From 9214e1b282100980789bd6eb9c9940ed02689c2d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Sat, 19 Oct 2002 07:55:27 +0000 Subject: [PATCH] Merged Top directory of NewPG with GnuPG. --- AUTHORS | 117 ----- ChangeLog | 1136 +++++-------------------------------------- Makefile.am | 51 +- NEWS | 1318 +++----------------------------------------------- README | 898 ++++++++++++---------------------- THANKS | 231 +-------- TODO | 141 ++---- acinclude.m4 | 841 ++++++++++---------------------- autogen.sh | 162 ++++++- configure.ac | 1100 ++++++++++------------------------------- 10 files changed, 1235 insertions(+), 4760 deletions(-) diff --git a/AUTHORS b/AUTHORS index 4b367357a..e69de29bb 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,117 +0,0 @@ -Program: GnuPG -Maintainer: Werner Koch -Bug reports: -Security related bug reports: - - -Authors -======= - -Birger Langkjer Translations [da] - -Daniel Resare Translations [sv] - -David Shaw Assignment - (all in keyserver/, - a lot of changes in g10/ see the ChangeLog, - bug fixes here and there) - -Dokianakis Theofanis Translations [el] - -Edmund GRIMLEY EVANS Translations [eo] - -Gaël Quéri Translations [fr] - (fixed a lot of typos) - -Gregory Steuck Translations [ru] - -Ivo Timmermans Translations [nl] - -Jacobo Tarri'o Barreiro Translations [gl] - -Janusz Aleksander Urbanowicz Translations [po] - -Magda Procha'zkova' Translations [cs] - -Michael Roth Assignment - (wrote cipher/des.c., changes and bug fixes all over the place) - -Marco d'Itri Translations [it] - -Matthew Skala Disclaimer - (wrote cipher/twofish.c) - -Niklas Hernaeus Disclaimer - (weak key patches) - -Nilgun Belma Buguner Translations [tr] - -Nils Ellmenreich Assignment - (configure.in, cipher/rndlinux.c, FAQ) - -Paul Eggert - (configuration macros for LFS) - -Pedro Morais Translations [pt_PT] - -Rémi Guyomarch Assignment - (g10/compress.c, g10/encr-data.c, - g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c) - -Stefan Bellon Assignment - (All patches to support RISC OS) - -Timo Schulz Assignment - (util/w32reg.c, g10/passphrase.c, g10/hkp.c) - -Tedi Heriyanto Translations [id] - -Thiago Jung Bauermann Translations [pt_BR] -Rafael Caetano dos Santos Translations [pt_BR] - -Toomas Soome Translations [et] - -Urko Lusa Translations [es_ES] - -Walter Koch Translations [de] - -Werner Koch Assignment - (started the whole thing) - -Yosiaki IIDA Translations [ja] - - - -Other legal information -======================= - -This program uses the zlib compression library written by -Jean-loup Gailly and Mark Adler. - -Most of the stuff in mpi has been taken from the GMP library by -Torbjorn Granlund . - -The Rijndael implementation (cipher/rijndael.c) is based on the -public domain reference code provided for the AES selection process. -The Rijndael algorithm is due to Joan Daemen and Vincent Rijmen. - -The files cipher/rndunix.c and cipher/rndw32.c are based on rndunix.c -and rndwin32.c from cryptlib. -Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999. - -The files in debian/ are by James Troup who is the Debian maintainer -for GnuPG. - -The RPM specs file scripts/gnupg.spec has been contributed by -several people. - - Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - diff --git a/ChangeLog b/ChangeLog index 8e547477d..7595565e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,1083 +1,199 @@ -2002-10-18 Werner Koch +2002-10-19 Werner Koch - Released 1.3.0. + NewPG (Aegypten project) to GnuPG merge. + +2002-09-20 Werner Koch + + Released 0.9.2. + +2002-09-05 Neal H. Walfield + + * configure.ac: Check for makeinfo. + +2002-09-03 Neal H. Walfield + + * autogen.sh (have_version): New function. Generalize and + simplify logic for finding and determining the versions of GNU + programs. Use it. + +2002-08-23 Werner Koch + + Released 0.9.1. + + * acinclude.m4 (AM_PATH_LIBGCRYPT): Updated from Libgcrypt. + (AM_PATH_OPENSC): Strip non-digits from the micro version. + +2002-08-21 Werner Koch + + Released 0.9.0. + + * configure.ac: Changed the default homedir to .gnupg. + * README-alpha: Removed. + +2002-08-19 Werner Koch + + * acinclude.m4: Removed -lpcsclite from KSBA_LIBS; copy+paste bug. + +2002-08-13 Werner Koch + + * acinclude.m4 (AM_PATH_OPENSC, AM_PATH_KSBA): New. + * configure.ac: Use them. + +2002-08-10 Werner Koch + + Released 0.3.10. - * configure.ac: Changed version number comments. - (ALL_LINGUAS): Removed all except for de. During development it - might not be a good idea to keep all of them - they get outdated - too soon and diff files will be far too large. + * configure.ac (NEED_LIBKSBA_VERSION): Require 0.4.4. Add support + for gettext. -2002-10-17 David Shaw +2002-07-22 Werner Koch - * README: Multiple A record rotation works with MINGW32 now, and - clarify how it works with LDAP. - -2002-10-16 David Shaw - - * README: Some typo fixes from Florian Weimer, and bump version - number. - -2002-10-15 David Shaw - - * NEWS: Some 1.3 notes. - -2002-10-12 Werner Koch - - * configure.ac (NAME_OF_DEV_URANDOM): Use /dev/urandom for - NetBSD. Reported by Christian Biere. - -2002-10-07 David Shaw - - * configure.ac: OpenLDAP 2.0.27 changed the dependencies again. - Add a "LDAPLIBS" variable so users can try and suggest the right - dependencies for their platform. - -2002-10-02 David Shaw - - * configure.ac: Add an --enable-old-tiger, to revert back to the - old OID. - -2002-09-27 David Shaw - - * configure.ac: Remove --enable-tiger, as TIGER is now always - enabled. - -2002-09-25 David Shaw - - * configure.ac: Add NETLIBS to EGDLIBS when using EGD as EGD uses - sockets. - -2002-09-24 David Shaw - - * THANKS: Remove duplicate. - - * NEWS: Bring in cosmetic changes from stable branch. - - * configure.ac: Figure out whether the LDAP library supports - ldap_get_option, ld_errno, or neither. - -2002-09-19 David Shaw - - * configure.ac: Try linking LDAP as just -lldap as it seems very - recent OpenLDAPs (>=2.0.23) support that. - -2002-09-14 David Shaw - - * configure.ac: Try linking LDAP without -lresolv first, just in - case the platform has libresolv, but doesn't actually need it to - use LDAP. - -2002-09-12 David Shaw - - * NEWS: Note that the old IDEA plugin won't work with post-1.1.90 - gpg. - -2002-09-12 David Shaw - - * configure.ac: Remove --enable-external-hkp as this is always on - now. Add --disable-hkp to match the other - --disable-{keyservertype} options. - - * NEWS, configure.ac: Move to devel version 1.3. - -2002-09-11 Werner Koch - - Released 1.1.92. - - * configure.ac (random_modules): The default random module for - system lacking a /dev/random is now auto selected at runtime. - -2002-09-09 David Shaw - - * NEWS: typo. - - * configure.ac: Add a link test for LDAP without -lresolv for - HPUX. Remove "hstrerror" test as it is no longer needed. - -2002-09-02 Werner Koch - - * README: Removed the note about a development version so that we - later don't forget this. Minor other changes. - -2002-08-29 Werner Koch - - * configure.ac (random_modules): Reworked the code to select the - random module. Define USE_ALL_RANDOM_MODULES for value all. - -2002-08-27 David Shaw - - * configure.ac: Check type of mode_t. - - * NEWS: Clarify that --libexecdir is a configure option. - - * configure.ac: Check for hstrerror. - -2002-08-19 David Shaw - - * NEWS: Document new ways to enable MDC, and change in automatic - compression disabling. - - * configure.ac: No such thing as the "none" random gather any - longer. - -2002-08-08 David Shaw - - * configure.ac: Add an --enable-tiger. - - * NEWS: Clarify new permission checks. - -2002-08-07 David Shaw - - * configure.ac: If the static IDEA cipher is present, disable - dynamic loading. Also fix backwards grammar of keyserver - exec-path CHECKING message. - -2002-08-05 Werner Koch - - * configure.ac: Bumbed version number. - -2002-08-04 Werner Koch - - Released 1.1.91. - - * configure.ac (ALL_LINGUAS): Added Catalan. - -2002-08-02 Werner Koch - - * configure.ac: Removed all extension stuff but keep the tests for - dlopen. We don't need to figure out the flags required. All - stuff is now statically loaded. - -2002-07-30 David Shaw - - * README, configure.ac: --with-exec-path is now clarified into - --disable-keyserver-path - - * NEWS: changes since 1.1.90. - -2002-07-24 David Shaw - - * configure.ac: Include a GNUPG_LIBEXECDIR in g10defs.h, as well - as a SUBST for Makefiles. - -2002-07-22 Timo Schulz - - * configure.ac: Replace the 'c:/' variables with 'c:\' due - to the fact we already use '\' in the remaining code. - -2002-07-08 David Shaw - - * configure.ac: Add --with-mailprog to override the use of - sendmail with another MTA. We can use anything that follows the - "$MAILPROG -t" convention. - -2002-07-04 David Shaw - - * configure.ac: --enable-exec-path should be a 'with'. Fix 'no' - cases of --with-exec-path and --with-photo-viewer. - - * README: Document --disable-exec, --disable-photo-viewers, - --disable-keyserver-helpers, --enable-exec-path, and - --with-photo-viewer. - - * configure.ac: Add --with-photo-viewer to lock the viewer at - compile time and --disable-keyserver-helpers and - --disable-photo-viewers to allow disabling one without disabling - the other. - -2002-07-03 David Shaw - - * configure.ac: Allow setting USE_EXEC_PATH to lock the exec-path - to a fixed value. + * configure.ac: Check for ftello and provide a replacement. 2002-07-01 Werner Koch - * configure.ac: Set version number to 1.1.91. - - Released 1.1.90. + Released 0.3.9. - * INSTALL: Replaced by generic install file. - * README: Marked as development version and moved most stuff of - the old INSTALL file to here. - -2002-06-30 Werner Koch - - * configure.ac: Link W32 version against libwsock32. + * README: Short note on how to export in pkcs-12 format. 2002-06-29 Werner Koch - * configure.ac (development_version): New. - (HAVE_DEV_RANDOM_IOCTL): Removed test for it; it was never used. + * configure.ac: Define --with options to set the default location + of the agent, scdaemon, pinentry and dirmngr. - * BUGS, AUTHORS: Add a note on how to send security related bug - reports. +2002-06-27 Werner Koch -2002-06-20 David Shaw + * README: Short blurb on how to import a PKCS-12 file. - * NEWS: changes since 1.0.7. + * configure.ac (AH_BOTTOM): New to define some constants. - * configure.ac: Set new version number (1.1.90), and fix Solaris - compiler flags for shared objects. +2002-06-25 Werner Koch -2002-06-11 David Shaw - - * configure.ac: Move -lsocket and -lnsl checks before LDAP link - tests so they work properly on Solaris. Noted by David Champion. - Also, check for the Mozilla LDAP library if the OpenLDAP library - check fails. Put -lsocket and -lnsl in NETLIBS rather than LIBS - so not all programs are forced to link to them. + Released 0.3.8. -2002-06-05 David Shaw + * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.1.8. - * configure.ac: Add a switch for the experimental external HKP - keyserver interface. +2002-06-12 Werner Koch -2002-05-22 Werner Koch + * configure.ac (NEED_LIBKSBA_VERSION): We need 0.4.3 now. - * configure.ac: Check for strcasecmp and strncasecmp. Removed - stricmp and memicmp checks. +2002-06-04 Werner Koch -2002-05-08 David Shaw + Released 0.3.7. - * configure.ac: If LDAP comes up unusable, try #including - before giving up. Old versions of OpenLDAP require that. +2002-05-21 Werner Koch -2002-05-03 David Shaw + * configure.ac: We now require libgcrypt 1.1.7 and libksba 0.4.2. - * configure.ac: In g10defs.h, use \ for the directory separator - when HAVE_DOSISH_SYSTEM is on. +2002-05-14 Werner Koch - * configure.ac: Add --disable-exec flag to disable all remote - program execution. --disable-exec implies --disable-ldap and - --disable-mailto. Also look in /usr/lib for sendmail. If - sendmail is not found, do not default - just fail. + * doc/: New + * configure.ac, Makefile.am: Added doc/ -2002-04-30 David Shaw +2002-05-03 Werner Koch - * configure.ac: Try and link to a sample LDAP program to check if - the LDAP we're about to use is really sane. The most common - problem (using a very old OpenLDAP), could be fixed with an extra - #include, but this would not be very portable to other LDAP - libraries. - -2002-04-29 Werner Koch - - Released 1.0.7. - - * README: Fixed some minor things. + Released 0.3.6. 2002-04-25 Werner Koch - * configure.ac: Check for locale.h and setlocale + * configure.ac: Check for setlocale. -2002-04-24 David Shaw +2002-04-24 Marcus Brinkmann - * Update NEWS with recent changes. + * configure.ac: Check for locale.h. -2002-04-19 Werner Koch +2002-04-15 Werner Koch - Released 1.0.6e snapshot. + Released 0.3.5. + + * NEWS: Started to describe release notes. + + * configure.ac (NEED_LIBKSBA_VERSION, NEED_LIBGCRYPT_VERSION): Defined -2002-04-12 Werner Koch +2002-04-01 Werner Koch - * configure.ac: Add a warning note to the definition of the - EXTSEP macros. + Released 0.3.4. -2002-04-09 Werner Koch +2002-03-18 Werner Koch - * configure.ac (ALL_LINGUAS): Added Czech, Galician and Greek - translations. s/es_ES/es/. + Released 0.3.3. + +2002-03-08 Werner Koch + + * README: Add some explanation on how to specify a user ID. 2002-03-06 Werner Koch - * configure.ac (ALL_LINGUAS): s/pt_PT/pt/ + Released 0.3.2. -2002-03-04 David Shaw +2002-03-04 Werner Koch - * Add a AC_DEFINE(_GNU_SOURCE). Since this is always defined in - config.h, the various autoconf tests should be tested with it - enabled. This also works around a compiler warning caused by a - minor header bug in glibc 2.1 that causes fseeko to be defined - when building gpg, but not when tested for in configure. + Released 0.3.1. -2002-03-03 Werner Koch + * README: Explained some options and files. - Release 1.0.6d snapshot. +2002-02-14 Werner Koch -2002-01-04 David Shaw + * configure.ac: Fixed status messages related to presence of Pth. - * NEWS: about symmetric messages and fixed file sizes. +2002-02-13 Werner Koch -2001-12-22 Werner Koch + * acinclude.m4 (GNUPG_SYS_SO_PEERCRED): New. + * configure.ac: use it. - Released 1.0.6c snapshot. - - * configure.ac (AH_BOTTOM): Moved EXEC_TEMPFILE_ONLY to here. +2002-02-12 Werner Koch - * acconfig.h: Removed, it should no longer be used. + * configure.ac: Check for PTH. Provide replacement fucntions for + apsrintf and fopencookie. -2001-12-21 David Shaw + * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): New. - * Add an acconfig.h to define EXEC_TEMPFILE_ONLY on platforms that - can't do fork/exec. +2002-02-07 Werner Koch -2001-12-21 Werner Koch + Released 0.3.0. - * Makefile.am (dist-hook): We should also look in include for - distfiles. - (EXTRA_DIST): Remove VERSION because it is generated by dist-hook. + * configure.ac: Require libgcrypt 1.1.6. -2001-12-20 David Shaw +2002-02-01 Marcus Brinkmann - * configure.ac: replacement function for mkdtemp() + * configure.ac (KSBA_CONFIG): Remove superfluous x in front of + variable. -2001-12-19 David Shaw +2002-01-26 Werner Koch - * configure.ac: Check for stat() + * configure.ac: Add options to disable the build of some programs + and print a configure status at the end. + * acinclude.m4 (GNUPG_BUILD_PROGRAM): New. -2001-12-19 Werner Koch + * scd/ : New. Added to Makefile and configure. + * configure.ac: Check for libopensc + * Makefile.am: Build scd only when libopensc is available - * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Support Cygwin target - * configure.ac [CYGWIN32]: Don't build tiger. By Disastry. +2002-01-23 Werner Koch + + * configure.ac (mkdtemp): See whether we have to provide a + replacement. 2001-12-18 Werner Koch - * Makefile.am (SUBDIRS): Add keyserver. - (dist-hook): Only look in mpi and scripts for distfiles; this way - we don't include those of a stale "make dist" directory. + Released 0.0.0. -2001-10-23 Werner Koch +2001-12-17 Werner Koch - Released 1.0.6b snapshot. + * acinclude.m4: Add AM_PATH_LIBGCRYPT macro. + * configure.ac: and use it here. Figure out the location of libksba -2001-10-22 Werner Koch +2001-12-15 Werner Koch - * configure.ac: Fixed for automake 1.5 + * configure.ac (missing_dir): Bail out if asprintf and fopencookie + are not available. -2001-10-17 Werner Koch +2001-12-04 Werner Koch - * README: Removed note on local_ID. + * configure.ac (HAVE_JNLIB_LOGGING): always define it. -2001-09-28 Werner Koch - - * configure.ac: From now on add a string "-cvs" to the version to - indicate that this is a pre-release of the given version number. - -2001-09-26 Werner Koch - - * configure.ac [MINGW32]: Switched from wsock.dll to ws2_32.dll. - -2001-09-09 Werner Koch - - * configure.ac: autoconf changed the name of the maintainer mode - flag, so that not all warnings where enabled. Fixed that. - Reported by Dirk Meyer. - -2001-09-07 Werner Koch - - * configure.ac: Test for strsep(). - -2001-09-03 Werner Koch - - * configure.ac: Removed GDBM tests. - -2001-08-23 Werner Koch - - * configure.in (AC_FUNC_FSEEKO): Add. - (AC_CHECK_FUNCS): Remove fseeko. By Paul Eggert . - -2001-08-22 Werner Koch - - * configure.ac (gethrtime): Enhanced the test by running a test - program. - * INSTALL: Removed the note about Solaris problems because the - above test should catch this. - -2001-08-20 Werner Koch - - * acinclude.m4: Add check for plock if mlock is broken. - * configure.ac: Use regular tests for -lsocket and -lnsl, - more thorough test for gethrtime, allow specifying the path to - the zlib library if it is not in the default compiler/linker - search path, use ${datadir}. All these test enhancements are by - Albert Chin. - - * configure.ac: Set some compiler flags for dec-osf and hpux. By - Tim Mooney. - - * configure.ac: Create g10defs.h with EXTSEP_S et al. - -2001-08-03 Werner Koch - - * configure.ac (VERSION,PACKAGE): Fixed quoting. - -2001-07-26 Werner Koch - - * configure.ac: Finally got it running with the new autoconf. Had - to define PACKAGE and VERSION and to add -I.. to each Makefile.am. - -2001-07-09 Werner Koch - - Migrated to autoconf 2.50. - * acinclude.m4: Removed the temporary LFS macros and GNUPG_LINK_FILES. - * acconfig.h: Removed - * configure.in: Replaced by... - * configure.ac: and modified for use with autoconf 2.50, use a - literal string for the version number. Replaced GNUPG_LINK_FILES - with AC_CONFIG_LINKS and moved some informational messages to the end. - * VERSION: Removed. - * Makefile.am (DISTCLEANFILES): gettext is better now; no more - need to remove the libintl.h symlink. - (dist-hook): Create VERSION file. -2001-06-08 Werner Koch - - * configure.in (DYNLINK_MOD_CFLAGS): Use -shared with dec-osf. - Reported by Chris Adams. Merged some cases. - -2001-05-29 Werner Koch - - Released version 1.0.6. - -2001-05-28 Werner Koch - - * configure.in (BUILD_INCLUDED_LIBINTL): Set to no for W32. - -2001-04-29 Werner Koch - - Released version 1.0.5. - -2001-04-28 Werner Koch - - Updated all copyright notices. - -2001-04-27 Werner Koch - - * README: Removed a few outdated paragraphs. - -2001-04-17 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_DOCBOOK_TO_TEXI): New. - (GNUPG_CHECK_TYPEDEF): Define _GNU_SOURCE because we will use it - anyway. - - * configure.in: Use it here. - - * configure.in (ALL_LINGUAS): Add Estonian translation by Toomas Soome. - (use_m_debug): Removed --enable-m-debug because it does not work - anymore. - -2001-04-06 Werner Koch - - * configure.in (ALL_LINGUAS): Add Turkish translation. Thanks - to Nilgun Belma Buguner. - -2001-03-18 Werner Koch - - * configure.in: Hardwire the use of -lsocket for some - systems. Thanks to Reinhard Wobst. - -2001-03-13 Werner Koch - - * configure.in: Add copyright notice and -lwsock32. - -2001-03-12 Werner Koch - - * INSTALL: Add a note to VPATH builds. - -2001-03-08 Werner Koch - - * debian/: Applied update from James. - - Added copyright and license notices to some more files. - -2001-01-18 Werner Koch - - * configure.in: Removed tool definitions for MingW32 - -2000-11-17 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_FAQPROG): Do not prinnt the warning. - -2000-11-11 Paul Eggert - - Actually Paul's patches are dated 2000-20-17; I applied them today - and merged some ChangeLog entries (wk@gnupg.org). - - * configure.in (AC_SYS_LARGEFILE): Add. - (try_large_file): Remove. All uses removed. - (AC_CHECK_FUNCS): Remove fopen64 and fstat64. - - * acinclude.m4 (AC_SYS_LARGEFILE_TEST_INCLUDES, - AC_SYS_LARGEFILE_MACRO_VALUE, AC_SYS_LARGEFILE): New macros, - taken from GNU tar. - - * configure.in (AC_CHECK_FUNCS): Add fseeko. - -2000-10-17 Werner Koch - - * configure.in: Disabled fopen64 checks for Solaris and HPUX. - -2000-10-13 Werner Koch - - * configure.in: Append mpi/mpi-asm-defs.h to g10defs.h - -2000-10-09 Werner Koch - - * acinclude.m4: Changed wording of the faqprog.pl warning. - -Wed Oct 4 15:50:18 CEST 2000 Werner Koch - - * configure.in: Set DYNLINK_MOD_CFLAGS for Irix. It seems that Irix - needs the -shared flag. In 1.1 we are going to use libtool, so this - module stuff will get redesigned anyway. Suggested by Jeff Long. - -Thu Sep 14 14:20:38 CEST 2000 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_FAQPROG): New. - * configure.in: Test for this. - - * configure.in (DYNLINK_MOD_CFLAGS): Fix by David Champion. - -Wed Sep 6 17:55:47 CEST 2000 Werner Koch - - * configure.in: Check for fstat64 and fopen64 - -Wed Sep 6 14:59:09 CEST 2000 Werner Koch - - * configure.in (GNUPG_HOMEDIR): New. - -Fri Aug 25 16:05:38 CEST 2000 Werner Koch - - * configure.in: Changes to allow for Solaris random device. - By Nils Ellmenreich. - (--with-egd-socket): New. - -Wed Aug 23 19:52:51 CEST 2000 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_MLOCK): Removed that silly mkdir(). - -Wed Jul 19 11:26:43 CEST 2000 Werner Koch - - * configure.in (mingw32): Changes to allow for mingw32msvc - -Fri Jul 14 10:17:30 CEST 2000 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_MLOCK): Fixed syntax error in C code. - -Wed Jul 12 13:32:06 CEST 2000 Werner Koch - - Version 1.0.2 - -Fri Jun 9 10:09:52 CEST 2000 Werner Koch - - * configure.in: Add check for termio.h, wait unctiosn and sigaction. - -Wed Jun 7 19:19:09 CEST 2000 Werner Koch - - * acinclude.m4 (MKDIR_TAKES_ONE_ARG): Check some headers. By Gaël Quéri. - * configure.in (AM_INIT_AUTOMAKE): Use this now. By Gaël. - -Mon Jun 5 12:37:43 CEST 2000 Werner Koch - - * acnclude.m4 (GNUPG_CHECK_EXPORTDYNAMIC): Replacement for - GNUPG_CHECK_RDYNAMIC which should handle gcc with non GNU ld nicer. - Contributed by Dave Dykstra. - * configure.in (GNYPG_CHECK_RDYNAMIC): Replaced by the new check. - - * configure.in (AC_CHECK_AWK): Moved before the first use of AWK. Suggested - by Dave Dykstra. - -Tue May 30 16:37:55 CEST 2000 Werner Koch - - Version 1.0.1-ePit-1 - -Sun May 28 13:55:17 CEST 2000 Werner Koch - - * acinclude.m4 (GNUPG_SYS_NM_PARSE): Added BSDI support. - (GNUPG_CHECK_RDYNAMIC): Ditto. - -Wed Apr 19 10:57:26 CEST 2000 Werner Koch - - * acconfig.h (HAVE_MLOCK): Added - -Wed Mar 22 13:50:24 CET 2000 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_MLOCK): Changed the way to test for - librt. Test suggested by Jeff Long. - -Fri Mar 17 17:50:25 CET 2000 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_MLOCK): Do librt check only when - we can't link a test program. This way GNU systems don't need - to link against linrt. - (GNUPG_CHECK_IPC): Fixed use of TRY_COMPILE macro. From Tim Mooney. - -2000-03-14 12:07:54 Werner Koch (wk@habibti.openit.de) - - * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Add support for - DJGPP. - (GNUPG_CHECK_MLOCK): Check whether mlock sits in librt. - * configure.in: Add a test for unisgned long long. - -Tue Mar 7 18:45:31 CET 2000 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_RDYNAMIC): Add NetBSD. By Thomas Klausner. - * configure.in (DYNLINK_MOD_CFLAGS): Set different for NetBSD. - -Thu Mar 2 15:37:46 CET 2000 Werner Koch - - * configure.in: Add check for clock_gettime - -Wed Feb 23 10:07:57 CET 2000 Werner Koch - - * configure.in (ALL_LINGUAS): Add nl. - -Wed Feb 16 16:25:09 CET 2000 Werner Koch - - * configure.in (ALL_LINGUAS): Add Esperanto. - -Wed Feb 16 14:09:00 CET 2000 Werner Koch - - * configure.in (ALL_LINGUAS): Add sv and ja. - - * AUTHORS: Converted to a more compact format. - - * INSTALL: Wrote a note about a Solaris problem. - -Thu Feb 10 17:39:44 CET 2000 Werner Koch - - * configure.in: Use /usr/local for CFLAGS and LDFLAGS when - target is freebsd. By Rémi. - -Thu Jan 13 19:31:58 CET 2000 Werner Koch - - * configure.in: Do not set development version when the version has - a dash in it. Suggested by Dave Dykstra. - -Thu Dec 16 10:07:58 CET 1999 Werner Koch - - * VERSION: Set