security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Remove options --print-dane-records and --print-pka-records. 

* g10/gpg.c (main): Remove options but print a dedicated warning.
* g10/options.h (struct opt): Remove fields 'print_dane_records' and
'print_pka_records'.
* g10/keylist.c (list_keyblock): Do not call list_keyblock_pka.
(list_keyblock_pka): Remove.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-07-14 15:19:36 +02:00
parent d6d7e4d218
commit 1e9bc66a9a
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 23 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doc/gpg.texi
View File

@ -2345,20 +2345,6 @@ as it is easily machine parsed. The details of this format are
documented in the file @file{doc/DETAILS}, which is included in the GnuPG
source distribution.
@item --print-pka-records
@opindex print-pka-records
Modify the output of the list commands to print PKA records suitable
to put into DNS zone files. An ORIGIN line is printed before each
record to allow diverting the records to the corresponding zone file.
@item --print-dane-records
@opindex print-dane-records
Modify the output of the list commands to print OpenPGP DANE records
suitable to put into DNS zone files. An ORIGIN line is printed before
each record to allow diverting the records to the corresponding zone
file.
@item --fixed-list-mode
@opindex fixed-list-mode
Do not merge primary user ID and primary key in @option{--with-colon}

24
g10/gpg.c
View File

@ -2173,15 +2173,19 @@ main (int argc, char **argv)
int pwfd = -1;
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0;
int require_secmem=0,got_secmem=0;
int require_secmem = 0;
int got_secmem = 0;
struct assuan_malloc_hooks malloc_hooks;
ctrl_t ctrl;
static int print_dane_records;
static int print_pka_records;
#ifdef __riscos__
opt.lock_once = 1;
#endif /* __riscos__ */
/* Please note that we may running SUID(ROOT), so be very CAREFUL
when adding any stuff between here and the call to
secmem_init() somewhere after the option parsing. */
@ -3186,8 +3190,8 @@ main (int argc, char **argv)
case oFastListMode: opt.fast_list_mode = 1; break;
case oFixedListMode: /* Dummy */ break;
case oLegacyListMode: opt.legacy_list_mode = 1; break;
case oPrintPKARecords: opt.print_pka_records = 1; break;
case oPrintDANERecords: opt.print_dane_records = 1; break;
case oPrintPKARecords: print_pka_records = 1; break;
case oPrintDANERecords: print_dane_records = 1; break;
case oListOnly: opt.list_only=1; break;
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
@ -3410,6 +3414,18 @@ main (int argc, char **argv)
xfree (save_configname);
xfree (default_configname);
if (print_dane_records)
log_error ("invalid option \"%s\"; use \"%s\" instead\n",
"--print-dane-records",
"--export-options export-dane");
if (print_pka_records)
log_error ("invalid option \"%s\"; use \"%s\" instead\n",
"--print-pks-records",
"--export-options export-pka");
if (log_get_errorcount (0))
g10_exit(2);
if( nogreeting )
greeting = 0;

