security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/kbx/keybox-file.c

178 lines
4.2 KiB
C
Raw Normal View History

Fixed a temporary file name collision between gpg and gpgsm under Windows.
2008-11-20 17:26:40 +01:00
/* keybox-file.c - File operations
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* along with this program; if not, see <http://www.gnu.org/licenses/>.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*/
#include <config.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
#include <time.h>
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#include "keybox-defs.h"
* configure.ac (gl_INIT): Add gnulib stuff. (fseeko, ftello, ttyname, isascii): Replaced the AC_REPLACE_FUNCS by a simple check. (putc_unlocked): Removed check. Not used. (strsep, mkdtemp, asprintf): Replaced checks by gnulib checks. (xsize): Added will probably come handy soon. (CFLAGS): Use -Wformat-security instead of -Wformat-nonliteral. Add --Wno-format-y2k. * gl/, gl/m4/: New. * gpg-agent.c: Include setenv.h. * Makefile.am (AM_CPPFLAGS): Added. * util.h: Add some includes for gnulib. (ttyname, isascii): Define them inline. * fseeko.c, ftello.c: Removed. * strsep.c, mkdtemp.c: Removed. * ttyname.c, isascii.c: Removed. * mkdtemp.c: Removed. * exec.c: Include mkdtemp.h * keybox-file.c (ftello) [!HAVE_FSEEKO]: New replacement function. Copied from ../common/ftello.c. * keybox-update.c (fseeko) [!HAVE_FSEEKO]: New replacement function. Copied from ../common/iobuf.c. * scdaemon.c: Include mkdtemp.h. * misc.c: Include setenv.h. * symcryptrun.c: Include mkdtemp.h.
2005-06-01 17:46:01 +02:00
gpg: Allow import of large keys. * g10/import.c (import): Skip too large keys. * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB. -- The key which triggered the problem was 0x57930DAB0B86B067. With this patch it can be imported. Keys larger than the now increased limit of 5MB will are skipped and the already existing not_imported counter is bumped up. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-04 10:53:10 +01:00
#define IMAGELEN_LIMIT (5*1024*1024)
kbx: Fix handling of overlong keys. * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 10^6 to 2MiB. (_keybox_read_blob2): Skip too long record records. (_keybox_write_blob): Do not accept too long record. * kbx/keybox-dump.c (file_stats_s): Add field skipped_long_blobs. (_keybox_dump_file): Print new counter. (_keybox_dump_file): Skip too long records. ---- To test this feature you may set the limit back to 1MiB and use key F7F0E70F307D56ED which is in my local copy close to 2MiB. Without this patch it was possible to import the key but access to that key and all keys stored after it was not possible. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 20:19:05 +02:00
* configure.ac (gl_INIT): Add gnulib stuff. (fseeko, ftello, ttyname, isascii): Replaced the AC_REPLACE_FUNCS by a simple check. (putc_unlocked): Removed check. Not used. (strsep, mkdtemp, asprintf): Replaced checks by gnulib checks. (xsize): Added will probably come handy soon. (CFLAGS): Use -Wformat-security instead of -Wformat-nonliteral. Add --Wno-format-y2k. * gl/, gl/m4/: New. * gpg-agent.c: Include setenv.h. * Makefile.am (AM_CPPFLAGS): Added. * util.h: Add some includes for gnulib. (ttyname, isascii): Define them inline. * fseeko.c, ftello.c: Removed. * strsep.c, mkdtemp.c: Removed. * ttyname.c, isascii.c: Removed. * mkdtemp.c: Removed. * exec.c: Include mkdtemp.h * keybox-file.c (ftello) [!HAVE_FSEEKO]: New replacement function. Copied from ../common/ftello.c. * keybox-update.c (fseeko) [!HAVE_FSEEKO]: New replacement function. Copied from ../common/iobuf.c. * scdaemon.c: Include mkdtemp.h. * misc.c: Include setenv.h. * symcryptrun.c: Include mkdtemp.h.
