[PATCH gnupg] wks-client: Allow use with the keybox daemon.

Damien Goutte-Gattat dgouttegattat at incenp.org
Sun Apr 11 14:06:40 CEST 2021 

* tools/gpg-wks.h (struct opt): New member use_keyboxd.
* tools/gpg-wks-client.c (opts): New option --use-keyboxd.
(add_user_id): Call gpg with --use-keyboxd if needed.
(decrypt_stream): Likewise.
(encrypt_response): Likewise.
* tools/wks-util.c (wks_get_key): Likewise.
(wks_list_key): Likewise.
(wks_filter_uid): Likewise.
--

The gpg-wks-client always calls gpg with --no-options to ignore
whatever options are in the user's gpg.conf. This makes the client
unusable if gpg is normally configured to use the keybox daemon,
as the 'use-keyboxd' directive in gpg.conf will be ignored as well
and the gpg process called from gpg-wks-client will then attempt
to find the public keys in pubring.kbx.

The quick workaround here is to add a --use-keyboxd option to
gpg-wks-client as well. Maybe a better long-term fix would be to
enquire the status of gpg's --use-keyboxd option from gpgconf.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
 doc/wks.texi           |  6 ++++++
 tools/gpg-wks-client.c | 11 +++++++++++
 tools/gpg-wks.h        |  1 +
 tools/wks-util.c       |  6 ++++++
 4 files changed, 24 insertions(+)

diff --git a/doc/wks.texi b/doc/wks.texi
index ad239f132..68492ef63 100644
--- a/doc/wks.texi
+++ b/doc/wks.texi
@@ -178,6 +178,12 @@ Use @var{dir} as top level directory for the commands
 @option{--install-key} and @option{--remove-key}.  The default is
 @file{openpgpkey}.
 
+ at item --use-keyboxd
+ at opindex use-keyboxd
+Get the public keys from the keybox daemon. This is necessary if gpg
+is itself configured to use the daemon instead of the old pubring.kbx
+file.
+
 @item --verbose
 @opindex verbose
 Enable extra informational output.
diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index b56343232..8294047c3 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -72,6 +72,7 @@ enum cmd_and_opt_values
     oFakeSubmissionAddr,
     oStatusFD,
     oWithColons,
+    oUseKeyboxd,
 
     oDummy
   };
@@ -111,6 +112,7 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_i (oStatusFD, "status-fd", N_("|FD|write status info to this FD")),
   ARGPARSE_s_n (oWithColons, "with-colons", "@"),
   ARGPARSE_s_s (oDirectory, "directory", "@"),
+  ARGPARSE_s_n (oUseKeyboxd, "use-keyboxd", ("get the keys from keyboxd")),
 
   ARGPARSE_s_s (oFakeSubmissionAddr, "fake-submission-addr", "@"),
 
@@ -236,6 +238,9 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
         case oWithColons:
           opt.with_colons = 1;
           break;
+        case oUseKeyboxd:
+          opt.use_keyboxd = 1;
+          break;
 
 	case aSupported:
 	case aCreate:
@@ -509,6 +514,8 @@ add_user_id (const char *fingerprint, const char *uid)
   ccparray_init (&ccp, 0);
 
   ccparray_put (&ccp, "--no-options");
+  if (opt.use_keyboxd)
+    ccparray_put (&ccp, "--use-keyboxd");
   if (!opt.verbose)
     ccparray_put (&ccp, "--quiet");
   else if (opt.verbose > 1)
@@ -594,6 +601,8 @@ decrypt_stream (estream_t *r_output, struct decrypt_stream_parm_s *decinfo,
   ccparray_init (&ccp, 0);
 
   ccparray_put (&ccp, "--no-options");
+  if (opt.use_keyboxd)
+    ccparray_put (&ccp, "--use-keyboxd");
   /* We limit the output to 64 KiB to avoid DoS using compression
    * tricks.  A regular client will anyway only send a minimal key;
    * that is one w/o key signatures and attribute packets.  */
@@ -1245,6 +1254,8 @@ encrypt_response (estream_t *r_output, estream_t input, const char *addrspec,
   ccparray_init (&ccp, 0);
 
   ccparray_put (&ccp, "--no-options");
+  if (opt.use_keyboxd)
+    ccparray_put (&ccp, "--use-keyboxd");
   if (!opt.verbose)
     ccparray_put (&ccp, "--quiet");
   else if (opt.verbose > 1)
diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h
index 6c5dc8b17..941b54614 100644
--- a/tools/gpg-wks.h
+++ b/tools/gpg-wks.h
@@ -38,6 +38,7 @@ struct
   int quiet;
   int use_sendmail;
   int with_colons;
+  int use_keyboxd;
   const char *output;
   const char *gpg_program;
   const char *directory;
diff --git a/tools/wks-util.c b/tools/wks-util.c
index 516c7fe00..e1d5437b1 100644
--- a/tools/wks-util.c
+++ b/tools/wks-util.c
@@ -204,6 +204,8 @@ wks_get_key (estream_t *r_key, const char *fingerprint, const char *addrspec,
   ccparray_init (&ccp, 0);
 
   ccparray_put (&ccp, "--no-options");
+  if (opt.use_keyboxd)
+    ccparray_put (&ccp, "--use-keyboxd");
   if (!opt.verbose)
     ccparray_put (&ccp, "--quiet");
   else if (opt.verbose > 1)
@@ -301,6 +303,8 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
   ccparray_init (&ccp, 0);
 
   ccparray_put (&ccp, "--no-options");
+  if (opt.use_keyboxd)
+    ccparray_put (&ccp, "--use-keyboxd");
   if (!opt.verbose)
     ccparray_put (&ccp, "--quiet");
   else if (opt.verbose > 1)
@@ -478,6 +482,8 @@ wks_filter_uid (estream_t *r_newkey, estream_t key, const char *uid,
   ccparray_init (&ccp, 0);
 
   ccparray_put (&ccp, "--no-options");
+  if (opt.use_keyboxd)
+    ccparray_put (&ccp, "--use-keyboxd");
   if (!opt.verbose)
     ccparray_put (&ccp, "--quiet");
   else if (opt.verbose > 1)
-- 
2.27.0

More information about the Gnupg-devel mailing list