diff --git a/ChangeLog b/ChangeLog index 4acd1213e..a48eedcf0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2011-03-08 Werner Koch + + * configure.ac: Require libgcrypt 1.5.0. + (HAVE_GCRY_PK_ECDH, HAVE_GCRY_PK_GET_CURVE): Remove. + (utmp.h): Check for header. + 2011-02-25 Werner Koch * configure.ac: Require libksba 1.2. diff --git a/README b/README index 7d61211ca..03da25ef5 100644 --- a/README +++ b/README @@ -30,7 +30,7 @@ OpenPGP-only version. BUILD INSTRUCTIONS ================== -GnuPG 2.0 depends on the following packages: +GnuPG 2.1 depends on the following packages: libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/) libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) @@ -76,8 +76,8 @@ You may run to view the default directories used by GnuPG. -MIGRATION FROM 1.4 or 2.0 -========================= +MIGRATION FROM 1.4 or 2.0 to 2.1 +================================ The major change in 2.1 is that gpg-agent now takes care of the OpenPGP secret keys (those managed by GPG). The former secring.gpg @@ -100,9 +100,10 @@ will start the gpg-agent as needed. In general there is no more need to set the GPG_AGENT_INFO environment variable. The SSH_AUTH_SOCK environment variable should be set to a fixed value. -GPG's smartcard commands --card-edit and --card-status as well as the -card related sub-commands of --edit-key are not yet supported. -However, signing and decryption with a smartcard does work. +GPG's smartcard commands --card-edit and --card-status as well as some +of the card related sub-commands of --edit-key are not yet fully +supported. However, signing and decryption with a smartcard does +work. The Dirmngr is now part of GnuPG proper. Thus there is no more need to install the separate dirmngr package. The directroy layout of diff --git a/agent/ChangeLog b/agent/ChangeLog index f4be533f7..b636c50e3 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,7 @@ +2011-03-08 Werner Koch + + * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: Remove. + 2011-03-03 Ben Kibbey * command.c (cmd_preset_passphrase): Add option --inquire. diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 690459330..1595a324b 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -28,13 +28,6 @@ #include "i18n.h" #include "cvt-openpgp.h" -/* Macros for compatibility with older libgcrypt versions. */ -#ifndef HAVE_GCRY_PK_ECDSA -# define GCRY_PK_ECDH 302 -#endif - - - /* Helper to pass data via the callback to do_unprotect. */ struct try_do_unprotect_arg_s diff --git a/configure.ac b/configure.ac index e372d33ad..f265dc393 100644 --- a/configure.ac +++ b/configure.ac @@ -43,7 +43,7 @@ development_version=no NEED_GPG_ERROR_VERSION=1.8 NEED_LIBGCRYPT_API=1 -NEED_LIBGCRYPT_VERSION=1.4.6 +NEED_LIBGCRYPT_VERSION=1.5.0 NEED_LIBASSUAN_API=2 NEED_LIBASSUAN_VERSION=2.0.0 @@ -742,40 +742,6 @@ AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION", AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION", have_libgcrypt=yes,have_libgcrypt=no) -# fixme: We can remove the next two checks if we require libgcrypt 1.5. -AC_CACHE_CHECK([whether Libgcrypt support ECDH], gnupg_cv_gcry_pk_ecdh, - [ _gnupg_gcry_save_cflags=$CFLAGS - CFLAGS="$CFLAGS $LIBGCRYPT_CFLAGS" - AC_TRY_COMPILE( - [#include ], - [ return GCRY_PK_ECDH; ], - gnupg_cv_gcry_pk_ecdh=yes, - gnupg_cv_gcry_pk_ecdh=no) - CFLAGS=$_gnupg_gcry_save_cflags]) -if test "$gnupg_cv_gcry_pk_ecdh" = yes; then - AC_DEFINE([HAVE_GCRY_PK_ECDH], 1, - [Define if gcrypt.h has the enum value for ECDH.]) -fi - -AC_CACHE_CHECK([whether Libgcrypt has gcry_pk_get_curve], - gnupg_cv_gcry_pk_get_curve, - [ _gnupg_gcry_save_cflags=$CFLAGS - _gnupg_gcry_save_libs=$LIBS - CFLAGS="$CFLAGS $LIBGCRYPT_CFLAGS" - LIBS="$LIBS $LIBGCRYPT_LIBS" - AC_TRY_LINK( - [#include ], - [ return gcry_pk_get_curve (NULL, 0, NULL); ], - gnupg_cv_gcry_pk_get_curve=yes, - gnupg_cv_gcry_pk_get_curve=no) - LIBS=$_gnupg_gcry_save_libs - CFLAGS=$_gnupg_gcry_save_cflags]) -if