to 1.0.1. - - * configure.in: Removed substitution for doc/gph/Makefile. - Do all the gcc warning only in maintainer mode. - -Thu Dec 9 10:31:05 CET 1999 Werner Koch - - * INSTALL: Add a hint for AIX. By Jos Backus. - -Sat Dec 4 12:30:28 CET 1999 Werner Koch - - * configure.in (dlopen): Use CHECK_FUNC for a test of dlopen in libc. - Suggested by Alexandre Oliva. - (-Wall): Moved the settting of gcc warning options near to the end - so that tests don't get confused. Suggested by Paul D. Smith. - -Mon Nov 22 11:14:53 CET 1999 Werner Koch - - * BUGS: Replaced content with a link to the online list. - -Fri Nov 12 20:33:19 CET 1999 Werner Koch - - * README: Fixed a type and add a note about the gnupg-i18n ML. - -Thu Oct 28 16:08:20 CEST 1999 Werner Koch - - * acinclude.m4, configure.in (GNUPG_CHECK_GNUMAKE): New. - -Sat Oct 9 20:34:41 CEST 1999 Werner Koch - - * configure.in: Tweaked handling of random modules and removed - dummy support for libgcrypt. - * Makefile.am: Removed libgcrypt support. - * cgrypt/ : Removed. - - * Makefile.am: Removed libtool. - -Fri Oct 8 20:32:01 CEST 1999 Werner Koch - - * configure.in: Fixed quoting in test for development version. - - * THANKS: Add entries for Michael, Brenno and J Horacio who did - very nice Howto documents - I apoligize for forgetting to mention them - earlier. - -Tue Sep 28 20:54:37 CEST 1999 Werner Koch - - * textfilter.c (copy_clearsig_text) [__MINGW32__): Use CR,LF. - -Fri Sep 17 12:56:42 CEST 1999 Werner Koch - - * configure.in: Add "-lcap" when capabilities are requested. - Add the conditional CROSS_COMPILING. - * Makefile.am: Don't use checks when CROSS_COMPILING. - -Wed Sep 15 16:22:17 CEST 1999 Werner Koch - - * configure.in (ALL_LINGUAS): Add pt_PT. - - * configure.in: Some tweaks for cross compiling under MingW32 - * acconfig.h (USE_STATIC_RNDW32): New. - -Tue Sep 7 17:08:10 CEST 1999 Werner Koch - - * VERSION: Set to 1.0.0. - -Mon Sep 6 19:59:08 CEST 1999 Werner Koch - - * configure.in: Create makefile in doc/gph - - * acinclude.m4 (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): New - * configure.in: use the above. - -Thu Sep 2 16:40:55 CEST 1999 Werner Koch - - * VERSION: Set to 0.9.11. - -Tue Aug 31 17:20:44 CEST 1999 Werner Koch - - * configure.in: Minor changes to the OS/2 and Mingw32 system labels. - Add a printable name for Hurd. - -Mon Aug 30 20:38:33 CEST 1999 Werner Koch - - * configure.in: Some support for DJGPP (Mark Elbrecht) - -Wed Aug 4 10:34:46 CEST 1999 Werner Koch - - * VERSION: Set to 0.9.10. - -Mon Jul 26 09:34:46 CEST 1999 Werner Koch - - * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): remove init of ac_cv_... - - * Makefile.am (DISCLEANFILES): New - -Fri Jul 23 13:53:03 CEST 1999 Werner Koch - - * VERSION: Set to 0.9.9. - - * configure.in: Print a notice when rndunix is used. - -Thu Jul 15 10:15:35 CEST 1999 Werner Koch - - * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Fixed last modification. - -Wed Jul 7 13:08:40 CEST 1999 Werner Koch - - * Makefile.am: Support for libtool. - * configure.in: Ditto. - -Tue Jun 29 21:44:25 CEST 1999 Werner Koch - - * configure.in (use_local_zlib): The lost dollar is back. - - * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Add EMX case. - * configure.in: Another variant of the MX vendor string - - * configure.in (--with-capabilities): Some test code (Remi). - -Sat Jun 26 12:15:59 CEST 1999 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_RDYNAMIC): Support for HPUX and IRIX. - * configure.in (HAVE_DL_SHL_LOAD): New for HPUX (Dave Dykstra). - - * VERSION: Now 0.9.8 - -Wed Jun 16 20:16:21 CEST 1999 Werner Koch - - * configure.in: Add test for docbook-to-man - -Tue Jun 15 12:21:08 CEST 1999 Werner Koch - - * acinclude.m4 (GNUPG_SYS_NM_PARSE): Support for {net,free}bsd, - -Thu Jun 10 14:18:23 CEST 1999 Werner Koch - - * configure.in (ZLIB,GDBM): Check both, header and lib. - -Sat Jun 5 15:30:33 CEST 1999 Werner Koch - - * pkclist.c (key_present_in_pk_list): New (Michael). - -Tue May 25 19:50:32 CEST 1999 Werner Koch - - * configure.in (IS_DEVELOPMENT_VERSION): Fixed detection. - -Sun May 23 14:20:22 CEST 1999 Werner Koch - - * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): assume yes when - cross-compiling. - -Mon May 17 21:54:43 CEST 1999 Werner Koch - - * configure.in (socket): Fix for Unisys by Katsuhiro Kondou. - -Sat May 8 19:28:08 CEST 1999 Werner Koch - - * NEWS: Add a marker line which I forgot to do for 0.9.6. - -Thu May 6 14:18:17 CEST 1999 Werner Koch - - * README: Minor updates - - * VERSION: Now 0.9.6 - -Thu Apr 8 09:35:53 CEST 1999 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_RDYNAMIC): Fix for - amiga-openbsd (Peter Reich) - (GNUPG_PROG_NM): Ditto - -Wed Apr 7 20:51:39 CEST 1999 Werner Koch - - * Makefile.am (g10defs.h): Removed. - * configure.in (AC_OUTPUT_COMMANDS): Create g10defs.h - -Sat Mar 20 12:55:33 CET 1999 Werner Koch - - * VERSION: Now 0.9.5 - -Sun Mar 14 19:34:36 CET 1999 Werner Koch - - * acinclude.m4 (AM_SYS_SYMBOL_UNDERSCORE): Removed because it is - now in the latest libtool. - -Thu Mar 11 16:39:46 CET 1999 Werner Koch - - * configure.in: Removed the need for libtool - -Mon Mar 8 20:47:17 CET 1999 Werner Koch - - * configure.in (DLSYM_NEEDS_UNDERSCORE): Replaced. - * acinclude.in (AM_SYS_SYMBOL_UNDERSCORE): New. - - * VERSION: Now 0.9.4 - -Sun Feb 28 19:11:00 CET 1999 Werner Koch - - * configure.in (dld): Test disabled. - -Fri Feb 26 17:55:41 CET 1999 Werner Koch - - * encode.c (encode_simple): temporary fix. - -Wed Feb 24 11:07:27 CET 1999 Werner Koch - - * configure.in: New option --enable-static-rnd. - -Mon Feb 22 20:04:00 CET 1999 Werner Koch - - * BUGS: Now we assign bug numbers. - * OBUGS: New to keep rack o fixed bugs (CVS only) - -Fri Feb 19 18:01:54 CET 1999 Werner Koch - - * VERSION: Released 0.9.3 - -Fri Feb 19 15:49:15 CET 1999 Werner Koch - - * acinclude.m4: Removed gettext macros. - -Tue Feb 16 14:10:02 CET 1999 Werner Koch - - * configure.in (socket): Check for -lsocket and -lnsl. - (osf4): Disable all warnings for DEC's cc. - (-Wall): Add more warning options for gcc - -Sat Feb 13 12:04:43 CET 1999 Werner Koch - - * configure.in: Changed detection of compiler flags. - * intl/ : Removed directory - -Wed Feb 10 17:15:39 CET 1999 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_RDYNAMIC): Fix for freebsd 2.2 - - * configure.in: a lot of changes to allow selection of modules. - Add support for OS/2. - - * acinclude.m4: add some more caching - - * README: Spelling and grammar corrections (John A. Martin) - * INSTALL: Ditto. - -Wed Jan 20 21:40:21 CET 1999 Werner Koch - - * configure.in: --enable-m-guard is now default - -Wed Jan 13 12:49:36 CET 1999 Werner Koch - - * INSTALL: Applied new information how to build rpms by Fabio Coatti - * Makefile.in (gnupg.spec): Changed the names. - -Tue Jan 12 11:17:18 CET 1999 Werner Koch - - * config.links (m68k-atari-mint): New - -Tue Jan 12 09:17:19 CET 1999 Gaël Quéri - - * all: Fixed typos all over the place - -Sat Jan 9 16:02:23 CET 1999 Werner Koch - - * configure.in: Add a way to statically link rndunix - -Sun Jan 3 15:28:44 CET 1999 Werner Koch - - * acinclude.m4 (GNUPG_CHECK_RDYNAMIC): New. - * configure.in (DYNLOAD_CFLAGS): Use result from CHECK_RDYNAMIC - -Wed Dec 23 13:18:14 CET 1998 Werner Koch - - * README: Replaced the command overview with a short intro. - -Sat Dec 12 18:40:32 CET 1998 Werner Koch - - * configure.in: Add check for dlopen in libc (Greg Troxel) - and a new define - * acconfig.h (DLSYM_NEEDS_UNDERSCORE): New. - -Thu Dec 10 20:15:36 CET 1998 Werner Koch - - * acinclude.m (GNUPG_CHECK_PIC): New - * configure.in, acinclude.m4: Renamed all WK_ to GNUPG_ - -Tue Dec 8 15:09:29 CET 1998 Werner Koch - - * VERSION: Set to 0.4.5 - -Wed Nov 25 12:38:29 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (USE_RNDLINUX): New. - -Fri Nov 20 19:34:57 1998 Werner Koch (wk@isil.d.shuttle.de) - - * VERSION: Released 0.4.4 - - * configure.in (try_asm_modules): For option --disable-asm - -Tue Nov 10 19:32:40 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (MPI_SFLAGS): New. - -Tue Nov 10 13:44:53 1998 Werner Koch (wk@isil.d.shuttle.de) - - * ABOUT-NLS: New - * configure.in (AC_REVISION): New. - -Sun Nov 8 18:20:35 1998 Werner Koch (wk@isil.d.shuttle.de) - - * VERSION: Set to 0.4.3 - -Sun Oct 25 19:49:37 1998 Werner Koch (wk@isil.d.shuttle.de) - - * Makefile.am (g10defs.h): New macro GNUPG_DATADIR. - -Wed Oct 21 17:24:24 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in: Removed gettext kludge - * acinclude.m4: Add patched AM_WITH_NKS macro - -Tue Oct 20 19:03:36 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in: Kludge to make AM_GNU_GETTEXT work, - changed some macors to more modern versions. Also - changeg the all makefiles to remove duplicate ../intl. - * acinclude.m4: Removed the gettext stuff, as this - already comes with automake now. - -Wed Oct 14 12:11:34 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (NAME_OF_DEV_RANDOM): New. - (DYNLINK_MOD_CFLAGS): New. - -Thu Oct 8 10:55:15 1998 Werner Koch (wk@isil.d.shuttle.de) - - * Makefile.am (g10defs.h): creates include file - * acconfig.h: now includes g10defs.h - * configure.in: Removed G10_LOCALEDIR and GNUPG_LIB - -Thu Sep 17 18:49:40 1998 Werner Koch (wk@(none)) - - * Makefile.am (dist-hook): Now creates RPM file. - * scripts/gnupg.spec: New template file for RPMs - -Thu Jul 30 19:17:07 1998 Werner Koch (wk@(none)) - - * acinclude.h (WK_CHECK_IPC): New - * configure.in : Add checks for SysV IPC - -Thu Jun 25 11:18:49 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (--disable-dynload): New. - -Wed Jun 10 07:48:59 1998 Werner Koch,mobil,,, (wk@tobold) - - * configure.in (GNUPG_LIBDIR): New. - -Mon May 25 19:10:59 1998 Werner Koch (wk@isil.d.shuttle.de) - - * rand-unix.c (fast_random_poll): fixed syntax bug. - -Mon May 11 10:21:31 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (PRINTABLE_OS_NAME): Linux is now GNU/Linux - -Tue Apr 14 19:08:05 1998 Werner Koch (wk@isil.d.shuttle.de) - - * [all files]: Applied Matthew Skala's typo and grammar fixes. - -Wed Mar 4 10:32:40 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (getrusage,gettimeofday): New tests. - -Fri Feb 27 13:14:17 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (--disable-m-guard): New. - -Thu Feb 26 17:09:27 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in, acinclude.m4, intl/, po/: New macros taken - from GNOME, switched to automake 1.2f - -Thu Feb 26 09:05:46 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (doc/Makefile): New - -Thu Feb 26 07:40:47 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in: Changed gettext stuff - -Wed Feb 25 11:44:10 1998 Werner Koch (wk@isil.d.shuttle.de) - - * checks/*test : restructured the directory. - -Tue Feb 24 15:59:12 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in: Changed the name of the package to GNUPG and - chnaged several other names too. - -Wed Feb 18 17:36:45 1998 Werner Koch (wk@isil.d.shuttle.de) - - * Makefile.am (checks): New. - -Sat Feb 14 15:37:55 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (mpi_config_done): Removed asm links caching. - -Sat Feb 14 14:02:20 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in (PRINTABLE_OS_NAME): New. - * acconfig.h: Likewise. - -Fri Feb 13 19:43:41 1998 Werner Koch (wk@isil.d.shuttle.de) - - * configure.in : Fixed zlib stuff - * Makefile.am: Likewise - - - Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. + Copyright 2001, 2002 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -1086,5 +202,5 @@ Fri Feb 13 19:43:41 1998 Werner Koch (wk@isil.d.shuttle.de) This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - + diff --git a/Makefile.am b/Makefile.am index 427d7b639..ccfc98fb2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,8 @@ -# Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. -# +# Makefile.am - main makefile for NewPG/GnuPG +# Copyright (C) 2001 Free Software Foundation, Inc. +# # This file is part of GnuPG. -# +# # GnuPG is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or @@ -18,37 +19,29 @@ ## Process this file with automake to produce Makefile.in -if CROSS_COMPILING -checks = +EXTRA_DIST = autogen.sh + +if BUILD_GPGSM +sm = sm else -checks = checks +sm = +endif +if BUILD_AGENT +agent = agent +else +agent = +endif +if BUILD_SCDAEMON +scd = scd +else +scd = endif -SUBDIRS = intl zlib util mpi cipher tools g10 keyserver po doc ${checks} -EXTRA_DIST = PROJECTS BUGS config.h.in -DISTCLEANFILES = g10defs.h +SUBDIRS = intl jnlib assuan common kbx ${sm} ${agent} ${scd} po doc tests + -# Add all the files listed in "distfiles" files to the distribution, -# apply version numbers to some files and create a VERSION file which -# we need for the Prereq: patch file trick. dist-hook: - @set -e; \ - for file in `cd $(top_srcdir); \ - find scripts mpi include -type f -name distfiles`; do \ - dir=`dirname $$file` ; $(mkinstalldirs) $(distdir)/$$dir ; \ - for i in distfiles `cat $(top_srcdir)/$$file` ; do \ - ln $(top_srcdir)/$$dir/$$i $(distdir)/$$dir/$$i 2> /dev/null \ - || cp -p $(top_srcdir)/$$dir/$$i $(distdir)/$$dir/$$i; \ - done ; \ - done - @set -e; \ - sed -e 's/@pkg_version@/$(VERSION)/g' \ - $(top_srcdir)/scripts/gnupg.spec.in \ - > $(distdir)/scripts/gnupg.spec - echo "$(VERSION)" > $(distdir)/VERSION - - - + @set -e; echo "$(VERSION)" > $(distdir)/VERSION diff --git a/NEWS b/NEWS index 6bea3d211..a2dc8126e 100644 --- a/NEWS +++ b/NEWS @@ -1,1305 +1,95 @@ -Noteworthy changes in version 1.3.1 (unreleased) +Noteworthy changes in version 0.9.3 (unreleased) ------------------------------------------------ -Noteworthy changes in version 1.3.0 (2002-10-18) +Noteworthy changes in version 0.9.2 (2002-09-20) ------------------------------------------------ - * The last piece of internal keyserver support has been removed, - and now all keyserver access is done via the keyserver plugins. - There is also a newer keyserver protocol used between GnuPG and - the plugins, so plugins from earlier versions of GnuPG may not - work properly. + * The default directory structure is created if it does no exists. - * The HKP keyserver plugin supports the new machine-readable key - listing format for those keyservers that provide it. + * A few more diagnostics and a minor bug fixes. - * When using a HKP keyserver with multiple DNS records (such as - wwwkeys.pgp.net which has the addresses of multiple servers - around the world), try all records until one succeeds. Note - that it depends on the LDAP library used whether the LDAP - keyserver plugin does this as well. - * The library dependencies for OpenLDAP seem to change fairly - frequently, and GnuPG's configure script cannot guess all the - combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to - override the script and use the libraries selected. +Noteworthy changes in version 0.9.1 (2002-08-23) +------------------------------------------------ - * Secret keys generated with --export-secret-subkeys are now - indicated in key listings with a '#' after the "sec", and in - --with-colons listings by showing no capabilities (no lowercase - characters). + * Minor fixes. - * --trusted-key has been un-obsoleted, as it is useful for adding - ultimately trusted keys from the config file. It is identical - to using --edit and "trust" to change a key to ultimately - trusted. -Noteworthy changes in version 1.1.92 (2002-09-11) +Noteworthy changes in version 0.9.0 (2002-08-21) +------------------------------------------------ + + * The default homedir has changed from ~/.gnupg-test to ~/.gnupg. + + * To run gpg-agent or scdaemon in the background, the option --daemon + must be used. + +Noteworthy changes in version 0.3.10 (2002-08-10) ------------------------------------------------- - * [IMPORTANT] The default configuration file is now - ~/.gnupg/gpg.conf. If an old ~/.gnupg/options is found it will - still be used. This change is required to have a more - consistent naming scheme with forthcoming tools. + * A key may be specified by a short fingerprint; either the last 4 or + 8 bytes of the SHA-1 fingerprint. - * The use of MDCs have increased. A MDC will be used if the - recipients directly request it, if the recipients have AES, - AES192, AES256, or TWOFISH in their cipher preferences, or if - the chosen cipher has a blocksize not equal to 64 bits - (currently this is also AES, AES192, AES256, and TWOFISH). + * Very basic regression tests implemented. - * GnuPG will no longer automatically disable compression when - processing an already-compressed file unless a MDC is being - used. This is to give the message a certain amount of - resistance to the chosen-ciphertext attack while communicating - with other programs (most commonly PGP earlier than version 7.x) - that do not support MDCs. + * Signing using more than one key works on the commandline and in + server mode. - * The option --interactive now has the desired effect when - importing keys. + * --import does now try to import all certificates up the chain; this + usually works only when the new option --auto-issuer-key-retrieve + is also used. - * The file permission and ownership checks on files have been - clarified. Specifically, the homedir (usually ~/.gnupg) is - checked to protect everything within it. If the user specifies - keyrings outside this homedir, they are presumed to be shared - keyrings and therefore *not* checked. Configuration files - specified with the --options option and the IDEA cipher - extension specified with --load-extension are checked, along - with their enclosing directories. + * New command --delete-key. Note that in contrast to gpg this is not + interactive. - * The configure option --with-static-rnd=auto allows to build gpg - with all available entropy gathering modules included. At - runtime the best usable one will be selected from the list - linux, egd, unix. This is also the default for systems lacking - a /dev/random device. - - * The default character set is now taken from the current locale; - it can still be overridden by the --charset option. Using the - option -vvv shows the used character set. - - * [REMOVED] --emulate-checksum-bug and --emulate-3des-s2k-bug have - been removed. - - -Noteworthy changes in version 1.1.91 (2002-08-04) -------------------------------------------------- - - * All modules are now linked statically; the --load-extension - option is in general not useful anymore. The only exception is - to specify the deprecated idea cipher. - - * The IDEA plugin has changed. Previous versions of the IDEA - plugin will no longer work with GnuPG. However, the current - version of the plugin will work with earlier GnuPG versions. - - * When using --batch with one of the --delete-key commands, the - key must be specified by fingerprint. See the man page for - details. - - * There are now various ways to restrict the ability GnuPG has to - exec external programs (for the keyserver helpers or photo ID - viewers). Read the README file for the complete list. - - * New export option to leave off attribute packets (photo IDs) - during export. This is useful when exporting to HKP keyservers - which do not understand attribute packets. - - * New import option to repair during import the HKP keyserver - mangling multiple subkeys bug. Note that this cannot completely - repair the damaged key as some crucial data is removed by the - keyserver, but it does at least give you back one subkey. This - is on by default for keyserver --recv-keys, and off by default - for regular --import. - - * The keyserver helper programs now live in - /usr/[local/]libexec/gnupg by default. If you are upgrading - from 1.0.7, you might want to delete your old copies in - /usr/[local/]bin. If you use an OS that does not use libexec - for whatever reason, use configure --libexecdir=/usr/local/lib - to place the keyserver helpers there. - - * The LDAP keyserver handler now works properly with very old - (version 1) LDAP keyservers. - - -Noteworthy changes in version 1.1.90 (2002-07-01) -------------------------------------------------- - - * New commands: --personal-cipher-preferences, - --personal-digest-preferences, and - --personal-compress-preferences allow the user to specify which - algorithms are to be preferred. Note that this does not permit - using an algorithm that is not present in the recipient's - preferences (which would violate the OpenPGP standard). This - just allows sorting the preferences differently. - - * New "group" command to refer to several keys with one name. - - * A warning is issued if the user forces the use of an algorithm - that is not listed in the recipient's preferences. - - * Full revocation key (aka "designated revoker") support. - - * The preferred hash algorithms on a key are consulted when - encrypting a signed message to that key. Note that this is - disabled by default by a SHA1 preference in - --personal-digest-preferences. - - * --cert-digest-algo allows the user to specify the hash algorithm - to use when signing a key rather than the default SHA1 (or MD5 - for PGP2 keys). Do not use this feature unless you fully - understand the implications of this. - - * --pgp7 mode automatically sets all necessary options to ensure - that the resulting message will be usable by a user of PGP 7.x. - - * New --attribute-fd command for frontends and scripts to get the - contents of attribute packets (i.e. photos) - - * In expert mode, the user can now re-sign a v3 key with a v4 - self-signature. This does not change the v3 key into a v4 key, - but it does allow the user to use preferences, primary ID flags, - etc. - - * Significantly improved photo ID support on non-unixlike - platforms. - - * The version number has jumped ahead to 1.1.90 to skip over the - old version 1.1 and to get ready for the upcoming 1.2. - - * ElGamal sign and encrypt is not anymore allowed in the key - generation dialog unless in expert mode. RSA sign and encrypt - has been added with the same restrictions. - - * [W32] Keyserver access does work with Windows NT. - - -Noteworthy changes in version 1.0.7 (2002-04-29) +Noteworthy changes in version 0.3.9 (2002-07-01) ------------------------------------------------ - * Secret keys are now stored and exported in a new format which - uses SHA-1 for integrity checks. This format renders the - Rosa/Klima attack useless. Other OpenPGP implementations might - not yet support this, so the option --simple-sk-checksum creates - the old vulnerable format. + * The protect-tool does now make use of the gpg-agent to query a + passphrase. - * The default cipher algorithm for encryption is now CAST5, - default hash algorithm is SHA-1. This will give us better - interoperability with other OpenPGP implementations. + * The default path of the daemons are now set to a more common value + and there are configure options to change them. - * Symmetric encrypted messages now use a fixed file size if - possible. This is a tradeoff: it breaks PGP 5, but fixes PGP 2, - 6, and 7. Note this was only an issue with RFC-1991 style - symmetric messages. - - * Photographic user ID support. This uses an external program to - view the images. - - * Enhanced keyserver support via keyserver "plugins". GnuPG comes - with plugins for the NAI LDAP keyserver as well as the HKP email - keyserver. It retains internal support for the HKP HTTP - keyserver. - - * Nonrevocable signatures are now supported. If a user signs a - key nonrevocably, this signature cannot be taken back so be - careful! - - * Multiple signature classes are usable when signing a key to - specify how carefully the key information (fingerprint, photo - ID, etc) was checked. - - * --pgp2 mode automatically sets all necessary options to ensure - that the resulting message will be usable by a user of PGP 2.x. - - * --pgp6 mode automatically sets all necessary options to ensure - that the resulting message will be usable by a user of PGP 6.x. - - * Signatures may now be given an expiration date. When signing a - key with an expiration date, the user is prompted whether they - want their signature to expire at the same time. - - * Revocation keys (designated revokers) are now supported if - present. There is currently no way to designate new keys as - designated revokers. - - * Permissions on the .gnupg directory and its files are checked - for safety. - - * --expert mode enables certain silly things such as signing a - revoked user id, expired key, or revoked key. - - * Some fixes to build cleanly under Cygwin32. - - * New tool gpgsplit to split OpenPGP data formats into packets. - - * New option --preserve-permissions. - - * Subkeys created in the future are not used for encryption or - signing unless the new option --ignore-valid-from is used. - - * Revoked user-IDs are not listed unless signatures are listed too - or we are in verbose mode. - - * There is no default comment string with ascii armors anymore - except for revocation certificates and --enarmor mode. - - * The command "primary" in the edit menu can be used to change the - primary UID, "setpref" and "updpref" can be used to change the - preferences. - - * Fixed the preference handling; since 1.0.5 they were erroneously - matched against against the latest user ID and not the given one. - - * RSA key generation. - - * Merged Stefan's patches for RISC OS in. See comments in - scripts/build-riscos. - - * It is now possible to sign and conventional encrypt a message (-cs). - - * The MDC feature flag is supported and can be set by using - the "updpref" edit command. - - * The status messages GOODSIG and BADSIG are now returning the primary - UID, encoded using %XX escaping (but with spaces left as spaces, - so that it should not break too much) - - * Support for GDBM based keyrings has been removed. - - * The entire keyring management has been revamped. - - * The way signature stati are store has changed so that v3 - signatures can be supported. To increase the speed of many - operations for existing keyrings you can use the new - --rebuild-keydb-caches command. - - * The entire key validation process (trustdb) has been revamped. - See the man page entries for --update-trustdb, --check-trustdb - and --no-auto-check-trustdb. - - * --trusted-keys is again obsolete, --edit can be used to set the - ownertrust of any key to ultimately trusted. - - * A subkey is never used to sign keys. - - * Read only keyrings are now handled as expected. - - -Noteworthy changes in version 1.0.6 (2001-05-29) +Noteworthy changes in version 0.3.8 (2002-06-25) ------------------------------------------------ - * Security fix for a format string bug in the tty code. + * The protect-tool has now a feature to extract a private RSA key + from a PKCS-12 file and convert it into the gpg-agent format. - * Fixed format string bugs in all PO files. + * A bunch of big fixes and changes for improved interoperability. - * Removed Russian translation due to too many bugs. The FTP - server has an unofficial but better translation in the contrib - directory. + * gpgsm can now create non-detached signatures. - * Fixed expire time calculation and keyserver access. - - * The usual set of minor bug fixes and enhancements. - - * non-writable keyrings are now correctly handled. - - -Noteworthy changes in version 1.0.5 (2001-04-29) +Noteworthy changes in version 0.3.7 (2002-06-04) ------------------------------------------------ - * WARNING: The semantics of --verify have changed to address a - problem with detached signature detection. --verify now ignores - signed material given on stdin unless this is requested by using - a "-" as the name for the file with the signed material. Please - check all your detached signature handling applications and make - sure that they don't pipe the signed material to stdin without - using a filename together with "-" on the the command line. + * More user friendly output for --list-keys without --with-colons. + New --list-sigs to show the certification path. - * WARNING: Corrected hash calculation for input data larger than - 512M - it was just wrong, so you might notice bad signature in - some very big files. It may be wise to keep an old copy of - GnuPG around. + * gpg-agent handles concurrent connections. - * Secret keys are no longer imported unless you use the new option - --allow-secret-key-import. This is a kludge and future versions will - handle it in another way. + * gpgsm --import can now handle certs-only messages. - * New command "showpref" in the --edit-key menu to show an easier - to understand preference listing. - - * There is now the notation of a primary user ID. For example, it - is printed with a signature verification as the first user ID; - revoked user IDs are not printed there anymore. In general the - primary user ID is the one with the latest self-signature. - - * New --charset=utf-8 to bypass all internal conversions. - - * Large File Support (LFS) is now working. - - * New options: --ignore-crc-error, --no-sig-create-check, - --no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks, - --enable-special-filenames and --use-agent. See man page. - - * New command --pipemode, which can be used to run gpg as a - co-process. Currently only the verification of detached - signatures are working. See doc/DETAILS. - - * Keyserver support for the W32 version. - - * Rewritten key selection code so that GnuPG can better cope with - multiple subkeys, expire dates and so. The drawback is that it - is slower. - - * A whole lot of bug fixes. - - * The verification status of self-signatures are now cached. To - increase the speed of key list operations for existing keys you - can do the following in your GnuPG homedir (~/.gnupg): - cp pubring.gpg pubring.gpg.save && gpg --export-all >x && \ - rm pubring.gpg && gpg --import x - Only v4 keys (i.e not the old RSA keys) benefit from this caching. - - * New translations: Estonian, Turkish. - - -Noteworthy changes in version 1.0.4 (2000-10-17) +Noteworthy changes in version 0.3.6 (2002-05-03) ------------------------------------------------ - * Fixed a serious bug which could lead to false signature verification - results when more than one signature is fed to gpg. This is the - primary reason for releasing this version. + * Some cleanups. - * New utility gpgv which is a stripped down version of gpg to - be used to verify signatures against a list of trusted keys. - - * Rijndael (AES) is now supported and listed with top preference. - - * --with-colons now works with --print-md[s]. - -Noteworthy changes in version 1.0.3 (2000-09-18) +Noteworthy changes in version 0.3.5 (2002-04-15) ------------------------------------------------ + + * Checks key usage and uses the authorithyKeyIdentifier. - * Fixed problems with piping to/from other MS-Windows software + * Basic SC support for TCOS card using a patched version of OpenSC. - * Expiration time of the primary key can be changed again. - * Revoked user IDs are now marked in the output of --list-key + Copyright 2002 g10 Code GmbH - * New options --show-session-key and --override-session-key - to help the British folks to somewhat minimize the danger - of this Orwellian RIP bill. + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. - * New options --merge-only and --try-all-secrets. - - * New configuration option --with-egd-socket. - - * The --trusted-key option is back after it left us with 0.9.5 - - * RSA is supported. Key generation does not yet work but will come - soon. - - * CAST5 and SHA-1 are now the default algorithms to protect the key - and for symmetric-only encryption. This should solve a couple - of compatibility problems because the old algorithms are optional - according to RFC2440 - - * Twofish and MDC enhanced encryption is now used. PGP 7 supports - this. Older versions of GnuPG don't support it, so they should be - upgraded to at least 1.0.2 - - -Noteworthy changes in version 1.0.2 (2000-07-12) ----------------------------------------------- - - * Fixed expiration handling of encryption keys. - - * Add an experimental feature to do unattended key generation. - - * The user is now asked for the reason of revocation as required - by the new OpenPGP draft. - - * There is a ~/.gnupg/random_seed file now which saves the - state of the internal RNG and increases system performance - somewhat. This way the full entropy source is only used in - cases were it is really required. - Use the option --no-random-seed-file to disable this feature. - - * New options --ignore-time-conflict and --lock-never. - - * Some fixes for the W32 version. - - * The entropy.dll is not anymore used by the W32 version but replaced - by code derived from Cryptlib. - - * Encryption is now much faster: About 2 times for 1k bit keys - and 8 times for 4k keys. - - * New encryption keys are generated in a way which allows a much - faster decryption. - - * New command --export-secret-subkeys which outputs the - the _primary_ key with it's secret parts deleted. This is - useful for automated decryption/signature creation as it - allows to keep the real secret primary key offline and - thereby protecting the key certificates and allowing to - create revocations for the subkeys. See the FAQ for a - procedure to install such secret keys. - - * Keygeneration now writes to the first writeable keyring or - as default to the one in the homedirectory. Prior versions - ignored all --keyring options. - - * New option --command-fd to take user input from a file descriptor; - to be used with --status-fd by software which uses GnuPG as a backend. - - * There is a new status PROGRESS which is used to show progress during - key generation. - - * Support for the new MDC encryption packets. To create them either - --force-mdc must be use or cipher algorithm with a blocksize other - than 64 bits is to be used. --openpgp currently disables MDC packets - entirely. This option should not yet be used. - - * New option --no-auto-key-retrieve to disable retrieving of - a missing public key from a keyserver, when a keyserver has been set. - - * Danish translation - -Noteworthy changes in version 1.0.1 (1999-12-16) ------------------------------------ - - * New command --verify-files. New option --fast-list-mode. - - * $http_proxy is now used when --honor-http-proxy is set. - - * Fixed some minor bugs and the problem with conventional encrypted - packets which did use the gpg v3 partial length headers. - - * Add Indonesian and Portugese translations. - - * Fixed a bug with symmetric-only encryption using the non-default 3DES. - The option --emulate-3des-s2k-bug may be used to decrypt documents - which have been encrypted this way; this should be done immediately - as this workaround will be remove in 1.1 - - * Can now handle (but not display) PGP's photo IDs. I don't know the - format of that packet but after stripping a few bytes from the start - it looks like a JPEG (at least my test data). Handling of this - package is required because otherwise it would mix up the - self signatures and you can't import those keys. - - * Passing non-ascii user IDs on the commandline should now work in all - cases. - - * New keys are now generated with an additional preference to Blowfish. - - * Removed the GNU Privacy Handbook from the distribution as it will go - into a separate one. - - -Noteworthy changes in version 1.0.0 (1999-09-07) ------------------------------------ - - * Add a very preliminary version of the GNU Privacy Handbook to - the distribution (lynx doc/gph/index.html). - - * Changed the version number to GnuPG 2001 ;-) - - -Noteworthy changes in version 0.9.11 ------------------------------------- - - * UTF-8 strings are now correctly printed (if --charset is set correctly). - Output of --with-colons remains C-style escaped UTF-8. - - * Workaround for a problem with PGP 5 detached signature in textmode. - - * Fixed a problem when importing new subkeys (duplicated signatures). - -Noteworthy changes in version 0.9.10 ------------------------------------- - - * Some strange new options to help pgpgpg - - * Cleaned up the dox a bit. - - -Noteworthy changes in version 0.9.9 ------------------------------------ - - * New options --[no-]utf8-strings. - - * New edit-menu commands "enable" and "disable" for entire keys. - - * You will be asked for a filename if gpg cannot deduce one. - - * Changes to support libtool which is needed for the development - of libgcrypt. - - * New script tools/lspgpot to help transferring assigned - trustvalues from PGP to GnuPG. - - * New commands --lsign-key and made --sign-key a shortcut for --edit - and sign. - - * New options (#122--126 ;-) --[no-]default-recipient[-self], - --disable-{cipher,pubkey}-algo. See the man page. - - * Enhanced info output in case of multiple recipients and fixed exit code. - - * New option --allow-non-selfsigned-uid to work around a problem with - the German IN way of separating signing and encryption keys. - - -Noteworthy changes in version 0.9.8 ------------------------------------ - - * New subcommand "delsig" in the edit menu. - - * The name of the output file is not anymore the one which is - embedded in the processed message, but the used filename with - the extension stripped. To revert to the old behaviour you can - use the option --use-embedded-filename. - - * Another hack to cope with pgp2 generated detached signatures. - - * latin-2 character set works (--charset=iso-8859-2). - - * New option --with-key-data to list the public key parameters. - New option -N to insert notations and a --set-policy-url. - A couple of other options to allow reseting of options. - - * Better support for HPUX. - - -Noteworthy changes in version 0.9.7 ------------------------------------ - - * Add some work arounds for a bugs in pgp 2 which led to bad signatures - when used with canonical texts in some cases. - - * Enhanced some status outputs. - -Noteworthy changes in version 0.9.6 ------------------------------------ - - * Twofish is now statically linked by default. The experimental 128 bit - version is now disabled. Full support will be available as soon as - the OpenPGP WG has decided on an interpretation of rfc2440. - - * Dropped support for the ancient Blowfish160 which is not OpenPGP. - - * Merged gpgm and gpg into one binary. - - * Add "revsig" and "revkey" commands to the edit menu. It is now - possible to revoke signature and subkeys. - - -Noteworthy changes in version 0.9.5 ------------------------------------ - - * New command "lsign" in the keyedit menu to create non-exportable - signatures. Removed --trusted-keys option. - - * A bunch of changes to the key validation code. - - * --list-trust-path now has an optional --with-colons format. - - * New command --recv-keys to import keys from an keyserver. - - -Noteworthy changes in version 0.9.4 ------------------------------------ - - * New configure option --enable-static-rnd=[egd|linux|unix|none] - to select a random gathering module for static linking. - - * The original text is now verbatim copied to a cleartext signed message. - - * Bugfixes but there are still a couple of bugs. - - -Noteworthy changes in version 0.9.3 ------------------------------------ - - * Changed the internal design of getkey which now allows a - efficient lookup of multiple keys and add a word match mode. - - * New options --[no-]encrypt-to. - - * Some changes to the configure stuff. Switched to automake 1.4. - Removed intl/ from CVS, autogen.sh now uses gettextize. - - * Preferences now include Twofish. Removed preference to Blowfish with - a special hack to suppress the "not listed in preferences" warning; - this is to allow us to switch completely to Twofish in the near future. - - * Changed the locking stuff. - - * Print all user ids of a good signature. - - -Noteworthy changes in version 0.9.2 ------------------------------------ - - * add some additional time warp checks. - - * Option --keyserver and command --send-keys to utilize HKP servers. - - * Upgraded to zlib 1.1.3 and fixed an inflate bug - - * More cleanup on the cleartext signatures. - - -Noteworthy changes in version 0.9.1 ------------------------------------ - - * Polish language support. - - * When querying the passphrase, the key ID of the primary key is - displayed along with the one of the used secondary key. - - * Fixed a bug occurring when decrypting pgp 5 encrypted messages, - fixed an infinite loop bug in the 3DES code and in the code - which looks for trusted signatures. - - * Fixed a bug in the mpi library which caused signatures not to - compare okay. - - * Rewrote the handling of cleartext signatures; the code is now - better maintainable (I hope so). - - * New status output VALIDSIG only for valid signatures together - with the fingerprint of the signer's key. - - -Noteworthy changes in version 0.9.0 ------------------------------------ - - * --export does now only exports rfc2440 compatible keys; the - old behaviour is available with --export-all. - Generation of v3 ElGamal (sign and encrypt) keys is not longer - supported. - - * Fixed the uncompress bug. - - * Rewrote the rndunix module. There are two environment variables - used for debugging now: GNUPG_RNDUNIX_DBG give the file to write - debugging information (use "-" for stdout) and if GNUPG_RNDUNIX_DBGALL - is set, all programs which are only tried are also printed. - - * New option --escape-from-lines to "dash-escape" "From " lines to - prevent mailers to change them to ">From ". This is not enabled by - default because it is not in compliance with rfc2440 - however, you - should turn it on. - - -Noteworthy changes in version 0.4.5 ------------------------------------ - - * The keyrings and the trustdb is now locked, so that - other GnuPG processes won't damage these files. You - may want to put the option --lock-once into your options file. - - * The latest self-signatures are now used; this enables --import - to see updated preferences etc. - - * Import of subkeys should now work. - - * Random gathering modules may now be loaded as extensions. Add - such a module for most Unices but it is very experimental! - - * Brazilian language support. - - -Noteworthy changes in version 0.4.4 ------------------------------------ - - * Fixed the way the key expiration time is stored. If you have - an expiration time on your key you should fix it with --edit-key - and the command "expire". I apologize for this inconvenience. - - * Add option --charset to support "koi8-r" encoding of user ids. - (Not yet tested). - - * Preferences should now work again. You should run - "gpgm --check-trustdb \*" to rebuild all preferences. - - * Checking of certificates should now work but this needs a lot - of testing. Key validation values are now cached in the - trustdb; they should be recalculated as needed, but you may - use --check-trustdb or --update-trustdb to do this. - - * Spanish translation by Urko Lusa. - - * Patch files are from now on signed. See the man page - for the new option --not-dash-escaped. - - * New syntax: --edit-key [] - If you run it without --batch the commands are executed and then - you are put into normal mode unless you use "quit" or "save" as - one of the commands. When in batch mode, the program quits after - the last command, so you have to use "save" if you did some changes. - It does not yet work completely, but may be used to list so the - keys etc. - - -Noteworthy changes in version 0.4.3 ------------------------------------ - - * Fixed the gettext configure bug. - - * Kludge for RSA keys: keyid and length of a RSA key are - correctly reported, but you get an error if you try to use - this key (If you do not have the non-US version). - - * Experimental support for keyrings stored in a GDBM database. - This is *much* faster than a standard keyring. You will notice - that the import gets slower with time; the reason is that all - new keys are used to verify signatures of previous inserted - keys. Use "--keyring gnupg-gdbm:". This is - not (yet) supported for secret keys. - - * A Russian language file in the distribution (alternatives are in - the contrib directory of the FTP servers) - - * commandline option processing now works as expected for GNU programs - with the exception that you can't mix options and normal arguments. - - * Now --list-key lists all matching keys. This is needed in some - other places too. - - -Noteworthy changes in version 0.4.2 ------------------------------------ - - * This is only a snapshot: There are still a few bugs. - - * Fixed this huge memory leak. - - * Redesigned the trust database: You should run "gpgm --check-trustdb". - New command --update-trustdb, which adds new key from the public - keyring into your trustdb - - * Fixed a bug in the armor code, leading to invalid packet errors. - (a workaround for this was to use --no-armor). The shorten line - length (64 instead of 72) fixes a problem with pgp5 and keyservers. - - * comment packets are not anymore generated. "--export" filters - them out. One Exception: The comment packets in a secret keyring - are still used because they carry the factorization of the public - prime product. - - * --import now only looks for KEYBLOCK headers, so you can now simply - remove the "- " in front of such a header if someone accidently signed - such a message or the keyblock is part of a cleartext signed message. - - * --with-colons now lists the key expiration time and not anymore - the valid period. - - * Some keyblocks created with old releases have a wrong sequence - of packets, so that the keyservers don't accept these keys. - Simply using "--edit-key" fixes the problem. - - * New option --force-v3-sigs to generate signed messages which are - compatible to PGP 5. - - * Add some code to support DLD (for non ELF systems) - but this is - not tested because my BSD box is currently broken. - - * New command "expire" in the edit-key menu. - - - -Noteworthy changes in version 0.4.1 ------------------------------------ - * A secondary key is used when the primary key is specified but cannot - be used for the operation (if it is a sign-only key). - - * GNUPG can now handle concatenated armored messages: There is still a - bug if different kinds of messages are mixed. - - * Iterated+Salted passphrases now work. If want to be sure that PGP5 - is able to handle them you may want to use the options - "--s2k-mode 3 --s2k-cipher-algo cast5 --s2k-digest-algo sha1" - when changing a passphrase. - - * doc/OpenPGP talks about OpenPGP compliance, doc/HACKING gives - a few hints about the internal structure. - - * Checked gnupg against the August 1998 draft (07) and I believe - it is in compliance with this document (except for one point). - - * Fixed some bugs in the import merging code and rewrote some - code for the trustdb. - - -Noteworthy changes in version 0.4.0 ------------------------------------ - * Triple DES is now supported. Michael Roth did this piece of - needed work. We have now all the coded needed to be OpenPGP - compliant. - - * Added a simple rpm spec file (see INSTALL). - - * detached and armored signatures are now using "PGP SIGNATURE", - except when --rfc1991 is used. - - * All times which are not in the yyyy-mm-dd format are now printed - in local time. - - -Noteworthy changes in version 0.3.5 ------------------------------------ - * New option --throw-keyid to create anonymous enciphered messages. - If gpg detects such a message it tires all available secret keys - in turn so decode it. This is a gnupg extension and not in OpenPGP - but it has been discussed there and afaik some products use this - scheme too (Suggested by Nimrod Zimmerman). - - * Fixed a bug with 5 byte length headers. - - * --delete-[secret-]key is now also available in gpgm. - - * cleartext signatures are not anymore converted to LF only. - - * Fixed a trustdb problem. Run "gpgm --check-trustdb" to fix old - trust dbs. - - * Building in another directory should now work. - - * Weak key detection mechanism (Niklas Hernaeus). - - -Noteworthy changes in version 0.3.4 ------------------------------------ - * New options --comment and --set-filename; see g10/OPTIONS - - * yes/no, y/n localized. - - * Fixed some bugs. - -Noteworthy changes in version 0.3.3 ------------------------------------ - * IMPORTANT: I found yet another bug in the way the secret keys - are encrypted - I did it the way pgp 2.x did it, but OpenPGP - and pgp 5.x specify another (in some aspects simpler) method. - To convert your secret keys you have to do this: - 1. Build the new release but don't install it and keep - a copy of the old program. - 2. Disable the network, make sure that you are the only - user, be sure that there are no Trojan horses etc .... - 3. Use your old gpg (version 0.3.[12]) and set the - passphrases of ALL your secret keys to empty! - (gpg --change-passphrase your-user-id). - 4. Save your ownertrusts (see the next point) - 5. rm ~/.gnupg/trustdb.gpg - 6. install the new version of gpg (0.3.3) - 7. For every secret key call "gpg --edit-key your-user-id", - enter "passwd" at the prompt, follow the instructions and - change your password back, enter "save" to store it. - 8. Restore the ownertrust (see next point). - - * The format of the trust database has changed; you must delete - the old one, so gnupg can create a new one. - IMPORTANT: Use version 0.3.