1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-05 12:31:50 +01:00

doc: Final update from master (gnupg 2.1)

* doc/Makefile.am (sources_from_trunk): Remove.
(update-source): Make it a dummy.
* doc/gpg.texi: Update.
* doc/yat2m.c: Update.
--

Maintaining 3 versions in of the gpg manual in one file is getting
more complicated with 2.1.  Thus we stop this now and keep the manual
for 1.4 separate.
This commit is contained in:
Werner Koch 2014-09-29 11:11:30 +02:00
parent ad30b2a4ae
commit 3209f270d2
3 changed files with 218 additions and 44 deletions

View File

@ -26,10 +26,6 @@ EXTRA_DIST = DETAILS FAQ \
myman_sources = gpg.texi gpgv.texi myman_sources = gpg.texi gpgv.texi
myman_pages = gpg.1 gpgv.1 myman_pages = gpg.1 gpgv.1
sources_from_trunk = $(myman_sources) \
opt-homedir.texi specify-user-id.texi see-also-note.texi
info_TEXINFOS = gnupg1.texi info_TEXINFOS = gnupg1.texi
man_MANS = $(myman_pages) gnupg.7 gpg-zip.1 man_MANS = $(myman_pages) gnupg.7 gpg-zip.1
@ -83,12 +79,6 @@ dist-hook:
@if test "`wc -c < gpg.1`" -lt 200; then \ @if test "`wc -c < gpg.1`" -lt 200; then \
echo 'ERROR: dummy man page'; false; fi echo 'ERROR: dummy man page'; false; fi
# Copy shared files from the master branch. We keep the texinfo files
# all in master so that we need to modify only one source. Macros are
# used to customize them for a specific version.
update-source: update-source:
@set -e; cd $(srcdir); \ @echo Not anymore used - we now keep docs for 1.x separate
for i in $(sources_from_trunk) yat2m.c ; do \ @echo from GnuPG-2.
echo "updating from master:doc/$$i" >&2 ; \
git show master:doc/$$i >$$i ; \
done

