mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Merged Top directory of NewPG with GnuPG.
This commit is contained in:
parent
82a17c9fb3
commit
9214e1b282
117
AUTHORS
117
AUTHORS
@ -1,117 +0,0 @@
|
||||
Program: GnuPG
|
||||
Maintainer: Werner Koch <wk@gnupg.org>
|
||||
Bug reports: <bug-gnupg@gnu.org>
|
||||
Security related bug reports: <security@gnupg.org>
|
||||
|
||||
|
||||
Authors
|
||||
=======
|
||||
|
||||
Birger Langkjer <birger.langkjer@image.dk> Translations [da]
|
||||
|
||||
Daniel Resare <daniel@resare.com> Translations [sv]
|
||||
|
||||
David Shaw <dshaw@jabberwocky.com> Assignment
|
||||
(all in keyserver/,
|
||||
a lot of changes in g10/ see the ChangeLog,
|
||||
bug fixes here and there)
|
||||
|
||||
Dokianakis Theofanis <madf@hellug.gr> Translations [el]
|
||||
|
||||
Edmund GRIMLEY EVANS <edmundo@rano.org> Translations [eo]
|
||||
|
||||
Gaël Quéri <gael@lautre.net> Translations [fr]
|
||||
(fixed a lot of typos)
|
||||
|
||||
Gregory Steuck <steuck@iname.com> Translations [ru]
|
||||
|
||||
Ivo Timmermans <itimmermans@bigfoot.com> Translations [nl]
|
||||
|
||||
Jacobo Tarri'o Barreiro <jtarrio@iname.com> Translations [gl]
|
||||
|
||||
Janusz Aleksander Urbanowicz <alex@bofh.torun.pl> Translations [po]
|
||||
|
||||
Magda Procha'zkova' <magda@math.muni.cz> Translations [cs]
|
||||
|
||||
Michael Roth <mroth@nessie.de> Assignment
|
||||
(wrote cipher/des.c., changes and bug fixes all over the place)
|
||||
|
||||
Marco d'Itri <md@linux.it> Translations [it]
|
||||
|
||||
Matthew Skala <mskala@ansuz.sooke.bc.ca> Disclaimer
|
||||
(wrote cipher/twofish.c)
|
||||
|
||||
Niklas Hernaeus <nh@df.lth.se> Disclaimer
|
||||
(weak key patches)
|
||||
|
||||
Nilgun Belma Buguner <nilgun@technologist.com> Translations [tr]
|
||||
|
||||
Nils Ellmenreich <nils 'at' infosun.fmi.uni-passau.de> Assignment
|
||||
(configure.in, cipher/rndlinux.c, FAQ)
|
||||
|
||||
Paul Eggert <eggert@twinsun.com>
|
||||
(configuration macros for LFS)
|
||||
|
||||
Pedro Morais <morais@poli.org> Translations [pt_PT]
|
||||
|
||||
Rémi Guyomarch <rguyom@mail.dotcom.fr> Assignment
|
||||
(g10/compress.c, g10/encr-data.c,
|
||||
g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c)
|
||||
|
||||
Stefan Bellon <sbellon@sbellon.de> Assignment
|
||||
(All patches to support RISC OS)
|
||||
|
||||
Timo Schulz <twoaday@freakmail.de> Assignment
|
||||
(util/w32reg.c, g10/passphrase.c, g10/hkp.c)
|
||||
|
||||
Tedi Heriyanto <tedi_h@gmx.net> Translations [id]
|
||||
|
||||
Thiago Jung Bauermann <jungmann@cwb.matrix.com.br> Translations [pt_BR]
|
||||
Rafael Caetano dos Santos <rcaetano@linux.ime.usp.br> Translations [pt_BR]
|
||||
|
||||
Toomas Soome <tsoome@ut.ee> Translations [et]
|
||||
|
||||
Urko Lusa <ulusa@euskalnet.net> Translations [es_ES]
|
||||
|
||||
Walter Koch <koch@u32.de> Translations [de]
|
||||
|
||||
Werner Koch <wk@gnupg.org> Assignment
|
||||
(started the whole thing)
|
||||
|
||||
Yosiaki IIDA <iida@ring.gr.jp> Translations [ja]
|
||||
|
||||
|
||||
|
||||
Other legal information
|
||||
=======================
|
||||
|
||||
This program uses the zlib compression library written by
|
||||
Jean-loup Gailly and Mark Adler.
|
||||
|
||||
Most of the stuff in mpi has been taken from the GMP library by
|
||||
Torbjorn Granlund <tege@noisy.tmg.se>.
|
||||
|
||||
The Rijndael implementation (cipher/rijndael.c) is based on the
|
||||
public domain reference code provided for the AES selection process.
|
||||
The Rijndael algorithm is due to Joan Daemen and Vincent Rijmen.
|
||||
|
||||
The files cipher/rndunix.c and cipher/rndw32.c are based on rndunix.c
|
||||
and rndwin32.c from cryptlib.
|
||||
Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999.
|
||||
|
||||
The files in debian/ are by James Troup who is the Debian maintainer
|
||||
for GnuPG.
|
||||
|
||||
The RPM specs file scripts/gnupg.spec has been contributed by
|
||||
several people.
|
||||
|
||||
Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
|
||||
|
||||
This file is free software; as a special exception the author gives
|
||||
unlimited permission to copy and/or distribute it, with or without
|
||||
modifications, as long as this notice is preserved.
|
||||
|
||||
This file is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
47
Makefile.am
47
Makefile.am
@ -1,4 +1,5 @@
|
||||
# Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
|
||||
# Makefile.am - main makefile for NewPG/GnuPG
|
||||
# Copyright (C) 2001 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
@ -18,37 +19,29 @@
|
||||
|
||||
## Process this file with automake to produce Makefile.in
|
||||
|
||||
if CROSS_COMPILING
|
||||
checks =
|
||||
EXTRA_DIST = autogen.sh
|
||||
|
||||
if BUILD_GPGSM
|
||||
sm = sm
|
||||
else
|
||||
checks = checks
|
||||
sm =
|
||||
endif
|
||||
if BUILD_AGENT
|
||||
agent = agent
|
||||
else
|
||||
agent =
|
||||
endif
|
||||
if BUILD_SCDAEMON
|
||||
scd = scd
|
||||
else
|
||||
scd =
|
||||
endif
|
||||
|
||||
SUBDIRS = intl zlib util mpi cipher tools g10 keyserver po doc ${checks}
|
||||
EXTRA_DIST = PROJECTS BUGS config.h.in
|
||||
DISTCLEANFILES = g10defs.h
|
||||
SUBDIRS = intl jnlib assuan common kbx ${sm} ${agent} ${scd} po doc tests
|
||||
|
||||
|
||||
# Add all the files listed in "distfiles" files to the distribution,
|
||||
# apply version numbers to some files and create a VERSION file which
|
||||
# we need for the Prereq: patch file trick.
|
||||
dist-hook:
|
||||
@set -e; \
|
||||
for file in `cd $(top_srcdir); \
|
||||
find scripts mpi include -type f -name distfiles`; do \
|
||||
dir=`dirname $$file` ; $(mkinstalldirs) $(distdir)/$$dir ; \
|
||||
for i in distfiles `cat $(top_srcdir)/$$file` ; do \
|
||||
ln $(top_srcdir)/$$dir/$$i $(distdir)/$$dir/$$i 2> /dev/null \
|
||||
|| cp -p $(top_srcdir)/$$dir/$$i $(distdir)/$$dir/$$i; \
|
||||
done ; \
|
||||
done
|
||||
@set -e; \
|
||||
sed -e 's/@pkg_version@/$(VERSION)/g' \
|
||||
$(top_srcdir)/scripts/gnupg.spec.in \
|
||||
> $(distdir)/scripts/gnupg.spec
|
||||
echo "$(VERSION)" > $(distdir)/VERSION
|
||||
|
||||
|
||||
|
||||
@set -e; echo "$(VERSION)" > $(distdir)/VERSION
|
||||
|
||||
|
||||
|
||||
|
784
README
784
README
@ -1,652 +1,372 @@
|
||||
NewPG is a temporary protect to work on GnuPG extensions. It will be
|
||||
merged into the regular GnuPG sources for a GnuPG 2.0 release.
|
||||
|
||||
GnuPG - The GNU Privacy Guard
|
||||
-------------------------------
|
||||
Version 1.3
|
||||
jnlib/ utility functions
|
||||
assuan/ assuan protocol library
|
||||
kbx/ keybox library
|
||||
sm/ the gpgsm program
|
||||
agent/ the gpg-agent
|
||||
scd/ the smartcard daemon
|
||||
|
||||
Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
|
||||
Libksba and Libgcrypt are required to build it.
|
||||
|
||||
This file is free software; as a special exception the author gives
|
||||
unlimited permission to copy and/or distribute it, with or without
|
||||
modifications, as long as this notice is preserved.
|
||||
Assuan and Keybox are both designed to be source include-able.
|
||||
|
||||
This file is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
A texinfo manual `gnupg.info' will get installed. Some commands and
|
||||
options given below.
|
||||
|
||||
|
||||
Intro
|
||||
-----
|
||||
COMMANDS
|
||||
========
|
||||
|
||||
GnuPG is GNU's tool for secure communication and data storage.
|
||||
It can be used to encrypt data and to create digital signatures.
|
||||
It includes an advanced key management facility and is compliant
|
||||
with the proposed OpenPGP Internet standard as described in RFC2440.
|
||||
gpgsm:
|
||||
------
|
||||
|
||||
GnuPG works best on GNU/Linux or *BSD systems. Most other Unices
|
||||
are also supported but are not as well tested as the Free Unices.
|
||||
See http://www.gnupg.org/gnupg.html#supsys for a list of systems
|
||||
which are known to work.
|
||||
--learn-card
|
||||
|
||||
See the file COPYING for copyright and warranty information.
|
||||
Read tinformation about the private keys from the smartcard and
|
||||
import the certificates from there.
|
||||
|
||||
Because GnuPG does not use use any patented algorithm it cannot be
|
||||
compatible with PGP2 versions. PGP 2.x uses IDEA (which is patented
|
||||
worldwide).
|
||||
--export
|
||||
|
||||
The default algorithms are DSA and ElGamal, but RSA is also
|
||||
supported. ElGamal for signing is available, but because of the
|
||||
larger size of such signatures it is deprecated (Please note that
|
||||
the GnuPG implementation of ElGamal signatures is *not* insecure).
