme *sc, const char *format, ...) } gpg_error_t -ffi_init (scheme *sc, const char *argv0, int argc, const char **argv) +ffi_init (scheme *sc, const char *argv0, const char *scriptname, + int argc, const char **argv) { int i; pointer args = sc->NIL; @@ -1255,6 +1266,7 @@ ffi_init (scheme *sc, const char *argv0, int argc, const char **argv) ffi_define_function (sc, getcwd); ffi_define_function (sc, mkdir); ffi_define_function (sc, rmdir); + ffi_define_function (sc, get_isotime); /* Process management. */ ffi_define_function (sc, spawn_process); @@ -1288,6 +1300,7 @@ ffi_init (scheme *sc, const char *argv0, int argc, const char **argv) ffi_define_function_name (sc, "*set-verbose!*", set_verbose); ffi_define (sc, "*argv0*", sc->vptr->mk_string (sc, argv0)); + ffi_define (sc, "*scriptname*", sc->vptr->mk_string (sc, scriptname)); for (i = argc - 1; i >= 0; i--) { pointer value = sc->vptr->mk_string (sc, argv[i]); diff --git a/tests/gpgscm/ffi.h b/tests/gpgscm/ffi.h index 02dd99d..9bd710f 100644 --- a/tests/gpgscm/ffi.h +++ b/tests/gpgscm/ffi.h @@ -24,7 +24,7 @@ #include #include "scheme.h" -gpg_error_t ffi_init (scheme *sc, const char *argv0, +gpg_error_t ffi_init (scheme *sc, const char *argv0, const char *scriptname, int argc, const char **argv); #endif /* GPGSCM_FFI_H */ diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c index 02681ff..f7c6b0d 100644 --- a/tests/gpgscm/main.c +++ b/tests/gpgscm/main.c @@ -263,7 +263,8 @@ main (int argc, char **argv) if (! err) err = load (sc, "ffi.scm", 0, 1); if (! err) - err = ffi_init (sc, argv0, argc, (const char **) argv); + err = ffi_init (sc, argv0, script ? script : "interactive", + argc, (const char **) argv); if (! err) err = load (sc, "lib.scm", 0, 1); if (! err) diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index 8283eba..0738bc6 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -253,7 +253,10 @@ ;; generic name is used. (define (mkdtemp . components) (_mkdtemp (if (null? components) - (path-join (getenv "TMP") "gpgscm-XXXXXX") + (path-join (getenv "TMP") + (string-append "gpgscm-" (get-isotime) "-" + (basename-suffix *scriptname* ".scm") + "-XXXXXX")) (apply path-join components)))) (macro (with-temporary-working-directory form) ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/ffi.c | 17 +++++++++++++++-- tests/gpgscm/ffi.h | 2 +- tests/gpgscm/ffi.scm | 22 ++++++++++++++++++++++ tests/gpgscm/init.scm | 10 +++++----- tests/gpgscm/main.c | 3 ++- tests/gpgscm/repl.scm | 42 +++++++++++++++++++++--------------------- tests/gpgscm/tests.scm | 24 ++++++++++++++++++------ tests/openpgp/issue2419.scm | 2 +- 8 files changed, 85 insertions(+), 37 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 19 20:16:08 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 19 Sep 2016 20:16:08 +0200 Subject: [git] gnupg-doc - branch, master, updated. 6a2296632f4d2c528160f9f424ae9aafe00ffaa3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 6a2296632f4d2c528160f9f424ae9aafe00ffaa3 (commit) from 13367dca28e4aff778ef7a9849e27549a801f22a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6a2296632f4d2c528160f9f424ae9aafe00ffaa3 Author: Neal H. Walfield Date: Mon Sep 19 20:16:04 2016 +0200 blog: Minor edits. (Thanks Werner) diff --git a/misc/blog.gnupg.org/20160919-openpgp-conf.org b/misc/blog.gnupg.org/20160919-openpgp-conf.org index 198c2b2..16bb869 100644 --- a/misc/blog.gnupg.org/20160919-openpgp-conf.org +++ b/misc/blog.gnupg.org/20160919-openpgp-conf.org @@ -50,13 +50,13 @@ do with making it easier to get the components, and more to do with security: getting documentation for secure chips, for instance, requires signing an NDA and, due to their specialized nature, are more likely to have a backdoor. Instead, the GnuK uses a general purpose -CPU. To protect the secret key material, it uses the flash ROM -protection feature. There are currently discussions underway to -further increase the security of this by partially decrypting the -secret key material on the host with its much more capable CPU, which -would make a brute force attack significantly more expensive should -the key material be extracted. The GnuK can currently be ordered -either from [[https://www.seeedstudio.com/FST-01-without-Enclosure-p-1276.html][seeed]] or the [[https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator][FSF]]. +MCU (microcontroller unit). To protect the secret key material, it +uses the flash ROM protection feature. There are currently +discussions underway to further increase the security of this by +partially decrypting the secret key material on the host with its much +more capable CPU, which would make a brute force attack significantly +more expensive should the key material be extracted. The GnuK can +currently be ordered either from [[https://www.seeedstudio.com/FST-01-without-Enclosure-p-1276.html][seeed]] or the [[https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator][FSF]]. Andre discussed [[https://files.intevation.de/users/aheinecke/gpgme.pdf][how to use GPGME]]. The main takeaway is that although GPGME's API is sometimes inconveniently low-level and some features @@ -77,9 +77,9 @@ submitted those for PHP, Perl, Python and Bash, and they will be part of the next GnuPG release. Another talk included a discussion of encrypted mailing list software -and the current state of Schleuder by Iif and paz. Schleuder is +and the current state of Schleuder by Ilf and Paz. Schleuder is apparently the only encrypted mailing list software that currently -works (its also actively maintained). Its design, however, requires +works (it is also actively maintained). Its design, however, requires that the mailing list server be able to decrypt the messages in order to reencrypt them to all of the subscribers. The authors would like a better solution, but, as they point out, there are ideas out there @@ -97,6 +97,6 @@ contracted]], [[https://www.gnupg.org/conf/2016/openpgp-2016-a-few-concerns.pdf] UX decisions]], [[https://www.gnupg.org/conf/2016/openpgp-2016-bypass-pinentry.pdf][how to bypass pinentry]], [[https://sks-keyservers.net/files/2016-09_OpenPGP-Conf-sks-keyservers.pdf][an update on the sks keyservers]], an overview of PEP, and an analysis of the keyserver data. -Given our very positive reactions from the participants and our own +Given the very positive reactions from the participants and our own positive impressions, we expect there to be a second edition of the conference in the near future. ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20160919-openpgp-conf.org | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 02:33:13 2016 From: cvs at cvs.gnupg.org (by Ineiev) Date: Tue, 20 Sep 2016 02:33:13 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-139-g858af2b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 858af2b3473e436af53470d53cdac334edce9f09 (commit) from 884e78efe1f3ba50513bf81c8b4804d22b25eac4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 858af2b3473e436af53470d53cdac334edce9f09 Author: Ineiev Date: Fri Mar 4 14:33:39 2016 +0000 doc: Fix Martin Hellman's name. * doc/contrib.texi: Fix. diff --git a/doc/contrib.texi b/doc/contrib.texi index 0b19766..8a4fc86 100644 --- a/doc/contrib.texi +++ b/doc/contrib.texi @@ -95,7 +95,7 @@ Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki IIDA, Yoshihiro Kajiki and Gerlinde Klaes. This software has been made possible by the previous work of Chris -Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann +Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellman, Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson, Taher Elgamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA mathematicians and all the folks who have worked hard to create ----------------------------------------------------------------------- Summary of changes: doc/contrib.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 03:02:44 2016 From: cvs at cvs.gnupg.org (by Ineiev) Date: Tue, 20 Sep 2016 03:02:44 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-141-g20a27d8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 20a27d8a57c4c990fcada4278a1ce2e6fc9043e9 (commit) via fa346508fe323e61cf157ee30c13301e1d2117c0 (commit) from 858af2b3473e436af53470d53cdac334edce9f09 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 20a27d8a57c4c990fcada4278a1ce2e6fc9043e9 Author: Ineiev Date: Fri Mar 4 15:46:08 2016 +0000 doc: Fix "Not(e) that you can(not) abbreviate". * doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/scdaemon.texi, doc/tools.texi: Fix. diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index f5c180d..7b5c7e7 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -66,7 +66,7 @@ abbreviate this command. @item --help, -h @opindex help Print a usage message summarizing the most useful command-line options. -Not that you cannot abbreviate this command. +Note that you can abbreviate this command. @item --dump-options @opindex dump-options diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 30e1ae3..16e86bc 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -137,7 +137,7 @@ abbreviate this command. @itemx -h @opindex help Print a usage message summarizing the most useful command-line options. -Note that you cannot abbreviate this command. +Note that you can abbreviate this command. @item --dump-options @opindex dump-options diff --git a/doc/gpg.texi b/doc/gpg.texi index 75123fe..3bba11d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -141,7 +141,7 @@ cannot abbreviate this command. @itemx -h @opindex help Print a usage message summarizing the most useful command line options. -Note that you cannot abbreviate this command. +Note that you can abbreviate this command. @item --warranty @opindex warranty diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 74add01..202631a 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -85,7 +85,7 @@ cannot abbreviate this command. @item --help, -h @opindex help Print a usage message summarizing the most useful command-line options. -Note that you cannot abbreviate this command. +Note that you can abbreviate this command. @item --warranty @opindex warranty diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 0932380..3ab44ae 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -66,17 +66,17 @@ only one command is allowed. @table @gnupgtabopt @item --version @opindex version -Print the program version and licensing information. Not that you can +Print the program version and licensing information. Note that you cannot abbreviate this command. @item --help, -h @opindex help Print a usage message summarizing the most useful command-line options. -Not that you can abbreviate this command. +Note that you can abbreviate this command. @item --dump-options @opindex dump-options -Print a list of all available options and commands. Not that you can +Print a list of all available options and commands. Note that you cannot abbreviate this command. @item --server diff --git a/doc/tools.texi b/doc/tools.texi index 9fc735e..4427ffe 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1542,7 +1542,7 @@ abbreviate this command. @item --help, -h @opindex help Print a usage message summarizing the most useful command-line options. -Note that you cannot abbreviate this command. +Note that you can abbreviate this command. @item --quiet, -q @opindex quiet commit fa346508fe323e61cf157ee30c13301e1d2117c0 Author: Ineiev Date: Fri Mar 4 15:20:47 2016 +0000 doc: Fix typos. * doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi * doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi * doc/specify-user-id.texi, doc/tools.texi: Fix. diff --git a/doc/debugging.texi b/doc/debugging.texi index debdd40..5d7aa93 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -10,7 +10,7 @@ there is a need to track down problems. We call this debugging in a reminiscent to the moth jamming a relay in a Mark II box back in 1947. Most of the problems a merely configuration and user problems but -nevertheless there are the most annoying ones and responsible for many +nevertheless they are the most annoying ones and responsible for many gray hairs. We try to give some guidelines here on how to identify and solve the problem at hand. @@ -131,7 +131,7 @@ but Dirmngr's OCSP feature has not been enabled using The far most common reason for this is that the environment variable @code{GPG_TTY} has not been set correctly. Make sure that it has been -set to a real tty devce and not just to @samp{/dev/tty}; +set to a real tty device and not just to @samp{/dev/tty}; i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is @samp{GPG_TTY=`tty`} --- note the back ticks. Also make sure that this environment variable gets exported, that is you should follow up @@ -162,7 +162,7 @@ making use of ssh. @item Exporting a secret key without a certificate -I may happen that you have created a certificate request using +It may happen that you have created a certificate request using @command{gpgsm} but not yet received and imported the certificate from the CA. However, you want to export the secret key to another machine right now to import the certificate over there then. You can do this diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 8f984e3..f5c180d 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -102,7 +102,7 @@ so that @code{gpgsm} can help dirmngr. @item --fetch-crl @var{url} @opindex fetch-crl This command requires an URL as additional argument, and it will make -dirmngr try to retrieve an import the CRL from that @var{url} into +dirmngr try to retrieve and import the CRL from that @var{url} into it's cache. This is mainly useful for debugging purposes. The @command{dirmngr-client} provides the same feature for a running dirmngr. @@ -364,11 +364,11 @@ out. The default is currently 100 seconds. 0 will never timeout. @item --add-servers @opindex add-servers -This options makes dirmngr add any servers it discovers when validating +This option makes dirmngr add any servers it discovers when validating certificates against CRLs to the internal list of servers to consult for certificates and CRLs. -This options is useful when trying to validate a certificate that has +This option is useful when trying to validate a certificate that has a CRL distribution point that points to a server that is not already listed in the ldapserverlist. Dirmngr will always go to this server and try to download the CRL, but chances are high that the certificate used @@ -397,8 +397,8 @@ not contain information about an assigned responder. Note, that @item --ocsp-signer @var{fpr}|@var{file} @opindex ocsp-signer Use the certificate with the fingerprint @var{fpr} to check the -responses of the default OCSP Responder. Alternativly a filename can be -given in which case the respinse is expected to be signed by one of the +responses of the default OCSP Responder. Alternatively a filename can be +given in which case the response is expected to be signed by one of the certificates described in that file. Any argument which contains a slash, dot or tilde is considered a filename. Usual filename expansion takes place: A tilde at the start followed by a slash is replaced by the @@ -550,7 +550,7 @@ Here is a list of supported signals: @item SIGHUP @cpindex SIGHUP -This signals flushes all internally cached CRLs as well as any cached +This signal flushes all internally cached CRLs as well as any cached certificates. Then the certificate cache is reinitialized as on startup. Options are re-read from the configuration file. Instead of sending this signal it is better to use @@ -756,7 +756,7 @@ Only this answer will let Dirmngr consider the CRL as valid. Check whether the certificate with FINGERPRINT (SHA-1 hash of the entire X.509 certificate blob) is valid or not by consulting the CRL responsible for this certificate. If the fingerprint has not been -given or the certificate is not know, the function inquires the +given or the certificate is not known, the function inquires the certificate using: @example diff --git a/doc/glossary.texi b/doc/glossary.texi index 1c72e50..8c786a7 100644 --- a/doc/glossary.texi +++ b/doc/glossary.texi @@ -61,7 +61,7 @@ on a disk; the latter is often called a Soft-PSE. @item Shell model The standard model for validation of certificates under X.509. At the time of the verification all certificates must be valid and not expired. -See also @emph{Chain mode}. +See also @emph{Chain model}. @item X.509 diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 9eb38e0..30e1ae3 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -708,7 +708,7 @@ that key. The flag is automatically set if a new key was loaded into @code{gpg-agent} using the option @option{-c} of the @code{ssh-add} command. -The keygrip may be prefixed with a @code{!} to disable an entry entry. +The keygrip may be prefixed with a @code{!} to disable an entry. The following example lists exactly one key. Note that keys available through a OpenPGP smartcard in the active smartcard reader are @@ -939,7 +939,7 @@ Here is an example session: S: # session key follows S: S PADDING 0 S: D (value 1234567890ABCDEF0) - S: OK descryption successful + S: OK decryption successful @end smallexample @end cartouche @@ -951,7 +951,7 @@ that the padding has been removed. @node Agent PKSIGN @subsection Signing a Hash -The client ask the agent to sign a given hash value. A default key +The client asks the agent to sign a given hash value. A default key will be chosen if no key has been set. To set a key a client first uses: @@ -961,7 +961,7 @@ uses: This can be used multiple times to create multiple signature, the list of keys is reset with the next PKSIGN command or a RESET. The server -test whether the key is a valid key to sign something and responds with +tests whether the key is a valid key to sign something and responds with okay. @example @@ -993,7 +993,7 @@ The actual signing is done using PKSIGN @end example -Options are not yet defined, but my later be used to choose among +Options are not yet defined, but may later be used to choose among different algorithms. The agent does then some checks, asks for the passphrase and as a result the server returns the signature as an SPKI like S-expression in "D" lines: @@ -1113,7 +1113,7 @@ are to be used for this. There is no actual need because we can expect that secret keys created by a 3rd party are stored on a smartcard. If we have -generated the key ourself, we do not need to import it. +generated the key ourselves, we do not need to import it. @node Agent EXPORT @subsection Export a Secret Key @@ -1292,7 +1292,7 @@ passphrase will be retrieved from the pinentry module unless the retrieved from the client. The @var{timeout} parameter keeps the passphrase cached for the specified -number of seconds. A value of @code{-1} means infinate while @code{0} means +number of seconds. A value of @code{-1} means infinite while @code{0} means the default (currently only a timeout of -1 is allowed, which means to never expire it). @@ -1342,7 +1342,7 @@ least one of the keygrips corresponds to an available secret key. @end example This command is used to register a smartcard. With the --send -option given the certificates are send back. +option given the certificates are sent back. @node Agent PASSWD diff --git a/doc/gpg.texi b/doc/gpg.texi index 64fa60b..75123fe 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -284,7 +284,7 @@ Avoid using the output of this command in scripts or other programs as it is likely to change as GnuPG changes. See @option{--with-colons} for a machine-parseable key listing command that is appropriate for use in scripts and other programs. Never use the regular output for -scripts - it is only for human consumption. +scripts --- it is only for human consumption. @item --list-secret-keys @itemx -K @@ -379,7 +379,7 @@ safeguard against accidental deletion of multiple keys. @item --delete-secret-keys @code{name} @opindex delete-secret-keys -gRemove key from the secret keyring. In batch mode the key must be +Remove key from the secret keyring. In batch mode the key must be specified by fingerprint. The option @option{--yes} can be used to advice gpg-agent not to request a confirmation. This extra pre-caution is done because @command{gpg} can't be sure that the @@ -420,7 +420,7 @@ exported keys are written to STDOUT or to the file given with option @option{--armor} to allow easy printing of the key for paper backup; however the external tool @command{paperkey} does a better job for creating backups on paper. Note that exporting a secret key can be a -security risk if the exported keys are send over an insecure channel. +security risk if the exported keys are sent over an insecure channel. The second form of the command has the special property to render the secret part of the primary key useless; this is a GNU extension to @@ -533,7 +533,7 @@ corrupted trustdb. Example: Update the trustdb with the ownertrust values stored in @code{files} (or STDIN if not given); existing values will be overwritten. In case of a severely damaged trustdb and if you have a recent backup of the -ownertrust values (e.g. in the file @file{otrust.txt}, you may re-create +ownertrust values (e.g. in the file @file{otrust.txt}), you may re-create the trustdb using these commands: @c man:.RS @example @@ -1082,7 +1082,7 @@ behaviour and to change the default configuration. * GPG Input and Output:: Input and Output. * OpenPGP Options:: OpenPGP protocol specific options. * Compliance Options:: Compliance options. -* GPG Esoteric Options:: Doing things one usually don't want to do. +* GPG Esoteric Options:: Doing things one usually doesn't want to do. * Deprecated Options:: Deprecated options. @end menu @@ -1808,7 +1808,7 @@ are available for all keyserver types, some common options are: @option{--recv-keys} command as a whole. Defaults to 30 seconds. @item http-proxy=@code{value} - This options is deprecated. + This option is deprecated. Set the proxy to use for HTTP and HKP keyservers. This overrides any proxy defined in @file{dirmngr.conf}. @@ -2174,7 +2174,7 @@ stop by the OS limits. Defaults to 0, which means "no limit". @opindex input-size-hint This option can be used to tell GPG the size of the input data in bytes. @var{n} must be a positive base-10 number. This option is -only useful if the input is not taken from a file. GPG may use thos +only useful if the input is not taken from a file. GPG may use this hint to optimize its buffer allocation strategy. It is also used by the @option{--status-fd} line ``PROGRESS'' to provide a value for ``total'' if that is not available by other means. @@ -3171,7 +3171,7 @@ workaround! @item --enable-special-filenames @opindex enable-special-filenames -This options enables a mode in which filenames of the form +This option enables a mode in which filenames of the form @file{-&n}, where n is a non-negative decimal number, refer to the file descriptor n and not to a file with that name. @@ -3324,7 +3324,7 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/pubring.kbx @efindex pubring.kbx - The public keyring using a different format. This file is sharred + The public keyring using a different format. This file is shared with @command{gpgsm}. You should backup this file. @item ~/.gnupg/pubring.kbx.lock @@ -3804,7 +3804,7 @@ can be handled. See also @samp{Key-Type} above. @item Subkey-Length: @var{nbits} Length of the secondary key (subkey) in bits. The default is returned -by running the command @samp{@gpgname --gpgconf-list}". +by running the command @samp{@gpgname --gpgconf-list}. @item Subkey-Usage: @var{usage-list} Key usage lists for a subkey; similar to @samp{Key-Usage}. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index c632ce7..74add01 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -108,7 +108,7 @@ abbreviate this command. @table @gnupgtabopt @item --encrypt @opindex encrypt -Perform an encryption. The keys the data is encrypted too must be set +Perform an encryption. The keys the data is encrypted to must be set using the option @option{--recipient}. @item --decrypt @@ -136,7 +136,7 @@ Run in server mode and wait for commands on the @code{stdin}. Behave as a Dirmngr client issuing the request @var{command} with the optional list of @var{args}. The output of the Dirmngr is printed stdout. Please note that file names given as arguments should have an -absolute file name (i.e. commencing with @code{/} because they are +absolute file name (i.e. commencing with @code{/}) because they are passed verbatim to the Dirmngr and the working directory of the Dirmngr might not be the same as the one of this client. Currently it is not possible to pass data via stdin to the Dirmngr. @var{command} @@ -835,7 +835,7 @@ signatures in the same way as handwritten signatures are. Comments start with a hash mark and empty lines are ignored. Lines do have a length limit but this is not a serious limitation as the format of the entries is fixed and checked by gpgsm: A non-comment line starts with -optional whitespace, followed by exactly 40 hex character, white space +optional whitespace, followed by exactly 40 hex characters, white space and a lowercased 2 letter country code. Additional data delimited with by a white space is current ignored but might late be used for other purposes. @@ -988,7 +988,7 @@ these status codes: @item The signature is invalid This means that the signature verification failed (this is an indication -of af a transfer error, a program error or tampering with the message). +of a transfer error, a program error or tampering with the message). @command{gpgsm} issues one of these status codes sequences: @table @code @item @code{BADSIG} @@ -1075,7 +1075,7 @@ parameter. The only supported value for @var{algo} is @samp{rsa}. The requested length of a generated key in bits. Defaults to 2048. @item Key-Grip: @var{hexstring} -This is optional and used to generate a CSR or certificatet for an +This is optional and used to generate a CSR or certificate for an already existing key. Key-Length will be ignored when given. @item Key-Usage: @var{usage-list} @@ -1227,7 +1227,7 @@ correct. Set the file descriptor to be used for the output (i.e. the encrypted message). Obviously the pipe must be open at that point, the server -establishes its own end. If the server returns an error he client +establishes its own end. If the server returns an error the client should consider this session failed. The option armor encodes the output in @acronym{PEM} format, the @@ -1309,7 +1309,7 @@ possible to use the command SIGNER @var{userID} @end example -to the signer's key. @var{userID} should be the +to set the signer's key. @var{userID} should be the internal representation of the key; the server may accept any other way of specification. If this is a valid and trusted recipient the server does respond with OK, otherwise the return is an ERR with the reason why @@ -1318,13 +1318,13 @@ this key. If the policy is not to sign at all if not all keys are valid, the client has to take care of this. All @code{SIGNER} commands are cumulative until a @code{RESET} is done. Note that a @code{SIGN} does not reset this list of signers which is in -contrats to the @code{RECIPIENT} command. +contrast to the @code{RECIPIENT} command. @node GPGSM VERIFY @subsection Verifying a Message -To verify a mesage the command: +To verify a message the command: @example VERIFY @@ -1387,7 +1387,7 @@ in turn this requires that the usual escape quoting rules are done. Lists only the keys where a secret key is available. -The list commands commands are affected by the option +The list commands are affected by the option @example OPTION list-mode=@var{mode} diff --git a/doc/instguide.texi b/doc/instguide.texi index 99b8696..7ac6925 100644 --- a/doc/instguide.texi +++ b/doc/instguide.texi @@ -12,7 +12,7 @@ release without that guide. The chapter on gpg-agent and gpgsm do include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the -gnupg-users mailing listsfor advise on how to solve problems or how to +gnupg-users mailing list for advise on how to solve problems or how to get that whole thing up and running. ** Building the software diff --git a/doc/opt-homedir.texi b/doc/opt-homedir.texi index e1ce077..07993d2 100644 --- a/doc/opt-homedir.texi +++ b/doc/opt-homedir.texi @@ -16,8 +16,8 @@ considered, all other ways to set a home directory are ignored. @efindex gpgconf.ctl To install GnuPG as a portable application under Windows, create an -empty file name @file{gpgconf.ctl} in the same directory as the tool - at file{gpgconf.exe}. The root of the installation is than that +empty file named @file{gpgconf.ctl} in the same directory as the tool + at file{gpgconf.exe}. The root of the installation is then that directory; or, if @file{gpgconf.exe} has been installed directly below a directory named @file{bin}, its parent directory. You also need to make sure that the following directories exist and are writable: diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 85a80f0..0932380 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -81,7 +81,7 @@ abbreviate this command. @item --server @opindex server -Run in server mode and wait for commands on the @code{stdin}. This is +Run in server mode and wait for commands on the @code{stdin}. The default mode is to create a socket and listen for commands there. @item --multi-server @@ -213,7 +213,7 @@ insertions. @opindex debug-allow-core-dump For security reasons we won't create a core dump when the process aborts. For debugging purposes it is sometimes better to allow core -dump. This options enables it and also changes the working directory to +dump. This option enables it and also changes the working directory to @file{/tmp} when running in @option{--server} mode. @item --debug-log-tid @@ -390,7 +390,7 @@ comes with almost all German banking cards. @node SmartCard-HSM @subsection The SmartCard-HSM card application ``sc-hsm'' -This application adds read/only support for keys and certificates +This application adds read-only support for keys and certificates stored on a @uref{http://www.smartcard-hsm.com, SmartCard-HSM}. To generate keys and store certifiates you may use @@ -433,12 +433,12 @@ name may be changed on the command line (@pxref{option --options}). @item scd-event @cindex scd-event -If this file is present and executable, it will be called on veyer card -reader's status changed. An example of this script is provided with the +If this file is present and executable, it will be called on every card +reader's status change. An example of this script is provided with the distribution @item reader_ at var{n}.status -This file is created by @command{sdaemon} to let other applications now +This file is created by @command{scdaemon} to let other applications now about reader status changes. Its use is now deprecated in favor of @file{scd-event}. @@ -469,7 +469,7 @@ $ scdaemon --server -v The SC-Daemon should be started by the system to provide access to external tokens. Using Smartcards on a multi-user system does not -make much sense expect for system services, but in this case no +make much sense except for system services, but in this case no regular user accounts are hosted on the machine. A client connects to the SC-Daemon by connecting to the socket named @@ -490,7 +490,7 @@ synchronizing access to a token between sessions. * Scdaemon SETATTR:: Update an attribute's value. * Scdaemon WRITEKEY:: Write a key to a card. * Scdaemon GENKEY:: Generate a new key on-card. -* Scdaemon RANDOM:: Return random bytes generate on-card. +* Scdaemon RANDOM:: Return random bytes generated on-card. * Scdaemon PASSWD:: Change PINs. * Scdaemon CHECKPIN:: Perform a VERIFY operation. * Scdaemon RESTART:: Restart connection @@ -561,7 +561,7 @@ returned in @var{hexstring_with_keygrip}. This function is used to read a certificate identified by @var{hexified_certid} from the card. With OpenPGP cards the keyid - at code{OpenPGP.3} may be used to rad the certificate of version 2 cards. + at code{OpenPGP.3} may be used to read the certificate of version 2 cards. @node Scdaemon READKEY @@ -622,7 +622,7 @@ using the command where @var{keyid} is the hexified ID of the key to be used. -If the card is ware of the apdding format a status line with padding +If the card is aware of the apdding format a status line with padding information is send before the plaintext data. The key for this status line is @code{PADDING} with the only defined value being 0 and meaning padding has been removed. diff --git a/doc/specify-user-id.texi b/doc/specify-user-id.texi index c49edad..d973379 100644 --- a/doc/specify-user-id.texi +++ b/doc/specify-user-id.texi @@ -99,7 +99,7 @@ This uses a substring search but considers only the mail address @item By exact match on the subject's DN. This is indicated by a leading slash, directly followed by the RFC-2253 encoded DN of the subject. Note that you can't use the string printed -by "gpgsm --list-keys" because that one as been reordered and modified +by "gpgsm --list-keys" because that one has been reordered and modified for better readability; use --with-colons to print the raw (but standard escaped) RFC-2253 string diff --git a/doc/tools.texi b/doc/tools.texi index 18f5d77..9fc735e 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -166,7 +166,7 @@ name for remote debugging. If GnuPG is installed on a system with existing user accounts, it is sometimes required to populate the GnuPG home directory with existing files. Especially a @file{trustlist.txt} and a keybox with some -initial certificates are often desired. This scripts help to do this +initial certificates are often desired. This script helps to do this by copying all files from @file{/etc/skel/.gnupg} to the home directories of the accounts given on the command line. It takes care not to overwrite existing GnuPG home directories. @@ -246,7 +246,7 @@ throughout this section. * Invoking gpgconf:: List of all commands and options. * Format conventions:: Formatting conventions relevant for all commands. * Listing components:: List all gpgconf components. -* Checking programs:: Check all programs know to gpgconf. +* Checking programs:: Check all programs known to gpgconf. * Listing options:: List all options of a component. * Changing options:: Changing options of a component. * Listing global options:: List all global options. @@ -507,7 +507,7 @@ the locale environment of the @command{gpgconf} program. The command @code{--list-components} will list all components that can be configured with @command{gpgconf}. Usually, one component will correspond to one GnuPG-related program and contain the options of -that programs configuration file that can be modified using +that program's configuration file that can be modified using @command{gpgconf}. However, this is not necessarily the case. A component might also be a group of selected options from several programs, or contain entirely virtual options that have a special @@ -1208,7 +1208,7 @@ be used to directly connect to any Assuan style socket server. @itemx --exec @opindex exec Take the rest of the command line as a program and it's arguments and -execute it as an assuan server. Here is how you would run @command{gpgsm}: +execute it as an Assuan server. Here is how you would run @command{gpgsm}: @smallexample gpg-connect-agent --exec gpgsm --server @end smallexample @@ -1217,7 +1217,7 @@ Note that you may not use options on the command line in this case. @item --no-ext-connect @opindex no-ext-connect When using @option{-S} or @option{--exec}, @command{gpg-connect-agent} -connects to the assuan server in extended mode to allow descriptor +connects to the Assuan server in extended mode to allow descriptor passing. This option makes it use the old mode. @item --no-autostart @@ -1566,7 +1566,7 @@ Do the check using the OCSP protocol and ignore any CRLs. @item --force-default-responder @opindex force-default-responder -When checking using the OCSP protocl, force the use of the default OCSP +When checking using the OCSP protocol, force the use of the default OCSP responder. That is not to use the Reponder as given by the certificate. @item --ping ----------------------------------------------------------------------- Summary of changes: doc/debugging.texi | 6 +++--- doc/dirmngr.texi | 16 ++++++++-------- doc/glossary.texi | 2 +- doc/gpg-agent.texi | 18 +++++++++--------- doc/gpg.texi | 22 +++++++++++----------- doc/gpgsm.texi | 22 +++++++++++----------- doc/instguide.texi | 2 +- doc/opt-homedir.texi | 4 ++-- doc/scdaemon.texi | 26 +++++++++++++------------- doc/specify-user-id.texi | 2 +- doc/tools.texi | 14 +++++++------- 11 files changed, 67 insertions(+), 67 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 03:15:37 2016 From: cvs at cvs.gnupg.org (by Ineiev) Date: Tue, 20 Sep 2016 03:15:37 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-142-gf32689f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f32689f833838a742243e94c900e98f5b59a5811 (commit) from 20a27d8a57c4c990fcada4278a1ce2e6fc9043e9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f32689f833838a742243e94c900e98f5b59a5811 Author: Ineiev Date: Fri Mar 4 15:51:22 2016 +0000 doc: Use the right reference commands. * doc/debugging.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/tools.texi: Fix. diff --git a/doc/debugging.texi b/doc/debugging.texi index 5d7aa93..87625d7 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -108,10 +108,10 @@ backend and may change from release to release. For development, the best logging method on WindowsCE is the use of remote debugging using a log file name of @file{tcp://:}. The command @command{watchgnupg} may be used on the remote host to listen -on the given port. (@pxref{option watchgnupg --tcp}). For in the field +on the given port (@pxref{option watchgnupg --tcp}). For in the field tests it is better to make use of the logging facility provided by the @command{gpgcedev} driver (part of libassuan); this is enabled by using -a log file name of @file{GPG2:}. (@pxref{option --log-file}). +a log file name of @file{GPG2:} (@pxref{option --log-file}). @end itemize diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 16e86bc..b99dc5f 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -661,7 +661,7 @@ trustworthy enough into this file. Places where to look for the fingerprint of a root certificate are letters received from the CA or the website of the CA (after making 100% sure that this is indeed the website of that CA). You may want to consider disallowing interactive -updates of this file by using the @xref{option --no-allow-mark-trusted}. +updates of this file by using the @ref{option --no-allow-mark-trusted}. It might even be advisable to change the permissions to read-only so that this file can't be changed inadvertently. @@ -1476,8 +1476,7 @@ following values are defined: Use a loopback pinentry. This fakes a pinentry by using inquiries back to the caller to ask for a passphrase. This option may only be set if the agent has been configured for that. - To disable this feature use @xref{option --no-allow-loopback-pinentry}. - + To disable this feature use @ref{option --no-allow-loopback-pinentry}. @end table @item cache-ttl-opt-preset diff --git a/doc/gpg.texi b/doc/gpg.texi index 3bba11d..c40a20f 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1843,7 +1843,7 @@ key signer (defaults to 3) @item --tofu-default-policy @code{auto|good|unknown|bad|ask} @opindex tofu-default-policy The default TOFU policy (defaults to @code{auto}). For more -information about the meaning of this option, @xref{trust-model-tofu}. +information about the meaning of this option, @pxref{trust-model-tofu}. @item --max-cert-depth @code{n} @opindex max-cert-depth diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 202631a..4e67d75 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -258,7 +258,7 @@ Export the private key and the certificate identified by @var{key-id} in a PKCS#12 format. When used with the @code{--armor} option a few informational lines are prepended to the output. Note, that the PKCS#12 format is not very secure and this command is only provided if there is -no other way to exchange the private key. (@pxref{option --p12-charset}) +no other way to exchange the private key. (@xref{option --p12-charset}) @item --export-secret-key-p8 @var{key-id} @itemx --export-secret-key-raw @var{key-id} @@ -1588,15 +1588,15 @@ are marked by the list commands. @item validation-model This option overrides the command line option @option{validation-model} for the session. -(@pxref{gpgsm-option --validation-model}.) +(@xref{gpgsm-option --validation-model}.) @item with-key-data This option globally enables the command line option - at option{--with-key-data}. (@pxref{gpgsm-option --with-key-data}.) + at option{--with-key-data}. (@xref{gpgsm-option --with-key-data}.) @item enable-audit-log If @var{value} is true data to write an audit log is gathered. -(@pxref{gpgsm-cmd getauditlog}.) +(@xref{gpgsm-cmd getauditlog}.) @item allow-pinentry-notify If this option is used notifications about the launch of a Pinentry diff --git a/doc/tools.texi b/doc/tools.texi index 4427ffe..d6e130f 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -811,7 +811,7 @@ case a short name is not known. @item default This field is defined only for options for which the @code{default} or @code{default desc} flag is set. If the @code{default} flag is set, -its format is that of an @emph{option argument} (@xref{Format +its format is that of an @emph{option argument} (@pxref{Format conventions}, for details). If the default value is empty, then no default is known. Otherwise, the value specifies the default value for this option. If the @code{default desc} flag is set, the field is @@ -821,7 +821,7 @@ not given. @item argdef This field is defined only for options for which the @code{optional arg} flag is set. If the @code{no arg desc} flag is not set, its -format is that of an @emph{option argument} (@xref{Format +format is that of an @emph{option argument} (@pxref{Format conventions}, for details). If the default value is empty, then no default is known. Otherwise, the value specifies the default argument for this option. If the @code{no arg desc} flag is set, the field is ----------------------------------------------------------------------- Summary of changes: doc/debugging.texi | 4 ++-- doc/gpg-agent.texi | 5 ++--- doc/gpg.texi | 2 +- doc/gpgsm.texi | 8 ++++---- doc/tools.texi | 4 ++-- 5 files changed, 11 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 04:08:07 2016 From: cvs at cvs.gnupg.org (by Ineiev) Date: Tue, 20 Sep 2016 04:08:07 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-148-g3776242 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 377624207e9b2895ce00dfc4d1163d72f349841f (commit) via 9d2b7bff12b268638465da222ca7cc9042bba072 (commit) via 789916281c25e737d8fb44add5ca61f8fd25de2f (commit) via 00d6d8bc8772e48b6f200d359e11eb93ab65f51f (commit) via f25e04005af5831053ba194a09e3afa48d1e162b (commit) via 825c1dfb3ee4c1704f42eaf064161b9731c20134 (commit) from f32689f833838a742243e94c900e98f5b59a5811 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 377624207e9b2895ce00dfc4d1163d72f349841f Author: Ineiev Date: Fri Mar 4 16:38:09 2016 +0000 doc: Improve markup. * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/howto-create-a-server-cert.texi, doc/scdaemon.texi, doc/specify-user-id.texi, doc/tools.texi: Fix. diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 8176b37..c24d935 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -1341,7 +1341,7 @@ least one of the keygrips corresponds to an available secret key. LEARN [--send] @end example -This command is used to register a smartcard. With the --send +This command is used to register a smartcard. With the @option{--send} option given the certificates are sent back. diff --git a/doc/gpg.texi b/doc/gpg.texi index 59ea4fc..c141ec6 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -723,12 +723,12 @@ line. @item sign @opindex keyedit:sign - Make a signature on key of user @code{name} If the key is not yet - signed by the default user (or the users given with -u), the program + Make a signature on key of user @code{name}. If the key is not yet + signed by the default user (or the users given with @option{-u}), the program displays the information of the key again, together with its fingerprint and asks whether it should be signed. This question is repeated for all users specified with - -u. + @option{-u}. @item lsign @opindex keyedit:lsign @@ -2598,7 +2598,7 @@ Set up all options to be as PGP 6 compliant as possible. This restricts you to the ciphers IDEA (if the IDEA plugin is installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the compression algorithms none and ZIP. This also disables ---throw-keyids, and making signatures with signing subkeys as PGP 6 + at option{--throw-keyids}, and making signatures with signing subkeys as PGP 6 does not understand signatures made by signing subkeys. This option implies @option{--disable-mdc --escape-from-lines}. @@ -2815,7 +2815,7 @@ The same %-expandos used for notation data are available here as well. @opindex set-filename Use @code{string} as the filename which is stored inside messages. This overrides the default, which is to use the actual filename of the -file being encrypted. Using the empty string for @var{string} +file being encrypted. Using the empty string for @code{string} effectively removes the filename from the output. @item --for-your-eyes-only diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index f334c99..deb57a6 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -569,7 +569,7 @@ When doing a key listing, do a full validation check for each key and print the result. This is usually a slow operation because it requires a CRL lookup and other operations. -When used along with --import, a validation of the certificate to +When used along with @option{--import}, a validation of the certificate to import is done and only imported if it succeeds the test. Note that this does not affect an already available certificate in the DB. This option is therefore useful to simply verify a certificate. @@ -581,7 +581,7 @@ certificate. @item --with-keygrip Include the keygrip in standard key listings. Note that the keygrip is -always listed in --with-colons mode. +always listed in @option{--with-colons} mode. @item --with-secret @opindex with-secret @@ -834,7 +834,7 @@ They are defined as certificates capable of creating legally binding signatures in the same way as handwritten signatures are. Comments start with a hash mark and empty lines are ignored. Lines do have a length limit but this is not a serious limitation as the format of the -entries is fixed and checked by gpgsm: A non-comment line starts with +entries is fixed and checked by @command{gpgsm}: A non-comment line starts with optional whitespace, followed by exactly 40 hex characters, white space and a lowercased 2 letter country code. Additional data delimited with by a white space is current ignored but might late be used for other @@ -893,7 +893,7 @@ into the directory @file{/etc/skel/.gnupg/} so that newly created users start up with a working configuration. For existing users a small helper script is provided to create these files (@pxref{addgnupghome}). -For internal purposes gpgsm creates and maintains a few other files; +For internal purposes @command{gpgsm} creates and maintains a few other files; they all live in in the current home directory (@pxref{option --homedir}). Only @command{gpgsm} may modify these files. @@ -1230,8 +1230,8 @@ message). Obviously the pipe must be open at that point, the server establishes its own end. If the server returns an error the client should consider this session failed. -The option armor encodes the output in @acronym{PEM} format, the - at code{--base64} option applies just a base 64 encoding. No option +The option @option{--armor} encodes the output in @acronym{PEM} format, the + at option{--base64} option applies just a base-64 encoding. No option creates binary output (@acronym{BER}). The actual encryption is done using the command @@ -1257,7 +1257,7 @@ closed. @subsection Decrypting a message Input and output FDs are set the same way as in encryption, but - at code{INPUT} refers to the ciphertext and output to the plaintext. There + at code{INPUT} refers to the ciphertext and @code{OUTPUT} to the plaintext. There is no need to set recipients. @command{GPGSM} automatically strips any @acronym{S/MIME} headers from the input, so it is valid to pass an entire MIME part to the INPUT pipe. @@ -1297,8 +1297,8 @@ requested, only the signature is written. SIGN [--detached] @end example -Sign the data set with the INPUT command and write it to the sink set by -OUTPUT. With @code{--detached}, a detached signature is created +Sign the data set with the @code{INPUT} command and write it to the sink set by + at code{OUTPUT}. With @code{--detached}, a detached signature is created (surprise). The key used for signing is the default one or the one specified in @@ -1422,14 +1422,14 @@ required: Spaces are to be translated into "+" or into "%20"; in turn this requires that the usual escape quoting rules are done. If the @option{--data} option has not been given, the format of the -output depends on what was set with the OUTPUT command. When using +output depends on what was set with the @code{OUTPUT} command. When using @acronym{PEM} encoding a few informational lines are prepended. -If the @option{--data} has been given, a target set via OUTPUT is +If the @option{--data} has been given, a target set via @code{OUTPUT} is ignored and the data is returned inline using standard @code{D}-lines. This avoids the need for an extra file descriptor. In this case the options @option{--armor} and @option{--base64} may be used -in the same way as with the OUTPUT command. +in the same way as with the @code{OUTPUT} command. @node GPGSM IMPORT @@ -1479,7 +1479,7 @@ GETAUDITLOG [--data] [--html] @end example If @option{--data} is used, the audit log is send using D-lines -instead of being sent to the file descriptor given by an OUTPUT +instead of being sent to the file descriptor given by an @code{OUTPUT} command. If @option{--html} is used, the output is formatted as an XHTML block. This is designed to be incorporated into a HTML document. @@ -1570,7 +1570,7 @@ signers certicate and all other positive values include up to @item list-to-output If @var{value} is true the output of the list commands (@pxref{gpgsm-cmd listkeys}) is written to the file descriptor set -with the last OUTPUT command. If @var{value} is false the output is +with the last @code{OUTPUT} command. If @var{value} is false the output is written via data lines; this is the default. @item with-validation diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi index 37cb118..ea0ce71 100644 --- a/doc/howto-create-a-server-cert.texi +++ b/doc/howto-create-a-server-cert.texi @@ -206,7 +206,7 @@ followed by a Ctrl-D @end example @end cartouche -gpgsm tells you that it has imported the certificate. It is now + at command{gpgsm} tells you that it has imported the certificate. It is now associated with the key you used when creating the request. The root certificate has not been found, so you may want to import it from the CACert website. diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 84c37f8..ddf18db 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -533,7 +533,7 @@ the @code{0x5A} tag in the GDO file (FIX=0x2F02). @end example Learn all useful information of the currently inserted card. When -used without the force options, the command might do an INQUIRE +used without the @option{--force} option, the command might do an INQUIRE like this: @example diff --git a/doc/specify-user-id.texi b/doc/specify-user-id.texi index cd32ab8..3a2b6a2 100644 --- a/doc/specify-user-id.texi +++ b/doc/specify-user-id.texi @@ -99,9 +99,9 @@ This uses a substring search but considers only the mail address @item By exact match on the subject's DN. This is indicated by a leading slash, directly followed by the RFC-2253 encoded DN of the subject. Note that you can't use the string printed -by "gpgsm --list-keys" because that one has been reordered and modified -for better readability; use --with-colons to print the raw (but standard -escaped) RFC-2253 string +by @code{gpgsm --list-keys} because that one has been reordered and modified +for better readability; use @option{--with-colons} to print the raw +(but standard escaped) RFC-2253 string @cartouche @example diff --git a/doc/tools.texi b/doc/tools.texi index b1c3a18..f213bfe 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -319,9 +319,9 @@ may use this command to ensure that they are started. @item --kill [@var{component}] @opindex kill Kill the given component. Components which support killing are -gpg-agent and scdaemon. Components which don't support reloading are -ignored. Note that as of now reload and kill have the same effect for -scdaemon. + at command{gpg-agent} and @command{scdaemon}. Components which don't +support reloading are ignored. Note that as of now reload and kill +have the same effect for @command{scdaemon}. @item --create-socketdir @opindex create-socketdir @@ -699,9 +699,9 @@ If this flag is set, and the @code{optional arg} flag is set, then the option has a special meaning if no argument is given. @item no change (128) -If this flag is set, gpgconf ignores requests to change the value. GUI -frontends should grey out this option. Note, that manual changes of the -configuration files are still possible. +If this flag is set, @command{gpgconf} ignores requests to change the +value. GUI frontends should grey out this option. Note, that manual +changes of the configuration files are still possible. @end table @item level @@ -1137,9 +1137,9 @@ for other users. @mansect description The @command{gpg-connect-agent} is a utility to communicate with a running @command{gpg-agent}. It is useful to check out the commands -gpg-agent provides using the Assuan interface. It might also be useful -for scripting simple applications. Input is expected at stdin and out -put gets printed to stdout. + at command{gpg-agent} provides using the Assuan interface. It might +also be useful for scripting simple applications. Input is expected +at stdin and out put gets printed to stdout. It is very similar to running @command{gpg-agent} in server mode; but here we connect to a running instance. @@ -1673,14 +1673,15 @@ debugging. Run it with @code{--help} for usage information. @end ifset @mansect description -Sometimes simple encryption tools are already in use for a long time and -there might be a desire to integrate them into the GnuPG framework. The -protocols and encryption methods might be non-standard or not even -properly documented, so that a full-fledged encryption tool with an -interface like gpg is not doable. @command{symcryptrun} provides a -solution: It operates by calling the external encryption/decryption -module and provides a passphrase for a key using the standard - at command{pinentry} based mechanism through @command{gpg-agent}. +Sometimes simple encryption tools are already in use for a long time +and there might be a desire to integrate them into the GnuPG +framework. The protocols and encryption methods might be non-standard +or not even properly documented, so that a full-fledged encryption +tool with an interface like @command{gpg} is not doable. + at command{symcryptrun} provides a solution: It operates by calling the +external encryption/decryption module and provides a passphrase for a +key using the standard @command{pinentry} based mechanism through + at command{gpg-agent}. Note, that @command{symcryptrun} is only available if GnuPG has been configured with @samp{--enable-symcryptrun} at build time. commit 9d2b7bff12b268638465da222ca7cc9042bba072 Author: Ineiev Date: Fri Mar 4 16:34:23 2016 +0000 doc: Replace rfc0123 with RFC-0123. * doc/gpg.texi, doc/gpgsm.texi, doc/specify-user-id.texi: Fix. diff --git a/doc/gpg.texi b/doc/gpg.texi index 97387ab..59ea4fc 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1429,7 +1429,7 @@ Valid values for @code{name} are: @item koi8-r @opindex display-charset:koi8-r - The usual Russian set (rfc1489). + The usual Russian set (RFC-1489). @item utf-8 @opindex display-charset:utf-8 @@ -1656,7 +1656,7 @@ mechanisms, in the order they are to be tried: @table @asis @item cert - Locate a key using DNS CERT, as specified in rfc4398. + Locate a key using DNS CERT, as specified in RFC-4398. @item pka Locate a key using DNS PKA. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 24a5590..f334c99 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -1114,7 +1114,7 @@ integer of arbitrary length. The special value @samp{random} can be used to create a 64 bit random serial number. @item Issuer-DN: @var{issuer-name} -This is the DN name of the issuer in rfc2253 format. If it is not set +This is the DN name of the issuer in RFC-2253 format. If it is not set it will default to the subject DN and a special GnuPG extension will be included in the certificate to mark it as a standalone certificate. diff --git a/doc/specify-user-id.texi b/doc/specify-user-id.texi index d973379..cd32ab8 100644 --- a/doc/specify-user-id.texi +++ b/doc/specify-user-id.texi @@ -111,7 +111,7 @@ escaped) RFC-2253 string @item By exact match on the issuer's DN. This is indicated by a leading hash mark, directly followed by a slash -and then directly followed by the rfc2253 encoded DN of the issuer. +and then directly followed by the RFC-2253 encoded DN of the issuer. This should return the Root cert of the issuer. See note above. @cartouche commit 789916281c25e737d8fb44add5ca61f8fd25de2f Author: Ineiev Date: Fri Mar 4 16:30:30 2016 +0000 doc: Add missing description of datafile. * doc/gpg.texi: Fix. diff --git a/doc/gpg.texi b/doc/gpg.texi index 71c45eb..97387ab 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3442,11 +3442,11 @@ show keys show fingerprint @item gpg --verify @code{pgpfile} - at itemx gpg --verify @code{sigfile} + at itemx gpg --verify @code{sigfile} [@code{datafile}] Verify the signature of the file but do not output the data unless -requested. The second form is used for detached signatures, where +requested. The second form is used for detached signatures, where @code{sigfile} is the detached signature (either ASCII armored or -binary) and are the signed data; if this is not given, the name of the +binary) and @code{datafile} are the signed data; if this is not given, the name of the file holding the signed data is constructed by cutting off the extension (".asc" or ".sig") of @code{sigfile} or by asking the user for the filename. If the option @option{--output} is also used the commit 00d6d8bc8772e48b6f200d359e11eb93ab65f51f Author: Ineiev Date: Fri Mar 4 16:29:37 2016 +0000 doc: Replace UTF8 with UTF-8. * doc/gpg.texi: Fix. diff --git a/doc/gpg.texi b/doc/gpg.texi index a9ee6ac..71c45eb 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1440,7 +1440,7 @@ Valid values for @code{name} are: @item --utf8-strings @itemx --no-utf8-strings @opindex utf8-strings -Assume that command line arguments are given as UTF8 strings. The +Assume that command line arguments are given as UTF-8 strings. The default (@option{--no-utf8-strings}) is to assume that arguments are encoded in the character set as specified by @option{--display-charset}. These options affect all following @@ -2770,7 +2770,7 @@ must contain a '@@' character in the form keyname@@domain.example.com is to help prevent pollution of the IETF reserved notation namespace. The @option{--expert} flag overrides the '@@' check. @code{value} may be any printable string; it will be encoded in -UTF8, so you should check that your @option{--display-charset} is set +UTF-8, so you should check that your @option{--display-charset} is set correctly. If you prefix @code{name} with an exclamation mark (!), the notation data will be flagged as critical (rfc4880:5.2.3.16). @option{--sig-notation} sets a notation for data commit f25e04005af5831053ba194a09e3afa48d1e162b Author: Ineiev Date: Fri Mar 4 16:27:21 2016 +0000 doc: Fix mistakes. * doc/dirmngr.texi, doc/gpg.texi, doc/gpgsm.texi, doc/howto-create-a-server-cert.texi, doc/scdaemon.texi, doc/tools.texi: Fix. diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 0f37cc4..12ce630 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -419,7 +419,7 @@ prefix with a hash mark are ignored. @item --ocsp-max-clock-skew @var{n} @opindex ocsp-max-clock-skew The number of seconds a skew between the OCSP responder and them local -clock is accepted. Default is 600 (20 minutes). +clock is accepted. Default is 600 (10 minutes). @item --ocsp-max-period @var{n} @opindex ocsp-max-period @@ -747,7 +747,7 @@ this the root certificate: C: END @end example -Only this answer will let Dirmngr consider the CRL as valid. +Only this answer will let Dirmngr consider the certificate as valid. @node Dirmngr CHECKCRL diff --git a/doc/gpg.texi b/doc/gpg.texi index c40a20f..a9ee6ac 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -193,7 +193,7 @@ Make a detached signature. @item --encrypt @itemx -e @opindex encrypt -Encrypt data. This option may be combined with @option{--sign} (for a +Encrypt data. This command may be combined with @option{--sign} (for a signed and encrypted message), @option{--symmetric} (for a message that may be decrypted via a secret key or a passphrase), or @option{--sign} and @option{--symmetric} together (for a signed message that may be @@ -204,7 +204,7 @@ decrypted via a secret key or a passphrase). @opindex symmetric Encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is @value{GPGSYMENCALGO}, but may be chosen with the - at option{--cipher-algo} option. This option may be combined with + at option{--cipher-algo} option. This command may be combined with @option{--sign} (for a signed and symmetrically encrypted message), @option{--encrypt} (for a message that may be decrypted via a secret key or a passphrase), or @option{--sign} and @option{--encrypt} together @@ -957,7 +957,7 @@ signing. currently have them. Cross-certification signatures protect against a subtle attack against signing subkeys. See @option{--require-cross-certification}. All new keys generated have - this signature by default, so this option is only useful to bring + this signature by default, so this command is only useful to bring older keys up to date. @item save @@ -1594,7 +1594,7 @@ Set what trust model GnuPG should follow. The models are: keys and email addresses (which are extracted from user ids and normalized). There are five policies, which can be set manually using the @option{--tofu-policy} option. The default policy can be - set using the @option{--tofu-default-policy} policy. + set using the @option{--tofu-default-policy} option. The TOFU policies are: @code{auto}, @code{good}, @code{unknown}, @code{bad} and @code{ask}. The @code{auto} policy is used by @@ -2637,7 +2637,7 @@ Don't make any changes (this is not completely implemented). @item --list-only @opindex list-only Changes the behaviour of some commands. This is like @option{--dry-run} but -different in some cases. The semantic of this command may be extended in +different in some cases. The semantic of this option may be extended in the future. Currently it only skips the actual decryption pass and therefore enables a fast listing of the encryption keys. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 4e67d75..24a5590 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -636,7 +636,7 @@ Sometimes signatures are broken in that they announce a different digest algorithm than actually used. @command{gpgsm} uses a one-pass data processing model and thus needs to rely on the announced digest algorithms to properly hash the data. As a workaround this option may -be used to tell gpg to also hash the data using the algorithm +be used to tell @command{gpgsm} to also hash the data using the algorithm @var{name}; this slows processing down a little bit but allows verification of such broken signatures. If @command{gpgsm} prints an error like ``digest algo 8 has not been enabled'' you may want to try this option, @@ -1262,7 +1262,7 @@ is no need to set recipients. @command{GPGSM} automatically strips any @acronym{S/MIME} headers from the input, so it is valid to pass an entire MIME part to the INPUT pipe. -The encryption is done by using the command +The decryption is done by using the command @example DECRYPT diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi index 496c9ee..37cb118 100644 --- a/doc/howto-create-a-server-cert.texi +++ b/doc/howto-create-a-server-cert.texi @@ -145,7 +145,6 @@ When it is ready, you should see the final notice: @cartouche @example - gpgsm: certificate request created Ready. You should now send this request to your CA. @end example @end cartouche diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 3728d96..84c37f8 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -313,10 +313,10 @@ Even if a card reader features a pinpad, do not try to use it. @opindex allow-admin This option disables the use of admin class commands for card applications where this is supported. Currently we support it for the -OpenPGP card. This commands is useful to inhibit accidental access to +OpenPGP card. This option is useful to inhibit accidental access to admin class command which could ultimately lock the card through wrong PIN numbers. Note that GnuPG versions older than 2.0.11 featured an - at option{--allow-admin} command which was required to use such admin + at option{--allow-admin} option which was required to use such admin commands. This option has no more effect today because the default is now to allow admin commands. diff --git a/doc/tools.texi b/doc/tools.texi index 1cb992e..b1c3a18 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -221,7 +221,7 @@ guarantees.