test "$gnupg_cv_gcry_pk_get_curve" = yes; then - AC_DEFINE([HAVE_GCRY_PK_GET_CURVE], 1, - [Define if gcrypt.h has gcry_pk_get_curve.]) -fi - - # # libassuan is used for IPC # @@ -1172,7 +1138,7 @@ fi AC_MSG_NOTICE([checking for header files]) AC_HEADER_STDC AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h \ - pty.h pwd.h inttypes.h signal.h]) + pty.h utmp.h pwd.h inttypes.h signal.h]) AC_HEADER_TIME @@ -1636,7 +1602,7 @@ if test "$have_libgcrypt" = "no"; then *** *** You need libgcrypt to build this program. ** This library is for example available at -*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/ +*** ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/ *** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.) ***]]) fi diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h index 43636eab4..933303dbf 100644 --- a/g10/call-dirmngr.h +++ b/g10/call-dirmngr.h @@ -25,6 +25,8 @@ gpg_error_t gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr, gpg_error_t (*cb)(void*, char *), void *cb_value); gpg_error_t gpg_dirmngr_ks_get (ctrl_t ctrl, char *pattern[], estream_t *r_fp); +gpg_error_t gpg_dirmngr_ks_fetch (ctrl_t ctrl, + const char *url, estream_t *r_fp); gpg_error_t gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock); diff --git a/g10/export.c b/g10/export.c index 47185e301..191f68b8b 100644 --- a/g10/export.c +++ b/g10/export.c @@ -581,11 +581,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) skey[0], skey[1], skey[2], skey[3], skey[4]); if (err) goto leave; -#ifdef HAVE_GCRY_PK_GET_CURVE curvename = gcry_pk_get_curve (s_pubkey, 0, NULL); -#else - curvename = "?"; -#endif gcry_sexp_release (s_pubkey); curveoidstr = gpg_curve_to_oid (curvename, NULL); if (!curveoidstr) @@ -649,17 +645,10 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) if (err) goto leave; - /* Check that the public key parameters match. Since Libgcrypt 1.5 - and the gcry_pk_get_curve function, gcry_mpi_cmp handles opaque - MPI correctly and thus we don't need to to do the extra - opaqueness checks. */ + /* Check that the public key parameters match. Note that since + Libgcrypt 1.5 gcry_mpi_cmp handles opaque MPI correctly. */ for (idx=0; idx < npkey; idx++) - if (0 -#ifndef HAVE_GCRY_PK_GET_CURVE - || gcry_mpi_get_flag (pk->pkey[idx], GCRYMPI_FLAG_OPAQUE) - || gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE) -#endif - || gcry_mpi_cmp (pk->pkey[idx], skey[idx])) + if (gcry_mpi_cmp (pk->pkey[idx], skey[idx])) { err = gpg_error (GPG_ERR_BAD_PUBKEY); goto leave; diff --git a/g10/import.c b/g10/import.c index 99398c762..39968ff6f 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1253,11 +1253,8 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock) err = gpg_error_from_syserror (); else { -#ifdef HAVE_GCRY_PK_GET_CURVE /* Also ensures availability of get_param. */ gcry_sexp_t cparam = gcry_pk_get_param (GCRY_PK_ECDSA, curve); -#else - gcry_sexp_t cparam = NULL; -#endif + xfree (curve); if (!cparam) err = gpg_error (GPG_ERR_UNKNOWN_CURVE); diff --git a/include/cipher.h b/include/cipher.h index db2196e74..191e197bc 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -22,12 +22,6 @@ #include -/* Macros for compatibility with older libgcrypt versions. */ -#ifndef HAVE_GCRY_PK_ECDH -# define GCRY_PK_ECDH 302 -#endif - - /* Constants for OpenPGP. */ #define CIPHER_ALGO_NONE /* 0 */ GCRY_CIPHER_NONE diff --git a/tools/ChangeLog b/tools/ChangeLog index ae591dbfd..38888022c 100644 --- a/tools/ChangeLog +++ b/tools/ChangeLog @@ -1,3 +1,7 @@ +2011-03-08 Werner Koch + + * symcryptrun.c [HAVE_UTMP_H]: Include utmp.h. + 2011-02-23 Werner Koch * gpgconf.c: Add command --kill. diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c index 1d882a1d5..c75f637e6 100644 --- a/tools/symcryptrun.c +++ b/tools/symcryptrun.c @@ -74,6 +74,9 @@ #ifdef HAVE_PTY_H #include #endif +#ifdef HAVE_UTMP_H +#include +#endif #include #ifdef HAVE_LOCALE_H #include