security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Code Activity
65bc5ea95e
gnupg/g10/gpg.c

5704 lines
167 KiB
C
Raw Normal View History

gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
/* gpg.c - The GnuPG OpenPGP tool
* Copyright (C) 1998-2020 Free Software Foundation, Inc.
* Copyright (C) 1997-2019 Werner Koch
Release GnuPG 2.3.0
2021-04-07 19:04:46 +02:00
* Copyright (C) 2015-2021 g10 Code GmbH
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
* SPDX-License-Identifier: GPL-3.0-or-later
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*/
#include <config.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
#ifdef HAVE_STAT
#include <sys/stat.h> /* for stat() */
#endif
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#include <fcntl.h>
#ifdef HAVE_W32_SYSTEM
w32: Include winsock2.h to silence warnings.
2014-03-07 09:46:44 +01:00
# ifdef HAVE_WINSOCK2_H
# include <winsock2.h>
# endif
# include <windows.h>
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#endif
gpg: First rough implementation of keyboxd access for key lookup. * g10/Makefile.am: Add nPth flags. * g10/gpg.c: Include npth.h. (gpg_deinit_default_ctrl): Deinit call-keyboxd local data. (main): Init nPth. * g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and remove the search result and the assuan context. * g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields. (lock_datastream, unlock_datastream): New. (gpg_keyboxd_deinit_session_data): Adjust for changed data structures. (prepare_data_pipe): New. (open_context): Return kbl instead of an Assuan context. Init mutexes etc. (close_context): Merge into ... (keydb_release): here. Adjust for changed data structures. (datastream_thread): New. (keydb_get_keyblock): Implement datastream stuff. (keydb_search): Ditto. * common/asshelp.c (wait_for_sock): Add arg connect_flags. (start_new_service): Set FDPASSING flag for the keyboxd. -- This code as a lot of rough edges, in particular it relies on a well behaving keyboxd. We need to add code to shutdown the datastream reader thread in case of errors and to properly get it up again. We also need to make really sure that both threads run in lockstep so that the datastream thread is only active while we are sending a command to the keyboxd. We should also see whether we can depend nPth initialization on the --use-keyboxd option to avoid any problems with nPth. And we need to test on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-10 16:05:54 +02:00
#include <npth.h>
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define INCLUDED_BY_MAIN_MODULE 1
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
#include "gpg.h"
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
#include <assuan.h>
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#include "../common/iobuf.h"
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/util.h"
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
#include "packet.h"
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/membuf.h"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#include "main.h"
#include "options.h"
#include "keydb.h"
#include "trustdb.h"
#include "filter.h"
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/ttyio.h"
#include "../common/i18n.h"
#include "../common/sysutils.h"
#include "../common/status.h"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#include "keyserver-internal.h"
#include "exec.h"
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/gc-opt-flags.h"
#include "../common/asshelp.h"
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
#include "call-dirmngr.h"
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
#include "tofu.h"
gpg: New caching functions. * g10/objcache.c: New. * g10/objcache.h: New. * g10/Makefile.am (common_source): Add them. * g10/gpg.c: Include objcache.h. (g10_exit): Call objcache_dump_stats. * g10/getkey.c: Include objcache.h. (get_primary_uid, release_keyid_list): Remove. (cache_user_id): Remove. (finish_lookup): Call the new cache_put_keyblock instead of cache_user_id. (get_user_id_string): Remove code for mode 2. (get_user_id): Implement using cache_get_uid_bykid. -- This generic caching module is better than the ad-hoc code we used in getkey.c. More cleanup in getkey is still required but it is a start. There is also a small performance increase with the new cache: With a large keyring and --list-sigs I get these numbers: | | before | after | |------+------------+------------| | real | 14m1.028s | 12m16.186s | | user | 2m18.484s | 1m36.040s | | sys | 11m42.420s | 10m40.044s | Note the speedup in the user time which is due to the improved cache algorithm. This is obvious, because the old cache was just a long linked list; the new cache are two hash tables. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-13 11:48:58 +02:00
#include "objcache.h"
common: Add a global variable to for the default error source. For the shared code parts it is cumbersome to pass an error sourse variable to each function. Its value is always a constant for a given binary and thus a global variable makes things a lot easier than the former macro stuff. * common/init.c (default_errsource): New global var. (init_common_subsystems): Rename to _init_common_subsystems. Set DEFAULT_ERRSOURCE. * common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT. (init_common_subsystems): New macro. * common/util.h (default_errsource): Add declaration. * kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
2012-02-06 20:50:47 +01:00
#include "../common/init.h"
gpg: New option --sender * g10/options.h (struct opt): Add field 'sender_list'. * g10/gpg.c: Include mbox-util.h. (oSender): New. (opts): Add option "--sender". (main): Parse option. -- This option will eventually be used for more advanced purposes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 10:08:34 +02:00
#include "../common/mbox-util.h"
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
#include "../common/shareddefs.h"
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS. * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:01:40 +02:00
#include "../common/compliance.h"
gpg,gpgsm: Move use-keyboxd to the new conf file common.conf * common/comopt.c, common/comopt.h: New. * common/Makefile.am: Add them. * g10/gpg.c: Include comopt.h. (main): Also parse common.conf. * sm/gpgsm.c: Include comopt.h. (main): Set a flag for the --no-logfile option. Parse common.conf. * tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add pseudo option "use_keyboxd". (known_pseudo_options_gpg): Add pseudo option "use_keyboxd". (known_options_gpgsm): Remove "use-keyboxd". * tests/openpgp/defs.scm (create-gpghome): Create common.conf. * doc/examples/common.conf: New. -- Note that --use-keybox still works but prints a warning. We will eventually remove this option becuase it was marked as an experimental feature anyway. It would be too confusing if gpg and gpgsm use different key storages. Further, other components (e.g. dirmngr or gpg-wks-client) which call gpg or gpgsm need to be aware that the keyboxd is used and pass that option on the command line. Now that common.conf is always read (even if --no-options is used) those tools will work instantly.
2021-04-19 11:33:19 +02:00
#include "../common/comopt.h"
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
#define MY_O_BINARY O_BINARY
#ifndef S_IRGRP
# define S_IRGRP 0
# define S_IWGRP 0
#endif
#else
#define MY_O_BINARY 0
#endif
enum cmd_and_opt_values
{
aNull = 0,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oArmor = 'a',
aDetachedSign = 'b',
aSym = 'c',
aDecrypt = 'd',
aEncr = 'e',
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
oRecipientFile = 'f',
oHiddenRecipientFile = 'F',
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oInteractive = 'i',
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
aListKeys = 'k',
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oDryRun = 'n',
oOutput = 'o',
oQuiet = 'q',
oRecipient = 'r',
oHiddenRecipient = 'R',
aSign = 's',
oTextmodeShort= 't',
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oLocalUser = 'u',
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oVerbose = 'v',
oCompress = 'z',
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
oSetNotation = 'N',
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
aListSecretKeys = 'K',
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oBatch = 500,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oMaxOutput,
gpg: New option --input-size-hint. * g10/options.h: Include stdint.h. (struct opt): Add field 'input_size_hint'. * g10/gpg.c (oInputSizeHint): New. (opts): Add --input-size-hint. (main): Set opt.input_size_hint. * g10/progress.c (write_status_progress): Use the hint. -- This is a prerequisite to fix GnuPG-bug-id: 2368 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 21:31:12 +02:00
oInputSizeHint,
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
oChunkSize,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oSigNotation,
oCertNotation,
oShowNotation,
oNoShowNotation,
gpg: New option --known-notation. * g10/gpg.c (oKnownNotation): New const. (opts): Add option --known-notation. (main): Set option. * g10/parse-packet.c (known_notations_list): New local var. (register_known_notation): New. (can_handle_critical_notation): Rewrite to handle the new feature. Also print the name of unknown notations in verbose mode. -- GnuPG-bug-id: 4060 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-29 09:36:09 +02:00
oKnownNotation,
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
aEncrFiles,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
aEncrSym,
aDecryptFiles,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
aClearsign,
aStore,
gpg: Add command --quick-gen-key * g10/gpg.c (aQuickKeygen): New. * g10/misc.c (is_valid_user_id): New stub. * g10/keygen.c (quickgen_set_para): New. (quick_generate_keypair): New. -- Note that the validation of the specified user id has not yet been implemented.
2014-07-23 15:12:43 +02:00
aQuickKeygen,
gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
aFullKeygen,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
aKeygen,
aSignEncr,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
aSignEncrSym,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
aSignSym,
aSignKey,
aLSignKey,
gpg: Add commands --quick-sign-key and --quick-lsign-key. * g10/gpg.c (main): Add commands --quick-sign-key and --quick-lsign-key. * g10/keyedit.c (sign_uids): Add args FP and QUICK. (keyedit_quick_sign): New. (show_key_with_all_names): Add arg NOWARN.
2014-03-27 16:33:40 +01:00
aQuickSignKey,
aQuickLSignKey,
gpg: New command --quick-revoke-sig * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig. (opts): Add --quick-revoke-sig. (main): Implement. * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and adjust all callers. (keyedit_quick_revsig): new. * g10/revoke.c (get_default_sig_revocation_reason): New. * g10/keylist.c (cmp_signodes): Make global. -- GnuPG-bug-id: 5093
2020-10-28 17:06:27 +01:00
aQuickRevSig,
gpg: New command --quick-adduid. * g10/keygen.c (ask_user_id): Factor some code out to ... (uid_already_in_keyblock): new. (generate_user_id): Add arg UIDSTR. Fix leaked P. * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. (keyedit_quick_adduid): New. * g10/gpg.c (aQuickAddUid): New. (opts): Add command --quick-adduid. (main): Implement that. -- GnuPG-bug-id: 1956 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
aQuickAddUid,
gpg: New command --quick-addkey. * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New. (ask_keysize): Factor code out to ... (get_keysize_range, fixup_keysize): new. (parse_parameter_usage): Factor parsing out to ... (parse_usagestr): new. Allow use of "encr" as alias for "encrypt". (parse_subkey_algostr_usagestr): New. (generate_subkeypair): Add new args. Implement unattended mode. * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ... (find_by_primary_fpr): new. (keyedit_quick_addkey): New. * g10/gpg.c (aQuickAddKey): New. (opts): Add --quick-addkey. (main): Implement. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:54:48 +02:00
aQuickAddKey,
g10: Implement gpg --quick-revuid * g10/revoke.c (get_default_uid_revocation_reason): New. * g10/keyedit.c (menu_revuid): Break out creation of uid revocation into new function core_revuid. * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and uid, invokes core_revuid. * g10/gpg.c (main): Handle --quick-revuid argument. * doc/gpg.texi: Document --quick-revuid. -- This functionality is a counterpart to --quick-adduid, and will be useful for projects that depend programmatically on gpg to revoke user IDs (one such example is "monkeysphere-host revoke-servicename"). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> - Minor re-indentation work. - Changed a "0 == memcmp" to "!memcmp" - Removed tests/openpgp/quick-key-manipulation.test from the Makefile. This test needs to be converted to gpgscm. - Removed example from whats-new-in-2.1.txt because that is generated. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-17 00:05:57 +02:00
aQuickRevUid,
gpg: New option --quick-set-expire. * g10/gpg.c (aQuickSetExpire): New. (opts): New option --quick-set-expire. (main): Implement option. * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and NEWEXPIRATION. Change semantics of the return value. Change caller. (keyedit_quick_set_expire): New. -- This patch partly solves GnuPG-bug-id: 2701
2016-12-05 10:58:39 +01:00
aQuickSetExpire,
gpg: New command --quick-set-primary-uid. * g10/gpg.c (aQuickSetPrimaryUid): New const. (opts): New command --quick-set-primary-uid. (main): Implement it. * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ... (quick_find_keyblock): new func. (keyedit_quick_revuid): Use quick_find_keyblock. (keyedit_quick_set_primary): New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 14:47:21 +01:00
aQuickSetPrimaryUid,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
aListConfig,
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
aListGcryptConfig,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
aGPGConfList,
.
2006-10-23 16:02:13 +02:00
aGPGConfTest,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
aListPackets,
aEditKey,
aDeleteKeys,
aDeleteSecretKeys,
aDeleteSecretAndPublicKeys,
aImport,
aFastImport,
aVerify,
aVerifyFiles,
aListSigs,
aSendKeys,
aRecvKeys,
Add command --locate-key. Fix auto-key-locate processing of "nodefault".
2008-05-07 17:40:36 +02:00
aLocateKeys,
gpg: New command --locate-external-key. * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:13:26 +02:00
aLocateExtKeys,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
aSearchKeys,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
aRefreshKeys,
aFetchKeys,
gpg: New command --show-keys. * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 11:50:58 +02:00
aShowKeys,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
aExport,
aExportSecret,
aExportSecretSub,
gpg: New command --export-ssh-key * g10/export.c: Include membuf.h and host2net.h. (key_to_sshblob): New. (export_ssh_key): New. * g10/gpg.c (aExportSshKey): New. (opts): Add command. (main): Implement that command. -- GnuPG-bug-id: 2212 I have done only a few tests rights now and the ECDSA curves do not yet work. However ssh-keygen -l accept RSA and ed25519 keys exported using this command. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 17:22:32 +01:00
aExportSshKey,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
aCheckKeys,
aGenRevoke,
aDesigRevoke,
aPrimegen,
aPrintMD,
aPrintMDs,
aCheckTrustDB,
aUpdateTrustDB,
aFixTrustDB,
aListTrustDB,
aListTrustPath,
aExportOwnerTrust,
aImportOwnerTrust,
aDeArmor,
aEnArmor,
aGenRandom,
aRebuildKeydbCaches,
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
aCardStatus,
* g10.c: New command --card-edit. * card-util.c (card_status): Use tty_fprintf for all output. (print_sha1_fpr, print_isoname): Ditto. (get_one_name,change_name, change_url, change_login,change_lang) (change_sex): New; taken from keygen.c. * keygen.c (smartcard_get_one_name, smartcard_change_name) (smartcard_change_url, smartcard_change_login_data) (smartcard_change_lang, smartcard_change_sex): Removed. (check_smartcard): Removed most menu items.
2003-09-18 17:51:18 +02:00
aCardEdit,
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
aChangePIN,
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
aPasswd,
Started to code a --server mode. It is far from being ready!
2006-12-21 20:40:00 +01:00
aServer,
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
aTOFUPolicy,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: New option --mimemode. * g10/gpg.c (oMimemode): New. (opts): Add --mimemode. (main): Use --mimemode only in rfc4880bis compliance mode. * g10/options.h (struct opt): Add field "mimemode". * g10/build-packet.c (do_plaintext): Allow for mode 'm'. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested. * g10/plaintext.c (handle_plaintext): Handle 'm' mode. * g10/sign.c (write_plaintext_packet): Handle 'm' mode. (sign_file, sign_symencrypt_file): Use 'm' if requested. -- Thsi patch prepares for a proposed change in RFC4880bis to support a MIME flag. A literal data packet with the mime flag set is handled like a 't' or 'u' but CR are not removed. The PLAINTEXT status line will also indicate a MIME content. If --mimemode is used without --rfc4880bis 't' will be used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 13:31:12 +02:00
oMimemode,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oTextmode,
oNoTextmode,
oExpert,
oNoExpert,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oDefSigExpire,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oAskSigExpire,
oNoAskSigExpire,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oDefCertExpire,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oAskCertExpire,
oNoAskCertExpire,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oDefCertLevel,
oMinCertLevel,
oAskCertLevel,
oNoAskCertLevel,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oFingerprint,
oWithFingerprint,
gpg: Add option --with-subkey-fingerprint. * g10/gpg.c (oWithSubkeyFingerprint): New. (opts): Add --with-subkey-fingerprint[s]. (main): Set that option. * g10/options.h (struct opt): Add 'with_subkey_fingerprint'. * g10/keylist.c (list_keyblock_print): Print subkey fingerprint. (print_fingerprint): Tweak printing to use compact format if desirable. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:55:03 +02:00
oWithSubkeyFingerprint,
gpg: Add option to print fingerprints in ICAO spelling. * g10/gpg.c: Add option --with-icao-spelling. * g10/options.h (struct opt): Add with_icao_spelling. * g10/keylist.c (print_icao_hexdigit): New. (print_fingerprint): Print ICAO spelling. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-23 17:54:05 +01:00
oWithICAOSpelling,
Add new option --with-keygrip
2010-10-08 13:11:08 +02:00
oWithKeygrip,
gpg,sm: New option --with-key-screening. * common/pkscreening.c: New. * common/pkscreening.h: New. * common/Makefile.am (common_sources): Add them. * g10/gpg.c (opts): New option --with-key-screening. * g10/options.h (struct opt): New field with_key_screening. * g10/keylist.c: Include pkscreening.h. (print_pk_screening): New. (list_keyblock_print): Call it. (print_compliance_flags): Call it. * sm/gpgsm.c (opts): New option --with-key-screening. * sm/gpgsm.h (scruct opt): New field with_key_screening. * sm/keylist.c: Include pkscreening.h. (print_pk_screening): New. (print_compliance_flags): Call it. Add new arg cert. (list_cert_colon): Pass arg cert (list_cert_std): Call print_pk_screening. * sm/fingerprint.c (gpgsm_get_rsa_modulus): New. -- This new option can be used to detect ROCA affected keys. To scan an entire keyring and print the affected fingerprints use this: gpg -k --with-key-screening --with-colons | gawk -F: \ '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next}; $1=="fpr" && found {print $10}; {found=0}' The same works for gpgsm. Note that we need gawk due to the "\<" in the r.e. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-17 21:10:19 +02:00
oWithKeyScreening,
Add new option --with-secret. * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
2014-06-03 21:35:59 +02:00
oWithSecret,
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for Joe.Doe@Example.ORG is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address wk@gnupg.org can be used for testing. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-27 08:34:29 +02:00
oWithWKDHash,
gpg: New option --with-tofu-info. * g10/gpg.c (oWithTofuInfo): New. (opts): Add --with-tofu-info. (main): Set opt.with_tofu_info. * g10/options.h (struct opt): Add field WITH_TOFU_INFO. * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter special mode if not NULL. Change all callers. (tofu_write_tfs_record): New. * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as part of the "uid" record. Print a new "tfs" record if the new option is set. * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record. -- A separate option is required to avoid slowing down key listings. Foer example the current code takes for a keylisting in tofu+pgp mode 17 seconds while it takes more than 5 minutes if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 09:26:36 +02:00
oWithColons,
oWithKeyData,
gpg: New option --with-key-origin. * g10/getkey.c (parse_key_origin): Factor list out as ... (key_origin_list): new struct. (key_origin_string): New. * g10/gpg.c (oWithKeyOrigin): New const. (opts): New option --with-key-origin. (main): Implement option. * g10/options.h (struct opt): New flag with_key_origin. * g10/keylist.c (list_keyblock_print): Print key origin info. (list_keyblock_colon): Ditto.
2017-07-20 17:27:48 +02:00
oWithKeyOrigin,
gpg: New option --with-tofu-info. * g10/gpg.c (oWithTofuInfo): New. (opts): Add --with-tofu-info. (main): Set opt.with_tofu_info. * g10/options.h (struct opt): Add field WITH_TOFU_INFO. * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter special mode if not NULL. Change all callers. (tofu_write_tfs_record): New. * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as part of the "uid" record. Print a new "tfs" record if the new option is set. * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record. -- A separate option is required to avoid slowing down key listings. Foer example the current code takes for a keylisting in tofu+pgp mode 17 seconds while it takes more than 5 minutes if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 09:26:36 +02:00
oWithTofuInfo,
oWithSigList,
oWithSigCheck,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oAnswerYes,
oAnswerNo,
oKeyring,
oPrimaryKeyring,
oSecretKeyring,
oShowKeyring,
oDefaultKey,
oDefRecipient,
oDefRecipientSelf,
oNoDefRecipient,
More agent support for gpg.
2010-10-13 17:57:08 +02:00
oTrySecretKey,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oOptions,
oDebug,
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
oDebugLevel,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oDebugAll,
gpg: Add new option --debug-iolbf. * g10/gpg.c (oDebugIOLBF): new. (opts): Add --debug-iolbf. (main): Set option. -- This option is convenient for debugging to make sure that debug output to stderr is synced with output to stdout. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 14:07:50 +02:00
oDebugIOLBF,
gpg: New maintainer option --debug-set-iobuf-size. * g10/gpg.c (opts): Add new option. (opt_set_iobuf_size): New var. (set_debug): Set the option. * tests/openpgp/armor.scm: Use this option to revert the buffer size to the one which used to exhibit the tested bugs. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 18:29:08 +01:00
oDebugSetIobufSize,
gpg: Use 128 MiB as default AEAD chunk size. * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-24 09:50:02 +02:00
oDebugAllowLargeChunks,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oStatusFD,
oStatusFile,
oAttributeFD,
oAttributeFile,
oEmitVersion,
oNoEmitVersion,
oCompletesNeeded,
oMarginalsNeeded,
oMaxCertDepth,
oLoadExtension,
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
oCompliance,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oGnuPG,
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
oRFC2440,
Ported changes from 1.4. Add copyright notices.
2007-10-25 11:06:21 +02:00
oRFC4880,
gpg: New option --rfc4880bis. * g10/options.h (struct opt): Add field flags.rfc4880bis. * g10/gpg.c (oRFC4880bis): new. (opts): add --rfc4880bis. (main): Implement that and print a warning. -- This is option enables experimental features which may be dropped or changed with the next release. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 22:19:23 +02:00
oRFC4880bis,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oOpenPGP,
oPGP7,
oPGP8,
gpg: Add new compliance mode "de-vs". * g10/options.h (CO_DE_VS): New. (GNUPG): Also allow CO_DE_VS. * g10/gpg.c (oDE_VS): New. (parse_compliance_option): Add "de-vs". (set_compliance_option): Set "de-vs". * g10/misc.c (compliance_option_string): Return a description string. (compliance_failure): Ditto. * g10/keygen.c (ask_algo): Take care of CO_DE_VS. (get_keysize_range): Ditto. (ask_curve): Add new field to CURVES and trun flags into bit flags. Allow only Brainpool curves in CO_DE_VS mode. -- As of now this compliance mode only restricts the set of algorithms and curves which can be created. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 17:50:03 +01:00
oDE_VS,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oRFC2440Text,
oNoRFC2440Text,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oCipherAlgo,
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
oAEADAlgo,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oDigestAlgo,
oCertDigestAlgo,
oCompressAlgo,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oCompressLevel,
oBZ2CompressLevel,
oBZ2DecompressLowmem,
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
oPassphrase,
oPassphraseFD,
oPassphraseFile,
oPassphraseRepeat,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
oPinentryMode,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oCommandFD,
oCommandFile,
oQuickRandom,
oNoVerbose,
oTrustDBName,
oNoSecmemWarn,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oRequireSecmem,
oNoRequireSecmem,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oNoPermissionWarn,
oNoArmor,
oNoDefKeyring,
gpg: New option --no-keyring. * g10/gpg.c (oNoKeyring): New. (opts): Add "--no-keyring". (main): Do not register any keyring if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:33:40 +02:00
oNoKeyring,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oNoGreeting,
oNoTTY,
oNoOptions,
oNoBatch,
oHomedir,
oSkipVerify,
Add gpgconf related dummy options default_pubkey_algo. Add option --skip-hidden-recipients Comment updates.
2009-11-23 20:18:04 +01:00
oSkipHiddenRecipients,
oNoSkipHiddenRecipients,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oAlwaysTrust,
oTrustModel,
oForceOwnertrust,
gpg: New option --no-auto-trust-new-key. * g10/gpg.c (oNoAutoTrustNewKey): New. (opts): Add --no-auto-trust-new-key. (main): Set it. * g10/options.h (opt): Add flags.no_auto_trust_new_key. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
oNoAutoTrustNewKey,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oSetFilename,
oForYourEyesOnly,
oNoForYourEyesOnly,
oSetPolicyURL,
oSigPolicyURL,
oCertPolicyURL,
oShowPolicyURL,
oNoShowPolicyURL,
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
oSigKeyserverURL,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oUseEmbeddedFilename,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oNoUseEmbeddedFilename,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oComment,
oDefaultComment,
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
oNoComments,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oThrowKeyids,
oNoThrowKeyids,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oShowPhotos,
oNoShowPhotos,
oPhotoViewer,
gpg: New option --force-aead * g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric into single bit vars. Make sure they are always set to 1 or 0. (DEK): New field use_aead. * g10/options.h (struct opt): New field force_aead. * g10/pkclist.c (select_aead_from_pklist): New. * g10/gpg.c (oForceAEAD): New const. (opts): New options "--force-aead". (main): Set new option. * g10/encrypt.c (use_aead): New. (encrypt_simple): Implement new flags DEK.use_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. -- This patch should be enough to detect whether AEAD can be used. Not tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:07:11 +01:00
oForceAEAD,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oS2KMode,
oS2KDigest,
oS2KCipher,
* parse-packet.c (parse_symkeyenc): Show the unpacked as well as the packed s2k iteration count. * main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c (hash_passphrase): Add --s2k-count option to specify the number of s2k hash iterations.
2006-10-13 06:06:24 +02:00
oS2KCount,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oDisplayCharset,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oNotDashEscaped,
oEscapeFrom,
oNoEscapeFrom,
oLockOnce,
oLockMultiple,
oLockNever,
oKeyServer,
oKeyServerOptions,
oImportOptions,
gpg: New option --import-filter * g10/gpg.c (oImportFilter): New. (opts): Add --import-filter. (main): Handle option. * g10/import.c: Include recsel.h, init.h, and mbox-util.h. (import_keep_uid): New global var. (cleanup_import_globals): New. (parse_and_set_import_filter): New. (filter_getval): New. (apply_keep_uid_filter): New. (import_one): Apply filter if set. -- Funny new option. It can for example be used to export a key with only one user id: gpg --no-options --import --import-options import-export \ --import-filter keep-uid='mbox=wk@gnupg.org' \ < full-key.pub > key-with-one-uid.pub More features will eventually be added. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:24:04 +02:00
oImportFilter,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oExportOptions,
gpg: New option --export-filter * g10/gpg.c (oExportFilter): New. (opts): Add --export-filter. (main): Handle option. * g10/export.c: Include recsel.h, init.h, and mbox-util.h. (export_keep_uid): New global var. (cleanup_export_globals): New. (parse_and_set_export_filter): New. (filter_getval): New. (apply_keep_uid_filter): New. (do_export_stream): Apply filter if set. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:50:12 +02:00
oExportFilter,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oListOptions,
oVerifyOptions,
oTempDir,
oExecPath,
oEncryptTo,
oHiddenEncryptTo,
oNoEncryptTo,
gpg: Add --encrypt-to-default-key. * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and export the function. * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey. (opts): Handle oEncryptToDefaultKey. (main): Likewise. * g10/options.h (opt): Add field encrypt_to_default_key. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 807
2015-11-03 23:39:46 +01:00
oEncryptToDefaultKey,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oLoggerFD,
oLoggerFile,
oUtf8Strings,
oNoUtf8Strings,
oDisableCipherAlgo,
oDisablePubkeyAlgo,
oAllowNonSelfsignedUID,
oNoAllowNonSelfsignedUID,
oAllowFreeformUID,
oNoAllowFreeformUID,
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
oAllowSecretKeyImport,
gpg: Do not allow old cipher algorithms for encryption. * g10/gpg.c: New option --allow-old-cipher-algos. (set_compliance_option): Set --rfc4880bis explictly to SHA256 and AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440. * g10/options.h (opt): Add flags.allow_old_cipher_algos. * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note unless in --quiet mode. * g10/encrypt.c (setup_symkey): Disallow by default algos with a blocklengt < 128. (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES. * g10/pkclist.c (algo_available): Take care of old cipher also. (select_algo_from_prefs): Use AES as implicit algorithm by default. * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos. -- GnuPG-bug-id: 3415
2021-02-10 14:31:34 +01:00
oAllowOldCipherAlgos,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oEnableSpecialFilenames,
oNoLiteral,
oSetFilesize,
oHonorHttpProxy,
oFastListMode,
oListOnly,
oIgnoreTimeConflict,
oIgnoreValidFrom,
oIgnoreCrcError,
oIgnoreMDCError,
oShowSessionKey,
oOverrideSessionKey,
gpg: New option --override-session-key-fd. * g10/gpg.c (oOverrideSessionKeyFD): New. (opts): Add option --override-session-key-fd. (main): Handle that option. (read_sessionkey_from_fd): New. -- The override-session-key feature was designed to mitigate the effect of the British RIP act by allowing to keep the private key private and hand out only a session key. For that use case the leaking of the session key would not be a problem. However there are other use cases, for example fast re-decryption after an initial decryption, which would benefit from concealing the session key from other users. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:02:53 +01:00
oOverrideSessionKeyFD,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oNoRandomSeedFile,
oAutoKeyRetrieve,
oNoAutoKeyRetrieve,
gpg: New option --auto-key-import * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:04:47 +01:00
oAutoKeyImport,
oNoAutoKeyImport,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oUseAgent,
oNoUseAgent,
oGpgAgentInfo,
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
oUseKeyboxd,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oMergeOnly,
oTryAllSecrets,
oTrustedKey,
oNoExpensiveTrustChecks,
oFixedListMode,
gpg: Change format for the key size in --list-key and --edit-key. * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode. * g10/options.h (struct opt): Add field legacy_list_mode. * g10/keydb.h (PUBKEY_STRING_SIZE): New. * g10/keyid.c (pubkey_string): New. * g10/import.c (import_one, import_secret_one): Use pubkey_string. * g10/keylist.c (print_seckey_info): Ditto. (print_pubkey_info, print_card_key_info): Ditto. (list_keyblock_print): Ditto. * g10/mainproc.c (list_node): Ditto. * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto. * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the format. (show_basic_key_info): Ditto. * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519". (openpgp_oid_to_curve): Downcase "ed25519" -- For ECC it seems to be better to show the name of the curve and not just the size of the prime field. The curve name does not anymore fit into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length format does not work either. Thus the new format uses "rsa2048" - RSA with 2048 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". unless --legacy-list-mode is given. In does not anymore line up nicely in columns thus I expect further changes to this new format. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-02-05 10:37:59 +01:00
oLegacyListMode,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oNoSigCache,
oAutoCheckTrustDB,
oNoAutoCheckTrustDB,
oPreservePermissions,
oDefaultPreferenceList,
Ported patches from 1.4.x
2006-06-27 16:30:59 +02:00
oDefaultKeyserverURL,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oPersonalCipherPreferences,
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
oPersonalAEADPreferences,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oPersonalDigestPreferences,
oPersonalCompressPreferences,
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
oAgentProgram,
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
oKeyboxdProgram,
gpg: Add option --dirmngr-program. * g10/gpg.c: Add option --dirmngr-program. * g10/options.h (struct opt): Add field dirmngr_program. * g10/call-dirmngr.c (create_context): Use new var. * dirmngr/dirmngr.c: Include gc-opt-flags.h. (main): Remove GC_OPT_FLAG_*. * tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ... * common/gc-opt-flags.h: here.
2014-03-12 18:24:52 +01:00
oDirmngrProgram,
gpg: Add option '--disable-dirmngr'. * doc/gpg.texi: Document new option. * g10/call-dirmngr.c (create_context): Fail if option is given. * g10/gpg.c (cmd_and_opt_values): New value. (opts): New option. (gpgconf_list): Add new option. (main): Handle new option. * g10/options.h (struct opt): New field 'disable_dirmngr'. * tools/gpgconf-comp.c (gc_options_gpg): New option. GnuPG-bug-id: 3334 Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-08 11:43:22 +02:00
oDisableDirmngr,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oDisplay,
oTTYname,
oTTYtype,
oLCctype,
oLCmessages,
Started to implement the audit log feature. Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry. Improved support for the quality bar. Minor internal restructuring. Translation fixes.
2007-11-19 17:03:50 +01:00
oXauthority,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oGroup,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oUnGroup,
oNoGroups,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
oStrict,
oNoStrict,
oMangleDosFilenames,
oNoMangleDosFilenames,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oEnableProgressFilter,
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
oMultifile,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oKeyidFormat,
oExitOnStatusWriteError,
oLimitCardInsertTries,
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
oReaderPort,
octapiDriver,
opcscDriver,
oDisableCCID,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oRequireCrossCert,
oNoRequireCrossCert,
oAutoKeyLocate,
oNoAutoKeyLocate,
gpg: Add build and runtime support for larger RSA keys * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from STABLE-BRANCH-1-4 against master Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732
2014-10-09 22:54:15 +02:00
oEnableLargeRSA,
oDisableLargeRSA,
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
oEnableDSA2,
oDisableDSA2,
gpg: Reject signatures made with MD5. * g10/gpg.c: Add option --allow-weak-digest-algos. (main): Set option also in PGP2 mode. * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. * g10/sig-check.c (do_check): Reject MD5 signatures. * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
2014-03-17 17:54:36 +01:00
oAllowWeakDigestAlgos,
gpg: Add option --allow-weak-key-signatures. * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 10:36:17 +01:00
oAllowWeakKeySignatures,
Implement --faked-systrem-time for gpg. Typo and comment fixes.
2009-12-17 18:25:26 +01:00
oFakedSystemTime,
Add option --no-autostart. * g10/gpg.c: Add option --no-autostart. * sm/gpgsm.c: Ditto. * g10/options.h (opt): Add field autostart. * sm/gpgsm.h (opt): Ditto. * g10/call-agent.c (start_agent): Print note if agent was not autostarted. * sm/call-agent.c (start_agent): Ditto. * g10/call-dirmngr.c (create_context): Likewise. * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
oNoAutostart,
gpg: Add option --print-dane-records. * g10/options.h (opt): Add field "print_dane_records". * g10/gpg.c (oPrintDANERecords): new. (opts): Add --print-dane-records. (main): Set that option. * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling. (do_export_stream): Add EXPORT_DANE_FORMAT handling. * g10/keylist.c (list_keyblock_pka): Implement DANE record printing. * g10/gpgv.c (export_pubkey_buffer): New stub. * g10/test-stubs.c (export_pubkey_buffer): New stub. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 15:04:45 +02:00
oPrintDANERecords,
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
oTOFUDefaultPolicy,
oTOFUDBFormat,
gpg: New option --default-new-key-algo. * common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg R_ALGO and change all callers. * common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code. * g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO. * g10/gpg.c (oDefaultNewKeyAlgo): New enum. (opts): New option "--default-new-key-algo". (main): Set the option. * g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace them by ... (DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants. (get_keysize_range): Remove arg R_DEF and return that value instead. Change all callers. (gen_rsa): Use get_keysize_range instead of the removed DEFAULT_STD_KEYSIZE. (parse_key_parameter_part): New function. (parse_key_parameter_string): New function. (quick_generate_keypair): Refactor using parse_key_parameter_string. (generate_keypair): Ditto. (parse_algo_usage_expire): Ditto. -- This new option is intended to be used in the forthcoming --set-profile command of gpgconf. It allows to provide a gpg configuration with custom defaults for a new key using the simple commands which use the default algorithm set. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:43:36 +01:00
oDefaultNewKeyAlgo,
gpg: Add option --weak-digest to gpg and gpgv. * g10/options.h: Add additional_weak_digests linked list to opts. * g10/main.h: Declare weakhash linked list struct and additional_weak_digest() function to insert newly-declared weak digests into opts. * g10/misc.c: (additional_weak_digest): New function. (print_digest_algo_note): Check for deprecated digests; use proper gcry_md_algos type. * g10/sig-check.c: (do_check): Reject weak digests in addition to MD5. * g10/gpg.c: Add --weak-digest option to gpg. * doc/gpg.texi: Document gpg --weak-digest option. * g10/gpgv.c: Add --weak-digest option to gpgv. * doc/gpgv.texi: Document gpgv --weak-digest option. -- gpg and gpgv treat signatures made over MD5 as unreliable, unless the user supplies --allow-weak-digests to gpg. Signatures over any other digest are considered acceptable. Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC 4880, the collision-resistance of SHA-1 is weaker than anyone would like it to be. Some operators of high-value targets that depend on OpenPGP signatures may wish to require their signers to use a stronger digest algorithm than SHA1, even if the OpenPGP ecosystem at large cannot deprecate SHA1 entirely today. This changeset adds a new "--weak-digest DIGEST" option for both gpg and gpgv, which makes it straightforward for anyone to treat any signature or certification made over the specified digest as unreliable. This option can be supplied multiple times if the operator wishes to deprecate multiple digest algorithms, and will be ignored completely if the operator supplies --allow-weak-digests (as before). MD5 is still always considered weak, regardless of any further --weak-digest options supplied. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Capitialized some comments, shorted a line in do_check, and changed subject to name the option. -wk
2015-10-18 23:35:32 +02:00
oWeakDigest,
gpg: Add support for unwrapping the outer level of encryption. * g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set, copy the data to the output file instead of continuing to process it. * g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap. (opts): Handle oUnwrap. (main): Likewise. * g10/options.h (opt): Add field unwrap_encryption. * g10/plaintext.c (handle_plaintext): Break the output file selection functionality into ... (get_output_file): ... this new function. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 1060 Debian-bug-id: 282061
2015-11-05 12:20:42 +01:00
oUnwrap,
gpg: Add new option --only-sign-text-ids. * g10/options.h (opt): Add field only_sign_text_ids. * g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs. (opts): Handle oOnlySignTextIDs. (main): Likewise. * g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't select non-text based IDs automatically. (keyedit_menu): Adapt the prompt asking to sign all user ids according to OPT.ONLY_SIGN_TEXT_IDS. * doc/gpg.texi: Document the new option --only-sign-text-ids. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 1241 Debian-bug-id: 569702
2015-11-06 13:14:57 +01:00
oOnlySignTextIDs,
gpg: New option --disable-signer-uid, create Signer's UID sub-packet. * g10/gpg.c (oDisableSignerUID): New. (opts): New option '--disable-signer-uid'. (main): Set option. * g10/options.h (opt): Add field flags.disable_signer_uid. * g10/sign.c: Include mbox-util.h. (mk_notation_policy_etc): Embed the signer's uid. * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key retrieval if --disable-signer-uid is used. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:24:09 +02:00
oDisableSignerUID,
gpg: New option --sender * g10/options.h (struct opt): Add field 'sender_list'. * g10/gpg.c: Include mbox-util.h. (oSender): New. (opts): Add option "--sender". (main): Parse option. -- This option will eventually be used for more advanced purposes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 10:08:34 +02:00
oSender,
gpg: New option --key-origin. * g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 17:28:32 +02:00
oKeyOrigin,
gpg,sm: New option --request-origin. * g10/gpg.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * g10/options.h (struct opt): Add field request_origin. * g10/call-agent.c (start_agent): Send option to the agent. * sm/gpgsm.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * sm/gpgsm.h (struct opt): Add field request_origin. * sm/call-agent.c (start_agent): Send option to the agent. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
oRequestOrigin,
gpg: New option --no-symkey-cache. * g10/gpg.c (oNoSymkeyCache): New. (opts): Add that option. (main): Set var. * g10/options.h (struct opt): New field no_symkey_cache. * g10/passphrase.c (passphrase_to_dek): Implement that feature. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-11 20:35:40 +02:00
oNoSymkeyCache,
gpg: New option --use-only-openpgp-card * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit c185f6dfbd1bfd809369da789239a371e9d1610e) This was first added to the 2.2 branch.
2019-08-21 10:19:16 +02:00
oUseOnlyOpenPGPCard,
gpg: New option --full-timestrings. * g10/options.h (opt): Add flags.full_timestrings. * g10/gpg.c (oFullTimestrings): New. (opts): New option. (main): Set new flag. * g10/keyid.c (dateonlystr_from_pk): New. (dateonlystr_from_sig): New. (datestr_from_pk): Divert to isotimestamp if requested. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. * g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and dateonlystr_from_pk. -- Quite helpful for debugging keys. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:01:07 +01:00
oFullTimestrings,
gpg: New option --include-key-block. * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New. * g10/gpg.c (oIncludeKeyBlock): New. (opts): New option --include-key-block. (main): Implement. * g10/options.h (opt): New flag include_key_block. * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK. (parse_one_sig_subpkt): Ditto. (can_handle_critical): Ditto. * g10/sign.c (mk_sig_subpkt_key_block): New. (write_signature_packets): Call it for data signatures. -- This patch adds support for a to be proposed OpenPGP ferature: Introduce the Key Block subpacket to align OpenPGP with CMS. This new subpacket may be used similar to the CertificateSet of CMS (RFC-5652) and thus allows to start encrypted communication after having received a signed message. In practice a stripped down version of the key should be including having only the key material and the self-signatures which are really useful and shall be used by the recipient to reply encrypted. #### Key Block (1 octet with value 0, N octets of key data) This subpacket MAY be used to convey key data along with a signature of class 0x00, 0x01, or 0x02. It MUST contain the key used to create the signature; either as the primary key or as a subkey. The key SHOULD contain a primary or subkey capable of encryption and the entire key must be a valid OpenPGP key including at least one User ID packet and the corresponding self-signatures. Implementations MUST ignore this subpacket if the first octet does not have a value of zero or if the key data does not represent a valid transferable public key. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 13:28:35 +01:00
oIncludeKeyBlock,
gpg: New option --auto-key-import * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:04:47 +01:00
oNoIncludeKeyBlock,
Add --chuid to gpg, gpg-card, and gpg-connect-agent. * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
oChUid,
gpg: New option --force-sign-key * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key". (main): Set it. * g10/options.h (opt): New flag flags.force_sign_key. * g10/keyedit.c (sign_uids): Use new flag. -- GnuPG-bug-id: 4584
2021-03-11 11:27:07 +01:00
oForceSignKey,
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
oNoop
};
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
static gpgrt_opt_t opts[] = {
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_group (300, N_("@Commands:\n ")),
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
ARGPARSE_c (aSign, "sign", N_("make a signature")),
g10: Hyphenate --clearsign. * g10/gpg.c (opts): Hyphenate option. * doc/gpg.texi: Update accordingly. * po: Update translations. * tests/openpgp: Update tests. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-23 14:10:07 +02:00
ARGPARSE_c (aClearsign, "clear-sign", N_("make a clear text signature")),
ARGPARSE_c (aClearsign, "clearsign", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")),
ARGPARSE_c (aEncr, "encrypt", N_("encrypt data")),
ARGPARSE_c (aEncrFiles, "encrypt-files", "@"),
ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
ARGPARSE_c (aStore, "store", "@"),
ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
ARGPARSE_c (aDecryptFiles, "decrypt-files", "@"),
ARGPARSE_c (aVerify, "verify" , N_("verify a signature")),
ARGPARSE_c (aVerifyFiles, "verify-files" , "@" ),
ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
ARGPARSE_c (aListKeys, "list-public-keys", "@" ),
g10,sm: Spell out --list-sigs. * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-10 14:55:27 +02:00
ARGPARSE_c (aListSigs, "list-signatures", N_("list keys and signatures")),
ARGPARSE_c (aListSigs, "list-sigs", "@"),
g10,sm: Spell out --check-sigs. * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-10 15:20:14 +02:00
ARGPARSE_c (aCheckKeys, "check-signatures",
N_("list and check key signatures")),
ARGPARSE_c (aCheckKeys, "check-sigs", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
g10,sm: Spell out --gen-key. * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-14 16:59:23 +01:00
ARGPARSE_c (aKeygen, "generate-key",
gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
N_("generate a new key pair")),
g10,sm: Spell out --gen-key. * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-14 16:59:23 +01:00
ARGPARSE_c (aKeygen, "gen-key", "@"),
g10: Rework the --quick-* interface. * g10/gpg.c (opts): Rename options. (main): Update errors. * doc/gpg.texi: Update accordingly. -- I decided not to keep the old versions as aliases in the documentation because the interface is a fairly recent addition. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
ARGPARSE_c (aQuickKeygen, "quick-generate-key" ,
gpg: Add command --quick-gen-key * g10/gpg.c (aQuickKeygen): New. * g10/misc.c (is_valid_user_id): New stub. * g10/keygen.c (quickgen_set_para): New. (quick_generate_keypair): New. -- Note that the validation of the specified user id has not yet been implemented.
2014-07-23 15:12:43 +02:00
N_("quickly generate a new key pair")),
g10: Rework the --quick-* interface. * g10/gpg.c (opts): Rename options. (main): Update errors. * doc/gpg.texi: Update accordingly. -- I decided not to keep the old versions as aliases in the documentation because the interface is a fairly recent addition. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
ARGPARSE_c (aQuickKeygen, "quick-gen-key", "@"),
ARGPARSE_c (aQuickAddUid, "quick-add-uid",
gpg: New command --quick-adduid. * g10/keygen.c (ask_user_id): Factor some code out to ... (uid_already_in_keyblock): new. (generate_user_id): Add arg UIDSTR. Fix leaked P. * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. (keyedit_quick_adduid): New. * g10/gpg.c (aQuickAddUid): New. (opts): Add command --quick-adduid. (main): Implement that. -- GnuPG-bug-id: 1956 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
N_("quickly add a new user-id")),
g10: Rework the --quick-* interface. * g10/gpg.c (opts): Rename options. (main): Update errors. * doc/gpg.texi: Update accordingly. -- I decided not to keep the old versions as aliases in the documentation because the interface is a fairly recent addition. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
ARGPARSE_c (aQuickAddUid, "quick-adduid", "@"),
ARGPARSE_c (aQuickAddKey, "quick-add-key", "@"),
gpg: New command --quick-addkey. * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New. (ask_keysize): Factor code out to ... (get_keysize_range, fixup_keysize): new. (parse_parameter_usage): Factor parsing out to ... (parse_usagestr): new. Allow use of "encr" as alias for "encrypt". (parse_subkey_algostr_usagestr): New. (generate_subkeypair): Add new args. Implement unattended mode. * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ... (find_by_primary_fpr): new. (keyedit_quick_addkey): New. * g10/gpg.c (aQuickAddKey): New. (opts): Add --quick-addkey. (main): Implement. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:54:48 +02:00
ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"),
g10: Rework the --quick-* interface. * g10/gpg.c (opts): Rename options. (main): Update errors. * doc/gpg.texi: Update accordingly. -- I decided not to keep the old versions as aliases in the documentation because the interface is a fairly recent addition. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
ARGPARSE_c (aQuickRevUid, "quick-revoke-uid",
g10: Implement gpg --quick-revuid * g10/revoke.c (get_default_uid_revocation_reason): New. * g10/keyedit.c (menu_revuid): Break out creation of uid revocation into new function core_revuid. * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and uid, invokes core_revuid. * g10/gpg.c (main): Handle --quick-revuid argument. * doc/gpg.texi: Document --quick-revuid. -- This functionality is a counterpart to --quick-adduid, and will be useful for projects that depend programmatically on gpg to revoke user IDs (one such example is "monkeysphere-host revoke-servicename"). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> - Minor re-indentation work. - Changed a "0 == memcmp" to "!memcmp" - Removed tests/openpgp/quick-key-manipulation.test from the Makefile. This test needs to be converted to gpgscm. - Removed example from whats-new-in-2.1.txt because that is generated. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-17 00:05:57 +02:00
N_("quickly revoke a user-id")),
g10: Rework the --quick-* interface. * g10/gpg.c (opts): Rename options. (main): Update errors. * doc/gpg.texi: Update accordingly. -- I decided not to keep the old versions as aliases in the documentation because the interface is a fairly recent addition. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
ARGPARSE_c (aQuickRevUid, "quick-revuid", "@"),
gpg: New option --quick-set-expire. * g10/gpg.c (aQuickSetExpire): New. (opts): New option --quick-set-expire. (main): Implement option. * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and NEWEXPIRATION. Change semantics of the return value. Change caller. (keyedit_quick_set_expire): New. -- This patch partly solves GnuPG-bug-id: 2701
2016-12-05 10:58:39 +01:00
ARGPARSE_c (aQuickSetExpire, "quick-set-expire",
N_("quickly set a new expiration date")),
gpg: New command --quick-set-primary-uid. * g10/gpg.c (aQuickSetPrimaryUid): New const. (opts): New command --quick-set-primary-uid. (main): Implement it. * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ... (quick_find_keyblock): new func. (keyedit_quick_revuid): Use quick_find_keyblock. (keyedit_quick_set_primary): New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 14:47:21 +01:00
ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"),
g10: Spell out --full-gen-key. * g10/gpg.c (opts): Spell out option. (main): Likewise. * g10/keygen.c (generate_keypair): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 15:10:39 +01:00
ARGPARSE_c (aFullKeygen, "full-generate-key" ,
gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
N_("full featured key pair generation")),
g10: Spell out --full-gen-key. * g10/gpg.c (opts): Spell out option. (main): Likewise. * g10/keygen.c (generate_keypair): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 15:10:39 +01:00
ARGPARSE_c (aFullKeygen, "full-gen-key", "@"),
g10: Shorten unreasonably long option. * g10/gpg.c (opts): Rename 'generate-revocation-certificate' to 'generate-revocation'. * doc/gpg.texi: Update accordingly. * po: Update translations. GnuPG-bug-id: 2700 Fixes-commit: ec1bd3ae685e95563e38077ab3c1655fd55dea07 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 13:01:03 +01:00
ARGPARSE_c (aGenRevoke, "generate-revocation",
g10: Spell out --gen-revoke. * g10/gpg.c (opts): Spell out option. * doc/gpg.texi: Update accordingly. * po: Update translations. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:43:22 +01:00
N_("generate a revocation certificate")),
ARGPARSE_c (aGenRevoke, "gen-revoke", "@"),
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
ARGPARSE_c (aDeleteKeys,"delete-keys",
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
N_("remove keys from the public keyring")),
ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys",
N_("remove keys from the secret keyring")),
gpg: Add commands --quick-sign-key and --quick-lsign-key. * g10/gpg.c (main): Add commands --quick-sign-key and --quick-lsign-key. * g10/keyedit.c (sign_uids): Add args FP and QUICK. (keyedit_quick_sign): New. (show_key_with_all_names): Add arg NOWARN.