} @command{gpgconf} provides access to the configuration of one or more components of the GnuPG system. These components correspond more or -less to the programs that exist in the GnuPG framework, like GnuPG, +less to the programs that exist in the GnuPG framework, like GPG, GPGSM, DirMngr, etc. But this is not a strict one-to-one relationship. Not all configuration options are available through @command{gpgconf}. @command{gpgconf} provides a generic and abstract @@ -487,7 +487,7 @@ quote character is only needed to be able to differentiate between no value and the empty string as value. @item string list -If the option takes a number argument and it can occur more than once, +If the option takes a string argument and it can occur more than once, then the option argument is either empty, or it is a comma-separated list of string arguments as described above. @end table @@ -520,7 +520,7 @@ an atomic way with a single operation. The GUI could for example provide a menu with one entry for each component, or a window with one tabulator sheet per component. -The command argument @code{--list-components} lists all available +The command @code{--list-components} lists all available components, one per line. The format of each line is: @code{@var{name}:@var{description}:@var{pgmname}:} @@ -565,7 +565,7 @@ components. It runs each program to test whether it is installed and runnable. This also includes a syntax check of all config file options of the program. -The command argument @code{--check-programs} lists all available +The command @code{--check-programs} lists all available programs, one per line. The format of each line is: @code{@var{name}:@var{description}:@var{pgmname}:@var{avail}:@var{okay}:@var{cfgfile}:@var{line}:@var{error}:} @@ -640,7 +640,7 @@ Every component contains one or more options. Options may be gathered into option groups to allow the GUI to give visual hints to the user about which options are related. -The command argument @code{@w{--list-options @var{component}}} lists +The command @code{@w{--list-options @var{component}}} lists all options (and the groups they belong to) in the component @var{component}, one per line. @var{component} must be the string in the field @var{name} in the output of the @code{--list-components} @@ -925,7 +925,7 @@ This is the group field of the key. It is percent escaped. This describes a rule record. All rule records up to the next key record make up a rule set for that key. The format of a rule record is: - @code{r:::@var{component}:@var{option}:@var{flags}:@var{value}:} + @code{r:::@var{component}:@var{option}:@var{flag}:@var{value}:} @table @var @item component commit 825c1dfb3ee4c1704f42eaf064161b9731c20134 Author: Ineiev Date: Fri Mar 4 16:00:51 2016 +0000 doc: Eliminate inconsistent UK English. * doc/dirmngr.texi, doc/gpg-agent.texi, doc/scdaemon.texi, doc/tools.texi: Fix. diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 7b5c7e7..0f37cc4 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -196,7 +196,7 @@ however carefully selected to best aid in debugging. @item --debug @var{flags} @opindex debug -This option is only useful for debugging and the behaviour may change at +This option is only useful for debugging and the behavior may change at any time without notice. FLAGS are bit encoded and may be given in usual C-Syntax. diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index b99dc5f..8176b37 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -230,7 +230,7 @@ however carefully selected to best aid in debugging. @item --debug @var{flags} @opindex debug -This option is only useful for debugging and the behaviour may change at +This option is only useful for debugging and the behavior may change at any time without notice. FLAGS are bit encoded and may be given in usual C-Syntax. The currently defined bits are: @@ -366,7 +366,7 @@ version of the used Pinentry. @opindex ignore-cache-for-signing This option will let @command{gpg-agent} bypass the passphrase cache for all signing operation. Note that there is also a per-session option to -control this behaviour but this command line option takes precedence. +control this behavior but this command line option takes precedence. @item --default-cache-ttl @var{n} @opindex default-cache-ttl diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 3ab44ae..3728d96 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -160,7 +160,7 @@ helpers to debug problems. @item --debug @var{flags} @opindex debug -This option is only useful for debugging and the behaviour may change at +This option is only useful for debugging and the behavior may change at any time without notice. FLAGS are bit encoded and may be given in usual C-Syntax. The currently defined bits are: diff --git a/doc/tools.texi b/doc/tools.texi index d6e130f..1cb992e 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -422,8 +422,8 @@ is de-escaped by replacing all occurrences of @code{%XY} by the byte that has the hexadecimal value @code{XY}. @code{X} and @code{Y} are from the set @code{0-9a-f}. - at item localised -Some fields contain strings that are described to be @emph{localised}. + at item localized +Some fields contain strings that are described to be @emph{localized}. Such strings are translated to the active language and formatted in the active character set. @@ -804,7 +804,7 @@ error and abort the operation. @item argname This field is only defined for options with an argument type @var{type} that is not @code{0}. In this case it may contain a - at emph{percent-escaped} and @emph{localised string} that gives a short + at emph{percent-escaped} and @emph{localized string} that gives a short name for the argument. The field may also be empty, though, in which case a short name is not known. ----------------------------------------------------------------------- Summary of changes: doc/dirmngr.texi | 6 ++--- doc/gpg-agent.texi | 6 ++--- doc/gpg.texi | 34 ++++++++++++------------ doc/gpgsm.texi | 34 ++++++++++++------------ doc/howto-create-a-server-cert.texi | 3 +-- doc/scdaemon.texi | 8 +++--- doc/specify-user-id.texi | 8 +++--- doc/tools.texi | 53 +++++++++++++++++++------------------ 8 files changed, 76 insertions(+), 76 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 04:24:20 2016 From: cvs at cvs.gnupg.org (by Ineiev) Date: Tue, 20 Sep 2016 04:24:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-149-g32bcf8b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 32bcf8b73ede9c8f1469821a54dedc6be75241d2 (commit) from 377624207e9b2895ce00dfc4d1163d72f349841f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 32bcf8b73ede9c8f1469821a54dedc6be75241d2 Author: Ineiev Date: Fri Mar 4 15:20:47 2016 +0000 doc: Fix spacings. * doc/debugging.texi, doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/tools.texi: Fix. diff --git a/doc/debugging.texi b/doc/debugging.texi index 87625d7..e19c577 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -41,7 +41,7 @@ information and indices. The commonly used one is the file @file{pubring.kbx} in the @file{.gnupg} directory. It contains all X.509 certificates as well as OpenPGP keys at footnote{Well, OpenPGP keys are not implemented, @command{gpg} still used the keyring file - at file{pubring.gpg}} . + at file{pubring.gpg}.}. @noindent When called the standard way, e.g.: diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 12ce630..a6b7885 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -229,7 +229,7 @@ self-test for debugging purposes. @opindex c @opindex csh Format the info output in daemon mode for use with the standard Bourne -shell respective the C-shell . The default ist to guess it based on the +shell respective the C-shell. The default is to guess it based on the environment variable @code{SHELL} which is in almost all cases sufficient. diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index c24d935..0e7a788 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -108,7 +108,7 @@ one (e.g. @file{@value{BINDIR}/pinentry}). @manpause @noindent - at xref{Option Index},for an index to @command{GPG-AGENT}'s commands and options. + at xref{Option Index}, for an index to @command{GPG-AGENT}'s commands and options. @mancont @menu diff --git a/doc/gpg.texi b/doc/gpg.texi index c141ec6..f2d94e5 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -608,11 +608,11 @@ This is a simple command to generate a standard key with one user id. In contrast to @option{--gen-key} the key is generated directly without the need to answer a bunch of prompts. Unless the option @option{--yes} is given, the key creation will be canceled if the -given user id already exists in the key ring. +given user id already exists in the keyring. If invoked directly on the console without any special options an answer to a ``Continue?'' style confirmation prompt is required. In -case the user id already exists in the key ring a second prompt to +case the user id already exists in the keyring a second prompt to force the creation of the key will show up. If @code{algo} or @code{usage} are given, only the primary key is @@ -962,12 +962,12 @@ signing. @item save @opindex keyedit:save - Save all changes to the key rings and quit. + Save all changes to the keyrings and quit. @item quit @opindex keyedit:quit Quit the program without updating the - key rings. + keyrings. @end table @c man:.RS @@ -2062,7 +2062,7 @@ keys can be used. Disable the use of all @option{--encrypt-to} and @option{--hidden-encrypt-to} keys. - at item --group @code{name=value1 } + at item --group @code{name=value} @opindex group Sets up a named group, which is similar to aliases in email programs. Any time the group name is a recipient (@option{-r} or @@ -3403,7 +3403,6 @@ Operation is further controlled by a few environment variables: language selection done through the Registry. If used and set to a valid and available language name (@var{langid}), the file with the translation is loaded from - @code{@var{gpgdir}/gnupg.nls/@var{langid}.mo}. Here @var{gpgdir} is the directory out of which the gpg binary has been loaded. If it can't be loaded the Registry is tried and as last resort the native Windows diff --git a/doc/tools.texi b/doc/tools.texi index f213bfe..8d76842 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1139,7 +1139,7 @@ The @command{gpg-connect-agent} is a utility to communicate with a running @command{gpg-agent}. It is useful to check out the commands @command{gpg-agent} provides using the Assuan interface. It might also be useful for scripting simple applications. Input is expected -at stdin and out put gets printed to stdout. +at stdin and output gets printed to stdout. It is very similar to running @command{gpg-agent} in server mode; but here we connect to a running instance. @@ -1780,7 +1780,8 @@ The possible exit status codes of @command{symcryptrun} are: @node gpg-zip @section Encrypt or sign files into an archive @ifset manverb -.B gpg-zip \- Encrypt or sign files into an archive +.B gpg-zip +\- Encrypt or sign files into an archive @end ifset @mansect synopsis ----------------------------------------------------------------------- Summary of changes: doc/debugging.texi | 2 +- doc/dirmngr.texi | 2 +- doc/gpg-agent.texi | 2 +- doc/gpg.texi | 11 +++++------ doc/tools.texi | 5 +++-- 5 files changed, 11 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 06:05:36 2016 From: cvs at cvs.gnupg.org (by Ineiev) Date: Tue, 20 Sep 2016 06:05:36 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-150-g0eaab1a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0eaab1af48f600b636183321e4a4e9c6bc361610 (commit) from 32bcf8b73ede9c8f1469821a54dedc6be75241d2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0eaab1af48f600b636183321e4a4e9c6bc361610 Author: Ineiev Date: Fri Mar 4 16:13:14 2016 +0000 doc: Fix full stops. * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/instguide.texi, doc/scdaemon.texi, doc/specify-user-id.texi, doc/tools.texi: Fix. diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 0e7a788..498e034 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -246,7 +246,7 @@ memory allocation @item 6 (64) caching @item 7 (128) -show memory statistics. +show memory statistics @item 9 (512) write hashed data to files named @code{dbgmd-000*} @item 10 (1024) @@ -1202,7 +1202,7 @@ Format the fingerprint according to gpg rules for a v4 keys. @item @@FPR@@ Choose an appropriate format to format the fingerprint. @item @@@@ -Replaced by a single @code{@@} +Replaced by a single @code{@@}. @end table @node Agent GET_PASSPHRASE diff --git a/doc/gpg.texi b/doc/gpg.texi index f2d94e5..f97b440 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -598,7 +598,7 @@ fingerprint (preferred) or their keyid. @node OpenPGP Key Management @subsection How to manage your keys -This section explains the main commands for key management +This section explains the main commands for key management. @table @gnupgtabopt diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index deb57a6..2012582 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -703,7 +703,7 @@ memory allocation @item 6 (64) caching @item 7 (128) -show memory statistics. +show memory statistics @item 9 (512) write hashed data to files named @code{dbgmd-000*} @item 10 (1024) @@ -1269,7 +1269,7 @@ The decryption is done by using the command @end example It performs the decrypt operation after doing some check on the internal -state. (e.g. that all needed data has been set). Because it utilizes +state (e.g. that all needed data has been set). Because it utilizes the GPG-Agent for the session key decryption, there is no need to ask the client for a protecting passphrase - GpgAgent takes care of this by requesting this from the user. diff --git a/doc/instguide.texi b/doc/instguide.texi index 7ac6925..4a2c976 100644 --- a/doc/instguide.texi +++ b/doc/instguide.texi @@ -19,7 +19,7 @@ get that whole thing up and running. Building the software is described in the file @file{INSTALL}. Given that you are already reading this documentation we can only give some -extra hints +extra hints. To comply with the rules on GNU systems you should have build time configured @command{gnupg} using: diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index ddf18db..4ae7bc0 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -176,7 +176,7 @@ memory allocation @item 6 (64) caching @item 7 (128) -show memory statistics. +show memory statistics @item 9 (512) write hashed data to files named @code{dbgmd-000*} @item 10 (1024) diff --git a/doc/specify-user-id.texi b/doc/specify-user-id.texi index 3a2b6a2..b363c2a 100644 --- a/doc/specify-user-id.texi +++ b/doc/specify-user-id.texi @@ -101,7 +101,7 @@ This is indicated by a leading slash, directly followed by the RFC-2253 encoded DN of the subject. Note that you can't use the string printed by @code{gpgsm --list-keys} because that one has been reordered and modified for better readability; use @option{--with-colons} to print the raw -(but standard escaped) RFC-2253 string +(but standard escaped) RFC-2253 string. @cartouche @example @@ -132,7 +132,7 @@ RFC-2253 encoded DN of the issuer. See note above. @end example @end cartouche - at item By keygrip + at item By keygrip. This is indicated by an ampersand followed by the 40 hex digits of a keygrip. @command{gpgsm} prints the keygrip when using the command @option{--dump-cert}. It does not yet work for OpenPGP keys. diff --git a/doc/tools.texi b/doc/tools.texi index 8d76842..37a65d3 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1446,7 +1446,7 @@ string @code{true} or @code{yes}. The evaluation is done by passing Run commands from @var{file}. @item /bye -Terminate the connection and the program +Terminate the connection and the program. @item /help Print a list of available control commands. ----------------------------------------------------------------------- Summary of changes: doc/gpg-agent.texi | 4 ++-- doc/gpg.texi | 2 +- doc/gpgsm.texi | 4 ++-- doc/instguide.texi | 2 +- doc/scdaemon.texi | 2 +- doc/specify-user-id.texi | 4 ++-- doc/tools.texi | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 08:28:50 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 20 Sep 2016 08:28:50 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-151-g91d5e6f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 91d5e6f805aaf24a3f1f03a95998f757dce04cb2 (commit) from 0eaab1af48f600b636183321e4a4e9c6bc361610 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 91d5e6f805aaf24a3f1f03a95998f757dce04cb2 Author: Justus Winter Date: Mon Sep 19 15:25:01 2016 +0200 doc: Implement simple '@ref'erences. * doc/yat2m.c (proc_texi_cmd): Handle '@ref'. Signed-off-by: Justus Winter diff --git a/doc/yat2m.c b/doc/yat2m.c index 9b76f19..a63260b 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -729,6 +729,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "asis", 7 }, { "anchor", 7 }, { "cartouche", 1 }, + { "ref", 0, "[", "]" }, { "xref", 0, "see: [", "]" }, { "pxref", 0, "see: [", "]" }, { "uref", 0, "(\\fB", "\\fR)" }, ----------------------------------------------------------------------- Summary of changes: doc/yat2m.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 08:43:17 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 20 Sep 2016 08:43:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-152-g9c1b3bc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9c1b3bc25a1b38c4eda31bf12ccc10d94bb05212 (commit) from 91d5e6f805aaf24a3f1f03a95998f757dce04cb2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9c1b3bc25a1b38c4eda31bf12ccc10d94bb05212 Author: NIIBE Yutaka Date: Tue Sep 20 15:41:36 2016 +0900 doc: minor fix for @xref. * doc/yat2m.c (proc_texi_cmd): Captalize "see" for xref. diff --git a/doc/yat2m.c b/doc/yat2m.c index a63260b..23fc6ba 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -730,7 +730,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "anchor", 7 }, { "cartouche", 1 }, { "ref", 0, "[", "]" }, - { "xref", 0, "see: [", "]" }, + { "xref", 0, "See: [", "]" }, { "pxref", 0, "see: [", "]" }, { "uref", 0, "(\\fB", "\\fR)" }, { "footnote",0, " ([", "])" }, ----------------------------------------------------------------------- Summary of changes: doc/yat2m.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 09:01:01 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 20 Sep 2016 09:01:01 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-154-g05e4889 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 05e488943ca5d980b9bda2f21426cc7a17b41410 (commit) via 81cb71ab4d516a1e8b09a69508f7887f98508642 (commit) from 9c1b3bc25a1b38c4eda31bf12ccc10d94bb05212 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 05e488943ca5d980b9bda2f21426cc7a17b41410 Author: Werner Koch Date: Tue Sep 20 08:55:04 2016 +0200 doc: Add a few extra coding standard notes. -- Signed-off-by: Werner Koch diff --git a/doc/HACKING b/doc/HACKING index 1888b29..bb04fdf 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -38,28 +38,31 @@ are delimited by a comma (e.g. =scd,w32:=). Commonly found keywords are - agent :: The gpg-agent component - - ssh :: The ssh-agent part of the agent + - build :: Changes to the build system + - ccid :: The CCID driver in scdaemon - common :: Code in common - - iobuf :: The IOBUF system in common + - dirmngr :: The dirmngr component + - doc :: Documentation changes - gpg :: The gpg or gpgv components - - gpgsm :: The gpgsm component + - sm :: The gpgsm component (also "gpgsm") + - gpgscm :: The regression test driver + - indent :: Indentation and similar changes + - iobuf :: The IOBUF system in common + - po :: Translations - scd :: The scdaemon component - - ccid :: The CCID driver in scdaemon - - dirmngr :: The dirmngr component - - wks :: The web key service tools + - speedo :: Speedo build system specific changes + - ssh :: The ssh-agent part of the agent + - tests :: The regressions tests - tools :: Other code in tools - w32 :: Windows related code - - po :: Translations - - build :: Changes to the build system - - speedo :: Speedo build system specific changes - - doc :: Documentation changes - - indent :: Indentation and similar changes + - wks :: The web key service tools + - yat2m :: The yat2m tool. Typo fixes and documentation updates don't need a ChangeLog entry; thus you would use a commit message like #+begin_example -Fix typo in a comment +doc: Fix typo in a comment -- #+end_example @@ -128,9 +131,28 @@ Note that such a comment will be removed if the git commit option - Only certain C99 features may be used (see below); in general stick to C90. - Please do not use C++ =//= style comments. + - Do not use comments like: +#+begin_src + if (foo) + /* Now that we know that foo is true we can call bar. */ + bar (); +#+end_src + instead write the comment on the if line or before it. You may + also use a block and put the comment inside. + - Please use asterisks on the left of longer comments. This makes + it easier to read without syntax highlighting, on printouts, and + for blind people. - Try to fit lines into 80 columns. - Ignore signed/unsigned pointer mismatches - No arithmetic on void pointers; cast to char* first. + - Do not use +#+begin_src + if ( 42 == foo ) +#+end_src + this is harder to read and modern compilers are pretty good in + detecing accidential assignments. It is also suggested not to + compare to 0 or NULL but to test the value direct or with a '!'; + this makes it easier to see that a boolean test is done. - We use our own printf style functions like =es_printf=, and =gpgrt_asprintf= (or the =es_asprintf= macro) which implement most C99 features with the exception of =wchar_t= (which should anyway @@ -145,12 +167,15 @@ Note that such a comment will be removed if the git commit option - Always use xfree() instead of free(). If it is not easy to see that the freed variable is not anymore used, explicitly set the variable to NULL. + - New code shall in general use xtrymalloc or xtrycalloc and check + for an error (use gpg_error_from_errno()). - Init function local variables only if needed so that the compiler can do a better job in detecting uninitialized variables which may indicate a problem with the code. - Never init static or file local variables to 0 to make sure they end up in BSS. - - Use --enable-maintainer-mode with configure. + - Use --enable-maintainer-mode with configure so that all suitable + warnings are enabled. ** Variable names commit 81cb71ab4d516a1e8b09a69508f7887f98508642 Author: Werner Koch Date: Tue Sep 20 08:32:25 2016 +0200 doc: Fix fix "Not(e) that you can(not) abbreviate". -- The commands --help, --version, --dump-options are special in that they can't be abbreciated on the command line. This is to avoid problems with regular options with the same prefix. Fixes-commit: 0a27d8a57c4c990fcada4278a1ce2e6fc9043e9 Signed-off-by: Werner Koch diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index a6b7885..49e0f34 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -66,7 +66,7 @@ abbreviate this command. @item --help, -h @opindex help Print a usage message summarizing the most useful command-line options. -Note that you can abbreviate this command. +Note that you cannot abbreviate this command. @item --dump-options @opindex dump-options diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 498e034..b933b80 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -137,7 +137,7 @@ abbreviate this command. @itemx -h @opindex help Print a usage message summarizing the most useful command-line options. -Note that you can abbreviate this command. +Note that you cannot abbreviate this command. @item --dump-options @opindex dump-options diff --git a/doc/gpg.texi b/doc/gpg.texi index f97b440..21f413e 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -141,7 +141,7 @@ cannot abbreviate this command. @itemx -h @opindex help Print a usage message summarizing the most useful command line options. -Note that you can abbreviate this command. +Note that you cannot abbreviate this command. @item --warranty @opindex warranty diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 2012582..0082c19 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -85,7 +85,7 @@ cannot abbreviate this command. @item --help, -h @opindex help Print a usage message summarizing the most useful command-line options. -Note that you can abbreviate this command. +Note that you cannot abbreviate this command. @item --warranty @opindex warranty diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 4ae7bc0..1724b42 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -72,7 +72,7 @@ abbreviate this command. @item --help, -h @opindex help Print a usage message summarizing the most useful command-line options. -Note that you can abbreviate this command. +Note that you cannot abbreviate this command. @item --dump-options @opindex dump-options diff --git a/doc/tools.texi b/doc/tools.texi index 37a65d3..899b00b 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1542,7 +1542,7 @@ abbreviate this command. @item --help, -h @opindex help Print a usage message summarizing the most useful command-line options. -Note that you can abbreviate this command. +Note that you cannot abbreviate this command. @item --quiet, -q @opindex quiet ----------------------------------------------------------------------- Summary of changes: doc/HACKING | 51 ++++++++++++++++++++++++++++++++++++++------------- doc/dirmngr.texi | 2 +- doc/gpg-agent.texi | 2 +- doc/gpg.texi | 2 +- doc/gpgsm.texi | 2 +- doc/scdaemon.texi | 2 +- doc/tools.texi | 2 +- 7 files changed, 44 insertions(+), 19 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 09:23:35 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 20 Sep 2016 09:23:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-156-gb9b4ff8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b9b4ff857034df51e055ceddce567ca97e94e075 (commit) via 8078d8246fa38c3e478fc9a542117468780ace00 (commit) from 05e488943ca5d980b9bda2f21426cc7a17b41410 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b9b4ff857034df51e055ceddce567ca97e94e075 Author: NIIBE Yutaka Date: Tue Sep 20 16:17:09 2016 +0900 doc: Fix a xref usage. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index a0d3a56..e3e852c 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -258,7 +258,7 @@ Export the private key and the certificate identified by @var{key-id} in a PKCS#12 format. When used with the @code{--armor} option a few informational lines are prepended to the output. Note, that the PKCS#12 format is not very secure and this command is only provided if there is -no other way to exchange the private key. (@xref{option --p12-charset}) +no other way to exchange the private key. (@xref{option --p12-charset}.) @item --export-secret-key-p8 @var{key-id} @itemx --export-secret-key-raw @var{key-id} commit 8078d8246fa38c3e478fc9a542117468780ace00 Author: Ineiev Date: Fri Mar 4 14:45:19 2016 +0000 doc: Do not end section names with "." diff --git a/doc/debugging.texi b/doc/debugging.texi index e19c577..7fde49a 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -86,7 +86,7 @@ should not occur but sometimes things go wrong), run it using @node Debugging Hints - at section Various hints on debugging. + at section Various hints on debugging @itemize @bullet @@ -258,7 +258,7 @@ can't do anything about it without actually downloading the keys. @c *** Architecture Details ***************** @c ******************************************** @node Architecture Details - at section How the whole thing works internally. + at section How the whole thing works internally @menu @@ -266,9 +266,8 @@ can't do anything about it without actually downloading the keys. * GnuPG-1 and GnuPG-2:: Relationship between GnuPG 1.4 and 2.x. @end menu - @node Component interaction - at subsection How the components work together. + at subsection How the components work together @float Figure,fig:moduleoverview @@ -278,7 +277,7 @@ can't do anything about it without actually downloading the keys. @node GnuPG-1 and GnuPG-2 - at subsection Relationship between GnuPG 1.4 and 2.x. + at subsection Relationship between GnuPG 1.4 and 2.x Here is a little picture showing how the different GnuPG versions make use of a smartcard: diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 49e0f34..7a85b55 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -539,7 +539,7 @@ certificates have been loaded correctly. @c @mansect signals @node Dirmngr Signals - at section Use of signals. + at section Use of signals A running @command{dirmngr} may be controlled by signals, i.e. using the @command{kill} command to send a signal to the process. diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index b933b80..53a6f78 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -745,7 +745,7 @@ a small helper script is provided to create these files (@pxref{addgnupghome}). @c @mansect signals @node Agent Signals - at section Use of some signals. + at section Use of some signals A running @command{gpg-agent} may be controlled by signals, i.e. using the @command{kill} command to send a signal to the process. diff --git a/doc/gpg.texi b/doc/gpg.texi index 21f413e..6cc35e0 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2437,7 +2437,7 @@ done with @code{--with-colons}. @c ******** OPENPGP OPTIONS **************** @c ******************************************* @node OpenPGP Options - at subsection OpenPGP protocol specific options. + at subsection OpenPGP protocol specific options @table @gnupgtabopt @@ -2625,7 +2625,7 @@ SHA224, SHA384, and SHA512 digests. @c ******** ESOTERIC OPTIONS *************** @c ******************************************* @node GPG Esoteric Options - at subsection Doing things one usually doesn't want to do. + at subsection Doing things one usually doesn't want to do @table @gnupgtabopt diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 0082c19..a0d3a56 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -594,7 +594,7 @@ done with @code{--with-colons}. @c ************* CMS OPTIONS *************** @c ******************************************* @node CMS Options - at subsection How to change how the CMS is created. + at subsection How to change how the CMS is created @table @gnupgtabopt @item --include-certs @var{n} @@ -625,7 +625,7 @@ interoperability problems. @c ******** ESOTERIC OPTIONS *************** @c ******************************************* @node Esoteric Options - at subsection Doing things one usually do not want to do. + at subsection Doing things one usually do not want to do @table @gnupgtabopt @@ -1153,7 +1153,7 @@ default is @samp{sha256}. @c *************** ***************** @c ******************************************* @node GPGSM Protocol - at section The Protocol the Server Mode Uses. + at section The Protocol the Server Mode Uses Description of the protocol used to access @command{GPGSM}. @command{GPGSM} does implement the Assuan protocol and in addition @@ -1469,7 +1469,7 @@ The certificates must be specified unambiguously otherwise an error is returned. @node GPGSM GETAUDITLOG - at subsection Retrieve an audit log. + at subsection Retrieve an audit log @anchor{gpgsm-cmd getauditlog} This command is used to retrieve an audit log. @@ -1512,7 +1512,7 @@ started with option @option{--disable-dirmngr}. @end table @node GPGSM OPTION - at subsection Session options. + at subsection Session options The standard Assuan option handler supports these options. diff --git a/doc/instguide.texi b/doc/instguide.texi index 4a2c976..bf99a5c 100644 --- a/doc/instguide.texi +++ b/doc/instguide.texi @@ -4,7 +4,7 @@ @c For copying conditions, see the file gnupg.texi. @node Installation - at chapter A short installation guide. + at chapter A short installation guide Unfortunately the installation guide has not been finished in time. Instead of delaying the release of GnuPG 2.0 even further, I decided to diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 1724b42..4cf44bc 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -628,17 +628,17 @@ status line is @code{PADDING} with the only defined value being 0 and meaning padding has been removed. @node Scdaemon GETATTR - at subsection Read an attribute's value. + at subsection Read an attribute's value TO BE WRITTEN. @node Scdaemon SETATTR - at subsection Update an attribute's value. + at subsection Update an attribute's value TO BE WRITTEN. @node Scdaemon WRITEKEY - at subsection Write a key to a card. + at subsection Write a key to a card @example WRITEKEY [--force] @var{keyid} @@ -657,18 +657,18 @@ actual card application. @node Scdaemon GENKEY - at subsection Generate a new key on-card. + at subsection Generate a new key on-card TO BE WRITTEN. @node Scdaemon RANDOM - at subsection Return random bytes generate on-card. + at subsection Return random bytes generated on-card TO BE WRITTEN. @node Scdaemon PASSWD - at subsection Change PINs. + at subsection Change PINs @example PASSWD [--reset] [--nullpin] @var{chvno} @@ -680,7 +680,7 @@ is used to initialize the PIN of TCOS cards (6 byte NullPIN only). @node Scdaemon CHECKPIN - at subsection Perform a VERIFY operation. + at subsection Perform a VERIFY operation @example CHECKPIN @var{idstr} @@ -709,7 +709,7 @@ and only if the retry counter is still at 3. @node Scdaemon RESTART - at subsection Perform a RESTART operation. + at subsection Perform a RESTART operation @example RESTART @@ -727,7 +727,7 @@ command; i.e. to select another application. @node Scdaemon APDU - at subsection Send a verbatim APDU to the card. + at subsection Send a verbatim APDU to the card @example APDU [--atr] [--more] [--exlen[=@var{n}]] [@var{hexstring}] diff --git a/doc/sysnotes.texi b/doc/sysnotes.texi index dec07bd..f8cc212 100644 --- a/doc/sysnotes.texi +++ b/doc/sysnotes.texi @@ -3,7 +3,7 @@ @c For copying conditions, see the file gnupg.texi. @node System Notes - at chapter Notes pertaining to certain OSes. + at chapter Notes pertaining to certain OSes GnuPG has been developed on GNU/Linux systems and is know to work on almost all Free OSes. All modern POSIX systems should be supported diff --git a/doc/tools.texi b/doc/tools.texi index 899b00b..199b11e 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -149,7 +149,7 @@ name for remote debugging. @c @manpage addgnupghome.8 @node addgnupghome - at section Create .gnupg home directories. + at section Create .gnupg home directories @ifset manverb .B addgnupghome \- Create .gnupg home directories @@ -184,7 +184,7 @@ addgnupghome account1 account2 ... accountn @c @manpage gpgconf.1 @node gpgconf - at section Modify .gnupg home directories. + at section Modify .gnupg home directories @ifset manverb .B gpgconf \- Modify .gnupg home directories @@ -985,7 +985,7 @@ no feature to change the global option file through @command{gpgconf}. @c @manpage applygnupgdefaults.8 @node applygnupgdefaults - at section Run gpgconf for all users. + at section Run gpgconf for all users @ifset manverb .B applygnupgdefaults \- Run gpgconf --apply-defaults for all users. @@ -1018,7 +1018,7 @@ applygnupgdefaults @c GPG-PRESET-PASSPHRASE @c @node gpg-preset-passphrase - at section Put a passphrase into the cache. + at section Put a passphrase into the cache @manpage gpg-preset-passphrase.1 @ifset manverb .B gpg-preset-passphrase @@ -1054,7 +1054,7 @@ this passphrase presetting by starting @command{gpg-agent} with the @manpause @node Invoking gpg-preset-passphrase - at subsection List of all commands and options. + at subsection List of all commands and options @mancont @noindent @@ -1121,7 +1121,7 @@ for other users. @c GPG-CONNECT-AGENT @c @node gpg-connect-agent - at section Communicate with a running agent. + at section Communicate with a running agent @manpage gpg-connect-agent.1 @ifset manverb .B gpg-connect-agent @@ -1151,7 +1151,7 @@ here we connect to a running instance. @manpause @node Invoking gpg-connect-agent - at subsection List of all options. + at subsection List of all options @noindent @command{gpg-connect-agent} is invoked this way: @@ -1251,7 +1251,7 @@ a new line always starts with a D and a space. @mansect control commands @node Controlling gpg-connect-agent - at subsection Control commands. + at subsection Control commands While reading Assuan commands, gpg-agent also allows a few special commands to control its operation. These control commands all start @@ -1652,7 +1652,7 @@ debugging. Run it with @code{--help} for usage information. @c SYMCRYPTRUN @c @node symcryptrun - at section Call a simple symmetric encryption tool. + at section Call a simple symmetric encryption tool @manpage symcryptrun.1 @ifset manverb .B symcryptrun @@ -1692,7 +1692,7 @@ configured with @samp{--enable-symcryptrun} at build time. @manpause @node Invoking symcryptrun - at subsection List of all commands and options. + at subsection List of all commands and options @noindent @command{symcryptrun} is invoked this way: ----------------------------------------------------------------------- Summary of changes: doc/debugging.texi | 9 ++++----- doc/dirmngr.texi | 2 +- doc/gpg-agent.texi | 2 +- doc/gpg.texi | 4 ++-- doc/gpgsm.texi | 12 ++++++------ doc/instguide.texi | 2 +- doc/scdaemon.texi | 18 +++++++++--------- doc/sysnotes.texi | 2 +- doc/tools.texi | 20 ++++++++++---------- 9 files changed, 35 insertions(+), 36 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 11:13:50 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 20 Sep 2016 11:13:50 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-388-gef99b74 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ef99b74eb12463db7da5806a316e3b55f8097c5c (commit) from e3c35147d6adb754d4eb0781a54af2a8f0803663 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef99b74eb12463db7da5806a316e3b55f8097c5c Author: Justus Winter Date: Tue Sep 20 11:10:10 2016 +0200 python: Fix detection of Python available versions. * configure.ac: Test for 'PYTHON_VERSION' as 'AX_PYTHON_DEVEL' sets 'PYTHON' but clears the former. Fixes-commit: 99db3512 Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index 352ac8b..d6f3e0a 100644 --- a/configure.ac +++ b/configure.ac @@ -407,7 +407,7 @@ if test "$found_py" = "1" -o "$found_py2" = "1" -o "$found_py3" = "1"; then if test "$found_py" = "1" -o "$found_py2" = "1"; then AM_PATH_PYTHON([2.7]) AX_PYTHON_DEVEL - if test "$PYTHON"; then + if test "$PYTHON_VERSION"; then PYTHONS="$(echo $PYTHONS $PYTHON)" PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" fi @@ -430,7 +430,7 @@ if test "$found_py" = "1" -o "$found_py2" = "1" -o "$found_py3" = "1"; then unset am_cv_python_pyexecdir AM_PATH_PYTHON([3.4]) AX_PYTHON_DEVEL - if test "$PYTHON"; then + if test "$PYTHON_VERSION"; then PYTHONS="$(echo $PYTHONS $PYTHON)" PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" fi ----------------------------------------------------------------------- Summary of changes: configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 14:02:18 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 20 Sep 2016 14:02:18 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-157-g4644c27 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4644c27514f34f5efc555d43672a25088a611a72 (commit) from b9b4ff857034df51e055ceddce567ca97e94e075 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4644c27514f34f5efc555d43672a25088a611a72 Author: Andre Heinecke Date: Thu Aug 25 18:15:52 2016 +0200 dirmngr: Open file CRL's in binary mode * dirmngr/crlcache.c (crl_cache_load): Open file in binary mode. -- This fixes conversion bugs with binary CRL's on Windows. GnuPG-bug-id: issue2448 Signed-off-by: Andre Heinecke diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index 388754b..94d5f5f 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -2408,7 +2408,7 @@ crl_cache_load (ctrl_t ctrl, const char *filename) estream_t fp; ksba_reader_t reader; - fp = es_fopen (filename, "r"); + fp = es_fopen (filename, "rb"); if (!fp) { err = gpg_error_from_errno (errno); ----------------------------------------------------------------------- Summary of changes: dirmngr/crlcache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 20 20:04:54 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 20 Sep 2016 20:04:54 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-392-g0763357 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 0763357e39d140b068ee9838a5da08be75426d9f (commit) via bfb6890ded99f040fe8ecf910f927a136e4acfda (commit) via 29207bcd3bf4de7264197db6758130375b16d9bb (commit) via df7e92b4d585b7dce919c5a3aab9524f6e183cbe (commit) from ef99b74eb12463db7da5806a316e3b55f8097c5c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0763357e39d140b068ee9838a5da08be75426d9f Author: Werner Koch Date: Tue Sep 20 19:58:00 2016 +0200 tests: Make "make -j distcheck" work in Python. * lang/python/Makefile.am (SUBDIRS): Make current dir fist. * lang/python/tests/Makefile.am (xcheck): Depend on pubring-stamp. (CLEANFILES): Remove private-keys-v1.d/gpg-sample.stamp. (check-local): Remove. (initial.py): Remove dependency. (./pubring-stamp): Depend on conf files and the private-keys-v1.d/gpg-sample.stamp file. Also replace use of basename. -- This addresses the problem that two rules might run the private keys copy rule and due to the files being chmod -w during make discheck the second process running that rule's cp would get a permission error. Signed-off-by: Werner Koch diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index da626d1..897c2a6 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -25,7 +25,7 @@ EXTRA_DIST = \ examples \ pyme -SUBDIRS = tests +SUBDIRS = . tests COPY_FILES = \ $(srcdir)/gpgme.i \ diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 0538e54..aa88bdc 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -65,14 +65,16 @@ EXTRA_DIST = support.py $(XTESTS) encrypt-only.asc sign-only.asc \ check: xcheck .PHONY: xcheck -xcheck: + +xcheck: ./pubring-stamp $(TESTS_ENVIRONMENT) $(PYTHON) $(srcdir)/run-tests.py \ --interpreters="$(PYTHONS)" --srcdir=$(srcdir) $(TESTFLAGS) \ $(XTESTS) CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ gpg.conf pubring.gpg~ \ - random_seed .gpg-v21-migrated pubring-stamp + random_seed .gpg-v21-migrated \ + pubring-stamp private-keys-v1.d/gpg-sample.stamp private_keys = \ $(test_srcdir)/13CD0F3BDF24BE53FE192D62F18737256FF6E4FD \ @@ -85,21 +87,17 @@ clean-local: -$(top_srcdir)/tests/start-stop-agent --stop -rm -fR -- private-keys-v1.d openpgp-revocs.d S.gpg-agent sshcontrol -check-local: ./gpg.conf ./gpg-agent.conf ./pubring-stamp \ - ./private-keys-v1.d/gpg-sample.stamp - -# To guarantee that check-local is run before any tests we -# add this dependency: -initial.py: check-local ./private-keys-v1.d/gpg-sample.stamp: $(private_keys) test -d ./private-keys-v1.d || mkdir ./private-keys-v1.d for k in $(private_keys); do \ - cp $$k private-keys-v1.d/`basename $$k`.key; \ + cp $$k private-keys-v1.d/$${k#$(test_srcdir)/}.key; \ done echo x > ./private-keys-v1.d/gpg-sample.stamp -./pubring-stamp: $(test_srcdir)/pubdemo.asc +./pubring-stamp: $(test_srcdir)/pubdemo.asc \ + ./gpg.conf ./gpg-agent.conf \ + ./private-keys-v1.d/gpg-sample.stamp $(GPG) --batch --no-permission-warning \ --import $(test_srcdir)/pubdemo.asc -$(GPG) --batch --no-permission-warning \ commit bfb6890ded99f040fe8ecf910f927a136e4acfda Author: Werner Koch Date: Tue Sep 20 19:51:02 2016 +0200 tests: Use --batch for gpg import. * lang/python/tests/Makefile.am (./pubring-stamp): Use --batch with GPG to avoid Pinentries during import when using GnuPG >= 2.1. Replace touch by echo. * tests/gpg/Makefile.am (./pubring-stamp): Ditto. Signed-off-by: Werner Koch diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 6a315d7..0538e54 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -100,11 +100,11 @@ initial.py: check-local echo x > ./private-keys-v1.d/gpg-sample.stamp ./pubring-stamp: $(test_srcdir)/pubdemo.asc - $(GPG) --no-permission-warning \ + $(GPG) --batch --no-permission-warning \ --import $(test_srcdir)/pubdemo.asc - -$(GPG) --no-permission-warning \ + -$(GPG) --batch --no-permission-warning \ --import $(test_srcdir)/secdemo.asc - touch ./pubring-stamp + echo x > ./pubring-stamp ./gpg.conf: # This is required for t-sig-notations. diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index e1c033b..9877843 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -89,11 +89,11 @@ export GPG_AGENT_INFO := echo x > ./private-keys-v1.d/gpg-sample.stamp ./pubring-stamp: $(srcdir)/pubdemo.asc - $(GPG) --no-permission-warning \ + $(GPG) --batch --no-permission-warning \ --import $(srcdir)/pubdemo.asc - -$(GPG) --no-permission-warning \ + -$(GPG) --batch --no-permission-warning \ --import $(srcdir)/secdemo.asc - touch ./pubring-stamp + echo x > ./pubring-stamp ./gpg.conf: # This is required for t-sig-notations. commit 29207bcd3bf4de7264197db6758130375b16d9bb Author: Werner Koch Date: Tue Sep 20 19:46:04 2016 +0200 tests: Improve portability. * lang/qt/tests/Makefile.am (clean-local): Avoid non-portable "--" * lang/python/Makefile.am (copystamp): Use well defined cp -R instead of cp -r. Signed-off-by: Werner Koch diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 9ec9c4a..da626d1 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -48,8 +48,8 @@ COPY_FILES_PYME = \ # distutils are not VPATH-aware. copystamp: $(COPY_FILES) $(COPY_FILES_PYME) if test "$(srcdir)" != "$(builddir)" ; then \ - cp -r $(COPY_FILES) . ; \ - cp -r $(COPY_FILES_PYME) pyme ; \ + cp -R $(COPY_FILES) . ; \ + cp -R $(COPY_FILES_PYME) pyme ; \ fi touch $@ diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index 90f2978..f243a55 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -71,7 +71,7 @@ CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg.conf clean-local: - -rm -fR -- private-keys-v1.d + -rm -fR private-keys-v1.d crls.d export GNUPGHOME := $(abs_builddir) commit df7e92b4d585b7dce919c5a3aab9524f6e183cbe Author: Werner Koch Date: Tue Sep 20 19:43:49 2016 +0200 build: Create swdb file. * Makefile.am (distcheck-hook): New. (dist-hook): s/VERSION/PACKAGE_VERSION/ for future compatibility. Signed-off-by: Werner Koch diff --git a/Makefile.am b/Makefile.am index cb22a91..72b8ee9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -39,9 +39,23 @@ SUBDIRS = src ${tests} doc lang # to be used for patch's Prereq: feature. dist-hook: gen-ChangeLog @set -e; \ - sed -e 's/@pkg_version@/$(VERSION)/g' \ + sed -e 's/@pkg_version@/$(PACKAGE_VERSION)/g' \ $(top_srcdir)/gpgme.spec.in > $(distdir)/gpgme.spec - echo "$(VERSION)" > $(distdir)/VERSION + echo "$(PACKAGE_VERSION)" > $(distdir)/VERSION + +distcheck-hook: + set -e; ( \ + pref="#+macro: gpgme_" ;\ + reldate="$$(date -u +%Y-%m-%d)" ;\ + echo "$${pref}ver $(PACKAGE_VERSION)" ;\ + echo "$${pref}date $${reldate}" ;\ + list='$(DIST_ARCHIVES)'; for i in $$list; do \ + case "$$i" in *.tar.bz2) \ + echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\ + echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\ + echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\ + esac;\ + done ) | tee $(distdir).swdb gen_start_date = 2011-12-01T00:00:00 ----------------------------------------------------------------------- Summary of changes: Makefile.am | 18 ++++++++++++++++-- lang/python/Makefile.am | 6 +++--- lang/python/tests/Makefile.am | 24 +++++++++++------------- lang/qt/tests/Makefile.am | 2 +- tests/gpg/Makefile.am | 6 +++--- 5 files changed, 34 insertions(+), 22 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 21 09:43:06 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Sep 2016 09:43:06 +0200 Subject: [git] GPGME - branch, gpgme-1.7-branch, created. gpgme-1.6.0-395-g0b78bc7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, gpgme-1.7-branch has been created at 0b78bc7ba40972402f8ab7919313c000ef1f6385 (commit) - Log ----------------------------------------------------------------- commit 0b78bc7ba40972402f8ab7919313c000ef1f6385 Author: Werner Koch Date: Wed Sep 21 09:40:02 2016 +0200 Post release updates -- diff --git a/NEWS b/NEWS index e4966e8..b13c3a6 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Noteworthy changes in version 1.7.1 (unreleased) [C26/A15/R_] +------------------------------------------------ + Noteworthy changes in version 1.7.0 (2016-09-21) [C26/A15/R0] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index c9d16af..4a29f2f 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.14" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [7]) -m4_define(mym4_version_micro, [0]) +m4_define(mym4_version_micro, [1]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit e7ab75379feadcc2894d9d4cde0f16ad0044780d Author: Werner Koch Date: Wed Sep 21 08:57:07 2016 +0200 Release 1.7.0 * configure.ac: Bump LT vesion to C26/A15/R0. Signed-off-by: Werner Koch diff --git a/AUTHORS b/AUTHORS index dd4b492..bbf1576 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,5 +1,5 @@ Package: gpgme -Homepage: http://www.gnupg.org/related_software/gpgme/ +Homepage: https://gnupg.org/related_software/gpgme/ Download: ftp://ftp.gnupg.org/gcrypt/gpgme/ Repository: git://git.gnupg.org/gpgme.git Maintainer: Werner Koch diff --git a/NEWS b/NEWS index b258f71..e4966e8 100644 --- a/NEWS +++ b/NEWS @@ -1,18 +1,48 @@ -Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] +Noteworthy changes in version 1.7.0 (2016-09-21) [C26/A15/R0] ------------------------------------------------ - * New function to format a GnuPG style public key algorithm string. + * New language bindings for Python 2 and 3. - * Notation flags are now correctly set on verify. + * New language Bindings for C++ and the Qt-Framework API. + + * New functions gpgme_op_createkey and gpgme_op_createsubkey to make + key creation easier (requires GnuPG 2.1). + + * New functions gpgme_op_adduid and gpgme_op_revuid to make user id + management easier (requires GnuPG 2.1). + + * New function gpgme_op_keysign to make key signing easier (requires + GnuPG 2.1). - * Bindings for Python 2 and 3 are now included. + * New function gpgme_op_interact to replace the now deprecated + functions gpgme_op_edit and gpgme_op_card_edit. + + * New function gpgme_pubkey_algo_string to convert a public key + algorithm into a GnuPG 2.1 style string. + + * Support for GnuPG 2.1's TOFU trust model. + + * Notation flags are now correctly set on verify. * New global flag "require-gnupg" to set a minimal gnupg version. - * New function gpgme_op_interact to replace the deprecated functions - gpgme_op_edit and gpgme_op_card_edit. + * More supported items in gpgme_get_dirinfo. + + * New function gpgme_data_set_flag and flag "size-hint". + + * New function gpgme_set_ctx_flag and flags "full-status" and + "raw-description". + + * Improved gpgme_data_identify to distinguish more file types. + + * New flag GPGME_ENCRYPT_SYMMETRIC for gpgme_op_encrypt to allow + mixed public key and symmetric encryption. + + * New field KEYGRIP in gpgme_subkey_t. New fields FPR in gpgme_key_t. - * Bindings for C++ and Qt-Framework API are now included. + * New flag GPGME_DATA_ENCODING_MIME to declare that the encrypted or + signed data is a valid MIME part. This is to support future GnuPG + versions. * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/README b/README index 6da94e5..90f2e39 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ - GPGME - GnuPG Made Easy - --------------------------- + GPGME - GnuPG Made Easy + --------------------------- - Copyright 2004, 2006, 2010, 2012, 2013, 2014, 2015 g10 Code GmbH + Copyright 2001-2016 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -22,12 +22,12 @@ to public key crypto engines like GnuPG or GpgSM easier for applications. GPGME provides a high-level crypto API for encryption, decryption, signing, signature verification and key management. +GPGME comes with language bindings for Common Lisp, C++, QT, Python2 +and Python 3. + GPGME uses GnuPG and GpgSM as its backends to support OpenPGP and the Cryptographic Message Syntax (CMS). -GPGME runs best on GNU/Linux or *BSD systems. Other Unices may -require small portability fixes, please send us your patches. - See the files COPYING, COPYING.LESSER, and each file for copyright and warranty information. The file AUTHORS has a list of authors and useful web and mail addresses. @@ -70,18 +70,32 @@ a) If you have a trusted Version of GnuPG installed, you can simply check indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create this signature is either of: - "pub 2048R/4F25E3B6 2011-01-12 Werner Koch (dist sig)" - "pub 1024D/87978569 1999-05-13 - Marcus Brinkmann - Marcus Brinkmann " + 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] + Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 + Werner Koch (dist sig) + + rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] + Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 + David Shaw (GnuPG Release Signing Key) + + rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28] + Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06 + NIIBE Yutaka (GnuPG Release Key) + + rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31] + Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9 + Werner Koch (Release Signing Key) - If you do not have this key, you can get it from any keyserver. You - have to make sure that this is really the key and not a faked one. - You can do this by comparing the output of: + You may retrieve these files from the keyservers using this command - $ gpg --fingerprint 0x4F25E3B6 + gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \ + 2071B08A33BD3F06 8A861B1C7EFD60D9 - with the fingerprint published elsewhere. + The keys are also available at https://gnupg.org/signature_key.html + and in released GnuPG tarballs in the file g10/distsigkey.gpg . + You have to make sure that these are really the desired keys and + not faked one. You should do this by comparing the fingerprints + with the fingerprints published elsewhere. b) If you don't have any of the above programs, you have to verify the SHA1 checksum: @@ -101,7 +115,7 @@ Documentation For information how to use the library you can read the info manual, which is also a reference book, in the doc/ directory. The programs -in the tests/gpg/ directory may also prove useful. +in the tests/ directory may also prove useful. Please subscribe to the gnupg-devel at gnupg.org mailing list if you want to do serious work. diff --git a/configure.ac b/configure.ac index d6f3e0a..c9d16af 100644 --- a/configure.ac +++ b/configure.ac @@ -55,10 +55,10 @@ AC_INIT([gpgme],[mym4_full_version],[http://bugs.gnupg.org]) # (Interfaces added: AGE++) # (Interfaces removed/changed: AGE=0) # -LIBGPGME_LT_CURRENT=25 +LIBGPGME_LT_CURRENT=26 # Subtract 2 from this value if you want to make the LFS transition an # ABI break. [Note to self: Remove this comment with the next regular break.] -LIBGPGME_LT_AGE=14 +LIBGPGME_LT_AGE=15 LIBGPGME_LT_REVISION=0 LIBGPGMEPP_LT_CURRENT=6 @@ -796,7 +796,7 @@ AH_BOTTOM([ #define GPG_ERR_ENABLE_ERRNO_MACROS 1 #define CRIGHTBLURB "Copyright (C) 2000 Werner Koch\n" \ - "Copyright (C) 2001--2015 g10 Code GmbH\n" + "Copyright (C) 2001--2016 g10 Code GmbH\n" ]) diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 548d360..20654db 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1,6 +1,6 @@ /* gpgme.h - Public interface to GnuPG Made Easy. -*- c -*- * Copyright (C) 2000 Werner Koch (dd9jn) - * Copyright (C) 2001-2015 g10 Code GmbH + * Copyright (C) 2001-2016 g10 Code GmbH * * This file is part of GPGME. * diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index 7f19b30..3ce38f0 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,7 +39,7 @@ BEGIN VALUE "FileDescription", "GPGME - GnuPG Made Easy\0" VALUE "FileVersion", "@LIBGPGME_LT_CURRENT at .@LIBGPGME_LT_AGE at .@LIBGPGME_LT_REVISION at .@BUILD_REVISION@\0" VALUE "InternalName", "gpgme\0" - VALUE "LegalCopyright", "Copyright ? 2001-2015 g10 Code GmbH\0" + VALUE "LegalCopyright", "Copyright ? 2001-2016 g10 Code GmbH\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "gpgme.dll\0" VALUE "PrivateBuild", "\0" commit 936928632b02d7cc2ac645543bb03e4c94285f05 Author: Werner Koch Date: Wed Sep 21 09:17:23 2016 +0200 python: Create install dir. * lang/python/Makefile.am (install-exec-local): Create dir. Signed-off-by: Werner Koch diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 897c2a6..2271ce0 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -98,6 +98,7 @@ install-exec-local: cat files.txt >> install_files.txt ; \ rm files.txt ; \ done + $(MKDIR_P) $(DESTDIR)$(pythondir)/pyme mv install_files.txt $(DESTDIR)$(pythondir)/pyme uninstall-local: ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 21 09:45:18 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Sep 2016 09:45:18 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-395-g0b78bc7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 0b78bc7ba40972402f8ab7919313c000ef1f6385 (commit) via e7ab75379feadcc2894d9d4cde0f16ad0044780d (commit) via 936928632b02d7cc2ac645543bb03e4c94285f05 (commit) from 0763357e39d140b068ee9838a5da08be75426d9f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 +- NEWS | 47 ++++++++++++++++++++++++++++++++++++++++------- README | 46 ++++++++++++++++++++++++++++++---------------- configure.ac | 8 ++++---- lang/python/Makefile.am | 1 + src/gpgme.h.in | 2 +- src/versioninfo.rc.in | 2 +- 7 files changed, 78 insertions(+), 30 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 21 09:55:04 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Sep 2016 09:55:04 +0200 Subject: [git] gnupg-doc - branch, master, updated. f8a43d6e85a392dbb3ab6c71dfe7256a00cd6fd4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via f8a43d6e85a392dbb3ab6c71dfe7256a00cd6fd4 (commit) via 33865fbc93a2e29ce10a8a62b66f739b33ee02bd (commit) from 6a2296632f4d2c528160f9f424ae9aafe00ffaa3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f8a43d6e85a392dbb3ab6c71dfe7256a00cd6fd4 Author: Werner Koch Date: Wed Sep 21 09:52:25 2016 +0200 swdb: Release of gpgme 1.7.0 diff --git a/web/swdb.mac b/web/swdb.mac index c63a5cf..902c0ba 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -71,11 +71,11 @@ # # GPGME # -#+macro: gpgme_ver 1.6.0 -#+macro: gpgme_date 2015-08-26 -#+macro: gpgme_branch master -#+macro: gpgme_size 961k -#+macro: gpgme_sha1 21510323495f6220f8f67610c3c27a23d761d43d +#+macro: gpgme_ver 1.7.0 +#+macro: gpgme_date 2016-09-21 +#+macro: gpgme_size 1251k +#+macro: gpgme_sha1 41030f0f317100af6e9a1a05a4b0218aee684d8a +#+macro: gpgme_sha2 71f55fed0f2b3eaf7a606e59772aa645ce3ffff322d361ce359951b3f755cc48 # commit 33865fbc93a2e29ce10a8a62b66f739b33ee02bd Author: Werner Koch Date: Wed Sep 21 09:50:47 2016 +0200 blog: Move a blog to drafts, publish gpgme/python blog diff --git a/misc/blog.gnupg.org/20160919-openpgp-conf.org b/misc/blog.gnupg.org/20160919-openpgp-conf.org deleted file mode 100644 index 16bb869..0000000 --- a/misc/blog.gnupg.org/20160919-openpgp-conf.org +++ /dev/null @@ -1,102 +0,0 @@ -# OpenPGP.conf: A Success -#+STARTUP: showall -#+AUTHOR: Neal -#+DATE: September 19, 2016 - -On September 8th and 9th, the first [[https://www.gnupg.org/conf/program.html][OpenPGP.conf]] took place in K?ln, -Germany. The conference was organized by the [[German%20Unix%20User%20Group][German Unix User Group]] -(GUUG) and attracted over 50 participants from around the world. The -program consisted of 18 highly technical talks. Lunch and dinner were -provided at the venue, which resulted in lots of time to increase ties -between projects as well as exchange and develop ideas. - -From the GnuPG project, Werner presented an introduction to the new -[[https://www.gnupg.org/blog/20160830-web-key-service.html][web key service (WKS) protocol]], which is being deployed by several -mail providers including [[https://posteo.de][Posteo]]. The basic problem that WKS addresses -is how to find someone's key. Currently, most people just search the -key servers for keys matching the person's email address. Although -this works reasonably well, the [[https://www.ncsc.nl/english/current-topics/factsheets/duplicate-pgp-keys.html][recent evil32 attack]] has reminded many -people that the keyservers provide no guarantees that a returned key -is controlled by the stated owner. In WKS, people upload their keys -to their mail provider. Since only the email account's owner can -change the association, this is guaranteed to not only be the right -key, but the user's preferred key. Of course, users still need to -trust their mail provider to deliver the correct key. But, we believe -this provides a significant improvement both in terms of security and -usability over the status quo. Those requiring stronger guarantees -are still encouraged to either directly verify their communication -partner's key or use the web of trust. The German news site [[http://www.golem.de/news/web-key-service-openpgp-schluessel-ueber-https-verteilen-1609-123194.html][Golem -reported on Werner's presentation]]. Meskio from the LEAP project also -present [[https://meskio.net/openpgp.conf/#/][how LEAP is doing key discovery]]. Phillip Hallam-Baker -discussed [[https://www.gnupg.org/conf/2016/openpgp-2016-the-mathematical-mesh.pptx][key management in the Mesh]]. And, holger krekel discussed -[[https://www.gnupg.org/conf/2016/openpgp-2016-automatic-email-encryption-holger-krekel/index.html#/step-1][how to distribute keys inline]]. - -Justus discussed his proposal for [[https://www.gnupg.org/conf/2016/openpgp-2016-common-openpgp-testsuite.pdf][a common OpenPGP test suite]]. The -main problem that he observed in his recent work on the GPGME Python -bindings is that GPG, GPGME, and each of the GPGME bindings have their -own test suite that tests similar functionality to the other test -suites. His idea is to merge the common parts by defining a simple -interface, and having each component just map the API to its own API. - -Niibe presented his fully free cryptographic token, [[http://www.gniibe.org/pdf/openpgp-2016/gnuk-1_2.html][GnuK]] (pronounced: -???nu?k), which he started developing in 2010. The GnuK is special in -that it is the only cryptographic token that is based entirely on Free -Software, the entire hardware specification is open, and the parts are -relatively easy to buy. This is motivated not only by ethical -concerns, but also security concerns: being able to assemble it -yourself makes it harder for an adversary to inject a trojan during -production. Niibe also avoids specialized hardware. This has less to -do with making it easier to get the components, and more to do with -security: getting documentation for secure chips, for instance, -requires signing an NDA and, due to their specialized nature, are more -likely to have a backdoor. Instead, the GnuK uses a general purpose -MCU (microcontroller unit). To protect the secret key material, it -uses the flash ROM protection feature. There are currently -discussions underway to further increase the security of this by -partially decrypting the secret key material on the host with its much -more capable CPU, which would make a brute force attack significantly -more expensive should the key material be extracted. The GnuK can -currently be ordered either from [[https://www.seeedstudio.com/FST-01-without-Enclosure-p-1276.html][seeed]] or the [[https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator][FSF]]. - -Andre discussed [[https://files.intevation.de/users/aheinecke/gpgme.pdf][how to use GPGME]]. The main takeaway is that although -GPGME's API is sometimes inconveniently low-level and some features -are missing, it is much easier to interact with GPG using GPGME than -to build another parser to parse GPG's ~--status-fd~ output. -Moreover, language bindings, such as Andre's bindings for Qt, can -significantly simplify working with GPGME. - -Daniel reported on [[https://dkg.fifthhorseman.net/gnupg-in-debian-2016.svg][GnuPG in Debian]]. In particular, he discussed how -Debian is dealing with co-installing GnuPG 1.4 and GnuPG 2.1, -migration from 1.4 to 2.1, managing background processes, and system -integration. He also discussed some issues that he has observed with -packages that use GnuPG. In particular, their test suits often don't -test their use of GnuPG, because this requires so much effort. He -indicated that one thing that would make life easier would be standard -pinentry driver programs for different languages. He's since -submitted those for PHP, Perl, Python and Bash, and they will be part -of the next GnuPG release. - -Another talk included a discussion of encrypted mailing list software -and the current state of Schleuder by Ilf and Paz. Schleuder is -apparently the only encrypted mailing list software that currently -works (it is also actively maintained). Its design, however, requires -that the mailing list server be able to decrypt the messages in order -to reencrypt them to all of the subscribers. The authors would like a -better solution, but, as they point out, there are ideas out there -(including my own proposal for [[http://hssl.cs.jhu.edu/~neal/encrypted-mailing-lists.pdf][practical encrypted mailing lists]]), but -none of them work today. This presentation was also [[http://www.golem.de/news/schleuder-wie-verschluesselt-man-eine-mailingliste-1609-123206.html][reported on by -Golem]]. - -One of my favorite talks was [[http://nskelsey.com/glbc-2016.pdf][Nick Skelsey's talk on GlobaLeaks]]. He -discussed typical leaking interactions, how their leaking platform -works, and the issues they face making the platform secure in the face -of non-technical users. - -Other talks included an overview of some [[http://www.intevation.de/~bernhard/presentations/201609-openpgpconf/20160908-3bsi-contracts.pdf][work that the German BSI has -contracted]], [[https://www.gnupg.org/conf/2016/openpgp-2016-a-few-concerns.pdf][an analysis of OpenPGP]], [[http://altlasten.lutz.donnerhacke.de/mitarb/lutz/vortrag/openpgp-history.pdf][a history of OpenPGP]], [[https://www.gnupg.org/conf/2016/openpgp-2016-openkeychain.pdf][OpenKeychain -UX decisions]], [[https://www.gnupg.org/conf/2016/openpgp-2016-bypass-pinentry.pdf][how to bypass pinentry]], [[https://sks-keyservers.net/files/2016-09_OpenPGP-Conf-sks-keyservers.pdf][an update on the sks keyservers]], -an overview of PEP, and an analysis of the keyserver data. - -Given the very positive reactions from the participants and our own -positive impressions, we expect there to be a second edition of the -conference in the near future. diff --git a/misc/blog.gnupg.org/drafts/20160812-python-bindings-for-gpgme.org b/misc/blog.gnupg.org/drafts/20160812-python-bindings-for-gpgme.org deleted file mode 100644 index 88216ab..0000000 --- a/misc/blog.gnupg.org/drafts/20160812-python-bindings-for-gpgme.org +++ /dev/null @@ -1,71 +0,0 @@ -# Python bindings for GPGME -#+AUTHOR: Justus -#+DATE: September 16th, 2016 - -** Python bindings for GPGME - -GPGME 1.7 includes bindings for Python >= 2.7. The bindings are a -port of the [[https://bitbucket.org/malb/pyme][~pyme~]] bindings to Python 3 retaining compatibility with -Python 2.7, with a small shim on top to provide a more idiomatic -interface. For the purposes of this post I will refer to the -preexisting bindings that are for Python 2 only ~pyme2~, and to our -new bindings as ~pyme3~. Existing applications using ~pyme2~ should -continue to work no changes. - -~pyme2~ offers an interface that is very close to that of GPGME. This -interface exposes all features of the underlying library, but it is -not very "pythonic". Therefore, we made an effort to provide a nicer -interface on top of that. Let me demonstrate how that looks. - -One important aspect is how to pass data around. GPGME uses -~gpgme_data_t~ for that, and in ~pyme2~ one had to explicitly create -~pyme.core.Data~ objects to pass data to GPGME or to receive data. -With ~pyme3~ one can use every object that implements the buffer -protocol (e.g. ~bytes~), file-like objects with a ~fileno~ method, or -explicit ~pyme.Data~ objects in places where GPGME expects a -~gpgme_data_t~ object: - -#+BEGIN_SRC python -import pyme -with pyme.Context(armor=True) as c: - ciphertext, _, _ = c.encrypt(b"Hello Python world :)", passphrase="foo") -#+END_SRC - -This will encrypt the given plaintext using symmetric encryption and -the given passphrase, wrap it up using the OpenPGP protocol, and -encode it using ASCII-armor. The plaintext is easily recovered using: - -#+BEGIN_SRC python -with pyme.Context() as c: - plaintext, _, _ = c.decrypt(ciphertext, passphrase="foo") -assert plaintext == b"Hello Python world :)" -#+END_SRC - -If ~passphrase~ is omitted, it is asked for out-of-band using GnuPG's -pinentry mechanism. Alternatively, if one or more recipients are -specified, asymmetric encryption is used. For details, please have a -look at the docstring of ~pyme.Context.encrypt~. - -Most file-like objects can be used without explicit wrapping. This is -a filter that decrypts OpenPGP messages in three lines of code: - -#+BEGIN_SRC python -import sys -import pyme -pyme.Context().decrypt(sys.stdin, sink=sys.stdout) -#+END_SRC - -For more examples, have a look at the tests and examples shipped with -the bindings under ~lang/python~. - -If you cannot wait until ~pyme3~ is packaged by your distribution, and -you do not want to build GPGME 1.7 from source merely to get ~pyme3~, -you can build it out-of-tree provided you have at least GPGME 1.6, the -Python development packages, and SWIG. You can get it from [[https://pypi.python.org/pypi/pyme3][pypi]] or -directly install it using ~pip~: - -#+BEGIN_SRC sh -# As of this writing, there is no released version uploaded to pypi, -# hence we need --pre. -$ pip install --pre pyme3 -#+END_SRC diff --git a/misc/id/openpgp-webkey-service/draft.org b/misc/id/openpgp-webkey-service/draft.org index 5756e7d..29b234e 100644 --- a/misc/id/openpgp-webkey-service/draft.org +++ b/misc/id/openpgp-webkey-service/draft.org @@ -362,12 +362,15 @@ can be done with a file at the URL WELLKNOWN/policy #+END_EXAMPLE -The file contains keywords, one per line with each line terminated by a -LF or the sequence of CR and LF. Empty lines and lines starting with a -'#' character are considered comment lines. A keyword is made up of -lowercase letters, digits, hyphens, or dots. An underscore is allowed as -a name space delimiters; see below. The first character must be a -letter. Clients MUST use case-insensitive matching. +The file contains keywords and optioanlly values, one per line with +each line terminated by a LF or the sequence of CR and LF. Empty lines +and lines starting with a '#' character are considered comment +lines. A keyword is made up of lowercase letters, digits, hyphens, or +dots. An underscore is allowed as a name space delimiters; see +below. The first character must be a letter. Keywords which are +defined to require a value are directly followed by a colon and then +after optional white space the value. Clients MUST use +case-insensitive matching for the keyword. Currently defined keywords are: @@ -381,8 +384,14 @@ Currently defined keywords are: Key Directory Update protocol is used to update the keys for the DANE service. +- "auth-submit" :: The submission of the mail to the server is done + using an authenticated connection. Thus the + submitted key will be published immediately without + any confirmation request. + + More keywords will be defined in updates to this I-D. There is no -registry yet except for this document. For experimental use of new +registry except for this document. For experimental use of new features or for provider specific settings, keywords MUST be prefixed with a domain name and an underscore. ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20160919-openpgp-conf.org | 102 --------------------- .../drafts/20160812-python-bindings-for-gpgme.org | 71 -------------- misc/id/openpgp-webkey-service/draft.org | 23 +++-- web/swdb.mac | 10 +- 4 files changed, 21 insertions(+), 185 deletions(-) delete mode 100644 misc/blog.gnupg.org/20160919-openpgp-conf.org delete mode 100644 misc/blog.gnupg.org/drafts/20160812-python-bindings-for-gpgme.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 21 10:09:35 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Sep 2016 10:09:35 +0200 Subject: [git] gnupg-doc - branch, master, updated. c94e616128db9b774fca12625a2543ddef95f9f9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c94e616128db9b774fca12625a2543ddef95f9f9 (commit) from f8a43d6e85a392dbb3ab6c71dfe7256a00cd6fd4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c94e616128db9b774fca12625a2543ddef95f9f9 Author: Werner Koch Date: Wed Sep 21 10:06:51 2016 +0200 Mention the blogs draft dir in README. diff --git a/README b/README index 3f45fa6..e7e5d2b 100644 --- a/README +++ b/README @@ -97,7 +97,8 @@ howtos -> ../../howtos.gnupg.org/htdocs YYYYMMDD-short-headline.org - for example "20141030-what-happened-this-month.org". Unless you + for example "20141030-what-happened-this-month.org". For drafting + the blog you may want to store it in drafts/ first. Unless you translate an existing entry do not use a file name which ends in ".??.org". The file itself is a standard org file using these conventions: ----------------------------------------------------------------------- Summary of changes: README | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 21 11:54:19 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Sep 2016 11:54:19 +0200 Subject: [git] gnupg-doc - branch, master, updated. dd549a095ad06b9cbc35b2bd5992b7913346d192 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via dd549a095ad06b9cbc35b2bd5992b7913346d192 (commit) from c94e616128db9b774fca12625a2543ddef95f9f9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd549a095ad06b9cbc35b2bd5992b7913346d192 Author: Werner Koch Date: Wed Sep 21 11:51:22 2016 +0200 blog: Second part of the "move" ;-) Sorry, I have too man untracked files and missed to stage the renamed files. diff --git a/misc/blog.gnupg.org/20160921-python-bindings-for-gpgme.org b/misc/blog.gnupg.org/20160921-python-bindings-for-gpgme.org new file mode 100644 index 0000000..0185a3c --- /dev/null +++ b/misc/blog.gnupg.org/20160921-python-bindings-for-gpgme.org @@ -0,0 +1,72 @@ +# Python bindings for GPGME +#+STARTUP: showall +#+AUTHOR: Justus +#+DATE: September 21th, 2016 + +** Python bindings for GPGME + +GPGME 1.7 includes bindings for Python >= 2.7. The bindings are a +port of the [[https://bitbucket.org/malb/pyme][~pyme~]] bindings to Python 3 retaining compatibility with +Python 2.7, with a small shim on top to provide a more idiomatic +interface. For the purposes of this post I will refer to the +preexisting bindings that are for Python 2 only ~pyme2~, and to our +new bindings as ~pyme3~. Existing applications using ~pyme2~ should +continue to work no changes. + +~pyme2~ offers an interface that is very close to that of GPGME. This +interface exposes all features of the underlying library, but it is +not very "pythonic". Therefore, we made an effort to provide a nicer +interface on top of that. Let me demonstrate how that looks. + +One important aspect is how to pass data around. GPGME uses +~gpgme_data_t~ for that, and in ~pyme2~ one had to explicitly create +~pyme.core.Data~ objects to pass data to GPGME or to receive data. +With ~pyme3~ one can use every object that implements the buffer +protocol (e.g. ~bytes~), file-like objects with a ~fileno~ method, or +explicit ~pyme.Data~ objects in places where GPGME expects a +~gpgme_data_t~ object: + +#+BEGIN_SRC python +import pyme +with pyme.Context(armor=True) as c: + ciphertext, _, _ = c.encrypt(b"Hello Python world :)", passphrase="foo") +#+END_SRC + +This will encrypt the given plaintext using symmetric encryption and +the given passphrase, wrap it up using the OpenPGP protocol, and +encode it using ASCII-armor. The plaintext is easily recovered using: + +#+BEGIN_SRC python +with pyme.Context() as c: + plaintext, _, _ = c.decrypt(ciphertext, passphrase="foo") +assert plaintext == b"Hello Python world :)" +#+END_SRC + +If ~passphrase~ is omitted, it is asked for out-of-band using GnuPG's +pinentry mechanism. Alternatively, if one or more recipients are +specified, asymmetric encryption is used. For details, please have a +look at the docstring of ~pyme.Context.encrypt~. + +Most file-like objects can be used without explicit wrapping. This is +a filter that decrypts OpenPGP messages in three lines of code: + +#+BEGIN_SRC python +import sys +import pyme +pyme.Context().decrypt(sys.stdin, sink=sys.stdout) +#+END_SRC + +For more examples, have a look at the tests and examples shipped with +the bindings under ~lang/python~. + +If you cannot wait until ~pyme3~ is packaged by your distribution, and +you do not want to build GPGME 1.7 from source merely to get ~pyme3~, +you can build it out-of-tree provided you have at least GPGME 1.6, the +Python development packages, and SWIG. You can get it from [[https://pypi.python.org/pypi/pyme3][pypi]] or +directly install it using ~pip~: + +#+BEGIN_SRC sh +# As of this writing, there is no released version uploaded to pypi, +# hence we need --pre. +$ pip install --pre pyme3 +#+END_SRC diff --git a/misc/blog.gnupg.org/drafts/20160919-openpgp-conf.org b/misc/blog.gnupg.org/drafts/20160919-openpgp-conf.org new file mode 100644 index 0000000..16bb869 --- /dev/null +++ b/misc/blog.gnupg.org/drafts/20160919-openpgp-conf.org @@ -0,0 +1,102 @@ +# OpenPGP.conf: A Success +#+STARTUP: showall +#+AUTHOR: Neal +#+DATE: September 19, 2016 + +On September 8th and 9th, the first [[https://www.gnupg.org/conf/program.html][OpenPGP.conf]] took place in K?ln, +Germany. The conference was organized by the [[German%20Unix%20User%20Group][German Unix User Group]] +(GUUG) and attracted over 50 participants from around the world. The +program consisted of 18 highly technical talks. Lunch and dinner were +provided at the venue, which resulted in lots of time to increase ties +between projects as well as exchange and develop ideas. + +From the GnuPG project, Werner presented an introduction to the new +[[https://www.gnupg.org/blog/20160830-web-key-service.html][web key service (WKS) protocol]], which is being deployed by several +mail providers including [[https://posteo.de][Posteo]]. The basic problem that WKS addresses +is how to find someone's key. Currently, most people just search the +key servers for keys matching the person's email address. Although +this works reasonably well, the [[https://www.ncsc.nl/english/current-topics/factsheets/duplicate-pgp-keys.html][recent evil32 attack]] has reminded many +people that the keyservers provide no guarantees that a returned key +is controlled by the stated owner. In WKS, people upload their keys +to their mail provider. Since only the email account's owner can +change the association, this is guaranteed to not only be the right +key, but the user's preferred key. Of course, users still need to +trust their mail provider to deliver the correct key. But, we believe +this provides a significant improvement both in terms of security and +usability over the status quo. Those requiring stronger guarantees +are still encouraged to either directly verify their communication +partner's key or use the web of trust. The German news site [[http://www.golem.de/news/web-key-service-openpgp-schluessel-ueber-https-verteilen-1609-123194.html][Golem +reported on Werner's presentation]]. Meskio from the LEAP project also +present [[https://meskio.net/openpgp.conf/#/][how LEAP is doing key discovery]]. Phillip Hallam-Baker +discussed [[https://www.gnupg.org/conf/2016/openpgp-2016-the-mathematical-mesh.pptx][key management in the Mesh]]. And, holger krekel discussed +[[https://www.gnupg.org/conf/2016/openpgp-2016-automatic-email-encryption-holger-krekel/index.html#/step-1][how to distribute keys inline]]. + +Justus discussed his proposal for [[https://www.gnupg.org/conf/2016/openpgp-2016-common-openpgp-testsuite.pdf][a common OpenPGP test suite]]. The +main problem that he observed in his recent work on the GPGME Python +bindings is that GPG, GPGME, and each of the GPGME bindings have their +own test suite that tests similar functionality to the other test +suites. His idea is to merge the common parts by defining a simple +interface, and having each component just map the API to its own API. + +Niibe presented his fully free cryptographic token, [[http://www.gniibe.org/pdf/openpgp-2016/gnuk-1_2.html][GnuK]] (pronounced: +???nu?k), which he started developing in 2010. The GnuK is special in +that it is the only cryptographic token that is based entirely on Free +Software, the entire hardware specification is open, and the parts are +relatively easy to buy. This is motivated not only by ethical +concerns, but also security concerns: being able to assemble it +yourself makes it harder for an adversary to inject a trojan during +production. Niibe also avoids specialized hardware. This has less to +do with making it easier to get the components, and more to do with +security: getting documentation for secure chips, for instance, +requires signing an NDA and, due to their specialized nature, are more +likely to have a backdoor. Instead, the GnuK uses a general purpose +MCU (microcontroller unit). To protect the secret key material, it +uses the flash ROM protection feature. There are currently +discussions underway to further increase the security of this by +partially decrypting the secret key material on the host with its much +more capable CPU, which would make a brute force attack significantly +more expensive should the key material be extracted. The GnuK can +currently be ordered either from [[https://www.seeedstudio.com/FST-01-without-Enclosure-p-1276.html][seeed]] or the [[https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator][FSF]]. + +Andre discussed [[https://files.intevation.de/users/aheinecke/gpgme.pdf][how to use GPGME]]. The main takeaway is that although +GPGME's API is sometimes inconveniently low-level and some features +are missing, it is much easier to interact with GPG using GPGME than +to build another parser to parse GPG's ~--status-fd~ output. +Moreover, language bindings, such as Andre's bindings for Qt, can +significantly simplify working with GPGME. + +Daniel reported on [[https://dkg.fifthhorseman.net/gnupg-in-debian-2016.svg][GnuPG in Debian]]. In particular, he discussed how +Debian is dealing with co-installing GnuPG 1.4 and GnuPG 2.1, +migration from 1.4 to 2.1, managing background processes, and system +integration. He also discussed some issues that he has observed with +packages that use GnuPG. In particular, their test suits often don't +test their use of GnuPG, because this requires so much effort. He +indicated that one thing that would make life easier would be standard +pinentry driver programs for different languages. He's since +submitted those for PHP, Perl, Python and Bash, and they will be part +of the next GnuPG release. + +Another talk included a discussion of encrypted mailing list software +and the current state of Schleuder by Ilf and Paz. Schleuder is +apparently the only encrypted mailing list software that currently +works (it is also actively maintained). Its design, however, requires +that the mailing list server be able to decrypt the messages in order +to reencrypt them to all of the subscribers. The authors would like a +better solution, but, as they point out, there are ideas out there +(including my own proposal for [[http://hssl.cs.jhu.edu/~neal/encrypted-mailing-lists.pdf][practical encrypted mailing lists]]), but +none of them work today. This presentation was also [[http://www.golem.de/news/schleuder-wie-verschluesselt-man-eine-mailingliste-1609-123206.html][reported on by +Golem]]. + +One of my favorite talks was [[http://nskelsey.com/glbc-2016.pdf][Nick Skelsey's talk on GlobaLeaks]]. He +discussed typical leaking interactions, how their leaking platform +works, and the issues they face making the platform secure in the face +of non-technical users. + +Other talks included an overview of some [[http://www.intevation.de/~bernhard/presentations/201609-openpgpconf/20160908-3bsi-contracts.pdf][work that the German BSI has +contracted]], [[https://www.gnupg.org/conf/2016/openpgp-2016-a-few-concerns.pdf][an analysis of OpenPGP]], [[http://altlasten.lutz.donnerhacke.de/mitarb/lutz/vortrag/openpgp-history.pdf][a history of OpenPGP]], [[https://www.gnupg.org/conf/2016/openpgp-2016-openkeychain.pdf][OpenKeychain +UX decisions]], [[https://www.gnupg.org/conf/2016/openpgp-2016-bypass-pinentry.pdf][how to bypass pinentry]], [[https://sks-keyservers.net/files/2016-09_OpenPGP-Conf-sks-keyservers.pdf][an update on the sks keyservers]], +an overview of PEP, and an analysis of the keyserver data. + +Given the very positive reactions from the participants and our own +positive impressions, we expect there to be a second edition of the +conference in the near future. ----------------------------------------------------------------------- Summary of changes: .../20160921-python-bindings-for-gpgme.org | 72 +++++++++++++++ .../drafts/20160919-openpgp-conf.org | 102 +++++++++++++++++++++ 2 files changed, 174 insertions(+) create mode 100644 misc/blog.gnupg.org/20160921-python-bindings-for-gpgme.org create mode 100644 misc/blog.gnupg.org/drafts/20160919-openpgp-conf.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 21 13:06:15 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Sep 2016 13:06:15 +0200 Subject: [git] gnupg-doc - branch, master, updated. e3cbed6930207f0967d1d0d9141802c7bf1a6332 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e3cbed6930207f0967d1d0d9141802c7bf1a6332 (commit) from dd549a095ad06b9cbc35b2bd5992b7913346d192 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e3cbed6930207f0967d1d0d9141802c7bf1a6332 Author: Werner Koch Date: Wed Sep 21 12:43:41 2016 +0200 blog: Add team photo to the openpgp.conf blog and published it. diff --git a/misc/blog.gnupg.org/drafts/20160919-openpgp-conf.org b/misc/blog.gnupg.org/20160921-openpgp-conf.org similarity index 93% rename from misc/blog.gnupg.org/drafts/20160919-openpgp-conf.org rename to misc/blog.gnupg.org/20160921-openpgp-conf.org index 16bb869..96e241d 100644 --- a/misc/blog.gnupg.org/drafts/20160919-openpgp-conf.org +++ b/misc/blog.gnupg.org/20160921-openpgp-conf.org @@ -1,15 +1,21 @@ # OpenPGP.conf: A Success #+STARTUP: showall #+AUTHOR: Neal -#+DATE: September 19, 2016 +#+DATE: September 21, 2016 + +** OpenPGP.conf: A Success On September 8th and 9th, the first [[https://www.gnupg.org/conf/program.html][OpenPGP.conf]] took place in K?ln, Germany. The conference was organized by the [[German%20Unix%20User%20Group][German Unix User Group]] -(GUUG) and attracted over 50 participants from around the world. The +(GUUG) and attracted over 50 [[https://www.gnupg.org/ftp/media/openpgp.conf/2016/openpgpconf-participants-small.jpg][participants]] from around the world. The program consisted of 18 highly technical talks. Lunch and dinner were provided at the venue, which resulted in lots of time to increase ties between projects as well as exchange and develop ideas. +#+CAPTION: The GnuPG team: @@html:
@@ +#+CAPTION: dkg, Justus, Neal, Kai, Werner, Andr?, Gniibe +[[https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-small.jpg][https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg]] + From the GnuPG project, Werner presented an introduction to the new [[https://www.gnupg.org/blog/20160830-web-key-service.html][web key service (WKS) protocol]], which is being deployed by several mail providers including [[https://posteo.de][Posteo]]. The basic problem that WKS addresses @@ -28,7 +34,7 @@ are still encouraged to either directly verify their communication partner's key or use the web of trust. The German news site [[http://www.golem.de/news/web-key-service-openpgp-schluessel-ueber-https-verteilen-1609-123194.html][Golem reported on Werner's presentation]]. Meskio from the LEAP project also present [[https://meskio.net/openpgp.conf/#/][how LEAP is doing key discovery]]. Phillip Hallam-Baker -discussed [[https://www.gnupg.org/conf/2016/openpgp-2016-the-mathematical-mesh.pptx][key management in the Mesh]]. And, holger krekel discussed +discussed [[https://www.gnupg.org/conf/2016/openpgp-2016-the-mathematical-mesh.pptx][key management in the Mesh]]. And, Holger Krekel discussed [[https://www.gnupg.org/conf/2016/openpgp-2016-automatic-email-encryption-holger-krekel/index.html#/step-1][how to distribute keys inline]]. Justus discussed his proposal for [[https://www.gnupg.org/conf/2016/openpgp-2016-common-openpgp-testsuite.pdf][a common OpenPGP test suite]]. The ----------------------------------------------------------------------- Summary of changes: .../20160919-openpgp-conf.org => 20160921-openpgp-conf.org} | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) rename misc/blog.gnupg.org/{drafts/20160919-openpgp-conf.org => 20160921-openpgp-conf.org} (93%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 21 16:46:58 2016 From: cvs at cvs.gnupg.org (by Andreas Stieger) Date: Wed, 21 Sep 2016 16:46:58 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-396-gae324b5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ae324b51ffa338b891387bff2657d60c1fd3ae40 (commit) from 0b78bc7ba40972402f8ab7919313c000ef1f6385 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ae324b51ffa338b891387bff2657d60c1fd3ae40 Author: Andreas Stieger Date: Wed Sep 21 14:28:23 2016 +0200 cpp: Avoid missing returns in non-void functions * lang/cpp/src/context.cpp (Context::signaturePolicyURL): return nullptr on default (to_tofu_policy_t): add default case for unknown * lang/cpp/src/key.cpp (Key::primaryFingerprint): return nullptr on default * lang/cpp/src/tofuinfo.cpp (GpgME::TofuInfo::policy): add default case for unknown Signed-off-by: Andreas Stieger Signed-off-by: Andre Heinecke diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 00f397b..43a73b1 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -1051,6 +1051,7 @@ const char *Context::signaturePolicyURL() const return n->value; } } + return nullptr; } Notation Context::signatureNotation(unsigned int idx) const @@ -1344,6 +1345,7 @@ static gpgme_tofu_policy_t to_tofu_policy_t(unsigned int policy) case TofuInfo::PolicyAsk: return GPGME_TOFU_POLICY_ASK; case TofuInfo::PolicyUnknown: + default: return GPGME_TOFU_POLICY_UNKNOWN; } } diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index cfa1ba3..a56f77c 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -273,6 +273,7 @@ const char *Key::primaryFingerprint() const /* Return the first subkeys fingerprint */ return key->subkeys->fpr; } + return nullptr; } unsigned int Key::keyListMode() const diff --git a/lang/cpp/src/tofuinfo.cpp b/lang/cpp/src/tofuinfo.cpp index bb67fc8..e661b3b 100644 --- a/lang/cpp/src/tofuinfo.cpp +++ b/lang/cpp/src/tofuinfo.cpp @@ -109,6 +109,7 @@ GpgME::TofuInfo::Policy GpgME::TofuInfo::policy() const case GPGME_TOFU_POLICY_ASK: return PolicyAsk; case GPGME_TOFU_POLICY_UNKNOWN: + default: return PolicyUnknown; } } ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/context.cpp | 2 ++ lang/cpp/src/key.cpp | 1 + lang/cpp/src/tofuinfo.cpp | 1 + 3 files changed, 4 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 22 09:15:44 2016 From: cvs at cvs.gnupg.org (by Daiki Ueno) Date: Thu, 22 Sep 2016 09:15:44 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-6-g7a6543c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7a6543c2dfeef874a34086c8f3eeb1dbdf1ce822 (commit) via dee56820cabde60c43c9bf8281b8d411cb2ad644 (commit) via d0cf6b15121c9b42dbcef243e5ce30c9996a449c (commit) via 0aaf1dedd629446ab991fff76581b4b58e4872a0 (commit) from ae324b51ffa338b891387bff2657d60c1fd3ae40 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7a6543c2dfeef874a34086c8f3eeb1dbdf1ce822 Author: Daiki Ueno Date: Tue Feb 9 17:03:54 2016 +0900 tests: Add test for cancellation * tests/gpg/t-cancel.c: New file. * tests/gpg/Makefile.am (tests_skipped): New variable, default to t-genkey and t-cancel. (noinst_PROGRAMS): Add $(tests_skipped). * tests/gpg/.gitignore: Add t-cancel. Signed-off-by: Daiki Ueno diff --git a/tests/gpg/.gitignore b/tests/gpg/.gitignore index d79ace7..cd193f7 100644 --- a/tests/gpg/.gitignore +++ b/tests/gpg/.gitignore @@ -6,6 +6,7 @@ gpg.conf pubring.gpg pubring.gpg~ secring.gpg +t-cancel t-decrypt t-decrypt-verify t-edit diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index 9877843..2538f63 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -62,9 +62,17 @@ AM_CPPFLAGS = -I$(top_builddir)/src @GPG_ERROR_CFLAGS@ AM_LDFLAGS = -no-install LDADD = ../../src/libgpgme.la t_thread1_LDADD = ../../src/libgpgme-pthread.la -lpthread +t_cancel_LDADD = ../../src/libgpgme-pthread.la -lpthread + +# We don't run t-genkey and t-cancel in the test suite, because it +# takes too long +tests_skipped = t-genkey +if !HAVE_W32_SYSTEM +tests_skipped += t-cancel +endif + +noinst_PROGRAMS = $(c_tests) $(tests_skipped) -# We don't run t-genkey in the test suite, because it takes too long -noinst_PROGRAMS = $(c_tests) t-genkey clean-local: -$(top_srcdir)/tests/start-stop-agent --stop diff --git a/tests/gpg/t-cancel.c b/tests/gpg/t-cancel.c new file mode 100644 index 0000000..af98af9 --- /dev/null +++ b/tests/gpg/t-cancel.c @@ -0,0 +1,265 @@ +/* t-thread-cancel.c - Regression test. + Copyright (C) 2000 Werner Koch (dd9jn) + Copyright (C) 2001, 2003, 2004 g10 Code GmbH + + This file is part of GPGME. + + GPGME is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + GPGME is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + 02111-1307, USA. */ + +/* We need to include config.h so that we know whether we are building + with large file system (LFS) support. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "t-support.h" + +struct op_result +{ + int done; + gpgme_error_t err; +}; + +static struct op_result op_result; + +struct one_fd +{ + int fd; + int dir; + gpgme_io_cb_t fnc; + void *fnc_data; +}; + +#define FDLIST_MAX 32 +static struct one_fd fdlist[FDLIST_MAX]; + +static pthread_mutex_t lock; + +static gpgme_error_t +add_io_cb (void *data, int fd, int dir, gpgme_io_cb_t fnc, void *fnc_data, + void **r_tag) +{ + struct one_fd *fds = data; + int i; + + pthread_mutex_lock (&lock); + for (i = 0; i < FDLIST_MAX; i++) + { + if (fds[i].fd == -1) + { + fds[i].fd = fd; + fds[i].dir = dir; + fds[i].fnc = fnc; + fds[i].fnc_data = fnc_data; + break; + } + } + pthread_mutex_unlock (&lock); + if (i == FDLIST_MAX) + return gpgme_err_make (GPG_ERR_SOURCE_USER_1, GPG_ERR_GENERAL); + *r_tag = &fds[i]; + return 0; +} + +static void +remove_io_cb (void *tag) +{ + struct one_fd *fd = tag; + + pthread_mutex_lock (&lock); + fd->fd = -1; + pthread_mutex_unlock (&lock); +} + +static void +io_event (void *data, gpgme_event_io_t type, void *type_data) +{ + struct op_result *result = data; + + if (type == GPGME_EVENT_DONE) + { + result->done = 1; + result->err = * (gpgme_error_t *) type_data; + } +} + + +static int +do_select (void) +{ + fd_set rfds; + fd_set wfds; + int i, n; + int any = 0; + struct timeval tv; + + pthread_mutex_lock (&lock); + FD_ZERO (&rfds); + FD_ZERO (&wfds); + for (i = 0; i < FDLIST_MAX; i++) + if (fdlist[i].fd != -1) + FD_SET (fdlist[i].fd, fdlist[i].dir ? &rfds : &wfds); + pthread_mutex_unlock (&lock); + + tv.tv_sec = 0; + tv.tv_usec = 1000; + + do + { + n = select (FD_SETSIZE, &rfds, &wfds, NULL, &tv); + } + while (n < 0 && errno == EINTR); + + if (n < 0) + return n; /* Error or timeout. */ + + pthread_mutex_lock (&lock); + for (i = 0; i < FDLIST_MAX && n; i++) + { + if (fdlist[i].fd != -1) + { + if (FD_ISSET (fdlist[i].fd, fdlist[i].dir ? &rfds : &wfds)) + { + assert (n); + n--; + any = 1; + (*fdlist[i].fnc) (fdlist[i].fnc_data, fdlist[i].fd); + } + } + } + pthread_mutex_unlock (&lock); + return any; +} + +static int +my_wait (void) +{ + int n; + + do + { + n = do_select (); + } + while (n >= 0 && !op_result.done); + return 0; +} + + +static struct gpgme_io_cbs io_cbs = + { + add_io_cb, + fdlist, + remove_io_cb, + io_event, + &op_result + }; + + +static void * +thread_cancel (void *data) +{ + gpgme_ctx_t ctx = data; + gpgme_error_t err; + + usleep (100000); + err = gpgme_cancel (ctx); + fail_if_err (err); + + return NULL; +} + +int +main (void) +{ + gpgme_ctx_t ctx; + gpgme_error_t err; + gpgme_engine_info_t info; + int i; + pthread_mutexattr_t attr; + pthread_t tcancel; + const char *parms = "\n" + "Key-Type: RSA\n" + "Key-Length: 2048\n" + "Subkey-Type: RSA\n" + "Subkey-Length: 2048\n" + "Name-Real: Joe Tester\n" + "Name-Comment: (pp=abc)\n" + "Name-Email: joe at foo.bar\n" + "Expire-Date: 0\n" + "Passphrase: abc\n" + "\n"; + + init_gpgme (GPGME_PROTOCOL_OpenPGP); + + err = gpgme_get_engine_info (&info); + fail_if_err (err); + + /* The mutex must be recursive, since remove_io_cb (which acquires a + lock) can be called while holding a lock acquired in do_select. */ + pthread_mutexattr_init (&attr); + pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE); + pthread_mutex_init (&lock, &attr); + pthread_mutexattr_destroy (&attr); + + for (i = 0; i < FDLIST_MAX; i++) + fdlist[i].fd = -1; + + err = gpgme_new (&ctx); + fail_if_err (err); + gpgme_set_armor (ctx, 1); + gpgme_set_io_cbs (ctx, &io_cbs); + op_result.done = 0; + + pthread_create (&tcancel, NULL, thread_cancel, ctx); + + err = gpgme_op_genkey_start (ctx, parms, NULL, NULL); + fail_if_err (err); + + my_wait (); + + pthread_join (tcancel, NULL); + + if (op_result.err) + { + if (gpgme_err_code (op_result.err) == GPG_ERR_CANCELED) + fputs ("Successfully cancelled\n", stdout); + else + { + fprintf (stderr, + "%s:%i: Operation finished with unexpected error: %s\n", + __FILE__, __LINE__, gpgme_strerror (op_result.err)); + exit (1); + } + } + else + fputs ("Successfully finished before cancellation\n", stdout); + + gpgme_release (ctx); + + return 0; +} commit dee56820cabde60c43c9bf8281b8d411cb2ad644 Author: Daiki Ueno Date: Tue Feb 9 17:03:53 2016 +0900 gpg: Add option --exit-on-status-write-error * src/engine-gpg.c (gpg_new): Add --exit-on-status-write-error if the engine version is latest enough to expect progress output from gpg. -- GnuPG-bug-id: 1415 Signed-off-by: Daiki Ueno Changed the version test from the patch to use the newer have_gpg_version. Signed-off-by: Werner Koch diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 8bb348f..3f1d34d 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -544,6 +544,8 @@ gpg_new (void **engine, const char *file_name, const char *home_dir, rc = add_arg (gpg, "utf8"); if (!rc) rc = add_arg (gpg, "--enable-progress-filter"); + if (!rc && have_gpg_version (gpg, "2.1.11")) + rc = add_arg (gpg, "--exit-on-status-write-error"); if (rc) goto leave; commit d0cf6b15121c9b42dbcef243e5ce30c9996a449c Author: Daiki Ueno Date: Tue Feb 9 17:03:51 2016 +0900 tests: Fix select usage in t-eventloop * tests/gpg/t-eventloop.c (do_select): Supply timeout value to select. Signed-off-by: Daiki Ueno diff --git a/tests/gpg/t-eventloop.c b/tests/gpg/t-eventloop.c index 74af35f..2d3df41 100644 --- a/tests/gpg/t-eventloop.c +++ b/tests/gpg/t-eventloop.c @@ -111,6 +111,7 @@ do_select (void) fd_set wfds; int i, n; int any = 0; + struct timeval tv; FD_ZERO (&rfds); FD_ZERO (&wfds); @@ -118,9 +119,12 @@ do_select (void) if (fdlist[i].fd != -1) FD_SET (fdlist[i].fd, fdlist[i].dir ? &rfds : &wfds); + tv.tv_sec = 0; + tv.tv_usec = 1000; + do { - n = select (FD_SETSIZE, &rfds, &wfds, NULL, 0); + n = select (FD_SETSIZE, &rfds, &wfds, NULL, &tv); } while (n < 0 && errno == EINTR); commit 0aaf1dedd629446ab991fff76581b4b58e4872a0 Author: Daiki Ueno Date: Tue Feb 9 17:03:50 2016 +0900 doc: Fix minor errors in I/O callback example * gpgme.texi (I/O Callback Example): Fix typos, add timeout to select, and initialize mutex as recursive. Signed-off-by: Daiki Ueno diff --git a/doc/gpgme.texi b/doc/gpgme.texi index ec7ebb7..6d6d692 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -6016,6 +6016,7 @@ do_select (struct event_loop *loop) fd_set wfds; int i, n; int any = 0; + struct timeval tv; struct one_fd *fdlist = loop->fds; pthread_mutex_lock (&loop->lock); @@ -6024,11 +6025,14 @@ do_select (struct event_loop *loop) for (i = 0; i < MAX_FDS; i++) if (fdlist[i].fd != -1) FD_SET (fdlist[i].fd, fdlist[i].dir ? &rfds : &wfds); - pthread_mutex_unlock (&loop->unlock); + pthread_mutex_unlock (&loop->lock); + + tv.tv_sec = 0; + tv.tv_usec = 1000; do @{ - n = select (FD_SETSIZE, &rfds, &wfds, NULL, 0); + n = select (FD_SETSIZE, &rfds, &wfds, NULL, &tv); @} while (n < 0 && errno == EINTR); @@ -6082,6 +6086,7 @@ main (int argc, char *argv[]) gpgme_error_t err; gpgme_data_t sig, text; int i; + pthread_mutexattr_t attr; struct gpgme_io_cbs io_cbs = @{ add_io_cb, @@ -6091,12 +6096,19 @@ main (int argc, char *argv[]) &result @}; - init_gpgme (void); + init_gpgme (); /* Initialize the loop structure. */ - pthread_mutex_init (&loop.lock, NULL); + + /* The mutex must be recursive, since remove_io_cb (which acquires a + lock) can be called while holding a lock acquired in do_select. */ + pthread_mutexattr_init (&attr); + pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE); + pthread_mutex_init (&loop.lock, &attr); + pthread_mutexattr_destroy (&attr); + for (i = 0; i < MAX_FDS; i++) - loop->fds[i].fd = -1; + loop.fds[i].fd = -1; /* Initialize the result structure. */ result.done = 0; ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 22 ++++- src/engine-gpg.c | 2 + tests/gpg/.gitignore | 1 + tests/gpg/Makefile.am | 12 ++- tests/gpg/{t-eventloop.c => t-cancel.c} | 166 ++++++++++++++++++++------------ tests/gpg/t-eventloop.c | 6 +- 6 files changed, 138 insertions(+), 71 deletions(-) copy tests/gpg/{t-eventloop.c => t-cancel.c} (52%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 22 09:52:43 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Sep 2016 09:52:43 +0200 Subject: [git] gnupg-doc - branch, master, updated. 8aaf4ca3faacf5fde2ed49dd9175797c337633a1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8aaf4ca3faacf5fde2ed49dd9175797c337633a1 (commit) via b69d16b335b07f1dc115403adf1c4d6aa2de7333 (commit) via 9d82d7ef1f8c9f8683000506bd90d5348b30f87f (commit) via 8036e5005f8a4baad847f9f6fe3f5fc8a7570add (commit) from e3cbed6930207f0967d1d0d9141802c7bf1a6332 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8aaf4ca3faacf5fde2ed49dd9175797c337633a1 Author: Werner Koch Date: Thu Sep 22 09:49:59 2016 +0200 web: http to https for cvs.gnupg.org which is anyway link to git.gnupg.org diff --git a/web/aegypten/tech.org b/web/aegypten/tech.org index d3e2b7b..f5ef4d0 100644 --- a/web/aegypten/tech.org +++ b/web/aegypten/tech.org @@ -8,7 +8,7 @@ [[file:pr.org][Public Relations]] | [[file:glossary.org][Glossary]] -This page provides an overview. The CVS repository contains [[http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/aegypten-specs/?cvsroot=Project+Aegypten][technical +This page provides an overview. The CVS repository contains [[https://cvs.gnupg.org/cgi-bin/viewcvs.cgi/aegypten-specs/?cvsroot%3DProject%2BAegypten][technical details]]. Note that some of parts of this page have not been translated from German. diff --git a/web/news.org b/web/news.org index bddf5ff..91625a1 100644 --- a/web/news.org +++ b/web/news.org @@ -1392,7 +1392,7 @@ Add 2 OSes to the list of supported systems. ** CVS access (2000-03-15) -[[http://cvs.gnupg.org/][cvs.gnupg.org]] provides browsable access to +[[https://cvs.gnupg.org/][cvs.gnupg.org]] provides browsable access to the CVS tree of GnuPG and related projects. commit b69d16b335b07f1dc115403adf1c4d6aa2de7333 Author: Werner Koch Date: Thu Sep 22 09:42:15 2016 +0200 web: Release info for GPGME 1.7.0 diff --git a/web/index.org b/web/index.org index beb7898..d9f4aee 100644 --- a/web/index.org +++ b/web/index.org @@ -38,29 +38,17 @@ nicely integrated into an installer and features several frontends as well as English and German manuals. A simple Windows installer for the /modern/ version is available at our [[file:download/index.org][download]] page. -# * Reconquer your privacy -# -# Even if you have nothing to hide, using encryption helps protect the -# privacy of people you communicate with, and makes life difficult for -# bulk surveillance systems. If you do have something important to hide, -# you are in good company; GnuPG is one of the tools that Edward Snowden -# used to uncover the secrets of the NSA. -# -# Please visit the [[https://emailselfdefense.fsf.org][Email Self-Defense]] site to learn how and why you -# should use GnuPG for your electronic communication. If you need -# printed leaflets check out [[https://fsfe.org/contribute/spreadtheword.html#gnupg-leaflet][FSFE?s GnuPG leaflet]]. +* Reconquer your privacy +Even if you have nothing to hide, using encryption helps protect the +privacy of people you communicate with, and makes life difficult for +bulk surveillance systems. If you do have something important to hide, +you are in good company; GnuPG is one of the tools that Edward Snowden +used to uncover the secrets of the NSA. -* Join us for the first OpenPGP conference - -#+html: Logo: OpenPGP.conf - -[[https://www.gnupg.org/conf/index.html][OpenPGP.conf]] is a conference for users and implementers of the OpenPGP -protocol, which is at the core of GnuPG. We meet in Cologne on -September 8 and 9. [[https://www.gnupg.org/conf/index.html][OpenPGP.conf]] is a place to meet, discuss, and -learn about latest developments of GnuPG and other OpenPGP aware -applications and what technical measures can be deployed to repel the -ever increasing trend to mass surveillance. +Please visit the [[https://emailselfdefense.fsf.org][Email Self-Defense]] site to learn how and why you +should use GnuPG for your electronic communication. If you need +printed leaflets check out [[https://fsfe.org/contribute/spreadtheword.html#gnupg-leaflet][FSFE?s GnuPG leaflet]]. * News @@ -80,6 +68,13 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. + +** GnuPG Made Easy (GPGME) 1.7.0 released (2016-09-21) + +[[file:related_software/gpgme/index.org][GPGME]] is a library that allows to add support for cryptography to a +program. Highlights in this release are Python and C++ language +bindings as well as support for GnuPG 2.1 features. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000397.html][more]]} + ** GnuPG 2.1.15 released (2016-08-18) A new version of the /modern/ branch of GnuPG has been released. commit 9d82d7ef1f8c9f8683000506bd90d5348b30f87f Author: Werner Koch Date: Thu Sep 22 09:35:13 2016 +0200 web: Change a couple of other http: links to https: diff --git a/web/aegypten2/index.org b/web/aegypten2/index.org index 57bbfbf..5eabafc 100644 --- a/web/aegypten2/index.org +++ b/web/aegypten2/index.org @@ -115,7 +115,7 @@ - [[https://www.gnupg.org][GnuPG]] >= 1.2.5 - [[https://www.gnupg.org/related_software/libgpg-error/][libgpg-error]] >= 1.0.0 - - [[http://directory.fsf.org/security/libgcrypt.html][libgcrypt]] >= + - [[https://directory.fsf.org/security/libgcrypt.html][libgcrypt]] >= 1.2.0 - [[https://www.gnupg.org/related_software/gpgme/index.html][GpgME]] >= 1.0.0 diff --git a/web/donate/index.org b/web/donate/index.org index 27e9cdf..2953836 100644 --- a/web/donate/index.org +++ b/web/donate/index.org @@ -16,7 +16,7 @@ GnuPG carries an [[https://www.fsf.org][FSF]] copyright notice, they never funded the development or hosting costs. - If you are using [[../index.org][GnuPG]], [[http://directory.fsf.org/project/libgcrypt/][Libgcrypt]], [[../related_software/gpgme/index.org][GPGME]], or [[https://www.gpg4win.org][Gpg4win]] and would like + If you are using [[../index.org][GnuPG]], [[../related_software/libgcrypt/index.org][Libgcrypt]], [[../related_software/gpgme/index.org][GPGME]], or [[https://www.gpg4win.org][Gpg4win]] and would like to help with development and maintenance please consider to make a donation. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 6a5c190..c5c60a5 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -46,7 +46,7 @@ purposes. This document is ? 2012-2015, Robert J. Hansen <[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]> and A.M. Kuchling <[[mailto:amk at amk.ca?subject=The%20GnuPG%20FAQ][amk at amk.ca]]>. You are free to make use of this document -in accordance with the [[http://creativecommons.org/licenses/by-sa/3.0/][Creative Commons Attribution-ShareAlike 3.0 +in accordance with the [[https://creativecommons.org/licenses/by-sa/3.0/][Creative Commons Attribution-ShareAlike 3.0 license]]; alternately, you may make use of it under terms of the GNU General Public License (version 3 or, at your discretion, any later version). @@ -237,7 +237,7 @@ operating systems. :CUSTOM_ID: get_gnupg_win32 :END: -A convenient Windows installer is available from [[http://www.gpg4win.org][GPG4WIN]]. +A convenient Windows installer is available from [[https://www.gpg4win.org][GPG4WIN]]. *** ? for Mac OS X? @@ -245,7 +245,7 @@ A convenient Windows installer is available from [[http://www.gpg4win.org][GPG4W :CUSTOM_ID: get_gnupg_osx :END: -The [[http://www.gpgtools.org][GPGtools project]] has everything needed to get started. +The [[https://www.gpgtools.org][GPGtools project]] has everything needed to get started. However, GPGTools only offers GnuPG 2.0; if you want the latest-and-greatest 2.1, look at Patrick Brunschwig?s [[http://sourceforge.net/projects/gpgosx/][GnuPG for OS X]] project on SourceForge. @@ -307,7 +307,7 @@ To install GnuPG on Gentoo, run the following command as root: =emerge gnupg= -The Gentoo documentation includes a [[http://www.gentoo.org/doc/en/gnupg-user.xml][GnuPG User Guide]]. +The Gentoo documentation includes a [[https://www.gentoo.org/doc/en/gnupg-user.xml][GnuPG User Guide]]. *** ? for FreeBSD? @@ -494,7 +494,7 @@ but on the whole it?s a wonderful resource. - Supports PGP/MIME :: Yes - Languages supported :: English, Deutsch, Schwyzerd?tsch, Espa?ol -Enigmail integrates GnuPG with [[http://www.getthunderbird.com][Mozilla Thunderbird]] and/or [[http://www.seamonkey-project.org/][Mozilla +Enigmail integrates GnuPG with [[https://www.getthunderbird.com][Mozilla Thunderbird]] and/or [[https://www.seamonkey-project.org/][Mozilla Seamonkey]]. It?s one of the most popular ways to use GnuPG, and the mailing list provides a friendly place to learn how it works and get started using it. @@ -575,7 +575,7 @@ available in the [[https://torproject.org][Tor]] network as =ic6au7wa3f6naxjq.on :END: Enigmail, a plugin for Mozilla Thunderbird that adds strong GnuPG -support, can be found at [[http://enigmail.net][http://enigmail.net]]. +support, can be found at [[https://enigmail.net][https://enigmail.net]]. **** ? GPGTools? @@ -584,7 +584,7 @@ support, can be found at [[http://enigmail.net][http://enigmail.net]]. :END: Mac OS X users may wish to visit the GPGTools project at -[[http://www.gpgtools.org][http://www.gpgtools.org]]. +[[https://www.gpgtools.org][https://www.gpgtools.org]]. **** ? GPG4WIN? @@ -593,7 +593,7 @@ Mac OS X users may wish to visit the GPGTools project at :END: GPG4WIN, the Windows port of GnuPG, maintains a homepage at -[[http://www.gpg4win.org][http://www.gpg4win.org]]. +[[https://www.gpg4win.org][https://www.gpg4win.org]]. *** Where can I find webpages covering? @@ -643,11 +643,11 @@ practices. The inclusion of a site on this list is not an endorsement of that site?s political leanings. -Probably the best-known organization is the [[http://www.eff.org][Electronic Frontier +Probably the best-known organization is the [[https://www.eff.org][Electronic Frontier Foundation]], which has been at the vanguard of electronic civil liberties for over twenty years. -The [[http://www.fsf.org][Free Software Foundation]] is also deeply involved in these matters, +The [[https://www.fsf.org][Free Software Foundation]] is also deeply involved in these matters, although in a different way than the EFF. @@ -681,7 +681,7 @@ is actively developed. It runs anywhere that KDE does, and even on some mobile devices as Kontact Touch. -(3) Claws-Mail for Windows is included in the [[http://www.gpg4win.org][Gpg4win]] installer. +(3) Claws-Mail for Windows is included in the [[https://www.gpg4win.org][Gpg4win]] installer. ** ? Mac OS X? @@ -692,9 +692,9 @@ is actively developed. | Name | Plugins | see | |-------------+----------------+-----| | Thunderbird | yes (Enigmail) | (1) | -| Gnus | yes ([[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | (2) | +| Gnus | yes ([[https://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | (2) | | Mutt | native | (3) | -| Apple Mail | yes ([[http://www.gpgtools.org][GPGtools]]) | (4) | +| Apple Mail | yes ([[https://www.gpgtools.org][GPGtools]]) | (4) | (1) With the Enigmail plugin, Thunderbird becomes one of the most popular GnuPG-aware email clients. it?s under active development @@ -719,7 +719,7 @@ is actively developed. | Name | Plugins | see | |-------------+----------------+-----| | Thunderbird | yes (Enigmail) | (1) | -| Gnus | yes ([[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | (2) | +| Gnus | yes ([[https://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | (2) | | Mutt | native | (3) | | Kontact | native | (4) | | Evolution | native | | @@ -753,7 +753,7 @@ which computers you use the portable app on. That said, Windows users should check [[http://portableapps.com/apps/internet/thunderbird_portable][PortableApps]]. Or, to build your own, use the /mkportable/ tool which comes with -[[http://www.gpg4win.org][Gpg4win]]. +[[https://www.gpg4win.org][Gpg4win]]. * What do all these strange words mean? @@ -874,7 +874,7 @@ so that other users can find it. There are distributed networks of keyservers that share keys, so you only need to upload your key once to that network. -One widely-used keyserver network is [[http://www.sks-keyservers.net/][sks-keyservers.net]]. SKS stands +One widely-used keyserver network is [[https://www.sks-keyservers.net/][sks-keyservers.net]]. SKS stands for ?Synchronising Key Server?. You can use this network by supplying the =--keyserver pool.sks-keyservers.net= option. @@ -1849,7 +1849,7 @@ rules. 1. Keep your system up-to-date. Always apply the latest patches. 2. Stop using old versions of Internet Explorer. If possible, use - [[http://www.getfirefox.com][Mozilla Firefox]] or [[http://download-chromium.appspot.com/][Chromium]]. + [[https://www.getfirefox.com][Mozilla Firefox]] or [[https://download-chromium.appspot.com/][Chromium]]. 3. Don?t open email attachments unless they are expected and come from someone you know. 4. Don?t click on email links unless they are expected and come from @@ -2069,8 +2069,8 @@ computation. This is a consequence of the Heisenberg Uncertainty Principle, and may not be violated under our current understanding of the laws of physics. -Using these two principles (the [[http://en.wikipedia.org/wiki/Landauer_bound][Landauer bound]] and the -[[http://en.wikipedia.org/wiki/Margolus%E2%80%93Levitin_theorem][Margolus?Levitin limit]]), we can determine quite accurately how much +Using these two principles (the [[https://en.wikipedia.org/wiki/Landauer_bound][Landauer bound]] and the +[[https://en.wikipedia.org/wiki/Margolus%E2%80%93Levitin_theorem][Margolus?Levitin limit]]), we can determine quite accurately how much heat would be released by a computer that brute-forced a 128-bit cipher. The results are profoundly silly: it?s enough to boil the oceans and leave the planet as a charred, smoking ruin. diff --git a/web/index.org b/web/index.org index 0906554..beb7898 100644 --- a/web/index.org +++ b/web/index.org @@ -10,7 +10,7 @@ #+index: Gpg4win GnuPG is a complete and free implementation of the OpenPGP standard as -defined by [[http://www.ietf.org/rfc/rfc4880.txt][RFC4880]] (also known as /PGP/). GnuPG allows to encrypt and +defined by [[https://www.ietf.org/rfc/rfc4880.txt][RFC4880]] (also known as /PGP/). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as /GPG/, is a command line tool with @@ -151,7 +151,7 @@ Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000383.h * A big Thanks to all supporters Due to this [[http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke][ProPublica article]] we received more than 120,000 \euro of -individual donations on a single day. There was even more: The [[http://www.linuxfoundation.org/programs/core-infrastructure-initiative][Core +individual donations on a single day. There was even more: The [[https://www.linuxfoundation.org/programs/core-infrastructure-initiative][Core Infrastructure Initiative]] granted 60,000 $ for 2015. Our payment service [[https://twitter.com/stripe/status/563449352635432960][Stripe]] and [[https://www.facebook.com/notes/protect-the-graph/supporting-gnu-privacy-guard/1564591893780956][Facebook]] will each give 50,000 $ to the project. And finally the [[https://www.wauland.de/en/donation.html#61][Wau Holland Stiftung]] is collecting tax deductible diff --git a/web/related_software/index.org b/web/related_software/index.org index 3fadc0d..913a086 100644 --- a/web/related_software/index.org +++ b/web/related_software/index.org @@ -16,7 +16,7 @@ Please note that, being part of the [[http://www.gnu.org/][GNU Project]], we can not link to any project which can not be labeled as [[http://www.gnu.org/philosophy/free-sw.html][free software]] . If you found a link on these pages to a project which does not fulfill this - requirement (a good checkpoint is the [[http://directory.fsf.org/][ FSF/UNESCO Free Software + requirement (a good checkpoint is the [[https://directory.fsf.org/][ FSF/UNESCO Free Software Directory]]) please let us know by contacting the [[mailto:webmaster at gnupg.org][webmaster]] . - [[file:frontends.org][Frontends]] :: This category collects together all the software for diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 15e4162..fb62267 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -329,12 +329,12 @@ string of the source file or nil if not available." (unless (search-forward "" nil t) (goto-char (point-max)) (insert "
- \"CC-BY-SA  These web pages are Copyright 1998--2015 The GnuPG Project and licensed under a - Creative Commons Attribution-ShareAlike 3.0 Unported License. See copying for details. Page source last changed on " changed ". commit 8036e5005f8a4baad847f9f6fe3f5fc8a7570add Author: Werner Koch Date: Thu Sep 22 09:23:07 2016 +0200 web: Change remaining http:// links to gnupg sites to https:// This avoids the redirection we do for tehse domains. Not done for cvs.gnupg.org and for certain news entries. GnuPG-bug-id: 2694 diff --git a/web/aegypten/development.org b/web/aegypten/development.org index b924772..5e0865a 100644 --- a/web/aegypten/development.org +++ b/web/aegypten/development.org @@ -26,12 +26,12 @@ - ?gypten Mailing Lists: Technical coordination is discussed at: - [[http://lists.gnupg.org/mailman/listinfo/gpa-dev][gpa-dev]] + [[https://lists.gnupg.org/mailman/listinfo/gpa-dev][gpa-dev]] This is also the list for the project Gnu Privacy Assistance (GPA) and the tool Gnu Privacy Assistant (gpa). Commits to ?gypten CVS: - [[http://lists.gnupg.org/mailman/listinfo/aegypten-commits][aegypten-commits]] + [[https://lists.gnupg.org/mailman/listinfo/aegypten-commits][aegypten-commits]] - Other Mailing Lists: @@ -41,7 +41,7 @@ [[http://lists.kde.org/?l=kmail][kmail mailing list archive]] GnuPG development: - [[http://lists.gnupg.org/mailman/listinfo/gnupg-devel][gnupg-devel]] + [[https://lists.gnupg.org/mailman/listinfo/gnupg-devel][gnupg-devel]] ** How to test an ?gypten-enabled KMail or Mutt? diff --git a/web/aegypten/index.org b/web/aegypten/index.org index f1d2d3e..a1a1fd8 100644 --- a/web/aegypten/index.org +++ b/web/aegypten/index.org @@ -125,9 +125,9 @@ Detailed list of results: You can reach the project team on several mailing lists: - - [[http://lists.gnupg.org/mailman/listinfo/gpa-dev][gpa-dev]] (technical coordination) + - [[https://lists.gnupg.org/mailman/listinfo/gpa-dev][gpa-dev]] (technical coordination) - [[http://mail.kde.org/mailman/listinfo/kmail][kmail]] (KMail) - - [[http://lists.gnupg.org/mailman/listinfo/gnupg-devel/][gnupg-devel]] (GnuPG development) + - [[https://lists.gnupg.org/mailman/listinfo/gnupg-devel/][gnupg-devel]] (GnuPG development) Project coordination: diff --git a/web/documentation/faqs.org b/web/documentation/faqs.org index fd7aa15..a4ed6ee 100644 --- a/web/documentation/faqs.org +++ b/web/documentation/faqs.org @@ -9,7 +9,7 @@ - [[https://www.gnupg.org/faq/gnupg-faq.html][HTML]] - [[https://www.gnupg.org/faq/gnupg-faq.txt][Plain text]] - The FAQ is generated using this [[http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-doc.git;a=blob_plain;f=web/faq/gnupg-faq.org][source code]]. If you are looking for - the old and outdated FAQ, please go to [[ftp://ftp.gnupg.org/gcrypt/gnupg/GnuPG-FAQ.old.txt][here]]. + The FAQ is generated using this [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p%3Dgnupg-doc.git%3Ba%3Dblob_plain%3Bf%3Dweb/faq/gnupg-faq.org][source code]]. If you are looking for + the old and outdated FAQ, please go to [[https://www.gnupg.org/ftp/gcrypt/gnupg/GnuPG-FAQ.old.txt][here]]. # eof diff --git a/web/documentation/mailing-lists.org b/web/documentation/mailing-lists.org index 8554226..b91079e 100644 --- a/web/documentation/mailing-lists.org +++ b/web/documentation/mailing-lists.org @@ -18,19 +18,19 @@ options. | Name | Purpose | Lang | |----------------+---------------------------------------------+------| | | | | -| [[http://lists.gnupg.org/pipermail/gnupg-announce/][gnupg-announce]] | Release announcements (low-traffic) | en | +| [[https://lists.gnupg.org/pipermail/gnupg-announce/][gnupg-announce]] | Release announcements (low-traffic) | en | | | | | -| [[http://lists.gnupg.org/pipermail/gnupg-users/][gnupg-users]] | General discussion and help | en | -| [[http://lists.gnupg.org/pipermail/gnupg-br/][gnupg-br]] | Help among Portuguese/Brazil speaking users | br | -| [[http://lists.gnupg.org/pipermail/gnupg-de/][gnupg-de]] | Help among German speaking users | de | -| [[http://lists.gnupg.org/pipermail/gnupg-pt/][gnupg-pt]] | Help among Portuguese speaking users | pt | -| [[http://lists.gnupg.org/pipermail/gnupg-es/][gnupg-es]] | Help among Spanish speaking users | es | -| [[http://lists.gnupg.org/pipermail/gnupg-ru/][gnupg-ru]] | Help among Russian speaking users | ru | +| [[https://lists.gnupg.org/pipermail/gnupg-users/][gnupg-users]] | General discussion and help | en | +| [[https://lists.gnupg.org/pipermail/gnupg-br/][gnupg-br]] | Help among Portuguese/Brazil speaking users | br | +| [[https://lists.gnupg.org/pipermail/gnupg-de/][gnupg-de]] | Help among German speaking users | de | +| [[https://lists.gnupg.org/pipermail/gnupg-pt/][gnupg-pt]] | Help among Portuguese speaking users | pt | +| [[https://lists.gnupg.org/pipermail/gnupg-es/][gnupg-es]] | Help among Spanish speaking users | es | +| [[https://lists.gnupg.org/pipermail/gnupg-ru/][gnupg-ru]] | Help among Russian speaking users | ru | | | | | -| [[http://lists.gnupg.org/pipermail/gnupg-devel/][gnupg-devel]] | Development discussion and bug tracking | en | -| [[http://lists.gnupg.org/pipermail/gcrypt-devel/][gcrypt-devel]] | Development of Libgcrypt | en | -| [[http://lists.gnupg.org/pipermail/gnupg-doc/][gnupg-doc]] | Development of documentation | en | -| [[http://lists.gnupg.org/pipermail/gnupg-commits/][gnupg-commits]] | Commit messages (read-only) | en | +| [[https://lists.gnupg.org/pipermail/gnupg-devel/][gnupg-devel]] | Development discussion and bug tracking | en | +| [[https://lists.gnupg.org/pipermail/gcrypt-devel/][gcrypt-devel]] | Development of Libgcrypt | en | +| [[https://lists.gnupg.org/pipermail/gnupg-doc/][gnupg-doc]] | Development of documentation | en | +| [[https://lists.gnupg.org/pipermail/gnupg-commits/][gnupg-commits]] | Commit messages (read-only) | en | | | | | |----------------+---------------------------------------------+------| diff --git a/web/download/git.org b/web/download/git.org index 5e83e8a..2b727a6 100644 --- a/web/download/git.org +++ b/web/download/git.org @@ -13,12 +13,12 @@ deliver stable snapshots; it may happen that it even does not compile, so please don't complain. GIT may put a high load on a server, so please don't poll for new pushes too often. Instead, we - suggest you to subscribe to the [[http://lists.gnupg.org/mailman/listinfo/gnupg-commits/][commits mailing list]] . + suggest you to subscribe to the [[https://lists.gnupg.org/mailman/listinfo/gnupg-commits/][commits mailing list]] . - You may also follow [[http://twitter.com/gnuprivacyguard][@gnuprivacyguard]] on Twitter to get notified + You may also follow [[https://twitter.com/gnuprivacyguard][@gnuprivacyguard]] on Twitter to get notified about commits to the GnuPG master branch. - There is a Web interface at [[http://git.gnupg.org/]] which can be used + There is a Web interface at [[https://git.gnupg.org/]] which can be used to browse the GIT repository. All repositories have been migrated to GIT from the old Subversion @@ -46,4 +46,4 @@ The GnuPG GIT server also hosts some other projects in GIT repositories. Please use the web interface at - [[http://git.gnupg.org/]] to browse them. + [[https://git.gnupg.org/]] to browse them. diff --git a/web/download/release_notes.org b/web/download/release_notes.org index 61be7f4..d0e9aa1 100644 --- a/web/download/release_notes.org +++ b/web/download/release_notes.org @@ -2,7 +2,7 @@ #+STARTUP: showall #+SETUPFILE: "../share/setup.inc" #+GPGWEB-NEED-SWDB -#+macro: announce [[http://lists.gnupg.org/pipermail/gnupg-announce/$1.html][Announcement]] +#+macro: announce [[https://lists.gnupg.org/pipermail/gnupg-announce/$1.html][Announcement]] * Release Notes diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 7698b83..6a5c190 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -94,7 +94,7 @@ try to help to people who send email directly to us, those emails quickly accumulate. Helping just six people a day can take an hour of time, and that's an hour less we have to work on making GnuPG better. Please reach out to the GnuPG community via the -[[http://lists.gnupg.org/mailman/listinfo/gnupg-users][GnuPG-Users mailing list]], +[[https://lists.gnupg.org/mailman/listinfo/gnupg-users][GnuPG-Users mailing list]], not individual people within GnuPG. @@ -462,7 +462,7 @@ There are undoubtedly many more that we?ve missed. :END: -- Subscribing :: visit the [[http://lists.gnupg.org/mailman/listinfo/gnupg-users][GnuPG-Users webpage]] +- Subscribing :: visit the [[https://lists.gnupg.org/mailman/listinfo/gnupg-users][GnuPG-Users webpage]] - Unsubscribing :: see above - List moderator :: <[[mailto:gnupg-users-owner at gnupg.org?subject%3DThe%20GnuPG-Users%20list][gnupg-users-owner at gnupg.org]]> - Supports PGP/MIME? :: Yes diff --git a/web/misc/index.org b/web/misc/index.org index 463d380..7ef5727 100644 --- a/web/misc/index.org +++ b/web/misc/index.org @@ -12,5 +12,4 @@ - [[file:links.org][Links]] - Cryptography is a wide-spread science and other people have something to tell about. - [[file:logo-contest.org][Logo Contest]] - GnuPG needs a new Logo. - - [[http://www-old.gnupg.org][The old GnuPG website]] - In case something is missing at the new one. - [[file:../legal.org][Law survey]] - Info on the legal issues of using cryptography. diff --git a/web/news.org b/web/news.org index 0ece157..bddf5ff 100644 --- a/web/news.org +++ b/web/news.org @@ -141,57 +141,57 @@ the [[file:faq/whats-new-in-2.1.org][feature overview]] page and in the [[https: ** A beta for GnuPG 2.1.0 released (2014-10-03) A beta release for the forthcoming GnuPG 2.1 version is now -available. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000357.html][{more}]] +available. [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000357.html][{more}]] ** GPA 0.95 released GPA is the GNU Privacy Assistant, a frontend to GnuPG. This new release has support for ECC keys and improves on the UI server -feature. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000356.html][{more}]] +feature. [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000356.html][{more}]] ** GnuPG 2.0.26 released (2014-08-12) -GnuPG 2.0.26 is now available. This is a maintenance release. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000353.html][{more}]] +GnuPG 2.0.26 is now available. This is a maintenance release. [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000353.html][{more}]] ** Libgcrypt 1.5.4 security fix release :important: Using any Libgcrypt version less than 1.5.4 with GnuPG 2.0.x and Elgamal encryption keys is vulnerable to the /Get Your Hands Off My Laptop/ attack. Please update to the newly released Libgcrypt 1.5.4 -or a 1.6 version. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html][{more}]] +or a 1.6 version. [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html][{more}]] ** Get Your Hands Off My Laptop (2014-08-07) Daniel Genkin, Itamar Pipman, and Eran Tromer latest side channel attack targets an /older version/ of GnuPG. If your GnuPG and -Libgcrypt versions are up-to-date you are safe. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000349.html][{more}]] +Libgcrypt versions are up-to-date you are safe. [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000349.html][{more}]] ** GPGME 1.5.1 and 1.4.4 released (2014-08-07) :important: A security fix release for the GPGME library is available. It is -suggested to update to one of these version. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000350.html][{more}]] +suggested to update to one of these version. [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000350.html][{more}]] ** GnuPG 2.0.25 and 1.4.18 released (2014-06-30) To fix a minor regression in the previous releases we released today -new versions of GnuPG-1 and GnuPG-2: [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000346.html][{2.0.25}]], [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000347.html][{1.4.18}]] +new versions of GnuPG-1 and GnuPG-2: [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000346.html][{2.0.25}]], [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000347.html][{1.4.18}]] ** GnuPG 2.0.24 released (2014-06-24) :important: GnuPG 2.0.24 is now available. This GnuPG-2 release features a fix -for a denial of service attack and a few other changes. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html][{more}]] +for a denial of service attack and a few other changes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html][{more}]] ** GnuPG 1.4.17 released (2014-06-23) :important: GnuPG 1.4.17 is now available. This GnuPG-1 release features a fix -for a denial of service attack and a few other minor changes. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html][{more}]] +for a denial of service attack and a few other minor changes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html][{more}]] ** GnuPG 2.0.23 released (2014-06-03) We are pleased to announce the availability of GnuPG 2.0.23. This is -a maintenance release with a few new features. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000342.html][{more}]] +a maintenance release with a few new features. [[https://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000342.html][{more}]] ** Goteo campaign: preliminary results (2014-05-12) @@ -219,13 +219,13 @@ liberties. [[https://www.gnupg.org/blog/20131220-gnupg-turned-0x10.html][{more} Today GNU Privacy Guard (GnuPG) has launched its first [[http://goteo.org/project/gnupg-new-website-and-infrastructure][crowdfunding campaign]] with the aim of building a new website and long term -infrastructure. [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000338.html][{more}]] [[https://www.gnupg.org/blog/20131219-gnupg-launches-crowfunding.de.html][{deutsch}]] [[https://www.gnupg.org/blog/20131219-gnupg-launches-crowfunding.fr.html][{francaise}]] +infrastructure. [[https://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000338.html][{more}]] [[https://www.gnupg.org/blog/20131219-gnupg-launches-crowfunding.de.html][{deutsch}]] [[https://www.gnupg.org/blog/20131219-gnupg-launches-crowfunding.fr.html][{francaise}]] ** GnuPG 1.4.16 released (2013-12-18) :important: Along with the publication of an interesting new [[http://www.cs.tau.ac.il/~tromer/acoustic/][side channel attack]] by Genkin, Shamir, and Tromer we announce the availability of a new -stable GnuPG release to relieve this bug: Version 1.4.16 ... [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html][{more}]] +stable GnuPG release to relieve this bug: Version 1.4.16 ... [[https://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html][{more}]] ** Blog: Getting Goteo crowdfunding approval (2013-12-18) @@ -237,7 +237,7 @@ the crowdfunding platform Goteo ... [[https://www.gnupg.org/blog/20131218-gett Along with the publication of an interesting new [[http://www.cs.tau.ac.il/~tromer/acoustic/][side channel attack]] by Genkin, Shamir, and Tromer we announce the availability of a new -stable GnuPG release to relieve this bug: Version 1.4.16 ... [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html][{more}]] +stable GnuPG release to relieve this bug: Version 1.4.16 ... [[https://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html][{more}]] ** Libgcrypt 1.6.0 released (2013-10-16) @@ -249,7 +249,7 @@ change. The main features of this version are performance improvements, better support for elliptic curves, new algorithms and modes, as well as -API and internal cleanups. [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000336.html][{more}]] +API and internal cleanups. [[https://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000336.html][{more}]] ** Blog: Preparing for launch (2013-12-13) @@ -282,106 +282,106 @@ return ... [[https://www.gnupg.org/blog/index.html][{more}]] We are pleased to announce the availability of a new stable GnuPG release: Version 2.0.22 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html][{more}]] ** Security update for GnuPG (2013-10-05) :important: We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.15 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html][{more}]] ** GnuPG 2.0.21 released (2013-08-19) We are pleased to announce the availability of GnuPG 2.0.21. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000332.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000332.html][{more}]] ** Security update for GnuPG (2013-07-25) :important: We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.14 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html][{more}]] ** Security update for Libgcrypt (2013-07-25) :important: We are pleased to announce the availability of a new stable Libgcrypt release: Version 1.5.3 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html][{more}]] ** GnuPG 2.0.20 released (2013-05-10 18:59:01) We are pleased to announce the availability of GnuPG 2.0.20. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2013q2/000328.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2013q2/000328.html][{more}]] ** GnuPG 1.4.13 released (2012-12-20 21:51:56) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.13 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2012q4/000319.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2012q4/000319.html][{more}]] ** GnuPG 2.0.19 released (2012-03-27 11:22:13) We are pleased to announce the availability of GnuPG 2.0.19. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000314.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000314.html][{more}]] ** GnuPG 1.4.12 released (2012-01-30 17:39:22) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.12 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000313.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000313.html][{more}]] ** GnuPG 1.4.13 released (2012-12-20 21:51:56) Wir freuen uns, Ihnen die Verf?gbarkeit von GnuPG 1.4.13 bekannt zu geben. -[[http://lists.gnupg.org/pipermail/gnupg-announce/2012q4/000319.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2012q4/000319.html][{more}]] ** GnuPG 2.0.19 released (2012-03-27 11:22:13) We are pleased to announce the availability of GnuPG 2.0.19. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000314.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000314.html][{more}]] ** GnuPG 1.4.12 released (2012-01-30 17:39:22) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.12. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000313.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000313.html][{more}]] ** STEED project announced (2011-10-17 20:15:22) STEED - Usable end-to-end encryption ... -[[http://lists.gnupg.org/pipermail/gnupg-devel/2011-October/026264.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-devel/2011-October/026264.html][{more}]] ** GnuPG 2.0.18 released (2011-08-04 18:19:36) We are pleased to announce the availability of GnuPG 2.0.18. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2011q3/000312.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2011q3/000312.html][{more}]] ** Libgcrypt 1.5.0 released (2011-06-29 12:21:39) We are pleased to announce the availability of Libgcrypt 1.5.0. This is the new stable version of Libgcrypt and upward compatible with the 1.4 series. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2011q2/000307.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2011q2/000307.html][{more}]] ** GnuPG 2.0.17 released (2011-01-13 17:20:12) We are pleased to announce the availability of GnuPG 2.0.17. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2011q1/000305.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2011q1/000305.html][{more}]] ** GnuPG 1.4.11 released (2010-10-18 13:36:14) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.11 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2010q4/000303.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2010q4/000303.html][{more}]] ** Important security update for GnuPG (2010-07-23 14:38:50) @@ -389,23 +389,23 @@ While trying to import a server certificate for a CDN service, a segv bug was found in GnuPG's GPGSM tool. It is likely that this bug is exploitable by sending a special crafted signed message and having a user verify the signature. A simple patch is available ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html][{more}]] ** GnuPG 2.0.16 released (2010-07-19 10:44:59) We are pleased to announce the availability of GnuPG 2.0.16. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000301.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000301.html][{more}]] ** GnuPG 2.0.15 released (2010-03-09 11:44:13) We are pleased to announce the availability of GnuPG 2.0.15. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2010q1/000299.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2010q1/000299.html][{more}]] ** GnuPG 2.0.14 released (2009-12-21 19:03:26) We are pleased to announce the availability of GnuPG 2.0.14. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2009q4/000296.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2009q4/000296.html][{more}]] ** Libgcrypt 1.4.5 released (2009-12-11 17:51:12) @@ -413,31 +413,31 @@ We are pleased to announce the availability of GnuPG 2.0.14. ... We are pleased to announce the availability of Libgcrypt 1.4.5. This is the new stable version of Libgcrypt and upward compatible with the 1.2 series. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2009q4/000295.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2009q4/000295.html][{more}]] ** GnuPG 2.0.13 released (2009-09-04 19:12:01) We are pleased to announce the availability of GnuPG 2.0.13. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2009q3/000294.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2009q3/000294.html][{more}]] ** GnuPG 1.4.10 released (2009-09-02 19:27:55) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.10 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2009q3/000291.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2009q3/000291.html][{more}]] ** GnuPG 2.0.12 released (2009-06-17 13:19:26) We are pleased to announce the availability of GnuPG 2.0.12. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2009q2/000288.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2009q2/000288.html][{more}]] ** GnuPG 2.0.11 released (2009-03-03 13:02:51) We are pleased to announce the availability of GnuPG 2.0.11 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000287.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000287.html][{more}]] ** Libgcrypt 1.4.4 released (2009-01-22 20:08:24) @@ -445,72 +445,72 @@ We are pleased to announce the availability of GnuPG 2.0.11 ... We are pleased to announce the availability of Libgcrypt 1.4.4. This is the new stable version of Libgcrypt and upward compatible with the 1.2 series. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000285.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000285.html][{more}]] ** GnuPG 2.0.10 released (2009-01-12 10:59:05) We are pleased to announce the availability of GnuPG 2.0.10 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000284.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000284.html][{more}]] ** Signing key updated! (2009-01-09 12:58:02) The expiration date of the key used to sign GnuPG distributions has been prolonged for another year. Please update the key ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000282.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000282.html][{more}]] ** GnuPG's 10th birthday! (2007-12-20 12:10:30) It has been a decade since the very first version of the GNU Privacy Guard was released ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000268.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000268.html][{more}]] ** GnuPG 2.0.8 released (2007-12-20 12:09:30) We are pleased to announce the availability of GnuPG 2.0.8 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000267.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000267.html][{more}]] ** GnuPG 1.4.8 released (2007-12-20 12:09:03) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.8. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000266.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000266.html][{more}]] ** Libgcrypt 1.4.0 released (2007-12-10 20:10:34) We are pleased to announce the availability of Libgcrypt 1.4.0. This is the new stable version of Libgcrypt and upward compatible with the 1.2 series. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000263.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000263.html][{more}]] ** New OpenPGP standard (2007-11-02 17:54:26) The new OpenPGP standard has been published. It was assigned RFC number 4880. ... -[[http://lists.gnupg.org/pipermail/gnupg-users/2007-November/031994.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-users/2007-November/031994.html][{more}]] ** GnuPG 2.0.7 released (2007-09-10 19:18) We are pleased to announce the availability of GnuPG 2.0.7 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q3/000259.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q3/000259.html][{more}]] ** GnuPG 2.0.6 released (2007-08-16 17:48) We are pleased to announce the availability of GnuPG 2.0.6 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q3/000258.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q3/000258.html][{more}]] ** GnuPG 2.0.5 released (2007-07-06 12:46) We are pleased to announce the availability of GnuPG 2.0.5 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q3/000255.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q3/000255.html][{more}]] ** Manual pages online (2007-05-11 11:45:30) @@ -523,13 +523,13 @@ Check out the navigation bar or go directly to the ** GnuPG 2.0.4 released (2007-05-09 13:02) We are pleased to announce the availability of GnuPG 2.0.4 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q2/000254.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q2/000254.html][{more}]] ** GnuPG 2.0.3 released (2007-03-08 16:55:25) We are pleased to announce the availability of GnuPG 2.0.3 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000252.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000252.html][{more}]] ** Multiple Messages Problem in GnuPG and GPGME (2007-03-06 09:31:21) @@ -537,7 +537,7 @@ We are pleased to announce the availability of GnuPG 2.0.3 ... A common usage problem of gpg has been identified. Instead of requiring a fix for all these applications, GnuPG and GPGME have been changed to provide the necessary protection. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html][{more}]] ** Important security update for GnuPG(2006-12-06 17:18:35) @@ -546,80 +546,80 @@ Tavis Ormandy of the Gentoo security team identified a severe and exploitable bug in the processing of encrypted packets in GnuPG. Updating is highly suggested. A new version of GnuPG (1.4.6) as well has a patch to 2.0.1 has been released. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html][{more}]] ** Announcing the winner of the logo contest (2006-12-02 19:37:04) And the winner is: Thomas Wittek ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000244.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000244.html][{more}]] ** GnuPG 2.0.1 released (2006-11-29 15:14:13) We are pleased to announce the availability of GnuPG 2.0.1 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000242.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000242.html][{more}]] ** Dirmngr 1.0.0 released (2006-11-29 15:14:13) We are pleased to announce the availability of Dirmngr 1.0.0 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000243.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000243.html][{more}]] ** GnuPG 2.0 released (2006-11-13 12:43:16) We are pleased to announce the availability of GnuPG 2.0.0 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000239.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000239.html][{more}]] ** GnuPG 1.9.92 released (2006-10-11 13:43:29) We are pleased to announce the availability of GnuPG 1.9.92 - one of the last steps towards a 2.0 release. ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000236.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000236.html][{more}]] ** GnuPG Logo contest (2006-09-19 14:43:08) After 8 years the time has come to modernize the GnuPG Logo and to work on a new layout of the website ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000235.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000235.html][{more}]] ** Gpg4win 1.0.6 released (2006-08-29 09:52:50) We are pleased to announce the availibility of Gpg4win, version 1.0.6 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000232.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000232.html][{more}]] ** Libgcrypt 1.2.3 released (2006-08-29 09:49:39) We are pleased to announce the availability of Libgcrypt 1.2.3. Since this is a bugfix release, it does not include any new features... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000231.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000231.html][{more}]] ** GnuPG 1.4.5 released (2006-08-01 17:42:11) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.5 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html][{more}]] ** GnuPG 1.4.4 released (2006-06-25 15:57:40) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.4 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000226.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000226.html][{more}]] ** Gpg4win 1.0.1 released (2006-04-26 13:29:58) We are pleased to announce the availibility of Gpg4win, version 1.0.1 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000224.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000224.html][{more}]] ** Gpg4win released (2006-04-03 14:28:36) @@ -627,14 +627,14 @@ We are pleased to announce the availibility of Gpg4win, version 1.0.1 After struggling for 6 month with Windows pecularities, we are finally pleased to announce the first stable release of Gpg4win, version 1.0.0... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000223.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000223.html][{more}]] ** GnuPG 1.4.3 released (2006-04-03 14:28:36) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.3 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000222.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000222.html][{more}]] ** GnuPG does not detect injection of unsigned data (2006-03-09 20:02:28) @@ -645,7 +645,7 @@ of signatures which are not detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails. Update GnuPG as soon as possible to version 1.4.2.2! -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html][{more}]] ** False positive signature verification in GnuPG (2006-02-15 12:43:54) @@ -657,59 +657,59 @@ verification of detached signatures may occur. This problem affects the tool *gpgv*, as well as using "gpg --verify" to imitate gpgv, if only the exit code of the process is used to decide whether a detached signature is valid. -[[http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html][{more}]] ** GnuPG 1.9.20 (S/MIME and gpg-agent) released (2005-12-20 12:56:31) We are pleased to announce the availability of GnuPG 1.9.20 - the branch of GnuPG featuring the S/MIME... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q4/000209.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q4/000209.html][{more}]] ** Libgcrypt 1.2.2 released (2005-10-05 15:34:42) We are pleased to announce the availability of Libgcrypt 1.2.2. Since this is a bugfix release, it does not include any new features... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q4/000205.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q4/000205.html][{more}]] ** GnuPG 1.9.19 (S/MIME and gpg-agent) released (2005-09-12 15:29:20) We are pleased to announce the availability of GnuPG 1.9.19 - the branch of GnuPG featuring the S/MIME... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000204.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000204.html][{more}]] ** GnuPG Explorer Extension (GPGee) version 1.2.1 released (2005-09-08 14:41:58) Version 1.2.1 of GPGee has now been released and is available at... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000203.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000203.html][{more}]] ** GnuPG Explorer Extension (GPGee) version 1.2.0 released (2005-09-06 16:09:57) Version 1.2.0 of GPGee has been released - head to the homepage at... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000202.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000202.html][{more}]] ** GPGee version 1.1.2 - Important Security Update (2005-07-30 00:29:18) Version 1.1.2 of GPGee has been released. This release fixes a newly identified security issue... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000201.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000201.html][{more}]] ** GnuPG 1.4.2 released (2005-07-27 09:53:27) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.2 ... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000200.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000200.html][{more}]] ** GPGee (GnuPG Explorer Extension) version 1.1.1 (2005-07-18 04:58:16) I have released version 1.1.1 of GPGee. This is a minor update to 1.1 to answer a couple user... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000199.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q3/000199.html][{more}]] ** Second release candidate for GnuPG 1.4.2 available (2005-06-21 16:44:35 @@ -717,63 +717,63 @@ CET) We are pleased to announce the availability of another release candidate for the forthcoming 1.4.2 version of gnupg... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000198.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000198.html][{more}]] ** GnuPG 1.9.17 (S/MIME and gpg-agent) released (2005-06-20 21:58:24 CET) We are pleased to announce the availability of GnuPG 1.9.17; the development branch of GnuPG featuring the S/MIME protocol... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000196.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000196.html][{more}]] ** First release candidate for GnuPG 1.4.2 available (2005-05-31 14:27:33 CET) We are pleased to announce the availability of a release candidate for the forthcoming 1.4.2 version of gnupg... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000195.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000195.html][{more}]] ** GnuPG 1.9.16 (S/MIME) released (2005-04-21 17:23:56 CET) We are pleased to announce the availability of GnuPG 1.9.16; the development branch of GnuPG featuring the S/MIME protocol... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000194.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000194.html][{more}]] ** GnuPG 1.4.1 News (2005-03-15 17:53:36 CET) We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.1... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000192.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000192.html][{more}]] ** Smartcard daemon and gpg's S/MIME cousin gpgsm (2005-02-23 12:43:27 CET) The design is different to the previous versions and we may not support all ancient... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000177.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q2/000177.html][{more}]] ** Attack against OpenPGP encryption (2005-02-11 02:00:17 CET) Last night, Serge Mister and Robert Zuccherato published a paper reporting on an attack against OpenPGP symmetric encryption... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html][{more}]] ** Libgcrypt 1.2.1 released (2005-01-09 15:03:22 CET) We are pleased to announce the availability of Libgcrypt 1.2.1. Since this is a bugfix release, it does not include any new features... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000189.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000189.html][{more}]] ** GnuPG 1.2.7 released (2004-12-28 11:54:32 CET) As promised in the announcement of GnuPG 1.4.0, we are now pleased to announce the availability GnuPG 1.2.7... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000188.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000188.html][{more}]] ** Updated GnuPG 1.4.0 Windows binary (2004-12-16 22:17:10 CET) @@ -781,14 +781,14 @@ announce the availability GnuPG 1.2.7... A couple of hours ago we announced GnuPG 1.4.0, claiming that a compiled version for MS Windows is also available. Unfortunately that Windows version... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000187.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000187.html][{more}]] ** GnuPG stable 1.4 released (2004-12-16 18:24:48 CET) We are pleased to announce the availability of the new stable GnuPG series. This first release is version 1.4.0... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000186.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000186.html][{more}]] ** GnuPG 1.3.93 released (2004-12-14 11:06:45 CET) @@ -796,7 +796,7 @@ series. This first release is version 1.4.0... The latest and hopefully last release candidate for GnuPG 1.4 is ready for public consumption. We strongly encourage people to try this release candidate... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000185.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000185.html][{more}]] ** sha1sum for MS Windows released (2004-12-09 17:16:22 CET) @@ -804,7 +804,7 @@ candidate... In the light of the recently found weaknesses in the MD5 hash function we won't anymore accompany software announcements with MD5 checksums. Instead SHA-1 checksums will be given... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000184.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000184.html][{more}]] ** News available as in RSS 2.0 format (2004-11-25 22:49:58 CET) @@ -819,14 +819,14 @@ your aggregator. The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will extremely soon become the new stable release of... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000183.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000183.html][{more}]] ** GPGME 1.0.1 released (2004-10-22 21:27:47 CEST) We are pleased to announce version 1.0.1 of GnuPG Made Easy, a library designed to make access to GnuPG easier for... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000181.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000181.html][{more}]] ** GnuPG 1.3.91 released (development) (2004-10-16 14:46:21 CEST) @@ -834,7 +834,7 @@ designed to make access to GnuPG easier for... The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will extremely soon become the new stable release of... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000180.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000180.html][{more}]] ** Building GnuPG for Win32 using MinGW (2004-10-12) @@ -857,42 +857,42 @@ the office is compromised... The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000179.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000179.html][{more}]] ** GPGME 1.0.0 released (2004-09-30 18:07:54 CEST) We are pleased to announce version 1.0.0 of GnuPG Made Easy, a library designed to make access to GnuPG easier for... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q3/000178.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q3/000178.html][{more}]] ** GnuPG 1.2.6 released (2004-08-26 12:07:34 CEST) We are pleased to announce the availability of a new stable GnuPG release: Version 1.2.6. The GNU Privacy Guard (GnuPG) is... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q3/000176.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q3/000176.html][{more}]] ** GnuPG 1.2.5 build instruction update (2004-07-27) Due to a problem with the gettext installation on the build machine a little annoying bug will disturb... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q3/000173.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q3/000173.html][{more}]] ** GnuPG 1.2.5 released (2004-07-27) We are pleased to announce the availability of a new stable GnuPG release: Version 1.2.5. The GNU Privacy Guard (GnuPG) is... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q3/000171.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q3/000171.html][{more}]] ** GnuPG 1.2.5 second release candidate (2004-06-16) We are pleased to announce the availability of the second release candidate for GnuPG 1.2.5... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q2/000169.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q2/000169.html][{more}]] ** GnuPG 1.3.6 released (development) (2004-05-22 18:07:54 CEST) @@ -900,7 +900,7 @@ candidate for GnuPG 1.2.5... The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will eventually become GnuPG 1.4. It will change with greater frequency... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q2/000168.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q2/000168.html][{more}]] ** First U.S. mirror available (2004-05-06) @@ -917,56 +917,56 @@ that more mirrors will follow. We are pleased to announce the availability of Libgcrypt 1.2.0, which is the first stable release of this general purpose crypto library... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q2/000167.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q2/000167.html][{more}]] ** GnuPG 1.2.5 first release candidate (2004-03-29) We are pleased to announce the availability of the first release candidate for GnuPG 1.2.5... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q1/000166.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q1/000166.html][{more}]] ** GnuPG 1.3.5 released (development) (2004-02-26) The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2004q1/000165.html][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2004q1/000165.html][{more}]] ** GnuPG 1.2.4 released (2003-12-24) We are pleased to announce the availability of a new stable GnuPG release: Version 1.2.4. The GNU Privacy Guard (GnuPG) is... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] ** GnuPG 1.3.4 released (development) (2003-11-27) The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] ** GnuPG 1.2.3 patch to remove ElGamal signing keys (2003-11-27) David Shaw wrote a patch against GnuPG 1.2.3 to disable the ability to create signatures using the ElGamal sign+encrypt... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] ** GnuPG's ElGamal signing keys compromised (2003-11-27) A severe problem with ElGamal sign+encrypt keys has been found. This leads to a full compromise of the private key. Fortunately... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] ** Libgcrypt 1.1.44 released (2003-11-01) We are pleased to announce version 1.1.44 of Libgcrypt, a general purpose cryptography library based on... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] ** RISC OS port (2003-10-28) @@ -979,14 +979,14 @@ Bellon's page who ported GnuPG to the RISC OS platform. We are pleased to announce the release of GPA 0.7.0. GPA is a graphical frontend for the GNU Privacy Guard... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] ** GnuPG 1.3.3 released (development) (2003-10-10) The latest release from the development branch of GnuPG is ready for public consumption. This is a branch... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/][{more}]] ** HTTP access to FTP server dismissed (2003-09-22) @@ -1009,21 +1009,21 @@ to work. We are pleased to announce the availability of a new stable GnuPG release: Version 1.2.3... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q3/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q3/][{more}]] ** Libgcrypt 1.1.42 released (2003-07-31) We are pleased to announce version 1.1.42 of Libgcrypt, a general purpose cryptography library... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q3/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q3/][{more}]] ** GnuPG 1.2.3 second release candidate (2003-07-30) We are pleased to announce the availability of the second release candidate for GnuPG 1.2.3... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q3/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q3/][{more}]] ** OpenPGP Smartcards (2003-07-07) @@ -1045,21 +1045,21 @@ a valuable source of information for understanding and organizing a The latest release from the development branch of GnuPG is ready for public consumption. The more GnuPG-familiar user is encouraged try this release... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q2/][{more}]] ** Key validity bug in GnuPG 1.2.1 and earlier (2003-05-04) As part of the development of GnuPG 1.2.2, a bug was discovered in the key validation code. This bug causes keys with more than one user ID... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q2/][{more}]] ** GnuPG 1.2.2 released (2003-05-03) We are pleased to announce the availability of a new stable GnuPG release: Version 1.2.2... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q2/][{more}]] ** GnuPG.org/(it) 1.0 (2003-04-23) @@ -1080,7 +1080,7 @@ Thanks to Jean-francois for the new French revision of Recently, a no-war banner has been added to the site. Because not all of us at GnuPG.org agreed on it, we moved it to the bottom of the page. We invite you to read more on our mailing-list. -[[http://lists.gnupg.org/pipermail/gpgweb-devel/2003q1/][{more}]] +[[https://lists.gnupg.org/pipermail/gpgweb-devel/2003q1/][{more}]] ** GnuPG.org/(es) 0.9 (2003-02-19) @@ -1092,14 +1092,14 @@ sitio. - Version 0.9 of this site spanish translation has been released. ** GPA 0.6.1 released (2003-02-03) We are pleased to announce the release of GPA 0.6.1 -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q1/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q1/][{more}]] ** Libgcrypt 1.1.12 released (2003-01-20) I am pleased to announce a new Beta version of Libgcrypt, GNU's implementation of basic crypto functions. Libgcrypt is a general... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2003q1/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2003q1/][{more}]] ** GPA 0.6.0 released (2002-12-24) @@ -1113,7 +1113,7 @@ frontend for the GNU Privacy Guard... The key used to sign GnuPG distributions would expire in a few days. I have extended the lifetime of this key for another... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] ** GPGME 0.4.0 released (2002-12-23) @@ -1128,7 +1128,7 @@ designed to make access to GnuPG easier for... I am pleased to announce the availability of libgcrypt version 1.1.11. Libgcrypt is a general purpose cryptographic library based on the code from GnuPG and... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] ** gnupg.org 1.1 released (2002-12-15) @@ -1178,14 +1178,14 @@ available in english only for now. This is the first public announcement for OpenCDK. It is a library to provide some basic parts of the OpenPGP Message Format... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] ** Pyme -- Python OO interface to GPGME (2002-11-20) Today I am announcing the first release of Pyme, the brand-new Python bindings for GPGME.... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] ** GnuPG 1.3.1 released (development) (2002-11-12) @@ -1204,14 +1204,14 @@ private, mailinglists that require strong cryptography via... I'm currently uploading RPMs packages for gnupg 1.2.1. At this moment I've uploaded src and mdk 9.0 packages. The latter... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] ** GnuPG 1.2.1 Windows update released (2002-10-26) Due to a bug in the recent mingw32/cpd toolkit the latest GnuPG binary for Windows did not work on Windows NT. I have build... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] ** GnuPG 1.2.1 has been released (2002-10-25) @@ -1225,13 +1225,13 @@ instructions]] . The first release from the new development branch of GnuPG is ready for public consumption. This is a branch to create what... -[[http://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] +[[https://lists.gnupg.org/pipermail/gnupg-announce/2002q4/][{more}]] ** GnuPG 1.2.0 released (2002-09-21) Far too many enhancements to be listed here, please see the -[[http://lists.gnupg.org/pipermail/gnupg-announce/2002q3/000252.html][announcement mail]] . +[[https://lists.gnupg.org/pipermail/gnupg-announce/2002q3/000252.html][announcement mail]] . ** New site (2002-06-20) @@ -1248,7 +1248,7 @@ HTTP. ** GnuPG 1.0.7 released (2002-04-29) Far too many enhancements to be listed here, please see the -[[http://lists.gnupg.org/pipermail/gnupg-announce/2002q2/000251.html][announcement mail]] . +[[https://lists.gnupg.org/pipermail/gnupg-announce/2002q2/000251.html][announcement mail]] . ** GPA 0.4.3 released (2002-01-14) ----------------------------------------------------------------------- Summary of changes: web/aegypten/development.org | 6 +- web/aegypten/index.org | 4 +- web/aegypten/tech.org | 2 +- web/aegypten2/index.org | 2 +- web/documentation/faqs.org | 4 +- web/documentation/mailing-lists.org | 22 +-- web/donate/index.org | 2 +- web/download/git.org | 8 +- web/download/release_notes.org | 2 +- web/faq/gnupg-faq.org | 42 +++--- web/index.org | 41 +++--- web/misc/index.org | 1 - web/news.org | 260 ++++++++++++++++++------------------ web/related_software/index.org | 2 +- web/share/gpgweb.el | 4 +- 15 files changed, 198 insertions(+), 204 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 22 13:02:36 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Sep 2016 13:02:36 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-9-g583aafd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 583aafdd6870a7fb12a34d90993fd0f46928592c (commit) via c447b64d5989845a2ae2cf8fb30a92d2a0bd05af (commit) via dc39552d01094eff2bef5f9fcd1c16928909d20e (commit) from 7a6543c2dfeef874a34086c8f3eeb1dbdf1ce822 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 583aafdd6870a7fb12a34d90993fd0f46928592c Author: Werner Koch Date: Thu Sep 22 12:58:23 2016 +0200 w32: Silence some warnings about unused parameters. * src/assuan-support.c (my_recvmsg, my_sendmsg, my_waitpid) (my_socketpair) [W32]: Mark unused parameters. Signed-off-by: Werner Koch diff --git a/src/assuan-support.c b/src/assuan-support.c index 2cfdc35..7fbd48a 100644 --- a/src/assuan-support.c +++ b/src/assuan-support.c @@ -97,6 +97,9 @@ my_recvmsg (assuan_context_t ctx, assuan_fd_t fd, assuan_msghdr_t msg, { (void)ctx; #ifdef HAVE_W32_SYSTEM + (void)fd; + (void)msg; + (void)flags; gpg_err_set_errno (ENOSYS); return -1; #else @@ -112,6 +115,9 @@ my_sendmsg (assuan_context_t ctx, assuan_fd_t fd, const assuan_msghdr_t msg, { (void)ctx; #ifdef HAVE_W32_SYSTEM + (void)fd; + (void)msg; + (void)flags; gpg_err_set_errno (ENOSYS); return -1; #else @@ -210,6 +216,9 @@ my_waitpid (assuan_context_t ctx, pid_t pid, { (void)ctx; #ifdef HAVE_W32_SYSTEM + (void)nowait; + (void)status; + (void)options; CloseHandle ((HANDLE) pid); #else /* We can't just release the PID, a waitpid is mandatory. But @@ -229,6 +238,11 @@ my_socketpair (assuan_context_t ctx, int namespace, int style, int protocol, assuan_fd_t filedes[2]) { #ifdef HAVE_W32_SYSTEM + (void)ctx; + (void)namespace; + (void)style; + (void)protocol; + (void)filedes; gpg_err_set_errno (ENOSYS); return -1; #else commit c447b64d5989845a2ae2cf8fb30a92d2a0bd05af Author: Werner Koch Date: Thu Sep 22 12:46:06 2016 +0200 core: Fix error checking in _gpgme_mkstemp. * src/w32-util.c (_gpgme_mkstemp): Fix error checking. (dlopen): Mark FLAGS as unused. Signed-off-by: Werner Koch diff --git a/src/w32-util.c b/src/w32-util.c index edac750..9d42139 100644 --- a/src/w32-util.c +++ b/src/w32-util.c @@ -98,6 +98,8 @@ static GPG_ERR_INLINE void * dlopen (const char * name, int flag) { void * hd = LoadLibrary (name); + + (void)flag; return hd; } @@ -754,7 +756,7 @@ _gpgme_mkstemp (int *fd, char **name) if (!tmpname) return -1; *fd = my_mkstemp (tmpname); - if (fd < 0) + if (*fd < 0) { free (tmpname); return -1; commit dc39552d01094eff2bef5f9fcd1c16928909d20e Author: Werner Koch Date: Thu Sep 22 12:41:55 2016 +0200 core: New helper function _gpgme_strconcat. * src/conversion.c: Include stdarg.h. (do_strconcat): New. (_gpgme_strconcat): New. * src/util.h: Provide fallback for GPGRT_ATTR_SENTINEL. (_gpgme_strconcat): New with sentinel. * src/w32-util.c (find_program_in_dir): Replace malloc and stpcpy by _gpgme_strconcat. (find_program_at_standard_place): Ditto. (_gpgme_set_default_gpg_name): Ditto. (_gpgme_set_default_gpgconf_name): Ditto. (_gpgme_mkstemp): Ditto. (_gpgme_set_override_inst_dir): Repalce malloc and strcpy by strdup. -- The function has been taken from gnupg/common/stringhelp.c and license changed to LPGLv2.1+. I am the original author of that code. Signed-off-by: Werner Koch diff --git a/src/conversion.c b/src/conversion.c index 3df8fe5..6dfabe7 100644 --- a/src/conversion.c +++ b/src/conversion.c @@ -31,6 +31,7 @@ #endif #include #include +#include #include "gpgme.h" #include "util.h" @@ -42,6 +43,61 @@ +static char * +do_strconcat (const char *s1, va_list arg_ptr) +{ + const char *argv[16]; + size_t argc; + size_t needed; + char *buffer, *p; + + argc = 0; + argv[argc++] = s1; + needed = strlen (s1); + while (((argv[argc] = va_arg (arg_ptr, const char *)))) + { + needed += strlen (argv[argc]); + if (argc >= DIM (argv)-1) + { + gpg_err_set_errno (EINVAL); + return NULL; + } + argc++; + } + needed++; + buffer = malloc (needed); + if (buffer) + { + for (p = buffer, argc=0; argv[argc]; argc++) + p = stpcpy (p, argv[argc]); + } + return buffer; +} + + +/* Concatenate the string S1 with all the following strings up to a + * NULL. Returns a malloced buffer with the new string or NULL on a + malloc error or if too many arguments are given. */ +char * +_gpgme_strconcat (const char *s1, ...) +{ + va_list arg_ptr; + char *result; + + if (!s1) + result = strdup (""); + else + { + va_start (arg_ptr, s1); + result = do_strconcat (s1, arg_ptr); + va_end (arg_ptr); + } + return result; +} + + + + /* Convert two hexadecimal digits from STR to the value they represent. Returns -1 if one of the characters is not a hexadecimal digit. */ diff --git a/src/util.h b/src/util.h index 88e7750..1474b41 100644 --- a/src/util.h +++ b/src/util.h @@ -49,6 +49,10 @@ # define GPG_ERR_FALSE 256 #endif +#ifndef GPGRT_ATTR_SENTINEL +# define GPGRT_ATTR_SENTINEL(a) /* */ +#endif + /*-- {posix,w32}-util.c --*/ @@ -102,6 +106,12 @@ int _gpgme_ttyname_r (int fd, char *buf, size_t buflen); /*-- conversion.c --*/ + +/* Concatenate the string S1 with all the following strings up to a + NULL. Returns a malloced buffer with the new string or NULL on a + malloc error or if too many arguments are given. */ +char *_gpgme_strconcat (const char *s1, ...) GPGRT_ATTR_SENTINEL(0); + /* Convert two hexadecimal digits from STR to the value they represent. Returns -1 if one of the characters is not a hexadecimal digit. */ diff --git a/src/w32-util.c b/src/w32-util.c index 0086fe3..edac750 100644 --- a/src/w32-util.c +++ b/src/w32-util.c @@ -388,11 +388,10 @@ find_program_in_dir (const char *dir, const char *name) { char *result; - result = malloc (strlen (dir) + 1 + strlen (name) + 1); + result = _gpgme_strconcat (dir, "\\", strlen (name), NULL); if (!result) return NULL; - strcpy (stpcpy (stpcpy (result, dir), "\\"), name); if (access (result, F_OK)) { free (result); @@ -417,15 +416,11 @@ find_program_at_standard_place (const char *name) if (SHGetSpecialFolderPathA (NULL, path, CSIDL_PROGRAM_FILES, 0) || SHGetSpecialFolderPathA (NULL, path, CSIDL_PROGRAM_FILESX86, 0)) { - result = malloc (strlen (path) + 1 + strlen (name) + 1); - if (result) + result = _gpgme_strconcat (path, "\\", name, NULL); + if (result && access (result, F_OK)) { - strcpy (stpcpy (stpcpy (result, path), "\\"), name); - if (access (result, F_OK)) - { - free (result); - result = NULL; - } + free (result); + result = NULL; } } return result; @@ -439,12 +434,9 @@ _gpgme_set_default_gpg_name (const char *name) { if (!default_gpg_name) { - default_gpg_name = malloc (strlen (name) + 5); + default_gpg_name = _gpgme_strconcat (name, ".exe", NULL); if (default_gpg_name) - { - strcpy (stpcpy (default_gpg_name, name), ".exe"); - replace_slashes (default_gpg_name); - } + replace_slashes (default_gpg_name); } return !default_gpg_name; } @@ -456,12 +448,9 @@ _gpgme_set_default_gpgconf_name (const char *name) { if (!default_gpgconf_name) { - default_gpgconf_name = malloc (strlen (name) + 5); + default_gpgconf_name = _gpgme_strconcat (name, ".exe", NULL); if (default_gpgconf_name) - { - strcpy (stpcpy (default_gpgconf_name, name), ".exe"); - replace_slashes (default_gpgconf_name); - } + replace_slashes (default_gpgconf_name); } return !default_gpgconf_name; } @@ -474,10 +463,9 @@ _gpgme_set_override_inst_dir (const char *dir) { if (!override_inst_dir) { - override_inst_dir = malloc (strlen (dir) + 1); + override_inst_dir = strdup (dir); if (override_inst_dir) { - strcpy (override_inst_dir, dir); replace_slashes (override_inst_dir); /* Remove a trailing slash. */ if (*override_inst_dir @@ -762,10 +750,9 @@ _gpgme_mkstemp (int *fd, char **name) } } - tmpname = malloc (strlen (tmp) + 13 + 1); + tmpname = _gpgme_strconcat (tmp, "\\gpgme-XXXXXX", NULL); if (!tmpname) return -1; - strcpy (stpcpy (tmpname, tmp), "\\gpgme-XXXXXX"); *fd = my_mkstemp (tmpname); if (fd < 0) { ----------------------------------------------------------------------- Summary of changes: src/assuan-support.c | 14 +++++++++++++ src/conversion.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/util.h | 10 ++++++++++ src/w32-util.c | 39 +++++++++++++----------------------- 4 files changed, 94 insertions(+), 25 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 22 13:49:05 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 22 Sep 2016 13:49:05 +0200 Subject: [git] gnupg-doc - branch, master, updated. e2281c3020ea3b8e304e745daef710617f78c8d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e2281c3020ea3b8e304e745daef710617f78c8d1 (commit) from 8aaf4ca3faacf5fde2ed49dd9175797c337633a1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e2281c3020ea3b8e304e745daef710617f78c8d1 Author: Neal H. Walfield Date: Thu Sep 22 13:47:20 2016 +0200 blog: Add status update for Summer 2016. diff --git a/misc/blog.gnupg.org/20160922-gnupg-this-summer.org b/misc/blog.gnupg.org/20160922-gnupg-this-summer.org new file mode 100644 index 0000000..4dd6456 --- /dev/null +++ b/misc/blog.gnupg.org/20160922-gnupg-this-summer.org @@ -0,0 +1,181 @@ +# GnuPG this Past Summer +#+STARTUP: showall +#+AUTHOR: Neal +#+DATE: September 22, 2016 + +*** Development + +As usual, Werner has made a cornucopia of contributions. He improved +~--quick-addkey~ and ~--quick-gen-key~, he changed ~gpg-agent~ and +~dirmngr~ to exit if their sockets disappear, he added an assuan +logging monitor, he implemented new export and import filters, he did +some work on ~g13~, he added ~/run/user/UID/gnupg~ sockets, he +introduced an option (~--recipient-file~) to work directly with keys +stored in a file, and he made a number of improvements to GPGME +including adding TOFU support. + +The filtering changes allow controlling what packets are imported or +exported. For instance, if you want to only keep a single user id +when exporting a key, you could use: + +#+BEGIN_SRC + gpg --no-options --import-options import-export \ + --import-filter keep-uid='mbox = joe at example.org' \ + --import < full-key.pub > key-with-one-uid.pub +#+END_SRC + +More information about this feature is available in his [[https://lists.gnupg.org/pipermail/gnupg-devel/2016-July/031294.html][note]] to the +GnuPG mailing list or ~gpg~'s documentation. + +The ~--recipient-file~ option is an oft-requested feature, which +allows [[https://lists.gnupg.org/pipermail/gnupg-devel/2016-July/031308.html][working with keys without importing them]]. + +Werner also fixed a critical bug in the way the mixer in the random +number generator stirred the pool. Specifically, the bug allowed an +attacker who obtains 580 bytes from the standard random number +generator (RNG) to trivially predict the next 20 bytes of output. +Fortuitously, [[https://lists.gnupg.org/pipermail/gnupg-devel/2016-August/031507.html][this bug does not affect the default generation of keys]] +([[https://lists.gnupg.org/pipermail/gnupg-devel/2016-August/031516.html][more details]]). + +Justus continued to improve our new test suite for GnuPG. The +improvements included not only fixes to the new scheme-based driver, +but also a bunch of new tests. A couple of the changes included [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=history;f=tests/gpgscm/scheme.c;h=5a85063eeb3aef98bde640bca11d84173ebb6a51;hb=HEAD][bug +fixes to TinySCHEME]]. Unfortunately, the upstream developers don't +appear to be interested in the fixes. + +Most of Justus' time recently has been focused not on the test suite, +but on improving the Python bindings for GPGME. This work was started +by Ben McGinnes, who contributed an initial port of the [[https://bitbucket.org/malb/pyme][PyME bindings]] +to Python 3. Justus finished this port, restored Python 2 +compatibility, and added more pythonic interfaces (e.g., making +everything work with objects implementing the buffer protocol like +byte strings). The low-level interface has, however, been retained +and existing applications should continue to work (if not, this is a +bug, please [[https://bugs.gnupg.org][file a bug report]]). He also ported the GPGME test suite +to the Python bindings. This uncovered a number of latent bugs in the +bindings, which he fixed. From our perspective, these are now the +official Python bindings for GPGME: we've added them to the GPGME +repository, and we will continue to maintain them in the foreseeable +future. Nevertheless, to be more compatible with Python developers' +work flow, we are also packaging ~pyme3~ for [[https://pypi.python.org/pypi/pyme3][~pypi~]], which means that +the bindings can be installed using ~pip install pyme3~. More +information is available in Justus' [[https://www.gnupg.org/blog/20160921-python-bindings-for-gpgme.html][blog post]]. + +Justus also set up a Jenkins host for continuous integration. In +addition to running ~make check~ for each commit under several +configurations, it also runs the checks with various sanitizers +enabled. This has already prevented a number of minor bugs from +making it into releases. + +Andre has made a number of end-user facing contributions. The most +notable is for users of Kleopatra, which now has new dialogs for File +Encryption and Decryption / Verification. These greatly reduce the +number of required interactions to perform these operations. He also +worked on the new file type registration on Windows so that decrypting +a file only requires a double click. Additionally, he has continued +his work on the [[GnuPG%20plugin%20for%20Outlook][GnuPG plugin for Outlook]], which should be released +with gpg3win-3 this fall. The code is already in good form, and +testers are encouraged to check it out together with the new Kleopatra +(see [[https://wiki.gnupg.org/Gpg4win/Testversions][Test version of Gpg4win-3]].) Andre has also been working on +improving KMail's ~gpg~ support. One of the focuses of this work has +been adding TOFU support to the libraries used by KMail. Andre also +merged the C++ and Qt bindings for GPGME from KDE into the official +GPGME repository. This included a port of the C++ API to pure +standard C++ without boost, and the removal of some KDE-Framework use +in the Qt bindings so that the bindings now only require Qt 5 base. +This should make working with ~gpg~ in a Qt application even more +convenient. In particular, executing operations asynchronously is +very easy. Finally, Andre fixed some CRL-related bugs in ~dirmngr~. + +Kai's recent work has focused on porting [[https://www.mailpile.is/][Mailpile]] [[https://github.com/mailpile/Mailpile/pull/1621][to use GPGME]] rather +than its own wrapper, which only works with GnuPG 1.4. Unfortunately, +many projects decide to take a similar approach to Mailpile, and write +their own code to interact with ~gpg~. As a reminder, we strongly +encourage all developers to not directly interact with ~gpg~, but to +use [[https://www.gnupg.org/documentation/manuals/gpgme/][GPGME]], which is not only more complete, but also has seen a lot of +testing. We realize that GPGME's interface's are not always ideal, +however, we are open to suggestions for improvements, and feature +requests. Similarly, if you don't understand how to do what you want +using GPGME, we encourage you to ask for help on the [[https://lists.gnupg.org/mailman/listinfo/gnupg-devel][gnupg-devel +mailing list]]. + +Jussi Kivilinna has continued his work optimizing libgcrypt. In the +recent past, most of his effort was spent on implementing assembly +versions of various cryptographic functions for the ARMv8/AArch32 +architecture. + +Niibe worked on mitigating the recently published [[https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/razavi][Flip Feng Shui]] +exploit. Flip Feng Shui uses a cross-VM, row hammer-based exploit to +change the ~trusted.gpg~ file, which is used by Debian's package +manager apt to verify downloads, and apt's ~sources.list~ file, which +determines where packages are downloaded from, in a controlled manner. +This allows attackers to replace packages that are installed with +their own versions. The [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p%3Dgnupg.git%3Ba%3Dcommit%3Bh%3De32c575e0f3704e7563048eea6d26844bdfc494b][fix]] is to make sure that ~gpgv~ always checks +that self-signatures are valid. + +Niibe also spent time improving GnuPG's smartcard support. This has +primarily consisted of many small, but important improvements +including smartcard support for ECC keys and various bug fixes. +Further, Niibe investigated adding signature verification for ssh keys +stored in the authorized_keys file. This would allow detecting +corrupted keys, which could happen via a Flip Feng Shui-type attack. +Although there is some support for [[http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate%253DHEAD%5D%5Bas][signature verification in ssh]], +Niibe discovered that this particular mode of operation is not yet +supported by ssh-agent. + +Finally, Niibe has released [[https://www.fsij.org/gnuk/version1_2_1.html][a new version of GnuK (1.2.1)]]. GnuK is a +fully free cryptographic token (hardware and software). Not only is +GnuK based on free software, but the entire hardware specification is +open, and the parts are relatively easy to buy and assemble. The GnuK +token can be ordered from [[https://www.seeedstudio.com/FST-01-without-Enclosure-p-1276.html][seeed]] or the [[https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator][FSF]]. + +As usual, dkg contributed various clean ups and bug fixes. He +contributed a patch to avoid publishing the GnuPG version by default, +and another to improve ~--quick-revuid~. He also provided a patch to +reenable exporting secret keys without a passphrase, which was +possible in ~gpg~ 1.4 and 2.0, but, due to various technicalities, was +not possible in 2.1. dkg also started a [[https://lists.gnupg.org/pipermail/gnupg-devel/2016-August/031478.html][discussion about having +systemd manage ~gpg~'s daemons]]. This would ensure that GnuPG's +daemons are stopped when the user logs out. He provided patches, but +so far these changes have not yet been accepted. + +Ben Kibbey made a number of contributions. Among his bug fixes and +clean ups, he fixed the OpenIndiana (Solaris) builds. + +I (Neal) returned from a several month sabbatical. My first order of +business was to tie up some loose ends with the TOFU support in GnuPG. +Among other things, I added several checks to reduce the number of +gratuitous conflicts. In particular, if two keys have the same email +address and are cross signed, then they are almost certainly +controlled by the same person. In fact, this is a usual way of +indicating key rotation. I also set the default policy to "good" for +keys that the user has directly signed. + +*** Releases + +There have been several GnuPG releases since the last status update: +[[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html][2.1.13]], [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000393.html][2.1.14]], [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000396.html][2.1.15]], and [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html][1.4.21]]; and two releases of libgcrypt +[[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000389.html][1.7.1]] and [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000396.html][1.7.2]]. Finally, a new version of GPGME is available, [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000397.html][1.7.0]], +which includes the newly upstreamed Python, C++ and Qt bindings as +well as a number of bugs fixes and various improvements. + +*** Public Appearances + +Werner held a [[keynote%20at%20GUADEC][keynote at GUADEC]], "We Want More Centralization, Do +We?." His talk was [[https://lwn.net/Articles/697450/][covered by LWN]]. + +In May, Neal held his "An Advanced Introduction to GnuPG" talk at +INRIA, and again at GHM in August. Neal will hold the same talk on +October 3rd at 18:00 at the ACM chapter at Johns Hopkins University in +Baltimore, and again on October 5th at 18:30 at the [[http://www.meetup.com/nylug-meetings/][NYLUG]] (you need to +RSVP for this event). + +In August, we took part in the GUUG-hosted [[https://www.gnupg.org/conf/index.html][OpenPGP.conf]]. I've already +posted a [[https://www.gnupg.org/blog/20160921-openpgp-conf.html][report]] to our blog. + +Note: We are looking to interview representatives from organizations +who rely on GnuPG, e.g., journalists, lawyers, NGOs, governmental +organizations, software distributors, companies, etc., for some +publicity material that we are producing. If you fall into this +category, or know someone who does, and would be willing to be +interviewed, [[mailto:neal-nospam at gnupg.org][please get in touch with me]]! ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20160922-gnupg-this-summer.org | 181 +++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 misc/blog.gnupg.org/20160922-gnupg-this-summer.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 22 14:02:33 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Sep 2016 14:02:33 +0200 Subject: [git] gnupg-doc - branch, master, updated. 5eb502a5405d48057fdbebf683cf3c0c21540d25 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 5eb502a5405d48057fdbebf683cf3c0c21540d25 (commit) from e2281c3020ea3b8e304e745daef710617f78c8d1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5eb502a5405d48057fdbebf683cf3c0c21540d25 Author: Werner Koch Date: Thu Sep 22 13:59:52 2016 +0200 blog: Add title line diff --git a/misc/blog.gnupg.org/20160922-gnupg-this-summer.org b/misc/blog.gnupg.org/20160922-gnupg-this-summer.org index 4dd6456..f141304 100644 --- a/misc/blog.gnupg.org/20160922-gnupg-this-summer.org +++ b/misc/blog.gnupg.org/20160922-gnupg-this-summer.org @@ -3,6 +3,8 @@ #+AUTHOR: Neal #+DATE: September 22, 2016 +** GnuPG this Past Summer + *** Development As usual, Werner has made a cornucopia of contributions. He improved ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20160922-gnupg-this-summer.org | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 22 15:53:04 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 22 Sep 2016 15:53:04 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-50-gd4f11b7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via d4f11b756f1811d123759b96815fbd6aac3cb76f (commit) via 57ab9c118291ba25af0db667f33de59314d98637 (commit) via 27a18489402923163fd2358f1bd24dbf9b227c76 (commit) via 0b12e8baa959b72450dec98339cbe9f8c4fa4730 (commit) via f0aacc3bfb2b89ddc86188c577111e511197c228 (commit) via b84b06533884150e68d6846bde8e57c97114a041 (commit) via c680a4d6715576df021c869a48c1e74b77273472 (commit) from 03353e62d35b54051198f1ef2f076c2fdbdf3136 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d4f11b756f1811d123759b96815fbd6aac3cb76f Author: Andre Heinecke Date: Thu Sep 22 15:52:05 2016 +0200 tests: Add simple multiplart/signed test * tests/data/openpgp-signed-no-attach.mbox, tests/data/openpgp-signed-no-attach.plain: New. * tests/t-parser.cpp: Test it. (main): Add charset test. diff --git a/tests/data/openpgp-signed-no-attach.mbox b/tests/data/openpgp-signed-no-attach.mbox new file mode 100644 index 0000000..ca0a107 --- /dev/null +++ b/tests/data/openpgp-signed-no-attach.mbox @@ -0,0 +1,41 @@ +From andre.heinecke at intevation.de Thu Sep 22 12:49:10 2016 +From: Andre Heinecke +To: test at kolab.org +Subject: Multipart Signed +Date: Thu, 22 Sep 2016 14:49:10 +0200 +Message-ID: <1915945.LqWf2jQE2O at esus> +X-KMail-Identity: 1688019700 +X-KMail-Dictionary: en +User-Agent: KMail/4.14.10 (Linux/3.16.0-4-amd64; KDE/4.14.17; x86_64; git-61c3358; 2015-06-25) +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="nextPart1693035.rOZRFYHO8F"; micalg="pgp-sha256"; protocol="application/pgp-signature" + +--nextPart1693035.rOZRFYHO8F +Content-Transfer-Encoding: quoted-printable +Content-Type: text/plain; charset="iso-8859-1" + +Hallo Welt! +=2D-=20 +Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ +Intevation GmbH, Neuer Graben 17, 49074 Osnabr=FCck | AG Osnabr=FCck, H= +R B 18998 +Gesch=E4ftsf=FChrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wa= +gner +--nextPart1693035.rOZRFYHO8F +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: This is a digitally signed message part. +Content-Transfer-Encoding: 7Bit + +-----BEGIN PGP SIGNATURE----- + +iQEcBAABCAAGBQJX49NGAAoJEI2YYMWPJG3mYDsH/3DuwYTTYSxYdk3WecCn2TPx +UzzUB332tVE5SLzZcvH426jFwQ2qt7/f8kWjmr5+GCOenM6Nzz1FbC4K3ARuF4c3 +fZDlFegpsRg735uV8vjEEwQVkipyYMHeUJJ6d5O4FxF8q0dfkjNM53EC3cLiuKF7 +P4AjRZBycPyMf7XBaaU0zfMQkC+UkiBXMrcITQoPSSgbadlxLEc4oJIdD8zZDFVx +q2I8RFoKzVpHMn/OjBfXi94JVz7wCTa4wGG/emxoamRvqMp2S5SWPNps79/Trvzv +64F+3UalXGBfDybyUYgGb0wLtXnbFux03GJoY20NMjsMRBBKYfqMQbh0m8VZSI4= +=UY6M +-----END PGP SIGNATURE----- + +--nextPart1693035.rOZRFYHO8F-- + diff --git a/tests/data/openpgp-signed-no-attach.plain b/tests/data/openpgp-signed-no-attach.plain new file mode 100644 index 0000000..aba8dba --- /dev/null +++ b/tests/data/openpgp-signed-no-attach.plain @@ -0,0 +1,5 @@ +Hallo Welt! +-- +Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ +Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 +Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner \ No newline at end of file diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index bd41395..4548058 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -31,20 +31,30 @@ struct const char *expected_html_body_file; const char *expected_return; int attachment_cnt; + const char *expected_charset; } test_data[] = { { DATADIR "/inlinepgpencrypted.mbox", MSGTYPE_GPGOL_PGP_MESSAGE, DATADIR "/inlinepgpencrypted.plain", NULL, NULL, - 0 }, + 0, + NULL}, { DATADIR "/openpgp-encrypted.mbox", MSGTYPE_GPGOL_MULTIPART_ENCRYPTED, DATADIR "/openpgp-encrypted.plain", NULL, NULL, - 0 }, - { NULL, MSGTYPE_UNKNOWN, NULL, NULL, 0 } + 0, + NULL}, + { DATADIR "/openpgp-signed-no-attach.mbox", + MSGTYPE_GPGOL_MULTIPART_SIGNED, + DATADIR "/openpgp-signed-no-attach.plain", + NULL, + NULL, + 0, + "iso-8859-1"}, + { NULL, MSGTYPE_UNKNOWN, NULL, NULL, NULL, 0, NULL } }; @@ -133,6 +143,16 @@ int main() exit(1); } } + if (test_data[i].expected_charset) + { + if (parser.get_body_charset() != test_data[i].expected_charset) + { + fprintf (stderr, "Charset mismatch. Actual: %s Expected: %s\n", + parser.get_body_charset().c_str(), + test_data[i].expected_charset); + exit(1); + } + } fprintf (stderr, "Pass: %s\n", test_data[i].input_file); i++; } commit 57ab9c118291ba25af0db667f33de59314d98637 Author: Andre Heinecke Date: Thu Sep 22 15:51:07 2016 +0200 Add .gitattributes to mark .mbox and .plain as bin * .gitattributes: New -- This enables commiting raw test data that may contain what in code would be whitespace errors. diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..49574b5 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.plain binary +*.mbox binary commit 27a18489402923163fd2358f1bd24dbf9b227c76 Author: Andre Heinecke Date: Thu Sep 22 15:45:46 2016 +0200 Add charset getters to parsecontroller * src/parsecontroller.cpp (ParseController::get_html_charset), (ParseController::get_body_charset): New. * src/parsecontroller.h: Update accordingly. diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index 627eff8..872d454 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -223,6 +223,32 @@ ParseController::get_body() const } } +const std::string +ParseController::get_body_charset() const +{ + if (m_outputprovider) + { + return m_outputprovider->get_body_charset(); + } + else + { + return std::string(); + } +} + +const std::string +ParseController::get_html_charset() const +{ + if (m_outputprovider) + { + return m_outputprovider->get_body_charset(); + } + else + { + return std::string(); + } +} + std::vector > ParseController::get_attachments() const { diff --git a/src/parsecontroller.h b/src/parsecontroller.h index 622448b..350350d 100644 --- a/src/parsecontroller.h +++ b/src/parsecontroller.h @@ -68,6 +68,15 @@ public: /** Get the Body. Call parse first. */ const std::string get_body() const; + /** Get the charset of the body. Call parse first. + * + * That is a bit of a clunky API to make testing + * without outlook easier as we use mlang for Charset + * conversion which is not available on GNU/Linux. + */ + const std::string get_body_charset() const; + const std::string get_html_charset() const; + /** Get an alternative? HTML Body. Call parse first. */ const std::string get_html_body() const; commit 0b12e8baa959b72450dec98339cbe9f8c4fa4730 Author: Andre Heinecke Date: Thu Sep 22 15:45:07 2016 +0200 tests: Improve run-parser output * tests/run-parser.cpp (main): Improve output. diff --git a/tests/run-parser.cpp b/tests/run-parser.cpp index 3144d4a..4c804fd 100644 --- a/tests/run-parser.cpp +++ b/tests/run-parser.cpp @@ -104,14 +104,17 @@ int main(int argc, char **argv) fp_in = fopen (argv[0], "rb"); - ParseController parser(fp_in, msgtype); - std::cout << "Parse result: " << parser.parse(); - std::cout << "\nDecrypt result:\n" << parser.decrypt_result() - << "\nVerify result:\n" << parser.verify_result() - << "\nBEGIN BODY\n" << parser.get_body() << "\nEND BODY" - << "\nBEGIN HTML\n" << parser.get_html_body() << "\nEND HTML"; - for (auto attach: parser.get_attachments()) { - std::cout << "Attachment: " << attach->get_display_name(); + ParseController parser(fp_in, msgtype); + std::cout << "Parse result: " << parser.parse(); + std::cout << "\nDecrypt result:\n" << parser.decrypt_result() + << "\nVerify result:\n" << parser.verify_result() + << "\nBEGIN BODY\n" << parser.get_body() << "\nEND BODY" + << "\nBEGIN HTML\n" << parser.get_html_body() << "\nEND HTML"; + for (auto attach: parser.get_attachments()) + { + std::cout << "Attachment: " << attach->get_display_name(); + } } + fclose (fp_in); } commit f0aacc3bfb2b89ddc86188c577111e511197c228 Author: Andre Heinecke Date: Thu Sep 22 15:42:17 2016 +0200 Do chained parsing for decrypted content with sigs * src/parsecontroller.cpp (ParseController::parse): Verify after a decrypt only if a signature was found. diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index 1ee6ad1..627eff8 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -136,22 +136,48 @@ ParseController::parse() auto combined_result = ctx->decryptAndVerify(input, output); m_decrypt_result = combined_result.first; m_verify_result = combined_result.second; + if (!m_decrypt_result.error () && + m_verify_result.signatures ().empty() && + m_outputprovider->signature ()) + { + /* There is a signature in the output. So we have + to verify it now as an extra step. */ + input = Data (m_outputprovider); + delete m_inputprovider; + m_inputprovider = m_outputprovider; + m_outputprovider = new MimeDataProvider(); + output = Data(m_outputprovider); + verify = true; + } + else + { + verify = false; + } } - else + if (verify) { const auto sig = m_inputprovider->signature(); - /* Ignore the first two bytes if we did not decrypt. */ - input.seek (2, SEEK_SET); + input.seek (0, SEEK_SET); if (sig) { sig->seek (0, SEEK_SET); m_verify_result = ctx->verifyDetachedSignature(*sig, input); + /* Copy the input to output to do a mime parsing. */ + char buf[4096]; + input.seek (0, SEEK_SET); + output.seek (0, SEEK_SET); + size_t nread; + while ((nread = input.read (buf, 4096)) > 0) + { + output.write (buf, nread); + } } else { m_verify_result = ctx->verifyOpaqueSignature(input, output); } } + delete ctx; log_debug ("%s:%s: decrypt err: %i verify err: %i", SRCNAME, __func__, m_decrypt_result.error().code(), m_verify_result.error().code()); commit b84b06533884150e68d6846bde8e57c97114a041 Author: Andre Heinecke Date: Thu Sep 22 15:39:39 2016 +0200 Save body charset in mimedataprovider * src/mimedataprovider.cpp (MimeDataProvider::get_html_charset), (MimeDataProvider::get_body_charset): New. (MimeDataProvider::collect_input_lines): Collect charset. Fix html collection. * src/mimedataprovider.h: Update accordingly. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index da54055..5761a43 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -647,6 +647,11 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) m_body += "\r\n"; } } + if (m_body_charset.empty()) + { + m_body_charset = m_mime_ctx->mimestruct_cur->charset ? + m_mime_ctx->mimestruct_cur->charset : ""; + } m_mime_ctx->collect_body = 2; } else if (m_mime_ctx->collect_html_body) @@ -656,9 +661,14 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) m_html_body += std::string(linebuf, len); if (!m_mime_ctx->is_base64_encoded && !slbrk) { - m_body += "\r\n"; + m_html_body += "\r\n"; } } + if (m_html_charset.empty()) + { + m_html_charset = m_mime_ctx->mimestruct_cur->charset ? + m_mime_ctx->mimestruct_cur->charset : ""; + } m_mime_ctx->collect_html_body = 2; } else if (m_mime_ctx->current_attachment && len) @@ -886,3 +896,13 @@ const std::string &MimeDataProvider::get_html_body() } return m_html_body; } + +const std::string &MimeDataProvider::get_html_charset() const +{ + return m_html_charset; +} + +const std::string &MimeDataProvider::get_body_charset() const +{ + return m_body_charset; +} diff --git a/src/mimedataprovider.h b/src/mimedataprovider.h index 2311881..28661a7 100644 --- a/src/mimedataprovider.h +++ b/src/mimedataprovider.h @@ -101,10 +101,15 @@ public: mime_context_t mime_context() {return m_mime_ctx;} + /* Checks if there is body data left in the buffer e.g. for inline messages + that did not end with a linefeed and adds it to body / returns the body. */ const std::string &get_body(); + /* Similar for html body */ const std::string &get_html_body(); const std::vector > get_attachments() const {return m_attachments;} + const std::string &get_html_charset() const; + const std::string &get_body_charset() const; private: #ifdef HAVE_W32_SYSTEM /* Collect the data from mapi. */ @@ -130,5 +135,9 @@ private: mime_context_t m_mime_ctx; /* List of attachments. */ std::vector > m_attachments; + /* Charset of html */ + std::string m_html_charset; + /* Charset of body */ + std::string m_body_charset; }; #endif // MIMEDATAPROVIDER_H commit c680a4d6715576df021c869a48c1e74b77273472 Author: Andre Heinecke Date: Thu Sep 22 15:38:45 2016 +0200 Fix collecting body when not collecting crypto * src/mimedataprovider.cpp (MimeDataProvider::collect_input_lines): Collect body correctly. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index bf84b7a..da54055 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -623,8 +623,7 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) m_crypto_data.write (linebuf, pos); m_mime_ctx->collect_crypto_data = 2; } - if (m_mime_ctx->in_data && m_mime_ctx->collect_attachment - && !m_mime_ctx->collect_crypto_data) + if (m_mime_ctx->in_data && m_mime_ctx->collect_attachment) { /* We are inside of an attachment part. Write it out. */ if (m_mime_ctx->collect_attachment == 1) /* Skip the first line. */ @@ -701,7 +700,7 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) m_signature->write("\r\n", 2); } } - else if (m_mime_ctx->in_data) + else if (m_mime_ctx->in_data && !m_mime_ctx->start_hashing) { /* We are inside the data. That should be the actual ciphertext in the given encoding. */ ----------------------------------------------------------------------- Summary of changes: .gitattributes | 2 ++ src/mimedataprovider.cpp | 27 +++++++++++--- src/mimedataprovider.h | 9 +++++ src/parsecontroller.cpp | 58 +++++++++++++++++++++++++++++-- src/parsecontroller.h | 9 +++++ tests/data/openpgp-signed-no-attach.mbox | 41 ++++++++++++++++++++++ tests/data/openpgp-signed-no-attach.plain | 5 +++ tests/run-parser.cpp | 19 +++++----- tests/t-parser.cpp | 26 ++++++++++++-- 9 files changed, 178 insertions(+), 18 deletions(-) create mode 100644 .gitattributes create mode 100644 tests/data/openpgp-signed-no-attach.mbox create mode 100644 tests/data/openpgp-signed-no-attach.plain hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 22 16:19:24 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 22 Sep 2016 16:19:24 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-52-g5d47b7b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via 5d47b7be70199f6c40040b38ac90529808a0d2ed (commit) via 5dd67199e2e9d4aaf8edc6def1e11da0f79ea5a4 (commit) from d4f11b756f1811d123759b96815fbd6aac3cb76f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5d47b7be70199f6c40040b38ac90529808a0d2ed Author: Andre Heinecke Date: Thu Sep 22 16:18:46 2016 +0200 tests: close plain data files and terminate strs * tests/t-parser.cpp (main): close files and ensure read strings end with 0. diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index 0e42b36..5befee3 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -82,6 +82,8 @@ int main() } ParseController parser (input, test_data[i].type); + fclose(input); + auto result = parser.parse(); auto decResult = parser.decrypt_result(); @@ -114,13 +116,15 @@ int main() exit(1); } char bodybuf[16000]; - fread (bodybuf, 1, 16000, expected_body); + auto read = fread (bodybuf, 1, 16000, expected_body); + bodybuf[read] = '\0'; if (parser.get_body() != bodybuf) { fprintf (stderr, "Body was: \n\"%s\"\nExpected:\n\"%s\"\n", parser.get_body().c_str(), bodybuf); exit(1); } + fclose (expected_body); } if (test_data[i].expected_html_body_file) { @@ -132,13 +136,15 @@ int main() exit(1); } char bodybuf[16000]; - fread (bodybuf, 1, 16000, expected_html_body); + auto read = fread (bodybuf, 1, 16000, expected_html_body); + bodybuf[read] = '\0'; if (parser.get_html_body() != bodybuf) { fprintf (stderr, "HTML was: \n\"%s\"\nExpected:\n\"%s\"\n", parser.get_html_body().c_str(), bodybuf); exit(1); } + fclose (expected_html_body); } if (test_data[i].attachment_cnt) { commit 5dd67199e2e9d4aaf8edc6def1e11da0f79ea5a4 Author: Andre Heinecke Date: Thu Sep 22 16:18:24 2016 +0200 tests: Add new test for encrypted+signed -- diff --git a/tests/data/openpgp-encrypted+signed.mbox b/tests/data/openpgp-encrypted+signed.mbox new file mode 100644 index 0000000..fbe5ce7 --- /dev/null +++ b/tests/data/openpgp-encrypted+signed.mbox @@ -0,0 +1,46 @@ +From test at kolab.org Wed, 08 Sep 2010 17:02:52 +0200 +From: OpenPGP Test +To: test at kolab.org +Subject: OpenPGP encrypted +Date: Wed, 08 Sep 2010 17:02:52 +0200 +User-Agent: KMail/4.6 pre (Linux/2.6.34-rc2-2-default; KDE/4.5.60; x86_64; ; ) +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="nextPart1357031.ppLHckZtsp"; protocol="application/pgp-encrypted" +Content-Transfer-Encoding: 7Bit + + +--nextPart1357031.ppLHckZtsp +Content-Type: application/pgp-encrypted +Content-Disposition: attachment + +Version: 1 +--nextPart1357031.ppLHckZtsp +Content-Type: application/octet-stream +Content-Disposition: inline; filename="msg.asc" + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMAwzOQ1qnzNo7AQgAkQI925mOOybpzcGcjUE7jmfMVoUvJW6Br9Zx9UEtko5H +fdmnrrUhFDyhBdwcg2E6AChipNcJjZhdX17lNAO0kI2IoPJAEkX9lyhjoiVEH/M8 +xmJEKFRejYzefx0S8esKyqqtfAmMKfsA5HmKRY8iDmQnI5d/FKhkcqLTJYo7fQyL +rEEycdr5PU5OJbMtE5+8+kbmG8PywjiCCad68FXakXIEFyWX1A99W/0ScWtqrqDB +kuQSdxJs4aAZWopxGKxDobt/qVyG6W6+PUnLx3eg80KytcWNxLJRV7WEJMj4OYCU +JdHrh4J1DTTRbuRmqx9de3fBDFHNNZpJP43UJYJWtoSMAxiZbYU0+6KtAQQAnRxD +XNwzBSmPk9NG3HYf/RleTAS8/fMp3D973Y3VF5JV72ljWqZO/1o/3RIpD0pl5nSE +nI0wPyncmPvAgQl5EAKTdYonKLuMCTbQ4eT7vkOdfA/HUxgaoE8ppH/OYXDDiqz/ +2GlNCCHcaQcVWwkHbWWgyhd/VvB7Mt9PVqPgTsHSwQ4BZf/JDwWe3MDAg21Raryf +dN4ZmWUzd3osDIRyy8H2hZL9vgZ3r0auIP6DMyYrPf3yTj9ApZeBiIpgBvqMwvR/ +8si6r1JaXr48KRCxAkn9fIXe2jMwQE2bk5tYDrTXY868V3DA5iKq1dgXUSn0tzG3 +0x9pjaOFkwxm0wtlpwnhZREJ9/ieIY7hy6p7CDpq4ZGRh8jQta4tWrjxN0wly+Dh +a9TjzHzgTh9BTh7vjcDLitOQFL5NcCQtK717FQ5Z1DRnkHDVLPoyPnW+5sllOVr9 +UcqNXwrPbrtElFjHULL5Y1pem1+AE6nCAtlvCAc7cil6QDsU508sOXW7BhTWATIU +tGHg/nIC0qVs24LR3MyYrwvfXL2JOkN/IK/g+0bbs6DMYVYaEOjcjqtidxWuLsE5 +aFEwlUFzcTcSauW+AOKwH+YFihRnlh9+4taaZxGZeutb12D5u8eEk+3nyVcsdogY +k/nT6ElN8i/Z2vgcxL6ABvB+g/bZmp/eCJphDNYc00lP8NMC4EEJvTZL438ThJ3j +wz0Qo4PlV0/OMXYxP2iZup2/rCe+pkmc9Gyz3Mkal4/9bBtIgP9cWBR7JZLMrK50 +KO4+NtrZYEY4JXRJlAo= +=1lYB +-----END PGP MESSAGE----- + +--nextPart1357031.ppLHckZtsp-- diff --git a/tests/data/openpgp-encrypted+signed.plain b/tests/data/openpgp-encrypted+signed.plain new file mode 100644 index 0000000..7faf7d0 --- /dev/null +++ b/tests/data/openpgp-encrypted+signed.plain @@ -0,0 +1 @@ +encrypted message text \ No newline at end of file diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index 4548058..0e42b36 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -54,6 +54,13 @@ struct NULL, 0, "iso-8859-1"}, + { DATADIR "/openpgp-encrypted+signed.mbox", + MSGTYPE_GPGOL_MULTIPART_SIGNED, + DATADIR "/openpgp-encrypted+signed.plain", + NULL, + NULL, + 0, + "us-ascii"}, { NULL, MSGTYPE_UNKNOWN, NULL, NULL, NULL, 0, NULL } }; ----------------------------------------------------------------------- Summary of changes: tests/data/openpgp-encrypted+signed.mbox | 46 ++++++++++++++++++++++ ...rypted.plain => openpgp-encrypted+signed.plain} | 0 tests/t-parser.cpp | 17 +++++++- 3 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 tests/data/openpgp-encrypted+signed.mbox copy tests/data/{openpgp-encrypted.plain => openpgp-encrypted+signed.plain} (100%) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 22 16:44:47 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 22 Sep 2016 16:44:47 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-55-g1ae8bc5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via 1ae8bc5317557369a68d7270104b2e03bb4dd263 (commit) via 38131c6136d95989c018e26305e77e55fb5626a0 (commit) via 7e1688e578bb724a5d2a647bf95bebc1e314262d (commit) from 5d47b7be70199f6c40040b38ac90529808a0d2ed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1ae8bc5317557369a68d7270104b2e03bb4dd263 Author: Andre Heinecke Date: Thu Sep 22 16:44:28 2016 +0200 tests: Add Opaque signed S/MIME mail -- diff --git a/tests/data/smime-opaque-sign.mbox b/tests/data/smime-opaque-sign.mbox new file mode 100644 index 0000000..6e1739a --- /dev/null +++ b/tests/data/smime-opaque-sign.mbox @@ -0,0 +1,25 @@ +From test at example.com Fri Sep 11 10:16:06 2015 +From: test +To: you at you.com +Subject: sign only +Date: Fri, 11 Sep 2015 12:16:06 +0200 +Message-ID: <3182420.pXWeMPZlAJ at tabin.local> +X-KMail-Identity: 792434561 +User-Agent: KMail/4.13.0.1 (Linux/4.1.5-towo.1-siduction-amd64; KDE/4.14.2; x86_64; ; ) +MIME-Version: 1.0 +Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7m" + +MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEZUNvbnRl +bnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdCaXQKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFy +c2V0PSJ1dGYtOCIKCkEgc2ltcGxlIHNpZ25lZCBvbmx5IHRlc3QuAAAAAAAAMYIBkjCCAY4CAQEw +YjBVMQswCQYDVQQGEwJVUzENMAsGA1UECgwES0RBQjEWMBQGA1UEAwwNdW5pdHRlc3QgY2VydDEf +MB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbQIJANNFIDoYY4XJMAkGBSsOAwIaBQCggYcw +GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwMTEwMTU0ODEyWjAj +BgkqhkiG9w0BCQQxFgQUvJ5zI7oyv5fNx1H1wabIa6atsdcwKAYJKoZIhvcNAQkPMRswGTALBglg +hkgBZQMEAQIwCgYIKoZIhvcNAwcwDQYJKoZIhvcNAQEBBQAEgYAHFCw88FPy1n2lu5ql5sD2J4Yi +2/N9gUQvNQF5F/kd48HncdihLPZRs7eEX7IzDZNeylTmyp2WIiGEwQrIHbxtqU32NRouc09Zv4bu +iUwUoz1SM2s7qipikwayQMD3d5zWNhszNLBsw8z48uXAzjZAejBCfPP0/w3z7DZDJC2R2QAAAAAA +AA== + diff --git a/tests/data/smime-opaque-sign.plain b/tests/data/smime-opaque-sign.plain new file mode 100644 index 0000000..f136305 --- /dev/null +++ b/tests/data/smime-opaque-sign.plain @@ -0,0 +1 @@ +A simple signed only test. \ No newline at end of file diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index f8ddf44..9e43d5e 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -68,6 +68,13 @@ struct NULL, 1, "us-ascii"}, + { DATADIR "/smime-opaque-sign.mbox", + MSGTYPE_GPGOL_OPAQUE_SIGNED, + DATADIR "/smime-opaque-sign.plain", + NULL, + NULL, + 0, + "utf-8"}, { NULL, MSGTYPE_UNKNOWN, NULL, NULL, NULL, 0, NULL } }; commit 38131c6136d95989c018e26305e77e55fb5626a0 Author: Andre Heinecke Date: Thu Sep 22 16:36:31 2016 +0200 Collect S/MIME Opaque as crypto data * src/mimedataprovider.cpp (t2body): Start collecting crypto data when encountering an smime attachment. -- This also removes is and maybe opaque signed as this complicated the code (actually needing some X509 parsing in GpgOL) and is not needed imo. We can just try to verify it and verification will fail if its not validly signed. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index 5761a43..1727da2 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -80,8 +80,6 @@ struct mime_context int is_qp_encoded; /* Current part is QP encoded. */ int is_base64_encoded; /* Current part is base 64 encoded. */ int is_body; /* The current part belongs to the body. */ - int is_opaque_signed; /* Flag indicating opaque signed S/MIME. */ - int may_be_opaque_signed;/* Hack, see code. */ protocol_t protocol; /* The detected crypto protocol. */ int part_counter; /* Counts the number of processed parts. */ @@ -323,17 +321,8 @@ t2body (MimeDataProvider *provider, rfc822parse_t msg) { const char *smtype = rfc822parse_query_parameter (field, "smime-type", 0); - if (smtype && !strcmp (smtype, "signed-data")) - ctx->is_opaque_signed++; - else - { - /* CryptoEx is notorious in setting wrong MIME header. - Mark that so we can test later if possible. */ - ctx->may_be_opaque_signed++; - } + ctx->collect_crypto_data = 1; } - - ctx->collect_attachment = 1; } rfc822parse_release_field (field); /* (Content-type) */ ctx->in_data = 1; @@ -343,11 +332,10 @@ t2body (MimeDataProvider *provider, rfc822parse_t msg) if (is_text && not_inline_text) ctx->collect_attachment = 1; - log_mime_parser ("%s:%s: this body: nesting=%d partno=%d is_text=%d, is_opq=%d" + log_mime_parser ("%s:%s: this body: nesting=%d partno=%d is_text=%d" " charset=\"%s\"\n", SRCNAME, __func__, ctx->nesting_level, ctx->part_counter, is_text, - ctx->is_opaque_signed, ctx->mimestruct_cur->charset?ctx->mimestruct_cur->charset:""); /* If this is a text part, decide whether we treat it as our body. */ commit 7e1688e578bb724a5d2a647bf95bebc1e314262d Author: Andre Heinecke Date: Thu Sep 22 16:30:14 2016 +0200 tests: Add test mail with attachments -- diff --git a/tests/data/openpgp-encrypted-attachment.mbox b/tests/data/openpgp-encrypted-attachment.mbox new file mode 100644 index 0000000..4204fb0 --- /dev/null +++ b/tests/data/openpgp-encrypted-attachment.mbox @@ -0,0 +1,57 @@ +From test at kolab.org Fri May 01 15:13:18 2015 +From: testkey +To: you at you.com +Subject: enc attachment +Date: Fri, 01 May 2015 17:13:18 +0200 +Message-ID: <2401407.XhOc2XYoOt at tabin.local> +X-KMail-Identity: 1197256126 +User-Agent: KMail/4.13.0.1 (Linux/3.19.1-towo.1-siduction-amd64; KDE/4.14.2; x86_64; git-cd33034; 2015-04-11) +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="nextPart4793536.cjk9hKXLQ5"; protocol="application/pgp-encrypted" + + +--nextPart4793536.cjk9hKXLQ5 +Content-Type: application/pgp-encrypted +Content-Disposition: attachment +Content-Transfer-Encoding: 7Bit + +Version: 1 +--nextPart4793536.cjk9hKXLQ5 +Content-Type: application/octet-stream +Content-Disposition: inline; filename="msg.asc" +Content-Transfer-Encoding: 7Bit + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hIwDGJlthTT7oq0BBACLMnR5Mln6JGCccvqZCgM3qUkFWZ7a33b7Nl2g5lSOLX6q +dlGOr/0jAuqdkRwCDTom3hsrH2vf1kARTSST+5cewngS2CgBTAwwc8JymEagTkKf +VK/tTnM6G7puMVkwuafpuRggyJAUYvjktgUKOUaXtuxX71g0NagAFQGqlvGuq4UB +DAMMzkNap8zaOwEH+wWSs5xdV1x37T11EnUvkhoOMu+uId2U7NEx2JdQ/FGJZdti +mtqfM9GKTtQlGVcn3ISH7Wmrw3x0bsOLuW7oxkU4xIS3tVvibxaaWdmponN5TUai +Dr4LCTEmG7+jLNopF6V4zPmpQ9YxMwQOm8ITml+auNOg9EtHxavwr3Xd1hOYA92N +1bkOiHzmb9hQtUy1GfRRk91tRqtRPoaamczLxWV9yROFDRNuSSbZ8oBU/K4YgSTL +D+/FhCt6MxV0DQzp+UCSL7ZsMx+ldPnZK44Udd17+U3xQDDUffo6cSg6FAF425Rh +v3ZQP0j7LtSIwDh2Rxc+Is4DuSmfZksL5nLPH5nS6QGJnsVEqVcZgQPktl1Zaeil +x/6WaWruuJm92G2fd9x2/giTLZnk918BVi/n00xR/n4bnSQmmFhXVqAVjGlG6Tr9 +dxej8dSiFdxO8ZjFe5tguQw76xlCu/9MxmSXTP7Mfvm4jqdcjUOINwHOzR/h2T62 +ZlrmqoxMHm4RN0PQ334tSzQXD4gcoUHL+xq62ATt7/jx0p0pIXPmPVUFopCk8k1E +m2ErPLnyfGLd4LNZRL03oP0jCjX6Q/LFWLTjCIdU6+aM6nT26CZy98yZV0SRGyhu +qYxN0aVW+RatmDRWWtouOJllQouQ7ZaqmjHLgyOj32/oT8cYUWWdFswSsnMhJjxb +r6iajUeAZgiN+zqwgf6j1Z8/mMvb+yirP+Rn9ME1fq3XSYHlnIOxKNBa+St8DdaP +/ZvrkwNTpVp1GmaZLBXdqdeLmflJ4U/X7wphZGR3sgjOwj0oYotX1Zb8OrtlP5WC +VXhhrt40e7Ilt2B0x7Xe9DWKByDCqrQUhwxwTS3miiKH9G1VEcHko70O98RjKJQ3 +I4VW6e/Gqv2zAMiiOu1MBTeGfPQItca4bUrVzhKjm27twtZD4wLSQDTQECxrCWHC +BFAdzvsIry0FIXoO6Vh16Hojq+YZ8tpmknGfpg0pnuRvAdDWU+0uuECXDE0UZFWC +2g3Bs2Dn2BYYyrI6X92swHz8qP3JvdxN0dpsYMkMdHN4yWXJogNSfXzy2udf0A4P +NNZMOonhlwH+DBRfcWS0A/j0/fdDCDzR5Ca5dbX7lL4EscbBeoCP1JJyVoOp6DUc +ICuHJGGrnpNdG9DMa97tqpyGRHTAwI3lJXPKTDEHN9v9XobIyndFgi/tcPLZ7QWz +9mN94NKLmeYWjrMiRbNQk8BYXR9K17SHb4BkIMdBxRsJjgMEC8qniUH64Nnf8/x4 +yaRCuUo0bkHDE3AqCzZE1R0he66dDkfOIz+mLwcpG8jZWjFm7sXAflBe3jvIc0lm +NyWQ1WnMkP83fWm/+YqrLLf+tTQtievRPeS1Dd/7v9yqUWEmQ0pUOj3MNf9Ej2KI +vu5ap7fHIevcBn42BPwQgSnp4YmXEY0ir5Ccwogusnt7QliNSRmkN6Jap4AF +=AVJ4 +-----END PGP MESSAGE----- + +--nextPart4793536.cjk9hKXLQ5-- + diff --git a/tests/data/openpgp-encrypted-attachment.plain b/tests/data/openpgp-encrypted-attachment.plain new file mode 100644 index 0000000..db48412 --- /dev/null +++ b/tests/data/openpgp-encrypted-attachment.plain @@ -0,0 +1 @@ +test text diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index 5befee3..f8ddf44 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -61,6 +61,13 @@ struct NULL, 0, "us-ascii"}, + { DATADIR "/openpgp-encrypted-attachment.mbox", + MSGTYPE_GPGOL_MULTIPART_SIGNED, + DATADIR "/openpgp-encrypted-attachment.plain", + NULL, + NULL, + 1, + "us-ascii"}, { NULL, MSGTYPE_UNKNOWN, NULL, NULL, NULL, 0, NULL } }; ----------------------------------------------------------------------- Summary of changes: src/mimedataprovider.cpp | 16 +------- tests/data/openpgp-encrypted-attachment.mbox | 57 +++++++++++++++++++++++++++ tests/data/openpgp-encrypted-attachment.plain | 1 + tests/data/smime-opaque-sign.mbox | 25 ++++++++++++ tests/data/smime-opaque-sign.plain | 1 + tests/t-parser.cpp | 14 +++++++ 6 files changed, 100 insertions(+), 14 deletions(-) create mode 100644 tests/data/openpgp-encrypted-attachment.mbox create mode 100644 tests/data/openpgp-encrypted-attachment.plain create mode 100644 tests/data/smime-opaque-sign.mbox create mode 100644 tests/data/smime-opaque-sign.plain hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 22 21:32:43 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 22 Sep 2016 21:32:43 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-164-gdf5353b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via df5353b95eefc13135e7df50a7c197f270d6080d (commit) from 7e0379a75475abfd15e0623913795779ff0f40d7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit df5353b95eefc13135e7df50a7c197f270d6080d Author: Neal H. Walfield Date: Thu Sep 22 21:32:31 2016 +0200 g10: When adding a user id, make sure the keyblock has been prepared. * g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on KEYBLOCK before adding the user id. * tests/openpgp/quick-key-manipulation.scm: Make sure that the key capabilities don't change when adding a user id. (key-data): New function. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 2697 diff --git a/g10/keyedit.c b/g10/keyedit.c index cd16ec9..65ac2ea 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2932,6 +2932,8 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) fix_keyblock (&keyblock); + merge_keys_and_selfsig (keyblock); + if (menu_adduid (ctrl, keyblock, 0, NULL, uidstring)) { err = keydb_update_keyblock (kdbhd, keyblock); diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm index f2b8766..8a3e3f1 100755 --- a/tests/openpgp/quick-key-manipulation.scm +++ b/tests/openpgp/quick-key-manipulation.scm @@ -37,6 +37,11 @@ (define alpha "Alpha ") (define bravo "Bravo ") +(define (key-data key) + (filter (lambda (x) (or (string=? (car x) "pub") + (string=? (car x) "sub"))) + (gpg-with-colons `(-k ,key)))) + (with-temporary-working-directory (file-copy (path-join old-home "gpg.conf") "gpg.conf") (file-copy (path-join old-home "gpg-agent.conf") "gpg-agent.conf") @@ -51,7 +56,23 @@ (assert (= 1 (count-uids-of-secret-key alpha))) (info "Checking that we can add a user ID...") - (call-check `(, at GPG --quick-adduid ,(exact alpha) ,bravo)) + + ;; Make sure the key capabilities don't change when we add a user id. + ;; (See bug #2697.) + (let ((pre (key-data (exact alpha))) + (result (call-check `(, at GPG --quick-adduid ,(exact alpha) ,bravo))) + (post (key-data (exact alpha)))) + (if (not (equal? pre post)) + (begin + (display "Key capabilities changed when adding a user id:") + (newline) + (display " Pre: ") + (display pre) + (newline) + (display " Post: ") + (display post) + (newline) + (exit 1)))) (call-check `(, at GPG --check-trustdb)) ; XXX why? ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 2 ++ tests/openpgp/quick-key-manipulation.scm | 23 ++++++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 23 15:13:02 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 23 Sep 2016 15:13:02 +0200 Subject: [git] GnuPG - branch, justus/issue2700, created. gnupg-2.1.15-166-g5420c82 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, justus/issue2700 has been created at 5420c821e8f095a13a2a0a5409d22fc75dccd130 (commit) - Log ----------------------------------------------------------------- commit 5420c821e8f095a13a2a0a5409d22fc75dccd130 Author: Justus Winter Date: Fri Sep 23 14:10:07 2016 +0200 g10: Hyphenate --clearsign. * g10/gpg.c (opts): Hyphenate option. * doc/gpg.texi: Update accordingly. * po: Update translations. * tests/openpgp: Update tests. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter diff --git a/doc/gpg.texi b/doc/gpg.texi index 0504105..596785d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -174,8 +174,8 @@ decrypted via a secret key or a passphrase). The key to be used for signing is chosen by default or can be set with the @option{--local-user} and @option{--default-key} options. - at item --clearsign - at opindex clearsign + at item --clear-sign + at opindex clear-sign Make a clear text signature. The content in a clear text signature is readable without any special software. OpenPGP software is only needed to verify the signature. Clear text signatures may modify end-of-line @@ -2499,7 +2499,7 @@ to safely override the algorithm chosen by the recipient key preferences, as GPG will only select an algorithm that is usable by all recipients. The most highly ranked digest algorithm in this list is also used when signing without encryption -(e.g. @option{--clearsign} or @option{--sign}). +(e.g. @option{--clear-sign} or @option{--sign}). @item --personal-compress-preferences @code{string} @opindex personal-compress-preferences @@ -3425,7 +3425,7 @@ Operation is further controlled by a few environment variables: @item gpg -se -r @code{Bob} @code{file} sign and encrypt for user Bob - at item gpg --clearsign @code{file} + at item gpg --clear-sign @code{file} make a clear text signature @item gpg -sb @code{file} diff --git a/g10/gpg.c b/g10/gpg.c index 6a5dc13..f0ce97b 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -419,7 +419,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_group (300, N_("@Commands:\n ")), ARGPARSE_c (aSign, "sign", N_("make a signature")), - ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature")), + ARGPARSE_c (aClearsign, "clear-sign", N_("make a clear text signature")), + ARGPARSE_c (aClearsign, "clearsign", "@")), ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")), ARGPARSE_c (aEncr, "encrypt", N_("encrypt data")), ARGPARSE_c (aEncrFiles, "encrypt-files", "@"), @@ -653,7 +654,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_group (303, N_("@\nExamples:\n\n" " -se -r Bob [file] sign and encrypt for user Bob\n" - " --clearsign [file] make a clear text signature\n" + " --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n")), @@ -3639,7 +3640,7 @@ main (int argc, char **argv) cmdname="--sign --encrypt"; break; case aClearsign: - cmdname="--clearsign"; + cmdname="--clear-sign"; break; case aDetachedSign: cmdname="--detach-sign"; @@ -4023,11 +4024,11 @@ main (int argc, char **argv) case aClearsign: /* make a clearsig */ if( argc > 1 ) - wrong_args(_("--clearsign [filename]")); + wrong_args(_("--clear-sign [filename]")); if( (rc = clearsign_file (ctrl, fname, locusr, NULL)) ) { write_status_failure ("sign", rc); - log_error("%s: clearsign failed: %s\n", + log_error("%s: clear-sign failed: %s\n", print_fname_stdin(fname), gpg_strerror (rc) ); } break; diff --git a/po/ca.po b/po/ca.po index 51f5650..b99f947 100644 --- a/po/ca.po +++ b/po/ca.po @@ -2111,7 +2111,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2120,7 +2120,7 @@ msgstr "" "Exemples:\n" "\n" " -se -r Bob [fitxer] signa i xifra per a l'usuari Bob\n" -" --clearsign [fitxer] crea una signatura en text clar\n" +" --clear-sign [fitxer] crea una signatura en text clar\n" " --detach-sign [fitxer] crea una signatura separada\n" " --list-keys [noms] mostra claus\n" " --fingerprint [noms] mostra empremtes digitals\n" @@ -2552,8 +2552,8 @@ msgstr "no podeu usar %s mentre esteu en mode %s\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [nom_del_fitxer]" -msgid "--clearsign [filename]" -msgstr "--clearsign [nom_del_fitxer]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [nom_del_fitxer]" msgid "--decrypt [filename]" msgstr "--decrypt [nom_del_fitxer]" diff --git a/po/cs.po b/po/cs.po index d185c57..4d12db2 100644 --- a/po/cs.po +++ b/po/cs.po @@ -1944,14 +1944,14 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" msgstr "" "@\n" " -se -r Bob [soubor] podepsat a za?ifrovat pro u?ivatele Bob\n" -" --clearsign [soubor] vytvo?it podpis ?iteln?ho dokumentu\n" +" --clear-sign [soubor] vytvo?it podpis ?iteln?ho dokumentu\n" " --detach-sign [soubor] vytvo?it podpis odd?len? od dokumentu\n" " --list-keys [jm?na] vypsat kl??e\n" " --fingerprint [jm?na] vypsat otisky\n" @@ -2364,8 +2364,8 @@ msgstr "nelze pou??t --symmetric --sign --encrypt v m?du %s\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [jm?no souboru]" -msgid "--clearsign [filename]" -msgstr "--clearsign [jm?no souboru]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [jm?no souboru]" msgid "--decrypt [filename]" msgstr "--decrypt [jm?no souboru]" diff --git a/po/da.po b/po/da.po index ab7d352..9d1bb07 100644 --- a/po/da.po +++ b/po/da.po @@ -2056,7 +2056,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2065,7 +2065,7 @@ msgstr "" "Eksempler:\n" "\n" " -se -r Mikael [fil] underskriv og krypter for bruger Mikael\n" -" --clearsign [fil] lav en ren tekstunderskrift\n" +" --clear-sign [fil] lav en ren tekstunderskrift\n" " --detach-sign [fil] lav en separat underskrift\n" " --list-keys [navne] vis n?gler\n" " --fingerprint [navne] vis fingeraftryk\n" @@ -2501,8 +2501,8 @@ msgstr "du kan ikke bruge --symmetric --sign --encrypt i tilstanden %s\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [filnavn]" -msgid "--clearsign [filename]" -msgstr "--clearsign [filnavn]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [filnavn]" msgid "--decrypt [filename]" msgstr "--decrypt [filnavn]" diff --git a/po/de.po b/po/de.po index 71e5700..e822494 100644 --- a/po/de.po +++ b/po/de.po @@ -1931,7 +1931,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -1940,7 +1940,7 @@ msgstr "" "Beispiele:\n" "\n" " -se -r Bob [Datei] Signieren und verschl?sseln f?r Benutzer Bob\n" -" --clearsign [Datei] Eine Klartextsignatur erzeugen\n" +" --clear-sign [Datei] Eine Klartextsignatur erzeugen\n" " --detach-sign [Datei] Eine abgetrennte Signatur erzeugen\n" " --list-keys [Namen] Schl?ssel anzeigen\n" " --fingerprint [Namen] \"Fingerabdr?cke\" anzeigen\n" @@ -2350,8 +2350,8 @@ msgstr "" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [Dateiname]" -msgid "--clearsign [filename]" -msgstr "--clearsign [Dateiname]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [Dateiname]" msgid "--decrypt [filename]" msgstr "--decrypt [Dateiname]" diff --git a/po/el.po b/po/el.po index 77c81a8..75199d4 100644 --- a/po/el.po +++ b/po/el.po @@ -2038,7 +2038,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2047,7 +2047,7 @@ msgstr "" "????????????:\n" "\n" " -se -r Bob [??????] ???????? ??? ????????????? ??? ?? Bob\n" -" --clearsign [??????] ?????????? ?? ???????????????? ?????????\n" +" --clear-sign [??????] ?????????? ?? ???????????????? ?????????\n" " --detach-sign [??????] ?????????? ??????????? ?????????\n" " --list-keys [???????] ?????????? ????????\n" " --fingerprint [???????] ?????????? ???????????? (fingerprints)\n" @@ -2474,8 +2474,8 @@ msgstr "??????????? ? ????? ??? %s ???? ???????? msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [????? ???????]" -msgid "--clearsign [filename]" -msgstr "--clearsign [????? ???????]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [????? ???????]" msgid "--decrypt [filename]" msgstr "--decrypt [????? ???????]" diff --git a/po/eo.po b/po/eo.po index 63f3882..fcd7162 100644 --- a/po/eo.po +++ b/po/eo.po @@ -2024,7 +2024,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2033,7 +2033,7 @@ msgstr "" "Ekzemploj:\n" "\n" " -se -r Bob [dosiero] subskribi kaj ?ifri por uzanto Bob\n" -" --clearsign [dosiero] fari klartekstan subskribon\n" +" --clear-sign [dosiero] fari klartekstan subskribon\n" " --detach-sign [dosiero] fari apartan subskribon\n" " --list-keys [nomoj] montri ?losilojn\n" " --fingerprint [nomoj] montri fingro?purojn\n" @@ -2460,8 +2460,8 @@ msgstr "Tiu komando ne eblas en la re?imo %s.\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [dosiero]" -msgid "--clearsign [filename]" -msgstr "--clearsign [dosiero]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [dosiero]" msgid "--decrypt [filename]" msgstr "--decrypt [dosiero]" diff --git a/po/es.po b/po/es.po index 76fae21..d145393 100644 --- a/po/es.po +++ b/po/es.po @@ -2079,7 +2079,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2088,7 +2088,7 @@ msgstr "" "Ejemplos:\n" "\n" " -se -r Bob [fichero] firma y cifra para el usuario Bob\n" -" --clearsign [fichero] hace una firma manteniendo el texto sin cifrar\n" +" --clear-sign [fichero] hace una firma manteniendo el texto sin cifrar\n" " --detach-sign [fichero] hace una firma separada\n" " --list-keys [nombres] muestra las claves\n" " --fingerprint [nombres] muestra las huellas dactilares\n" @@ -2526,8 +2526,8 @@ msgstr "no puede usar --symmetric --sign --encrypt en modo %s\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [nombre_fichero]" -msgid "--clearsign [filename]" -msgstr "--clearsign [nombre_fichero]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [nombre_fichero]" msgid "--decrypt [filename]" msgstr "--decrypt [nombre_fichero]" diff --git a/po/et.po b/po/et.po index 74426d8..6ca4ab5 100644 --- a/po/et.po +++ b/po/et.po @@ -2031,7 +2031,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2040,7 +2040,7 @@ msgstr "" "N?ited:\n" "\n" " -se -r Bob [fail] allkirjasta ja kr?pti kasutajale Bob\n" -" --clearsign [fail] loo avateksti allkiri\n" +" --clear-sign [fail] loo avateksti allkiri\n" " --detach-sign [fail] loo eraldiseisev allkiri\n" " --list-keys [nimed] n?ita v?tmeid\n" " --fingerprint [nimed] n?ita s?rmej?lgi\n" @@ -2459,8 +2459,8 @@ msgstr "%s ei ole moodis %s lubatud.\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [failinimi]" -msgid "--clearsign [filename]" -msgstr "--clearsign [failinimi]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [failinimi]" msgid "--decrypt [filename]" msgstr "--decrypt [failinimi]" diff --git a/po/fi.po b/po/fi.po index 5002410..c3b6502 100644 --- a/po/fi.po +++ b/po/fi.po @@ -2047,7 +2047,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2055,7 +2055,7 @@ msgstr "" "@\n" "Esim:\n" " -se -r Pekka [tiedosto] allekirjoita ja salaa Pekalle\n" -" --clearsign [tiedosto] tee tekstimuotoinen allekirjoitus\n" +" --clear-sign [tiedosto] tee tekstimuotoinen allekirjoitus\n" " --detach-sign [tiedosto] tee erillinen allekirjoitus\n" " --list-keys [nimet] n?yt? avaimet\n" " --fingerprint [nimet] n?yt? sormenj?ljet\n" @@ -2475,8 +2475,8 @@ msgstr "valitsinta %s ei voi k?ytt?? %s-tilassa\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [tiedostonimi]" -msgid "--clearsign [filename]" -msgstr "--clearsign [tiedostonimi]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [tiedostonimi]" msgid "--decrypt [filename]" msgstr "--decrypt [tiedostonimi]" diff --git a/po/fr.po b/po/fr.po index eb7780b..ed9f06c 100644 --- a/po/fr.po +++ b/po/fr.po @@ -1970,7 +1970,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -1979,7 +1979,7 @@ msgstr "" "Exemples?:\n" "\n" " -se -r Alice [fichier] signer et chiffrer pour l'utilisateur Alice\n" -" --clearsign [fichier] faire une signature en texte clair\n" +" --clear-sign [fichier] faire une signature en texte clair\n" " --detach-sign [fichier] faire une signature d?tach?e\n" " --list-keys [noms] montrer les clefs\n" " --fingerprint [noms] montrer les empreintes\n" @@ -2404,8 +2404,8 @@ msgstr "impossible d'utiliser --symmetric --sign --encrypt en mode %s\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [fichier]" -msgid "--clearsign [filename]" -msgstr "--clearsign [fichier]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [fichier]" msgid "--decrypt [filename]" msgstr "--decrypt [fichier]" diff --git a/po/gl.po b/po/gl.po index 833533d..87b15a3 100644 --- a/po/gl.po +++ b/po/gl.po @@ -2039,7 +2039,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2469,8 +2469,8 @@ msgstr "non se pode empregar %s no modo %s\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [ficheiro]" -msgid "--clearsign [filename]" -msgstr "--clearsign [ficheiro]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [ficheiro]" msgid "--decrypt [filename]" msgstr "--decrypt [ficheiro]" diff --git a/po/hu.po b/po/hu.po index bcfe704..2523a38 100644 --- a/po/hu.po +++ b/po/hu.po @@ -2027,7 +2027,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2036,7 +2036,7 @@ msgstr "" "P?ld?k:\n" "\n" " -se -r Bob [f?jl] titkos?t?s ?s al??r?s Bob r?sz?re\n" -" --clearsign [f?jl] olvashat? sz?veg al??r?sa\n" +" --clear-sign [f?jl] olvashat? sz?veg al??r?sa\n" " --detach-sign [f?jl] k?l?n?ll? al??r?s k?sz?t?se\n" " --list-keys [nevek] kulcsok ki?rat?sa\n" " --fingerprint [nevek] ujjlenyomatok ki?rat?sa\n" @@ -2457,8 +2457,8 @@ msgstr "Lehet, hogy nem haszn?lhatja %s-t %s m?dban!\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [f?jln?v]" -msgid "--clearsign [filename]" -msgstr "--clearsign [f?jln?v]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [f?jln?v]" msgid "--decrypt [filename]" msgstr "--decrypt [f?jln?v]" diff --git a/po/id.po b/po/id.po index 015e419..383d6dd 100644 --- a/po/id.po +++ b/po/id.po @@ -2030,7 +2030,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2039,7 +2039,7 @@ msgstr "" "Contoh:\n" "\n" " -se -r Bob [file] tandai dan enkripsi untuk user Bob\n" -" --clearsign [file] buat signature berbentuk teks\n" +" --clear-sign [file] buat signature berbentuk teks\n" " --detach-sign [file] buat signature detached\n" " --list-keys [nama] tampilkan kunci\n" " --fingerprint [nama] tampilkan fingerprint\n" @@ -2462,8 +2462,8 @@ msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [namafile]" -msgid "--clearsign [filename]" -msgstr "--clearsign [namafile]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [namafile]" msgid "--decrypt [filename]" msgstr "--decrypt [namafile]" diff --git a/po/it.po b/po/it.po index dfc4f45..ff929d5 100644 --- a/po/it.po +++ b/po/it.po @@ -2037,7 +2037,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2046,7 +2046,7 @@ msgstr "" "Esempi:\n" "\n" " -se -r Bob [file] firma e cifra per l'utente Bob\n" -" --clearsign [file] fai una firma mantenendo il testo in chiaro\n" +" --clear-sign [file] fai una firma mantenendo il testo in chiaro\n" " --detach-sign [file] fai una firma separata\n" " --list-keys [nomi] mostra le chiavi\n" " --fingerprint [nomi] mostra le impronte digitali\n" @@ -2468,8 +2468,8 @@ msgstr "non ? possibile usare %s in modalit? %s\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [nomefile]" -msgid "--clearsign [filename]" -msgstr "--clearsign [nomefile]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [nomefile]" msgid "--decrypt [filename]" msgstr "--decrypt [nomefile]" diff --git a/po/ja.po b/po/ja.po index b7cefa8..82922a7 100644 --- a/po/ja.po +++ b/po/ja.po @@ -1871,7 +1871,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -1880,7 +1880,7 @@ msgstr "" "?:\n" "\n" " -se -r Bob [????] ???Bob???????\n" -" --clearsign [????] ?????????????\n" +" --clear-sign [????] ?????????????\n" " --detach-sign [????] ???????\n" " --list-keys [??] ????\n" " --fingerprint [??] ????????????\n" @@ -2271,8 +2271,8 @@ msgstr "--symmetric --sign --encrypt?%s????????????? msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [?????]" -msgid "--clearsign [filename]" -msgstr "--clearsign [?????]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [?????]" msgid "--decrypt [filename]" msgstr "--decrypt [?????]" diff --git a/po/nb.po b/po/nb.po index 4e5bc40..a00a30e 100644 --- a/po/nb.po +++ b/po/nb.po @@ -1881,7 +1881,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -1890,7 +1890,7 @@ msgstr "" "Eksempler:\n" "\n" " -se -r Bob [fil] signer og krypter for brukeren Bob\n" -" --clearsign [fil] lag klartekst-signatur\n" +" --clear-sign [fil] lag klartekst-signatur\n" " --detach-sign [fil] lag adskilt signatur\n" " --list-keys [navn] vis n?kler\n" " --fingerprint [navn] vis fingeravtrykk\n" @@ -2281,8 +2281,8 @@ msgstr "du kan ikke velge ?--symmtric?, ?--sign? og ?--encrypt? i ?%s?-m msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [filnavn]" -msgid "--clearsign [filename]" -msgstr "--clearsign [filnavn]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [filnavn]" msgid "--decrypt [filename]" msgstr "--decrypt [filnavn]" diff --git a/po/pl.po b/po/pl.po index 97eff33..6c5c0c9 100644 --- a/po/pl.po +++ b/po/pl.po @@ -2043,7 +2043,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2052,7 +2052,7 @@ msgstr "" "Przyk?ady:\n" "\n" " -se -r Bob [plik] podpisanie i zaszyfrowanie kluczem Boba\n" -" --clearsign [plik] podpisanie z pozostawieniem czytelno?ci " +" --clear-sign [plik] podpisanie z pozostawieniem czytelno?ci " "dokumentu\n" " --detach-sign [plik] podpisanie z umieszczeniem podpisu w osobnym " "pliku\n" @@ -2508,8 +2508,8 @@ msgstr "nie mo?na u?y? --symmetric --sign --encrypt w trybie %s\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [plik]" -msgid "--clearsign [filename]" -msgstr "--clearsign [plik]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [plik]" msgid "--decrypt [filename]" msgstr "--decrypt [plik]" diff --git a/po/pt.po b/po/pt.po index 1593ff0..1d7bdee 100644 --- a/po/pt.po +++ b/po/pt.po @@ -2033,7 +2033,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2042,7 +2042,7 @@ msgstr "" "Exemplos:\n" "\n" " -se -r Bob [ficheiro] assinar e cifrar para o utilizador Bob\n" -" --clearsign [ficheiro] criar uma assinatura em texto puro\n" +" --clear-sign [ficheiro] criar uma assinatura em texto puro\n" " --detach-sign [ficheiro] criar uma assinatura separada\n" " --list-keys [nomes] mostrar chaves\n" " --fingerprint [nomes] mostrar impress?es digitais\n" @@ -2463,8 +2463,8 @@ msgstr "n?o pode utilizar %s enquanto estiver no modo %s\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [nome_do_ficheiro]" -msgid "--clearsign [filename]" -msgstr "--clearsign [nome_do_ficheiro]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [nome_do_ficheiro]" msgid "--decrypt [filename]" msgstr "--decrypt [nome_do_ficheiro]" diff --git a/po/ro.po b/po/ro.po index 460223c..f18bbd8 100644 --- a/po/ro.po +++ b/po/ro.po @@ -2029,7 +2029,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2038,7 +2038,7 @@ msgstr "" "Exemple:\n" "\n" " -se -r Dan [fi?ier] semneaz? ?i cifreaz? pentru utilizatorul Dan\n" -" --clearsign [fi?ier] creaz? o semn?tur? text ?n clar\n" +" --clear-sign [fi?ier] creaz? o semn?tur? text ?n clar\n" " --detach-sign [fi?ier] creaz? o semn?tur? deta?at?\n" " --list-keys [nume] arat? chei\n" " --fingerprint [nume] arat? amprente\n" @@ -2492,8 +2492,8 @@ msgstr "nu pute?i folosi --symmetric --sign --encrypt c?t? vreme ?n modul %s msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [nume_fi?ier]" -msgid "--clearsign [filename]" -msgstr "--clearsign [nume_fi?ier]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [nume_fi?ier]" msgid "--decrypt [filename]" msgstr "--decrypt [nume_fi?ier]" diff --git a/po/ru.po b/po/ru.po index fc12908..2861014 100644 --- a/po/ru.po +++ b/po/ru.po @@ -1890,7 +1890,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -1899,7 +1899,7 @@ msgstr "" "???????:\n" "\n" " -se -r ???? [????] ????????? ? ??????????? ??? ?????????? ????\n" -" --clearsign [????] ??????? ????????? ???????\n" +" --clear-sign [????] ??????? ????????? ???????\n" " --detach-sign [????] ??????? ?????????? ???????\n" " --list-keys [?????] ???????? ?????\n" " --fingerprint [?????] ???????? ?????????\n" @@ -2303,8 +2303,8 @@ msgstr "? ?????? %s ?????? ???????????? --symmetric --s msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [????]" -msgid "--clearsign [filename]" -msgstr "--clearsign [????]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [????]" msgid "--decrypt [filename]" msgstr "--decrypt [????]" diff --git a/po/sk.po b/po/sk.po index 801cfe8..d6252b9 100644 --- a/po/sk.po +++ b/po/sk.po @@ -2040,7 +2040,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2049,7 +2049,7 @@ msgstr "" "Pr?klady:\n" "\n" " -se -r Bob [s?bor] podp?sa? a za?ifrova? pre u??vate?a Bob\n" -" --clearsign [s?bor] vytvori? podpis ?itate?n?ho dokumentu\n" +" --clear-sign [s?bor] vytvori? podpis ?itate?n?ho dokumentu\n" " --detach-sign [s?bor] vytvori? podpis oddelen? od dokumentu\n" " --list-keys [men?] vyp?sa? k???e\n" " --fingerprint [men?] vyp?sa? fingerprinty\n" @@ -2475,8 +2475,8 @@ msgstr "" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [meno s?boru]" -msgid "--clearsign [filename]" -msgstr "--clearsign [meno s?boru]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [meno s?boru]" msgid "--decrypt [filename]" msgstr "--decrypt [meno s?boru]" diff --git a/po/sv.po b/po/sv.po index 27a591d..654b7cf 100644 --- a/po/sv.po +++ b/po/sv.po @@ -2092,7 +2092,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2101,7 +2101,7 @@ msgstr "" "Exempel:\n" "\n" "-se -r Bosse [fil] signera och kryptera f?r anv?ndaren Bosse\n" -"--clearsign [fil] skapa en klartextsignatur\n" +"--clear-sign [fil] skapa en klartextsignatur\n" "--detach-sign [fil] skapa signatur i en separat fil\n" "--list-keys [namn] visa nycklar\n" "--fingerprint [namn] visa fingeravtryck\n" @@ -2557,8 +2557,8 @@ msgstr "" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [filnamn]" -msgid "--clearsign [filename]" -msgstr "--clearsign [filnamn]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [filnamn]" msgid "--decrypt [filename]" msgstr "--decrypt [filnamn]" diff --git a/po/tr.po b/po/tr.po index 14a4492..1d52b14 100644 --- a/po/tr.po +++ b/po/tr.po @@ -2037,7 +2037,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2046,7 +2046,7 @@ msgstr "" "?rnekler:\n" "\n" " -se -r Ali [dosya] kullan?c? Ali i?in imzalar ve ?ifreler\n" -" --clearsign [dosya] a??k?a okunabilir bir imza yapar\n" +" --clear-sign [dosya] a??k?a okunabilir bir imza yapar\n" " --detach-sign [dosya] ba??ms?z bir imza yapar\n" " --list-keys [isimler] anahtarlar? listeler\n" " --fingerprint [isimler] parmak izlerini g?sterir\n" @@ -2487,8 +2487,8 @@ msgstr "%s kipindeyken --symmetric --sign --encrypt kullanamazs?n?z.\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [DOSYA]" -msgid "--clearsign [filename]" -msgstr "--clearsign [dosyaismi]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [dosyaismi]" msgid "--decrypt [filename]" msgstr "--decrypt [dosyaismi]" diff --git a/po/uk.po b/po/uk.po index 864fa1c..9840ae7 100644 --- a/po/uk.po +++ b/po/uk.po @@ -1908,7 +1908,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -1918,7 +1918,7 @@ msgstr "" "\n" " -se -r Bob [????] ????????? ? ??????????? ???? ??? ??????????? " "Bob\n" -" --clearsign [????] ???????? ????????? ??????\n" +" --clear-sign [????] ???????? ????????? ??????\n" " --detach-sign [????] ???????? ??????????? ??????\n" " --list-keys [?????] ???????? ?????\n" " --fingerprint [?????] ???????? ????????\n" @@ -2343,8 +2343,8 @@ msgstr "" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [????? ?????]" -msgid "--clearsign [filename]" -msgstr "--clearsign [????? ?????]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [????? ?????]" msgid "--decrypt [filename]" msgstr "--decrypt [????? ?????]" diff --git a/po/zh_CN.po b/po/zh_CN.po index 5e16c8a..3e8bba1 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -1999,7 +1999,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -2008,7 +2008,7 @@ msgstr "" "???\n" "\n" " -se -r Bob [???] ? Bob ??????????\n" -" --clearsign [???] ??????\n" +" --clear-sign [???] ??????\n" " --detach-sign [???] ???????\n" " --list-keys [??] ????\n" " --fingerprint [??] ????\n" @@ -2437,8 +2437,8 @@ msgstr "???? %s ????? --symmetric --sign -encrypt\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [???]" -msgid "--clearsign [filename]" -msgstr "--clearsign [???]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [???]" msgid "--decrypt [filename]" msgstr "--decrypt [???]" diff --git a/po/zh_TW.po b/po/zh_TW.po index 15677d7..651c219 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -1893,7 +1893,7 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" --clearsign [file] make a clear text signature\n" +" --clear-sign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" @@ -1902,7 +1902,7 @@ msgstr "" "??:\n" "\n" " -se -r Bob [??] ? Bob ??????????\n" -" --clearsign [??] ??????\n" +" --clear-sign [??] ??????\n" " --detach-sign [??] ???????\n" " --list-keys [??] ????\n" " --fingerprint [??] ????\n" @@ -2296,8 +2296,8 @@ msgstr "???? %s ????? --symmetric --sign --encrypt\n" msgid "--sign --symmetric [filename]" msgstr "--sign --symmetric [??]" -msgid "--clearsign [filename]" -msgstr "--clearsign [??]" +msgid "--clear-sign [filename]" +msgstr "--clear-sign [??]" msgid "--decrypt [filename]" msgstr "--decrypt [??]" diff --git a/tests/openpgp/clearsig.scm b/tests/openpgp/clearsig.scm index 96b1b4c..4bf0926 100755 --- a/tests/openpgp/clearsig.scm +++ b/tests/openpgp/clearsig.scm @@ -36,7 +36,7 @@ ;; Otherwise, we do check that we recover the original file. check-identity) source - (check-signing '(--passphrase-fd "0" --clearsign) usrpass1))) + (check-signing '(--passphrase-fd "0" --clear-sign) usrpass1))) (append plain-files '("plain-large"))) ;; The test vectors are lists of length three, containing @@ -101,7 +101,7 @@ there is a blank line after this (with-output-to-file tmp (lambda () (display (:string vec)))) ((if (:check-equality vec) check-identity check-execution) tmp - (check-signing `(--passphrase-fd "0" --clearsign ,@(:options vec)) + (check-signing `(--passphrase-fd "0" --clear-sign ,@(:options vec)) usrpass1)))) (lambda (vec) (counter)) vectors)) commit 8a673ed83d7f3645280a3ae5abab00e6b205312f Author: Justus Winter Date: Fri Sep 23 13:40:55 2016 +0200 g10: Spell out --recv-keys. * g10/gpg.c (opts): Spell out option. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter diff --git a/doc/gpg.texi b/doc/gpg.texi index 6cc35e0..0504105 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -458,8 +458,8 @@ Most notable here is the @option{--import-options merge-only} option which does not insert new keys but does only the merging of new signatures, user-IDs and subkeys. - at item --recv-keys @code{key IDs} - at opindex recv-keys + at item --receive-keys @code{key IDs} + at opindex receive-keys Import the keys with the given key IDs from a keyserver. Option @option{--keyserver} must be used to give the name of this keyserver. @@ -1735,7 +1735,7 @@ This option is deprecated - please use the @option{--keyserver} in @file{dirmngr.conf} instead. Use @code{name} as your keyserver. This is the server that - at option{--recv-keys}, @option{--send-keys}, and @option{--search-keys} + at option{--receive-keys}, @option{--send-keys}, and @option{--search-keys} will communicate with to receive keys from, send keys to, and search for keys on. The format of the @code{name} is a URI: `scheme:[//]keyservername[:port]' The scheme is the type of keyserver: @@ -1803,9 +1803,9 @@ are available for all keyserver types, some common options are: Tell the keyserver helper program how long (in seconds) to try and perform a keyserver action before giving up. Note that performing multiple actions at the same time uses this timeout value per action. - For example, when retrieving multiple keys via @option{--recv-keys}, the + For example, when retrieving multiple keys via @option{--receive-keys}, the timeout applies separately to each key retrieval, and not to the - @option{--recv-keys} command as a whole. Defaults to 30 seconds. + @option{--receive-keys} command as a whole. Defaults to 30 seconds. @item http-proxy=@code{value} This option is deprecated. @@ -2207,7 +2207,7 @@ opposite meaning. The options are: that this cannot completely repair the damaged key as some crucial data is removed by the keyserver, but it does at least give you back one subkey. Defaults to no for regular @option{--import} and to yes for - keyserver @option{--recv-keys}. + keyserver @option{--receive-keys}. @item import-show Show a listing of the key as imported right before it is stored. diff --git a/g10/gpg.c b/g10/gpg.c index 2d5b4ff..6a5dc13 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -463,7 +463,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ), ARGPARSE_c (aExport, "export" , N_("export keys") ), ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a keyserver") ), - ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a keyserver") ), + ARGPARSE_c (aRecvKeys, "receive-keys" , N_("import keys from a keyserver") ), + ARGPARSE_c (aRecvKeys, "recv-keys" , "@"), ARGPARSE_c (aSearchKeys, "search-keys" , N_("search for keys on a keyserver") ), ARGPARSE_c (aRefreshKeys, "refresh-keys", ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 23 15:26:07 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 23 Sep 2016 15:26:07 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-10-ga142f18 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a142f187b7ddb2728ec3e1743da4a0c4538ab40a (commit) from 583aafdd6870a7fb12a34d90993fd0f46928592c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a142f187b7ddb2728ec3e1743da4a0c4538ab40a Author: Andre Heinecke Date: Fri Sep 23 15:22:29 2016 +0200 cpp, qt: Include config.h lang/cpp/src/callbacks.cpp, lang/cpp/src/configuration.cpp, lang/cpp/src/context.cpp, lang/cpp/src/context_glib.cpp, lang/cpp/src/context_qt.cpp, lang/cpp/src/context_vanilla.cpp, lang/cpp/src/data.cpp, lang/cpp/src/decryptionresult.cpp, lang/cpp/src/defaultassuantransaction.cpp, lang/cpp/src/editinteractor.cpp, lang/cpp/src/encryptionresult.cpp, lang/cpp/src/engineinfo.cpp, lang/cpp/src/eventloopinteractor.cpp, lang/cpp/src/exception.cpp, lang/cpp/src/gpgadduserideditinteractor.cpp, lang/cpp/src/gpgagentgetinfoassuantransaction.cpp, lang/cpp/src/gpgsetexpirytimeeditinteractor.cpp, lang/cpp/src/gpgsetownertrusteditinteractor.cpp, lang/cpp/src/gpgsignkeyeditinteractor.cpp, lang/cpp/src/importresult.cpp, lang/cpp/src/key.cpp, lang/cpp/src/keygenerationresult.cpp, lang/cpp/src/keylistresult.cpp, lang/cpp/src/scdgetinfoassuantransaction.cpp, lang/cpp/src/signingresult.cpp, lang/cpp/src/tofuinfo.cpp, lang/cpp/src/trustitem.cpp, lang/cpp/src/verificationresult.cpp, lang/cpp/src/vfsmountresult.cpp, lang/qt/src/dataprovider.cpp, lang/qt/src/defaultkeygenerationjob.cpp, lang/qt/src/gpgme_backend_debug.cpp, lang/qt/src/job.cpp, lang/qt/src/qgpgmeadduseridjob.cpp, lang/qt/src/qgpgmebackend.cpp, lang/qt/src/qgpgmechangeexpiryjob.cpp, lang/qt/src/qgpgmechangeownertrustjob.cpp, lang/qt/src/qgpgmechangepasswdjob.cpp, lang/qt/src/qgpgmedecryptjob.cpp, lang/qt/src/qgpgmedecryptverifyjob.cpp, lang/qt/src/qgpgmedeletejob.cpp, lang/qt/src/qgpgmedownloadjob.cpp, lang/qt/src/qgpgmeencryptjob.cpp, lang/qt/src/qgpgmeexportjob.cpp, lang/qt/src/qgpgmeimportfromkeyserverjob.cpp, lang/qt/src/qgpgmeimportjob.cpp, lang/qt/src/qgpgmekeyformailboxjob.cpp, lang/qt/src/qgpgmekeygenerationjob.cpp, lang/qt/src/qgpgmekeylistjob.cpp, lang/qt/src/qgpgmelistallkeysjob.cpp, lang/qt/src/qgpgmenewcryptoconfig.cpp, lang/qt/src/qgpgmerefreshkeysjob.cpp, lang/qt/src/qgpgmesecretkeyexportjob.cpp, lang/qt/src/qgpgmesignencryptjob.cpp, lang/qt/src/qgpgmesignjob.cpp, lang/qt/src/qgpgmesignkeyjob.cpp, lang/qt/src/qgpgmetofupolicyjob.cpp, lang/qt/src/qgpgmeverifydetachedjob.cpp, lang/qt/src/qgpgmeverifyopaquejob.cpp, lang/qt/src/qgpgmewkspublishjob.cpp, lang/qt/src/threadedjobmixin.cpp, lang/qt/tests/run-keyformailboxjob.cpp, lang/qt/tests/t-encrypt.cpp, lang/qt/tests/t-keylist.cpp, lang/qt/tests/t-keylocate.cpp, lang/qt/tests/t-ownertrust.cpp, lang/qt/tests/t-support.cpp, lang/qt/tests/t-tofuinfo.cpp, lang/qt/tests/t-wkspublish.cpp: Include config.h -- This fixes problems with mismatching definitions. Most notably _FILE_OFFSET_BITS is now always set correctly. diff --git a/lang/cpp/src/callbacks.cpp b/lang/cpp/src/callbacks.cpp index 4b4dd80..3631c53 100644 --- a/lang/cpp/src/callbacks.cpp +++ b/lang/cpp/src/callbacks.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "callbacks.h" #include "util.h" diff --git a/lang/cpp/src/configuration.cpp b/lang/cpp/src/configuration.cpp index 7ef2883..293746a 100644 --- a/lang/cpp/src/configuration.cpp +++ b/lang/cpp/src/configuration.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "configuration.h" #include "error.h" #include "util.h" diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 43a73b1..34d0efc 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include #include diff --git a/lang/cpp/src/context_glib.cpp b/lang/cpp/src/context_glib.cpp index d988918..14093bf 100644 --- a/lang/cpp/src/context_glib.cpp +++ b/lang/cpp/src/context_glib.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include extern "C" GIOChannel *gpgme_get_fdptr(int); diff --git a/lang/cpp/src/context_qt.cpp b/lang/cpp/src/context_qt.cpp index 2ce0005..5d716c5 100644 --- a/lang/cpp/src/context_qt.cpp +++ b/lang/cpp/src/context_qt.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include extern "C" QIODevice *gpgme_get_fdptr(int); diff --git a/lang/cpp/src/context_vanilla.cpp b/lang/cpp/src/context_vanilla.cpp index 984d41b..77a488a 100644 --- a/lang/cpp/src/context_vanilla.cpp +++ b/lang/cpp/src/context_vanilla.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include GIOChannel *GpgME::getGIOChannel(int) diff --git a/lang/cpp/src/data.cpp b/lang/cpp/src/data.cpp index 9527b2f..84ed336 100644 --- a/lang/cpp/src/data.cpp +++ b/lang/cpp/src/data.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "data_p.h" #include #include diff --git a/lang/cpp/src/decryptionresult.cpp b/lang/cpp/src/decryptionresult.cpp index 78a2b1b..f59d24c 100644 --- a/lang/cpp/src/decryptionresult.cpp +++ b/lang/cpp/src/decryptionresult.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include "result_p.h" #include "util.h" diff --git a/lang/cpp/src/defaultassuantransaction.cpp b/lang/cpp/src/defaultassuantransaction.cpp index 5bcf970..549092d 100644 --- a/lang/cpp/src/defaultassuantransaction.cpp +++ b/lang/cpp/src/defaultassuantransaction.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "defaultassuantransaction.h" #include "error.h" #include "data.h" diff --git a/lang/cpp/src/editinteractor.cpp b/lang/cpp/src/editinteractor.cpp index 07dc26d..31591fa 100644 --- a/lang/cpp/src/editinteractor.cpp +++ b/lang/cpp/src/editinteractor.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "editinteractor.h" #include "callbacks.h" #include "error.h" diff --git a/lang/cpp/src/encryptionresult.cpp b/lang/cpp/src/encryptionresult.cpp index c4e7df5..b4298d7 100644 --- a/lang/cpp/src/encryptionresult.cpp +++ b/lang/cpp/src/encryptionresult.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include "result_p.h" #include "util.h" diff --git a/lang/cpp/src/engineinfo.cpp b/lang/cpp/src/engineinfo.cpp index c3b3e04..763aab9 100644 --- a/lang/cpp/src/engineinfo.cpp +++ b/lang/cpp/src/engineinfo.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "engineinfo.h" #include diff --git a/lang/cpp/src/eventloopinteractor.cpp b/lang/cpp/src/eventloopinteractor.cpp index 7ec258c..7faa50c 100644 --- a/lang/cpp/src/eventloopinteractor.cpp +++ b/lang/cpp/src/eventloopinteractor.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include diff --git a/lang/cpp/src/exception.cpp b/lang/cpp/src/exception.cpp index c687024..cf42f91 100644 --- a/lang/cpp/src/exception.cpp +++ b/lang/cpp/src/exception.cpp @@ -21,6 +21,10 @@ */ // -*- c++ -*- +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "exception.h" #include diff --git a/lang/cpp/src/gpgadduserideditinteractor.cpp b/lang/cpp/src/gpgadduserideditinteractor.cpp index 43c8592..f7851a5 100644 --- a/lang/cpp/src/gpgadduserideditinteractor.cpp +++ b/lang/cpp/src/gpgadduserideditinteractor.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "gpgadduserideditinteractor.h" #include "error.h" diff --git a/lang/cpp/src/gpgagentgetinfoassuantransaction.cpp b/lang/cpp/src/gpgagentgetinfoassuantransaction.cpp index 4739aa2..4b30b31 100644 --- a/lang/cpp/src/gpgagentgetinfoassuantransaction.cpp +++ b/lang/cpp/src/gpgagentgetinfoassuantransaction.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "gpgagentgetinfoassuantransaction.h" #include "error.h" #include "data.h" diff --git a/lang/cpp/src/gpgsetexpirytimeeditinteractor.cpp b/lang/cpp/src/gpgsetexpirytimeeditinteractor.cpp index 8af897c..5e8ba80 100644 --- a/lang/cpp/src/gpgsetexpirytimeeditinteractor.cpp +++ b/lang/cpp/src/gpgsetexpirytimeeditinteractor.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "gpgsetexpirytimeeditinteractor.h" #include "error.h" diff --git a/lang/cpp/src/gpgsetownertrusteditinteractor.cpp b/lang/cpp/src/gpgsetownertrusteditinteractor.cpp index 15b1269..581605f 100644 --- a/lang/cpp/src/gpgsetownertrusteditinteractor.cpp +++ b/lang/cpp/src/gpgsetownertrusteditinteractor.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "gpgsetownertrusteditinteractor.h" #include "error.h" diff --git a/lang/cpp/src/gpgsignkeyeditinteractor.cpp b/lang/cpp/src/gpgsignkeyeditinteractor.cpp index fded90f..7effc64 100644 --- a/lang/cpp/src/gpgsignkeyeditinteractor.cpp +++ b/lang/cpp/src/gpgsignkeyeditinteractor.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "gpgsignkeyeditinteractor.h" #include "error.h" #include "key.h" diff --git a/lang/cpp/src/importresult.cpp b/lang/cpp/src/importresult.cpp index 97e8239..4329fc0 100644 --- a/lang/cpp/src/importresult.cpp +++ b/lang/cpp/src/importresult.cpp @@ -21,6 +21,10 @@ */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include "result_p.h" diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index a56f77c..df3dc02 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include "util.h" diff --git a/lang/cpp/src/keygenerationresult.cpp b/lang/cpp/src/keygenerationresult.cpp index 7837e20..52d5222 100644 --- a/lang/cpp/src/keygenerationresult.cpp +++ b/lang/cpp/src/keygenerationresult.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include "result_p.h" diff --git a/lang/cpp/src/keylistresult.cpp b/lang/cpp/src/keylistresult.cpp index 4512d3b..e6fb77f 100644 --- a/lang/cpp/src/keylistresult.cpp +++ b/lang/cpp/src/keylistresult.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include "result_p.h" diff --git a/lang/cpp/src/scdgetinfoassuantransaction.cpp b/lang/cpp/src/scdgetinfoassuantransaction.cpp index 073d772..fb59bcc 100644 --- a/lang/cpp/src/scdgetinfoassuantransaction.cpp +++ b/lang/cpp/src/scdgetinfoassuantransaction.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "scdgetinfoassuantransaction.h" #include "error.h" #include "data.h" diff --git a/lang/cpp/src/signingresult.cpp b/lang/cpp/src/signingresult.cpp index 4f2ef72..3252c03 100644 --- a/lang/cpp/src/signingresult.cpp +++ b/lang/cpp/src/signingresult.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include "result_p.h" #include "util.h" diff --git a/lang/cpp/src/tofuinfo.cpp b/lang/cpp/src/tofuinfo.cpp index e661b3b..a10a3cb 100644 --- a/lang/cpp/src/tofuinfo.cpp +++ b/lang/cpp/src/tofuinfo.cpp @@ -19,6 +19,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "tofuinfo.h" #include diff --git a/lang/cpp/src/trustitem.cpp b/lang/cpp/src/trustitem.cpp index fc7e4a6..0565030 100644 --- a/lang/cpp/src/trustitem.cpp +++ b/lang/cpp/src/trustitem.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp index c62625d..be33ca2 100644 --- a/lang/cpp/src/verificationresult.cpp +++ b/lang/cpp/src/verificationresult.cpp @@ -20,6 +20,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include #include "result_p.h" diff --git a/lang/cpp/src/vfsmountresult.cpp b/lang/cpp/src/vfsmountresult.cpp index c9fdd5e..d3607d1 100644 --- a/lang/cpp/src/vfsmountresult.cpp +++ b/lang/cpp/src/vfsmountresult.cpp @@ -21,6 +21,10 @@ Boston, MA 02110-1301, USA. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include "result_p.h" diff --git a/lang/qt/src/dataprovider.cpp b/lang/qt/src/dataprovider.cpp index 533b67d..df56133 100644 --- a/lang/qt/src/dataprovider.cpp +++ b/lang/qt/src/dataprovider.cpp @@ -21,6 +21,10 @@ // -*- c++ -*- +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include diff --git a/lang/qt/src/defaultkeygenerationjob.cpp b/lang/qt/src/defaultkeygenerationjob.cpp index 8257a72..d26e824 100644 --- a/lang/qt/src/defaultkeygenerationjob.cpp +++ b/lang/qt/src/defaultkeygenerationjob.cpp @@ -28,6 +28,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "defaultkeygenerationjob.h" #include "protocol.h" #include "keygenerationjob.h" diff --git a/lang/qt/src/gpgme_backend_debug.cpp b/lang/qt/src/gpgme_backend_debug.cpp index 6dfb313..6efe932 100644 --- a/lang/qt/src/gpgme_backend_debug.cpp +++ b/lang/qt/src/gpgme_backend_debug.cpp @@ -1,5 +1,9 @@ // This file is autogenerated by CMake: DO NOT EDIT +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "gpgme_backend_debug.h" diff --git a/lang/qt/src/job.cpp b/lang/qt/src/job.cpp index 8936ea5..38dbc99 100644 --- a/lang/qt/src/job.cpp +++ b/lang/qt/src/job.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "job.h" #include "keylistjob.h" diff --git a/lang/qt/src/qgpgmeadduseridjob.cpp b/lang/qt/src/qgpgmeadduseridjob.cpp index eb3bfab..4fc80d1 100644 --- a/lang/qt/src/qgpgmeadduseridjob.cpp +++ b/lang/qt/src/qgpgmeadduseridjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmeadduseridjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmebackend.cpp b/lang/qt/src/qgpgmebackend.cpp index 797e58a..f06244b 100644 --- a/lang/qt/src/qgpgmebackend.cpp +++ b/lang/qt/src/qgpgmebackend.