156
g10/keylist.c
View File

@ -864,156 +864,6 @@ dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
}
/* Print IPGP cert records instead of a standard key listing. */
static void
list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
{
kbnode_t kbctx;
kbnode_t node;
PKT_public_key *pk;
char pkstrbuf[PUBKEY_STRING_SIZE];
char *hexfpr;
char *hexkeyblock = NULL;
unsigned int hexkeyblocklen = 0; /* Init to avoid -Wmaybe-uninitialized. */
const char *s;
/* Get the keyid from the keyblock. */
node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
if (!node)
{
log_error ("Oops; key lost!\n");
dump_kbnode (keyblock);
return;
}
pk = node->pkt->pkt.public_key;
/* First print an overview of the key with all userids. */
es_fprintf (es_stdout, ";; pub %s/%s %s\n;;",
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
keystr_from_pk (pk), datestr_from_pk (pk));
print_fingerprint (NULL, pk, 10);
for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
{
if (node->pkt->pkttype == PKT_USER_ID)
{
PKT_user_id *uid = node->pkt->pkt.user_id;
if (pk && (uid->is_expired || uid->is_revoked)
&& !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
continue;
es_fputs (";; uid ", es_stdout);
print_utf8_buffer (es_stdout, uid->name, uid->len);
es_putc ('\n', es_stdout);
}
}
hexfpr = hexfingerprint (pk, NULL, 0);
if (opt.print_dane_records)
{
kbnode_t dummy_keyblock;
void *data;
size_t datalen;
gpg_error_t err;
/* We do not have an export function which allows to pass a
keyblock, thus we need to search the key again. */
err = export_pubkey_buffer (ctrl, hexfpr,
(EXPORT_MINIMAL | EXPORT_CLEAN), NULL,
&dummy_keyblock, &data, &datalen);
release_kbnode (dummy_keyblock);
if (!err)
{
hexkeyblocklen = datalen;
hexkeyblock = bin2hex (data, datalen, NULL);
if (!hexkeyblock)
err = gpg_error_from_syserror ();
xfree (data);
ascii_strlwr (hexkeyblock);
}
if (err)
log_error (_("skipped \"%s\": %s\n"), hexfpr, gpg_strerror (err));
}
for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
{
if (node->pkt->pkttype == PKT_USER_ID)
{
PKT_user_id *uid = node->pkt->pkt.user_id;
char *mbox;
char *p;
if (pk && (uid->is_expired || uid->is_revoked)
&& !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
continue;
mbox = mailbox_from_userid (uid->name);
if (mbox && (p = strchr (mbox, '@')))
{
char hashbuf[32];
char *hash;
unsigned int len;
*p++ = 0;
if (opt.print_pka_records)
{
es_fprintf (es_stdout, "$ORIGIN _pka.%s.\n; %s\n; ",
p, hexfpr);
print_utf8_buffer (es_stdout, uid->name, uid->len);
es_putc ('\n', es_stdout);
gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
mbox, strlen (mbox));
hash = zb32_encode (hashbuf, 8*20);
if (hash)
{
len = strlen (hexfpr)/2;
es_fprintf (es_stdout,
"%s TYPE37 \\# %u 0006 0000 00 %02X %s\n",
hash, 6 + len, len, hexfpr);
xfree (hash);
}
}
if (opt.print_dane_records && hexkeyblock)
{
es_fprintf (es_stdout, "$ORIGIN _openpgpkey.%s.\n; %s\n; ",
p, hexfpr);
print_utf8_buffer (es_stdout, uid->name, uid->len);
es_putc ('\n', es_stdout);
gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf,
mbox, strlen (mbox));
hash = bin2hex (hashbuf, 28, NULL);
if (hash)
{
ascii_strlwr (hash);
es_fprintf (es_stdout, "%s TYPE61 \\# %u (\n",
hash, hexkeyblocklen);
xfree (hash);
s = hexkeyblock;
for (;;)
{
es_fprintf (es_stdout, "\t%.64s\n", s);
if (strlen (s) < 64)
break;
s += 64;
}
es_fputs ("\t)\n", es_stdout);
}
}
}
xfree (mbox);
}
}
es_putc ('\n', es_stdout);
xfree (hexkeyblock);
xfree (hexfpr);
}
static void
list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
struct keylist_context *listctx)
@ -1747,12 +1597,12 @@ list_keyblock (ctrl_t ctrl,
struct keylist_context *listctx)
{
reorder_keyblock (keyblock);
if (opt.print_pka_records || opt.print_dane_records)
list_keyblock_pka (ctrl, keyblock);
else if (opt.with_colons)
if (opt.with_colons)
list_keyblock_colon (ctrl, keyblock, secret, has_secret, fpr);
else
list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
if (secret)
es_fflush (es_stdout);
}

2
g10/options.h
View File

@ -78,8 +78,6 @@ struct
int with_wkd_hash; /* Option --with-wkd-hash. */
int fingerprint; /* list fingerprints */
int list_sigs; /* list signatures */
int print_pka_records;
int print_dane_records;
int no_armor;
int list_packets; /* Option --list-packets active. */
int def_cipher_algo;