|
||||
Symmetric algorithms are: AES, 3DES, Blowfish, CAST5 and Twofish.
|
||||
Digest algorithms available are MD5, RIPEMD160 and SHA1.
|
||||
Export all certificates storein the Keybox or those specified on
|
||||
the commandline. When using --armor a few informational lines are
|
||||
prepended before each block.
|
||||
|
||||
|
||||
Installation
|
||||
------------
|
||||
Please read the file INSTALL and the sections in this file
|
||||
related to the installation. Here is a quick summary:
|
||||
OPTIONS
|
||||
=======
|
||||
|
||||
1) Check that you have unmodified sources. See below on how to do
|
||||
this. Don't skip it - this is an important step!
|
||||
gpgsm:
|
||||
------
|
||||
|
||||
2) Unpack the TAR. With GNU tar you can do it this way:
|
||||
"tar xzvf gnupg-x.y.z.tar.gz"
|
||||
--include-certs <n>
|
||||
|
||||
3) "cd gnupg-x.y.z"
|
||||
Using N of -2 includes all certificate except for the Root cert,
|
||||
-1 includes all certs, 0 does not include any certs, 1 includes only
|
||||
the signers cert (this is the default) and all other positives
|
||||
values include up to N certs starting with the signer cert.
|
||||
|
||||
4) "./configure"
|
||||
--policy-file <filename>
|
||||
|
||||
5) "make"
|
||||
Chnage the deault name of the policy file
|
||||
|
||||
6) "make install"
|
||||
--enable-policy-checks
|
||||
--disable-policy-checks
|
||||
|
||||
7) You end up with a "gpg" binary in /usr/local/bin.
|
||||
By default policy checks are enabled. These options may be used to
|
||||
change it.
|
||||
|
||||
8) To avoid swapping out of sensitive data, you can install "gpg" as
|
||||
suid root. If you don't do so, you may want to add the option
|
||||
"no-secmem-warning" to ~/.gnupg/gpg.conf
|
||||
--enable-crl-checks
|
||||
--disable-crl-checks
|
||||
|
||||
By default the CRL checks are enabled and the DirMngr is used to
|
||||
check for revoked certificates. The disable option is most useful
|
||||
with a off-line connection to suppres this check.
|
||||
|
||||
How to Verify the Source
|
||||
------------------------
|
||||
In order to check that the version of GnuPG which you are going to
|
||||
install is an original and unmodified one, you can do it in one of
|
||||
the following ways:
|
||||
--agent-program <path_to_agent_program>
|
||||
|
||||
a) If you already have a trusted Version of GnuPG installed, you
|
||||
can simply check the supplied signature:
|
||||
Specify an agent program to be used for secret key operations. The
|
||||
default value is "../agent/gpg-agent". This is only used as a
|
||||
fallback when the envrionment varaibale GPG_AGENT_INFO is not set or
|
||||
a running agent can't be connected.
|
||||
|
||||
$ gpg --verify gnupg-x.y.z.tar.gz.asc
|
||||
--dirmngr-program <path_to_dirmgr_program>
|
||||
|
||||
This checks that the detached signature gnupg-x.y.z.tar.gz.asc
|
||||
is indeed a a signature of gnupg-x.y.z.tar.gz. The key used to
|
||||
create this signature is:
|
||||
Specify a dirmngr program to be used for CRL checks. The default
|
||||
value is "/usr/sbin/dirmngr". This is only used as a fallback when
|
||||
the envrionment varaibale DIRMNGR_INFO is not set or a running
|
||||
dirmngr can't be connected.
|
||||
|
||||
"pub 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>"
|
||||
--no-secmem-warning
|
||||
|
||||
If you do not have this key, you can get it from the source in
|
||||
the file doc/samplekeys.asc (use "gpg --import doc/samplekeys.asc"
|
||||
to add it to the keyring) or from any keyserver. You have to
|
||||
make sure that this is really the key and not a faked one. You
|
||||
can do this by comparing the output of:
|
||||
Don't print the warning "no secure memory"
|
||||
|
||||
$ gpg --fingerprint 0x57548DCD
|
||||
--armor
|
||||
|
||||
with the fingerprint published elsewhere.
|
||||
Create PEM ecoded output. Default is binary output.
|
||||
|
||||
Please note, that you have to use an old version of GnuPG to
|
||||
do all this stuff. *Never* use the version which you are going
|
||||
to check!
|
||||
--base64
|
||||
|
||||
Create Base-64 encoded output; i.e. PEM without the header lines.
|
||||
|
||||
b) If you don't have any of the above programs, you have to verify
|
||||
the MD5 checksum:
|
||||
--assume-armor
|
||||
|
||||
$ md5sum gnupg-x.y.z.tar.gz
|
||||
Assume the input data is PEM encoded. Default is to autodetect the
|
||||
encoding but this is may fail.
|
||||
|
||||
This should yield an output _similar_ to this:
|
||||
--assume-base64
|
||||
|
||||
fd9351b26b3189c1d577f0970f9dcadc gnupg-x.y.z.tar.gz
|
||||
Assume the input data is plain base-64 encoded.
|
||||
|
||||
Now check that this checksum is _exactly_ the same as the one
|
||||
published via the announcement list and probably via Usenet.
|
||||
--assume-binary
|
||||
|
||||
Assume the input data is binary encoded.
|
||||
|
||||
--server
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
The manual will be distributed separate under the name "gph".
|
||||
An online version of the latest manual draft is available at the
|
||||
GnuPG web pages:
|
||||
Run in server mode. This is used by GPGME to control gpgsm. See
|
||||
the assuan specification regarding gpgsm about the used protocol.
|
||||
Some options are ignored in server mode.
|
||||
|
||||
http://www.gnupg.org/gph/
|
||||
--local-user <user_id>
|
||||
|
||||
A list of frequently asked questions is available in GnuPG's
|
||||
distibution in the file doc/FAQ and online as:
|
||||
Set the user to be used for signing. The default is the first
|
||||
secret key found in the database.
|
||||
|
||||
http://www.gnupg.org/faq.html
|
||||
--with-key-data
|
||||
|
||||
A couple of HOWTO documents are available online; for a listing see:
|
||||
Displays extra information with the --list-keys commands. Especiall
|
||||
a line tagged "grp" si printed which tells you the keygrip of a
|
||||
key. This is string is for example used as the filename of the
|
||||
secret key.
|
||||
|
||||
http://www.gnupg.org/docs.html#howtos
|
||||
|
||||
A man page with a description of all commands and options gets installed
|
||||
along with the program.
|
||||
|
||||
gpg-agent:
|
||||
---------
|
||||
|
||||
Introduction
|
||||
------------
|
||||
Here is a brief overview on how to use GnuPG - it is strongly suggested
|
||||
that you read the manual and other information about the use of
|
||||
cryptography. GnuPG is only a tool, secure usage requires that
|
||||
YOU KNOW WHAT YOU ARE DOING.
|
||||
--pinentry-program <path_to_pinentry_program>
|
||||
|
||||
If you already have a DSA key from PGP 5 (they call them DH/ElGamal)
|
||||
you can simply copy the pgp keyrings over the GnuPG keyrings after
|
||||
running gpg once to create the correct directory.
|
||||
Specify the PINentry program. The default value is
|
||||
"../../pinentry/kpinentry/kpinentry" so you most likely want to
|
||||
specify it.
|
||||
|
||||
The normal way to create a key is
|
||||
--no-grab
|
||||
|
||||
gpg --gen-key
|
||||
Tel the pinentry not to grab keybourd and mouse. You most likely
|
||||
want to give this option during testing and development to avoid
|
||||
lockups in case of bugs.
|
||||
|
||||
This asks some questions and then starts key generation. To create
|
||||
good random numbers for the key parameters, GnuPG needs to gather
|
||||
enough noise (entropy) from your system. If you see no progress
|
||||
during key generation you should start some other activities such
|
||||
as mouse moves or hitting on the CTRL and SHIFT keys.
|
||||
|
||||
Generate a key ONLY on a machine where you have direct physical
|
||||
access - don't do it over the network or on a machine used also
|
||||
by others - especially if you have no access to the root account.
|
||||
|
||||
When you are asked for a passphrase use a good one which you can
|
||||
easy remember. Don't make the passphrase too long because you have
|
||||
to type it for every decryption or signing; but, - AND THIS IS VERY
|
||||
IMPORTANT - use a good one that is not easily to guess because the
|
||||
security of the whole system relies on your secret key and the
|
||||
passphrase that protects it when someone gains access to your secret
|
||||
keyring. A good way to select a passphrase is to figure out a short
|
||||
nonsense sentence which makes some sense for you and modify it by
|
||||
inserting extra spaces, non-letters and changing the case of some
|
||||
characters - this is really easy to remember especially if you
|
||||
associate some pictures with it.
|
||||
|
||||
Next, you should create a revocation certificate in case someone
|
||||
gets knowledge of your secret key or you forgot your passphrase
|
||||
|
||||
gpg --gen-revoke your_user_id
|
||||
FILES
|
||||
=====
|
||||
|
||||
Run this command and store the revocation certificate away. The output
|
||||
is always ASCII armored, so that you can print it and (hopefully
|
||||
never) re-create it if your electronic media fails.
|
||||
The default home directory is ~/.gnupg. It can be changed by
|
||||
either the --homedir option or by seting the environment variable
|
||||
GNUPGHOME. This is a list of files usually found in this directory:
|
||||
|
||||
Now you can use your key to create digital signatures
|
||||
gpgsm.conf
|
||||
|
||||
gpg -s file
|
||||
Options for gpgsm. Options are the same as the command line
|
||||
options but don't enter the leading dashes and give arguments
|
||||
without an equal sign. Blank lines and lines starting with a
|
||||
hash mark as the first non whitye space character are ignored.
|
||||
|
||||
This creates a file "file.gpg" which is compressed and has a
|
||||
signature attached.
|
||||
gpg-agent.conf
|
||||
|
||||
gpg -sa file
|
||||
Options for gpg-agent
|
||||
|
||||
Same as above, but creates a file "file.asc" which is ASCII armored
|
||||
and and ready for sending by mail. It is better to use your
|
||||
mailers features to create signatures (The mailer uses GnuPG to do
|
||||
this) because the mailer has the ability to MIME encode such
|
||||
signatures - but this is not a security issue.