View File

@ -14,6 +14,19 @@
@cindex command options @cindex command options
@cindex options, GPG command @cindex options, GPG command
@c Begin algorithm defaults
@ifclear gpgtwoone
@set DEFSYMENCALGO CAST5
@end ifclear
@ifset gpgtwoone
@set DEFSYMENCALGO AES128
@end ifset
@c End algorithm defaults
@c Begin GnuPG 1.x specific stuff @c Begin GnuPG 1.x specific stuff
@ifset gpgone @ifset gpgone
@macro gpgname @macro gpgname
@ -217,7 +230,7 @@ decrypted via a secret key or a passphrase).
@itemx -c @itemx -c
@opindex symmetric @opindex symmetric
Encrypt with a symmetric cipher using a passphrase. The default Encrypt with a symmetric cipher using a passphrase. The default
symmetric cipher used is CAST5, but may be chosen with the symmetric cipher used is @value{DEFSYMENCALGO}, but may be chosen with the
@option{--cipher-algo} option. This option may be combined with @option{--cipher-algo} option. This option may be combined with
@option{--sign} (for a signed and symmetrically encrypted message), @option{--sign} (for a signed and symmetrically encrypted message),
@option{--encrypt} (for a message that may be decrypted via a secret key @option{--encrypt} (for a message that may be decrypted via a secret key
@ -408,7 +421,7 @@ removed first. In batch mode the key must be specified by fingerprint.
@opindex export @opindex export
Either export all keys from all keyrings (default keyrings and those Either export all keys from all keyrings (default keyrings and those
registered via option @option{--keyring}), or if at least one name is given, registered via option @option{--keyring}), or if at least one name is given,
those of the given name. The new keyring is written to STDOUT or to the those of the given name. The exported keys are written to STDOUT or to the
file given with option @option{--output}. Use together with file given with option @option{--output}. Use together with
@option{--armor} to mail those keys. @option{--armor} to mail those keys.
@ -424,14 +437,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing.
@itemx --export-secret-subkeys @itemx --export-secret-subkeys
@opindex export-secret-keys @opindex export-secret-keys
@opindex export-secret-subkeys @opindex export-secret-subkeys
Same as @option{--export}, but exports the secret keys instead. This is Same as @option{--export}, but exports the secret keys instead. The
normally not very useful and a security risk. The second form of the exported keys are written to STDOUT or to the file given with option
command has the special property to render the secret part of the @option{--output}. This command is often used along with the option
primary key useless; this is a GNU extension to OpenPGP and other @option{--armor} to allow easy printing of the key for paper backup;
implementations can not be expected to successfully import such a key. however the external tool @command{paperkey} does a better job for
creating backups on paper. Note that exporting a secret key can be a
security risk if the exported keys are send over an insecure channel.
The second form of the command has the special property to render the
secret part of the primary key useless; this is a GNU extension to
OpenPGP and other implementations can not be expected to successfully
import such a key. Its intended use is to generated a full key with
an additional signing subkey on a dedicated machine and then using
this command to export the key without the primary key to the main
machine.
@ifset gpgtwoone
GnuPG may ask you to enter the passphrase for the key. This is
required because the internal protection method of the secret key is
different from the one specified by the OpenPGP protocol.
@end ifset
@ifclear gpgtwoone @ifclear gpgtwoone
See the option @option{--simple-sk-checksum} if you want to import such See the option @option{--simple-sk-checksum} if you want to import an
an exported key with an older OpenPGP implementation. exported secret key into ancient OpenPGP implementations.
@end ifclear @end ifclear
@item --import @item --import
@ -576,14 +605,36 @@ This section explains the main commands for key management
@table @gnupgtabopt @table @gnupgtabopt
@ifset gpgtwoone
@item --quick-gen-key @code{user-id}
@opindex quick-gen-key
This is simple command to generate a standard key with one user id.
In contrast to @option{--gen-key} the key is generated directly
without the need to answer a bunch of prompts. Unless the option
@option{--yes} is given, the key creation will be canceled if the
given user id already exists in the key ring.
If invoked directly on the console without any special options an
answer to a ``Continue?'' style confirmation prompt is required. In
case the user id already exists in the key ring a second prompt to
force the creation of the key will show up.
@end ifset
@item --gen-key @item --gen-key
@opindex gen-key @opindex gen-key
Generate a new key pair. This command is normally only used Generate a new key pair using teh current default parameters. This is
interactively. the standard command to create a new key.
There is an experimental feature which allows you to create keys in @ifset gpgtwoone
batch mode. See the file @file{doc/DETAILS} in the source distribution @item --full-gen-key
on how to use this. @opindex gen-key
Generate a new key pair with dialogs for all options. This is an
extended version of @option{--gen-key}.
@end ifset
There is also a feature which allows you to create keys in batch
mode. See the the manual section ``Unattended key generation'' on how
to use this.
@item --gen-revoke @code{name} @item --gen-revoke @code{name}
@opindex gen-revoke @opindex gen-revoke
@ -916,12 +967,14 @@ interaction. The @code{fpr} must be the verified primary fingerprint
of a key in the local keyring. If no @code{names} are given, all of a key in the local keyring. If no @code{names} are given, all
useful user ids are signed; with given [@code{names}] only useful user useful user ids are signed; with given [@code{names}] only useful user
ids matching one of theses names are signed. The command ids matching one of theses names are signed. The command
@option{--quick-lsign-key} marks the signatures as non-exportable. @option{--quick-lsign-key} marks the signatures as non-exportable. If
such a non-exportable signature already exists the
@option{--quick-sign-key} turns it into a exportable signature.
