mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
* configure.ac [W32]: Always set DISABLE_KEYSERVER_PATH.
* export.c (parse_export_options): New option export-reset-subkey-passwd. (do_export_stream): Implement it. * misc.c (get_libexecdir): New. * keyserver.c (keyserver_spawn): Use it
This commit is contained in:
parent
eae1f4b755
commit
730247b19e
@ -1,3 +1,7 @@
|
|||||||
|
2005-07-19 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* configure.ac [W32]: Always set DISABLE_KEYSERVER_PATH.
|
||||||
|
|
||||||
2005-06-21 Werner Koch <wk@g10code.com>
|
2005-06-21 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
Released 1.4.2rc2.
|
Released 1.4.2rc2.
|
||||||
|
2
NEWS
2
NEWS
@ -36,6 +36,8 @@ Noteworthy changes in version 1.4.2
|
|||||||
replace the import-unusable-sigs/export-unusable-sigs options
|
replace the import-unusable-sigs/export-unusable-sigs options
|
||||||
from version 1.4.1.
|
from version 1.4.1.
|
||||||
|
|
||||||
|
* New export option export-reset-subkey-passwd.
|
||||||
|
|
||||||
|
|
||||||
Noteworthy changes in version 1.4.1 (2005-03-15)
|
Noteworthy changes in version 1.4.1 (2005-03-15)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
2
TODO
2
TODO
@ -74,3 +74,5 @@
|
|||||||
* Add the NEWSIG status.
|
* Add the NEWSIG status.
|
||||||
|
|
||||||
* Delete a card key as well as a wiping.
|
* Delete a card key as well as a wiping.
|
||||||
|
|
||||||
|
* Make 2 strings translatable in export.c after releasing 1.4.2.
|
@ -153,6 +153,7 @@ use_bzip2=yes
|
|||||||
use_exec=yes
|
use_exec=yes
|
||||||
card_support=yes
|
card_support=yes
|
||||||
agent_support=yes
|
agent_support=yes
|
||||||
|
disable_keyserver_path=no
|
||||||
|
|
||||||
AC_ARG_ENABLE(minimal,
|
AC_ARG_ENABLE(minimal,
|
||||||
AC_HELP_STRING([--enable-minimal],[build the smallest gpg binary possible]),
|
AC_HELP_STRING([--enable-minimal],[build the smallest gpg binary possible]),
|
||||||
@ -371,7 +372,7 @@ dnl LDAP is defined only after we confirm the library is available later
|
|||||||
AC_HELP_STRING([--disable-keyserver-path],
|
AC_HELP_STRING([--disable-keyserver-path],
|
||||||
[disable the exec-path option for keyserver helpers]),
|
[disable the exec-path option for keyserver helpers]),
|
||||||
[if test "$enableval" = no ; then
|
[if test "$enableval" = no ; then
|
||||||
AC_DEFINE(DISABLE_KEYSERVER_PATH,1,[define to disable exec-path for keyserver helpers])
|
disable_keyserver_path=yes
|
||||||
fi],enableval=yes)
|
fi],enableval=yes)
|
||||||
AC_MSG_RESULT($enableval)
|
AC_MSG_RESULT($enableval)
|
||||||
fi
|
fi
|
||||||
@ -483,6 +484,7 @@ case "${host}" in
|
|||||||
we use a simplified version of gettext])
|
we use a simplified version of gettext])
|
||||||
AC_DEFINE(HAVE_W32_SYSTEM,1,
|
AC_DEFINE(HAVE_W32_SYSTEM,1,
|
||||||
[Defined if we run on a W32 API based system])
|
[Defined if we run on a W32 API based system])
|
||||||
|
disable_keyserver_path=yes
|
||||||
have_dosish_system=yes
|
have_dosish_system=yes
|
||||||
need_dlopen=no
|
need_dlopen=no
|
||||||
try_gettext="no"
|
try_gettext="no"
|
||||||
@ -547,6 +549,11 @@ if test "$have_dosish_system" = yes; then
|
|||||||
fi
|
fi
|
||||||
AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
|
AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
|
||||||
|
|
||||||
|
if test "$disable_keyserver_path" = yes; then
|
||||||
|
AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
|
||||||
|
[define to disable exec-path for keyserver helpers])
|
||||||
|
fi
|
||||||
|
|
||||||
AC_SUBST(MPI_OPT_FLAGS)
|
AC_SUBST(MPI_OPT_FLAGS)
|
||||||
GNUPG_SYS_SYMBOL_UNDERSCORE
|
GNUPG_SYS_SYMBOL_UNDERSCORE
|
||||||
|
|
||||||
|
@ -19,6 +19,9 @@ Directory". The installer does not change the PATH environment
|
|||||||
variable to include this directory. You might want to do this
|
variable to include this directory. You might want to do this
|
||||||
manually.
|
manually.
|
||||||
|
|
||||||
|
Note, that this registry entry is also used to locate the keyserver
|
||||||
|
helper programs (e.g. gpgkeys_ldap).
|
||||||
|
|
||||||
Below the Installation directory, you will find directories named
|
Below the Installation directory, you will find directories named
|
||||||
"Doc", "gnupg.nls" and "Src". The latter will be used for distributed
|
"Doc", "gnupg.nls" and "Src". The latter will be used for distributed
|
||||||
patched, if any, and to store the source file if they have been
|
patched, if any, and to store the source file if they have been
|
||||||
|
11
doc/gpg.sgml
11
doc/gpg.sgml
@ -1478,6 +1478,15 @@ exported if the user IDs are not usable. This is the same as running
|
|||||||
the --edit-key command "clean uids" before export. Defaults to no.
|
the --edit-key command "clean uids" before export. Defaults to no.
|
||||||
</para></listitem></varlistentry>
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>export-reset-subkey-passwd</term>
|
||||||
|
<listitem><para>
|
||||||
|
When using the "--export-secret-subkeys" command, this option resets
|
||||||
|
the passphrases for all exported subkeys to empty. This is useful
|
||||||
|
when the exported subkey is to be used on an unattended amchine where
|
||||||
|
a passphrase won't make sense. Defaults to no.
|
||||||
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</para></listitem></varlistentry>
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
@ -1657,6 +1666,8 @@ Sets a list of directories to search for photo viewers and keyserver
|
|||||||
helpers. If not provided, keyserver helpers use the compiled-in
|
helpers. If not provided, keyserver helpers use the compiled-in
|
||||||
default directory, and photo viewers use the $PATH environment
|
default directory, and photo viewers use the $PATH environment
|
||||||
variable.
|
variable.
|
||||||
|
Note, that on W32 system this value is ignored when searching for
|
||||||
|
keyserver helpers.
|
||||||
</para></listitem></varlistentry>
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
@ -1,3 +1,12 @@
|
|||||||
|
2005-07-19 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* export.c (parse_export_options): New option
|
||||||
|
export-reset-subkey-passwd.
|
||||||
|
(do_export_stream): Implement it.
|
||||||
|
|
||||||
|
* misc.c (get_libexecdir): New.
|
||||||
|
* keyserver.c (keyserver_spawn): Use it
|
||||||
|
|
||||||
2005-07-18 Werner Koch <wk@g10code.com>
|
2005-07-18 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* tdbio.c (open_db): Check for EROFS. Suggested by Bryce Nichols.
|
* tdbio.c (open_db): Check for EROFS. Suggested by Bryce Nichols.
|
||||||
|
52
g10/export.c
52
g10/export.c
@ -54,6 +54,9 @@ parse_export_options(char *str,unsigned int *options,int noisy)
|
|||||||
{"export-clean",EXPORT_CLEAN_SIGS|EXPORT_CLEAN_UIDS,NULL},
|
{"export-clean",EXPORT_CLEAN_SIGS|EXPORT_CLEAN_UIDS,NULL},
|
||||||
{"export-clean-sigs",EXPORT_CLEAN_SIGS,NULL},
|
{"export-clean-sigs",EXPORT_CLEAN_SIGS,NULL},
|
||||||
{"export-clean-uids",EXPORT_CLEAN_UIDS,NULL},
|
{"export-clean-uids",EXPORT_CLEAN_UIDS,NULL},
|
||||||
|
|
||||||
|
{"export-reset-subkey-passwd", EXPORT_RESET_SUBKEY_PASSWD, NULL},
|
||||||
|
|
||||||
/* Aliases for backward compatibility */
|
/* Aliases for backward compatibility */
|
||||||
{"include-local-sigs",EXPORT_LOCAL_SIGS,NULL},
|
{"include-local-sigs",EXPORT_LOCAL_SIGS,NULL},
|
||||||
{"include-attributes",EXPORT_ATTRIBUTES,NULL},
|
{"include-attributes",EXPORT_ATTRIBUTES,NULL},
|
||||||
@ -382,7 +385,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
|
|||||||
|
|
||||||
if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY )
|
if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY )
|
||||||
{
|
{
|
||||||
/* we don't want to export the secret parts of the
|
/* We don't want to export the secret parts of the
|
||||||
* primary key, this is done by using GNU protection mode 1001
|
* primary key, this is done by using GNU protection mode 1001
|
||||||
*/
|
*/
|
||||||
int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode;
|
int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode;
|
||||||
@ -390,6 +393,53 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
|
|||||||
rc = build_packet( out, node->pkt );
|
rc = build_packet( out, node->pkt );
|
||||||
node->pkt->pkt.secret_key->protect.s2k.mode = save_mode;
|
node->pkt->pkt.secret_key->protect.s2k.mode = save_mode;
|
||||||
}
|
}
|
||||||
|
else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY
|
||||||
|
&& (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD))
|
||||||
|
{
|
||||||
|
/* If the subkey is protected reset the passphrase to
|
||||||
|
export an unprotected subkey. This feature is
|
||||||
|
useful in cases of a subkey copied to an unattended
|
||||||
|
machine where a passphrase is not required. */
|
||||||
|
PKT_secret_key *sk_save, *sk;
|
||||||
|
|
||||||
|
sk_save = node->pkt->pkt.secret_key;
|
||||||
|
sk = copy_secret_key (NULL, sk_save);
|
||||||
|
node->pkt->pkt.secret_key = sk;
|
||||||
|
|
||||||
|
log_info ("about to export an unprotected subkey\n");
|
||||||
|
switch (is_secret_key_protected (sk))
|
||||||
|
{
|
||||||
|
case -1:
|
||||||
|
rc = G10ERR_PUBKEY_ALGO;
|
||||||
|
break;
|
||||||
|
case 0:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
if (sk->protect.s2k.mode == 1001)
|
||||||
|
; /* No secret parts. */
|
||||||
|
else if( sk->protect.s2k.mode == 1002 )
|
||||||
|
; /* Card key stub. */
|
||||||
|
else
|
||||||
|
{
|
||||||
|
rc = check_secret_key( sk, 0 );
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (rc)
|
||||||
|
{
|
||||||
|
node->pkt->pkt.secret_key = sk_save;
|
||||||
|
free_secret_key (sk);
|
||||||
|
/* FIXME: Make translatable after releasing 1.4.2 */
|
||||||
|
log_error ("failed to unprotect the subkey: %s\n",
|
||||||
|
g10_errstr (rc));
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = build_packet (out, node->pkt);
|
||||||
|
|
||||||
|
node->pkt->pkt.secret_key = sk_save;
|
||||||
|
free_secret_key (sk);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Warn the user if the secret key or any of the secret
|
/* Warn the user if the secret key or any of the secret
|
||||||
|
@ -865,6 +865,7 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
|
|||||||
struct parse_options *kopts;
|
struct parse_options *kopts;
|
||||||
struct exec_info *spawn;
|
struct exec_info *spawn;
|
||||||
const char *scheme;
|
const char *scheme;
|
||||||
|
const char *libexecdir = get_libexecdir ();
|
||||||
|
|
||||||
assert(keyserver);
|
assert(keyserver);
|
||||||
|
|
||||||
@ -886,7 +887,7 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
|
|||||||
Unix-like systems (since we're going to give a full path to
|
Unix-like systems (since we're going to give a full path to
|
||||||
gpgkeys_foo), but on W32 it prevents loading any DLLs from
|
gpgkeys_foo), but on W32 it prevents loading any DLLs from
|
||||||
directories in %PATH%. */
|
directories in %PATH%. */
|
||||||
set_exec_path(GNUPG_LIBEXECDIR);
|
set_exec_path(libexecdir);
|
||||||
#else
|
#else
|
||||||
if(opt.exec_path_set)
|
if(opt.exec_path_set)
|
||||||
{
|
{
|
||||||
@ -900,9 +901,9 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
|
|||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
/* Specify a full path to gpgkeys_foo. */
|
/* Specify a full path to gpgkeys_foo. */
|
||||||
command=m_alloc(strlen(GNUPG_LIBEXECDIR)+strlen(DIRSEP_S)+
|
command=m_alloc(strlen(libexecdir)+strlen(DIRSEP_S)+
|
||||||
strlen(GPGKEYS_PREFIX)+strlen(scheme)+1);
|
strlen(GPGKEYS_PREFIX)+strlen(scheme)+1);
|
||||||
strcpy(command,GNUPG_LIBEXECDIR);
|
strcpy(command,libexecdir);
|
||||||
strcat(command,DIRSEP_S);
|
strcat(command,DIRSEP_S);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1324,8 +1325,9 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
|
|||||||
}
|
}
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
m_free(line);
|
xfree(line);
|
||||||
m_free(searchstr);
|
xfree(searchstr);
|
||||||
|
|
||||||
|
|
||||||
*prog=exec_finish(spawn);
|
*prog=exec_finish(spawn);
|
||||||
|
|
||||||
|
@ -126,6 +126,7 @@ int parse_options(char *str,unsigned int *options,
|
|||||||
struct parse_options *opts,int noisy);
|
struct parse_options *opts,int noisy);
|
||||||
char *unescape_percent_string (const unsigned char *s);
|
char *unescape_percent_string (const unsigned char *s);
|
||||||
char *default_homedir (void);
|
char *default_homedir (void);
|
||||||
|
const char *get_libexecdir (void);
|
||||||
|
|
||||||
|
|
||||||
/*-- helptext.c --*/
|
/*-- helptext.c --*/
|
||||||
|
33
g10/misc.c
33
g10/misc.c
@ -1146,3 +1146,36 @@ default_homedir (void)
|
|||||||
|
|
||||||
return dir;
|
return dir;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Return the name of the libexec directory. The name is allocated in
|
||||||
|
a static area on the first use. This function won't fail. */
|
||||||
|
const char *
|
||||||
|
get_libexecdir (void)
|
||||||
|
{
|
||||||
|
#ifdef HAVE_W32_SYSTEM
|
||||||
|
static int got_dir;
|
||||||
|
static char *dir;
|
||||||
|
|
||||||
|
if (!got_dir)
|
||||||
|
{
|
||||||
|
dir = read_w32_registry_string ("HKEY_LOCAL_MACHINE",
|
||||||
|
"Software\\GNU\\GnuPG",
|
||||||
|
"Install Directory");
|
||||||
|
if (dir && !*dir)
|
||||||
|
{
|
||||||
|
/* To avoid problems with using an empty dir we don't allow
|
||||||
|
for that. */
|
||||||
|
free (dir);
|
||||||
|
dir = NULL;
|
||||||
|
}
|
||||||
|
got_dir = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (dir)
|
||||||
|
return dir;
|
||||||
|
/* Fallback to the hardwired value. */
|
||||||
|
#endif /*HAVE_W32_SYSTEM*/
|
||||||
|
|
||||||
|
return GNUPG_LIBEXECDIR;
|
||||||
|
}
|
||||||
|
@ -261,6 +261,7 @@ struct {
|
|||||||
#define EXPORT_MINIMAL (1<<3)
|
#define EXPORT_MINIMAL (1<<3)
|
||||||
#define EXPORT_CLEAN_SIGS (1<<4)
|
#define EXPORT_CLEAN_SIGS (1<<4)
|
||||||
#define EXPORT_CLEAN_UIDS (1<<5)
|
#define EXPORT_CLEAN_UIDS (1<<5)
|
||||||
|
#define EXPORT_RESET_SUBKEY_PASSWD (1<<6)
|
||||||
|
|
||||||
#define LIST_SHOW_PHOTOS (1<<0)
|
#define LIST_SHOW_PHOTOS (1<<0)
|
||||||
#define LIST_SHOW_POLICY_URLS (1<<1)
|
#define LIST_SHOW_POLICY_URLS (1<<1)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user