|
||||
scdaemon.conf
|
||||
|
||||
gpg -s -o out file
|
||||
Options for scdaemon.
|
||||
|
||||
Creates a signature of "file", but writes the output to the file
|
||||
"out".
|
||||
dirmngr.conf
|
||||
|
||||
Everyone who knows your public key (you can and should publish
|
||||
your key by putting it on a key server, a web page or in your .plan
|
||||
file) is now able to check whether you really signed this text
|
||||
Options for the DirMngr which is not part of this package and
|
||||
the option file wilol most likely be moved to /etc
|
||||
|
||||
gpg --verify file
|
||||
gpg.conf
|
||||
|
||||
GnuPG now checks whether the signature is valid and prints an
|
||||
appropriate message. If the signature is good, you know at least
|
||||
that the person (or machine) has access to the secret key which
|
||||
corresponds to the published public key.
|
||||
Options for gpg. Note that old versions of gpg use the
|
||||
filename `options' instead of `gpg.conf'.
|
||||
|
||||
If you run gpg without an option it will verify the signature and
|
||||
create a new file that is identical to the original. gpg can also
|
||||
run as a filter, so that you can pipe data to verify trough it
|
||||
policies.txt
|
||||
|
||||
cat signed-file | gpg | wc -l
|
||||
A list of allowed CA policies. This file should give the
|
||||
object identifiers of the policies line by line. emptry lines
|
||||
and lines startung with a hash mark are ignored.
|
||||
|
||||
which will check the signature of signed-file and then display the
|
||||
number of lines in the original file.
|
||||
++++++++++
|
||||
2.289.9.9
|
||||
++++++++++
|
||||
|
||||
To send a message encrypted to someone you can use
|
||||
trustlist.txt
|
||||
|
||||
gpg -e -r heine file
|
||||
A list of trusted certificates usually maintained by
|
||||
gpg-agent. It can however be edited manually. The file will
|
||||
be created automagically with some explaining comments.
|
||||
|
||||
This encrypts "file" with the public key of the user "heine" and
|
||||
writes it to "file.gpg"
|
||||
random_seed
|
||||
|
||||
echo "hello" | gpg -ea -r heine | mail heine
|
||||
|
||||
Ditto, but encrypts "hello\n" and mails it as ASCII armored message
|
||||
to the user with the mail address heine.
|
||||
|
||||
gpg -se -r heine file
|
||||
|
||||
This encrypts "file" with the public key of "heine" and writes it
|
||||
to "file.gpg" after signing it with your user id.
|
||||
|
||||
gpg -se -r heine -u Suttner file
|
||||
|
||||
Ditto, but sign the file with your alternative user id "Suttner"
|
||||
|
||||
|
||||
GnuPG has some options to help you publish public keys. This is
|
||||
called "exporting" a key, thus
|
||||
|
||||
gpg --export >all-my-keys
|
||||
|
||||
exports all the keys in the keyring and writes them (in a binary
|
||||
format) to "all-my-keys". You may then mail "all-my-keys" as an
|
||||
MIME attachment to someone else or put it on an FTP server. To
|
||||
export only some user IDs, you give them as arguments on the command
|
||||
line.
|
||||
|
||||
To mail a public key or put it on a web page you have to create
|
||||
the key in ASCII armored format
|
||||
|
||||
gpg --export --armor | mail panther@tiger.int
|
||||
|
||||
This will send all your public keys to your friend panther.
|
||||
|
||||
If you have received a key from someone else you can put it
|
||||
into your public keyring. This is called "importing"
|
||||
|
||||
gpg --import [filenames]
|
||||
|
||||
New keys are appended to your keyring and already existing
|
||||
keys are updated. Note that GnuPG does not import keys that
|
||||
are not self-signed.
|
||||
|
||||
Because anyone can claim that a public key belongs to her
|
||||
we must have some way to check that a public key really belongs
|
||||
to the owner. This can be achieved by comparing the key during
|
||||
a phone call. Sure, it is not very easy to compare a binary file
|
||||
by reading the complete hex dump of the file - GnuPG (and nearly
|
||||
every other program used for management of cryptographic keys)
|
||||
provides other solutions.
|
||||
|
||||
gpg --fingerprint <username>
|
||||
|
||||
prints the so called "fingerprint" of the given username which
|
||||
is a sequence of hex bytes (which you may have noticed in mail
|
||||
sigs or on business cards) that uniquely identifies the public
|
||||
key - different keys will always have different fingerprints.
|
||||
It is easy to compare fingerprints by phone and I suggest
|
||||
that you print your fingerprint on the back of your business
|
||||
card. To see the fingerprints of the secondary keys, you can
|
||||
give the command twice; but this is normally not needed.
|
||||
|
||||
If you don't know the owner of the public key you are in trouble.
|
||||
Suppose however that friend of yours knows someone who knows someone
|
||||
who has met the owner of the public key at some computer conference.
|
||||
Suppose that all the people between you and the public key holder
|
||||
may now act as introducers to you. Introducers signing keys thereby
|
||||
certify that they know the owner of the keys they sign. If you then
|
||||
trust all the introducers to have correctly signed other keys, you
|
||||
can be be sure that the other key really belongs to the one who
|
||||
claims to own it..
|
||||
|
||||
There are 2 steps to validate a key:
|
||||
1. First check that there is a complete chain
|
||||
of signed keys from the public key you want to use
|
||||
and your key and verify each signature.
|
||||
2. Make sure that you have full trust in the certificates
|
||||
of all the introduces between the public key holder and
|
||||
you.
|
||||
Step 2 is the more complicated part because there is no easy way
|
||||
for a computer to decide who is trustworthy and who is not. GnuPG
|
||||
leaves this decision to you and will ask you for a trust value
|
||||
(here also referenced as the owner-trust of a key) for every key
|
||||
needed to check the chain of certificates. You may choose from:
|
||||
a) "I don't know" - then it is not possible to use any
|
||||
of the chains of certificates, in which this key is used
|
||||
as an introducer, to validate the target key. Use this if
|
||||
you don't know the introducer.
|
||||
b) "I do not trust" - Use this if you know that the introducer
|
||||
does not do a good job in certifying other keys. The effect
|
||||
is the same as with a) but for a) you may later want to
|
||||
change the value because you got new information about this
|
||||
introducer.
|
||||
c) "I trust marginally" - Use this if you assume that the
|
||||
introducer knows what he is doing. Together with some
|
||||
other marginally trusted keys, GnuPG validates the target
|
||||
key then as good.
|
||||
d) "I fully trust" - Use this if you really know that this
|
||||
introducer does a good job when certifying other keys.
|
||||
If all the introducer are of this trust value, GnuPG
|
||||
normally needs only one chain of signatures to validate
|
||||
a target key okay. (But this may be adjusted with the help
|
||||
of some options).
|
||||
This information is confidential because it gives your personal
|
||||
opinion on the trustworthiness of someone else. Therefore this data
|
||||
is not stored in the keyring but in the "trustdb"
|
||||
(~/.gnupg/trustdb.gpg). Do not assign a high trust value just
|
||||
because the introducer is a friend of yours - decide how well she
|
||||
understands the implications of key signatures and you may want to
|
||||
tell her more about public key cryptography so you can later change
|
||||
the trust value you assigned.
|
||||
|
||||
Okay, here is how GnuPG helps you with key management. Most stuff
|
||||
is done with the --edit-key command
|
||||
|
||||
gpg --edit-key <keyid or username>
|
||||
|
||||
GnuPG displays some information about the key and then prompts
|
||||
for a command (enter "help" to see a list of commands and see
|
||||
the man page for a more detailed explanation). To sign a key
|
||||
you select the user ID you want to sign by entering the number
|
||||
that is displayed in the leftmost column (or do nothing if the
|
||||
key has only one user ID) and then enter the command "sign" and
|
||||
follow all the prompts. When you are ready, give the command
|
||||
"save" (or use "quit" to cancel your actions).
|
||||
|
||||
If you want to sign the key with another of your user IDs, you
|
||||
must give an "-u" option on the command line together with the
|
||||
"--edit-key".
|
||||
|
||||
Normally you want to sign only one user ID because GnuPG
|
||||
uses only one and this keeps the public key certificate
|
||||
small. Because such key signatures are very important you
|
||||
should make sure that the signatories of your key sign a user ID
|
||||
which is very likely to stay for a long time - choose one with an
|
||||
email address you have full control of or do not enter an email
|
||||
address at all. In future GnuPG will have a way to tell which
|
||||
user ID is the one with an email address you prefer - because
|
||||
you have no signatures on this email address it is easy to change
|
||||
this address. Remember, your signatories sign your public key (the
|
||||
primary one) together with one of your user IDs - so it is not possible
|
||||
to change the user ID later without voiding all the signatures.
|
||||
|
||||
Tip: If you hear about a key signing party on a computer conference
|
||||
join it because this is a very convenient way to get your key
|
||||
certified (But remember that signatures have nothing to to with the
|
||||
trust you assign to a key).
|
||||
|
||||
|
||||
8 Ways to Specify a User ID
|
||||
--------------------------
|
||||
There are several ways to specify a user ID, here are some examples.
|
||||
|
||||
* Only by the short keyid (prepend a zero if it begins with A..F):
|
||||
|
||||
"234567C4"
|
||||
"0F34E556E"
|
||||
"01347A56A"
|
||||
"0xAB123456
|
||||
|
||||
* By a complete keyid:
|
||||
|
||||
"234AABBCC34567C4"
|
||||
"0F323456784E56EAB"
|
||||
"01AB3FED1347A5612"
|
||||
"0x234AABBCC34567C4"
|
||||
|
||||
* By a fingerprint:
|
||||
|
||||
"1234343434343434C434343434343434"
|
||||
"123434343434343C3434343434343734349A3434"
|
||||
"0E12343434343434343434EAB3484343434343434"
|
||||
|
||||
The first one is MD5 the others are ripemd160 or sha1.
|
||||
|
||||
* By an exact string:
|
||||
|
||||
"=Heinrich Heine <heinrichh@uni-duesseldorf.de>"
|
||||
|
||||
* By an email address:
|
||||
|
||||
"<heinrichh@uni-duesseldorf.de>"
|
||||
|
||||
* By word match
|
||||
|
||||
"+Heinrich Heine duesseldorf"
|
||||
|
||||
All words must match exactly (not case sensitive) and appear in
|
||||
any order in the user ID. Words are any sequences of letters,
|
||||
digits, the underscore and characters with bit 7 set.