2014-03-27 16:33:40 +01:00
ARGPARSE_c (aQuickSignKey, "quick-sign-key" ,
N_("quickly sign a key")),
ARGPARSE_c (aQuickLSignKey, "quick-lsign-key",
N_("quickly sign a key locally")),
gpg: New command --quick-revoke-sig * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig. (opts): Add --quick-revoke-sig. (main): Implement. * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and adjust all callers. (keyedit_quick_revsig): new. * g10/revoke.c (get_default_sig_revocation_reason): New. * g10/keylist.c (cmp_signodes): Make global. -- GnuPG-bug-id: 5093
2020-10-28 17:06:27 +01:00
ARGPARSE_c (aQuickRevSig, "quick-revoke-sig" ,
N_("quickly revoke a key signature")),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aSignKey, "sign-key" ,N_("sign a key")),
ARGPARSE_c (aLSignKey, "lsign-key" ,N_("sign a key locally")),
ARGPARSE_c (aEditKey, "edit-key" ,N_("sign or edit a key")),
Ask for the keysize when generating a new card key.
2009-08-05 13:24:43 +02:00
ARGPARSE_c (aEditKey, "key-edit" ,"@"),
g10,sm: Spell out --passwd. * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. * doc/gpgsm.texi: Likewise. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:49:47 +01:00
ARGPARSE_c (aPasswd, "change-passphrase", N_("change a passphrase")),
ARGPARSE_c (aPasswd, "passwd", "@"),
g10: Spell out --desig-revoke. * g10/gpg.c (opts): Rename option. * doc/gpg.texi: Update accordingly. -- This is a rather long name, but I believe that this command is rarely used, and in places where it is used frequently, the process is likely automated. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 13:59:48 +01:00
ARGPARSE_c (aDesigRevoke, "generate-designated-revocation", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
ARGPARSE_c (aExport, "export" , N_("export keys") ),
doc: Consistently use 'keyserver'. -- GnuPG-bug-id: 2383 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-14 09:06:44 +02:00
ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a keyserver") ),
g10: Spell out --recv-keys. * g10/gpg.c (opts): Spell out option. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-23 13:40:55 +02:00
ARGPARSE_c (aRecvKeys, "receive-keys" , N_("import keys from a keyserver") ),
ARGPARSE_c (aRecvKeys, "recv-keys" , "@"),
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
ARGPARSE_c (aSearchKeys, "search-keys" ,
doc: Consistently use 'keyserver'. -- GnuPG-bug-id: 2383 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-14 09:06:44 +02:00
N_("search for keys on a keyserver") ),
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
ARGPARSE_c (aRefreshKeys, "refresh-keys",
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
N_("update all keys from a keyserver")),
ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
gpg: New command --locate-external-key. * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:13:26 +02:00
ARGPARSE_c (aLocateExtKeys, "locate-external-keys", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
gpg: New command --show-keys. * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 11:50:58 +02:00
ARGPARSE_c (aShowKeys, "show-keys" , "@" ),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aExportSecret, "export-secret-keys" , "@" ),
ARGPARSE_c (aExportSecretSub, "export-secret-subkeys" , "@" ),
gpg: New command --export-ssh-key * g10/export.c: Include membuf.h and host2net.h. (key_to_sshblob): New. (export_ssh_key): New. * g10/gpg.c (aExportSshKey): New. (opts): Add command. (main): Implement that command. -- GnuPG-bug-id: 2212 I have done only a few tests rights now and the ECDSA curves do not yet work. However ssh-keygen -l accept RSA and ed25519 keys exported using this command. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 17:22:32 +01:00
ARGPARSE_c (aExportSshKey, "export-ssh-key", "@" ),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aImport, "import", N_("import/merge keys")),
ARGPARSE_c (aFastImport, "fast-import", "@"),
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#ifdef ENABLE_CARD_SUPPORT
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aCardStatus, "card-status", N_("print the card status")),
g10: Rename 'card-edit' to 'edit-card'. * g10/gpg.c (opts): Rename option. * g10/call-agent.c (agent_scd_learn): Update comment. * doc/gpg.texi: Update accordingly. -- This change has a surprising side effect. Previously, --edit was an alias for --edit-key, because the argument parser actually accepts unique prefixes of all options. With this change, however, --edit is ambiguous. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 14:50:10 +01:00
ARGPARSE_c (aCardEdit, "edit-card", N_("change data on a card")),
ARGPARSE_c (aCardEdit, "card-edit", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aChangePIN, "change-pin", N_("change a card's PIN")),
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#endif
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aListConfig, "list-config", "@"),
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
ARGPARSE_c (aListGcryptConfig, "list-gcrypt-config", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ),
ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ),
ARGPARSE_c (aListPackets, "list-packets","@"),
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#ifndef NO_TRUST_MODELS
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"),
ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"),
ARGPARSE_c (aUpdateTrustDB,"update-trustdb",
N_("update the trust database")),
ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"),
ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#endif
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aDeArmor, "dearmor", "@"),
ARGPARSE_c (aDeArmor, "dearmour", "@"),
ARGPARSE_c (aEnArmor, "enarmor", "@"),
ARGPARSE_c (aEnArmor, "enarmour", "@"),
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
ARGPARSE_c (aPrintMD, "print-md", N_("print message digests")),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_c (aPrimegen, "gen-prime", "@" ),
ARGPARSE_c (aGenRandom,"gen-random", "@" ),
ARGPARSE_c (aServer, "server", N_("run in server mode")),
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
ARGPARSE_c (aTOFUPolicy, "tofu-policy",
gpg: Shorten the --tofu-policy help text -- Using "help" as value lists the options. Not having the current options in the help text also makes it easier to keep translations clean. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-27 13:58:20 +01:00
N_("|VALUE|set the TOFU policy for a key")),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
/* Not yet used:
ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
ARGPARSE_c (aDeleteSecretAndPublicKeys,
"delete-secret-and-public-keys", "@"),
ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"),
ARGPARSE_c (aListKeys, "list-key", "@"), /* alias */
ARGPARSE_c (aListSigs, "list-sig", "@"), /* alias */
ARGPARSE_c (aCheckKeys, "check-sig", "@"), /* alias */
ARGPARSE_c (aShowKeys, "show-key", "@"), /* alias */
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_header ("Monitor", N_("Options controlling the diagnostic output")),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
gpgconf: Support reading global options (part 2). * tools/gpgconf-comp.c: Remove all regular option descriptions. They are now read in from the component. Also remove a few meanwhile obsolete options. * agent/gpg-agent.c: Add option description which were only set in gpgconf-comp.c. * dirmngr/dirmngr.c: Ditto. * scd/scdaemon.c: Ditto. * sm/gpgsm.c: Ditto. * g10/gpg.c: Ditto. -- This second part removes all regular option descriptions because they can be read from the components. A few were missing in the components and thus moved to there. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 10:09:26 +01:00
ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
gpg: Allow debug flag names for --debug. * g10/gpg.c (opts): Change arg for oDebug to a string. (debug_flags): New; factored out from set_debug. (set_debug): Remove "--debug-level help". Use parse_debug_flag to print the used flags. (main): Use parse_debug_flag for oDebug. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 21:01:10 +02:00
ARGPARSE_s_s (oDebug, "debug", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
gpg: Add new option --debug-iolbf. * g10/gpg.c (oDebugIOLBF): new. (opts): Add --debug-iolbf. (main): Set option. -- This option is convenient for debugging to make sure that debug output to stderr is synced with output to stdout. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 14:07:50 +02:00
ARGPARSE_s_n (oDebugIOLBF, "debug-iolbf", "@"),
gpg: New maintainer option --debug-set-iobuf-size. * g10/gpg.c (opts): Add new option. (opt_set_iobuf_size): New var. (set_debug): Set the option. * tests/openpgp/armor.scm: Use this option to revert the buffer size to the one which used to exhibit the tested bugs. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 18:29:08 +01:00
ARGPARSE_s_u (oDebugSetIobufSize, "debug-set-iobuf-size", "@"),
gpg: Use 128 MiB as default AEAD chunk size. * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-24 09:50:02 +02:00
ARGPARSE_s_u (oDebugAllowLargeChunks, "debug-allow-large-chunks", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_s (oDisplayCharset, "display-charset", "@"),
ARGPARSE_s_s (oDisplayCharset, "charset", "@"),
ARGPARSE_conffile (oOptions, "options", N_("|FILE|read options from FILE")),
ARGPARSE_noconffile (oNoOptions, "no-options", "@"),
ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
ARGPARSE_s_s (oLoggerFile, "log-file",
N_("|FILE|write server mode logs to FILE")),
ARGPARSE_s_s (oLoggerFile, "logger-file", "@"), /* 1.4 compatibility. */
ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_header ("Configuration",
N_("Options controlling the configuration")),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_s (oHomedir, "homedir", "@"),
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
ARGPARSE_s_s (oDefaultKey, "default-key",
N_("|NAME|use NAME as default secret key")),
ARGPARSE_s_s (oEncryptTo, "encrypt-to",
N_("|NAME|encrypt to user ID NAME as well")),
ARGPARSE_s_n (oNoEncryptTo, "no-encrypt-to", "@"),
ARGPARSE_s_s (oHiddenEncryptTo, "hidden-encrypt-to", "@"),
ARGPARSE_s_n (oEncryptToDefaultKey, "encrypt-to-default-key", "@"),
ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"),
ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", "@"),
ARGPARSE_s_n (oNoDefRecipient, "no-default-recipient", "@"),
ARGPARSE_s_s (oGroup, "group",
N_("|SPEC|set up email aliases")),
ARGPARSE_s_s (oUnGroup, "ungroup", "@"),
ARGPARSE_s_n (oNoGroups, "no-groups", "@"),
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
ARGPARSE_s_s (oCompliance, "compliance", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oGnuPG, "gnupg", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp2", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
gpg: New option --rfc4880bis. * g10/options.h (struct opt): Add field flags.rfc4880bis. * g10/gpg.c (oRFC4880bis): new. (opts): add --rfc4880bis. (main): Implement that and print a warning. -- This is option enables experimental features which may be dropped or changed with the next release. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 22:19:23 +02:00
ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
gpg: Remove PGP6 compliance mode. * g10/gpg.c: Make --pgp6 an alias for --pgp7. * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6. * g10/options.h (PGP6): Remove. Adjust all users. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 13:01:12 +02:00
ARGPARSE_s_n (oPGP7, "pgp6", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
ARGPARSE_s_n (oPGP8, "pgp8", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"),
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#ifndef NO_TRUST_MODELS
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#endif
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
ARGPARSE_s_s (oPhotoViewer, "photo-viewer", "@"),
ARGPARSE_s_s (oKnownNotation, "known-notation", "@"),
ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
ARGPARSE_s_s (oKeyboxdProgram, "keyboxd-program", "@"),
ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
ARGPARSE_s_n (oEnableProgressFilter, "enable-progress-filter", "@"),
ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
ARGPARSE_s_s (oExecPath, "exec-path", "@"),
ARGPARSE_s_n (oExpert, "expert", "@"),
ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
ARGPARSE_s_n (oNoPermissionWarn, "no-permission-warning", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
ARGPARSE_s_s (oDefSigExpire, "default-sig-expire", "@"),
ARGPARSE_s_n (oAskSigExpire, "ask-sig-expire", "@"),
ARGPARSE_s_n (oNoAskSigExpire, "no-ask-sig-expire", "@"),
ARGPARSE_s_s (oDefCertExpire, "default-cert-expire", "@"),
ARGPARSE_s_n (oAskCertExpire, "ask-cert-expire", "@"),
ARGPARSE_s_n (oNoAskCertExpire, "no-ask-cert-expire", "@"),
ARGPARSE_s_i (oDefCertLevel, "default-cert-level", "@"),
ARGPARSE_s_i (oMinCertLevel, "min-cert-level", "@"),
ARGPARSE_s_n (oAskCertLevel, "ask-cert-level", "@"),
ARGPARSE_s_n (oNoAskCertLevel, "no-ask-cert-level", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-preferences","@"),
ARGPARSE_s_s (oPersonalAEADPreferences, "personal-aead-preferences","@"),
ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
ARGPARSE_s_s (oPersonalCompressPreferences,
"personal-compress-preferences", "@"),
ARGPARSE_s_s (oDefaultPreferenceList, "default-preference-list", "@"),
ARGPARSE_s_s (oDefaultKeyserverURL, "default-keyserver-url", "@"),
ARGPARSE_s_n (oNoExpensiveTrustChecks, "no-expensive-trust-checks", "@"),
ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"),
ARGPARSE_s_n (oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", "@"),
ARGPARSE_s_n (oAllowFreeformUID, "allow-freeform-uid", "@"),
ARGPARSE_s_n (oNoAllowFreeformUID, "no-allow-freeform-uid", "@"),
ARGPARSE_s_n (oPreservePermissions, "preserve-permissions", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_s (oTOFUDefaultPolicy, "tofu-default-policy", "@"),
ARGPARSE_s_n (oLockOnce, "lock-once", "@"),
ARGPARSE_s_n (oLockMultiple, "lock-multiple", "@"),
ARGPARSE_s_n (oLockNever, "lock-never", "@"),
ARGPARSE_s_s (oCompressAlgo,"compress-algo", "@"),
ARGPARSE_s_s (oCompressAlgo, "compression-algo", "@"), /* Alias */
ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
ARGPARSE_s_i (oCompletesNeeded, "completes-needed", "@"),
ARGPARSE_s_i (oMarginalsNeeded, "marginals-needed", "@"),
ARGPARSE_s_i (oMaxCertDepth, "max-cert-depth", "@" ),
g10: Remove option --always-trust if compiled without trust models. * g10/gpg.c (opts): Remove option --always-trust if compiled without trust models. Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-01 14:51:56 +02:00
#ifndef NO_TRUST_MODELS
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"),
ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
gpg: New option --no-auto-trust-new-key. * g10/gpg.c (oNoAutoTrustNewKey): New. (opts): Add --no-auto-trust-new-key. (main): Set it. * g10/options.h (opt): Add flags.no_auto_trust_new_key. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
ARGPARSE_s_n (oNoAutoTrustNewKey, "no-auto-trust-new-key", "@"),
g10: Remove option --always-trust if compiled without trust models. * g10/gpg.c (opts): Remove option --always-trust if compiled without trust models. Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-01 14:51:56 +02:00
#endif
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_header ("Input", N_("Options controlling the input")),
ARGPARSE_s_n (oMultifile, "multifile", "@"),
ARGPARSE_s_s (oInputSizeHint, "input-size-hint", "@"),
ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"),
ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
ARGPARSE_p_u (oSetFilesize, "set-filesize", "@"),
ARGPARSE_s_n (oNoLiteral, "no-literal", "@"),
ARGPARSE_s_s (oSetNotation, "set-notation", "@"),
ARGPARSE_s_s (oSigNotation, "sig-notation", "@"),
ARGPARSE_s_s (oCertNotation, "cert-notation", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_s (oSetPolicyURL, "set-policy-url", "@"),
ARGPARSE_s_s (oSigPolicyURL, "sig-policy-url", "@"),
ARGPARSE_s_s (oCertPolicyURL, "cert-policy-url", "@"),
ARGPARSE_s_s (oSigKeyserverURL, "sig-keyserver-url", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_header ("Output", N_("Options controlling the output")),
ARGPARSE_s_n (oArmor, "armor", N_("create ascii armored output")),
ARGPARSE_s_n (oArmor, "armour", "@"),
ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
ARGPARSE_p_u (oMaxOutput, "max-output", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_s (oComment, "comment", "@"),
ARGPARSE_s_n (oDefaultComment, "default-comment", "@"),
ARGPARSE_s_n (oNoComments, "no-comments", "@"),
ARGPARSE_s_n (oEmitVersion, "emit-version", "@"),
ARGPARSE_s_n (oNoEmitVersion, "no-emit-version", "@"),
ARGPARSE_s_n (oNoEmitVersion, "no-version", "@"), /* alias */
ARGPARSE_s_n (oNotDashEscaped, "not-dash-escaped", "@"),
ARGPARSE_s_n (oEscapeFrom, "escape-from-lines", "@"),
ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oMimemode, "mimemode", "@"),
ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
ARGPARSE_s_n (oShowNotation, "show-notation", "@"),
ARGPARSE_s_n (oNoShowNotation, "no-show-notation", "@"),
ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oUseEmbeddedFilename, "use-embedded-filename", "@"),
ARGPARSE_s_n (oNoUseEmbeddedFilename, "no-use-embedded-filename", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oMangleDosFilenames, "mangle-dos-filenames", "@"),
ARGPARSE_s_n (oNoMangleDosFilenames, "no-mangle-dos-filenames", "@"),
ARGPARSE_s_i (oChunkSize, "chunk-size", "@"),
ARGPARSE_s_n (oNoSymkeyCache, "no-symkey-cache", "@"),
ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
ARGPARSE_s_n (oListOnly, "list-only", "@"),
ARGPARSE_s_i (oCompress, NULL,
N_("|N|set compress level to N (0 disables)")),
ARGPARSE_s_i (oCompressLevel, "compress-level", "@"),
ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
gpg: New option --include-key-block. * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New. * g10/gpg.c (oIncludeKeyBlock): New. (opts): New option --include-key-block. (main): Implement. * g10/options.h (opt): New flag include_key_block. * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK. (parse_one_sig_subpkt): Ditto. (can_handle_critical): Ditto. * g10/sign.c (mk_sig_subpkt_key_block): New. (write_signature_packets): Call it for data signatures. -- This patch adds support for a to be proposed OpenPGP ferature: Introduce the Key Block subpacket to align OpenPGP with CMS. This new subpacket may be used similar to the CertificateSet of CMS (RFC-5652) and thus allows to start encrypted communication after having received a signed message. In practice a stripped down version of the key should be including having only the key material and the self-signatures which are really useful and shall be used by the recipient to reply encrypted. #### Key Block (1 octet with value 0, N octets of key data) This subpacket MAY be used to convey key data along with a signature of class 0x00, 0x01, or 0x02. It MUST contain the key used to create the signature; either as the primary key or as a subkey. The key SHOULD contain a primary or subkey capable of encryption and the entire key must be a valid OpenPGP key including at least one User ID packet and the corresponding self-signatures. Implementations MUST ignore this subpacket if the first octet does not have a value of zero or if the key data does not represent a valid transferable public key. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 13:28:35 +01:00
ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_header ("ImportExport",
N_("Options controlling key import and export")),
ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate",
N_("|MECHANISMS|use MECHANISMS to locate keys by mail address")),
ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
gpg: New option --auto-key-import * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:04:47 +01:00
ARGPARSE_s_n (oAutoKeyImport, "auto-key-import",
N_("import missing key from a signature")),
ARGPARSE_s_n (oNoAutoKeyImport, "no-auto-key-import", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
gpg: New option --auto-key-import * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:04:47 +01:00
ARGPARSE_s_n (oIncludeKeyBlock, "include-key-block",
N_("include the public key in signatures")),
ARGPARSE_s_n (oNoIncludeKeyBlock, "no-include-key-block", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oDisableDirmngr, "disable-dirmngr",
N_("disable all access to the dirmngr")),
ARGPARSE_s_s (oKeyServer, "keyserver", "@"), /* Deprecated. */
ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
ARGPARSE_s_s (oKeyOrigin, "key-origin", "@"),
ARGPARSE_s_s (oImportOptions, "import-options", "@"),
ARGPARSE_s_s (oImportFilter, "import-filter", "@"),
ARGPARSE_s_s (oExportOptions, "export-options", "@"),
ARGPARSE_s_s (oExportFilter, "export-filter", "@"),
ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
ARGPARSE_header ("Keylist", N_("Options controlling key listings")),
ARGPARSE_s_s (oListOptions, "list-options", "@"),
ARGPARSE_s_n (oFullTimestrings, "full-timestrings", "@"),
ARGPARSE_s_n (oShowPhotos, "show-photos", "@"),
ARGPARSE_s_n (oNoShowPhotos, "no-show-photos", "@"),
ARGPARSE_s_n (oShowPolicyURL, "show-policy-url", "@"),
ARGPARSE_s_n (oNoShowPolicyURL, "no-show-policy-url", "@"),
ARGPARSE_s_n (oWithColons, "with-colons", "@"),
ARGPARSE_s_n (oWithTofuInfo,"with-tofu-info", "@"),
ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
gpg: Add option --with-subkey-fingerprint. * g10/gpg.c (oWithSubkeyFingerprint): New. (opts): Add --with-subkey-fingerprint[s]. (main): Set that option. * g10/options.h (struct opt): Add 'with_subkey_fingerprint'. * g10/keylist.c (list_keyblock_print): Print subkey fingerprint. (print_fingerprint): Tweak printing to use compact format if desirable. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:55:03 +02:00
ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprint", "@"),
ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"),
gpg: Add option to print fingerprints in ICAO spelling. * g10/gpg.c: Add option --with-icao-spelling. * g10/options.h (struct opt): Add with_icao_spelling. * g10/keylist.c (print_icao_hexdigit): New. (print_fingerprint): Print ICAO spelling. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-23 17:54:05 +01:00
ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
Add new option --with-keygrip
2010-10-08 13:11:08 +02:00
ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"),
gpg,sm: New option --with-key-screening. * common/pkscreening.c: New. * common/pkscreening.h: New. * common/Makefile.am (common_sources): Add them. * g10/gpg.c (opts): New option --with-key-screening. * g10/options.h (struct opt): New field with_key_screening. * g10/keylist.c: Include pkscreening.h. (print_pk_screening): New. (list_keyblock_print): Call it. (print_compliance_flags): Call it. * sm/gpgsm.c (opts): New option --with-key-screening. * sm/gpgsm.h (scruct opt): New field with_key_screening. * sm/keylist.c: Include pkscreening.h. (print_pk_screening): New. (print_compliance_flags): Call it. Add new arg cert. (list_cert_colon): Pass arg cert (list_cert_std): Call print_pk_screening. * sm/fingerprint.c (gpgsm_get_rsa_modulus): New. -- This new option can be used to detect ROCA affected keys. To scan an entire keyring and print the affected fingerprints use this: gpg -k --with-key-screening --with-colons | gawk -F: \ '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next}; $1=="fpr" && found {print $10}; {found=0}' The same works for gpgsm. Note that we need gawk due to the "\<" in the r.e. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-17 21:10:19 +02:00
ARGPARSE_s_n (oWithKeyScreening,"with-key-screening", "@"),
Add new option --with-secret. * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
2014-06-03 21:35:59 +02:00
ARGPARSE_s_n (oWithSecret, "with-secret", "@"),
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for Joe.Doe@Example.ORG is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address wk@gnupg.org can be used for testing. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-27 08:34:29 +02:00
ARGPARSE_s_n (oWithWKDHash, "with-wkd-hash", "@"),
gpg: New option --with-key-origin. * g10/getkey.c (parse_key_origin): Factor list out as ... (key_origin_list): new struct. (key_origin_string): New. * g10/gpg.c (oWithKeyOrigin): New const. (opts): New option --with-key-origin. (main): Implement option. * g10/options.h (struct opt): New flag with_key_origin. * g10/keylist.c (list_keyblock_print): Print key origin info. (list_keyblock_colon): Ditto.
2017-07-20 17:27:48 +02:00
ARGPARSE_s_n (oWithKeyOrigin, "with-key-origin", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oFastListMode, "fast-list-mode", "@"),
ARGPARSE_s_n (oFixedListMode, "fixed-list-mode", "@"),
gpg: Change format for the key size in --list-key and --edit-key. * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode. * g10/options.h (struct opt): Add field legacy_list_mode. * g10/keydb.h (PUBKEY_STRING_SIZE): New. * g10/keyid.c (pubkey_string): New. * g10/import.c (import_one, import_secret_one): Use pubkey_string. * g10/keylist.c (print_seckey_info): Ditto. (print_pubkey_info, print_card_key_info): Ditto. (list_keyblock_print): Ditto. * g10/mainproc.c (list_node): Ditto. * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto. * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the format. (show_basic_key_info): Ditto. * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519". (openpgp_oid_to_curve): Downcase "ed25519" -- For ECC it seems to be better to show the name of the curve and not just the size of the prime field. The curve name does not anymore fit into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length format does not work either. Thus the new format uses "rsa2048" - RSA with 2048 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". unless --legacy-list-mode is given. In does not anymore line up nicely in columns thus I expect further changes to this new format. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-02-05 10:37:59 +01:00
ARGPARSE_s_n (oLegacyListMode, "legacy-list-mode", "@"),
gpg: Add option --print-dane-records. * g10/options.h (opt): Add field "print_dane_records". * g10/gpg.c (oPrintDANERecords): new. (opts): Add --print-dane-records. (main): Set that option. * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling. (do_export_stream): Add EXPORT_DANE_FORMAT handling. * g10/keylist.c (list_keyblock_pka): Implement DANE record printing. * g10/gpgv.c (export_pubkey_buffer): New stub. * g10/test-stubs.c (export_pubkey_buffer): New stub. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 15:04:45 +02:00
ARGPARSE_s_n (oPrintDANERecords, "print-dane-records", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"),
ARGPARSE_s_n (oShowKeyring, "show-keyring", "@"),
ARGPARSE_header (NULL, N_("Options to specify keys")),
ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"),
ARGPARSE_s_s (oRecipientFile, "recipient-file", "@"),
ARGPARSE_s_s (oHiddenRecipientFile, "hidden-recipient-file", "@"),
ARGPARSE_s_s (oRecipient, "remote-user", "@"), /* (old option name) */
ARGPARSE_s_n (oThrowKeyids, "throw-keyids", "@"),
ARGPARSE_s_n (oNoThrowKeyids, "no-throw-keyids", "@"),
ARGPARSE_s_s (oLocalUser, "local-user",
N_("|USER-ID|use USER-ID to sign or decrypt")),
ARGPARSE_s_s (oTrustedKey, "trusted-key", "@"),
ARGPARSE_s_s (oSender, "sender", "@"),
ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"),
ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"),
ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
ARGPARSE_s_n (oNoKeyring, "no-keyring", "@"),
ARGPARSE_s_s (oKeyring, "keyring", "@"),
ARGPARSE_s_s (oPrimaryKeyring, "primary-keyring", "@"),
ARGPARSE_s_s (oSecretKeyring, "secret-keyring", "@"),
ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
gpg: New option --override-session-key-fd. * g10/gpg.c (oOverrideSessionKeyFD): New. (opts): Add option --override-session-key-fd. (main): Handle that option. (read_sessionkey_from_fd): New. -- The override-session-key feature was designed to mitigate the effect of the British RIP act by allowing to keep the private key private and hand out only a session key. For that use case the leaking of the session key would not be a problem. However there are other use cases, for example fast re-decryption after an initial decryption, which would benefit from concealing the session key from other users. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:02:53 +01:00
ARGPARSE_s_i (oOverrideSessionKeyFD, "override-session-key-fd", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_header ("Security", N_("Options controlling the security")),
ARGPARSE_s_i (oS2KMode, "s2k-mode", "@"),
ARGPARSE_s_s (oS2KDigest, "s2k-digest-algo", "@"),
ARGPARSE_s_s (oS2KCipher, "s2k-cipher-algo", "@"),
ARGPARSE_s_i (oS2KCount, "s2k-count", "@"),
ARGPARSE_s_n (oForceAEAD, "force-aead", "@"),
ARGPARSE_s_n (oRequireCrossCert, "require-backsigs", "@"),
ARGPARSE_s_n (oRequireCrossCert, "require-cross-certification", "@"),
ARGPARSE_s_n (oNoRequireCrossCert, "no-require-backsigs", "@"),
ARGPARSE_s_n (oNoRequireCrossCert, "no-require-cross-certification", "@"),
/* Options to override new security defaults. */
ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"),
ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
gpg: Do not allow old cipher algorithms for encryption. * g10/gpg.c: New option --allow-old-cipher-algos. (set_compliance_option): Set --rfc4880bis explictly to SHA256 and AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440. * g10/options.h (opt): Add flags.allow_old_cipher_algos. * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note unless in --quiet mode. * g10/encrypt.c (setup_symkey): Disallow by default algos with a blocklengt < 128. (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES. * g10/pkclist.c (algo_available): Take care of old cipher also. (select_algo_from_prefs): Use AES as implicit algorithm by default. * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos. -- GnuPG-bug-id: 3415
2021-02-10 14:31:34 +01:00
ARGPARSE_s_n (oAllowOldCipherAlgos, "allow-old-cipher-algos", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
ARGPARSE_s_n (oIgnoreValidFrom, "ignore-valid-from", "@"),
ARGPARSE_s_n (oIgnoreCrcError, "ignore-crc-error", "@"),
ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
ARGPARSE_s_s (oAEADAlgo, "aead-algo", "@"),
ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
gpg: Add option --dirmngr-program. * g10/gpg.c: Add option --dirmngr-program. * g10/options.h (struct opt): Add field dirmngr_program. * g10/call-dirmngr.c (create_context): Use new var. * dirmngr/dirmngr.c: Include gc-opt-flags.h. (main): Remove GC_OPT_FLAG_*. * tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ... * common/gc-opt-flags.h: here.
2014-03-12 18:24:52 +01:00
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_header (NULL, N_("Options for unattended use")),
ARGPARSE_s_n (oBatch, "batch", "@"),
ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
ARGPARSE_s_n (oAnswerYes, "yes", "@"),
ARGPARSE_s_n (oAnswerNo, "no", "@"),
ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
ARGPARSE_s_s (oStatusFile, "status-file", "@"),
ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"),
ARGPARSE_s_s (oAttributeFile, "attribute-file", "@"),
ARGPARSE_s_i (oCommandFD, "command-fd", "@"),
ARGPARSE_s_s (oCommandFile, "command-file", "@"),
ARGPARSE_o_s (oPassphrase, "passphrase", "@"),
ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"),
ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"),
ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"),
gpg: New option --force-sign-key * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key". (main): Set it. * g10/options.h (opt): New flag flags.force_sign_key. * g10/keyedit.c (sign_uids): Use new flag. -- GnuPG-bug-id: 4584
2021-03-11 11:27:07 +01:00
ARGPARSE_s_n (oForceSignKey, "force-sign-key", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_header (NULL, N_("Other options")),
ARGPARSE_s_s (oRequestOrigin, "request-origin", "@"),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_s_s (oDisplay, "display", "@"),
ARGPARSE_s_s (oTTYname, "ttyname", "@"),
ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
ARGPARSE_s_s (oXauthority, "xauthority", "@"),
Add --chuid to gpg, gpg-card, and gpg-connect-agent. * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
ARGPARSE_s_s (oChUid, "chuid", "@"),
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
ARGPARSE_s_n (oUseKeyboxd, "use-keyboxd", "@"),
/* Options which can be used in special circumstances. They are not
* published and we hope they are never required. */
ARGPARSE_s_n (oUseOnlyOpenPGPCard, "use-only-openpgp-card", "@"),
/* Esoteric compatibility options. */
ARGPARSE_s_n (oRFC2440Text, "rfc2440-text", "@"),
ARGPARSE_s_n (oNoRFC2440Text, "no-rfc2440-text", "@"),
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_header (NULL, ""), /* Stop the header group. */
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
/* Aliases. I constantly mistype these, and assume other people do
as well. */
ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-prefs", "@"),
ARGPARSE_s_s (oPersonalAEADPreferences, "personal-aead-prefs", "@"),
ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-prefs", "@"),
ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-prefs", "@"),
gpg: New option --default-new-key-algo. * common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg R_ALGO and change all callers. * common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code. * g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO. * g10/gpg.c (oDefaultNewKeyAlgo): New enum. (opts): New option "--default-new-key-algo". (main): Set the option. * g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace them by ... (DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants. (get_keysize_range): Remove arg R_DEF and return that value instead. Change all callers. (gen_rsa): Use get_keysize_range instead of the removed DEFAULT_STD_KEYSIZE. (parse_key_parameter_part): New function. (parse_key_parameter_string): New function. (quick_generate_keypair): Refactor using parse_key_parameter_string. (generate_keypair): Ditto. (parse_algo_usage_expire): Ditto. -- This new option is intended to be used in the forthcoming --set-profile command of gpgconf. It allows to provide a gpg configuration with custom defaults for a new key using the simple commands which use the default algorithm set. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:43:36 +01:00
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
/* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common
already as they seem to have borrowed commands from us. Now I'm
returning the favor. */
ARGPARSE_s_s (oLocalUser, "sign-with", "@"),
ARGPARSE_s_s (oRecipient, "user", "@"),
gpg: New option --use-only-openpgp-card * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit c185f6dfbd1bfd809369da789239a371e9d1610e) This was first added to the 2.2 branch.
2019-08-21 10:19:16 +02:00
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
/* Dummy options with warnings. */
gpg: Do not always print dashes in obsolete_option. * g10/gpg.c (main): Pass option names to obsolete_option without double dash. * g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double dash only for command line options.
2014-09-25 22:13:03 +02:00
ARGPARSE_s_n (oUseAgent, "use-agent", "@"),
ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"),
ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"),
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
ARGPARSE_s_s (oReaderPort, "reader-port", "@"),
ARGPARSE_s_s (octapiDriver, "ctapi-driver", "@"),
ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"),
ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"),
gpg: Obsolete some keyserver helper options. * g10/options.h (opt): Remove keyserver_options.other. * g10/gpg.c (main): Obsolete option --honor-http-proxt. * g10/keyserver.c (add_canonical_option): Replace by ... (warn_kshelper_option): New. (parse_keyserver_uri): Obsolete "x-broken-http". -- Some of these options are deprecated for 10 years and they do not make any sense without the keyserver helpers. For one we print a hint on how to replace it: gpg: keyserver option 'ca-cert-file' is obsolete; \ please use 'hkp-cacert' in dirmngr.conf Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-08 15:14:35 +01:00
ARGPARSE_s_n (oHonorHttpProxy, "honor-http-proxy", "@"),
gpg: Remove tofu database format "split". * g10/options.h (struct opt): Remove field tofu_db_format. * g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and tofu.batch_update_started. * g10/gpg.c (parse_tofu_db_format): Remove. (main): Make option --tofu-db-format obsolete. * g10/tofu.c: Major rework. Remove the pretty complicated and slower split format and with that all the caching. Use the dbs struct directly. Move global vars for batch update into CTRL. Change calling conventions of some function to take CTRL or DBS pointers instead of the former low-level database pointer. -- The split database format might have been nice for use with Unison but it bypasses the concept of a relational database by doing parts of this itself and also risking deadlocks. Working with the Tofu database for debugging or experiments is also not possible with parts of the database logic implemented in gpg. The Tofu support is quite new and we can assume that it is not in real use now. Thus we better remove that now so that we do not need to maintain it for all future. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-05 14:40:36 +02:00
ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
gpg: Remove --compress-keys and --compress-sigs feature. * g10/gpg.c (oCompressKeys, oCompressSigs): Remove. (opts): Turn --compress-keys and --compress-signs in NOPs. * g10/options.h (opt): Remove fields compress_keys and compress_sigs. * g10/export.c (do_export): Remove compress_keys feature. * g10/sign.c (sign_file): Remove compress_sigs feature. -- These features are disabled in GnuPG since the very early days and they fulfill no real purpose. For now we keep the command line options as dummys.
2014-08-12 10:36:30 +02:00
/* Dummy options. */
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_ignore (oStrict, "strict"),
ARGPARSE_ignore (oNoStrict, "no-strict"),
ARGPARSE_ignore (oLoadExtension, "load-extension"), /* from 1.4. */
gpg: Remove --compress-keys and --compress-sigs feature. * g10/gpg.c (oCompressKeys, oCompressSigs): Remove. (opts): Turn --compress-keys and --compress-signs in NOPs. * g10/options.h (opt): Remove fields compress_keys and compress_sigs. * g10/export.c (do_export): Remove compress_keys feature. * g10/sign.c (sign_file): Remove compress_sigs feature. -- These features are disabled in GnuPG since the very early days and they fulfill no real purpose. For now we keep the command line options as dummys.
2014-08-12 10:36:30 +02:00
ARGPARSE_s_n (oNoop, "sk-comments", "@"),
ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
ARGPARSE_s_n (oNoop, "compress-keys", "@"),
ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
gpg: Remove all support for v3 keys and always create v4-signatures. * g10/build-packet.c (do_key): Remove support for building v3 keys. * g10/parse-packet.c (read_protected_v3_mpi): Remove. (parse_key): Remove support for v3-keys. Add dedicated warnings for v3-key packets. * g10/keyid.c (hash_public_key): Remove v3-key support. (keyid_from_pk): Ditto. (fingerprint_from_pk): Ditto. * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs. * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs, oForceV4Certs, oNoForceV4Certs. (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs, --no-force-v4-certs int dummy options. (main): Remove setting of the force_v3_sigs force_v4_certs flags. * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs. * g10/sign.c (hash_uid): Remove support for v3-signatures (hash_sigversion_to_magic): Ditto. (only_old_style): Remove this v3-key function. (write_signature_packets): Remove support for creating v3-signatures. (sign_file): Ditto. (sign_symencrypt_file): Ditto. (clearsign_file): Ditto. Remove code to emit no Hash armor line if only v3-keys are used. (make_keysig_packet): Remove arg SIGVERSION and force using v4-signatures. Change all callers to not pass a value for this arg. Remove all v3-key related code. (update_keysig_packet): Remove v3-signature support. * g10/keyedit.c (sign_uids): Always create v4-signatures. * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and change caller. -- v3 keys are deprecated for about 15 years and due the severe weaknesses of MD5 it does not make any sense to keep code around to use these old and broken keys. Users who need to decrypt old messages should use gpg 1.4 and best re-encrypt them to modern standards. verification of old (i.e. PGP2) created signatures is thus also not anymore possible but such signatures have no values anyway - MD5 is just too broken. We have also kept support for v3 signatures until now. With the removal of support for v3 keys it is questionable whether it makes any sense to keep support for v3-signatures. What we do now is to keep support for verification of v3-signatures but we force the use of v4-signatures. The latter makes the --pgp6 and --pgp7 switch a bit obsolete because those PGP versions require v3-signatures for messages. These versions of PGP are also really old and not anymore maintained so they have not received any bug fixes and should not be used anyway. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-12 20:07:12 +02:00
ARGPARSE_s_n (oNoop, "force-v3-sigs", "@"),
ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
gpg: Turn --no-mdc-warn into a NOP. * g10/gpg.c (oNoMDCWarn): Remove. (opts): Make --no-mdc-warn a NOP. (main): Don't set var. * g10/options.h (struct opt): Remove 'no_mdc_var'. * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false. * g10/mainproc.c (proc_encrypted): Ditto. -- Users should not be allowed to suppress the warning that they are shooting into their foot. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-15 12:19:40 +02:00
ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"),
gpg: Remove MDC options * g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. (use_aead): Ignore MDC options. Print warning for missing MDC feature flags. * g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ... (warn_missing_aead_from_pklist): this and adjust. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 12:42:44 +02:00
ARGPARSE_s_n (oNoop, "force-mdc", "@"),
ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
gpg: Ignore the multiple message override options. * g10/gpg.c (oAllowMultisigVerification) (oAllowMultipleMessages, oNoAllowMultipleMessages): Remove. (opts): Turn --allow-multisig-verification, --allow-multiple-messages and --no-allow-multiple-messages into NOPs * g10/options.h (struct opt): Remove flags.allow_multiple_messages. * g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is false. -- These options are very old compatibility hacks and should not be used anymore. We keep them as dummy options in case someone has them in the conf file. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-30 22:05:57 +02:00
ARGPARSE_s_n (oNoop, "allow-multisig-verification", "@"),
ARGPARSE_s_n (oNoop, "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
gpg: Remove --compress-keys and --compress-sigs feature. * g10/gpg.c (oCompressKeys, oCompressSigs): Remove. (opts): Turn --compress-keys and --compress-signs in NOPs. * g10/options.h (opt): Remove fields compress_keys and compress_sigs. * g10/export.c (do_export): Remove compress_keys feature. * g10/sign.c (sign_file): Remove compress_sigs feature. -- These features are disabled in GnuPG since the very early days and they fulfill no real purpose. For now we keep the command line options as dummys.
2014-08-12 10:36:30 +02:00
gpg: Re-group the options in the --help output. * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to use ARGPARSE_ignore and remove the code in the option switch. -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:17:53 +01:00
ARGPARSE_group (302, N_(
"@\n(See the man page for a complete listing of all commands and options)\n"
)),
ARGPARSE_group (303, N_("@\nExamples:\n\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
" --clear-sign [file] make a clear text signature\n"
" --detach-sign [file] make a detached signature\n"
" --list-keys [names] show keys\n"
" --fingerprint [names] show fingerprints\n")),
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
ARGPARSE_end ()
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
};
gpg: Allow debug flag names for --debug. * g10/gpg.c (opts): Change arg for oDebug to a string. (debug_flags): New; factored out from set_debug. (set_debug): Remove "--debug-level help". Use parse_debug_flag to print the used flags. (main): Use parse_debug_flag for oDebug. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 21:01:10 +02:00
/* The list of supported debug flags. */
static struct debug_flags_s debug_flags [] =
{
{ DBG_PACKET_VALUE , "packet" },
{ DBG_MPI_VALUE , "mpi" },
{ DBG_CRYPTO_VALUE , "crypto" },
{ DBG_FILTER_VALUE , "filter" },
{ DBG_IOBUF_VALUE , "iobuf" },
{ DBG_MEMORY_VALUE , "memory" },
{ DBG_CACHE_VALUE , "cache" },
{ DBG_MEMSTAT_VALUE, "memstat" },
{ DBG_TRUST_VALUE , "trust" },
{ DBG_HASHING_VALUE, "hashing" },
{ DBG_IPC_VALUE , "ipc" },
{ DBG_CLOCK_VALUE , "clock" },
{ DBG_LOOKUP_VALUE , "lookup" },
{ DBG_EXTPROG_VALUE, "extprog" },
{ 0, NULL }
};
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#ifdef ENABLE_SELINUX_HACKS
#define ALWAYS_ADD_KEYRINGS 1
#else
#define ALWAYS_ADD_KEYRINGS 0
#endif
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Allow --locate-external-key even with --no-auto-key-locate. * g10/getkey.c (akl_empty_or_only_local): New. * g10/gpg.c (DEFAULT_AKL_LIST): New. (main): Use it here. (main) <aLocateExtKeys>: Set default AKL if none is set. -- This better matches the expectations of the user. The used list in this case is the default list ("local,wkd") with local ignored by the command anyway. GnuPG-bug-id: 4662 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 13:22:15 +02:00
/* The list of the default AKL methods. */
#define DEFAULT_AKL_LIST "local,wkd"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int g10_errors_seen = 0;
w32: Always use Unicode for console input and output. * common/init.c (_init_common_subsystems) [W32]: Set the codepage to UTF-8 for input and putput. Switch gettext to UTF-8. * tools/gpgconf.c (main): Display the input and output codepage if they differ. * g10/gpg.c (utf8_strings) [W32]: Make sure this is always set. -- With this patch the former patch to use ReadConsoleW and WriteConsoleW in ttyio.c are kind of superfluous because the ANSI version of these functions are also able to read/write UTF-8 directly given the console code page has been set correctly. However, this seems to work only with recent versions of Windows-10. GnuPG-bug-id: 4365
2021-03-05 15:33:40 +01:00
static int utf8_strings =
#ifdef HAVE_W32_SYSTEM
1
#else
0
#endif
;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
static int maybe_setuid = 1;
gpg: New maintainer option --debug-set-iobuf-size. * g10/gpg.c (opts): Add new option. (opt_set_iobuf_size): New var. (set_debug): Set the option. * tests/openpgp/armor.scm: Use this option to revert the buffer size to the one which used to exhibit the tested bugs. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 18:29:08 +01:00
static unsigned int opt_set_iobuf_size;
static unsigned int opt_set_iobuf_size_used;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
static char *build_list( const char *text, char letter,
const char *(*mapf)(int), int (*chkf)(int) );
static void set_cmd( enum cmd_and_opt_values *ret_cmd,
enum cmd_and_opt_values new_cmd );
static void print_mds( const char *fname, int algo );
static void add_notation_data( const char *string, int which );
static void add_policy_url( const char *string, int which );
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
static void add_keyserver_url( const char *string, int which );
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
static void emergency_cleanup (void);
gpg: New option --override-session-key-fd. * g10/gpg.c (oOverrideSessionKeyFD): New. (opts): Add option --override-session-key-fd. (main): Handle that option. (read_sessionkey_from_fd): New. -- The override-session-key feature was designed to mitigate the effect of the British RIP act by allowing to keep the private key private and hand out only a session key. For that use case the leaking of the session key would not be a problem. However there are other use cases, for example fast re-decryption after an initial decryption, which would benefit from concealing the session key from other users. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:02:53 +01:00
static void read_sessionkey_from_fd (int fd);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: First rough implementation of keyboxd access for key lookup. * g10/Makefile.am: Add nPth flags. * g10/gpg.c: Include npth.h. (gpg_deinit_default_ctrl): Deinit call-keyboxd local data. (main): Init nPth. * g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and remove the search result and the assuan context. * g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields. (lock_datastream, unlock_datastream): New. (gpg_keyboxd_deinit_session_data): Adjust for changed data structures. (prepare_data_pipe): New. (open_context): Return kbl instead of an Assuan context. Init mutexes etc. (close_context): Merge into ... (keydb_release): here. Adjust for changed data structures. (datastream_thread): New. (keydb_get_keyblock): Implement datastream stuff. (keydb_search): Ditto. * common/asshelp.c (wait_for_sock): Add arg connect_flags. (start_new_service): Set FDPASSING flag for the keyboxd. -- This code as a lot of rough edges, in particular it relies on a well behaving keyboxd. We need to add code to shutdown the datastream reader thread in case of errors and to properly get it up again. We also need to make really sure that both threads run in lockstep so that the datastream thread is only active while we are sending a command to the keyboxd. We should also see whether we can depend nPth initialization on the --use-keyboxd option to avoid any problems with nPth. And we need to test on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-10 16:05:54 +02:00
/* NPth wrapper function definitions. */
ASSUAN_SYSTEM_NPTH_IMPL;
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
static char *
make_libversion (const char *libname, const char *(*getfnc)(const char*))
{
const char *s;
char *result;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
if (maybe_setuid)
{
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
maybe_setuid = 0;
}
s = getfnc (NULL);
result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
strcpy (stpcpy (stpcpy (result, libname), " "), s);
return result;
}
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
static int
build_list_pk_test_algo (int algo)
{
gpg: Do not show "MD5" and triplicated "RSA" in --version. * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases (build_list_md_test_algo): Ignore MD5.
2014-08-28 16:01:22 +02:00
/* Show only one "RSA" string. If RSA_E or RSA_S is available RSA
is also available. */
if (algo == PUBKEY_ALGO_RSA_E
|| algo == PUBKEY_ALGO_RSA_S)
return GPG_ERR_DIGEST_ALGO;
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
return openpgp_pk_test_algo (algo);
}
static const char *
build_list_pk_algo_name (int algo)
{
return openpgp_pk_algo_name (algo);
}
static int
build_list_cipher_test_algo (int algo)
{
return openpgp_cipher_test_algo (algo);
}
static const char *
build_list_cipher_algo_name (int algo)
{
return openpgp_cipher_algo_name (algo);
}
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
static int
build_list_aead_test_algo (int algo)
{
return openpgp_aead_test_algo (algo);
}
static const char *
build_list_aead_algo_name (int algo)
{
return openpgp_aead_algo_name (algo);
}
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
static int
build_list_md_test_algo (int algo)
{
gpg: Do not show "MD5" and triplicated "RSA" in --version. * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases (build_list_md_test_algo): Ignore MD5.
2014-08-28 16:01:22 +02:00
/* By default we do not accept MD5 based signatures. To avoid
confusion we do not announce support for it either. */
if (algo == DIGEST_ALGO_MD5)
return GPG_ERR_DIGEST_ALGO;
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
return openpgp_md_test_algo (algo);
}
static const char *
build_list_md_algo_name (int algo)
{
return openpgp_md_algo_name (algo);
}
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
static const char *
my_strusage( int level )
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
static char *digests, *pubkeys, *ciphers, *zips, *aeads, *ver_gcry;
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
const char *p;
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
switch( level ) {
case 9: p = "GPL-3.0-or-later"; break;
Make use of the *_NAME etc macros. Replace hardwired strings at many places with new macros from config.h and use the new strusage macro replacement feature. * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn sentinels. * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
case 11: p = "@GPG@ (@GNUPG@)";
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case 13: p = VERSION; break;
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case 17: p = PRINTABLE_OS_NAME; break;
Make bug reporting address easier changeable.