This command uses reasonable defaults and thus does not provide the This command uses reasonable defaults and thus does not provide the
full flexibility of the "sign" subcommand from @option{--edit-key}. full flexibility of the "sign" subcommand from @option{--edit-key}.
Its intended use to help unattended signing using a list of verified Its intended use is to help unattended key signing by utilizing a list
fingerprints. of verified fingerprints.
@end ifset @end ifset
@ifclear gpgone @ifclear gpgone
@ -1063,6 +1116,13 @@ give the opposite meaning. The options are:
see @option{--attribute-fd} for the appropriate way to get photo data see @option{--attribute-fd} for the appropriate way to get photo data
for scripts and other frontends. for scripts and other frontends.
@item show-usage
@opindex list-options:show-usage
Show usage information for keys and subkeys in the standard key
listing. This is a list of letters indicating the allowed usage for a
key (@code{E}=encryption, @code{S}=signing, @code{C}=certification,
@code{A}=authentication). Defaults to no.
@item show-policy-urls @item show-policy-urls
@opindex list-options:show-policy-urls @opindex list-options:show-policy-urls
Show policy URLs in the @option{--list-sigs} or @option{--check-sigs} Show policy URLs in the @option{--list-sigs} or @option{--check-sigs}
@ -1226,7 +1286,13 @@ use the specified keyring alone, use @option{--keyring} along with
@item --secret-keyring @code{file} @item --secret-keyring @code{file}
@opindex secret-keyring @opindex secret-keyring
@ifset gpgtwoone
This is an obsolete option and ignored. All secret keys are stored in
the @file{private-keys-v1.d} directory below the GnuPG home directory.
@end ifset
@ifclear gpgtwoone
Same as @option{--keyring} but for the secret keyrings. Same as @option{--keyring} but for the secret keyrings.
@end ifclear
@item --primary-keyring @code{file} @item --primary-keyring @code{file}
@opindex primary-keyring @opindex primary-keyring
@ -1436,7 +1502,7 @@ Set what trust model GnuPG should follow. The models are:
@item classic @item classic
@opindex trust-mode:classic @opindex trust-mode:classic
This is the standard Web of Trust as used in PGP 2.x and earlier. This is the standard Web of Trust as introduced by PGP 2.
@item direct @item direct
@opindex trust-mode:direct @opindex trust-mode:direct
@ -2232,7 +2298,7 @@ to consider (e.g. @option{--symmetric}).
@item --s2k-cipher-algo @code{name} @item --s2k-cipher-algo @code{name}
@opindex s2k-cipher-algo @opindex s2k-cipher-algo
Use @code{name} as the cipher algorithm used to protect secret keys. Use @code{name} as the cipher algorithm used to protect secret keys.
The default cipher is CAST5. This cipher is also used for The default cipher is @value{DEFSYMENCALGO}. This cipher is also used for
conventional encryption if @option{--personal-cipher-preferences} and conventional encryption if @option{--personal-cipher-preferences} and
@option{--cipher-algo} is not given. @option{--cipher-algo} is not given.
@ -2302,9 +2368,11 @@ behavior. Note that this is currently the same thing as
Reset all packet, cipher and digest options to strict RFC-2440 Reset all packet, cipher and digest options to strict RFC-2440
behavior. behavior.
@ifclear gpgtowone
@item --rfc1991 @item --rfc1991
@opindex rfc1991 @opindex rfc1991
Try to be more RFC-1991 (PGP 2.x) compliant. Try to be more RFC-1991 (PGP 2.x) compliant. This option is
deprecated will be removed in GnuPG 2.1.
@item --pgp2 @item --pgp2
@opindex pgp2 @opindex pgp2
@ -2314,14 +2382,24 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x 2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
available, but the MIT release is a good common baseline. available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc This option implies
--no-force-v4-certs --escape-from-lines --force-v3-sigs @ifset gpgone
@option{--rfc1991 --disable-mdc --no-force-v4-certs
--escape-from-lines --force-v3-sigs
--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
@end ifset
@ifclear gpgone @ifclear gpgone
--allow-weak-digest-algos @option{--rfc1991 --disable-mdc --no-force-v4-certs
--escape-from-lines --force-v3-sigs --allow-weak-digest-algos
--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
@end ifclear
It also disables @option{--textmode} when encrypting.
This option is deprecated will be removed in GnuPG 2.1. The reason
for dropping PGP-2 support is that the PGP 2 format is not anymore
considered safe (for example due to the use of the broken MD5 algorithm).
Note that the decryption of PGP-2 created messages will continue to work.
@end ifclear @end ifclear
--cipher-algo IDEA --digest-algo
MD5--compress-algo ZIP}. It also disables @option{--textmode} when
encrypting.
@item --pgp6 @item --pgp6
@opindex pgp6 @opindex pgp6
@ -3086,6 +3164,16 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/secring.gpg.lock @item ~/.gnupg/secring.gpg.lock
The lock file for the secret keyring. The lock file for the secret keyring.
@item ~/.gnupg/openpgp-revocs.d/
This is the directory where gpg stores pre-generated revocation
certificates. The file name corresponds to the OpenPGP fingerprint of
the respective key. It is suggested to backup those certificates and
if the primary private key is not stored on the disk to move them to
an external storage device. Anyone who can access theses files is
able to revoke the corresponding key. You may want to print them out.
You should backup all files in this directory and take care to keep
this backup closed away.
@item /usr[/local]/share/gnupg/options.skel @item /usr[/local]/share/gnupg/options.skel
The skeleton options file. The skeleton options file.
@ -3435,7 +3523,7 @@ sense. Although OpenPGP works with time intervals, GnuPG uses an
absolute value internally and thus the last year we can represent is absolute value internally and thus the last year we can represent is
2105. 2105.
@item Ceation-Date: @var{iso-date} @item Creation-Date: @var{iso-date}
Set the creation date of the key as stored in the key information and Set the creation date of the key as stored in the key information and
which is also part of the fingerprint calculation. Either a date like which is also part of the fingerprint calculation. Either a date like
"1986-04-26" or a full timestamp like "19860426T042640" may be used. "1986-04-26" or a full timestamp like "19860426T042640" may be used.