|
||||
|
||||
* Or by the usual substring:
|
||||
|
||||
"Heine"
|
||||
"*Heine"
|
||||
|
||||
The '*' indicates substring search explicitly.
|
||||
|
||||
|
||||
Batch mode
|
||||
----------
|
||||
If you use the option "--batch", GnuPG runs in non-interactive mode and
|
||||
never prompts for input data. This does not even allow entering the
|
||||
passphrase. Until we have a better solution (something like ssh-agent),
|
||||
you can use the option "--passphrase-fd n", which works like PGP's
|
||||
PGPPASSFD.
|
||||
|
||||
Batch mode also causes GnuPG to terminate as soon as a BAD signature is
|
||||
detected.
|
||||
|
||||
|
||||
Exit status
|
||||
-----------
|
||||
GnuPG returns with an exit status of 1 if in batch mode and a bad signature
|
||||
has been detected or 2 or higher for all other errors. You should parse
|
||||
stderr or, better, the output of the fd specified with --status-fd to get
|
||||
detailed information about the errors.
|
||||
|
||||
|
||||
Configure options
|
||||
-----------------
|
||||
Here is a list of configure options which are sometime useful
|
||||
for installation.
|
||||
|
||||
--enable-static-rnd=<name>
|
||||
Force the use of the random byte gathering
|
||||
module <name>. Default is either to use /dev/random
|
||||
or the auto mode. Value for name:
|
||||
egd - Use the module which accesses the
|
||||
Entropy Gathering Daemon. See the webpages
|
||||
for more information about it.
|
||||
unix - Use the standard Unix module which does not
|
||||
have a very good performance.
|
||||
linux - Use the module which accesses /dev/random.
|
||||
This is the first choice and the default one
|
||||
for GNU/Linux or *BSD.
|
||||
auto - Compile linux, egd and unix in and
|
||||
automagically select at runtime.
|
||||
Used internally for keeping the state of the RNG over
|
||||
invocations.
|
||||
|
||||
--with-egd-socket=<name>
|
||||
This is only used when EGD is used as random
|
||||
gatherer. GnuPG uses by default "~/.gnupg/entropy"
|
||||
as the socket to connect EGD. Using this option the
|
||||
socket name can be changed. You may use any filename
|
||||
here with 2 exceptions: a filename starting with
|
||||
"~/" uses the socket in the homedirectory of the user
|
||||
and one starting with a "=" uses a socket in the
|
||||
GnuPG homedirectory which is bye default "~/.gnupg".
|
||||
pubring.kbx
|
||||
|
||||
--with-included-zlib
|
||||
Forces usage of the local zlib sources. Default is
|
||||
to use the (shared) library of the system.
|
||||
The database file with the certificates.
|
||||
|
||||
--with-included-gettext
|
||||
Forces usage of the local gettext sources instead of
|
||||
the one provided by your system.
|
||||
pubring.gpg
|
||||
|
||||
--disable-nls
|
||||
Disable NLS support (See the file ABOUT-NLS)
|
||||
The database file with the OpenPGP public keys. This will
|
||||
eventually be merged with pubring.kbx
|
||||
|
||||
--enable-m-guard
|
||||
Enable the integrated malloc checking code. Please
|
||||
note that this feature does not work on all CPUs
|
||||
(e.g. SunOS 5.7 on UltraSparc-2) and might give
|
||||
you a bus error.
|
||||
secring.gpg
|
||||
|
||||
--disable-dynload
|
||||
If you have problems with dynamic loading, this
|
||||
option disables all dynamic loading stuff. Note
|
||||
that the use of dynamic linking is very limited.
|
||||
The database file with the OpenPGP secret keys. This will be
|
||||
removed when gpg is changed to make use of the gpg-agent.
|
||||
|
||||
--disable-asm
|
||||
Do not use assembler modules. It is not possible
|
||||
to use this on some CPU types.
|
||||
|
||||
--disable-exec
|
||||
Disable all remote program execution. This
|
||||
disables photo ID viewing as well as all keyserver
|
||||
types aside from HKP.
|
||||
private-keys-v1.d/
|
||||
|
||||
--disable-photo-viewers
|
||||
Disable only photo ID viewing.
|
||||
Directory holding the private keys maintained by gpg-agent.
|
||||
For detailed info see agent/keyformat.txt. Note that there is
|
||||
a helper tool gpg-protect-tool which may be used to protect or
|
||||
unprotect keys. This is however nothing a user should care
|
||||
about.
|
||||
|
||||
--disable-keyserver-helpers
|
||||
Disable only keyserver helpers (not including
|
||||
HKP).
|
||||
|
||||
--disable-keyserver-path
|
||||
Disables the user's ability to use the exec-path
|
||||
feature to add additional search directories when
|
||||
executing a keyserver helper.
|
||||
How to specify a user ID
|
||||
========================
|
||||
|
||||
--with-photo-viewer=FIXED_VIEWER
|
||||
Force the photo viewer to be FIXED_VIEWER and
|
||||
disable any ability for the user to change it in
|
||||
their options file.
|
||||
Due to the way X.509 certificates are made up we need a few new ways
|
||||
to specify a certificate (aka key in OpenPGP). In addition to the
|
||||
ways a user ID can be specified with gpg, I have implemented 3 new
|
||||
modes for gpgsm, here is the entire list of ways to specify a key:
|
||||
|
||||
* By keyID.
|
||||
|
||||
Installation Problems
|
||||
---------------------
|
||||
If you get unresolved externals "gettext" you should run configure
|
||||
again with the option "--with-included-gettext"; this is version
|
||||
0.10.35 which is available at alpha.gnu.org.
|
||||
|
||||
If you have other compile problems, try the configure options
|
||||
"--with-included-zlib" or "--disable-nls" (See ABOUT-NLS) or
|
||||
--disable-dynload.
|
||||
This format is deducded from the length of the string and its
|
||||
content or "0x" prefix. For use with OpenPGP a exclamation mark may
|
||||
be appended to force use of the specified (sub)key.
|
||||
|
||||
We can't check all assembler files, so if you have problems
|
||||
assembling them (or the program crashes) use --disable-asm with
|
||||
./configure. The configure scripts may consider several
|
||||
subdirectories to get all available assembler files; be sure to
|
||||
delete the correct ones. The assembler replacements are in C and
|
||||
in mpi/generic; never delete udiv-qrnnd.S in any CPU directory,
|
||||
because there may be no C substitute. Don't forget to delete
|
||||
"config.cache" and run "./config.status --recheck".
|
||||
As with v34 OpenPGP keys, the keyID of an X509 certificate are the
|
||||
low 64 bits of the SHA-1 fingerprint. The use of keyIDs is just a
|
||||
shortcut, for all automated processing the fingerprint should be
|
||||
used.
|
||||
|
||||
Some make tools are broken - the best solution is to use GNU's
|
||||
make. Try gmake or grab the sources from a GNU archive and
|
||||
install them.
|
||||
|
||||
On some OSF systems you may get unresolved externals. This is a
|
||||
libtool problem and the workaround is to manually remove all the
|
||||
"-lc -lz" but the last one from the linker line and execute them
|
||||
manually.
|
||||
|
||||
On some architectures you see warnings like:
|
||||
longlong.h:175: warning: function declaration isn't a prototype
|
||||
or
|
||||
http.c:647: warning: cast increases required alignment of target type
|
||||
This doesn't matter and we know about it (actually it is due to
|
||||
some warning options which we have enabled for gcc)
|
||||
Examples:
|
||||
|
||||
234567C4
|
||||
0F34E556E
|
||||
01347A56A
|
||||
0xAB123456
|
||||
|
||||
Specific problems on some machines
|
||||
----------------------------------
|
||||
234AABBCC34567C4
|
||||
0F323456784E56EAB
|
||||
01AB3FED1347A5612
|
||||
0x234AABBCC34567C4
|
||||
|
||||
* IBM RS/6000 running AIX:
|
||||
* By fingerprint
|
||||
|
||||
Due to a change in gcc (since version 2.8) the MPI stuff may
|
||||
not build. In this case try to run configure using:
|
||||
CFLAGS="-g -O2 -mcpu=powerpc" ./configure
|
||||
This is format is deduced from the length of the string and its
|
||||
content or "0x" prefix. Note, that only the 20 byte fingerprint is
|
||||
used with GPGSM (SHA-1 hash of the certificate). For use with
|
||||
OpenPGP a exclamation mark may be appended to force use of the
|
||||
specified (sub)key.
|
||||
|
||||
* Compaq C V6.2 for alpha:
|
||||
Examples:
|
||||
|
||||
You may want to use the option "-msg-disable ptrmismatch1"
|
||||
to get rid of the sign/unsigned char mismatch warnings.
|
||||
1234343434343434C434343434343434
|
||||
123434343434343C3434343434343734349A3434
|
||||
0E12343434343434343434EAB3484343434343434
|
||||
0xE12343434343434343434EAB3484343434343434
|
||||
|
||||
* SVR4.2 (ESIX V4.2 cc)
|
||||
* Exact match on OpenPGP user ID
|
||||
|
||||
Due to problems with the ESIX as, you probably want to do
|
||||
CFLAGS="-O -K pentium" ./configure --disable-asm
|
||||
Reported by Reinhard Wobst.
|
||||
This is denoted by a leading equal sign. It does not make much
|
||||
sense for X.509.
|
||||
|
||||
Example:
|
||||
|
||||
=Heinrich Heine <heinrichh@uni-duesseldorf.de>
|
||||
|
||||
The Random Device
|
||||
-----------------
|
||||
* Exact match on an email address.
|
||||
|
||||
Random devices are available in Linux, FreeBSD and OpenBSD.
|
||||
Operating systems without a random devices must use another
|
||||
entropy collector.
|
||||
This is indicated by enclosing the email address in the usual way
|
||||
with left and right angles
|
||||
|
||||
This collector works by running a lot of commands that yield more
|
||||
or less unpredictable output and feds this as entropy into the
|
||||
random generator - It should work reliably but you should check
|
||||
whether it produces good output for your version of Unix. There
|
||||
are some debug options to help you (see cipher/rndunix.c).