[12] to save your assigned ownertrusts - ("gpgm --list-ownertrust >saved-trust"); then build this new version - and restore the ownertrust with this new version - ("gpgm --import-ownertrust saved-trust"). Please note that - --list-ownertrust has been renamed to --export-ownertrust in this - release and it does now only export defined ownertrusts. - - * The command --edit-key now provides a commandline driven menu - which can be used for various tasks. --sign-key is only an - an alias to --edit-key and maybe removed in future: use the - command "sign" of this new menu - you can select which user ids - you want to sign. - - * Alternate user ids can now be created an signed. - - * Owner trust values can now be changed with --edit-key (trust) - - * GNUPG can now run as a coprocess; this enables sophisticated - frontends. tools/shmtest.c is a simple sample implementation. - This needs some more work: all tty_xxx() are to be replaced - by cpr_xxx() and some changes in the display logics is needed. - - * Removed options --gen-prime and --gen-random. - - * Removed option --add-key; use --edit-key instead. - - * Removed option --change-passphrase; use --edit-key instead. - - * Signatures are now checked even if the output file could not - be created. Command "--verify" tries to find the detached data. - - * gpg now disables core dumps. - - * compress and symmetric cipher preferences are now used. - Because there is no 3DES yet, this is replaced by Blowfish. - - * We have added the Twofish as an experimental cipher algorithm. - Many thanks to Matthew Skala for doing this work. - Twofish is the AES submission from Schneier et al.; see - "www.counterpane.com/twofish.html" for more information. - - * Started with a help system: If you enter a question mark at some - prompt; you should get a specific help for this prompt. - - * There is no more backup copy of the secret keyring. - - * A lot of new bugs. I think this release is not as stable as - the previous one. - - -Noteworthy changes in version 0.3.2 ------------------------------------ - * Fixed some bugs when using --textmode (-seat) - - * Now displays the trust status of a positive verified message. - - * Keyrings are now scanned in the sequence they are added with - --[secret-]keyring. Note that the default keyring is implicitly - added as the very first one unless --no-default-keyring is used. - - * Fixed setuid and dlopen bug. - -Noteworthy changes in version 0.3.1 ------------------------------------ - * Partial headers are now written in the OpenPGP format if - a key in a v4 packet is used. - - * Removed some unused options, removed the gnupg.sig stuff. - - * Key lookup by name now returns a key which can be used for - the desired action. - - * New options --list-ownertrust (gpgm) to make a backup copy - of the ownertrust values you assigned. - - * clear signature headers are now in compliance with OpenPGP. - -Noteworthy changes in version 0.3.0 ------------------------------------ - - * New option --emulate-checksum-bug. If your passphrase does not - work anymore, use this option and --change-passphrase to rewrite - your passphrase. - - * More complete v4 key support: Preferences and expiration time - is set into the self signature. - - * Key generation defaults to DSA/ElGamal keys, so that new keys are - interoperable with pgp5 - - * DSA key generation is faster and key generation does not anymore - remove entropy from the random generator (the primes are public - parameters, so there is really no need for a cryptographic secure - prime number generator which we had used). - - * A complete new structure for representing the key parameters. - - * Removed most public key knowledge into the cipher library. - - * Support for dynamic loading of new algorithms. - - * Moved tiger to an extension module. - - -Noteworthy changes in version 0.2.19 ------------------------------------- - - * Replaced /dev/urandom in checks with new tool mk-tdata. - - * Some assembler file cleanups; some more functions for the Alpha. - - * Tiger has now the OpenPGP assigned number 6. Because the OID has - changed, old signatures using this algorithm can't be verified. - - * gnupg now encrypts the compressed packed and not any longer in the - reverse order; anyway it can decrypt both versions. Thanks to Tom - for telling me this (not security related) bug. - - * --add-key works and you are now able to generate subkeys. - - * It is now possible to generate ElGamal keys in v4 packets to create - valid OpenPGP keys. - - * Some new features for better integration into MUAs. - - -Noteworthy changes in version 0.2.18 ------------------------------------- - - * Splitted cipher/random.c, add new option "--disable-dev-random" - to configure to support the development of a random source for - other systems. Prepared sourcefiles rand-unix.c, rand-w32.c - and rand-dummy.c (which is used to allow compilation on systems - without a random source). - - * Fixed a small bug in the key generation (it was possible that 48 bits - of a key were not taken from the random pool) - - * Add key generation for DSA and v4 signatures. - - * Add a function trap_unaligned(), so that a SIGBUS is issued on - Alphas and not the slow emulation code is used. And success: rmd160 - raised a SIGBUS. - - * Enhanced the formatting facility of argparse and changed the use of - \r,\v to @ because gettext does not like it. - - * New option "--compress-algo 1" to allow the creation of compressed - messages which are readable by PGP and "--print-md" (gpgm) to make - speed measurement easier. - - -Noteworthy changes in version 0.2.17 ------------------------------------- - - * Comment packets are now of private type 61. - - * Passphrase code still used a 160 bit blowfish key, added a - silly workaround. Please change your passphrase again - sorry. - - * Conventional encryption now uses a type 3 packet to describe the - used algorithms. - - * The new algorithm number for Blowfish is 20, 16 is still used for - encryption only; for signing it is only used when it is in a v3 packet, - so that GNUPG keys are still valid. - - -Noteworthy changes in version 0.2.16 ------------------------------------- - - * Add experimental support for the TIGER/192 message digest algorithm. - (But there is only a dummy ASN OID). - - * Standard cipher is now Blowfish with 128 bit key in OpenPGP's CFB - mode. I renamed the old cipher to Blowfish160. Because the OpenPGP - group refused to assign me a number for Blowfish160, I have to - drop support for this in the future. You should use - "--change-passphrase" to recode your current passphrase with 128 - bit Blowfish. - - -Noteworthy changes in version 0.2.15 ------------------------------------- - - * Fixed a bug with the old checksum calculation for secret keys. - If you run the program without --batch, a warning does inform - you if your secret key needs to be converted; simply use - --change-passphrase to recalculate the checksum. Please do this - soon, as the compatible mode will be removed sometime in the future. - - * CAST5 works (using the PGP's special CFB mode). - - * Again somewhat more PGP 5 compatible. - - * Some new test cases - -Noteworthy changes in version 0.2.14 ------------------------------------- - - * Changed the internal handling of keyrings. - - * Add support to list PGP 5 keyrings with subkeys - - * Timestamps of signatures are now verified. - - * A expiration time can now be specified during key generation. - - * Some speedups for Blowfish and SHA-1, rewrote SHA-1 transform. - Reduced the amount of random bytes needed for key generation in - some cases. - - -Noteworthy changes in version 0.2.13 ------------------------------------- - - * Verify of DSA signatures works. - - * Re-implemented the slower random number generator. - - -Noteworthy changes in version 0.2.12 ------------------------------------- - - * --delete-key checks that there is no secret key. The new - option --delete-secret-key maybe used to delete a secret key. - - * "-kv" now works as expected. Options "--list-{keys,sigs]" - and "--check-sigs" are now working. - - * New options "--verify" and "--decrypt" to better support integration - into MUAs (partly done for Mutt). - - * New option "--with-colons" to make parsing of key lists easier. - -Noteworthy changes in version 0.2.11 ------------------------------------- - - * GPG now asks for a recipient's name if option "-r" is not used. - - * If there is no good trust path, the program asks whether to use - the public keys anyway. - - * "--delete-key" works for public keys. What semantics shall I use - when there is a secret key too? Delete the secret key or leave him - and auto-regenerate the public key, next time the secret key is used? - -Noteworthy changes in version 0.2.10 ------------------------------------- - - * Code for the alpha is much faster (about 20 times); the data - was misaligned and the kernel traps this, so nearly all time - was used by system to trap the misalignments and to write - syslog messages. Shame on me and thanks to Ralph for - pointing me at this while drinking some beer yesterday. - - * Changed some configure options and add an option - --disable-m-guard to remove the memory checking code - and to compile everything with optimization on. - - * New environment variable GNUPGHOME, which can be used to set - another homedir than ~/.gnupg. Changed default homedir for - Windoze version to c:/gnupg. - - * Fixed detached signatures; detached PGP signatures caused a SEGV. - - * The Windoze version works (as usual w/o a strong RNG). - - -Noteworthy changes in version 0.2.9 ------------------------------------ - - * Fixed FreeBSD bug. - - * Added a simple man page. - - * Switched to automake1.2f and a newer gettext. - -Noteworthy changes in version 0.2.8 ------------------------------------ - - * Changed the name to GNUPG, the binaries are called gpg and gpgm. - You must rename rename the directory "~/.g10" to ~/.gnupg/, rename - {pub,sec}ring.g10 to {pub,sec}ring.gpg, trustdb.g10 to trustdb.gpg - and g10.sig to gnupg.sig. - - * New or changed passphrases are now salted. - - -Noteworthy changes in version 0.2.7 ------------------------------------ - - * New command "gen-revoke" to create a key revocation certificate. - - * New option "homedir" to set the homedir (which defaults to "~/.g10"). - This directory is created if it does not exists (only the last - part of the name and not the complete hierarchy) - - * Command "import" works. (Try: "finger gcrypt@ftp.guug.de|g10 --import") - - * New commands "dearmor/enarmor" for g10maint. These are mainly - used for internal test purposes. - - * Option --version now conforming to the GNU standards and lists - the available ciphers, message digests and public key algorithms. - - * Assembler code for m68k (not tested). - - * "make check" works. - -Noteworthy changes in version 0.2.6 ------------------------------------ - - * Option "--export" works. - - -Noteworthy changes in version 0.2.5 ------------------------------------ - - * Added zlib for systems which don't have it. - Use "./configure --with-zlib" to link with the static version. - - * Generalized some more functions and rewrote the encoding of - message digests into MPIs. - - * Enhanced the checkit script - - -Noteworthy changes in version 0.2.4 ------------------------------------ - - * nearly doubled the speed of the ElGamal signature verification. - - * backup copies of keyrings are created. - - * assembler stuff for Pentium; gives about 15% better performance. - - * fixed a lot of bugs. - - -Noteworthy changes in version 0.2.3 ------------------------------------ - - * Found a bug in the calculation of ELG fingerprints. This is now - fixed, but all existing fingerprints and keyids for ELG keys - are not any more valid. - - * armor should now work; including clear signed text. - - * moved some options to the new program g10maint - - * It's now 64 bit clean and runs fine on an alpha--linux. - - * Key generation is much faster now. I fixed this by using not - so strong random number for the primes (this was a bug because the - ElGamal primes are public parameters and it does not make sense - to generate them from strong random). The real secret is the x value - which is still generated from strong (okay: /dev/random) random bits. - - * added option "--status-fd": see g10/OPTIONS - - * We have secure memory on systems which support mlock(). - It is not complete yet, because we do not have signal handler - which does a cleanup in very case. - We should also check the ulimit for the user in the case - that the admin does not have set a limit on locked pages. - - * started with internationalization support. - - * The logic to handle the web of trust is now implemented. It is - has some bugs; but I'm going to change the algorithm anyway. - It works by calculating the trustlevel on the fly. It may ask - you to provide trust parameters if the calculated trust probability - is too low. I will write a paper which discusses this new approach. - - * a couple of changes to the configure script. - - * New option "--quick-random" which uses a much quicker random - number generator. Keys generated while this option is in effect - are flags with "INSECURE!" in the user-id. This is a development - only option. - - * Read support for new version packets (OpenPGP). - - * Comment packets are now of correct OpenPGP type 16. Old comment - packets written by G10 are detected because they always start with - a hash which is an invalid version byte. - - * The string "(INSECURE!)" is appended to a new user-id if this - is generated on a system without a good random number generator. - - -Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. - -This file is free software; as a special exception the author gives -unlimited permission to copy and/or distribute it, with or without -modifications, as long as this notice is preserved. - -This file is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/README b/README index da477639d..93dc1c8f0 100644 --- a/README +++ b/README @@ -1,652 +1,372 @@ +NewPG is a temporary protect to work on GnuPG extensions. It will be +merged into the regular GnuPG sources for a GnuPG 2.0 release. - GnuPG - The GNU Privacy Guard - ------------------------------- - Version 1.3 +jnlib/ utility functions +assuan/ assuan protocol library +kbx/ keybox library +sm/ the gpgsm program +agent/ the gpg-agent +scd/ the smartcard daemon - Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. +Libksba and Libgcrypt are required to build it. - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. +Assuan and Keybox are both designed to be source include-able. - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +A texinfo manual `gnupg.info' will get installed. Some commands and +options given below. - Intro - ----- +COMMANDS +======== - GnuPG is GNU's tool for secure communication and data storage. - It can be used to encrypt data and to create digital signatures. - It includes an advanced key management facility and is compliant - with the proposed OpenPGP Internet standard as described in RFC2440. +gpgsm: +------ - GnuPG works best on GNU/Linux or *BSD systems. Most other Unices - are also supported but are not as well tested as the Free Unices. - See http://www.gnupg.org/gnupg.html#supsys for a list of systems - which are known to work. +--learn-card - See the file COPYING for copyright and warranty information. + Read tinformation about the private keys from the smartcard and + import the certificates from there. - Because GnuPG does not use use any patented algorithm it cannot be - compatible with PGP2 versions. PGP 2.x uses IDEA (which is patented - worldwide). +--export - The default algorithms are DSA and ElGamal, but RSA is also - supported. ElGamal for signing is available, but because of the - larger size of such signatures it is deprecated (Please note that - the GnuPG implementation of ElGamal signatures is *not* insecure). - Symmetric algorithms are: AES, 3DES, Blowfish, CAST5 and Twofish. - Digest algorithms available are MD5, RIPEMD160 and SHA1. + Export all certificates storein the Keybox or those specified on + the commandline. When using --armor a few informational lines are + prepended before each block. - Installation - ------------ - Please read the file INSTALL and the sections in this file - related to the installation. Here is a quick summary: +OPTIONS +======= - 1) Check that you have unmodified sources. See below on how to do - this. Don't skip it - this is an important step! +gpgsm: +------ - 2) Unpack the TAR. With GNU tar you can do it this way: - "tar xzvf gnupg-x.y.z.tar.gz" +--include-certs - 3) "cd gnupg-x.y.z" - - 4) "./configure" - - 5) "make" - - 6) "make install" - - 7) You end up with a "gpg" binary in /usr/local/bin. - - 8) To avoid swapping out of sensitive data, you can install "gpg" as - suid root. If you don't do so, you may want to add the option - "no-secmem-warning" to ~/.gnupg/gpg.conf - - - How to Verify the Source - ------------------------ - In order to check that the version of GnuPG which you are going to - install is an original and unmodified one, you can do it in one of - the following ways: - - a) If you already have a trusted Version of GnuPG installed, you - can simply check the supplied signature: - - $ gpg --verify gnupg-x.y.z.tar.gz.asc - - This checks that the detached signature gnupg-x.y.z.tar.gz.asc - is indeed a a signature of gnupg-x.y.z.tar.gz. The key used to - create this signature is: - - "pub 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) " - - If you do not have this key, you can get it from the source in - the file doc/samplekeys.asc (use "gpg --import doc/samplekeys.asc" - to add it to the keyring) or from any keyserver. You have to - make sure that this is really the key and not a faked one. You - can do this by comparing the output of: - - $ gpg --fingerprint 0x57548DCD - - with the fingerprint published elsewhere. - - Please note, that you have to use an old version of GnuPG to - do all this stuff. *Never* use the version which you are going - to check! - - - b) If you don't have any of the above programs, you have to verify - the MD5 checksum: - - $ md5sum gnupg-x.y.z.tar.gz - - This should yield an output _similar_ to this: - - fd9351b26b3189c1d577f0970f9dcadc gnupg-x.y.z.tar.gz - - Now check that this checksum is _exactly_ the same as the one - published via the announcement list and probably via Usenet. - - - - Documentation - ------------- - The manual will be distributed separate under the name "gph". - An online version of the latest manual draft is available at the - GnuPG web pages: - - http://www.gnupg.org/gph/ - - A list of frequently asked questions is available in GnuPG's - distibution in the file doc/FAQ and online as: - - http://www.gnupg.org/faq.html - - A couple of HOWTO documents are available online; for a listing see: - - http://www.gnupg.org/docs.html#howtos - - A man page with a description of all commands and options gets installed - along with the program. - - - Introduction - ------------ - Here is a brief overview on how to use GnuPG - it is strongly suggested - that you read the manual and other information about the use of - cryptography. GnuPG is only a tool, secure usage requires that - YOU KNOW WHAT YOU ARE DOING. - - If you already have a DSA key from PGP 5 (they call them DH/ElGamal) - you can simply copy the pgp keyrings over the GnuPG keyrings after - running gpg once to create the correct directory. - - The normal way to create a key is - - gpg --gen-key - - This asks some questions and then starts key generation. To create - good random numbers for the key parameters, GnuPG needs to gather - enough noise (entropy) from your system. If you see no progress - during key generation you should start some other activities such - as mouse moves or hitting on the CTRL and SHIFT keys. - - Generate a key ONLY on a machine where you have direct physical - access - don't do it over the network or on a machine used also - by others - especially if you have no access to the root account. - - When you are asked for a passphrase use a good one which you can - easy remember. Don't make the passphrase too long because you have - to type it for every decryption or signing; but, - AND THIS IS VERY - IMPORTANT - use a good one that is not easily to guess because the - security of the whole system relies on your secret key and the - passphrase that protects it when someone gains access to your secret - keyring. A good way to select a passphrase is to figure out a short - nonsense sentence which makes some sense for you and modify it by - inserting extra spaces, non-letters and changing the case of some - characters - this is really easy to remember especially if you - associate some pictures with it. - - Next, you should create a revocation certificate in case someone - gets knowledge of your secret key or you forgot your passphrase - - gpg --gen-revoke your_user_id - - Run this command and store the revocation certificate away. The output - is always ASCII armored, so that you can print it and (hopefully - never) re-create it if your electronic media fails. - - Now you can use your key to create digital signatures - - gpg -s file - - This creates a file "file.gpg" which is compressed and has a - signature attached. - - gpg -sa file - - Same as above, but creates a file "file.asc" which is ASCII armored - and and ready for sending by mail. It is better to use your - mailers features to create signatures (The mailer uses GnuPG to do - this) because the mailer has the ability to MIME encode such - signatures - but this is not a security issue. - - gpg -s -o out file - - Creates a signature of "file", but writes the output to the file - "out". - - Everyone who knows your public key (you can and should publish - your key by putting it on a key server, a web page or in your .plan - file) is now able to check whether you really signed this text - - gpg --verify file - - GnuPG now checks whether the signature is valid and prints an - appropriate message. If the signature is good, you know at least - that the person (or machine) has access to the secret key which - corresponds to the published public key. - - If you run gpg without an option it will verify the signature and - create a new file that is identical to the original. gpg can also - run as a filter, so that you can pipe data to verify trough it - - cat signed-file | gpg | wc -l - - which will check the signature of signed-file and then display the - number of lines in the original file. - - To send a message encrypted to someone you can use - - gpg -e -r heine file - - This encrypts "file" with the public key of the user "heine" and - writes it to "file.gpg" - - echo "hello" | gpg -ea -r heine | mail heine - - Ditto, but encrypts "hello\n" and mails it as ASCII armored message - to the user with the mail address heine. - - gpg -se -r heine file - - This encrypts "file" with the public key of "heine" and writes it - to "file.gpg" after signing it with your user id. - - gpg -se -r heine -u Suttner file - - Ditto, but sign the file with your alternative user id "Suttner" - - - GnuPG has some options to help you publish public keys. This is - called "exporting" a key, thus - - gpg --export >all-my-keys - - exports all the keys in the keyring and writes them (in a binary - format) to "all-my-keys". You may then mail "all-my-keys" as an - MIME attachment to someone else or put it on an FTP server. To - export only some user IDs, you give them as arguments on the command - line. - - To mail a public key or put it on a web page you have to create - the key in ASCII armored format - - gpg --export --armor | mail panther@tiger.int - - This will send all your public keys to your friend panther. - - If you have received a key from someone else you can put it - into your public keyring. This is called "importing" - - gpg --import [filenames] - - New keys are appended to your keyring and already existing - keys are updated. Note that GnuPG does not import keys that - are not self-signed. - - Because anyone can claim that a public key belongs to her - we must have some way to check that a public key really belongs - to the owner. This can be achieved by comparing the key during - a phone call. Sure, it is not very easy to compare a binary file - by reading the complete hex dump of the file - GnuPG (and nearly - every other program used for management of cryptographic