2005-06-01 17:46:01 +02:00
#if !defined(HAVE_FTELLO) && !defined(ftello)
static off_t
ftello (FILE *stream)
{
long int off;
off = ftell (stream);
if (off == -1)
return (off_t)-1;
return off;
}
#endif /* !defined(HAVE_FTELLO) && !defined(ftello) */
Fix typos found using codespell. * agent/cache.c: Fix typos. * agent/call-pinentry.c: Likewise. * agent/call-scd.c: Likewise. * agent/command-ssh.c: Likewise. * agent/command.c: Likewise. * agent/divert-scd.c: Likewise. * agent/findkey.c: Likewise. * agent/gpg-agent.c: Likewise. * agent/w32main.c: Likewise. * common/argparse.c: Likewise. * common/audit.c: Likewise. * common/audit.h: Likewise. * common/convert.c: Likewise. * common/dotlock.c: Likewise. * common/exechelp-posix.c: Likewise. * common/exechelp-w32.c: Likewise. * common/exechelp-w32ce.c: Likewise. * common/exechelp.h: Likewise. * common/helpfile.c: Likewise. * common/i18n.h: Likewise. * common/iobuf.c: Likewise. * common/iobuf.h: Likewise. * common/localename.c: Likewise. * common/logging.c: Likewise. * common/openpgp-oid.c: Likewise. * common/session-env.c: Likewise. * common/sexputil.c: Likewise. * common/sysutils.c: Likewise. * common/t-sexputil.c: Likewise. * common/ttyio.c: Likewise. * common/util.h: Likewise. * dirmngr/cdblib.c: Likewise. * dirmngr/certcache.c: Likewise. * dirmngr/crlcache.c: Likewise. * dirmngr/dirmngr-client.c: Likewise. * dirmngr/dirmngr.c: Likewise. * dirmngr/dirmngr_ldap.c: Likewise. * dirmngr/dns-stuff.c: Likewise. * dirmngr/http.c: Likewise. * dirmngr/ks-engine-hkp.c: Likewise. * dirmngr/ks-engine-ldap.c: Likewise. * dirmngr/ldap-wrapper.c: Likewise. * dirmngr/ldap.c: Likewise. * dirmngr/misc.c: Likewise. * dirmngr/ocsp.c: Likewise. * dirmngr/validate.c: Likewise. * g10/encrypt.c: Likewise. * g10/getkey.c: Likewise. * g10/gpg.c: Likewise. * g10/gpgv.c: Likewise. * g10/import.c: Likewise. * g10/keydb.c: Likewise. * g10/keydb.h: Likewise. * g10/keygen.c: Likewise. * g10/keyid.c: Likewise. * g10/keylist.c: Likewise. * g10/keyring.c: Likewise. * g10/mainproc.c: Likewise. * g10/misc.c: Likewise. * g10/options.h: Likewise. * g10/packet.h: Likewise. * g10/parse-packet.c: Likewise. * g10/pkclist.c: Likewise. * g10/pkglue.c: Likewise. * g10/plaintext.c: Likewise. * g10/server.c: Likewise. * g10/sig-check.c: Likewise. * g10/sqlite.c: Likewise. * g10/tdbio.c: Likewise. * g10/test-stubs.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. * g13/create.c: Likewise. * g13/mountinfo.c: Likewise. * kbx/keybox-blob.c: Likewise. * kbx/keybox-file.c: Likewise. * kbx/keybox-init.c: Likewise. * kbx/keybox-search-desc.h: Likewise. * kbx/keybox-search.c: Likewise. * kbx/keybox-update.c: Likewise. * scd/apdu.c: Likewise. * scd/app-openpgp.c: Likewise. * scd/app-p15.c: Likewise. * scd/app.c: Likewise. * scd/ccid-driver.c: Likewise. * scd/command.c: Likewise. * scd/iso7816.c: Likewise. * sm/base64.c: Likewise. * sm/call-agent.c: Likewise. * sm/call-dirmngr.c: Likewise. * sm/certchain.c: Likewise. * sm/gpgsm.c: Likewise. * sm/import.c: Likewise. * sm/keydb.c: Likewise. * sm/minip12.c: Likewise. * sm/qualified.c: Likewise. * sm/server.c: Likewise. * tools/gpg-check-pattern.c: Likewise. * tools/gpgconf-comp.c: Likewise. * tools/gpgkey2ssh.c: Likewise. * tools/gpgparsemail.c: Likewise. * tools/gpgtar.c: Likewise. * tools/rfc822parse.c: Likewise. * tools/symcryptrun.c: Likewise. Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-16 12:41:46 +01:00
/* Read a block at the current position and return it in r_blob.
kbx: Implement update operation for OpenPGP keyblocks. * kbx/keybox-update.c (keybox_update_keyblock): Implement. * kbx/keybox-search.c (get_blob_flags): Move to ... * kbx/keybox-defs.h (blob_get_type): here. * kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB. * g10/keydb.c (build_keyblock_image): Allow calling without R_SIGSTATUS. (keydb_update_keyblock): Implement for keybox. * kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed size. Print "does not expire" also on 64 bit platforms. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-15 15:54:31 +01:00
r_blob may be NULL to simply skip the current block. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
_keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gcc-4 defaults forced me to edit many many files to get rid of the char * vs. unsigned char * warnings. The GNU coding standards used to say that these mismatches are okay and better than a bunch of casts. Obviously this has changed now.
