From juergen at hoetzel.info Sun May 3 16:34:00 2020 From: juergen at hoetzel.info (Juergen Hoetzel) Date: Sun, 3 May 2020 16:34:00 +0200 Subject: [PATCH] tty: Improve error handling and reporting Message-ID: <20200503143400.52833-1-juergen@hoetzel.info> From: Juergen Hoetzel * tty/pinentry-tty.c (tty_cmd_handler): Set specific_err, specific_err_loc and return early if opening the ttyname fails. Signed-off-by: Juergen Hoetzel --- tty/pinentry-tty.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 403dd60..fdffa0d 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -545,16 +545,20 @@ tty_cmd_handler (pinentry_t pinentry) { ttyfi = fopen (pinentry->ttyname, "r"); if (!ttyfi) - rc = -1; + { + pinentry->specific_err = gpg_error_from_syserror (); + pinentry->specific_err_loc = "open_tty_for_read"; + return -1; + } else { ttyfo = fopen (pinentry->ttyname, "w"); if (!ttyfo) { - int err = errno; + pinentry->specific_err = gpg_error_from_syserror (); + pinentry->specific_err_loc = "open_tty_for_write"; fclose (ttyfi); - errno = err; - rc = -1; + return -1; } } } -- 2.26.2 From reijer at startmail.com Tue May 5 15:08:10 2020 From: reijer at startmail.com (Reijer Idema) Date: Tue, 5 May 2020 15:08:10 +0200 Subject: DCO for Reijer Idema Message-ID: GPGME Developer's Certificate of Origin. Version 1.0 ===================================================== By making a contribution to the GPGME project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the free software license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate free software license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same free software license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the free software license(s) involved. Signed-off-by: Reijer Idema -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: OpenPGP digital signature URL: From reijer at startmail.com Tue May 5 15:15:46 2020 From: reijer at startmail.com (Reijer Idema) Date: Tue, 5 May 2020 15:15:46 +0200 Subject: [PATCH] gpgme: Add passphrase callback support to key export Message-ID: <94ecbe67-c0fd-af19-d1b1-923aa69eb679@startmail.com> Hi, Please find attached a patch to add support for a custom passphrase callback function to the key export functionality in GPGME. Kind regards, Reijer Idema -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-core-Add-passphrase-callback-support-to-key-export.patch Type: text/x-patch Size: 965 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: OpenPGP digital signature URL: From list at eworm.de Thu May 7 14:37:18 2020 From: list at eworm.de (Christian Hesse) Date: Thu, 7 May 2020 14:37:18 +0200 Subject: gpgme: make check fails with gnupg 2.2.20 Message-ID: <20200507143718.3caa9536@leda> Hello everybody, building gpgme 1.13.1 (or current master) succeeds, but `make check` fails in t-json: Running t-keylist-secret... failed FAIL: t-json This happens with gnupg 2.2.20, everything is fine with gnupg 2.2.19. -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];) putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);} -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From juergen at hoetzel.info Sat May 9 10:28:43 2020 From: juergen at hoetzel.info (=?ISO-8859-1?Q?J=FCrgen_H=F6tzel?=) Date: Sat, 09 May 2020 10:28:43 +0200 Subject: [PATCH] tty: Improve error handling and reporting In-Reply-To: <87pnbem9pl.fsf@fifthhorseman.net> References: <20200503143400.52833-1-juergen@hoetzel.info> <87pnbem9pl.fsf@fifthhorseman.net> Message-ID: <9d79125edf073ea74758e54497edc1eb95bfd218.camel@hoetzel.info> Hi Daniel, Am Freitag, den 08.05.2020, 16:51 -0400 schrieb Daniel Kahn Gillmor: > Hi Juergen-- > > Thanks for the proposed patch. Can you give an example where this > change in failure behavior is concretely useful? > I confused TTYNAME and TTYTYPE: GPG_TTY=xterm and tried to decrypt a file. The error message i got was also confusing (end of file): juergen at lemmy:~ ? gpg -d ~/.password-store/Backup/test.gpg ... gpg: public key decryption failed: End of file gpg: decryption failed: No secret key using this patch: juergen at lemmy:~ ? gpg -d ~/.password-store/Backup/test.gpg ... gpg: public key decryption failed: No such file or directory gpg: decryption failed: No secret key Regards, J?rgen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: This is a digitally signed message part URL: From wk at gnupg.org Tue May 19 16:45:21 2020 From: wk at gnupg.org (Werner Koch) Date: Tue, 19 May 2020 16:45:21 +0200 Subject: Libksba 1.4 released Message-ID: <87blmk56gu.fsf@wheatstone.g10code.de> Hi! this is a quick note that I just released Libksba 1.4.0. If you have any questions about the changes, this is the right place. The major change is support for ECC. GnuPG master supports some of this. Salam-Shalom, Werner Noteworthy changes in version 1.4.0 (2020-05-19) [C20/A12/R0] ------------------------------------------------ * Supports ECDSA and EdDSA certificate creation and parsing. [#4896] * Supports ECDH enveloped data. [#4920] * Supports ECDSA and EdDSA signed data. [#4920] * Supports rsaPSS signature verification. [#4538] * Supports standard file descriptors in ksba_reader_read. [#3072] * New configure flag --disable-doc. * Improves supports for reproducible builds. [#4801] * Allows for optional elements in keyinfo objects. [#4892] * Updates the config and M4 scripts to the latest version. * Fixes error detection in the CMS parser. [#4207] * Fixes memory leak in ksba_cms_identify. * Fixes build warnings on macOS. [#2910] * Uses --disable-new-dtags if LD_LIBRARY_PATH is defined. [#4298] * New constants KSBA_VERSION and KSBA_VERSION_NUMBER. * New API to make creation of DER objects easy. * Interface changes relative to the 1.3.5 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ KSBA_VERSION NEW. KSBA_VERSION_NUMBER NEW. KSBA_CT_SPC_IND_DATA_CTX NEW. KSBA_CLASS_* NEW. KSBA_TYPE_* NEW. ksba_der_t NEW. ksba_der_release NEW. ksba_der_builder_new NEW. ksba_der_builder_reset NEW. ksba_der_add_ptr NEW. ksba_der_add_val NEW. ksba_der_add_int NEW. ksba_der_add_oid NEW. ksba_der_add_bts NEW. ksba_der_add_der NEW. ksba_der_add_tag NEW. ksba_der_add_end NEW. ksba_der_builder_get NEW. Release-info: https://dev.gnupg.org/T4943 -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From dkg at fifthhorseman.net Wed May 20 00:49:39 2020 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 19 May 2020 18:49:39 -0400 Subject: [PATCH] tty: Improve error handling and reporting In-Reply-To: <9d79125edf073ea74758e54497edc1eb95bfd218.camel@hoetzel.info> References: <20200503143400.52833-1-juergen@hoetzel.info> <87pnbem9pl.fsf@fifthhorseman.net> <9d79125edf073ea74758e54497edc1eb95bfd218.camel@hoetzel.info> Message-ID: <875zcrlev0.fsf@fifthhorseman.net> Hi J?rgen-- sorry for the delay in responding! On Sat 2020-05-09 10:28:43 +0200, J?rgen H?tzel wrote: > Am Freitag, den 08.05.2020, 16:51 -0400 schrieb Daniel Kahn Gillmor: >> Hi Juergen-- >> >> Thanks for the proposed patch. Can you give an example where this >> change in failure behavior is concretely useful? >> > > I confused TTYNAME and TTYTYPE: > > GPG_TTY=xterm > > and tried to decrypt a file. The error message i got was also confusing > (end of file): > > juergen at lemmy:~ ? gpg -d ~/.password-store/Backup/test.gpg > ... > gpg: public key decryption failed: End of file > gpg: decryption failed: No secret key > > > using this patch: > > juergen at lemmy:~ ? gpg -d ~/.password-store/Backup/test.gpg > ... > gpg: public key decryption failed: No such file or directory > gpg: decryption failed: No secret key I'm not sure i understand the advantage here -- both of these error messages seem pretty opaque to me. How would the user know that it was the identification of the tty that is the problem? I'm also a bit concerned about this patch's subtle changes to the control flow: why "return 1" instead of falling through to the end of the tty_cmd_handler() function? Seems like just adjusting the error reporting without changing the control flow would be a more narrowly-targeted change (though i haven't tried to do it, or to work out the behavior of such a patch). GnuPG devs: any thoughts about whether the advantages this proposes are worth the control flow risks? Or are there better ways than this patch to provide clearer error reporting so that the user can fix problems more easily? Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From robbat2 at gentoo.org Wed May 20 07:26:43 2020 From: robbat2 at gentoo.org (Robin H. Johnson) Date: Tue, 19 May 2020 22:26:43 -0700 Subject: [PATCH] g10: --quiet should suppress notice about rejected third-party key signatures Message-ID: <20200520052643.23627-1-robbat2@gentoo.org> Let --quiet hide the output about third-party key signatures: ``` gpg: Note: third-party key signatures using the SHA1 algorithm are rejected ``` This does not change actual behavior, it just omits that note instead. Signed-off-by: Robin H. Johnson --- g10/misc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git g10/misc.c g10/misc.c index 22ed47e7c..d46fa90b2 100644 --- g10/misc.c +++ g10/misc.c @@ -366,6 +366,8 @@ print_sha1_keysig_rejected_note (void) { static int shown; + if (opt.quiet) + return; if (shown) return; -- 2.26.2 From ilf at zeromail.org Wed May 20 09:44:13 2020 From: ilf at zeromail.org (ilf) Date: Wed, 20 May 2020 09:44:13 +0200 Subject: [PATCH] g10: --quiet should suppress notice about rejected third-party key signatures In-Reply-To: <20200520052643.23627-1-robbat2@gentoo.org> References: <20200520052643.23627-1-robbat2@gentoo.org> Message-ID: <20200520074413.GI150619@zeromail.org> Thank you! There is an issue for this, but it's closed as "wontfix": https://dev.gnupg.org/T4893 Robin H. Johnson via Gnupg-devel: > Let --quiet hide the output about third-party key signatures: > gpg: Note: third-party key signatures using the SHA1 algorithm are rejected > This does not change actual behavior, it just omits that note instead. -- ilf If you upload your address book to "the cloud", I don't want to be in it. From robbat2 at gentoo.org Wed May 20 20:12:14 2020 From: robbat2 at gentoo.org (Robin H. Johnson) Date: Wed, 20 May 2020 11:12:14 -0700 Subject: [PATCH v2] g10: be --quiet about weak digests & rejected third-party key signatures In-Reply-To: <20200520052643.23627-1-robbat2@gentoo.org> References: <20200520052643.23627-1-robbat2@gentoo.org> Message-ID: <20200520181214.4192-1-robbat2@gentoo.org> Let --quiet hide the output about weak digests and rejected third-party key signatures. ``` gpg: Note: third-party key signatures using the %s algorithm are rejected Note: signatures using the %s algorithm are rejected ``` This does not change actual behavior, it just omits the notes instead. This is primarily intended to be used in automation. Signed-off-by: Robin H. Johnson --- g10/misc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git g10/misc.c g10/misc.c index 22ed47e7c..d46fa90b2 100644 --- g10/misc.c +++ g10/misc.c @@ -366,6 +366,8 @@ print_sha1_keysig_rejected_note (void) { static int shown; + if (opt.quiet) + return; if (shown) return; -- 2.26.2 From robbat2 at gentoo.org Wed May 20 20:13:31 2020 From: robbat2 at gentoo.org (Robin H. Johnson) Date: Wed, 20 May 2020 11:13:31 -0700 Subject: [PATCH v3] g10: be --quiet about weak digests & rejected third-party key signatures In-Reply-To: <20200520052643.23627-1-robbat2@gentoo.org> References: <20200520052643.23627-1-robbat2@gentoo.org> Message-ID: <20200520181331.4672-1-robbat2@gentoo.org> Let --quiet hide the output about weak digests and rejected third-party key signatures. ``` gpg: Note: third-party key signatures using the %s algorithm are rejected Note: signatures using the %s algorithm are rejected ``` This does not change actual behavior, it just omits the notes instead. This is primarily intended to be used in automation. Signed-off-by: Robin