Import fixes.

new otion for watchgnupg

ChangeLog

@@ -1,3 +1,7 @@
+2010-10-06  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Make --enable-standard-socket the default.
+
 2010-10-04  Werner Koch  <wk@g10code.com>
 
 	* configure.ac (GNUPG_CHECK_FAQPROG): Remove.

NEWS

@@ -26,8 +26,8 @@ Noteworthy changes in version 2.1.x (under development)
  * If the agent's --use-standard-socket option is active, all tools
    try to start and daemonize the agent on the fly.  In the past this
    was only supported on W32; on non-W32 systems the new configure
-   option --enable-standard-socket may now be used to use this feature
-   by default.
+   option --disable-standard-socket may now be used to disable this
+   new default.
 
  * Dirmngr is now a part of this package.  Dirmngr is now also
    expected to run as a system service and the configuration

agent/ChangeLog

@@ -1,3 +1,7 @@
+2010-10-06  Werner Koch  <wk@g10code.com>
+
+	* cvt-openpgp.c (convert_secret_key): Add missing break.
+
 2010-10-05  Werner Koch  <wk@g10code.com>
 
 	* gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k

agent/cvt-openpgp.c

@@ -126,6 +126,7 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey)
                              "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
                              skey[0], skey[1], skey[2], skey[3], skey[4],
                              skey[5]);
+      break;
 
     default:
       err = gpg_error (GPG_ERR_PUBKEY_ALGO);

configure.ac

@@ -79,7 +79,7 @@ use_bzip2=yes
 use_exec=yes
 disable_keyserver_path=no
 use_ccid_driver=yes
-use_standard_socket=no
+use_standard_socket=yes
 
 try_ks_ldap=no
 
@@ -657,8 +657,8 @@ fi
 #
 AC_MSG_CHECKING([whether to use a standard socket by default])
 AC_ARG_ENABLE(standard-socket,
-              AC_HELP_STRING([--enable-standard-socket],
-                             [use a standard socket for the agent by default]),
+              AC_HELP_STRING([--disable-standard-socket],
+                             [don't use a standard socket by default]),
               use_standard_socket=$enableval)
 tmp=""
 if test "$use_standard_socket" != yes; then

doc/gpg-agent.texi

@@ -2,6 +2,11 @@
 @c This is part of the GnuPG manual.
 @c For copying conditions, see the file gnupg.texi.
 
+@c Note that we use this texinfo file for all versions of GnuPG: 
+@c 2.0 and 2.1.  The macro "gpgtwoone" controls parts which are only
+@c valid for GnuPG 2.1 and later.
+
+
 @node Invoking GPG-AGENT
 @chapter Invoking GPG-AGENT
 @cindex GPG-AGENT command options
@@ -438,8 +443,16 @@ a random socket below a temporary directory.  Tools connecting to
 environment variable @var{GPG_AGENT_INFO} and then fall back to this
 socket.  This option may not be used if the home directory is mounted on
 a remote file system which does not support special files like fifos or
-sockets.  Note, that @option{--use-standard-socket} is the default on
-Windows systems.  The default may be changed at build time.  It is
+sockets.
+@ifset gpgtwoone
+Note, that @option{--use-standard-socket} is the default on all
+systems since GnuPG 2.1.
+@end ifset
+@ifclear gpgtwoone
+Note, that @option{--use-standard-socket} is the default on
+Windows systems.
+@end ifclear
+The default may be changed at build time.  It is
 possible to test at runtime whether the agent has been configured for
 use with the standard socket by issuing the command @command{gpg-agent
 --use-standard-socket-p} which returns success if the standard socket

g10/ChangeLog

@@ -1,3 +1,8 @@
+2010-10-06  Werner Koch  <wk@g10code.com>
+
+	* import.c (transfer_secret_keys): Ignore missing key parameters.
+	Provide dummy IV.  Ignore stub keys.
+
 2010-10-01  Werner Koch  <wk@g10code.com>
 
