GnuPG 2.1.0 "modern" released

Michael Felt aixtools at gmail.com
Wed Dec 3 14:45:49 CET 2014


To debug the test I modified the function in ./common/exechelp-posix.c to
fprintf to stderr the value of
max_fds as it moves through the code.

On AIX the code:
  if (!getrlimit (RLIMIT_NOFILE, &rl))
    max_fds = rl.rlim_max;

sets max_fds to INT32_MAX - so the tests for -1 fail.

With only the printed debug - the logic runs:
start: max_fds(hex):ffffffff lim_max:  -1
RLIMIT_NOFILE: getrlimit():0 max_fds(hex):7fffffff lim_max:2147483647
_POSIX_OPEN_MAX: max_fds(hex):7fffffff lim_max:  20
OPEN_MAX: max_fds(hex):7fffffff lim_max:65534
return: max_fds(hex):7fffffff lim_max: 256
max. file descriptors: 2147483647

So, I guess we could take the smallest value we see...

PASS: t-mapstrings
PASS: t-zb32
start:          max_fds:2147483647
RLIMIT_NOFILE:  max_fds:2147483647
_SC_OPEN_MAX:   max_fds:     65534
_POSIX_OPEN_MAX:max_fds:        20
OPEN_MAX:       max_fds:        20
return:         max_fds:        20
max. file descriptors: 20
start:          max_fds:2147483647
RLIMIT_NOFILE:  max_fds:2147483647
_SC_OPEN_MAX:   max_fds:     65534
_POSIX_OPEN_MAX:max_fds:        20
OPEN_MAX:       max_fds:        20
return:         max_fds:        20
open file descriptors: 3
start:          max_fds:2147483647
RLIMIT_NOFILE:  max_fds:2147483647
_SC_OPEN_MAX:   max_fds:     65534
_POSIX_OPEN_MAX:max_fds:        20
OPEN_MAX:       max_fds:        20
return:         max_fds:        20
start:          max_fds:2147483647
RLIMIT_NOFILE:  max_fds:2147483647
_SC_OPEN_MAX:   max_fds:     65534
_POSIX_OPEN_MAX:max_fds:        20
OPEN_MAX:       max_fds:        20
return:         max_fds:        20
start:          max_fds:2147483647
RLIMIT_NOFILE:  max_fds:2147483647
_SC_OPEN_MAX:   max_fds:     65534
_POSIX_OPEN_MAX:max_fds:        20
OPEN_MAX:       max_fds:        20
return:         max_fds:        20
start:          max_fds:2147483647
RLIMIT_NOFILE:  max_fds:2147483647
_SC_OPEN_MAX:   max_fds:     65534
_POSIX_OPEN_MAX:max_fds:        20
OPEN_MAX:       max_fds:        20
return:         max_fds:        20
PASS: t-exechelp
===================
All 14 tests passed
===================

Patch (with debug disabled) - I expect you may want to think about the
order of the comparisons in the t-exechelp logic.

root at x065:[/data/prj/gnu/gcrypt/gnupg/gnupg-2.1.0]diff -u
common/exechelp-posix.c /tmp/exechelp-posix.c
--- common/exechelp-posix.c     2014-10-11 17:45:14 +0000
+++ /tmp/exechelp-posix.c       2014-12-03 13:41:43 +0000
@@ -76,44 +76,62 @@
 int
 get_max_fds (void)
 {
-  int max_fds = -1;
+  int max_fds = INT32_MAX;
+
+#if 0
+fprintf(stderr,"start:\t\tmax_fds:%10d\n", max_fds);
+#endif
 #ifdef HAVE_GETRLIMIT
   struct rlimit rl;

 # ifdef RLIMIT_NOFILE
   if (!getrlimit (RLIMIT_NOFILE, &rl))
     max_fds = rl.rlim_max;
+#if 0
+fprintf(stderr,"RLIMIT_NOFILE:\tmax_fds:%10d\n", max_fds);
+#endif
 # endif

 # ifdef RLIMIT_OFILE
-  if (max_fds == -1 && !getrlimit (RLIMIT_OFILE, &rl))
-    max_fds = rl.rlim_max;
+  if (!getrlimit (RLIMIT_OFILE, &rl))
+    max_fds = (rl.rlim_max < max_fds) ? rl.rlim_max : max_fds;
+#if 0
+fprintf(stderr,"RLIMIT_OFILE:\tmax_fds:%10d\n", max_fds);
+#endif