H. Johnson --- g10/misc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git g10/misc.c g10/misc.c index 22ed47e7c..ddf39d723 100644 --- g10/misc.c +++ g10/misc.c @@ -341,6 +341,10 @@ print_digest_rejected_note (enum gcry_md_algos algo) { struct weakhash* weak; int show = 1; + + if (opt.quiet) + return; + for (weak = opt.weak_digests; weak; weak = weak->next) if (weak->algo == algo) { @@ -366,6 +370,8 @@ print_sha1_keysig_rejected_note (void) { static int shown; + if (opt.quiet) + return; if (shown) return; -- 2.26.2 From jscott at posteo.net Wed May 27 03:49:54 2020 From: jscott at posteo.net (John Scott) Date: Tue, 26 May 2020 21:49:54 -0400 Subject: Build with --disable-gpg fails Message-ID: <2243803.Oi6uLjKGQ7@t450> Hi, I've been trying to build GnuPG 2.2.19 and 2.2.20 today and found that, with ./configure --disable-gpg, and with --disable-all-tests in addition too, I got the error make[4]: *** No rule to make target '../../g10/gpg.exe', needed by 'all- local'. Stop. make[4]: Leaving directory '/home/john/foo/gnupg-2.2.20/tests/openpgp' This isn't specific to Windows cross-building. Doing it natively got the similar but different error gcc -Wall -Wno-pointer-sign -Wpointer-arith -g -O2 ../../g10/gpg.c -o ../../g10/gpg ../../g10/gpg.c:22:10: fatal error: config.h: No such file or directory 22 | #include | ^~~~~~~~~~ compilation terminated. make[3]: *** [: ../../g10/gpg] Error 1 make[3]: *** Waiting for unfinished jobs.... mv -f .deps/fake-pinentry.Tpo .deps/fake-pinentry.Po make[3]: Leaving directory '/home/john/bar/gnupg-2.2.20/tests/openpgp' I'd also like to inform you that [1] says bug reports should be sent to this mailing list, in case that's outdated in light of dev.gnupg.org [1] https://www.gnupg.org/download/git.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part. URL: From gnupg-devel at spodhuis.org Thu May 28 20:53:20 2020 From: gnupg-devel at spodhuis.org (Phil Pennock) Date: Thu, 28 May 2020 14:53:20 -0400 Subject: versions.gnupg.org down? Message-ID: <20200528185320.GA11533@fullerene> Hey, is it known/expected that versions.gnupg.org is down? Has the service moved/retired, or is it just an operational oversight? Thanks, -Phil From wk at gnupg.org Fri May 29 13:26:57 2020 From: wk at gnupg.org (Werner Koch) Date: Fri, 29 May 2020 13:26:57 +0200 Subject: versions.gnupg.org down? In-Reply-To: <20200528185320.GA11533@fullerene> (Phil Pennock via Gnupg-devel's message of "Thu, 28 May 2020 14:53:20 -0400") References: <20200528185320.GA11533@fullerene> Message-ID: <87eer3rnge.fsf@wheatstone.g10code.de> On Thu, 28 May 2020 14:53, Phil Pennock said: > Hey, is it known/expected that versions.gnupg.org is down? Has the > service moved/retired, or is it just an operational oversight? We had some problems with crawlers on that box recently and the OOM killer might have hit the versions.gnupg.org. I'll fix it now and will make sure that it is included in our monitoring. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From wk at gnupg.org Fri May 29 14:08:11 2020 From: wk at gnupg.org (Werner Koch) Date: Fri, 29 May 2020 14:08:11 +0200 Subject: Build with --disable-gpg fails In-Reply-To: <2243803.Oi6uLjKGQ7@t450> (John Scott via Gnupg-devel's message of "Tue, 26 May 2020 21:49:54 -0400") References: <2243803.Oi6uLjKGQ7@t450> Message-ID: <874krzrljo.fsf@wheatstone.g10code.de> On Tue, 26 May 2020 21:49, John Scott said: > I've been trying to build GnuPG 2.2.19 and 2.2.20 today and found that, with > ./configure --disable-gpg, and with --disable-all-tests in addition Oh well, I forgot about that option. I doubt that it makes any sense to build without gpg becuase gpg is also used by other components indirectly. I better remove the --disable-gpg feature. Is there a special reason why you do this? > make[4]: *** No rule to make target '../../g10/gpg.exe', needed by 'all- > local'. Stop. Obvious. The tests require that all programs have been built. --disable-all-tests