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmebackend.h" diff --git a/lang/qt/src/qgpgmechangeexpiryjob.cpp b/lang/qt/src/qgpgmechangeexpiryjob.cpp index 43ceee3..cf417ab 100644 --- a/lang/qt/src/qgpgmechangeexpiryjob.cpp +++ b/lang/qt/src/qgpgmechangeexpiryjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmechangeexpiryjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmechangeownertrustjob.cpp b/lang/qt/src/qgpgmechangeownertrustjob.cpp index 55131d9..d9a613f 100644 --- a/lang/qt/src/qgpgmechangeownertrustjob.cpp +++ b/lang/qt/src/qgpgmechangeownertrustjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmechangeownertrustjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmechangepasswdjob.cpp b/lang/qt/src/qgpgmechangepasswdjob.cpp index 0aec927..b04273c 100644 --- a/lang/qt/src/qgpgmechangepasswdjob.cpp +++ b/lang/qt/src/qgpgmechangepasswdjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmechangepasswdjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmedecryptjob.cpp b/lang/qt/src/qgpgmedecryptjob.cpp index 7116449..449e9aa 100644 --- a/lang/qt/src/qgpgmedecryptjob.cpp +++ b/lang/qt/src/qgpgmedecryptjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmedecryptjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmedecryptverifyjob.cpp b/lang/qt/src/qgpgmedecryptverifyjob.cpp index d46a9b5..e6d3ff2 100644 --- a/lang/qt/src/qgpgmedecryptverifyjob.cpp +++ b/lang/qt/src/qgpgmedecryptverifyjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmedecryptverifyjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmedeletejob.cpp b/lang/qt/src/qgpgmedeletejob.cpp index 323aec4..9145298 100644 --- a/lang/qt/src/qgpgmedeletejob.cpp +++ b/lang/qt/src/qgpgmedeletejob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmedeletejob.h" #include "context.h" diff --git a/lang/qt/src/qgpgmedownloadjob.cpp b/lang/qt/src/qgpgmedownloadjob.cpp index 48cc907..b0dca56 100644 --- a/lang/qt/src/qgpgmedownloadjob.cpp +++ b/lang/qt/src/qgpgmedownloadjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmedownloadjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmeencryptjob.cpp b/lang/qt/src/qgpgmeencryptjob.cpp index 82c8ed8..d13acab 100644 --- a/lang/qt/src/qgpgmeencryptjob.cpp +++ b/lang/qt/src/qgpgmeencryptjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmeencryptjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmeexportjob.cpp b/lang/qt/src/qgpgmeexportjob.cpp index dfc5fc9..e6073f0 100644 --- a/lang/qt/src/qgpgmeexportjob.cpp +++ b/lang/qt/src/qgpgmeexportjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmeexportjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmeimportfromkeyserverjob.cpp b/lang/qt/src/qgpgmeimportfromkeyserverjob.cpp index 0f19679..acefbb2 100644 --- a/lang/qt/src/qgpgmeimportfromkeyserverjob.cpp +++ b/lang/qt/src/qgpgmeimportfromkeyserverjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmeimportfromkeyserverjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmeimportjob.cpp b/lang/qt/src/qgpgmeimportjob.cpp index f125b12..dcabad3 100644 --- a/lang/qt/src/qgpgmeimportjob.cpp +++ b/lang/qt/src/qgpgmeimportjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmeimportjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmekeyformailboxjob.cpp b/lang/qt/src/qgpgmekeyformailboxjob.cpp index 803d0e6..7054c78 100644 --- a/lang/qt/src/qgpgmekeyformailboxjob.cpp +++ b/lang/qt/src/qgpgmekeyformailboxjob.cpp @@ -30,6 +30,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmekeyformailboxjob.h" #include "qgpgmekeylistjob.h" diff --git a/lang/qt/src/qgpgmekeygenerationjob.cpp b/lang/qt/src/qgpgmekeygenerationjob.cpp index cba6b76..31f3342 100644 --- a/lang/qt/src/qgpgmekeygenerationjob.cpp +++ b/lang/qt/src/qgpgmekeygenerationjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmekeygenerationjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmekeylistjob.cpp b/lang/qt/src/qgpgmekeylistjob.cpp index 1169c46..887a902 100644 --- a/lang/qt/src/qgpgmekeylistjob.cpp +++ b/lang/qt/src/qgpgmekeylistjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmekeylistjob.h" #include "key.h" diff --git a/lang/qt/src/qgpgmelistallkeysjob.cpp b/lang/qt/src/qgpgmelistallkeysjob.cpp index fd8bfc3..7ba8bc9 100644 --- a/lang/qt/src/qgpgmelistallkeysjob.cpp +++ b/lang/qt/src/qgpgmelistallkeysjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmelistallkeysjob.h" #include "key.h" diff --git a/lang/qt/src/qgpgmenewcryptoconfig.cpp b/lang/qt/src/qgpgmenewcryptoconfig.cpp index 7303f10..62566d5 100644 --- a/lang/qt/src/qgpgmenewcryptoconfig.cpp +++ b/lang/qt/src/qgpgmenewcryptoconfig.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmenewcryptoconfig.h" #include diff --git a/lang/qt/src/qgpgmerefreshkeysjob.cpp b/lang/qt/src/qgpgmerefreshkeysjob.cpp index 3d221f6..93ac63a 100644 --- a/lang/qt/src/qgpgmerefreshkeysjob.cpp +++ b/lang/qt/src/qgpgmerefreshkeysjob.cpp @@ -33,6 +33,10 @@ #define MAX_CMD_LENGTH 32768 +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmerefreshkeysjob.h" #include diff --git a/lang/qt/src/qgpgmesecretkeyexportjob.cpp b/lang/qt/src/qgpgmesecretkeyexportjob.cpp index f4ec698..d740852 100644 --- a/lang/qt/src/qgpgmesecretkeyexportjob.cpp +++ b/lang/qt/src/qgpgmesecretkeyexportjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmesecretkeyexportjob.h" #include diff --git a/lang/qt/src/qgpgmesignencryptjob.cpp b/lang/qt/src/qgpgmesignencryptjob.cpp index d2e45b1..9dcc619 100644 --- a/lang/qt/src/qgpgmesignencryptjob.cpp +++ b/lang/qt/src/qgpgmesignencryptjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmesignencryptjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmesignjob.cpp b/lang/qt/src/qgpgmesignjob.cpp index 4e2312b..e165f52 100644 --- a/lang/qt/src/qgpgmesignjob.cpp +++ b/lang/qt/src/qgpgmesignjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmesignjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmesignkeyjob.cpp b/lang/qt/src/qgpgmesignkeyjob.cpp index e6c1478..27aff5e 100644 --- a/lang/qt/src/qgpgmesignkeyjob.cpp +++ b/lang/qt/src/qgpgmesignkeyjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmesignkeyjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmetofupolicyjob.cpp b/lang/qt/src/qgpgmetofupolicyjob.cpp index a24c946..34630a1 100644 --- a/lang/qt/src/qgpgmetofupolicyjob.cpp +++ b/lang/qt/src/qgpgmetofupolicyjob.cpp @@ -28,6 +28,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmetofupolicyjob.h" #include "context.h" diff --git a/lang/qt/src/qgpgmeverifydetachedjob.cpp b/lang/qt/src/qgpgmeverifydetachedjob.cpp index 8efef05..ee74861 100644 --- a/lang/qt/src/qgpgmeverifydetachedjob.cpp +++ b/lang/qt/src/qgpgmeverifydetachedjob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmeverifydetachedjob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmeverifyopaquejob.cpp b/lang/qt/src/qgpgmeverifyopaquejob.cpp index b513f82..aea406a 100644 --- a/lang/qt/src/qgpgmeverifyopaquejob.cpp +++ b/lang/qt/src/qgpgmeverifyopaquejob.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmeverifyopaquejob.h" #include "dataprovider.h" diff --git a/lang/qt/src/qgpgmewkspublishjob.cpp b/lang/qt/src/qgpgmewkspublishjob.cpp index 8f97cb5..96f5a1d 100644 --- a/lang/qt/src/qgpgmewkspublishjob.cpp +++ b/lang/qt/src/qgpgmewkspublishjob.cpp @@ -28,6 +28,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "qgpgmewkspublishjob.h" #include "context.h" diff --git a/lang/qt/src/threadedjobmixin.cpp b/lang/qt/src/threadedjobmixin.cpp index cd6ab5f..66d21fb 100644 --- a/lang/qt/src/threadedjobmixin.cpp +++ b/lang/qt/src/threadedjobmixin.cpp @@ -31,6 +31,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "threadedjobmixin.h" #include "dataprovider.h" diff --git a/lang/qt/tests/run-keyformailboxjob.cpp b/lang/qt/tests/run-keyformailboxjob.cpp index 9ac7668..73bedbd 100644 --- a/lang/qt/tests/run-keyformailboxjob.cpp +++ b/lang/qt/tests/run-keyformailboxjob.cpp @@ -29,6 +29,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "keyformailboxjob.h" #include "keylistjob.h" #include "protocol.h" diff --git a/lang/qt/tests/t-encrypt.cpp b/lang/qt/tests/t-encrypt.cpp index 3d4cfa9..bc6b878 100644 --- a/lang/qt/tests/t-encrypt.cpp +++ b/lang/qt/tests/t-encrypt.cpp @@ -28,6 +28,10 @@ you do not wish to do so, delete this exception statement from your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include #include diff --git a/lang/qt/tests/t-keylist.cpp b/lang/qt/tests/t-keylist.cpp index 767c96b..2578576 100644 --- a/lang/qt/tests/t-keylist.cpp +++ b/lang/qt/tests/t-keylist.cpp @@ -29,6 +29,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include #include diff --git a/lang/qt/tests/t-keylocate.cpp b/lang/qt/tests/t-keylocate.cpp index e75f24d..63cb836 100644 --- a/lang/qt/tests/t-keylocate.cpp +++ b/lang/qt/tests/t-keylocate.cpp @@ -28,6 +28,10 @@ you do not wish to do so, delete this exception statement from your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include #include diff --git a/lang/qt/tests/t-ownertrust.cpp b/lang/qt/tests/t-ownertrust.cpp index b9efffd..db863b2 100644 --- a/lang/qt/tests/t-ownertrust.cpp +++ b/lang/qt/tests/t-ownertrust.cpp @@ -29,6 +29,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include #include diff --git a/lang/qt/tests/t-support.cpp b/lang/qt/tests/t-support.cpp index 86372f7..857d0a3 100644 --- a/lang/qt/tests/t-support.cpp +++ b/lang/qt/tests/t-support.cpp @@ -29,6 +29,10 @@ your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include "t-support.h" #include diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index d76ff7b..2c87e4a 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -28,6 +28,10 @@ you do not wish to do so, delete this exception statement from your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include #include diff --git a/lang/qt/tests/t-wkspublish.cpp b/lang/qt/tests/t-wkspublish.cpp index 17d3447..4558fdc 100644 --- a/lang/qt/tests/t-wkspublish.cpp +++ b/lang/qt/tests/t-wkspublish.cpp @@ -28,6 +28,10 @@ you do not wish to do so, delete this exception statement from your version. */ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + #include #include #include ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/callbacks.cpp | 4 ++++ lang/cpp/src/configuration.cpp | 4 ++++ lang/cpp/src/context.cpp | 4 ++++ lang/cpp/src/context_glib.cpp | 4 ++++ lang/cpp/src/context_qt.cpp | 4 ++++ lang/cpp/src/context_vanilla.cpp | 4 ++++ lang/cpp/src/data.cpp | 4 ++++ lang/cpp/src/decryptionresult.cpp | 4 ++++ lang/cpp/src/defaultassuantransaction.cpp | 4 ++++ lang/cpp/src/editinteractor.cpp | 4 ++++ lang/cpp/src/encryptionresult.cpp | 4 ++++ lang/cpp/src/engineinfo.cpp | 4 ++++ lang/cpp/src/eventloopinteractor.cpp | 4 ++++ lang/cpp/src/exception.cpp | 4 ++++ lang/cpp/src/gpgadduserideditinteractor.cpp | 4 ++++ lang/cpp/src/gpgagentgetinfoassuantransaction.cpp | 4 ++++ lang/cpp/src/gpgsetexpirytimeeditinteractor.cpp | 4 ++++ lang/cpp/src/gpgsetownertrusteditinteractor.cpp | 4 ++++ lang/cpp/src/gpgsignkeyeditinteractor.cpp | 4 ++++ lang/cpp/src/importresult.cpp | 4 ++++ lang/cpp/src/key.cpp | 4 ++++ lang/cpp/src/keygenerationresult.cpp | 4 ++++ lang/cpp/src/keylistresult.cpp | 4 ++++ lang/cpp/src/scdgetinfoassuantransaction.cpp | 4 ++++ lang/cpp/src/signingresult.cpp | 4 ++++ lang/cpp/src/tofuinfo.cpp | 4 ++++ lang/cpp/src/trustitem.cpp | 4 ++++ lang/cpp/src/verificationresult.cpp | 4 ++++ lang/cpp/src/vfsmountresult.cpp | 4 ++++ lang/qt/src/dataprovider.cpp | 4 ++++ lang/qt/src/defaultkeygenerationjob.cpp | 4 ++++ lang/qt/src/gpgme_backend_debug.cpp | 4 ++++ lang/qt/src/job.cpp | 4 ++++ lang/qt/src/qgpgmeadduseridjob.cpp | 4 ++++ lang/qt/src/qgpgmebackend.cpp | 4 ++++ lang/qt/src/qgpgmechangeexpiryjob.cpp | 4 ++++ lang/qt/src/qgpgmechangeownertrustjob.cpp | 4 ++++ lang/qt/src/qgpgmechangepasswdjob.cpp | 4 ++++ lang/qt/src/qgpgmedecryptjob.cpp | 4 ++++ lang/qt/src/qgpgmedecryptverifyjob.cpp | 4 ++++ lang/qt/src/qgpgmedeletejob.cpp | 4 ++++ lang/qt/src/qgpgmedownloadjob.cpp | 4 ++++ lang/qt/src/qgpgmeencryptjob.cpp | 4 ++++ lang/qt/src/qgpgmeexportjob.cpp | 4 ++++ lang/qt/src/qgpgmeimportfromkeyserverjob.cpp | 4 ++++ lang/qt/src/qgpgmeimportjob.cpp | 4 ++++ lang/qt/src/qgpgmekeyformailboxjob.cpp | 4 ++++ lang/qt/src/qgpgmekeygenerationjob.cpp | 4 ++++ lang/qt/src/qgpgmekeylistjob.cpp | 4 ++++ lang/qt/src/qgpgmelistallkeysjob.cpp | 4 ++++ lang/qt/src/qgpgmenewcryptoconfig.cpp | 4 ++++ lang/qt/src/qgpgmerefreshkeysjob.cpp | 4 ++++ lang/qt/src/qgpgmesecretkeyexportjob.cpp | 4 ++++ lang/qt/src/qgpgmesignencryptjob.cpp | 4 ++++ lang/qt/src/qgpgmesignjob.cpp | 4 ++++ lang/qt/src/qgpgmesignkeyjob.cpp | 4 ++++ lang/qt/src/qgpgmetofupolicyjob.cpp | 4 ++++ lang/qt/src/qgpgmeverifydetachedjob.cpp | 4 ++++ lang/qt/src/qgpgmeverifyopaquejob.cpp | 4 ++++ lang/qt/src/qgpgmewkspublishjob.cpp | 4 ++++ lang/qt/src/threadedjobmixin.cpp | 4 ++++ lang/qt/tests/run-keyformailboxjob.cpp | 4 ++++ lang/qt/tests/t-encrypt.cpp | 4 ++++ lang/qt/tests/t-keylist.cpp | 4 ++++ lang/qt/tests/t-keylocate.cpp | 4 ++++ lang/qt/tests/t-ownertrust.cpp | 4 ++++ lang/qt/tests/t-support.cpp | 4 ++++ lang/qt/tests/t-tofuinfo.cpp | 4 ++++ lang/qt/tests/t-wkspublish.cpp | 4 ++++ 69 files changed, 276 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 23 16:10:19 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Fri, 23 Sep 2016 16:10:19 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-13-g95f3865 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 95f38652f696476b38a040644eac40b4511d2b32 (commit) via a11450eb048df79a3f2b00ebef6d7cab07ad5054 (commit) via 9b38817968b90caf73f123255fe427691e82fec4 (commit) from a142f187b7ddb2728ec3e1743da4a0c4538ab40a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 95f38652f696476b38a040644eac40b4511d2b32 Author: Daniel Kahn Gillmor Date: Thu Sep 22 18:43:48 2016 -0400 Fix spelling * lang/cpp/src/context.h, lang/qt/src/protocol.h, lang/qt/src/wkspublishjob.h, src/data-identify.c, src/engine-gpg.c: minor spelling cleanup. -- Signed-off-by: Daniel Kahn Gillmor diff --git a/lang/cpp/src/context.h b/lang/cpp/src/context.h index b1e4f5f..ab15a21 100644 --- a/lang/cpp/src/context.h +++ b/lang/cpp/src/context.h @@ -364,8 +364,8 @@ public: * @param file The executable to start. * @param argv list of arguments file should be argv[0]. * @param input The data to be sent through stdin. - * @param output The data to be recieve the stdout. - * @param err The data to recieve stderr. + * @param output The data to be receive the stdout. + * @param err The data to receive stderr. * @param flags Additional flags. * * @returns An error or empty error. diff --git a/lang/qt/src/protocol.h b/lang/qt/src/protocol.h index 40ddcb5..15d83e0 100644 --- a/lang/qt/src/protocol.h +++ b/lang/qt/src/protocol.h @@ -76,7 +76,7 @@ class TofuPolicyJob; * two are always a QString for the auditlog and an GpgME::Error for * an eventual error. * - * In case async API is used and the result signal is emited a + * In case async API is used and the result signal is emitted a * job schedules its own deletion. * * Most jobs also provide a synchronous call exec in which case @@ -161,14 +161,14 @@ public: /** Obtain a reference to the OpenPGP Protocol. * * The reference is to a static object. - * @returns Refrence to the OpenPGP Protocol. + * @returns Reference to the OpenPGP Protocol. */ QGPGME_EXPORT Protocol *openpgp(); /** Obtain a reference to the smime Protocol. * * The reference is to a static object. - * @returns Refrence to the smime Protocol. + * @returns Reference to the smime Protocol. */ QGPGME_EXPORT Protocol *smime(); diff --git a/lang/qt/src/wkspublishjob.h b/lang/qt/src/wkspublishjob.h index 782112f..d7bcd5d 100644 --- a/lang/qt/src/wkspublishjob.h +++ b/lang/qt/src/wkspublishjob.h @@ -45,7 +45,7 @@ namespace QGpgME { * Handles Web Key Service Publishing. Needs WKS tools installed and * server support. * - * Remember that after a result is emited the job is auto deleted + * Remember that after a result is emitted the job is auto deleted * so you can only use it for a single action. */ class QGPGME_EXPORT WKSPublishJob: public Job diff --git a/src/data-identify.c b/src/data-identify.c index a5da7f5..615a4f3 100644 --- a/src/data-identify.c +++ b/src/data-identify.c @@ -278,7 +278,7 @@ pgp_binary_detection (const void *image_arg, size_t imagelen) /* This is probably an armored "PGP MESSAGE" which can encode * different PGP data types. STRING is modified after a call to this - * fucntion. */ + * function. */ static gpgme_data_type_t inspect_pgp_message (char *string) { diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 3f1d34d..4415c94 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2543,7 +2543,7 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only, err = add_arg (gpg, "--with-colons"); /* Since gpg 2.1.15 fingerprints are always printed, thus there is - * no more need to explictly request them. */ + * no more need to explicitly request them. */ if (!have_gpg_version (gpg, "2.1.15")) { if (!err) commit a11450eb048df79a3f2b00ebef6d7cab07ad5054 Author: Daniel Kahn Gillmor Date: Thu Sep 22 18:23:04 2016 -0400 move some file encodings to UTF-8 * THANKS, doc/ChangeLog-2011, tests/ChangeLog-2011, tests/gpg/geheim.txt: convert from iso 8859-1 to utf-8. * lang/qt/src/dataprovider.cpp, lang/qt/src/qgpgmerefreshkeysjob.cpp, lang/qt/src/qgpgmesecretkeyexportjob.cpp: replace U+FFFD REPLACEMENT CHARACTER with proper U+00E4 LATIN SMALL LETTER A WITH DIAERESIS. -- Note that src/versioninfo.rc.in is still ISO-8859-1. I don't know whether Windows will properly handle UTF-8 in this file or not, so i have not touched it. Signed-off-by: Daniel Kahn Gillmor diff --git a/THANKS b/THANKS index 9d79004..e312775 100644 --- a/THANKS +++ b/THANKS @@ -5,7 +5,7 @@ want to thank them for their help. If we forgot you, please let us know. Adriaan de Groot adridg at cs.kun.nl -Albrecht Dre? albrecht.dress at arcor.de +Albrecht Dre?? albrecht.dress at arcor.de Alfons Hoogervorst alfons at proteus.demon.nl Daniel Mueller daniel at danm.de Enno Cramer uebergeek at web.de @@ -13,13 +13,13 @@ Frank Heckenbach frank at g-n-u.de Igor Belyi gpgme at katehok.ac93.org Jan-Oliver Wagner jan at intevation.de Johannes Poehlmann jhp at caldera.de -Jose C. Garc?a Sogo jose at jaimedelamo.eu.org +Jose C. Garc??a Sogo jose at jaimedelamo.eu.org Leo Gaspard ekleog at gmail.com Mark Mutz mutz at kde.org Miguel Coca mcoca at gnu.org Noel Torres envite at rolamasao.org Patrick Spendrin patrick.spendrin at kdab.com -St?phane Corth?sy stephane at sente.ch +St??phane Corth??sy stephane at sente.ch Timo Schulz twoaday at freakmail.de Tommy Reynolds reynolds at redhat.com W. Trevor King wking at tremily.us diff --git a/doc/ChangeLog-2011 b/doc/ChangeLog-2011 index d6ecca7..e270fae 100644 --- a/doc/ChangeLog-2011 +++ b/doc/ChangeLog-2011 @@ -397,7 +397,7 @@ (Listing Keys): Update examples. (Decrypt): Result might also be available when operation failed. (Verify): Result might also be available when operation failed. - All spotted by St?phane Corth?sy. + All spotted by St??phane Corth??sy. 2003-07-22 Marcus Brinkmann diff --git a/lang/qt/src/dataprovider.cpp b/lang/qt/src/dataprovider.cpp index df56133..8385686 100644 --- a/lang/qt/src/dataprovider.cpp +++ b/lang/qt/src/dataprovider.cpp @@ -1,5 +1,5 @@ /* dataprovider.cpp - Copyright (C) 2004 Klar???vdalens Datakonsult AB + Copyright (C) 2004 Klar??vdalens Datakonsult AB Copyright (c) 2016 Intevation GmbH This file is part of QGPGME. diff --git a/lang/qt/src/qgpgmerefreshkeysjob.cpp b/lang/qt/src/qgpgmerefreshkeysjob.cpp index 93ac63a..493a010 100644 --- a/lang/qt/src/qgpgmerefreshkeysjob.cpp +++ b/lang/qt/src/qgpgmerefreshkeysjob.cpp @@ -2,7 +2,7 @@ qgpgmerefreshkeysjob.cpp This file is part of qgpgme, the Qt API binding for gpgme - Copyright (c) 2004 Klar???vdalens Datakonsult AB + Copyright (c) 2004 Klar??vdalens Datakonsult AB Copyright (c) 2016 Intevation GmbH QGpgME is free software; you can redistribute it and/or diff --git a/lang/qt/src/qgpgmesecretkeyexportjob.cpp b/lang/qt/src/qgpgmesecretkeyexportjob.cpp index d740852..75cd83a 100644 --- a/lang/qt/src/qgpgmesecretkeyexportjob.cpp +++ b/lang/qt/src/qgpgmesecretkeyexportjob.cpp @@ -2,7 +2,7 @@ qgpgmesecretexportjob.cpp This file is part of qgpgme, the Qt API binding for gpgme - Copyright (c) 2004 Klar???vdalens Datakonsult AB + Copyright (c) 2004 Klar??vdalens Datakonsult AB Copyright (c) 2016 Intevation GmbH QGpgME is free software; you can redistribute it and/or diff --git a/tests/ChangeLog-2011 b/tests/ChangeLog-2011 index 596c2df..3ec0fb7 100644 --- a/tests/ChangeLog-2011 +++ b/tests/ChangeLog-2011 @@ -603,7 +603,7 @@ 2002-09-28 Marcus Brinkmann - * t-version.c: Include . Reported by St?phane Corth?sy. + * t-version.c: Include . Reported by St??phane Corth??sy. 2002-09-02 Marcus Brinkmann @@ -624,8 +624,8 @@ * gpg/t-encrypt-sym.c (main): Change type of I to size_t and rename to LEN. - * gpg/t-verify.c (main): Likewise. Submitted by St?phane - Corth?sy. + * gpg/t-verify.c (main): Likewise. Submitted by St??phane + Corth??sy. 2002-07-03 Marcus Brinkmann @@ -772,7 +772,7 @@ 2001-12-19 Marcus Brinkmann * gpg/t-decrypt-verify.c: Don't include `mcheck.h'. Reported by - St?phane Corth?sy. + St??phane Corth??sy. 2001-12-19 Marcus Brinkmann diff --git a/tests/gpg/geheim.txt b/tests/gpg/geheim.txt index 99a5478..49d78a7 100644 --- a/tests/gpg/geheim.txt +++ b/tests/gpg/geheim.txt @@ -1,2 +1,2 @@ -Wenn Sie dies lesen k?nnen, ist es wohl nicht +Wenn Sie dies lesen k??nnen, ist es wohl nicht geheim genug. commit 9b38817968b90caf73f123255fe427691e82fec4 Author: Andre Heinecke Date: Fri Sep 23 16:03:37 2016 +0200 tests: Check data after decryption * tests/gpgsm/t-decrypt.c (main): Check data matches expected. Only print result if it does not. diff --git a/tests/gpgsm/t-decrypt.c b/tests/gpgsm/t-decrypt.c index 658809c..81803af 100644 --- a/tests/gpgsm/t-decrypt.c +++ b/tests/gpgsm/t-decrypt.c @@ -54,6 +54,8 @@ main (void) gpgme_ctx_t ctx; gpgme_error_t err; gpgme_data_t in, out; + size_t len; + char *test_text2; gpgme_decrypt_result_t result; init_gpgme (GPGME_PROTOCOL_CMS); @@ -77,10 +79,18 @@ main (void) __FILE__, __LINE__, result->unsupported_algorithm); exit (1); } - print_data (out); + test_text2 = gpgme_data_release_and_get_mem (out, &len); + test_text2[len] = '\0'; + if (strcmp (test_text1, test_text2)) + { + fprintf (stderr, "%s:%i: data mismatch: expected: \n\"%s\"\n" + "got:\n\"%s\"", + __FILE__, __LINE__, test_text1, test_text2); + exit (1); + } + free (test_text2); gpgme_data_release (in); - gpgme_data_release (out); gpgme_release (ctx); return 0; } ----------------------------------------------------------------------- Summary of changes: THANKS | 6 +++--- doc/ChangeLog-2011 | 2 +- lang/cpp/src/context.h | 4 ++-- lang/qt/src/dataprovider.cpp | 2 +- lang/qt/src/protocol.h | 6 +++--- lang/qt/src/qgpgmerefreshkeysjob.cpp | 2 +- lang/qt/src/qgpgmesecretkeyexportjob.cpp | 2 +- lang/qt/src/wkspublishjob.h | 2 +- src/data-identify.c | 2 +- src/engine-gpg.c | 2 +- tests/ChangeLog-2011 | 8 ++++---- tests/gpg/geheim.txt | 2 +- tests/gpgsm/t-decrypt.c | 14 ++++++++++++-- 13 files changed, 32 insertions(+), 22 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 26 16:58:37 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 26 Sep 2016 16:58:37 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-17-gc9934bb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c9934bb1eecae28abeb361db9f5eb73e7e02ecb6 (commit) via c38fabfea0601ed5f61e27e0bf43f8e74c67ce2a (commit) via 1d80e7374aa3150306c86afe7acdc8e8eb05143f (commit) via 3703a4723899d7563937b4b99f5bbe4dd8d3dfed (commit) from 95f38652f696476b38a040644eac40b4511d2b32 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c9934bb1eecae28abeb361db9f5eb73e7e02ecb6 Author: Justus Winter Date: Mon Sep 26 16:45:21 2016 +0200 python: Get rid of the last C++-style comments. -- Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 04257fd..eaeb4f8 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -110,7 +110,7 @@ Py_XDECREF(pyVector$argnum[i]); } -// Release returned buffers as necessary. +/* Release returned buffers as necessary. */ %typemap(newfree) char * "free($1);"; %newobject gpgme_data_release_and_get_mem; @@ -133,7 +133,7 @@ /* input = $input, 1 = $1, 1_descriptor = $1_descriptor */ /* &1_descriptor = $&1_descriptor *1_descriptor = $*1_descriptor */ - // Following code is from swig's python.swg + /* Following code is from swig's python.swg. */ if ((SWIG_ConvertPtr(pypointer,(void **) &$1[i], $*1_descriptor,SWIG_POINTER_EXCEPTION | $disown )) == -1) { Py_DECREF(pypointer); return NULL; @@ -147,7 +147,7 @@ if ($1) free($1); } -// Special handling for references to our objects. +/* Special handling for references to our objects. */ %typemap(in) gpgme_data_t DATAIN (gpgme_data_t wrapper = NULL, PyObject *bytesio = NULL, Py_buffer view, int have_view = 0) { @@ -167,7 +167,7 @@ /* input = $input, 1 = $1, 1_descriptor = $1_descriptor */ - // Following code is from swig's python.swg + /* Following code is from swig's python.swg. */ if ((SWIG_ConvertPtr(pypointer,(void **) &$1, $1_descriptor, SWIG_POINTER_EXCEPTION | $disown )) == -1) { @@ -401,7 +401,7 @@ Py_XDECREF(encodedInput$argnum); } -// Make types containing 'next' field to be lists +/* Make types containing 'next' field to be lists. */ %ignore next; %typemap(out) gpgme_sig_notation_t, gpgme_subkey_t, gpgme_key_sig_t, gpgme_user_id_t, gpgme_invalid_key_t, @@ -631,7 +631,7 @@ struct _gpgme_sig_notation %include "errors.i" -// Generating and handling pointers-to-pointers. +/* Generating and handling pointers-to-pointers. */ %pointer_functions(gpgme_ctx_t, gpgme_ctx_t_p); %pointer_functions(gpgme_data_t, gpgme_data_t_p); @@ -640,7 +640,7 @@ struct _gpgme_sig_notation %pointer_functions(gpgme_trust_item_t, gpgme_trust_item_t_p); %pointer_functions(gpgme_engine_info_t, gpgme_engine_info_t_p); -// Helper functions. +/* Helper functions. */ %{ #include commit c38fabfea0601ed5f61e27e0bf43f8e74c67ce2a Author: Justus Winter Date: Mon Sep 26 13:16:59 2016 +0200 python: Correctly translate to size_t. * lang/python/gpgme.i: Correctly translate Python number to size_t. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 934ebea..04257fd 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -329,14 +329,29 @@ PyErr_SetString(PyExc_TypeError, "Numeric argument expected"); } -// Those are for gpgme_data_read() and gpgme_strerror_r() +/* Those are for gpgme_data_read() and gpgme_strerror_r(). */ %typemap(in) (void *buffer, size_t size), (char *buf, size_t buflen) { - $2 = PyLong_AsLong($input); - if ($2 < 0) { - PyErr_SetString(PyExc_ValueError, "Positive integer expected"); - return NULL; - } - $1 = ($1_ltype) malloc($2+1); + { + long tmp$argnum; + if (PyLong_Check($input)) + tmp$argnum = PyLong_AsLong($input); +#if PY_MAJOR_VERSION < 3 + else if (PyInt_Check($input)) + tmp$argnum = PyInt_AsLong($input); +#endif + else + { + PyErr_SetString(PyExc_TypeError, "Numeric argument expected"); + return NULL; + } + + if (tmp$argnum < 0) { + PyErr_SetString(PyExc_ValueError, "Positive integer expected"); + return NULL; + } + $2 = (size_t) tmp$argnum; + $1 = ($1_ltype) malloc($2+1); + } } %typemap(argout) (void *buffer, size_t size), (char *buf, size_t buflen) { Py_XDECREF($result); /* Blow away any previous result */ commit 1d80e7374aa3150306c86afe7acdc8e8eb05143f Author: Justus Winter Date: Mon Sep 26 13:04:35 2016 +0200 python: Correctly translate off_t. * lang/python/gpgme.i: Improve int/long translations, correctly handle off_t with large file support. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index a4672e1..934ebea 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -291,13 +291,42 @@ /* SWIG has problems interpreting ssize_t, off_t or gpgme_error_t in gpgme.h. */ -/* XXX: This is wrong at least for off_t if compiled with LFS. */ -%typemap(out) ssize_t, off_t, gpgme_error_t, gpgme_err_code_t, gpgme_err_source_t, gpg_error_t { +%typemap(out) ssize_t, gpgme_error_t, gpgme_err_code_t, gpgme_err_source_t, gpg_error_t { $result = PyLong_FromLong($1); } -/* XXX: This is wrong at least for off_t if compiled with LFS. */ -%typemap(in) ssize_t, off_t, gpgme_error_t, gpgme_err_code_t, gpgme_err_source_t, gpg_error_t { - $1 = PyLong_AsLong($input); + +%typemap(in) ssize_t, gpgme_error_t, gpgme_err_code_t, gpgme_err_source_t, gpg_error_t { + if (PyLong_Check($input)) + $1 = PyLong_AsLong($input); +#if PY_MAJOR_VERSION < 3 + else if (PyInt_Check($input)) + $1 = PyInt_AsLong($input); +#endif + else + PyErr_SetString(PyExc_TypeError, "Numeric argument expected"); +} + +%typemap(out) off_t { +#if _FILE_OFFSET_BITS == 64 + $result = PyLong_FromLongLong($1); +#else + $result = PyLong_FromLong($1); +#endif +} + +%typemap(in) off_t { + if (PyLong_Check($input)) +#if _FILE_OFFSET_BITS == 64 + $1 = PyLong_AsLongLong($input); +#else + $1 = PyLong_AsLong($input); +#endif +#if PY_MAJOR_VERSION < 3 + else if (PyInt_Check($input)) + $1 = PyInt_AsLong($input); +#endif + else + PyErr_SetString(PyExc_TypeError, "Numeric argument expected"); } // Those are for gpgme_data_read() and gpgme_strerror_r() commit 3703a4723899d7563937b4b99f5bbe4dd8d3dfed Author: Justus Winter Date: Mon Sep 26 11:35:40 2016 +0200 python: Include 'config.h'. * lang/python/Makefile.am: Pass 'top_builddir' to 'setup.py'. * lang/python/gpgme.i: Include 'config.h'. * lang/python/helpers.c: Likewise. * lang/python/helpers.h: Likewise. * lang/python/setup.py.in: Make sure that 'config.h' can be found. -- Fixes build on 32 bit platforms with large file support. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 2271ce0..1d7aee8 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -56,6 +56,7 @@ copystamp: $(COPY_FILES) $(COPY_FILES_PYME) all-local: copystamp for PYTHON in $(PYTHONS); do \ CFLAGS="$(CFLAGS) -I$(top_srcdir)" \ + top_builddir="$(top_builddir)" \ $$PYTHON setup.py build --verbose ; \ done diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 84addae..a4672e1 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -547,6 +547,10 @@ some structs, which we provide prior to including the version for SWIG. */ %{ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include %} @@ -575,6 +579,10 @@ struct _gpgme_sig_notation /* Now include our local modified version. Any structs defined above are ignored. */ +#ifdef HAVE_CONFIG_H +%include "config.h" +#endif + %include "gpgme.h" %include "errors.i" diff --git a/lang/python/helpers.c b/lang/python/helpers.c index f9aec91..3724752 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -18,6 +18,10 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include #include diff --git a/lang/python/helpers.h b/lang/python/helpers.h index 9200f93..67d23b2 100644 --- a/lang/python/helpers.h +++ b/lang/python/helpers.h @@ -18,6 +18,10 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include "Python.h" diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index 31892c1..7af2d48 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -28,6 +28,7 @@ gpg_error_config = ["gpg-error-config"] gpgme_config_flags = ["--thread=pthread"] gpgme_config = ["gpgme-config"] + gpgme_config_flags gpgme_h = "" +include_dirs = [os.getcwd()] library_dirs = [] in_tree = False extra_swig_opts = [] @@ -38,8 +39,13 @@ if os.path.exists("../../src/gpgme-config"): in_tree = True gpgme_config = ["../../src/gpgme-config"] + gpgme_config_flags gpgme_h = "../../src/gpgme.h" + if 'top_builddir' in os.environ: + include_dirs.append(os.environ['top_builddir']) + # Make sure that SWIG finds config.h when processing gpgme.i. + extra_swig_opts.append("-I{0}".format(os.environ['top_builddir'])) library_dirs = ["../../src/.libs"] # XXX uses libtool internals extra_macros.update( + HAVE_CONFIG_H=1, HAVE_DATA_H=1, IN_TREE_BUILD=1, ) @@ -94,7 +100,6 @@ subprocess.check_call([sys.executable, "gpgme-h-clean.py", gpgme_h], subprocess.check_call([sys.executable, "gpgme-h-clean.py", gpg_error_h], stdout=open("errors.i", "w")) -include_dirs = [os.getcwd()] define_macros = [] libs = getconfig('libs') ----------------------------------------------------------------------- Summary of changes: lang/python/Makefile.am | 1 + lang/python/gpgme.i | 90 ++++++++++++++++++++++++++++++++++++++----------- lang/python/helpers.c | 4 +++ lang/python/helpers.h | 4 +++ lang/python/setup.py.in | 7 +++- 5 files changed, 86 insertions(+), 20 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 27 07:08:22 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 27 Sep 2016 07:08:22 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-165-g98bc6f4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 98bc6f480ac973dccce90378dc021a2e24e58704 (commit) from df5353b95eefc13135e7df50a7c197f270d6080d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 98bc6f480ac973dccce90378dc021a2e24e58704 Author: NIIBE Yutaka Date: Tue Sep 27 14:01:18 2016 +0900 agent: Allow only specific digest size for ECDSA. * agent/pksign.c (do_encode_dsa): Fix validation of digest size. -- Thanks to Steven Noonan who offers patches and a test case. GnuPG-bug-id: 2702 Signed-off-by: NIIBE Yutaka diff --git a/agent/pksign.c b/agent/pksign.c index 9011be2..17f2704 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -189,25 +189,21 @@ do_encode_dsa (const byte *md, size_t mdlen, int pkalgo, gcry_sexp_t pkey, return gpg_error (GPG_ERR_INV_LENGTH); } + /* ECDSA 521 is special has it is larger than the largest hash + we have (SHA-512). Thus we chnage the size for further + processing to 512. */ + if (pkalgo == GCRY_PK_ECDSA && qbits > 512) + qbits = 512; + /* Check if we're too short. Too long is safe as we'll - * automatically left-truncate. - * - * This check would require the use of SHA512 with ECDSA 512. I - * think this is overkill to fail in this case. Therefore, relax - * the check, but only for ECDSA keys. We may need to adjust it - * later for general case. (Note that the check is really a bug for - * ECDSA 521 as the only hash that matches it is SHA 512, but 512 < - * 521 ). - */ - if (mdlen < ((pkalgo==GCRY_PK_ECDSA && qbits > 521) ? 512 : qbits)/8) + automatically left-truncate. */ + if (mdlen < qbits/8) { log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"), mdlen*8, gcry_pk_get_nbits (pkey), gcry_pk_algo_name (pkalgo)); - /* FIXME: we need to check the requirements for ECDSA. */ - if (mdlen < 20 || pkalgo == GCRY_PK_DSA) - return gpg_error (GPG_ERR_INV_LENGTH); + return gpg_error (GPG_ERR_INV_LENGTH); } /* Truncate. */ ----------------------------------------------------------------------- Summary of changes: agent/pksign.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 27 07:24:30 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 27 Sep 2016 07:24:30 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-166-g836b723 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 836b72363168cbb0051fc2356f61788468db211c (commit) from 98bc6f480ac973dccce90378dc021a2e24e58704 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 836b72363168cbb0051fc2356f61788468db211c Author: NIIBE Yutaka Date: Tue Sep 27 14:21:08 2016 +0900 dirmngr: Removal of no-libgcrypt.o. * dirmngr/Makefile.am (dirmngr_ldap_LDADD): Remove no-libgcrypt.o. -- Thanks to Rainer Perske who located the issue. GnuPG-bug-id: 2698 Signed-off-by: NIIBE Yutaka This is a fix for the commit: 49829c29e541546084950b8a153067db371d101a diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index b7bc21d..5a2fd36 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -40,10 +40,6 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) \ $(LIBGNUTLS_CFLAGS) -BUILT_SOURCES = no-libgcrypt.c - -CLEANFILES = no-libgcrypt.c - if HAVE_W32_SYSTEM ldap_url = ldap-url.h ldap-url.c else @@ -93,7 +89,7 @@ if USE_LDAPWRAPPER dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url) dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) dirmngr_ldap_LDFLAGS = -dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o \ +dirmngr_ldap_LDADD = $(libcommon) \ $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(LDAPLIBS) \ $(LBER_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) endif @@ -104,9 +100,6 @@ dirmngr_client_LDADD = $(libcommon) \ $(LIBGCRYPT_LIBS) $(NETLIBS) $(LIBINTL) $(LIBICONV) dirmngr_client_LDFLAGS = $(extra_bin_ldflags) -no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c - cat $(top_srcdir)/tools/no-libgcrypt.c > no-libgcrypt.c - t_common_src = t-support.h t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \ ----------------------------------------------------------------------- Summary of changes: dirmngr/Makefile.am | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 27 07:51:14 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 27 Sep 2016 07:51:14 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-167-g4e4843e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4e4843e735f32b5e79a51d8062da55bfaab6ad77 (commit) from 836b72363168cbb0051fc2356f61788468db211c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4e4843e735f32b5e79a51d8062da55bfaab6ad77 Author: NIIBE Yutaka Date: Tue Sep 27 14:45:21 2016 +0900 agent, sm: Set CTX after start_agent. * g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent. * sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign) (gpgsm_agent_readkey, gpgsm_agent_scd_serialno) (gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted) (gpgsm_agent_passwd, gpgsm_agent_get_confirmation) (gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key) (gpgsm_agent_export_key): Likewise. -- Reported-by: Rainer Perske GnuPG-bug-id: 2699 Signed-off-by: NIIBE Yutaka diff --git a/g10/call-agent.c b/g10/call-agent.c index a023654..93c9b56 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -829,7 +829,6 @@ agent_keytocard (const char *hexgrip, int keyno, int force, struct default_inq_parm_s parm; memset (&parm, 0, sizeof parm); - parm.ctx = agent_ctx; snprintf (line, DIM(line)-1, "KEYTOCARD %s%s %s OPENPGP.%d %s", force?"--force ": "", hexgrip, serialno, keyno, timestamp); @@ -838,6 +837,7 @@ agent_keytocard (const char *hexgrip, int keyno, int force, rc = start_agent (NULL, 1); if (rc) return rc; + parm.ctx = agent_ctx; rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm, NULL, NULL); diff --git a/sm/call-agent.c b/sm/call-agent.c index c7facbb..3262650 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -228,12 +228,13 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc, char *p, line[ASSUAN_LINELENGTH]; membuf_t data; size_t len; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; *r_buf = NULL; rc = start_agent (ctrl); if (rc) return rc; + inq_parm.ctx = agent_ctx; if (digestlen*2 + 50 > DIM(line)) return gpg_error (GPG_ERR_GENERAL); @@ -301,7 +302,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc, const char *hashopt; unsigned char *sigbuf; size_t sigbuflen; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; (void)desc; @@ -320,6 +321,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc, rc = start_agent (ctrl); if (rc) return rc; + inq_parm.ctx = agent_ctx; if (digestlen*2 + 50 > DIM(line)) return gpg_error (GPG_ERR_GENERAL); @@ -580,12 +582,13 @@ gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip, size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; *r_pubkey = NULL; rc = start_agent (ctrl); if (rc) return rc; + inq_parm.ctx = agent_ctx; rc = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL); if (rc) @@ -668,12 +671,14 @@ gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno) { int rc; char *serialno = NULL; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; *r_serialno = NULL; rc = start_agent (ctrl); if (rc) return rc; + inq_parm.ctrl = ctrl; + inq_parm.ctx = agent_ctx; rc = assuan_transact (agent_ctx, "SCD SERIALNO", NULL, NULL, @@ -738,12 +743,14 @@ gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list) { int rc; strlist_t list = NULL; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; *r_list = NULL; rc = start_agent (ctrl); if (rc) return rc; + inq_parm.ctrl = ctrl; + inq_parm.ctx = agent_ctx; rc = assuan_transact (agent_ctx, "SCD LEARN --force", NULL, NULL, @@ -836,11 +843,13 @@ gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert) int rc; char *fpr, *dn, *dnfmt; char line[ASSUAN_LINELENGTH]; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; rc = start_agent (ctrl); if (rc) return rc; + inq_parm.ctrl = ctrl; + inq_parm.ctx = agent_ctx; fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); if (!fpr) @@ -1023,11 +1032,13 @@ gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc) { int rc; char line[ASSUAN_LINELENGTH]; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; rc = start_agent (ctrl); if (rc) return rc; + inq_parm.ctrl = ctrl; + inq_parm.ctx = agent_ctx; if (!hexkeygrip || strlen (hexkeygrip) != 40) return gpg_error (GPG_ERR_INV_VALUE); @@ -1059,11 +1070,13 @@ gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc) { int rc; char line[ASSUAN_LINELENGTH]; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; rc = start_agent (ctrl); if (rc) return rc; + inq_parm.ctrl = ctrl; + inq_parm.ctx = agent_ctx; snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", desc); line[DIM(line)-1] = 0; @@ -1170,13 +1183,15 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat, char line[ASSUAN_LINELENGTH]; char *arg4 = NULL; membuf_t data; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; *r_passphrase = NULL; err = start_agent (ctrl); if (err) return err; + inq_parm.ctrl = ctrl; + inq_parm.ctx = agent_ctx; if (desc_msg && *desc_msg && !(arg4 = percent_plus_escape (desc_msg))) return gpg_error_from_syserror (); @@ -1217,12 +1232,14 @@ gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport, size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; *r_kek = NULL; err = start_agent (ctrl); if (err) return err; + inq_parm.ctrl = ctrl; + inq_parm.ctx = agent_ctx; snprintf (line, DIM(line)-1, "KEYWRAP_KEY %s", forexport? "--export":"--import"); @@ -1306,13 +1323,15 @@ gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc, size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; - struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; + struct default_inq_parm_s inq_parm; *r_result = NULL; err = start_agent (ctrl); if (err) return err; + inq_parm.ctrl = ctrl; + inq_parm.ctx = agent_ctx; if (desc) { ----------------------------------------------------------------------- Summary of changes: g10/call-agent.c | 2 +- sm/call-agent.c | 41 ++++++++++++++++++++++++++++++----------- 2 files changed, 31 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 27 12:37:32 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 27 Sep 2016 12:37:32 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-18-ga423603 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a423603f80d9eb653ce9c171662db2175d7456f5 (commit) from c9934bb1eecae28abeb361db9f5eb73e7e02ecb6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a423603f80d9eb653ce9c171662db2175d7456f5 Author: Justus Winter Date: Tue Sep 27 12:28:38 2016 +0200 tests: Fix check for gpg versions not reporting the critical flag. * lang/python/tests/t-sig-notation.py: Also blacklist 2.0.x. * tests/gpg/t-sig-notation.c: Likewise. Signed-off-by: Justus Winter diff --git a/lang/python/tests/t-sig-notation.py b/lang/python/tests/t-sig-notation.py index 777bc0b..68f9c08 100755 --- a/lang/python/tests/t-sig-notation.py +++ b/lang/python/tests/t-sig-notation.py @@ -36,6 +36,7 @@ expected_notations = { with core.Context() as c: version = c.engine_info.version have_correct_sig_data = not (version.startswith("1.") + version.startswith("2.0.") or version == "2.1.1" or (version.startswith("2.1.1") and version[5] < '3')) diff --git a/tests/gpg/t-sig-notation.c b/tests/gpg/t-sig-notation.c index aee7551..091a26e 100644 --- a/tests/gpg/t-sig-notation.c +++ b/tests/gpg/t-sig-notation.c @@ -151,6 +151,7 @@ main (int argc, char *argv[]) correctly. */ have_correct_sig_data = ! (strncmp ("1.", engine_info->version, 2) == 0 + || strncmp ("2.0.", version, 4) == 0 || (strncmp ("2.1.1", engine_info->version, 5) == 0 && (engine_info->version[5] == 0 || engine_info->version[5] < '3'))); ----------------------------------------------------------------------- Summary of changes: lang/python/tests/t-sig-notation.py | 1 + tests/gpg/t-sig-notation.c | 1 + 2 files changed, 2 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 27 12:43:27 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 27 Sep 2016 12:43:27 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-19-g145392f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 145392f07f42ef23ebcb83a917b4d8e2964e7aa8 (commit) from a423603f80d9eb653ce9c171662db2175d7456f5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 145392f07f42ef23ebcb83a917b4d8e2964e7aa8 Author: Daniel Kahn Gillmor Date: Fri Sep 23 07:58:58 2016 -0400 Clarify licensing * src/b64dec.c, src/mbox-util.c, src/mbox-util.h: These three files are explicitly licensed under LGPL, but their comments suggest that details about the warranty can be found in the GPL. Adjust comments to refer to the correct license. Signed-off-by: Daniel Kahn Gillmor diff --git a/src/b64dec.c b/src/b64dec.c index 7965a30..9a7efca 100644 --- a/src/b64dec.c +++ b/src/b64dec.c @@ -12,7 +12,7 @@ * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, see . diff --git a/src/mbox-util.c b/src/mbox-util.c index 83c8b5e..656b5d7 100644 --- a/src/mbox-util.c +++ b/src/mbox-util.c @@ -12,7 +12,7 @@ * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, see . diff --git a/src/mbox-util.h b/src/mbox-util.h index 3195a4d..c5747b6 100644 --- a/src/mbox-util.h +++ b/src/mbox-util.h @@ -11,7 +11,7 @@ * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, see . ----------------------------------------------------------------------- Summary of changes: src/b64dec.c | 2 +- src/mbox-util.c | 2 +- src/mbox-util.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 27 12:51:24 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 27 Sep 2016 12:51:24 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-20-ga6e9eef Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a6e9eefb23e57e14afaead5c896452360bdaeb6f (commit) from 145392f07f42ef23ebcb83a917b4d8e2964e7aa8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a6e9eefb23e57e14afaead5c896452360bdaeb6f Author: Justus Winter Date: Tue Sep 27 12:49:24 2016 +0200 tests: Fix blunder. -- Fixes-commit: a423603f Signed-off-by: Justus Winter diff --git a/lang/python/tests/t-sig-notation.py b/lang/python/tests/t-sig-notation.py index 68f9c08..eb5b111 100755 --- a/lang/python/tests/t-sig-notation.py +++ b/lang/python/tests/t-sig-notation.py @@ -36,7 +36,7 @@ expected_notations = { with core.Context() as c: version = c.engine_info.version have_correct_sig_data = not (version.startswith("1.") - version.startswith("2.0.") + or version.startswith("2.0.") or version == "2.1.1" or (version.startswith("2.1.1") and version[5] < '3')) diff --git a/tests/gpg/t-sig-notation.c b/tests/gpg/t-sig-notation.c index 091a26e..052e179 100644 --- a/tests/gpg/t-sig-notation.c +++ b/tests/gpg/t-sig-notation.c @@ -151,7 +151,7 @@ main (int argc, char *argv[]) correctly. */ have_correct_sig_data = ! (strncmp ("1.", engine_info->version, 2) == 0 - || strncmp ("2.0.", version, 4) == 0 + || strncmp ("2.0.", engine_info->version, 4) == 0 || (strncmp ("2.1.1", engine_info->version, 5) == 0 && (engine_info->version[5] == 0 || engine_info->version[5] < '3'))); ----------------------------------------------------------------------- Summary of changes: lang/python/tests/t-sig-notation.py | 2 +- tests/gpg/t-sig-notation.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 27 13:22:06 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 27 Sep 2016 13:22:06 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-57-g3600d2b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via 3600d2b2e9193458e47d3849dcd2df58429aed05 (commit) via 88bf7d19654ba1e0726fcbdc19e99e5704e75182 (commit) from 1ae8bc5317557369a68d7270104b2e03bb4dd263 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3600d2b2e9193458e47d3849dcd2df58429aed05 Author: Andre Heinecke Date: Tue Sep 27 13:21:00 2016 +0200 tests: Add more S/MIME tests * tests/data/smime-encrypted.mbox, tests/data/smime-encrypted.plain, tests/data/smime-opaque-signed-encrypted-attachment.mbox, tests/data/smime-opaque-signed-encrypted-attachment.plain: New. * tests/t-parser.cpp: Use new files. diff --git a/tests/data/smime-encrypted.mbox b/tests/data/smime-encrypted.mbox new file mode 100644 index 0000000..6b6d6a0 --- /dev/null +++ b/tests/data/smime-encrypted.mbox @@ -0,0 +1,22 @@ +From test at example.com Sat, 13 Apr 2013 01:54:30 +0200 +From: test +To: you at you.com +Subject: test +Date: Sat, 13 Apr 2013 01:54:30 +0200 +Message-ID: <1576646.QQxzHWx8dA at tabin> +X-KMail-Identity: 505942601 +User-Agent: KMail/4.10.2 (Linux/3.9.0-rc4-experimental-amd64; KDE/4.10.60; x86_64; git-fc9b82c; 2013-04-11) +MIME-Version: 1.0 +Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7m" + +MIAGCSqGSIb3DQEHA6CAMIACAQAxgfwwgfkCAQAwYjBVMQswCQYDVQQGEwJVUzENMAsGA1UECgwE +S0RBQjEWMBQGA1UEAwwNdW5pdHRlc3QgY2VydDEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxl +LmNvbQIJANNFIDoYY4XJMA0GCSqGSIb3DQEBAQUABIGAJwmmaOeidXUHSQGOf2OBIsPYafVqdORe +y54pEXbXiAfSVUWgI4a9CsiWwcDX8vlaX9ZLLr+L2VmOfr6Yc5214yxzausZVvnUFjy6LUXotuEX +tSar4EW7XI9DjaZc1l985naMsTx9JUa5GyQ9J6PGqhosAKpKMGgKkFAHaOwE1/IwgAYJKoZIhvcN +AQcBMBQGCCqGSIb3DQMHBAieDfmz3WGbN6CABHgEpsLrNn0PAZTDUfNomDypvSCl5bQH+9cKm80m +upMV2r8RBiXS7OaP4SpCxq18afDTTPatvboHIoEX92taTbq8soiAgEs6raSGtEYZNvFL0IYqm7MA +o5HCOmjiEcInyPf14lL3HnPk10FaP3hh58qTHUh4LPYtL7UECOZELYnUfUVhAAAAAAAAAAAAAA== + diff --git a/tests/data/smime-encrypted.plain b/tests/data/smime-encrypted.plain new file mode 100644 index 0000000..2542d49 --- /dev/null +++ b/tests/data/smime-encrypted.plain @@ -0,0 +1 @@ +The quick brown fox jumped over the lazy dog. \ No newline at end of file diff --git a/tests/data/smime-opaque-signed-encrypted-attachment.mbox b/tests/data/smime-opaque-signed-encrypted-attachment.mbox new file mode 100644 index 0000000..2b1a076 --- /dev/null +++ b/tests/data/smime-opaque-signed-encrypted-attachment.mbox @@ -0,0 +1,50 @@ +From test at example.com Thu Jun 09 12:52:44 2016 +From: test at example.com +To: test at example.com +Subject: Opaque S/MIME signed and encrypted message with attachment +Date: Thu, 09 Jun 2016 14:52:44 +0200 +MIME-Version: 1.0 +Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7m" + +MIAGCSqGSIb3DQEHA6CAMIACAQAxgfwwgfkCAQAwYjBVMQswCQYDVQQGEwJVUzEN +MAsGA1UECgwES0RBQjEWMBQGA1UEAwwNdW5pdHRlc3QgY2VydDEfMB0GCSqGSIb3 +DQEJARYQdGVzdEBleGFtcGxlLmNvbQIJANNFIDoYY4XJMA0GCSqGSIb3DQEBAQUA +BIGAalG2EoXQOhvVPCef5ru1+++vAfIED/abw8gFPuqWmh1nK2x2Q13U+7I7bv6a +uK2msunHmNwgvNetJ1j4PPMePCU5I0F0jGw5PB8A6lgF8IGzEzU5W9gz1PazKGl4 +PTwxAoJgCeflZwtddGEJvQ86f4OduXEnDmirFg64WUk1jjMwgAYJKoZIhvcNAQcB +MB0GCWCGSAFlAwQBAgQQvthEtJX37uYX68Ri3kURq6CABIIGEOr7cxjOVKzXfAYk +1eBd/HiYcpLlttlNCcwTuQwP0pDpE9YnDA+MfgZn05hxODZDACsOschWFZXBXVY1 +OY/ZTpVYRxAdYXgPymK8+r9fym0A+YiQ5/yKbWjezDmHdOOv6JF03Z+VzBmZtFcL +q/LPr0+EcjiPA9r/EQTA7P1pj+tOAm3krk8s4P+9yDAIQLCQt9yUdbpMsgn1OyJv +Njl7Mq5qcQXdnYYsTF6ODZ9araHOYDS64yP69h+Lh6nsBNWD7W6NvNsS6Hmgkzvg +FK3TNxU+X5x1F7TvKyCSRyWicfV66F/sBXIEo6K8h/rSi978jALahJPZZzNoyQiQ +eaMCjXwuBbeobcChwkRRzU12h07AXhGgZA9AkHIsFAAE4gwnu7yoogLrQqslm/MF +NGlbO68zyw0znK3eqzsOaXDyeLWy1zJcTffOENPhqzbPAPYn4ctyOLucCgSJkRAb +jiKuzgrugxu+J83CBnj5QgOhO++u5gl28UT/hC9eiEbbRZrYt9XCnSOrJiUhH8Gq +i70l/ZQzRGEenc5Oox8gEPT712pBezX4zj1Ow9RibhaU50TPaP+HoCrb3hxX4AMZ ++I9KZucVsgFlezf4IKjtAS/ro4jJLB/u0HhsT5Ury7T5/cobVhK1j2q+q6juKOac +Z7ro/572cTonFqR9zZNOawZTeRpK3f+Dl+Q1S6wid626btg3Li1M1jQAdyGOaRDN +JNcKMFB1XwuE9He4Xs4wvFlNIz4xvoBRwf8EybFmSEyaS3qLbl322Un/z9sCpeZM +fsyUED+YaTHqJhi+XTjWAxy5VfycFu2Ev6EKNItnkkjXOoAXl0Fg7nrnVijKgo+a +4C4RO3nu4IouJlel3Lt9YyFW6CqOb2sARjJHOZtirMHUORm2aAlCnmvcPlBT8s1/ +GaG6e5heeoCMRwD37+rWauAjCvMyMc5JsFF7EUECvQB/7nGQb4JZoPsTW1cQRXDE +mY+horsIpVrXsnsdvYco7itilJAvQUz6YGsyGirMwdHktA8YClVrNArP/HfyLUu1 +uHAhDa0TG6/bouuReHQjrI0CL1k6J7dEfxXgQbAy1FH17/8JgvNT6R+TkL+KcgW6 +VV6tPsmivsZI7mCz1np/uXZX4+t4/6Ei5+kJCLsF1TmEd0mfBioJw7Mqd0Asr+bw +BasZKQG4gVHRjg6EXdSjQ9RoGhR8Q+R2hsb+Pj/z6GVtJTg4dVYRRjRP52tOb3Qx +W4XlzJR/lGjExe4h0D/x2vZnWlE5JvDPPq2Ni2yBeoX2+wgtFYqKGH1f319OMRXs +/BSk/bF7wdeeGn9FDSiQHlvfKJpToC86Yt25ZjGmGH0gbvrFLAd+a5y1046iHauz +mf9cQVM6NJJKngSDUK0JgDLQgdAvZCcqPp/vCfdKC0fzMTDXkkV6eqKTexHQ1oTu +ryWYHdGA+qzQO3OKDwlXTaCLnPN0Ke8BaAB7CJw9hR5t0cdw5e2nSzY96BK97tZy +qOlRKGbuSzv9GGp5RS6qFj9o8GrqCnZZTuDz2+D++yjT4Cg1QfL7Dp/YzpCeZ9vA +v5DMnjM6NUePYX145NgNtVm6y+ThAx4hBm42+B8nZ94GmCXf2MZModpcsnpTZlPe +4F7Hd/rBJG8MkEFPXgxuYF0B5HTlbr/33IsGtXYBEu1ucO19TBUi4ZDil3vl9/+1 +bYX+jn/wnOjtdM+kBj4TV9aCytdBV0my+mkv1nwTK0fiKFHsUG52mbGqq88A9Mmd +Z3grDaR2Rsb5AgLaABFCMoooFDVQtmt7xl1U3t4UZtDqny17wcXRolxXY5+tfI3Y +jWMqfO0QsBKHjfT4At5ToSDX5yjt4Q7UyhRKKprUyyVRYZv4EQZDqi2Hdx0wNDGr +yOQkK/LvXep0r5AEYcMkLO1x4hReaKdnSEPFRdXF/x7daAlRMTkUe5i4zLeYYhvI +Qsl3aErcSP/DWVUyQ2XbHkrG9suPbmLBou7BHNRWXdnFib0+jASQnVKuhVLGykUr +wzTNpGrn7Axna1P3uMwSnlJgA0vSrkR2dONzyq0hzoMmAjfC3Eh1D7tYbb6Cswx7 +5/Emq2cEEGtbyTJ5Q6+omALrsoybx4YAAAAAAAAAAAAA diff --git a/tests/data/smime-opaque-signed-encrypted-attachment.plain b/tests/data/smime-opaque-signed-encrypted-attachment.plain new file mode 100644 index 0000000..e910548 --- /dev/null +++ b/tests/data/smime-opaque-signed-encrypted-attachment.plain @@ -0,0 +1 @@ +This is an Opaque S/MIME encrypted and signed message with attachment diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index 9e43d5e..b6b9f33 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -75,6 +75,20 @@ struct NULL, 0, "utf-8"}, + { DATADIR "/smime-encrypted.mbox", + MSGTYPE_GPGOL_OPAQUE_ENCRYPTED, + DATADIR "/smime-encrypted.plain", + NULL, + NULL, + 0, + "us-ascii"}, + { DATADIR "/smime-opaque-signed-encrypted-attachment.mbox", + MSGTYPE_GPGOL_OPAQUE_ENCRYPTED, + DATADIR "/smime-opaque-signed-encrypted-attachment.plain", + NULL, + NULL, + 1, + "us-ascii"}, { NULL, MSGTYPE_UNKNOWN, NULL, NULL, NULL, 0, NULL } }; commit 88bf7d19654ba1e0726fcbdc19e99e5704e75182 Author: Andre Heinecke Date: Tue Sep 27 13:18:54 2016 +0200 Handle smime encrypted signature * src/parsecontroller.cpp (is_opaque_signed): New. Check for opaque signed data with gpgme_data_identify. (ParseController::parse): Verify signed data. diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index 872d454..acec830 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -93,6 +93,15 @@ operation_for_type(msgtype_t type, bool *decrypt, } } +static bool +is_opaque_signed (Data &data) +{ + data.seek (0, SEEK_SET); + auto id = data.type(); + data.seek (0, SEEK_SET); + return id == Data::CMSSigned; +} + std::string ParseController::parse() { @@ -136,9 +145,10 @@ ParseController::parse() auto combined_result = ctx->decryptAndVerify(input, output); m_decrypt_result = combined_result.first; m_verify_result = combined_result.second; - if (!m_decrypt_result.error () && + if ((!m_decrypt_result.error () && m_verify_result.signatures ().empty() && - m_outputprovider->signature ()) + m_outputprovider->signature ()) || + is_opaque_signed (output)) { /* There is a signature in the output. So we have to verify it now as an extra step. */ ----------------------------------------------------------------------- Summary of changes: src/parsecontroller.cpp | 14 +++++- tests/data/smime-encrypted.mbox | 22 ++++++++++ tests/data/smime-encrypted.plain | 1 + .../smime-opaque-signed-encrypted-attachment.mbox | 50 ++++++++++++++++++++++ .../smime-opaque-signed-encrypted-attachment.plain | 1 + tests/t-parser.cpp | 14 ++++++ 6 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 tests/data/smime-encrypted.mbox create mode 100644 tests/data/smime-encrypted.plain create mode 100644 tests/data/smime-opaque-signed-encrypted-attachment.mbox create mode 100644 tests/data/smime-opaque-signed-encrypted-attachment.plain hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 27 18:03:00 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 27 Sep 2016 18:03:00 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-170-g20a1683 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 20a16833ee2bb05f735377f705899302bcf2b4d3 (commit) via 2e64ccb0f96d615b1eb87e37f230a5d761aa9c36 (commit) via 2b23a321ac0b07beeac1dfa8d71f223e66c49b71 (commit) from 4e4843e735f32b5e79a51d8062da55bfaab6ad77 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 20a16833ee2bb05f735377f705899302bcf2b4d3 Author: Justus Winter Date: Tue Sep 27 17:45:52 2016 +0200 build: Do not link gpg-connect-agent against npth. * tools/Makefile.am: Do not link gpg-connect-agent against npth. Signed-off-by: Justus Winter diff --git a/tools/Makefile.am b/tools/Makefile.am index 6df49f6..b2a274f 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -122,10 +122,9 @@ watchgnupg_SOURCES = watchgnupg.c watchgnupg_LDADD = $(NETLIBS) gpg_connect_agent_SOURCES = gpg-connect-agent.c -# FIXME: remove NPTH_LIBS (why do we need them at all?) gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \ $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \ - $(NPTH_LIBS) $(GPG_ERROR_LIBS) \ + $(GPG_ERROR_LIBS) \ $(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV) \ $(resource_objs) commit 2e64ccb0f96d615b1eb87e37f230a5d761aa9c36 Author: Justus Winter Date: Tue Sep 27 17:18:15 2016 +0200 build: Fix check for resolver library on macOS. * configure.ac: Check for the mangled name of 'dn_skipname' first. Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index b16f837..fe432e8 100644 --- a/configure.ac +++ b/configure.ac @@ -1074,8 +1074,15 @@ if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no)) AC_SEARCH_LIBS(dn_expand,resolv bind,, AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no)) - AC_SEARCH_LIBS(dn_skipname,resolv bind,, - AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no)) + + # macOS renames dn_skipname into res_9_dn_skipname in , + # and for some reason fools us into believing we don't need + # -lresolv even if we do. Since the test program checking for the + # symbol does not include , we need to check for the + # renamed symbol explicitly. + AC_SEARCH_LIBS(res_9_dn_skipname,resolv bind,, + AC_SEARCH_LIBS(dn_skipname,resolv bind,, + AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))) if test x"$have_resolver" != xno ; then commit 2b23a321ac0b07beeac1dfa8d71f223e66c49b71 Author: Justus Winter Date: Tue Sep 27 15:54:56 2016 +0200 common: Correctly handle modules relying on npth. * common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'. (with_npth_sources): New variable. (libcommonpth_a_SOURCES): Use the new variable. Signed-off-by: Justus Winter diff --git a/common/Makefile.am b/common/Makefile.am index 422fcf6..9f151f2 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -88,7 +88,6 @@ common_sources = \ helpfile.c \ mkdir_p.c mkdir_p.h \ strlist.c strlist.h \ - call-gpg.c call-gpg.h \ exectool.c exectool.h \ server-help.c server-help.h \ name-value.c name-value.h \ @@ -114,11 +113,14 @@ endif without_npth_sources = \ get-passphrase.c get-passphrase.h +# Sources only useful with NPTH. +with_npth_sources = \ + call-gpg.c call-gpg.h libcommon_a_SOURCES = $(common_sources) $(without_npth_sources) libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_NPTH=1 -libcommonpth_a_SOURCES = $(common_sources) +libcommonpth_a_SOURCES = $(common_sources) $(with_npth_sources) libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) if !HAVE_W32CE_SYSTEM ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 6 ++++-- configure.ac | 11 +++++++++-- tools/Makefile.am | 3 +-- 3 files changed, 14 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 28 14:34:17 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 28 Sep 2016 14:34:17 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-61-gef8ea4a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via ef8ea4a537110d49503a4ceb2bb6d7214c7b2594 (commit) via a03012210f54663f276f9e043363c3dd6f9e41bf (commit) via 6138fb13820c312bb94664241d06f64359a9d650 (commit) via dbf10ad74b3ba1bd3955e4c1ef3fae57b3fee3af (commit) from 3600d2b2e9193458e47d3849dcd2df58429aed05 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef8ea4a537110d49503a4ceb2bb6d7214c7b2594 Author: Andre Heinecke Date: Wed Sep 28 14:32:39 2016 +0200 tests: Add test for data with no headers * tests/data/openpgp-encrypted-attachment-no-headers.mbox: New. * tests/t-parser: Use it. Correct some types. diff --git a/tests/data/openpgp-encrypted-attachment-no-headers.mbox b/tests/data/openpgp-encrypted-attachment-no-headers.mbox new file mode 100644 index 0000000..57725a2 --- /dev/null +++ b/tests/data/openpgp-encrypted-attachment-no-headers.mbox @@ -0,0 +1,32 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hIwDGJlthTT7oq0BBACLMnR5Mln6JGCccvqZCgM3qUkFWZ7a33b7Nl2g5lSOLX6q +dlGOr/0jAuqdkRwCDTom3hsrH2vf1kARTSST+5cewngS2CgBTAwwc8JymEagTkKf +VK/tTnM6G7puMVkwuafpuRggyJAUYvjktgUKOUaXtuxX71g0NagAFQGqlvGuq4UB +DAMMzkNap8zaOwEH+wWSs5xdV1x37T11EnUvkhoOMu+uId2U7NEx2JdQ/FGJZdti +mtqfM9GKTtQlGVcn3ISH7Wmrw3x0bsOLuW7oxkU4xIS3tVvibxaaWdmponN5TUai +Dr4LCTEmG7+jLNopF6V4zPmpQ9YxMwQOm8ITml+auNOg9EtHxavwr3Xd1hOYA92N +1bkOiHzmb9hQtUy1GfRRk91tRqtRPoaamczLxWV9yROFDRNuSSbZ8oBU/K4YgSTL +D+/FhCt6MxV0DQzp+UCSL7ZsMx+ldPnZK44Udd17+U3xQDDUffo6cSg6FAF425Rh +v3ZQP0j7LtSIwDh2Rxc+Is4DuSmfZksL5nLPH5nS6QGJnsVEqVcZgQPktl1Zaeil +x/6WaWruuJm92G2fd9x2/giTLZnk918BVi/n00xR/n4bnSQmmFhXVqAVjGlG6Tr9 +dxej8dSiFdxO8ZjFe5tguQw76xlCu/9MxmSXTP7Mfvm4jqdcjUOINwHOzR/h2T62 +ZlrmqoxMHm4RN0PQ334tSzQXD4gcoUHL+xq62ATt7/jx0p0pIXPmPVUFopCk8k1E +m2ErPLnyfGLd4LNZRL03oP0jCjX6Q/LFWLTjCIdU6+aM6nT26CZy98yZV0SRGyhu +qYxN0aVW+RatmDRWWtouOJllQouQ7ZaqmjHLgyOj32/oT8cYUWWdFswSsnMhJjxb +r6iajUeAZgiN+zqwgf6j1Z8/mMvb+yirP+Rn9ME1fq3XSYHlnIOxKNBa+St8DdaP +/ZvrkwNTpVp1GmaZLBXdqdeLmflJ4U/X7wphZGR3sgjOwj0oYotX1Zb8OrtlP5WC +VXhhrt40e7Ilt2B0x7Xe9DWKByDCqrQUhwxwTS3miiKH9G1VEcHko70O98RjKJQ3 +I4VW6e/Gqv2zAMiiOu1MBTeGfPQItca4bUrVzhKjm27twtZD4wLSQDTQECxrCWHC +BFAdzvsIry0FIXoO6Vh16Hojq+YZ8tpmknGfpg0pnuRvAdDWU+0uuECXDE0UZFWC +2g3Bs2Dn2BYYyrI6X92swHz8qP3JvdxN0dpsYMkMdHN4yWXJogNSfXzy2udf0A4P +NNZMOonhlwH+DBRfcWS0A/j0/fdDCDzR5Ca5dbX7lL4EscbBeoCP1JJyVoOp6DUc +ICuHJGGrnpNdG9DMa97tqpyGRHTAwI3lJXPKTDEHN9v9XobIyndFgi/tcPLZ7QWz +9mN94NKLmeYWjrMiRbNQk8BYXR9K17SHb4BkIMdBxRsJjgMEC8qniUH64Nnf8/x4 +yaRCuUo0bkHDE3AqCzZE1R0he66dDkfOIz+mLwcpG8jZWjFm7sXAflBe3jvIc0lm +NyWQ1WnMkP83fWm/+YqrLLf+tTQtievRPeS1Dd/7v9yqUWEmQ0pUOj3MNf9Ej2KI +vu5ap7fHIevcBn42BPwQgSnp4YmXEY0ir5Ccwogusnt7QliNSRmkN6Jap4AF +=AVJ4 +-----END PGP MESSAGE----- + diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index 0d1f494..d1c260e 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -51,13 +51,20 @@ struct 0, "iso-8859-1"}, { DATADIR "/openpgp-encrypted+signed.mbox", - MSGTYPE_GPGOL_MULTIPART_SIGNED, + MSGTYPE_GPGOL_MULTIPART_ENCRYPTED, DATADIR "/openpgp-encrypted+signed.plain", NULL, 0, "us-ascii"}, { DATADIR "/openpgp-encrypted-attachment.mbox", - MSGTYPE_GPGOL_MULTIPART_SIGNED, + MSGTYPE_GPGOL_MULTIPART_ENCRYPTED, + DATADIR "/openpgp-encrypted-attachment.plain", + NULL, + 1, + "us-ascii"}, + /* Same as above but without any headers */ + { DATADIR "/openpgp-encrypted-attachment-no-headers.mbox", + MSGTYPE_GPGOL_MULTIPART_ENCRYPTED, DATADIR "/openpgp-encrypted-attachment.plain", NULL, 1, commit a03012210f54663f276f9e043363c3dd6f9e41bf Author: Andre Heinecke Date: Wed Sep 28 14:25:55 2016 +0200 Add error handling for decryption errors * src/mail.cpp (update_body): New helper. * src/parsecontroller.cpp (format_error): New. (format_recipients): New. (ParseController::Parse): Store formatted error, change signature. (get_formatted_error): Get a HTML Formatted error. * tests/run-parser.cpp (main), tests/t-parser.cpp (main): Adjust to new API diff --git a/src/mail.cpp b/src/mail.cpp index dd6ca68..4c488eb 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -67,19 +67,6 @@ static std::map g_mail_map; "" \ "" -#define WAIT_TEMPLATE \ -"" \ -"" \ -"" \ -"" \ -"" \ -"" \ -"
" \ -"

This message is encrypted

" \ -"
" \ -"
Please wait while the message is decrypted by GpgOL..." \ -"
" - Mail::Mail (LPDISPATCH mailitem) : m_mailitem(mailitem), m_processed(false), @@ -296,20 +283,32 @@ Mail::decrypt_verify() } m_processed = true; - /* Inser placeholder */ - if (put_oom_string (m_mailitem, "HTMLBody", WAIT_TEMPLATE)) + /* Insert placeholder */ + char *placeholder_buf; + if (gpgrt_asprintf (&placeholder_buf, decrypt_template, + is_smime() ? "S/MIME" : "OpenPGP", + _("Encrypted message"), + _("Please wait while the message is being decrypted...")) == -1) + { + log_error ("%s:%s: Failed to format placeholder.", + SRCNAME, __func__); + return 1; + } + + if (put_oom_string (m_mailitem, "HTMLBody", placeholder_buf)) { log_error ("%s:%s: Failed to modify html body of item.", SRCNAME, __func__); + xfree (placeholder_buf); return 1; } + xfree (placeholder_buf); /* Do the actual parsing */ auto cipherstream = get_cipherstream (m_mailitem, m_moss_position); if (!cipherstream) { - /* TODO Error message? */ log_debug ("%s:%s: Failed to get cipherstream.", SRCNAME, __func__); return 1; @@ -323,10 +322,20 @@ Mail::decrypt_verify() return 0; } -void Mail::parsing_done() +void +Mail::update_body() { - m_needs_wipe = true; - /* Update the body */ + const auto error = m_parser->get_formatted_error (); + if (!error.empty()) + { + if (put_oom_string (m_mailitem, "HTMLBody", + error.c_str ())) + { + log_error ("%s:%s: Failed to modify html body of item.", + SRCNAME, __func__); + } + return; + } const auto html = m_parser->get_html_body(); if (!html.empty()) { @@ -347,6 +356,14 @@ void Mail::parsing_done() return; } } +} + +void +Mail::parsing_done() +{ + m_needs_wipe = true; + /* Update the body */ + update_body(); /* Update attachments */ if (add_attachments (m_mailitem, m_parser->get_attachments())) diff --git a/src/mail.h b/src/mail.h index dcca439..af47f13 100644 --- a/src/mail.h +++ b/src/mail.h @@ -195,6 +195,8 @@ public: */ void parsing_done (); private: + void update_body (); + LPDISPATCH m_mailitem; LPDISPATCH m_event_sink; bool m_processed, /* The message has been porcessed by us. */ diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index b88eaa7..2235c30 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -134,7 +134,64 @@ is_opaque_signed (Data &data) return id == Data::CMSSigned; } -std::string +static std::string +format_recipients(GpgME::DecryptionResult result) +{ + std::string msg; + for (const auto recipient: result.recipients()) + { + msg += std::string("
