mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.
* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
3d78ae4d3d
commit
7e1fe791d1
20
doc/gpg.texi
20
doc/gpg.texi
@ -1726,14 +1726,18 @@ Set what trust model GnuPG should follow. The models are:
|
|||||||
exists.
|
exists.
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
@item --auto-key-locate @var{parameters}
|
@item --auto-key-locate @var{mechanisms}
|
||||||
@itemx --no-auto-key-locate
|
@itemx --no-auto-key-locate
|
||||||
@opindex auto-key-locate
|
@opindex auto-key-locate
|
||||||
GnuPG can automatically locate and retrieve keys as needed using this
|
GnuPG can automatically locate and retrieve keys as needed using this
|
||||||
option. This happens when encrypting to an email address (in the
|
option. This happens when encrypting to an email address (in the
|
||||||
"user@@example.com" form), and there are no user@@example.com keys on
|
"user@@example.com" form), and there are no "user@@example.com" keys
|
||||||
the local keyring. This option takes any number of the following
|
on the local keyring. This option takes any number of the mechanisms
|
||||||
mechanisms, in the order they are to be tried:
|
listed below, in the order they are to be tried. Instead of listing
|
||||||
|
the mechanisms as comma delimited arguments, the option may also be
|
||||||
|
given several times to add more mechanism. The option
|
||||||
|
@option{--no-auto-key-locate} or the mechanism "clear" resets the
|
||||||
|
list. The default is "local,wkd".
|
||||||
|
|
||||||
@table @asis
|
@table @asis
|
||||||
|
|
||||||
@ -1749,7 +1753,6 @@ mechanisms, in the order they are to be tried:
|
|||||||
|
|
||||||
@item wkd
|
@item wkd
|
||||||
Locate a key using the Web Key Directory protocol.
|
Locate a key using the Web Key Directory protocol.
|
||||||
This is an experimental method and semantics may change.
|
|
||||||
|
|
||||||
@item ldap
|
@item ldap
|
||||||
Using DNS Service Discovery, check the domain in question for any LDAP
|
Using DNS Service Discovery, check the domain in question for any LDAP
|
||||||
@ -1782,13 +1785,14 @@ mechanisms, in the order they are to be tried:
|
|||||||
|
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
|
|
||||||
@item --auto-key-retrieve
|
@item --auto-key-retrieve
|
||||||
@itemx --no-auto-key-retrieve
|
@itemx --no-auto-key-retrieve
|
||||||
@opindex auto-key-retrieve
|
@opindex auto-key-retrieve
|
||||||
@opindex no-auto-key-retrieve
|
@opindex no-auto-key-retrieve
|
||||||
This option enables the automatic retrieving of keys from a keyserver
|
These options enable or disable the automatic retrieving of keys from
|
||||||
when verifying signatures made by keys that are not on the local
|
a keyserver when verifying signatures made by keys that are not on the
|
||||||
keyring.
|
local keyring. The default is @option{--auto-key-retrieve}.