2009-07-21 16:21:05 +02:00
case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
case 20:
if (!ver_gcry)
ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
p = ver_gcry;
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#ifdef IS_DEVELOPMENT_VERSION
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
case 25:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
p="NOTE: THIS IS A DEVELOPMENT VERSION!";
break;
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
case 26:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
p="It is only intended for test purposes and should NOT be";
break;
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
case 27:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
p="used in a production environment or with production keys!";
break;
#endif
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case 1:
case 40: p =
Make use of the *_NAME etc macros. Replace hardwired strings at many places with new macros from config.h and use the new strusage macro replacement feature. * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn sentinels. * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
_("Usage: @GPG@ [options] [files] (-h for help)");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case 41: p =
Make use of the *_NAME etc macros. Replace hardwired strings at many places with new macros from config.h and use the new strusage macro replacement feature. * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn sentinels. * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
_("Syntax: @GPG@ [options] [files]\n"
Fix typos spotted during translations * agent/genkey.c: s/to to/to/ * sm/*.c: s/failed to allocated/failed to allocate/ * sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/ * g10/seskey.c: missing closing parenthesis * dirmngr/crlcache.c: s/may has/may have/ Consistency fix: * g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax * dirmngr/dirmngr_ldap: no period in Syntax * dirmngr/dirmngr-client.c: infinitive for option description: s/certificates are expected/expect certificates/
2012-08-22 18:54:38 +02:00
"Sign, check, encrypt or decrypt\n"
"Default operation depends on the input data\n");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case 31: p = "\nHome: "; break;
#ifndef __riscos__
Replace use of opt.homedir by accessor functions. * common/homedir.c (the_gnupg_homedir): New var. (gnupg_set_homedir): New. (gnupg_homedir): New. * g10/options.h (struct opt): Remove 'homedir' and replace all users by the new accessor functions. * g13/g13-common.h (struct opt): Ditto. * scd/scdaemon.h (struct opt): Ditto. * sm/gpgsm.h (struct opt): Ditto. * dirmngr/dirmngr.h (struct opt): Ditto. * agent/preset-passphrase.c (opt_homedir): Ditto. * agent/protect-tool.c (opt_homedir): Ditto. -- This will make detection of a non-default homedir easier. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
case 32: p = gnupg_homedir (); break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#else /* __riscos__ */
Replace use of opt.homedir by accessor functions. * common/homedir.c (the_gnupg_homedir): New var. (gnupg_set_homedir): New. (gnupg_homedir): New. * g10/options.h (struct opt): Remove 'homedir' and replace all users by the new accessor functions. * g13/g13-common.h (struct opt): Ditto. * scd/scdaemon.h (struct opt): Ditto. * sm/gpgsm.h (struct opt): Ditto. * dirmngr/dirmngr.h (struct opt): Ditto. * agent/preset-passphrase.c (opt_homedir): Ditto. * agent/protect-tool.c (opt_homedir): Ditto. -- This will make detection of a non-default homedir easier. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
case 32: p = make_filename(gnupg_homedir (), NULL); break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#endif /* __riscos__ */
case 33: p = _("\nSupported algorithms:\n"); break;
case 34:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if (!pubkeys)
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
pubkeys = build_list (_("Pubkey: "), 1,
build_list_pk_algo_name,
build_list_pk_test_algo );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
p = pubkeys;
break;
case 35:
if( !ciphers )
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
ciphers = build_list(_("Cipher: "), 'S',
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
build_list_cipher_algo_name,
build_list_cipher_test_algo );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
p = ciphers;
break;
case 36:
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (!aeads)
aeads = build_list ("AEAD: ", 'A',
build_list_aead_algo_name,
build_list_aead_test_algo);
p = aeads;
break;
case 37:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( !digests )
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
digests = build_list(_("Hash: "), 'H',
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
build_list_md_algo_name,
build_list_md_test_algo );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
p = digests;
break;
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
case 38:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( !zips )
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
zips = build_list(_("Compression: "),'Z',
compress_algo_to_string,
check_compress_algo);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
p = zips;
break;
gpg: Prepare for globing with UTF-8. * g10/gpg.c (_dowildcard): Remove. (my_strusage): Enable wildcards using our new system. -- This patch actually removes the current globing using a mingw feature. We are not able to use this because it does not handle Unicode filenames. The plan is to implement this in init.c. This patch merely configures gpg to request globing. GnuPG-bug-id: 4398
2021-03-04 10:43:46 +01:00
case 95:
p = "1"; /* <-- Enable globbing under Windows (see init.c) */
break;
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
default: p = NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
return p;
}
static char *
Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" <ldv at altlinux.org> (cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1) Signed-off-by: Werner Koch <wk@gnupg.org>
2012-12-15 11:28:00 +01:00
build_list (const char *text, char letter,
const char * (*mapf)(int), int (*chkf)(int))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" <ldv at altlinux.org> (cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1) Signed-off-by: Werner Koch <wk@gnupg.org>
2012-12-15 11:28:00 +01:00
membuf_t mb;
int indent;
int i, j, len;
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
int limit;
Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" <ldv at altlinux.org> (cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1) Signed-off-by: Werner Koch <wk@gnupg.org>
2012-12-15 11:28:00 +01:00
const char *s;
char *string;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" <ldv at altlinux.org> (cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1) Signed-off-by: Werner Koch <wk@gnupg.org>
2012-12-15 11:28:00 +01:00
if (maybe_setuid)
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
common: Extend utf8_charcount to include the string's length. * common/stringhelp.c (utf8_charcount): Take additional parameter, len. Process at most LEN bytes. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 22:13:56 +01:00
indent = utf8_charcount (text, -1);
Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" <ldv at altlinux.org> (cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1) Signed-off-by: Werner Koch <wk@gnupg.org>
2012-12-15 11:28:00 +01:00
len = 0;
init_membuf (&mb, 512);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
limit = (letter == 'A')? 4 : 110;
for (i=0; i <= limit; i++ )
Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" <ldv at altlinux.org> (cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1) Signed-off-by: Werner Koch <wk@gnupg.org>
2012-12-15 11:28:00 +01:00
{
if (!chkf (i) && (s = mapf (i)))
{
if (mb.len - len > 60)
{
put_membuf_str (&mb, ",\n");
len = mb.len;
for (j=0; j < indent; j++)
put_membuf_str (&mb, " ");
}
else if (mb.len)
put_membuf_str (&mb, ", ");
else
put_membuf_str (&mb, text);
put_membuf_str (&mb, s);
if (opt.verbose && letter)
{
char num[20];
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
if (letter == 1)
snprintf (num, sizeof num, " (%d)", i);
else
snprintf (num, sizeof num, " (%c%d)", letter, i);
Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" <ldv at altlinux.org> (cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1) Signed-off-by: Werner Koch <wk@gnupg.org>
2012-12-15 11:28:00 +01:00
put_membuf_str (&mb, num);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
}
Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" <ldv at altlinux.org> (cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1) Signed-off-by: Werner Koch <wk@gnupg.org>
2012-12-15 11:28:00 +01:00
if (mb.len)
put_membuf_str (&mb, "\n");
put_membuf (&mb, "", 1);
string = get_membuf (&mb, NULL);
return xrealloc (string, strlen (string)+1);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
static void
wrong_args( const char *text)
{
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
es_fprintf (es_stderr, _("usage: %s [options] %s\n"), GPG_NAME, text);
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
log_inc_errorcount ();
gpg,gpgsm: Simplify wrong_args function.
2014-06-25 20:25:28 +02:00
g10_exit(2);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
static char *
make_username( const char *string )
{
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
char *p;
if( utf8_strings )
p = xstrdup(string);
else
p = native_to_utf8( string );
return p;
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
}
Reworked passing of envars to Pinentry.
2009-07-07 12:02:41 +02:00
static void
set_opt_session_env (const char *name, const char *value)
{
gpg_error_t err;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Reworked passing of envars to Pinentry.
2009-07-07 12:02:41 +02:00
err = session_env_setenv (opt.session_env, name, value);
if (err)
log_fatal ("error setting session environment: %s\n",
gpg_strerror (err));
}
gpg: Allow debug flag names for --debug. * g10/gpg.c (opts): Change arg for oDebug to a string. (debug_flags): New; factored out from set_debug. (set_debug): Remove "--debug-level help". Use parse_debug_flag to print the used flags. (main): Use parse_debug_flag for oDebug. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 21:01:10 +02:00
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
/* Setup the debugging. With a LEVEL of NULL only the active debug
flags are propagated to the subsystems. With LEVEL set, a specific
set of debug flags is set; thus overriding all flags already
set. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
static void
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
set_debug (const char *level)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
support numeric debug levels.
2009-12-03 19:04:40 +01:00
int numok = (level && digitp (level));
int numlvl = numok? atoi (level) : 0;
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
if (!level)
;
support numeric debug levels.
2009-12-03 19:04:40 +01:00
else if (!strcmp (level, "none") || (numok && numlvl < 1))
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
opt.debug = 0;
support numeric debug levels.
2009-12-03 19:04:40 +01:00
else if (!strcmp (level, "basic") || (numok && numlvl <= 2))
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
opt.debug = DBG_MEMSTAT_VALUE;
support numeric debug levels.
2009-12-03 19:04:40 +01:00
else if (!strcmp (level, "advanced") || (numok && numlvl <= 5))
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE;
support numeric debug levels.
2009-12-03 19:04:40 +01:00
else if (!strcmp (level, "expert") || (numok && numlvl <= 8))
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE
Fix use of DBG_CACHE and DBG_LOOKUP * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192. * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New. * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
2015-04-06 13:27:26 +02:00
|DBG_CACHE_VALUE|DBG_LOOKUP|DBG_FILTER_VALUE|DBG_PACKET_VALUE);
support numeric debug levels.
2009-12-03 19:04:40 +01:00
else if (!strcmp (level, "guru") || numok)
{
opt.debug = ~0;
/* Unless the "guru" string has been used we don't want to allow
hashing debugging. The rationale is that people tend to
select the highest debug value and would then clutter their
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
disk with debug files which may reveal confidential data. */
support numeric debug levels.
2009-12-03 19:04:40 +01:00
if (numok)
opt.debug &= ~(DBG_HASHING_VALUE);
}
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
else
{
gpg: Allow debug flag names for --debug. * g10/gpg.c (opts): Change arg for oDebug to a string. (debug_flags): New; factored out from set_debug. (set_debug): Remove "--debug-level help". Use parse_debug_flag to print the used flags. (main): Use parse_debug_flag for oDebug. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 21:01:10 +02:00
log_error (_("invalid debug-level '%s' given\n"), level);
g10_exit (2);
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
}
gpg: Put extra parens around bit tests. * g10/options.h (DBG_MPI): New. * g10/gpg.c (set_debug): Use macro or extra parens for binary operator. * g10/parse-packet.c (set_packet_list_mode): Use dbg macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 07:54:38 +02:00
if ((opt.debug & DBG_MEMORY_VALUE))
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
memory_debug_mode = 1;
gpg: Put extra parens around bit tests. * g10/options.h (DBG_MPI): New. * g10/gpg.c (set_debug): Use macro or extra parens for binary operator. * g10/parse-packet.c (set_packet_list_mode): Use dbg macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 07:54:38 +02:00
if ((opt.debug & DBG_MEMSTAT_VALUE))
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
memory_stat_debug_mode = 1;
gpg: Put extra parens around bit tests. * g10/options.h (DBG_MPI): New. * g10/gpg.c (set_debug): Use macro or extra parens for binary operator. * g10/parse-packet.c (set_packet_list_mode): Use dbg macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 07:54:38 +02:00
if (DBG_MPI)
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
gpg: Put extra parens around bit tests. * g10/options.h (DBG_MPI): New. * g10/gpg.c (set_debug): Use macro or extra parens for binary operator. * g10/parse-packet.c (set_packet_list_mode): Use dbg macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 07:54:38 +02:00
if (DBG_CRYPTO)
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
gpg: Put extra parens around bit tests. * g10/options.h (DBG_MPI): New. * g10/gpg.c (set_debug): Use macro or extra parens for binary operator. * g10/parse-packet.c (set_packet_list_mode): Use dbg macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 07:54:38 +02:00
if ((opt.debug & DBG_IOBUF_VALUE))
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
iobuf_debug_mode = 1;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
support numeric debug levels.
2009-12-03 19:04:40 +01:00
if (opt.debug)
gpg: Allow debug flag names for --debug. * g10/gpg.c (opts): Change arg for oDebug to a string. (debug_flags): New; factored out from set_debug. (set_debug): Remove "--debug-level help". Use parse_debug_flag to print the used flags. (main): Use parse_debug_flag for oDebug. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 21:01:10 +02:00
parse_debug_flag (NULL, &opt.debug, debug_flags);
gpg: New maintainer option --debug-set-iobuf-size. * g10/gpg.c (opts): Add new option. (opt_set_iobuf_size): New var. (set_debug): Set the option. * tests/openpgp/armor.scm: Use this option to revert the buffer size to the one which used to exhibit the tested bugs. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 18:29:08 +01:00
if (opt_set_iobuf_size || opt_set_iobuf_size_used)
log_debug ("iobuf buffer size is %uk\n",
iobuf_set_buffer_size (opt_set_iobuf_size));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* We set the screen dimensions for UI purposes. Do not allow screens
smaller than 80x24 for the sake of simplicity. */
static void
set_screen_dimensions(void)
{
#ifndef HAVE_W32_SYSTEM
char *str;
str=getenv("COLUMNS");
if(str)
opt.screen_columns=atoi(str);
str=getenv("LINES");
if(str)
opt.screen_lines=atoi(str);
#endif
if(opt.screen_columns<80 || opt.screen_columns>255)
opt.screen_columns=80;
if(opt.screen_lines<24 || opt.screen_lines>255)
opt.screen_lines=24;
}
/* Helper to open a file FNAME either for reading or writing to be
used with --status-file etc functions. Not generally useful but it
avoids the riscos specific functions and well some Windows people
might like it too. Prints an error message and returns -1 on
Minor fixes.
2008-12-09 09:58:02 +01:00
error. On success the file descriptor is returned. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
static int
Minor fixes.
2008-12-09 09:58:02 +01:00
open_info_file (const char *fname, int for_write, int binary)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
#ifdef __riscos__
return riscos_fdopenfile (fname, for_write);
#elif defined (ENABLE_SELINUX_HACKS)
/* We can't allow these even when testing for a secured filename
because files to be secured might not yet been secured. This is
similar to the option file but in that case it is unlikely that
sensitive information may be retrieved by means of error
messages. */
Minor fixes.
2008-12-09 09:58:02 +01:00
(void)fname;
(void)for_write;
(void)binary;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
return -1;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
#else
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int fd;
Minor fixes.
2008-12-09 09:58:02 +01:00
if (binary)
binary = MY_O_BINARY;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* if (is_secured_filename (fname)) */
/* { */
/* fd = -1; */
Use gpg_err_set_errno to assign values to ERRNO.
2010-04-01 15:24:55 +02:00
/* gpg_err_set_errno (EPERM); */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* } */
/* else */
/* { */
do
{
if (for_write)
Replace most calls to open by a new wrapper. * common/sysutils.c (any8bitchar) [W32]: New. (gnupg_open): New. Replace most calls to open by this. * common/iobuf.c (any8bitchar) [W32]: New. (direct_open) [W32]: Use CreateFileW if needed. -- This is yet another step for full Unicode support on Windows. GnuPG-bug-id: 5098
2020-10-20 14:08:35 +02:00
fd = gnupg_open (fname, O_CREAT | O_TRUNC | O_WRONLY | binary,
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else
Replace most calls to open by a new wrapper. * common/sysutils.c (any8bitchar) [W32]: New. (gnupg_open): New. Replace most calls to open by this. * common/iobuf.c (any8bitchar) [W32]: New. (direct_open) [W32]: Use CreateFileW if needed. -- This is yet another step for full Unicode support on Windows. GnuPG-bug-id: 5098
2020-10-20 14:08:35 +02:00
fd = gnupg_open (fname, O_RDONLY | binary, 0);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
while (fd == -1 && errno == EINTR);
/* } */
if ( fd == -1)
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error ( for_write? _("can't create '%s': %s\n")
: _("can't open '%s': %s\n"), fname, strerror(errno));
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
return fd;
#endif
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
static void
set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
{
enum cmd_and_opt_values cmd = *ret_cmd;
if( !cmd || cmd == new_cmd )
cmd = new_cmd;
else if( cmd == aSign && new_cmd == aEncr )
cmd = aSignEncr;
else if( cmd == aEncr && new_cmd == aSign )
cmd = aSignEncr;
else if( cmd == aSign && new_cmd == aSym )
cmd = aSignSym;
else if( cmd == aSym && new_cmd == aSign )
cmd = aSignSym;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else if( cmd == aSym && new_cmd == aEncr )
cmd = aEncrSym;
else if( cmd == aEncr && new_cmd == aSym )
cmd = aEncrSym;
else if (cmd == aSignEncr && new_cmd == aSym)
cmd = aSignEncrSym;
else if (cmd == aSignSym && new_cmd == aEncr)
cmd = aSignEncrSym;
else if (cmd == aEncrSym && new_cmd == aSign)
cmd = aSignEncrSym;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else if( ( cmd == aSign && new_cmd == aClearsign )
|| ( cmd == aClearsign && new_cmd == aSign ) )
cmd = aClearsign;
else {
log_error(_("conflicting commands\n"));
g10_exit(2);
}
*ret_cmd = cmd;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
static void
add_group(char *string)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
char *name,*value;
struct groupitem *item;
/* Break off the group name */
name=strsep(&string,"=");
if(string==NULL)
{
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error(_("no = sign found in group definition '%s'\n"),name);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
return;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
trim_trailing_ws(name,strlen(name));
/* Does this group already exist? */
for(item=opt.grouplist;item;item=item->next)
if(strcasecmp(item->name,name)==0)
break;
if(!item)
{
item=xmalloc(sizeof(struct groupitem));
item->name=name;
item->next=opt.grouplist;
item->values=NULL;
opt.grouplist=item;
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Break apart the values */
while ((value= strsep(&string," \t")))
{
if (*value)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
add_to_strlist2(&item->values,value,utf8_strings);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
static void
rm_group(char *name)
{
struct groupitem *item,*last=NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
trim_trailing_ws(name,strlen(name));
for(item=opt.grouplist;item;last=item,item=item->next)
{
if(strcasecmp(item->name,name)==0)
{
if(last)
last->next=item->next;
else
opt.grouplist=item->next;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
free_strlist(item->values);
xfree(item);
break;
}
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* We need to check three things.
0) The homedir. It must be x00, a directory, and owned by the
user.
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
1) The options/gpg.conf file. Okay unless it or its containing
directory is group or other writable or not owned by us. Disable
exec in this case.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
2) Extensions. Same as #1.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Returns true if the item is unsafe. */
static int
./autogen.sh --build-w32ce does now succeed.
2010-04-14 16:39:16 +02:00
check_permissions (const char *path, int item)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
#if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
static int homedir_cache=-1;
char *tmppath,*dir;
struct stat statbuf,dirbuf;
int homedir=0,ret=0,checkonly=0;
int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
if(opt.no_perm_warn)
return 0;
gpg: Remove all assert.h and s/assert/log_assert/. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 11:05:24 +02:00
log_assert(item==0 || item==1 || item==2);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* extensions may attach a path */
if(item==2 && path[0]!=DIRSEP_C)
{
if(strchr(path,DIRSEP_C))
tmppath=make_filename(path,NULL);
else
A whole bunch of changes to allow building for Windows. See the ChangeLogs for details.
2007-06-14 19:05:07 +02:00
tmppath=make_filename(gnupg_libdir (),path,NULL);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
else
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
tmppath=xstrdup(path);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* If the item is located in the homedir, but isn't the homedir,
don't continue if we already checked the homedir itself. This is
to avoid user confusion with an extra options file warning which
could be rectified if the homedir itself had proper
permissions. */
if(item!=0 && homedir_cache>-1
Replace use of opt.homedir by accessor functions. * common/homedir.c (the_gnupg_homedir): New var. (gnupg_set_homedir): New. (gnupg_homedir): New. * g10/options.h (struct opt): Remove 'homedir' and replace all users by the new accessor functions. * g13/g13-common.h (struct opt): Ditto. * scd/scdaemon.h (struct opt): Ditto. * sm/gpgsm.h (struct opt): Ditto. * dirmngr/dirmngr.h (struct opt): Ditto. * agent/preset-passphrase.c (opt_homedir): Ditto. * agent/protect-tool.c (opt_homedir): Ditto. -- This will make detection of a non-default homedir easier. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
&& !ascii_strncasecmp (gnupg_homedir (), tmppath,
strlen (gnupg_homedir ())))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
ret=homedir_cache;
goto end;
}
/* It's okay if the file or directory doesn't exist */
Replace all calls to stat by gnupg_stat. * common/sysutils.c (gnupg_stat): New. * common/sysutils.h: Include sys/stat.h. -- Yet another wrapper for Unicode support on Windows. GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 16:38:06 +02:00
if (gnupg_stat (tmppath,&statbuf))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
ret=0;
goto end;
}
/* Now check the enclosing directory. Theoretically, we could walk
this test up to the root directory /, but for the sake of sanity,
I'm stopping at one level down. */
dir=make_dirname(tmppath);
Replace all calls to stat by gnupg_stat. * common/sysutils.c (gnupg_stat): New. * common/sysutils.h: Include sys/stat.h. -- Yet another wrapper for Unicode support on Windows. GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 16:38:06 +02:00
if (gnupg_stat (dir,&dirbuf) || !S_ISDIR (dirbuf.st_mode))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
/* Weird error */
ret=1;
goto end;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(dir);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Assume failure */
ret=1;
if(item==0)
{
/* The homedir must be x00, a directory, and owned by the user. */
if(S_ISDIR(statbuf.st_mode))
{
if(statbuf.st_uid==getuid())
{
if((statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
ret=0;
else
perm=1;
}
else
own=1;
homedir_cache=ret;
}
}
else if(item==1 || item==2)
{
/* The options or extension file. Okay unless it or its
containing directory is group or other writable or not owned
by us or root. */
if(S_ISREG(statbuf.st_mode))
{
if(statbuf.st_uid==getuid() || statbuf.st_uid==0)
{
if((statbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
{
/* it's not writable, so make sure the enclosing
directory is also not writable */
if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
{
if((dirbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
ret=0;
else
enc_dir_perm=1;
}
else
enc_dir_own=1;
}
else
{
/* it's writable, so the enclosing directory had
better not let people get to it. */
if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
{
if((dirbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
ret=0;
else
perm=enc_dir_perm=1; /* unclear which one to fix! */
}
else
enc_dir_own=1;
}
}
else
own=1;
}
}
else
BUG();
if(!checkonly)
{
if(own)
{
if(item==0)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe ownership on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" homedir '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else if(item==1)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe ownership on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" configuration file '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe ownership on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" extension '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
if(perm)
{
if(item==0)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe permissions on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" homedir '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else if(item==1)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe permissions on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" configuration file '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe permissions on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" extension '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
if(enc_dir_own)
{
if(item==0)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe enclosing directory ownership on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" homedir '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else if(item==1)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe enclosing directory ownership on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" configuration file '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe enclosing directory ownership on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" extension '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
if(enc_dir_perm)
{
if(item==0)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe enclosing directory permissions on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" homedir '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else if(item==1)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe enclosing directory permissions on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" configuration file '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info(_("WARNING: unsafe enclosing directory permissions on"
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
" extension '%s'\n"),tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
}
end:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(tmppath);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if(homedir)
homedir_cache=ret;
return ret;
./autogen.sh --build-w32ce does now succeed.
2010-04-14 16:39:16 +02:00
#else /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
(void)path;
(void)item;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
return 0;
./autogen.sh --build-w32ce does now succeed.
2010-04-14 16:39:16 +02:00
#endif /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
/* Print the OpenPGP defined algo numbers. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
static void
print_algo_numbers(int (*checker)(int))
{
int i,first=1;
for(i=0;i<=110;i++)
{
if(!checker(i))
{
if(first)
first=0;
else
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf (";");
es_printf ("%d",i);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
}
}
Support DSA2. Support Camellia for testing. More audit stuff.
2007-12-12 11:28:30 +01:00
static void
print_algo_names(int (*checker)(int),const char *(*mapper)(int))
{
int i,first=1;
for(i=0;i<=110;i++)
{
if(!checker(i))
{
if(first)
first=0;
else
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf (";");
es_printf ("%s",mapper(i));
Support DSA2. Support Camellia for testing. More audit stuff.
2007-12-12 11:28:30 +01:00
}
}
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* In the future, we can do all sorts of interesting configuration
output here. For now, just give "group" as the Enigmail folks need
it, and pubkey, cipher, hash, and compress as they may be useful
for frontends. */
static void
list_config(char *items)
{
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
int show_all = !items;
char *name = NULL;
const char *s;
struct groupitem *giter;
int first, iter;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(!opt.with_colons)
return;
while(show_all || (name=strsep(&items," ")))
{
int any=0;
if(show_all || ascii_strcasecmp(name,"group")==0)
{
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
for (giter = opt.grouplist; giter; giter = giter->next)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
Fix for bug 537
2006-10-02 13:54:35 +02:00
strlist_t sl;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
Finished the bulk of changes to use estream in most places instead of stdio.
2010-03-15 12:15:45 +01:00
es_fprintf (es_stdout, "cfg:group:");
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
es_write_sanitized (es_stdout, giter->name, strlen(giter->name),
Finished the bulk of changes to use estream in most places instead of stdio.
2010-03-15 12:15:45 +01:00
":", NULL);
es_putc (':', es_stdout);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
for(sl=giter->values; sl; sl=sl->next)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
gpg: Fix buffering problem in --list-config. * g10/gpg.c (list_config): Replace print_sanitized_string2 by es_write_sanitized. * common/stringhelp.c (print_sanitized_buffer2): Remove. (print_sanitized_buffer, print_sanitized_utf8_buffer): Remove. (print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove. (print_sanitized_string): Remove. * sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP. (pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove. -- Mixing stdio and estream is never a good idea. This fix also allows us to remove a lot of garbage. Reported-by: Jason A. Donenfeld <Jason@zx2c4.com> GnuPG-bug-id: 1822 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 20:12:21 +01:00
es_write_sanitized (es_stdout, sl->d, strlen (sl->d),
":;", NULL);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(sl->next)
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf(";");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf("\n");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
any=1;
}
if(show_all || ascii_strcasecmp(name,"version")==0)
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf("cfg:version:");
Finished the bulk of changes to use estream in most places instead of stdio.
2010-03-15 12:15:45 +01:00
es_write_sanitized (es_stdout, VERSION, strlen(VERSION), ":", NULL);
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
any=1;
}
if(show_all || ascii_strcasecmp(name,"pubkey")==0)
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("cfg:pubkey:");
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
print_algo_numbers (build_list_pk_test_algo);
es_printf ("\n");
any=1;
}
if(show_all || ascii_strcasecmp(name,"pubkeyname")==0)
{
es_printf ("cfg:pubkeyname:");
print_algo_names (build_list_pk_test_algo,
build_list_pk_algo_name);
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
any=1;
}
if(show_all || ascii_strcasecmp(name,"cipher")==0)
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("cfg:cipher:");
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
print_algo_numbers (build_list_cipher_test_algo);
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
any=1;
}
Support DSA2. Support Camellia for testing. More audit stuff.
2007-12-12 11:28:30 +01:00
if (show_all || !ascii_strcasecmp (name,"ciphername"))
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("cfg:ciphername:");
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
print_algo_names (build_list_cipher_test_algo,
build_list_cipher_algo_name);
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n");
Support DSA2. Support Camellia for testing. More audit stuff.
2007-12-12 11:28:30 +01:00
any = 1;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(show_all
|| ascii_strcasecmp(name,"digest")==0
|| ascii_strcasecmp(name,"hash")==0)
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("cfg:digest:");
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
print_algo_numbers (build_list_md_test_algo);
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
any=1;
}
Support DSA2. Support Camellia for testing. More audit stuff.
2007-12-12 11:28:30 +01:00
if (show_all
|| !ascii_strcasecmp(name,"digestname")
|| !ascii_strcasecmp(name,"hashname"))
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("cfg:digestname:");
gpg: Improve --version algo info output. * g10/misc.c (openpgp_pk_algo_name): Return a different string for each ECC algorithm. * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the different algo type enums. (build_list_pk_algo_name): Ditto. (build_list_cipher_test_algo): Ditto. (build_list_cipher_algo_name): Ditto. (build_list_md_test_algo): Ditto. (build_list_md_algo_name): Ditto. (my_strusage): Use them. (list_config): Ditto. Add "pubkeyname". (build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
print_algo_names (build_list_md_test_algo,
build_list_md_algo_name);
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n");
Support DSA2. Support Camellia for testing. More audit stuff.
2007-12-12 11:28:30 +01:00
any=1;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(show_all || ascii_strcasecmp(name,"compress")==0)
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("cfg:compress:");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
print_algo_numbers(check_compress_algo);
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
any=1;
}
g10: List compression algorithms using human-readable names. * g10/gpg.c (list_config): List all enabled compression algorithms under the key 'compressname'. Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 11:46:49 +01:00
if(show_all || ascii_strcasecmp (name, "compressname") == 0)
{
es_printf ("cfg:compressname:");
print_algo_names (check_compress_algo,
compress_algo_to_string);
es_printf ("\n");
any=1;
}
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
if (show_all || !ascii_strcasecmp(name,"ccid-reader-id"))
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
/* We ignore this for GnuPG 1.4 backward compatibility. */
any=1;
}
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
if (show_all || !ascii_strcasecmp (name,"curve"))
{
es_printf ("cfg:curve:");
for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first=0)
es_printf ("%s%s", first?"":";", s);
es_printf ("\n");
any=1;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
/* Curve OIDs are rarely useful and thus only printed if requested. */
if (name && !ascii_strcasecmp (name,"curveoid"))
{
es_printf ("cfg:curveoid:");
for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first = 0)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
common: Extend the openpgp_curve_to_oid function. * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS. Change all callers. -- In particular for ed25519 and cv25519 it is quite useful to have an ability to get the required algorithm.
2020-02-11 14:38:03 +01:00
s = openpgp_curve_to_oid (s, NULL, NULL);
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
es_printf ("%s%s", first?"":";", s? s:"[?]");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
es_printf ("\n");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
any=1;
}
if(show_all)
break;
if(!any)
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error(_("unknown configuration item '%s'\n"),name);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
}
gpgconf: Further simplify the gpgconf option processing. * common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ... * tools/gpgconf-comp.c: here. (known_options_scdaemon): Remove "options". (known_options_dirmngr): Remove "options". (known_options_gpgsm): Remove "options". (known_options_gpg): Remove "options" and "keyserver". (struct gc_option_s): Rename active t gpgconf_list. (gc_component_list_options): Do not act upon active. (option_check_validity): Ditto. (is_known_option): Make it work correctly for unknown options. (retrieve_options_from_program): Use renamed flag gpgconf_list only to detect duplicated items from --gpgconf-list. Do not set runtime. Only e set the options if set by --gpgconf-list; never clear them. * agent/gpg-agent.c: Simplify the --gpgconf-list output. * dirmngr/dirmngr.c: Ditto. * g10/gpg.c: Ditto. * kbx/keyboxd.c: Ditto. * scd/scdaemon.c: Ditto. * sm/gpgsm.c: Ditto. * tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver" for the string arg test. -- There is no need to read the list of options from the components unless they convey a default value. It is better to consult only the list we have in gpgconf-comp.c to decide on whether an option should be displayed. Right, this might mess up thing if a newer gpgconf version is used with an older component, but we already print warnings in this case and in general we do not want to support this anymore - the times of gpg 1.4. and 2.0 are long over now. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:53:43 +01:00
/* List default values for use by gpgconf. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
static void
gpgconf: Further simplify the gpgconf option processing. * common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ... * tools/gpgconf-comp.c: here. (known_options_scdaemon): Remove "options". (known_options_dirmngr): Remove "options". (known_options_gpgsm): Remove "options". (known_options_gpg): Remove "options" and "keyserver". (struct gc_option_s): Rename active t gpgconf_list. (gc_component_list_options): Do not act upon active. (option_check_validity): Ditto. (is_known_option): Make it work correctly for unknown options. (retrieve_options_from_program): Use renamed flag gpgconf_list only to detect duplicated items from --gpgconf-list. Do not set runtime. Only e set the options if set by --gpgconf-list; never clear them. * agent/gpg-agent.c: Simplify the --gpgconf-list output. * dirmngr/dirmngr.c: Ditto. * g10/gpg.c: Ditto. * kbx/keyboxd.c: Ditto. * scd/scdaemon.c: Ditto. * sm/gpgsm.c: Ditto. * tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver" for the string arg test. -- There is no need to read the list of options from the components unless they convey a default value. It is better to consult only the list we have in gpgconf-comp.c to decide on whether an option should be displayed. Right, this might mess up thing if a newer gpgconf version is used with an older component, but we already print warnings in this case and in general we do not want to support this anymore - the times of gpg 1.4. and 2.0 are long over now. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:53:43 +01:00
gpgconf_list (void)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
gpg,sm: A few more option for --gpgconf-list. * g10/gpg.c (gpgconf_list): Add --compliance and --default-new-key-algo. (parse_compliance_option): * sm/gpgsm.c (main) <gpgconf-list>: Add --enable-crl-checks. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-16 16:02:02 +01:00
es_printf ("compliance:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "gnupg");
jnlib/ 2007-06-18 Marcus Brinkmann <marcus@g10code.de> * stringhelp.h (percent_escape): New prototype. * stringhelp.c (percent_escape): New function. agent/ 2007-06-18 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (main): Percent escape pathname in --gpgconf-list output. g10/ 2007-06-18 Marcus Brinkmann <marcus@g10code.de> * gpg.c (gpgconf_list): Percent escape output of --gpgconf-list. scdaemon/ 2007-06-18 Marcus Brinkmann <marcus@g10code.de> * scdaemon.c (main): Percent escape output of --gpgconf-list. sm/ 2007-06-18 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Percent escape output of --gpgconf-list.
2007-06-18 22:15:01 +02:00
allow for default algorithms in a gpg parameter file
2009-12-04 20:47:54 +01:00
/* The next one is an info only item and should match the macros at
the top of keygen.c */
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
gpg: Do not use a fixed string for --gpgconf-list:default_pubkey_algo. * g10/keygen.c (get_default_pubkey_algo): New. (parse_key_parameter_string): Use it. * g10/gpg.c (gpgconf_list): Take value from new function. -- Note that consumers of that gpgconf-list value may need to be adjusted to that new value. It should anyway only be used to display the default algorithm. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 10:50:21 +01:00
get_default_pubkey_algo ());
gpgconf: Return a new pseudo option compliance_de_vs. * tools/gpgconf-comp.c (known_pseudo_options_gpg): Add "compliance_de_vs". * g10/gpg.c (gpgconf_list): Returh that pseudo option. -- Of course this will always return false for this version of gnupg. But as soon as this version has been approved we have everything ready for a runtime check. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-01 13:11:16 +02:00
/* This info only mode tells whether the we are running in de-vs
* compliance mode. This does not test all parameters but the basic
* conditions like a proper RNG and Libgcrypt. AS of now we always
* return 0 because this version of gnupg has not yet received an
* appoval. */
es_printf ("compliance_de_vs:%lu:%d:\n", GC_OPT_FLAG_DEFAULT,
0 /*gnupg_rng_is_compliant (CO_DE_VS)*/);
gpg,gpgsm: Move use-keyboxd to the new conf file common.conf * common/comopt.c, common/comopt.h: New. * common/Makefile.am: Add them. * g10/gpg.c: Include comopt.h. (main): Also parse common.conf. * sm/gpgsm.c: Include comopt.h. (main): Set a flag for the --no-logfile option. Parse common.conf. * tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add pseudo option "use_keyboxd". (known_pseudo_options_gpg): Add pseudo option "use_keyboxd". (known_options_gpgsm): Remove "use-keyboxd". * tests/openpgp/defs.scm (create-gpghome): Create common.conf. * doc/examples/common.conf: New. -- Note that --use-keybox still works but prints a warning. We will eventually remove this option becuase it was marked as an experimental feature anyway. It would be too confusing if gpg and gpgsm use different key storages. Further, other components (e.g. dirmngr or gpg-wks-client) which call gpg or gpgsm need to be aware that the keyboxd is used and pass that option on the command line. Now that common.conf is always read (even if --no-options is used) those tools will work instantly.
2021-04-19 11:33:19 +02:00
es_printf ("use_keyboxd:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, opt.use_keyboxd);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
static int
parse_subpacket_list(char *list)
{
char *tok;
byte subpackets[128],i;
int count=0;
if(!list)
{
/* No arguments means all subpackets */
memset(subpackets+1,1,sizeof(subpackets)-1);
count=127;
}
else
{
memset(subpackets,0,sizeof(subpackets));
/* Merge with earlier copy */
if(opt.show_subpackets)
{
byte *in;
for(in=opt.show_subpackets;*in;in++)
{
if(*in>127 || *in<1)
BUG();
if(!subpackets[*in])
count++;
subpackets[*in]=1;
}
}
while((tok=strsep(&list," ,")))
{
if(!*tok)
continue;
i=atoi(tok);
if(i>127 || i<1)
return 0;
if(!subpackets[i])
count++;
subpackets[i]=1;
}
}
xfree(opt.show_subpackets);
opt.show_subpackets=xmalloc(count+1);
opt.show_subpackets[count--]=0;
for(i=1;i<128 && count>=0;i++)
if(subpackets[i])
opt.show_subpackets[count--]=i;
return 1;
}
static int
parse_list_options(char *str)
{
char *subpackets=""; /* something that isn't NULL */
struct parse_options lopts[]=
{
{"show-photos",LIST_SHOW_PHOTOS,NULL,
N_("display photo IDs during key listings")},
gpg: Add list-option "show-usage". * g10/gpg.c (parse_list_options): Add "show-usage". * g10/options.h (LIST_SHOW_USAGE): New. * g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller. * g10/keylist.c (list_keyblock_print): Print usage info.
