Import fixes.

new otion for watchgnupg
This commit is contained in:
Werner Koch 2010-10-06 11:29:10 +00:00
parent cc71376bce
commit 002b30e75c
10 changed files with 69 additions and 17 deletions

View File

@ -1,3 +1,7 @@
2010-10-06 Werner Koch <wk@g10code.com>
* configure.ac: Make --enable-standard-socket the default.
2010-10-04 Werner Koch <wk@g10code.com>
* configure.ac (GNUPG_CHECK_FAQPROG): Remove.

4
NEWS
View File

@ -26,8 +26,8 @@ Noteworthy changes in version 2.1.x (under development)
* If the agent's --use-standard-socket option is active, all tools
try to start and daemonize the agent on the fly. In the past this
was only supported on W32; on non-W32 systems the new configure
option --enable-standard-socket may now be used to use this feature
by default.
option --disable-standard-socket may now be used to disable this
new default.
* Dirmngr is now a part of this package. Dirmngr is now also
expected to run as a system service and the configuration

View File

@ -1,3 +1,7 @@
2010-10-06 Werner Koch <wk@g10code.com>
* cvt-openpgp.c (convert_secret_key): Add missing break.
2010-10-05 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k

View File

@ -126,6 +126,7 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey)
"(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
skey[0], skey[1], skey[2], skey[3], skey[4],
skey[5]);
break;
default:
err = gpg_error (GPG_ERR_PUBKEY_ALGO);

View File

@ -79,7 +79,7 @@ use_bzip2=yes
use_exec=yes
disable_keyserver_path=no
use_ccid_driver=yes
use_standard_socket=no
use_standard_socket=yes
try_ks_ldap=no
@ -657,8 +657,8 @@ fi
#
AC_MSG_CHECKING([whether to use a standard socket by default])
AC_ARG_ENABLE(standard-socket,
AC_HELP_STRING([--enable-standard-socket],
[use a standard socket for the agent by default]),
AC_HELP_STRING([--disable-standard-socket],
[don't use a standard socket by default]),
use_standard_socket=$enableval)
tmp=""
if test "$use_standard_socket" != yes; then

View File

@ -2,6 +2,11 @@
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@c Note that we use this texinfo file for all versions of GnuPG:
@c 2.0 and 2.1. The macro "gpgtwoone" controls parts which are only
@c valid for GnuPG 2.1 and later.
@node Invoking GPG-AGENT
@chapter Invoking GPG-AGENT
@cindex GPG-AGENT command options
@ -438,8 +443,16 @@ a random socket below a temporary directory. Tools connecting to
environment variable @var{GPG_AGENT_INFO} and then fall back to this
socket. This option may not be used if the home directory is mounted on
a remote file system which does not support special files like fifos or
sockets. Note, that @option{--use-standard-socket} is the default on
Windows systems. The default may be changed at build time. It is
sockets.
@ifset gpgtwoone
Note, that @option{--use-standard-socket} is the default on all
systems since GnuPG 2.1.
@end ifset
@ifclear gpgtwoone
Note, that @option{--use-standard-socket} is the default on
Windows systems.
@end ifclear
The default may be changed at build time. It is
possible to test at runtime whether the agent has been configured for
use with the standard socket by issuing the command @command{gpg-agent
--use-standard-socket-p} which returns success if the standard socket

View File

@ -1,3 +1,8 @@
2010-10-06 Werner Koch <wk@g10code.com>
* import.c (transfer_secret_keys): Ignore missing key parameters.
Provide dummy IV. Ignore stub keys.
2010-10-01 Werner Koch <wk@g10code.com>
* export.c (do_export_stream): Rewrite to take the secret keys

View File

@ -1122,8 +1122,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
if (!err)
err = gcry_cipher_setkey (cipherhd, kek, keklen);
if (err)
goto leave;
xfree (kek);
goto leave; xfree (kek);
kek = NULL;
main_pk = NULL;
@ -1143,6 +1142,11 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
stats->count++;
stats->secret_read++;
/* For now we ignore the stub keys becuase we don't have real
support for them in gpg-agent. */
if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
continue;
/* Convert our internal secret key object into an S-expression. */
nskey = pubkey_get_nskey (pk->pubkey_algo);
if (!nskey || nskey > PUBKEY_MAX_NSKEY)
@ -1156,7 +1160,9 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
put_membuf_str (&mbuf, "(skey");
for (i=j=0; i < nskey; i++)
{
if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
if (!pk->pkey[i])
; /* Protected keys only have NPKEY+1 elements. */
else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
{
put_membuf_str (&mbuf, " e %b");
format_args_buf_ptr[i] = gcry_mpi_get_opaque (pk->pkey[i], &n);
@ -1189,7 +1195,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
if (ski->is_protected)
{
char countbuf[35];
/* Note that the IVLEN may be zero if we are working on a
dummy key. We can't express that in an S-expression and
thus we send dummy data for the IV. */
snprintf (countbuf, sizeof countbuf, "%lu",
(unsigned long)ski->s2k.count);
err = gcry_sexp_build
@ -1197,7 +1206,8 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
" (protection %s %s %b %d %s %b %s)\n",
ski->sha1chk? "sha1":"sum",
openpgp_cipher_algo_name (ski->algo),
(int)ski->ivlen, ski->iv,
ski->ivlen? (int)ski->ivlen:1,
ski->ivlen? ski->iv: (const unsigned char*)"X",
ski->s2k.mode,
openpgp_md_algo_name (ski->s2k.hash_algo),
(int)sizeof (ski->s2k.salt), ski->s2k.salt,

View File

@ -1,3 +1,7 @@
2010-10-06 Werner Koch <wk@g10code.com>
* watchgnupg.c (print_version): Add option --time-only.
2010-10-05 Werner Koch <wk@g10code.com>
* watchgnupg.c (main): Support TCP and local socket listening.

View File

@ -52,7 +52,7 @@
static int verbose;
static int time_only;
static void
die (const char *format, ...)
@ -136,10 +136,15 @@ print_fd_and_time (int fd)
time_t atime = time (NULL);
tp = localtime (&atime);
printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ",
fd,
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec );
if (time_only)
printf ("%3d - %02d:%02d:%02d ",
fd,
tp->tm_hour, tp->tm_min, tp->tm_sec );
else
printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ",
fd,
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec );
}
@ -262,6 +267,7 @@ print_version (int with_help)
" --tcp listen on a TCP port and optionally on a local socket\n"
" --force delete an already existing socket file\n"
" --verbose enable extra informational output\n"
" --time-only print only the time; not a full timestamp\n"
" --version print version of the program and exit\n"
" --help display this help and exit\n"
BUGREPORT_LINE, stdout );
@ -306,6 +312,11 @@ main (int argc, char **argv)
verbose = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--time-only"))
{
time_only = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--force"))
{
force = 1;