[git] GnuPG - branch, master, updated. gnupg-2.1.15-183-ge11686f

by Justus Winter cvs at cvs.gnupg.org
Fri Sep 30 15:05:29 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e11686f973b35869d7b299ce4726003ac22e2e3a (commit)
      from  8d37018050373a47566bf8ea0d894da20ed292c7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e11686f973b35869d7b299ce4726003ac22e2e3a
Author: Justus Winter <justus at g10code.com>
Date:   Thu Sep 15 14:47:00 2016 +0200

    agent: Enable restricted, browser, and ssh socket by default.
    
    * agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
    'browser-socket', enable ssh socket by default, but do not emit the
    'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
    * configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
    * doc/gpg-agent.texi: Update documentation.
    --
    
    This change enables the restricted, browser, and ssh socket by
    default.  Note that in all cases, the user has to do some additional
    configuration to her setup to make use of these features.  Therefore,
    this should not break any existing setups, but makes it simpler to
    discover and use these features.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index d3c3891..4dda44c 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1045,6 +1045,18 @@ main (int argc, char **argv )
       agent_exit (0);
     }
 
+  if (! opt.extra_socket)
+    {
+      opt.extra_socket = 1;  /* (1 = points into r/o section)  */
+      socket_name_extra = GPG_AGENT_EXTRA_SOCK_NAME;
+    }
+
+  if (! opt.browser_socket)
+    {
+      opt.browser_socket = 1;  /* (1 = points into r/o section)  */
+      socket_name_browser = GPG_AGENT_BROWSER_SOCK_NAME;
+    }
+
   set_debug ();
 
   if (atexit (cleanup))
@@ -1241,13 +1253,10 @@ main (int argc, char **argv )
                                              &socket_nonce_browser);
         }
 
-      if (ssh_support)
-        {
-          socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
-          fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
-                                         &redir_socket_name_ssh,
-                                         &socket_nonce_ssh);
-        }
+      socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
+      fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
+                                     &redir_socket_name_ssh,
+                                     &socket_nonce_ssh);
 
       /* If we are going to exec a program in the parent, we record
          the PID, so that the child may check whether the program is
@@ -1313,8 +1322,7 @@ main (int argc, char **argv )
 	    *socket_name_extra = 0;
 	  if (opt.browser_socket)
 	    *socket_name_browser = 0;
-	  if (ssh_support)
-	    *socket_name_ssh = 0;
+          *socket_name_ssh = 0;
 
           if (argc)
             { /* Run the program given on the commandline.  */
diff --git a/configure.ac b/configure.ac
index fe432e8..85cd69a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1753,6 +1753,10 @@ AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
 
 AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
                    [The name of the agent socket])
+AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.rstrd",
+                   [The name of the agent socket for remote access])
+AC_DEFINE_UNQUOTED(GPG_AGENT_BROWSER_SOCK_NAME, "S.gpg-agent.brwsr",
+                   [The name of the agent socket for browsers])
 AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh",
                    [The name of the agent socket for ssh])
 AC_DEFINE_UNQUOTED(DIRMNGR_INFO_NAME, "DIRMNGR_INFO",
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 53a6f78..8d86add 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -537,6 +537,9 @@ pinentry to pop up at the @code{tty} or display you started the agent.
 @anchor{option --extra-socket}
 @item --extra-socket @var{name}
 @opindex extra-socket
+The extra socket is always created, you may use this option to change
+the name of the socket.
+
 Also listen on native gpg-agent connections on the given socket.  The
 intended use for this extra socket is to setup a Unix domain socket
 forwarding from a remote machine to this socket on the local machine.
@@ -552,7 +555,8 @@ remote machine.
 @opindex enable-ssh-support
 @opindex enable-putty-support
 
-Enable the OpenSSH Agent protocol.
+The OpenSSH Agent protocol is always enabled, but @command{gpg-agent}
+will only set the @code{SSH_AUTH_SOCK} variable if this flag is given.
 
 In this mode of operation, the agent does not only implement the
 gpg-agent protocol, but also the agent protocol used by OpenSSH

-----------------------------------------------------------------------

Summary of changes:
 agent/gpg-agent.c  | 26 +++++++++++++++++---------
 configure.ac       |  4 ++++
 doc/gpg-agent.texi |  6 +++++-
 3 files changed, 26 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list