2005-06-16 10:12:03 +02:00
unsigned char *image;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
size_t imagelen = 0;
int c1, c2, c3, c4, type;
int rc;
off_t off;
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
*skipped_deleted = 0;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
again:
kbx: Implement update operation for OpenPGP keyblocks. * kbx/keybox-update.c (keybox_update_keyblock): Implement. * kbx/keybox-search.c (get_blob_flags): Move to ... * kbx/keybox-defs.h (blob_get_type): here. * kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB. * g10/keydb.c (build_keyblock_image): Allow calling without R_SIGSTATUS. (keydb_update_keyblock): Implement for keybox. * kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed size. Print "does not expire" also on 64 bit platforms. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-15 15:54:31 +01:00
if (r_blob)
*r_blob = NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
off = ftello (fp);
if (off == (off_t)-1)
Fixed bug#907. Fixed a segv in keybox and made it more robust.
2008-05-06 16:03:36 +02:00
return gpg_error_from_syserror ();
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if ((c1 = getc (fp)) == EOF
|| (c2 = getc (fp)) == EOF
|| (c3 = getc (fp)) == EOF
|| (c4 = getc (fp)) == EOF
|| (type = getc (fp)) == EOF)
{
if ( c1 == EOF && !ferror (fp) )
return -1; /* eof */
Fixed bug#907. Fixed a segv in keybox and made it more robust.
2008-05-06 16:03:36 +02:00
if (!ferror (fp))
return gpg_error (GPG_ERR_TOO_SHORT);
return gpg_error_from_syserror ();
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
kbx: Avoid undefined behavior. * kbx/keybox-file.c (_keybox_read_blob2): Cast to unsigned int before shifting. Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-07 14:25:38 +01:00
imagelen = ((unsigned int) c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
if (imagelen < 5)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
return gpg_error (GPG_ERR_TOO_SHORT);
if (!type)
{
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
/* Special treatment for empty blobs. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if (fseek (fp, imagelen-5, SEEK_CUR))
Fixed bug#907. Fixed a segv in keybox and made it more robust.
2008-05-06 16:03:36 +02:00
return gpg_error_from_syserror ();
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
*skipped_deleted = 1;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
goto again;
}
kbx: Fix handling of overlong keys. * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 10^6 to 2MiB. (_keybox_read_blob2): Skip too long record records. (_keybox_write_blob): Do not accept too long record. * kbx/keybox-dump.c (file_stats_s): Add field skipped_long_blobs. (_keybox_dump_file): Print new counter. (_keybox_dump_file): Skip too long records. ---- To test this feature you may set the limit back to 1MiB and use key F7F0E70F307D56ED which is in my local copy close to 2MiB. Without this patch it was possible to import the key but access to that key and all keys stored after it was not possible. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 20:19:05 +02:00
if (imagelen > IMAGELEN_LIMIT) /* Sanity check. */
{
/* Seek forward so that the caller may choose to ignore this
record. */
if (fseek (fp, imagelen-5, SEEK_CUR))
return gpg_error_from_syserror ();
return gpg_error (GPG_ERR_TOO_LARGE);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
image = xtrymalloc (imagelen);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
if (!image)
Fixed bug#907. Fixed a segv in keybox and made it more robust.
2008-05-06 16:03:36 +02:00
return gpg_error_from_syserror ();
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
image[0] = c1; image[1] = c2; image[2] = c3; image[3] = c4; image[4] = type;
if (fread (image+5, imagelen-5, 1, fp) != 1)
{
Fixed bug#907. Fixed a segv in keybox and made it more robust.
2008-05-06 16:03:36 +02:00
gpg_error_t tmperr = gpg_error_from_syserror ();
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
xfree (image);
return tmperr;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
rc = r_blob? _keybox_new_blob (r_blob, image, imagelen, off) : 0;
if (rc || !r_blob)
Fixed bug#907. Fixed a segv in keybox and made it more robust.
2008-05-06 16:03:36 +02:00
xfree (image);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
return rc;
}
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
int
_keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp)
{
int dummy;
return _keybox_read_blob2 (r_blob, fp, &dummy);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Write the block to the current file position */
int
_keybox_write_blob (KEYBOXBLOB blob, FILE *fp)
{
gcc-4 defaults forced me to edit many many files to get rid of the char * vs. unsigned char * warnings. The GNU coding standards used to say that these mismatches are okay and better than a bunch of casts. Obviously this has changed now.