keys) - provides other solutions. - - gpg --fingerprint - - prints the so called "fingerprint" of the given username which - is a sequence of hex bytes (which you may have noticed in mail - sigs or on business cards) that uniquely identifies the public - key - different keys will always have different fingerprints. - It is easy to compare fingerprints by phone and I suggest - that you print your fingerprint on the back of your business - card. To see the fingerprints of the secondary keys, you can - give the command twice; but this is normally not needed. - - If you don't know the owner of the public key you are in trouble. - Suppose however that friend of yours knows someone who knows someone - who has met the owner of the public key at some computer conference. - Suppose that all the people between you and the public key holder - may now act as introducers to you. Introducers signing keys thereby - certify that they know the owner of the keys they sign. If you then - trust all the introducers to have correctly signed other keys, you - can be be sure that the other key really belongs to the one who - claims to own it.. - - There are 2 steps to validate a key: - 1. First check that there is a complete chain - of signed keys from the public key you want to use - and your key and verify each signature. - 2. Make sure that you have full trust in the certificates - of all the introduces between the public key holder and - you. - Step 2 is the more complicated part because there is no easy way - for a computer to decide who is trustworthy and who is not. GnuPG - leaves this decision to you and will ask you for a trust value - (here also referenced as the owner-trust of a key) for every key - needed to check the chain of certificates. You may choose from: - a) "I don't know" - then it is not possible to use any - of the chains of certificates, in which this key is used - as an introducer, to validate the target key. Use this if - you don't know the introducer. - b) "I do not trust" - Use this if you know that the introducer - does not do a good job in certifying other keys. The effect - is the same as with a) but for a) you may later want to - change the value because you got new information about this - introducer. - c) "I trust marginally" - Use this if you assume that the - introducer knows what he is doing. Together with some - other marginally trusted keys, GnuPG validates the target - key then as good. - d) "I fully trust" - Use this if you really know that this - introducer does a good job when certifying other keys. - If all the introducer are of this trust value, GnuPG - normally needs only one chain of signatures to validate - a target key okay. (But this may be adjusted with the help - of some options). - This information is confidential because it gives your personal - opinion on the trustworthiness of someone else. Therefore this data - is not stored in the keyring but in the "trustdb" - (~/.gnupg/trustdb.gpg). Do not assign a high trust value just - because the introducer is a friend of yours - decide how well she - understands the implications of key signatures and you may want to - tell her more about public key cryptography so you can later change - the trust value you assigned. - - Okay, here is how GnuPG helps you with key management. Most stuff - is done with the --edit-key command - - gpg --edit-key - - GnuPG displays some information about the key and then prompts - for a command (enter "help" to see a list of commands and see - the man page for a more detailed explanation). To sign a key - you select the user ID you want to sign by entering the number - that is displayed in the leftmost column (or do nothing if the - key has only one user ID) and then enter the command "sign" and - follow all the prompts. When you are ready, give the command - "save" (or use "quit" to cancel your actions). - - If you want to sign the key with another of your user IDs, you - must give an "-u" option on the command line together with the - "--edit-key". - - Normally you want to sign only one user ID because GnuPG - uses only one and this keeps the public key certificate - small. Because such key signatures are very important you - should make sure that the signatories of your key sign a user ID - which is very likely to stay for a long time - choose one with an - email address you have full control of or do not enter an email - address at all. In future GnuPG will have a way to tell which - user ID is the one with an email address you prefer - because - you have no signatures on this email address it is easy to change - this address. Remember, your signatories sign your public key (the - primary one) together with one of your user IDs - so it is not possible - to change the user ID later without voiding all the signatures. - - Tip: If you hear about a key signing party on a computer conference - join it because this is a very convenient way to get your key - certified (But remember that signatures have nothing to to with the - trust you assign to a key). - - - 8 Ways to Specify a User ID - -------------------------- - There are several ways to specify a user ID, here are some examples. - - * Only by the short keyid (prepend a zero if it begins with A..F): - - "234567C4" - "0F34E556E" - "01347A56A" - "0xAB123456 - - * By a complete keyid: - - "234AABBCC34567C4" - "0F323456784E56EAB" - "01AB3FED1347A5612" - "0x234AABBCC34567C4" - - * By a fingerprint: - - "1234343434343434C434343434343434" - "123434343434343C3434343434343734349A3434" - "0E12343434343434343434EAB3484343434343434" - - The first one is MD5 the others are ripemd160 or sha1. - - * By an exact string: - - "=Heinrich Heine " - - * By an email address: - - "" - - * By word match - - "+Heinrich Heine duesseldorf" - - All words must match exactly (not case sensitive) and appear in - any order in the user ID. Words are any sequences of letters, - digits, the underscore and characters with bit 7 set. - - * Or by the usual substring: - - "Heine" - "*Heine" - - The '*' indicates substring search explicitly. - - - Batch mode - ---------- - If you use the option "--batch", GnuPG runs in non-interactive mode and - never prompts for input data. This does not even allow entering the - passphrase. Until we have a better solution (something like ssh-agent), - you can use the option "--passphrase-fd n", which works like PGP's - PGPPASSFD. - - Batch mode also causes GnuPG to terminate as soon as a BAD signature is - detected. - - - Exit status - ----------- - GnuPG returns with an exit status of 1 if in batch mode and a bad signature - has been detected or 2 or higher for all other errors. You should parse - stderr or, better, the output of the fd specified with --status-fd to get - detailed information about the errors. - - - Configure options - ----------------- - Here is a list of configure options which are sometime useful - for installation. - - --enable-static-rnd= - Force the use of the random byte gathering - module . Default is either to use /dev/random - or the auto mode. Value for name: - egd - Use the module which accesses the - Entropy Gathering Daemon. See the webpages - for more information about it. - unix - Use the standard Unix module which does not - have a very good performance. - linux - Use the module which accesses /dev/random. - This is the first choice and the default one - for GNU/Linux or *BSD. - auto - Compile linux, egd and unix in and - automagically select at runtime. + Using N of -2 includes all certificate except for the Root cert, + -1 includes all certs, 0 does not include any certs, 1 includes only + the signers cert (this is the default) and all other positives + values include up to N certs starting with the signer cert. - --with-egd-socket= - This is only used when EGD is used as random - gatherer. GnuPG uses by default "~/.gnupg/entropy" - as the socket to connect EGD. Using this option the - socket name can be changed. You may use any filename - here with 2 exceptions: a filename starting with - "~/" uses the socket in the homedirectory of the user - and one starting with a "=" uses a socket in the - GnuPG homedirectory which is bye default "~/.gnupg". - - --with-included-zlib - Forces usage of the local zlib sources. Default is - to use the (shared) library of the system. +--policy-file - --with-included-gettext - Forces usage of the local gettext sources instead of - the one provided by your system. + Chnage the deault name of the policy file - --disable-nls - Disable NLS support (See the file ABOUT-NLS) +--enable-policy-checks +--disable-policy-checks - --enable-m-guard - Enable the integrated malloc checking code. Please - note that this feature does not work on all CPUs - (e.g. SunOS 5.7 on UltraSparc-2) and might give - you a bus error. + By default policy checks are enabled. These options may be used to + change it. - --disable-dynload - If you have problems with dynamic loading, this - option disables all dynamic loading stuff. Note - that the use of dynamic linking is very limited. +--enable-crl-checks +--disable-crl-checks - --disable-asm - Do not use assembler modules. It is not possible - to use this on some CPU types. - - --disable-exec - Disable all remote program execution. This - disables photo ID viewing as well as all keyserver - types aside from HKP. + By default the CRL checks are enabled and the DirMngr is used to + check for revoked certificates. The disable option is most useful + with a off-line connection to suppres this check. - --disable-photo-viewers - Disable only photo ID viewing. +--agent-program - --disable-keyserver-helpers - Disable only keyserver helpers (not including - HKP). + Specify an agent program to be used for secret key operations. The + default value is "../agent/gpg-agent". This is only used as a + fallback when the envrionment varaibale GPG_AGENT_INFO is not set or + a running agent can't be connected. + +--dirmngr-program - --disable-keyserver-path - Disables the user's ability to use the exec-path - feature to add additional search directories when - executing a keyserver helper. + Specify a dirmngr program to be used for CRL checks. The default + value is "/usr/sbin/dirmngr". This is only used as a fallback when + the envrionment varaibale DIRMNGR_INFO is not set or a running + dirmngr can't be connected. - --with-photo-viewer=FIXED_VIEWER - Force the photo viewer to be FIXED_VIEWER and - disable any ability for the user to change it in - their options file. +--no-secmem-warning + Don't print the warning "no secure memory" - Installation Problems - --------------------- - If you get unresolved externals "gettext" you should run configure - again with the option "--with-included-gettext"; this is version - 0.10.35 which is available at alpha.gnu.org. +--armor - If you have other compile problems, try the configure options - "--with-included-zlib" or "--disable-nls" (See ABOUT-NLS) or - --disable-dynload. + Create PEM ecoded output. Default is binary output. - We can't check all assembler files, so if you have problems - assembling them (or the program crashes) use --disable-asm with - ./configure. The configure scripts may consider several - subdirectories to get all available assembler files; be sure to - delete the correct ones. The assembler replacements are in C and - in mpi/generic; never delete udiv-qrnnd.S in any CPU directory, - because there may be no C substitute. Don't forget to delete - "config.cache" and run "./config.status --recheck". +--base64 - Some make tools are broken - the best solution is to use GNU's - make. Try gmake or grab the sources from a GNU archive and - install them. + Create Base-64 encoded output; i.e. PEM without the header lines. - On some OSF systems you may get unresolved externals. This is a - libtool problem and the workaround is to manually remove all the - "-lc -lz" but the last one from the linker line and execute them - manually. +--assume-armor - On some architectures you see warnings like: - longlong.h:175: warning: function declaration isn't a prototype - or - http.c:647: warning: cast increases required alignment of target type - This doesn't matter and we know about it (actually it is due to - some warning options which we have enabled for gcc) + Assume the input data is PEM encoded. Default is to autodetect the + encoding but this is may fail. +--assume-base64 - Specific problems on some machines - ---------------------------------- + Assume the input data is plain base-64 encoded. - * IBM RS/6000 running AIX: +--assume-binary - Due to a change in gcc (since version 2.8) the MPI stuff may - not build. In this case try to run configure using: - CFLAGS="-g -O2 -mcpu=powerpc" ./configure + Assume the input data is binary encoded. - * Compaq C V6.2 for alpha: +--server - You may want to use the option "-msg-disable ptrmismatch1" - to get rid of the sign/unsigned char mismatch warnings. + Run in server mode. This is used by GPGME to control gpgsm. See + the assuan specification regarding gpgsm about the used protocol. + Some options are ignored in server mode. - * SVR4.2 (ESIX V4.2 cc) +--local-user - Due to problems with the ESIX as, you probably want to do - CFLAGS="-O -K pentium" ./configure --disable-asm - Reported by Reinhard Wobst. + Set the user to be used for signing. The default is the first + secret key found in the database. + +--with-key-data + + Displays extra information with the --list-keys commands. Especiall + a line tagged "grp" si printed which tells you the keygrip of a + key. This is string is for example used as the filename of the + secret key. - The Random Device - ----------------- +gpg-agent: +--------- - Random devices are available in Linux, FreeBSD and OpenBSD. - Operating systems without a random devices must use another - entropy collector. +--pinentry-program - This collector works by running a lot of commands that yield more - or less unpredictable output and feds this as entropy into the - random generator - It should work reliably but you should check - whether it produces good output for your version of Unix. There - are some debug options to help you (see cipher/rndunix.c). + Specify the PINentry program. The default value is + "../../pinentry/kpinentry/kpinentry" so you most likely want to + specify it. + +--no-grab + + Tel the pinentry not to grab keybourd and mouse. You most likely + want to give this option during testing and development to avoid + lockups in case of bugs. + + - Creating an RPM package - ----------------------- - The file scripts/gnupg.spec is used to build a RPM package (both - binary and src): - 1. copy the spec file into /usr/src/redhat/SPECS - 2. copy the tar file into /usr/src/redhat/SOURCES - 3. type: rpm -ba SPECS/gnupg.spec - Or use the -t (--tarbuild) option of rpm: - 1. rpm -ta gnupg-x.x.x.tar.gz +FILES +===== - The binary rpm file can now be found in /usr/src/redhat/RPMS, source - rpm in /usr/src/redhat/SRPMS +The default home directory is ~/.gnupg. It can be changed by +either the --homedir option or by seting the environment variable +GNUPGHOME. This is a list of files usually found in this directory: + +gpgsm.conf + + Options for gpgsm. Options are the same as the command line + options but don't enter the leading dashes and give arguments + without an equal sign. Blank lines and lines starting with a + hash mark as the first non whitye space character are ignored. + +gpg-agent.conf + + Options for gpg-agent + +scdaemon.conf + + Options for scdaemon. + +dirmngr.conf + + Options for the DirMngr which is not part of this package and + the option file wilol most likely be moved to /etc + +gpg.conf + + Options for gpg. Note that old versions of gpg use the + filename `options' instead of `gpg.conf'. + +policies.txt + + A list of allowed CA policies. This file should give the + object identifiers of the policies line by line. emptry lines + and lines startung with a hash mark are ignored. + + ++++++++++ + 2.289.9.9 + ++++++++++ + +trustlist.txt + + A list of trusted certificates usually maintained by + gpg-agent. It can however be edited manually. The file will + be created automagically with some explaining comments. + +random_seed + + Used internally for keeping the state of the RNG over + invocations. + +pubring.kbx + + The database file with the certificates. + +pubring.gpg + + The database file with the OpenPGP public keys. This will + eventually be merged with pubring.kbx + +secring.gpg + + The database file with the OpenPGP secret keys. This will be + removed when gpg is changed to make use of the gpg-agent. - How to Get More Information - --------------------------- +private-keys-v1.d/ - The primary WWW page is "http://www.gnupg.org" - The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" + Directory holding the private keys maintained by gpg-agent. + For detailed info see agent/keyformat.txt. Note that there is + a helper tool gpg-protect-tool which may be used to protect or + unprotect keys. This is however nothing a user should care + about. - See http://www.gnupg.org/mirrors.html for a list of mirrors - and use them if possible. You may also find GnuPG mirrored on - some of the regular GNU mirrors. - We have some mailing lists dedicated to GnuPG: +How to specify a user ID +======================== - gnupg-announce@gnupg.org For important announcements like - new versions and such stuff. - This is a moderated list and has - very low traffic. +Due to the way X.509 certificates are made up we need a few new ways +to specify a certificate (aka key in OpenPGP). In addition to the +ways a user ID can be specified with gpg, I have implemented 3 new +modes for gpgsm, here is the entire list of ways to specify a key: - gnupg-users@gnupg.org For general user discussion and - help. + * By keyID. - gnupg-devel@gnupg.org GnuPG developers main forum. + This format is deducded from the length of the string and its + content or "0x" prefix. For use with OpenPGP a exclamation mark may + be appended to force use of the specified (sub)key. - You subscribe to one of the list by sending mail with a subject - of "subscribe" to x-request@gnupg.org, where x is the name of the - mailing list (gnupg-announce, gnupg-users, etc.). An archive of - the mailing lists is available at http://lists.gnupg.org . + As with v34 OpenPGP keys, the keyID of an X509 certificate are the + low 64 bits of the SHA-1 fingerprint. The use of keyIDs is just a + shortcut, for all automated processing the fingerprint should be + used. - Please direct bug reports to or post - them direct to the mailing list . + Examples: - Please direct questions about GnuPG to the users mailing list or - one of the pgp newsgroups; please do not direct questions to one - of the authors directly as we are busy working on improvements - and bug fixes. Both mailing lists are watched by the authors - and we try to answer questions when time allows us to do so. + 234567C4 + 0F34E556E + 01347A56A + 0xAB123456 + + 234AABBCC34567C4 + 0F323456784E56EAB + 01AB3FED1347A5612 + 0x234AABBCC34567C4 + + * By fingerprint + + This is format is deduced from the length of the string and its + content or "0x" prefix. Note, that only the 20 byte fingerprint is + used with GPGSM (SHA-1 hash of the certificate). For use with + OpenPGP a exclamation mark may be appended to force use of the + specified (sub)key. + + Examples: + + 1234343434343434C434343434343434 + 123434343434343C3434343434343734349A3434 + 0E12343434343434343434EAB3484343434343434 + 0xE12343434343434343434EAB3484343434343434 + + * Exact match on OpenPGP user ID + + This is denoted by a leading equal sign. It does not make much + sense for X.509. + + Example: + + =Heinrich Heine + + * Exact match on an email address. + + This is indicated by enclosing the email address in the usual way + with left and right angles + + Example: + + + + * Word match + + All words must match exactly (not case sensitive) but can appear in + any order in the user ID or a subjects name. Words are any + sequences of letters, digits, the underscore and all characters + with bit 7 set. + + Example: + + +Heinrich Heine duesseldorf + + * [NEW] Exact match by subject's DN + + This is indicated by a leading slash, directly followed by the + rfc2253 encoded DN of the subject. + + Example: + + /CN=Henrich Heine,O=Poets,L=Paris,C=FR + + * [NEW] Excact match by issuer's DN + + This is indicated by a leading hash mark, directly followed by a + slash and then directly followed by the rfc2253 encoded DN of the + issuer. This should return the Root cert of the issuer + + Example: + + #/CN=Root Cert,O=Poets,L=Paris,C=FR + + * [NEW] Exact match by serial number and subject's DN + + This is indicated by a hash mark, followed by the hexadecmal + representation of the serial number, the followed by a slahs and + the RFC2253 encoded DN of the issuer. + + Example: + + #4F03/CN=Root Cert,O=Poets,L=Paris,C=FR + + * Substring match + + By case insensitive substring matching. This is the default mode + but applications may want to explicitly indicate this by putting + the asterisk in front. + + Example: + + Heine + *Heine + + +Please note that we have reused the hash mark indentifier which was +used in old GnuPG versions to indicate the so called local-id. It is +not anymore used and there should be no conflict when used with X.509 +stuff. + +Using the rfc2253 format of DNs has the drawback that it is not +possible to map them back to the original encoding, however we don't +have to do this, because our key database stores this encoding as meta +data. + +Some of the search modes are not yet implemented ;-) + + +How to import a private key +=========================== +There is some limited support to import a private key from a PKCS-12 +file. Note, that this does only import the private key and not any +certificates available in that file. + + gpg-protect-tool --p12-import --store foo.p12 + +This require that the gpg-agent is running, alternative you may give +the passphrase on the commandline using the option "-P " - +however this is in general not a good idea. If that key already +exists, the protect-tool refuses to store it unless you use the option +"--force". + +How to export a private key +=========================== +There is also limited support to export a private key in PKCS-12 +format. However the certificate is not stored and there is no MAC applied. + + gpg-protect-tool --p12-export foo.key >foo.p12 - Commercial grade support for GnuPG is available; please see - the GNU service directory or search other resources. diff --git a/THANKS b/THANKS index e54cf65bd..9047c1c18 100644 --- a/THANKS +++ b/THANKS @@ -1,232 +1,3 @@ -GnuPG was originally written by Werner Koch. Other people contributed by -reporting problems, suggesting various improvements or submitting actual -code. Here is a list of those people. Help me keep it complete and free of -errors. -Adam Mitchell adam@cafe21.org -Albert Chin china@thewrittenword.com -Alec Habig habig@budoe2.bu.edu -Allan Clark allanc@sco.com -Anand Kumria wildfire@progsoc.uts.edu.au -Andreas Haumer andreas@xss.co.at -Anthony Mulcahy anthony@kcn.ne.jp -Ariel T Glenn ariel@columbia.edu -Bob Mathews bobmathews@mindspring.com -Bodo Moeller Bodo_Moeller@public.uni-hamburg.de -Brendan O'Dea bod@debian.org -Brenno de Winter brenno@dewinter.com -Brian M. Carlson karlsson@hal-pc.org -Brian Moore bem@cmc.net -Brian Warner warner@lothar.com -Bryan Fullerton bryanf@samurai.com -Caskey L. Dickson caskey@technocage.com -Cees van de Griend cees-list@griend.xs4all.nl -Charles Levert charles@comm.polymtl.ca -Chip Salzenberg chip@valinux.com -Chris Adams cmadams@hiwaay.net -Christian Biere christianbiere@gmx.de -Christian Kurz shorty@debian.org -Christian von Roques roques@pond.sub.org -Christopher Oliver oliver@fritz.traverse.net -Christian Recktenwald chris@citecs.de -Dan Winship danw@helixcode.com -Daniel Eisenbud eisenbud@cs.swarthmore.edu -Daniel Koening dan@mail.isis.de -Daniel Resare daniel@resare.com -Dave Dykstra dwd@bell-labs.com -David C Niemi niemi@tuxers.net -David Champion dgc@uchicago.edu -David D. Scribner dscribner@bigfoot.com -David Ellement ellement@sdd.hp.com -David Hallinan hallinan@rtd.com -David Hollenberg dhollen@ISI.EDU -David Mathog MATHOG@seqaxp.bio.caltech.edu -David R. Bergstein dbergstein@home.com -David Shaw dshaw@jabberwocky.com -Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de -Dimitri dmitri@advantrix.com -Dirk Lattermann dlatt@t-online.de -Dirk Meyer dirk.meyer@dinoex.sub.org -Disastry Disastry@saiknes.lv -Douglas Calvert dfc@anize.org -Ed Boraas ecxjo@esperanto.org -Edmund GRIMLEY EVANS