|
||||
Example:
|
||||
|
||||
<heinrichh@uni-duesseldorf.de>
|
||||
|
||||
Creating an RPM package
|
||||
-----------------------
|
||||
The file scripts/gnupg.spec is used to build a RPM package (both
|
||||
binary and src):
|
||||
1. copy the spec file into /usr/src/redhat/SPECS
|
||||
2. copy the tar file into /usr/src/redhat/SOURCES
|
||||
3. type: rpm -ba SPECS/gnupg.spec
|
||||
* Word match
|
||||
|
||||
Or use the -t (--tarbuild) option of rpm:
|
||||
1. rpm -ta gnupg-x.x.x.tar.gz
|
||||
All words must match exactly (not case sensitive) but can appear in
|
||||
any order in the user ID or a subjects name. Words are any
|
||||
sequences of letters, digits, the underscore and all characters
|
||||
with bit 7 set.
|
||||
|
||||
The binary rpm file can now be found in /usr/src/redhat/RPMS, source
|
||||
rpm in /usr/src/redhat/SRPMS
|
||||
Example:
|
||||
|
||||
+Heinrich Heine duesseldorf
|
||||
|
||||
How to Get More Information
|
||||
---------------------------
|
||||
* [NEW] Exact match by subject's DN
|
||||
|
||||
The primary WWW page is "http://www.gnupg.org"
|
||||
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
|
||||
This is indicated by a leading slash, directly followed by the
|
||||
rfc2253 encoded DN of the subject.
|
||||
|
||||
See http://www.gnupg.org/mirrors.html for a list of mirrors
|
||||
and use them if possible. You may also find GnuPG mirrored on
|
||||
some of the regular GNU mirrors.
|
||||
Example:
|
||||
|
||||
We have some mailing lists dedicated to GnuPG:
|
||||
/CN=Henrich Heine,O=Poets,L=Paris,C=FR
|
||||
|
||||
gnupg-announce@gnupg.org For important announcements like
|
||||
new versions and such stuff.
|
||||
This is a moderated list and has
|
||||
very low traffic.
|
||||
* [NEW] Excact match by issuer's DN
|
||||
|
||||
gnupg-users@gnupg.org For general user discussion and
|
||||
help.
|
||||
This is indicated by a leading hash mark, directly followed by a
|
||||
slash and then directly followed by the rfc2253 encoded DN of the
|
||||
issuer. This should return the Root cert of the issuer
|
||||
|
||||
gnupg-devel@gnupg.org GnuPG developers main forum.
|
||||
Example:
|
||||
|
||||
You subscribe to one of the list by sending mail with a subject
|
||||
of "subscribe" to x-request@gnupg.org, where x is the name of the
|
||||
mailing list (gnupg-announce, gnupg-users, etc.). An archive of
|
||||
the mailing lists is available at http://lists.gnupg.org .
|
||||
#/CN=Root Cert,O=Poets,L=Paris,C=FR
|
||||
|
||||
Please direct bug reports to <bug-gnupg@gnu.org> or post
|
||||
them direct to the mailing list <gnupg-devel@gnupg.org>.
|
||||
* [NEW] Exact match by serial number and subject's DN
|
||||
|
||||
Please direct questions about GnuPG to the users mailing list or
|
||||
one of the pgp newsgroups; please do not direct questions to one
|
||||
of the authors directly as we are busy working on improvements
|
||||
and bug fixes. Both mailing lists are watched by the authors
|
||||
and we try to answer questions when time allows us to do so.
|
||||
This is indicated by a hash mark, followed by the hexadecmal
|
||||
representation of the serial number, the followed by a slahs and
|
||||
the RFC2253 encoded DN of the issuer.
|
||||
|
||||
Example:
|
||||
|
||||
#4F03/CN=Root Cert,O=Poets,L=Paris,C=FR
|
||||
|
||||
* Substring match
|
||||
|
||||
By case insensitive substring matching. This is the default mode
|
||||
but applications may want to explicitly indicate this by putting
|
||||
the asterisk in front.
|
||||
|
||||
Example:
|
||||
|
||||
Heine
|
||||
*Heine
|
||||
|
||||
|
||||
Please note that we have reused the hash mark indentifier which was
|
||||
used in old GnuPG versions to indicate the so called local-id. It is
|
||||
not anymore used and there should be no conflict when used with X.509
|
||||
stuff.
|
||||
|
||||
Using the rfc2253 format of DNs has the drawback that it is not
|
||||
possible to map them back to the original encoding, however we don't
|
||||
have to do this, because our key database stores this encoding as meta
|
||||
data.
|
||||
|
||||
Some of the search modes are not yet implemented ;-)
|
||||
|
||||
|
||||
How to import a private key
|
||||
===========================
|
||||
There is some limited support to import a private key from a PKCS-12
|
||||
file. Note, that this does only import the private key and not any
|
||||
certificates available in that file.
|
||||
|
||||
gpg-protect-tool --p12-import --store foo.p12
|
||||
|
||||
This require that the gpg-agent is running, alternative you may give
|
||||
the passphrase on the commandline using the option "-P <passphrase>" -
|
||||
however this is in general not a good idea. If that key already
|
||||
exists, the protect-tool refuses to store it unless you use the option
|
||||
"--force".
|
||||
|
||||
How to export a private key
|
||||
===========================
|
||||
There is also limited support to export a private key in PKCS-12
|
||||
format. However the certificate is not stored and there is no MAC applied.
|
||||
|
||||
gpg-protect-tool --p12-export foo.key >foo.p12
|
||||
|
||||
Commercial grade support for GnuPG is available; please see
|
||||
the GNU service directory or search other resources.
|
||||
|
||||
|
231
THANKS
231
THANKS
@ -1,232 +1,3 @@
|
||||
GnuPG was originally written by Werner Koch. Other people contributed by
|
||||
reporting problems, suggesting various improvements or submitting actual
|
||||
code. Here is a list of those people. Help me keep it complete and free of
|
||||
errors.
|
||||
|
||||
Adam Mitchell adam@cafe21.org
|
||||
Albert Chin china@thewrittenword.com
|
||||
Alec Habig habig@budoe2.bu.edu
|
||||
Allan Clark allanc@sco.com
|
||||
Anand Kumria wildfire@progsoc.uts.edu.au
|
||||
Andreas Haumer andreas@xss.co.at
|
||||
Anthony Mulcahy anthony@kcn.ne.jp
|
||||
Ariel T Glenn ariel@columbia.edu
|
||||
Bob Mathews bobmathews@mindspring.com
|
||||
Bodo Moeller Bodo_Moeller@public.uni-hamburg.de
|
||||
Brendan O'Dea bod@debian.org
|
||||
Brenno de Winter brenno@dewinter.com
|
||||
Brian M. Carlson karlsson@hal-pc.org
|
||||
Brian Moore bem@cmc.net
|
||||
Brian Warner warner@lothar.com
|
||||
Bryan Fullerton bryanf@samurai.com
|
||||
Caskey L. Dickson caskey@technocage.com
|
||||
Cees van de Griend cees-list@griend.xs4all.nl
|
||||
Charles Levert charles@comm.polymtl.ca
|
||||
Chip Salzenberg chip@valinux.com
|
||||
Chris Adams cmadams@hiwaay.net
|
||||
Christian Biere christianbiere@gmx.de
|
||||
Christian Kurz shorty@debian.org
|
||||
Christian von Roques roques@pond.sub.org
|
||||
Christopher Oliver oliver@fritz.traverse.net
|
||||
Christian Recktenwald chris@citecs.de
|
||||
Dan Winship danw@helixcode.com
|
||||
Daniel Eisenbud eisenbud@cs.swarthmore.edu
|
||||
Daniel Koening dan@mail.isis.de
|
||||
Daniel Resare daniel@resare.com
|
||||
Dave Dykstra dwd@bell-labs.com
|
||||
David C Niemi niemi@tuxers.net
|
||||
David Champion dgc@uchicago.edu
|
||||
David D. Scribner dscribner@bigfoot.com
|
||||
David Ellement ellement@sdd.hp.com
|
||||
David Hallinan hallinan@rtd.com
|
||||
David Hollenberg dhollen@ISI.EDU
|
||||
David Mathog MATHOG@seqaxp.bio.caltech.edu
|
||||
David R. Bergstein dbergstein@home.com
|
||||
David Shaw dshaw@jabberwocky.com
|
||||
Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
|
||||
Dimitri dmitri@advantrix.com
|
||||
Dirk Lattermann dlatt@t-online.de
|
||||
Dirk Meyer dirk.meyer@dinoex.sub.org
|
||||
Disastry Disastry@saiknes.lv
|
||||
Douglas Calvert dfc@anize.org
|
||||
Ed Boraas ecxjo@esperanto.org
|
||||
Edmund GRIMLEY EVANS edmundo@rano.org
|
||||
Edwin Woudt edwin@woudt.nl
|
||||
Enzo Michelangeli em@MailAndNews.com
|
||||
Ernst Molitor ernst.molitor@uni-bonn.de
|
||||
Fabio Coatti cova@ferrara.linux.it
|
||||
Felix von Leitner leitner@amdiv.de
|
||||
fish stiqz fish@analog.org
|
||||
Florian Weimer Florian.Weimer@rus.uni-stuttgart.de
|
||||
Francesco Potorti pot@gnu.org
|
||||
Frank Donahoe fdonahoe@wilkes1.wilkes.edu
|
||||
Frank Heckenbach heckenb@mi.uni-erlangen.de
|
||||
Frank Stajano frank.stajano@cl.cam.ac.uk
|
||||
Frank Tobin ftobin@uiuc.edu
|
||||
Gabriel Rosenkoetter gr@eclipsed.net
|
||||
Gaël Quéri gael@lautre.net
|
||||
Gene Carter gcarter@lanier.com
|
||||
Georg Schwarz georg.schwarz@iname.com
|
||||
Giampaolo Tomassoni g.tomassoni@libero.it
|
||||
Gilbert Fernandes gilbert_fernandes@hotmail.com
|
||||
Greg Louis glouis@dynamicro.on.ca
|
||||
Greg Troxel gdt@ir.bbn.com
|
||||
Gregory Steuck steuck@iname.com
|
||||
Geoff Keating geoffk@ozemail.com.au
|
||||
Harald Denker harry@hal.westfalen.de
|
||||
Holger Baust Holger.Baust@freenet-ag.de
|
||||
Hendrik Buschkamp buschkamp@rheumanet.org
|
||||
Holger Schurig holger@d.om.org
|
||||
Holger Smolinski smolinsk@de.ibm.com
|
||||
Holger Trapp Holger.Trapp@informatik.tu-chemnitz.de
|
||||
Hugh Daniel hugh@toad.com
|
||||
Huy Le huyle@ugcs.caltech.edu
|
||||
Ian McKellar imckellar@harvestroad.com.au
|
||||
Ingo Klöcker kloecker@kde.org
|
||||
Ivo Timmermans itimmermans@bigfoot.com
|
||||
Jan Krueger max@physics.otago.ac.nz
|
||||
Jan Niehusmann jan@gondor.com
|
||||
Janusz A. Urbanowicz alex@bofh.torun.pl
|
||||
James Troup james@nocrew.org
|
||||
Jean-loup Gailly gzip@prep.ai.mit.edu
|
||||
Jeff Long long@kestrel.cc.ukans.edu
|
||||
Jeffery Von Ronne jronne@ics.uci.edu
|
||||
Jens Bachem bachem@rrz.uni-koeln.de
|
||||
Jeroen C. van Gelderen jeroen@vangelderen.org
|
||||
J Horacio MG homega@ciberia.es
|
||||
J. Michael Ashley jashley@acm.org
|
||||
Jim Bauer jfbauer@home.com
|
||||
Jim Small cavenewt@my-deja.com
|
||||
Joachim Backes backes@rhrk.uni-kl.de
|
||||
Joe Rhett jrhett@isite.net
|
||||
John A. Martin jam@jamux.com
|
||||
Johnny Teveßen j.tevessen@gmx.de
|
||||
Jörg Schilling schilling@fokus.gmd.de
|
||||
Jos Backus Jos.Backus@nl.origin-it.com
|
||||
Jun Kuriyama kuriyama@sky.rim.or.jp
|
||||
Kahil D. Jallad kdj4@cs.columbia.edu
|
||||
Karl Fogel kfogel@guanabana.onshore.com
|
||||
Karsten Thygesen karthy@kom.auc.dk
|
||||
Katsuhiro Kondou kondou@nec.co.jp
|
||||
Kazu Yamamoto kazu@iijlab.net
|
||||
Keith Clayton keith@claytons.org
|
||||
Kevin Ryde user42@zip.com.au
|
||||
Klaus Singvogel ks@caldera.de
|
||||
Kurt Garloff garloff@suse.de
|
||||
Lars Kellogg-Stedman lars@bu.edu
|
||||
L. Sassaman rabbi@quickie.net
|
||||
M Taylor mctaylor@privacy.nb.ca
|
||||
Marcel Waldvogel mwa@arl.wustl.edu
|
||||
Marco d'Itri md@linux.it
|
||||
Marco Parrone marc0@autistici.org
|
||||
Marcus Brinkmann Marcus.Brinkmann@ruhr-uni-bochum.de
|
||||
Mark Adler madler@alumni.caltech.edu
|
||||
Mark Elbrecht snowball3@bigfoot.com
|
||||
Mark Pettit pettit@yahoo-inc.com
|
||||
Markus Friedl Markus.Friedl@informatik.uni-erlangen.de
|
||||
Martin Kahlert martin.kahlert@provi.de
|
||||
Martin Hamilton
|
||||
Martin Schulte schulte@thp.uni-koeln.de
|
||||
Matt Kraai kraai@alumni.carnegiemellon.edu
|
||||
Matthew Skala mskala@ansuz.sooke.bc.ca
|
||||
Matthew Wilcox matthew@wil.cx
|
||||
Matthias Urlichs smurf@noris.de
|
||||
Max Valianskiy maxcom@maxcom.ml.org
|
||||
Michael Engels michael.engels@uni-duesseldorf.de
|
||||
Michael Fischer v. Mollard mfvm@gmx.de
|
||||
Michael Roth mroth@nessie.de
|
||||
Michael Sobolev mss@despair.transas.com
|
||||
Michael Tokarev mjt@tls.msk.ru
|
||||
Nicolas Graner Nicolas.Graner@cri.u-psud.fr
|
||||
Mike McEwan mike@lotusland.demon.co.uk
|
||||
Neal H Walfield neal@cs.uml.edu
|
||||
NIIBE Yutaka gniibe@chroot.org
|
||||
Niklas Hernaeus
|
||||
Nimrod Zimerman zimerman@forfree.at
|
||||
N J Doye nic@niss.ac.uk
|
||||
Oliver Haakert haakert@hsp.de
|
||||
Oskari Jääskeläinen f33003a@cc.hut.fi
|
||||
Pascal Scheffers Pascal@scheffers.net
|
||||
Paul D. Smith psmith@baynetworks.com
|
||||
Per Cederqvist ceder@lysator.liu.se
|
||||
Phil Blundell pb@debian.org
|
||||
Philippe Laliberte arsphl@oeil.qc.ca
|
||||
Peter Fales psfales@lucent.com
|
||||
Peter Gutmann pgut001@cs.auckland.ac.nz
|
||||
Peter Marschall Peter.Marschall@gedos.de
|
||||
Peter Valchev pvalchev@openbsd.org
|
||||
Piotr Krukowiecki piotr@pingu.ii.uj.edu.pl
|
||||
QingLong qinglong@bolizm.ihep.su
|
||||
Ralph Gillen gillen@theochem.uni-duesseldorf.de
|
||||
Rat ratinox@peorth.gweep.net
|
||||
Reinhard Wobst R.Wobst@ifw-dresden.de
|
||||
Rémi Guyomarch rguyom@mail.dotcom.fr
|
||||
Reuben Sumner rasumner@wisdom.weizmann.ac.il
|
||||
Richard Outerbridge outer@interlog.com
|
||||
Robert Joop rj@rainbow.in-berlin.de
|
||||
Roddy Strachan roddy@satlink.com.au
|
||||
Roger Sondermann r.so@bigfoot.com
|
||||
Roland Rosenfeld roland@spinnaker.rhein.de
|
||||
Roman Pavlik rp@tns.cz
|
||||
Ross Golder rossigee@bigfoot.com
|
||||
Ryan Malayter rmalayter@bai.org
|
||||
Sam Roberts sam@cogent.ca
|
||||
Sami Tolvanen sami@tolvanen.com
|
||||
Sean MacLennan seanm@netwinder.org
|
||||
Sebastian Klemke packet@convergence.de
|
||||
Serge Munhoven munhoven@mema.ucl.ac.be
|
||||
SL Baur steve@xemacs.org
|
||||
Stefan Bellon sbellon@sbellon.de
|
||||
Stefan Karrmann S.Karrmann@gmx.net
|
||||
Stefan Keller dres@cs.tu-berlin.de
|
||||
Steffen Ullrich ccrlphr@xensei.com
|
||||
Steffen Zahn zahn@berlin.snafu.de
|
||||
Steven Bakker steven@icoe.att.com
|
||||
Steven Murdoch sjmurdoch@bigfoot.com
|
||||
Susanne Schultz schultz@hsp.de
|
||||
Ted Cabeen secabeen@pobox.com
|
||||
Thiago Jung Bauermann jungmann@cwb.matrix.com.br
|
||||
Thomas Roessler roessler@guug.de
|
||||
Tim Mooney mooney@dogbert.cc.ndsu.nodak.edu
|
||||
Timo Schulz towaday@freakmail.de
|
||||
TOGAWA Satoshi Satoshi.Togawa@jp.yokogawa.com
|
||||
Tom Spindler dogcow@home.merit.edu
|
||||
Tom Zerucha tzeruch@ceddec.com
|
||||
Tomas Fasth tomas.fasth@twinspot.net
|
||||
Tommi Komulainen Tommi.Komulainen@iki.fi
|
||||
Thomas Klausner wiz@danbala.ifoer.tuwien.ac.at
|
||||
Tomasz Kozlowski tomek@rentec.com
|
||||
Thomas Mikkelsen tbm@image.dk
|
||||
Ulf Möller 3umoelle@informatik.uni-hamburg.de
|
||||
Urko Lusa ulusa@euskalnet.net
|
||||
Vincent P. Broman broman@spawar.navy.mil
|
||||
W Lewis wiml@hhhh.org
|
||||
Walter Hofmann Walter.Hofmann@physik.stud.uni-erlangen.de
|
||||
Walter Koch koch@hsp.de
|
||||
Wayne Chapeskie waynec@spinnaker.com
|
||||
Werner Koch wk@gnupg.org
|
||||
Wim Vandeputte bunbun@reptile.rug.ac.be
|
||||
Winona Brown win@huh.org
|
||||
Yosiaki IIDA iida@ring.gr.jp
|
||||
Yoshihiro Kajiki kajiki@ylug.org
|
||||
nbecker@hns.com
|
||||
|
||||
Thanks to the German Unix User Group for sponsoring this project,
|
||||
Martin Hamilton for hosting the first mailing list and OpenIT for
|
||||
cheap hosting conditions.
|
||||
|
||||
The development of this software has partly been funded by the German
|
||||
Ministry for Economics and Technology under grant VIB3-68553.168-001/1999.
|
||||
|
||||
Many thanks to my wife Gerlinde for having so much patience with
|
||||
me while hacking late in the evening.
|
||||
|
||||
Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
|
||||
|
||||
This file is free software; as a special exception the author gives
|
||||
unlimited permission to copy and/or distribute it, with or without
|
||||
modifications, as long as this notice is preserved.
|
||||
|
||||
This file is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
Richard Lefebvre rick@CERCA.UMontreal.CA
|
||||
|
141
TODO
141
TODO
@ -1,104 +1,61 @@
|
||||
* Reword the "Not enough entropy" messages.
|
||||
-*- outline -*-
|
||||
|
||||
* Do we need a configure test for putenv?
|
||||
* src/base64
|
||||
** Make parsing more robust
|
||||
Currently we don't cope with overlong lines in the best way.
|
||||
|
||||
* Check for consistent spelling of user ID, key ID etc.
|
||||
Replace "user id not found" in getkey.c by "no valid user ID found".
|
||||
* sm/call-agent.c
|
||||
** The protocol uses an incomplete S-expression
|
||||
We should always use valid S-Exp and not just parts.
|
||||
** Some code should go into import.c
|
||||
** When we allow concurrent service request in gpgsm, we
|
||||
might want to have an agent context for each service request
|
||||
(i.e. Assuan context).
|
||||
|
||||
* Describe some pitfalls when using EGD. Check that ~/.gnupg/entropy
|
||||
really is the default. What about needed permission?
|
||||
* sm/certreqgen.c
|
||||
** Improve error reporting
|
||||
** Do some basic checks on the supplied DNs
|
||||
|
||||
* Using an expired key for signing should give an error message
|
||||
"expired key" and not "unusable key'. Furthermore the error should
|
||||
also be thrown when the default key has expired. Reported by
|
||||
Eric.VanBuggenhaut add AdValvas.be.
|
||||
* sm/certchain.c
|
||||
** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent.
|
||||
** figure out how to auto retrieve a key by serialno+issuer.
|
||||
Dirmngr is currently not able to parse more than the CN.
|
||||
|
||||
* pause scrolling help in --edit-key and elsewhere.
|
||||
* sm/decrypt.c
|
||||
** replace leading zero in integer hack by a cleaner solution
|
||||
|
||||
* getkey does not return revoked/expired keys - therefore it is not
|
||||
possible to override it.
|
||||
* sm/sign.c
|
||||
** Don't hardcode the use of RSA.
|
||||
|
||||
* Selection using +wordlist does not work.
|
||||
What about adding a feature -word to the +wordlist search mode.
|
||||
* sm/gpgsm.c
|
||||
** Support --output
|
||||
** mark all unimplemented commands and options.
|
||||
|
||||
* Check the changes to the gpg random gatherer on all W32 platforms.
|
||||
|
||||
* Show more info does not work from edit->trust
|
||||
|
||||
* Check that no secret temporary results are stored in the result parameter
|
||||
of the mpi functions. We have already done this for mpi-mul.c
|
||||
|
||||
* We need another special packet at the end of a clearsign message to mark
|
||||
it's end and allow for multiple signature for one message. And
|
||||
add a real grammar to the code in mainproc.c
|
||||
|
||||
* If there is no secure memory, allocate more memory for the secure
|
||||
memory block or do it in all cases.
|
||||
|
||||
* add some minor things vor VMS.
|
||||
|
||||
* Use DSA keys with the test suite (partly done)
|
||||
|
||||
* Fix the bug in the mips assembler code
|
||||
|
||||
* Add a way to show the fingerprint of an key signator's keys
|
||||
|
||||
* Add an is_valid flag to each user ID.
|
||||
|
||||
* Replace the printing of the user name by [self-signature] when
|
||||
appropriate so that a key listing does not get clobbered.
|
||||
|
||||
* Concatenated encryption messages don't work corectly - only the
|
||||
first one is processed.
|
||||
|
||||
* Add option to put the list of recipients (from the encryption
|
||||
layer) into the signatures notation data.
|
||||
|
||||
* --disable-asm should still assemble _udiv_qrnnd when needed
|
||||
|
||||
* Get new assembler stuff from gmp 3.1
|
||||
|
||||
* use DEL and ^H for erasing the previous character (util/ttyio.c).
|
||||
or better readline.
|
||||
|
||||
* add test cases for invalid data (scrambled armor or other random data)
|
||||
|
||||
* add checking of armor trailers. Try to detect garbled header
|
||||
lines. Often one dash is missing due to sloppy cut+paste; so add
|
||||
a warning note like the one for QP.
|
||||
|
||||
* the pubkey encrypt functions should do some sanity checks.
|
||||
|
||||
* "gpg filename.tar.gz.asc" should work like --verify (-sab).
|
||||
|
||||
* for messages created with "-t", it might make sense to append the
|
||||
verification status of the message to the output (i.e. write something to
|
||||
the --output file and not only to stderr. However the problem is
|
||||
that we consider the message transpatrent and don't have any
|
||||
indication of the used character set. To implement this feature
|
||||
we need to make sure that all output is plain 7 bit ascii but
|
||||
given that we need to print a user name, this does not make sense
|
||||
at all. The only way this can be implemented is by assuming that
|
||||
the message is encoded in utf8 and hope tht everyone starts to use
|
||||
utf8 instead of latin-1 or whatever RSN. Hmmm, I myself should
|
||||
start with this.
|
||||
|
||||
* keyflags don't distinguish between {certify,signature}-only.
|
||||
|
||||
* Instead of issuing a "signature packet without keyid" gpg should
|
||||
try to get the keyID from a corresponding one-pass signature
|
||||
packet (See bug report 817). This is not easy to do as we don't
|
||||
store the one-pass packets.
|
||||
|
||||
* cat foo | gpg --sign | gpg --list-packets
|
||||
Does not list the signature packet.
|
||||
|
||||
* When presenting the result of a verification show the user ID with
|
||||
the highest trust level first instead of the primary one.
|
||||
* sm/keydb.c
|
||||
** Check file permissions
|
||||
** Write a keybox header and check for that magic value.
|
||||
** Check that all error code mapping is done.
|
||||
** Remove the inter-module dependencies between gpgsm and keybox
|
||||
|
||||
|
||||
* agent/command.c
|
||||
** Make sure that secure memory is used where appropriate
|
||||
** Implement option passing per connection (DISPLAY and TTY)
|
||||
|
||||
* agent/pkdecrypt.c, agent/pksign.c
|
||||
** Don't use stdio to return results.
|
||||
|
||||
* agent/protect-tool.c
|
||||
** Export and import certificates along with the secret key.
|
||||
** Make it more comfortable; i.e. copy files to the correct place.
|
||||
|
||||
* Move pkcs-1 encoding into libgcrypt.
|
||||
|
||||
* Use a MAC to protect some files.
|
||||
|
||||
* sm/export.c
|
||||
** Return an error code or a status info per user ID.
|
||||
|
||||
|
||||
Things we won't do
|
||||
------------------
|
||||
|
||||
* New option --file-remove path-to-wipe-program ?
|
||||
|
||||
|
835
acinclude.m4
835
acinclude.m4
@ -17,14 +17,6 @@ dnl You should have received a copy of the GNU General Public License
|
||||
dnl along with this program; if not, write to the Free Software
|
||||
dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
|
||||
dnl GNUPG_MSG_PRINT(STRING)
|
||||
dnl print a message
|
||||
dnl
|
||||
define(GNUPG_MSG_PRINT,
|
||||
[ echo $ac_n "$1"" $ac_c" 1>&AC_FD_MSG
|
||||
])
|
||||
|
||||
|
||||
dnl GNUPG_CHECK_TYPEDEF(TYPE, HAVE_NAME)
|
||||
dnl Check whether a typedef exists and create a #define $2 if it exists
|
||||
dnl
|
||||
@ -44,315 +36,95 @@ AC_DEFUN(GNUPG_CHECK_TYPEDEF,
|
||||
])
|
||||
|
||||
|
||||
dnl GNUPG_CHECK_GNUMAKE
|
||||
dnl
|
||||
AC_DEFUN(GNUPG_CHECK_GNUMAKE,
|
||||
[
|
||||
if ${MAKE-make} --version 2>/dev/null | grep '^GNU ' >/dev/null 2>&1; then
|
||||
:
|
||||
else
|
||||
AC_MSG_WARN([[
|
||||
***
|
||||
*** It seems that you are not using GNU make. Some make tools have serious
|
||||
*** flaws and you may not be able to build this software at all. Before you
|
||||
*** complain, please try GNU make: GNU make is easy to build and available
|
||||
*** at all GNU archives. It is always available from ftp.gnu.org:/gnu/make.
|
||||
***]])
|
||||
fi
|
||||
])
|
||||
|
||||
|
||||
dnl GNUPG_CHECK_FAQPROG
|
||||
dnl
|
||||
AC_DEFUN(GNUPG_CHECK_FAQPROG,
|
||||
[ AC_MSG_CHECKING(for faqprog.pl)
|
||||
if faqprog.pl -V 2>/dev/null | grep '^faqprog.pl ' >/dev/null 2>&1; then
|
||||
working_faqprog=yes
|
||||
FAQPROG="faqprog.pl"
|
||||
else
|
||||
working_faqprog=no
|
||||
FAQPROG=": "
|
||||
fi
|
||||
AC_MSG_RESULT($working_faqprog)
|
||||
AC_SUBST(FAQPROG)
|
||||
AM_CONDITIONAL(WORKING_FAQPROG, test "$working_faqprog" = "yes" )
|
||||
|
||||
dnl if test $working_faqprog = no; then
|
||||
dnl AC_MSG_WARN([[
|
||||
dnl ***
|
||||
dnl *** It seems that the faqprog.pl program is not installed;
|
||||
dnl *** however it is only needed if you want to change the FAQ.
|
||||
dnl *** (faqprog.pl should be available at:
|
||||
dnl *** ftp://ftp.gnupg.org/pub/gcrypt/contrib/faqprog.pl )
|
||||
dnl *** No need to worry about this warning.
|
||||
dnl ***]])
|
||||
dnl fi
|
||||
])
|
||||
|
||||
dnl GNUPG_CHECK_DOCBOOK_TO_TEXI
|
||||
dnl
|
||||
AC_DEFUN(GNUPG_CHECK_DOCBOOK_TO_TEXI,
|
||||
[
|
||||
AC_CHECK_PROG(DOCBOOK_TO_TEXI, docbook2texi, yes, no)
|
||||
AC_MSG_CHECKING(for sgml to texi tools)
|
||||
working_sgmltotexi=no
|
||||
if test "$ac_cv_prog_DOCBOOK_TO_TEXI" = yes; then
|
||||
if sgml2xml -v /dev/null 2>&1 | grep 'SP version' >/dev/null 2>&1 ; then
|
||||
working_sgmltotexi=yes
|
||||
fi
|
||||
fi
|
||||
AC_MSG_RESULT($working_sgmltotexi)
|
||||
AM_CONDITIONAL(HAVE_DOCBOOK_TO_TEXI, test "$working_sgmltotexi" = "yes" )
|
||||
])
|
||||
|
||||
|
||||
|
||||
dnl GNUPG_CHECK_ENDIAN
|
||||
dnl define either LITTLE_ENDIAN_HOST or BIG_ENDIAN_HOST
|
||||
dnl
|
||||
define(GNUPG_CHECK_ENDIAN,
|
||||
[ if test "$cross_compiling" = yes; then
|
||||
AC_MSG_WARN(cross compiling; assuming little endianess)
|
||||
fi
|
||||
AC_MSG_CHECKING(endianess)
|
||||
AC_CACHE_VAL(gnupg_cv_c_endian,
|
||||
[ gnupg_cv_c_endian=unknown
|
||||
# See if sys/param.h defines the BYTE_ORDER macro.
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <sys/param.h>], [
|
||||
#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
|
||||
bogus endian macros
|
||||
#endif], [# It does; now see whether it defined to BIG_ENDIAN or not.