2014-08-12 10:36:30 +02:00
{"show-usage",LIST_SHOW_USAGE,NULL,
N_("show key usage information during key listings")},
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{"show-policy-urls",LIST_SHOW_POLICY_URLS,NULL,
N_("show policy URLs during signature listings")},
{"show-notations",LIST_SHOW_NOTATIONS,NULL,
N_("show all notations during signature listings")},
{"show-std-notations",LIST_SHOW_STD_NOTATIONS,NULL,
N_("show IETF standard notations during signature listings")},
{"show-standard-notations",LIST_SHOW_STD_NOTATIONS,NULL,
NULL},
{"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL,
N_("show user-supplied notations during signature listings")},
{"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL,
N_("show preferred keyserver URLs during signature listings")},
{"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL,
N_("show user ID validity during key listings")},
{"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS,NULL,
N_("show revoked and expired user IDs in key listings")},
{"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
N_("show revoked and expired subkeys in key listings")},
{"show-keyring",LIST_SHOW_KEYRING,NULL,
N_("show the keyring name in key listings")},
{"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
N_("show expiration dates during signature listings")},
{"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,NULL,
NULL},
gpg: New list-option "show-only-fpr-mbox". * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. * g10/keylist.c (list_keyblock_simple): New. (list_keyblock): Call it. (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX mode. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-04 12:32:28 +01:00
{"show-only-fpr-mbox",LIST_SHOW_ONLY_FPR_MBOX, NULL,
NULL},
gpg: Sort the signatures in standard key listings. * g10/gpg.c (parse_list_options): Add "sort-sigs". (main): Make it the default. * g10/options.h (LIST_SORT_SIGS): New. * g10/keylist.c (cmp_signodes): New. (list_keyblock_print): Sort signatures and factor signature printing code out to ... (list_signature_print): new. -- In particular together with --full-timestamps this makes it easier to see the history of key signatures and their revocations. The self-signatures are also printed first. To disable this --list-options no-sort-sigs can be used. Also don't print the annoying "no recocation reason specified" message. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-27 17:10:48 +01:00
{"sort-sigs", LIST_SORT_SIGS, NULL,
NULL},
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{NULL,0,NULL,NULL}
};
/* C99 allows for non-constant initializers, but we'd like to
compile everywhere, so fill in the show-sig-subpackets argument
here. Note that if the parse_options array changes, we'll have
to change the subscript here. */
gpg: Make show-sig-subpackets work again. * g10/gpg.c (parse_list_options): Fix offset for subpackets. -- Regression-due-to: 7d0492075ea638607309b3ea6a792b0e95ea7d98 GnuPG-bug-id: 2008 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-30 11:01:16 +02:00
lopts[13].value=&subpackets;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(parse_options(str,&opt.list_options,lopts,1))
{
if(opt.list_options&LIST_SHOW_SIG_SUBPACKETS)
{
/* Unset so users can pass multiple lists in. */
opt.list_options&=~LIST_SHOW_SIG_SUBPACKETS;
if(!parse_subpacket_list(subpackets))
return 0;
}
else if(subpackets==NULL && opt.show_subpackets)
{
/* User did 'no-show-subpackets' */
xfree(opt.show_subpackets);
opt.show_subpackets=NULL;
}
return 1;
}
else
return 0;
}
/* Collapses argc/argv into a single string that must be freed */
static char *
collapse_args(int argc,char *argv[])
{
char *str=NULL;
int i,first=1,len=0;
for(i=0;i<argc;i++)
{
len+=strlen(argv[i])+2;
str=xrealloc(str,len);
if(first)
{
str[0]='\0';
first=0;
}
else
strcat(str," ");
strcat(str,argv[i]);
}
return str;
}
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#ifndef NO_TRUST_MODELS
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
static void
parse_trust_model(const char *model)
{
if(ascii_strcasecmp(model,"pgp")==0)
opt.trust_model=TM_PGP;
else if(ascii_strcasecmp(model,"classic")==0)
opt.trust_model=TM_CLASSIC;
else if(ascii_strcasecmp(model,"always")==0)
opt.trust_model=TM_ALWAYS;
else if(ascii_strcasecmp(model,"direct")==0)
opt.trust_model=TM_DIRECT;
build: Allow building without SQLlite support. * configure.ac: Add option --dsiable-tofu and --disable-sqlite. (NEED_SQLITE_VERSION): New var. (USE_TOFU): New ac_define and am_conditional. * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that pkg-config find the correct .pc file. * g10/Makefile.am (tofu_source): New. Build only if enabled. * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models. (parse_tofu_policy)[!USE_TOFU]: Disable all. (parse_tofu_db_format)[!USE_TOFU]: Disable all. (main) <aTOFUPolicy>[!USE_TOFU]: Skip. * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not call tofu functions. * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto. * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu processing. -- This allows to build a minimal version of GnuPG. It is also currently required to build for Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 17:32:23 +02:00
#ifdef USE_TOFU
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
else if(ascii_strcasecmp(model,"tofu")==0)
opt.trust_model=TM_TOFU;
else if(ascii_strcasecmp(model,"tofu+pgp")==0)
opt.trust_model=TM_TOFU_PGP;
build: Allow building without SQLlite support. * configure.ac: Add option --dsiable-tofu and --disable-sqlite. (NEED_SQLITE_VERSION): New var. (USE_TOFU): New ac_define and am_conditional. * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that pkg-config find the correct .pc file. * g10/Makefile.am (tofu_source): New. Build only if enabled. * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models. (parse_tofu_policy)[!USE_TOFU]: Disable all. (parse_tofu_db_format)[!USE_TOFU]: Disable all. (main) <aTOFUPolicy>[!USE_TOFU]: Skip. * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not call tofu functions. * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto. * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu processing. -- This allows to build a minimal version of GnuPG. It is also currently required to build for Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 17:32:23 +02:00
#endif /*USE_TOFU*/
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else if(ascii_strcasecmp(model,"auto")==0)
opt.trust_model=TM_AUTO;
else
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error("unknown trust model '%s'\n",model);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#endif /*NO_TRUST_MODELS*/
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: Allow "help" as value for --tofu-policy. * g10/gpg.c (parse_tofu_policy): Add keyword "help". (parse_tofu_db_format): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 16:19:35 +01:00
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
static int
gpg: Allow "help" as value for --tofu-policy. * g10/gpg.c (parse_tofu_policy): Add keyword "help". (parse_tofu_db_format): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 16:19:35 +01:00
parse_tofu_policy (const char *policystr)
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
{
build: Allow building without SQLlite support. * configure.ac: Add option --dsiable-tofu and --disable-sqlite. (NEED_SQLITE_VERSION): New var. (USE_TOFU): New ac_define and am_conditional. * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that pkg-config find the correct .pc file. * g10/Makefile.am (tofu_source): New. Build only if enabled. * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models. (parse_tofu_policy)[!USE_TOFU]: Disable all. (parse_tofu_db_format)[!USE_TOFU]: Disable all. (main) <aTOFUPolicy>[!USE_TOFU]: Skip. * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not call tofu functions. * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto. * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu processing. -- This allows to build a minimal version of GnuPG. It is also currently required to build for Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 17:32:23 +02:00
#ifdef USE_TOFU
gpg: Allow "help" as value for --tofu-policy. * g10/gpg.c (parse_tofu_policy): Add keyword "help". (parse_tofu_db_format): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 16:19:35 +01:00
struct { const char *keyword; int policy; } list[] = {
{ "auto", TOFU_POLICY_AUTO },
{ "good", TOFU_POLICY_GOOD },
{ "unknown", TOFU_POLICY_UNKNOWN },
{ "bad", TOFU_POLICY_BAD },
{ "ask", TOFU_POLICY_ASK }
};
int i;
if (!ascii_strcasecmp (policystr, "help"))
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
{
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
log_info (_("valid values for option '%s':\n"), "--tofu-policy");
gpg: Allow "help" as value for --tofu-policy. * g10/gpg.c (parse_tofu_policy): Add keyword "help". (parse_tofu_db_format): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 16:19:35 +01:00
for (i=0; i < DIM (list); i++)
log_info (" %s\n", list[i].keyword);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
g10_exit (1);
}
gpg: Allow "help" as value for --tofu-policy. * g10/gpg.c (parse_tofu_policy): Add keyword "help". (parse_tofu_db_format): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 16:19:35 +01:00
for (i=0; i < DIM (list); i++)
if (!ascii_strcasecmp (policystr, list[i].keyword))
return list[i].policy;
#endif /*USE_TOFU*/
log_error (_("unknown TOFU policy '%s'\n"), policystr);
if (!opt.quiet)
log_info (_("(use \"help\" to list choices)\n"));
g10_exit (1);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
}
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
common,gpg,sm: Move the compliance option parser. * common/compliance.c (gnupg_parse_compliance_option): New function. * common/compliance.h (struct gnupg_compliance_option): New type. (gnupg_parse_compliance_option): New prototype. * g10/gpg.c (parse_compliance_option): Remove function. (compliance_options): New variable. (main): Adapt callsite. * sm/gpgsm.c (main): Use the new common function. * sm/gpgsm.h (opt): New field 'compliance'. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 11:50:54 +02:00
static struct gnupg_compliance_option compliance_options[] =
{
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
{ "gnupg", oGnuPG },
{ "openpgp", oOpenPGP },
{ "rfc4880bis", oRFC4880bis },
{ "rfc4880", oRFC4880 },
{ "rfc2440", oRFC2440 },
gpg: Remove PGP6 compliance mode. * g10/gpg.c: Make --pgp6 an alias for --pgp7. * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6. * g10/options.h (PGP6): Remove. Adjust all users. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 13:01:12 +02:00
{ "pgp6", oPGP7 },
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
{ "pgp7", oPGP7 },
gpg: Add new compliance mode "de-vs". * g10/options.h (CO_DE_VS): New. (GNUPG): Also allow CO_DE_VS. * g10/gpg.c (oDE_VS): New. (parse_compliance_option): Add "de-vs". (set_compliance_option): Set "de-vs". * g10/misc.c (compliance_option_string): Return a description string. (compliance_failure): Ditto. * g10/keygen.c (ask_algo): Take care of CO_DE_VS. (get_keysize_range): Ditto. (ask_curve): Add new field to CURVES and trun flags into bit flags. Allow only Brainpool curves in CO_DE_VS mode. -- As of now this compliance mode only restricts the set of algorithms and curves which can be created. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 17:50:03 +01:00
{ "pgp8", oPGP8 },
{ "de-vs", oDE_VS }
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
};
Spelling fixes in docs and comments. -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 03:06:33 +02:00
/* Helper to set compliance related options. This is a separate
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
* function so that it can also be used by the --compliance option
* parser. */
static void
set_compliance_option (enum cmd_and_opt_values option)
{
scd:openpgp: Let the genkey function also accept a full keyref. * scd/app-openpgp.c (send_key_attr): Use log_assert. (do_genkey): Allow prefix. -- It is more uniform to always use full keyref (e.g. "OPENPGP.1") instead of just the key number. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 00:33:51 +01:00
opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */
gpg: Make rfc4880bis the default. * g10/gpg.c (set_compliance_option, main): Change CO_GNUPG to include rfc4880bis features. (main): Change rfc4880bis warning to a note. -- Note that the default is CO_GNUPG and not CO_OPENPGP. CO_OPENPGP does not include rfc4880bis yet and has a couple of things we don't like, like --allow-non-selfsigned-uids. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 11:23:56 +01:00
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
switch (option)
{
case oRFC4880bis:
opt.flags.rfc4880bis = 1;
gpg: Do not allow old cipher algorithms for encryption. * g10/gpg.c: New option --allow-old-cipher-algos. (set_compliance_option): Set --rfc4880bis explictly to SHA256 and AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440. * g10/options.h (opt): Add flags.allow_old_cipher_algos. * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note unless in --quiet mode. * g10/encrypt.c (setup_symkey): Disallow by default algos with a blocklengt < 128. (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES. * g10/pkclist.c (algo_available): Take care of old cipher also. (select_algo_from_prefs): Use AES as implicit algorithm by default. * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos. -- GnuPG-bug-id: 3415
2021-02-10 14:31:34 +01:00
opt.compliance = CO_RFC4880;
opt.flags.dsa2 = 1;
opt.flags.require_cross_cert = 1;
opt.rfc2440_text = 0;
opt.allow_non_selfsigned_uid = 1;
opt.allow_freeform_uid = 1;
opt.escape_from = 1;
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
opt.def_aead_algo = 0;
opt.def_digest_algo = 0;
opt.cert_digest_algo = 0;
opt.compress_algo = -1;
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
break;
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
case oOpenPGP:
case oRFC4880:
/* This is effectively the same as RFC2440, but with
"--enable-dsa2 --no-rfc2440-text --escape-from-lines
--require-cross-certification". */
opt.compliance = CO_RFC4880;
opt.flags.dsa2 = 1;
opt.flags.require_cross_cert = 1;
opt.rfc2440_text = 0;
opt.allow_non_selfsigned_uid = 1;
opt.allow_freeform_uid = 1;
opt.escape_from = 1;
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
opt.def_aead_algo = 0;
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
opt.def_digest_algo = 0;
opt.cert_digest_algo = 0;
opt.compress_algo = -1;
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
gpg: Do not allow old cipher algorithms for encryption. * g10/gpg.c: New option --allow-old-cipher-algos. (set_compliance_option): Set --rfc4880bis explictly to SHA256 and AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440. * g10/options.h (opt): Add flags.allow_old_cipher_algos. * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note unless in --quiet mode. * g10/encrypt.c (setup_symkey): Disallow by default algos with a blocklengt < 128. (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES. * g10/pkclist.c (algo_available): Take care of old cipher also. (select_algo_from_prefs): Use AES as implicit algorithm by default. * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos. -- GnuPG-bug-id: 3415
2021-02-10 14:31:34 +01:00
opt.flags.allow_old_cipher_algos = 1;
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
break;
case oRFC2440:
opt.compliance = CO_RFC2440;
opt.flags.dsa2 = 0;
opt.rfc2440_text = 1;
opt.allow_non_selfsigned_uid = 1;
opt.allow_freeform_uid = 1;
opt.escape_from = 0;
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
opt.def_aead_algo = 0;
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
opt.def_digest_algo = 0;
opt.cert_digest_algo = 0;
opt.compress_algo = -1;
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
gpg: Do not allow old cipher algorithms for encryption. * g10/gpg.c: New option --allow-old-cipher-algos. (set_compliance_option): Set --rfc4880bis explictly to SHA256 and AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440. * g10/options.h (opt): Add flags.allow_old_cipher_algos. * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note unless in --quiet mode. * g10/encrypt.c (setup_symkey): Disallow by default algos with a blocklengt < 128. (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES. * g10/pkclist.c (algo_available): Take care of old cipher also. (select_algo_from_prefs): Use AES as implicit algorithm by default. * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos. -- GnuPG-bug-id: 3415
2021-02-10 14:31:34 +01:00
opt.flags.allow_old_cipher_algos = 1;
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
break;
case oPGP7: opt.compliance = CO_PGP7; break;
case oPGP8: opt.compliance = CO_PGP8; break;
gpg: Make rfc4880bis the default. * g10/gpg.c (set_compliance_option, main): Change CO_GNUPG to include rfc4880bis features. (main): Change rfc4880bis warning to a note. -- Note that the default is CO_GNUPG and not CO_OPENPGP. CO_OPENPGP does not include rfc4880bis yet and has a couple of things we don't like, like --allow-non-selfsigned-uids. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 11:23:56 +01:00
case oGnuPG:
opt.compliance = CO_GNUPG;
opt.flags.rfc4880bis = 1;
break;
gpg: Add new compliance mode "de-vs". * g10/options.h (CO_DE_VS): New. (GNUPG): Also allow CO_DE_VS. * g10/gpg.c (oDE_VS): New. (parse_compliance_option): Add "de-vs". (set_compliance_option): Set "de-vs". * g10/misc.c (compliance_option_string): Return a description string. (compliance_failure): Ditto. * g10/keygen.c (ask_algo): Take care of CO_DE_VS. (get_keysize_range): Ditto. (ask_curve): Add new field to CURVES and trun flags into bit flags. Allow only Brainpool curves in CO_DE_VS mode. -- As of now this compliance mode only restricts the set of algorithms and curves which can be created. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 17:50:03 +01:00
case oDE_VS:
set_compliance_option (oOpenPGP);
opt.compliance = CO_DE_VS;
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
opt.def_aead_algo = 0;
gpg: Switch to AES256 for symmetric encryption in de-vs mode. * g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs mode. * g10/encrypt.c (setup_symkey): Add extra compliance check. (encrypt_simple): Avoid printing a second error oncplinace failure. -- Because we used the RFC4880 mode as base for the de-vs mode we got 3DES as symmetric encryption algorithm. With the default gnupg mode that was already used. The new extra compliance checks are added to detect whether a --personal-cipher-preference or --cipher-algo option tried to override the algorithms. They are still possible but now non-compliant algorithms will throw an error. Manual testing can be done with commands like this: gpg --no-options --compliance=de-vs \ --personal-cipher-preferences "S1 S7" \ --pinentry-mode loopback -v --passphrase abc -ac </etc/motd Here the command fails due to IDEA (S1) being the preferred cipher algorithm. Using "--s2k-digest-algo SHA1" instead of --personal-cipher-preferences will also fail. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-03 13:55:25 +01:00
/* We divert here from the backward compatible rfc4880 algos. */
opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
gpg: Add new compliance mode "de-vs". * g10/options.h (CO_DE_VS): New. (GNUPG): Also allow CO_DE_VS. * g10/gpg.c (oDE_VS): New. (parse_compliance_option): Add "de-vs". (set_compliance_option): Set "de-vs". * g10/misc.c (compliance_option_string): Return a description string. (compliance_failure): Ditto. * g10/keygen.c (ask_algo): Take care of CO_DE_VS. (get_keysize_range): Ditto. (ask_curve): Add new field to CURVES and trun flags into bit flags. Allow only Brainpool curves in CO_DE_VS mode. -- As of now this compliance mode only restricts the set of algorithms and curves which can be created. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 17:50:03 +01:00
break;
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
default:
BUG ();
}
}
Fix typos found using codespell. * agent/cache.c: Fix typos. * agent/call-pinentry.c: Likewise. * agent/call-scd.c: Likewise. * agent/command-ssh.c: Likewise. * agent/command.c: Likewise. * agent/divert-scd.c: Likewise. * agent/findkey.c: Likewise. * agent/gpg-agent.c: Likewise. * agent/w32main.c: Likewise. * common/argparse.c: Likewise. * common/audit.c: Likewise. * common/audit.h: Likewise. * common/convert.c: Likewise. * common/dotlock.c: Likewise. * common/exechelp-posix.c: Likewise. * common/exechelp-w32.c: Likewise. * common/exechelp-w32ce.c: Likewise. * common/exechelp.h: Likewise. * common/helpfile.c: Likewise. * common/i18n.h: Likewise. * common/iobuf.c: Likewise. * common/iobuf.h: Likewise. * common/localename.c: Likewise. * common/logging.c: Likewise. * common/openpgp-oid.c: Likewise. * common/session-env.c: Likewise. * common/sexputil.c: Likewise. * common/sysutils.c: Likewise. * common/t-sexputil.c: Likewise. * common/ttyio.c: Likewise. * common/util.h: Likewise. * dirmngr/cdblib.c: Likewise. * dirmngr/certcache.c: Likewise. * dirmngr/crlcache.c: Likewise. * dirmngr/dirmngr-client.c: Likewise. * dirmngr/dirmngr.c: Likewise. * dirmngr/dirmngr_ldap.c: Likewise. * dirmngr/dns-stuff.c: Likewise. * dirmngr/http.c: Likewise. * dirmngr/ks-engine-hkp.c: Likewise. * dirmngr/ks-engine-ldap.c: Likewise. * dirmngr/ldap-wrapper.c: Likewise. * dirmngr/ldap.c: Likewise. * dirmngr/misc.c: Likewise. * dirmngr/ocsp.c: Likewise. * dirmngr/validate.c: Likewise. * g10/encrypt.c: Likewise. * g10/getkey.c: Likewise. * g10/gpg.c: Likewise. * g10/gpgv.c: Likewise. * g10/import.c: Likewise. * g10/keydb.c: Likewise. * g10/keydb.h: Likewise. * g10/keygen.c: Likewise. * g10/keyid.c: Likewise. * g10/keylist.c: Likewise. * g10/keyring.c: Likewise. * g10/mainproc.c: Likewise. * g10/misc.c: Likewise. * g10/options.h: Likewise. * g10/packet.h: Likewise. * g10/parse-packet.c: Likewise. * g10/pkclist.c: Likewise. * g10/pkglue.c: Likewise. * g10/plaintext.c: Likewise. * g10/server.c: Likewise. * g10/sig-check.c: Likewise. * g10/sqlite.c: Likewise. * g10/tdbio.c: Likewise. * g10/test-stubs.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. * g13/create.c: Likewise. * g13/mountinfo.c: Likewise. * kbx/keybox-blob.c: Likewise. * kbx/keybox-file.c: Likewise. * kbx/keybox-init.c: Likewise. * kbx/keybox-search-desc.h: Likewise. * kbx/keybox-search.c: Likewise. * kbx/keybox-update.c: Likewise. * scd/apdu.c: Likewise. * scd/app-openpgp.c: Likewise. * scd/app-p15.c: Likewise. * scd/app.c: Likewise. * scd/ccid-driver.c: Likewise. * scd/command.c: Likewise. * scd/iso7816.c: Likewise. * sm/base64.c: Likewise. * sm/call-agent.c: Likewise. * sm/call-dirmngr.c: Likewise. * sm/certchain.c: Likewise. * sm/gpgsm.c: Likewise. * sm/import.c: Likewise. * sm/keydb.c: Likewise. * sm/minip12.c: Likewise. * sm/qualified.c: Likewise. * sm/server.c: Likewise. * tools/gpg-check-pattern.c: Likewise. * tools/gpgconf-comp.c: Likewise. * tools/gpgkey2ssh.c: Likewise. * tools/gpgparsemail.c: Likewise. * tools/gpgtar.c: Likewise. * tools/rfc822parse.c: Likewise. * tools/symcryptrun.c: Likewise. Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-16 12:41:46 +01:00
/* This function called to initialized a new control object. It is
Started to code a --server mode. It is far from being ready!
2006-12-21 20:40:00 +01:00
assumed that this object has been zeroed out before calling this
function. */
static void
gpg_init_default_ctrl (ctrl_t ctrl)
{
gpg: Assert that an opaque parameter is really what we expect. * g10/gpg.h (SERVER_CONTROL_MAGIC): New const. (server_control_s): Add field 'magic'. * g10/gpg.c (gpg_init_default_ctrl): Init MAGIC. * g10/import.c (impex_filter_getval): Assert MAGIC. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:06:54 +02:00
ctrl->magic = SERVER_CONTROL_MAGIC;
Started to code a --server mode. It is far from being ready!
2006-12-21 20:40:00 +01:00
}
/* This function is called to deinitialize a control object. It is
not deallocated. */
static void
gpg_deinit_default_ctrl (ctrl_t ctrl)
{
gpg, w32: Fix build regression. -- Fixes-commit: 754b1c463034a634a678d8efc76c27fd46aad9b9
2016-05-24 13:01:27 +02:00
#ifdef USE_TOFU
gpg: Store the Tofu meta handle for databases in CTRL. * g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations. (struct server_control_s): Add field tofu.dbs. * g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by by tofu_dbs_t. (opendbs): Add arg CTRL. Cache the DBS in CTRL. (closedbs): Rename to tofu_closedbs and make global. Add arg CTRL. (tofu_register): Add arg CTRL. Change all callers. Do not call closedbs. (tofu_get_validity): Ditto. (tofu_set_policy): Ditto. (tofu_get_policy): Ditto. (tofu_set_policy_by_keyid): Add arg CTRL. * g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 12:26:44 +02:00
tofu_closedbs (ctrl);
gpg, w32: Fix build regression. -- Fixes-commit: 754b1c463034a634a678d8efc76c27fd46aad9b9
2016-05-24 13:01:27 +02:00
#endif
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
gpg_dirmngr_deinit_session_data (ctrl);
gpg: Avoid multiple open calls to the keybox file. * g10/keydb.h (KEYDB_HANDLE): Move typedef to ... * g10/gpg.h: here. (struct server_control_s): Add field 'cached_getkey_kdb'. * g10/gpg.c (gpg_deinit_default_ctrl): Release that keydb handle. * g10/getkey.c (getkey_end): Cache keydb handle. (get_pubkey): Use cached keydb handle. * kbx/keybox-search.c (keybox_search_reset): Use lseek instead of closing the file. -- Before this patch a "gpg --check-sigs" opened and closed the keybox file for almost every signature check. By caching the keydb handle and using lseek(2) this can be limited to just 2 times. This might speed up things on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:44:05 +02:00
keydb_release (ctrl->cached_getkey_kdb);
gpg: First rough implementation of keyboxd access for key lookup. * g10/Makefile.am: Add nPth flags. * g10/gpg.c: Include npth.h. (gpg_deinit_default_ctrl): Deinit call-keyboxd local data. (main): Init nPth. * g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and remove the search result and the assuan context. * g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields. (lock_datastream, unlock_datastream): New. (gpg_keyboxd_deinit_session_data): Adjust for changed data structures. (prepare_data_pipe): New. (open_context): Return kbl instead of an Assuan context. Init mutexes etc. (close_context): Merge into ... (keydb_release): here. Adjust for changed data structures. (datastream_thread): New. (keydb_get_keyblock): Implement datastream stuff. (keydb_search): Ditto. * common/asshelp.c (wait_for_sock): Add arg connect_flags. (start_new_service): Set FDPASSING flag for the keyboxd. -- This code as a lot of rough edges, in particular it relies on a well behaving keyboxd. We need to add code to shutdown the datastream reader thread in case of errors and to properly get it up again. We also need to make really sure that both threads run in lockstep so that the datastream thread is only active while we are sending a command to the keyboxd. We should also see whether we can depend nPth initialization on the --use-keyboxd option to avoid any problems with nPth. And we need to test on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-10 16:05:54 +02:00
gpg_keyboxd_deinit_session_data (ctrl);
Started to code a --server mode. It is far from being ready!
2006-12-21 20:40:00 +01:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int
2008-02-09 Marcus Brinkmann <marcus@g10code.de> * gpg.c (main): New variable default_configname. Use it if save_configname is NULL (can happen if default configfile does not exist). Move default configname determination to ... (get_default_configname): ... this new function.
2008-02-09 01:05:55 +01:00
main (int argc, char **argv)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
gpgrt_argparse_t pargs;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
IOBUF a;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int rc=0;
int orig_argc;
char **orig_argv;
const char *fname;
char *username;
int may_coredump;
gpg: Do not pre-check keys given on the command line. * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG) (PK_LIST_SHIFT): New. * g10/pkclist.c (build_pk_list): Use them here. * g10/gpg.c (check_user_ids, main): Ditto. * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR. (check_user_ids): Skip check for command line specified options. -- If a key has been given on the command line and it has not been given by one of the encrypt-to options, we now skip the checks. The reason is that the actual key selection code does its own checks and provides proper status message to the caller to detect the wrong keys. Without this we would break most frontends because they expect for example STATUS_INV_RECP. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
strlist_t sl;
strlist_t remusr = NULL;
strlist_t locusr = NULL;
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
strlist_t nrings = NULL;
Fixes for CVE-2006-6235
2006-12-06 11:16:50 +01:00
armor_filter_context_t *afx = NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int detached_sig = 0;
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
char *last_configname = NULL;
const char *configname = NULL; /* NULL or points to last_configname.
* NULL also indicates that we are
* processing options from the cmdline. */
int debug_argparser = 0;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int default_keyring = 1;
int greeting = 0;
int nogreeting = 0;
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
char *logfile = NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int use_random_seed = 1;
enum cmd_and_opt_values cmd = 0;
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
const char *debug_level = NULL;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#ifndef NO_TRUST_MODELS
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
const char *trustdb_name = NULL;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#endif /*!NO_TRUST_MODELS*/
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
char *def_cipher_string = NULL;
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
char *def_aead_string = NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
char *def_digest_string = NULL;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
char *compress_algo_string = NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
char *cert_digest_string = NULL;
char *s2k_cipher_string = NULL;
char *s2k_digest_string = NULL;
char *pers_cipher_list = NULL;
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
char *pers_aead_list = NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
char *pers_digest_list = NULL;
char *pers_compress_list = NULL;
int eyes_only=0;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
int multifile=0;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int pwfd = -1;
gpg: New option --override-session-key-fd. * g10/gpg.c (oOverrideSessionKeyFD): New. (opts): Add option --override-session-key-fd. (main): Handle that option. (read_sessionkey_from_fd): New. -- The override-session-key feature was designed to mitigate the effect of the British RIP act by allowing to keep the private key private and hand out only a session key. For that use case the leaking of the session key would not be a problem. However there are other use cases, for example fast re-decryption after an initial decryption, which would benefit from concealing the session key from other users. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:02:53 +01:00
int ovrseskeyfd = -1;
Fixed bug#1044. Use of --fingerprint with --with-fingerprint.
2009-05-20 12:23:33 +02:00
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int any_explicit_recipient = 0;
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve. * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 21:58:46 +02:00
int default_akl = 1;
gpg: Remove options --print-dane-records and --print-pka-records. * g10/gpg.c (main): Remove options but print a dedicated warning. * g10/options.h (struct opt): Remove fields 'print_dane_records' and 'print_pka_records'. * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka. (list_keyblock_pka): Remove. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 15:19:36 +02:00
int require_secmem = 0;
int got_secmem = 0;
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
struct assuan_malloc_hooks malloc_hooks;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
ctrl_t ctrl;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Remove options --print-dane-records and --print-pka-records. * g10/gpg.c (main): Remove options but print a dedicated warning. * g10/options.h (struct opt): Remove fields 'print_dane_records' and 'print_pka_records'. * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka. (list_keyblock_pka): Remove. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 15:19:36 +02:00
static int print_dane_records;
gpg: Use 128 MiB as default AEAD chunk size. * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-24 09:50:02 +02:00
static int allow_large_chunks;
Add --chuid to gpg, gpg-card, and gpg-connect-agent. * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
static const char *homedirvalue;
static const char *changeuser;
gpg: Remove options --print-dane-records and --print-pka-records. * g10/gpg.c (main): Remove options but print a dedicated warning. * g10/options.h (struct opt): Remove fields 'print_dane_records' and 'print_pka_records'. * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka. (list_keyblock_pka): Remove. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 15:19:36 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#ifdef __riscos__
opt.lock_once = 1;
#endif /* __riscos__ */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* Please note that we may running SUID(ROOT), so be very CAREFUL
when adding any stuff between here and the call to
secmem_init() somewhere after the option parsing. */
Add a hook to be called right after main. * common/init.c (early_system_init): New stub function. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 19:57:22 +01:00
early_system_init ();
Make use of the *_NAME etc macros. Replace hardwired strings at many places with new macros from config.h and use the new strusage macro replacement feature. * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn sentinels. * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
gnupg_reopen_std (GPG_NAME);
Various updates
2006-09-21 15:30:45 +02:00
trap_unaligned ();
gnupg_rl_initialize ();
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
gpgrt_set_strusage (my_strusage);
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
Call log_set_prefix() with human-readable labels. * agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c * dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c * g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c * tests/gpgscm/main.c, tools/gpg-check-pattern.c * tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c * tools/symcryptrun.c: Invoke log_set_prefix() with human-readable labels. -- Some invocations of log_set_prefix() were done with raw numeric values instead of values that humans can understand. Use symbolic representations instead of numeric for better readability. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-12 07:37:57 +02:00
log_set_prefix (GPG_NAME, GPGRT_LOG_WITH_PREFIX);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
A whole bunch of changes to allow building for Windows. See the ChangeLogs for details.
2007-06-14 19:05:07 +02:00
/* Make sure that our subsystems are ready. */
Minor fixes.
2008-12-09 09:58:02 +01:00
i18n_init();
More chnages to use estream. Add a way to replace the standard descriptors.
2010-03-22 13:46:05 +01:00
init_common_subsystems (&argc, &argv);
A whole bunch of changes to allow building for Windows. See the ChangeLogs for details.
2007-06-14 19:05:07 +02:00
Sample ECC keys and message do now work. Import and export of secret keys does now work. Encryption has been fixed to be compatible with the sample messages. This version tests for new Libgcrypt function and thus needs to be build with a new Libgcrypt installed.
2011-02-02 15:48:54 +01:00
/* Use our own logging handler for Libcgrypt. */
setup_libgcrypt_logging ();
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* Put random number into secure memory */
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
may_coredump = disable_core_dumps();
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
gnupg_init_signals (0, emergency_cleanup);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
Add a flag parameter to dotlock_create. This allows us to extend this function in the future.
2011-09-28 15:41:58 +02:00
dotlock_create (NULL, 0); /* Register lock file cleanup. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
common,gpg,sm: Initialize compliance module. * common/compliance.c (gnupg_initialize_compliance): New function. * common/compliance.h (gnupg_initialize_compliance): New prototype. * g10/gpg.c (main): Use the new function. * sm/gpgsm.c (main): Likewise. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 15:38:50 +02:00
/* Tell the compliance module who we are. */
gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPG);
Add option --no-autostart. * g10/gpg.c: Add option --no-autostart. * sm/gpgsm.c: Ditto. * g10/options.h (opt): Add field autostart. * sm/gpgsm.h (opt): Ditto. * g10/call-agent.c (start_agent): Print note if agent was not autostarted. * sm/call-agent.c (start_agent): Ditto. * g10/call-dirmngr.c (create_context): Likewise. * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
opt.autostart = 1;
Reworked passing of envars to Pinentry.
2009-07-07 12:02:41 +02:00
opt.session_env = session_env_new ();
if (!opt.session_env)
log_fatal ("error allocating session environment block: %s\n",
strerror (errno));
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
opt.command_fd = -1; /* no command fd */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
opt.compress_level = -1; /* defaults to standard compress level */
opt.bz2_compress_level = -1; /* defaults to standard compress level */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* note: if you change these lines, look at oOpenPGP */
opt.def_cipher_algo = 0;
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
opt.def_aead_algo = 0;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
opt.def_digest_algo = 0;
opt.cert_digest_algo = 0;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
opt.s2k_mode = 3; /* iterated+salted */
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
opt.s2k_count = 0; /* Auto-calibrate when needed. */
gpg: Change default cipher for --symmetric from CAST5 to AES-128. * g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES depending on configure option. * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.
2014-08-18 11:45:00 +02:00
opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
opt.completes_needed = 1;
opt.marginals_needed = 3;
opt.max_cert_depth = 5;
opt.escape_from = 1;
Ported changes from 1.4. Add copyright notices.
2007-10-25 11:06:21 +02:00
opt.flags.require_cross_cert = 1;
gpg: Collapse duplicate subkeys. * g10/options.h (IMPORT_COLLAPSE_UIDS): New. (IMPORT_COLLAPSE_SUBKEYS): New. * g10/gpg.c (main): Make them the default. * g10/import.c (parse_import_options): New import options "no-collapse-uids" and "no-collapse_subkeys". (collapse_subkeys): New. (import_one_real): Collapse subkeys and allow disabling the collapsing using the new options. (read_key_from_file_or_buffer): Always collapse subkeys. * g10/keyedit.c (fix_keyblock): Call collapse_subkeys. -- GnuPG-bug-id: 4421 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 10:33:57 +02:00
opt.import_options = (IMPORT_REPAIR_KEYS
| IMPORT_COLLAPSE_UIDS
| IMPORT_COLLAPSE_SUBKEYS);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
opt.export_options = EXPORT_ATTRIBUTES;
gpg: Check and fix keys on import. * doc/gpg.texi: Document the new import option. * g10/gpg.c (main): Make the new option default to yes. * g10/import.c (parse_import_options): Parse the new option. (import_one): Act on the new option. * g10/options.h (IMPORT_REPAIR_KEYS): New macro. GnuPG-bug-id: 2236 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-13 15:35:01 +02:00
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. * g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:45:39 +02:00
| IMPORT_REPAIR_PKS_SUBKEY_BUG
| IMPORT_SELF_SIGS_ONLY
gpg: Collapse duplicate subkeys. * g10/options.h (IMPORT_COLLAPSE_UIDS): New. (IMPORT_COLLAPSE_SUBKEYS): New. * g10/gpg.c (main): Make them the default. * g10/import.c (parse_import_options): New import options "no-collapse-uids" and "no-collapse_subkeys". (collapse_subkeys): New. (import_one_real): Collapse subkeys and allow disabling the collapsing using the new options. (read_key_from_file_or_buffer): Always collapse subkeys. * g10/keyedit.c (fix_keyblock): Call collapse_subkeys. -- GnuPG-bug-id: 4421 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 10:33:57 +02:00
| IMPORT_COLLAPSE_UIDS
| IMPORT_COLLAPSE_SUBKEYS
gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. * g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:45:39 +02:00
| IMPORT_CLEAN);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
gpg: Remove support for PKA. * g10/gpg.c (oPrintPKARecords): Remove. (opts): Remove --print-pka-records. (main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff. * g10/options.h (EXPORT_DANE_FORMAT): Remove. (VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove. (KEYSERVER_HONOR_PKA_RECORD): Remove. * g10/packet.h (pka_info_t): Remove. (PKT_signature): Remove flags.pka_tried and pka_info. * g10/parse-packet.c (register_known_notation): Remove "pka-address@gnupg.org". * g10/pkclist.c (check_signatures_trust): Remove PKA stuff. * g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove. * g10/export.c (parse_export_options): Remove "export-pka". (do_export): Adjust for this. (write_keyblock_to_output): Ditto. (do_export_stream): Ditto. (print_pka_or_dane_records): Rename to ... (print_dane_records): this and remove two args. Remove PKA printing. * g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed pka_info field. * g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy. * g10/keyserver.c: Remove "honor-pka-record". (keyserver_import_pka): Remove. * g10/mainproc.c (get_pka_address): Remove. (pka_uri_from_sig): Remove. (check_sig_and_print): Remove code for PKA. -- PKA (Public Key Association) was a DNS based key discovery method which looked up fingerprint by mail addresses in the DNS. This goes back to the conference where DKIM was suggested to show that we already had a better method for this available with PGP/MIME. PKA was was later superseded by an experimental DANE method and is today not anymore relevant. It is anyway doubtful whether PKA was ever widely used. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-02-02 19:53:21 +01:00
opt.keyserver_options.options = 0;
gpg: Make show-uid-validity the default.
2014-06-24 09:53:46 +02:00
opt.verify_options = (LIST_SHOW_UID_VALIDITY
| VERIFY_SHOW_POLICY_URLS
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
| VERIFY_SHOW_STD_NOTATIONS
| VERIFY_SHOW_KEYSERVER_URLS);
gpg: Make --list-options show-usage the default. * g10/gpg.c (main): Add LIST_SHOW_USAGE. -- The usage flags are often useful and they don't take away much space in a key listing. Thus it is better to have them enabled by default. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 12:22:33 +01:00
opt.list_options = (LIST_SHOW_UID_VALIDITY
gpg: Sort the signatures in standard key listings. * g10/gpg.c (parse_list_options): Add "sort-sigs". (main): Make it the default. * g10/options.h (LIST_SORT_SIGS): New. * g10/keylist.c (cmp_signodes): New. (list_keyblock_print): Sort signatures and factor signature printing code out to ... (list_signature_print): new. -- In particular together with --full-timestamps this makes it easier to see the history of key signatures and their revocations. The self-signatures are also printed first. To disable this --list-options no-sort-sigs can be used. Also don't print the annoying "no recocation reason specified" message. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-27 17:10:48 +01:00
| LIST_SORT_SIGS
gpg: Make --list-options show-usage the default. * g10/gpg.c (main): Add LIST_SHOW_USAGE. -- The usage flags are often useful and they don't take away much space in a key listing. Thus it is better to have them enabled by default. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 12:22:33 +01:00
| LIST_SHOW_USAGE);
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#ifdef NO_TRUST_MODELS
opt.trust_model = TM_ALWAYS;
#else
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
opt.trust_model = TM_AUTO;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#endif
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
opt.tofu_default_policy = TOFU_POLICY_AUTO;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
opt.mangle_dos_filenames = 0;
opt.min_cert_level = 2;
set_screen_dimensions ();
gpg: Use --keyid-format=none by default. * g10/gpg.c (main): Init keyid_format to KF_NONE. * g10/keyid.c (format_keyid): Ditto. (keystrlen): Ditto. -- GnuPG-bug-id: 2379 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 17:03:47 +02:00
opt.keyid_format = KF_NONE;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
opt.def_sig_expire = "0";
opt.def_cert_expire = "0";
opt.passphrase_repeat = 1;
gpg: Avoid publishing the GnuPG version by default * g10/gpg.c (main): initialize opt.emit_version to 0 * doc/gpg.texi: document different default for --emit-version -- The version of GnuPG in use is not particularly helpful. It is not cryptographically verifiable, and it doesn't distinguish between significant version differences like 2.0.x and 2.1.x. Additionally, it leaks metadata that can be used to distinguish users from one another, and can potentially be used to target specific attacks if there are known behaviors that differ between major versions. It's probably better to take the more parsimonious approach to metadata production by default. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-04 22:58:13 +02:00
opt.emit_version = 0;
gpg: Ensure all weak digest rejection notices are shown * g10/main.h: Add rejection_shown flag to each weakhash struct * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not treat MD5 separately; (print_digest_rejected_note): Use weakhash.rejection_shown instead of static shown. * g10/options.h (opt): Change from additional_weak_digests to weak_digests. * g10/sig-check.c: Do not treat MD5 separately. * g10/gpg.c (main): Explicitly set MD5 as weak. * g10/gpgv.c (main): Explicitly set MD5 as weak. -- Previously, only one weak digest rejection message was shown, of whichever was the first type encountered. This meant that if "gpg --weak-digest SHA224" encountered both an MD5 digest and a SHA224 digest, it would only show the user that the MD5 digest was rejected. In order to let the user know which algorithms were rejected, we needed to move the "shown" flag into a per-weak-algorithm location. Given this additional complication, it made no sense to continue to treat MD5 specially, so it is added as a default weak algorithm in the same opt.weak_digests data structure as any other. Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-23 23:46:57 +02:00
opt.weak_digests = NULL;
gpg: Make rfc4880bis the default. * g10/gpg.c (set_compliance_option, main): Change CO_GNUPG to include rfc4880bis features. (main): Change rfc4880bis warning to a note. -- Note that the default is CO_GNUPG and not CO_OPENPGP. CO_OPENPGP does not include rfc4880bis yet and has a couple of things we don't like, like --allow-non-selfsigned-uids. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 11:23:56 +01:00
opt.compliance = CO_GNUPG;
opt.flags.rfc4880bis = 1;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
/* Check special options given on the command line. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
orig_argc = argc;
orig_argv = argv;
pargs.argc = &argc;
pargs.argv = &argv;
Print warning for arguments not considered an option. GnuPG requires that options are given before other arguments. This can sometimes be confusing. We now print a warning if we found an argument looking alike a long option without being preceded by the stop option. This is bug#1343. * common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New. * common/argparse.c (arg_parse): Set new flag. * g10/gpg.c (main): Print the warning. * agent/gpg-agent.c (main): Ditto. * dirmngr/dirmngr.c (main): Ditto. * g13/g13.c (main): Ditto. * scd/scdaemon.c (main): Ditto. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpgconf.c (main): Ditto.
2012-03-27 12:35:13 +02:00
pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
while (gpgrt_argparse (NULL, &pargs, opts))
{
switch (pargs.r_opt)
Preparing a release candidate.
2007-12-14 17:08:53 +01:00
{
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
case oDebug:
case oDebugAll:
debug_argparser++;
break;
case oDebugIOLBF:
es_setvbuf (es_stdout, NULL, _IOLBF, 0);
break;
case oNoOptions:
/* Set here here because the homedir would otherwise be
* created before main option parsing starts. */
Preparing a release candidate.
2007-12-14 17:08:53 +01:00
opt.no_homedir_creation = 1;
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
break;
case oHomedir:
Add --chuid to gpg, gpg-card, and gpg-connect-agent. * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
homedirvalue = pargs.r.ret_str;
break;
case oChUid:
changeuser = pargs.r.ret_str;
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
break;
case oNoPermissionWarn:
opt.no_perm_warn = 1;
break;
Preparing a release candidate.
2007-12-14 17:08:53 +01:00
}
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
}
/* Reset the flags. */
pargs.flags &= ~(ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#ifdef HAVE_DOSISH_SYSTEM
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
/* FIXME: Do we still need this? No: gnupg_homedir calls
* make_filename which changes the slashed anyway. IsDBCSLeadByte still
* needed? See bug #561. */
w32: Fix recent build regression. * common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition for NAME. * g10/gpg.c (main) [W32]: Fix use og gnupg_homedir. * agent/gpg-agent.c (remove_socket): Remove unused var P. * scd/scdaemon.c (cleanup): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 15:14:06 +02:00
if ( strchr (gnupg_homedir (), '\\') ) {
Replace use of opt.homedir by accessor functions. * common/homedir.c (the_gnupg_homedir): New var. (gnupg_set_homedir): New. (gnupg_homedir): New. * g10/options.h (struct opt): Remove 'homedir' and replace all users by the new accessor functions. * g13/g13-common.h (struct opt): Ditto. * scd/scdaemon.h (struct opt): Ditto. * sm/gpgsm.h (struct opt): Ditto. * dirmngr/dirmngr.h (struct opt): Ditto. * agent/preset-passphrase.c (opt_homedir): Ditto. * agent/protect-tool.c (opt_homedir): Ditto. -- This will make detection of a non-default homedir easier. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
char *d, *buf = xmalloc (strlen (gnupg_homedir ())+1);
const char *s;
for (d=buf, s = gnupg_homedir (); *s; s++)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*d++ = *s == '\\'? '/': *s;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#ifdef HAVE_W32_SYSTEM
if (s[1] && IsDBCSLeadByte (*s))
*d++ = *++s;
#endif
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*d = 0;
Replace use of opt.homedir by accessor functions. * common/homedir.c (the_gnupg_homedir): New var. (gnupg_set_homedir): New. (gnupg_homedir): New. * g10/options.h (struct opt): Remove 'homedir' and replace all users by the new accessor functions. * g13/g13-common.h (struct opt): Ditto. * scd/scdaemon.h (struct opt): Ditto. * sm/gpgsm.h (struct opt): Ditto. * dirmngr/dirmngr.h (struct opt): Ditto. * agent/preset-passphrase.c (opt_homedir): Ditto. * agent/protect-tool.c (opt_homedir): Ditto. -- This will make detection of a non-default homedir easier. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
gnupg_set_homedir (buf);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
#endif
Cleanups, fixes and PC/SC support
2003-08-05 19:11:04 +02:00
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
/* Initialize the secure memory. */
gpg: Add build and runtime support for larger RSA keys * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from STABLE-BRANCH-1-4 against master Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732
2014-10-09 22:54:15 +02:00
if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
got_secmem = 1;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying
Revert that last stupid setuid detection fix.
2008-07-17 21:49:51 +02:00
setuid privs. Just in case, bomb out if we are. */
if ( getuid () != geteuid () )
Do not run the setuid test if running under as root proper. Documentation fixes. Some enhancements for the new OpenPGP Card.
2008-07-17 21:40:53 +02:00
BUG ();
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#endif
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
maybe_setuid = 0;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Okay, we are now working under our real uid */
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* malloc hooks go here ... */
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
malloc_hooks.malloc = gcry_malloc;
malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
common: Add an assuan logging monitor. * common/asshelp.c (my_log_monitor): New var. (my_libassuan_log_handler): Run that monitor. (setup_libassuan_logging): Add arg to set a log monitor and change all callers. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 10:55:10 +02:00
setup_libassuan_logging (&opt.debug, NULL);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Add --chuid to gpg, gpg-card, and gpg-connect-agent. * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
/* Change UID and then set the homedir. */
if (changeuser && gnupg_chuid (changeuser, 0))
log_inc_errorcount (); /* Force later termination. */
gnupg_set_homedir (homedirvalue);
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve. * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 21:58:46 +02:00
/* Set default options which require that malloc stuff is ready. */
additional_weak_digest ("MD5");
gpg: Allow --locate-external-key even with --no-auto-key-locate. * g10/getkey.c (akl_empty_or_only_local): New. * g10/gpg.c (DEFAULT_AKL_LIST): New. (main): Use it here. (main) <aLocateExtKeys>: Set default AKL if none is set. -- This better matches the expectations of the user. The used list in this case is the default list ("local,wkd") with local ignored by the command anyway. GnuPG-bug-id: 4662 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 13:22:15 +02:00
parse_auto_key_locate (DEFAULT_AKL_LIST);
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve. * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 21:58:46 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
argc = orig_argc;
argv = orig_argv;
pargs.argc = &argc;
pargs.argv = &argv;
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
/* We are re-using the struct, thus the reset flag. We OR the
* flags so that the internal intialized flag won't be cleared. */
pargs.flags |= (ARGPARSE_FLAG_RESET
| ARGPARSE_FLAG_KEEP
| ARGPARSE_FLAG_SYS
gpg: Re-enable versioned config files * g10/gpg.c (main): Use ARGPARSE_FLAG_USERVERS. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-25 15:18:55 +01:00
| ARGPARSE_FLAG_USER
| ARGPARSE_FLAG_USERVERS);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* By this point we have a homedir, and cannot change it. */
Replace use of opt.homedir by accessor functions. * common/homedir.c (the_gnupg_homedir): New var. (gnupg_set_homedir): New. (gnupg_homedir): New. * g10/options.h (struct opt): Remove 'homedir' and replace all users by the new accessor functions. * g13/g13-common.h (struct opt): Ditto. * scd/scdaemon.h (struct opt): Ditto. * sm/gpgsm.h (struct opt): Ditto. * dirmngr/dirmngr.h (struct opt): Ditto. * agent/preset-passphrase.c (opt_homedir): Ditto. * agent/protect-tool.c (opt_homedir): Ditto. -- This will make detection of a non-default homedir easier. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
check_permissions (gnupg_homedir (), 0);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
/* The configuraton directories for use by gpgrt_argparser. */
gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
while (gpgrt_argparser (&pargs, opts, GPG_NAME EXTSEP_S "conf" ))
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
switch (pargs.r_opt)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
case ARGPARSE_CONFFILE:
if (debug_argparser)
log_info (_("reading options from '%s'\n"),
pargs.r_type? pargs.r.ret_str: "[cmdline]");
if (pargs.r_type)
{
xfree (last_configname);
last_configname = xstrdup (pargs.r.ret_str);
configname = last_configname;
gpg: Re-add checking of config file permissions. * g10/gpg.c (main): Re-add permission checking of the user config file. Re-add code to check against the SE-Linux secured file list. (get_default_configname): Remove unused func. * configure.ac (SAFE_VERSION, SAFE_VERSION_DOT) (SAFE_VERSION_DASH): Remove. -- Die to the switch to the new option parser, the permissions were not anymore checked. This patch fixes this. Note that there there is no checking for the global config file because that file is not expected to be user modifiable. This patch also adds checking against the list of SE-linux secured files. However, like in the old code the checking does not work in practise because the to be checked files are added to the the list only after option parsing. Tested using temporary debug code. The SAFE_VERSION macros were used for RISC OS, which is not anymore supported, and only in the now removed get_default_configname. There purpose was that a RISC OS could use a modified config.h here. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-25 12:11:57 +01:00
if (is_secured_filename (configname))
{
pargs.r_opt = ARGPARSE_PERMISSION_ERROR;
pargs.err = ARGPARSE_PRINT_ERROR;
}
else if (strncmp (configname, gnupg_sysconfdir (),
strlen (gnupg_sysconfdir ())))
{
/* This is not the global config file and thus we
* need to check the permissions: If the file is
* unsafe, then disable any external programs for
* keyserver calls or photo IDs. Since the
* external program to call is set in the options
* file, a unsafe options file can lead to an
* arbitrary program being run. */
if (check_permissions (configname, 1))
opt.exec_disable=1;
}
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
}
else
configname = NULL;
break;
/* case oOptions: */
/* case oNoOptions: */
/* We will never see these options here because
* gpgrt_argparse handles them for us. */
/* break */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aListConfig:
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
case aListGcryptConfig:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aGPGConfList:
.
2006-10-23 16:02:13 +02:00
case aGPGConfTest:
gpg: Avoid homedir creation by --list-config * g10/gpg.c (main): Do not register a key for the list config commands. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 19:22:48 +02:00
set_cmd (&cmd, pargs.r_opt);
/* Do not register a keyring for these commands. */
default_keyring = -1;
break;
case aCheckKeys:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aListPackets:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aImport:
case aFastImport:
case aSendKeys:
case aRecvKeys:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aSearchKeys:
case aRefreshKeys:
case aFetchKeys:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aExport:
Minor changes and typo fixes.
2006-09-06 13:53:24 +02:00
#ifdef ENABLE_CARD_SUPPORT
case aCardStatus:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aCardEdit:
Minor changes and typo fixes.
2006-09-06 13:53:24 +02:00
case aChangePIN:
#endif /* ENABLE_CARD_SUPPORT*/
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aListKeys:
Add command --locate-key. Fix auto-key-locate processing of "nodefault".
2008-05-07 17:40:36 +02:00
case aLocateKeys:
gpg: New command --locate-external-key. * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:13:26 +02:00
case aLocateExtKeys:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aListSigs:
case aExportSecret:
case aExportSecretSub:
gpg: New command --export-ssh-key * g10/export.c: Include membuf.h and host2net.h. (key_to_sshblob): New. (export_ssh_key): New. * g10/gpg.c (aExportSshKey): New. (opts): Add command. (main): Implement that command. -- GnuPG-bug-id: 2212 I have done only a few tests rights now and the ECDSA curves do not yet work. However ssh-keygen -l accept RSA and ed25519 keys exported using this command. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 17:22:32 +01:00
case aExportSshKey:
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
case aSym:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aClearsign:
case aGenRevoke:
case aDesigRevoke:
case aPrimegen:
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
case aGenRandom:
case aPrintMD:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aPrintMDs:
case aListTrustDB:
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
case aCheckTrustDB:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aUpdateTrustDB:
case aFixTrustDB:
case aListTrustPath:
case aDeArmor:
case aEnArmor:
case aSign:
gpg: Add commands --quick-sign-key and --quick-lsign-key. * g10/gpg.c (main): Add commands --quick-sign-key and --quick-lsign-key. * g10/keyedit.c (sign_uids): Add args FP and QUICK. (keyedit_quick_sign): New. (show_key_with_all_names): Add arg NOWARN.
2014-03-27 16:33:40 +01:00
case aQuickSignKey:
case aQuickLSignKey:
gpg: New command --quick-revoke-sig * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig. (opts): Add --quick-revoke-sig. (main): Implement. * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and adjust all callers. (keyedit_quick_revsig): new. * g10/revoke.c (get_default_sig_revocation_reason): New. * g10/keylist.c (cmp_signodes): Make global. -- GnuPG-bug-id: 5093
2020-10-28 17:06:27 +01:00
case aQuickRevSig:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aSignKey:
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
case aLSignKey:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aStore:
gpg: Add command --quick-gen-key * g10/gpg.c (aQuickKeygen): New. * g10/misc.c (is_valid_user_id): New stub. * g10/keygen.c (quickgen_set_para): New. (quick_generate_keypair): New. -- Note that the validation of the specified user id has not yet been implemented.
2014-07-23 15:12:43 +02:00
case aQuickKeygen:
gpg: New command --quick-adduid. * g10/keygen.c (ask_user_id): Factor some code out to ... (uid_already_in_keyblock): new. (generate_user_id): Add arg UIDSTR. Fix leaked P. * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. (keyedit_quick_adduid): New. * g10/gpg.c (aQuickAddUid): New. (opts): Add command --quick-adduid. (main): Implement that. -- GnuPG-bug-id: 1956 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
case aQuickAddUid:
gpg: New command --quick-addkey. * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New. (ask_keysize): Factor code out to ... (get_keysize_range, fixup_keysize): new. (parse_parameter_usage): Factor parsing out to ... (parse_usagestr): new. Allow use of "encr" as alias for "encrypt". (parse_subkey_algostr_usagestr): New. (generate_subkeypair): Add new args. Implement unattended mode. * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ... (find_by_primary_fpr): new. (keyedit_quick_addkey): New. * g10/gpg.c (aQuickAddKey): New. (opts): Add --quick-addkey. (main): Implement. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:54:48 +02:00
case aQuickAddKey:
g10: Implement gpg --quick-revuid * g10/revoke.c (get_default_uid_revocation_reason): New. * g10/keyedit.c (menu_revuid): Break out creation of uid revocation into new function core_revuid. * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and uid, invokes core_revuid. * g10/gpg.c (main): Handle --quick-revuid argument. * doc/gpg.texi: Document --quick-revuid. -- This functionality is a counterpart to --quick-adduid, and will be useful for projects that depend programmatically on gpg to revoke user IDs (one such example is "monkeysphere-host revoke-servicename"). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> - Minor re-indentation work. - Changed a "0 == memcmp" to "!memcmp" - Removed tests/openpgp/quick-key-manipulation.test from the Makefile. This test needs to be converted to gpgscm. - Removed example from whats-new-in-2.1.txt because that is generated. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-17 00:05:57 +02:00
case aQuickRevUid:
gpg: New option --quick-set-expire. * g10/gpg.c (aQuickSetExpire): New. (opts): New option --quick-set-expire. (main): Implement option. * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and NEWEXPIRATION. Change semantics of the return value. Change caller. (keyedit_quick_set_expire): New. -- This patch partly solves GnuPG-bug-id: 2701
2016-12-05 10:58:39 +01:00
case aQuickSetExpire:
gpg: New command --quick-set-primary-uid. * g10/gpg.c (aQuickSetPrimaryUid): New const. (opts): New command --quick-set-primary-uid. (main): Implement it. * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ... (quick_find_keyblock): new func. (keyedit_quick_revuid): Use quick_find_keyblock. (keyedit_quick_set_primary): New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 14:47:21 +01:00
case aQuickSetPrimaryUid:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aExportOwnerTrust:
case aImportOwnerTrust:
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
case aRebuildKeydbCaches:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
set_cmd (&cmd, pargs.r_opt);
break;
Minor changes and typo fixes.
2006-09-06 13:53:24 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aKeygen:
gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
case aFullKeygen:
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
case aEditKey:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aDeleteSecretKeys:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aDeleteSecretAndPublicKeys:
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
case aDeleteKeys:
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
case aPasswd:
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
set_cmd (&cmd, pargs.r_opt);
greeting=1;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
gpg: New command --show-keys. * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 11:50:58 +02:00
case aShowKeys:
set_cmd (&cmd, pargs.r_opt);
opt.import_options |= IMPORT_SHOW;
opt.import_options |= IMPORT_DRY_RUN;
opt.import_options &= ~IMPORT_REPAIR_KEYS;
gpg: Set some list options with --show-keys * g10/gpg.c (main): Set some list options. -- The new command --show-keys is commonly used to check the content of a file with keys. In this case it can be expected that all included subkeys and uids are of interested, even when they are already expired or have been revoked. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-11 08:46:37 +02:00
opt.list_options |= LIST_SHOW_UNUSABLE_UIDS;
opt.list_options |= LIST_SHOW_UNUSABLE_SUBKEYS;
opt.list_options |= LIST_SHOW_NOTATIONS;
opt.list_options |= LIST_SHOW_POLICY_URLS;
gpg: New command --show-keys. * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 11:50:58 +02:00
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aDecryptFiles: multifile=1; /* fall through */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aDecrypt: set_cmd( &cmd, aDecrypt); break;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
case aEncrFiles: multifile=1; /* fall through */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aEncr: set_cmd( &cmd, aEncr); break;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
case aVerifyFiles: multifile=1; /* fall through */
case aVerify: set_cmd( &cmd, aVerify); break;
Started to code a --server mode. It is far from being ready!
2006-12-21 20:40:00 +01:00
case aServer:
set_cmd (&cmd, pargs.r_opt);
opt.batch = 1;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
case aTOFUPolicy:
set_cmd (&cmd, pargs.r_opt);
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oArmor: opt.armor = 1; opt.no_armor=0; break;
case oOutput: opt.outfile = pargs.r.ret_str; break;
gpg: New option --input-size-hint. * g10/options.h: Include stdint.h. (struct opt): Add field 'input_size_hint'. * g10/gpg.c (oInputSizeHint): New. (opts): Add --input-size-hint. (main): Set opt.input_size_hint. * g10/progress.c (write_status_progress): Use the hint. -- This is a prerequisite to fix GnuPG-bug-id: 2368 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 21:31:12 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
gpg: New option --input-size-hint. * g10/options.h: Include stdint.h. (struct opt): Add field 'input_size_hint'. * g10/gpg.c (oInputSizeHint): New. (opts): Add --input-size-hint. (main): Set opt.input_size_hint. * g10/progress.c (write_status_progress): Use the hint. -- This is a prerequisite to fix GnuPG-bug-id: 2368 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 21:31:12 +02:00
case oInputSizeHint:
opt.input_size_hint = string_to_u64 (pargs.r.ret_str);
break;
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
case oChunkSize:
opt.chunk_size = pargs.r.ret_int;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oQuiet: opt.quiet = 1; break;
case oNoTTY: tty_no_terminal(1); break;
case oDryRun: opt.dry_run = 1; break;
case oInteractive: opt.interactive = 1; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oVerbose:
opt.verbose++;
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
opt.list_options|=LIST_SHOW_UNUSABLE_UIDS;
opt.list_options|=LIST_SHOW_UNUSABLE_SUBKEYS;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Added LIBINTL to more Makefile targets. doc/ * com-certs.pem: Added the current root certifcates of D-Trust and S-Trust. g10/ * status.c (write_status_begin_signing): New. * sign.c (sign_file, sign_symencrypt_file): Call it. * textfilter.c (copy_clearsig_text): Call it. * call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if required. * gpg.c (main): Let --no-use-agent and --gpg-agent-info print a warning. * misc.c (obsolete_option): New.
2007-01-30 21:16:28 +01:00
case oBatch:
opt.batch = 1;
nogreeting = 1;
break;
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
case oUseAgent: /* Dummy. */
Added LIBINTL to more Makefile targets. doc/ * com-certs.pem: Added the current root certifcates of D-Trust and S-Trust. g10/ * status.c (write_status_begin_signing): New. * sign.c (sign_file, sign_symencrypt_file): Call it. * textfilter.c (copy_clearsig_text): Call it. * call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if required. * gpg.c (main): Let --no-use-agent and --gpg-agent-info print a warning. * misc.c (obsolete_option): New.
2007-01-30 21:16:28 +01:00
break;
gpg: Do not always print dashes in obsolete_option. * g10/gpg.c (main): Pass option names to obsolete_option without double dash. * g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double dash only for command line options.
2014-09-25 22:13:03 +02:00
Added LIBINTL to more Makefile targets. doc/ * com-certs.pem: Added the current root certifcates of D-Trust and S-Trust. g10/ * status.c (write_status_begin_signing): New. * sign.c (sign_file, sign_symencrypt_file): Call it. * textfilter.c (copy_clearsig_text): Call it. * call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if required. * gpg.c (main): Let --no-use-agent and --gpg-agent-info print a warning. * misc.c (obsolete_option): New.
2007-01-30 21:16:28 +01:00
case oNoUseAgent:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
obsolete_option (configname, pargs.lineno, "no-use-agent");
Added LIBINTL to more Makefile targets. doc/ * com-certs.pem: Added the current root certifcates of D-Trust and S-Trust. g10/ * status.c (write_status_begin_signing): New. * sign.c (sign_file, sign_symencrypt_file): Call it. * textfilter.c (copy_clearsig_text): Call it. * call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if required. * gpg.c (main): Let --no-use-agent and --gpg-agent-info print a warning. * misc.c (obsolete_option): New.
2007-01-30 21:16:28 +01:00
break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oGpgAgentInfo:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
obsolete_option (configname, pargs.lineno, "gpg-agent-info");
Added LIBINTL to more Makefile targets. doc/ * com-certs.pem: Added the current root certifcates of D-Trust and S-Trust. g10/ * status.c (write_status_begin_signing): New. * sign.c (sign_file, sign_symencrypt_file): Call it. * textfilter.c (copy_clearsig_text): Call it. * call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if required. * gpg.c (main): Let --no-use-agent and --gpg-agent-info print a warning. * misc.c (obsolete_option): New.
2007-01-30 21:16:28 +01:00
break;
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
case oUseKeyboxd:
opt.use_keyboxd = 1;
break;
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
case oReaderPort:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
obsolete_scdaemon_option (configname, pargs.lineno, "reader-port");
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
break;
case octapiDriver:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
obsolete_scdaemon_option (configname, pargs.lineno, "ctapi-driver");
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
break;
case opcscDriver:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
obsolete_scdaemon_option (configname, pargs.lineno, "pcsc-driver");
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
break;
case oDisableCCID:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
obsolete_scdaemon_option (configname, pargs.lineno, "disable-ccid");
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
break;
gpg: Obsolete some keyserver helper options. * g10/options.h (opt): Remove keyserver_options.other. * g10/gpg.c (main): Obsolete option --honor-http-proxt. * g10/keyserver.c (add_canonical_option): Replace by ... (warn_kshelper_option): New. (parse_keyserver_uri): Obsolete "x-broken-http". -- Some of these options are deprecated for 10 years and they do not make any sense without the keyserver helpers. For one we print a hint on how to replace it: gpg: keyserver option 'ca-cert-file' is obsolete; \ please use 'hkp-cacert' in dirmngr.conf Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-08 15:14:35 +01:00
case oHonorHttpProxy:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
obsolete_option (configname, pargs.lineno, "honor-http-proxy");
gpg: Obsolete some keyserver helper options. * g10/options.h (opt): Remove keyserver_options.other. * g10/gpg.c (main): Obsolete option --honor-http-proxt. * g10/keyserver.c (add_canonical_option): Replace by ... (warn_kshelper_option): New. (parse_keyserver_uri): Obsolete "x-broken-http". -- Some of these options are deprecated for 10 years and they do not make any sense without the keyserver helpers. For one we print a hint on how to replace it: gpg: keyserver option 'ca-cert-file' is obsolete; \ please use 'hkp-cacert' in dirmngr.conf Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-08 15:14:35 +01:00
break;
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk
2014-09-25 20:45:37 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oAnswerYes: opt.answer_yes = 1; break;
case oAnswerNo: opt.answer_no = 1; break;
gpg: New option --force-sign-key * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key". (main): Set it. * g10/options.h (opt): New flag flags.force_sign_key. * g10/keyedit.c (sign_uids): Use new flag. -- GnuPG-bug-id: 4584
2021-03-11 11:27:07 +01:00
case oForceSignKey: opt.flags.force_sign_key = 1; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
case oPrimaryKeyring:
gpg: First patches to support a keybox storage backend. * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to .. * kbx/keybox.h: here. * kbx/keybox-init.c (keybox_lock): Add dummy function * g10/keydb.c: Include keybox.h. (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX. (struct resource_item): Add field kb. (maybe_create_keyring_or_box): Add error descriptions to diagnostics. Add arg IS_BOX. Write a header for a new keybox file. (keydb_add_resource): No more need for the force flag. Rename the local variable "force" to "create". Add URL scheme "gnupg-kbx". Add magic test to detect a keybox file. Add basic support for keybox. (keydb_new, keydb_get_resource_name, keydb_delete_keyblock) (keydb_locate_writable, keydb_search_reset, keydb_search2): Add support for keybox. (lock_all, unlock_all): Ditto. * g10/Makefile.am (needed_libs): Add libkeybox.a. (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround. * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY) KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New. * g10/gpg.c, g10/gpgv.c (main): Use new constants. -- I did most of these changes back in 2011 and only cleaned them up now. More to follow soon.
2012-12-27 15:04:29 +01:00
sl = append_to_strlist (&nrings, pargs.r.ret_str);
sl->flags = KEYDB_RESOURCE_FLAG_PRIMARY;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oShowKeyring:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--show-keyring",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--list-options ","show-keyring");
opt.list_options|=LIST_SHOW_KEYRING;
break;
gpg: Allow debug flag names for --debug. * g10/gpg.c (opts): Change arg for oDebug to a string. (debug_flags): New; factored out from set_debug. (set_debug): Remove "--debug-level help". Use parse_debug_flag to print the used flags. (main): Use parse_debug_flag for oDebug. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 21:01:10 +02:00
case oDebug:
if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
{
pargs.r_opt = ARGPARSE_INVALID_ARG;
pargs.err = ARGPARSE_PRINT_ERROR;
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oDebugAll: opt.debug = ~0; break;
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
case oDebugLevel: debug_level = pargs.r.ret_str; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: Add new option --debug-iolbf. * g10/gpg.c (oDebugIOLBF): new. (opts): Add --debug-iolbf. (main): Set option. -- This option is convenient for debugging to make sure that debug output to stderr is synced with output to stdout. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 14:07:50 +02:00
case oDebugIOLBF: break; /* Already set in pre-parse step. */
gpg: New maintainer option --debug-set-iobuf-size. * g10/gpg.c (opts): Add new option. (opt_set_iobuf_size): New var. (set_debug): Set the option. * tests/openpgp/armor.scm: Use this option to revert the buffer size to the one which used to exhibit the tested bugs. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 18:29:08 +01:00
case oDebugSetIobufSize:
opt_set_iobuf_size = pargs.r.ret_ulong;
opt_set_iobuf_size_used = 1;
break;
gpg: Use 128 MiB as default AEAD chunk size. * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-24 09:50:02 +02:00
case oDebugAllowLargeChunks:
allow_large_chunks = 1;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oStatusFD:
Minor fixes.
2008-12-09 09:58:02 +01:00
set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oStatusFile:
Minor fixes.
2008-12-09 09:58:02 +01:00
set_status_fd ( open_info_file (pargs.r.ret_str, 1, 0) );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oAttributeFD:
Minor fixes.
2008-12-09 09:58:02 +01:00
set_attrib_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oAttributeFile:
Minor fixes.
2008-12-09 09:58:02 +01:00
set_attrib_fd ( open_info_file (pargs.r.ret_str, 1, 1) );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oLoggerFD:
Translate all file descriptors received from assuan.
2007-07-12 17:28:30 +02:00
log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oLoggerFile:
logfile = pargs.r.ret_str;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oWithFingerprint:
opt.with_fingerprint = 1;
Fixed bug#1044. Use of --fingerprint with --with-fingerprint.
2009-05-20 12:23:33 +02:00
opt.fingerprint++;
break;
gpg: Add option --with-subkey-fingerprint. * g10/gpg.c (oWithSubkeyFingerprint): New. (opts): Add --with-subkey-fingerprint[s]. (main): Set that option. * g10/options.h (struct opt): Add 'with_subkey_fingerprint'. * g10/keylist.c (list_keyblock_print): Print subkey fingerprint. (print_fingerprint): Tweak printing to use compact format if desirable. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:55:03 +02:00
case oWithSubkeyFingerprint:
opt.with_subkey_fingerprint = 1;
break;
gpg: Add option to print fingerprints in ICAO spelling. * g10/gpg.c: Add option --with-icao-spelling. * g10/options.h (struct opt): Add with_icao_spelling. * g10/keylist.c (print_icao_hexdigit): New. (print_fingerprint): Print ICAO spelling. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-23 17:54:05 +01:00
case oWithICAOSpelling:
opt.with_icao_spelling = 1;
break;
Fixed bug#1044. Use of --fingerprint with --with-fingerprint.
2009-05-20 12:23:33 +02:00
case oFingerprint:
opt.fingerprint++;
fpr_maybe_cmd = 1;
break;
Add new option --with-keygrip
2010-10-08 13:11:08 +02:00
case oWithKeygrip:
opt.with_keygrip = 1;
break;
gpg,sm: New option --with-key-screening. * common/pkscreening.c: New. * common/pkscreening.h: New. * common/Makefile.am (common_sources): Add them. * g10/gpg.c (opts): New option --with-key-screening. * g10/options.h (struct opt): New field with_key_screening. * g10/keylist.c: Include pkscreening.h. (print_pk_screening): New. (list_keyblock_print): Call it. (print_compliance_flags): Call it. * sm/gpgsm.c (opts): New option --with-key-screening. * sm/gpgsm.h (scruct opt): New field with_key_screening. * sm/keylist.c: Include pkscreening.h. (print_pk_screening): New. (print_compliance_flags): Call it. Add new arg cert. (list_cert_colon): Pass arg cert (list_cert_std): Call print_pk_screening. * sm/fingerprint.c (gpgsm_get_rsa_modulus): New. -- This new option can be used to detect ROCA affected keys. To scan an entire keyring and print the affected fingerprints use this: gpg -k --with-key-screening --with-colons | gawk -F: \ '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next}; $1=="fpr" && found {print $10}; {found=0}' The same works for gpgsm. Note that we need gawk due to the "\<" in the r.e. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-17 21:10:19 +02:00
case oWithKeyScreening:
opt.with_key_screening = 1;
break;
Add new option --with-secret. * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
2014-06-03 21:35:59 +02:00
case oWithSecret:
opt.with_secret = 1;
break;
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for Joe.Doe@Example.ORG is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address wk@gnupg.org can be used for testing. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-27 08:34:29 +02:00
case oWithWKDHash:
opt.with_wkd_hash = 1;
break;
gpg: New option --with-key-origin. * g10/getkey.c (parse_key_origin): Factor list out as ... (key_origin_list): new struct. (key_origin_string): New. * g10/gpg.c (oWithKeyOrigin): New const. (opts): New option --with-key-origin. (main): Implement option. * g10/options.h (struct opt): New flag with_key_origin. * g10/keylist.c (list_keyblock_print): Print key origin info. (list_keyblock_colon): Ditto.
2017-07-20 17:27:48 +02:00
case oWithKeyOrigin:
opt.with_key_origin = 1;
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oSecretKeyring:
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
/* Ignore this old option. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
break;
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oNoArmor: opt.no_armor=1; opt.armor=0; break;
gpg: New option --no-keyring. * g10/gpg.c (oNoKeyring): New. (opts): Add "--no-keyring". (main): Do not register any keyring if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:33:40 +02:00
case oNoDefKeyring:
if (default_keyring > 0)
default_keyring = 0;
break;
case oNoKeyring:
default_keyring = -1;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oNoGreeting: nogreeting = 1; break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oNoVerbose:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
opt.verbose = 0;
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
opt.list_sigs=0;
break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oQuickRandom:
Migrated more stuff to doc/ Migrated the gpg regression tests. Some changes tp the gpg code to fix bugs and for the use in testing. make distcheck works now with gpg enabled.
2006-08-21 22:20:23 +02:00
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
break;
gpg: Change armor Version header to emit only the major version. * g10/options.h (opt): Rename field no_version to emit_version. * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version to bump up opt.emit_version. * g10/armor.c (armor_filter): Implement different --emit-version values. -- GnuPG-bug-id: 1572 Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-27 09:20:02 +01:00
case oEmitVersion: opt.emit_version++; break;
case oNoEmitVersion: opt.emit_version=0; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#ifndef NO_TRUST_MODELS
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#endif /*!NO_TRUST_MODELS*/
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
case oDefaultKey:
gpg: Check for ambiguous or non-matching key specs. * g10/gpg.c (check_user_ids): New function. (main): Check that any user id specifications passed to --local-user and --remote-user correspond to exactly 1 user. Check that any user id specifications passed to --default-key correspond to at most 1 user. Warn if any user id specifications passed to --local-user or --default-user are possible ambiguous (are not specified by long keyid or fingerprint). * g10/getkey.c (parse_def_secret_key): Don't warn about possible ambiguous key descriptions here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 1128 Debian-debug-id: 544490
2015-11-05 17:29:53 +01:00
sl = add_to_strlist (&opt.def_secret_key, pargs.r.ret_str);
gpg: Do not pre-check keys given on the command line. * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG) (PK_LIST_SHIFT): New. * g10/pkclist.c (build_pk_list): Use them here. * g10/gpg.c (check_user_ids, main): Ditto. * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR. (check_user_ids): Skip check for command line specified options. -- If a key has been given on the command line and it has not been given by one of the encrypt-to options, we now skip the checks. The reason is that the actual key selection code does its own checks and provides proper status message to the caller to detect the wrong keys. Without this we would break most frontends because they expect for example STATUS_INV_RECP. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
if (configname)
gpg: Mark more options as coming from the config file (when this holds) * g10/gpg.c (main): When --default-key or --encrypt-to-default-key is taken from the config file, note this. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Regression-due-to: 28311d1
2015-12-17 10:44:55 +01:00
sl->flags |= PK_LIST_CONFIG;
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oDefRecipient:
Migrated more stuff to doc/ Migrated the gpg regression tests. Some changes tp the gpg code to fix bugs and for the use in testing. make distcheck works now with gpg enabled.
2006-08-21 22:20:23 +02:00
if( *pargs.r.ret_str )
gpg: Eliminate a memory leak. * g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 09:57:00 +01:00
{
xfree (opt.def_recipient);
opt.def_recipient = make_username(pargs.r.ret_str);
}
Migrated more stuff to doc/ Migrated the gpg regression tests. Some changes tp the gpg code to fix bugs and for the use in testing. make distcheck works now with gpg enabled.
2006-08-21 22:20:23 +02:00
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oDefRecipientSelf:
Migrated more stuff to doc/ Migrated the gpg regression tests. Some changes tp the gpg code to fix bugs and for the use in testing. make distcheck works now with gpg enabled.
2006-08-21 22:20:23 +02:00
xfree(opt.def_recipient); opt.def_recipient = NULL;
opt.def_recipient_self = 1;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oNoDefRecipient:
Migrated more stuff to doc/ Migrated the gpg regression tests. Some changes tp the gpg code to fix bugs and for the use in testing. make distcheck works now with gpg enabled.
2006-08-21 22:20:23 +02:00
xfree(opt.def_recipient); opt.def_recipient = NULL;
opt.def_recipient_self = 0;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oHomedir: break;
Add --chuid to gpg, gpg-card, and gpg-connect-agent. * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
case oChUid: break; /* Command line only (see above). */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oNoBatch: opt.batch = 0; break;
Add command --locate-key. Fix auto-key-locate processing of "nodefault".
2008-05-07 17:40:36 +02:00
gpg: New option --with-tofu-info. * g10/gpg.c (oWithTofuInfo): New. (opts): Add --with-tofu-info. (main): Set opt.with_tofu_info. * g10/options.h (struct opt): Add field WITH_TOFU_INFO. * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter special mode if not NULL. Change all callers. (tofu_write_tfs_record): New. * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as part of the "uid" record. Print a new "tfs" record if the new option is set. * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record. -- A separate option is required to avoid slowing down key listings. Foer example the current code takes for a keylisting in tofu+pgp mode 17 seconds while it takes more than 5 minutes if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 09:26:36 +02:00
case oWithTofuInfo: opt.with_tofu_info = 1; break;
Add command --locate-key. Fix auto-key-locate processing of "nodefault".
2008-05-07 17:40:36 +02:00
case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oWithColons: opt.with_colons=':'; break;
Add command --locate-key. Fix auto-key-locate processing of "nodefault".
2008-05-07 17:40:36 +02:00
case oWithSigCheck: opt.check_sigs = 1; /*FALLTHRU*/
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oWithSigList: opt.list_sigs = 1; break;
Add command --locate-key. Fix auto-key-locate processing of "nodefault".
2008-05-07 17:40:36 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oSkipVerify: opt.skip_verify=1; break;
Add gpgconf related dummy options default_pubkey_algo. Add option --skip-hidden-recipients Comment updates.
2009-11-23 20:18:04 +01:00
case oSkipHiddenRecipients: opt.skip_hidden_recipients = 1; break;
case oNoSkipHiddenRecipients: opt.skip_hidden_recipients = 0; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#ifndef NO_TRUST_MODELS
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* There are many programs (like mutt) that call gpg with
--always-trust so keep this option around for a long
time. */
case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
case oTrustModel:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
parse_trust_model(pargs.r.ret_str);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#endif /*!NO_TRUST_MODELS*/
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
case oTOFUDefaultPolicy:
opt.tofu_default_policy = parse_tofu_policy (pargs.r.ret_str);
break;
case oTOFUDBFormat:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
obsolete_option (configname, pargs.lineno, "tofu-db-format");
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
break;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oForceOwnertrust:
Use a unique capitalization for "Note:". --
2014-10-10 15:29:42 +02:00
log_info(_("Note: %s is not for normal use!\n"),
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
"--force-ownertrust");
opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
if(opt.force_ownertrust==-1)
{
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error("invalid ownertrust '%s'\n",pargs.r.ret_str);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
opt.force_ownertrust=0;
}
break;
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
gpg: New option --no-auto-trust-new-key. * g10/gpg.c (oNoAutoTrustNewKey): New. (opts): Add --no-auto-trust-new-key. (main): Set it. * g10/options.h (opt): Add flags.no_auto_trust_new_key. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
case oNoAutoTrustNewKey: opt.flags.no_auto_trust_new_key = 1; break;
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
case oCompliance:
common,gpg,sm: Move the compliance option parser. * common/compliance.c (gnupg_parse_compliance_option): New function. * common/compliance.h (struct gnupg_compliance_option): New type. (gnupg_parse_compliance_option): New prototype. * g10/gpg.c (parse_compliance_option): Remove function. (compliance_options): New variable. (main): Adapt callsite. * sm/gpgsm.c (main): Use the new common function. * sm/gpgsm.h (opt): New field 'compliance'. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 11:50:54 +02:00
{
gpg: New option --key-origin. * g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 17:28:32 +02:00
int compliance = gnupg_parse_compliance_option
(pargs.r.ret_str,
compliance_options, DIM (compliance_options),
opt.quiet);
common,gpg,sm: Move the compliance option parser. * common/compliance.c (gnupg_parse_compliance_option): New function. * common/compliance.h (struct gnupg_compliance_option): New type. (gnupg_parse_compliance_option): New prototype. * g10/gpg.c (parse_compliance_option): Remove function. (compliance_options): New variable. (main): Adapt callsite. * sm/gpgsm.c (main): Use the new common function. * sm/gpgsm.h (opt): New field 'compliance'. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 11:50:54 +02:00
if (compliance < 0)
g10_exit (1);
set_compliance_option (compliance);
}
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
break;
case oOpenPGP:
case oRFC2440:
case oRFC4880:
gpg: New option --rfc4880bis. * g10/options.h (struct opt): Add field flags.rfc4880bis. * g10/gpg.c (oRFC4880bis): new. (opts): add --rfc4880bis. (main): Implement that and print a warning. -- This is option enables experimental features which may be dropped or changed with the next release. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 22:19:23 +02:00
case oRFC4880bis:
gpg: New option --compliance. * g10/gpg.c (oCompliance): New. (opts): Add "--compliance". (parse_tofu_policy): Use a generic description string for "help". (parse_compliance_option): New. (main): Add option oCompliance. Factor out code for compliance setting to ... (set_compliance_option): new. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:03:29 +01:00
case oPGP7:
case oPGP8:
case oGnuPG:
set_compliance_option (pargs.r_opt);
break;
case oRFC2440Text: opt.rfc2440_text=1; break;
case oNoRFC2440Text: opt.rfc2440_text=0; break;
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
case oSetFilename:
if(utf8_strings)
opt.set_filename = pargs.r.ret_str;
else
opt.set_filename = native_to_utf8(pargs.r.ret_str);
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oForYourEyesOnly: eyes_only = 1; break;
case oNoForYourEyesOnly: eyes_only = 0; break;
case oSetPolicyURL:
add_policy_url(pargs.r.ret_str,0);
add_policy_url(pargs.r.ret_str,1);
break;
case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
case oShowPolicyURL:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--show-policy-url",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--list-options ","show-policy-urls");
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--show-policy-url",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--verify-options ","show-policy-urls");
opt.list_options|=LIST_SHOW_POLICY_URLS;
opt.verify_options|=VERIFY_SHOW_POLICY_URLS;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oNoShowPolicyURL:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--no-show-policy-url",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--list-options ","no-show-policy-urls");
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--no-show-policy-url",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--verify-options ","no-show-policy-urls");
opt.list_options&=~LIST_SHOW_POLICY_URLS;
opt.verify_options&=~VERIFY_SHOW_POLICY_URLS;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
case oUseEmbeddedFilename:
opt.flags.use_embedded_filename=1;
break;
case oNoUseEmbeddedFilename:
opt.flags.use_embedded_filename=0;
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oComment:
if(pargs.r.ret_str[0])
append_to_strlist(&opt.comments,pargs.r.ret_str);
break;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
case oDefaultComment:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
"--default-comment","--no-comments","");
/* fall through */
case oNoComments:
free_strlist(opt.comments);
opt.comments=NULL;
break;
gpg: Remove option aliases --[no-]throw-keyid and --notation-data. * g10/gpg.c (opts): Remove them. * g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users. -- See mails starting http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
2014-12-03 11:28:10 +01:00
case oThrowKeyids: opt.throw_keyids = 1; break;
case oNoThrowKeyids: opt.throw_keyids = 0; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oShowPhotos:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--show-photos",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--list-options ","show-photos");
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--show-photos",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--verify-options ","show-photos");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
opt.list_options|=LIST_SHOW_PHOTOS;
opt.verify_options|=VERIFY_SHOW_PHOTOS;
break;
case oNoShowPhotos:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--no-show-photos",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--list-options ","no-show-photos");
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--no-show-photos",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--verify-options ","no-show-photos");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
opt.list_options&=~LIST_SHOW_PHOTOS;
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
gpg: Remove all support for v3 keys and always create v4-signatures. * g10/build-packet.c (do_key): Remove support for building v3 keys. * g10/parse-packet.c (read_protected_v3_mpi): Remove. (parse_key): Remove support for v3-keys. Add dedicated warnings for v3-key packets. * g10/keyid.c (hash_public_key): Remove v3-key support. (keyid_from_pk): Ditto. (fingerprint_from_pk): Ditto. * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs. * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs, oForceV4Certs, oNoForceV4Certs. (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs, --no-force-v4-certs int dummy options. (main): Remove setting of the force_v3_sigs force_v4_certs flags. * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs. * g10/sign.c (hash_uid): Remove support for v3-signatures (hash_sigversion_to_magic): Ditto. (only_old_style): Remove this v3-key function. (write_signature_packets): Remove support for creating v3-signatures. (sign_file): Ditto. (sign_symencrypt_file): Ditto. (clearsign_file): Ditto. Remove code to emit no Hash armor line if only v3-keys are used. (make_keysig_packet): Remove arg SIGVERSION and force using v4-signatures. Change all callers to not pass a value for this arg. Remove all v3-key related code. (update_keysig_packet): Remove v3-signature support. * g10/keyedit.c (sign_uids): Always create v4-signatures. * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and change caller. -- v3 keys are deprecated for about 15 years and due the severe weaknesses of MD5 it does not make any sense to keep code around to use these old and broken keys. Users who need to decrypt old messages should use gpg 1.4 and best re-encrypt them to modern standards. verification of old (i.e. PGP2) created signatures is thus also not anymore possible but such signatures have no values anyway - MD5 is just too broken. We have also kept support for v3 signatures until now. With the removal of support for v3 keys it is questionable whether it makes any sense to keep support for v3-signatures. What we do now is to keep support for verification of v3-signatures but we force the use of v4-signatures. The latter makes the --pgp6 and --pgp7 switch a bit obsolete because those PGP versions require v3-signatures for messages. These versions of PGP are also really old and not anymore maintained so they have not received any bug fixes and should not be used anyway. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-12 20:07:12 +02:00
gpg: New option --force-aead * g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric into single bit vars. Make sure they are always set to 1 or 0. (DEK): New field use_aead. * g10/options.h (struct opt): New field force_aead. * g10/pkclist.c (select_aead_from_pklist): New. * g10/gpg.c (oForceAEAD): New const. (opts): New options "--force-aead". (main): Set new option. * g10/encrypt.c (use_aead): New. (encrypt_simple): Implement new flags DEK.use_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. -- This patch should be enough to detect whether AEAD can be used. Not tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:07:11 +01:00
case oForceAEAD: opt.force_aead = 1; break;
gpg: New option --disable-signer-uid, create Signer's UID sub-packet. * g10/gpg.c (oDisableSignerUID): New. (opts): New option '--disable-signer-uid'. (main): Set option. * g10/options.h (opt): Add field flags.disable_signer_uid. * g10/sign.c: Include mbox-util.h. (mk_notation_policy_etc): Embed the signer's uid. * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key retrieval if --disable-signer-uid is used. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:24:09 +02:00
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
gpg: New option --include-key-block. * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New. * g10/gpg.c (oIncludeKeyBlock): New. (opts): New option --include-key-block. (main): Implement. * g10/options.h (opt): New flag include_key_block. * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK. (parse_one_sig_subpkt): Ditto. (can_handle_critical): Ditto. * g10/sign.c (mk_sig_subpkt_key_block): New. (write_signature_packets): Call it for data signatures. -- This patch adds support for a to be proposed OpenPGP ferature: Introduce the Key Block subpacket to align OpenPGP with CMS. This new subpacket may be used similar to the CertificateSet of CMS (RFC-5652) and thus allows to start encrypted communication after having received a signed message. In practice a stripped down version of the key should be including having only the key material and the self-signatures which are really useful and shall be used by the recipient to reply encrypted. #### Key Block (1 octet with value 0, N octets of key data) This subpacket MAY be used to convey key data along with a signature of class 0x00, 0x01, or 0x02. It MUST contain the key used to create the signature; either as the primary key or as a subkey. The key SHOULD contain a primary or subkey capable of encryption and the entire key must be a valid OpenPGP key including at least one User ID packet and the corresponding self-signatures. Implementations MUST ignore this subpacket if the first octet does not have a value of zero or if the key data does not represent a valid transferable public key. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 13:28:35 +01:00
case oIncludeKeyBlock: opt.flags.include_key_block = 1; break;
gpg: New option --auto-key-import * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:04:47 +01:00
case oNoIncludeKeyBlock: opt.flags.include_key_block = 0; break;
gpg: New option --disable-signer-uid, create Signer's UID sub-packet. * g10/gpg.c (oDisableSignerUID): New. (opts): New option '--disable-signer-uid'. (main): Set option. * g10/options.h (opt): Add field flags.disable_signer_uid. * g10/sign.c: Include mbox-util.h. (mk_notation_policy_etc): Embed the signer's uid. * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key retrieval if --disable-signer-uid is used. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:24:09 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
* parse-packet.c (parse_symkeyenc): Show the unpacked as well as the packed s2k iteration count. * main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c (hash_passphrase): Add --s2k-count option to specify the number of s2k hash iterations.
2006-10-13 06:06:24 +02:00
case oS2KCount:
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
if (pargs.r.ret_int)
opt.s2k_count = encode_s2k_iterations (pargs.r.ret_int);
else
opt.s2k_count = 0; /* Auto-calibrate when needed. */
* parse-packet.c (parse_symkeyenc): Show the unpacked as well as the packed s2k iteration count. * main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c (hash_passphrase): Add --s2k-count option to specify the number of s2k hash iterations.
2006-10-13 06:06:24 +02:00
break;
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
case oRecipient:
case oHiddenRecipient:
case oRecipientFile:
case oHiddenRecipientFile:
/* Store the recipient. Note that we also store the
* option as private data in the flags. This is achieved
* by shifting the option value to the left so to keep
* enough space for the flags. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
if (configname)
gpg: Do not pre-check keys given on the command line. * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG) (PK_LIST_SHIFT): New. * g10/pkclist.c (build_pk_list): Use them here. * g10/gpg.c (check_user_ids, main): Ditto. * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR. (check_user_ids): Skip check for command line specified options. -- If a key has been given on the command line and it has not been given by one of the encrypt-to options, we now skip the checks. The reason is that the actual key selection code does its own checks and provides proper status message to the caller to detect the wrong keys. Without this we would break most frontends because they expect for example STATUS_INV_RECP. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
sl->flags |= PK_LIST_CONFIG;
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
if (pargs.r_opt == oHiddenRecipient
|| pargs.r_opt == oHiddenRecipientFile)
sl->flags |= PK_LIST_HIDDEN;
if (pargs.r_opt == oRecipientFile
|| pargs.r_opt == oHiddenRecipientFile)
sl->flags |= PK_LIST_FROM_FILE;
any_explicit_recipient = 1;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
case oEncryptTo:
case oHiddenEncryptTo:
/* Store an additional recipient. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_ENCRYPT_TO);
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
if (configname)
gpg: Do not pre-check keys given on the command line. * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG) (PK_LIST_SHIFT): New. * g10/pkclist.c (build_pk_list): Use them here. * g10/gpg.c (check_user_ids, main): Ditto. * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR. (check_user_ids): Skip check for command line specified options. -- If a key has been given on the command line and it has not been given by one of the encrypt-to options, we now skip the checks. The reason is that the actual key selection code does its own checks and provides proper status message to the caller to detect the wrong keys. Without this we would break most frontends because they expect for example STATUS_INV_RECP. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
sl->flags |= PK_LIST_CONFIG;
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
if (pargs.r_opt == oHiddenEncryptTo)
sl->flags |= PK_LIST_HIDDEN;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
case oNoEncryptTo:
opt.no_encrypt_to = 1;
break;
gpg: Add --encrypt-to-default-key. * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and export the function. * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey. (opts): Handle oEncryptToDefaultKey. (main): Likewise. * g10/options.h (opt): Add field encrypt_to_default_key. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 807
2015-11-03 23:39:46 +01:00
case oEncryptToDefaultKey:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
opt.encrypt_to_default_key = configname ? 2 : 1;
gpg: Add --encrypt-to-default-key. * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and export the function. * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey. (opts): Handle oEncryptToDefaultKey. (main): Likewise. * g10/options.h (opt): Add field encrypt_to_default_key. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 807
2015-11-03 23:39:46 +01:00
break;
More agent support for gpg.
2010-10-13 17:57:08 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oTrySecretKey:
More agent support for gpg.
2010-10-13 17:57:08 +02:00
add_to_strlist2 (&opt.secret_keys_to_try,
pargs.r.ret_str, utf8_strings);
break;
gpg: New option --mimemode. * g10/gpg.c (oMimemode): New. (opts): Add --mimemode. (main): Use --mimemode only in rfc4880bis compliance mode. * g10/options.h (struct opt): Add field "mimemode". * g10/build-packet.c (do_plaintext): Allow for mode 'm'. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested. * g10/plaintext.c (handle_plaintext): Handle 'm' mode. * g10/sign.c (write_plaintext_packet): Handle 'm' mode. (sign_file, sign_symencrypt_file): Use 'm' if requested. -- Thsi patch prepares for a proposed change in RFC4880bis to support a MIME flag. A literal data packet with the mime flag set is handled like a 't' or 'u' but CR are not removed. The PLAINTEXT status line will also indicate a MIME content. If --mimemode is used without --rfc4880bis 't' will be used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 13:31:12 +02:00
case oMimemode: opt.mimemode = opt.textmode = 1; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oTextmodeShort: opt.textmode = 2; break;
case oTextmode: opt.textmode=1; break;
gpg: New option --mimemode. * g10/gpg.c (oMimemode): New. (opts): Add --mimemode. (main): Use --mimemode only in rfc4880bis compliance mode. * g10/options.h (struct opt): Add field "mimemode". * g10/build-packet.c (do_plaintext): Allow for mode 'm'. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested. * g10/plaintext.c (handle_plaintext): Handle 'm' mode. * g10/sign.c (write_plaintext_packet): Handle 'm' mode. (sign_file, sign_symencrypt_file): Use 'm' if requested. -- Thsi patch prepares for a proposed change in RFC4880bis to support a MIME flag. A literal data packet with the mime flag set is handled like a 't' or 'u' but CR are not removed. The PLAINTEXT status line will also indicate a MIME content. If --mimemode is used without --rfc4880bis 't' will be used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 13:31:12 +02:00
case oNoTextmode: opt.textmode=opt.mimemode=0; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oExpert: opt.expert = 1; break;
case oNoExpert: opt.expert = 0; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oDefSigExpire:
if(*pargs.r.ret_str!='\0')
{
if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error(_("'%s' is not a valid signature expiration\n"),
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
pargs.r.ret_str);
else
opt.def_sig_expire=pargs.r.ret_str;
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oAskSigExpire: opt.ask_sig_expire = 1; break;
case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oDefCertExpire:
if(*pargs.r.ret_str!='\0')
{
if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error(_("'%s' is not a valid signature expiration\n"),
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
pargs.r.ret_str);
else
opt.def_cert_expire=pargs.r.ret_str;
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oAskCertExpire: opt.ask_cert_expire = 1; break;
case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
case oAskCertLevel: opt.ask_cert_level = 1; break;
case oNoAskCertLevel: opt.ask_cert_level = 0; break;
case oLocalUser: /* store the local users */
gpg: Check for ambiguous or non-matching key specs. * g10/gpg.c (check_user_ids): New function. (main): Check that any user id specifications passed to --local-user and --remote-user correspond to exactly 1 user. Check that any user id specifications passed to --default-key correspond to at most 1 user. Warn if any user id specifications passed to --local-user or --default-user are possible ambiguous (are not specified by long keyid or fingerprint). * g10/getkey.c (parse_def_secret_key): Don't warn about possible ambiguous key descriptions here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 1128 Debian-debug-id: 544490
2015-11-05 17:29:53 +01:00
sl = add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
gpg: Do not pre-check keys given on the command line. * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG) (PK_LIST_SHIFT): New. * g10/pkclist.c (build_pk_list): Use them here. * g10/gpg.c (check_user_ids, main): Ditto. * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR. (check_user_ids): Skip check for command line specified options. -- If a key has been given on the command line and it has not been given by one of the encrypt-to options, we now skip the checks. The reason is that the actual key selection code does its own checks and provides proper status message to the caller to detect the wrong keys. Without this we would break most frontends because they expect for example STATUS_INV_RECP. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
if (configname)
gpg: Do not pre-check keys given on the command line. * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG) (PK_LIST_SHIFT): New. * g10/pkclist.c (build_pk_list): Use them here. * g10/gpg.c (check_user_ids, main): Ditto. * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR. (check_user_ids): Skip check for command line specified options. -- If a key has been given on the command line and it has not been given by one of the encrypt-to options, we now skip the checks. The reason is that the actual key selection code does its own checks and provides proper status message to the caller to detect the wrong keys. Without this we would break most frontends because they expect for example STATUS_INV_RECP. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
sl->flags |= PK_LIST_CONFIG;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
gpg: New option --sender * g10/options.h (struct opt): Add field 'sender_list'. * g10/gpg.c: Include mbox-util.h. (oSender): New. (opts): Add option "--sender". (main): Parse option. -- This option will eventually be used for more advanced purposes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 10:08:34 +02:00
case oSender:
{
common: Prepare for parsing mail sub-addresses. * common/mbox-util.c (mailbox_from_userid): Add arg subaddress and implement. Change all callers to pass false for it. * common/t-mbox-util.c (run_mbox_no_sub_test): New. (run_filter): Add arg no_sub. (main): Call new test and add option --no-sub. -- Some stats: In the about 5300000 keys on the SKS servers we found 3055 unique mailboxes with a '+' in it. After removing leading and trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz") 2697 were left which seem to be valid sub-addresses. To filter mailboxes out from a line delimited list with user-ids (e.g. an SQL output), the command t-mbox-util --verbose --filter can be used; to output w/o sub-addresses add --no-sub. GnuPG-bug-id: 4200 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-12 07:44:33 +01:00
char *mbox = mailbox_from_userid (pargs.r.ret_str, 0);
gpg: New option --sender * g10/options.h (struct opt): Add field 'sender_list'. * g10/gpg.c: Include mbox-util.h. (oSender): New. (opts): Add option "--sender". (main): Parse option. -- This option will eventually be used for more advanced purposes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 10:08:34 +02:00
if (!mbox)
log_error (_("\"%s\" is not a proper mail address\n"),
pargs.r.ret_str);
else
{
add_to_strlist (&opt.sender_list, mbox);
xfree (mbox);
}
}
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oCompress:
/* this is the -z command line option */
opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
break;
case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
case oPassphrase:
gpg: The option --passphrase= can be empty. * g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow empty string. GnuPG-bug-id: 4633 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-19 10:17:15 +02:00
set_passphrase_from_string (pargs.r_type ? pargs.r.ret_str : "");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
break;
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
case oPassphraseFD:
Translate all file descriptors received from assuan.
2007-07-12 17:28:30 +02:00
pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
case oPassphraseFile:
Minor fixes.
2008-12-09 09:58:02 +01:00
pwfd = open_info_file (pargs.r.ret_str, 0, 1);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
case oPassphraseRepeat:
opt.passphrase_repeat = pargs.r.ret_int;
break;
case oPinentryMode:
opt.pinentry_mode = parse_pinentry_mode (pargs.r.ret_str);
if (opt.pinentry_mode == -1)
log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
break;
gpg,sm: New option --request-origin. * g10/gpg.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * g10/options.h (struct opt): Add field request_origin. * g10/call-agent.c (start_agent): Send option to the agent. * sm/gpgsm.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * sm/gpgsm.h (struct opt): Add field request_origin. * sm/call-agent.c (start_agent): Send option to the agent. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
case oRequestOrigin:
opt.request_origin = parse_request_origin (pargs.r.ret_str);
if (opt.request_origin == -1)
log_error (_("invalid request origin '%s'\n"), pargs.r.ret_str);
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oCommandFD:
Translate all file descriptors received from assuan.
2007-07-12 17:28:30 +02:00
opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
gpg,common: Make sure that all fd given are valid. * common/sysutils.c (gnupg_fd_valid): New function. * common/sysutils.h (gnupg_fd_valid): New declaration. * common/logging.c (log_set_file): Use the new function. * g10/cpr.c (set_status_fd): Likewise. * g10/gpg.c (main): Likewise. * g10/keylist.c (read_sessionkey_from_fd): Likewise. * g10/passphrase.c (set_attrib_fd): Likewise. * tests/openpgp/Makefile.am (XTESTS): Add the new test. * tests/openpgp/issue2941.scm: New file. -- Consider a situation where the user passes "--status-fd 3" but file descriptor 3 is not open. During the course of executing the rest of the commands, it's possible that gpg itself will open some files, and file descriptor 3 will get allocated. In this situation, the status information will be appended directly to whatever file happens to have landed on fd 3 (the trustdb? the keyring?). This is a potential data destruction issue for all writable file descriptor options: --status-fd --attribute-fd --logger-fd It's also a potential issue for readable file descriptor options, but the risk is merely weird behavior, and not data corruption: --override-session-key-fd --passphrase-fd --command-fd Fixes this by checking whether the fd is valid early on before using it. GnuPG-bug-id: 2941 Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-08 13:49:41 +01:00
if (! gnupg_fd_valid (opt.command_fd))
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
log_error ("command-fd is invalid: %s\n", strerror (errno));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oCommandFile:
Minor fixes.
2008-12-09 09:58:02 +01:00
opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oCipherAlgo:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
def_cipher_string = xstrdup(pargs.r.ret_str);
break;
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
case oAEADAlgo:
def_aead_string = xstrdup (pargs.r.ret_str);
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oDigestAlgo:
def_digest_string = xstrdup(pargs.r.ret_str);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oCompressAlgo:
/* If it is all digits, stick a Z in front of it for
later. This is for backwards compatibility with
versions that took the compress algorithm number. */
{
char *pt=pargs.r.ret_str;
while(*pt)
{
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if (!isascii (*pt) || !isdigit (*pt))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
pt++;
}
if(*pt=='\0')
{
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
compress_algo_string=xmalloc(strlen(pargs.r.ret_str)+2);
strcpy(compress_algo_string,"Z");
strcat(compress_algo_string,pargs.r.ret_str);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
else
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
compress_algo_string = xstrdup(pargs.r.ret_str);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oCertDigestAlgo:
g10/ does build again.
2006-05-23 18:19:43 +02:00
cert_digest_string = xstrdup(pargs.r.ret_str);
break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oNoSecmemWarn:
gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
g10/ does build again.
2006-05-23 18:19:43 +02:00
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oRequireSecmem: require_secmem=1; break;
case oNoRequireSecmem: require_secmem=0; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oNoPermissionWarn: opt.no_perm_warn=1; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oDisplayCharset:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( set_native_charset( pargs.r.ret_str ) )
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error(_("'%s' is not a valid character set\n"),
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
pargs.r.ret_str);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oNotDashEscaped: opt.not_dash_escaped = 1; break;
case oEscapeFrom: opt.escape_from = 1; break;
case oNoEscapeFrom: opt.escape_from = 0; break;
case oLockOnce: opt.lock_once = 1; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oLockNever:
Renamed the lock functions. Also cleaned up the dotlock code for easier readability.
2011-09-23 14:43:58 +02:00
dotlock_disable ();
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oLockMultiple:
#ifndef __riscos__
opt.lock_once = 0;
#else /* __riscos__ */
riscos_not_implemented("lock-multiple");
#endif /* __riscos__ */
break;
case oKeyServer:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
keyserver_spec_t keyserver;
gpg: Remove unused args from a function. * g10/keyserver.c (parse_keyserver_uri): Remove args configname and configlineno. Change all callers. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:07:23 +01:00
keyserver = parse_keyserver_uri (pargs.r.ret_str, 0);
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
if (!keyserver)
log_error (_("could not parse keyserver URL\n"));
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else
{
gpg: Only use the last specified keyserver. * g10/gpg.c (main): Only use the last specified keyserver. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-28 16:55:10 +01:00
/* We only support a single keyserver. Later ones
override earlier ones. (Since we parse the
config file first and then the command line
arguments, the command line takes
precedence.) */
if (opt.keyserver)
free_keyserver_spec (opt.keyserver);
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
opt.keyserver = keyserver;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oKeyServerOptions:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(!parse_keyserver_options(pargs.r.ret_str))
{
if(configname)
log_error(_("%s:%d: invalid keyserver options\n"),
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
configname,pargs.lineno);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else
log_error(_("invalid keyserver options\n"));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oImportOptions:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
if(configname)
log_error(_("%s:%d: invalid import options\n"),
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
configname,pargs.lineno);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
log_error(_("invalid import options\n"));
}
break;
gpg: New option --import-filter * g10/gpg.c (oImportFilter): New. (opts): Add --import-filter. (main): Handle option. * g10/import.c: Include recsel.h, init.h, and mbox-util.h. (import_keep_uid): New global var. (cleanup_import_globals): New. (parse_and_set_import_filter): New. (filter_getval): New. (apply_keep_uid_filter): New. (import_one): Apply filter if set. -- Funny new option. It can for example be used to export a key with only one user id: gpg --no-options --import --import-options import-export \ --import-filter keep-uid='mbox=wk@gnupg.org' \ < full-key.pub > key-with-one-uid.pub More features will eventually be added. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:24:04 +02:00
case oImportFilter:
rc = parse_and_set_import_filter (pargs.r.ret_str);
if (rc)
log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oExportOptions:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
if(configname)
log_error(_("%s:%d: invalid export options\n"),
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
configname,pargs.lineno);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
log_error(_("invalid export options\n"));
}
break;
gpg: New option --export-filter * g10/gpg.c (oExportFilter): New. (opts): Add --export-filter. (main): Handle option. * g10/export.c: Include recsel.h, init.h, and mbox-util.h. (export_keep_uid): New global var. (cleanup_export_globals): New. (parse_and_set_export_filter): New. (filter_getval): New. (apply_keep_uid_filter): New. (do_export_stream): Apply filter if set. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:50:12 +02:00
case oExportFilter:
rc = parse_and_set_export_filter (pargs.r.ret_str);
if (rc)
log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oListOptions:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(!parse_list_options(pargs.r.ret_str))
{
if(configname)
log_error(_("%s:%d: invalid list options\n"),
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
configname,pargs.lineno);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else
log_error(_("invalid list options\n"));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oVerifyOptions:
{
struct parse_options vopts[]=
{
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{"show-photos",VERIFY_SHOW_PHOTOS,NULL,
N_("display photo IDs during signature verification")},
{"show-policy-urls",VERIFY_SHOW_POLICY_URLS,NULL,
N_("show policy URLs during signature verification")},
{"show-notations",VERIFY_SHOW_NOTATIONS,NULL,
N_("show all notations during signature verification")},
{"show-std-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
N_("show IETF standard notations during signature verification")},
{"show-standard-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
NULL},
{"show-user-notations",VERIFY_SHOW_USER_NOTATIONS,NULL,
N_("show user-supplied notations during signature verification")},
{"show-keyserver-urls",VERIFY_SHOW_KEYSERVER_URLS,NULL,
N_("show preferred keyserver URLs during signature verification")},
{"show-uid-validity",VERIFY_SHOW_UID_VALIDITY,NULL,
N_("show user ID validity during signature verification")},
{"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
N_("show revoked and expired user IDs in signature verification")},
Add new SVN only file README.maint doc/ * gpg.texi (GPG Configuration): Document envvar LANGUAGE. (GPG Configuration Options): Document show-primary-uid-only. g10/ * gpg.c (main): Add verify option show-primary-uid-only. * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New. * mainproc.c (check_sig_and_print): Implement it. * encr-data.c (decrypt_data): Correctly test for unknown algorithm. * import.c (check_prefs): Ditto. * keyedit.c (show_prefs): Ditto. * mainproc.c (proc_symkey_enc): Ditto.
2007-02-26 21:24:29 +01:00
{"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL,
N_("show only the primary user ID in signature verification")},
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{NULL,0,NULL,NULL}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
};
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts,1))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
if(configname)
log_error(_("%s:%d: invalid verify options\n"),
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
configname,pargs.lineno);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
log_error(_("invalid verify options\n"));
}
}
break;
case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
case oExecPath:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(set_exec_path(pargs.r.ret_str))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
log_error(_("unable to set exec-path to %s\n"),pargs.r.ret_str);
else
opt.exec_path_set=1;
break;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
case oSetNotation:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
add_notation_data( pargs.r.ret_str, 0 );
add_notation_data( pargs.r.ret_str, 1 );
break;
case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
gpg: New option --known-notation. * g10/gpg.c (oKnownNotation): New const. (opts): Add option --known-notation. (main): Set option. * g10/parse-packet.c (known_notations_list): New local var. (register_known_notation): New. (can_handle_critical_notation): Rewrite to handle the new feature. Also print the name of unknown notations in verbose mode. -- GnuPG-bug-id: 4060 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-29 09:36:09 +02:00
case oKnownNotation: register_known_notation (pargs.r.ret_str); break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oShowNotation:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--show-notation",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--list-options ","show-notations");
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--show-notation",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--verify-options ","show-notations");
opt.list_options|=LIST_SHOW_NOTATIONS;
opt.verify_options|=VERIFY_SHOW_NOTATIONS;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oNoShowNotation:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--no-show-notation",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--list-options ","no-show-notations");
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--no-show-notation",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--verify-options ","no-show-notations");
opt.list_options&=~LIST_SHOW_NOTATIONS;
opt.verify_options&=~VERIFY_SHOW_NOTATIONS;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case oUtf8Strings: utf8_strings = 1; break;
w32: Always use Unicode for console input and output. * common/init.c (_init_common_subsystems) [W32]: Set the codepage to UTF-8 for input and putput. Switch gettext to UTF-8. * tools/gpgconf.c (main): Display the input and output codepage if they differ. * g10/gpg.c (utf8_strings) [W32]: Make sure this is always set. -- With this patch the former patch to use ReadConsoleW and WriteConsoleW in ttyio.c are kind of superfluous because the ANSI version of these functions are also able to read/write UTF-8 directly given the console code page has been set correctly. However, this seems to work only with recent versions of Windows-10. GnuPG-bug-id: 4365
2021-03-05 15:33:40 +01:00
case oNoUtf8Strings:
#ifdef HAVE_W32_SYSTEM
utf8_strings = 0;
#endif
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oDisableCipherAlgo:
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
{
Still making gpg2 work. At least the keyids are now correctly computed again.
2006-05-24 13:12:28 +02:00
int algo = string_to_cipher_algo (pargs.r.ret_str);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oDisablePubkeyAlgo:
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
{
int algo = gcry_pk_map_name (pargs.r.ret_str);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gcry_pk_ctl (GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oNoSigCache: opt.no_sig_cache = 1; break;
case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
case oNoLiteral: opt.no_literal = 1; break;
case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
case oFastListMode: opt.fast_list_mode = 1; break;
Made --fixed-list-mode obsolete.
2008-06-11 10:07:54 +02:00
case oFixedListMode: /* Dummy */ break;
gpg: Change format for the key size in --list-key and --edit-key. * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode. * g10/options.h (struct opt): Add field legacy_list_mode. * g10/keydb.h (PUBKEY_STRING_SIZE): New. * g10/keyid.c (pubkey_string): New. * g10/import.c (import_one, import_secret_one): Use pubkey_string. * g10/keylist.c (print_seckey_info): Ditto. (print_pubkey_info, print_card_key_info): Ditto. (list_keyblock_print): Ditto. * g10/mainproc.c (list_node): Ditto. * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto. * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the format. (show_basic_key_info): Ditto. * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519". (openpgp_oid_to_curve): Downcase "ed25519" -- For ECC it seems to be better to show the name of the curve and not just the size of the prime field. The curve name does not anymore fit into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length format does not work either. Thus the new format uses "rsa2048" - RSA with 2048 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". unless --legacy-list-mode is given. In does not anymore line up nicely in columns thus I expect further changes to this new format. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-02-05 10:37:59 +01:00
case oLegacyListMode: opt.legacy_list_mode = 1; break;
gpg: Remove options --print-dane-records and --print-pka-records. * g10/gpg.c (main): Remove options but print a dedicated warning. * g10/options.h (struct opt): Remove fields 'print_dane_records' and 'print_pka_records'. * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka. (list_keyblock_pka): Remove. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 15:19:36 +02:00
case oPrintDANERecords: print_dane_records = 1; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oListOnly: opt.list_only=1; break;
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
case oNoRandomSeedFile: use_random_seed = 0; break;
gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve". * g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve". (main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE. * tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible. Make "auto-key-retrieve" an expert option. -- This basically reverts 9bb13a0e819334681caca38c9074bd7bfc04e45e because --no-auto-key-retrieve is again the default. Note that we allow both options for the sake of profiles. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23 16:45:20 +02:00
gpg: New option --auto-key-import * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:04:47 +01:00
case oAutoKeyImport: opt.flags.auto_key_import = 1; break;
case oNoAutoKeyImport: opt.flags.auto_key_import = 0; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oAutoKeyRetrieve:
gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve". * g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve". (main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE. * tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible. Make "auto-key-retrieve" an expert option. -- This basically reverts 9bb13a0e819334681caca38c9074bd7bfc04e45e because --no-auto-key-retrieve is again the default. Note that we allow both options for the sake of profiles. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23 16:45:20 +02:00
opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oNoAutoKeyRetrieve:
gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve". * g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve". (main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE. * tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible. Make "auto-key-retrieve" an expert option. -- This basically reverts 9bb13a0e819334681caca38c9074bd7bfc04e45e because --no-auto-key-retrieve is again the default. Note that we allow both options for the sake of profiles. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23 16:45:20 +02:00
opt.keyserver_options.options &= ~KEYSERVER_AUTO_KEY_RETRIEVE;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oShowSessionKey: opt.show_session_key = 1; break;
case oOverrideSessionKey:
opt.override_session_key = pargs.r.ret_str;
break;
gpg: New option --override-session-key-fd. * g10/gpg.c (oOverrideSessionKeyFD): New. (opts): Add option --override-session-key-fd. (main): Handle that option. (read_sessionkey_from_fd): New. -- The override-session-key feature was designed to mitigate the effect of the British RIP act by allowing to keep the private key private and hand out only a session key. For that use case the leaking of the session key would not be a problem. However there are other use cases, for example fast re-decryption after an initial decryption, which would benefit from concealing the session key from other users. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:02:53 +01:00
case oOverrideSessionKeyFD:
ovrseskeyfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oMergeOnly:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
deprecated_warning(configname,pargs.lineno,"--merge-only",
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
"--import-options ","merge-only");
opt.import_options|=IMPORT_MERGE_ONLY;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oAllowSecretKeyImport: /* obsolete */ break;
case oTryAllSecrets: opt.try_all_secrets = 1; break;
case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
gpg,sm: Merge the two versions of check_special_filename. * sm/gpgsm.c (check_special_filename): Move to .. * common/sysutils.c (check_special_filename): here. Add arg NOTRANSLATE. (allow_special_filenames): New local var. (enable_special_filenames): New public functions. * sm/gpgsm.c (allow_special_filenames): Remove var. (main): Call enable_special_filenames instead of setting the var. (open_read, open_es_fread, open_es_fwrite): Call check_special_filename with 0 for NOTRANSLATE. * common/iobuf.c (special_names_enabled): Remove var. (iobuf_enable_special_filenames): Remove func. (check_special_filename): Remove func. (iobuf_is_pipe_filename): Call new version of the function with NOTRANSLATE set. (do_open): Ditto. * g10/gpg.c (main): Call enable_special_filenames instead of iobuf_enable_special_filenames. * g10/gpgv.c (main): Ditto. -- Note that we keep the iobuf.c:translate_file_handle because it is a bit different (for whatever reasons) than the translate function from sysutils. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:18:24 +01:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oEnableSpecialFilenames:
gpg,sm: Merge the two versions of check_special_filename. * sm/gpgsm.c (check_special_filename): Move to .. * common/sysutils.c (check_special_filename): here. Add arg NOTRANSLATE. (allow_special_filenames): New local var. (enable_special_filenames): New public functions. * sm/gpgsm.c (allow_special_filenames): Remove var. (main): Call enable_special_filenames instead of setting the var. (open_read, open_es_fread, open_es_fwrite): Call check_special_filename with 0 for NOTRANSLATE. * common/iobuf.c (special_names_enabled): Remove var. (iobuf_enable_special_filenames): Remove func. (check_special_filename): Remove func. (iobuf_is_pipe_filename): Call new version of the function with NOTRANSLATE set. (do_open): Ditto. * g10/gpg.c (main): Call enable_special_filenames instead of iobuf_enable_special_filenames. * g10/gpgv.c (main): Ditto. -- Note that we keep the iobuf.c:translate_file_handle because it is a bit different (for whatever reasons) than the translate function from sysutils. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:18:24 +01:00
enable_special_filenames ();
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
gpg,sm: Merge the two versions of check_special_filename. * sm/gpgsm.c (check_special_filename): Move to .. * common/sysutils.c (check_special_filename): here. Add arg NOTRANSLATE. (allow_special_filenames): New local var. (enable_special_filenames): New public functions. * sm/gpgsm.c (allow_special_filenames): Remove var. (main): Call enable_special_filenames instead of setting the var. (open_read, open_es_fread, open_es_fwrite): Call check_special_filename with 0 for NOTRANSLATE. * common/iobuf.c (special_names_enabled): Remove var. (iobuf_enable_special_filenames): Remove func. (check_special_filename): Remove func. (iobuf_is_pipe_filename): Call new version of the function with NOTRANSLATE set. (do_open): Ditto. * g10/gpg.c (main): Call enable_special_filenames instead of iobuf_enable_special_filenames. * g10/gpgv.c (main): Ditto. -- Note that we keep the iobuf.c:translate_file_handle because it is a bit different (for whatever reasons) than the translate function from sysutils. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:18:24 +01:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
case oPreservePermissions: opt.preserve_permissions=1; break;
case oDefaultPreferenceList:
opt.def_preference_list = pargs.r.ret_str;
break;
Ported patches from 1.4.x
2006-06-27 16:30:59 +02:00
case oDefaultKeyserverURL:
{
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
keyserver_spec_t keyserver;
gpg: Remove unused args from a function. * g10/keyserver.c (parse_keyserver_uri): Remove args configname and configlineno. Change all callers. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:07:23 +01:00
keyserver = parse_keyserver_uri (pargs.r.ret_str,1 );
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
if (!keyserver)
log_error (_("could not parse keyserver URL\n"));
Ported patches from 1.4.x
2006-06-27 16:30:59 +02:00
else
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
free_keyserver_spec (keyserver);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Ported patches from 1.4.x
2006-06-27 16:30:59 +02:00
opt.def_keyserver_url = pargs.r.ret_str;
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oPersonalCipherPreferences:
pers_cipher_list=pargs.r.ret_str;
break;
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
case oPersonalAEADPreferences:
pers_aead_list = pargs.r.ret_str;
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oPersonalDigestPreferences:
pers_digest_list=pargs.r.ret_str;
break;
case oPersonalCompressPreferences:
pers_compress_list=pargs.r.ret_str;
break;
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str; break;
gpg: Add option --dirmngr-program. * g10/gpg.c: Add option --dirmngr-program. * g10/options.h (struct opt): Add field dirmngr_program. * g10/call-dirmngr.c (create_context): Use new var. * dirmngr/dirmngr.c: Include gc-opt-flags.h. (main): Remove GC_OPT_FLAG_*. * tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ... * common/gc-opt-flags.h: here.
2014-03-12 18:24:52 +01:00
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
gpg: Add option '--disable-dirmngr'. * doc/gpg.texi: Document new option. * g10/call-dirmngr.c (create_context): Fail if option is given. * g10/gpg.c (cmd_and_opt_values): New value. (opts): New option. (gpgconf_list): Add new option. (main): Handle new option. * g10/options.h (struct opt): New field 'disable_dirmngr'. * tools/gpgconf-comp.c (gc_options_gpg): New option. GnuPG-bug-id: 3334 Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-08 11:43:22 +02:00
case oDisableDirmngr: opt.disable_dirmngr = 1; break;
gpg: Add option --weak-digest to gpg and gpgv. * g10/options.h: Add additional_weak_digests linked list to opts. * g10/main.h: Declare weakhash linked list struct and additional_weak_digest() function to insert newly-declared weak digests into opts. * g10/misc.c: (additional_weak_digest): New function. (print_digest_algo_note): Check for deprecated digests; use proper gcry_md_algos type. * g10/sig-check.c: (do_check): Reject weak digests in addition to MD5. * g10/gpg.c: Add --weak-digest option to gpg. * doc/gpg.texi: Document gpg --weak-digest option. * g10/gpgv.c: Add --weak-digest option to gpgv. * doc/gpgv.texi: Document gpgv --weak-digest option. -- gpg and gpgv treat signatures made over MD5 as unreliable, unless the user supplies --allow-weak-digests to gpg. Signatures over any other digest are considered acceptable. Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC 4880, the collision-resistance of SHA-1 is weaker than anyone would like it to be. Some operators of high-value targets that depend on OpenPGP signatures may wish to require their signers to use a stronger digest algorithm than SHA1, even if the OpenPGP ecosystem at large cannot deprecate SHA1 entirely today. This changeset adds a new "--weak-digest DIGEST" option for both gpg and gpgv, which makes it straightforward for anyone to treat any signature or certification made over the specified digest as unreliable. This option can be supplied multiple times if the operator wishes to deprecate multiple digest algorithms, and will be ignored completely if the operator supplies --allow-weak-digests (as before). MD5 is still always considered weak, regardless of any further --weak-digest options supplied. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Capitialized some comments, shorted a line in do_check, and changed subject to name the option. -wk
2015-10-18 23:35:32 +02:00
case oWeakDigest:
additional_weak_digest(pargs.r.ret_str);
break;
gpg: Add support for unwrapping the outer level of encryption. * g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set, copy the data to the output file instead of continuing to process it. * g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap. (opts): Handle oUnwrap. (main): Likewise. * g10/options.h (opt): Add field unwrap_encryption. * g10/plaintext.c (handle_plaintext): Break the output file selection functionality into ... (get_output_file): ... this new function. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 1060 Debian-bug-id: 282061
2015-11-05 12:20:42 +01:00
case oUnwrap:
opt.unwrap_encryption = 1;
break;
gpg: Add new option --only-sign-text-ids. * g10/options.h (opt): Add field only_sign_text_ids. * g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs. (opts): Handle oOnlySignTextIDs. (main): Likewise. * g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't select non-text based IDs automatically. (keyedit_menu): Adapt the prompt asking to sign all user ids according to OPT.ONLY_SIGN_TEXT_IDS. * doc/gpg.texi: Document the new option --only-sign-text-ids. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 1241 Debian-bug-id: 569702
2015-11-06 13:14:57 +01:00
case oOnlySignTextIDs:
opt.only_sign_text_ids = 1;
break;
Reworked passing of envars to Pinentry.
2009-07-07 12:02:41 +02:00
case oDisplay:
set_opt_session_env ("DISPLAY", pargs.r.ret_str);
break;
case oTTYname:
set_opt_session_env ("GPG_TTY", pargs.r.ret_str);
break;
case oTTYtype:
set_opt_session_env ("TERM", pargs.r.ret_str);
break;
case oXauthority:
set_opt_session_env ("XAUTHORITY", pargs.r.ret_str);
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
Reworked passing of envars to Pinentry.
2009-07-07 12:02:41 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oGroup: add_group(pargs.r.ret_str); break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oUnGroup: rm_group(pargs.r.ret_str); break;
case oNoGroups:
while(opt.grouplist)
{
struct groupitem *iter=opt.grouplist;
free_strlist(iter->values);
opt.grouplist=opt.grouplist->next;
xfree(iter);
}
break;
g10/ does build again.
2006-05-23 18:19:43 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oMultifile: multifile=1; break;
case oKeyidFormat:
if(ascii_strcasecmp(pargs.r.ret_str,"short")==0)
opt.keyid_format=KF_SHORT;
else if(ascii_strcasecmp(pargs.r.ret_str,"long")==0)
opt.keyid_format=KF_LONG;
else if(ascii_strcasecmp(pargs.r.ret_str,"0xshort")==0)
opt.keyid_format=KF_0xSHORT;
else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
opt.keyid_format=KF_0xLONG;
gpg: Implement --keyid-format=none. * g10/gpg.c (main): Add option "none" to --keyid-format. * g10/options.h (KF_NONE): New. * g10/keyid.c (format_keyid): Implement that. (keystr): Use format "long" is KF_NONE is in use. (keystr_with_sub): Ditto. * g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE. Factor some code out to ... (print_key_line): new. (print_fingerprint): Add mode 20. * g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by flags.primary in the PK. Fix putting a " revoked..." string into the colons format. * g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This slightly changes the putput format. * g10/revoke.c (gen_standard_revoke): Use print_key_line. This may also put "expires: " into the output. -- Due to user experience problems with the keyid and we better allow to show the fingerprint instead. Note that we do not support v3 keys anymore and thus there is no technical need for a user to know the keyid. GnuPG-bug-id: 2379 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:00:50 +02:00
else if(ascii_strcasecmp(pargs.r.ret_str,"none")==0)
opt.keyid_format = KF_NONE;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error("unknown keyid-format '%s'\n",pargs.r.ret_str);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
break;
case oExitOnStatusWriteError:
opt.exit_on_status_write_error = 1;
break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oLimitCardInsertTries:
opt.limit_card_insert_tries = pargs.r.ret_int;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
break;
case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
case oAutoKeyLocate:
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve. * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 21:58:46 +02:00
if (default_akl)
{
doc: Clarify use of clear and nodefault in the AKL. --
2018-11-21 09:20:56 +01:00
/* This is the first time --auto-key-locate is seen.
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve. * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 21:58:46 +02:00
* We need to reset the default akl. */
default_akl = 0;
release_akl();
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(!parse_auto_key_locate(pargs.r.ret_str))
{
if(configname)
log_error(_("%s:%d: invalid auto-key-locate list\n"),
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
configname,pargs.lineno);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else
log_error(_("invalid auto-key-locate list\n"));
}
break;
case oNoAutoKeyLocate:
release_akl();
break;
gpg: New option --key-origin. * g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 17:28:32 +02:00
case oKeyOrigin:
if(!parse_key_origin (pargs.r.ret_str))
log_error (_("invalid argument for option \"%.50s\"\n"),
"--key-origin");
break;
gpg: Add build and runtime support for larger RSA keys * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from STABLE-BRANCH-1-4 against master Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732
2014-10-09 22:54:15 +02:00
case oEnableLargeRSA:
#if SECMEM_BUFFER_SIZE >= 65536
opt.flags.large_rsa=1;
#else
if (configname)
log_info("%s:%d: WARNING: gpg not built with large secure "
"memory buffer. Ignoring enable-large-rsa\n",
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
configname,pargs.lineno);
gpg: Add build and runtime support for larger RSA keys * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from STABLE-BRANCH-1-4 against master Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732
2014-10-09 22:54:15 +02:00
else
log_info("WARNING: gpg not built with large secure "
"memory buffer. Ignoring --enable-large-rsa\n");
#endif /* SECMEM_BUFFER_SIZE >= 65536 */
break;
case oDisableLargeRSA: opt.flags.large_rsa=0;
break;
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
case oEnableDSA2: opt.flags.dsa2=1; break;
case oDisableDSA2: opt.flags.dsa2=0; break;
gpg: Reject signatures made with MD5. * g10/gpg.c: Add option --allow-weak-digest-algos. (main): Set option also in PGP2 mode. * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. * g10/sig-check.c (do_check): Reject MD5 signatures. * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
2014-03-17 17:54:36 +01:00
case oAllowWeakDigestAlgos:
opt.flags.allow_weak_digest_algos = 1;
break;
gpg: Add option --allow-weak-key-signatures. * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 10:36:17 +01:00
case oAllowWeakKeySignatures:
opt.flags.allow_weak_key_signatures = 1;
break;
gpg: Reject signatures made with MD5. * g10/gpg.c: Add option --allow-weak-digest-algos. (main): Set option also in PGP2 mode. * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. * g10/sig-check.c (do_check): Reject MD5 signatures. * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
2014-03-17 17:54:36 +01:00
gpg: Do not allow old cipher algorithms for encryption. * g10/gpg.c: New option --allow-old-cipher-algos. (set_compliance_option): Set --rfc4880bis explictly to SHA256 and AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440. * g10/options.h (opt): Add flags.allow_old_cipher_algos. * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note unless in --quiet mode. * g10/encrypt.c (setup_symkey): Disallow by default algos with a blocklengt < 128. (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES. * g10/pkclist.c (algo_available): Take care of old cipher also. (select_algo_from_prefs): Use AES as implicit algorithm by default. * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos. -- GnuPG-bug-id: 3415
2021-02-10 14:31:34 +01:00
case oAllowOldCipherAlgos:
opt.flags.allow_old_cipher_algos = 1;
break;
Implement --faked-systrem-time for gpg. Typo and comment fixes.
2009-12-17 18:25:26 +01:00
case oFakedSystemTime:
{
gpg: Allow to freeze faked system time. * g10/gpg.c (main): If the parameter for --faked-system-time ends with a '!', freeze time at the specified point. * common/gettime.c (gnupg_set_time): Allow to freeze the time at an arbitrary time instead of only the current time. * doc/gpg.texi: Update documentation for --faked-system-time. -- This patch allows the user to modify the behavior of the --faked-system-time option: by appending a '!' to the parameter, time in GnuPG will be frozen at the specified time, instead of advancing normally from that time onward. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-01-18 18:52:12 +01:00
size_t len = strlen (pargs.r.ret_str);
int freeze = 0;
time_t faked_time;
if (len > 0 && pargs.r.ret_str[len-1] == '!')
{
freeze = 1;
pargs.r.ret_str[len-1] = '\0';
}
faked_time = isotime2epoch (pargs.r.ret_str);
Implement --faked-systrem-time for gpg. Typo and comment fixes.
2009-12-17 18:25:26 +01:00
if (faked_time == (time_t)(-1))
faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
gpg: Allow to freeze faked system time. * g10/gpg.c (main): If the parameter for --faked-system-time ends with a '!', freeze time at the specified point. * common/gettime.c (gnupg_set_time): Allow to freeze the time at an arbitrary time instead of only the current time. * doc/gpg.texi: Update documentation for --faked-system-time. -- This patch allows the user to modify the behavior of the --faked-system-time option: by appending a '!' to the parameter, time in GnuPG will be frozen at the specified time, instead of advancing normally from that time onward. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-01-18 18:52:12 +01:00
gnupg_set_time (faked_time, freeze);
Implement --faked-systrem-time for gpg. Typo and comment fixes.
2009-12-17 18:25:26 +01:00
}
break;
Add option --no-autostart. * g10/gpg.c: Add option --no-autostart. * sm/gpgsm.c: Ditto. * g10/options.h (opt): Add field autostart. * sm/gpgsm.h (opt): Ditto. * g10/call-agent.c (start_agent): Print note if agent was not autostarted. * sm/call-agent.c (start_agent): Ditto. * g10/call-dirmngr.c (create_context): Likewise. * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
case oNoAutostart: opt.autostart = 0; break;
gpg: New option --no-symkey-cache. * g10/gpg.c (oNoSymkeyCache): New. (opts): Add that option. (main): Set var. * g10/options.h (struct opt): New field no_symkey_cache. * g10/passphrase.c (passphrase_to_dek): Implement that feature. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-11 20:35:40 +02:00
case oNoSymkeyCache: opt.no_symkey_cache = 1; break;
Add option --no-autostart. * g10/gpg.c: Add option --no-autostart. * sm/gpgsm.c: Ditto. * g10/options.h (opt): Add field autostart. * sm/gpgsm.h (opt): Ditto. * g10/call-agent.c (start_agent): Print note if agent was not autostarted. * sm/call-agent.c (start_agent): Ditto. * g10/call-dirmngr.c (create_context): Likewise. * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
gpg: New option --default-new-key-algo. * common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg R_ALGO and change all callers. * common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code. * g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO. * g10/gpg.c (oDefaultNewKeyAlgo): New enum. (opts): New option "--default-new-key-algo". (main): Set the option. * g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace them by ... (DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants. (get_keysize_range): Remove arg R_DEF and return that value instead. Change all callers. (gen_rsa): Use get_keysize_range instead of the removed DEFAULT_STD_KEYSIZE. (parse_key_parameter_part): New function. (parse_key_parameter_string): New function. (quick_generate_keypair): Refactor using parse_key_parameter_string. (generate_keypair): Ditto. (parse_algo_usage_expire): Ditto. -- This new option is intended to be used in the forthcoming --set-profile command of gpgconf. It allows to provide a gpg configuration with custom defaults for a new key using the simple commands which use the default algorithm set. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:43:36 +01:00
case oDefaultNewKeyAlgo:
opt.def_new_key_algo = pargs.r.ret_str;
break;
gpg: New option --use-only-openpgp-card * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit c185f6dfbd1bfd809369da789239a371e9d1610e) This was first added to the 2.2 branch.
2019-08-21 10:19:16 +02:00
case oUseOnlyOpenPGPCard:
opt.flags.use_only_openpgp_card = 1;
break;
gpg: New option --full-timestrings. * g10/options.h (opt): Add flags.full_timestrings. * g10/gpg.c (oFullTimestrings): New. (opts): New option. (main): Set new flag. * g10/keyid.c (dateonlystr_from_pk): New. (dateonlystr_from_sig): New. (datestr_from_pk): Divert to isotimestamp if requested. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. * g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and dateonlystr_from_pk. -- Quite helpful for debugging keys. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:01:07 +01:00
case oFullTimestrings:
opt.flags.full_timestrings = 1;
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case oNoop: break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
default:
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
if (configname)
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
pargs.err = ARGPARSE_PRINT_WARNING;
else
{
pargs.err = ARGPARSE_PRINT_ERROR;
Some preparations to eventuallt use gpgrt_argparse. * configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New. * tools/watchgnupg.c (print_version): USe this macro. * common/init.c (_init_common_subsystems): Register argparse functions. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-12 16:11:19 +02:00
/* The argparse function calls a plain exit and thus
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
* we need to print a status here. */
write_status_failure ("option-parser",
gpg_error(GPG_ERR_GENERAL));
}
Made arg_parse more readable.
2008-11-12 18:41:49 +01:00
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
}
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
gpgrt_argparse (NULL, &pargs, NULL); /* Release internal state. */
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if (log_get_errorcount (0))
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
{
write_status_failure ("option-parser", gpg_error(GPG_ERR_GENERAL));
g10_exit(2);
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg,gpgsm: Move use-keyboxd to the new conf file common.conf * common/comopt.c, common/comopt.h: New. * common/Makefile.am: Add them. * g10/gpg.c: Include comopt.h. (main): Also parse common.conf. * sm/gpgsm.c: Include comopt.h. (main): Set a flag for the --no-logfile option. Parse common.conf. * tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add pseudo option "use_keyboxd". (known_pseudo_options_gpg): Add pseudo option "use_keyboxd". (known_options_gpgsm): Remove "use-keyboxd". * tests/openpgp/defs.scm (create-gpghome): Create common.conf. * doc/examples/common.conf: New. -- Note that --use-keybox still works but prints a warning. We will eventually remove this option becuase it was marked as an experimental feature anyway. It would be too confusing if gpg and gpgsm use different key storages. Further, other components (e.g. dirmngr or gpg-wks-client) which call gpg or gpgsm need to be aware that the keyboxd is used and pass that option on the command line. Now that common.conf is always read (even if --no-options is used) those tools will work instantly.
2021-04-19 11:33:19 +02:00
/* Process common component options. */
if (parse_comopt (GNUPG_MODULE_NAME_GPG, debug_argparser))
{
write_status_failure ("option-parser", gpg_error(GPG_ERR_GENERAL));
g10_exit(2);
}
if (opt.use_keyboxd)
log_info ("Note: Please move option \"%s\" to \"common.conf\"\n",
"use-keyboxd");
opt.use_keyboxd = comopt.use_keyboxd; /* Override. */
if (opt.keyboxd_program)
log_info ("Note: Please move option \"%s\" to \"common.conf\"\n",
"keyboxd-program");
if (!opt.keyboxd_program && comopt.keyboxd_program)
{
opt.keyboxd_program = comopt.keyboxd_program;
comopt.keyboxd_program = NULL;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* The command --gpgconf-list is pretty simple and may be called
directly after the option parsing. */
if (cmd == aGPGConfList)
{
gpgconf: Further simplify the gpgconf option processing. * common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ... * tools/gpgconf-comp.c: here. (known_options_scdaemon): Remove "options". (known_options_dirmngr): Remove "options". (known_options_gpgsm): Remove "options". (known_options_gpg): Remove "options" and "keyserver". (struct gc_option_s): Rename active t gpgconf_list. (gc_component_list_options): Do not act upon active. (option_check_validity): Ditto. (is_known_option): Make it work correctly for unknown options. (retrieve_options_from_program): Use renamed flag gpgconf_list only to detect duplicated items from --gpgconf-list. Do not set runtime. Only e set the options if set by --gpgconf-list; never clear them. * agent/gpg-agent.c: Simplify the --gpgconf-list output. * dirmngr/dirmngr.c: Ditto. * g10/gpg.c: Ditto. * kbx/keyboxd.c: Ditto. * scd/scdaemon.c: Ditto. * sm/gpgsm.c: Ditto. * tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver" for the string arg test. -- There is no need to read the list of options from the components unless they convey a default value. It is better to consult only the list we have in gpgconf-comp.c to decide on whether an option should be displayed. Right, this might mess up thing if a newer gpgconf version is used with an older component, but we already print warnings in this case and in general we do not want to support this anymore - the times of gpg 1.4. and 2.0 are long over now. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:53:43 +01:00
gpgconf_list ();
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
g10_exit (0);
}
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
xfree (last_configname);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: Remove options --print-dane-records and --print-pka-records. * g10/gpg.c (main): Remove options but print a dedicated warning. * g10/options.h (struct opt): Remove fields 'print_dane_records' and 'print_pka_records'. * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka. (list_keyblock_pka): Remove. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 15:19:36 +02:00
if (print_dane_records)
log_error ("invalid option \"%s\"; use \"%s\" instead\n",
"--print-dane-records",
"--export-options export-dane");
if (log_get_errorcount (0))
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
{
write_status_failure ("option-checking", gpg_error(GPG_ERR_GENERAL));
g10_exit(2);
}
gpg: Remove options --print-dane-records and --print-pka-records. * g10/gpg.c (main): Remove options but print a dedicated warning. * g10/options.h (struct opt): Remove fields 'print_dane_records' and 'print_pka_records'. * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka. (list_keyblock_pka): Remove. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 15:19:36 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( nogreeting )
greeting = 0;
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
if( greeting )
{
es_fprintf (es_stderr, "%s %s; %s\n",
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
gpgrt_strusage(11), gpgrt_strusage(13), gpgrt_strusage(14));
es_fprintf (es_stderr, "%s\n", gpgrt_strusage(15) );
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#ifdef IS_DEVELOPMENT_VERSION
Minor bug fix.
2008-12-09 13:32:53 +01:00
if (!opt.batch)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
const char *s;
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
if((s=gpgrt_strusage(25)))
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info("%s\n",s);
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
if((s=gpgrt_strusage(26)))
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info("%s\n",s);
gpg: Use gpgrt's new option parser to provide a global conf file. * common/util.h: Remove argparse.h. * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS. * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include argparse.h. Do this also for all main modules which use our option parser except for gpg. Replace calls to strusage by calls to gpgrt_strusage everywhere. * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile. (main): Change type of pargs to gpgrt_argparse_t. Rework the option parser to make use of the new gpgrt_argparser. -- This is not yet finished but a make check works. gpg has the most complex and oldest option handling and thus this is the first migration target. SE-Linux checks and version-ed config files are missing and will be added later. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 10:03:11 +01:00
if((s=gpgrt_strusage(27)))
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_info("%s\n",s);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#endif
gpg: First rough implementation of keyboxd access for key lookup. * g10/Makefile.am: Add nPth flags. * g10/gpg.c: Include npth.h. (gpg_deinit_default_ctrl): Deinit call-keyboxd local data. (main): Init nPth. * g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and remove the search result and the assuan context. * g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields. (lock_datastream, unlock_datastream): New. (gpg_keyboxd_deinit_session_data): Adjust for changed data structures. (prepare_data_pipe): New. (open_context): Return kbl instead of an Assuan context. Init mutexes etc. (close_context): Merge into ... (keydb_release): here. Adjust for changed data structures. (datastream_thread): New. (keydb_get_keyblock): Implement datastream stuff. (keydb_search): Ditto. * common/asshelp.c (wait_for_sock): Add arg connect_flags. (start_new_service): Set FDPASSING flag for the keyboxd. -- This code as a lot of rough edges, in particular it relies on a well behaving keyboxd. We need to add code to shutdown the datastream reader thread in case of errors and to properly get it up again. We also need to make really sure that both threads run in lockstep so that the datastream thread is only active while we are sending a command to the keyboxd. We should also see whether we can depend nPth initialization on the --use-keyboxd option to avoid any problems with nPth. And we need to test on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-10 16:05:54 +02:00
/* Init threading which is used by some helper functions. */
npth_init ();
assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
gpg: Do not require --batch when using --log-file. * g10/gpg.c (main): Remove a long standing FIXME. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-06 14:44:50 +01:00
if (logfile)
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
{
log_set_file (logfile);
gpg: First rough implementation of keyboxd access for key lookup. * g10/Makefile.am: Add nPth flags. * g10/gpg.c: Include npth.h. (gpg_deinit_default_ctrl): Deinit call-keyboxd local data. (main): Init nPth. * g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and remove the search result and the assuan context. * g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields. (lock_datastream, unlock_datastream): New. (gpg_keyboxd_deinit_session_data): Adjust for changed data structures. (prepare_data_pipe): New. (open_context): Return kbl instead of an Assuan context. Init mutexes etc. (close_context): Merge into ... (keydb_release): here. Adjust for changed data structures. (datastream_thread): New. (keydb_get_keyblock): Implement datastream stuff. (keydb_search): Ditto. * common/asshelp.c (wait_for_sock): Add arg connect_flags. (start_new_service): Set FDPASSING flag for the keyboxd. -- This code as a lot of rough edges, in particular it relies on a well behaving keyboxd. We need to add code to shutdown the datastream reader thread in case of errors and to properly get it up again. We also need to make really sure that both threads run in lockstep so that the datastream thread is only active while we are sending a command to the keyboxd. We should also see whether we can depend nPth initialization on the --use-keyboxd option to avoid any problems with nPth. And we need to test on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-10 16:05:54 +02:00
log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
| GPGRT_LOG_WITH_TIME
| GPGRT_LOG_WITH_PID ));
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if (opt.verbose > 2)
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_info ("using character set '%s'\n", get_native_charset ());
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( may_coredump && !opt.quiet )
log_info(_("WARNING: program may create a core file!\n"));
gpg: New option --rfc4880bis. * g10/options.h (struct opt): Add field flags.rfc4880bis. * g10/gpg.c (oRFC4880bis): new. (opts): add --rfc4880bis. (main): Implement that and print a warning. -- This is option enables experimental features which may be dropped or changed with the next release. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 22:19:23 +02:00
if (opt.flags.rfc4880bis)
gpg: Do not show two informational diagnostics with quiet. * g10/trustdb.c (verify_own_keys): Silence informational diagnostic. -- This silences these notes with --quiet gpg: Note: RFC4880bis features are enabled. gpg: key EE65E8C75D41FD1D marked as ultimately trusted GnuPG-bug-id: 4634 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 11:45:49 +02:00
{
gpg: Print rfc4880bis note only in verbose mode. * g10/gpg.c (main): Change condition for an info diagnostic. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 09:24:38 +01:00
if (opt.verbose)
gpg: Do not show two informational diagnostics with quiet. * g10/trustdb.c (verify_own_keys): Silence informational diagnostic. -- This silences these notes with --quiet gpg: Note: RFC4880bis features are enabled. gpg: key EE65E8C75D41FD1D marked as ultimately trusted GnuPG-bug-id: 4634 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 11:45:49 +02:00
log_info ("Note: RFC4880bis features are enabled.\n");
}
gpg: New option --mimemode. * g10/gpg.c (oMimemode): New. (opts): Add --mimemode. (main): Use --mimemode only in rfc4880bis compliance mode. * g10/options.h (struct opt): Add field "mimemode". * g10/build-packet.c (do_plaintext): Allow for mode 'm'. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested. * g10/plaintext.c (handle_plaintext): Handle 'm' mode. * g10/sign.c (write_plaintext_packet): Handle 'm' mode. (sign_file, sign_symencrypt_file): Use 'm' if requested. -- Thsi patch prepares for a proposed change in RFC4880bis to support a MIME flag. A literal data packet with the mime flag set is handled like a 't' or 'u' but CR are not removed. The PLAINTEXT status line will also indicate a MIME content. If --mimemode is used without --rfc4880bis 't' will be used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 13:31:12 +02:00
else
{
opt.mimemode = 0; /* This will use text mode instead. */
}
gpg: New option --rfc4880bis. * g10/options.h (struct opt): Add field flags.rfc4880bis. * g10/gpg.c (oRFC4880bis): new. (opts): add --rfc4880bis. (main): Implement that and print a warning. -- This is option enables experimental features which may be dropped or changed with the next release. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 22:19:23 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if (eyes_only) {
if (opt.set_filename)
log_info(_("WARNING: %s overrides %s\n"),
"--for-your-eyes-only","--set-filename");
opt.set_filename="_CONSOLE";
}
if (opt.no_literal) {
Use a unique capitalization for "Note:". --
2014-10-10 15:29:42 +02:00
log_info(_("Note: %s is not for normal use!\n"), "--no-literal");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if (opt.textmode)
log_error(_("%s not allowed with %s!\n"),
"--textmode", "--no-literal" );
if (opt.set_filename)
log_error(_("%s makes no sense with %s!\n"),
eyes_only?"--for-your-eyes-only":"--set-filename",
"--no-literal" );
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if (opt.set_filesize)
Use a unique capitalization for "Note:". --
2014-10-10 15:29:42 +02:00
log_info(_("Note: %s is not for normal use!\n"), "--set-filesize");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( opt.batch )
tty_batchmode( 1 );
Implement --faked-systrem-time for gpg. Typo and comment fixes.
2009-12-17 18:25:26 +01:00
if (gnupg_faked_time_p ())
{
gnupg_isotime_t tbuf;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Implement --faked-systrem-time for gpg. Typo and comment fixes.
2009-12-17 18:25:26 +01:00
log_info (_("WARNING: running with faked system time: "));
gnupg_get_isotime (tbuf);
dump_isotime (tbuf);
log_printf ("\n");
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Print warning for arguments not considered an option. GnuPG requires that options are given before other arguments. This can sometimes be confusing. We now print a warning if we found an argument looking alike a long option without being preceded by the stop option. This is bug#1343. * common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New. * common/argparse.c (arg_parse): Set new flag. * g10/gpg.c (main): Print the warning. * agent/gpg-agent.c (main): Ditto. * dirmngr/dirmngr.c (main): Ditto. * g13/g13.c (main): Ditto. * scd/scdaemon.c (main): Ditto. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpgconf.c (main): Ditto.
2012-03-27 12:35:13 +02:00
/* Print a warning if an argument looks like an option. */
if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
{
int i;
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
Use a unique capitalization for "Note:". --
2014-10-10 15:29:42 +02:00
log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
Print warning for arguments not considered an option. GnuPG requires that options are given before other arguments. This can sometimes be confusing. We now print a warning if we found an argument looking alike a long option without being preceded by the stop option. This is bug#1343. * common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New. * common/argparse.c (arg_parse): Set new flag. * g10/gpg.c (main): Print the warning. * agent/gpg-agent.c (main): Ditto. * dirmngr/dirmngr.c (main): Ditto. * g13/g13.c (main): Ditto. * scd/scdaemon.c (main): Ditto. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpgconf.c (main): Ditto.
2012-03-27 12:35:13 +02:00
}
Implement --faked-systrem-time for gpg. Typo and comment fixes.
2009-12-17 18:25:26 +01:00
* gpgsm.c (main): Add secmem features and set the random seed file. (gpgsm_exit): Update the random seed file and enable debug output. * g10.c (main): Add secmem features and set the random seed file. (g10_exit): Update the random seed file. * parse-packet.c (parse_signature,read_protected_v3_mpi) (parse_key): Fixed use of mpi_set_opaque. * keygen.c (gen_card_key): Ditto.
2003-07-29 10:53:19 +02:00
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(require_secmem && !got_secmem)
{
log_info(_("will not run with insecure memory due to %s\n"),
"--require-secmem");
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
write_status_failure ("option-checking", gpg_error(GPG_ERR_GENERAL));
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
g10_exit(2);
}
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
set_debug (debug_level);
New function log_clock. * common/logging.c (log_clock): New. * g10/gpg.c (set_debug): Print clock debug flag. * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New. -- To actually use log_clock you need to enable the code in logginc.c:log_check() and link against librt. --debug 4096 may then be used to enable it at runtime.
2013-01-07 16:51:24 +01:00
if (DBG_CLOCK)
log_clock ("start");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Do these after the switch(), so they can override settings. */
gpg: Remove PGP6 compliance mode. * g10/gpg.c: Make --pgp6 an alias for --pgp7. * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6. * g10/options.h (PGP6): Remove. Adjust all users. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 13:01:12 +02:00
if (PGP7)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gpg: Remove all support for v3 keys and always create v4-signatures. * g10/build-packet.c (do_key): Remove support for building v3 keys. * g10/parse-packet.c (read_protected_v3_mpi): Remove. (parse_key): Remove support for v3-keys. Add dedicated warnings for v3-key packets. * g10/keyid.c (hash_public_key): Remove v3-key support. (keyid_from_pk): Ditto. (fingerprint_from_pk): Ditto. * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs. * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs, oForceV4Certs, oNoForceV4Certs. (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs, --no-force-v4-certs int dummy options. (main): Remove setting of the force_v3_sigs force_v4_certs flags. * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs. * g10/sign.c (hash_uid): Remove support for v3-signatures (hash_sigversion_to_magic): Ditto. (only_old_style): Remove this v3-key function. (write_signature_packets): Remove support for creating v3-signatures. (sign_file): Ditto. (sign_symencrypt_file): Ditto. (clearsign_file): Ditto. Remove code to emit no Hash armor line if only v3-keys are used. (make_keysig_packet): Remove arg SIGVERSION and force using v4-signatures. Change all callers to not pass a value for this arg. Remove all v3-key related code. (update_keysig_packet): Remove v3-signature support. * g10/keyedit.c (sign_uids): Always create v4-signatures. * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and change caller. -- v3 keys are deprecated for about 15 years and due the severe weaknesses of MD5 it does not make any sense to keep code around to use these old and broken keys. Users who need to decrypt old messages should use gpg 1.4 and best re-encrypt them to modern standards. verification of old (i.e. PGP2) created signatures is thus also not anymore possible but such signatures have no values anyway - MD5 is just too broken. We have also kept support for v3 signatures until now. With the removal of support for v3 keys it is questionable whether it makes any sense to keep support for v3-signatures. What we do now is to keep support for verification of v3-signatures but we force the use of v4-signatures. The latter makes the --pgp6 and --pgp7 switch a bit obsolete because those PGP versions require v3-signatures for messages. These versions of PGP are also really old and not anymore maintained so they have not received any bug fixes and should not be used anyway. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-12 20:07:12 +02:00
/* That does not anymore work because we have no more support
for v3 signatures. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
opt.escape_from=1;
opt.ask_sig_expire=0;
}
else if(PGP8)
{
opt.escape_from=1;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( def_cipher_string ) {
Still making gpg2 work. At least the keyids are now correctly computed again.
2006-05-24 13:12:28 +02:00
opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(def_cipher_string); def_cipher_string = NULL;
if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
log_error(_("selected cipher algorithm is invalid\n"));
}
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
if (def_aead_string)
{
opt.def_aead_algo = string_to_aead_algo (def_aead_string);
xfree (def_aead_string); def_aead_string = NULL;
if (openpgp_aead_test_algo (opt.def_aead_algo))
log_error(_("selected AEAD algorithm is invalid\n"));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( def_digest_string ) {
Still making gpg2 work. At least the keyids are now correctly computed again.
2006-05-24 13:12:28 +02:00
opt.def_digest_algo = string_to_digest_algo (def_digest_string);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(def_digest_string); def_digest_string = NULL;
if ( openpgp_md_test_algo (opt.def_digest_algo) )
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
log_error(_("selected digest algorithm is invalid\n"));
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if( compress_algo_string ) {
opt.compress_algo = string_to_compress_algo(compress_algo_string);
xfree(compress_algo_string); compress_algo_string = NULL;
if( check_compress_algo(opt.compress_algo) )
log_error(_("selected compression algorithm is invalid\n"));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
if( cert_digest_string ) {
Still making gpg2 work. At least the keyids are now correctly computed again.
2006-05-24 13:12:28 +02:00
opt.cert_digest_algo = string_to_digest_algo (cert_digest_string);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(cert_digest_string); cert_digest_string = NULL;
if (openpgp_md_test_algo(opt.cert_digest_algo))
log_error(_("selected certification digest algorithm is invalid\n"));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
if( s2k_cipher_string ) {
Still making gpg2 work. At least the keyids are now correctly computed again.
2006-05-24 13:12:28 +02:00
opt.s2k_cipher_algo = string_to_cipher_algo (s2k_cipher_string);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(s2k_cipher_string); s2k_cipher_string = NULL;
if (openpgp_cipher_test_algo (opt.s2k_cipher_algo))
log_error(_("selected cipher algorithm is invalid\n"));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
if( s2k_digest_string ) {
Still making gpg2 work. At least the keyids are now correctly computed again.
2006-05-24 13:12:28 +02:00
opt.s2k_digest_algo = string_to_digest_algo (s2k_digest_string);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(s2k_digest_string); s2k_digest_string = NULL;
if (openpgp_md_test_algo(opt.s2k_digest_algo))
log_error(_("selected digest algorithm is invalid\n"));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
if( opt.completes_needed < 1 )
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_error(_("completes-needed must be greater than 0\n"));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( opt.marginals_needed < 2 )
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_error(_("marginals-needed must be greater than 1\n"));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
if(opt.def_cert_level<0 || opt.def_cert_level>3)
log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
switch( opt.s2k_mode ) {
case 0:
gpg: No warning in quiet mode for S2K mode 0. --
2021-03-24 10:46:21 +01:00
if (!opt.quiet)
log_info(_("Note: simple S2K mode (0) is strongly discouraged\n"));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case 1: case 3: break;
default:
log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
}
/* This isn't actually needed, but does serve to error out if the
string is invalid. */
if(opt.def_preference_list &&
keygen_set_std_prefs(opt.def_preference_list,0))
log_error(_("invalid default preferences\n"));
if(pers_cipher_list &&
keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
log_error(_("invalid personal cipher preferences\n"));
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
if (pers_aead_list && keygen_set_std_prefs (pers_aead_list, PREFTYPE_AEAD))
log_error(_("invalid personal AEAD preferences\n"));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if(pers_digest_list &&
keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
log_error(_("invalid personal digest preferences\n"));
if(pers_compress_list &&
keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
log_error(_("invalid personal compress preferences\n"));
all: fix spelling and typos Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 21:56:18 +02:00
/* Check chunk size. Please fix also the man page if you change
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
* the default. The limits are given by the specs. */
if (!opt.chunk_size)
gpg: Use 128 MiB as default AEAD chunk size. * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-24 09:50:02 +02:00
opt.chunk_size = 27; /* Default to the suggested max of 128 MiB. */
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
else if (opt.chunk_size < 6)
{
opt.chunk_size = 6;
log_info (_("chunk size invalid - using %d\n"), opt.chunk_size);
}
gpg: Use 128 MiB as default AEAD chunk size. * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-24 09:50:02 +02:00
else if (opt.chunk_size > (allow_large_chunks? 62 : 27))
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
{
gpg: Use 128 MiB as default AEAD chunk size. * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-24 09:50:02 +02:00
opt.chunk_size = (allow_large_chunks? 62 : 27);
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
log_info (_("chunk size invalid - using %d\n"), opt.chunk_size);
}
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
/* We don't support all possible commands with multifile yet */
if(multifile)
{
char *cmdname;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
switch(cmd)
{
case aSign:
cmdname="--sign";
break;
gpg: Print a better error message for --multifile --sign --encrypt. * g10/gpg.c (main): Print a better error message for --multifile --sign --encrypt. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 1009
2015-11-04 13:27:49 +01:00
case aSignEncr:
cmdname="--sign --encrypt";
break;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
case aClearsign:
g10: Hyphenate --clearsign. * g10/gpg.c (opts): Hyphenate option. * doc/gpg.texi: Update accordingly. * po: Update translations. * tests/openpgp: Update tests. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-23 14:10:07 +02:00
cmdname="--clear-sign";
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
break;
case aDetachedSign:
cmdname="--detach-sign";
break;
case aSym:
cmdname="--symmetric";
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aEncrSym:
cmdname="--symmetric --encrypt";
break;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
case aStore:
cmdname="--store";
break;
default:
cmdname=NULL;
break;
}
if(cmdname)
log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( log_get_errorcount(0) )
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
{
write_status_failure ("option-postprocessing",
gpg_error(GPG_ERR_GENERAL));
g10_exit (2);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(opt.compress_level==0)
opt.compress_algo=COMPRESS_ALGO_NONE;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Check our chosen algorithms against the list of legal
algorithms. */
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
if(!GNUPG && !opt.flags.rfc4880bis)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
const char *badalg=NULL;
preftype_t badtype=PREFTYPE_NONE;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(opt.def_cipher_algo
&& !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Support DSA2. Support Camellia for testing. More audit stuff.
2007-12-12 11:28:30 +01:00
badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
badtype = PREFTYPE_SYM;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
else if(opt.def_aead_algo
&& !algo_available(PREFTYPE_AEAD, opt.def_aead_algo, NULL))
{
badalg = openpgp_aead_algo_name (opt.def_aead_algo);
badtype = PREFTYPE_AEAD;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else if(opt.def_digest_algo
&& !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
badalg = gcry_md_algo_name (opt.def_digest_algo);
badtype = PREFTYPE_HASH;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else if(opt.cert_digest_algo
&& !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
badalg = gcry_md_algo_name (opt.cert_digest_algo);
badtype = PREFTYPE_HASH;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else if(opt.compress_algo!=-1
&& !algo_available(PREFTYPE_ZIP,opt.compress_algo,NULL))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
badalg = compress_algo_to_string(opt.compress_algo);
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
badtype = PREFTYPE_ZIP;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(badalg)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
switch(badtype)
{
case PREFTYPE_SYM:
gpg,sm: String changes for compliance diagnostics. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 17:46:43 +02:00
log_info (_("cipher algorithm '%s'"
" may not be used in %s mode\n"),
badalg,
gnupg_compliance_option_string (opt.compliance));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
case PREFTYPE_AEAD:
log_info (_("AEAD algorithm '%s'"
" may not be used in %s mode\n"),
badalg,
gnupg_compliance_option_string (opt.compliance));
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case PREFTYPE_HASH:
gpg,sm: String changes for compliance diagnostics. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 17:46:43 +02:00
log_info (_("digest algorithm '%s'"
" may not be used in %s mode\n"),
badalg,
gnupg_compliance_option_string (opt.compliance));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case PREFTYPE_ZIP:
gpg,sm: String changes for compliance diagnostics. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 17:46:43 +02:00
log_info (_("compression algorithm '%s'"
" may not be used in %s mode\n"),
badalg,
gnupg_compliance_option_string (opt.compliance));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
default:
BUG();
}
compliance_failure();
}
}
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS. * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:01:40 +02:00
/* Check our chosen algorithms against the list of allowed
* algorithms in the current compliance mode, and fail hard if it
* is not. This is us being nice to the user informing her early
* that the chosen algorithms are not available. We also check
* and enforce this right before the actual operation. */
gpg: Add option and preference framework for AEAD. * common/openpgpdefs.h (aead_algo_t): New. (SIGSUBPKT_PREF_AEAD): New. * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New. (opts): New options --aead-algo and --personal-aead-preferences. (set_compliance_option): Clar aead algo. (main): Parse and check the new options * g10/options.h (struct opt): Add fields def_aead_algo and personal_aead_prefs. * g10/packet.h (PREFTYPE_AEAD): New enum value. (PKT_user_id): Add field flags.aead. (PKT_public_key): Add field flags.aead. * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD. * g10/getkey.c (fixup_uidnode): Set AEAD flag. (merge_selfsigs): Ditto. * g10/kbnode.c (dump_kbnode): Show aead flag. * g10/keyedit.c (show_prefs): Ditto. (show_key_with_all_names_colon): Ditto. * g10/keygen.c (aead_presf, n_aead_prefs): New vars. (set_one_pref): Suppport PREFTYPE_AEAD. (keygen_set_std_prefs): Parse AEAD preferences. (keygen_get_std_prefs): Ditto. (add_feature_aead): New. (keygen_upd_std_prefs): Call that and build AEAD pref packet. * g10/main.h (DEFAULT_AEAD_ALGO): New const. * g10/misc.c (openpgp_aead_test_algo): New. (openpgp_aead_algo_name): New. (string_to_aead_algo): New. (default_aead_algo): New. -- This is only used in --rfc4880bis mode and not really tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:42:38 +01:00
/* FIXME: We also need to check the AEAD algo. */
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS. * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:01:40 +02:00
if (opt.def_cipher_algo
&& ! gnupg_cipher_is_allowed (opt.compliance,
cmd == aEncr
|| cmd == aSignEncr
|| cmd == aEncrSym
|| cmd == aSym
|| cmd == aSignSym
|| cmd == aSignEncrSym,
opt.def_cipher_algo,
GCRY_CIPHER_MODE_NONE))
gpg,sm: String changes for compliance diagnostics. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 17:46:43 +02:00
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS. * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:01:40 +02:00
openpgp_cipher_algo_name (opt.def_cipher_algo),
gnupg_compliance_option_string (opt.compliance));
if (opt.def_digest_algo
&& ! gnupg_digest_is_allowed (opt.compliance,
cmd == aSign
|| cmd == aSignEncr
|| cmd == aSignEncrSym
|| cmd == aSignSym
|| cmd == aClearsign,
opt.def_digest_algo))
gpg,sm: String changes for compliance diagnostics. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 17:46:43 +02:00
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS. * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:01:40 +02:00
gcry_md_algo_name (opt.def_digest_algo),
gnupg_compliance_option_string (opt.compliance));
/* Fail hard. */
if (log_get_errorcount (0))
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
{
write_status_failure ("option-checking", gpg_error(GPG_ERR_GENERAL));
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS. * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:01:40 +02:00
g10_exit (2);
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
}
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS. * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:01:40 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* Set the random seed file. */
Replace all calls to access by gnupg_access * common/sysutils.c (gnupg_access): New. Replace all calls to access by this wrapper. * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8 directory name. (standard_homedir): Adjust for change. (w32_commondir, gnupg_cachedir): Ditto. -- Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows. This is required to correctly handle non-ascii filenames on Windows. GnuPG-bug-id: 5098
2020-10-20 10:43:55 +02:00
if (use_random_seed)
{
char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
if (!gnupg_access (p, F_OK))
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
register_secured_file (p);
xfree(p);
Replace all calls to access by gnupg_access * common/sysutils.c (gnupg_access): New. Replace all calls to access by this wrapper. * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8 directory name. (standard_homedir): Adjust for change. (w32_commondir, gnupg_cachedir): Ditto. -- Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows. This is required to correctly handle non-ascii filenames on Windows. GnuPG-bug-id: 5098
2020-10-20 10:43:55 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Fixed bug#1044. Use of --fingerprint with --with-fingerprint.
2009-05-20 12:23:33 +02:00
/* If there is no command but the --fingerprint is given, default
to the --list-keys command. */
if (!cmd && fpr_maybe_cmd)
{
set_cmd (&cmd, aListKeys);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( opt.verbose > 1 )
set_packet_list_mode(1);
gpg: New option --no-keyring. * g10/gpg.c (oNoKeyring): New. (opts): Add "--no-keyring". (main): Do not register any keyring if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:33:40 +02:00
/* Add the keyrings, but not for some special commands. We always
* need to add the keyrings if we are running under SELinux, this
* is so that the rings are added to the list of secured files.
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
* We do not add any keyring if --no-keyring or --use-keyboxd has
* been used. */
if (!opt.use_keyboxd
&& default_keyring >= 0
gpg: New option --no-keyring. * g10/gpg.c (oNoKeyring): New. (opts): Add "--no-keyring". (main): Do not register any keyring if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:33:40 +02:00
&& (ALWAYS_ADD_KEYRINGS
|| (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest)))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gpg: New option --no-keyring. * g10/gpg.c (oNoKeyring): New. (opts): Add "--no-keyring". (main): Do not register any keyring if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:33:40 +02:00
if (!nrings || default_keyring > 0) /* Add default ring. */
Make use of the *_NAME etc macros. Replace hardwired strings at many places with new macros from config.h and use the new strusage macro replacement feature. * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn sentinels. * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
gpg: First patches to support a keybox storage backend. * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to .. * kbx/keybox.h: here. * kbx/keybox-init.c (keybox_lock): Add dummy function * g10/keydb.c: Include keybox.h. (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX. (struct resource_item): Add field kb. (maybe_create_keyring_or_box): Add error descriptions to diagnostics. Add arg IS_BOX. Write a header for a new keybox file. (keydb_add_resource): No more need for the force flag. Rename the local variable "force" to "create". Add URL scheme "gnupg-kbx". Add magic test to detect a keybox file. Add basic support for keybox. (keydb_new, keydb_get_resource_name, keydb_delete_keyblock) (keydb_locate_writable, keydb_search_reset, keydb_search2): Add support for keybox. (lock_all, unlock_all): Ditto. * g10/Makefile.am (needed_libs): Add libkeybox.a. (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround. * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY) KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New. * g10/gpg.c, g10/gpgv.c (main): Use new constants. -- I did most of these changes back in 2011 and only cleaned them up now. More to follow soon.
2012-12-27 15:04:29 +01:00
KEYDB_RESOURCE_FLAG_DEFAULT);
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
for (sl = nrings; sl; sl = sl->next )
keydb_add_resource (sl->d, sl->flags);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
FREE_STRLIST(nrings);
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
/* In loopback mode, never ask for the password multiple times. */
Don't prompt for the password multiple times in pinentry loopback mode. * g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK, clear OPT.PASSPHRASE_REPEAT.
2015-06-16 16:00:39 +02:00
if (opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
{
opt.passphrase_repeat = 0;
}
gpg,sm: Avoid useless ASFW diagnostic in loopback mode. * common/sysutils.c (inhibit_set_foregound_window): New var. (gnupg_inhibit_set_foregound_window): New func. (gnupg_allow_set_foregound_window): Use var. * g10/gpg.c (main): Inhibit in loopback mode. * sm/gpgsm.c (main): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-13 15:20:49 +01:00
/* If no pinentry is expected shunt
* gnupg_allow_set_foregound_window to avoid useless error
* messages on Windows. */
if (opt.pinentry_mode != PINENTRY_MODE_ASK)
{
gnupg_inhibit_set_foregound_window (1);
}
.
2006-10-23 16:02:13 +02:00
if (cmd == aGPGConfTest)
g10_exit(0);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: New option --override-session-key-fd. * g10/gpg.c (oOverrideSessionKeyFD): New. (opts): Add option --override-session-key-fd. (main): Handle that option. (read_sessionkey_from_fd): New. -- The override-session-key feature was designed to mitigate the effect of the British RIP act by allowing to keep the private key private and hand out only a session key. For that use case the leaking of the session key would not be a problem. However there are other use cases, for example fast re-decryption after an initial decryption, which would benefit from concealing the session key from other users. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:02:53 +01:00
if (pwfd != -1) /* Read the passphrase now. */
read_passphrase_from_fd (pwfd);
if (ovrseskeyfd != -1 ) /* Read the sessionkey now. */
read_sessionkey_from_fd (ovrseskeyfd);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
fname = argc? *argv : NULL;
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
if(fname && utf8_strings)
opt.flags.utf8_filename=1;
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
ctrl = xcalloc (1, sizeof *ctrl);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
gpg_init_default_ctrl (ctrl);
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#ifndef NO_TRUST_MODELS
gpg: No need to create a trustdb when encrypting with --always-trust. * g10/gpg.c (main): Special case setup_trustdb for --encrypt. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-02 09:10:17 +02:00
switch (cmd)
{
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aPrimegen:
case aPrintMD:
case aPrintMDs:
case aGenRandom:
case aDeArmor:
case aEnArmor:
gpg: Avoid homedir creation by --list-config * g10/gpg.c (main): Do not register a key for the list config commands. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 19:22:48 +02:00
case aListConfig:
case aListGcryptConfig:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Print verbose instructions in case of a corrupted trustdb.
2009-07-22 11:43:10 +02:00
case aFixTrustDB:
gpg: No need to create a trustdb when encrypting with --always-trust. * g10/gpg.c (main): Special case setup_trustdb for --encrypt. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-02 09:10:17 +02:00
case aExportOwnerTrust:
rc = setup_trustdb (0, trustdb_name);
break;
case aListTrustDB:
rc = setup_trustdb (argc? 1:0, trustdb_name);
break;
gpg: Always initialize the trust db when generating keys. * g10/gpg.c (main): Always initialize the trust db when generating keys. * g10/keygen.c (do_generate_keypair): We can now assume that there is a trust db. -- It is important to mark keys we create as ultimately trusted. Fixes-commit: 4735ab96aa5577d40ba7b3f72d863057198cc6a7 GnuPG-bug-id: 2695 Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-02 16:25:20 +01:00
case aKeygen:
case aFullKeygen:
case aQuickKeygen:
rc = setup_trustdb (1, trustdb_name);
break;
gpg: Do not require a trustdb with --always-trust. * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE. * g10/trustdb.c (trustdb_args): Add field no_trustdb. (init_trustdb): Set that field. (revalidation_mark): Take care of a nonexistent trustdb file. (read_trust_options): Ditto. (tdb_get_ownertrust): Ditto. (tdb_get_min_ownertrust): Ditto. (tdb_update_ownertrust): Ditto. (update_min_ownertrust): Ditto. (tdb_clear_ownertrusts): Ditto. (tdb_cache_disabled_value): Ditto. (tdb_check_trustdb_stale): Ditto. (tdb_get_validity_core): Ditto. * g10/gpg.c (main): Do not create a trustdb with most commands for trust-model always. -- This slightly changes the semantics of most commands in that they won't create a trustdb if --trust-model=always is used. It just does not make sense to create a trustdb if there is no need for it. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e) Resolved conflicts: NEWS g10/trustdb.c: Manually apply changes due to changed function names. Note that this also includes the fix for clear_ownertrust, see GnuPG-bug-id: 1622.
2013-10-11 09:25:58 +02:00
default:
gpg: No need to create a trustdb when encrypting with --always-trust. * g10/gpg.c (main): Special case setup_trustdb for --encrypt. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-02 09:10:17 +02:00
/* If we are using TM_ALWAYS, we do not need to create the
trustdb. */
rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
break;
}
if (rc)
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
log_error (_("failed to initialize the TrustDB: %s\n"),
gpg_strerror (rc));
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#endif /*!NO_TRUST_MODELS*/
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
switch (cmd)
{
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case aStore:
case aSym:
case aSign:
case aSignSym:
case aClearsign:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if (!opt.quiet && any_explicit_recipient)
log_info (_("WARNING: recipients (-r) given "
"without using public key encryption\n"));
break;
default:
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Auto-migrate existing secring.gpg. * g10/migrate.c: New. * g10/import.c (import_old_secring): New. (import_one): Add arg silent. (transfer_secret_keys): Add arg batch. (import_secret_one): Add args batch and for_migration. * g10/gpg.c (main): Call migration function.
2014-06-05 11:19:59 +02:00
/* Check for certain command whether we need to migrate a
secring.gpg to the gpg-agent. */
switch (cmd)
{
case aListSecretKeys:
case aSign:
case aSignEncr:
case aSignEncrSym:
case aSignSym:
case aClearsign:
case aDecrypt:
case aSignKey:
case aLSignKey:
case aEditKey:
case aPasswd:
case aDeleteSecretKeys:
case aDeleteSecretAndPublicKeys:
gpg: Add command --quick-gen-key * g10/gpg.c (aQuickKeygen): New. * g10/misc.c (is_valid_user_id): New stub. * g10/keygen.c (quickgen_set_para): New. (quick_generate_keypair): New. -- Note that the validation of the specified user id has not yet been implemented.
2014-07-23 15:12:43 +02:00
case aQuickKeygen:
gpg: New command --quick-adduid. * g10/keygen.c (ask_user_id): Factor some code out to ... (uid_already_in_keyblock): new. (generate_user_id): Add arg UIDSTR. Fix leaked P. * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. (keyedit_quick_adduid): New. * g10/gpg.c (aQuickAddUid): New. (opts): Add command --quick-adduid. (main): Implement that. -- GnuPG-bug-id: 1956 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
case aQuickAddUid:
gpg: New command --quick-addkey. * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New. (ask_keysize): Factor code out to ... (get_keysize_range, fixup_keysize): new. (parse_parameter_usage): Factor parsing out to ... (parse_usagestr): new. Allow use of "encr" as alias for "encrypt". (parse_subkey_algostr_usagestr): New. (generate_subkeypair): Add new args. Implement unattended mode. * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ... (find_by_primary_fpr): new. (keyedit_quick_addkey): New. * g10/gpg.c (aQuickAddKey): New. (opts): Add --quick-addkey. (main): Implement. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:54:48 +02:00
case aQuickAddKey:
g10: Implement gpg --quick-revuid * g10/revoke.c (get_default_uid_revocation_reason): New. * g10/keyedit.c (menu_revuid): Break out creation of uid revocation into new function core_revuid. * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and uid, invokes core_revuid. * g10/gpg.c (main): Handle --quick-revuid argument. * doc/gpg.texi: Document --quick-revuid. -- This functionality is a counterpart to --quick-adduid, and will be useful for projects that depend programmatically on gpg to revoke user IDs (one such example is "monkeysphere-host revoke-servicename"). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> - Minor re-indentation work. - Changed a "0 == memcmp" to "!memcmp" - Removed tests/openpgp/quick-key-manipulation.test from the Makefile. This test needs to be converted to gpgscm. - Removed example from whats-new-in-2.1.txt because that is generated. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-17 00:05:57 +02:00
case aQuickRevUid:
gpg: New command --quick-set-primary-uid. * g10/gpg.c (aQuickSetPrimaryUid): New const. (opts): New command --quick-set-primary-uid. (main): Implement it. * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ... (quick_find_keyblock): new func. (keyedit_quick_revuid): Use quick_find_keyblock. (keyedit_quick_set_primary): New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 14:47:21 +01:00
case aQuickSetPrimaryUid:
gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
case aFullKeygen:
gpg: Auto-migrate existing secring.gpg. * g10/migrate.c: New. * g10/import.c (import_old_secring): New. (import_one): Add arg silent. (transfer_secret_keys): Add arg batch. (import_secret_one): Add args batch and for_migration. * g10/gpg.c (main): Call migration function.
2014-06-05 11:19:59 +02:00
case aKeygen:
case aImport:
case aExportSecret:
case aExportSecretSub:
case aGenRevoke:
case aDesigRevoke:
case aCardEdit:
case aChangePIN:
migrate_secring (ctrl);
break;
case aListKeys:
if (opt.with_secret)
migrate_secring (ctrl);
break;
default:
break;
}
/* The command dispatcher. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
switch( cmd )
{
Started to code a --server mode. It is far from being ready!
2006-12-21 20:40:00 +01:00
case aServer:
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
gpg_server (ctrl);
Started to code a --server mode. It is far from being ready!
2006-12-21 20:40:00 +01:00
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aStore: /* only store the file */
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--store [filename]");
Rename encode.c to encrypt.c. Rename function in a simlar way. Re-indent encrypt.c
2009-09-28 16:37:48 +02:00
if( (rc = encrypt_store(fname)) )
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("store", rc);
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error ("storing '%s' failed: %s\n",
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
print_fname_stdin(fname),gpg_strerror (rc) );
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aSym: /* encrypt the given file only with the symmetric cipher */
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--symmetric [filename]");
Rename encode.c to encrypt.c. Rename function in a simlar way. Re-indent encrypt.c
2009-09-28 16:37:48 +02:00
if( (rc = encrypt_symmetric(fname)) )
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("symencrypt", rc);
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error (_("symmetric encryption of '%s' failed: %s\n"),
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
print_fname_stdin(fname),gpg_strerror (rc) );
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aEncr: /* encrypt the given file */
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
if(multifile)
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
encrypt_crypt_files (ctrl, argc, argv, remusr);
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
else
{
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--encrypt [filename]");
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 0, NULL, -1)) )
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("encrypt", rc);
log_error("%s: encryption failed: %s\n",
print_fname_stdin(fname), gpg_strerror (rc) );
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
break;
case aEncrSym:
/* This works with PGP 8 in the sense that it acts just like a
symmetric message. It doesn't work at all with 2 or 6. It
might work with 7, but alas, I don't have a copy to test
with right now. */
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--symmetric --encrypt [filename]");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else if(opt.s2k_mode==0)
log_error(_("you cannot use --symmetric --encrypt"
" with --s2k-mode 0\n"));
gpg: Remove PGP6 compliance mode. * g10/gpg.c: Make --pgp6 an alias for --pgp7. * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6. * g10/options.h (PGP6): Remove. Adjust all users. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 13:01:12 +02:00
else if (PGP7)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_error(_("you cannot use --symmetric --encrypt"
gpg,sm: String changes for compliance diagnostics. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 17:46:43 +02:00
" in %s mode\n"),
common,gpg: Move the compliance option printer. * common/compliance.c (gnupg_compliance_option_string): New function. * common/compliance.h (gnupg_compliance_option_string): New prototype. * g10/encrypt.c (write_pubkey_enc_from_list): Update callsite. * g10/gpg.c (main): Likewise. * g10/keyedit.c (keyedit_menu): Likewise. * g10/pkclist.c (build_pk_list): Likewise. * g10/main.h (compliance_option_string): Remove prototype. * g10/misc.c (compliance_option_string): Remove function. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 12:33:36 +02:00
gnupg_compliance_option_string (opt.compliance));
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else
{
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 1, NULL, -1)) )
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("encrypt", rc);
log_error ("%s: encryption failed: %s\n",
print_fname_stdin(fname), gpg_strerror (rc) );
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aSign: /* sign the given file */
sl = NULL;
if( detached_sig ) { /* sign all files */
for( ; argc; argc--, argv++ )
add_to_strlist( &sl, *argv );
}
else {
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--sign [filename]");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( argc ) {
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
sl = xmalloc_clear( sizeof *sl + strlen(fname));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
strcpy(sl->d, fname);
}
}
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 0, NULL, NULL)))
{
write_status_failure ("sign", rc);
log_error ("signing failed: %s\n", gpg_strerror (rc) );
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
free_strlist(sl);
break;
case aSignEncr: /* sign and encrypt the given file */
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--sign --encrypt [filename]");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( argc ) {
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
sl = xmalloc_clear( sizeof *sl + strlen(fname));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
strcpy(sl->d, fname);
}
else
sl = NULL;
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 1, remusr, NULL)))
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("sign-encrypt", rc);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_error("%s: sign+encrypt failed: %s\n",
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
print_fname_stdin(fname), gpg_strerror (rc) );
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
free_strlist(sl);
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aSignEncrSym: /* sign and encrypt the given file */
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--symmetric --sign --encrypt [filename]");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else if(opt.s2k_mode==0)
log_error(_("you cannot use --symmetric --sign --encrypt"
" with --s2k-mode 0\n"));
gpg: Remove PGP6 compliance mode. * g10/gpg.c: Make --pgp6 an alias for --pgp7. * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6. * g10/options.h (PGP6): Remove. Adjust all users. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 13:01:12 +02:00
else if (PGP7)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_error(_("you cannot use --symmetric --sign --encrypt"
gpg,sm: String changes for compliance diagnostics. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 17:46:43 +02:00
" in %s mode\n"),
common,gpg: Move the compliance option printer. * common/compliance.c (gnupg_compliance_option_string): New function. * common/compliance.h (gnupg_compliance_option_string): New prototype. * g10/encrypt.c (write_pubkey_enc_from_list): Update callsite. * g10/gpg.c (main): Likewise. * g10/keyedit.c (keyedit_menu): Likewise. * g10/pkclist.c (build_pk_list): Likewise. * g10/main.h (compliance_option_string): Remove prototype. * g10/misc.c (compliance_option_string): Remove function. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 12:33:36 +02:00
gnupg_compliance_option_string (opt.compliance));
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else
{
if( argc )
{
sl = xmalloc_clear( sizeof *sl + strlen(fname));
strcpy(sl->d, fname);
}
else
sl = NULL;
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if ((rc = sign_file (ctrl, sl, detached_sig, locusr,
2, remusr, NULL)))
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("sign-encrypt", rc);
log_error("%s: symmetric+sign+encrypt failed: %s\n",
print_fname_stdin(fname), gpg_strerror (rc) );
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
free_strlist(sl);
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aSignSym: /* sign and conventionally encrypt the given file */
if (argc > 1)
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--sign --symmetric [filename]");
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
rc = sign_symencrypt_file (ctrl, fname, locusr);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if (rc)
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("sign-symencrypt", rc);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
log_error("%s: sign+symmetric failed: %s\n",
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
print_fname_stdin(fname), gpg_strerror (rc) );
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aClearsign: /* make a clearsig */
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--clear-sign [filename]");
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
if( (rc = clearsign_file (ctrl, fname, locusr, NULL)) )
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("sign", rc);
g10: Hyphenate --clearsign. * g10/gpg.c (opts): Hyphenate option. * doc/gpg.texi: Update accordingly. * po: Update translations. * tests/openpgp: Update tests. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-23 14:10:07 +02:00
log_error("%s: clear-sign failed: %s\n",
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
print_fname_stdin(fname), gpg_strerror (rc) );
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aVerify:
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if (multifile)
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
{
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if ((rc = verify_files (ctrl, argc, argv)))
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
log_error("verify files failed: %s\n", gpg_strerror (rc) );
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
else
{
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if ((rc = verify_signatures (ctrl, argc, argv)))
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
log_error("verify signatures failed: %s\n", gpg_strerror (rc) );
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
}
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
if (rc)
write_status_failure ("verify", rc);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aDecrypt:
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if (multifile)
decrypt_messages (ctrl, argc, argv);
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
else
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--decrypt [filename]");
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if( (rc = decrypt_message (ctrl, fname) ))
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("decrypt", rc);
log_error("decrypt_message failed: %s\n", gpg_strerror (rc) );
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
gpg: Add commands --quick-sign-key and --quick-lsign-key. * g10/gpg.c (main): Add commands --quick-sign-key and --quick-lsign-key. * g10/keyedit.c (sign_uids): Add args FP and QUICK. (keyedit_quick_sign): New. (show_key_with_all_names): Add arg NOWARN.
2014-03-27 16:33:40 +01:00
case aQuickSignKey:
case aQuickLSignKey:
{
const char *fpr;
if (argc < 1)
wrong_args ("--quick-[l]sign-key fingerprint [userids]");
fpr = *argv++; argc--;
sl = NULL;
for( ; argc; argc--, argv++)
append_to_strlist2 (&sl, *argv, utf8_strings);
keyedit_quick_sign (ctrl, fpr, sl, locusr, (cmd == aQuickLSignKey));
free_strlist (sl);
}
break;
gpg: New command --quick-revoke-sig * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig. (opts): Add --quick-revoke-sig. (main): Implement. * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and adjust all callers. (keyedit_quick_revsig): new. * g10/revoke.c (get_default_sig_revocation_reason): New. * g10/keylist.c (cmp_signodes): Make global. -- GnuPG-bug-id: 5093
2020-10-28 17:06:27 +01:00
case aQuickRevSig:
{
const char *userid, *siguserid;
if (argc < 2)
wrong_args ("--quick-revoke-sig USER-ID SIG-USER-ID [userids]");
userid = *argv++; argc--;
siguserid = *argv++; argc--;
sl = NULL;
for( ; argc; argc--, argv++)
append_to_strlist2 (&sl, *argv, utf8_strings);
keyedit_quick_revsig (ctrl, userid, siguserid, sl);
free_strlist (sl);
}
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aSignKey:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( argc != 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--sign-key user-id");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* fall through */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aLSignKey:
if( argc != 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--lsign-key user-id");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* fall through */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
sl=NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(cmd==aSignKey)
append_to_strlist(&sl,"sign");
else if(cmd==aLSignKey)
append_to_strlist(&sl,"lsign");
else
BUG();
append_to_strlist( &sl, "save" );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
username = make_username( fname );
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
keyedit_menu (ctrl, username, locusr, sl, 0, 0 );
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(username);
free_strlist(sl);
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aEditKey: /* Edit a key signature */
if( !argc )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--edit-key user-id [commands]");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
username = make_username( fname );
if( argc > 1 ) {
sl = NULL;
for( argc--, argv++ ; argc; argc--, argv++ )
append_to_strlist( &sl, *argv );
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
keyedit_menu (ctrl, username, locusr, sl, 0, 1 );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
free_strlist(sl);
}
else
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
keyedit_menu (ctrl, username, locusr, NULL, 0, 1 );
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(username);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
case aPasswd:
if (argc != 1)
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("--change-passphrase <user-id>");
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
else
{
username = make_username (fname);
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
keyedit_passwd (ctrl, username);
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
xfree (username);
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aDeleteKeys:
case aDeleteSecretKeys:
case aDeleteSecretAndPublicKeys:
sl = NULL;
gpg: Print a note if no args are given to --delete-key -- It is a bit surprising that nothing happens if no key is specified to --delete-key et al. Although this is common Unix behaviour the use might have expected that it behaves like --export and deletes all keys. Sure we don't do the latter, so a short notice will help. GnuPG-bug-id: 4959 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-09 11:24:54 +02:00
/* Print a note if the user did not specify any key. */
if (!argc && !opt.quiet)
log_info (_("Note: %s\n"), gpg_strerror (GPG_ERR_NO_KEY));
/* I'm adding these in reverse order as add_to_strlist2
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
reverses them again, and it's easier to understand in the
proper order :) */
for( ; argc; argc-- )
add_to_strlist2( &sl, argv[argc-1], utf8_strings );
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
delete_keys (ctrl, sl,
cmd==aDeleteSecretKeys, cmd==aDeleteSecretAndPublicKeys);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
free_strlist(sl);
break;
case aCheckKeys:
g10, sm, dirmngr, common: Add comment for fall through. * common/b64dec.c (b64dec_proc): Comment to clarify. * dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify. * dirmngr/dirmngr-client.c (read_pem_certificate): Likewise. * dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise. * g10/armor.c (unarmor_pump): Likewise. * g10/gpg.c (main): Likewise. * g10/import.c (read_block): Likewise. * g10/keygen.c (make_backsig): Likewise. * g10/pkclist.c (check_signatures_trust): Likewise. * sm/gpgsm.c (main): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-10 04:01:15 +02:00
opt.check_sigs = 1; /* fall through */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aListSigs:
g10, sm, dirmngr, common: Add comment for fall through. * common/b64dec.c (b64dec_proc): Comment to clarify. * dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify. * dirmngr/dirmngr-client.c (read_pem_certificate): Likewise. * dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise. * g10/armor.c (unarmor_pump): Likewise. * g10/gpg.c (main): Likewise. * g10/import.c (read_block): Likewise. * g10/keygen.c (make_backsig): Likewise. * g10/pkclist.c (check_signatures_trust): Likewise. * sm/gpgsm.c (main): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-10 04:01:15 +02:00
opt.list_sigs = 1; /* fall through */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aListKeys:
sl = NULL;
for( ; argc; argc--, argv++ )
add_to_strlist2( &sl, *argv, utf8_strings );
gpg: New command --locate-external-key. * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:13:26 +02:00
public_key_list (ctrl, sl, 0, 0);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
free_strlist(sl);
break;
case aListSecretKeys:
sl = NULL;
for( ; argc; argc--, argv++ )
add_to_strlist2( &sl, *argv, utf8_strings );
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
secret_key_list (ctrl, sl);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
free_strlist(sl);
break;
Add command --locate-key. Fix auto-key-locate processing of "nodefault".
2008-05-07 17:40:36 +02:00
case aLocateKeys:
gpg: New command --locate-external-key. * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:13:26 +02:00
case aLocateExtKeys:
Add command --locate-key. Fix auto-key-locate processing of "nodefault".
2008-05-07 17:40:36 +02:00
sl = NULL;
for (; argc; argc--, argv++)
add_to_strlist2( &sl, *argv, utf8_strings );
gpg: Allow --locate-external-key even with --no-auto-key-locate. * g10/getkey.c (akl_empty_or_only_local): New. * g10/gpg.c (DEFAULT_AKL_LIST): New. (main): Use it here. (main) <aLocateExtKeys>: Set default AKL if none is set. -- This better matches the expectations of the user. The used list in this case is the default list ("local,wkd") with local ignored by the command anyway. GnuPG-bug-id: 4662 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 13:22:15 +02:00
if (cmd == aLocateExtKeys && akl_empty_or_only_local ())
{
/* This is a kludge to let --locate-external-keys even
* work if the config file has --no-auto-key-locate. This
* better matches the expectations of the user. */
release_akl ();
parse_auto_key_locate (DEFAULT_AKL_LIST);
}
gpg: New command --locate-external-key. * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:13:26 +02:00
public_key_list (ctrl, sl, 1, cmd == aLocateExtKeys);
gpg: Allow --locate-external-key even with --no-auto-key-locate. * g10/getkey.c (akl_empty_or_only_local): New. * g10/gpg.c (DEFAULT_AKL_LIST): New. (main): Use it here. (main) <aLocateExtKeys>: Set default AKL if none is set. -- This better matches the expectations of the user. The used list in this case is the default list ("local,wkd") with local ignored by the command anyway. GnuPG-bug-id: 4662 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 13:22:15 +02:00
Add command --locate-key. Fix auto-key-locate processing of "nodefault".
2008-05-07 17:40:36 +02:00
free_strlist (sl);
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Add command --quick-gen-key * g10/gpg.c (aQuickKeygen): New. * g10/misc.c (is_valid_user_id): New stub. * g10/keygen.c (quickgen_set_para): New. (quick_generate_keypair): New. -- Note that the validation of the specified user id has not yet been implemented.
2014-07-23 15:12:43 +02:00
case aQuickKeygen:
gpg: Extend the --quick-gen-key command. * g10/keygen.c (quickgen_set_para): Add arg 'use'. (quick_generate_keypair): Add args 'algostr', 'usagestr', and 'expirestr'. Implement primary only key mode. (parse_algo_usage_expire): Set NBITS for the default algo. * g10/gpg.c (main): Extend --quick-gen-key command. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 18:38:10 +02:00
{
const char *x_algo, *x_usage, *x_expire;
if (argc < 1 || argc > 4)
g10: Rework the --quick-* interface. * g10/gpg.c (opts): Rename options. (main): Update errors. * doc/gpg.texi: Update accordingly. -- I decided not to keep the old versions as aliases in the documentation because the interface is a fairly recent addition. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
wrong_args("--quick-generate-key USER-ID [ALGO [USAGE [EXPIRE]]]");
gpg: Extend the --quick-gen-key command. * g10/keygen.c (quickgen_set_para): Add arg 'use'. (quick_generate_keypair): Add args 'algostr', 'usagestr', and 'expirestr'. Implement primary only key mode. (parse_algo_usage_expire): Set NBITS for the default algo. * g10/gpg.c (main): Extend --quick-gen-key command. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 18:38:10 +02:00
username = make_username (fname);
argv++, argc--;
x_algo = "";
x_usage = "";
x_expire = "";
if (argc)
{
x_algo = *argv++; argc--;
if (argc)
{
x_usage = *argv++; argc--;
if (argc)
gpg: Fix command line parsing of --quick-addkey and --quick-gen-key. * g10/gpg.c (main): Compose a block by curly braces. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-07 07:16:32 +02:00
{
x_expire = *argv++; argc--;
}
gpg: Extend the --quick-gen-key command. * g10/keygen.c (quickgen_set_para): Add arg 'use'. (quick_generate_keypair): Add args 'algostr', 'usagestr', and 'expirestr'. Implement primary only key mode. (parse_algo_usage_expire): Set NBITS for the default algo. * g10/gpg.c (main): Extend --quick-gen-key command. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 18:38:10 +02:00
}
}
quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire);
xfree (username);
}
gpg: Add command --quick-gen-key * g10/gpg.c (aQuickKeygen): New. * g10/misc.c (is_valid_user_id): New stub. * g10/keygen.c (quickgen_set_para): New. (quick_generate_keypair): New. -- Note that the validation of the specified user id has not yet been implemented.
2014-07-23 15:12:43 +02:00
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aKeygen: /* generate a key */
if( opt.batch ) {
if( argc > 1 )
g10,sm: Spell out --gen-key. * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-14 16:59:23 +01:00
wrong_args("--generate-key [parameterfile]");
gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
else {
Allow --gen-key to inquire a passphrase. * g10/gpg.c (main): test for --command-fd during --gen-key parse. When --command-fd is set then imply --batch to let gpg inquire a passphrase rather than requiring a pinentry.
2015-04-15 00:48:57 +02:00
if (opt.command_fd != -1 && argc)
{
if( argc > 1 )
g10,sm: Spell out --gen-key. * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-14 16:59:23 +01:00
wrong_args("--generate-key [parameterfile]");
Allow --gen-key to inquire a passphrase. * g10/gpg.c (main): test for --command-fd during --gen-key parse. When --command-fd is set then imply --batch to let gpg inquire a passphrase rather than requiring a pinentry.
2015-04-15 00:48:57 +02:00
opt.batch = 1;
generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
}
else if (argc)
g10,sm: Spell out --gen-key. * g10/gpg.c (opts): Spell out option. * sm/gpgsm.c (opts): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-14 16:59:23 +01:00
wrong_args ("--generate-key");
Allow --gen-key to inquire a passphrase. * g10/gpg.c (main): test for --command-fd during --gen-key parse. When --command-fd is set then imply --batch to let gpg inquire a passphrase rather than requiring a pinentry.
2015-04-15 00:48:57 +02:00
else
generate_keypair (ctrl, 0, NULL, NULL, 0);
gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
}
break;
case aFullKeygen: /* Generate a key with all options. */
if (opt.batch)
{
if (argc > 1)
g10: Spell out --full-gen-key. * g10/gpg.c (opts): Spell out option. (main): Likewise. * g10/keygen.c (generate_keypair): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 15:10:39 +01:00
wrong_args ("--full-generate-key [parameterfile]");
gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
generate_keypair (ctrl, 1, argc? *argv : NULL, NULL, 0);
}
else
{
if (argc)
g10: Spell out --full-gen-key. * g10/gpg.c (opts): Spell out option. (main): Likewise. * g10/keygen.c (generate_keypair): Likewise. * doc/gpg.texi: Update accordingly. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 15:10:39 +01:00
wrong_args("--full-generate-key");
gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
generate_keypair (ctrl, 1, NULL, NULL, 0);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
break;
gpg: New command --quick-adduid. * g10/keygen.c (ask_user_id): Factor some code out to ... (uid_already_in_keyblock): new. (generate_user_id): Add arg UIDSTR. Fix leaked P. * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. (keyedit_quick_adduid): New. * g10/gpg.c (aQuickAddUid): New. (opts): Add command --quick-adduid. (main): Implement that. -- GnuPG-bug-id: 1956 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
case aQuickAddUid:
{
const char *uid, *newuid;
if (argc != 2)
g10: Rework the --quick-* interface. * g10/gpg.c (opts): Rename options. (main): Update errors. * doc/gpg.texi: Update accordingly. -- I decided not to keep the old versions as aliases in the documentation because the interface is a fairly recent addition. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
wrong_args ("--quick-add-uid USER-ID NEW-USER-ID");
gpg: New command --quick-adduid. * g10/keygen.c (ask_user_id): Factor some code out to ... (uid_already_in_keyblock): new. (generate_user_id): Add arg UIDSTR. Fix leaked P. * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. (keyedit_quick_adduid): New. * g10/gpg.c (aQuickAddUid): New. (opts): Add command --quick-adduid. (main): Implement that. -- GnuPG-bug-id: 1956 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
uid = *argv++; argc--;
newuid = *argv++; argc--;
keyedit_quick_adduid (ctrl, uid, newuid);
}
gpg: New command --quick-addkey. * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New. (ask_keysize): Factor code out to ... (get_keysize_range, fixup_keysize): new. (parse_parameter_usage): Factor parsing out to ... (parse_usagestr): new. Allow use of "encr" as alias for "encrypt". (parse_subkey_algostr_usagestr): New. (generate_subkeypair): Add new args. Implement unattended mode. * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ... (find_by_primary_fpr): new. (keyedit_quick_addkey): New. * g10/gpg.c (aQuickAddKey): New. (opts): Add --quick-addkey. (main): Implement. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:54:48 +02:00
break;
case aQuickAddKey:
{
const char *x_fpr, *x_algo, *x_usage, *x_expire;
if (argc < 1 || argc > 4)
g10: Rework the --quick-* interface. * g10/gpg.c (opts): Rename options. (main): Update errors. * doc/gpg.texi: Update accordingly. -- I decided not to keep the old versions as aliases in the documentation because the interface is a fairly recent addition. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
wrong_args ("--quick-add-key FINGERPRINT [ALGO [USAGE [EXPIRE]]]");
gpg: New command --quick-addkey. * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New. (ask_keysize): Factor code out to ... (get_keysize_range, fixup_keysize): new. (parse_parameter_usage): Factor parsing out to ... (parse_usagestr): new. Allow use of "encr" as alias for "encrypt". (parse_subkey_algostr_usagestr): New. (generate_subkeypair): Add new args. Implement unattended mode. * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ... (find_by_primary_fpr): new. (keyedit_quick_addkey): New. * g10/gpg.c (aQuickAddKey): New. (opts): Add --quick-addkey. (main): Implement. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:54:48 +02:00
x_fpr = *argv++; argc--;
x_algo = "";
x_usage = "";
x_expire = "";
if (argc)
{
x_algo = *argv++; argc--;
if (argc)
{
x_usage = *argv++; argc--;
if (argc)
gpg: Fix command line parsing of --quick-addkey and --quick-gen-key. * g10/gpg.c (main): Compose a block by curly braces. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-07 07:16:32 +02:00
{
x_expire = *argv++; argc--;
}
gpg: New command --quick-addkey. * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New. (ask_keysize): Factor code out to ... (get_keysize_range, fixup_keysize): new. (parse_parameter_usage): Factor parsing out to ... (parse_usagestr): new. Allow use of "encr" as alias for "encrypt". (parse_subkey_algostr_usagestr): New. (generate_subkeypair): Add new args. Implement unattended mode. * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ... (find_by_primary_fpr): new. (keyedit_quick_addkey): New. * g10/gpg.c (aQuickAddKey): New. (opts): Add --quick-addkey. (main): Implement. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:54:48 +02:00
}
}
keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire);
}
gpg: New command --quick-adduid. * g10/keygen.c (ask_user_id): Factor some code out to ... (uid_already_in_keyblock): new. (generate_user_id): Add arg UIDSTR. Fix leaked P. * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. (keyedit_quick_adduid): New. * g10/gpg.c (aQuickAddUid): New. (opts): Add command --quick-adduid. (main): Implement that. -- GnuPG-bug-id: 1956 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
break;
g10: Implement gpg --quick-revuid * g10/revoke.c (get_default_uid_revocation_reason): New. * g10/keyedit.c (menu_revuid): Break out creation of uid revocation into new function core_revuid. * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and uid, invokes core_revuid. * g10/gpg.c (main): Handle --quick-revuid argument. * doc/gpg.texi: Document --quick-revuid. -- This functionality is a counterpart to --quick-adduid, and will be useful for projects that depend programmatically on gpg to revoke user IDs (one such example is "monkeysphere-host revoke-servicename"). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> - Minor re-indentation work. - Changed a "0 == memcmp" to "!memcmp" - Removed tests/openpgp/quick-key-manipulation.test from the Makefile. This test needs to be converted to gpgscm. - Removed example from whats-new-in-2.1.txt because that is generated. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-17 00:05:57 +02:00
case aQuickRevUid:
{
const char *uid, *uidtorev;
if (argc != 2)
g10: Rework the --quick-* interface. * g10/gpg.c (opts): Rename options. (main): Update errors. * doc/gpg.texi: Update accordingly. -- I decided not to keep the old versions as aliases in the documentation because the interface is a fairly recent addition. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
wrong_args ("--quick-revoke-uid USER-ID USER-ID-TO-REVOKE");
g10: Implement gpg --quick-revuid * g10/revoke.c (get_default_uid_revocation_reason): New. * g10/keyedit.c (menu_revuid): Break out creation of uid revocation into new function core_revuid. * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and uid, invokes core_revuid. * g10/gpg.c (main): Handle --quick-revuid argument. * doc/gpg.texi: Document --quick-revuid. -- This functionality is a counterpart to --quick-adduid, and will be useful for projects that depend programmatically on gpg to revoke user IDs (one such example is "monkeysphere-host revoke-servicename"). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> - Minor re-indentation work. - Changed a "0 == memcmp" to "!memcmp" - Removed tests/openpgp/quick-key-manipulation.test from the Makefile. This test needs to be converted to gpgscm. - Removed example from whats-new-in-2.1.txt because that is generated. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-17 00:05:57 +02:00
uid = *argv++; argc--;
uidtorev = *argv++; argc--;
keyedit_quick_revuid (ctrl, uid, uidtorev);
}
break;
gpg: New option --quick-set-expire. * g10/gpg.c (aQuickSetExpire): New. (opts): New option --quick-set-expire. (main): Implement option. * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and NEWEXPIRATION. Change semantics of the return value. Change caller. (keyedit_quick_set_expire): New. -- This patch partly solves GnuPG-bug-id: 2701
2016-12-05 10:58:39 +01:00
case aQuickSetExpire:
{
const char *x_fpr, *x_expire;
gpg: Extend --quick-set-expire to allow subkey expiration setting. * g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs. (menu_expire): Rename arg force_mainkey to unattended and allow unattended changing of subkey expiration. * g10/gpg.c (main): Extend --quick-set-expire. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-21 14:12:55 +02:00
if (argc < 2)
wrong_args ("--quick-set-exipre FINGERPRINT EXPIRE [SUBKEY-FPRS]");
gpg: New option --quick-set-expire. * g10/gpg.c (aQuickSetExpire): New. (opts): New option --quick-set-expire. (main): Implement option. * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and NEWEXPIRATION. Change semantics of the return value. Change caller. (keyedit_quick_set_expire): New. -- This patch partly solves GnuPG-bug-id: 2701
2016-12-05 10:58:39 +01:00
x_fpr = *argv++; argc--;
x_expire = *argv++; argc--;
gpg: Extend --quick-set-expire to allow subkey expiration setting. * g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs. (menu_expire): Rename arg force_mainkey to unattended and allow unattended changing of subkey expiration. * g10/gpg.c (main): Extend --quick-set-expire. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-21 14:12:55 +02:00
keyedit_quick_set_expire (ctrl, x_fpr, x_expire, argv);
gpg: New option --quick-set-expire. * g10/gpg.c (aQuickSetExpire): New. (opts): New option --quick-set-expire. (main): Implement option. * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and NEWEXPIRATION. Change semantics of the return value. Change caller. (keyedit_quick_set_expire): New. -- This patch partly solves GnuPG-bug-id: 2701
2016-12-05 10:58:39 +01:00
}
break;
gpg: New command --quick-set-primary-uid. * g10/gpg.c (aQuickSetPrimaryUid): New const. (opts): New command --quick-set-primary-uid. (main): Implement it. * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ... (quick_find_keyblock): new func. (keyedit_quick_revuid): Use quick_find_keyblock. (keyedit_quick_set_primary): New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 14:47:21 +01:00
case aQuickSetPrimaryUid:
{
const char *uid, *primaryuid;
if (argc != 2)
wrong_args ("--quick-set-primary-uid USER-ID PRIMARY-USER-ID");
uid = *argv++; argc--;
primaryuid = *argv++; argc--;
keyedit_quick_set_primary (ctrl, uid, primaryuid);
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aFastImport:
g10, sm, dirmngr, common: Add comment for fall through. * common/b64dec.c (b64dec_proc): Comment to clarify. * dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify. * dirmngr/dirmngr-client.c (read_pem_certificate): Likewise. * dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise. * g10/armor.c (unarmor_pump): Likewise. * g10/gpg.c (main): Likewise. * g10/import.c (read_block): Likewise. * g10/keygen.c (make_backsig): Likewise. * g10/pkclist.c (check_signatures_trust): Likewise. * sm/gpgsm.c (main): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-10 04:01:15 +02:00
opt.import_options |= IMPORT_FAST; /* fall through */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aImport:
gpg: New command --show-keys. * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 11:50:58 +02:00
case aShowKeys:
gpg: Pass key origin values to import functions. * g10/import.c (import_keys_stream): Remove this unused function. (import_keys_internal): Add arg origin. (import_keys): Ditto. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. (apply_meta_data): New stub. (import_secret_one): Pass 0 for ORIGIN. * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN. (keyserver_fetch): Add arg origin. (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN. (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN. * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and keyserver_fetch. * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN. -- This is just the framework; applying the meta data will be done in another commit. GnuPG-bug-id: 3252 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 18:22:36 +02:00
import_keys (ctrl, argc? argv:NULL, argc, NULL,
gpg: Extend --key-origin to take an optional URL arg. * g10/getkey.c (parse_key_origin): Parse appended URL. * g10/options.h (struct opt): Add field 'key_origin_url'. * g10/gpg.c (main) <aImport>: Pass that option to import_keys. * g10/import.c (apply_meta_data): Extend for file and url. * g10/keyserver.c (keyserver_fetch): Pass the url to import_keys_es_stream. -- Example: gpg --key-origin url,myscheme://bla --import FILE Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 21:07:03 +02:00
opt.import_options, opt.key_origin, opt.key_origin_url);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
/* TODO: There are a number of command that use this same
"make strlist, call function, report error, free strlist"
pattern. Join them together here and avoid all that
duplicated code. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aExport:
case aSendKeys:
case aRecvKeys:
sl = NULL;
for( ; argc; argc--, argv++ )
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
append_to_strlist2( &sl, *argv, utf8_strings );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( cmd == aSendKeys )
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
rc = keyserver_export (ctrl, sl );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else if( cmd == aRecvKeys )
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
rc = keyserver_import (ctrl, sl );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:02:35 +01:00
{
export_stats_t stats = export_new_stats ();
rc = export_pubkeys (ctrl, sl, opt.export_options, stats);
export_print_stats (stats);
export_release_stats (stats);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if(rc)
{
if(cmd==aSendKeys)
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("send-keys", rc);
log_error(_("keyserver send failed: %s\n"),gpg_strerror (rc));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else if(cmd==aRecvKeys)
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("recv-keys", rc);
log_error (_("keyserver receive failed: %s\n"),
gpg_strerror (rc));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("export", rc);
log_error (_("key export failed: %s\n"), gpg_strerror (rc));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
free_strlist(sl);
break;
gpg: New command --export-ssh-key * g10/export.c: Include membuf.h and host2net.h. (key_to_sshblob): New. (export_ssh_key): New. * g10/gpg.c (aExportSshKey): New. (opts): Add command. (main): Implement that command. -- GnuPG-bug-id: 2212 I have done only a few tests rights now and the ECDSA curves do not yet work. However ssh-keygen -l accept RSA and ed25519 keys exported using this command. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 17:22:32 +01:00
case aExportSshKey:
if (argc != 1)
wrong_args ("--export-ssh-key <user-id>");
rc = export_ssh_key (ctrl, argv[0]);
if (rc)
{
write_status_failure ("export-ssh-key", rc);
log_error (_("export as ssh key failed: %s\n"), gpg_strerror (rc));
}
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aSearchKeys:
sl = NULL;
Keyserver search and get basically works again.
2011-01-18 12:51:16 +01:00
for (; argc; argc--, argv++)
append_to_strlist2 (&sl, *argv, utf8_strings);
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
rc = keyserver_search (ctrl, sl);
Keyserver search and get basically works again.
2011-01-18 12:51:16 +01:00
if (rc)
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("search-keys", rc);
log_error (_("keyserver search failed: %s\n"), gpg_strerror (rc));
}
Keyserver search and get basically works again.
2011-01-18 12:51:16 +01:00
free_strlist (sl);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aRefreshKeys:
sl = NULL;
for( ; argc; argc--, argv++ )
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
append_to_strlist2( &sl, *argv, utf8_strings );
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
rc = keyserver_refresh (ctrl, sl);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if(rc)
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("refresh-keys", rc);
log_error (_("keyserver refresh failed: %s\n"),gpg_strerror (rc));
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
free_strlist(sl);
break;
case aFetchKeys:
sl = NULL;
for( ; argc; argc--, argv++ )
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
append_to_strlist2( &sl, *argv, utf8_strings );
gpg: Pass key origin values to import functions. * g10/import.c (import_keys_stream): Remove this unused function. (import_keys_internal): Add arg origin. (import_keys): Ditto. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. (apply_meta_data): New stub. (import_secret_one): Pass 0 for ORIGIN. * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN. (keyserver_fetch): Add arg origin. (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN. (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN. * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and keyserver_fetch. * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN. -- This is just the framework; applying the meta data will be done in another commit. GnuPG-bug-id: 3252 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 18:22:36 +02:00
rc = keyserver_fetch (ctrl, sl, opt.key_origin);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if(rc)
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("fetch-keys", rc);
log_error ("key fetch failed: %s\n",gpg_strerror (rc));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
free_strlist(sl);
break;
case aExportSecret:
sl = NULL;
for( ; argc; argc--, argv++ )
add_to_strlist2( &sl, *argv, utf8_strings );
gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:02:35 +01:00
{
export_stats_t stats = export_new_stats ();
gpg: Make --export-options work with --export-secret-keys. * g10/export.c (export_seckeys): Add arg OPTIONS and pass it to do_export. (export_secsubkeys): Ditto. * g10/gpg.c (main): Pass opt.export_options to export_seckeys and export_secsubkeys -- Back in the old days we did not used the export options for secret keys export because of a lot of duplicated code and that the old secring.gpg was anyway smaller that the pubring.gpg. With 2.1 it was pretty easy to enable it. Reported-by: Peter Lebbing GnuPG-bug-id: 2973
2017-03-01 14:41:47 +01:00
export_seckeys (ctrl, sl, opt.export_options, stats);
gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:02:35 +01:00
export_print_stats (stats);
export_release_stats (stats);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
free_strlist(sl);
break;
case aExportSecretSub:
sl = NULL;
for( ; argc; argc--, argv++ )
add_to_strlist2( &sl, *argv, utf8_strings );
gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:02:35 +01:00
{
export_stats_t stats = export_new_stats ();
gpg: Make --export-options work with --export-secret-keys. * g10/export.c (export_seckeys): Add arg OPTIONS and pass it to do_export. (export_secsubkeys): Ditto. * g10/gpg.c (main): Pass opt.export_options to export_seckeys and export_secsubkeys -- Back in the old days we did not used the export options for secret keys export because of a lot of duplicated code and that the old secring.gpg was anyway smaller that the pubring.gpg. With 2.1 it was pretty easy to enable it. Reported-by: Peter Lebbing GnuPG-bug-id: 2973
2017-03-01 14:41:47 +01:00
export_secsubkeys (ctrl, sl, opt.export_options, stats);
gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:02:35 +01:00
export_print_stats (stats);
export_release_stats (stats);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
free_strlist(sl);
break;
case aGenRevoke:
if( argc != 1 )
g10: Shorten unreasonably long option. * g10/gpg.c (opts): Rename 'generate-revocation-certificate' to 'generate-revocation'. * doc/gpg.texi: Update accordingly. * po: Update translations. GnuPG-bug-id: 2700 Fixes-commit: ec1bd3ae685e95563e38077ab3c1655fd55dea07 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 13:01:03 +01:00
wrong_args("--generate-revocation user-id");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
username = make_username(*argv);
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
gen_revoke (ctrl, username );
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree( username );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aDesigRevoke:
gpg: Fix --desig-revoke. * g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl. Check that the secret key is available. If not, display an error message. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Regression-due-to: 8459bcf9
2015-10-19 15:04:45 +02:00
if (argc != 1)
g10: Spell out --desig-revoke. * g10/gpg.c (opts): Rename option. * doc/gpg.texi: Update accordingly. -- This is a rather long name, but I believe that this command is rarely used, and in places where it is used frequently, the process is likely automated. GnuPG-bug-id: 2700 Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 13:59:48 +01:00
wrong_args ("--generate-designated-revocation user-id");
gpg: Fix --desig-revoke. * g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl. Check that the secret key is available. If not, display an error message. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Regression-due-to: 8459bcf9
2015-10-19 15:04:45 +02:00
username = make_username (*argv);
gen_desig_revoke (ctrl, username, locusr);
xfree (username);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aDeArmor:
if( argc > 1 )
wrong_args("--dearmor [file]");
Revert "g10: Support armored keyrings in gpgv." This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.
2016-04-06 11:34:11 +02:00
rc = dearmor_file( argc? *argv: NULL );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( rc )
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("dearmor", rc);
log_error (_("dearmoring failed: %s\n"), gpg_strerror (rc));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aEnArmor:
if( argc > 1 )
wrong_args("--enarmor [file]");
rc = enarmor_file( argc? *argv: NULL );
if( rc )
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("enarmor", rc);
log_error (_("enarmoring failed: %s\n"), gpg_strerror (rc));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aPrimegen:
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#if 0 /*FIXME*/
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{ int mode = argc < 2 ? 0 : atoi(*argv);
if( mode == 1 && argc == 2 ) {
Finished the bulk of changes to use estream in most places instead of stdio.
2010-03-15 12:15:45 +01:00
mpi_print (es_stdout,
generate_public_prime( atoi(argv[1]) ), 1);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
else if( mode == 2 && argc == 3 ) {
Finished the bulk of changes to use estream in most places instead of stdio.
2010-03-15 12:15:45 +01:00
mpi_print (es_stdout, generate_elg_prime(
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
0, atoi(argv[1]),
atoi(argv[2]), NULL,NULL ), 1);
}
else if( mode == 3 && argc == 3 ) {
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
MPI *factors;
Finished the bulk of changes to use estream in most places instead of stdio.
2010-03-15 12:15:45 +01:00
mpi_print (es_stdout, generate_elg_prime(
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
1, atoi(argv[1]),
atoi(argv[2]), NULL,&factors ), 1);
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
es_putc ('\n', es_stdout);
Finished the bulk of changes to use estream in most places instead of stdio.
2010-03-15 12:15:45 +01:00
mpi_print (es_stdout, factors[0], 1 ); /* print q */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
else if( mode == 4 && argc == 3 ) {
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
MPI g = mpi_alloc(1);
Finished the bulk of changes to use estream in most places instead of stdio.
2010-03-15 12:15:45 +01:00
mpi_print (es_stdout, generate_elg_prime(
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
0, atoi(argv[1]),
atoi(argv[2]), g, NULL ), 1);
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
es_putc ('\n', es_stdout);
Finished the bulk of changes to use estream in most places instead of stdio.
2010-03-15 12:15:45 +01:00
mpi_print (es_stdout, g, 1 );
mpi_free (g);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
else
wrong_args("--gen-prime mode bits [qbits] ");
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
es_putc ('\n', es_stdout);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
#endif
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
wrong_args("--gen-prime not yet supported ");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aGenRandom:
{
gpg: Add level 16 to --gen-random * g10/gpg.c (main): Add that hack. -- This is an yet undocumented hack to allow printing hex encoded random number with gpg. The level is forced to be 1 which is is good for almost all uses. Note that --armor is ignored. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-04 11:03:49 +02:00
int level = argc ? atoi(*argv):0;
int count = argc > 1 ? atoi(argv[1]): 0;
int endless = !count;
int hexhack = (level == 16);
if (hexhack)
level = 1;
if (argc < 1 || argc > 2 || level < 0 || level > 2 || count < 0)
wrong_args ("--gen-random 0|1|2 [count]");
while (endless || count)
{
byte *p;
/* We need a multiple of 3, so that in case of armored
* output we get a correct string. No linefolding is
* done, as it is best to leave this to other tools */
size_t n = !endless && count < 99? count : 99;
size_t nn;
p = gcry_random_bytes (n, level);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#ifdef HAVE_DOSISH_SYSTEM
gpg: Add level 16 to --gen-random * g10/gpg.c (main): Add that hack. -- This is an yet undocumented hack to allow printing hex encoded random number with gpg. The level is forced to be 1 which is is good for almost all uses. Note that --armor is ignored. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-04 11:03:49 +02:00
setmode ( fileno(stdout), O_BINARY );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#endif
gpg: Add level 16 to --gen-random * g10/gpg.c (main): Add that hack. -- This is an yet undocumented hack to allow printing hex encoded random number with gpg. The level is forced to be 1 which is is good for almost all uses. Note that --armor is ignored. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-04 11:03:49 +02:00
if (hexhack)
{
for (nn = 0; nn < n; nn++)
es_fprintf (es_stdout, "%02x", p[nn]);
}
else if (opt.armor)
{
char *tmp = make_radix64_string (p, n);
es_fputs (tmp, es_stdout);
xfree (tmp);
if (n%3 == 1)
es_putc ('=', es_stdout);
if (n%3)
es_putc ('=', es_stdout);
}
else
{
es_fwrite( p, n, 1, es_stdout );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
gpg: Add level 16 to --gen-random * g10/gpg.c (main): Add that hack. -- This is an yet undocumented hack to allow printing hex encoded random number with gpg. The level is forced to be 1 which is is good for almost all uses. Note that --armor is ignored. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-04 11:03:49 +02:00
xfree(p);
if (!endless)
count -= n;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
gpg: Add level 16 to --gen-random * g10/gpg.c (main): Add that hack. -- This is an yet undocumented hack to allow printing hex encoded random number with gpg. The level is forced to be 1 which is is good for almost all uses. Note that --armor is ignored. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-04 11:03:49 +02:00
if (opt.armor || hexhack)
es_putc ('\n', es_stdout);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
break;
case aPrintMD:
if( argc < 1)
wrong_args("--print-md algo [files]");
{
int all_algos = (**argv=='*' && !(*argv)[1]);
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
int algo = all_algos? 0 : gcry_md_map_name (*argv);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( !algo && !all_algos )
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error(_("invalid hash algorithm '%s'\n"), *argv );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else {
argc--; argv++;
if( !argc )
print_mds(NULL, algo);
else {
for(; argc; argc--, argv++ )
print_mds(*argv, algo);
}
}
}
break;
case aPrintMDs: /* old option */
if( !argc )
print_mds(NULL,0);
else {
for(; argc; argc--, argv++ )
print_mds(*argv,0);
}
break;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#ifndef NO_TRUST_MODELS
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aListTrustDB:
if( !argc )
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
list_trustdb (ctrl, es_stdout, NULL);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else {
for( ; argc; argc--, argv++ )
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
list_trustdb (ctrl, es_stdout, *argv );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
break;
case aUpdateTrustDB:
if( argc )
wrong_args("--update-trustdb");
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
update_trustdb (ctrl);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aCheckTrustDB:
/* Old versions allowed for arguments - ignore them */
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
check_trustdb (ctrl);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aFixTrustDB:
Print verbose instructions in case of a corrupted trustdb.
2009-07-22 11:43:10 +02:00
how_to_fix_the_trustdb ();
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aListTrustPath:
if( !argc )
wrong_args("--list-trust-path <user-ids>");
for( ; argc; argc--, argv++ ) {
username = make_username( *argv );
list_trust_path( username );
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
xfree(username);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
break;
case aExportOwnerTrust:
if( argc )
wrong_args("--export-ownertrust");
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
export_ownertrust (ctrl);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
case aImportOwnerTrust:
if( argc > 1 )
wrong_args("--import-ownertrust [file]");
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
import_ownertrust (ctrl, argc? *argv:NULL );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
#endif /*!NO_TRUST_MODELS*/
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
case aRebuildKeydbCaches:
if (argc)
wrong_args ("--rebuild-keydb-caches");
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
keydb_rebuild_caches (ctrl, 1);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#ifdef ENABLE_CARD_SUPPORT
case aCardStatus:
g10: Support specifying SERIALNO for --card-status. * g10/gpg.c (main): Allow an argument for --card-status. * g10/card-util.c (current_card_status): Rename from card_status. (card_status): New, which supports multiple cards. (get_one_name): Use current_card_status. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-27 07:02:01 +02:00
if (argc == 0)
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
card_status (ctrl, es_stdout, NULL);
g10: Support specifying SERIALNO for --card-status. * g10/gpg.c (main): Allow an argument for --card-status. * g10/card-util.c (current_card_status): Rename from card_status. (card_status): New, which supports multiple cards. (get_one_name): Use current_card_status. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-27 07:02:01 +02:00
else if (argc == 1)
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
card_status (ctrl, es_stdout, *argv);
g10: Support specifying SERIALNO for --card-status. * g10/gpg.c (main): Allow an argument for --card-status. * g10/card-util.c (current_card_status): Rename from card_status. (card_status): New, which supports multiple cards. (get_one_name): Use current_card_status. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-27 07:02:01 +02:00
else
wrong_args ("--card-status [serialno]");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
break;
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aCardEdit:
if (argc) {
sl = NULL;
for (argc--, argv++ ; argc; argc--, argv++)
append_to_strlist (&sl, *argv);
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
card_edit (ctrl, sl);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
free_strlist (sl);
* g10.c: New command --card-edit. * card-util.c (card_status): Use tty_fprintf for all output. (print_sha1_fpr, print_isoname): Ditto. (get_one_name,change_name, change_url, change_login,change_lang) (change_sex): New; taken from keygen.c. * keygen.c (smartcard_get_one_name, smartcard_change_name) (smartcard_change_url, smartcard_change_login_data) (smartcard_change_lang, smartcard_change_sex): Removed. (check_smartcard): Removed most menu items.
2003-09-18 17:51:18 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
else
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
card_edit (ctrl, NULL);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
break;
* g10.c: New command --card-edit. * card-util.c (card_status): Use tty_fprintf for all output. (print_sha1_fpr, print_isoname): Ditto. (get_one_name,change_name, change_url, change_login,change_lang) (change_sex): New; taken from keygen.c. * keygen.c (smartcard_get_one_name, smartcard_change_name) (smartcard_change_url, smartcard_change_login_data) (smartcard_change_lang, smartcard_change_sex): Removed. (check_smartcard): Removed most menu items.
2003-09-18 17:51:18 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aChangePIN:
if (!argc)
change_pin (0,1);
else if (argc == 1)
change_pin (atoi (*argv),1);
else
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
wrong_args ("--change-pin [no]");
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
break;
#endif /* ENABLE_CARD_SUPPORT*/
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
case aListConfig:
{
char *str=collapse_args(argc,argv);
list_config(str);
xfree(str);
}
break;
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT> * g10.c: New options --gpgconf-list, --debug-level and --log-file (set_debug): Add arg DEBUG_LEVEL. (main): Look at less and less version specific config files. From gnupg 1.3.
2004-03-23 14:03:09 +01:00
gpg: Add --list-gcrypt-config and "curve" item for --list-config. * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:26:02 +01:00
case aListGcryptConfig:
/* Fixme: It would be nice to integrate that with
--list-config but unfortunately there is no way yet to have
libgcrypt print it to an estream for further parsing. */
gcry_control (GCRYCTL_PRINT_CONFIG, stdout);
break;
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
case aTOFUPolicy:
build: Allow building without SQLlite support. * configure.ac: Add option --dsiable-tofu and --disable-sqlite. (NEED_SQLITE_VERSION): New var. (USE_TOFU): New ac_define and am_conditional. * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that pkg-config find the correct .pc file. * g10/Makefile.am (tofu_source): New. Build only if enabled. * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models. (parse_tofu_policy)[!USE_TOFU]: Disable all. (parse_tofu_db_format)[!USE_TOFU]: Disable all. (main) <aTOFUPolicy>[!USE_TOFU]: Skip. * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not call tofu functions. * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto. * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu processing. -- This allows to build a minimal version of GnuPG. It is also currently required to build for Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 17:32:23 +02:00
#ifdef USE_TOFU
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
{
int policy;
int i;
KEYDB_HANDLE hd;
if (argc < 2)
gpg: Allow "help" as value for --tofu-policy. * g10/gpg.c (parse_tofu_policy): Add keyword "help". (parse_tofu_db_format): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 16:19:35 +01:00
wrong_args ("--tofu-policy POLICY KEYID [KEYID...]");
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
policy = parse_tofu_policy (argv[0]);
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
hd = keydb_new (ctrl);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
if (! hd)
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
{
write_status_failure ("tofu-driver", gpg_error(GPG_ERR_GENERAL));
g10_exit (1);
}
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
g10: Update a key's TOFU policy in a transaction. * g10/tofu.c (tofu_set_policy): Do the update in a transaction. * g10/gpg.c (main): Do a TOFU policy update in a batch transaction. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 11:40:33 +02:00
tofu_begin_batch_update (ctrl);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
for (i = 1; i < argc; i ++)
{
KEYDB_SEARCH_DESC desc;
kbnode_t kb;
rc = classify_user_id (argv[i], &desc, 0);
if (rc)
{
gpg: Change some error messages. * g10/getkey.c (parse_def_secret_key): Change error message. Replace log_debug by log_info. * g10/gpg.c (check_user_ids): Make function static. Change error messages. (main): Change error messages. * g10/revoke.c (gen_revoke): Ditto. -- There are other smaller changes not described above. This change tries to avoid new error messages so not to increase the the number of translated strings or break too many existing translations. It also tries to use existing strings and changes the quoting to the most common style used in gpg. Key specifications should in general use double quotes. Other values should use single quotes. However. sometimes it is not easy to distinguish between values given on the command line and key specifications. According to old GNU coding standards diagnostics should not start capitalized - whether this is a good idea is a different thing but we used this rules for most strings. However, strings which are used interactively should be properly capitalized and end with a dot. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:39:29 +01:00
log_error (_("error parsing key specification '%s': %s\n"),
argv[i], gpg_strerror (rc));
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
write_status_failure ("tofu-driver", rc);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
g10_exit (1);
}
if (! (desc.mode == KEYDB_SEARCH_MODE_SHORT_KID
|| desc.mode == KEYDB_SEARCH_MODE_LONG_KID
|| desc.mode == KEYDB_SEARCH_MODE_FPR
|| desc.mode == KEYDB_SEARCH_MODE_KEYGRIP))
{
log_error (_("'%s' does not appear to be a valid"
gpg: Change some error messages. * g10/getkey.c (parse_def_secret_key): Change error message. Replace log_debug by log_info. * g10/gpg.c (check_user_ids): Make function static. Change error messages. (main): Change error messages. * g10/revoke.c (gen_revoke): Ditto. -- There are other smaller changes not described above. This change tries to avoid new error messages so not to increase the the number of translated strings or break too many existing translations. It also tries to use existing strings and changes the quoting to the most common style used in gpg. Key specifications should in general use double quotes. Other values should use single quotes. However. sometimes it is not easy to distinguish between values given on the command line and key specifications. According to old GNU coding standards diagnostics should not start capitalized - whether this is a good idea is a different thing but we used this rules for most strings. However, strings which are used interactively should be properly capitalized and end with a dot. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:39:29 +01:00
" key ID, fingerprint or keygrip\n"),
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
argv[i]);
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
write_status_failure ("tofu-driver",
gpg_error(GPG_ERR_GENERAL));
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
g10_exit (1);
}
rc = keydb_search_reset (hd);
if (rc)
{
gpg: Change some error messages. * g10/getkey.c (parse_def_secret_key): Change error message. Replace log_debug by log_info. * g10/gpg.c (check_user_ids): Make function static. Change error messages. (main): Change error messages. * g10/revoke.c (gen_revoke): Ditto. -- There are other smaller changes not described above. This change tries to avoid new error messages so not to increase the the number of translated strings or break too many existing translations. It also tries to use existing strings and changes the quoting to the most common style used in gpg. Key specifications should in general use double quotes. Other values should use single quotes. However. sometimes it is not easy to distinguish between values given on the command line and key specifications. According to old GNU coding standards diagnostics should not start capitalized - whether this is a good idea is a different thing but we used this rules for most strings. However, strings which are used interactively should be properly capitalized and end with a dot. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:39:29 +01:00
/* This should not happen, thus no need to tranalate
the string. */
log_error ("keydb_search_reset failed: %s\n",
gpg_strerror (rc));
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
write_status_failure ("tofu-driver", rc);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
g10_exit (1);
}
rc = keydb_search (hd, &desc, 1, NULL);
gpg: Change some error messages. * g10/getkey.c (parse_def_secret_key): Change error message. Replace log_debug by log_info. * g10/gpg.c (check_user_ids): Make function static. Change error messages. (main): Change error messages. * g10/revoke.c (gen_revoke): Ditto. -- There are other smaller changes not described above. This change tries to avoid new error messages so not to increase the the number of translated strings or break too many existing translations. It also tries to use existing strings and changes the quoting to the most common style used in gpg. Key specifications should in general use double quotes. Other values should use single quotes. However. sometimes it is not easy to distinguish between values given on the command line and key specifications. According to old GNU coding standards diagnostics should not start capitalized - whether this is a good idea is a different thing but we used this rules for most strings. However, strings which are used interactively should be properly capitalized and end with a dot. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:39:29 +01:00
if (rc)
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
{
gpg: Change some error messages. * g10/getkey.c (parse_def_secret_key): Change error message. Replace log_debug by log_info. * g10/gpg.c (check_user_ids): Make function static. Change error messages. (main): Change error messages. * g10/revoke.c (gen_revoke): Ditto. -- There are other smaller changes not described above. This change tries to avoid new error messages so not to increase the the number of translated strings or break too many existing translations. It also tries to use existing strings and changes the quoting to the most common style used in gpg. Key specifications should in general use double quotes. Other values should use single quotes. However. sometimes it is not easy to distinguish between values given on the command line and key specifications. According to old GNU coding standards diagnostics should not start capitalized - whether this is a good idea is a different thing but we used this rules for most strings. However, strings which are used interactively should be properly capitalized and end with a dot. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:39:29 +01:00
log_error (_("key \"%s\" not found: %s\n"), argv[i],
gpg_strerror (rc));
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
write_status_failure ("tofu-driver", rc);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
g10_exit (1);
}
rc = keydb_get_keyblock (hd, &kb);
if (rc)
{
gpg: Change some error messages. * g10/getkey.c (parse_def_secret_key): Change error message. Replace log_debug by log_info. * g10/gpg.c (check_user_ids): Make function static. Change error messages. (main): Change error messages. * g10/revoke.c (gen_revoke): Ditto. -- There are other smaller changes not described above. This change tries to avoid new error messages so not to increase the the number of translated strings or break too many existing translations. It also tries to use existing strings and changes the quoting to the most common style used in gpg. Key specifications should in general use double quotes. Other values should use single quotes. However. sometimes it is not easy to distinguish between values given on the command line and key specifications. According to old GNU coding standards diagnostics should not start capitalized - whether this is a good idea is a different thing but we used this rules for most strings. However, strings which are used interactively should be properly capitalized and end with a dot. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:39:29 +01:00
log_error (_("error reading keyblock: %s\n"),
gpg_strerror (rc));
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
write_status_failure ("tofu-driver", rc);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
g10_exit (1);
}
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
merge_keys_and_selfsig (ctrl, kb);
gpg: Store the Tofu meta handle for databases in CTRL. * g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations. (struct server_control_s): Add field tofu.dbs. * g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by by tofu_dbs_t. (opendbs): Add arg CTRL. Cache the DBS in CTRL. (closedbs): Rename to tofu_closedbs and make global. Add arg CTRL. (tofu_register): Add arg CTRL. Change all callers. Do not call closedbs. (tofu_get_validity): Ditto. (tofu_set_policy): Ditto. (tofu_get_policy): Ditto. (tofu_set_policy_by_keyid): Add arg CTRL. * g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 12:26:44 +02:00
if (tofu_set_policy (ctrl, kb, policy))
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
{
write_status_failure ("tofu-driver", rc);
g10_exit (1);
}
g10: Avoid a memory leak. * g10/gpg.c (main): Free KB when we're done with it. Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-06 12:14:49 +01:00
release_kbnode (kb);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
}
g10: Update a key's TOFU policy in a transaction. * g10/tofu.c (tofu_set_policy): Do the update in a transaction. * g10/gpg.c (main): Do a TOFU policy update in a batch transaction. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 11:40:33 +02:00
tofu_end_batch_update (ctrl);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
g10: Update a key's TOFU policy in a transaction. * g10/tofu.c (tofu_set_policy): Do the update in a transaction. * g10/gpg.c (main): Do a TOFU policy update in a batch transaction. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 11:40:33 +02:00
keydb_release (hd);
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
}
build: Allow building without SQLlite support. * configure.ac: Add option --dsiable-tofu and --disable-sqlite. (NEED_SQLITE_VERSION): New var. (USE_TOFU): New ac_define and am_conditional. * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that pkg-config find the correct .pc file. * g10/Makefile.am (tofu_source): New. Build only if enabled. * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models. (parse_tofu_policy)[!USE_TOFU]: Disable all. (parse_tofu_db_format)[!USE_TOFU]: Disable all. (main) <aTOFUPolicy>[!USE_TOFU]: Skip. * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not call tofu functions. * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto. * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu processing. -- This allows to build a minimal version of GnuPG. It is also currently required to build for Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 17:32:23 +02:00
#endif /*USE_TOFU*/
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
default:
gpg: Print a warning if no command has been given. * g10/gpg.c (main): Print in the default case. -- GnuPG-bug-id: 2943 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-13 13:09:51 +01:00
if (!opt.quiet)
log_info (_("WARNING: no command supplied."
" Trying to guess what you mean ...\n"));
g10, sm, dirmngr, common: Add comment for fall through. * common/b64dec.c (b64dec_proc): Comment to clarify. * dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify. * dirmngr/dirmngr-client.c (read_pem_certificate): Likewise. * dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise. * g10/armor.c (unarmor_pump): Likewise. * g10/gpg.c (main): Likewise. * g10/import.c (read_block): Likewise. * g10/keygen.c (make_backsig): Likewise. * g10/pkclist.c (check_signatures_trust): Likewise. * sm/gpgsm.c (main): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-10 04:01:15 +02:00
/*FALLTHRU*/
gpg: Print a warning if no command has been given. * g10/gpg.c (main): Print in the default case. -- GnuPG-bug-id: 2943 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-13 13:09:51 +01:00
case aListPackets:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( argc > 1 )
g10: Avoid translating simple error messages. * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. -- Translating these messages is a burden for translators, and we only have translations for very few of them as it is. If we want to localize these messages, I'd suggest to translate the placeholders (e.g. 'filename'). Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:06:49 +01:00
wrong_args("[filename]");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Issue some output for the unix newbie */
./autogen.sh --build-w32ce does now succeed.
2010-04-14 16:39:16 +02:00
if (!fname && !opt.outfile
&& gnupg_isatty (fileno (stdin))
&& gnupg_isatty (fileno (stdout))
&& gnupg_isatty (fileno (stderr)))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
log_info(_("Go ahead and type your message ...\n"));
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
a = iobuf_open(fname);
if (a && is_secured_file (iobuf_get_fd (a)))
{
iobuf_close (a);
a = NULL;
Use gpg_err_set_errno to assign values to ERRNO.
2010-04-01 15:24:55 +02:00
gpg_err_set_errno (EPERM);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
if( !a )
Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
log_error(_("can't open '%s'\n"), print_fname_stdin(fname));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else {
if( !opt.no_armor ) {
if( use_armor_filter( a ) ) {
Fixes for CVE-2006-6235
2006-12-06 11:16:50 +01:00
afx = new_armor_context ();
push_armor_filter (afx, a);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
}
if( cmd == aListPackets ) {
opt.list_packets=1;
g10: Fix --list-packets. * g10/gpg.c (main): Call set_packet_list_mode after assignment of opt.list_packets. * g10/mainproc.c (do_proc_packets): Don't stop processing with --list-packets as the comment says. * g10/options.h (list_packets): Fix the comment. * g10/parse-packet.c: Fix the condition for opt.list_packets. -- Debian-bug-id: 828109 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-28 08:56:48 +02:00
set_packet_list_mode(1);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
rc = proc_packets (ctrl, NULL, a );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if( rc )
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
write_status_failure ("-", rc);
log_error ("processing message failed: %s\n",
gpg_strerror (rc));
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
iobuf_close(a);
}
break;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* cleanup */
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
gpg_deinit_default_ctrl (ctrl);
xfree (ctrl);
Fixes for CVE-2006-6235
2006-12-06 11:16:50 +01:00
release_armor_context (afx);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
FREE_STRLIST(remusr);
FREE_STRLIST(locusr);
g10_exit(0);
return 8; /*NEVER REACHED*/
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* Note: This function is used by signal handlers!. */
static void
emergency_cleanup (void)
{
gcry_control (GCRYCTL_TERM_SECMEM );
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
void
g10_exit( int rc )
{
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
/* If we had an error but not printed an error message, do it now.
* Note that write_status_failure will never print a second failure
* status line. */
gpg: Relax printing of STATUS_FAILURE. * g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed return code and not on the presence of any call to log_error. -- This fixes an actual regression in GPGME where FAILURE is considered for example by a signature verify operation. The operation will simply fail and not just record that that a signature could not be verified. In particular for files with more than one signature a log_error if often called to show that a pubkey is missing for one of the signatures. Using that log_error is correct in that case. Fixes-commit: 0336e5d1a7b9d46e06c838e6a98aecfcc9542882 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 11:49:36 +02:00
if (rc)
gpg: Emit FAILURE stati now in almost all cases. * g10/cpr.c (write_status_failure): Make it print only once. * g10/gpg.c (wrong_args): Bump error counter. (g10_exit): Print a FAILURE status if we ever did a log_error etc. (main): Use log_error instead of log_fatal at one place. Print a FAILURE status for a bad option. Ditto for certain exit points so that we can see different error locations. -- This makes it easier to detect errors by tools which have no way to get the exit code (e.g. due to double forking). GnuPG-bug-id: 3872 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:08 +02:00
write_status_failure ("gpg-exit", gpg_error (GPG_ERR_GENERAL));
* gpgsm.c (main): Add secmem features and set the random seed file. (gpgsm_exit): Update the random seed file and enable debug output. * g10.c (main): Add secmem features and set the random seed file. (g10_exit): Update the random seed file. * parse-packet.c (parse_signature,read_protected_v3_mpi) (parse_key): Fixed use of mpi_set_opaque. * keygen.c (gen_card_key): Ditto.
2003-07-29 10:53:19 +02:00
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
New function log_clock. * common/logging.c (log_clock): New. * g10/gpg.c (set_debug): Print clock debug flag. * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New. -- To actually use log_clock you need to enable the code in logginc.c:log_check() and link against librt. --debug 4096 may then be used to enable it at runtime.
2013-01-07 16:51:24 +01:00
if (DBG_CLOCK)
log_clock ("stop");
gpg: Improve speed of --check-sigs and --lish-sigs. * g10/keydb.c (kid_list_t): New. (kid_not_found_table, n_kid_not_found_table): New. (kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New. (keydb_insert_keyblock): Flush the new cache. (keydb_delete_keyblock): Ditto. (keydb_update_keyblock): Ditto. (keydb_search): Use the new cache. (keydb_dump_stats): New. * g10/gpg.c (g10_exit): Dump keydb stats. -- What we do here is to keep track of key searches by long keyids (as stored in all signatures) so that we do not need to scan the keybox again after we already found that this keyid will result in not-found. As soon as we change gpg to run as a co-process we should store this table per session because other instances of gpg may have updated the keybox without us knowing. On a test ring with gpg: 94721 good signatures gpg: 6831 bad signatures gpg: 150703 signatures not checked due to missing keys gpg: 5 signatures not checked due to errors gpg: keydb: kid_not_found_table: total: 14132 this new cache speeds a --check-sigs listing up from 28 minutes to less than 3 minutes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-20 15:03:32 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if ( (opt.debug & DBG_MEMSTAT_VALUE) )
* gpgsm.c (main): Add secmem features and set the random seed file. (gpgsm_exit): Update the random seed file and enable debug output. * g10.c (main): Add secmem features and set the random seed file. (g10_exit): Update the random seed file. * parse-packet.c (parse_signature,read_protected_v3_mpi) (parse_key): Fixed use of mpi_set_opaque. * keygen.c (gen_card_key): Ditto.
2003-07-29 10:53:19 +02:00
{
gpg: Improve speed of --check-sigs and --lish-sigs. * g10/keydb.c (kid_list_t): New. (kid_not_found_table, n_kid_not_found_table): New. (kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New. (keydb_insert_keyblock): Flush the new cache. (keydb_delete_keyblock): Ditto. (keydb_update_keyblock): Ditto. (keydb_search): Use the new cache. (keydb_dump_stats): New. * g10/gpg.c (g10_exit): Dump keydb stats. -- What we do here is to keep track of key searches by long keyids (as stored in all signatures) so that we do not need to scan the keybox again after we already found that this keyid will result in not-found. As soon as we change gpg to run as a co-process we should store this table per session because other instances of gpg may have updated the keybox without us knowing. On a test ring with gpg: 94721 good signatures gpg: 6831 bad signatures gpg: 150703 signatures not checked due to missing keys gpg: 5 signatures not checked due to errors gpg: keydb: kid_not_found_table: total: 14132 this new cache speeds a --check-sigs listing up from 28 minutes to less than 3 minutes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-20 15:03:32 +02:00
keydb_dump_stats ();
gpg: Print more stats for the keydb and the signature cache. * g10/sig-check.c (sig_check_dump_stats): New. (cache_stats): New struct. (check_key_signature2): Update stats. * g10/gpg.c (g10_exit): Call new function. * g10/keydb.c (kid_not_found_cache_count): Replace by ... (kid_not_found_stats): ... new struct. Change users. (keydb_stats): New struct. Update the counters. (keydb_dump_stats): Print all stats. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:43 +02:00
sig_check_dump_stats ();
gpg: New caching functions. * g10/objcache.c: New. * g10/objcache.h: New. * g10/Makefile.am (common_source): Add them. * g10/gpg.c: Include objcache.h. (g10_exit): Call objcache_dump_stats. * g10/getkey.c: Include objcache.h. (get_primary_uid, release_keyid_list): Remove. (cache_user_id): Remove. (finish_lookup): Call the new cache_put_keyblock instead of cache_user_id. (get_user_id_string): Remove code for mode 2. (get_user_id): Implement using cache_get_uid_bykid. -- This generic caching module is better than the ad-hoc code we used in getkey.c. More cleanup in getkey is still required but it is a start. There is also a small performance increase with the new cache: With a large keyring and --list-sigs I get these numbers: | | before | after | |------+------------+------------| | real | 14m1.028s | 12m16.186s | | user | 2m18.484s | 1m36.040s | | sys | 11m42.420s | 10m40.044s | Note the speedup in the user time which is due to the improved cache algorithm. This is obvious, because the old cache was just a long linked list; the new cache are two hash tables. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-13 11:48:58 +02:00
objcache_dump_stats ();
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gcry_control (GCRYCTL_DUMP_MEMORY_STATS);
gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
* gpgsm.c (main): Add secmem features and set the random seed file. (gpgsm_exit): Update the random seed file and enable debug output. * g10.c (main): Add secmem features and set the random seed file. (g10_exit): Update the random seed file. * parse-packet.c (parse_signature,read_protected_v3_mpi) (parse_key): Fixed use of mpi_set_opaque. * keygen.c (gen_card_key): Ditto.
2003-07-29 10:53:19 +02:00
}
if (opt.debug)
gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
g10: Block signals in g10_exit. * g10/gpg.c (g10_exit): Block all signals before calling emergency_cleanup. -- There is a race condition here which results crash of the process. When a signal is delivered in emergency_cleanup, it is called again. This change fixes the problem. GnuPG-bug-id: 2747 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 06:39:46 +02:00
gnupg_block_all_signals ();
* gpgsm.c (main): Add secmem features and set the random seed file. (gpgsm_exit): Update the random seed file and enable debug output. * g10.c (main): Add secmem features and set the random seed file. (g10_exit): Update the random seed file. * parse-packet.c (parse_signature,read_protected_v3_mpi) (parse_key): Fixed use of mpi_set_opaque. * keygen.c (gen_card_key): Ditto.
2003-07-29 10:53:19 +02:00
emergency_cleanup ();
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
exit (rc);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
/* Pretty-print hex hashes. This assumes at least an 80-character
display, but there are a few other similar assumptions in the
display code. */
static void
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
print_hex (gcry_md_hd_t md, int algo, const char *fname)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
int i,n,count,indent=0;
const byte *p;
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
if (fname)
indent = es_printf("%s: ",fname);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
if (indent>40)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
es_printf ("\n");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
indent=0;
}
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
if (algo==DIGEST_ALGO_RMD160)
indent += es_printf("RMD160 = ");
else if (algo>0)
indent += es_printf("%6s = ", gcry_md_algo_name (algo));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
else
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
algo = abs(algo);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
count = indent;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
p = gcry_md_read (md, algo);
n = gcry_md_get_algo_dlen (algo);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
count += es_printf ("%02X",*p++);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
for(i=1;i<n;i++,p++)
{
if(n==16)
{
if(count+2>79)
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n%*s",indent," ");
count = indent;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
else
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
count += es_printf(" ");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
if (!(i%8))
count += es_printf(" ");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
else if (n==20)
{
if(!(i%2))
{
if(count+4>79)
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n%*s",indent," ");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
count=indent;
}
else
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
count += es_printf(" ");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
if (!(i%10))
count += es_printf(" ");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
else
{
if(!(i%4))
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
if (count+8>79)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n%*s",indent," ");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
count=indent;
}
else
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
count += es_printf(" ");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
}
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
count += es_printf("%02X",*p);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("\n");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
static void
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
print_hashline( gcry_md_hd_t md, int algo, const char *fname )
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
int i, n;
const byte *p;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
if ( fname )
{
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
for (p = fname; *p; p++ )
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
{
if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
es_printf ("%%%02X", *p );
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
else
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_putc (*p, es_stdout);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
}
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_putc (':', es_stdout);
es_printf ("%d:", algo);
p = gcry_md_read (md, algo);
n = gcry_md_get_algo_dlen (algo);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
for(i=0; i < n ; i++, p++ )
Fix regression in logging. Add a registry key to enable catch-all remote debugging for W32. Replace more stdio stuff by estream.
2010-08-18 21:25:15 +02:00
es_printf ("%02X", *p);
es_fputs (":\n", es_stdout);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
static void
print_mds( const char *fname, int algo )
{
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
estream_t fp;
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
char buf[1024];
size_t n;
gcry_md_hd_t md;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
if (!fname)
{
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
fp = es_stdin;
es_set_binary (fp);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
else
{
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
fp = es_fopen (fname, "rb" );
if (fp && is_secured_file (es_fileno (fp)))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
{
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
es_fclose (fp);
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
fp = NULL;
gpg_err_set_errno (EPERM);
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
if (!fp)
{
log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
return;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
gcry_md_open (&md, 0, 0);
if (algo)
gcry_md_enable (md, algo);
else
{
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_MD5))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
gcry_md_enable (md, GCRY_MD_MD5);
gcry_md_enable (md, GCRY_MD_SHA1);
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_RMD160))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
gcry_md_enable (md, GCRY_MD_RMD160);
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA224))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
gcry_md_enable (md, GCRY_MD_SHA224);
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA256))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
gcry_md_enable (md, GCRY_MD_SHA256);
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA384))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
gcry_md_enable (md, GCRY_MD_SHA384);
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA512))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
gcry_md_enable (md, GCRY_MD_SHA512);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
while ((n=es_fread (buf, 1, DIM(buf), fp)))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
gcry_md_write (md, buf, n);
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
if (es_ferror(fp))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
log_error ("%s: %s\n", fname?fname:"[stdin]", strerror(errno));
else
{
gcry_md_final (md);
if (opt.with_colons)
{
if ( algo )
print_hashline (md, algo, fname);
else
{
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_MD5))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hashline( md, GCRY_MD_MD5, fname );
print_hashline( md, GCRY_MD_SHA1, fname );
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_RMD160))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hashline( md, GCRY_MD_RMD160, fname );
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA224))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hashline (md, GCRY_MD_SHA224, fname);
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA256))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hashline( md, GCRY_MD_SHA256, fname );
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA384))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hashline ( md, GCRY_MD_SHA384, fname );
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA512))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hashline ( md, GCRY_MD_SHA512, fname );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
}
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
else
{
if (algo)
print_hex (md, -algo, fname);
else
{
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_MD5))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hex (md, GCRY_MD_MD5, fname);
print_hex (md, GCRY_MD_SHA1, fname );
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_RMD160))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hex (md, GCRY_MD_RMD160, fname );
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA224))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hex (md, GCRY_MD_SHA224, fname);
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA256))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hex (md, GCRY_MD_SHA256, fname );
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA384))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hex (md, GCRY_MD_SHA384, fname );
gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
if (!gcry_md_test_algo (GCRY_MD_SHA512))
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
print_hex (md, GCRY_MD_SHA512, fname );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
}
}
gpg: Re-indent a function. --
2014-09-18 14:50:02 +02:00
gcry_md_close (md);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
if (fp != es_stdin)
es_fclose (fp);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
/****************
* Check the supplied name,value string and add it to the notation
* data to be used for signatures. which==0 for sig notations, and 1
* for cert notations.
*/
static void
add_notation_data( const char *string, int which )
{
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
struct notation *notation;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
notation=string_to_notation(string,utf8_strings);
if(notation)
{
if(which)
{
notation->next=opt.cert_notations;
opt.cert_notations=notation;
}
else
{
notation->next=opt.sig_notations;
opt.sig_notations=notation;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
}
}
static void
add_policy_url( const char *string, int which )
{
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
unsigned int i,critical=0;
Fix for bug 537
2006-10-02 13:54:35 +02:00
strlist_t sl;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if(*string=='!')
{
string++;
critical=1;
}
for(i=0;i<strlen(string);i++)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if( !isascii (string[i]) || iscntrl(string[i]))
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
if(i==0 || i<strlen(string))
{
if(which)
log_error(_("the given certification policy URL is invalid\n"));
else
log_error(_("the given signature policy URL is invalid\n"));
}
if(which)
sl=add_to_strlist( &opt.cert_policy_url, string );
else
sl=add_to_strlist( &opt.sig_policy_url, string );
if(critical)
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
sl->flags |= 1;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
static void
add_keyserver_url( const char *string, int which )
{
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
unsigned int i,critical=0;
Fix for bug 537
2006-10-02 13:54:35 +02:00
strlist_t sl;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
if(*string=='!')
{
string++;
critical=1;
}
for(i=0;i<strlen(string);i++)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
if( !isascii (string[i]) || iscntrl(string[i]))
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
break;
if(i==0 || i<strlen(string))
{
if(which)
BUG();
else
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
log_error(_("the given preferred keyserver URL is invalid\n"));
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
}
if(which)
BUG();
else
sl=add_to_strlist( &opt.sig_keyserver_url, string );
if(critical)
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
sl->flags |= 1;
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
}
gpg: New option --override-session-key-fd. * g10/gpg.c (oOverrideSessionKeyFD): New. (opts): Add option --override-session-key-fd. (main): Handle that option. (read_sessionkey_from_fd): New. -- The override-session-key feature was designed to mitigate the effect of the British RIP act by allowing to keep the private key private and hand out only a session key. For that use case the leaking of the session key would not be a problem. However there are other use cases, for example fast re-decryption after an initial decryption, which would benefit from concealing the session key from other users. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:02:53 +01:00
static void
read_sessionkey_from_fd (int fd)
{
int i, len;
char *line;
gpg,common: Make sure that all fd given are valid. * common/sysutils.c (gnupg_fd_valid): New function. * common/sysutils.h (gnupg_fd_valid): New declaration. * common/logging.c (log_set_file): Use the new function. * g10/cpr.c (set_status_fd): Likewise. * g10/gpg.c (main): Likewise. * g10/keylist.c (read_sessionkey_from_fd): Likewise. * g10/passphrase.c (set_attrib_fd): Likewise. * tests/openpgp/Makefile.am (XTESTS): Add the new test. * tests/openpgp/issue2941.scm: New file. -- Consider a situation where the user passes "--status-fd 3" but file descriptor 3 is not open. During the course of executing the rest of the commands, it's possible that gpg itself will open some files, and file descriptor 3 will get allocated. In this situation, the status information will be appended directly to whatever file happens to have landed on fd 3 (the trustdb? the keyring?). This is a potential data destruction issue for all writable file descriptor options: --status-fd --attribute-fd --logger-fd It's also a potential issue for readable file descriptor options, but the risk is merely weird behavior, and not data corruption: --override-session-key-fd --passphrase-fd --command-fd Fixes this by checking whether the fd is valid early on before using it. GnuPG-bug-id: 2941 Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-08 13:49:41 +01:00
if (! gnupg_fd_valid (fd))
log_fatal ("override-session-key-fd is invalid: %s\n", strerror (errno));
gpg: New option --override-session-key-fd. * g10/gpg.c (oOverrideSessionKeyFD): New. (opts): Add option --override-session-key-fd. (main): Handle that option. (read_sessionkey_from_fd): New. -- The override-session-key feature was designed to mitigate the effect of the British RIP act by allowing to keep the private key private and hand out only a session key. For that use case the leaking of the session key would not be a problem. However there are other use cases, for example fast re-decryption after an initial decryption, which would benefit from concealing the session key from other users. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:02:53 +01:00
for (line = NULL, i = len = 100; ; i++ )
{
if (i >= len-1 )
{
char *tmp = line;
len += 100;
line = xmalloc_secure (len);
if (tmp)
{
memcpy (line, tmp, i);
xfree (tmp);
}
else
i=0;
}
if (read (fd, line + i, 1) != 1 || line[i] == '\n')
break;
}
line[i] = 0;
log_debug ("seskey: %s\n", line);
gpgrt_annotate_leaked_object (line);
opt.override_session_key = line;
}
Copy Permalink