is not what one would expect - it is actually the default. While preparing a distribution we use --enable-all-tests to run a bunch or extra tests which don't make much sense for non-maintainers. But, right: The --disable-COMPONENT options and the test suite don't work well together. We should do something about it; see https://dev.gnupg.org/T4960 > gcc -Wall -Wno-pointer-sign -Wpointer-arith -g -O2 ../../g10/gpg.c -o > ../../g10/gpg > ../../g10/gpg.c:22:10: fatal error: config.h: No such file or directory config.h is a built file; you forgot to run configure. > I'd also like to inform you that [1] says bug reports should be sent to this > mailing list, in case that's outdated in light of dev.gnupg.org That's okay; only a few eyes will see bug reports at dev.gnupg.org; on the ML you have a good chance that others already know a solution or are interested in the same problem. For the development branch it is quite normal that certain bugs show up and are fixed some time later. Shalom-Salam, Werner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From jscott at posteo.net Fri May 29 18:52:12 2020 From: jscott at posteo.net (John Scott) Date: Fri, 29 May 2020 12:52:12 -0400 Subject: Build with --disable-gpg fails In-Reply-To: <874krzrljo.fsf@wheatstone.g10code.de> References: <2243803.Oi6uLjKGQ7@t450> <874krzrljo.fsf@wheatstone.g10code.de> Message-ID: <20141556.BrL3akMPVv@t450> On Friday, May 29, 2020 8:08:11 AM EDT Werner Koch wrote: > Is there a special reason why you do this? I didn't need the gpg binary, for my purpose I just needed a very minimal gpgsm, Dirmngr and gpg-agent build that need not have OpenPGP support. --disable-gpg shows both config.status: creating tests/openpgp/Makefile ... GnuPG v2.2.20 has been configured as follows: Revision: 5094bb08e (20628) Platform: GNU/Linux (x86_64-pc-linux-gnu) OpenPGP: no > > gcc -Wall -Wno-pointer-sign -Wpointer-arith -g -O2 ../../g10/gpg.c -o > > ../../g10/gpg > > ../../g10/gpg.c:22:10: fatal error: config.h: No such file or directory > > config.h is a built file; you forgot to run configure. I did not, I ran configure to do --disable-gpg. Doing ./configure --disable-gpg and running make in a fresh tree gets me the error again. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Fri May 29 15:22:26 2020 From: wk at gnupg.org (Werner Koch) Date: Fri, 29 May 2020 15:22:26 +0200 Subject: Libgpg-error 1.38 released Message-ID: <87pnamri3x.fsf@wheatstone.g10code.de> Hi! I just release libgpg-error 1.38: Noteworthy changes in version 1.38 (2020-05-29) [C29/A29/R0] ----------------------------------------------- * New option parser features to implement system wide configuration files. * New functions to build file names. * New function to help reallocating arrays. * Protect gpgrt_inc_errorcount against counter overflow. * Improve cross-building for new platforms. [#4774] * Support 64-bit big-endian MIPS architecture. [#4952] * Support static link for Windows with -lws2_32. [#4623] * Interface changes relative to the 1.37 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgrt_fnameconcat NEW. gpgrt_absfnameconcat NEW. gpgrt_reallocarray NEW. gpgrt_set_confdir NEW. gpgrt_argparser NEW. ARGPARSE_FLAG_SYS NEW. ARGPARSE_FLAG_USER NEW. ARGPARSE_FLAG_VERBOSE NEW. ARGPARSE_FLAG_USERVERS NEW. ARGPARSE_FLAG_WITHATTR NEW. ARGPARSE_NO_CONFFILE NEW. ARGPARSE_CONFFILE NEW. ARGPARSE_OPT_CONFFILE NEW. ARGPARSE_ATTR_FORCE NEW. ARGPARSE_ATTR_IGNORE NEW. ARGPARSE_TYPE_MASK NEW. ARGPARSE_PERMISSION_ERROR NEW. ARGPARSE_INVALID_META NEW. ARGPARSE_UNKNOWN_META NEW. ARGPARSE_UNEXPECTED_META NEW. ARGPARSE_conffile NEW. ARGPARSE_noconffile NEW. ARGPARSE_verbatim NEW. ARGPARSE_header NEW. GPGRT_CONFDIR_USER NEW. GPGRT_CONFDIR_SYS NEW. Release-info: https://dev.gnupg.org/T4859 There is not much documentation for the new option parser. However, it is used in GnuPG master (2.3) and I plan to write a howto for it. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: