mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Merged Top directory of NewPG with GnuPG.
This commit is contained in:
parent
82a17c9fb3
commit
9214e1b282
117
AUTHORS
117
AUTHORS
@ -1,117 +0,0 @@
|
|||||||
Program: GnuPG
|
|
||||||
Maintainer: Werner Koch <wk@gnupg.org>
|
|
||||||
Bug reports: <bug-gnupg@gnu.org>
|
|
||||||
Security related bug reports: <security@gnupg.org>
|
|
||||||
|
|
||||||
|
|
||||||
Authors
|
|
||||||
=======
|
|
||||||
|
|
||||||
Birger Langkjer <birger.langkjer@image.dk> Translations [da]
|
|
||||||
|
|
||||||
Daniel Resare <daniel@resare.com> Translations [sv]
|
|
||||||
|
|
||||||
David Shaw <dshaw@jabberwocky.com> Assignment
|
|
||||||
(all in keyserver/,
|
|
||||||
a lot of changes in g10/ see the ChangeLog,
|
|
||||||
bug fixes here and there)
|
|
||||||
|
|
||||||
Dokianakis Theofanis <madf@hellug.gr> Translations [el]
|
|
||||||
|
|
||||||
Edmund GRIMLEY EVANS <edmundo@rano.org> Translations [eo]
|
|
||||||
|
|
||||||
Gaël Quéri <gael@lautre.net> Translations [fr]
|
|
||||||
(fixed a lot of typos)
|
|
||||||
|
|
||||||
Gregory Steuck <steuck@iname.com> Translations [ru]
|
|
||||||
|
|
||||||
Ivo Timmermans <itimmermans@bigfoot.com> Translations [nl]
|
|
||||||
|
|
||||||
Jacobo Tarri'o Barreiro <jtarrio@iname.com> Translations [gl]
|
|
||||||
|
|
||||||
Janusz Aleksander Urbanowicz <alex@bofh.torun.pl> Translations [po]
|
|
||||||
|
|
||||||
Magda Procha'zkova' <magda@math.muni.cz> Translations [cs]
|
|
||||||
|
|
||||||
Michael Roth <mroth@nessie.de> Assignment
|
|
||||||
(wrote cipher/des.c., changes and bug fixes all over the place)
|
|
||||||
|
|
||||||
Marco d'Itri <md@linux.it> Translations [it]
|
|
||||||
|
|
||||||
Matthew Skala <mskala@ansuz.sooke.bc.ca> Disclaimer
|
|
||||||
(wrote cipher/twofish.c)
|
|
||||||
|
|
||||||
Niklas Hernaeus <nh@df.lth.se> Disclaimer
|
|
||||||
(weak key patches)
|
|
||||||
|
|
||||||
Nilgun Belma Buguner <nilgun@technologist.com> Translations [tr]
|
|
||||||
|
|
||||||
Nils Ellmenreich <nils 'at' infosun.fmi.uni-passau.de> Assignment
|
|
||||||
(configure.in, cipher/rndlinux.c, FAQ)
|
|
||||||
|
|
||||||
Paul Eggert <eggert@twinsun.com>
|
|
||||||
(configuration macros for LFS)
|
|
||||||
|
|
||||||
Pedro Morais <morais@poli.org> Translations [pt_PT]
|
|
||||||
|
|
||||||
Rémi Guyomarch <rguyom@mail.dotcom.fr> Assignment
|
|
||||||
(g10/compress.c, g10/encr-data.c,
|
|
||||||
g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c)
|
|
||||||
|
|
||||||
Stefan Bellon <sbellon@sbellon.de> Assignment
|
|
||||||
(All patches to support RISC OS)
|
|
||||||
|
|
||||||
Timo Schulz <twoaday@freakmail.de> Assignment
|
|
||||||
(util/w32reg.c, g10/passphrase.c, g10/hkp.c)
|
|
||||||
|
|
||||||
Tedi Heriyanto <tedi_h@gmx.net> Translations [id]
|
|
||||||
|
|
||||||
Thiago Jung Bauermann <jungmann@cwb.matrix.com.br> Translations [pt_BR]
|
|
||||||
Rafael Caetano dos Santos <rcaetano@linux.ime.usp.br> Translations [pt_BR]
|
|
||||||
|
|
||||||
Toomas Soome <tsoome@ut.ee> Translations [et]
|
|
||||||
|
|
||||||
Urko Lusa <ulusa@euskalnet.net> Translations [es_ES]
|
|
||||||
|
|
||||||
Walter Koch <koch@u32.de> Translations [de]
|
|
||||||
|
|
||||||
Werner Koch <wk@gnupg.org> Assignment
|
|
||||||
(started the whole thing)
|
|
||||||
|
|
||||||
Yosiaki IIDA <iida@ring.gr.jp> Translations [ja]
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Other legal information
|
|
||||||
=======================
|
|
||||||
|
|
||||||
This program uses the zlib compression library written by
|
|
||||||
Jean-loup Gailly and Mark Adler.
|
|
||||||
|
|
||||||
Most of the stuff in mpi has been taken from the GMP library by
|
|
||||||
Torbjorn Granlund <tege@noisy.tmg.se>.
|
|
||||||
|
|
||||||
The Rijndael implementation (cipher/rijndael.c) is based on the
|
|
||||||
public domain reference code provided for the AES selection process.
|
|
||||||
The Rijndael algorithm is due to Joan Daemen and Vincent Rijmen.
|
|
||||||
|
|
||||||
The files cipher/rndunix.c and cipher/rndw32.c are based on rndunix.c
|
|
||||||
and rndwin32.c from cryptlib.
|
|
||||||
Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999.
|
|
||||||
|
|
||||||
The files in debian/ are by James Troup who is the Debian maintainer
|
|
||||||
for GnuPG.
|
|
||||||
|
|
||||||
The RPM specs file scripts/gnupg.spec has been contributed by
|
|
||||||
several people.
|
|
||||||
|
|
||||||
Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
|
|
||||||
|
|
||||||
This file is free software; as a special exception the author gives
|
|
||||||
unlimited permission to copy and/or distribute it, with or without
|
|
||||||
modifications, as long as this notice is preserved.
|
|
||||||
|
|
||||||
This file is distributed in the hope that it will be useful, but
|
|
||||||
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
||||||
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
|
|
47
Makefile.am
47
Makefile.am
@ -1,4 +1,5 @@
|
|||||||
# Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
|
# Makefile.am - main makefile for NewPG/GnuPG
|
||||||
|
# Copyright (C) 2001 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is part of GnuPG.
|
# This file is part of GnuPG.
|
||||||
#
|
#
|
||||||
@ -18,37 +19,29 @@
|
|||||||
|
|
||||||
## Process this file with automake to produce Makefile.in
|
## Process this file with automake to produce Makefile.in
|
||||||
|
|
||||||
if CROSS_COMPILING
|
EXTRA_DIST = autogen.sh
|
||||||
checks =
|
|
||||||
|
if BUILD_GPGSM
|
||||||
|
sm = sm
|
||||||
else
|
else
|
||||||
checks = checks
|
sm =
|
||||||
|
endif
|
||||||
|
if BUILD_AGENT
|
||||||
|
agent = agent
|
||||||
|
else
|
||||||
|
agent =
|
||||||
|
endif
|
||||||
|
if BUILD_SCDAEMON
|
||||||
|
scd = scd
|
||||||
|
else
|
||||||
|
scd =
|
||||||
endif
|
endif
|
||||||
|
|
||||||
SUBDIRS = intl zlib util mpi cipher tools g10 keyserver po doc ${checks}
|
SUBDIRS = intl jnlib assuan common kbx ${sm} ${agent} ${scd} po doc tests
|
||||||
EXTRA_DIST = PROJECTS BUGS config.h.in
|
|
||||||
DISTCLEANFILES = g10defs.h
|
|
||||||
|
|
||||||
# Add all the files listed in "distfiles" files to the distribution,
|
|
||||||
# apply version numbers to some files and create a VERSION file which
|
|
||||||
# we need for the Prereq: patch file trick.
|
|
||||||
dist-hook:
|
dist-hook:
|
||||||
@set -e; \
|
@set -e; echo "$(VERSION)" > $(distdir)/VERSION
|
||||||
for file in `cd $(top_srcdir); \
|
|
||||||
find scripts mpi include -type f -name distfiles`; do \
|
|
||||||
dir=`dirname $$file` ; $(mkinstalldirs) $(distdir)/$$dir ; \
|
|
||||||
for i in distfiles `cat $(top_srcdir)/$$file` ; do \
|
|
||||||
ln $(top_srcdir)/$$dir/$$i $(distdir)/$$dir/$$i 2> /dev/null \
|
|
||||||
|| cp -p $(top_srcdir)/$$dir/$$i $(distdir)/$$dir/$$i; \
|
|
||||||
done ; \
|
|
||||||
done
|
|
||||||
@set -e; \
|
|
||||||
sed -e 's/@pkg_version@/$(VERSION)/g' \
|
|
||||||
$(top_srcdir)/scripts/gnupg.spec.in \
|
|
||||||
> $(distdir)/scripts/gnupg.spec
|
|
||||||
echo "$(VERSION)" > $(distdir)/VERSION
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
784
README
784
README
@ -1,652 +1,372 @@
|
|||||||
|
NewPG is a temporary protect to work on GnuPG extensions. It will be
|
||||||
|
merged into the regular GnuPG sources for a GnuPG 2.0 release.
|
||||||
|
|
||||||
GnuPG - The GNU Privacy Guard
|
jnlib/ utility functions
|
||||||
-------------------------------
|
assuan/ assuan protocol library
|
||||||
Version 1.3
|
kbx/ keybox library
|
||||||
|
sm/ the gpgsm program
|
||||||
|
agent/ the gpg-agent
|
||||||
|
scd/ the smartcard daemon
|
||||||
|
|
||||||
Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
|
Libksba and Libgcrypt are required to build it.
|
||||||
|
|
||||||
This file is free software; as a special exception the author gives
|
Assuan and Keybox are both designed to be source include-able.
|
||||||
unlimited permission to copy and/or distribute it, with or without
|
|
||||||
modifications, as long as this notice is preserved.
|
|
||||||
|
|
||||||
This file is distributed in the hope that it will be useful, but
|
A texinfo manual `gnupg.info' will get installed. Some commands and
|
||||||
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
options given below.
|
||||||
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
|
|
||||||
|
|
||||||
Intro
|
COMMANDS
|
||||||
-----
|
========
|
||||||
|
|
||||||
GnuPG is GNU's tool for secure communication and data storage.
|
gpgsm:
|
||||||
It can be used to encrypt data and to create digital signatures.
|
------
|
||||||
It includes an advanced key management facility and is compliant
|
|
||||||
with the proposed OpenPGP Internet standard as described in RFC2440.
|
|
||||||
|
|
||||||
GnuPG works best on GNU/Linux or *BSD systems. Most other Unices
|
--learn-card
|
||||||
are also supported but are not as well tested as the Free Unices.
|
|
||||||
See http://www.gnupg.org/gnupg.html#supsys for a list of systems
|
|
||||||
which are known to work.
|
|
||||||
|
|
||||||
See the file COPYING for copyright and warranty information.
|
Read tinformation about the private keys from the smartcard and
|
||||||
|
import the certificates from there.
|
||||||
|
|
||||||
Because GnuPG does not use use any patented algorithm it cannot be
|
--export
|
||||||
compatible with PGP2 versions. PGP 2.x uses IDEA (which is patented
|
|
||||||
worldwide).
|
|
||||||
|
|
||||||
The default algorithms are DSA and ElGamal, but RSA is also
|
Export all certificates storein the Keybox or those specified on
|
||||||
supported. ElGamal for signing is available, but because of the
|
the commandline. When using --armor a few informational lines are
|
||||||
larger size of such signatures it is deprecated (Please note that
|
prepended before each block.
|
||||||
the GnuPG implementation of ElGamal signatures is *not* insecure).
|
|
||||||
Symmetric algorithms are: AES, 3DES, Blowfish, CAST5 and Twofish.
|
|
||||||
Digest algorithms available are MD5, RIPEMD160 and SHA1.
|
|
||||||
|
|
||||||
|
|
||||||
Installation
|
OPTIONS
|
||||||
------------
|
=======
|
||||||
Please read the file INSTALL and the sections in this file
|
|
||||||
related to the installation. Here is a quick summary:
|
|
||||||
|
|
||||||
1) Check that you have unmodified sources. See below on how to do
|
gpgsm:
|
||||||
this. Don't skip it - this is an important step!
|
------
|
||||||
|
|
||||||
2) Unpack the TAR. With GNU tar you can do it this way:
|
--include-certs <n>
|
||||||
"tar xzvf gnupg-x.y.z.tar.gz"
|
|
||||||
|
|
||||||
3) "cd gnupg-x.y.z"
|
Using N of -2 includes all certificate except for the Root cert,
|
||||||
|
-1 includes all certs, 0 does not include any certs, 1 includes only
|
||||||
|
the signers cert (this is the default) and all other positives
|
||||||
|
values include up to N certs starting with the signer cert.
|
||||||
|
|
||||||
4) "./configure"
|
--policy-file <filename>
|
||||||
|
|
||||||
5) "make"
|
Chnage the deault name of the policy file
|
||||||
|
|
||||||
6) "make install"
|
--enable-policy-checks
|
||||||
|
--disable-policy-checks
|
||||||
|
|
||||||
7) You end up with a "gpg" binary in /usr/local/bin.
|
By default policy checks are enabled. These options may be used to
|
||||||
|
change it.
|
||||||
|
|
||||||
8) To avoid swapping out of sensitive data, you can install "gpg" as
|
--enable-crl-checks
|
||||||
suid root. If you don't do so, you may want to add the option
|
--disable-crl-checks
|
||||||
"no-secmem-warning" to ~/.gnupg/gpg.conf
|
|
||||||
|
|
||||||
|
By default the CRL checks are enabled and the DirMngr is used to
|
||||||
|
check for revoked certificates. The disable option is most useful
|
||||||
|
with a off-line connection to suppres this check.
|
||||||
|
|
||||||
How to Verify the Source
|
--agent-program <path_to_agent_program>
|
||||||
------------------------
|
|
||||||
In order to check that the version of GnuPG which you are going to
|
|
||||||
install is an original and unmodified one, you can do it in one of
|
|
||||||
the following ways:
|
|
||||||
|
|
||||||
a) If you already have a trusted Version of GnuPG installed, you
|
Specify an agent program to be used for secret key operations. The
|
||||||
can simply check the supplied signature:
|
default value is "../agent/gpg-agent". This is only used as a
|
||||||
|
fallback when the envrionment varaibale GPG_AGENT_INFO is not set or
|
||||||
|
a running agent can't be connected.
|
||||||
|
|
||||||
$ gpg --verify gnupg-x.y.z.tar.gz.asc
|
--dirmngr-program <path_to_dirmgr_program>
|
||||||
|
|
||||||
This checks that the detached signature gnupg-x.y.z.tar.gz.asc
|
Specify a dirmngr program to be used for CRL checks. The default
|
||||||
is indeed a a signature of gnupg-x.y.z.tar.gz. The key used to
|
value is "/usr/sbin/dirmngr". This is only used as a fallback when
|
||||||
create this signature is:
|
the envrionment varaibale DIRMNGR_INFO is not set or a running
|
||||||
|
dirmngr can't be connected.
|
||||||
|
|
||||||
"pub 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>"
|
--no-secmem-warning
|
||||||
|
|
||||||
If you do not have this key, you can get it from the source in
|
Don't print the warning "no secure memory"
|
||||||
the file doc/samplekeys.asc (use "gpg --import doc/samplekeys.asc"
|
|
||||||
to add it to the keyring) or from any keyserver. You have to
|
|
||||||
make sure that this is really the key and not a faked one. You
|
|
||||||
can do this by comparing the output of:
|
|
||||||
|
|
||||||
$ gpg --fingerprint 0x57548DCD
|
--armor
|
||||||
|
|
||||||
with the fingerprint published elsewhere.
|
Create PEM ecoded output. Default is binary output.
|
||||||
|
|
||||||
Please note, that you have to use an old version of GnuPG to
|
--base64
|
||||||
do all this stuff. *Never* use the version which you are going
|
|
||||||
to check!
|
|
||||||
|
|
||||||
|
Create Base-64 encoded output; i.e. PEM without the header lines.
|
||||||
|
|
||||||
b) If you don't have any of the above programs, you have to verify
|
--assume-armor
|
||||||
the MD5 checksum:
|
|
||||||
|
|
||||||
$ md5sum gnupg-x.y.z.tar.gz
|
Assume the input data is PEM encoded. Default is to autodetect the
|
||||||
|
encoding but this is may fail.
|
||||||
|
|
||||||
This should yield an output _similar_ to this:
|
--assume-base64
|
||||||
|
|
||||||
fd9351b26b3189c1d577f0970f9dcadc gnupg-x.y.z.tar.gz
|
Assume the input data is plain base-64 encoded.
|
||||||
|
|
||||||
Now check that this checksum is _exactly_ the same as the one
|
--assume-binary
|
||||||
published via the announcement list and probably via Usenet.
|
|
||||||
|
|
||||||
|
Assume the input data is binary encoded.
|
||||||
|
|
||||||
|
--server
|
||||||
|
|
||||||
Documentation
|
Run in server mode. This is used by GPGME to control gpgsm. See
|
||||||
-------------
|
the assuan specification regarding gpgsm about the used protocol.
|
||||||
The manual will be distributed separate under the name "gph".
|
Some options are ignored in server mode.
|
||||||
An online version of the latest manual draft is available at the
|
|
||||||
GnuPG web pages:
|
|
||||||
|
|
||||||
http://www.gnupg.org/gph/
|
--local-user <user_id>
|
||||||
|
|
||||||
A list of frequently asked questions is available in GnuPG's
|
Set the user to be used for signing. The default is the first
|
||||||
distibution in the file doc/FAQ and online as:
|
secret key found in the database.
|
||||||
|
|
||||||
http://www.gnupg.org/faq.html
|
--with-key-data
|
||||||
|
|
||||||
A couple of HOWTO documents are available online; for a listing see:
|
Displays extra information with the --list-keys commands. Especiall
|
||||||
|
a line tagged "grp" si printed which tells you the keygrip of a
|
||||||
|
key. This is string is for example used as the filename of the
|
||||||
|
secret key.
|
||||||
|
|
||||||
http://www.gnupg.org/docs.html#howtos
|
|
||||||
|
|
||||||
A man page with a description of all commands and options gets installed
|
|
||||||
along with the program.
|
|
||||||
|
|
||||||
|
gpg-agent:
|
||||||
|
---------
|
||||||
|
|
||||||
Introduction
|
--pinentry-program <path_to_pinentry_program>
|
||||||
------------
|
|
||||||
Here is a brief overview on how to use GnuPG - it is strongly suggested
|
|
||||||
that you read the manual and other information about the use of
|
|
||||||
cryptography. GnuPG is only a tool, secure usage requires that
|
|
||||||
YOU KNOW WHAT YOU ARE DOING.
|
|
||||||
|
|
||||||
If you already have a DSA key from PGP 5 (they call them DH/ElGamal)
|
Specify the PINentry program. The default value is
|
||||||
you can simply copy the pgp keyrings over the GnuPG keyrings after
|
"../../pinentry/kpinentry/kpinentry" so you most likely want to
|
||||||
running gpg once to create the correct directory.
|
specify it.
|
||||||
|
|
||||||
The normal way to create a key is
|
--no-grab
|
||||||
|
|
||||||
gpg --gen-key
|
Tel the pinentry not to grab keybourd and mouse. You most likely
|
||||||
|
want to give this option during testing and development to avoid
|
||||||
|
lockups in case of bugs.
|
||||||
|
|
||||||
This asks some questions and then starts key generation. To create
|
|
||||||
good random numbers for the key parameters, GnuPG needs to gather
|
|
||||||
enough noise (entropy) from your system. If you see no progress
|
|
||||||
during key generation you should start some other activities such
|
|
||||||
as mouse moves or hitting on the CTRL and SHIFT keys.
|
|
||||||
|
|
||||||
Generate a key ONLY on a machine where you have direct physical
|
|
||||||
access - don't do it over the network or on a machine used also
|
|
||||||
by others - especially if you have no access to the root account.
|
|
||||||
|
|
||||||
When you are asked for a passphrase use a good one which you can
|
|
||||||
easy remember. Don't make the passphrase too long because you have
|
|
||||||
to type it for every decryption or signing; but, - AND THIS IS VERY
|
|
||||||
IMPORTANT - use a good one that is not easily to guess because the
|
|
||||||
security of the whole system relies on your secret key and the
|
|
||||||
passphrase that protects it when someone gains access to your secret
|
|
||||||
keyring. A good way to select a passphrase is to figure out a short
|
|
||||||
nonsense sentence which makes some sense for you and modify it by
|
|
||||||
inserting extra spaces, non-letters and changing the case of some
|
|
||||||
characters - this is really easy to remember especially if you
|
|
||||||
associate some pictures with it.
|
|
||||||
|
|
||||||
Next, you should create a revocation certificate in case someone
|
|
||||||
gets knowledge of your secret key or you forgot your passphrase
|
|
||||||
|
|
||||||
gpg --gen-revoke your_user_id
|
FILES
|
||||||
|
=====
|
||||||
|
|
||||||
Run this command and store the revocation certificate away. The output
|
The default home directory is ~/.gnupg. It can be changed by
|
||||||
is always ASCII armored, so that you can print it and (hopefully
|
either the --homedir option or by seting the environment variable
|
||||||
never) re-create it if your electronic media fails.
|
GNUPGHOME. This is a list of files usually found in this directory:
|
||||||
|
|
||||||
Now you can use your key to create digital signatures
|
gpgsm.conf
|
||||||
|
|
||||||
gpg -s file
|
Options for gpgsm. Options are the same as the command line
|
||||||
|
options but don't enter the leading dashes and give arguments
|
||||||
|
without an equal sign. Blank lines and lines starting with a
|
||||||
|
hash mark as the first non whitye space character are ignored.
|
||||||
|
|
||||||
This creates a file "file.gpg" which is compressed and has a
|
gpg-agent.conf
|
||||||
signature attached.
|
|
||||||
|
|
||||||
gpg -sa file
|
Options for gpg-agent
|
||||||
|
|
||||||
Same as above, but creates a file "file.asc" which is ASCII armored
|
scdaemon.conf
|
||||||
and and ready for sending by mail. It is better to use your
|
|
||||||
mailers features to create signatures (The mailer uses GnuPG to do
|
|
||||||
this) because the mailer has the ability to MIME encode such
|
|
||||||
signatures - but this is not a security issue.
|
|
||||||
|
|
||||||
gpg -s -o out file
|
Options for scdaemon.
|
||||||
|
|
||||||
Creates a signature of "file", but writes the output to the file
|
dirmngr.conf
|
||||||
"out".
|
|
||||||
|
|
||||||
Everyone who knows your public key (you can and should publish
|
Options for the DirMngr which is not part of this package and
|
||||||
your key by putting it on a key server, a web page or in your .plan
|
the option file wilol most likely be moved to /etc
|
||||||
file) is now able to check whether you really signed this text
|
|
||||||
|
|
||||||
gpg --verify file
|
gpg.conf
|
||||||
|
|
||||||
GnuPG now checks whether the signature is valid and prints an
|
Options for gpg. Note that old versions of gpg use the
|
||||||
appropriate message. If the signature is good, you know at least
|
filename `options' instead of `gpg.conf'.
|
||||||
that the person (or machine) has access to the secret key which
|
|
||||||
corresponds to the published public key.
|
|
||||||
|
|
||||||
If you run gpg without an option it will verify the signature and
|
policies.txt
|
||||||
create a new file that is identical to the original. gpg can also
|
|
||||||
run as a filter, so that you can pipe data to verify trough it
|
|
||||||
|
|
||||||
cat signed-file | gpg | wc -l
|
A list of allowed CA policies. This file should give the
|
||||||
|
object identifiers of the policies line by line. emptry lines
|
||||||
|
and lines startung with a hash mark are ignored.
|
||||||
|
|
||||||
which will check the signature of signed-file and then display the
|
++++++++++
|
||||||
number of lines in the original file.
|
2.289.9.9
|
||||||
|
++++++++++
|
||||||
|
|
||||||
To send a message encrypted to someone you can use
|
trustlist.txt
|
||||||
|
|
||||||
gpg -e -r heine file
|
A list of trusted certificates usually maintained by
|
||||||
|
gpg-agent. It can however be edited manually. The file will
|
||||||
|
be created automagically with some explaining comments.
|
||||||
|
|
||||||
This encrypts "file" with the public key of the user "heine" and
|
random_seed
|
||||||
writes it to "file.gpg"
|
|
||||||
|
|
||||||
echo "hello" | gpg -ea -r heine | mail heine
|
Used internally for keeping the state of the RNG over
|
||||||
|
invocations.
|
||||||
Ditto, but encrypts "hello\n" and mails it as ASCII armored message
|
|
||||||
to the user with the mail address heine.
|
|
||||||
|
|
||||||
gpg -se -r heine file
|
|
||||||
|
|
||||||
This encrypts "file" with the public key of "heine" and writes it
|
|
||||||
to "file.gpg" after signing it with your user id.
|
|
||||||
|
|
||||||
gpg -se -r heine -u Suttner file
|
|
||||||
|
|
||||||
Ditto, but sign the file with your alternative user id "Suttner"
|
|
||||||
|
|
||||||
|
|
||||||
GnuPG has some options to help you publish public keys. This is
|
|
||||||
called "exporting" a key, thus
|
|
||||||
|
|
||||||
gpg --export >all-my-keys
|
|
||||||
|
|
||||||
exports all the keys in the keyring and writes them (in a binary
|
|
||||||
format) to "all-my-keys". You may then mail "all-my-keys" as an
|
|
||||||
MIME attachment to someone else or put it on an FTP server. To
|
|
||||||
export only some user IDs, you give them as arguments on the command
|
|
||||||
line.
|
|
||||||
|
|
||||||
To mail a public key or put it on a web page you have to create
|
|
||||||
the key in ASCII armored format
|
|
||||||
|
|
||||||
gpg --export --armor | mail panther@tiger.int
|
|
||||||
|
|
||||||
This will send all your public keys to your friend panther.
|
|
||||||
|
|
||||||
If you have received a key from someone else you can put it
|
|
||||||
into your public keyring. This is called "importing"
|
|
||||||
|
|
||||||
gpg --import [filenames]
|
|
||||||
|
|
||||||
New keys are appended to your keyring and already existing
|
|
||||||
keys are updated. Note that GnuPG does not import keys that
|
|
||||||
are not self-signed.
|
|
||||||
|
|
||||||
Because anyone can claim that a public key belongs to her
|
|
||||||
we must have some way to check that a public key really belongs
|
|
||||||
to the owner. This can be achieved by comparing the key during
|
|
||||||
a phone call. Sure, it is not very easy to compare a binary file
|
|
||||||
by reading the complete hex dump of the file - GnuPG (and nearly
|
|
||||||
every other program used for management of cryptographic keys)
|
|
||||||
provides other solutions.
|
|
||||||
|
|
||||||
gpg --fingerprint <username>
|
|
||||||
|
|
||||||
prints the so called "fingerprint" of the given username which
|
|
||||||
is a sequence of hex bytes (which you may have noticed in mail
|
|
||||||
sigs or on business cards) that uniquely identifies the public
|
|
||||||
key - different keys will always have different fingerprints.
|
|
||||||
It is easy to compare fingerprints by phone and I suggest
|
|
||||||
that you print your fingerprint on the back of your business
|
|
||||||
card. To see the fingerprints of the secondary keys, you can
|
|
||||||
give the command twice; but this is normally not needed.
|
|
||||||
|
|
||||||
If you don't know the owner of the public key you are in trouble.
|
|
||||||
Suppose however that friend of yours knows someone who knows someone
|
|
||||||
who has met the owner of the public key at some computer conference.
|
|
||||||
Suppose that all the people between you and the public key holder
|
|
||||||
may now act as introducers to you. Introducers signing keys thereby
|
|
||||||
certify that they know the owner of the keys they sign. If you then
|
|
||||||
trust all the introducers to have correctly signed other keys, you
|
|
||||||
can be be sure that the other key really belongs to the one who
|
|
||||||
claims to own it..
|
|
||||||
|
|
||||||
There are 2 steps to validate a key:
|
|
||||||
1. First check that there is a complete chain
|
|
||||||
of signed keys from the public key you want to use
|
|
||||||
and your key and verify each signature.
|
|
||||||
2. Make sure that you have full trust in the certificates
|
|
||||||
of all the introduces between the public key holder and
|
|
||||||
you.
|
|
||||||
Step 2 is the more complicated part because there is no easy way
|
|
||||||
for a computer to decide who is trustworthy and who is not. GnuPG
|
|
||||||
leaves this decision to you and will ask you for a trust value
|
|
||||||
(here also referenced as the owner-trust of a key) for every key
|
|
||||||
needed to check the chain of certificates. You may choose from:
|
|
||||||
a) "I don't know" - then it is not possible to use any
|
|
||||||
of the chains of certificates, in which this key is used
|
|
||||||
as an introducer, to validate the target key. Use this if
|
|
||||||
you don't know the introducer.
|
|
||||||
b) "I do not trust" - Use this if you know that the introducer
|
|
||||||
does not do a good job in certifying other keys. The effect
|
|
||||||
is the same as with a) but for a) you may later want to
|
|
||||||
change the value because you got new information about this
|
|
||||||
introducer.
|
|
||||||
c) "I trust marginally" - Use this if you assume that the
|
|
||||||
introducer knows what he is doing. Together with some
|
|
||||||
other marginally trusted keys, GnuPG validates the target
|
|
||||||
key then as good.
|
|
||||||
d) "I fully trust" - Use this if you really know that this
|
|
||||||
introducer does a good job when certifying other keys.
|
|
||||||
If all the introducer are of this trust value, GnuPG
|
|
||||||
normally needs only one chain of signatures to validate
|
|
||||||
a target key okay. (But this may be adjusted with the help
|
|
||||||
of some options).
|
|
||||||
This information is confidential because it gives your personal
|
|
||||||
opinion on the trustworthiness of someone else. Therefore this data
|
|
||||||
is not stored in the keyring but in the "trustdb"
|
|
||||||
(~/.gnupg/trustdb.gpg). Do not assign a high trust value just
|
|
||||||
because the introducer is a friend of yours - decide how well she
|
|
||||||
understands the implications of key signatures and you may want to
|
|
||||||
tell her more about public key cryptography so you can later change
|
|
||||||
the trust value you assigned.
|
|
||||||
|
|
||||||
Okay, here is how GnuPG helps you with key management. Most stuff
|
|
||||||
is done with the --edit-key command
|
|
||||||
|
|
||||||
gpg --edit-key <keyid or username>
|
|
||||||
|
|
||||||
GnuPG displays some information about the key and then prompts
|
|
||||||
for a command (enter "help" to see a list of commands and see
|
|
||||||
the man page for a more detailed explanation). To sign a key
|
|
||||||
you select the user ID you want to sign by entering the number
|
|
||||||
that is displayed in the leftmost column (or do nothing if the
|
|
||||||
key has only one user ID) and then enter the command "sign" and
|
|
||||||
follow all the prompts. When you are ready, give the command
|
|
||||||
"save" (or use "quit" to cancel your actions).
|
|
||||||
|
|
||||||
If you want to sign the key with another of your user IDs, you
|
|
||||||
must give an "-u" option on the command line together with the
|
|
||||||
"--edit-key".
|
|
||||||
|
|
||||||
Normally you want to sign only one user ID because GnuPG
|
|
||||||
uses only one and this keeps the public key certificate
|
|
||||||
small. Because such key signatures are very important you
|
|
||||||
should make sure that the signatories of your key sign a user ID
|
|
||||||
which is very likely to stay for a long time - choose one with an
|
|
||||||
email address you have full control of or do not enter an email
|
|
||||||
address at all. In future GnuPG will have a way to tell which
|
|
||||||
user ID is the one with an email address you prefer - because
|
|
||||||
you have no signatures on this email address it is easy to change
|
|
||||||
this address. Remember, your signatories sign your public key (the
|
|
||||||
primary one) together with one of your user IDs - so it is not possible
|
|
||||||
to change the user ID later without voiding all the signatures.
|
|
||||||
|
|
||||||
Tip: If you hear about a key signing party on a computer conference
|
|
||||||
join it because this is a very convenient way to get your key
|
|
||||||
certified (But remember that signatures have nothing to to with the
|
|
||||||
trust you assign to a key).
|
|
||||||
|
|
||||||
|
|
||||||
8 Ways to Specify a User ID
|
|
||||||
--------------------------
|
|
||||||
There are several ways to specify a user ID, here are some examples.
|
|
||||||
|
|
||||||
* Only by the short keyid (prepend a zero if it begins with A..F):
|
|
||||||
|
|
||||||
"234567C4"
|
|
||||||
"0F34E556E"
|
|
||||||
"01347A56A"
|
|
||||||
"0xAB123456
|
|
||||||
|
|
||||||
* By a complete keyid:
|
|
||||||
|
|
||||||
"234AABBCC34567C4"
|
|
||||||
"0F323456784E56EAB"
|
|
||||||
"01AB3FED1347A5612"
|
|
||||||
"0x234AABBCC34567C4"
|
|
||||||
|
|
||||||
* By a fingerprint:
|
|
||||||
|
|
||||||
"1234343434343434C434343434343434"
|
|
||||||
"123434343434343C3434343434343734349A3434"
|
|
||||||
"0E12343434343434343434EAB3484343434343434"
|
|
||||||
|
|
||||||
The first one is MD5 the others are ripemd160 or sha1.
|
|
||||||
|
|
||||||
* By an exact string:
|
|
||||||
|
|
||||||
"=Heinrich Heine <heinrichh@uni-duesseldorf.de>"
|
|
||||||
|
|
||||||
* By an email address:
|
|
||||||
|
|
||||||
"<heinrichh@uni-duesseldorf.de>"
|
|
||||||
|
|
||||||
* By word match
|
|
||||||
|
|
||||||
"+Heinrich Heine duesseldorf"
|
|
||||||
|
|
||||||
All words must match exactly (not case sensitive) and appear in
|
|
||||||
any order in the user ID. Words are any sequences of letters,
|
|
||||||
digits, the underscore and characters with bit 7 set.
|
|
||||||
|
|
||||||
* Or by the usual substring:
|
|
||||||
|
|
||||||
"Heine"
|
|
||||||
"*Heine"
|
|
||||||
|
|
||||||
The '*' indicates substring search explicitly.
|
|
||||||
|
|
||||||
|
|
||||||
Batch mode
|
|
||||||
----------
|
|
||||||
If you use the option "--batch", GnuPG runs in non-interactive mode and
|
|
||||||
never prompts for input data. This does not even allow entering the
|
|
||||||
passphrase. Until we have a better solution (something like ssh-agent),
|
|
||||||
you can use the option "--passphrase-fd n", which works like PGP's
|
|
||||||
PGPPASSFD.
|
|
||||||
|
|
||||||
Batch mode also causes GnuPG to terminate as soon as a BAD signature is
|
|
||||||
detected.
|
|
||||||
|
|
||||||
|
|
||||||
Exit status
|
|
||||||
-----------
|
|
||||||
GnuPG returns with an exit status of 1 if in batch mode and a bad signature
|
|
||||||
has been detected or 2 or higher for all other errors. You should parse
|
|
||||||
stderr or, better, the output of the fd specified with --status-fd to get
|
|
||||||
detailed information about the errors.
|
|
||||||
|
|
||||||
|
|
||||||
Configure options
|
|
||||||
-----------------
|
|
||||||
Here is a list of configure options which are sometime useful
|
|
||||||
for installation.
|
|
||||||
|
|
||||||
--enable-static-rnd=<name>
|
|
||||||
Force the use of the random byte gathering
|
|
||||||
module <name>. Default is either to use /dev/random
|
|
||||||
or the auto mode. Value for name:
|
|
||||||
egd - Use the module which accesses the
|
|
||||||
Entropy Gathering Daemon. See the webpages
|
|
||||||
for more information about it.
|
|
||||||
unix - Use the standard Unix module which does not
|
|
||||||
have a very good performance.
|
|
||||||
linux - Use the module which accesses /dev/random.
|
|
||||||
This is the first choice and the default one
|
|
||||||
for GNU/Linux or *BSD.
|
|
||||||
auto - Compile linux, egd and unix in and
|
|
||||||
automagically select at runtime.
|
|
||||||
|
|
||||||
--with-egd-socket=<name>
|
pubring.kbx
|
||||||
This is only used when EGD is used as random
|
|
||||||
gatherer. GnuPG uses by default "~/.gnupg/entropy"
|
|
||||||
as the socket to connect EGD. Using this option the
|
|
||||||
socket name can be changed. You may use any filename
|
|
||||||
here with 2 exceptions: a filename starting with
|
|
||||||
"~/" uses the socket in the homedirectory of the user
|
|
||||||
and one starting with a "=" uses a socket in the
|
|
||||||
GnuPG homedirectory which is bye default "~/.gnupg".
|
|
||||||
|
|
||||||
--with-included-zlib
|
The database file with the certificates.
|
||||||
Forces usage of the local zlib sources. Default is
|
|
||||||
to use the (shared) library of the system.
|
|
||||||
|
|
||||||
--with-included-gettext
|
pubring.gpg
|
||||||
Forces usage of the local gettext sources instead of
|
|
||||||
the one provided by your system.
|
|
||||||
|
|
||||||
--disable-nls
|
The database file with the OpenPGP public keys. This will
|
||||||
Disable NLS support (See the file ABOUT-NLS)
|
eventually be merged with pubring.kbx
|
||||||
|
|
||||||
--enable-m-guard
|
secring.gpg
|
||||||
Enable the integrated malloc checking code. Please
|
|
||||||
note that this feature does not work on all CPUs
|
|
||||||
(e.g. SunOS 5.7 on UltraSparc-2) and might give
|
|
||||||
you a bus error.
|
|
||||||
|
|
||||||
--disable-dynload
|
The database file with the OpenPGP secret keys. This will be
|
||||||
If you have problems with dynamic loading, this
|
removed when gpg is changed to make use of the gpg-agent.
|
||||||
option disables all dynamic loading stuff. Note
|
|
||||||
that the use of dynamic linking is very limited.
|
|
||||||
|
|
||||||
--disable-asm
|
|
||||||
Do not use assembler modules. It is not possible
|
|
||||||
to use this on some CPU types.
|
|
||||||
|
|
||||||
--disable-exec
|
private-keys-v1.d/
|
||||||
Disable all remote program execution. This
|
|
||||||
disables photo ID viewing as well as all keyserver
|
|
||||||
types aside from HKP.
|
|
||||||
|
|
||||||
--disable-photo-viewers
|
Directory holding the private keys maintained by gpg-agent.
|
||||||
Disable only photo ID viewing.
|
For detailed info see agent/keyformat.txt. Note that there is
|
||||||
|
a helper tool gpg-protect-tool which may be used to protect or
|
||||||
|
unprotect keys. This is however nothing a user should care
|
||||||
|
about.
|
||||||
|
|
||||||
--disable-keyserver-helpers
|
|
||||||
Disable only keyserver helpers (not including
|
|
||||||
HKP).
|
|
||||||
|
|
||||||
--disable-keyserver-path
|
How to specify a user ID
|
||||||
Disables the user's ability to use the exec-path
|
========================
|
||||||
feature to add additional search directories when
|
|
||||||
executing a keyserver helper.
|
|
||||||
|
|
||||||
--with-photo-viewer=FIXED_VIEWER
|
Due to the way X.509 certificates are made up we need a few new ways
|
||||||
Force the photo viewer to be FIXED_VIEWER and
|
to specify a certificate (aka key in OpenPGP). In addition to the
|
||||||
disable any ability for the user to change it in
|
ways a user ID can be specified with gpg, I have implemented 3 new
|
||||||
their options file.
|
modes for gpgsm, here is the entire list of ways to specify a key:
|
||||||
|
|
||||||
|
* By keyID.
|
||||||
|
|
||||||
Installation Problems
|
This format is deducded from the length of the string and its
|
||||||
---------------------
|
content or "0x" prefix. For use with OpenPGP a exclamation mark may
|
||||||
If you get unresolved externals "gettext" you should run configure
|
be appended to force use of the specified (sub)key.
|
||||||
again with the option "--with-included-gettext"; this is version
|
|
||||||
0.10.35 which is available at alpha.gnu.org.
|
|
||||||
|
|
||||||
If you have other compile problems, try the configure options
|
|
||||||
"--with-included-zlib" or "--disable-nls" (See ABOUT-NLS) or
|
|
||||||
--disable-dynload.
|
|
||||||
|
|
||||||
We can't check all assembler files, so if you have problems
|
As with v34 OpenPGP keys, the keyID of an X509 certificate are the
|
||||||
assembling them (or the program crashes) use --disable-asm with
|
low 64 bits of the SHA-1 fingerprint. The use of keyIDs is just a
|
||||||
./configure. The configure scripts may consider several
|
shortcut, for all automated processing the fingerprint should be
|
||||||
subdirectories to get all available assembler files; be sure to
|
used.
|
||||||
delete the correct ones. The assembler replacements are in C and
|
|
||||||
in mpi/generic; never delete udiv-qrnnd.S in any CPU directory,
|
|
||||||
because there may be no C substitute. Don't forget to delete
|
|
||||||
"config.cache" and run "./config.status --recheck".
|
|
||||||
|
|
||||||
Some make tools are broken - the best solution is to use GNU's
|
Examples:
|
||||||
make. Try gmake or grab the sources from a GNU archive and
|
|
||||||
install them.
|
|
||||||
|
|
||||||
On some OSF systems you may get unresolved externals. This is a
|
|
||||||
libtool problem and the workaround is to manually remove all the
|
|
||||||
"-lc -lz" but the last one from the linker line and execute them
|
|
||||||
manually.
|
|
||||||
|
|
||||||
On some architectures you see warnings like:
|
|
||||||
longlong.h:175: warning: function declaration isn't a prototype
|
|
||||||
or
|
|
||||||
http.c:647: warning: cast increases required alignment of target type
|
|
||||||
This doesn't matter and we know about it (actually it is due to
|
|
||||||
some warning options which we have enabled for gcc)
|
|
||||||
|
|
||||||
|
234567C4
|
||||||
|
0F34E556E
|
||||||
|
01347A56A
|
||||||
|
0xAB123456
|
||||||
|
|
||||||
Specific problems on some machines
|
234AABBCC34567C4
|
||||||
----------------------------------
|
0F323456784E56EAB
|
||||||
|
01AB3FED1347A5612
|
||||||
|
0x234AABBCC34567C4
|
||||||
|
|
||||||
* IBM RS/6000 running AIX:
|
* By fingerprint
|
||||||
|
|
||||||
Due to a change in gcc (since version 2.8) the MPI stuff may
|
This is format is deduced from the length of the string and its
|
||||||
not build. In this case try to run configure using:
|
content or "0x" prefix. Note, that only the 20 byte fingerprint is
|
||||||
CFLAGS="-g -O2 -mcpu=powerpc" ./configure
|
used with GPGSM (SHA-1 hash of the certificate). For use with
|
||||||
|
OpenPGP a exclamation mark may be appended to force use of the
|
||||||
|
specified (sub)key.
|
||||||
|
|
||||||
* Compaq C V6.2 for alpha:
|
Examples:
|
||||||
|
|
||||||
You may want to use the option "-msg-disable ptrmismatch1"
|
1234343434343434C434343434343434
|
||||||
to get rid of the sign/unsigned char mismatch warnings.
|
123434343434343C3434343434343734349A3434
|
||||||
|
0E12343434343434343434EAB3484343434343434
|
||||||
|
0xE12343434343434343434EAB3484343434343434
|
||||||
|
|
||||||
* SVR4.2 (ESIX V4.2 cc)
|
* Exact match on OpenPGP user ID
|
||||||
|
|
||||||
Due to problems with the ESIX as, you probably want to do
|
This is denoted by a leading equal sign. It does not make much
|
||||||
CFLAGS="-O -K pentium" ./configure --disable-asm
|
sense for X.509.
|
||||||
Reported by Reinhard Wobst.
|
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
=Heinrich Heine <heinrichh@uni-duesseldorf.de>
|
||||||
|
|
||||||
The Random Device
|
* Exact match on an email address.
|
||||||
-----------------
|
|
||||||
|
|
||||||
Random devices are available in Linux, FreeBSD and OpenBSD.
|
This is indicated by enclosing the email address in the usual way
|
||||||
Operating systems without a random devices must use another
|
with left and right angles
|
||||||
entropy collector.
|
|
||||||
|
|
||||||
This collector works by running a lot of commands that yield more
|
Example:
|
||||||
or less unpredictable output and feds this as entropy into the
|
|
||||||
random generator - It should work reliably but you should check
|
|
||||||
whether it produces good output for your version of Unix. There
|
|
||||||
are some debug options to help you (see cipher/rndunix.c).
|
|
||||||
|
|
||||||
|
<heinrichh@uni-duesseldorf.de>
|
||||||
|
|
||||||
Creating an RPM package
|
* Word match
|
||||||
-----------------------
|
|
||||||
The file scripts/gnupg.spec is used to build a RPM package (both
|
|
||||||
binary and src):
|
|
||||||
1. copy the spec file into /usr/src/redhat/SPECS
|
|
||||||
2. copy the tar file into /usr/src/redhat/SOURCES
|
|
||||||
3. type: rpm -ba SPECS/gnupg.spec
|
|
||||||
|
|
||||||
Or use the -t (--tarbuild) option of rpm:
|
All words must match exactly (not case sensitive) but can appear in
|
||||||
1. rpm -ta gnupg-x.x.x.tar.gz
|
any order in the user ID or a subjects name. Words are any
|
||||||
|
sequences of letters, digits, the underscore and all characters
|
||||||
|
with bit 7 set.
|
||||||
|
|
||||||
The binary rpm file can now be found in /usr/src/redhat/RPMS, source
|
Example:
|
||||||
rpm in /usr/src/redhat/SRPMS
|
|
||||||
|
|
||||||
|
+Heinrich Heine duesseldorf
|
||||||
|
|
||||||
How to Get More Information
|
* [NEW] Exact match by subject's DN
|
||||||
---------------------------
|
|
||||||
|
|
||||||
The primary WWW page is "http://www.gnupg.org"
|
This is indicated by a leading slash, directly followed by the
|
||||||
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
|
rfc2253 encoded DN of the subject.
|
||||||
|
|
||||||
See http://www.gnupg.org/mirrors.html for a list of mirrors
|
Example:
|
||||||
and use them if possible. You may also find GnuPG mirrored on
|
|
||||||
some of the regular GNU mirrors.
|
|
||||||
|
|
||||||
We have some mailing lists dedicated to GnuPG:
|
/CN=Henrich Heine,O=Poets,L=Paris,C=FR
|
||||||
|
|
||||||
gnupg-announce@gnupg.org For important announcements like
|
* [NEW] Excact match by issuer's DN
|
||||||
new versions and such stuff.
|
|
||||||
This is a moderated list and has
|
|
||||||
very low traffic.
|
|
||||||
|
|
||||||
gnupg-users@gnupg.org For general user discussion and
|
This is indicated by a leading hash mark, directly followed by a
|
||||||
help.
|
slash and then directly followed by the rfc2253 encoded DN of the
|
||||||
|
issuer. This should return the Root cert of the issuer
|
||||||
|
|
||||||
gnupg-devel@gnupg.org GnuPG developers main forum.
|
Example:
|
||||||
|
|
||||||
You subscribe to one of the list by sending mail with a subject
|
#/CN=Root Cert,O=Poets,L=Paris,C=FR
|
||||||
of "subscribe" to x-request@gnupg.org, where x is the name of the
|
|
||||||
mailing list (gnupg-announce, gnupg-users, etc.). An archive of
|
|
||||||
the mailing lists is available at http://lists.gnupg.org .
|
|
||||||
|
|
||||||
Please direct bug reports to <bug-gnupg@gnu.org> or post
|
* [NEW] Exact match by serial number and subject's DN
|
||||||
them direct to the mailing list <gnupg-devel@gnupg.org>.
|
|
||||||
|
|
||||||
Please direct questions about GnuPG to the users mailing list or
|
This is indicated by a hash mark, followed by the hexadecmal
|
||||||
one of the pgp newsgroups; please do not direct questions to one
|
representation of the serial number, the followed by a slahs and
|
||||||
of the authors directly as we are busy working on improvements
|
the RFC2253 encoded DN of the issuer.
|
||||||
and bug fixes. Both mailing lists are watched by the authors
|
|
||||||
and we try to answer questions when time allows us to do so.
|
Example:
|
||||||
|
|
||||||
|
#4F03/CN=Root Cert,O=Poets,L=Paris,C=FR
|
||||||
|
|
||||||
|
* Substring match
|
||||||
|
|
||||||
|
By case insensitive substring matching. This is the default mode
|
||||||
|
but applications may want to explicitly indicate this by putting
|
||||||
|
the asterisk in front.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
Heine
|
||||||
|
*Heine
|
||||||
|
|
||||||
|
|
||||||
|
Please note that we have reused the hash mark indentifier which was
|
||||||
|
used in old GnuPG versions to indicate the so called local-id. It is
|
||||||
|
not anymore used and there should be no conflict when used with X.509
|
||||||
|
stuff.
|
||||||
|
|
||||||
|
Using the rfc2253 format of DNs has the drawback that it is not
|
||||||
|
possible to map them back to the original encoding, however we don't
|
||||||
|
have to do this, because our key database stores this encoding as meta
|
||||||
|
data.
|
||||||
|
|
||||||
|
Some of the search modes are not yet implemented ;-)
|
||||||
|
|
||||||
|
|
||||||
|
How to import a private key
|
||||||
|
===========================
|
||||||
|
There is some limited support to import a private key from a PKCS-12
|
||||||
|
file. Note, that this does only import the private key and not any
|
||||||
|
certificates available in that file.
|
||||||
|
|
||||||
|
gpg-protect-tool --p12-import --store foo.p12
|
||||||
|
|
||||||
|
This require that the gpg-agent is running, alternative you may give
|
||||||
|
the passphrase on the commandline using the option "-P <passphrase>" -
|
||||||
|
however this is in general not a good idea. If that key already
|
||||||
|
exists, the protect-tool refuses to store it unless you use the option
|
||||||
|
"--force".
|
||||||
|
|
||||||
|
How to export a private key
|
||||||
|
===========================
|
||||||
|
There is also limited support to export a private key in PKCS-12
|
||||||
|
format. However the certificate is not stored and there is no MAC applied.
|
||||||
|
|
||||||
|
gpg-protect-tool --p12-export foo.key >foo.p12
|
||||||
|
|
||||||
Commercial grade support for GnuPG is available; please see
|
|
||||||
the GNU service directory or search other resources.
|
|
||||||
|
|
||||||
|
231
THANKS
231
THANKS
@ -1,232 +1,3 @@
|
|||||||
GnuPG was originally written by Werner Koch. Other people contributed by
|
|
||||||
reporting problems, suggesting various improvements or submitting actual
|
|
||||||
code. Here is a list of those people. Help me keep it complete and free of
|
|
||||||
errors.
|
|
||||||
|
|
||||||
Adam Mitchell adam@cafe21.org
|
|
||||||
Albert Chin china@thewrittenword.com
|
|
||||||
Alec Habig habig@budoe2.bu.edu
|
|
||||||
Allan Clark allanc@sco.com
|
|
||||||
Anand Kumria wildfire@progsoc.uts.edu.au
|
|
||||||
Andreas Haumer andreas@xss.co.at
|
|
||||||
Anthony Mulcahy anthony@kcn.ne.jp
|
|
||||||
Ariel T Glenn ariel@columbia.edu
|
|
||||||
Bob Mathews bobmathews@mindspring.com
|
|
||||||
Bodo Moeller Bodo_Moeller@public.uni-hamburg.de
|
|
||||||
Brendan O'Dea bod@debian.org
|
|
||||||
Brenno de Winter brenno@dewinter.com
|
|
||||||
Brian M. Carlson karlsson@hal-pc.org
|
|
||||||
Brian Moore bem@cmc.net
|
|
||||||
Brian Warner warner@lothar.com
|
|
||||||
Bryan Fullerton bryanf@samurai.com
|
|
||||||
Caskey L. Dickson caskey@technocage.com
|
|
||||||
Cees van de Griend cees-list@griend.xs4all.nl
|
|
||||||
Charles Levert charles@comm.polymtl.ca
|
|
||||||
Chip Salzenberg chip@valinux.com
|
|
||||||
Chris Adams cmadams@hiwaay.net
|
|
||||||
Christian Biere christianbiere@gmx.de
|
|
||||||
Christian Kurz shorty@debian.org
|
|
||||||
Christian von Roques roques@pond.sub.org
|
|
||||||
Christopher Oliver oliver@fritz.traverse.net
|
|
||||||
Christian Recktenwald chris@citecs.de
|
|
||||||
Dan Winship danw@helixcode.com
|
|
||||||
Daniel Eisenbud eisenbud@cs.swarthmore.edu
|
|
||||||
Daniel Koening dan@mail.isis.de
|
|
||||||
Daniel Resare daniel@resare.com
|
|
||||||
Dave Dykstra dwd@bell-labs.com
|
|
||||||
David C Niemi niemi@tuxers.net
|
|
||||||
David Champion dgc@uchicago.edu
|
|
||||||
David D. Scribner dscribner@bigfoot.com
|
|
||||||
David Ellement ellement@sdd.hp.com
|
|
||||||
David Hallinan hallinan@rtd.com
|
|
||||||
David Hollenberg dhollen@ISI.EDU
|
|
||||||
David Mathog MATHOG@seqaxp.bio.caltech.edu
|
|
||||||
David R. Bergstein dbergstein@home.com
|
|
||||||
David Shaw dshaw@jabberwocky.com
|
|
||||||
Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
|
|
||||||
Dimitri dmitri@advantrix.com
|
|
||||||
Dirk Lattermann dlatt@t-online.de
|
|
||||||
Dirk Meyer dirk.meyer@dinoex.sub.org
|
|
||||||
Disastry Disastry@saiknes.lv
|
|
||||||
Douglas Calvert dfc@anize.org
|
|
||||||
Ed Boraas ecxjo@esperanto.org
|
|
||||||
Edmund GRIMLEY EVANS edmundo@rano.org
|
|
||||||
Edwin Woudt edwin@woudt.nl
|
|
||||||
Enzo Michelangeli em@MailAndNews.com
|
|
||||||
Ernst Molitor ernst.molitor@uni-bonn.de
|
|
||||||
Fabio Coatti cova@ferrara.linux.it
|
|
||||||
Felix von Leitner leitner@amdiv.de
|
|
||||||
fish stiqz fish@analog.org
|
|
||||||
Florian Weimer Florian.Weimer@rus.uni-stuttgart.de
|
|
||||||
Francesco Potorti pot@gnu.org
|
|
||||||
Frank Donahoe fdonahoe@wilkes1.wilkes.edu
|
|
||||||
Frank Heckenbach heckenb@mi.uni-erlangen.de
|
|
||||||
Frank Stajano frank.stajano@cl.cam.ac.uk
|
|
||||||
Frank Tobin ftobin@uiuc.edu
|
|
||||||
Gabriel Rosenkoetter gr@eclipsed.net
|
|
||||||
Gaël Quéri gael@lautre.net
|
|
||||||
Gene Carter gcarter@lanier.com
|
|
||||||
Georg Schwarz georg.schwarz@iname.com
|
|
||||||
Giampaolo Tomassoni g.tomassoni@libero.it
|
|
||||||
Gilbert Fernandes gilbert_fernandes@hotmail.com
|
|
||||||
Greg Louis glouis@dynamicro.on.ca
|
|
||||||
Greg Troxel gdt@ir.bbn.com
|
|
||||||
Gregory Steuck steuck@iname.com
|
|
||||||
Geoff Keating geoffk@ozemail.com.au
|
|
||||||
Harald Denker harry@hal.westfalen.de
|
|
||||||
Holger Baust Holger.Baust@freenet-ag.de
|
|
||||||
Hendrik Buschkamp buschkamp@rheumanet.org
|
|
||||||
Holger Schurig holger@d.om.org
|
|
||||||
Holger Smolinski smolinsk@de.ibm.com
|
|
||||||
Holger Trapp Holger.Trapp@informatik.tu-chemnitz.de
|
|
||||||
Hugh Daniel hugh@toad.com
|
|
||||||
Huy Le huyle@ugcs.caltech.edu
|
|
||||||
Ian McKellar imckellar@harvestroad.com.au
|
|
||||||
Ingo Klöcker kloecker@kde.org
|
|
||||||
Ivo Timmermans itimmermans@bigfoot.com
|
|
||||||
Jan Krueger max@physics.otago.ac.nz
|
|
||||||
Jan Niehusmann jan@gondor.com
|
|
||||||
Janusz A. Urbanowicz alex@bofh.torun.pl
|
|
||||||
James Troup james@nocrew.org
|
|
||||||
Jean-loup Gailly gzip@prep.ai.mit.edu
|
|
||||||
Jeff Long long@kestrel.cc.ukans.edu
|
|
||||||
Jeffery Von Ronne jronne@ics.uci.edu
|
|
||||||
Jens Bachem bachem@rrz.uni-koeln.de
|
|
||||||
Jeroen C. van Gelderen jeroen@vangelderen.org
|
|
||||||
J Horacio MG homega@ciberia.es
|
|
||||||
J. Michael Ashley jashley@acm.org
|
|
||||||
Jim Bauer jfbauer@home.com
|
|
||||||
Jim Small cavenewt@my-deja.com
|
|
||||||
Joachim Backes backes@rhrk.uni-kl.de
|
|
||||||
Joe Rhett jrhett@isite.net
|
|
||||||
John A. Martin jam@jamux.com
|
|
||||||
Johnny Teveßen j.tevessen@gmx.de
|
|
||||||
Jörg Schilling schilling@fokus.gmd.de
|
|
||||||
Jos Backus Jos.Backus@nl.origin-it.com
|
|
||||||
Jun Kuriyama kuriyama@sky.rim.or.jp
|
|
||||||
Kahil D. Jallad kdj4@cs.columbia.edu
|
|
||||||
Karl Fogel kfogel@guanabana.onshore.com
|
|
||||||
Karsten Thygesen karthy@kom.auc.dk
|
|
||||||
Katsuhiro Kondou kondou@nec.co.jp
|
|
||||||
Kazu Yamamoto kazu@iijlab.net
|
|
||||||
Keith Clayton keith@claytons.org
|
|
||||||
Kevin Ryde user42@zip.com.au
|
|
||||||
Klaus Singvogel ks@caldera.de
|
|
||||||
Kurt Garloff garloff@suse.de
|
|
||||||
Lars Kellogg-Stedman lars@bu.edu
|
|
||||||
L. Sassaman rabbi@quickie.net
|
|
||||||
M Taylor mctaylor@privacy.nb.ca
|
|
||||||
Marcel Waldvogel mwa@arl.wustl.edu
|
|
||||||
Marco d'Itri md@linux.it
|
|
||||||
Marco Parrone marc0@autistici.org
|
|
||||||
Marcus Brinkmann Marcus.Brinkmann@ruhr-uni-bochum.de
|
|
||||||
Mark Adler madler@alumni.caltech.edu
|
|
||||||
Mark Elbrecht snowball3@bigfoot.com
|
|
||||||
Mark Pettit pettit@yahoo-inc.com
|
|
||||||
Markus Friedl Markus.Friedl@informatik.uni-erlangen.de
|
|
||||||
Martin Kahlert martin.kahlert@provi.de
|
|
||||||
Martin Hamilton
|
|
||||||
Martin Schulte schulte@thp.uni-koeln.de
|
|
||||||
Matt Kraai kraai@alumni.carnegiemellon.edu
|
|
||||||
Matthew Skala mskala@ansuz.sooke.bc.ca
|
|
||||||
Matthew Wilcox matthew@wil.cx
|
|
||||||
Matthias Urlichs smurf@noris.de
|
|
||||||
Max Valianskiy maxcom@maxcom.ml.org
|
|
||||||
Michael Engels michael.engels@uni-duesseldorf.de
|
|
||||||
Michael Fischer v. Mollard mfvm@gmx.de
|
|
||||||
Michael Roth mroth@nessie.de
|
|
||||||
Michael Sobolev mss@despair.transas.com
|
|
||||||
Michael Tokarev mjt@tls.msk.ru
|
|
||||||
Nicolas Graner Nicolas.Graner@cri.u-psud.fr
|
|
||||||
Mike McEwan mike@lotusland.demon.co.uk
|
|
||||||
Neal H Walfield neal@cs.uml.edu
|
|
||||||
NIIBE Yutaka gniibe@chroot.org
|
|
||||||
Niklas Hernaeus
|
|
||||||
Nimrod Zimerman zimerman@forfree.at
|
|
||||||
N J Doye nic@niss.ac.uk
|
|
||||||
Oliver Haakert haakert@hsp.de
|
|
||||||
Oskari Jääskeläinen f33003a@cc.hut.fi
|
|
||||||
Pascal Scheffers Pascal@scheffers.net
|
|
||||||
Paul D. Smith psmith@baynetworks.com
|
|
||||||
Per Cederqvist ceder@lysator.liu.se
|
|
||||||
Phil Blundell pb@debian.org
|
|
||||||
Philippe Laliberte arsphl@oeil.qc.ca
|
|
||||||
Peter Fales psfales@lucent.com
|
|
||||||
Peter Gutmann pgut001@cs.auckland.ac.nz
|
|
||||||
Peter Marschall Peter.Marschall@gedos.de
|
|
||||||
Peter Valchev pvalchev@openbsd.org
|
|
||||||
Piotr Krukowiecki piotr@pingu.ii.uj.edu.pl
|
|
||||||
QingLong qinglong@bolizm.ihep.su
|
|
||||||
Ralph Gillen gillen@theochem.uni-duesseldorf.de
|
|
||||||
Rat ratinox@peorth.gweep.net
|
|
||||||
Reinhard Wobst R.Wobst@ifw-dresden.de
|
|
||||||
Rémi Guyomarch rguyom@mail.dotcom.fr
|
|
||||||
Reuben Sumner rasumner@wisdom.weizmann.ac.il
|
|
||||||
Richard Outerbridge outer@interlog.com
|
|
||||||
Robert Joop rj@rainbow.in-berlin.de
|
|
||||||
Roddy Strachan roddy@satlink.com.au
|
|
||||||
Roger Sondermann r.so@bigfoot.com
|
|
||||||
Roland Rosenfeld roland@spinnaker.rhein.de
|
|
||||||
Roman Pavlik rp@tns.cz
|
|
||||||
Ross Golder rossigee@bigfoot.com
|
|
||||||
Ryan Malayter rmalayter@bai.org
|
|
||||||
Sam Roberts sam@cogent.ca
|
|
||||||
Sami Tolvanen sami@tolvanen.com
|
|
||||||
Sean MacLennan seanm@netwinder.org
|
|
||||||
Sebastian Klemke packet@convergence.de
|
|
||||||
Serge Munhoven munhoven@mema.ucl.ac.be
|
|
||||||
SL Baur steve@xemacs.org
|
|
||||||
Stefan Bellon sbellon@sbellon.de
|
|
||||||
Stefan Karrmann S.Karrmann@gmx.net
|
|
||||||
Stefan Keller dres@cs.tu-berlin.de
|
|
||||||
Steffen Ullrich ccrlphr@xensei.com
|
|
||||||
Steffen Zahn zahn@berlin.snafu.de
|
|
||||||
Steven Bakker steven@icoe.att.com
|
|
||||||
Steven Murdoch sjmurdoch@bigfoot.com
|
|
||||||
Susanne Schultz schultz@hsp.de
|
|
||||||
Ted Cabeen secabeen@pobox.com
|
|
||||||
Thiago Jung Bauermann jungmann@cwb.matrix.com.br
|
|
||||||
Thomas Roessler roessler@guug.de
|
|
||||||
Tim Mooney mooney@dogbert.cc.ndsu.nodak.edu
|
|
||||||
Timo Schulz towaday@freakmail.de
|
|
||||||
TOGAWA Satoshi Satoshi.Togawa@jp.yokogawa.com
|
|
||||||
Tom Spindler dogcow@home.merit.edu
|
|
||||||
Tom Zerucha tzeruch@ceddec.com
|
|
||||||
Tomas Fasth tomas.fasth@twinspot.net
|
|
||||||
Tommi Komulainen Tommi.Komulainen@iki.fi
|
|
||||||
Thomas Klausner wiz@danbala.ifoer.tuwien.ac.at
|
|
||||||
Tomasz Kozlowski tomek@rentec.com
|
|
||||||
Thomas Mikkelsen tbm@image.dk
|
|
||||||
Ulf Möller 3umoelle@informatik.uni-hamburg.de
|
|
||||||
Urko Lusa ulusa@euskalnet.net
|
|
||||||
Vincent P. Broman broman@spawar.navy.mil
|
|
||||||
W Lewis wiml@hhhh.org
|
|
||||||
Walter Hofmann Walter.Hofmann@physik.stud.uni-erlangen.de
|
|
||||||
Walter Koch koch@hsp.de
|
|
||||||
Wayne Chapeskie waynec@spinnaker.com
|
|
||||||
Werner Koch wk@gnupg.org
|
|
||||||
Wim Vandeputte bunbun@reptile.rug.ac.be
|
|
||||||
Winona Brown win@huh.org
|
|
||||||
Yosiaki IIDA iida@ring.gr.jp
|
|
||||||
Yoshihiro Kajiki kajiki@ylug.org
|
|
||||||
nbecker@hns.com
|
|
||||||
|
|
||||||
Thanks to the German Unix User Group for sponsoring this project,
|
Richard Lefebvre rick@CERCA.UMontreal.CA
|
||||||
Martin Hamilton for hosting the first mailing list and OpenIT for
|
|
||||||
cheap hosting conditions.
|
|
||||||
|
|
||||||
The development of this software has partly been funded by the German
|
|
||||||
Ministry for Economics and Technology under grant VIB3-68553.168-001/1999.
|
|
||||||
|
|
||||||
Many thanks to my wife Gerlinde for having so much patience with
|
|
||||||
me while hacking late in the evening.
|
|
||||||
|
|
||||||
Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
|
|
||||||
|
|
||||||
This file is free software; as a special exception the author gives
|
|
||||||
unlimited permission to copy and/or distribute it, with or without
|
|
||||||
modifications, as long as this notice is preserved.
|
|
||||||
|
|
||||||
This file is distributed in the hope that it will be useful, but
|
|
||||||
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
||||||
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
|
141
TODO
141
TODO
@ -1,104 +1,61 @@
|
|||||||
* Reword the "Not enough entropy" messages.
|
-*- outline -*-
|
||||||
|
|
||||||
* Do we need a configure test for putenv?
|
* src/base64
|
||||||
|
** Make parsing more robust
|
||||||
|
Currently we don't cope with overlong lines in the best way.
|
||||||
|
|
||||||
* Check for consistent spelling of user ID, key ID etc.
|
* sm/call-agent.c
|
||||||
Replace "user id not found" in getkey.c by "no valid user ID found".
|
** The protocol uses an incomplete S-expression
|
||||||
|
We should always use valid S-Exp and not just parts.
|
||||||
|
** Some code should go into import.c
|
||||||
|
** When we allow concurrent service request in gpgsm, we
|
||||||
|
might want to have an agent context for each service request
|
||||||
|
(i.e. Assuan context).
|
||||||
|
|
||||||
* Describe some pitfalls when using EGD. Check that ~/.gnupg/entropy
|
* sm/certreqgen.c
|
||||||
really is the default. What about needed permission?
|
** Improve error reporting
|
||||||
|
** Do some basic checks on the supplied DNs
|
||||||
|
|
||||||
* Using an expired key for signing should give an error message
|
* sm/certchain.c
|
||||||
"expired key" and not "unusable key'. Furthermore the error should
|
** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent.
|
||||||
also be thrown when the default key has expired. Reported by
|
** figure out how to auto retrieve a key by serialno+issuer.
|
||||||
Eric.VanBuggenhaut add AdValvas.be.
|
Dirmngr is currently not able to parse more than the CN.
|
||||||
|
|
||||||
* pause scrolling help in --edit-key and elsewhere.
|
* sm/decrypt.c
|
||||||
|
** replace leading zero in integer hack by a cleaner solution
|
||||||
|
|
||||||
* getkey does not return revoked/expired keys - therefore it is not
|
* sm/sign.c
|
||||||
possible to override it.
|
** Don't hardcode the use of RSA.
|
||||||
|
|
||||||
* Selection using +wordlist does not work.
|
* sm/gpgsm.c
|
||||||
What about adding a feature -word to the +wordlist search mode.
|
** Support --output
|
||||||
|
** mark all unimplemented commands and options.
|
||||||
|
|
||||||
* Check the changes to the gpg random gatherer on all W32 platforms.
|
* sm/keydb.c
|
||||||
|
** Check file permissions
|
||||||
* Show more info does not work from edit->trust
|
** Write a keybox header and check for that magic value.
|
||||||
|
** Check that all error code mapping is done.
|
||||||
* Check that no secret temporary results are stored in the result parameter
|
** Remove the inter-module dependencies between gpgsm and keybox
|
||||||
of the mpi functions. We have already done this for mpi-mul.c
|
|
||||||
|
|
||||||
* We need another special packet at the end of a clearsign message to mark
|
* agent/command.c
|
||||||
it's end and allow for multiple signature for one message. And
|
** Make sure that secure memory is used where appropriate
|
||||||
add a real grammar to the code in mainproc.c
|
** Implement option passing per connection (DISPLAY and TTY)
|
||||||
|
|
||||||
* If there is no secure memory, allocate more memory for the secure
|
* agent/pkdecrypt.c, agent/pksign.c
|
||||||
memory block or do it in all cases.
|
** Don't use stdio to return results.
|
||||||
|
|
||||||
* add some minor things vor VMS.
|
* agent/protect-tool.c
|
||||||
|
** Export and import certificates along with the secret key.
|
||||||
* Use DSA keys with the test suite (partly done)
|
** Make it more comfortable; i.e. copy files to the correct place.
|
||||||
|
|
||||||
* Fix the bug in the mips assembler code
|
* Move pkcs-1 encoding into libgcrypt.
|
||||||
|
|
||||||
* Add a way to show the fingerprint of an key signator's keys
|
* Use a MAC to protect some files.
|
||||||
|
|
||||||
* Add an is_valid flag to each user ID.
|
* sm/export.c
|
||||||
|
** Return an error code or a status info per user ID.
|
||||||
* Replace the printing of the user name by [self-signature] when
|
|
||||||
appropriate so that a key listing does not get clobbered.
|
|
||||||
|
|
||||||
* Concatenated encryption messages don't work corectly - only the
|
|
||||||
first one is processed.
|
|
||||||
|
|
||||||
* Add option to put the list of recipients (from the encryption
|
|
||||||
layer) into the signatures notation data.
|
|
||||||
|
|
||||||
* --disable-asm should still assemble _udiv_qrnnd when needed
|
|
||||||
|
|
||||||
* Get new assembler stuff from gmp 3.1
|
|
||||||
|
|
||||||
* use DEL and ^H for erasing the previous character (util/ttyio.c).
|
|
||||||
or better readline.
|
|
||||||
|
|
||||||
* add test cases for invalid data (scrambled armor or other random data)
|
|
||||||
|
|
||||||
* add checking of armor trailers. Try to detect garbled header
|
|
||||||
lines. Often one dash is missing due to sloppy cut+paste; so add
|
|
||||||
a warning note like the one for QP.
|
|
||||||
|
|
||||||
* the pubkey encrypt functions should do some sanity checks.
|
|
||||||
|
|
||||||
* "gpg filename.tar.gz.asc" should work like --verify (-sab).
|
|
||||||
|
|
||||||
* for messages created with "-t", it might make sense to append the
|
|
||||||
verification status of the message to the output (i.e. write something to
|
|
||||||
the --output file and not only to stderr. However the problem is
|
|
||||||
that we consider the message transpatrent and don't have any
|
|
||||||
indication of the used character set. To implement this feature
|
|
||||||
we need to make sure that all output is plain 7 bit ascii but
|
|
||||||
given that we need to print a user name, this does not make sense
|
|
||||||
at all. The only way this can be implemented is by assuming that
|
|
||||||
the message is encoded in utf8 and hope tht everyone starts to use
|
|
||||||
utf8 instead of latin-1 or whatever RSN. Hmmm, I myself should
|
|
||||||
start with this.
|
|
||||||
|
|
||||||
* keyflags don't distinguish between {certify,signature}-only.
|
|
||||||
|
|
||||||
* Instead of issuing a "signature packet without keyid" gpg should
|
|
||||||
try to get the keyID from a corresponding one-pass signature
|
|
||||||
packet (See bug report 817). This is not easy to do as we don't
|
|
||||||
store the one-pass packets.
|
|
||||||
|
|
||||||
* cat foo | gpg --sign | gpg --list-packets
|
|
||||||
Does not list the signature packet.
|
|
||||||
|
|
||||||
* When presenting the result of a verification show the user ID with
|
|
||||||
the highest trust level first instead of the primary one.
|
|
||||||
|
|
||||||
|
|
||||||
Things we won't do
|
|
||||||
------------------
|
|
||||||
|
|
||||||
* New option --file-remove path-to-wipe-program ?
|
|
||||||
|
|
||||||
|
835
acinclude.m4
835
acinclude.m4
@ -17,14 +17,6 @@ dnl You should have received a copy of the GNU General Public License
|
|||||||
dnl along with this program; if not, write to the Free Software
|
dnl along with this program; if not, write to the Free Software
|
||||||
dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||||
|
|
||||||
dnl GNUPG_MSG_PRINT(STRING)
|
|
||||||
dnl print a message
|
|
||||||
dnl
|
|
||||||
define(GNUPG_MSG_PRINT,
|
|
||||||
[ echo $ac_n "$1"" $ac_c" 1>&AC_FD_MSG
|
|
||||||
])
|
|
||||||
|
|
||||||
|
|
||||||
dnl GNUPG_CHECK_TYPEDEF(TYPE, HAVE_NAME)
|
dnl GNUPG_CHECK_TYPEDEF(TYPE, HAVE_NAME)
|
||||||
dnl Check whether a typedef exists and create a #define $2 if it exists
|
dnl Check whether a typedef exists and create a #define $2 if it exists
|
||||||
dnl
|
dnl
|
||||||
@ -44,315 +36,95 @@ AC_DEFUN(GNUPG_CHECK_TYPEDEF,
|
|||||||
])
|
])
|
||||||
|
|
||||||
|
|
||||||
dnl GNUPG_CHECK_GNUMAKE
|
# Check for the getsockopt SO_PEERCRED
|
||||||
dnl
|
AC_DEFUN(GNUPG_SYS_SO_PEERCRED,
|
||||||
AC_DEFUN(GNUPG_CHECK_GNUMAKE,
|
[ AC_MSG_CHECKING(for SO_PEERCRED)
|
||||||
[
|
AC_CACHE_VAL(gnupg_cv_sys_so_peercred,
|
||||||
if ${MAKE-make} --version 2>/dev/null | grep '^GNU ' >/dev/null 2>&1; then
|
[AC_TRY_COMPILE([#include <sys/socket.h>],
|
||||||
:
|
[struct ucred cr;
|
||||||
else
|
int cl = sizeof cr;
|
||||||
AC_MSG_WARN([[
|
getsockopt (1, SOL_SOCKET, SO_PEERCRED, &cr, &cl);],
|
||||||
***
|
gnupg_cv_sys_so_peercred=yes,
|
||||||
*** It seems that you are not using GNU make. Some make tools have serious
|
gnupg_cv_sys_so_peercred=no)
|
||||||
*** flaws and you may not be able to build this software at all. Before you
|
|
||||||
*** complain, please try GNU make: GNU make is easy to build and available
|
|
||||||
*** at all GNU archives. It is always available from ftp.gnu.org:/gnu/make.
|
|
||||||
***]])
|
|
||||||
fi
|
|
||||||
])
|
|
||||||
|
|
||||||
|
|
||||||
dnl GNUPG_CHECK_FAQPROG
|
|
||||||
dnl
|
|
||||||
AC_DEFUN(GNUPG_CHECK_FAQPROG,
|
|
||||||
[ AC_MSG_CHECKING(for faqprog.pl)
|
|
||||||
if faqprog.pl -V 2>/dev/null | grep '^faqprog.pl ' >/dev/null 2>&1; then
|
|
||||||
working_faqprog=yes
|
|
||||||
FAQPROG="faqprog.pl"
|
|
||||||
else
|
|
||||||
working_faqprog=no
|
|
||||||
FAQPROG=": "
|
|
||||||
fi
|
|
||||||
AC_MSG_RESULT($working_faqprog)
|
|
||||||
AC_SUBST(FAQPROG)
|
|
||||||
AM_CONDITIONAL(WORKING_FAQPROG, test "$working_faqprog" = "yes" )
|
|
||||||
|
|
||||||
dnl if test $working_faqprog = no; then
|
|
||||||
dnl AC_MSG_WARN([[
|
|
||||||
dnl ***
|
|
||||||
dnl *** It seems that the faqprog.pl program is not installed;
|
|
||||||
dnl *** however it is only needed if you want to change the FAQ.
|
|
||||||
dnl *** (faqprog.pl should be available at:
|
|
||||||
dnl *** ftp://ftp.gnupg.org/pub/gcrypt/contrib/faqprog.pl )
|
|
||||||
dnl *** No need to worry about this warning.
|
|
||||||
dnl ***]])
|
|
||||||
dnl fi
|
|
||||||
])
|
|
||||||
|
|
||||||
dnl GNUPG_CHECK_DOCBOOK_TO_TEXI
|
|
||||||
dnl
|
|
||||||
AC_DEFUN(GNUPG_CHECK_DOCBOOK_TO_TEXI,
|
|
||||||
[
|
|
||||||
AC_CHECK_PROG(DOCBOOK_TO_TEXI, docbook2texi, yes, no)
|
|
||||||
AC_MSG_CHECKING(for sgml to texi tools)
|
|
||||||
working_sgmltotexi=no
|
|
||||||
if test "$ac_cv_prog_DOCBOOK_TO_TEXI" = yes; then
|
|
||||||
if sgml2xml -v /dev/null 2>&1 | grep 'SP version' >/dev/null 2>&1 ; then
|
|
||||||
working_sgmltotexi=yes
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
AC_MSG_RESULT($working_sgmltotexi)
|
|
||||||
AM_CONDITIONAL(HAVE_DOCBOOK_TO_TEXI, test "$working_sgmltotexi" = "yes" )
|
|
||||||
])
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
dnl GNUPG_CHECK_ENDIAN
|
|
||||||
dnl define either LITTLE_ENDIAN_HOST or BIG_ENDIAN_HOST
|
|
||||||
dnl
|
|
||||||
define(GNUPG_CHECK_ENDIAN,
|
|
||||||
[ if test "$cross_compiling" = yes; then
|
|
||||||
AC_MSG_WARN(cross compiling; assuming little endianess)
|
|
||||||
fi
|
|
||||||
AC_MSG_CHECKING(endianess)
|
|
||||||
AC_CACHE_VAL(gnupg_cv_c_endian,
|
|
||||||
[ gnupg_cv_c_endian=unknown
|
|
||||||
# See if sys/param.h defines the BYTE_ORDER macro.
|
|
||||||
AC_TRY_COMPILE([#include <sys/types.h>
|
|
||||||
#include <sys/param.h>], [
|
|
||||||
#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
|
|
||||||
bogus endian macros
|
|
||||||
#endif], [# It does; now see whether it defined to BIG_ENDIAN or not.
|
|
||||||
AC_TRY_COMPILE([#include <sys/types.h>
|
|
||||||
#include <sys/param.h>], [
|
|
||||||
#if BYTE_ORDER != BIG_ENDIAN
|
|
||||||
not big endian
|
|
||||||
#endif], gnupg_cv_c_endian=big, gnupg_cv_c_endian=little)])
|
|
||||||
if test "$gnupg_cv_c_endian" = unknown; then
|
|
||||||
AC_TRY_RUN([main () {
|
|
||||||
/* Are we little or big endian? From Harbison&Steele. */
|
|
||||||
union
|
|
||||||
{
|
|
||||||
long l;
|
|
||||||
char c[sizeof (long)];
|
|
||||||
} u;
|
|
||||||
u.l = 1;
|
|
||||||
exit (u.c[sizeof (long) - 1] == 1);
|
|
||||||
}],
|
|
||||||
gnupg_cv_c_endian=little,
|
|
||||||
gnupg_cv_c_endian=big,
|
|
||||||
gnupg_cv_c_endian=little
|
|
||||||
)
|
|
||||||
fi
|
|
||||||
])
|
])
|
||||||
AC_MSG_RESULT([$gnupg_cv_c_endian])
|
AC_MSG_RESULT($gnupg_cv_sys_so_peercred)
|
||||||
if test "$gnupg_cv_c_endian" = little; then
|
if test $gnupg_cv_sys_so_peercred = yes; then
|
||||||
AC_DEFINE(LITTLE_ENDIAN_HOST,1,
|
AC_DEFINE(HAVE_SO_PEERCRED, 1,
|
||||||
[Defined if the host has little endian byte ordering])
|
[Defined if SO_PEERCRED is supported (Linux)])
|
||||||
else
|
|
||||||
AC_DEFINE(BIG_ENDIAN_HOST,1,
|
|
||||||
[Defined if the host has big endian byte ordering])
|
|
||||||
fi
|
|
||||||
])
|
|
||||||
|
|
||||||
dnl GNUPG_CHECK_CACHE
|
|
||||||
dnl
|
|
||||||
define(GNUPG_CHECK_CACHE,
|
|
||||||
[ AC_MSG_CHECKING(cached information)
|
|
||||||
gnupg_hostcheck="$target"
|
|
||||||
AC_CACHE_VAL(gnupg_cv_hostcheck, [ gnupg_cv_hostcheck="$gnupg_hostcheck" ])
|
|
||||||
if test "$gnupg_cv_hostcheck" != "$gnupg_hostcheck"; then
|
|
||||||
AC_MSG_RESULT(changed)
|
|
||||||
AC_MSG_WARN(config.cache exists!)
|
|
||||||
AC_MSG_ERROR(you must do 'make distclean' first to compile for
|
|
||||||
different target or different parameters.)
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT(ok)
|
|
||||||
fi
|
fi
|
||||||
])
|
])
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
# Check for -fPIC etc (taken from libtool)
|
|
||||||
# This sets CFLAGS_PIC to the required flags
|
|
||||||
# NO_PIC to yes if it is not possible to
|
|
||||||
# generate PIC
|
|
||||||
######################################################################
|
|
||||||
dnl GNUPG_CHECK_PIC
|
|
||||||
dnl
|
|
||||||
define(GNUPG_CHECK_PIC,
|
|
||||||
[ AC_MSG_CHECKING(for option to create PIC)
|
|
||||||
CFLAGS_PIC=
|
|
||||||
NO_PIC=no
|
|
||||||
if test "$cross_compiling" = yes; then
|
|
||||||
AC_MSG_RESULT(assume none)
|
|
||||||
else
|
|
||||||
if test "$GCC" = yes; then
|
|
||||||
CFLAGS_PIC="-fPIC"
|
|
||||||
else
|
|
||||||
case "$host_os" in
|
|
||||||
aix3* | aix4*)
|
|
||||||
# All rs/6000 code is PIC
|
|
||||||
# but is there any non-rs/6000 AIX platform?
|
|
||||||
;;
|
|
||||||
|
|
||||||
hpux9* | hpux10*)
|
# GNUPG_BUILD_PROGRAM(NAME,DEFAULT)
|
||||||
CFLAGS_PIC="+Z"
|
# Add a --enable-NAME option to configure an set the
|
||||||
;;
|
# shell variable build_NAME either to "yes" or "no". DEFAULT must
|
||||||
|
# either be "yes" or "no" and decided on the default value for
|
||||||
|
# build_NAME and whether --enable-NAME or --disable-NAME is shown with
|
||||||
|
# ./configure --help
|
||||||
|
AC_DEFUN(GNUPG_BUILD_PROGRAM,
|
||||||
|
[build_$1=$2
|
||||||
|
m4_if([$2],[yes],[
|
||||||
|
AC_ARG_ENABLE([$1], AC_HELP_STRING([--disable-$1],
|
||||||
|
[do not build the $1 program]),
|
||||||
|
build_$1=$enableval, build_$1=$2)
|
||||||
|
],[
|
||||||
|
AC_ARG_ENABLE([$1], AC_HELP_STRING([--enable-$1],
|
||||||
|
[build the $1 program]),
|
||||||
|
build_$1=$enableval, build_$1=$2)
|
||||||
|
])
|
||||||
|
case "$build_$1" in
|
||||||
|
no|yes)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
AC_MSG_ERROR([only yes or no allowed for feature --enable-$1])
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
])
|
||||||
|
|
||||||
irix5* | irix6*)
|
|
||||||
# PIC (with -KPIC) is the default.
|
|
||||||
;;
|
|
||||||
|
|
||||||
osf3* | osf4*)
|
|
||||||
# FIXME - pic_flag is probably required for
|
|
||||||
# hppa*-osf* and i860-osf*
|
|
||||||
;;
|
|
||||||
|
|
||||||
sco3.2v5*)
|
# GNUPG_PTH_VERSION_CHECK(REQUIRED)
|
||||||
CFLAGS_PIC='-Kpic'
|
#
|
||||||
;;
|
# If the version is sufficient, HAVE_PTH will be set to yes.
|
||||||
|
#
|
||||||
solaris2* | solaris7* )
|
# Taken form the m4 macros which come with Pth
|
||||||
CFLAGS_PIC='-KPIC'
|
AC_DEFUN(GNUPG_PTH_VERSION_CHECK,
|
||||||
;;
|
[
|
||||||
|
_pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print [$]3}'`
|
||||||
sunos4*)
|
_req_version="ifelse([$1],,1.2.0,$1)"
|
||||||
CFLAGS_PIC='-PIC'
|
for _var in _pth_version _req_version; do
|
||||||
;;
|
eval "_val=\"\$${_var}\""
|
||||||
|
_major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'`
|
||||||
*)
|
_minor=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\2/'`
|
||||||
NO_PIC=yes
|
_rtype=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\3/'`
|
||||||
;;
|
_micro=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\4/'`
|
||||||
esac
|
case $_rtype in
|
||||||
fi
|
"a" ) _rtype=0 ;;
|
||||||
|
"b" ) _rtype=1 ;;
|
||||||
case "$host_cpu" in
|
"." ) _rtype=2 ;;
|
||||||
rs6000 | powerpc | powerpcle)
|
|
||||||
# Yippee! All RS/6000 and PowerPC code is position-independent.
|
|
||||||
CFLAGS_PIC=""
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
|
_hex=`echo dummy | awk '{ printf("%d%02d%1d%02d", major, minor, rtype, micro); }' \
|
||||||
if test "$NO_PIC" = yes; then
|
"major=$_major" "minor=$_minor" "rtype=$_rtype" "micro=$_micro"`
|
||||||
AC_MSG_RESULT(not possible)
|
eval "${_var}_hex=\"\$_hex\""
|
||||||
else
|
done
|
||||||
if test -z "$CFLAGS_PIC"; then
|
have_pth=no
|
||||||
AC_MSG_RESULT(none)
|
if test ".$_pth_version_hex" != .; then
|
||||||
else
|
if test ".$_req_version_hex" != .; then
|
||||||
AC_MSG_RESULT($CFLAGS_PIC)
|
if test $_pth_version_hex -ge $_req_version_hex; then
|
||||||
|
have_pth=yes
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
])
|
if test $have_pth = no; then
|
||||||
|
AC_MSG_WARN([[
|
||||||
|
***
|
||||||
######################################################################
|
*** Found Pth version $_pth_version, but require at least
|
||||||
# Check for export-dynamic flag
|
*** version $_req_version. Please upgrade Pth first.
|
||||||
# This sets CFLAGS_EXPORTDYNAMIC to the required flags
|
***]])
|
||||||
######################################################################
|
|
||||||
dnl GNUPG_CHECK_EXPORTDYNAMIC
|
|
||||||
dnl
|
|
||||||
define(GNUPG_CHECK_EXPORTDYNAMIC,
|
|
||||||
[ AC_MSG_CHECKING(how to specify -export-dynamic)
|
|
||||||
if test "$cross_compiling" = yes; then
|
|
||||||
AC_MSG_RESULT(assume none)
|
|
||||||
CFLAGS_EXPORTDYNAMIC=""
|
|
||||||
else
|
|
||||||
AC_CACHE_VAL(gnupg_cv_export_dynamic,[
|
|
||||||
if AC_TRY_COMMAND([${CC-cc} $CFLAGS -Wl,--version 2>&1 |
|
|
||||||
grep "GNU ld" >/dev/null]); then
|
|
||||||
# using gnu's linker
|
|
||||||
gnupg_cv_export_dynamic="-Wl,-export-dynamic"
|
|
||||||
else
|
|
||||||
case "$host_os" in
|
|
||||||
hpux* )
|
|
||||||
gnupg_cv_export_dynamic="-Wl,-E"
|
|
||||||
;;
|
|
||||||
* )
|
|
||||||
gnupg_cv_export_dynamic=""
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
])
|
|
||||||
AC_MSG_RESULT($gnupg_cv_export_dynamic)
|
|
||||||
CFLAGS_EXPORTDYNAMIC="$gnupg_cv_export_dynamic"
|
|
||||||
fi
|
fi
|
||||||
])
|
])
|
||||||
|
|
||||||
#####################################################################
|
|
||||||
# Check for SysV IPC (from GIMP)
|
|
||||||
# And see whether we have a SHM_LOCK (FreeBSD does not have it).
|
|
||||||
#####################################################################
|
|
||||||
dnl GNUPG_CHECK_IPC
|
|
||||||
dnl
|
|
||||||
define(GNUPG_CHECK_IPC,
|
|
||||||
[ AC_CHECK_HEADERS(sys/ipc.h sys/shm.h)
|
|
||||||
if test "$ac_cv_header_sys_shm_h" = "yes"; then
|
|
||||||
AC_MSG_CHECKING(whether IPC_RMID allowes subsequent attaches)
|
|
||||||
AC_CACHE_VAL(gnupg_cv_ipc_rmid_deferred_release,
|
|
||||||
AC_TRY_RUN([
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>
|
|
||||||
int main()
|
|
||||||
{
|
|
||||||
int id;
|
|
||||||
char *shmaddr;
|
|
||||||
id = shmget (IPC_PRIVATE, 4, IPC_CREAT | 0777);
|
|
||||||
if (id == -1)
|
|
||||||
exit (2);
|
|
||||||
shmaddr = shmat (id, 0, 0);
|
|
||||||
shmctl (id, IPC_RMID, 0);
|
|
||||||
if ((char*) shmat (id, 0, 0) == (char*) -1)
|
|
||||||
{
|
|
||||||
shmdt (shmaddr);
|
|
||||||
exit (1);
|
|
||||||
}
|
|
||||||
shmdt (shmaddr);
|
|
||||||
shmdt (shmaddr);
|
|
||||||
exit (0);
|
|
||||||
}
|
|
||||||
],
|
|
||||||
gnupg_cv_ipc_rmid_deferred_release="yes",
|
|
||||||
gnupg_cv_ipc_rmid_deferred_release="no",
|
|
||||||
gnupg_cv_ipc_rmid_deferred_release="assume-no")
|
|
||||||
)
|
|
||||||
if test "$gnupg_cv_ipc_rmid_deferred_release" = "yes"; then
|
|
||||||
AC_DEFINE(IPC_RMID_DEFERRED_RELEASE,1,
|
|
||||||
[Defined if we can do a deferred shm release])
|
|
||||||
AC_MSG_RESULT(yes)
|
|
||||||
else
|
|
||||||
if test "$gnupg_cv_ipc_rmid_deferred_release" = "no"; then
|
|
||||||
AC_MSG_RESULT(no)
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT([assuming no])
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_MSG_CHECKING(whether SHM_LOCK is available)
|
|
||||||
AC_CACHE_VAL(gnupg_cv_ipc_have_shm_lock,
|
|
||||||
AC_TRY_COMPILE([#include <sys/types.h>
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>],[
|
|
||||||
int shm_id;
|
|
||||||
shmctl(shm_id, SHM_LOCK, 0);
|
|
||||||
],
|
|
||||||
gnupg_cv_ipc_have_shm_lock="yes",
|
|
||||||
gnupg_cv_ipc_have_shm_lock="no"
|
|
||||||
)
|
|
||||||
)
|
|
||||||
if test "$gnupg_cv_ipc_have_shm_lock" = "yes"; then
|
|
||||||
AC_DEFINE(IPC_HAVE_SHM_LOCK,1,
|
|
||||||
[Defined if a SysV shared memory supports the LOCK flag])
|
|
||||||
AC_MSG_RESULT(yes)
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT(no)
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
])
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock
|
# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock
|
||||||
# is not called from uid 0 (not tested whether uid 0 works)
|
# is not called from uid 0 (not tested whether uid 0 works)
|
||||||
@ -448,295 +220,206 @@ define(GNUPG_CHECK_MLOCK,
|
|||||||
])
|
])
|
||||||
|
|
||||||
|
|
||||||
################################################################
|
|
||||||
# GNUPG_PROG_NM - find the path to a BSD-compatible name lister
|
|
||||||
AC_DEFUN(GNUPG_PROG_NM,
|
|
||||||
[AC_MSG_CHECKING([for BSD-compatible nm])
|
|
||||||
AC_CACHE_VAL(ac_cv_path_NM,
|
|
||||||
[if test -n "$NM"; then
|
|
||||||
# Let the user override the test.
|
|
||||||
ac_cv_path_NM="$NM"
|
|
||||||
else
|
|
||||||
IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
|
|
||||||
for ac_dir in /usr/ucb /usr/ccs/bin $PATH /bin; do
|
|
||||||
test -z "$ac_dir" && ac_dir=.
|
|
||||||
if test -f $ac_dir/nm; then
|
|
||||||
# Check to see if the nm accepts a BSD-compat flag.
|
|
||||||
# Adding the `sed 1q' prevents false positives on HP-UX, which says:
|
|
||||||
# nm: unknown option "B" ignored
|
|
||||||
if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
|
|
||||||
ac_cv_path_NM="$ac_dir/nm -B"
|
|
||||||
elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
|
|
||||||
ac_cv_path_NM="$ac_dir/nm -p"
|
|
||||||
else
|
|
||||||
ac_cv_path_NM="$ac_dir/nm"
|
|
||||||
fi
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
IFS="$ac_save_ifs"
|
|
||||||
test -z "$ac_cv_path_NM" && ac_cv_path_NM=nm
|
|
||||||
fi])
|
|
||||||
NM="$ac_cv_path_NM"
|
|
||||||
AC_MSG_RESULT([$NM])
|
|
||||||
AC_SUBST(NM)
|
|
||||||
])
|
|
||||||
|
|
||||||
# GNUPG_SYS_NM_PARSE - Check for command ro grab the raw symbol name followed
|
dnl [copied from libgcrypt]
|
||||||
# by C symbol name from nm.
|
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
|
||||||
AC_DEFUN(GNUPG_SYS_NM_PARSE,
|
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
|
||||||
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
|
dnl Test for liblibgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS
|
||||||
AC_REQUIRE([GNUPG_PROG_NM])dnl
|
dnl
|
||||||
# Check for command to grab the raw symbol name followed by C symbol from nm.
|
AC_DEFUN(AM_PATH_LIBGCRYPT,
|
||||||
AC_MSG_CHECKING([command to parse $NM output])
|
[ AC_ARG_WITH(libgcrypt-prefix,
|
||||||
AC_CACHE_VAL(ac_cv_sys_global_symbol_pipe,
|
AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
|
||||||
[# These are sane defaults that work on at least a few old systems.
|
[prefix where LIBGCRYPT is installed (optional)]),
|
||||||
# {They come from Ultrix. What could be older than Ultrix?!! ;)}
|
libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
|
||||||
|
if test x$libgcrypt_config_prefix != x ; then
|
||||||
|
libgcrypt_config_args="$libgcrypt_config_args --prefix=$libgcrypt_config_prefix"
|
||||||
|
if test x${LIBGCRYPT_CONFIG+set} != xset ; then
|
||||||
|
LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
changequote(,)dnl
|
AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
|
||||||
# Character class describing NM global symbol codes.
|
min_libgcrypt_version=ifelse([$1], ,0.4.4,$1)
|
||||||
ac_symcode='[BCDEGRSTU]'
|
AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
|
||||||
|
ok=no
|
||||||
# Regexp to match symbols that can be accessed directly from C.
|
if test "$LIBGCRYPT_CONFIG" != "no" ; then
|
||||||
ac_sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
|
req_major=`echo $min_libgcrypt_version | \
|
||||||
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
|
||||||
# Transform the above into a raw symbol and a C symbol.
|
req_minor=`echo $min_libgcrypt_version | \
|
||||||
ac_symxfrm='\1 \1'
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
|
||||||
|
req_micro=`echo $min_libgcrypt_version | \
|
||||||
# Define system-specific variables.
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
|
||||||
case "$host_os" in
|
libgcrypt_config_version=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --version`
|
||||||
aix*)
|
major=`echo $libgcrypt_config_version | \
|
||||||
ac_symcode='[BCDTU]'
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
|
||||||
;;
|
minor=`echo $libgcrypt_config_version | \
|
||||||
freebsd* | netbsd* | openbsd* | bsdi* | sunos* | cygwin32* | mingw32*)
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
|
||||||
ac_sympat='_\([_A-Za-z][_A-Za-z0-9]*\)'
|
micro=`echo $libgcrypt_config_version | \
|
||||||
ac_symxfrm='_\1 \1'
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
|
||||||
;;
|
if test "$major" -gt "$req_major"; then
|
||||||
irix*)
|
ok=yes
|
||||||
# Cannot use undefined symbols on IRIX because inlined functions mess us up.
|
|
||||||
ac_symcode='[BCDEGRST]'
|
|
||||||
;;
|
|
||||||
solaris*)
|
|
||||||
ac_symcode='[BDTU]'
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# If we're using GNU nm, then use its standard symbol codes.
|
|
||||||
if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then
|
|
||||||
ac_symcode='[ABCDGISTUW]'
|
|
||||||
fi
|
|
||||||
|
|
||||||
case "$host_os" in
|
|
||||||
cygwin32* | mingw32*)
|
|
||||||
# We do not want undefined symbols on cygwin32. The user must
|
|
||||||
# arrange to define them via -l arguments.
|
|
||||||
ac_symcode='[ABCDGISTW]'
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
changequote([,])dnl
|
|
||||||
|
|
||||||
# Write the raw and C identifiers.
|
|
||||||
ac_cv_sys_global_symbol_pipe="sed -n -e 's/^.* $ac_symcode $ac_sympat$/$ac_symxfrm/p'"
|
|
||||||
|
|
||||||
# Check to see that the pipe works correctly.
|
|
||||||
ac_pipe_works=no
|
|
||||||
cat > conftest.$ac_ext <<EOF
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
char nm_test_var;
|
|
||||||
void nm_test_func(){}
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
int main(){nm_test_var='a';nm_test_func;return 0;}
|
|
||||||
EOF
|
|
||||||
if AC_TRY_EVAL(ac_compile); then
|
|
||||||
# Now try to grab the symbols.
|
|
||||||
ac_nlist=conftest.nm
|
|
||||||
if AC_TRY_EVAL(NM conftest.$ac_objext \| $ac_cv_sys_global_symbol_pipe \> $ac_nlist) && test -s "$ac_nlist"; then
|
|
||||||
|
|
||||||
# Try sorting and uniquifying the output.
|
|
||||||
if sort "$ac_nlist" | uniq > "$ac_nlist"T; then
|
|
||||||
mv -f "$ac_nlist"T "$ac_nlist"
|
|
||||||
ac_wcout=`wc "$ac_nlist" 2>/dev/null`
|
|
||||||
changequote(,)dnl
|
|
||||||
ac_count=`echo "X$ac_wcout" | sed -e 's,^X,,' -e 's/^[ ]*\([0-9][0-9]*\).*$/\1/'`
|
|
||||||
changequote([,])dnl
|
|
||||||
(test "$ac_count" -ge 0) 2>/dev/null || ac_count=-1
|
|
||||||
else
|
else
|
||||||
rm -f "$ac_nlist"T
|
if test "$major" -eq "$req_major"; then
|
||||||
ac_count=-1
|
if test "$minor" -gt "$req_minor"; then
|
||||||
fi
|
ok=yes
|
||||||
|
else
|
||||||
# Make sure that we snagged all the symbols we need.
|
if test "$minor" -eq "$req_minor"; then
|
||||||
if egrep ' nm_test_var$' "$ac_nlist" >/dev/null; then
|
if test "$micro" -ge "$req_micro"; then
|
||||||
if egrep ' nm_test_func$' "$ac_nlist" >/dev/null; then
|
ok=yes
|
||||||
cat <<EOF > conftest.c
|
fi
|
||||||
#ifdef __cplusplus
|
fi
|
||||||
extern "C" {
|
fi
|
||||||
#endif
|
|
||||||
|
|
||||||
EOF
|
|
||||||
# Now generate the symbol file.
|
|
||||||
sed 's/^.* \(.*\)$/extern char \1;/' < "$ac_nlist" >> conftest.c
|
|
||||||
|
|
||||||
cat <<EOF >> conftest.c
|
|
||||||
#if defined (__STDC__) && __STDC__
|
|
||||||
# define __ptr_t void *
|
|
||||||
#else
|
|
||||||
# define __ptr_t char *
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* The number of symbols in dld_preloaded_symbols, -1 if unsorted. */
|
|
||||||
int dld_preloaded_symbol_count = $ac_count;
|
|
||||||
|
|
||||||
/* The mapping between symbol names and symbols. */
|
|
||||||
struct {
|
|
||||||
char *name;
|
|
||||||
__ptr_t address;
|
|
||||||
}
|
|
||||||
changequote(,)dnl
|
|
||||||
dld_preloaded_symbols[] =
|
|
||||||
changequote([,])dnl
|
|
||||||
{
|
|
||||||
EOF
|
|
||||||
sed 's/^\(.*\) \(.*\)$/ {"\1", (__ptr_t) \&\2},/' < "$ac_nlist" >> conftest.c
|
|
||||||
cat <<\EOF >> conftest.c
|
|
||||||
{0, (__ptr_t) 0}
|
|
||||||
};
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
EOF
|
|
||||||
# Now try linking the two files.
|
|
||||||
mv conftest.$ac_objext conftestm.$ac_objext
|
|
||||||
ac_save_LIBS="$LIBS"
|
|
||||||
ac_save_CFLAGS="$CFLAGS"
|
|
||||||
LIBS="conftestm.$ac_objext"
|
|
||||||
CFLAGS="$CFLAGS$no_builtin_flag"
|
|
||||||
if AC_TRY_EVAL(ac_link) && test -s conftest; then
|
|
||||||
ac_pipe_works=yes
|
|
||||||
else
|
|
||||||
echo "configure: failed program was:" >&AC_FD_CC
|
|
||||||
cat conftest.c >&AC_FD_CC
|
|
||||||
fi
|
fi
|
||||||
LIBS="$ac_save_LIBS"
|
|
||||||
CFLAGS="$ac_save_CFLAGS"
|
|
||||||
else
|
|
||||||
echo "cannot find nm_test_func in $ac_nlist" >&AC_FD_CC
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "cannot find nm_test_var in $ac_nlist" >&AC_FD_CC
|
|
||||||
fi
|
fi
|
||||||
else
|
|
||||||
echo "cannot run $ac_cv_sys_global_symbol_pipe" >&AC_FD_CC
|
|
||||||
fi
|
fi
|
||||||
else
|
if test $ok = yes; then
|
||||||
echo "$progname: failed program was:" >&AC_FD_CC
|
LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --cflags`
|
||||||
cat conftest.c >&AC_FD_CC
|
LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --libs`
|
||||||
fi
|
AC_MSG_RESULT(yes)
|
||||||
rm -rf conftest*
|
ifelse([$2], , :, [$2])
|
||||||
|
else
|
||||||
# Do not use the global_symbol_pipe unless it works.
|
LIBGCRYPT_CFLAGS=""
|
||||||
test "$ac_pipe_works" = yes || ac_cv_sys_global_symbol_pipe=
|
LIBGCRYPT_LIBS=""
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
ifelse([$3], , :, [$3])
|
||||||
|
fi
|
||||||
|
AC_SUBST(LIBGCRYPT_CFLAGS)
|
||||||
|
AC_SUBST(LIBGCRYPT_LIBS)
|
||||||
])
|
])
|
||||||
|
|
||||||
ac_result=yes
|
|
||||||
if test -z "$ac_cv_sys_global_symbol_pipe"; then
|
|
||||||
ac_result=no
|
|
||||||
fi
|
|
||||||
AC_MSG_RESULT($ac_result)
|
|
||||||
])
|
|
||||||
|
|
||||||
# GNUPG_SYS_LIBTOOL_CYGWIN32 - find tools needed on cygwin32
|
dnl [Copied from libksba]
|
||||||
AC_DEFUN(GNUPG_SYS_LIBTOOL_CYGWIN32,
|
dnl AM_PATH_KSBA([MINIMUM-VERSION,
|
||||||
[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
|
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
|
||||||
AC_CHECK_TOOL(AS, as, false)
|
dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS
|
||||||
])
|
dnl
|
||||||
|
AC_DEFUN(AM_PATH_KSBA,
|
||||||
|
[ AC_ARG_WITH(ksba-prefix,
|
||||||
|
AC_HELP_STRING([--with-ksba-prefix=PFX],
|
||||||
|
[prefix where KSBA is installed (optional)]),
|
||||||
|
ksba_config_prefix="$withval", ksba_config_prefix="")
|
||||||
|
if test x$ksba_config_prefix != x ; then
|
||||||
|
ksba_config_args="$ksba_config_args --prefix=$ksba_config_prefix"
|
||||||
|
if test x${KSBA_CONFIG+set} != xset ; then
|
||||||
|
KSBA_CONFIG=$ksba_config_prefix/bin/ksba-config
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# GNUPG_SYS_SYMBOL_UNDERSCORE - does the compiler prefix global symbols
|
AC_PATH_PROG(KSBA_CONFIG, ksba-config, no)
|
||||||
# with an underscore?
|
min_ksba_version=ifelse([$1], ,0.4.4,$1)
|
||||||
AC_DEFUN(GNUPG_SYS_SYMBOL_UNDERSCORE,
|
AC_MSG_CHECKING(for KSBA - version >= $min_ksba_version)
|
||||||
[tmp_do_check="no"
|
ok=no
|
||||||
case "${target}" in
|
if test "$KSBA_CONFIG" != "no" ; then
|
||||||
i386-emx-os2 | i[3456]86-pc-os2*emx | i386-pc-msdosdjgpp | *-*-cygwin)
|
req_major=`echo $min_ksba_version | \
|
||||||
ac_cv_sys_symbol_underscore=yes
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
|
||||||
;;
|
req_minor=`echo $min_ksba_version | \
|
||||||
*)
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
|
||||||
if test "$cross_compiling" = yes; then
|
req_micro=`echo $min_ksba_version | \
|
||||||
ac_cv_sys_symbol_underscore=yes
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
|
||||||
else
|
ksba_config_version=`$KSBA_CONFIG $ksba_config_args --version`
|
||||||
tmp_do_check="yes"
|
major=`echo $ksba_config_version | \
|
||||||
fi
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
|
||||||
;;
|
minor=`echo $ksba_config_version | \
|
||||||
esac
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
|
||||||
|
micro=`echo $ksba_config_version | \
|
||||||
if test "$tmp_do_check" = "yes"; then
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
|
||||||
AC_REQUIRE([GNUPG_PROG_NM])dnl
|
if test "$major" -gt "$req_major"; then
|
||||||
AC_REQUIRE([GNUPG_SYS_NM_PARSE])dnl
|
ok=yes
|
||||||
AC_MSG_CHECKING([for _ prefix in compiled symbols])
|
|
||||||
AC_CACHE_VAL(ac_cv_sys_symbol_underscore,
|
|
||||||
[ac_cv_sys_symbol_underscore=no
|
|
||||||
cat > conftest.$ac_ext <<EOF
|
|
||||||
void nm_test_func(){}
|
|
||||||
int main(){nm_test_func;return 0;}
|
|
||||||
EOF
|
|
||||||
if AC_TRY_EVAL(ac_compile); then
|
|
||||||
# Now try to grab the symbols.
|
|
||||||
ac_nlist=conftest.nm
|
|
||||||
if AC_TRY_EVAL(NM conftest.$ac_objext \| $ac_cv_sys_global_symbol_pipe \> $ac_nlist) && test -s "$ac_nlist"; then
|
|
||||||
# See whether the symbols have a leading underscore.
|
|
||||||
if egrep '^_nm_test_func' "$ac_nlist" >/dev/null; then
|
|
||||||
ac_cv_sys_symbol_underscore=yes
|
|
||||||
else
|
else
|
||||||
if egrep '^nm_test_func ' "$ac_nlist" >/dev/null; then
|
if test "$major" -eq "$req_major"; then
|
||||||
:
|
if test "$minor" -gt "$req_minor"; then
|
||||||
else
|
ok=yes
|
||||||
echo "configure: cannot find nm_test_func in $ac_nlist" >&AC_FD_CC
|
else
|
||||||
fi
|
if test "$minor" -eq "$req_minor"; then
|
||||||
|
if test "$micro" -ge "$req_micro"; then
|
||||||
|
ok=yes
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
|
||||||
echo "configure: cannot run $ac_cv_sys_global_symbol_pipe" >&AC_FD_CC
|
|
||||||
fi
|
fi
|
||||||
else
|
if test $ok = yes; then
|
||||||
echo "configure: failed program was:" >&AC_FD_CC
|
KSBA_CFLAGS=`$KSBA_CONFIG $ksba_config_args --cflags`
|
||||||
cat conftest.c >&AC_FD_CC
|
KSBA_LIBS=`$KSBA_CONFIG $ksba_config_args --libs`
|
||||||
fi
|
AC_MSG_RESULT(yes)
|
||||||
rm -rf conftest*
|
ifelse([$2], , :, [$2])
|
||||||
])
|
else
|
||||||
else
|
KSBA_CFLAGS=""
|
||||||
AC_MSG_CHECKING([for _ prefix in compiled symbols])
|
KSBA_LIBS=""
|
||||||
fi
|
AC_MSG_RESULT(no)
|
||||||
AC_MSG_RESULT($ac_cv_sys_symbol_underscore)
|
ifelse([$3], , :, [$3])
|
||||||
if test x$ac_cv_sys_symbol_underscore = xyes; then
|
fi
|
||||||
AC_DEFINE(WITH_SYMBOL_UNDERSCORE,1,
|
AC_SUBST(KSBA_CFLAGS)
|
||||||
[Defined if compiled symbols have a leading underscore])
|
AC_SUBST(KSBA_LIBS)
|
||||||
fi
|
|
||||||
])
|
])
|
||||||
|
|
||||||
dnl Stolen from gcc
|
|
||||||
dnl Define MKDIR_TAKES_ONE_ARG if mkdir accepts only one argument instead
|
|
||||||
dnl of the usual 2.
|
dnl AM_PATH_OPENSC([MINIMUM-VERSION,
|
||||||
AC_DEFUN(GNUPG_FUNC_MKDIR_TAKES_ONE_ARG,
|
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
|
||||||
[AC_CHECK_HEADERS(sys/stat.h unistd.h direct.h)
|
dnl Test for OpenSC and define OPENSC_CFLAGS and OPENSC_LIBS
|
||||||
AC_CACHE_CHECK([if mkdir takes one argument], gnupg_cv_mkdir_takes_one_arg,
|
dnl
|
||||||
[AC_TRY_COMPILE([
|
AC_DEFUN(AM_PATH_OPENSC,
|
||||||
#include <sys/types.h>
|
[ AC_ARG_WITH(opensc-prefix,
|
||||||
#ifdef HAVE_SYS_STAT_H
|
AC_HELP_STRING([--with-opensc-prefix=PFX],
|
||||||
# include <sys/stat.h>
|
[prefix where OpenSC is installed (optional)]),
|
||||||
#endif
|
opensc_config_prefix="$withval", opensc_config_prefix="")
|
||||||
#ifdef HAVE_UNISTD_H
|
if test x$opensc_config_prefix != x ; then
|
||||||
# include <unistd.h>
|
opensc_config_args="$opensc_config_args --prefix=$opensc_config_prefix"
|
||||||
#endif
|
if test x${OPENSC_CONFIG+set} != xset ; then
|
||||||
#ifdef HAVE_DIRECT_H
|
OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
|
||||||
# include <direct.h>
|
fi
|
||||||
#endif], [mkdir ("foo", 0);],
|
fi
|
||||||
gnupg_cv_mkdir_takes_one_arg=no, gnupg_cv_mkdir_takes_one_arg=yes)])
|
|
||||||
if test $gnupg_cv_mkdir_takes_one_arg = yes ; then
|
AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
|
||||||
AC_DEFINE(MKDIR_TAKES_ONE_ARG,1,
|
min_opensc_version=ifelse([$1], ,0.7.0,$1)
|
||||||
[Defined if mkdir() does not take permission flags])
|
AC_MSG_CHECKING(for OpenSC - version >= $min_opensc_version)
|
||||||
fi
|
ok=no
|
||||||
|
if test "$OPENSC_CONFIG" != "no" ; then
|
||||||
|
req_major=`echo $min_opensc_version | \
|
||||||
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
|
||||||
|
req_minor=`echo $min_opensc_version | \
|
||||||
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
|
||||||
|
req_micro=`echo $min_opensc_version | \
|
||||||
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
|
||||||
|
opensc_config_version=`$OPENSC_CONFIG $opensc_config_args --version`
|
||||||
|
major=`echo $opensc_config_version | \
|
||||||
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
|
||||||
|
minor=`echo $opensc_config_version | \
|
||||||
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
|
||||||
|
micro=`echo $opensc_config_version | \
|
||||||
|
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
|
||||||
|
if test "$major" -gt "$req_major"; then
|
||||||
|
ok=yes
|
||||||
|
else
|
||||||
|
if test "$major" -eq "$req_major"; then
|
||||||
|
if test "$minor" -gt "$req_minor"; then
|
||||||
|
ok=yes
|
||||||
|
else
|
||||||
|
if test "$minor" -eq "$req_minor"; then
|
||||||
|
if test "$micro" -ge "$req_micro"; then
|
||||||
|
ok=yes
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if test $ok = yes; then
|
||||||
|
OPENSC_CFLAGS=`$OPENSC_CONFIG $opensc_config_args --cflags`
|
||||||
|
OPENSC_LIBS=`$OPENSC_CONFIG $opensc_config_args --libs`
|
||||||
|
OPENSC_LIBS="$OPENSC_LIBS -lpcsclite -lpthread"
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
ifelse([$2], , :, [$2])
|
||||||
|
else
|
||||||
|
OPENSC_CFLAGS=""
|
||||||
|
OPENSC_LIBS=""
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
ifelse([$3], , :, [$3])
|
||||||
|
fi
|
||||||
|
AC_SUBST(OPENSC_CFLAGS)
|
||||||
|
AC_SUBST(OPENSC_LIBS)
|
||||||
])
|
])
|
||||||
|
|
||||||
|
|
||||||
|
162
autogen.sh
162
autogen.sh
@ -1,5 +1,163 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
# Run this to generate all the initial makefiles, etc.
|
||||||
|
# It is only needed for the CVS version.
|
||||||
|
|
||||||
autogen_sh="`dirname $0`/scripts/autogen.sh"
|
# have_version(prog, list of executables, required version)
|
||||||
exec $autogen_sh $*
|
#
|
||||||
|
# Returns true and sets $prog to the first executable with the
|
||||||
|
# required minimum major.minor.
|
||||||
|
have_version ()
|
||||||
|
{
|
||||||
|
found=0
|
||||||
|
|
||||||
|
for prog in $2 :
|
||||||
|
do
|
||||||
|
ver=$($prog --version \
|
||||||
|
| gawk '{ if (match($0, /[0-9]+\.[0-9]+/))
|
||||||
|
{
|
||||||
|
print substr($0, RSTART, RLENGTH); ok=1; exit 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
END {
|
||||||
|
if (! ok)
|
||||||
|
exit 1;
|
||||||
|
}')
|
||||||
|
|
||||||
|
if test $? = 0
|
||||||
|
then
|
||||||
|
if expr 0$ver '>=' 0$3 >/dev/null 2>&1
|
||||||
|
then
|
||||||
|
echo Using $prog
|
||||||
|
found=1
|
||||||
|
export $1="$prog"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if test 0$found = 01
|
||||||
|
then
|
||||||
|
true
|
||||||
|
else
|
||||||
|
echo "*** Error. Could not find an appropriate executable for $1 with "
|
||||||
|
echo "at least version $3."
|
||||||
|
false
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
PGM=NEWPG
|
||||||
|
lib_config_files=""
|
||||||
|
autoconf_vers=2.52
|
||||||
|
automake_vers=1.5
|
||||||
|
aclocal_vers=1.5
|
||||||
|
#libtool_vers=1.3
|
||||||
|
|
||||||
|
DIE=no
|
||||||
|
if test "$1" = "--build-w32"; then
|
||||||
|
shift
|
||||||
|
target=i386--mingw32
|
||||||
|
if [ ! -f ./config.guess ]; then
|
||||||
|
echo "./config.guess not found" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
host=`./config.guess`
|
||||||
|
|
||||||
|
if ! mingw32 --version >/dev/null; then
|
||||||
|
echo "We need at least version 0.3 of MingW32/CPD" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f config.h ]; then
|
||||||
|
if grep HAVE_DOSISH_SYSTEM config.h | grep undef >/dev/null; then
|
||||||
|
echo "Pease run a 'make distclean' first" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
crossinstalldir=`mingw32 --install-dir`
|
||||||
|
crossbindir=`mingw32 --get-bindir 2>/dev/null` \
|
||||||
|
|| crossbindir="$crossinstalldir/bin"
|
||||||
|
crossdatadir=`mingw32 --get-datadir 2>/dev/null` \
|
||||||
|
|| crossdatadir="$crossinstalldir/share"
|
||||||
|
crosslibdir=`mingw32 --get-libdir 2>/dev/null` \
|
||||||
|
|| crosslibdir="$crossinstalldir/i386--mingw32/lib"
|
||||||
|
crossincdir=`mingw32 --get-includedir 2>/dev/null` \
|
||||||
|
|| crossincdir="$crossinstalldir/i386--mingw32/include"
|
||||||
|
CC=`mingw32 --get-path gcc`
|
||||||
|
CPP=`mingw32 --get-path cpp`
|
||||||
|
AR=`mingw32 --get-path ar`
|
||||||
|
RANLIB=`mingw32 --get-path ranlib`
|
||||||
|
export CC CPP AR RANLIB
|
||||||
|
|
||||||
|
disable_foo_tests=""
|
||||||
|
if [ -n "$lib_config_files" ]; then
|
||||||
|
for i in $lib_config_files; do
|
||||||
|
j=`echo $i | tr '[a-z-]' '[A-Z_]'`
|
||||||
|
eval "$j=${crossbindir}/$i"
|
||||||
|
export $j
|
||||||
|
disable_foo_tests="$disable_foo_tests --disable-`echo $i| \
|
||||||
|
sed 's,-config$,,'`-test"
|
||||||
|
if [ ! -f "${crossbindir}/$i" ]; then
|
||||||
|
echo "$i not installed for MingW32" >&2
|
||||||
|
DIE=yes
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
[ $DIE = yes ] && exit 1
|
||||||
|
|
||||||
|
./configure --host=${host} --target=${target} ${disable_foo_tests} \
|
||||||
|
--bindir=${crossbindir} --libdir=${crosslibdir} \
|
||||||
|
--datadir=${crossdatadir} --includedir=${crossincdir} \
|
||||||
|
--enable-maintainer-mode $*
|
||||||
|
exit $?
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! have_version autoconf "$autoconf autoconf" $autoconf_vers
|
||||||
|
then
|
||||||
|
DIE="yes"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if have_version automake "$automake automake automake-1.6" $automake_vers
|
||||||
|
then
|
||||||
|
if ! have_version aclocal "$aclocal aclocal aclocal-1.6" $aclocal_vers
|
||||||
|
then
|
||||||
|
DIE='yes'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
DIE='yes'
|
||||||
|
fi
|
||||||
|
|
||||||
|
#if (libtool --version) < /dev/null > /dev/null 2>&1 ; then
|
||||||
|
# if (libtool --version | awk 'NR==1 { if( $4 >= '$libtool_vers') \
|
||||||
|
# exit 1; exit 0; }');
|
||||||
|
# then
|
||||||
|
# echo "**Error**: "\`libtool\'" is too old."
|
||||||
|
# echo ' (version ' $libtool_vers ' or newer is required)'
|
||||||
|
# DIE="yes"
|
||||||
|
# fi
|
||||||
|
#else
|
||||||
|
# echo
|
||||||
|
# echo "**Error**: You must have "\`libtool\'" installed to compile $PGM."
|
||||||
|
# echo ' (version ' $libtool_vers ' or newer is required)'
|
||||||
|
# DIE="yes"
|
||||||
|
#fi
|
||||||
|
|
||||||
|
if test "$DIE" = "yes"; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#echo "Running libtoolize... Ignore non-fatal messages."
|
||||||
|
#echo "no" | libtoolize
|
||||||
|
|
||||||
|
echo "Running gettextize... Ignore non-fatal messages."
|
||||||
|
echo "no" | gettextize
|
||||||
|
|
||||||
|
echo "Running $aclocal"
|
||||||
|
$aclocal
|
||||||
|
echo "Running autoheader..."
|
||||||
|
autoheader
|
||||||
|
echo "Running $automake --gnu -a"
|
||||||
|
$automake --gnu -a
|
||||||
|
echo "Running $autoconf"
|
||||||
|
$autoconf
|
||||||
|
1100
configure.ac
1100
configure.ac
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user