gnupg/g10/dirmngr-conf.skel

# dirmngr-conf.skel - Skeleton to create dirmngr.conf.
# (Note that the first three lines are not copied.)
#
# dirmngr.conf - Options for Dirmngr
# Written in 2015 by The GnuPG Project <https://gnupg.org>
#
# To the extent possible under law, the authors have dedicated all
# copyright and related and neighboring rights to this file to the
# public domain worldwide.  This file is distributed without any
# warranty.  You should have received a copy of the CC0 Public Domain
# Dedication along with this file. If not, see
# <http://creativecommons.org/publicdomain/zero/1.0/>.
#
#
# Unless you specify which option file to use (with the command line
# option "--options filename"), the file ~/.gnupg/dirmngr.conf is used
# by dirmngr.  The file can contain any long options which are valid
# for Dirmngr.  If the first non white space character of a line is a
# '#', the line is ignored.  Empty lines are also ignored.  See the
# dirmngr man page or the manual for a list of options.
#

# --keyserver URI
#
# GPG can send and receive keys to and from a keyserver.  These
# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP
# support).
#
# Example HKP keyservers:
#      hkp://keys.gnupg.net
#
# Example HKP keyserver using a Tor OnionBalance service
#      hkp://jirk5u4osbsr34t5.onion
#
# Example HKPS keyservers (see --hkp-cacert below):
#       hkps://hkps.pool.sks-keyservers.net
#
# Example LDAP keyservers:
#      ldap://pgp.surfnet.nl:11370
#
# Regular URL syntax applies, and you can set an alternate port
# through the usual method:
#      hkp://keyserver.example.net:22742
#
# Most users just set the name and type of their preferred keyserver.
# Note that most servers (with the notable exception of
# ldap://keyserver.pgp.com) synchronize changes with each other.  Note
# also that a single server name may actually point to multiple
# servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
# such a "server", which spreads the load over a number of physical
# servers.
#
# If exactly two keyservers are configured and only one is a Tor hidden
# service, Dirmngr selects the keyserver to use depending on whether
# Tor is locally running or not (on a per session base).

keyserver hkp://jirk5u4osbsr34t5.onion
keyserver hkp://keys.gnupg.net

# --hkp-cacert FILENAME
#
# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to
# know the root certificates for verification of the TLS certificates
# used for the connection.  Enter the full name of a file with the
# root certificates here.  If that file is in PEM format a ".pem"
# suffix is expected.  This option may be given multiple times to add
# more root certificates.  Tilde expansion is supported.

#hkp-cacert /path/to/CA/sks-keyservers.netCA.pem
gpg: Install a dirmngr.conf file. * g10/dirmngr-conf.skel: New. * g10/Makefile.am (EXTRA_DIST): Add file. (install-data-local, uninstall-local): Install that file. * g10/openfile.c (copy_options_file): Add arg "name", return a value, simplify with xstrconcat, and factor warning message out to: (try_make_homedir): here. Also install dirmngr.conf. * g10/options.skel: Remove --keyserver entry. -- The option --keyserver in gpg has been deprecated in favor of --keyserver in dirmngr.conf. Thus we need to install a skeleton file for dirmngr to set a default keyserver. Signed-off-by: Werner Koch <wk@gnupg.org> 2015-10-05 19:48:47 +02:00			`# dirmngr-conf.skel - Skeleton to create dirmngr.conf.`
			`# (Note that the first three lines are not copied.)`
			`#`
			`# dirmngr.conf - Options for Dirmngr`
			`# Written in 2015 by The GnuPG Project <https://gnupg.org>`
			`#`
			`# To the extent possible under law, the authors have dedicated all`
			`# copyright and related and neighboring rights to this file to the`
			`# public domain worldwide. This file is distributed without any`
			`# warranty. You should have received a copy of the CC0 Public Domain`
			`# Dedication along with this file. If not, see`
			`# <http://creativecommons.org/publicdomain/zero/1.0/>.`
			`#`
			`#`
			`# Unless you specify which option file to use (with the command line`
			`# option "--options filename"), the file ~/.gnupg/dirmngr.conf is used`
			`# by dirmngr. The file can contain any long options which are valid`
			`# for Dirmngr. If the first non white space character of a line is a`
			`# '#', the line is ignored. Empty lines are also ignored. See the`
			`# dirmngr man page or the manual for a list of options.`
			`#`

			`# --keyserver URI`
			`#`
			`# GPG can send and receive keys to and from a keyserver. These`
			`# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP`
			`# support).`
			`#`
			`# Example HKP keyservers:`
			`# hkp://keys.gnupg.net`
			`#`
dirmngr: Change the Onion keyserver in the conf template. -- I must have mixed the up during testing. The old one is just one keyserver and the new one is the OnionBalance hidden service. See https://sks-keyservers.net/overview-of-pools.php Signed-off-by: Werner Koch <wk@gnupg.org> 2015-12-23 20:06:49 +01:00			`# Example HKP keyserver using a Tor OnionBalance service`
			`# hkp://jirk5u4osbsr34t5.onion`
dirmngr: Add example Tor hidden service. -- 2015-10-26 16:32:32 +01:00			`#`
gpg: Install a dirmngr.conf file. * g10/dirmngr-conf.skel: New. * g10/Makefile.am (EXTRA_DIST): Add file. (install-data-local, uninstall-local): Install that file. * g10/openfile.c (copy_options_file): Add arg "name", return a value, simplify with xstrconcat, and factor warning message out to: (try_make_homedir): here. Also install dirmngr.conf. * g10/options.skel: Remove --keyserver entry. -- The option --keyserver in gpg has been deprecated in favor of --keyserver in dirmngr.conf. Thus we need to install a skeleton file for dirmngr to set a default keyserver. Signed-off-by: Werner Koch <wk@gnupg.org> 2015-10-05 19:48:47 +02:00			`# Example HKPS keyservers (see --hkp-cacert below):`
			`# hkps://hkps.pool.sks-keyservers.net`
			`#`
			`# Example LDAP keyservers:`
			`# ldap://pgp.surfnet.nl:11370`
			`#`
			`# Regular URL syntax applies, and you can set an alternate port`
			`# through the usual method:`
			`# hkp://keyserver.example.net:22742`
			`#`
			`# Most users just set the name and type of their preferred keyserver.`
			`# Note that most servers (with the notable exception of`
			`# ldap://keyserver.pgp.com) synchronize changes with each other. Note`
			`# also that a single server name may actually point to multiple`
			`# servers via DNS round-robin. hkp://keys.gnupg.net is an example of`
			`# such a "server", which spreads the load over a number of physical`
			`# servers.`
dirmngr: Switch to an onion address if Tor is running. * dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist. * dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple --keyserver options. * dirmngr/server.c (server_local_s): Add field 'tor_state'. (release_uri_item_list): New. (release_ctrl_keyservers): Use it. (start_command_handler): Release list of keyservers. (is_tor_running): New. (cmd_getinfo): Re-implement "tor" subcommand using new fucntion. (ensure_keyserver): Rewrite. * g10/dirmngr-conf.skel: Add two keyserver options. -- This feature is independent of --use-tor and automagically uses Tor if available. The dirmngr.conf file needs to specify two keyservers to make this work. For new installations this is done using the skeleton file. This feature requires the Libassuan 2.4.2 to work. This patch also fixes a memory leak of opt.keyserver en passant. Signed-off-by: Werner Koch <wk@gnupg.org> 2015-12-02 11:49:41 +01:00			`#`
			`# If exactly two keyservers are configured and only one is a Tor hidden`
			`# service, Dirmngr selects the keyserver to use depending on whether`
			`# Tor is locally running or not (on a per session base).`
gpg: Install a dirmngr.conf file. * g10/dirmngr-conf.skel: New. * g10/Makefile.am (EXTRA_DIST): Add file. (install-data-local, uninstall-local): Install that file. * g10/openfile.c (copy_options_file): Add arg "name", return a value, simplify with xstrconcat, and factor warning message out to: (try_make_homedir): here. Also install dirmngr.conf. * g10/options.skel: Remove --keyserver entry. -- The option --keyserver in gpg has been deprecated in favor of --keyserver in dirmngr.conf. Thus we need to install a skeleton file for dirmngr to set a default keyserver. Signed-off-by: Werner Koch <wk@gnupg.org> 2015-10-05 19:48:47 +02:00
dirmngr: Change the Onion keyserver in the conf template. -- I must have mixed the up during testing. The old one is just one keyserver and the new one is the OnionBalance hidden service. See https://sks-keyservers.net/overview-of-pools.php Signed-off-by: Werner Koch <wk@gnupg.org> 2015-12-23 20:06:49 +01:00			`keyserver hkp://jirk5u4osbsr34t5.onion`
gpg: Install a dirmngr.conf file. * g10/dirmngr-conf.skel: New. * g10/Makefile.am (EXTRA_DIST): Add file. (install-data-local, uninstall-local): Install that file. * g10/openfile.c (copy_options_file): Add arg "name", return a value, simplify with xstrconcat, and factor warning message out to: (try_make_homedir): here. Also install dirmngr.conf. * g10/options.skel: Remove --keyserver entry. -- The option --keyserver in gpg has been deprecated in favor of --keyserver in dirmngr.conf. Thus we need to install a skeleton file for dirmngr to set a default keyserver. Signed-off-by: Werner Koch <wk@gnupg.org> 2015-10-05 19:48:47 +02:00			`keyserver hkp://keys.gnupg.net`

			`# --hkp-cacert FILENAME`
			`#`
			`# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to`
			`# know the root certificates for verification of the TLS certificates`
			`# used for the connection. Enter the full name of a file with the`
			`# root certificates here. If that file is in PEM format a ".pem"`
			`# suffix is expected. This option may be given multiple times to add`
dirmngr: Do tilde expansion for --hkp-cacert. * dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and check for cert file existance in option --hkp-cacert. -- GnuPG-bug-id: 2120 Signed-off-by: Werner Koch <wk@gnupg.org> 2015-10-06 13:10:26 +02:00			`# more root certificates. Tilde expansion is supported.`
gpg: Install a dirmngr.conf file. * g10/dirmngr-conf.skel: New. * g10/Makefile.am (EXTRA_DIST): Add file. (install-data-local, uninstall-local): Install that file. * g10/openfile.c (copy_options_file): Add arg "name", return a value, simplify with xstrconcat, and factor warning message out to: (try_make_homedir): here. Also install dirmngr.conf. * g10/options.skel: Remove --keyserver entry. -- The option --keyserver in gpg has been deprecated in favor of --keyserver in dirmngr.conf. Thus we need to install a skeleton file for dirmngr to set a default keyserver. Signed-off-by: Werner Koch <wk@gnupg.org> 2015-10-05 19:48:47 +02:00
			`#hkp-cacert /path/to/CA/sks-keyservers.netCA.pem`