2005-06-16 10:12:03 +02:00
const unsigned char *image;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
size_t length;
image = _keybox_get_blob_image (blob, &length);
kbx: Fix handling of overlong keys. * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 10^6 to 2MiB. (_keybox_read_blob2): Skip too long record records. (_keybox_write_blob): Do not accept too long record. * kbx/keybox-dump.c (file_stats_s): Add field skipped_long_blobs. (_keybox_dump_file): Print new counter. (_keybox_dump_file): Skip too long records. ---- To test this feature you may set the limit back to 1MiB and use key F7F0E70F307D56ED which is in my local copy close to 2MiB. Without this patch it was possible to import the key but access to that key and all keys stored after it was not possible. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 20:19:05 +02:00
if (length > IMAGELEN_LIMIT)
return gpg_error (GPG_ERR_TOO_LARGE);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if (fwrite (image, length, 1, fp) != 1)
Fixed bug#907. Fixed a segv in keybox and made it more robust.
2008-05-06 16:03:36 +02:00
return gpg_error_from_syserror ();
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
return 0;
}
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
/* Write a fresh header type blob. */
int
gpg: Take care to use pubring.kbx if it has ever been used. * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp. * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header flag. * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp and set header flag. * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static and add arg for_openpgp. (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the former keybox_new. * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the openpgp header flags. * g10/keydb.c (rt_from_file): New. Factored out and extended from keydb_add_resource. (keydb_add_resource): Switch to the kbx file if it has the openpgp flag set. * kbx/keybox-dump.c (dump_header_blob): Print header flags. -- The problem was reported by dkg on gnupg-devel (2014-10-07): I just discovered a new problem, though, which will affect people on systems that have gpg and gpg2 coinstalled: 0) create a new keyring with gpg2, and use it exclusively with gpg2 for a while. 1) somehow (accidentally?) use gpg (1.4.x) again -- this creates ~/.gnupg/pubring.gpg 2) future runs of gpg2 now only look at pubring.gpg and ignore pubring.kbx -- the keys you had accumulated in the keybox are no longer listed in the output of gpg2 --list-keys Note that gpgsm has always used pubring.kbx and thus this file might already be there but without gpg ever inserted a key. The new flag in the KBX header gives us an indication whether a KBX file has ever been written by gpg >= 2.1. If that is the case we will use it instead of the default pubring.gpg. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 19:10:32 +02:00
_keybox_write_header_blob (FILE *fp, int for_openpgp)
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
{
unsigned char image[32];
u32 val;
memset (image, 0, sizeof image);
/* Length of this blob. */
image[3] = 32;
kbx: Let keydb_search skip unwanted blobs. * kbx/keybox.h (keybox_blobtype_t): New. * kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*. * kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip non-matching blobs. * sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search. * g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search. -- Without this fix a listing of all keys would fail because the wrong blob type would be returned for the gpg or gpgsm. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 12:15:34 +01:00
image[4] = KEYBOX_BLOBTYPE_HEADER;
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
image[5] = 1; /* Version */
gpg: Take care to use pubring.kbx if it has ever been used. * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp. * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header flag. * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp and set header flag. * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static and add arg for_openpgp. (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the former keybox_new. * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the openpgp header flags. * g10/keydb.c (rt_from_file): New. Factored out and extended from keydb_add_resource. (keydb_add_resource): Switch to the kbx file if it has the openpgp flag set. * kbx/keybox-dump.c (dump_header_blob): Print header flags. -- The problem was reported by dkg on gnupg-devel (2014-10-07): I just discovered a new problem, though, which will affect people on systems that have gpg and gpg2 coinstalled: 0) create a new keyring with gpg2, and use it exclusively with gpg2 for a while. 1) somehow (accidentally?) use gpg (1.4.x) again -- this creates ~/.gnupg/pubring.gpg 2) future runs of gpg2 now only look at pubring.gpg and ignore pubring.kbx -- the keys you had accumulated in the keybox are no longer listed in the output of gpg2 --list-keys Note that gpgsm has always used pubring.kbx and thus this file might already be there but without gpg ever inserted a key. The new flag in the KBX header gives us an indication whether a KBX file has ever been written by gpg >= 2.1. If that is the case we will use it instead of the default pubring.gpg. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 19:10:32 +02:00
if (for_openpgp)
image[7] = 0x02; /* OpenPGP data may be available. */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
memcpy (image+8, "KBXf", 4);
val = time (NULL);
/* created_at and last maintenance run. */
image[16] = (val >> 24);
image[16+1] = (val >> 16);
image[16+2] = (val >> 8);
image[16+3] = (val );
image[20] = (val >> 24);
image[20+1] = (val >> 16);
image[20+2] = (val >> 8);
image[20+3] = (val );
if (fwrite (image, 32, 1, fp) != 1)
Fixed bug#907. Fixed a segv in keybox and made it more robust.
2008-05-06 16:03:36 +02:00
return gpg_error_from_syserror ();
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
return 0;
}