 # endif
 #endif /*HAVE_GETRLIMIT*/

 #ifdef _SC_OPEN_MAX
-  if (max_fds == -1)
     {
       long int scres = sysconf (_SC_OPEN_MAX);
       if (scres >= 0)
-        max_fds = scres;
+           max_fds = (scres < max_fds) ? scres : max_fds;
+#if 0
+fprintf(stderr,"_SC_OPEN_MAX:\tmax_fds:%10d\n", max_fds);
+#endif
     }
 #endif

 #ifdef _POSIX_OPEN_MAX
-  if (max_fds == -1)
-    max_fds = _POSIX_OPEN_MAX;
+    max_fds = (_POSIX_OPEN_MAX < max_fds) ? _POSIX_OPEN_MAX : max_fds;
+#if 0
+fprintf(stderr,"_POSIX_OPEN_MAX:max_fds:%10d\n", max_fds);
+#endif
 #endif

 #ifdef OPEN_MAX
-  if (max_fds == -1)
-    max_fds = OPEN_MAX;
+    max_fds = (OPEN_MAX < max_fds) ? OPEN_MAX : max_fds;
+#if 0
+fprintf(stderr,"OPEN_MAX:\tmax_fds:%10d\n", max_fds);
+#endif
 #endif

-  if (max_fds == -1)
-    max_fds = 256;  /* Arbitrary limit.  */
+    max_fds = (max_fds > 256) ? 256 : max_fds;

+#if 0
+fprintf(stderr,"return:\t\tmax_fds:%10d\n", max_fds);
+#endif
   return max_fds;
 }


On Wed, Dec 3, 2014 at 11:40 AM, Michael Felt <aixtools at gmail.com> wrote:

> Hello,
>
> I am running "make check" and the process seems to stop after this line to
> stdout
> ...
> CERT lookup on 'simon.josefsson.org'
> Key found (33162 bytes)
> PASS: t-dns-cert
> PASS: t-mapstrings
> PASS: t-zb32
> max. file descriptors: 2147483647
>
> Is this perhaps a bug - at least for the test logic - because this is an
> unusual number. And, is the test goinf to try an open that many file
> descriptors? I ulimit will stop much earlier - also because it says the max
> is 2000 not INT32_MAX!
>
> e.g.
> stdint.h:#define INT32_MAX      (2147483647)
>
> root at x065:[/]ulimit -a
> time(seconds)        unlimited
> file(blocks)         unlimited
> data(kbytes)         unlimited
> stack(kbytes)        4194304
> memory(kbytes)       unlimited
> coredump(blocks)     unlimited
> nofiles(descriptors) 2000
>
>
> On Thu, Nov 6, 2014 at 10:01 AM, Werner Koch <wk at gnupg.org> wrote:
>
>> Hello!
>>
>> The GnuPG Project is pleased to announce the availability of a
>> new release: Version 2.1.0.
>>
>> The GNU Privacy Guard (GnuPG) is a complete and free implementation of
>> the OpenPGP standard as defined by RFC-4880 and better known as PGP.
>>
>> GnuPG, also known as GPG, allows to encrypt and sign data and
>> communication, features a versatile key management system as well as
>> access modules for public key directories.  GnuPG itself is a command
>> line tool with features for easy integration with other applications.
>> A wealth of frontend applications and libraries making use of GnuPG
>> are available.  Since version 2 GnuPG provides support for S/MIME and
>> Secure Shell in addition to OpenPGP.
>>
>> GnuPG is Free Software (meaning that it respects your freedom). It can
>> be freely used, modified and distributed under the terms of the GNU
>> General Public License.
>>
>> Three different versions of GnuPG are actively maintained:
>>
>> - GnuPG "modern" (2.1) is the latest development with a lot of new
>>   features.  This announcement is about the first release of this
>>   version.
>>
>> - GnuPG "stable" (2.0) is the current stable version for general use.
>>   This is what most users are currently using.
>>
>> - GnuPG "classic" (1.4) is the old standalone version which is most
>>   suitable for older or embedded platforms.
>>
>> You may not install "modern" (2.1) and "stable" (2.0) at the same
>> time.  However, it is possible to install "classic" (1.4) along with
>> any of the other versions.
>>
>>
>> What's New in GnuPG-2.1
>> =======================
>>
>>   - The file "secring.gpg" is not anymore used to store the secret
>>     keys.  Merging of secret keys is now supported.
>>
>>   - All support for PGP-2 keys has been removed for security reasons.
>>
>>   - The standard key generation interface is now much leaner.  This
>>     will help a new user to quickly generate a suitable key.
>>
>>   - Support for Elliptic Curve Cryptography (ECC) is now available.
>>
>>   - Commands to create and sign keys from the command line without any
>>     extra prompts are now available.
>>
>>   - The Pinentry may now show the new passphrase entry and the
>>     passphrase confirmation entry in one dialog.
>>
>>   - There is no more need to manually start the gpg-agent.  It is now
>>     started by any part of GnuPG as needed.
>>
>>   - Problems with importing keys with the same long key id have been
>>     addressed.
>>
>>   - The Dirmngr is now part of GnuPG proper and also takes care of
>>     accessing keyserver.
>>
>>   - Keyserver pools are now handled in a smarter way.
>>
>>   - A new format for locally storing the public keys is now used.
>>     This considerable speeds up operations on large keyrings.
>>
>>   - Revocation certificates are now created by default.
>>
>>   - Card support has been updated, new readers and token types are
>>     supported.
>>
>>   - The format of the key listing has been changed to better identify
>>     the properties of a key.
>>
>>   - The gpg-agent may now be used on Windows as a Pageant replacement
>>     for Putty in the same way it is used for years on Unix as
>>     ssh-agent replacement.
>>
>>   - Creation of X.509 certificates has been improved.  It is now also
>>     possible to export them directly in PKCS#8 and PEM format for use
>>     on TLS servers.
>>
>> A detailed description of the changes can be found at
>> https://gnupg.org/faq/whats-new-in-2.1.html .
>>
>>
>> Getting the Software
>> ====================
>>
>> Please follow the instructions found at https://gnupg.org/download/ or
>> read on:
>>
>> GnuPG 2.1.0 may be downloaded from one of the GnuPG mirror sites or
>> direct from its primary FTP server.  The list of mirrors can be found
>> at https://gnupg.org/mirrors.html .  Note that GnuPG is not available
>> at ftp.gnu.org.
>>
>> On ftp.gnupg.org you find these files:
>>
>>  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2  (3039k)
>>  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2.sig
>>
>> This is the GnuPG 2.1 source code compressed using BZIP2 and its
>> OpenPGP signature.
>>
>>  ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.0_20141105.exe  (6225k)
>>  ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.0_20141105.exe.sig
>>
>> This is an experimental installer for Windows including GPA as
>> graphical key manager and GpgEX as an Explorer extension.  Please
>> de-install an already installed Gpg4win version before trying this
>> installer.  This binary version has not been tested very well, thus it
>> is likely that you will run into problems.  The complete source code
>> for the software included in this installer is in the same directory;
>> use the suffix ".tar.xz" instead of ".exe".
>>
>> Although several beta versions have been released over the course of
>> the last years, no extensive public field test has been done.  Thus it
>> is likely that bugs will show up.  Please check the mailing list
>> archives and the new wiki https://wiki.gnupg.org for latest