 	* export.c (do_export_stream): Rewrite to take the secret keys

g10/import.c

@@ -1122,8 +1122,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
   if (!err)
     err = gcry_cipher_setkey (cipherhd, kek, keklen);
   if (err)
-    goto leave;
-  xfree (kek);
+    goto leave;  xfree (kek);
   kek = NULL;
 
   main_pk = NULL;
@@ -1143,6 +1142,11 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
       stats->count++;
       stats->secret_read++;
 
+      /* For now we ignore the stub keys becuase we don't have real
+         support for them in gpg-agent.  */
+      if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
+        continue;
+
       /* Convert our internal secret key object into an S-expression.  */
       nskey = pubkey_get_nskey (pk->pubkey_algo);
       if (!nskey || nskey > PUBKEY_MAX_NSKEY)
@@ -1156,7 +1160,9 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
       put_membuf_str (&mbuf, "(skey");
       for (i=j=0; i < nskey; i++)
         {
-          if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
+          if (!pk->pkey[i])
+            ; /* Protected keys only have NPKEY+1 elements.  */
+          else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
             {
               put_membuf_str (&mbuf, " e %b");
               format_args_buf_ptr[i] = gcry_mpi_get_opaque (pk->pkey[i], &n);
@@ -1189,7 +1195,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
       if (ski->is_protected)
         {
           char countbuf[35];
-
+          
+          /* Note that the IVLEN may be zero if we are working on a
+             dummy key.  We can't express that in an S-expression and
+             thus we send dummy data for the IV.  */
           snprintf (countbuf, sizeof countbuf, "%lu",
                     (unsigned long)ski->s2k.count);
           err = gcry_sexp_build
@@ -1197,7 +1206,8 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
              " (protection %s %s %b %d %s %b %s)\n",
              ski->sha1chk? "sha1":"sum",
              openpgp_cipher_algo_name (ski->algo),
-             (int)ski->ivlen, ski->iv,
+             ski->ivlen? (int)ski->ivlen:1,
+             ski->ivlen? ski->iv: (const unsigned char*)"X",
              ski->s2k.mode,
              openpgp_md_algo_name (ski->s2k.hash_algo),
              (int)sizeof (ski->s2k.salt), ski->s2k.salt,

tools/ChangeLog

@@ -1,3 +1,7 @@
+2010-10-06  Werner Koch  <wk@g10code.com>
+
+	* watchgnupg.c (print_version): Add option --time-only.
+
 2010-10-05  Werner Koch  <wk@g10code.com>
 
 	* watchgnupg.c (main): Support TCP and local socket listening.

tools/watchgnupg.c

@@ -52,7 +52,7 @@
 
 
 static int verbose;
-
+static int time_only;
 
 static void
 die (const char *format, ...)
@@ -136,10 +136,15 @@ print_fd_and_time (int fd)
   time_t atime = time (NULL);
   
   tp = localtime (&atime);
-  printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ",
-          fd,
-          1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
-          tp->tm_hour, tp->tm_min, tp->tm_sec );
+  if (time_only)  
+    printf ("%3d - %02d:%02d:%02d ",
+            fd,
+            tp->tm_hour, tp->tm_min, tp->tm_sec );
+  else
+    printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ",
+            fd,
+            1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+            tp->tm_hour, tp->tm_min, tp->tm_sec );
 }
 
 
@@ -262,6 +267,7 @@ print_version (int with_help)
        "  --tcp       listen on a TCP port and optionally on a local socket\n"
        "  --force     delete an already existing socket file\n"
        "  --verbose   enable extra informational output\n"
+       "  --time-only print only the time; not a full timestamp\n"
        "  --version   print version of the program and exit\n"
        "  --help      display this help and exit\n"
        BUGREPORT_LINE, stdout );
@@ -306,6 +312,11 @@ main (int argc, char **argv)
           verbose = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--time-only"))
+        {
+          time_only = 1;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--force"))
         {
           force = 1;