0x") + recipient.keyID() + ""; + } + return msg; +} + +static std::string +format_error(GpgME::DecryptionResult result, Protocol protocol) +{ + char *buf; + bool no_sec = false; + std::string msg; + + if (result.error ().isCanceled () || + result.error ().code () == GPG_ERR_NO_SECKEY) + { + msg = _("Decryption canceled or timed out."); + } + + if (result.error ().code () == GPG_ERR_DECRYPT_FAILED) + { + no_sec = true; + for (const auto &recipient: result.recipients ()) { + no_sec &= (recipient.status ().code () == GPG_ERR_NO_SECKEY); + } + } + + if (no_sec) + { + msg = _("No secret key found to decrypt the message." + "It is encrypted for following keys:"); + msg += format_recipients (result); + } + else + { + msg = _("Could not decrypt the data."); + } + + if (gpgrt_asprintf (&buf, decrypt_template, + protocol == OpenPGP ? "OpenPGP" : "S/MIME", + _("Encrypted message (decryption not possible)"), + msg.c_str()) == -1) + { + log_error ("%s:%s:Failed to Format error.", + SRCNAME, __func__); + return "Failed to Format error."; + } + msg = buf; + return msg; +} + + +void ParseController::parse() { // Wrap the input stream in an attachment / GpgME Data @@ -146,26 +203,28 @@ ParseController::parse() { log_error ("%s:%s:Failed to create context. Installation broken.", SRCNAME, __func__); - // TODO proper error handling - return std::string("Bad installation"); + char *buf; + const char *proto = protocol == OpenPGP ? "OpenPGP" : "S/MIME"; + if (gpgrt_asprintf (&buf, decrypt_template, + proto, + _("Encrypted message (decryption not possible)"), + _("Failed to find GnuPG please ensure that GnuPG or " + "Gpg4win is properly installed.")) == -1) + { + log_error ("%s:%s:Failed format error.", + SRCNAME, __func__); + /* Should never happen */ + m_error = std::string("Bad installation"); + } + m_error = buf; + xfree (buf); + return; } ctx->setArmor(true); Data output(m_outputprovider); - Data input; - if (m_type == MSGTYPE_GPGOL_CLEAR_SIGNED || - m_type == MSGTYPE_GPGOL_PGP_MESSAGE) - { - /* For clearsigned and PGP Message take the body. - This does not copy the data. */ - input = Data (m_inputprovider->get_body().c_str(), - m_inputprovider->get_body().size(), false); - } - else - { - input = Data (m_inputprovider); - } + Data input (m_inputprovider); log_debug ("%s:%s: decrypt: %i verify: %i with protocol: %s", SRCNAME, __func__, decrypt, verify, @@ -195,6 +254,10 @@ ParseController::parse() { verify = false; } + if (m_decrypt_result.error()) + { + m_error = format_error (m_decrypt_result, protocol); + } } if (verify) { @@ -230,13 +293,7 @@ ParseController::parse() ss << m_decrypt_result << '\n' << m_verify_result; log_debug ("Decrypt / Verify result: %s", ss.str().c_str()); } - /* - Attachment *att = new Attachment (); - att->write ("Hello attachment", strlen ("Hello attachment")); - att->set_display_name ("The Attachment.txt"); - m_attachments.push_back (std::shared_ptr(att)); - */ - return std::string(); + return; } const std::string diff --git a/src/parsecontroller.h b/src/parsecontroller.h index 350350d..1dd036b 100644 --- a/src/parsecontroller.h +++ b/src/parsecontroller.h @@ -43,6 +43,9 @@ class MimeDataProvider; #include "oomhelp.h" #endif +/* A template for decryption errors / status message. */ +extern const char decrypt_template[]; + class ParseController { public: @@ -57,13 +60,9 @@ public: ~ParseController(); - /** Construct a new ParseController for an inline message where - the content is pointet to by body. - ParseController(const char *body, msgtype_t type); - */ - /** Main entry point. Parses the Mail returns an - * empty string on success or an error message on failure. */ - std::string parse(); + /** Main entry point. After execution getters will become + valid. */ + void parse(); /** Get the Body. Call parse first. */ const std::string get_body() const; @@ -89,12 +88,15 @@ public: const GpgME::VerificationResult verify_result() const { return m_verify_result; } + const std::string get_formatted_error() const + { return m_error; } + private: /* State variables */ MimeDataProvider *m_inputprovider; MimeDataProvider *m_outputprovider; msgtype_t m_type; - bool m_error; + std::string m_error; GpgME::DecryptionResult m_decrypt_result; GpgME::VerificationResult m_verify_result; }; diff --git a/tests/run-parser.cpp b/tests/run-parser.cpp index 4c804fd..b6db615 100644 --- a/tests/run-parser.cpp +++ b/tests/run-parser.cpp @@ -106,7 +106,7 @@ int main(int argc, char **argv) { ParseController parser(fp_in, msgtype); - std::cout << "Parse result: " << parser.parse(); + std::cout << "Parse error: " << parser.get_formatted_error (); std::cout << "\nDecrypt result:\n" << parser.decrypt_result() << "\nVerify result:\n" << parser.verify_result() << "\nBEGIN BODY\n" << parser.get_body() << "\nEND BODY" diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index b6b9f33..0d1f494 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -29,7 +29,6 @@ struct msgtype_t type; const char *expected_body_file; const char *expected_html_body_file; - const char *expected_return; int attachment_cnt; const char *expected_charset; } test_data[] = { @@ -37,59 +36,51 @@ struct MSGTYPE_GPGOL_PGP_MESSAGE, DATADIR "/inlinepgpencrypted.plain", NULL, - NULL, 0, NULL}, { DATADIR "/openpgp-encrypted.mbox", MSGTYPE_GPGOL_MULTIPART_ENCRYPTED, DATADIR "/openpgp-encrypted.plain", NULL, - NULL, 0, NULL}, { DATADIR "/openpgp-signed-no-attach.mbox", MSGTYPE_GPGOL_MULTIPART_SIGNED, DATADIR "/openpgp-signed-no-attach.plain", NULL, - NULL, 0, "iso-8859-1"}, { DATADIR "/openpgp-encrypted+signed.mbox", MSGTYPE_GPGOL_MULTIPART_SIGNED, DATADIR "/openpgp-encrypted+signed.plain", NULL, - NULL, 0, "us-ascii"}, { DATADIR "/openpgp-encrypted-attachment.mbox", MSGTYPE_GPGOL_MULTIPART_SIGNED, DATADIR "/openpgp-encrypted-attachment.plain", NULL, - NULL, 1, "us-ascii"}, { DATADIR "/smime-opaque-sign.mbox", MSGTYPE_GPGOL_OPAQUE_SIGNED, DATADIR "/smime-opaque-sign.plain", NULL, - NULL, 0, "utf-8"}, { DATADIR "/smime-encrypted.mbox", MSGTYPE_GPGOL_OPAQUE_ENCRYPTED, DATADIR "/smime-encrypted.plain", NULL, - NULL, 0, "us-ascii"}, { DATADIR "/smime-opaque-signed-encrypted-attachment.mbox", MSGTYPE_GPGOL_OPAQUE_ENCRYPTED, DATADIR "/smime-opaque-signed-encrypted-attachment.plain", NULL, - NULL, 1, "us-ascii"}, - { NULL, MSGTYPE_UNKNOWN, NULL, NULL, NULL, 0, NULL } + { NULL, MSGTYPE_UNKNOWN, NULL, NULL, 0, NULL } }; @@ -112,7 +103,7 @@ int main() fclose(input); - auto result = parser.parse(); + parser.parse(); auto decResult = parser.decrypt_result(); auto verifyResult = parser.verify_result(); @@ -125,15 +116,6 @@ int main() exit(1); } - if (test_data[i].expected_return) - { - if (result != test_data[i].expected_return) - { - fprintf (stderr, "Failed to get expected return. Return was: %s\n", - result.c_str()); - exit(1); - } - } if (test_data[i].expected_body_file) { auto expected_body = fopen (test_data[i].expected_body_file, "rb"); commit 6138fb13820c312bb94664241d06f64359a9d650 Author: Andre Heinecke Date: Wed Sep 28 14:21:47 2016 +0200 Fix handling of MIMEData without Headers * src/mimedataprovider.cpp (MimeDataProvider): Add ctor variants with no_headers field. * src/mimedataprovider.h: Update Accordingly. * src/parsecontroller.cpp (expect_no_headers): Expect no headers except for some messages. (decrypt_template): New to be used for status messages. -- This covers the problem that GpgOL only sees crypto data as an attachment and not the original outer mime structure. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index 27ad3ee..20f2fe1 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -375,15 +375,18 @@ message_cb (void *opaque, rfc822parse_event_t event, debug_message_event (event); if (ctx->no_mail_header) { - /* Assume that this is not a regular mail but plain text. */ if (event == RFC822PARSE_OPEN) - return 0; /* We need to skip the OPEN event. */ + { + /* We ignore the open event */ + return 0; + } + /* Assume that this is not a regular mail but plain text. */ if (!ctx->body_seen) { log_mime_parser ("%s:%s: assuming this is plain text without headers\n", SRCNAME, __func__); - ctx->in_data = 1; - ctx->collect_attachment = 2; /* 2 so we don't skip the first line. */ + ctx->start_hashing = 1; + ctx->collect_crypto_data = 1; ctx->body_seen = 1; /* Create a fake MIME structure. */ /* Fixme: We might want to take it from the enclosing message. */ @@ -402,7 +405,6 @@ message_cb (void *opaque, rfc822parse_event_t event, ms->filename = NULL; ms->charset = NULL; } - ctx->collect_body = 1; } return 0; } @@ -467,17 +469,21 @@ message_cb (void *opaque, rfc822parse_event_t event, return retval; } -MimeDataProvider::MimeDataProvider() : +MimeDataProvider::MimeDataProvider(bool no_headers) : m_signature(nullptr) { m_mime_ctx = (mime_context_t) xcalloc (1, sizeof *m_mime_ctx); m_mime_ctx->msg = rfc822parse_open (message_cb, this); m_mime_ctx->mimestruct_tail = &m_mime_ctx->mimestruct; + if (no_headers) + { + m_mime_ctx->no_mail_header = 1; + } } #ifdef HAVE_W32_SYSTEM -MimeDataProvider::MimeDataProvider(LPSTREAM stream): - MimeDataProvider() +MimeDataProvider::MimeDataProvider(LPSTREAM stream, bool no_headers): + MimeDataProvider(no_headers) { if (stream) { @@ -495,8 +501,8 @@ MimeDataProvider::MimeDataProvider(LPSTREAM stream): } #endif -MimeDataProvider::MimeDataProvider(FILE *stream): - MimeDataProvider() +MimeDataProvider::MimeDataProvider(FILE *stream, bool no_headers): + MimeDataProvider(no_headers) { log_mime_parser ("%s:%s Collecting data from file.", SRCNAME, __func__); collect_data (stream); diff --git a/src/mimedataprovider.h b/src/mimedataprovider.h index 28661a7..661e0ca 100644 --- a/src/mimedataprovider.h +++ b/src/mimedataprovider.h @@ -61,14 +61,19 @@ class MimeDataProvider : public GpgME::DataProvider { public: /* Create an empty dataprovider, useful for writing to. */ - MimeDataProvider(); + MimeDataProvider(bool no_headers = false); #ifdef HAVE_W32_SYSTEM /* Read and parse the stream. Does not hold a reference - to the stream but releases it after read. */ - MimeDataProvider(LPSTREAM stream); + to the stream but releases it after read. + + If no_headers is set to true, assume that there are no + headers and immediately start collecting crypto data. + Eg. When decrypting a MOSS Attachment. + */ + MimeDataProvider(LPSTREAM stream, bool no_headers = false); #endif /* Test instrumentation. */ - MimeDataProvider(FILE *stream); + MimeDataProvider(FILE *stream, bool no_headers = false); ~MimeDataProvider(); /* Dataprovider interface */ diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index acec830..b88eaa7 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -29,28 +29,60 @@ #include +#ifdef HAVE_W32_SYSTEM +#include "common.h" +/* We use UTF-8 internally. */ +#undef _ +# define _(a) utf8_gettext (a) +#else +# define _(a) a +#endif + + + +const char decrypt_template[] = { +"" +"" +"" +"" +"" +"" +"
" +"

%s %s

" +"
" +"
%s" +"
"}; + using namespace GpgME; +static bool +expect_no_headers (msgtype_t type) +{ + return type != MSGTYPE_GPGOL_MULTIPART_SIGNED && + type != MSGTYPE_GPGOL_OPAQUE_SIGNED && + type != MSGTYPE_GPGOL_OPAQUE_ENCRYPTED; +} + #ifdef HAVE_W32_SYSTEM ParseController::ParseController(LPSTREAM instream, msgtype_t type): - m_inputprovider (new MimeDataProvider(instream)), + m_inputprovider (new MimeDataProvider(instream, + expect_no_headers(type))), m_outputprovider (new MimeDataProvider()), - m_type (type), - m_error (false) + m_type (type) { - log_mime_parser ("%s:%s: Creating parser for stream: %p", - SRCNAME, __func__, instream); + log_mime_parser ("%s:%s: Creating parser for stream: %p of type %i", + SRCNAME, __func__, instream, type); } #endif ParseController::ParseController(FILE *instream, msgtype_t type): - m_inputprovider (new MimeDataProvider(instream)), + m_inputprovider (new MimeDataProvider(instream, + expect_no_headers(type))), m_outputprovider (new MimeDataProvider()), - m_type (type), - m_error (false) + m_type (type) { - log_mime_parser ("%s:%s: Creating parser for stream: %p", - SRCNAME, __func__, instream); + log_mime_parser ("%s:%s: Creating parser for stream: %p of type %i", + SRCNAME, __func__, instream, type); } ParseController::~ParseController() commit dbf10ad74b3ba1bd3955e4c1ef3fae57b3fee3af Author: Andre Heinecke Date: Tue Sep 27 15:04:11 2016 +0200 Remove unused variable * src/mimedataprovider.cpp (t2body): Remove smtype. -- smtype is no longer needed. We let GpgME decide if we have S/MIME Data after decryption. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index 1727da2..27ad3ee 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -319,8 +319,6 @@ t2body (MimeDataProvider *provider, rfc822parse_t msg) && (!strcmp (ctsub, "pkcs7-mime") || !strcmp (ctsub, "x-pkcs7-mime"))) { - const char *smtype = rfc822parse_query_parameter (field, - "smime-type", 0); ctx->collect_crypto_data = 1; } } ----------------------------------------------------------------------- Summary of changes: src/mail.cpp | 55 +++++--- src/mail.h | 2 + src/mimedataprovider.cpp | 28 ++-- src/mimedataprovider.h | 13 +- src/parsecontroller.cpp | 155 ++++++++++++++++----- src/parsecontroller.h | 18 +-- ...> openpgp-encrypted-attachment-no-headers.mbox} | 89 +++++------- tests/run-parser.cpp | 2 +- tests/t-parser.cpp | 31 ++--- 9 files changed, 238 insertions(+), 155 deletions(-) copy tests/data/{openpgp-encrypted-attachment.mbox => openpgp-encrypted-attachment-no-headers.mbox} (68%) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 28 15:39:09 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 28 Sep 2016 15:39:09 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-174-gcbf2ac6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cbf2ac66692daa7a324108724698d60d6c7e473f (commit) via 80393661bdfa7ae0288644513575e8a5d708b084 (commit) via c9237bf2ba2c49588576dcece756ebf5fe89aada (commit) via 829949f3823c2306022928ce782f9c9d9c5f1cc8 (commit) from 20a16833ee2bb05f735377f705899302bcf2b4d3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cbf2ac66692daa7a324108724698d60d6c7e473f Author: Werner Koch Date: Wed Sep 28 15:35:31 2016 +0200 gpg: Improve WKD by importing only the requested UID. * g10/keyserver.c: Include mbox-util.h. (keyserver_import_wkd): Do not use the global import options but employ an import filter. -- We also make sure that an mbox has been passed to keyserver_import_wkd so it may also be called with a complete user id (which is currently not the case). Signed-off-by: Werner Koch diff --git a/g10/keyserver.c b/g10/keyserver.c index 2e2d6a4..4239469 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -41,6 +41,7 @@ #include "keyserver-internal.h" #include "util.h" #include "membuf.h" +#include "mbox-util.h" #include "call-dirmngr.h" #ifdef HAVE_W32_SYSTEM @@ -2011,29 +2012,55 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned char **fpr, size_t *fpr_len) { gpg_error_t err; + char *mbox; estream_t key; - err = gpg_dirmngr_wkd_get (ctrl, name, &key); + /* We want to work on the mbox. That is what dirmngr will do anyway + * and we need the mbox for the import filter anyway. */ + mbox = mailbox_from_userid (name); + if (!mbox) + { + err = gpg_error_from_syserror (); + if (gpg_err_code (err) == GPG_ERR_EINVAL) + err = gpg_error (GPG_ERR_INV_USER_ID); + return err; + } + + err = gpg_dirmngr_wkd_get (ctrl, mbox, &key); if (err) ; else if (key) { int armor_status = opt.no_armor; + import_filter_t save_filt; /* Keys returned via WKD are in binary format. */ opt.no_armor = 1; + save_filt = save_and_clear_import_filter (); + if (!save_filt) + err = gpg_error_from_syserror (); + else + { + char *filtstr = es_bsprintf ("keep-uid=mbox = %s", mbox); + err = filtstr? 0 : gpg_error_from_syserror (); + if (!err) + err = parse_and_set_import_filter (filtstr); + xfree (filtstr); + if (!err) + err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len, + IMPORT_NO_SECKEY, + NULL, NULL); - err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len, - (opt.keyserver_options.import_options - | IMPORT_NO_SECKEY), - NULL, NULL); + } + restore_import_filter (save_filt); opt.no_armor = armor_status; es_fclose (key); key = NULL; } + xfree (mbox); return err; } commit 80393661bdfa7ae0288644513575e8a5d708b084 Author: Werner Koch Date: Wed Sep 28 15:32:04 2016 +0200 gpg: Reject import if an import filter removed all user ids. * g10/import.c (any_uid_left): New. (import_one): Check that a UID is left. Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index 25ce74e..8d06457 100644 --- a/g10/import.c +++ b/g10/import.c @@ -115,6 +115,7 @@ static int import_revoke_cert (kbnode_t node, struct import_stats_s *stats); static int chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self); static int delete_inv_parts (kbnode_t keyblock, u32 *keyid, unsigned int options); +static int any_uid_left (kbnode_t keyblock); static int merge_blocks (kbnode_t keyblock_orig, kbnode_t keyblock, u32 *keyid, int *n_uids, int *n_sigs, int *n_subk ); @@ -1344,6 +1345,7 @@ import_one (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; + int any_filter = 0; /* Get the key and print some info about it. */ node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); @@ -1455,13 +1457,25 @@ import_one (ctrl_t ctrl, { apply_keep_uid_filter (keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); + any_filter = 1; } if (import_filter.drop_sig) { apply_drop_sig_filter (keyblock, import_filter.drop_sig); commit_kbnode (&keyblock); + any_filter = 1; } + /* If we ran any filter we need to check that at least one user id + * is left in the keyring. Note that we do not use log_error in + * this case. */ + if (any_filter && !any_uid_left (keyblock)) + { + if (!opt.quiet ) + log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); + stats->no_user_id++; + return 0; + } /* Show the key in the form it is merged or inserted. We skip this * if "import-export" is also active without --armor or the output @@ -2743,6 +2757,19 @@ delete_inv_parts (kbnode_t keyblock, u32 *keyid, unsigned int options) return nvalid; } +/* This function returns true if any UID is left in the keyring. */ +static int +any_uid_left (kbnode_t keyblock) +{ + kbnode_t node; + + for (node=keyblock->next; node; node = node->next) + if (node->pkt->pkttype == PKT_USER_ID) + return 1; + return 0; +} + + /**************** * It may happen that the imported keyblock has duplicated user IDs. commit c9237bf2ba2c49588576dcece756ebf5fe89aada Author: Werner Koch Date: Wed Sep 28 13:39:09 2016 +0200 gpg: Make import filter data object more flexible. * g10/main.h (import_filter_t): New. * g10/import.c (struct import_filter_s): Declare struct. (import_keep_uid, import_drop_sig): Replace by ... (import_filter): new. Adjust all users. (cleanup_import_globals): Move code to ... (release_import_filter): new. (save_and_clear_import_filter): New. (restore_import_filter): New. Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index 6a0dcde..25ce74e 100644 --- a/g10/import.c +++ b/g10/import.c @@ -76,16 +76,22 @@ struct import_stats_s #define NODE_FLAG_A 8 -/* Global variables to store selector created from +/* A an object and a global instance to store selectors created from * --import-filter keep-uid=EXPR. * --import-filter drop-sig=EXPR. * * FIXME: We should put this into the CTRL object but that requires a - * lot more changes right now. + * lot more changes right now. For now we use save and restore + * fucntion to temporary change them. */ -static recsel_expr_t import_keep_uid; -static recsel_expr_t import_drop_sig; - +/* Definition of the import filters. */ +struct import_filter_s +{ + recsel_expr_t keep_uid; + recsel_expr_t drop_sig; +}; +/* The current instance. */ +struct import_filter_s import_filter; static int import (ctrl_t ctrl, @@ -120,12 +126,18 @@ static int merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs); static void +release_import_filter (import_filter_t filt) +{ + recsel_release (filt->keep_uid); + filt->keep_uid = NULL; + recsel_release (filt->drop_sig); + filt->drop_sig = NULL; +} + +static void cleanup_import_globals (void) { - recsel_release (import_keep_uid); - import_keep_uid = NULL; - recsel_release (import_drop_sig); - import_drop_sig = NULL; + release_import_filter (&import_filter); } @@ -201,9 +213,9 @@ parse_and_set_import_filter (const char *string) register_mem_cleanup_func (cleanup_import_globals); if (!strncmp (string, "keep-uid=", 9)) - err = recsel_parse_expr (&import_keep_uid, string+9); + err = recsel_parse_expr (&import_filter.keep_uid, string+9); else if (!strncmp (string, "drop-sig=", 9)) - err = recsel_parse_expr (&import_drop_sig, string+9); + err = recsel_parse_expr (&import_filter.drop_sig, string+9); else err = gpg_error (GPG_ERR_INV_NAME); @@ -211,6 +223,36 @@ parse_and_set_import_filter (const char *string) } +/* Save the current import filters, return them, and clear the current + * filters. Returns NULL on error and sets ERRNO. */ +import_filter_t +save_and_clear_import_filter (void) +{ + import_filter_t filt; + + filt = xtrycalloc (1, sizeof *filt); + if (!filt) + return NULL; + *filt = import_filter; + memset (&import_filter, 0, sizeof import_filter); + + return filt; +} + + +/* Release the current import filters and restore them from NEWFILT. + * Ownership of NEWFILT is moved to this function. */ +void +restore_import_filter (import_filter_t filt) +{ + if (filt) + { + release_import_filter (&import_filter); + import_filter = *filt; + xfree (filt); + } +} + import_stats_t import_new_stats_handle (void) @@ -1409,14 +1451,14 @@ import_one (ctrl_t ctrl, commit_kbnode (&keyblock); /* Apply import filter. */ - if (import_keep_uid) + if (import_filter.keep_uid) { - apply_keep_uid_filter (keyblock, import_keep_uid); + apply_keep_uid_filter (keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); } - if (import_drop_sig) + if (import_filter.drop_sig) { - apply_drop_sig_filter (keyblock, import_drop_sig); + apply_drop_sig_filter (keyblock, import_filter.drop_sig); commit_kbnode (&keyblock); } diff --git a/g10/main.h b/g10/main.h index b1563d2..c2c92d0 100644 --- a/g10/main.h +++ b/g10/main.h @@ -348,10 +348,16 @@ gcry_mpi_t encode_md_value (PKT_public_key *pk, /*-- import.c --*/ struct import_stats_s; typedef struct import_stats_s *import_stats_t; +struct import_filter_s; +typedef struct import_filter_s *import_filter_t; typedef gpg_error_t (*import_screener_t)(kbnode_t keyblock, void *arg); int parse_import_options(char *str,unsigned int *options,int noisy); + gpg_error_t parse_and_set_import_filter (const char *string); +import_filter_t save_and_clear_import_filter (void); +void restore_import_filter (import_filter_t filt); + gpg_error_t read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock); void import_keys (ctrl_t ctrl, char **fnames, int nnames, commit 829949f3823c2306022928ce782f9c9d9c5f1cc8 Author: Werner Koch Date: Wed Sep 28 13:36:28 2016 +0200 gpg: Make sure that internal key import is done with a binary stream. * g10/import.c (import_keys_internal): Open stream in binary mode. Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index f32a3da..6a0dcde 100644 --- a/g10/import.c +++ b/g10/import.c @@ -465,7 +465,7 @@ import_keys_es_stream (ctrl_t ctrl, estream_t fp, int rc; iobuf_t inp; - inp = iobuf_esopen (fp, "r", 1); + inp = iobuf_esopen (fp, "rb", 1); if (!inp) { rc = gpg_error_from_syserror (); ----------------------------------------------------------------------- Summary of changes: g10/import.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++--------- g10/keyserver.c | 37 ++++++++++++++++++--- g10/main.h | 6 ++++ 3 files changed, 123 insertions(+), 21 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 28 16:15:44 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 28 Sep 2016 16:15:44 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-64-g037b2aa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via 037b2aa3cba5d354586c1c7d311e86775ebb341e (commit) via e482433121af2301ca34d5a9f45bae7378ae2464 (commit) via e0cd79c6ef2afd91e3594cb1d8fc8e662f03c5b1 (commit) from ef8ea4a537110d49503a4ceb2bb6d7214c7b2594 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 037b2aa3cba5d354586c1c7d311e86775ebb341e Author: Andre Heinecke Date: Wed Sep 28 16:14:50 2016 +0200 tests: Add test for a mail created by us * tests/data/openpgp-encrypted-attachment-gpgol.mbox, tests/data/openpgp-encrypted-attachment-gpgol.plain: New. * tests/t-parser.cpp: Use it. (main): Also check for zero attachment count. diff --git a/tests/data/openpgp-encrypted-attachment-gpgol.mbox b/tests/data/openpgp-encrypted-attachment-gpgol.mbox new file mode 100644 index 0000000..45296d4 --- /dev/null +++ b/tests/data/openpgp-encrypted-attachment-gpgol.mbox @@ -0,0 +1,42 @@ +-----BEGIN PGP MESSAGE----- + +hQEMAx7U8Lxs+8kSAQgAxhEhecDGfsuqNTejoxq2LgyIJV1Jwd5gOoPbbxDVDmsj +Gi9RjoCl/M20Q1oy/Ir2r6b6KTvfBW1KpxDW23KGhyu7HYM3RGKct5fm3aQmUlbK +eEwPn8h701qQLfCxzBDaEq2KUBnmPAFre4EoZn4m+sHlM3WKATCWKHfbkVMtkY5J +IedPPwcTQtZwJgk23caf0vbx2UNKtdjOsaJ4sIXpWCW2PEJ8W+EQoWCH/DFmXX0n +ohmKiTdsH//YNzR2ZBqvcBtcsdFxf2hTLFCaA6xBur4+HaQvpiI5xkLhQxWKNAM6 +TAFFtVb3HQLX28ZTUyHjVcPrHbbwK0iVHjMf5W8QQIUBDAMMzkNap8zaOwEH/3md +vLwvlraP/idlzIdCdqpjeESucDz/iQT0laTUIY/wRerxpp60XNY26wgEta02AFej +sCa8sasUx6NNKV+5BL5mQ5Vw9lW3JsmvP0z1ZMk30gDyDz/7mk4ara5weuWeHIZW +IE6kDJwoZmArBKSc6xe8Kd7sbOVQ2VwA1BCOWht51sIP75QEXjXHn9B8KRmwgxFG +uDMX3sJJ9y/hS4ApGYkAG9aUvNtLD10a71dW1juR1jr2ekNVEJFphTgAIG1n3qsq +qzIjpsARUVEpmxIfVcFvGU/KVnRwtwv3R/IG/cndRTXfy1rFGN4l4ehaGmBuBhbU +w4CthZuS/uT1MwYvVsOFAYwDjMmZvapFxx8BC/9axfUqH5D01pHjENSbuejDqnWL +MwMM1w0IH4s1mEo05NXqXxVInqKJTu3s3F8bJokYGVwcd+eKUicYYH/PmAh52E3I +CUilbAq8o2pYgOpSbeNICeWpib5Ny1IWo6fthJttmthPvjBMQ5X3jFi7kgCVDoGM +nuV1R6WAB9yPeizXNCbBgNnDWjwTg+bZPZwUjRX38M3NMn176p+EeuNQDZ3fu7qs +OPPd1la1cZsJ0bVQexuavzoAJUJzjF8mlO0eO7DDXI7VcPBSEQwLEtBuYgJY8PCA +apK7sRx0183uxof/b5dd26cIOiDfoUsLeVBAJcjRuvo1BVHSEeVc6FIPn7GQTfRn +BVjAng7tact38EWZzukvtuT6N5aKH14YqQ3GpKexxDVAJNxcctQ3FJUHN8Yd1toq +zKmCWvWVi7D7Hm+2wc7q3Lan1WJoAM13IQ1w5afNdzk3M4n2SOpGjy5o9w2//TLE +fFbO4eWrt/zX2ALQszZuRY37M1mSn65n9epqBXDS6QFb1C/TFRMiKNHqotAgv+LL +7q4CInZBeCgLolsYF/YiCdiT8bkA+YENHpUMHdGv0tLxuZuFOxNAfAQ6hp1xfjUg +mYFGt5/dOXGPXLnu/5R6nLiRJyJpMpFTCM30UcMbV5jfgCV+RTtc7EdU6gK0a9EB +icsGJkt1vfVDQG5kqqPVUWiYdeyd0DfwMRGexG4Ry0Ab57wSL/0qk5jhYy2fSo6A +c/u71zBkxrF/PfRfOwhqDMgmTFGTe/Dj5BAaxfqOHuMtAr+7t3x1r10dqo3oOtrd +KlcrTMRALu/JxPcDX6W3nnl2PM62ArdcHaXQrcwefBAMFpZUbmwe2mPY1rkLDANl +iQ2iuv8K4QtqR9Q+vMbHxVGnDr2+ndBtTRVwedOQDwVXCjeYxJRNCgF4i2K9xouc +W87uAMq8RT43TkHB+DUt/zVAcIs5FjR5JMw3NZlR/xxP23UHkxTxQ73LIC6WsZER +uW62FRIVtpaW7nKi8DLsHpxfz8jEWHzRaaBZX6Ps8Ox4TaPkGEDwP0/FmVwMySno +9R8+zNGWqWxOLrL87m0DpNpoYuiUb/DUZh+b5tWH6CLu51GO1XTxZXVfvM8kYLbH +vGooRYQgqncTQjCrVaKqZwDcO+xos44NvKz1T3m+1sS8JkDUH0OuUPGQ+YrQ/JqM +Wis5jTtlKMBdNuD4dyKMwJQxg9199hYtiN3BY/oOMWItQTixmCh2lua+4u26FOD2 +XJDLn9/txbc5yyLwLOoWySDSuU5j1YZDPG07k0G+oRX2xdLFLrWOgYlUxFIrQZsR +TqPUyet0n+bka+1h5prK2eKfRnt+zZQojBR/OB+y60RSKnfTxCwZRj8HECs5XSAD +vPqvrU6erNFZNL8jbjQNfrh2SObG6onB8szS4YtCe/+uiZd8UoEkyBNN1qqdXY4A +5Bl+73IsInHMufn3PPAT85tCZGQfYXrwjKrRbZkkCSKI/8H9UDxe/M16Qraw4qTA +YhOCnoAnEA+nn8NDvjWQG8B4hT1vCMzKOuPlnwIJbP1hBeRepHv2EawfLo69Fh1j +V9aCxyElQZmhBNVA3K/LhjEupw+VheTK15Oh9/1i5tl1Ywbp/FLp6y+GURf2VPbF +K7/2QWXFSpXJAOS7LAjsQgvfNgqF +=1EJu +-----END PGP MESSAGE----- diff --git a/tests/data/openpgp-encrypted-attachment-gpgol.plain b/tests/data/openpgp-encrypted-attachment-gpgol.plain new file mode 100644 index 0000000..77f8d0f --- /dev/null +++ b/tests/data/openpgp-encrypted-attachment-gpgol.plain @@ -0,0 +1,8 @@ +Hallo + +I?m a mime mail sent by Outlook with GpgOL. + +?ml?ut?s are ? + +Attachment is added, too. + diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index d1c260e..bc68c5e 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -87,6 +87,12 @@ struct NULL, 1, "us-ascii"}, + { DATADIR "/openpgp-encrypted-attachment-gpgol.mbox", + MSGTYPE_GPGOL_MULTIPART_ENCRYPTED, + DATADIR "/openpgp-encrypted-attachment-gpgol.plain", + NULL, + 1, + "utf-8"}, { NULL, MSGTYPE_UNKNOWN, NULL, NULL, 0, NULL } }; @@ -163,15 +169,12 @@ int main() } fclose (expected_html_body); } - if (test_data[i].attachment_cnt) + int actual = (int)parser.get_attachments().size(); + if (actual != test_data[i].attachment_cnt) { - int actual = (int)parser.get_attachments().size(); - if (actual != test_data[i].attachment_cnt) - { - fprintf (stderr, "Attachment count mismatch. Actual: %i Expected: %i\n", - actual, test_data[i].attachment_cnt); - exit(1); - } + fprintf (stderr, "Attachment count mismatch. Actual: %i Expected: %i\n", + actual, test_data[i].attachment_cnt); + exit(1); } if (test_data[i].expected_charset) { commit e482433121af2301ca34d5a9f45bae7378ae2464 Author: Andre Heinecke Date: Wed Sep 28 16:14:10 2016 +0200 tests: Fix run-parser * tests/run-parser.cpp (main): Actually parse again. diff --git a/tests/run-parser.cpp b/tests/run-parser.cpp index b6db615..286bd51 100644 --- a/tests/run-parser.cpp +++ b/tests/run-parser.cpp @@ -106,6 +106,7 @@ int main(int argc, char **argv) { ParseController parser(fp_in, msgtype); + parser.parse(); std::cout << "Parse error: " << parser.get_formatted_error (); std::cout << "\nDecrypt result:\n" << parser.decrypt_result() << "\nVerify result:\n" << parser.verify_result() commit e0cd79c6ef2afd91e3594cb1d8fc8e662f03c5b1 Author: Andre Heinecke Date: Wed Sep 28 16:10:54 2016 +0200 Simplify / Fix attachment collection * src/mimedataprovider.cpp (mime_context): Remove redundant collect_attachment. (t2body): Remove collect_attachment artifact. Infer from crypto data / bodies / nesting level. -- The old collect attachment handling rooted in the fact that the old parser collected everything as attachments, even the body. Now that we collect the body differently we don't need to collect_attachment this way. We now collect every nested parts that are not inline text as attachments if they are not crypto_data. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index 20f2fe1..59fcd38 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -67,7 +67,6 @@ struct mime_context int body_seen; /* True if we have seen a part we consider the body of the message. */ - int collect_attachment; /* True if we are collecting an attachment */ std::shared_ptr current_attachment; /* A pointer to the current attachment */ int collect_body; /* True if we are collcting the body */ @@ -325,38 +324,37 @@ t2body (MimeDataProvider *provider, rfc822parse_t msg) rfc822parse_release_field (field); /* (Content-type) */ ctx->in_data = 1; - /* Need to start an attachment if we have seen a content disposition - other then the inline type. */ - if (is_text && not_inline_text) - ctx->collect_attachment = 1; - log_mime_parser ("%s:%s: this body: nesting=%d partno=%d is_text=%d" - " charset=\"%s\"\n", + " charset=\"%s\"\n body_seen=%d not_inline_text=%d", SRCNAME, __func__, ctx->nesting_level, ctx->part_counter, is_text, - ctx->mimestruct_cur->charset?ctx->mimestruct_cur->charset:""); + ctx->mimestruct_cur->charset?ctx->mimestruct_cur->charset:"", + ctx->body_seen, not_inline_text); - /* If this is a text part, decide whether we treat it as our body. */ - if (is_text && !not_inline_text) + /* If this is a text part, decide whether we treat it as one + of our bodies. + */ + if ((is_text && !not_inline_text)) { - ctx->collect_attachment = 1; - ctx->body_seen = 1; if (is_text == 2) { + ctx->body_seen = 2; ctx->collect_html_body = 1; ctx->collect_body = 0; } else { + ctx->body_seen = 1; ctx->collect_body = 1; ctx->collect_html_body = 0; } } - else if (ctx->collect_attachment) + else if (!ctx->collect_crypto_data && ctx->nesting_level >= 1) { - /* Now that if we have an attachment prepare a new MAPI - attachment. */ + /* Treat it as an attachment. */ ctx->current_attachment = provider->create_attachment(); + ctx->collect_body = 0; + ctx->collect_html_body = 0; } return 0; @@ -387,7 +385,6 @@ message_cb (void *opaque, rfc822parse_event_t event, SRCNAME, __func__); ctx->start_hashing = 1; ctx->collect_crypto_data = 1; - ctx->body_seen = 1; /* Create a fake MIME structure. */ /* Fixme: We might want to take it from the enclosing message. */ { @@ -448,7 +445,6 @@ message_cb (void *opaque, rfc822parse_event_t event, case RFC822PARSE_LAST_BOUNDARY: ctx->any_boundary = 1; ctx->in_data = 0; - ctx->collect_attachment = 0; ctx->collect_body = 0; if (ctx->start_hashing == 2 && ctx->hashing_level == ctx->nesting_level) @@ -615,11 +611,12 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) m_crypto_data.write (linebuf, pos); m_mime_ctx->collect_crypto_data = 2; } - if (m_mime_ctx->in_data && m_mime_ctx->collect_attachment) + if (m_mime_ctx->in_data && !m_mime_ctx->collect_signature && + !m_mime_ctx->collect_crypto_data) { /* We are inside of an attachment part. Write it out. */ - if (m_mime_ctx->collect_attachment == 1) /* Skip the first line. */ - m_mime_ctx->collect_attachment = 2; + if (m_mime_ctx->in_data == 1) /* Skip the first line. */ + m_mime_ctx->in_data = 2; int slbrk = 0; if (m_mime_ctx->is_qp_encoded) ----------------------------------------------------------------------- Summary of changes: src/mimedataprovider.cpp | 37 +++++++++---------- tests/data/openpgp-encrypted-attachment-gpgol.mbox | 42 ++++++++++++++++++++++ .../data/openpgp-encrypted-attachment-gpgol.plain | 8 +++++ tests/run-parser.cpp | 1 + tests/t-parser.cpp | 19 +++++----- 5 files changed, 79 insertions(+), 28 deletions(-) create mode 100644 tests/data/openpgp-encrypted-attachment-gpgol.mbox create mode 100644 tests/data/openpgp-encrypted-attachment-gpgol.plain hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 29 12:52:24 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 29 Sep 2016 12:52:24 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-21-g7302791 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7302791c0d308c3284ac24a743035d27a0c0b6ba (commit) from a6e9eefb23e57e14afaead5c896452360bdaeb6f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7302791c0d308c3284ac24a743035d27a0c0b6ba Author: Andre Heinecke Date: Thu Sep 29 12:46:18 2016 +0200 cpp, qt: Handle modified includedir installation * lang/cpp/src/Makefile.am, lang/qt/src/Makefile.am: Replace resolved_includedir. * lang/cpp/src/GpgmeppConfig.cmake.in.in, lang/qt/src/QGpgmeConfig.cmake.in.in: Use resolved_includedir instead of relying on a common installation prefix. -- This fixes usage of the config files in case gpgme is configured with a custom --includedir. We have to do the replacement manually like for libdir because configure would include variables in the replacement. diff --git a/lang/cpp/src/GpgmeppConfig.cmake.in.in b/lang/cpp/src/GpgmeppConfig.cmake.in.in index d54011e..ca11deb 100644 --- a/lang/cpp/src/GpgmeppConfig.cmake.in.in +++ b/lang/cpp/src/GpgmeppConfig.cmake.in.in @@ -58,17 +58,11 @@ unset(_targetsDefined) unset(_targetsNotDefined) unset(_expectedTargets) -# Compute the installation prefix relative to this file. -get_filename_component(_IMPORT_PREFIX "${CMAKE_CURRENT_LIST_FILE}" PATH) -get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) -get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) -get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) - # Create imported target Gpgmepp add_library(Gpgmepp SHARED IMPORTED) set_target_properties(Gpgmepp PROPERTIES - INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/gpgme++" + INTERFACE_INCLUDE_DIRECTORIES "@resolved_includedir@/gpgme++;@resolved_includedir@" INTERFACE_LINK_LIBRARIES "pthread;@resolved_libdir@/libgpgme at libsuffix@;@LIBASSUAN_LIBS@" IMPORTED_LOCATION "@resolved_libdir@/libgpgmepp at libsuffix@" ) @@ -77,9 +71,6 @@ if(CMAKE_VERSION VERSION_LESS 2.8.12) message(FATAL_ERROR "This file relies on consumers using CMake 2.8.12 or greater.") endif() -# Cleanup temporary variables. -set(_IMPORT_PREFIX) - # Loop over all imported files and verify that they actually exist foreach(target ${_IMPORT_CHECK_TARGETS} ) foreach(file ${_IMPORT_CHECK_FILES_FOR_${target}} ) diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index e65a875..0500dbf 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -76,9 +76,9 @@ libsuffix=.so endif GpgmeppConfig.cmake: GpgmeppConfig.cmake.in - sed -e 's|[@]resolved_libdir@|$(libdir)|g' < "$<" > "$@" - sed -e 's|[@]libsuffix@|$(libsuffix)|g' < "$@" > "$@".2 - mv "$@".2 "$@" + sed -e 's|[@]resolved_libdir@|$(libdir)|g' < "$<" | \ + sed -e 's|[@]libsuffix@|$(libsuffix)|g' | \ + sed -e 's|[@]resolved_includedir@|$(includedir)|g' > $@ install-cmake-files: GpgmeppConfig.cmake GpgmeppConfigVersion.cmake -$(INSTALL) -d $(DESTDIR)$(libdir)/cmake/Gpgmepp diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index c15da18..96b77b4 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -221,9 +221,9 @@ libsuffix=.so endif QGpgmeConfig.cmake: QGpgmeConfig.cmake.in - sed -e 's|[@]resolved_libdir@|$(libdir)|g' < "$<" > "$@" - sed -e 's|[@]libsuffix@|$(libsuffix)|g' < "$@" > "$@".2 - mv "$@".2 "$@" + sed -e 's|[@]resolved_libdir@|$(libdir)|g' < "$<" | \ + sed -e 's|[@]libsuffix@|$(libsuffix)|g' | \ + sed -e 's|[@]resolved_includedir@|$(includedir)|g' > $@ $(camelcase_headers): Makefile.am echo -n "#include \"qgpgme/" > "$@" diff --git a/lang/qt/src/QGpgmeConfig.cmake.in.in b/lang/qt/src/QGpgmeConfig.cmake.in.in index 3d19696..9063408 100644 --- a/lang/qt/src/QGpgmeConfig.cmake.in.in +++ b/lang/qt/src/QGpgmeConfig.cmake.in.in @@ -58,17 +58,11 @@ unset(_targetsDefined) unset(_targetsNotDefined) unset(_expectedTargets) -# Compute the installation prefix relative to this file. -get_filename_component(_IMPORT_PREFIX "${CMAKE_CURRENT_LIST_FILE}" PATH) -get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) -get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) -get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) - # Create imported target QGpgme add_library(QGpgme SHARED IMPORTED) set_target_properties(QGpgme PROPERTIES - INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include;${_IMPORT_PREFIX}/include/qgpgme" + INTERFACE_INCLUDE_DIRECTORIES "@resolved_includedir@/qgpgme;@resolved_includedir@" INTERFACE_LINK_LIBRARIES "Gpgmepp;Qt5::Core" IMPORTED_LOCATION "@resolved_libdir@/libqgpgme at libsuffix@" ) @@ -77,9 +71,6 @@ if(CMAKE_VERSION VERSION_LESS 2.8.12) message(FATAL_ERROR "This file relies on consumers using CMake 2.8.12 or greater.") endif() -# Cleanup temporary variables. -set(_IMPORT_PREFIX) - # Loop over all imported files and verify that they actually exist foreach(target ${_IMPORT_CHECK_TARGETS} ) foreach(file ${_IMPORT_CHECK_FILES_FOR_${target}} ) ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/GpgmeppConfig.cmake.in.in | 11 +---------- lang/cpp/src/Makefile.am | 6 +++--- lang/qt/src/Makefile.am | 6 +++--- lang/qt/src/QGpgmeConfig.cmake.in.in | 11 +---------- 4 files changed, 8 insertions(+), 26 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 29 17:02:56 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 29 Sep 2016 17:02:56 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-175-g9e6f8a5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9e6f8a55ed04f876635792125858ee76a948802a (commit) from cbf2ac66692daa7a324108724698d60d6c7e473f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9e6f8a55ed04f876635792125858ee76a948802a Author: Justus Winter Date: Thu Sep 29 14:17:24 2016 +0200 dirmngr: Fix STARTTLS on LDAP connections. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix unfortunate typo. -- Courtesy of pkgsrc contributor fhajny. Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index ad2110e..9b9efc7 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -513,7 +513,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, #endif /* LDAP_OPT_X_TLS_CACERTFILE && HAVE_LDAP_SET_OPTION */ #endif -#ifndef HAVE_LDAP_START_TLS_S +#ifdef HAVE_LDAP_START_TLS_S if (uri->use_tls) { /* XXX: We need an option to determine whether to abort if the ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-engine-ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 29 18:03:06 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 29 Sep 2016 18:03:06 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-181-g3380028 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 33800280da55a859e08dfa57f29144c89dd1bead (commit) via c738f92c195d91662ddc7848cc3c92c7f091f1f8 (commit) via f776757ea94542e2f425840dddaf3e65b0ff7757 (commit) via 29db3be6e8dbc9b4dd52cd1781106fa9fa3954a5 (commit) via 95d60c6ce9e8a7a7741553af957978c1f91547c5 (commit) via 4ac138c84d0f344ca9442f90c96f0e1f76062a4a (commit) from 9e6f8a55ed04f876635792125858ee76a948802a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 33800280da55a859e08dfa57f29144c89dd1bead Author: Werner Koch Date: Thu Sep 29 17:55:32 2016 +0200 wks: Partly implement draft-koch-openpgp-webkey-service-02. * tools/gpg-wks.h (WKS_RECEIVE_DRAFT2): New. * tools/wks-receive.c: Include rfc822parse.h. (struct receive_ctx_s): Add fields PARSER, DRAFT_VERSION_2, and MULTIPART_MIXED_SEEN. (decrypt_data): Add --no-options. (verify_signature): Ditto. (new_part): Check for Wks-Draft-Version header. Take care of text parts. (wks_receive): Set Parser and pass a flag value to RESULT_CB. * tools/gpg-wks-client.c (read_confirmation_request): New. (main) : Call read_confirmation_request instead of process_confirmation_request. (command_receive_cb): Ditto. Add arg FLAGS.. (decrypt_stream_status_cb, decrypt_stream): New. (command_send): Set header Wks-Draft-Version. * tools/gpg-wks-server.c (struct server_ctx_s): Add field DRAFT_VERSION_2. (sign_stream_status_cb, sign_stream): New. (command_receive_cb): Set draft flag. (send_confirmation_request): Rework to implement protocol draft version 2. * tools/gpg-wks.h (DBG_MIME_VALUE, DBG_PARSER_VALUE): New. (DBG_MIME, DBG_PARSER, DBG_CRYPTO): New. Use instead of a plain opt.debug where useful. * tools/gpg-wks-client.c (debug_flags): Add "mime" and "parser". * tools/gpg-wks-server.c (debug_flags): Ditto. -- If a client supporting the version 2 of the protocol is used, it will tell this the server using a mail header. An old server will ignore that but a recent server will use the new protocol. Next task is to actually write draft-02. There are still a lot of FIXMEs - take care. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 143dbc8..f4257ec 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -91,6 +91,8 @@ static ARGPARSE_OPTS opts[] = { /* The list of supported debug flags. */ static struct debug_flags_s debug_flags [] = { + { DBG_MIME_VALUE , "mime" }, + { DBG_PARSER_VALUE , "parser" }, { DBG_CRYPTO_VALUE , "crypto" }, { DBG_MEMORY_VALUE , "memory" }, { DBG_MEMSTAT_VALUE, "memstat" }, @@ -103,9 +105,10 @@ static struct debug_flags_s debug_flags [] = static void wrong_args (const char *text) GPGRT_ATTR_NORETURN; static gpg_error_t command_supported (char *userid); static gpg_error_t command_send (const char *fingerprint, char *userid); -static gpg_error_t process_confirmation_request (estream_t msg); +static gpg_error_t read_confirmation_request (estream_t msg); static gpg_error_t command_receive_cb (void *opaque, - const char *mediatype, estream_t fp); + const char *mediatype, estream_t fp, + unsigned int flags); @@ -269,7 +272,7 @@ main (int argc, char **argv) case aRead: if (argc) wrong_args ("--read < WKS-DATA"); - err = process_confirmation_request (es_stdin); + err = read_confirmation_request (es_stdin); if (err) log_error ("processing mail failed: %s\n", gpg_strerror (err)); break; @@ -394,6 +397,83 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec) +static void +decrypt_stream_status_cb (void *opaque, const char *keyword, char *args) +{ + (void)opaque; + + if (DBG_CRYPTO) + log_debug ("gpg status: %s %s\n", keyword, args); +} + + +/* Decrypt the INPUT stream to a new stream which is stored at success + * at R_OUTPUT. */ +static gpg_error_t +decrypt_stream (estream_t *r_output, estream_t input) +{ + gpg_error_t err; + ccparray_t ccp; + const char **argv; + estream_t output; + + *r_output = NULL; + + output = es_fopenmem (0, "w+b"); + if (!output) + { + err = gpg_error_from_syserror (); + log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); + return err; + } + + ccparray_init (&ccp, 0); + + ccparray_put (&ccp, "--no-options"); + /* We limit the output to 64 KiB to avoid DoS using compression + * tricks. A regular client will anyway only send a minimal key; + * that is one w/o key signatures and attribute packets. */ + ccparray_put (&ccp, "--max-output=0x10000"); + if (!opt.verbose) + ccparray_put (&ccp, "--quiet"); + else if (opt.verbose > 1) + ccparray_put (&ccp, "--verbose"); + ccparray_put (&ccp, "--batch"); + ccparray_put (&ccp, "--status-fd=2"); + ccparray_put (&ccp, "--decrypt"); + ccparray_put (&ccp, "--"); + + ccparray_put (&ccp, NULL); + argv = ccparray_get (&ccp, NULL); + if (!argv) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = gnupg_exec_tool_stream (opt.gpg_program, argv, input, + NULL, output, + decrypt_stream_status_cb, NULL); + if (err) + { + log_error ("decryption failed: %s\n", gpg_strerror (err)); + goto leave; + } + else if (opt.verbose) + log_info ("decryption succeeded\n"); + + es_rewind (output); + *r_output = output; + output = NULL; + + leave: + es_fclose (output); + xfree (argv); + return err; +} + + + + /* Check whether the provider supports the WKS protocol. */ static gpg_error_t command_supported (char *userid) @@ -517,6 +597,11 @@ command_send (const char *fingerprint, char *userid) if (err) goto leave; + /* Tell server that we support draft version 3. */ + err = mime_maker_add_header (mime, "Wks-Draft-Version", "3"); + if (err) + goto leave; + err = mime_maker_add_stream (mime, &key); if (err) goto leave; @@ -539,8 +624,8 @@ encrypt_response_status_cb (void *opaque, const char *keyword, char *args) gpg_error_t *failure = opaque; char *fields[2]; - if (opt.debug) - log_debug ("%s: %s\n", keyword, args); + if (DBG_CRYPTO) + log_debug ("gpg status: %s %s\n", keyword, args); if (!strcmp (keyword, "FAILURE")) { @@ -747,7 +832,7 @@ process_confirmation_request (estream_t msg) goto leave; } - if (opt.debug) + if (DBG_MIME) { log_debug ("request follows:\n"); nvc_write (nvc, log_get_stream ()); @@ -822,16 +907,62 @@ process_confirmation_request (estream_t msg) } +/* Read a confirmation request and decrypt it if needed. This + * function may not be used with a mail or MIME message but only with + * the actual encrypted or plaintext WKS data. */ +static gpg_error_t +read_confirmation_request (estream_t msg) +{ + gpg_error_t err; + int c; + estream_t plaintext = NULL; + + /* We take a really simple approach to check whether MSG is + * encrypted: We know that an encrypted message is always armored + * and thus starts with a few dashes. It is even sufficient to + * check for a single dash, because that can never be a proper first + * WKS data octet. We need to skip leading spaces, though. */ + while ((c = es_fgetc (msg)) == ' ' || c == '\t' || c == '\r' || c == '\n') + ; + if (c == EOF) + { + log_error ("can't process an empty message\n"); + return gpg_error (GPG_ERR_INV_DATA); + } + if (es_ungetc (c, msg) != c) + { + log_error ("error ungetting octet from message\n"); + return gpg_error (GPG_ERR_INTERNAL); + } + + if (c != '-') + err = process_confirmation_request (msg); + else + { + err = decrypt_stream (&plaintext, msg); + if (err) + log_error ("decryption failed: %s\n", gpg_strerror (err)); + else + err = process_confirmation_request (plaintext); + } + + es_fclose (plaintext); + return err; +} + + /* Called from the MIME receiver to process the plain text data in MSG. */ static gpg_error_t -command_receive_cb (void *opaque, const char *mediatype, estream_t msg) +command_receive_cb (void *opaque, const char *mediatype, + estream_t msg, unsigned int flags) { gpg_error_t err; (void)opaque; + (void)flags; if (!strcmp (mediatype, "application/vnd.gnupg.wks")) - err = process_confirmation_request (msg); + err = read_confirmation_request (msg); else { log_info ("ignoring unexpected message of type '%s'\n", mediatype); diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 96e5e05..408e3f5 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -102,6 +102,8 @@ static ARGPARSE_OPTS opts[] = { /* The list of supported debug flags. */ static struct debug_flags_s debug_flags [] = { + { DBG_MIME_VALUE , "mime" }, + { DBG_PARSER_VALUE , "parser" }, { DBG_CRYPTO_VALUE , "crypto" }, { DBG_MEMORY_VALUE , "memory" }, { DBG_MEMSTAT_VALUE, "memstat" }, @@ -116,6 +118,7 @@ struct server_ctx_s { char *fpr; strlist_t mboxes; /* List of addr-specs taken from the UIDs. */ + unsigned int draft_version_2:1; /* Client supports the draft 2. */ }; typedef struct server_ctx_s *server_ctx_t; @@ -123,7 +126,8 @@ typedef struct server_ctx_s *server_ctx_t; static gpg_error_t get_domain_list (strlist_t *r_list); static gpg_error_t command_receive_cb (void *opaque, - const char *mediatype, estream_t fp); + const char *mediatype, estream_t fp, + unsigned int flags); static gpg_error_t command_list_domains (void); static gpg_error_t command_cron (void); @@ -350,8 +354,8 @@ list_key_status_cb (void *opaque, const char *keyword, char *args) { server_ctx_t ctx = opaque; (void)ctx; - if (opt.debug) - log_debug ("%s: %s\n", keyword, args); + if (DBG_CRYPTO) + log_debug ("gpg status: %s %s\n", keyword, args); } @@ -629,8 +633,8 @@ encrypt_stream_status_cb (void *opaque, const char *keyword, char *args) { (void)opaque; - if (opt.debug) - log_debug ("%s: %s\n", keyword, args); + if (DBG_CRYPTO) + log_debug ("gpg status: %s %s\n", keyword, args); } @@ -698,6 +702,78 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *keyfile) } +static void +sign_stream_status_cb (void *opaque, const char *keyword, char *args) +{ + (void)opaque; + + if (DBG_CRYPTO) + log_debug ("gpg status: %s %s\n", keyword, args); +} + +/* Sign the INPUT stream to a new stream which is stored at success at + * R_OUTPUT. A detached signature is created using the key specified + * by USERID. */ +static gpg_error_t +sign_stream (estream_t *r_output, estream_t input, const char *userid) +{ + gpg_error_t err; + ccparray_t ccp; + const char **argv; + estream_t output; + + *r_output = NULL; + + output = es_fopenmem (0, "w+b"); + if (!output) + { + err = gpg_error_from_syserror (); + log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); + return err; + } + + ccparray_init (&ccp, 0); + + ccparray_put (&ccp, "--no-options"); + if (!opt.verbose) + ccparray_put (&ccp, "--quiet"); + else if (opt.verbose > 1) + ccparray_put (&ccp, "--verbose"); + ccparray_put (&ccp, "--batch"); + ccparray_put (&ccp, "--status-fd=2"); + ccparray_put (&ccp, "--armor"); + ccparray_put (&ccp, "--local-user"); + ccparray_put (&ccp, userid); + ccparray_put (&ccp, "--detach-sign"); + ccparray_put (&ccp, "--"); + + ccparray_put (&ccp, NULL); + argv = ccparray_get (&ccp, NULL); + if (!argv) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = gnupg_exec_tool_stream (opt.gpg_program, argv, input, + NULL, output, + sign_stream_status_cb, NULL); + if (err) + { + log_error ("signing failed: %s\n", gpg_strerror (err)); + goto leave; + } + + es_rewind (output); + *r_output = output; + output = NULL; + + leave: + es_fclose (output); + xfree (argv); + return err; +} + + /* Get the submission address for address MBOX. Caller must free the * value. If no address can be found NULL is returned. */ static char * @@ -933,6 +1009,8 @@ send_confirmation_request (server_ctx_t ctx, gpg_error_t err; estream_t body = NULL; estream_t bodyenc = NULL; + estream_t signeddata = NULL; + estream_t signature = NULL; mime_maker_t mime = NULL; char *from_buffer = NULL; const char *from; @@ -958,12 +1036,16 @@ send_confirmation_request (server_ctx_t ctx, log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); goto leave; } - /* It is fine to use 8 bit encoding because that is encrypted and - * only our client will see it. */ - es_fputs ("Content-Type: application/vnd.gnupg.wks\n" - "Content-Transfer-Encoding: 8bit\n" - "\n", - body); + + if (!ctx->draft_version_2) + { + /* It is fine to use 8 bit encoding because that is encrypted and + * only our client will see it. */ + es_fputs ("Content-Type: application/vnd.gnupg.wks\n" + "Content-Transfer-Encoding: 8bit\n" + "\n", + body); + } es_fprintf (body, ("type: confirmation-request\n" "sender: %s\n" @@ -1002,35 +1084,117 @@ send_confirmation_request (server_ctx_t ctx, goto leave; } - err = mime_maker_add_header (mime, "Content-Type", - "multipart/encrypted; " - "protocol=\"application/pgp-encrypted\""); - if (err) - goto leave; - err = mime_maker_add_container (mime); - if (err) - goto leave; + if (!ctx->draft_version_2) + { + err = mime_maker_add_header (mime, "Content-Type", + "multipart/encrypted; " + "protocol=\"application/pgp-encrypted\""); + if (err) + goto leave; + err = mime_maker_add_container (mime); + if (err) + goto leave; - err = mime_maker_add_header (mime, "Content-Type", - "application/pgp-encrypted"); - if (err) - goto leave; - err = mime_maker_add_body (mime, "Version: 1\n"); - if (err) - goto leave; - err = mime_maker_add_header (mime, "Content-Type", - "application/octet-stream"); - if (err) - goto leave; + err = mime_maker_add_header (mime, "Content-Type", + "application/pgp-encrypted"); + if (err) + goto leave; + err = mime_maker_add_body (mime, "Version: 1\n"); + if (err) + goto leave; + err = mime_maker_add_header (mime, "Content-Type", + "application/octet-stream"); + if (err) + goto leave; - err = mime_maker_add_stream (mime, &bodyenc); - if (err) - goto leave; + err = mime_maker_add_stream (mime, &bodyenc); + if (err) + goto leave; + + } + else + { + unsigned int partid; + + /* FIXME: Add micalg. */ + err = mime_maker_add_header (mime, "Content-Type", + "multipart/signed; " + "protocol=\"application/pgp-signature\""); + if (err) + goto leave; + err = mime_maker_add_container (mime); + if (err) + goto leave; + + err = mime_maker_add_header (mime, "Content-Type", "multipart/mixed"); + if (err) + goto leave; + + err = mime_maker_add_container (mime); + if (err) + goto leave; + partid = mime_maker_get_partid (mime); + + err = mime_maker_add_header (mime, "Content-Type", "text/plain"); + if (err) + goto leave; + + err = mime_maker_add_body + (mime, + "This message has been send to confirm your request\n" + "to publish your key. If you did not request a key\n" + "publication, simply ignore this message.\n" + "\n" + "Most mail software can handle this kind of message\n" + "automatically and thus you would not have seen this\n" + "message. It seems that your client does not fully\n" + "support this service. The web page\n" + "\n" + " https://gnupg.org/faq/wkd.html\n" + "\n" + "explains how you can process this message anyway in\n" + "a few manual steps.\n"); + if (err) + goto leave; + + err = mime_maker_add_header (mime, "Content-Type", + "application/vnd.gnupg.wks"); + if (err) + goto leave; + + err = mime_maker_add_stream (mime, &bodyenc); + if (err) + goto leave; + + err = mime_maker_end_container (mime); + if (err) + goto leave; + + mime_maker_dump_tree (mime); + err = mime_maker_get_part (mime, partid, &signeddata); + if (err) + goto leave; + + err = sign_stream (&signature, signeddata, from); + if (err) + goto leave; + + err = mime_maker_add_header (mime, "Content-Type", + "application/pgp-signature"); + if (err) + goto leave; + + err = mime_maker_add_stream (mime, &signature); + if (err) + goto leave; + } err = wks_send_mime (mime); leave: mime_maker_release (mime); + es_fclose (signature); + es_fclose (signeddata); es_fclose (bodyenc); es_fclose (body); xfree (from_buffer); @@ -1478,15 +1642,18 @@ process_confirmation_response (server_ctx_t ctx, estream_t msg) /* Called from the MIME receiver to process the plain text data in MSG . */ static gpg_error_t -command_receive_cb (void *opaque, const char *mediatype, estream_t msg) +command_receive_cb (void *opaque, const char *mediatype, + estream_t msg, unsigned int flags) { gpg_error_t err; struct server_ctx_s ctx; - memset (&ctx, 0, sizeof ctx); - (void)opaque; + memset (&ctx, 0, sizeof ctx); + if ((flags & WKS_RECEIVE_DRAFT2)) + ctx.draft_version_2 = 1; + if (!strcmp (mediatype, "application/pgp-keys")) err = process_new_key (&ctx, msg); else if (!strcmp (mediatype, "application/vnd.gnupg.wks")) diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h index 85000cc..f8b6cfd 100644 --- a/tools/gpg-wks.h +++ b/tools/gpg-wks.h @@ -39,12 +39,18 @@ struct } opt; /* Debug values and macros. */ +#define DBG_MIME_VALUE 1 /* Debug the MIME structure. */ +#define DBG_PARSER_VALUE 2 /* Debug the Mail parser. */ #define DBG_CRYPTO_VALUE 4 /* Debug low level crypto. */ #define DBG_MEMORY_VALUE 32 /* Debug memory allocation stuff. */ #define DBG_MEMSTAT_VALUE 128 /* Show memory statistics. */ #define DBG_IPC_VALUE 1024 /* Debug assuan communication. */ #define DBG_EXTPROG_VALUE 16384 /* debug external program calls */ +#define DBG_MIME (opt.debug & DBG_MIME_VALUE) +#define DBG_PARSER (opt.debug & DBG_PARSER_VALUE) +#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) + /* The parsed policy flags. */ struct policy_flags_s @@ -64,10 +70,15 @@ gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown); /*-- wks-receive.c --*/ + +/* Flag values for the receive callback. */ +#define WKS_RECEIVE_DRAFT2 1 + gpg_error_t wks_receive (estream_t fp, gpg_error_t (*result_cb)(void *opaque, const char *mediatype, - estream_t data), + estream_t data, + unsigned int flags), void *cb_data); diff --git a/tools/wks-receive.c b/tools/wks-receive.c index 59141fc..0deca9b 100644 --- a/tools/wks-receive.c +++ b/tools/wks-receive.c @@ -26,6 +26,7 @@ #include "ccparray.h" #include "exectool.h" #include "gpg-wks.h" +#include "rfc822parse.h" #include "mime-parser.h" @@ -41,6 +42,7 @@ /* Data for a received object. */ struct receive_ctx_s { + mime_parser_t parser; estream_t encrypted; estream_t plaintext; estream_t signeddata; @@ -49,6 +51,8 @@ struct receive_ctx_s estream_t wkd_data; unsigned int collect_key_data:1; unsigned int collect_wkd_data:1; + unsigned int draft_version_2:1; /* This is a draft version 2 request. */ + unsigned int multipart_mixed_seen:1; }; typedef struct receive_ctx_s *receive_ctx_t; @@ -59,7 +63,8 @@ decrypt_data_status_cb (void *opaque, const char *keyword, char *args) { receive_ctx_t ctx = opaque; (void)ctx; - log_debug ("%s: %s\n", keyword, args); + if (DBG_CRYPTO) + log_debug ("gpg status: %s %s\n", keyword, args); } @@ -86,6 +91,7 @@ decrypt_data (receive_ctx_t ctx) ccparray_init (&ccp, 0); + ccparray_put (&ccp, "--no-options"); /* We limit the output to 64 KiB to avoid DoS using compression * tricks. A regular client will anyway only send a minimal key; * that is one w/o key signatures and attribute packets. */ @@ -113,7 +119,7 @@ decrypt_data (receive_ctx_t ctx) goto leave; } - if (opt.debug) + if (DBG_CRYPTO) { es_rewind (ctx->plaintext); log_debug ("plaintext: '"); @@ -133,7 +139,8 @@ verify_signature_status_cb (void *opaque, const char *keyword, char *args) { receive_ctx_t ctx = opaque; (void)ctx; - log_debug ("%s: %s\n", keyword, args); + if (DBG_CRYPTO) + log_debug ("gpg status: %s %s\n", keyword, args); } /* Verify the signed data. */ @@ -151,6 +158,7 @@ verify_signature (receive_ctx_t ctx) ccparray_init (&ccp, 0); + ccparray_put (&ccp, "--no-options"); ccparray_put (&ccp, "--batch"); if (opt.verbose) ccparray_put (&ccp, "--verbose"); @@ -177,6 +185,8 @@ verify_signature (receive_ctx_t ctx) goto leave; } + log_debug ("Fixme: Verification result is not used\n"); + leave: xfree (argv); } @@ -264,6 +274,22 @@ new_part (void *cookie, const char *mediatype, const char *mediasubtype) } else { + rfc822parse_t msg = mime_parser_rfc822parser (ctx->parser); + if (msg) + { + char *value; + size_t valueoff; + + value = rfc822parse_get_field (msg, "Wks-Draft-Version", + -1, &valueoff); + if (value) + { + if (atoi(value+valueoff) >= 2 ) + ctx->draft_version_2 = 1; + free (value); + } + } + ctx->key_data = es_fopenmem (0, "w+b"); if (!ctx->key_data) { @@ -303,6 +329,19 @@ new_part (void *cookie, const char *mediatype, const char *mediasubtype) } } } + else if (!strcmp (mediatype, "multipart") + && !strcmp (mediasubtype, "mixed")) + { + ctx->multipart_mixed_seen = 1; + } + else if (!strcmp (mediatype, "text")) + { + /* Check that we receive a text part only after a + * application/mixed. This is actually a too simple test and we + * should eventually employ a strict MIME structure check. */ + if (!ctx->multipart_mixed_seen) + err = gpg_error (GPG_ERR_UNEXPECTED_MSG); + } else { log_error ("unexpected '%s/%s' message part\n", mediatype, mediasubtype); @@ -320,7 +359,7 @@ part_data (void *cookie, const void *data, size_t datalen) if (data) { - if (opt.debug) + if (DBG_MIME) log_debug ("part_data: '%.*s'\n", (int)datalen, (const char*)data); if (ctx->collect_key_data) { @@ -337,7 +376,7 @@ part_data (void *cookie, const void *data, size_t datalen) } else { - if (opt.debug) + if (DBG_MIME) log_debug ("part_data: finished\n"); ctx->collect_key_data = 0; ctx->collect_wkd_data = 0; @@ -353,7 +392,8 @@ gpg_error_t wks_receive (estream_t fp, gpg_error_t (*result_cb)(void *opaque, const char *mediatype, - estream_t data), + estream_t data, + unsigned int flags), void *cb_data) { gpg_error_t err; @@ -361,6 +401,7 @@ wks_receive (estream_t fp, mime_parser_t parser; estream_t plaintext = NULL; int c; + unsigned int flags = 0; ctx = xtrycalloc (1, sizeof *ctx); if (!ctx) @@ -369,14 +410,16 @@ wks_receive (estream_t fp, err = mime_parser_new (&parser, ctx); if (err) goto leave; - if (opt.verbose > 1 || opt.debug) - mime_parser_set_verbose (parser, opt.debug? 10: 1); + if (DBG_PARSER) + mime_parser_set_verbose (parser, 1); mime_parser_set_new_part (parser, new_part); mime_parser_set_part_data (parser, part_data); mime_parser_set_collect_encrypted (parser, collect_encrypted); mime_parser_set_collect_signeddata (parser, collect_signeddata); mime_parser_set_collect_signature (parser, collect_signature); + ctx->parser = parser; + err = mime_parser_parse (parser, fp); if (err) goto leave; @@ -385,6 +428,11 @@ wks_receive (estream_t fp, log_info ("key data found\n"); if (ctx->wkd_data) log_info ("wkd data found\n"); + if (ctx->draft_version_2) + { + log_info ("draft version 2 requested\n"); + flags |= WKS_RECEIVE_DRAFT2; + } if (ctx->plaintext) { @@ -412,7 +460,7 @@ wks_receive (estream_t fp, if (ctx->key_data) { - if (opt.debug) + if (DBG_MIME) { es_rewind (ctx->key_data); log_debug ("Key: '"); @@ -424,14 +472,15 @@ wks_receive (estream_t fp, if (result_cb) { es_rewind (ctx->key_data); - err = result_cb (cb_data, "application/pgp-keys", ctx->key_data); + err = result_cb (cb_data, "application/pgp-keys", + ctx->key_data, flags); if (err) goto leave; } } if (ctx->wkd_data) { - if (opt.debug) + if (DBG_MIME) { es_rewind (ctx->wkd_data); log_debug ("WKD: '"); @@ -443,7 +492,8 @@ wks_receive (estream_t fp, if (result_cb) { es_rewind (ctx->wkd_data); - err = result_cb (cb_data, "application/vnd.gnupg.wks", ctx->wkd_data); + err = result_cb (cb_data, "application/vnd.gnupg.wks", + ctx->wkd_data, flags); if (err) goto leave; } @@ -453,6 +503,7 @@ wks_receive (estream_t fp, leave: es_fclose (plaintext); mime_parser_release (parser); + ctx->parser = NULL; es_fclose (ctx->encrypted); es_fclose (ctx->plaintext); es_fclose (ctx->signeddata); commit c738f92c195d91662ddc7848cc3c92c7f091f1f8 Author: Werner Koch Date: Thu Sep 29 17:59:09 2016 +0200 tools: Convey signeddata also to the part_data callback in mime-parser. * tools/mime-parser.c (mime_parser_parse): Factor some code out to ... (process_part_data): new. ((mime_parser_parse): Also call process_part_data for signed data. Signed-off-by: Werner Koch diff --git a/tools/mime-parser.c b/tools/mime-parser.c index 0ca5452..9017810 100644 --- a/tools/mime-parser.c +++ b/tools/mime-parser.c @@ -616,6 +616,35 @@ mime_parser_rfc822parser (mime_parser_t ctx) } +/* Helper for mime_parser_parse. */ +static gpg_error_t +process_part_data (mime_parser_t ctx, char *line, size_t *length) +{ + gpg_error_t err; + size_t nbytes; + + if (!ctx->want_part) + return 0; + if (!ctx->part_data) + return 0; + + if (ctx->decode_part == 1) + { + *length = qp_decode (line, *length, NULL); + } + else if (ctx->decode_part == 2) + { + log_assert (ctx->b64state); + err = b64dec_proc (ctx->b64state, line, *length, &nbytes); + if (err) + return err; + *length = nbytes; + } + + return ctx->part_data (ctx->cookie, line, *length); +} + + /* Read and parse a message from FP and call the appropriate * callbacks. */ gpg_error_t @@ -624,7 +653,7 @@ mime_parser_parse (mime_parser_t ctx, estream_t fp) gpg_error_t err; rfc822parse_t msg = NULL; unsigned int lineno = 0; - size_t length, nbytes; + size_t length; char *line; line = ctx->line; @@ -741,6 +770,10 @@ mime_parser_parse (mime_parser_t ctx, estream_t fp) ctx->collect_signeddata (ctx->cookie, line); } ctx->delay_hashing = 1; + + err = process_part_data (ctx, line, &length); + if (err) + goto leave; } else if (ctx->pgpmime == PGPMIME_IN_SIGNATURE) { @@ -756,26 +789,11 @@ mime_parser_parse (mime_parser_t ctx, estream_t fp) if (ctx->collect_signeddata) ctx->collect_signature (ctx->cookie, NULL); } - else if (ctx->want_part) + else { - if (ctx->part_data) - { - if (ctx->decode_part == 1) - { - length = qp_decode (line, length, NULL); - } - else if (ctx->decode_part == 2) - { - log_assert (ctx->b64state); - err = b64dec_proc (ctx->b64state, line, length, &nbytes); - if (err) - goto leave; - length = nbytes; - } - err = ctx->part_data (ctx->cookie, line, length); - if (err) - goto leave; - } + err = process_part_data (ctx, line, &length); + if (err) + goto leave; } } commit f776757ea94542e2f425840dddaf3e65b0ff7757 Author: Werner Koch Date: Thu Sep 29 17:38:06 2016 +0200 tools: Allow retrieval of signed data from mime-maker. * tools/mime-maker.c (find_part): New. (mime_maker_get_part): New. Signed-off-by: Werner Koch diff --git a/tools/mime-maker.c b/tools/mime-maker.c index 99185cf..a81bd69 100644 --- a/tools/mime-maker.c +++ b/tools/mime-maker.c @@ -202,6 +202,22 @@ find_parent (part_t root, part_t needle) return NULL; } +/* Find the part node from the PARTID. */ +static part_t +find_part (part_t root, unsigned int partid) +{ + part_t node, n; + + for (node = root->child; node; node = node->next) + { + if (node->partid == partid) + return root; + if ((n = find_part (node, partid))) + return n; + } + return NULL; +} + /* Create a boundary string. Outr codes is aware of the general * structure of that string (gebins with "=-=") so that @@ -730,3 +746,54 @@ mime_maker_make (mime_maker_t ctx, estream_t fp) ctx->outfp = NULL; return err; } + + +/* Create a stream object from the MIME part identified by PARTID and + * store it at R_STREAM. If PARTID identifies a container the entire + * tree is returned. Using that function may read stream objects + * which have been added as MIME bodies. The caller must close the + * stream object. */ +gpg_error_t +mime_maker_get_part (mime_maker_t ctx, unsigned int partid, estream_t *r_stream) +{ + gpg_error_t err; + part_t part; + estream_t fp; + + *r_stream = NULL; + + /* When the entire tree is requested, we make sure that all missing + * headers are applied. We don't do that if only a part is + * requested because the additional headers (like Date:) will only + * be added to part 0 headers anyway. */ + if (!partid) + { + err = add_missing_headers (ctx); + if (err) + return err; + part = ctx->mail; + } + else + part = find_part (ctx->mail, partid); + + /* For now we use a memory stream object; however it would also be + * possible to create an object created on the fly while the caller + * is reading the returned stream. */ + fp = es_fopenmem (0, "w+b"); + if (!fp) + return gpg_error_from_syserror (); + + ctx->outfp = fp; + err = write_tree (ctx, NULL, part); + ctx->outfp = NULL; + + if (!err) + { + es_rewind (fp); + *r_stream = fp; + } + else + es_fclose (fp); + + return err; +} diff --git a/tools/mime-maker.h b/tools/mime-maker.h index 2fac9c3..23047c3 100644 --- a/tools/mime-maker.h +++ b/tools/mime-maker.h @@ -39,6 +39,8 @@ gpg_error_t mime_maker_end_container (mime_maker_t ctx); unsigned int mime_maker_get_partid (mime_maker_t ctx); gpg_error_t mime_maker_make (mime_maker_t ctx, estream_t fp); +gpg_error_t mime_maker_get_part (mime_maker_t ctx, unsigned int partid, + estream_t *r_stream); commit 29db3be6e8dbc9b4dd52cd1781106fa9fa3954a5 Author: Werner Koch Date: Thu Sep 29 12:29:27 2016 +0200 tools: Change mime-maker to write out CR,LF. * tools/mime-maker.c (struct part_s): Add field PARTID. (struct mime_maker_context_s): Add field PARTID_COUNTER. (dump_parts): Print part ids. (mime_maker_add_header): Assign PARTID. (mime_maker_add_container): Ditto. (mime_maker_get_partid): New. (write_ct_with_boundary): Remove. (add_header): Strip trailing white spaces. (write_header): Remove trailing spaces trimming. Add arg BOUNDARY. Handle emdedded LFs. (write_gap, write_boundary, write_body): New. (write_tree): Use new functions. -- These changes prepare for forthcoming enhancements. Signed-off-by: Werner Koch diff --git a/tools/mime-maker.c b/tools/mime-maker.c index 07783d9..99185cf 100644 --- a/tools/mime-maker.c +++ b/tools/mime-maker.c @@ -54,6 +54,7 @@ struct part_s size_t bodylen; /* Length of BODY. */ char *body; /* Malloced buffer with the body. This is the * non-encoded value. */ + unsigned int partid; /* The part ID. */ }; typedef struct part_s *part_t; @@ -70,6 +71,8 @@ struct mime_maker_context_s part_t mail; /* The MIME tree. */ part_t current_part; + unsigned int partid_counter; /* Counter assign part ids. */ + int boundary_counter; /* Used to create easy to read boundaries. */ char *boundary_suffix; /* Random string used in the boundaries. */ @@ -159,7 +162,7 @@ dump_parts (part_t part, int level) for (; part; part = part->next) { - log_debug ("%*s[part]\n", level*2, ""); + log_debug ("%*s[part %u]\n", level*2, "", part->partid); for (hdr = part->headers; hdr; hdr = hdr->next) { log_debug ("%*s%s: %s\n", level*2, "", hdr->name, hdr->value); @@ -300,6 +303,7 @@ add_header (part_t part, const char *name, const char *value) header_t hdr; size_t namelen; const char *s; + char *p; if (!value) { @@ -338,6 +342,18 @@ add_header (part_t part, const char *name, const char *value) return err; } + for (p = hdr->value + strlen (hdr->value) - 1; + (p >= hdr->value + && (*p == ' ' || *p == '\t' || *p == '\n' || *p == '\r')); + p--) + *p = 0; + if (!