>> information on known problems and workaround.
>>
>>
>> Checking the Integrity
>> ======================
>>
>> In order to check that the version of GnuPG which you are going to
>> install is an original and unmodified one, you can do it in one of
>> the following ways:
>>
>>  * If you already have a version of GnuPG installed, you can simply
>>    verify the supplied signature.  For example to verify the signature
>>    of the file gnupg-2.1.0.tar.bz2 you would use this command:
>>
>>      gpg --verify gnupg-2.1.0.tar.bz2.sig
>>
>>    This checks whether the signature file matches the source file.
>>    You should see a message indicating that the signature is good and
>>    made by one or more of the release signing keys.  Make sure that
>>    this is a valid key, either by matching the shown fingerprint
>>    against a trustworthy list of valid release signing keys or by
>>    checking that the key has been signed by trustworthy other keys.
>>    See below for information on the signing keys.
>>
>>  * If you are not able to use an existing version of GnuPG, you have
>>    to verify the SHA-1 checksum.  On Unix systems the command to do
>>    this is either "sha1sum" or "shasum".  Assuming you downloaded the
>>    file gnupg-2.1.0.tar.bz2, you would run the command like this:
>>
>>      sha1sum gnupg-2.1.0.tar.bz2
>>
>>    and check that the output matches the first line from the
>>    following list:
>>
>> 2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33  gnupg-2.1.0.tar.bz2
>> 9907cb6509a0e63331b27a92e25c1ef956caaf3b  gnupg-w32-2.1.0_20141105.exe
>> 28dc1365292c61fbb2bbae730d4158f425463c91  gnupg-w32-2.1.0_20141105.tar.xz
>>
>>
>> Release Signing Keys
>> ====================
>>
>> To guarantee that a downloaded GnuPG version has not been tampered by
>> malicious entities we provide signature files for all tarballs and
>> binary versions.  The keys are also signed by the long term keys of
>> their respective owners.  Current releases are signed by one or more
>> of these four keys:
>>
>>   2048R/4F25E3B6 2011-01-12
>>   Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
>>   Werner Koch (dist sig)
>>
>>   rsa2048/E0856959 2014-10-29
>>   Key fingerprint = 46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
>>   David Shaw (GnuPG Release Signing Key) <dshaw 'at' jabberwocky.com>
>>
>>   rsa2048/33BD3F06 2014-10-29
>>   Key fingerprint = 031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
>>   NIIBE Yutaka (GnuPG Release Key) <gniibe 'at' fsij.org>
>>
>>   rsa2048/7EFD60D9 2014-10-19
>>   Key fingerprint = D238 EA65 D64C 67ED 4C30  73F2 8A86 1B1C 7EFD 60D9
>>   Werner Koch (Release Signing Key)
>>
>> You may retrieve these files from the keyservers using this command
>>
>>   gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \
>>                   2071B08A33BD3F06 8A861B1C7EFD60D9
>>
>> The keys are also available at https://gnupg.org/signature_key.html
>> and in the released GnuPG tarball in the file g10/distsigkey.gpg .
>> Note that this mail has been signed using my standard PGP key.
>>
>>
>> Internationalization
>> ====================
>>
>> This new branch of GnuPG has support for 4 languages: French, German,
>> Japanese, and Ukrainian.  More translations can be expected with the
>> next point releases.
>>
>>
>> Documentation
>> =============
>>
>> If you used GnuPG in the past you should read the description of
>> changes and new features at doc/whats-new-in-2.1.txt or online at
>>
>>   https://gnupg.org/faq/whats-new-in-2.1.html
>>
>> The file gnupg.info has the complete user manual of the system.
>> Separate man pages are included as well but they have not all the
>> details available in the manual.  It is also possible to read the
>> complete manual online in HTML format at
>>
>>   https://gnupg.org/documentation/manuals/gnupg/
>>
>> or in Portable Document Format at
>>
>>   https://gnupg.org/documentation/manuals/gnupg.pdf .
>>
>> The chapters on gpg-agent, gpg and gpgsm include information on how
>> to set up the whole thing.  You may also want search the GnuPG mailing
>> list archives or ask on the gnupg-users mailing lists for advise on
>> how to solve problems.  Many of the new features are around for
>> several years and thus enough public knowledge is already available.
>>
>>
>> Support
>> =======
>>
>> Please consult the archive of the gnupg-users mailing list before
>> reporting a bug <https://gnupg.org/documentation/mailing-lists.html>.
>> We suggest to send bug reports for a new release to this list in favor
>> of filing a bug at <https://bugs.gnupg.org>.  For commercial support
>> requests we keep a list of known service companies at:
>>
>>   https://gnupg.org/service.html
>>
>> The driving force behind the development of GnuPG is the company of
>> its principal author, Werner Koch.  Maintenance and improvement of
>> GnuPG and related software takes up most of their resources.  To allow
>> him to continue this work he kindly asks to either purchase a support
>> contract, engage g10 Code for custom enhancements, or to donate money:
>>
>>   https://gnupg.org/donate/
>>
>>
>> Thanks
>> ======
>>
>> We have to thank all the people who helped with this release, be it
>> testing, coding, translating, suggesting, auditing, administering the
>> servers, spreading the word, and answering questions on the mailing
>> lists.  A final big Thank You goes to Hal Finney, who too early passed
>> away this year.  Hal worked on PGP and helped to make OpenPGP a great
>> standard; it has been a pleasure having worked with him.
>>
>>
>> --
>> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>>
>> _______________________________________________
>> GNU Announcement mailing list <info-gnu at gnu.org>
>> https://lists.gnu.org/mailman/listinfo/info-gnu
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141203/18fc3105/attachment-0001.html>


More information about the Gnupg-users mailing list