edmundo@rano.org -Edwin Woudt edwin@woudt.nl -Enzo Michelangeli em@MailAndNews.com -Ernst Molitor ernst.molitor@uni-bonn.de -Fabio Coatti cova@ferrara.linux.it -Felix von Leitner leitner@amdiv.de -fish stiqz fish@analog.org -Florian Weimer Florian.Weimer@rus.uni-stuttgart.de -Francesco Potorti pot@gnu.org -Frank Donahoe fdonahoe@wilkes1.wilkes.edu -Frank Heckenbach heckenb@mi.uni-erlangen.de -Frank Stajano frank.stajano@cl.cam.ac.uk -Frank Tobin ftobin@uiuc.edu -Gabriel Rosenkoetter gr@eclipsed.net -Gaël Quéri gael@lautre.net -Gene Carter gcarter@lanier.com -Georg Schwarz georg.schwarz@iname.com -Giampaolo Tomassoni g.tomassoni@libero.it -Gilbert Fernandes gilbert_fernandes@hotmail.com -Greg Louis glouis@dynamicro.on.ca -Greg Troxel gdt@ir.bbn.com -Gregory Steuck steuck@iname.com -Geoff Keating geoffk@ozemail.com.au -Harald Denker harry@hal.westfalen.de -Holger Baust Holger.Baust@freenet-ag.de -Hendrik Buschkamp buschkamp@rheumanet.org -Holger Schurig holger@d.om.org -Holger Smolinski smolinsk@de.ibm.com -Holger Trapp Holger.Trapp@informatik.tu-chemnitz.de -Hugh Daniel hugh@toad.com -Huy Le huyle@ugcs.caltech.edu -Ian McKellar imckellar@harvestroad.com.au -Ingo Klöcker kloecker@kde.org -Ivo Timmermans itimmermans@bigfoot.com -Jan Krueger max@physics.otago.ac.nz -Jan Niehusmann jan@gondor.com -Janusz A. Urbanowicz alex@bofh.torun.pl -James Troup james@nocrew.org -Jean-loup Gailly gzip@prep.ai.mit.edu -Jeff Long long@kestrel.cc.ukans.edu -Jeffery Von Ronne jronne@ics.uci.edu -Jens Bachem bachem@rrz.uni-koeln.de -Jeroen C. van Gelderen jeroen@vangelderen.org -J Horacio MG homega@ciberia.es -J. Michael Ashley jashley@acm.org -Jim Bauer jfbauer@home.com -Jim Small cavenewt@my-deja.com -Joachim Backes backes@rhrk.uni-kl.de -Joe Rhett jrhett@isite.net -John A. Martin jam@jamux.com -Johnny Teveßen j.tevessen@gmx.de -Jörg Schilling schilling@fokus.gmd.de -Jos Backus Jos.Backus@nl.origin-it.com -Jun Kuriyama kuriyama@sky.rim.or.jp -Kahil D. Jallad kdj4@cs.columbia.edu -Karl Fogel kfogel@guanabana.onshore.com -Karsten Thygesen karthy@kom.auc.dk -Katsuhiro Kondou kondou@nec.co.jp -Kazu Yamamoto kazu@iijlab.net -Keith Clayton keith@claytons.org -Kevin Ryde user42@zip.com.au -Klaus Singvogel ks@caldera.de -Kurt Garloff garloff@suse.de -Lars Kellogg-Stedman lars@bu.edu -L. Sassaman rabbi@quickie.net -M Taylor mctaylor@privacy.nb.ca -Marcel Waldvogel mwa@arl.wustl.edu -Marco d'Itri md@linux.it -Marco Parrone marc0@autistici.org -Marcus Brinkmann Marcus.Brinkmann@ruhr-uni-bochum.de -Mark Adler madler@alumni.caltech.edu -Mark Elbrecht snowball3@bigfoot.com -Mark Pettit pettit@yahoo-inc.com -Markus Friedl Markus.Friedl@informatik.uni-erlangen.de -Martin Kahlert martin.kahlert@provi.de -Martin Hamilton -Martin Schulte schulte@thp.uni-koeln.de -Matt Kraai kraai@alumni.carnegiemellon.edu -Matthew Skala mskala@ansuz.sooke.bc.ca -Matthew Wilcox matthew@wil.cx -Matthias Urlichs smurf@noris.de -Max Valianskiy maxcom@maxcom.ml.org -Michael Engels michael.engels@uni-duesseldorf.de -Michael Fischer v. Mollard mfvm@gmx.de -Michael Roth mroth@nessie.de -Michael Sobolev mss@despair.transas.com -Michael Tokarev mjt@tls.msk.ru -Nicolas Graner Nicolas.Graner@cri.u-psud.fr -Mike McEwan mike@lotusland.demon.co.uk -Neal H Walfield neal@cs.uml.edu -NIIBE Yutaka gniibe@chroot.org -Niklas Hernaeus -Nimrod Zimerman zimerman@forfree.at -N J Doye nic@niss.ac.uk -Oliver Haakert haakert@hsp.de -Oskari Jääskeläinen f33003a@cc.hut.fi -Pascal Scheffers Pascal@scheffers.net -Paul D. Smith psmith@baynetworks.com -Per Cederqvist ceder@lysator.liu.se -Phil Blundell pb@debian.org -Philippe Laliberte arsphl@oeil.qc.ca -Peter Fales psfales@lucent.com -Peter Gutmann pgut001@cs.auckland.ac.nz -Peter Marschall Peter.Marschall@gedos.de -Peter Valchev pvalchev@openbsd.org -Piotr Krukowiecki piotr@pingu.ii.uj.edu.pl -QingLong qinglong@bolizm.ihep.su -Ralph Gillen gillen@theochem.uni-duesseldorf.de -Rat ratinox@peorth.gweep.net -Reinhard Wobst R.Wobst@ifw-dresden.de -Rémi Guyomarch rguyom@mail.dotcom.fr -Reuben Sumner rasumner@wisdom.weizmann.ac.il -Richard Outerbridge outer@interlog.com -Robert Joop rj@rainbow.in-berlin.de -Roddy Strachan roddy@satlink.com.au -Roger Sondermann r.so@bigfoot.com -Roland Rosenfeld roland@spinnaker.rhein.de -Roman Pavlik rp@tns.cz -Ross Golder rossigee@bigfoot.com -Ryan Malayter rmalayter@bai.org -Sam Roberts sam@cogent.ca -Sami Tolvanen sami@tolvanen.com -Sean MacLennan seanm@netwinder.org -Sebastian Klemke packet@convergence.de -Serge Munhoven munhoven@mema.ucl.ac.be -SL Baur steve@xemacs.org -Stefan Bellon sbellon@sbellon.de -Stefan Karrmann S.Karrmann@gmx.net -Stefan Keller dres@cs.tu-berlin.de -Steffen Ullrich ccrlphr@xensei.com -Steffen Zahn zahn@berlin.snafu.de -Steven Bakker steven@icoe.att.com -Steven Murdoch sjmurdoch@bigfoot.com -Susanne Schultz schultz@hsp.de -Ted Cabeen secabeen@pobox.com -Thiago Jung Bauermann jungmann@cwb.matrix.com.br -Thomas Roessler roessler@guug.de -Tim Mooney mooney@dogbert.cc.ndsu.nodak.edu -Timo Schulz towaday@freakmail.de -TOGAWA Satoshi Satoshi.Togawa@jp.yokogawa.com -Tom Spindler dogcow@home.merit.edu -Tom Zerucha tzeruch@ceddec.com -Tomas Fasth tomas.fasth@twinspot.net -Tommi Komulainen Tommi.Komulainen@iki.fi -Thomas Klausner wiz@danbala.ifoer.tuwien.ac.at -Tomasz Kozlowski tomek@rentec.com -Thomas Mikkelsen tbm@image.dk -Ulf Möller 3umoelle@informatik.uni-hamburg.de -Urko Lusa ulusa@euskalnet.net -Vincent P. Broman broman@spawar.navy.mil -W Lewis wiml@hhhh.org -Walter Hofmann Walter.Hofmann@physik.stud.uni-erlangen.de -Walter Koch koch@hsp.de -Wayne Chapeskie waynec@spinnaker.com -Werner Koch wk@gnupg.org -Wim Vandeputte bunbun@reptile.rug.ac.be -Winona Brown win@huh.org -Yosiaki IIDA iida@ring.gr.jp -Yoshihiro Kajiki kajiki@ylug.org - nbecker@hns.com -Thanks to the German Unix User Group for sponsoring this project, -Martin Hamilton for hosting the first mailing list and OpenIT for -cheap hosting conditions. - -The development of this software has partly been funded by the German -Ministry for Economics and Technology under grant VIB3-68553.168-001/1999. - -Many thanks to my wife Gerlinde for having so much patience with -me while hacking late in the evening. - - Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +Richard Lefebvre rick@CERCA.UMontreal.CA diff --git a/TODO b/TODO index b013c6f81..379a1780a 100644 --- a/TODO +++ b/TODO @@ -1,104 +1,61 @@ - * Reword the "Not enough entropy" messages. + -*- outline -*- - * Do we need a configure test for putenv? +* src/base64 +** Make parsing more robust +Currently we don't cope with overlong lines in the best way. - * Check for consistent spelling of user ID, key ID etc. - Replace "user id not found" in getkey.c by "no valid user ID found". - - * Describe some pitfalls when using EGD. Check that ~/.gnupg/entropy - really is the default. What about needed permission? +* sm/call-agent.c +** The protocol uses an incomplete S-expression +We should always use valid S-Exp and not just parts. +** Some code should go into import.c +** When we allow concurrent service request in gpgsm, we +might want to have an agent context for each service request +(i.e. Assuan context). - * Using an expired key for signing should give an error message - "expired key" and not "unusable key'. Furthermore the error should - also be thrown when the default key has expired. Reported by - Eric.VanBuggenhaut add AdValvas.be. +* sm/certreqgen.c +** Improve error reporting +** Do some basic checks on the supplied DNs - * pause scrolling help in --edit-key and elsewhere. +* sm/certchain.c +** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent. +** figure out how to auto retrieve a key by serialno+issuer. + Dirmngr is currently not able to parse more than the CN. - * getkey does not return revoked/expired keys - therefore it is not - possible to override it. +* sm/decrypt.c +** replace leading zero in integer hack by a cleaner solution - * Selection using +wordlist does not work. - What about adding a feature -word to the +wordlist search mode. +* sm/sign.c +** Don't hardcode the use of RSA. - * Check the changes to the gpg random gatherer on all W32 platforms. +* sm/gpgsm.c +** Support --output +** mark all unimplemented commands and options. - * Show more info does not work from edit->trust - - * Check that no secret temporary results are stored in the result parameter - of the mpi functions. We have already done this for mpi-mul.c - - * We need another special packet at the end of a clearsign message to mark - it's end and allow for multiple signature for one message. And - add a real grammar to the code in mainproc.c - - * If there is no secure memory, allocate more memory for the secure - memory block or do it in all cases. - - * add some minor things vor VMS. - - * Use DSA keys with the test suite (partly done) - - * Fix the bug in the mips assembler code - - * Add a way to show the fingerprint of an key signator's keys - - * Add an is_valid flag to each user ID. - - * Replace the printing of the user name by [self-signature] when - appropriate so that a key listing does not get clobbered. - - * Concatenated encryption messages don't work corectly - only the - first one is processed. - - * Add option to put the list of recipients (from the encryption - layer) into the signatures notation data. - - * --disable-asm should still assemble _udiv_qrnnd when needed - - * Get new assembler stuff from gmp 3.1 - - * use DEL and ^H for erasing the previous character (util/ttyio.c). - or better readline. - - * add test cases for invalid data (scrambled armor or other random data) - - * add checking of armor trailers. Try to detect garbled header - lines. Often one dash is missing due to sloppy cut+paste; so add - a warning note like the one for QP. - - * the pubkey encrypt functions should do some sanity checks. - - * "gpg filename.tar.gz.asc" should work like --verify (-sab). - - * for messages created with "-t", it might make sense to append the - verification status of the message to the output (i.e. write something to - the --output file and not only to stderr. However the problem is - that we consider the message transpatrent and don't have any - indication of the used character set. To implement this feature - we need to make sure that all output is plain 7 bit ascii but - given that we need to print a user name, this does not make sense - at all. The only way this can be implemented is by assuming that - the message is encoded in utf8 and hope tht everyone starts to use - utf8 instead of latin-1 or whatever RSN. Hmmm, I myself should - start with this. - - * keyflags don't distinguish between {certify,signature}-only. - - * Instead of issuing a "signature packet without keyid" gpg should - try to get the keyID from a corresponding one-pass signature - packet (See bug report 817). This is not easy to do as we don't - store the one-pass packets. - - * cat foo | gpg --sign | gpg --list-packets - Does not list the signature packet. - - * When presenting the result of a verification show the user ID with - the highest trust level first instead of the primary one. +* sm/keydb.c +** Check file permissions +** Write a keybox header and check for that magic value. +** Check that all error code mapping is done. +** Remove the inter-module dependencies between gpgsm and keybox + + +* agent/command.c +** Make sure that secure memory is used where appropriate +** Implement option passing per connection (DISPLAY and TTY) + +* agent/pkdecrypt.c, agent/pksign.c +** Don't use stdio to return results. + +* agent/protect-tool.c +** Export and import certificates along with the secret key. +** Make it more comfortable; i.e. copy files to the correct place. + +* Move pkcs-1 encoding into libgcrypt. + +* Use a MAC to protect some files. + +* sm/export.c +** Return an error code or a status info per user ID. -Things we won't do ------------------- - * New option --file-remove path-to-wipe-program ? diff --git a/acinclude.m4 b/acinclude.m4 index 4a2c91672..e4ba95cb2 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -17,14 +17,6 @@ dnl You should have received a copy of the GNU General Public License dnl along with this program; if not, write to the Free Software dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA -dnl GNUPG_MSG_PRINT(STRING) -dnl print a message -dnl -define(GNUPG_MSG_PRINT, - [ echo $ac_n "$1"" $ac_c" 1>&AC_FD_MSG - ]) - - dnl GNUPG_CHECK_TYPEDEF(TYPE, HAVE_NAME) dnl Check whether a typedef exists and create a #define $2 if it exists dnl @@ -44,315 +36,95 @@ AC_DEFUN(GNUPG_CHECK_TYPEDEF, ]) -dnl GNUPG_CHECK_GNUMAKE -dnl -AC_DEFUN(GNUPG_CHECK_GNUMAKE, - [ - if ${MAKE-make} --version 2>/dev/null | grep '^GNU ' >/dev/null 2>&1; then - : - else - AC_MSG_WARN([[ -*** -*** It seems that you are not using GNU make. Some make tools have serious -*** flaws and you may not be able to build this software at all. Before you -*** complain, please try GNU make: GNU make is easy to build and available -*** at all GNU archives. It is always available from ftp.gnu.org:/gnu/make. -***]]) - fi - ]) - - -dnl GNUPG_CHECK_FAQPROG -dnl -AC_DEFUN(GNUPG_CHECK_FAQPROG, - [ AC_MSG_CHECKING(for faqprog.pl) - if faqprog.pl -V 2>/dev/null | grep '^faqprog.pl ' >/dev/null 2>&1; then - working_faqprog=yes - FAQPROG="faqprog.pl" - else - working_faqprog=no - FAQPROG=": " - fi - AC_MSG_RESULT($working_faqprog) - AC_SUBST(FAQPROG) - AM_CONDITIONAL(WORKING_FAQPROG, test "$working_faqprog" = "yes" ) - -dnl if test $working_faqprog = no; then -dnl AC_MSG_WARN([[ -dnl *** -dnl *** It seems that the faqprog.pl program is not installed; -dnl *** however it is only needed if you want to change the FAQ. -dnl *** (faqprog.pl should be available at: -dnl *** ftp://ftp.gnupg.org/pub/gcrypt/contrib/faqprog.pl ) -dnl *** No need to worry about this warning. -dnl ***]]) -dnl fi - ]) - -dnl GNUPG_CHECK_DOCBOOK_TO_TEXI -dnl -AC_DEFUN(GNUPG_CHECK_DOCBOOK_TO_TEXI, - [ - AC_CHECK_PROG(DOCBOOK_TO_TEXI, docbook2texi, yes, no) - AC_MSG_CHECKING(for sgml to texi tools) - working_sgmltotexi=no - if test "$ac_cv_prog_DOCBOOK_TO_TEXI" = yes; then - if sgml2xml -v /dev/null 2>&1 | grep 'SP version' >/dev/null 2>&1 ; then - working_sgmltotexi=yes - fi - fi - AC_MSG_RESULT($working_sgmltotexi) - AM_CONDITIONAL(HAVE_DOCBOOK_TO_TEXI, test "$working_sgmltotexi" = "yes" ) - ]) - - - -dnl GNUPG_CHECK_ENDIAN -dnl define either LITTLE_ENDIAN_HOST or BIG_ENDIAN_HOST -dnl -define(GNUPG_CHECK_ENDIAN, - [ if test "$cross_compiling" = yes; then - AC_MSG_WARN(cross compiling; assuming little endianess) - fi - AC_MSG_CHECKING(endianess) - AC_CACHE_VAL(gnupg_cv_c_endian, - [ gnupg_cv_c_endian=unknown - # See if sys/param.h defines the BYTE_ORDER macro. - AC_TRY_COMPILE([#include - #include ], [ - #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN - bogus endian macros - #endif], [# It does; now see whether it defined to BIG_ENDIAN or not. - AC_TRY_COMPILE([#include - #include ], [ - #if BYTE_ORDER != BIG_ENDIAN - not big endian - #endif], gnupg_cv_c_endian=big, gnupg_cv_c_endian=little)]) - if test "$gnupg_cv_c_endian" = unknown; then - AC_TRY_RUN([main () { - /* Are we little or big endian? From Harbison&Steele. */ - union - { - long l; - char c[sizeof (long)]; - } u; - u.l = 1; - exit (u.c[sizeof (long) - 1] == 1); - }], - gnupg_cv_c_endian=little, - gnupg_cv_c_endian=big, - gnupg_cv_c_endian=little - ) - fi +# Check for the getsockopt SO_PEERCRED +AC_DEFUN(GNUPG_SYS_SO_PEERCRED, + [ AC_MSG_CHECKING(for SO_PEERCRED) + AC_CACHE_VAL(gnupg_cv_sys_so_peercred, + [AC_TRY_COMPILE([#include ], + [struct ucred cr; + int cl = sizeof cr; + getsockopt (1, SOL_SOCKET, SO_PEERCRED, &cr, &cl);], + gnupg_cv_sys_so_peercred=yes, + gnupg_cv_sys_so_peercred=no) ]) - AC_MSG_RESULT([$gnupg_cv_c_endian]) - if test "$gnupg_cv_c_endian" = little; then - AC_DEFINE(LITTLE_ENDIAN_HOST,1, - [Defined if the host has little endian byte ordering]) - else - AC_DEFINE(BIG_ENDIAN_HOST,1, - [Defined if the host has big endian byte ordering]) - fi - ]) - -dnl GNUPG_CHECK_CACHE -dnl -define(GNUPG_CHECK_CACHE, - [ AC_MSG_CHECKING(cached information) - gnupg_hostcheck="$target" - AC_CACHE_VAL(gnupg_cv_hostcheck, [ gnupg_cv_hostcheck="$gnupg_hostcheck" ]) - if test "$gnupg_cv_hostcheck" != "$gnupg_hostcheck"; then - AC_MSG_RESULT(changed) - AC_MSG_WARN(config.cache exists!) - AC_MSG_ERROR(you must do 'make distclean' first to compile for - different target or different parameters.) - else - AC_MSG_RESULT(ok) + AC_MSG_RESULT($gnupg_cv_sys_so_peercred) + if test $gnupg_cv_sys_so_peercred = yes; then + AC_DEFINE(HAVE_SO_PEERCRED, 1, + [Defined if SO_PEERCRED is supported (Linux)]) fi ]) -###################################################################### -# Check for -fPIC etc (taken from libtool) -# This sets CFLAGS_PIC to the required flags -# NO_PIC to yes if it is not possible to -# generate PIC -###################################################################### -dnl GNUPG_CHECK_PIC -dnl -define(GNUPG_CHECK_PIC, - [ AC_MSG_CHECKING(for option to create PIC) - CFLAGS_PIC= - NO_PIC=no - if test "$cross_compiling" = yes; then - AC_MSG_RESULT(assume none) - else - if test "$GCC" = yes; then - CFLAGS_PIC="-fPIC" - else - case "$host_os" in - aix3* | aix4*) - # All rs/6000 code is PIC - # but is there any non-rs/6000 AIX platform? - ;; - hpux9* | hpux10*) - CFLAGS_PIC="+Z" - ;; +# GNUPG_BUILD_PROGRAM(NAME,DEFAULT) +# Add a --enable-NAME option to configure an set the +# shell variable build_NAME either to "yes" or "no". DEFAULT must +# either be "yes" or "no" and decided on the default value for +# build_NAME and whether --enable-NAME or --disable-NAME is shown with +# ./configure --help +AC_DEFUN(GNUPG_BUILD_PROGRAM, + [build_$1=$2 + m4_if([$2],[yes],[ + AC_ARG_ENABLE([$1], AC_HELP_STRING([--disable-$1], + [do not build the $1 program]), + build_$1=$enableval, build_$1=$2) + ],[ + AC_ARG_ENABLE([$1], AC_HELP_STRING([--enable-$1], + [build the $1 program]), + build_$1=$enableval, build_$1=$2) + ]) + case "$build_$1" in + no|yes) + ;; + *) + AC_MSG_ERROR([only yes or no allowed for feature --enable-$1]) + ;; + esac + ]) - irix5* | irix6*) - # PIC (with -KPIC) is the default. - ;; - osf3* | osf4*) - # FIXME - pic_flag is probably required for - # hppa*-osf* and i860-osf* - ;; - sco3.2v5*) - CFLAGS_PIC='-Kpic' - ;; - - solaris2* | solaris7* ) - CFLAGS_PIC='-KPIC' - ;; - - sunos4*) - CFLAGS_PIC='-PIC' - ;; - - *) - NO_PIC=yes - ;; - esac - fi - - case "$host_cpu" in - rs6000 | powerpc | powerpcle) - # Yippee! All RS/6000 and PowerPC code is position-independent. - CFLAGS_PIC="" - ;; +# GNUPG_PTH_VERSION_CHECK(REQUIRED) +# +# If the version is sufficient, HAVE_PTH will be set to yes. +# +# Taken form the m4 macros which come with Pth +AC_DEFUN(GNUPG_PTH_VERSION_CHECK, + [ + _pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print [$]3}'` + _req_version="ifelse([$1],,1.2.0,$1)" + for _var in _pth_version _req_version; do + eval "_val=\"\$${_var}\"" + _major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'` + _minor=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\2/'` + _rtype=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\3/'` + _micro=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\4/'` + case $_rtype in + "a" ) _rtype=0 ;; + "b" ) _rtype=1 ;; + "." ) _rtype=2 ;; esac - - if test "$NO_PIC" = yes; then - AC_MSG_RESULT(not possible) - else - if test -z "$CFLAGS_PIC"; then - AC_MSG_RESULT(none) - else - AC_MSG_RESULT($CFLAGS_PIC) + _hex=`echo dummy | awk '{ printf("%d%02d%1d%02d", major, minor, rtype, micro); }' \ + "major=$_major" "minor=$_minor" "rtype=$_rtype" "micro=$_micro"` + eval "${_var}_hex=\"\$_hex\"" + done + have_pth=no + if test ".$_pth_version_hex" != .; then + if test ".$_req_version_hex" != .; then + if test $_pth_version_hex -ge $_req_version_hex; then + have_pth=yes fi fi fi + if test $have_pth = no; then + AC_MSG_WARN([[ +*** +*** Found Pth version $_pth_version, but require at least +*** version $_req_version. Please upgrade Pth first. +***]]) + fi ]) - -###################################################################### -# Check for export-dynamic flag -# This sets CFLAGS_EXPORTDYNAMIC to the required flags -###################################################################### -dnl GNUPG_CHECK_EXPORTDYNAMIC -dnl -define(GNUPG_CHECK_EXPORTDYNAMIC, - [ AC_MSG_CHECKING(how to specify -export-dynamic) - if test "$cross_compiling" = yes; then - AC_MSG_RESULT(assume none) - CFLAGS_EXPORTDYNAMIC="" - else - AC_CACHE_VAL(gnupg_cv_export_dynamic,[ - if AC_TRY_COMMAND([${CC-cc} $CFLAGS -Wl,--version 2>&1 | - grep "GNU ld" >/dev/null]); then - # using gnu's linker - gnupg_cv_export_dynamic="-Wl,-export-dynamic" - else - case "$host_os" in - hpux* ) - gnupg_cv_export_dynamic="-Wl,-E" - ;; - * ) - gnupg_cv_export_dynamic="" - ;; - esac - fi - ]) - AC_MSG_RESULT($gnupg_cv_export_dynamic) - CFLAGS_EXPORTDYNAMIC="$gnupg_cv_export_dynamic" - fi - ]) - -##################################################################### -# Check for SysV IPC (from GIMP) -# And see whether we have a SHM_LOCK (FreeBSD does not have it). -##################################################################### -dnl GNUPG_CHECK_IPC -dnl -define(GNUPG_CHECK_IPC, - [ AC_CHECK_HEADERS(sys/ipc.h sys/shm.h) - if test "$ac_cv_header_sys_shm_h" = "yes"; then - AC_MSG_CHECKING(whether IPC_RMID allowes subsequent attaches) - AC_CACHE_VAL(gnupg_cv_ipc_rmid_deferred_release, - AC_TRY_RUN([ - #include - #include - #include - int main() - { - int id; - char *shmaddr; - id = shmget (IPC_PRIVATE, 4, IPC_CREAT | 0777); - if (id == -1) - exit (2); - shmaddr = shmat (id, 0, 0); - shmctl (id, IPC_RMID, 0); - if ((char*) shmat (id, 0, 0) == (char*) -1) - { - shmdt (shmaddr); - exit (1); - } - shmdt (shmaddr); - shmdt (shmaddr); - exit (0); - } - ], - gnupg_cv_ipc_rmid_deferred_release="yes", - gnupg_cv_ipc_rmid_deferred_release="no", - gnupg_cv_ipc_rmid_deferred_release="assume-no") - ) - if test "$gnupg_cv_ipc_rmid_deferred_release" = "yes"; then - AC_DEFINE(IPC_RMID_DEFERRED_RELEASE,1, - [Defined if we can do a deferred shm release]) - AC_MSG_RESULT(yes) - else - if test "$gnupg_cv_ipc_rmid_deferred_release" = "no"; then - AC_MSG_RESULT(no) - else - AC_MSG_RESULT([assuming no]) - fi - fi - - AC_MSG_CHECKING(whether SHM_LOCK is available) - AC_CACHE_VAL(gnupg_cv_ipc_have_shm_lock, - AC_TRY_COMPILE([#include - #include - #include ],[ - int shm_id; - shmctl(shm_id, SHM_LOCK, 0); - ], - gnupg_cv_ipc_have_shm_lock="yes", - gnupg_cv_ipc_have_shm_lock="no" - ) - ) - if test "$gnupg_cv_ipc_have_shm_lock" = "yes"; then - AC_DEFINE(IPC_HAVE_SHM_LOCK,1, - [Defined if a SysV shared memory supports the LOCK flag]) - AC_MSG_RESULT(yes) - else - AC_MSG_RESULT(no) - fi - fi - ]) - - ###################################################################### # Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock # is not called from uid 0 (not tested whether uid 0 works) @@ -448,295 +220,206 @@ define(GNUPG_CHECK_MLOCK, ]) -################################################################ -# GNUPG_PROG_NM - find the path to a BSD-compatible name lister -AC_DEFUN(GNUPG_PROG_NM, -[AC_MSG_CHECKING([for BSD-compatible nm]) -AC_CACHE_VAL(ac_cv_path_NM, -[if test -n "$NM"; then - # Let the user override the test. - ac_cv_path_NM="$NM" -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in /usr/ucb /usr/ccs/bin $PATH /bin; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/nm; then - # Check to see if the nm accepts a BSD-compat flag. - # Adding the `sed 1q' prevents false positives on HP-UX, which says: - # nm: unknown option "B" ignored - if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then - ac_cv_path_NM="$ac_dir/nm -B" - elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then - ac_cv_path_NM="$ac_dir/nm -p" - else - ac_cv_path_NM="$ac_dir/nm" - fi - break - fi - done - IFS="$ac_save_ifs" - test -z "$ac_cv_path_NM" && ac_cv_path_NM=nm -fi]) -NM="$ac_cv_path_NM" -AC_MSG_RESULT([$NM]) -AC_SUBST(NM) -]) -# GNUPG_SYS_NM_PARSE - Check for command ro grab the raw symbol name followed -# by C symbol name from nm. -AC_DEFUN(GNUPG_SYS_NM_PARSE, -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([GNUPG_PROG_NM])dnl -# Check for command to grab the raw symbol name followed by C symbol from nm. -AC_MSG_CHECKING([command to parse $NM output]) -AC_CACHE_VAL(ac_cv_sys_global_symbol_pipe, -[# These are sane defaults that work on at least a few old systems. -# {They come from Ultrix. What could be older than Ultrix?!! ;)} +dnl [copied from libgcrypt] +dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, +dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test for liblibgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS +dnl +AC_DEFUN(AM_PATH_LIBGCRYPT, +[ AC_ARG_WITH(libgcrypt-prefix, + AC_HELP_STRING([--with-libgcrypt-prefix=PFX], + [prefix where LIBGCRYPT is installed (optional)]), + libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") + if test x$libgcrypt_config_prefix != x ; then + libgcrypt_config_args="$libgcrypt_config_args --prefix=$libgcrypt_config_prefix" + if test x${LIBGCRYPT_CONFIG+set} != xset ; then + LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config + fi + fi -changequote(,)dnl -# Character class describing NM global symbol codes. -ac_symcode='[BCDEGRSTU]' - -# Regexp to match symbols that can be accessed directly from C. -ac_sympat='\([_A-Za-z][_A-Za-z0-9]*\)' - -# Transform the above into a raw symbol and a C symbol. -ac_symxfrm='\1 \1' - -# Define system-specific variables. -case "$host_os" in -aix*) - ac_symcode='[BCDTU]' - ;; -freebsd* | netbsd* | openbsd* | bsdi* | sunos* | cygwin32* | mingw32*) - ac_sympat='_\([_A-Za-z][_A-Za-z0-9]*\)' - ac_symxfrm='_\1 \1' - ;; -irix*) - # Cannot use undefined symbols on IRIX because inlined functions mess us up. - ac_symcode='[BCDEGRST]' - ;; -solaris*) - ac_symcode='[BDTU]' - ;; -esac - -# If we're using GNU nm, then use its standard symbol codes. -if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then - ac_symcode='[ABCDGISTUW]' -fi - -case "$host_os" in -cygwin32* | mingw32*) - # We do not want undefined symbols on cygwin32. The user must - # arrange to define them via -l arguments. - ac_symcode='[ABCDGISTW]' - ;; -esac -changequote([,])dnl - -# Write the raw and C identifiers. -ac_cv_sys_global_symbol_pipe="sed -n -e 's/^.* $ac_symcode $ac_sympat$/$ac_symxfrm/p'" - -# Check to see that the pipe works correctly. -ac_pipe_works=no -cat > conftest.$ac_ext < $ac_nlist) && test -s "$ac_nlist"; then - - # Try sorting and uniquifying the output. - if sort "$ac_nlist" | uniq > "$ac_nlist"T; then - mv -f "$ac_nlist"T "$ac_nlist" - ac_wcout=`wc "$ac_nlist" 2>/dev/null` -changequote(,)dnl - ac_count=`echo "X$ac_wcout" | sed -e 's,^X,,' -e 's/^[ ]*\([0-9][0-9]*\).*$/\1/'` -changequote([,])dnl - (test "$ac_count" -ge 0) 2>/dev/null || ac_count=-1 - else - rm -f "$ac_nlist"T - ac_count=-1 - fi - - # Make sure that we snagged all the symbols we need. - if egrep ' nm_test_var$' "$ac_nlist" >/dev/null; then - if egrep ' nm_test_func$' "$ac_nlist" >/dev/null; then - cat < conftest.c -#ifdef __cplusplus -extern "C" { -#endif - -EOF - # Now generate the symbol file. - sed 's/^.* \(.*\)$/extern char \1;/' < "$ac_nlist" >> conftest.c - - cat <> conftest.c -#if defined (__STDC__) && __STDC__ -# define __ptr_t void * -#else -# define __ptr_t char * -#endif - -/* The number of symbols in dld_preloaded_symbols, -1 if unsorted. */ -int dld_preloaded_symbol_count = $ac_count; - -/* The mapping between symbol names and symbols. */ -struct { - char *name; - __ptr_t address; -} -changequote(,)dnl -dld_preloaded_symbols[] = -changequote([,])dnl -{ -EOF - sed 's/^\(.*\) \(.*\)$/ {"\1", (__ptr_t) \&\2},/' < "$ac_nlist" >> conftest.c - cat <<\EOF >> conftest.c - {0, (__ptr_t) 0} -}; - -#ifdef __cplusplus -} -#endif -EOF - # Now try linking the two files. - mv conftest.$ac_objext conftestm.$ac_objext - ac_save_LIBS="$LIBS" - ac_save_CFLAGS="$CFLAGS" - LIBS="conftestm.$ac_objext" - CFLAGS="$CFLAGS$no_builtin_flag" - if AC_TRY_EVAL(ac_link) && test -s conftest; then - ac_pipe_works=yes - else - echo "configure: failed program was:" >&AC_FD_CC - cat conftest.c >&AC_FD_CC + AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) + min_libgcrypt_version=ifelse([$1], ,0.4.4,$1) + AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version) + ok=no + if test "$LIBGCRYPT_CONFIG" != "no" ; then + req_major=`echo $min_libgcrypt_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` + req_minor=`echo $min_libgcrypt_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` + req_micro=`echo $min_libgcrypt_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` + libgcrypt_config_version=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --version` + major=`echo $libgcrypt_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` + minor=`echo $libgcrypt_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` + micro=`echo $libgcrypt_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` + if test "$major" -gt "$req_major"; then + ok=yes + else + if test "$major" -eq "$req_major"; then + if test "$minor" -gt "$req_minor"; then + ok=yes + else + if test "$minor" -eq "$req_minor"; then + if test "$micro" -ge "$req_micro"; then + ok=yes + fi + fi + fi fi - LIBS="$ac_save_LIBS" - CFLAGS="$ac_save_CFLAGS" - else - echo "cannot find nm_test_func in $ac_nlist" >&AC_FD_CC - fi - else - echo "cannot find nm_test_var in $ac_nlist" >&AC_FD_CC fi - else - echo "cannot run $ac_cv_sys_global_symbol_pipe" >&AC_FD_CC fi -else - echo "$progname: failed program was:" >&AC_FD_CC - cat conftest.c >&AC_FD_CC -fi -rm -rf conftest* - -# Do not use the global_symbol_pipe unless it works. -test "$ac_pipe_works" = yes || ac_cv_sys_global_symbol_pipe= + if test $ok = yes; then + LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --cflags` + LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --libs` + AC_MSG_RESULT(yes) + ifelse([$2], , :, [$2]) + else + LIBGCRYPT_CFLAGS="" + LIBGCRYPT_LIBS="" + AC_MSG_RESULT(no) + ifelse([$3], , :, [$3]) + fi + AC_SUBST(LIBGCRYPT_CFLAGS) + AC_SUBST(LIBGCRYPT_LIBS) ]) -ac_result=yes -if test -z "$ac_cv_sys_global_symbol_pipe"; then - ac_result=no -fi -AC_MSG_RESULT($ac_result) -]) -# GNUPG_SYS_LIBTOOL_CYGWIN32 - find tools needed on cygwin32 -AC_DEFUN(GNUPG_SYS_LIBTOOL_CYGWIN32, -[AC_CHECK_TOOL(DLLTOOL, dlltool, false) -AC_CHECK_TOOL(AS, as, false) -]) +dnl [Copied from libksba] +dnl AM_PATH_KSBA([MINIMUM-VERSION, +dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS +dnl +AC_DEFUN(AM_PATH_KSBA, +[ AC_ARG_WITH(ksba-prefix, + AC_HELP_STRING([--with-ksba-prefix=PFX], + [prefix where KSBA is installed (optional)]), + ksba_config_prefix="$withval", ksba_config_prefix="") + if test x$ksba_config_prefix != x ; then + ksba_config_args="$ksba_config_args --prefix=$ksba_config_prefix" + if test x${KSBA_CONFIG+set} != xset ; then + KSBA_CONFIG=$ksba_config_prefix/bin/ksba-config + fi + fi -# GNUPG_SYS_SYMBOL_UNDERSCORE - does the compiler prefix global symbols -# with an underscore? -AC_DEFUN(GNUPG_SYS_SYMBOL_UNDERSCORE, -[tmp_do_check="no" -case "${target}" in - i386-emx-os2 | i[3456]86-pc-os2*emx | i386-pc-msdosdjgpp | *-*-cygwin) - ac_cv_sys_symbol_underscore=yes - ;; - *) - if test "$cross_compiling" = yes; then - ac_cv_sys_symbol_underscore=yes - else - tmp_do_check="yes" - fi - ;; -esac - -if test "$tmp_do_check" = "yes"; then -AC_REQUIRE([GNUPG_PROG_NM])dnl -AC_REQUIRE([GNUPG_SYS_NM_PARSE])dnl -AC_MSG_CHECKING([for _ prefix in compiled symbols]) -AC_CACHE_VAL(ac_cv_sys_symbol_underscore, -[ac_cv_sys_symbol_underscore=no -cat > conftest.$ac_ext < $ac_nlist) && test -s "$ac_nlist"; then - # See whether the symbols have a leading underscore. - if egrep '^_nm_test_func' "$ac_nlist" >/dev/null; then - ac_cv_sys_symbol_underscore=yes - else - if egrep '^nm_test_func ' "$ac_nlist" >/dev/null; then - : - else - echo "configure: cannot find nm_test_func in $ac_nlist" >&AC_FD_CC - fi + AC_PATH_PROG(KSBA_CONFIG, ksba-config, no) + min_ksba_version=ifelse([$1], ,0.4.4,$1) + AC_MSG_CHECKING(for KSBA - version >= $min_ksba_version) + ok=no + if test "$KSBA_CONFIG" != "no" ; then + req_major=`echo $min_ksba_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` + req_minor=`echo $min_ksba_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` + req_micro=`echo $min_ksba_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` + ksba_config_version=`$KSBA_CONFIG $ksba_config_args --version` + major=`echo $ksba_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` + minor=`echo $ksba_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` + micro=`echo $ksba_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` + if test "$major" -gt "$req_major"; then + ok=yes + else + if test "$major" -eq "$req_major"; then + if test "$minor" -gt "$req_minor"; then + ok=yes + else + if test "$minor" -eq "$req_minor"; then + if test "$micro" -ge "$req_micro"; then + ok=yes + fi + fi + fi + fi fi - else - echo "configure: cannot run $ac_cv_sys_global_symbol_pipe" >&AC_FD_CC fi -else - echo "configure: failed program was:" >&AC_FD_CC - cat conftest.c >&AC_FD_CC -fi -rm -rf conftest* -]) -else -AC_MSG_CHECKING([for _ prefix in compiled symbols]) -fi -AC_MSG_RESULT($ac_cv_sys_symbol_underscore) -if test x$ac_cv_sys_symbol_underscore = xyes; then - AC_DEFINE(WITH_SYMBOL_UNDERSCORE,1, - [Defined if compiled symbols have a leading underscore]) -fi + if test $ok = yes; then + KSBA_CFLAGS=`$KSBA_CONFIG $ksba_config_args --cflags` + KSBA_LIBS=`$KSBA_CONFIG $ksba_config_args --libs` + AC_MSG_RESULT(yes) + ifelse([$2], , :, [$2]) + else + KSBA_CFLAGS="" + KSBA_LIBS="" + AC_MSG_RESULT(no) + ifelse([$3], , :, [$3]) + fi + AC_SUBST(KSBA_CFLAGS) + AC_SUBST(KSBA_LIBS) ]) -dnl Stolen from gcc -dnl Define MKDIR_TAKES_ONE_ARG if mkdir accepts only one argument instead -dnl of the usual 2. -AC_DEFUN(GNUPG_FUNC_MKDIR_TAKES_ONE_ARG, -[AC_CHECK_HEADERS(sys/stat.h unistd.h direct.h) -AC_CACHE_CHECK([if mkdir takes one argument], gnupg_cv_mkdir_takes_one_arg, -[AC_TRY_COMPILE([ -#include -#ifdef HAVE_SYS_STAT_H -# include -#endif -#ifdef HAVE_UNISTD_H -# include -#endif -#ifdef HAVE_DIRECT_H -# include -#endif], [mkdir ("foo", 0);], - gnupg_cv_mkdir_takes_one_arg=no, gnupg_cv_mkdir_takes_one_arg=yes)]) -if test $gnupg_cv_mkdir_takes_one_arg = yes ; then - AC_DEFINE(MKDIR_TAKES_ONE_ARG,1, - [Defined if mkdir() does not take permission flags]) -fi + + +dnl AM_PATH_OPENSC([MINIMUM-VERSION, +dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test for OpenSC and define OPENSC_CFLAGS and OPENSC_LIBS +dnl +AC_DEFUN(AM_PATH_OPENSC, +[ AC_ARG_WITH(opensc-prefix, + AC_HELP_STRING([--with-opensc-prefix=PFX], + [prefix where OpenSC is installed (optional)]), + opensc_config_prefix="$withval", opensc_config_prefix="") + if test x$opensc_config_prefix != x ; then + opensc_config_args="$opensc_config_args --prefix=$opensc_config_prefix" + if test x${OPENSC_CONFIG+set} != xset ; then + OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config + fi + fi + + AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) + min_opensc_version=ifelse([$1], ,0.7.0,$1) + AC_MSG_CHECKING(for OpenSC - version >= $min_opensc_version) + ok=no + if test "$OPENSC_CONFIG" != "no" ; then + req_major=`echo $min_opensc_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` + req_minor=`echo $min_opensc_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` + req_micro=`echo $min_opensc_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` + opensc_config_version=`$OPENSC_CONFIG $opensc_config_args --version` + major=`echo $opensc_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` + minor=`echo $opensc_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` + micro=`echo $opensc_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` + if test "$major" -gt "$req_major"; then + ok=yes + else + if test "$major" -eq "$req_major"; then + if test "$minor" -gt "$req_minor"; then + ok=yes + else + if test "$minor" -eq "$req_minor"; then + if test "$micro" -ge "$req_micro"; then + ok=yes + fi + fi + fi + fi + fi + fi + if test $ok = yes; then + OPENSC_CFLAGS=`$OPENSC_CONFIG $opensc_config_args --cflags` + OPENSC_LIBS=`$OPENSC_CONFIG $opensc_config_args --libs` + OPENSC_LIBS="$OPENSC_LIBS -lpcsclite -lpthread" + AC_MSG_RESULT(yes) + ifelse([$2], , :, [$2]) + else + OPENSC_CFLAGS="" + OPENSC_LIBS="" + AC_MSG_RESULT(no) + ifelse([$3], , :, [$3]) + fi + AC_SUBST(OPENSC_CFLAGS) + AC_SUBST(OPENSC_LIBS) ]) + diff --git a/autogen.sh b/autogen.sh index 41ae4e272..29f4b7ae5 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,5 +1,163 @@ #!/bin/sh +# Run this to generate all the initial makefiles, etc. +# It is only needed for the CVS version. -autogen_sh="`dirname $0`/scripts/autogen.sh" -exec $autogen_sh $* +# have_version(prog, list of executables, required version) +# +# Returns true and sets $prog to the first executable with the +# required minimum major.minor. +have_version () +{ + found=0 + for prog in $2 : + do + ver=$($prog --version \ + | gawk '{ if (match($0, /[0-9]+\.[0-9]+/)) + { + print substr($0, RSTART, RLENGTH); ok=1; exit 0; + } + } + + END { + if (! ok) + exit 1; + }') + + if test $? = 0 + then + if expr 0$ver '>=' 0$3 >/dev/null 2>&1 + then + echo Using $prog + found=1 + export $1="$prog" + break + fi + fi + done + + if test 0$found = 01 + then + true + else + echo "*** Error. Could not find an appropriate executable for $1 with " + echo "at least version $3." + false + fi +} + +PGM=NEWPG +lib_config_files="" +autoconf_vers=2.52 +automake_vers=1.5 +aclocal_vers=1.5 +#libtool_vers=1.3 + +DIE=no +if test "$1" = "--build-w32"; then + shift + target=i386--mingw32 + if [ ! -f ./config.guess ]; then + echo "./config.guess not found" >&2 + exit 1 + fi + host=`./config.guess` + + if ! mingw32 --version >/dev/null; then + echo "We need at least version 0.3 of MingW32/CPD" >&2 + exit 1 + fi + + if [ -f config.h ]; then + if grep HAVE_DOSISH_SYSTEM config.h | grep undef >/dev/null; then + echo "Pease run a 'make distclean' first" >&2 + exit 1 + fi + fi + + crossinstalldir=`mingw32 --install-dir` + crossbindir=`mingw32 --get-bindir 2>/dev/null` \ + || crossbindir="$crossinstalldir/bin" + crossdatadir=`mingw32 --get-datadir 2>/dev/null` \ + || crossdatadir="$crossinstalldir/share" + crosslibdir=`mingw32 --get-libdir 2>/dev/null` \ + || crosslibdir="$crossinstalldir/i386--mingw32/lib" + crossincdir=`mingw32 --get-includedir 2>/dev/null` \ + || crossincdir="$crossinstalldir/i386--mingw32/include" + CC=`mingw32 --get-path gcc` + CPP=`mingw32 --get-path cpp` + AR=`mingw32 --get-path ar` + RANLIB=`mingw32 --get-path ranlib` + export CC CPP AR RANLIB + + disable_foo_tests="" + if [ -n "$lib_config_files" ]; then + for i in $lib_config_files; do + j=`echo $i | tr '[a-z-]' '[A-Z_]'` + eval "$j=${crossbindir}/$i" + export $j + disable_foo_tests="$disable_foo_tests --disable-`echo $i| \ + sed 's,-config$,,'`-test" + if [ ! -f "${crossbindir}/$i" ]; then + echo "$i not installed for MingW32" >&2 + DIE=yes + fi + done + fi + [ $DIE = yes ] && exit 1 + + ./configure --host=${host} --target=${target} ${disable_foo_tests} \ + --bindir=${crossbindir} --libdir=${crosslibdir} \ + --datadir=${crossdatadir} --includedir=${crossincdir} \ + --enable-maintainer-mode $* + exit $? +fi + +if ! have_version autoconf "$autoconf autoconf" $autoconf_vers +then + DIE="yes" +fi + +if have_version automake "$automake automake automake-1.6" $automake_vers +then + if ! have_version aclocal "$aclocal aclocal aclocal-1.6" $aclocal_vers + then + DIE='yes' + fi +else + DIE='yes' +fi + +#if (libtool --version) < /dev/null > /dev/null 2>&1 ; then +# if (libtool --version | awk 'NR==1 { if( $4 >= '$libtool_vers') \ +# exit 1; exit 0; }'); +# then +# echo "**Error**: "\`libtool\'" is too old." +# echo ' (version ' $libtool_vers ' or newer is required)' +# DIE="yes" +# fi +#else +# echo +# echo "**Error**: You must have "\`libtool\'" installed to compile $PGM." +# echo ' (version ' $libtool_vers ' or newer is required)' +# DIE="yes" +#fi + +if test "$DIE" = "yes"; then + exit 1 +fi + +#echo "Running libtoolize... Ignore non-fatal messages." +#echo "no" | libtoolize + +echo "Running gettextize... Ignore non-fatal messages." +echo "no" | gettextize + +echo "Running $aclocal" +$aclocal +echo "Running autoheader..." +autoheader +echo "Running $automake --gnu -a" +$automake --gnu -a +echo "Running $autoconf" +$autoconf diff --git a/configure.ac b/configure.ac index 18ea461b6..8294fb3c4 100644 --- a/configure.ac +++ b/configure.ac @@ -1,470 +1,110 @@ -dnl Configure.ac script for GnuPG -dnl Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. -dnl -dnl This file is part of GnuPG. -dnl -dnl GnuPG is free software; you can redistribute it and/or modify -dnl it under the terms of the GNU General Public License as published by -dnl the Free Software Foundation; either version 2 of the License, or -dnl (at your option) any later version. -dnl -dnl GnuPG is distributed in the hope that it will be useful, -dnl but WITHOUT ANY WARRANTY; without even the implied warranty of -dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -dnl GNU General Public License for more details. -dnl -dnl You should have received a copy of the GNU General Public License -dnl along with this program; if not, write to the Free Software -dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA -dnl -dnl (Process this file with autoconf to produce a configure script.) -dnlAC_REVISION($Revision$)dnl +# configure.ac - for NewPG +# Copyright (C) 2001, 2002 Free Software Foundation, Inc, +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +# Process this file with autoconf to produce a configure script. AC_PREREQ(2.52) - -# Remember to change the version number immediately *after* a release -# and remove the "-cvs" or "rc" suffix immediately *before* a release. -AC_INIT(gnupg, 1.3.1-cvs, bug-gnupg@gnu.org) -# Set development_version to yes if the minor number is odd or you -# feel that the default check for a development version is not -# sufficient. -development_version=yes - +# Version number: Remember to change it immediately *after* a release. +# Add a "-cvs" prefix for non-released code. +AC_INIT(newpg, 0.9.3-cvs, gpa-dev@gnupg.org) +NEED_LIBGCRYPT_VERSION=1.1.8 +NEED_KSBA_VERSION=0.4.4 +NEED_OPENSC_VERSION=0.7.0 ALL_LINGUAS="de" PACKAGE=$PACKAGE_NAME VERSION=$PACKAGE_VERSION -AC_CONFIG_AUX_DIR(scripts) -AC_CONFIG_SRCDIR(g10/g10.c) -AC_CANONICAL_TARGET() -AM_INIT_AUTOMAKE($PACKAGE, $VERSION) +AC_CONFIG_SRCDIR(sm/gpgsm.c) AM_CONFIG_HEADER(config.h) +AM_INIT_AUTOMAKE($PACKAGE, $VERSION) +AM_MAINTAINER_MODE + +# Some status variables to give feedback at the end of a configure run +have_ksba=no +have_opensc=no +have_pth=no + +GNUPG_BUILD_PROGRAM(gpg, no) +GNUPG_BUILD_PROGRAM(gpgsm, yes) +GNUPG_BUILD_PROGRAM(agent, yes) +GNUPG_BUILD_PROGRAM(scdaemon, yes) + + +AH_TOP([ +/* We need this, because some autoconf tests rely on this (e.g. stpcpy) + and it should be used for new programs anyway. */ +#define _GNU_SOURCE 1 +]) + +AH_BOTTOM([ +/* Some global constants. */ +#ifdef HAVE_DRIVE_LETTERS +#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg" +#else +#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg" +#endif +#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d" +]) + + AC_SUBST(PACKAGE) AC_SUBST(VERSION) AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of this package]) AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package]) -AC_DEFINE(_GNU_SOURCE,1,[Some tests rely on this (stpcpy) and it should be used for new programs anyway]) - -dnl -dnl Check for random module options -dnl -AC_MSG_CHECKING([which random module to use]) -AC_ARG_ENABLE(static-rnd, - [ --enable-static-rnd=[egd|unix|linux|auto] ], -[use_static_rnd=$enableval], [use_static_rnd=default] ) - -if test "$use_static_rnd" = no; then - use_static_rnd=default -fi - -case "$use_static_rnd" in - egd | linux | unix | default ) - AC_MSG_RESULT($use_static_rnd) - ;; - auto ) - AC_MSG_RESULT(automagically selected at runtime) - ;; - * ) - AC_MSG_RESULT(invalid argument) - AC_MSG_ERROR(there is no random module rnd$use_static_rnd) - ;; -esac - -AC_ARG_WITH(egd-socket, - [ --with-egd-socket=NAME use NAME for the EGD socket], - egd_socket_name="$withval", egd_socket_name="" ) -AC_DEFINE_UNQUOTED(EGD_SOCKET_NAME, "$egd_socket_name", - [Define if you don't want the default EGD socket name. - For details see cipher/rndegd.c]) +AC_DEFINE_UNQUOTED(PACKAGE_BUGREPORT, "$PACKAGE_BUGREPORT", + [Bug report address]) +AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION", + [Required version of Libgcrypt]) +AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION", + [Required version of Libksba]) -dnl -dnl See whether the user wants to disable checking for /dev/random - -AC_MSG_CHECKING([whether use of /dev/random is requested]) -AC_ARG_ENABLE(dev-random, -[ --disable-dev-random disable the use of dev random], - try_dev_random=$enableval, try_dev_random=yes) -AC_MSG_RESULT($try_dev_random) -dnl -dnl Check other options -dnl - -# We don't need idea but some people claim that they need it for -# research etc., so we allow to place an idea source code into the -# cipher directory and statically link it if available, otherwise we -# link to a stub. We don't use AC_CHECK_FILE to avoid caching. -AC_MSG_CHECKING(for extra cipher modules) -tmp="" -if test -f $srcdir/cipher/idea.c; then - IDEA_O=idea.o - tmp=idea -else - IDEA_O=idea-stub.o - tmp=no -fi -AC_SUBST(IDEA_O) -AC_MSG_RESULT($tmp) - -# if the static idea is present, disable dynload. -if test "$IDEA_O" = idea-stub.o ; then - AC_MSG_CHECKING([whether use of extensions is requested]) - AC_ARG_ENABLE(dynload, - [ --disable-dynload disable use of extensions], - try_dynload=$enableval, try_dynload=yes) - AC_MSG_RESULT($try_dynload) -else - try_dynload=no -fi - -AC_MSG_CHECKING([whether assembler modules are requested]) -AC_ARG_ENABLE(asm, -[ --disable-asm do not use assembler modules], - try_asm_modules=$enableval, try_asm_modules=yes) -AC_MSG_RESULT($try_asm_modules) - -AC_MSG_CHECKING([whether memory guard is requested]) -AC_ARG_ENABLE(m-guard, - [ --enable-m-guard enable memory guard facility], - use_m_guard=$enableval, use_m_guard=no) -AC_MSG_RESULT($use_m_guard) -if test "$use_m_guard" = yes ; then - AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature]) -fi - -AC_MSG_CHECKING([whether to enable old-style TIGER digest support]) -AC_ARG_ENABLE(old-tiger, - [ --enable-old-tiger enable old-style TIGER digest support], - old_tiger=$enableval, old_tiger=no) -AC_MSG_RESULT($old_tiger) -if test "$old_tiger" = yes ; then - AC_DEFINE(USE_OLD_TIGER,1,[Define to use the old fake OID for TIGER digest support]) -fi - -AC_MSG_CHECKING([whether to enable external program execution]) -AC_ARG_ENABLE(exec, - [ --disable-exec disable all external program execution], - use_exec=$enableval, use_exec=yes) -AC_MSG_RESULT($use_exec) -if test "$use_exec" = no ; then - AC_DEFINE(NO_EXEC,1,[Define to disable all external program execution]) -fi - -if test "$use_exec" = yes ; then - AC_MSG_CHECKING([whether to enable photo ID viewing]) - AC_ARG_ENABLE(photo-viewers, - [ --disable-photo-viewers disable photo ID viewers], - [if test "$enableval" = no ; then - AC_DEFINE(DISABLE_PHOTO_VIEWER,1,[define to disable photo viewing]) - fi],enableval=yes) - gnupg_cv_enable_photo_viewers=$enableval - AC_MSG_RESULT($enableval) - - if test "$gnupg_cv_enable_photo_viewers" = yes ; then - AC_MSG_CHECKING([whether to use a fixed photo ID viewer]) - AC_ARG_WITH(photo-viewer, - [ --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer], - [if test "$withval" = yes ; then - withval=no - elif test "$withval" != no ; then - AC_DEFINE_UNQUOTED(FIXED_PHOTO_VIEWER,"$withval", - [if set, restrict photo-viewer to this]) - fi],withval=no) - AC_MSG_RESULT($withval) - fi - - AC_MSG_CHECKING([whether to enable external keyserver helpers]) - AC_ARG_ENABLE(keyserver-helpers, - [ --disable-keyserver-helpers disable all external keyserver support], - [if test "$enableval" = no ; then - AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1, - [define to disable keyserver helpers]) - fi],enableval=yes) - gnupg_cv_enable_keyserver_helpers=$enableval - AC_MSG_RESULT($enableval) - - if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then - AC_MSG_CHECKING([whether LDAP keyserver support is requested]) - AC_ARG_ENABLE(ldap, - [ --disable-ldap disable LDAP keyserver interface], - try_ldap=$enableval, try_ldap=yes) - AC_MSG_RESULT($try_ldap) - - AC_MSG_CHECKING([whether HKP keyserver support is requested]) - AC_ARG_ENABLE(hkp, - [ --disable-hkp disable HKP keyserver interface], - try_hkp=$enableval, try_hkp=yes) - AC_MSG_RESULT($try_hkp) - - if test "$try_hkp" = yes ; then - AC_SUBST(GPGKEYS_HKP,"gpgkeys_hkp") - fi - - AC_MSG_CHECKING([whether email keyserver support is requested]) - AC_ARG_ENABLE(mailto, - [ --disable-mailto disable email keyserver interface], - try_mailto=$enableval, try_mailto=yes) - AC_MSG_RESULT($try_mailto) - fi - - AC_MSG_CHECKING([whether keyserver exec-path is enabled]) - AC_ARG_ENABLE(keyserver-path, - [ --disable-keyserver-path disable the exec-path option for keyserver helpers], - [if test "$enableval" = no ; then - AC_DEFINE(DISABLE_KEYSERVER_PATH,1,[define to disable exec-path for keyserver helpers]) - fi],enableval=yes) - AC_MSG_RESULT($enableval) - fi - -AC_MSG_CHECKING([whether included zlib is requested]) -AC_ARG_WITH(included-zlib, - [ --with-included-zlib use the zlib code included here], -[g10_force_zlib=yes], [g10_force_zlib=no] ) -AC_MSG_RESULT($g10_force_zlib) - - -dnl -dnl Check whether we want to use Linux capabilities -dnl -AC_MSG_CHECKING([whether use of capabilities is requested]) -AC_ARG_WITH(capabilities, - [ --with-capabilities use linux capabilities [default=no]], -[use_capabilities="$withval"],[use_capabilities=no]) -AC_MSG_RESULT($use_capabilities) - - -AH_BOTTOM([ -#if !(defined(HAVE_FORK) && defined(HAVE_PIPE) && defined(HAVE_WAITPID)) -#define EXEC_TEMPFILE_ONLY -#endif - -#include "g10defs.h" -]) - - -AM_MAINTAINER_MODE - -dnl Checks for programs. - -AC_PROG_MAKE_SET -AM_SANITY_CHECK +# Checks for programs. missing_dir=`cd $ac_aux_dir && pwd` AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir) AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir) AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) +AC_PROG_AWK AC_PROG_CC AC_PROG_CPP -AC_PATH_PROG(PERL,"perl") -AC_ISC_POSIX -AC_SYS_LARGEFILE AC_PROG_INSTALL -AC_PROG_AWK -AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no) -AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes) -GNUPG_CHECK_FAQPROG -GNUPG_CHECK_DOCBOOK_TO_TEXI +AC_PROG_LN_S +AC_PROG_MAKE_SET +AC_PROG_RANLIB +#AC_ARG_PROGRAM -MPI_OPT_FLAGS="" - - -try_gettext=yes -case "${target}" in - *-*-mingw32*|*-*-cygwin*) - # special stuff for Windoze NT - ac_cv_have_dev_random=no - AC_DEFINE(USE_ONLY_8DOT3,1, - [set this to limit filenames to the 8.3 format]) - AC_DEFINE(HAVE_DRIVE_LETTERS,1, - [defined if we must run on a stupid file system]) - AC_DEFINE(HAVE_DOSISH_SYSTEM,1, - [defined if we run on some of the PCDOS like systems - (DOS, Windoze. OS/2) with special properties like - no file modes]) - AC_DEFINE(USE_SIMPLE_GETTEXT,1, - [because the Unix gettext has too much overhead on - MingW32 systems and these systems lack Posix functions, - we use a simplified version of gettext]) - try_gettext="no" - ;; - i?86-emx-os2 | i?86-*-os2*emx ) - # OS/2 with the EMX environment - ac_cv_have_dev_random=no - AC_DEFINE(HAVE_DRIVE_LETTERS) - AC_DEFINE(HAVE_DOSISH_SYSTEM) - try_gettext="no" - ;; - - i?86-*-msdosdjgpp*) - # DOS with the DJGPP environment - ac_cv_have_dev_random=no - AC_DEFINE(HAVE_DRIVE_LETTERS) - AC_DEFINE(HAVE_DOSISH_SYSTEM) - try_gettext="no" - ;; - - *-*-freebsd*) - # FreeBSD - CPPFLAGS="$CPPFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - ;; - - *-*-hpux*) - if test -z "$GCC" ; then - CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" - fi - ;; - *-dec-osf4*) - if test -z "$GCC" ; then - # Suppress all warnings - # to get rid of the unsigned/signed char mismatch warnings. - CFLAGS="$CFLAGS -w" - fi - ;; - *-dec-osf5*) - if test -z "$GCC" ; then - # Use the newer compiler `-msg_disable ptrmismatch' to - # get rid of the unsigned/signed char mismatch warnings. - # Using this may hide other pointer mismatch warnings, but - # it at least lets other warning classes through - CFLAGS="$CFLAGS -msg_disable ptrmismatch" - fi - ;; - m68k-atari-mint) - ;; - *) - ;; -esac - -AC_SUBST(MPI_OPT_FLAGS) -GNUPG_SYS_SYMBOL_UNDERSCORE - -dnl Must check for network library requirements before doing link tests -dnl for ldap, for example. If ldap libs are static (or dynamic and without -dnl ELF runtime link paths), then link will fail and LDAP support won't -dnl be detected. - -AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname, - [NETLIBS="-lnsl $NETLIBS"])) -AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt, - [NETLIBS="-lsocket $NETLIBS"])) - -# Try and link a LDAP test program to weed out unusable LDAP -# libraries. -lldap [-llber [-lresolv]] is for OpenLDAP. OpenLDAP in -# general is terrible with creating weird dependencies. If all else -# fails, the user can play guess-the-dependency by using something -# like LDAPLIBS="-lfoo" ./configure - -if test "$try_ldap" = yes ; then - for MY_LDAPLIBS in ${LDAPLIBS+"$LDAPLIBS"} "-lldap" "-lldap -llber" "-lldap -llber -lresolv"; do - _ldap_save_libs=$LIBS - LIBS="$MY_LDAPLIBS $NETLIBS $LIBS" - - AC_MSG_CHECKING([whether LDAP via \"$MY_LDAPLIBS\" is present and sane]) - AC_TRY_LINK([#include ],[ldap_open("foobar",1234);], - [gnupg_cv_func_ldap_init=yes],[gnupg_cv_func_ldap_init=no]) - AC_MSG_RESULT([$gnupg_cv_func_ldap_init]) - - if test $gnupg_cv_func_ldap_init = no; then - AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h]) - AC_TRY_LINK([#include -#include ],[ldap_open("foobar",1234);], - [gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no]) - AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init]) - fi - - if test "$gnupg_cv_func_ldaplber_init" = yes ; then - AC_DEFINE(NEED_LBER_H,1,[Define if the LDAP library requires including lber.h before ldap.h]) - fi - - if test "$gnupg_cv_func_ldap_init" = yes || \ - test "$gnupg_cv_func_ldaplber_init" = yes ; then - LDAPLIBS=$MY_LDAPLIBS - GPGKEYS_LDAP="gpgkeys_ldap" - - AC_MSG_CHECKING([whether LDAP supports ldap_get_option]) - - if test "$gnupg_cv_func_ldap_init" = yes ; then - AC_TRY_LINK([#include ], - [ldap_get_option((void *)0,0,(void *)0);], - [gnupg_cv_func_ldap_get_option=yes], - [gnupg_cv_func_ldap_get_option=no]) - else - AC_TRY_LINK([#include -#include ],[ldap_get_option((void *)0,0,(void *)0);], - [gnupg_cv_func_ldap_get_option=yes], - [gnupg_cv_func_ldap_get_option=no]) - fi - - AC_MSG_RESULT([$gnupg_cv_func_ldap_get_option]) - - if test "$gnupg_cv_func_ldap_get_option" = yes ; then - AC_DEFINE(HAVE_LDAP_GET_OPTION,1,[Define if the LDAP library has ldap_get_option]) - else - AC_MSG_CHECKING([whether LDAP supports ld_errno]) - - if test "$gnupg_cv_func_ldap_init" = yes ; then - AC_TRY_COMPILE([#include ], - [LDAP *ldap; ldap->ld_errno;], - [gnupg_cv_func_ldap_ld_errno=yes], - [gnupg_cv_func_ldap_ld_errno=no]) - else - AC_TRY_LINK([#include -#include ],[LDAP *ldap; ldap->ld_errno;], - [gnupg_cv_func_ldap_ld_errno=yes], - [gnupg_cv_func_ldap_ld_errno=no]) - fi - - AC_MSG_RESULT([$gnupg_cv_func_ldap_ld_errno]) - - if test "$gnupg_cv_func_ldap_ld_errno" = yes ; then - AC_DEFINE(HAVE_LDAP_LD_ERRNO,1,[Define if the LDAP library supports ld_errno]) - fi - fi - fi - - LIBS=$_ldap_save_libs - - if test "$GPGKEYS_LDAP" != "" ; then break; fi - done +if test "$GCC" = yes; then + CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" fi -AC_SUBST(GPGKEYS_LDAP) -AC_SUBST(LDAPLIBS) - -dnl This isn't necessarily sendmail itself, but anything that gives a -dnl sendmail-ish interface to the outside world. That includes qmail, -dnl postfix, etc. Basically, anything that can handle "sendmail -t". - -if test "$try_mailto" = yes ; then - AC_ARG_WITH(mailprog,[ --with-mailprog=NAME use "NAME -t" for mail transport],,with_mailprog=yes) - - if test "$with_mailprog" = yes ; then - AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib) - if test "$ac_cv_path_SENDMAIL" ; then - GPGKEYS_MAILTO="gpgkeys_mailto" - fi - elif test "$with_mailprog" != no ; then - AC_MSG_CHECKING([for a mail transport program]) - AC_SUBST(SENDMAIL,$with_mailprog) - AC_MSG_RESULT($with_mailprog) - GPGKEYS_MAILTO="gpgkeys_mailto" - fi -fi - -AC_SUBST(GPGKEYS_MAILTO) - case "${target}" in *-*-mingw32*) PRINTABLE_OS_NAME="MingW32" - ;; - *-*-cygwin*) - PRINTABLE_OS_NAME="Cygwin32" + AC_DEFINE(HAVE_DOSISH_SYSTEM,1, + [defined if we run on some of the PCDOS like systems + (DOS, Windoze. OS/2) with special properties like + no file modes]) ;; i?86-emx-os2 | i?86-*-os2*emx ) PRINTABLE_OS_NAME="OS/2" @@ -488,465 +128,229 @@ AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME", [A human readable text with the name of the OS]) +# I know that it is in general not a good idea to evaluate bindir in +# the configuration but we want to hard code the defaults into some of +# the programs and doing this during a make install is not a good +# idea. We also have the problem that 2 of the programs are included +# in the package but the others are distributed in other packages. +eval my_default_bindir=${exec_prefix} +test "x${my_default_bindir}" = xNONE && my_default_bindir=${ac_default_prefix} +my_default_bindir=${my_default_bindir}/bin + +AC_ARG_WITH(agent-pgm, + [ --with-agent-pgm=PATH Use PATH as the default for the gpg-agent)], + gnupg_agent_pgm="$withval", + gnupg_agent_pgm="${my_default_bindir}/gpg-agent" ) +AC_DEFINE_UNQUOTED(GNUPG_DEFAULT_AGENT, "$gnupg_agent_pgm", + [Default location of the gpg-agent program]) +AC_ARG_WITH(pinentry-pgm, + [ --with-pinentry-pgm=PATH Use PATH as the default for the pinentry)], + gnupg_pinentry_pgm="$withval", gnupg_pinentry_pgm="" ) +if test -z "$gnupg_pinentry_pgm"; then + gnupg_pinentry_pgm=${my_default_bindir}/pinentry +fi +AC_DEFINE_UNQUOTED(GNUPG_DEFAULT_PINENTRY, "$gnupg_pinentry_pgm", + [Default location of the pinentry program]) +AC_ARG_WITH(scdaemon-pgm, + [ --with-scdaemon-pgm=PATH Use PATH as the default for the scdaemon)], + gnupg_scdaemon_pgm="$withval", gnupg_scdaemon_pgm="" ) +if test -z "$gnupg_scdaemon_pgm"; then + gnupg_scdaemon_pgm=${my_default_bindir}/scdaemon +fi +AC_DEFINE_UNQUOTED(GNUPG_DEFAULT_SCDAEMON, "$gnupg_scdaemon_pgm", + [Default location of the scdaemon program]) +AC_ARG_WITH(dirmngr-pgm, + [ --with-dirmngr-pgm=PATH Use PATH as the default for the dirmngr)], + gnupg_dirmngr_pgm="$withval", gnupg_dirmngr_pgm="" ) +if test -z "$gnupg_dirmngr_pgm"; then + gnupg_dirmngr_pgm=${my_default_bindir}/dirmngr +fi +AC_DEFINE_UNQUOTED(GNUPG_DEFAULT_DIRMNGR, "$gnupg_dirmngr_pgm", + [Default location of the dirmngr program]) + + # -# 1. Set names of random devices +# Checks for libraries. # -NAME_OF_DEV_RANDOM="/dev/random" -NAME_OF_DEV_URANDOM="/dev/urandom" -case "${target}" in - *-openbsd*) - NAME_OF_DEV_RANDOM="/dev/srandom" - NAME_OF_DEV_URANDOM="/dev/urandom" - ;; -esac -AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, "$NAME_OF_DEV_RANDOM", - [defined to the name of the strong random device]) -AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, "$NAME_OF_DEV_URANDOM", - [defined to the name of the weaker random device]) -AC_SUBST(MPI_OPT_FLAGS) + +# +# Libgcrypt is our generic crypto library +# +#AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config) +#if test -n "$LIBGCRYPT_CONFIG"; then +# LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` +# LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` +#else +# AC_MSG_ERROR([[ +#*** +#*** You need libgcrypt to build this program. +#*** It should be available at the same place you +#*** got this software. +#***]]) +#fi +#AC_SUBST(LIBGCRYPT_CFLAGS) +#AC_SUBST(LIBGCRYPT_LIBS) +AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_VERSION",, + AC_MSG_ERROR([[ +*** +*** libgcrypt was not found. You may want to get it from +*** ftp://ftp.gnupg.org/pub/gcrypt/alpha/libgcrypt/ +*** +]])) -dnl Checks for libraries. - -if test "$try_gettext" = yes; then - AM_GNU_GETTEXT -else - USE_NLS=no - USE_INCLUDED_LIBINTL=no - BUILD_INCLUDED_LIBINTL=no - AC_SUBST(USE_NLS) - AC_SUBST(USE_INCLUDED_LIBINTL) - AC_SUBST(BUILD_INCLUDED_LIBINTL) +# +# libksba is our X.509 support library +# +AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no) +if test "$have_ksba" = "no"; then + AC_MSG_ERROR([[ +*** +*** You need libksba to build this program.. +*** It should be available at the same place you +*** got this software. +***]]) fi -if test "$try_dynload" = yes ; then - AC_CHECK_LIB(dl,dlopen) - if test "$ac_cv_lib_dl_dlopen" = "yes"; then - AC_DEFINE(USE_DYNAMIC_LINKING,1, - [define to enable the use of extensions]) - AC_DEFINE(HAVE_DL_DLOPEN,1, - [Defined when the dlopen function family is available]) - else - AC_CHECK_FUNCS(dlopen) - if test "$ac_cv_func_dlopen" = "yes"; then - AC_DEFINE(USE_DYNAMIC_LINKING) - AC_DEFINE(HAVE_DL_DLOPEN) - fi +# +# OpenSC is needed by the SCdaemon - if it is not availbale we won't +# build the SCdaemon +# +AM_PATH_OPENSC("$NEED_OPENSC_VERSION",have_opensc=yes,have_opensc=no) + + +# +# Check whether the (highly desirable) GNU Pth library is available +# +AC_ARG_WITH(pth-prefix, + AC_HELP_STRING([--with-pth-prefix=PFX], + [prefix where GNU Pth is installed (optional)]), + pth_config_prefix="$withval", pth_config_prefix="") +if test x$pth_config_prefix != x ; then + PTH_CONFIG="$pth_config_prefix/bin/pth-config" +fi +AC_PATH_PROG(PTH_CONFIG, pth-config, no) +if test "$PTH_CONFIG" = "no"; then + AC_MSG_WARN([[ +*** +*** To support concurrent access to the gpg-agent and the SCdaemon +*** we need the support of the GNU Portable Threads Library. +*** Download it from ftp://ftp.gnu.org/gnu/pth/ +*** On a Debian GNU/Linux system you might want to try +*** apt-get install libpth-dev +***]]) +else + GNUPG_PTH_VERSION_CHECK(1.3.7) + if test $have_pth = yes; then + PTH_CFLAGS=`$PTH_CONFIG --cflags` + PTH_LIBS=`$PTH_CONFIG --libs` + AC_DEFINE(USE_GNU_PTH, 1, + [Defined if the GNU Portable Thread Library should be used]) fi -else - AC_MSG_CHECKING(for dynamic loading) - DYNLINK_LDFLAGS= - DYNLINK_MOD_CFLAGS= - AC_MSG_RESULT(has been disabled) fi +AC_SUBST(PTH_CFLAGS) +AC_SUBST(PTH_LIBS) -dnl Checks for header files. + +AM_GNU_GETTEXT + + +# Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS(unistd.h langinfo.h termio.h locale.h) +AC_CHECK_HEADERS([string.h locale.h]) -dnl Checks for typedefs, structures, and compiler characteristics. +# Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_C_INLINE AC_TYPE_SIZE_T -AC_TYPE_MODE_T AC_TYPE_SIGNAL AC_DECL_SYS_SIGLIST -GNUPG_CHECK_ENDIAN - - GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF) GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF) GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF) -GNUPG_CHECK_TYPEDEF(u16, HAVE_U16_TYPEDEF) -GNUPG_CHECK_TYPEDEF(u32, HAVE_U32_TYPEDEF) -AC_CHECK_SIZEOF(unsigned short, 2) -AC_CHECK_SIZEOF(unsigned int, 4) -AC_CHECK_SIZEOF(unsigned long, 4) -AC_CHECK_SIZEOF(unsigned long long, 0) +GNUPG_SYS_SO_PEERCRED -if test "$ac_cv_sizeof_unsigned_short" = "0" \ - || test "$ac_cv_sizeof_unsigned_int" = "0" \ - || test "$ac_cv_sizeof_unsigned_long" = "0"; then - AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]); -fi +# Checks for library functions. -dnl Checks for library functions. -AC_FUNC_FSEEKO -AC_FUNC_VPRINTF -AC_FUNC_FORK -AC_CHECK_FUNCS(strerror stpcpy strsep strlwr tcgetattr strtoul mmap) -AC_CHECK_FUNCS(strcasecmp strncasecmp) -AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime) -AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale) -AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat) +# These are needed by libjnlib - fixme: we should have a macros for them +AC_CHECK_FUNCS(memicmp stpcpy strlwr strtoul memmove stricmp strtol) +AC_CHECK_FUNCS(getrusage setrlimit stat setlocale) + +AC_CHECK_FUNCS(sigaction sigprocmask) + +AC_REPLACE_FUNCS(vasprintf) +AC_REPLACE_FUNCS(fopencookie) +# FIXME: Print a warning when that fopencookie is not available. AC_REPLACE_FUNCS(mkdtemp) +AC_REPLACE_FUNCS(fseeko ftello) + +# We use jnlib, so tell other modules about it +AC_DEFINE(HAVE_JNLIB_LOGGING, 1, + [Defined if jnlib style logging fucntions are available]) + # -# check for gethrtime and run a testprogram to see whether -# it is broken. It has been reported that some Solaris and HP UX systems -# raise an SIGILL +# Decide what to build # -AC_CACHE_CHECK([for gethrtime], - [gnupg_cv_func_gethrtime], - [AC_TRY_LINK([#include ],[ - hrtime_t tv; - tv = gethrtime(); - ], - [gnupg_cv_func_gethrtime=yes], - [gnupg_cv_func_gethrtime=no]) - ]) -if test $gnupg_cv_func_gethrtime = yes; then - AC_DEFINE([HAVE_GETHRTIME], 1, - [Define if you have the `gethrtime(2)' function.]) - AC_CACHE_CHECK([whether gethrtime is broken], - [gnupg_cv_func_broken_gethrtime], - [AC_TRY_RUN([ - #include - int main () { - hrtime_t tv; - tv = gethrtime(); - } - ], - [gnupg_cv_func_broken_gethrtime=no], - [gnupg_cv_func_broken_gethrtime=yes], - [gnupg_cv_func_broken_gethrtime=assume-no]) - ]) - if test $gnupg_cv_func_broken_gethrtime = yes; then - AC_DEFINE([HAVE_BROKEN_GETHRTIME], 1, - [Define if `gethrtime(2)' does not work correctly i.e. issues a SIGILL.]) - fi -fi - - -GNUPG_CHECK_MLOCK -GNUPG_FUNC_MKDIR_TAKES_ONE_ARG - -dnl -dnl Check whether we can use Linux capabilities as requested -dnl -if test "$use_capabilities" = "yes" ; then -use_capabilities=no -AC_CHECK_HEADERS(sys/capability.h) -if test "$ac_cv_header_sys_capability_h" = "yes" ; then - AC_CHECK_LIB(cap, cap_init, ac_need_libcap=1) - if test "$ac_cv_lib_cap_cap_init" = "yes"; then - AC_DEFINE(USE_CAPABILITIES,1, - [define if capabilities should be used]) - LIBS="$LIBS -lcap" - use_capabilities=yes - fi -fi -if test "$use_capabilities" = "no" ; then - AC_MSG_WARN([[ -*** -*** The use of capabilities on this system is not possible. -*** You need a recent Linux kernel and some patches: -*** fcaps-2.2.9-990610.patch (kernel patch for 2.2.9) -*** fcap-module-990613.tar.gz (kernel module) -*** libcap-1.92.tar.gz (user mode library and utilities) -*** And you have to configure the kernel with CONFIG_VFS_CAP_PLUGIN -*** set (filesystems menu). Be warned: This code is *really* ALPHA. -***]]) -fi +if test $have_opensc = no; then + build_scdaemon=no fi - -GNUPG_CHECK_IPC -if test "$ac_cv_header_sys_shm_h" = "yes"; then - AC_DEFINE(USE_SHM_COPROCESSING,1, - [define if the shared memory interface should be made available]) +if test $have_ksba = no; then + build_gpgsm=no + build_scdaemon=no fi -dnl -dnl check whether we have a random device -dnl -if test "$try_dev_random" = yes ; then - AC_CACHE_CHECK(for random device, ac_cv_have_dev_random, - [if test -r "$NAME_OF_DEV_RANDOM" && test -r "$NAME_OF_DEV_URANDOM" ; then - ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; fi]) - if test "$ac_cv_have_dev_random" = yes; then - AC_DEFINE(HAVE_DEV_RANDOM,1, - [defined if the system supports a random device] ) - fi -else - AC_MSG_CHECKING(for random device) - ac_cv_have_dev_random=no - AC_MSG_RESULT(has been disabled) -fi - - -dnl -dnl Figure out the default random module. -dnl -random_modules="" -if test "$use_static_rnd" = default; then - if test "$ac_cv_have_dev_random" = yes; then - random_modules="rndlinux" - else - case "${target}" in - *-*-mingw32*|*-*-cygwin*) - random_modules="rndw32" - ;; - i?86-emx-os2|i?86-*-os2*emx) - random_modules="rndos2" - ;; - m68k-atari-mint) - random_modules="rndatari" - ;; - i?86-*-msdosdjgpp*) - : - ;; - *) - random_modules="rndlinux rndegd rndunix" - AC_DEFINE(USE_ALL_RANDOM_MODULES, 1, - [Allow to select random modules at runtime.]) - ;; - esac - fi -else - if test "$use_static_rnd" = auto; then - random_modules="rndlinux rndegd rndunix" - AC_DEFINE(USE_ALL_RANDOM_MODULES, 1) - else - random_modules="rnd$use_static_rnd"; +build_agent_threaded="" +if test "$build_agent" = "yes"; then + if test $have_pth = no; then + build_agent_threaded="(not multi-threaded)" fi fi -if test -z "$random_modules"; then - AC_MSG_ERROR(no random module available) -fi -print_egd_warning=no -for rndmod in $random_modules "" ; do - case "$rndmod" in - rndlinux) - AC_DEFINE(USE_RNDLINUX,1, - [Defined if the /dev/random based RNG should be used.]) - ;; - rndunix) - AC_DEFINE(USE_RNDUNIX,1, - [Defined if the default Unix RNG should be used.]) - print_egd_warning=yes - ;; - rndegd) - AC_DEFINE(USE_RNDEGD,1, - [Defined if the EGD based RNG should be used.]) - EGDLIBS=$NETLIBS - AC_SUBST(EGDLIBS) - ;; - rndw32) - AC_DEFINE(USE_RNDW32,1, - [Defined if the Windows specific RNG should be used.]) - ;; - esac -done - -dnl setup assembler stuff -AC_MSG_CHECKING(for mpi assembler functions) -if test -f $srcdir/mpi/config.links ; then - . $srcdir/mpi/config.links - AC_CONFIG_LINKS("$mpi_ln_list") - ac_cv_mpi_extra_asm_modules="$mpi_extra_modules" - ac_cv_mpi_sflags="$mpi_sflags" - ac_cv_mpi_config_done="yes" - AC_MSG_RESULT(done) -else - AC_MSG_RESULT(failed) - AC_MSG_ERROR([mpi/config.links missing!]) -fi -MPI_EXTRA_ASM_OBJS="" -show_extraasm="" -if test "$ac_cv_mpi_extra_asm_modules" != ""; then -for i in $ac_cv_mpi_extra_asm_modules; do - show_extraasm="$show_extraasm $i" - MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.o" -done -fi -AC_SUBST(MPI_EXTRA_ASM_OBJS) -MPI_SFLAGS="$ac_cv_mpi_sflags" -AC_SUBST(MPI_SFLAGS) - -dnl Do we have zlib? Must do it here because Solaris failed -dnl when compiling a conftest (due to the "-lz" from LIBS). -use_local_zlib=yes -if test "$g10_force_zlib" = "yes"; then - : -else - _cppflags="${CPPFLAGS}" - _ldflags="${LDFLAGS}" - - AC_ARG_WITH(zlib, - [ --with-zlib=DIR use libz in DIR],[ - if test -d "$withval"; then - CPPFLAGS="${CPPFLAGS} -I$withval/include" - LDFLAGS="${LDFLAGS} -L$withval/lib" - fi - ]) - - AC_CHECK_HEADER(zlib.h, - AC_CHECK_LIB(z, deflateInit2_, - use_local_zlib=no - LIBS="$LIBS -lz", - CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}), - CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}) -fi - -if test "$use_local_zlib" = yes ; then - AM_CONDITIONAL(ENABLE_LOCAL_ZLIB, true) - AC_CONFIG_LINKS(zlib.h:zlib/zlib.h zconf.h:zlib/zconf.h ) - ZLIBS="../zlib/libzlib.a" -else - AM_CONDITIONAL(ENABLE_LOCAL_ZLIB, false) - ZLIBS= -fi -AC_SUBST(ZLIBS) - - -# Allow users to append something to the version string without -# flagging it as development version. The user version parts is -# considered everything after a dash. -if test "$development_version" != yes; then - changequote(,)dnl - tmp_pat='[a-zA-Z]' - changequote([,])dnl - if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then - development_version=yes +build_scdaemon_threaded="" +if test "$build_scdaemon" = "yes"; then + if test $have_pth = no; then + build_scdaemon_threaded="(not multi-threaded)" fi fi -if test "$development_version" = yes; then - AC_DEFINE(IS_DEVELOPMENT_VERSION,1, - [Defined if this is not a regular release]) -fi - -AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes) - -GNUPG_CHECK_GNUMAKE - -# add some extra libs here so that previous tests don't fail for -# mysterious reasons - the final link step should bail out. -case "${target}" in - *-*-mingw32*) - LIBS="$LIBS -lwsock32" - ;; - *) - ;; -esac -if test "$GCC" = yes; then - if test "$USE_MAINTAINER_MODE" = "yes"; then - CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" - else - CFLAGS="$CFLAGS -Wall" - fi -fi - -AC_SUBST(NETLIBS) - - -if test "$print_egd_warning" = yes; then - AC_MSG_WARN([[ -*** -*** The performance of the UNIX random gatherer module is not very good -*** and it does not keep the entropy pool over multiple invocations of -*** GnuPG. The suggested way to overcome this problem is to use the -*** -*** Entropy Gathering Daemon (EGD) -*** -*** which provides a entropy source for the whole system. It is written -*** in Perl and available at the GnuPG FTP servers. For more information -*** consult the GnuPG webpages: -*** -*** http://www.gnupg.org/download.html#egd -*** -*** You may want to run ./configure with --enable-static-rnd=egd to use it. -***]]) -fi - - - -# Note the \\\\ for backslashes. Autoconf eats one layer, leaving \\ - -AC_SUBST(GNUPG_LIBEXECDIR,"${libexecdir}/gnupg") - -AC_CONFIG_COMMANDS(g10defs.h,[[ -cat >g10defs.tmp <>g10defs.tmp -if cmp -s g10defs.h g10defs.tmp 2>/dev/null; then - echo "g10defs.h is unchanged" - rm -f g10defs.tmp -else - rm -f g10defs.h - mv g10defs.tmp g10defs.h - echo "g10defs.h created" -fi -]],[[ -prefix=$prefix -exec_prefix=$exec_prefix -libdir=$libdir -libexecdir=$libexecdir -datadir=$datadir -DATADIRNAME=$DATADIRNAME -]]) +AM_CONDITIONAL(BUILD_GPGSM, test "$build_gpgsm" = "yes") +AM_CONDITIONAL(BUILD_AGENT, test "$build_agent" = "yes") +AM_CONDITIONAL(BUILD_SCDAEMON, test "$build_scdaemon" = "yes") AC_CONFIG_FILES([ Makefile intl/Makefile po/Makefile.in -util/Makefile -mpi/Makefile -cipher/Makefile -g10/Makefile -keyserver/Makefile -keyserver/gpgkeys_mailto -keyserver/gpgkeys_test +jnlib/Makefile +assuan/Makefile +common/Makefile +kbx/Makefile +sm/Makefile +agent/Makefile +scd/Makefile doc/Makefile -tools/Makefile -zlib/Makefile -checks/Makefile +tests/Makefile ]) AC_OUTPUT -# Give some feedback -echo -echo " Configured for: $PRINTABLE_OS_NAME ($target)" -if test -n "$show_extraasm"; then - echo " Extra cpu specific functions:$show_extraasm" -fi -echo + +echo " + NewPG v${VERSION} has been configured as follows: + + OpenPGP: $build_gpg + S/MIME: $build_gpgsm + Agent: $build_agent $build_agent_threaded + Smartcard: $build_scdaemon $build_scdaemon_threaded + + Default agent: $gnupg_agent_pgm + Default pinentry: $gnupg_pinentry_pgm + Default scdaemon: $gnupg_scdaemon_pgm + Default dirmngr: $gnupg_dirmngr_pgm +"