(p >= hdr->value)) + { + xfree (hdr->value); + xfree (hdr); + return gpg_error (GPG_ERR_INV_VALUE); /* Only spaces. */ + } + if (part) { *part->headers_tail = hdr; @@ -390,6 +406,7 @@ mime_maker_add_header (mime_maker_t ctx, const char *name, const char *value) part = xtrycalloc (1, sizeof *part); if (!part) return gpg_error_from_syserror (); + part->partid = ++ctx->partid_counter; part->headers_tail = &part->headers; log_assert (!ctx->current_part->next); ctx->current_part->next = part; @@ -507,6 +524,7 @@ mime_maker_add_container (mime_maker_t ctx) } part = part->child; + part->partid = ++ctx->partid_counter; ctx->current_part = part; return 0; @@ -532,31 +550,79 @@ mime_maker_end_container (mime_maker_t ctx) } -/* Write the Content-Type header with the boundary value. */ +/* Return the part-ID of the current part. */ +unsigned int +mime_maker_get_partid (mime_maker_t ctx) +{ + if (ensure_part (ctx, NULL)) + return 0; /* Ooops. */ + return ctx->current_part->partid; +} + + +/* Write a header and handle emdedded LFs. If BOUNDARY is not NULL it + * is appended to the value. */ +/* Fixme: Add automatic line wrapping. */ static gpg_error_t -write_ct_with_boundary (mime_maker_t ctx, - const char *value, const char *boundary) +write_header (mime_maker_t ctx, const char *name, const char *value, + const char *boundary) { const char *s; - if (!*value) - return gpg_error (GPG_ERR_INV_VALUE); /* Empty string. */ - - for (s=value + strlen (value) - 1; - (s >= value - && (*s == ' ' || *s == '\t' || *s == '\n')); - s--) - ; - if (!(s >= value)) - return gpg_error (GPG_ERR_INV_VALUE); /* Only spaces. */ - - /* Fixme: We should use a dedicated header write functions which - * properly wraps the header. */ - es_fprintf (ctx->outfp, "Content-Type: %s%s\n\tboundary=\"%s\"\n", - value, - (*s == ';')? "":";", - boundary); - return 0; + es_fprintf (ctx->outfp, "%s: ", name); + + /* Note that add_header made sure that VALUE does not end with a LF. + * Thus we can assume that a LF is followed by non-whitespace. */ + for (s = value; *s; s++) + { + if (*s == '\n') + es_fputs ("\r\n\t", ctx->outfp); + else + es_fputc (*s, ctx->outfp); + } + if (boundary) + { + if (s > value && s[-1] != ';') + es_fputc (';', ctx->outfp); + es_fprintf (ctx->outfp, "\r\n\tboundary=\"%s\"", boundary); + } + + es_fputs ("\r\n", ctx->outfp); + + return es_ferror (ctx->outfp)? gpg_error_from_syserror () : 0; +} + + +static gpg_error_t +write_gap (mime_maker_t ctx) +{ + es_fputs ("\r\n", ctx->outfp); + return es_ferror (ctx->outfp)? gpg_error_from_syserror () : 0; +} + + +static gpg_error_t +write_boundary (mime_maker_t ctx, const char *boundary, int last) +{ + es_fprintf (ctx->outfp, "\r\n--%s%s\r\n", boundary, last?"--":""); + return es_ferror (ctx->outfp)? gpg_error_from_syserror () : 0; +} + + +/* Fixme: Apply required encoding. */ +static gpg_error_t +write_body (mime_maker_t ctx, const void *body, size_t bodylen) +{ + const char *s; + + for (s = body; bodylen; s++, bodylen--) + { + if (*s == '\n' && !(s > (const char *)body && s[-1] == '\r')) + es_fputc ('\r', ctx->outfp); + es_fputc (*s, ctx->outfp); + } + + return es_ferror (ctx->outfp)? gpg_error_from_syserror () : 0; } @@ -572,33 +638,39 @@ write_tree (mime_maker_t ctx, part_t parent, part_t part) for (hdr = part->headers; hdr; hdr = hdr->next) { if (part->child && !strcmp (hdr->name, "Content-Type")) - write_ct_with_boundary (ctx, hdr->value, part->boundary); + err = write_header (ctx, hdr->name, hdr->value, part->boundary); else - es_fprintf (ctx->outfp, "%s: %s\n", hdr->name, hdr->value); + err = write_header (ctx, hdr->name, hdr->value, NULL); + if (err) + return err; } - es_fputc ('\n', ctx->outfp); + err = write_gap (ctx); + if (err) + return err; if (part->body) { - if (es_write (ctx->outfp, part->body, part->bodylen, NULL)) - return gpg_error_from_syserror (); + err = write_body (ctx, part->body, part->bodylen); + if (err) + return err; } if (part->child) { log_assert (part->boundary); - if (es_fprintf (ctx->outfp, "\n--%s\n", part->boundary) < 0) - return gpg_error_from_syserror (); - err = write_tree (ctx, part, part->child); + err = write_boundary (ctx, part->boundary, 0); + if (!err) + err = write_tree (ctx, part, part->child); + if (!err) + err = write_boundary (ctx, part->boundary, 1); if (err) return err; - if (es_fprintf (ctx->outfp, "\n--%s--\n", part->boundary) < 0) - return gpg_error_from_syserror (); } if (part->next) { log_assert (parent && parent->boundary); - if (es_fprintf (ctx->outfp, "\n--%s\n", parent->boundary) < 0) - return gpg_error_from_syserror (); + err = write_boundary (ctx, parent->boundary, 0); + if (err) + return err; } } return 0; diff --git a/tools/mime-maker.h b/tools/mime-maker.h index 39752db..2fac9c3 100644 --- a/tools/mime-maker.h +++ b/tools/mime-maker.h @@ -36,6 +36,7 @@ gpg_error_t mime_maker_add_body (mime_maker_t ctx, const char *string); gpg_error_t mime_maker_add_stream (mime_maker_t ctx, estream_t *stream_addr); gpg_error_t mime_maker_add_container (mime_maker_t ctx); gpg_error_t mime_maker_end_container (mime_maker_t ctx); +unsigned int mime_maker_get_partid (mime_maker_t ctx); gpg_error_t mime_maker_make (mime_maker_t ctx, estream_t fp); commit 95d60c6ce9e8a7a7741553af957978c1f91547c5 Author: Werner Koch Date: Thu Sep 29 10:20:38 2016 +0200 tools: Simplify the mime-maker container creation. * tools/mime-maker.c (struct part_s): Remove field MEDIATYPE. (release_parts): Ditto. (dump_parts): Print a body line only if tehre is a body. (mime_maker_add_header): Check for body or container. (mime_maker_add_container): Remove arg MEDIATYPE. Change all callers. (mime_maker_end_container): New. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 660d1bd..143dbc8 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -689,7 +689,7 @@ send_confirmation_response (const char *sender, const char *address, "protocol=\"application/pgp-encrypted\""); if (err) goto leave; - err = mime_maker_add_container (mime, "multipart/encrypted"); + err = mime_maker_add_container (mime); if (err) goto leave; diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 678000c..96e5e05 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -1007,7 +1007,7 @@ send_confirmation_request (server_ctx_t ctx, "protocol=\"application/pgp-encrypted\""); if (err) goto leave; - err = mime_maker_add_container (mime, "multipart/encrypted"); + err = mime_maker_add_container (mime); if (err) goto leave; @@ -1214,7 +1214,7 @@ send_congratulation_message (const char *mbox, const char *keyfile) "protocol=\"application/pgp-encrypted\""); if (err) goto leave; - err = mime_maker_add_container (mime, "multipart/encrypted"); + err = mime_maker_add_container (mime); if (err) goto leave; diff --git a/tools/mime-maker.c b/tools/mime-maker.c index 2318891..07783d9 100644 --- a/tools/mime-maker.c +++ b/tools/mime-maker.c @@ -48,7 +48,6 @@ struct part_s { struct part_s *next; /* Next part in the current container. */ struct part_s *child; /* Child container. */ - char *mediatype; /* Mediatype of the container (malloced). */ char *boundary; /* Malloced boundary string. */ header_t headers; /* List of headers. */ header_t *headers_tail;/* Address of last header in chain. */ @@ -114,7 +113,6 @@ release_parts (part_t part) part->headers = hdrnext; } release_parts (part->child); - xfree (part->mediatype); xfree (part->boundary); xfree (part->body); xfree (part); @@ -166,7 +164,8 @@ dump_parts (part_t part, int level) { log_debug ("%*s%s: %s\n", level*2, "", hdr->name, hdr->value); } - log_debug ("%*s[body %zu bytes]\n", level*2, "", part->bodylen); + if (part->body) + log_debug ("%*s[body %zu bytes]\n", level*2, "", part->bodylen); if (part->child) { log_debug ("%*s[container]\n", level*2, ""); @@ -378,13 +377,13 @@ mime_maker_add_header (mime_maker_t ctx, const char *name, const char *value) return err; part = ctx->current_part; - if (part->body && !parent) + if ((part->body || part->child) && !parent) { /* We already have a body but no parent. Adding another part is * thus not possible. */ return gpg_error (GPG_ERR_CONFLICT); } - if (part->body) + if (part->body || part->child) { /* We already have a body and there is a parent. We now append * a new part to the current container. */ @@ -474,61 +473,36 @@ mime_maker_add_stream (mime_maker_t ctx, estream_t *stream_addr) } -/* Add a new MIME container. The caller needs to provide the media - * and media-subtype in MEDIATYPE. If MEDIATYPE is NULL - * "multipart/mixed" is assumed. This function will then add a - * Content-Type header with that media type and an approriate boundary - * string to the parent part. */ +/* Add a new MIME container. A container can be used instead of a + * body. */ gpg_error_t -mime_maker_add_container (mime_maker_t ctx, const char *mediatype) +mime_maker_add_container (mime_maker_t ctx) { gpg_error_t err; part_t part; - if (!mediatype) - mediatype = "multipart/mixed"; - err = ensure_part (ctx, NULL); if (err) return err; part = ctx->current_part; + if (part->body) return gpg_error (GPG_ERR_CONFLICT); /* There is already a body. */ - if (part->child || part->mediatype || part->boundary) + if (part->child || part->boundary) return gpg_error (GPG_ERR_CONFLICT); /* There is already a container. */ - /* If a content type has not yet been set, do it now. The boundary - * will be added while writing the headers. */ - if (!have_header (ctx->mail, "Content-Type")) - { - err = add_header (ctx->mail, "Content-Type", mediatype); - if (err) - return err; - } - /* Create a child node. */ part->child = xtrycalloc (1, sizeof *part->child); if (!part->child) return gpg_error_from_syserror (); part->child->headers_tail = &part->child->headers; - part->mediatype = xtrystrdup (mediatype); - if (!part->mediatype) - { - err = gpg_error_from_syserror (); - xfree (part->child); - part->child = NULL; - return err; - } - part->boundary = generate_boundary (ctx); if (!part->boundary) { err = gpg_error_from_syserror (); xfree (part->child); part->child = NULL; - xfree (part->mediatype); - part->mediatype = NULL; return err; } @@ -539,6 +513,25 @@ mime_maker_add_container (mime_maker_t ctx, const char *mediatype) } +/* Finish the current container. */ +gpg_error_t +mime_maker_end_container (mime_maker_t ctx) +{ + gpg_error_t err; + part_t parent; + + err = ensure_part (ctx, &parent); + if (err) + return err; + if (!parent) + return gpg_error (GPG_ERR_CONFLICT); /* No container. */ + while (parent->next) + parent = parent->next; + ctx->current_part = parent; + return 0; +} + + /* Write the Content-Type header with the boundary value. */ static gpg_error_t write_ct_with_boundary (mime_maker_t ctx, @@ -647,7 +640,7 @@ add_missing_headers (mime_maker_t ctx) } -/* Create message from the tree MIME and write it to FP. Noet that +/* Create message from the tree MIME and write it to FP. Note that * the output uses only a LF and a later called sendmail(1) is * expected to convert them to network line endings. */ gpg_error_t diff --git a/tools/mime-maker.h b/tools/mime-maker.h index b21f7dd..39752db 100644 --- a/tools/mime-maker.h +++ b/tools/mime-maker.h @@ -34,7 +34,8 @@ gpg_error_t mime_maker_add_header (mime_maker_t ctx, const char *name, const char *value); gpg_error_t mime_maker_add_body (mime_maker_t ctx, const char *string); gpg_error_t mime_maker_add_stream (mime_maker_t ctx, estream_t *stream_addr); -gpg_error_t mime_maker_add_container (mime_maker_t ctx, const char *mediatype); +gpg_error_t mime_maker_add_container (mime_maker_t ctx); +gpg_error_t mime_maker_end_container (mime_maker_t ctx); gpg_error_t mime_maker_make (mime_maker_t ctx, estream_t fp); commit 4ac138c84d0f344ca9442f90c96f0e1f76062a4a Author: Werner Koch Date: Thu Sep 29 08:11:32 2016 +0200 tools: Give mime parser callbacks access to the rfc822 parser. * tools/mime-parser.c (mime_parser_context_s): Add field MSG. (parse_message_cb): Set it. (mime_parser_rfc822parser): New. * tools/mime-parser.h: Declare rfc822parse_t for the new prototype. Signed-off-by: Werner Koch diff --git a/tools/mime-parser.c b/tools/mime-parser.c index 7ac3c69..0ca5452 100644 --- a/tools/mime-parser.c +++ b/tools/mime-parser.c @@ -64,6 +64,9 @@ struct mime_parser_context_s /* The callback to collect a signature. */ gpg_error_t (*collect_signature) (void *cookie, const char *data); + /* The RFC822 parser context is stored here during callbacks. */ + rfc822parse_t msg; + /* Helper to convey error codes from user callbacks. */ gpg_error_t err; @@ -189,6 +192,9 @@ parse_message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg) const char *s; int rc = 0; + /* Make the RFC822 parser context availabale for callbacks. */ + ctx->msg = msg; + if (ctx->debug) show_message_parser_event (event); @@ -475,6 +481,8 @@ parse_message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg) } } + ctx->msg = NULL; + return rc; } @@ -599,6 +607,15 @@ mime_parser_set_collect_signature (mime_parser_t ctx, } +/* Return the RFC888 parser context. This is only available inside a + * callback. */ +rfc822parse_t +mime_parser_rfc822parser (mime_parser_t ctx) +{ + return ctx->msg; +} + + /* Read and parse a message from FP and call the appropriate * callbacks. */ gpg_error_t diff --git a/tools/mime-parser.h b/tools/mime-parser.h index ab0d792..b217a2c 100644 --- a/tools/mime-parser.h +++ b/tools/mime-parser.h @@ -48,5 +48,12 @@ void mime_parser_set_collect_signature (mime_parser_t ctx, gpg_error_t mime_parser_parse (mime_parser_t ctx, estream_t fp); +/* Duplicated declaration of the RFC822 parser context. */ +struct rfc822parse_context; +typedef struct rfc822parse_context *rfc822parse_t; + +rfc822parse_t mime_parser_rfc822parser (mime_parser_t ctx); + + #endif /*GNUPG_MIME_PARSER_H*/ ----------------------------------------------------------------------- Summary of changes: tools/gpg-wks-client.c | 149 +++++++++++++++++++++++++-- tools/gpg-wks-server.c | 241 ++++++++++++++++++++++++++++++++++++------- tools/gpg-wks.h | 13 ++- tools/mime-maker.c | 272 ++++++++++++++++++++++++++++++++++++------------- tools/mime-maker.h | 6 +- tools/mime-parser.c | 75 ++++++++++---- tools/mime-parser.h | 7 ++ tools/wks-receive.c | 75 +++++++++++--- 8 files changed, 688 insertions(+), 150 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 30 11:02:22 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 30 Sep 2016 11:02:22 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-182-g8d37018 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8d37018050373a47566bf8ea0d894da20ed292c7 (commit) from 33800280da55a859e08dfa57f29144c89dd1bead (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8d37018050373a47566bf8ea0d894da20ed292c7 Author: Justus Winter Date: Fri Sep 30 10:57:32 2016 +0200 w32: Fix STARTTLS on LDAP connections. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against . GnuPG-bug-id: 1338 Debian-bug-id: 623526 Fixes-commit: 9e6f8a55 Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 9b9efc7..baed6cd 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -519,6 +519,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, /* XXX: We need an option to determine whether to abort if the certificate is bad or not. Right now we conservatively default to checking the certificate and aborting. */ +#ifndef HAVE_W32_SYSTEM int check_cert = LDAP_OPT_X_TLS_HARD; /* LDAP_OPT_X_TLS_NEVER */ err = ldap_set_option (ldap_conn, @@ -528,8 +529,21 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, log_error ("Failed to set TLS option on LDAP connection.\n"); goto out; } +#else + /* On Windows, the certificates are checked by default. If the + option to disable checking mentioned above is ever + implemented, the way to do that on Windows is to install a + callback routine using ldap_set_option (.., + LDAP_OPT_SERVER_CERTIFICATE, ..); */ +#endif - err = ldap_start_tls_s (ldap_conn, NULL, NULL); + err = ldap_start_tls_s (ldap_conn, +#ifdef HAVE_W32_SYSTEM + /* ServerReturnValue, result */ + NULL, NULL, +#endif + /* ServerControls, ClientControls */ + NULL, NULL); if (err) { log_error ("Failed to connect to LDAP server with TLS.\n"); ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-engine-ldap.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 30 15:05:29 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 30 Sep 2016 15:05:29 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-183-ge11686f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e11686f973b35869d7b299ce4726003ac22e2e3a (commit) from 8d37018050373a47566bf8ea0d894da20ed292c7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e11686f973b35869d7b299ce4726003ac22e2e3a Author: Justus Winter Date: Thu Sep 15 14:47:00 2016 +0200 agent: Enable restricted, browser, and ssh socket by default. * agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and 'browser-socket', enable ssh socket by default, but do not emit the 'SSH_AUTH_SOCK' variable unless it has been explicitly requested. * configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions. * doc/gpg-agent.texi: Update documentation. -- This change enables the restricted, browser, and ssh socket by default. Note that in all cases, the user has to do some additional configuration to her setup to make use of these features. Therefore, this should not break any existing setups, but makes it simpler to discover and use these features. Signed-off-by: Justus Winter diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index d3c3891..4dda44c 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1045,6 +1045,18 @@ main (int argc, char **argv ) agent_exit (0); } + if (! opt.extra_socket) + { + opt.extra_socket = 1; /* (1 = points into r/o section) */ + socket_name_extra = GPG_AGENT_EXTRA_SOCK_NAME; + } + + if (! opt.browser_socket) + { + opt.browser_socket = 1; /* (1 = points into r/o section) */ + socket_name_browser = GPG_AGENT_BROWSER_SOCK_NAME; + } + set_debug (); if (atexit (cleanup)) @@ -1241,13 +1253,10 @@ main (int argc, char **argv ) &socket_nonce_browser); } - if (ssh_support) - { - socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1); - fd_ssh = create_server_socket (socket_name_ssh, 0, 1, - &redir_socket_name_ssh, - &socket_nonce_ssh); - } + socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1); + fd_ssh = create_server_socket (socket_name_ssh, 0, 1, + &redir_socket_name_ssh, + &socket_nonce_ssh); /* If we are going to exec a program in the parent, we record the PID, so that the child may check whether the program is @@ -1313,8 +1322,7 @@ main (int argc, char **argv ) *socket_name_extra = 0; if (opt.browser_socket) *socket_name_browser = 0; - if (ssh_support) - *socket_name_ssh = 0; + *socket_name_ssh = 0; if (argc) { /* Run the program given on the commandline. */ diff --git a/configure.ac b/configure.ac index fe432e8..85cd69a 100644 --- a/configure.ac +++ b/configure.ac @@ -1753,6 +1753,10 @@ AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool]) AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent", [The name of the agent socket]) +AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.rstrd", + [The name of the agent socket for remote access]) +AC_DEFINE_UNQUOTED(GPG_AGENT_BROWSER_SOCK_NAME, "S.gpg-agent.brwsr", + [The name of the agent socket for browsers]) AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh", [The name of the agent socket for ssh]) AC_DEFINE_UNQUOTED(DIRMNGR_INFO_NAME, "DIRMNGR_INFO", diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 53a6f78..8d86add 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -537,6 +537,9 @@ pinentry to pop up at the @code{tty} or display you started the agent. @anchor{option --extra-socket} @item --extra-socket @var{name} @opindex extra-socket +The extra socket is always created, you may use this option to change +the name of the socket. + Also listen on native gpg-agent connections on the given socket. The intended use for this extra socket is to setup a Unix domain socket forwarding from a remote machine to this socket on the local machine. @@ -552,7 +555,8 @@ remote machine. @opindex enable-ssh-support @opindex enable-putty-support -Enable the OpenSSH Agent protocol. +The OpenSSH Agent protocol is always enabled, but @command{gpg-agent} +will only set the @code{SSH_AUTH_SOCK} variable if this flag is given. In this mode of operation, the agent does not only implement the gpg-agent protocol, but also the agent protocol used by OpenSSH ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 26 +++++++++++++++++--------- configure.ac | 4 ++++ doc/gpg-agent.texi | 6 +++++- 3 files changed, 26 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 30 16:03:21 2016 From: cvs at cvs.gnupg.org (by Alon Bar-Lev) Date: Fri, 30 Sep 2016 16:03:21 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-24-g453ab9d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 453ab9d24ca48c9e01d21e1454d6b08de1938b76 (commit) via 68fb8371a1dd5f4e05e50b1733f9996d139cbf38 (commit) via d1509428f30c278ee7e99e2bca5559c5b2536721 (commit) from 7302791c0d308c3284ac24a743035d27a0c0b6ba (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 453ab9d24ca48c9e01d21e1454d6b08de1938b76 Author: Alon Bar-Lev Date: Thu Sep 29 10:30:58 2016 +0300 python: Link 'data.h' and 'config.h' into the builddir. * lang/python/Makefile.am: Link to the files. * lang/python/gpgme.i: Update path. * lang/python/setup.py.in: Do not add the top builddir to the include path. -- To make it easy to build the subpackage using standard tools without altering environment or CFLAGS, symlink the required artifacts from source tree into subpackage directory when preparing sources. Signed-off-by: Alon Bar-Lev diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index ea37da9..9cb99c4 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -46,22 +46,27 @@ COPY_FILES_PYME = \ # For VPATH builds we need to copy some files because Python's # distutils are not VPATH-aware. -copystamp: $(COPY_FILES) $(COPY_FILES_PYME) +copystamp: $(COPY_FILES) $(COPY_FILES_PYME) data.h config.h if test "$(srcdir)" != "$(builddir)" ; then \ cp -R $(COPY_FILES) . ; \ cp -R $(COPY_FILES_PYME) pyme ; \ fi touch $@ +data.h: + ln -s "$(top_srcdir)/src/data.h" + +config.h: + ln -s "$(top_builddir)/config.h" + all-local: copystamp for PYTHON in $(PYTHONS); do \ - CFLAGS="$(CFLAGS) -I$(top_srcdir)" \ - top_builddir="$(top_builddir)" \ + CFLAGS="$(CFLAGS)" \ $$PYTHON setup.py build --verbose ; \ done dist/pyme3-$(VERSION).tar.gz dist/pyme3-$(VERSION).tar.gz.asc: copystamp - CFLAGS="$(CFLAGS) -I$(top_srcdir)" \ + CFLAGS="$(CFLAGS)" \ $(PYTHON) setup.py sdist --verbose gpg2 --detach-sign --armor dist/pyme3-$(VERSION).tar.gz @@ -76,7 +81,7 @@ upload: dist/pyme3-$(VERSION).tar.gz dist/pyme3-$(VERSION).tar.gz.asc twine upload $^ CLEANFILES = gpgme.h errors.i gpgme_wrap.c pyme/gpgme.py \ - copystamp + data.h config.h copystamp # Remove the rest. # diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index eaeb4f8..5d074aa 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -183,7 +183,7 @@ representation of struct gpgme_data for an very efficient check if the buffer has been modified. */ %{ -#include "src/data.h" /* For struct gpgme_data. */ +#include "data.h" /* For struct gpgme_data. */ %} #endif diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index 7af2d48..4c41673 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -39,10 +39,6 @@ if os.path.exists("../../src/gpgme-config"): in_tree = True gpgme_config = ["../../src/gpgme-config"] + gpgme_config_flags gpgme_h = "../../src/gpgme.h" - if 'top_builddir' in os.environ: - include_dirs.append(os.environ['top_builddir']) - # Make sure that SWIG finds config.h when processing gpgme.i. - extra_swig_opts.append("-I{0}".format(os.environ['top_builddir'])) library_dirs = ["../../src/.libs"] # XXX uses libtool internals extra_macros.update( HAVE_CONFIG_H=1, commit 68fb8371a1dd5f4e05e50b1733f9996d139cbf38 Author: Alon Bar-Lev Date: Thu Sep 29 10:30:57 2016 +0300 python: Add 'prepare' target. * lang/python/Makefile.am: Add 'prepare' target. -- This enables preparing the package using autoconf then build using distutils as separate stage. Signed-off-by: Alon Bar-Lev diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 1d7aee8..ea37da9 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -65,6 +65,9 @@ dist/pyme3-$(VERSION).tar.gz dist/pyme3-$(VERSION).tar.gz.asc: copystamp $(PYTHON) setup.py sdist --verbose gpg2 --detach-sign --armor dist/pyme3-$(VERSION).tar.gz +.PHONY: prepare +prepare: copystamp + .PHONY: sdist sdist: dist/pyme3-$(VERSION).tar.gz dist/pyme3-$(VERSION).tar.gz.asc commit d1509428f30c278ee7e99e2bca5559c5b2536721 Author: Alon Bar-Lev Date: Thu Sep 29 10:30:56 2016 +0300 python: Make generated 'setup.py' executable. -- Signed-off-by: Alon Bar-Lev diff --git a/configure.ac b/configure.ac index 4a29f2f..efa1f19 100644 --- a/configure.ac +++ b/configure.ac @@ -886,9 +886,9 @@ AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd]) AM_COND_IF([HAVE_DOXYGEN], [AC_CONFIG_FILES([lang/qt/doc/Doxyfile])]) AC_CONFIG_FILES(lang/qt/doc/Makefile) AC_CONFIG_FILES([lang/python/Makefile - lang/python/setup.py lang/python/pyme/version.py lang/python/tests/Makefile]) +AC_CONFIG_FILES([lang/python/setup.py], [chmod a+x lang/python/setup.py]) AC_OUTPUT echo " ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- lang/python/Makefile.am | 18 +++++++++++++----- lang/python/gpgme.i | 2 +- lang/python/setup.py.in | 4 ---- 4 files changed, 15 insertions(+), 11 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 30 16:31:51 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 30 Sep 2016 16:31:51 +0200 Subject: [git] gnupg-doc - branch, master, updated. 83cb8037c27558e8de8bc62876a713562f491aed Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 83cb8037c27558e8de8bc62876a713562f491aed (commit) via 8b45e3c75e9577167ace97e5c5572f3e79c3f6d3 (commit) from 5eb502a5405d48057fdbebf683cf3c0c21540d25 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 83cb8037c27558e8de8bc62876a713562f491aed Author: Werner Koch Date: Fri Sep 30 16:28:55 2016 +0200 faq: Update HACKING. diff --git a/web/faq/HACKING.org b/web/faq/HACKING.org index fb71a91..5aec848 100644 --- a/web/faq/HACKING.org +++ b/web/faq/HACKING.org @@ -39,25 +39,31 @@ are delimited by a comma (e.g. =scd,w32:=). Commonly found keywords are - agent :: The gpg-agent component - - ssh :: The ssh-agent part of the agent - - common :: Code in common - - iobuf :: The IOBUF system in common - - gpg :: The gpg or gpgv components - - gpgsm :: The gpgsm component - - scd :: The scdaemon component + - build :: Changes to the build system - ccid :: The CCID driver in scdaemon + - common :: Code in common - dirmngr :: The dirmngr component - - w32 :: Windows related code + - doc :: Documentation changes + - gpg :: The gpg or gpgv components + - sm :: The gpgsm component (also "gpgsm") + - gpgscm :: The regression test driver + - indent :: Indentation and similar changes + - iobuf :: The IOBUF system in common - po :: Translations - - build :: Changes to the build system + - scd :: The scdaemon component - speedo :: Speedo build system specific changes - - doc :: Documentation changes + - ssh :: The ssh-agent part of the agent + - tests :: The regressions tests + - tools :: Other code in tools + - w32 :: Windows related code + - wks :: The web key service tools + - yat2m :: The yat2m tool. Typo fixes and documentation updates don't need a ChangeLog entry; thus you would use a commit message like #+begin_example -Fix typo in a comment +doc: Fix typo in a comment -- #+end_example @@ -74,7 +80,6 @@ do this after this scissor line: Note that such a comment will be removed if the git commit option =--cleanup=scissor= is used. - ** License policy GnuPG is licensed under the GPLv3+ with some files under a mixed @@ -127,30 +132,70 @@ Note that such a comment will be removed if the git commit option - Only certain C99 features may be used (see below); in general stick to C90. - Please do not use C++ =//= style comments. + - Do not use comments like: +#+begin_src + if (foo) + /* Now that we know that foo is true we can call bar. */ + bar (); +#+end_src + instead write the comment on the if line or before it. You may + also use a block and put the comment inside. + - Please use asterisks on the left of longer comments. This makes + it easier to read without syntax highlighting, on printouts, and + for blind people. - Try to fit lines into 80 columns. - Ignore signed/unsigned pointer mismatches - No arithmetic on void pointers; cast to char* first. + - Do not use +#+begin_src + if ( 42 == foo ) +#+end_src + this is harder to read and modern compilers are pretty good in + detecing accidential assignments. It is also suggested not to + compare to 0 or NULL but to test the value direct or with a '!'; + this makes it easier to see that a boolean test is done. - We use our own printf style functions like =es_printf=, and - =es_asprintf= which implement most C99 features with the exception - of =wchar_t= (which should anyway not be used). Please always use - them and do not resort to those provided by libc. The rationale - for using them is that we know that the format specifiers work on - all platforms and that we do not need to chase platform dependent - bugs. + =gpgrt_asprintf= (or the =es_asprintf= macro) which implement most + C99 features with the exception of =wchar_t= (which should anyway + not be used). Please use them always and do not resort to those + provided by libc. The rationale for using them is that we know + that the format specifiers work on all platforms and that we do + not need to chase platform dependent bugs. Note also that in + gnupg asprintf is a macro already evaluating to gpgrt_asprintf. - It is common to have a label named "leave" for a function's cleanup and return code. This helps with freeing memory and is a convenient location to set a breakpoint for debugging. - Always use xfree() instead of free(). If it is not easy to see that the freed variable is not anymore used, explicitly set the variable to NULL. + - New code shall in general use xtrymalloc or xtrycalloc and check + for an error (use gpg_error_from_errno()). - Init function local variables only if needed so that the compiler can do a better job in detecting uninitialized variables which may indicate a problem with the code. - Never init static or file local variables to 0 to make sure they end up in BSS. - - Use --enable-maintainer-mode with configure. + - Use --enable-maintainer-mode with configure so that all suitable + warnings are enabled. + +** Variable names + + Follow the GNU standards. Here are some conventions you may want to + stick to (do not rename existing "wrong" uses without a goog + reason). + + - err :: This conveys an error code of type =gpg_error_t= which is + compatible to an =int=. To compare such a variable to a + GPG_ERR_ constant, it is necessary to map the value like + this: =gpg_err_code(err)=. + - ec :: This is used for a gpg-error code which has no source part + (=gpg_err_code_t=) and will eventually be used as input to + =gpg_err_make=. + - rc :: Used for all kind of other errors; for example system + calls. The value is not compatible with gpg-error. + -** C99 language features +*** C99 language features In GnuPG 2.x, but *not in 1.4* and not in most libraries, a limited set of C99 features may be used: @@ -307,7 +352,7 @@ Note that such a comment will be removed if the git commit option and related constants - g10/openfile.c :: Create/Open Files - g10/keyserver.h :: Keyserver access dispatcher. - - g10/packet.h :: Defintion of OpenPGP structures. + - g10/packet.h :: Definition of OpenPGP structures. - g10/passphrase.c :: Passphrase handling code - g10/pubkey-enc.c :: Process a public key encoded packet. commit 8b45e3c75e9577167ace97e5c5572f3e79c3f6d3 Author: Werner Koch Date: Fri Sep 30 11:36:57 2016 +0200 drafts,openpgp-webkey-service: Correctly mark sentences. diff --git a/misc/id/openpgp-webkey-service/draft.org b/misc/id/openpgp-webkey-service/draft.org index 29b234e..e259279 100644 --- a/misc/id/openpgp-webkey-service/draft.org +++ b/misc/id/openpgp-webkey-service/draft.org @@ -67,7 +67,7 @@ * Abstract This specification describes a service to locate OpenPGP keys by mail -address using a Web service and the HTTPS protocol. It also provides a +address using a Web service and the HTTPS protocol. It also provides a method for secure communication between the key owner and the mail provider to publish and revoke the public key. @@ -77,7 +77,7 @@ provider to publish and revoke the public key. This memo describes a method to associate OpenPGP keys with a mail address and how to look them up using a web service with a well-known -URI. In addition a mail based protocol is given to allow a client to +URI. In addition a mail based protocol is given to allow a client to setup such an association and to maintain it. * Notational Conventions @@ -89,17 +89,17 @@ document are to be interpreted as described in {{{RFC(2119)}}}. * Web Key Directory -A major use case for OpenPGP is the encryption of mail. A common +A major use case for OpenPGP is the encryption of mail. A common difficulty of sending encrypted mails to a new communication partner is -to find the appropriate public key of the recipient. Unless an +to find the appropriate public key of the recipient. Unless an off-channel key exchange has been done, there are no easy ways to -discover the required key. The common practice is to search the network +discover the required key. The common practice is to search the network of public key servers for a key matching the recipient's mail address. This practise bears the problem that the keyservers are not able to give a positive confirmation that a key actually belongs to the mail -addresses given in the key. Further, there are often several keys +addresses given in the key. Further, there are often several keys matching a mail address and thus one needs to pick a key on good luck. -This is clearly not a secure way to setup an end-to-end encryption. Even +This is clearly not a secure way to setup an end-to-end encryption. Even if the need for a trusted key for an initial mail message is relinquished, a non-authenticated key may be a wrong one and the actual recipient would receive a mail which she can't decrypt, due to the use @@ -116,11 +116,11 @@ the initial mail, an extra mail round-trip, and problems with unattended key discovery. The latter method works fine but requires that mail providers need to -set up a separate DNS resolver to provide the key. The administration of -a DNS zone is often not in the hands of small mail installations. Thus +set up a separate DNS resolver to provide the key. The administration of +a DNS zone is often not in the hands of small mail installations. Thus an update of the DNS resource records needs to be delegated to the ISP -running the DNS service. Further, DNS lookups are not encrypted and -missing all confidentially. Even if the participating MUAs are using +running the DNS service. Further, DNS lookups are not encrypted and +missing all confidentially. Even if the participating MUAs are using STARTTLS to encrypt the mail exchange, a DNS lookup for the key unnecessarily identifies the local-part of the recipients mail address to any passive eavesdroppers. @@ -132,25 +132,25 @@ https connection. Although URIs are able to encode all kind of characters, straightforward implementations of a key directory may want to store the "local-part" of -a mail address directly in the file system. This forbids the use of -certain characters in the "local-part". To allow for such an +a mail address directly in the file system. This forbids the use of +certain characters in the "local-part". To allow for such an implementation method the URI uses an encoded form of the "local-part" which can be directly mapped to a file name. OpenPGP defines its User IDs, and thus the mail address, as UTF-8 -strings. To help with the common pattern of using capitalized names +strings. To help with the common pattern of using capitalized names (e.g. "Joe.Doe at example.org") for mail addresses, and under the premise that almost all MTAs treat the "local-part" case-insensitive and that the "domain-part" is required to be compared case-insensitive anyway, all upper-case ASCII characters in a User ID are mapped to lowercase. Non-ASCII characters are not changed. -The so mapped "local-part" is hashed using the SHA-1 algorithm. The +The so mapped "local-part" is hashed using the SHA-1 algorithm. The resulting 160 bit digest is encoded using the Z-Base-32 method as -described in {{{RFC(6189)}}}, section 5.1.6. The resulting string has a -fixed length of 32 octets. To form the URI, the scheme +described in {{{RFC(6189)}}}, section 5.1.6. The resulting string has a +fixed length of 32 octets. To form the URI, the scheme {{{https_scheme}}} is concatenated with the mapped "domain-part", the -fixed string ~./well-known/openpgpkey/hu/~, and the above constructed +fixed string ~/.well-known/openpgpkey/hu/~, and the above constructed 32 octet string. For example the URI to lookup the key for Joe.Doe at Example.ORG is: @@ -163,32 +163,32 @@ For example the URI to lookup the key for Joe.Doe at Example.ORG is: (line has been wrapped for rendering purposes) The HTTP GET method MUST return the binary representation of the OpenPGP -key for the given mail address. The key needs to carry a User ID packet -({{{RFC(4880)}}}) with that mail address. Note that the key may be +key for the given mail address. The key needs to carry a User ID packet +({{{RFC(4880)}}}) with that mail address. Note that the key may be revoked or expired - it is up to the client to handle such conditions. The server MUST also accept a HEAD method so that a client may only check for the existence of a key. -The server SHOULD return "application/octet-string" as the content-type -for the data but clients MAY also accept any other appropriate -content-type. The server MUST NOT return an ASCII armored version of the -key. +The server SHOULD return "application/octet-string" as the +content-type for the data but clients SHOULD also accept any other +content-type. The server MUST NOT return an ASCII armored version of +the key. * Web Key Directory Update Protocol To put keys into the key directory a protocol to automate the task is -desirable. The protocol defined here is entirely based on mail and the -assumption that a mail provider can securely deliver mail to the INBOX -of a user (e.g. an IMAP folder). Note that the same protocol may also be -used for submitting keys for use with OpenPGP DANE. +desirable. The protocol defined here is entirely based on mail and +the assumption that a mail provider can securely deliver mail to the +INBOX of a user (e.g. an IMAP folder). Note that the same protocol +may also be used for submitting keys for use with OpenPGP DANE. We assume that the user already created a key for her mail account -alice at example.org. To install the key at her provider's Web Key +alice at example.org. To install the key at her provider's Web Key Directory, she performs the following steps: 1. She retrieves a file which contains one line with the mail address - used to submit the key to the mail provider. See below for the syntax - of that file. For a mail address at the domain "example.org" the URI + used to submit the key to the mail provider. See below for the syntax + of that file. For a mail address at the domain "example.org" the URI of the file is #+begin_example https://example.org/.well-known/openpgpkey/submission-address @@ -202,30 +202,30 @@ Directory, she performs the following steps: an account name of the provider. 4. The provider sends an encrypted message containing a nonce and the - fingerprint of the key to the mail account of the user. Note that a + fingerprint of the key to the mail account of the user. Note that a similar scheme is used by the well known caff(1) tool to help with key signing parties. 5. A legitimate user will be able to decrypt the message because she - created the key and is in charge of the private key. This step + created the key and is in charge of the private key. This step verifies that the submitted key has actually been created by the owner of the account. -6. The user sends the decrypted nonce back to the submission address as - a confirmation that the private key is owned by her and that the - provider may now publish the key. Also technically not required, it - is suggested that the mail to the provider is encrypted. The public - key for this is retrieved using the key lookup protocol described - above. +6. The user sends the decrypted nonce back to the submission address + as a confirmation that the private key is owned by her and that the + provider may now publish the key. Although technically not + required, it is suggested that the mail to the provider is + encrypted. The public key for this is retrieved using the key + lookup protocol described above. 7. The provider receives the nonce, matches it with its database of - pending confirmations and then publishes the key. Finally the - provider sends a mail back to the user to notify her of the the + pending confirmations and then publishes the key. Finally the + provider sends a mail back to the user to notify her of the publication of her key. The message data structures used for the above protocol are specified in -detail below. In the following sections the string "WELLKNOWN" denotes -the first part of an URI specific for a domain. In the examples the +detail below. In the following sections the string "WELLKNOWN" denotes +the first part of an URI specific for a domain. In the examples the domain "example.org" is assumed, thus #+BEGIN_EXAMPLE @@ -246,7 +246,7 @@ The address of the submission file is The file consists of exactly one line, terminated by a LF, or the sequence of CR and LF, with the full mail address to be used for -submission of a key to the mail provider. For example the content of the +submission of a key to the mail provider. For example the content of the file may be #+BEGIN_EXAMPLE @@ -265,25 +265,25 @@ transferable Public Key Packets as defined in {{{RFC(4880)}}}, section If the mail provider has published an encryption key for the submission-address in the Web Key Directory, the key to be published MUST be submitted using a PGP/MIME encrypted message ({{{RFC(3156)}}}, -section 4). The message MUST NOT be signed (because the authenticity of -the signing key has not yet been confirmed). After decryption of the +section 4). The message MUST NOT be signed (because the authenticity of +the signing key has not yet been confirmed). After decryption of the message at the mail provider a single "application/pgp-keys" part, as specified above, is expected. ** The Confirmation Request The mail provider sends a confirmation mail in response to a received -key publication request. The message SHOULD be sent from the +key publication request. The message SHOULD be sent from the submission-address of the mail provider to the mail address extracted -from the target key. The message needs to be encrypted to the target key -and MAY be signed by the submission key. PGP/MIME MUST be used for +from the target key. The message needs to be encrypted to the target key +and MAY be signed by the submission key. PGP/MIME MUST be used for encryption and signing; the Combined method ({{{RFC(3156)}}}, section 6.2) MUST be used if the message is to be signed. The Content-type used for the plaintext part MUST be -"application/vnd.gnupg.wkd". The body consists of name-value pairs with -one name-value pair per LF or CR+LF terminated line. Empty lines are -allowed and will be ignored by the receiver. A colon is used to +"application/vnd.gnupg.wkd". The body consists of name-value pairs with +one name-value pair per LF or CR+LF terminated line. Empty lines are +allowed and will be ignored by the receiver. A colon is used to terminate a name. In a confirmation request the following names MUST be send in the @@ -292,30 +292,30 @@ specified order: - "type" :: The value must be "confirmation-request". - "sender" :: This is the mailbox the user is expected to sent the - confirmation response to. The value must match the + confirmation response to. The value must match the mailbox part of the "From:" address of this - request. Exactly one address MUST be given. + request. Exactly one address MUST be given. - "address" :: The value is the addr-spec part of the target key's - mail address. The value SHOULD match the addr-spec part - of the recipient's address. The value MUST be UTF-8 + mail address. The value SHOULD match the addr-spec part + of the recipient's address. The value MUST be UTF-8 encoded as required for an OpenPGP User ID. -- "fingerprint" :: The value is the fingerprint of the target key. The +- "fingerprint" :: The value is the fingerprint of the target key. The fingerprint is given in uppercase hex encoding without any interleaving spaces. - "nonce" :: The value is a string with a minimum length of 16 octets - and a maximum length of 64 octets. The string must + and a maximum length of 64 octets. The string must entirely be made up of random ASCII letters or - digits. This nonce will be sent back to the mail provider + digits. This nonce will be sent back to the mail provider as proof that the recipient is the legitimate owner of the target-key. The receiver of the message decrypts the message, checks that the "fingerprint" matches the target key, checks that the "address" matches a User ID of the target key, and checks the other constrains of the -request format. If any constraint is not asserted, or the fingerprint or +request format. If any constraint is not asserted, or the fingerprint or User ID do not match the target key, or there is no pending publication requests (i.e. a mail recently sent o the submission address), the user MAY be notified about this fake confirmation attempt. @@ -326,27 +326,27 @@ silently send a response as described in the next section. ** The Confirmation Response A response to a confirmation request MUST only be send in the positive -case; there is no negative confirmation response. A mail service +case; there is no negative confirmation response. A mail service provider is expected to cancel a pending key submission after a suitable -time without a confirmation. The mail service provider SHOULD NOT retry +time without a confirmation. The mail service provider SHOULD NOT retry the sending of a confirmation request after the first request has been send successfully. The user MUST send the confirmation response from her target mail -address to the "from" address of the confirmation request. The message -MUST be signed and SHOULD be encrypted. The PGP/MIME Combined format +address to the "from" address of the confirmation request. The message +MUST be signed and SHOULD be encrypted. The PGP/MIME Combined format MUST be used for encryption and signing ({{{RFC(3156)}}}, section 6.2). The encryption key can be taken from the Web Key Directory. The Content-type used for the plaintext message MUST also be -"application/vnd.gnupg.wkd". The format is the same as described above -for the Confirmation Request. The body must contain three name-value +"application/vnd.gnupg.wkd". The format is the same as described above +for the Confirmation Request. The body must contain three name-value pairs in this order: - "type" :: The value must be "confirmation-response". - "sender" :: The value must match the mailbox part of the "From:" - address of this response. Exactly one address MUST be + address of this response. Exactly one address MUST be given. - "nonce" :: The value is the value of the "nonce" parameter from the @@ -355,7 +355,7 @@ pairs in this order: ** Policy Flags For key generation and submission it is sometimes useful to tell the -client about certain properties of the mail provider in advance. This +client about certain properties of the mail provider in advance. This can be done with a file at the URL #+BEGIN_EXAMPLE @@ -363,11 +363,11 @@ can be done with a file at the URL #+END_EXAMPLE The file contains keywords and optioanlly values, one per line with -each line terminated by a LF or the sequence of CR and LF. Empty lines +each line terminated by a LF or the sequence of CR and LF. Empty lines and lines starting with a '#' character are considered comment -lines. A keyword is made up of lowercase letters, digits, hyphens, or -dots. An underscore is allowed as a name space delimiters; see -below. The first character must be a letter. Keywords which are +lines. A keyword is made up of lowercase letters, digits, hyphens, or +dots. An underscore is allowed as a name space delimiters; see +below. The first character must be a letter. Keywords which are defined to require a value are directly followed by a colon and then after optional white space the value. Clients MUST use case-insensitive matching for the keyword. @@ -375,12 +375,12 @@ case-insensitive matching for the keyword. Currently defined keywords are: - "mailbox-only" :: The mail server provider does only accept keys - with only a mailbox in the User ID. In particular + with only a mailbox in the User ID. In particular User IDs with a real name in addition to the mailbox will be rejected as invalid. - "dane-only" :: The mail server provider does not run a Web Key - Directory but only an OpenPGP DANE service. The Web + Directory but only an OpenPGP DANE service. The Web Key Directory Update protocol is used to update the keys for the DANE service. @@ -390,7 +390,7 @@ Currently defined keywords are: any confirmation request. -More keywords will be defined in updates to this I-D. There is no +More keywords will be defined in updates to this I-D. There is no registry except for this document. For experimental use of new features or for provider specific settings, keywords MUST be prefixed with a domain name and an underscore. @@ -399,11 +399,11 @@ with a domain name and an underscore. The use of SHA-1 for the mapping of the "local-part" to a fixed string is not a security feature but merely used to map the local-part to a -fixed-sized string made from a well defined set of characters. It is not +fixed-sized string made from a well defined set of characters. It is not intended to conceal information about a mail address. The domain name part of the mail address is not part of the hash to -avoid problems with internationalized domain names. Instead a separate +avoid problems with internationalized domain names. Instead a separate web service is required for each domain name. * IANA Considerations ----------------------------------------------------------------------- Summary of changes: misc/id/openpgp-webkey-service/draft.org | 154 +++++++++++++++---------------- web/faq/HACKING.org | 85 +++++++++++++---- 2 files changed, 142 insertions(+), 97 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 30 17:54:32 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 30 Sep 2016 17:54:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-184-g6054e8a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6054e8aaecbd355bb7559697eecaadf2225189b8 (commit) from e11686f973b35869d7b299ce4726003ac22e2e3a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6054e8aaecbd355bb7559697eecaadf2225189b8 Author: Justus Winter Date: Fri Sep 30 12:34:31 2016 +0200 build: Fix build against libiconv. * agent/Makefile.am: Add INCICONV and LIBICONV. * common/Makefile.am: Likewise. * tools/Makefile.am: Likewise. Signed-off-by: Justus Winter diff --git a/agent/Makefile.am b/agent/Makefile.am index 1970088..ed0ed44 100644 --- a/agent/Makefile.am +++ b/agent/Makefile.am @@ -64,7 +64,8 @@ pwquery_libs = ../common/libsimple-pwquery.a endif -gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) +gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) \ + $(INCICONV) gpg_agent_LDADD = $(commonpth_libs) \ $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) \ @@ -76,7 +77,8 @@ gpg_protect_tool_SOURCES = \ protect-tool.c \ protect.c cvt-openpgp.c -gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) +gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) \ + $(INCICONV) gpg_protect_tool_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) diff --git a/common/Makefile.am b/common/Makefile.am index 9f151f2..960d1dc 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -177,7 +177,7 @@ endif t_extra_src = t-support.h t_common_cflags = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS) \ - $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) + $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV) t_common_ldadd = libcommon.a \ $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBINTL) $(LIBICONV) diff --git a/tools/Makefile.am b/tools/Makefile.am index b2a274f..42b023f 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -131,9 +131,10 @@ gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \ if !DISABLE_REGEX gpg_check_pattern_SOURCES = gpg-check-pattern.c -gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) +gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV) gpg_check_pattern_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ - $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) + $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) \ + $(LIBICONV) endif gpgtar_SOURCES = \ @@ -155,8 +156,9 @@ gpg_wks_server_SOURCES = \ mime-maker.c mime-maker.h \ send-mail.c send-mail.h -gpg_wks_server_CFLAGS = $(GPG_ERROR_CFLAGS) -gpg_wks_server_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) +gpg_wks_server_CFLAGS = $(GPG_ERROR_CFLAGS) $(INCICONV) +gpg_wks_server_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ + $(LIBICONV) gpg_wks_client_SOURCES = \ gpg-wks-client.c \ @@ -169,9 +171,10 @@ gpg_wks_client_SOURCES = \ send-mail.c send-mail.h \ call-dirmngr.c call-dirmngr.h -gpg_wks_client_CFLAGS = $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) +gpg_wks_client_CFLAGS = $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV) gpg_wks_client_LDADD = $(libcommon) \ - $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) + $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ + $(LIBICONV) # Make sure that all libs are build before we use them. This is ----------------------------------------------------------------------- Summary of changes: agent/Makefile.am | 6 ++++-- common/Makefile.am | 2 +- tools/Makefile.am | 15 +++++++++------ 3 files changed, 14 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 30 19:25:29 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 30 Sep 2016 19:25:29 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-187-g80cc16e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 80cc16e0728256f6b07a12980e1f3512cf2324fa (commit) via 95cf7afff074613825f4442fa131145a2c0d3cf7 (commit) via de67055aff916455cec89fab1d95177d3b383008 (commit) from 6054e8aaecbd355bb7559697eecaadf2225189b8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 80cc16e0728256f6b07a12980e1f3512cf2324fa Author: Werner Koch Date: Fri Sep 30 19:21:51 2016 +0200 agent: Create the extra sockets in the standard socket dir. * agent/gpg-agent.c (main): Take the socketdir in account for the default sockets. * tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and "agent-browser-socket". Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index d3f203b..15202ac 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1047,8 +1047,7 @@ main (int argc, char **argv ) if (! opt.extra_socket) { - opt.extra_socket = 1; /* (1 = points into r/o section) */ - socket_name_extra = GPG_AGENT_EXTRA_SOCK_NAME; + opt.extra_socket = 1; } else if (socket_name_extra && (!strcmp (socket_name_extra, "none") @@ -1061,8 +1060,7 @@ main (int argc, char **argv ) if (! opt.browser_socket) { - opt.browser_socket = 1; /* (1 = points into r/o section) */ - socket_name_browser = GPG_AGENT_BROWSER_SOCK_NAME; + opt.browser_socket = 1; } else if (socket_name_browser && (!strcmp (socket_name_browser, "none") @@ -1253,7 +1251,11 @@ main (int argc, char **argv ) if (opt.extra_socket) { - socket_name_extra = create_socket_name (socket_name_extra, 0); + if (socket_name_extra) + socket_name_extra = create_socket_name (socket_name_extra, 0); + else + socket_name_extra = create_socket_name + /**/ (GPG_AGENT_EXTRA_SOCK_NAME, 1); opt.extra_socket = 2; /* Indicate that it has been malloced. */ fd_extra = create_server_socket (socket_name_extra, 0, 0, &redir_socket_name_extra, @@ -1262,7 +1264,11 @@ main (int argc, char **argv ) if (opt.browser_socket) { - socket_name_browser = create_socket_name (socket_name_browser, 0); + if (socket_name_browser) + socket_name_browser = create_socket_name (socket_name_browser, 0); + else + socket_name_browser= create_socket_name + /**/ (GPG_AGENT_BROWSER_SOCK_NAME, 1); opt.browser_socket = 2; /* Indicate that it has been malloced. */ fd_browser = create_server_socket (socket_name_browser, 0, 0, &redir_socket_name_browser, diff --git a/tools/gpgconf.c b/tools/gpgconf.c index bdebadb..a1ca79f 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -166,6 +166,8 @@ list_dirs (estream_t fp, char **names) { "socketdir", gnupg_socketdir, NULL }, { "dirmngr-socket", dirmngr_socket_name, NULL,}, { "agent-ssh-socket", gnupg_socketdir, GPG_AGENT_SSH_SOCK_NAME }, + { "agent-extra-socket", gnupg_socketdir, GPG_AGENT_EXTRA_SOCK_NAME }, + { "agent-browser-socket",gnupg_socketdir, GPG_AGENT_BROWSER_SOCK_NAME }, { "agent-socket", gnupg_socketdir, GPG_AGENT_SOCK_NAME }, { "homedir", gnupg_homedir, NULL } }; commit 95cf7afff074613825f4442fa131145a2c0d3cf7 Author: Werner Koch Date: Fri Sep 30 18:49:16 2016 +0200 agent: Kludge to allow disabling of the extra sockets. * agent/gpg-agent.c (main): Check for special socket names. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 4dda44c..d3f203b 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1050,12 +1050,28 @@ main (int argc, char **argv ) opt.extra_socket = 1; /* (1 = points into r/o section) */ socket_name_extra = GPG_AGENT_EXTRA_SOCK_NAME; } + else if (socket_name_extra + && (!strcmp (socket_name_extra, "none") + || !strcmp (socket_name_extra, "/dev/null"))) + { + /* User requested not to create this socket. */ + opt.extra_socket = 0; + socket_name_extra = NULL; + } if (! opt.browser_socket) { opt.browser_socket = 1; /* (1 = points into r/o section) */ socket_name_browser = GPG_AGENT_BROWSER_SOCK_NAME; } + else if (socket_name_browser + && (!strcmp (socket_name_browser, "none") + || !strcmp (socket_name_browser, "/dev/null"))) + { + /* User requested not to create this socket. */ + opt.browser_socket = 0; + socket_name_browser = NULL; + } set_debug (); diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 8d86add..0bb7db2 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -537,8 +537,9 @@ pinentry to pop up at the @code{tty} or display you started the agent. @anchor{option --extra-socket} @item --extra-socket @var{name} @opindex extra-socket -The extra socket is always created, you may use this option to change -the name of the socket. +The extra socket is created by default, you may use this option to +change the name of the socket. To disable the creation of the socket +use ``none'' or ``/dev/null'' for @var{name}. Also listen on native gpg-agent connections on the given socket. The intended use for this extra socket is to setup a Unix domain socket commit de67055aff916455cec89fab1d95177d3b383008 Author: Werner Koch Date: Fri Sep 30 16:58:10 2016 +0200 wks: Avoid long trustdb checks. * tools/wks-receive.c (verify_signature): Use --always-trust. Signed-off-by: Werner Koch diff --git a/tools/wks-receive.c b/tools/wks-receive.c index 0deca9b..7292cff 100644 --- a/tools/wks-receive.c +++ b/tools/wks-receive.c @@ -164,6 +164,7 @@ verify_signature (receive_ctx_t ctx) ccparray_put (&ccp, "--verbose"); ccparray_put (&ccp, "--enable-special-filenames"); ccparray_put (&ccp, "--status-fd=2"); + ccparray_put (&ccp, "--always-trust"); /* To avoid trustdb checks. */ ccparray_put (&ccp, "--verify"); ccparray_put (&ccp, "--"); ccparray_put (&ccp, "-&@INEXTRA@"); ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 34 ++++++++++++++++++++++++++++------ doc/gpg-agent.texi | 5 +++-- tools/gpgconf.c | 2 ++ tools/wks-receive.c | 1 + 4 files changed, 34 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 30 19:41:04 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 30 Sep 2016 19:41:04 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-188-ga43739a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a43739a2456a38c01704d8a52dca441055e29bc6 (commit) from 80cc16e0728256f6b07a12980e1f3512cf2324fa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a43739a2456a38c01704d8a52dca441055e29bc6 Author: Werner Koch Date: Fri Sep 30 19:38:03 2016 +0200 agent: Remove the warning for the GKR hijacking. * g10/call-agent.c (check_hijacking): Remove. (start_agent): Remove call. Signed-off-by: Werner Koch diff --git a/g10/call-agent.c b/g10/call-agent.c index 93c9b56..0fb392c 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -189,69 +189,6 @@ default_inq_cb (void *opaque, const char *line) } -/* Check whether gnome-keyring hijacked the gpg-agent. */ -static void -check_hijacking (assuan_context_t ctx) -{ - membuf_t mb; - char *string; - - init_membuf (&mb, 64); - - /* AGENT_ID is a command implemented by gnome-keyring-daemon. It - does not return any data but an OK line with a remark. */ - if (assuan_transact (ctx, "AGENT_ID", - put_membuf_cb, &mb, NULL, NULL, NULL, NULL)) - { - xfree (get_membuf (&mb, NULL)); - return; /* Error - Probably not hijacked. */ - } - put_membuf (&mb, "", 1); - string = get_membuf (&mb, NULL); - if (!string || !*string) - { - /* Definitely hijacked - show a warning prompt. */ - static int shown; - const char warn1[] = - "The GNOME keyring manager hijacked the GnuPG agent."; - const char warn2[] = - "GnuPG will not work properly - please configure that " - "tool to not interfere with the GnuPG system!"; - log_info ("WARNING: %s\n", warn1); - log_info ("WARNING: %s\n", warn2); - /* (GPG_ERR_SOURCRE_GPG, GPG_ERR_NO_AGENT) */ - write_status_text (STATUS_ERROR, "check_hijacking 33554509"); - xfree (string); - string = strconcat (warn1, "\n\n", warn2, NULL); - if (string && !shown && !opt.batch) - { - /* NB: The Pinentry based prompt will only work if a - gnome-keyring manager passes invalid commands on to the - original gpg-agent. */ - char *cmd, *cmdargs; - - cmdargs = percent_plus_escape (string); - cmd = strconcat ("GET_CONFIRMATION ", cmdargs, NULL); - xfree (cmdargs); - if (cmd) - { - struct default_inq_parm_s dfltparm; - - memset (&dfltparm, 0, sizeof dfltparm); - dfltparm.ctx = ctx; - assuan_transact (ctx, cmd, NULL, NULL, - default_inq_cb, &dfltparm, - NULL, NULL); - xfree (cmd); - shown = 1; - } - } - } - xfree (string); -} - - - /* Print a warning if the server's version number is less than our version number. Returns an error code on a connection problem. */ static gpg_error_t @@ -346,8 +283,6 @@ start_agent (ctrl_t ctrl, int for_card) write_status_error ("set_pinentry_mode", rc); } } - - check_hijacking (agent_ctx); } } ----------------------------------------------------------------------- Summary of changes: g10/call-agent.c | 65 -------------------------------------------------------- 1 file changed, 65 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org