|
||||||
|
|
||||||
If the method "wkd" is included in the list of methods given to
|
If the method "wkd" is included in the list of methods given to
|
||||||
@option{auto-key-locate}, the signer's user ID is part of the
|
@option{auto-key-locate}, the signer's user ID is part of the
|
||||||
|
@ -4229,9 +4229,10 @@ release_akl (void)
|
|||||||
|
|
||||||
/* Returns false on error. */
|
/* Returns false on error. */
|
||||||
int
|
int
|
||||||
parse_auto_key_locate (char *options)
|
parse_auto_key_locate (const char *options_arg)
|
||||||
{
|
{
|
||||||
char *tok;
|
char *tok;
|
||||||
|
char *options = xstrdup (options_arg);
|
||||||
|
|
||||||
while ((tok = optsep (&options)))
|
while ((tok = optsep (&options)))
|
||||||
{
|
{
|
||||||
@ -4271,6 +4272,7 @@ parse_auto_key_locate (char *options)
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
free_akl (akl);
|
free_akl (akl);
|
||||||
|
xfree (options);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4299,6 +4301,7 @@ parse_auto_key_locate (char *options)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
xfree (options);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
16
g10/gpg.c
16
g10/gpg.c
@ -2292,6 +2292,7 @@ main (int argc, char **argv)
|
|||||||
int ovrseskeyfd = -1;
|
int ovrseskeyfd = -1;
|
||||||
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
|
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
|
||||||
int any_explicit_recipient = 0;
|
int any_explicit_recipient = 0;
|
||||||
|
int default_akl = 1;
|
||||||
int require_secmem = 0;
|
int require_secmem = 0;
|
||||||
int got_secmem = 0;
|
int got_secmem = 0;
|
||||||
struct assuan_malloc_hooks malloc_hooks;
|
struct assuan_malloc_hooks malloc_hooks;
|
||||||
@ -2362,7 +2363,8 @@ main (int argc, char **argv)
|
|||||||
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
|
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
|
||||||
| IMPORT_REPAIR_PKS_SUBKEY_BUG);
|
| IMPORT_REPAIR_PKS_SUBKEY_BUG);
|
||||||
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
|
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
|
||||||
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
|
opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
|
||||||
|
| KEYSERVER_AUTO_KEY_RETRIEVE);
|
||||||
opt.verify_options = (LIST_SHOW_UID_VALIDITY
|
opt.verify_options = (LIST_SHOW_UID_VALIDITY
|
||||||
| VERIFY_SHOW_POLICY_URLS
|
| VERIFY_SHOW_POLICY_URLS
|
||||||
| VERIFY_SHOW_STD_NOTATIONS
|
| VERIFY_SHOW_STD_NOTATIONS
|
||||||
@ -2385,7 +2387,6 @@ main (int argc, char **argv)
|
|||||||
opt.passphrase_repeat = 1;
|
opt.passphrase_repeat = 1;
|
||||||
opt.emit_version = 0;
|
opt.emit_version = 0;
|
||||||
opt.weak_digests = NULL;
|
opt.weak_digests = NULL;
|
||||||
additional_weak_digest("MD5");
|
|
||||||
|
|
||||||
/* Check whether we have a config file on the command line. */
|
/* Check whether we have a config file on the command line. */
|
||||||
orig_argc = argc;
|
orig_argc = argc;
|
||||||
@ -2461,6 +2462,10 @@ main (int argc, char **argv)
|
|||||||
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
|
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
|
||||||
setup_libassuan_logging (&opt.debug, NULL);
|
setup_libassuan_logging (&opt.debug, NULL);
|
||||||
|
|
||||||
|
/* Set default options which require that malloc stuff is ready. */
|
||||||
|
additional_weak_digest ("MD5");
|
||||||
|
parse_auto_key_locate ("local,wkd");
|
||||||
|
|
||||||
/* Try for a version specific config file first */
|
/* Try for a version specific config file first */
|
||||||
default_configname = get_default_configname ();
|
default_configname = get_default_configname ();
|
||||||
if (default_config)
|
if (default_config)
|
||||||
@ -3457,6 +3462,13 @@ main (int argc, char **argv)
|
|||||||
case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
|
case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
|
||||||
|
|
||||||
case oAutoKeyLocate:
|
case oAutoKeyLocate:
|
||||||
|
if (default_akl)
|
||||||
|
{
|
||||||
|
/* This is the first time --aito-key-locate is seen.
|
||||||
|
* We need to reset the default akl. */
|
||||||
|
default_akl = 0;
|
||||||
|
release_akl();
|
||||||
|
}
|
||||||
if(!parse_auto_key_locate(pargs.r.ret_str))
|
if(!parse_auto_key_locate(pargs.r.ret_str))
|
||||||
{
|
{
|
||||||
if(configname)
|
if(configname)
|
||||||
|
@ -396,7 +396,7 @@ char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
|
|||||||
char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
|
char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
|
||||||
|
|
||||||
void release_akl(void);
|
void release_akl(void);
|
||||||
int parse_auto_key_locate(char *options);
|
int parse_auto_key_locate(const char *options);
|
||||||
int parse_key_origin (char *string);
|
int parse_key_origin (char *string);
|
||||||
const char *key_origin_string (int origin);
|
const char *key_origin_string (int origin);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user