[git] GPGME - branch, master, updated. gpgme-1.10.0-193-gc143ab6

by Werner Koch cvs at cvs.gnupg.org
Tue Apr 17 11:13:32 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  c143ab692c7fc7cf2ec0aebe40b9479ee15eaba9 (commit)
      from  bbfa7c42337bb619e6af20bf051fe0755ed5a9fd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c143ab692c7fc7cf2ec0aebe40b9479ee15eaba9
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 17 11:06:27 2018 +0200

    core: For OpenPGP let offline mode disable dirmngr.
    
    * src/engine-gpg.c (struct engine_gpg): New flag.offline.
    (gpg_set_engine_flags): Set it.  Also fix setting of no_symkey_cache.
    (build_argv): Pass --disable-dirmngr in offline mode.
    --
    
    GnuPG-bug-id: 3831
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 3975a97..c14780a 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -2606,22 +2606,26 @@ valid pointer.
 @deftypefun void gpgme_set_offline (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{yes}})
 @since{1.6.0}
 
-The function @code{gpgme_set_offline} specifies if offline mode
-should be used.  By default, offline mode is not used.
+The function @code{gpgme_set_offline} specifies if offline mode should
+be used.  Offline mode is disabled if @var{yes} is zero, and enabled
+otherwise.  By default, offline mode is disabled.
 
-The offline mode specifies if dirmngr should be used to do additional
-validation that might require connections to external services.
-(e.g. CRL / OCSP checks).
+The details of the offline mode depend on the used protocol and its
+backend engine.  It may eventually be extended to be more stricter and
+for example completely disable the use of Dirmngr for any engine.
 
-Offline mode only affects the keylist mode @code{GPGME_KEYLIST_MODE_VALIDATE}
-and is only relevant to the CMS crypto engine. Offline mode
-is ignored otherwise.
+For the CMS protocol the offline mode specifies whether Dirmngr shall
+be used to do additional validation that might require connecting
+external services (e.g. CRL / OCSP checks).  Here the offline mode
+only affects the keylist mode @code{GPGME_KEYLIST_MODE_VALIDATE}.
 
-This option may be extended in the future to completely disable
-the use of dirmngr for any engine.
+For the OpenPGP protocol offline mode entirely disables the use of the
+Dirmngr and will thus guarantee that no network connections are done
+as part of an operation on this context.  It has only an effect with
+GnuPG versions 2.1.23 or later.
+
+For all other protocols the offline mode is currently ignored.
 
-Offline mode is disabled if @var{yes} is zero, and enabled
-otherwise.
 @end deftypefun
 
 @deftypefun int gpgme_get_offline (@w{gpgme_ctx_t @var{ctx}})
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 49a1c75..fdb786a 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -148,6 +148,7 @@ struct engine_gpg
 
   struct {
     unsigned int no_symkey_cache : 1;
+    unsigned int offline : 1;
   } flags;
 
   /* NULL or the data object fed to --override_session_key-fd.  */
@@ -647,12 +648,14 @@ gpg_set_engine_flags (void *engine, const gpgme_ctx_t ctx)
       else
         strcpy (gpg->request_origin, ctx->request_origin);
     }
-  else if (ctx->no_symkey_cache && have_gpg_version (gpg, "2.2.7"))
-    {
-      gpg->flags.no_symkey_cache = 1;
-    }
   else
     *gpg->request_origin = 0;
+
+  gpg->flags.no_symkey_cache = (ctx->no_symkey_cache
+                                && have_gpg_version (gpg, "2.2.7"));
+
+  gpg->flags.offline = (ctx->offline && have_gpg_version (gpg, "2.1.23"));
+
 }
 
 
@@ -884,7 +887,8 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
     argc++;
   if (!gpg->cmd.used)
     argc++;	/* --batch */
-  argc += 3;	/* --no-sk-comments, --request-origin, --no-symkey-cache */
+  argc += 4;	/* --no-sk-comments, --request-origin, --no-symkey-cache */
+                /* --disable-dirmngr  */
 
   argv = calloc (argc + 1, sizeof *argv);
   if (!argv)
@@ -959,6 +963,19 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
       argc++;
     }
 
+  if (gpg->flags.offline)
+    {
+      argv[argc] = strdup ("--disable-dirmngr");
+      if (!argv[argc])
+	{
+          int saved_err = gpg_error_from_syserror ();
+	  free (fd_data_map);
+	  free_argv (argv);
+	  return saved_err;
+        }
+      argc++;
+    }
+
   if (gpg->pinentry_mode && have_gpg_version (gpg, "2.1.0"))
     {
       const char *s = NULL;

-----------------------------------------------------------------------

Summary of changes:
 doc/gpgme.texi   | 28 ++++++++++++++++------------
 src/engine-gpg.c | 27 ++++++++++++++++++++++-----
 2 files changed, 38 insertions(+), 17 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org

More information about the Gnupg-commits mailing list