View File

@ -87,6 +87,10 @@
detects the number of white spaces in front of an @item and remove detects the number of white spaces in front of an @item and remove
this number of spaces from all following lines until a new @item this number of spaces from all following lines until a new @item
is found or there are less spaces than for the last @item. is found or there are less spaces than for the last @item.
Note that @* does only work correctly if used at the end of an
input line.
*/ */
#include <stdio.h> #include <stdio.h>
@ -136,6 +140,9 @@ typedef struct macro_s *macro_t;
/* List of all defined macros. */ /* List of all defined macros. */
static macro_t macrolist; static macro_t macrolist;
/* List of variables set by @set. */
static macro_t variablelist;
/* List of global macro names. The value part is not used. */ /* List of global macro names. The value part is not used. */
static macro_t predefinedmacrolist; static macro_t predefinedmacrolist;
@ -375,8 +382,44 @@ set_macro (const char *macroname, char *macrovalue)
} }
/* Return true if the macro NAME is set, i.e. not the empty string and /* Create or update a variable with name and value given in NAMEANDVALUE. */
not evaluating to 0. */ static void
set_variable (char *nameandvalue)
{
macro_t m;
const char *value;
char *p;
for (p = nameandvalue; *p && *p != ' ' && *p != '\t'; p++)
;
if (!*p)
value = "";
else
{
*p++ = 0;
while (*p == ' ' || *p == '\t')
p++;
value = p;
}
for (m=variablelist; m; m = m->next)
if (!strcmp (m->name, nameandvalue))
break;
if (m)
free (m->value);
else
{
m = xcalloc (1, sizeof *m + strlen (nameandvalue));
strcpy (m->name, nameandvalue);
m->next = variablelist;
variablelist = m;
}
m->value = xstrdup (value);
}
/* Return true if the macro or variable NAME is set, i.e. not the
empty string and not evaluating to 0. */
static int static int
macro_set_p (const char *name) macro_set_p (const char *name)
{ {
@ -385,6 +428,10 @@ macro_set_p (const char *name)
for (m = macrolist; m ; m = m->next) for (m = macrolist; m ; m = m->next)
if (!strcmp (m->name, name)) if (!strcmp (m->name, name))
break; break;
if (!m)
for (m = variablelist; m ; m = m->next)
if (!strcmp (m->name, name))
break;
if (!m || !m->value || !*m->value) if (!m || !m->value || !*m->value)
return 0; return 0;
if ((*m->value & 0x80) || !isdigit (*m->value)) if ((*m->value & 0x80) || !isdigit (*m->value))
@ -664,8 +711,11 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
{ "table", 3 }, { "table", 3 },
{ "itemize", 3 }, { "itemize", 3 },
{ "bullet", 0, "* " }, { "bullet", 0, "* " },
{ "*", 0, "\n.br"},
{ "/", 0 },
{ "end", 4 }, { "end", 4 },
{ "quotation",1, ".RS\n\\fB" }, { "quotation",1, ".RS\n\\fB" },
{ "value", 8 },
{ NULL } { NULL }
}; };
size_t n; size_t n;
@ -741,11 +791,46 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
case 7: case 7:
ignore_args = 1; ignore_args = 1;
break; break;
case 8:
ignore_args = 1;
if (*rest != '{')
{
err ("opening brace for command '%s' missing", command);
return len;
}
else
{
/* Find closing brace. */
for (s=rest+1, n=1; *s && n < len; s++, n++)
if (*s == '}')
break;
if (*s != '}')
{
err ("closing brace for command '%s' not found", command);
return len;
}
else
{
size_t len = s - (rest + 1);
macro_t m;
for (m = variablelist; m; m = m->next)
if (strlen (m->name) == len
&&!strncmp (m->name, rest+1, len))
break;
if (m)
fputs (m->value, fp);
else
inf ("texinfo variable '%.*s' is not set",
(int)len, rest+1);
}
}
break;
default: default:
break; break;
} }
} }
else else /* macro */
{ {
macro_t m; macro_t m;
@ -1215,6 +1300,10 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
macrovalue = xmalloc ((macrovaluesize = 1024)); macrovalue = xmalloc ((macrovaluesize = 1024));
macrovalueused = 0; macrovalueused = 0;
} }
else if (n == 4 && !memcmp (line, "@set", 4))
{
set_variable (p);
}
else if (n == 8 && !memcmp (line, "@manpage", 8)) else if (n == 8 && !memcmp (line, "@manpage", 8))
{ {
free (*section_name); free (*section_name);
@ -1325,6 +1414,13 @@ top_parse_file (const char *fname, FILE *fp)
free (macrolist); free (macrolist);
macrolist = next; macrolist = next;
} }
while (variablelist)
{
macro_t next = variablelist->next;
free (variablelist->value);
free (variablelist);
variablelist = next;
}
for (m=predefinedmacrolist; m; m = m->next) for (m=predefinedmacrolist; m; m = m->next)
set_macro (m->name, xstrdup ("1")); set_macro (m->name, xstrdup ("1"));
cond_is_active = 1; cond_is_active = 1;