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <sys/param.h>], [
|
||||
#if BYTE_ORDER != BIG_ENDIAN
|
||||
not big endian
|
||||
#endif], gnupg_cv_c_endian=big, gnupg_cv_c_endian=little)])
|
||||
if test "$gnupg_cv_c_endian" = unknown; then
|
||||
AC_TRY_RUN([main () {
|
||||
/* Are we little or big endian? From Harbison&Steele. */
|
||||
union
|
||||
{
|
||||
long l;
|
||||
char c[sizeof (long)];
|
||||
} u;
|
||||
u.l = 1;
|
||||
exit (u.c[sizeof (long) - 1] == 1);
|
||||
}],
|
||||
gnupg_cv_c_endian=little,
|
||||
gnupg_cv_c_endian=big,
|
||||
gnupg_cv_c_endian=little
|
||||
)
|
||||
fi
|
||||
# Check for the getsockopt SO_PEERCRED
|
||||
AC_DEFUN(GNUPG_SYS_SO_PEERCRED,
|
||||
[ AC_MSG_CHECKING(for SO_PEERCRED)
|
||||
AC_CACHE_VAL(gnupg_cv_sys_so_peercred,
|
||||
[AC_TRY_COMPILE([#include <sys/socket.h>],
|
||||
[struct ucred cr;
|
||||
int cl = sizeof cr;
|
||||
getsockopt (1, SOL_SOCKET, SO_PEERCRED, &cr, &cl);],
|
||||
gnupg_cv_sys_so_peercred=yes,
|
||||
gnupg_cv_sys_so_peercred=no)
|
||||
])
|
||||
AC_MSG_RESULT([$gnupg_cv_c_endian])
|
||||
if test "$gnupg_cv_c_endian" = little; then
|
||||
AC_DEFINE(LITTLE_ENDIAN_HOST,1,
|
||||
[Defined if the host has little endian byte ordering])
|
||||
else
|
||||
AC_DEFINE(BIG_ENDIAN_HOST,1,
|
||||
[Defined if the host has big endian byte ordering])
|
||||
fi
|
||||
])
|
||||
|
||||
dnl GNUPG_CHECK_CACHE
|
||||
dnl
|
||||
define(GNUPG_CHECK_CACHE,
|
||||
[ AC_MSG_CHECKING(cached information)
|
||||
gnupg_hostcheck="$target"
|
||||
AC_CACHE_VAL(gnupg_cv_hostcheck, [ gnupg_cv_hostcheck="$gnupg_hostcheck" ])
|
||||
if test "$gnupg_cv_hostcheck" != "$gnupg_hostcheck"; then
|
||||
AC_MSG_RESULT(changed)
|
||||
AC_MSG_WARN(config.cache exists!)
|
||||
AC_MSG_ERROR(you must do 'make distclean' first to compile for
|
||||
different target or different parameters.)
|
||||
else
|
||||
AC_MSG_RESULT(ok)
|
||||
AC_MSG_RESULT($gnupg_cv_sys_so_peercred)
|
||||
if test $gnupg_cv_sys_so_peercred = yes; then
|
||||
AC_DEFINE(HAVE_SO_PEERCRED, 1,
|
||||
[Defined if SO_PEERCRED is supported (Linux)])
|
||||
fi
|
||||
])
|
||||
|
||||
|
||||
######################################################################
|
||||
# Check for -fPIC etc (taken from libtool)
|
||||
# This sets CFLAGS_PIC to the required flags
|
||||
# NO_PIC to yes if it is not possible to
|
||||
# generate PIC
|
||||
######################################################################
|
||||
dnl GNUPG_CHECK_PIC
|
||||
dnl
|
||||
define(GNUPG_CHECK_PIC,
|
||||
[ AC_MSG_CHECKING(for option to create PIC)
|
||||
CFLAGS_PIC=
|
||||
NO_PIC=no
|
||||
if test "$cross_compiling" = yes; then
|
||||
AC_MSG_RESULT(assume none)
|
||||
else
|
||||
if test "$GCC" = yes; then
|
||||
CFLAGS_PIC="-fPIC"
|
||||
else
|
||||
case "$host_os" in
|
||||
aix3* | aix4*)
|
||||
# All rs/6000 code is PIC
|
||||
# but is there any non-rs/6000 AIX platform?
|
||||
;;
|
||||
|
||||
hpux9* | hpux10*)
|
||||
CFLAGS_PIC="+Z"
|
||||
;;
|
||||
# GNUPG_BUILD_PROGRAM(NAME,DEFAULT)
|
||||
# Add a --enable-NAME option to configure an set the
|
||||
# shell variable build_NAME either to "yes" or "no". DEFAULT must
|
||||
# either be "yes" or "no" and decided on the default value for
|
||||
# build_NAME and whether --enable-NAME or --disable-NAME is shown with
|
||||
# ./configure --help
|
||||
AC_DEFUN(GNUPG_BUILD_PROGRAM,
|
||||
[build_$1=$2
|
||||
m4_if([$2],[yes],[
|
||||
AC_ARG_ENABLE([$1], AC_HELP_STRING([--disable-$1],
|
||||
[do not build the $1 program]),
|
||||
build_$1=$enableval, build_$1=$2)
|
||||
],[
|
||||
AC_ARG_ENABLE([$1], AC_HELP_STRING([--enable-$1],
|
||||
[build the $1 program]),
|
||||
build_$1=$enableval, build_$1=$2)
|
||||
])
|
||||
case "$build_$1" in
|
||||
no|yes)
|
||||
;;
|
||||
*)
|
||||
AC_MSG_ERROR([only yes or no allowed for feature --enable-$1])
|
||||
;;
|
||||
esac
|
||||
])
|
||||
|
||||
irix5* | irix6*)
|
||||
# PIC (with -KPIC) is the default.
|
||||
;;
|
||||
|
||||
osf3* | osf4*)
|
||||
# FIXME - pic_flag is probably required for
|
||||
# hppa*-osf* and i860-osf*
|
||||
;;
|
||||
|
||||
sco3.2v5*)
|
||||
CFLAGS_PIC='-Kpic'
|
||||
;;
|
||||
|
||||
solaris2* | solaris7* )
|
||||
CFLAGS_PIC='-KPIC'
|
||||
;;
|
||||
|
||||
sunos4*)
|
||||
CFLAGS_PIC='-PIC'
|
||||
;;
|
||||
|
||||
*)
|
||||
NO_PIC=yes
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
case "$host_cpu" in
|
||||
rs6000 | powerpc | powerpcle)
|
||||
# Yippee! All RS/6000 and PowerPC code is position-independent.
|
||||
CFLAGS_PIC=""
|
||||
;;
|
||||
# GNUPG_PTH_VERSION_CHECK(REQUIRED)
|
||||
#
|
||||
# If the version is sufficient, HAVE_PTH will be set to yes.
|
||||
#
|
||||
# Taken form the m4 macros which come with Pth
|
||||
AC_DEFUN(GNUPG_PTH_VERSION_CHECK,
|
||||
[
|
||||
_pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print [$]3}'`
|
||||
_req_version="ifelse([$1],,1.2.0,$1)"
|
||||
for _var in _pth_version _req_version; do
|
||||
eval "_val=\"\$${_var}\""
|
||||
_major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'`
|
||||
_minor=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\2/'`
|
||||
_rtype=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\3/'`
|
||||
_micro=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\4/'`
|
||||
case $_rtype in
|
||||
"a" ) _rtype=0 ;;
|
||||
"b" ) _rtype=1 ;;
|
||||
"." ) _rtype=2 ;;
|
||||
esac
|
||||
|
||||
if test "$NO_PIC" = yes; then
|
||||
AC_MSG_RESULT(not possible)
|
||||
else
|
||||
if test -z "$CFLAGS_PIC"; then
|
||||
AC_MSG_RESULT(none)
|
||||
else
|
||||
AC_MSG_RESULT($CFLAGS_PIC)
|
||||
_hex=`echo dummy | awk '{ printf("%d%02d%1d%02d", major, minor, rtype, micro); }' \
|
||||
"major=$_major" "minor=$_minor" "rtype=$_rtype" "micro=$_micro"`
|
||||
eval "${_var}_hex=\"\$_hex\""
|
||||
done
|
||||
have_pth=no
|
||||
if test ".$_pth_version_hex" != .; then
|
||||
if test ".$_req_version_hex" != .; then
|
||||
if test $_pth_version_hex -ge $_req_version_hex; then
|
||||
have_pth=yes
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
])
|
||||
|
||||
|
||||
######################################################################
|
||||
# Check for export-dynamic flag
|
||||
# This sets CFLAGS_EXPORTDYNAMIC to the required flags
|
||||
######################################################################
|
||||
dnl GNUPG_CHECK_EXPORTDYNAMIC
|
||||
dnl
|
||||
define(GNUPG_CHECK_EXPORTDYNAMIC,
|
||||
[ AC_MSG_CHECKING(how to specify -export-dynamic)
|
||||
if test "$cross_compiling" = yes; then
|
||||
AC_MSG_RESULT(assume none)
|
||||
CFLAGS_EXPORTDYNAMIC=""
|
||||
else
|
||||
AC_CACHE_VAL(gnupg_cv_export_dynamic,[
|
||||
if AC_TRY_COMMAND([${CC-cc} $CFLAGS -Wl,--version 2>&1 |
|
||||
grep "GNU ld" >/dev/null]); then
|
||||
# using gnu's linker
|
||||
gnupg_cv_export_dynamic="-Wl,-export-dynamic"
|
||||
else
|
||||
case "$host_os" in
|
||||
hpux* )
|
||||
gnupg_cv_export_dynamic="-Wl,-E"
|
||||
;;
|
||||
* )
|
||||
gnupg_cv_export_dynamic=""
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
])
|
||||
AC_MSG_RESULT($gnupg_cv_export_dynamic)
|
||||
CFLAGS_EXPORTDYNAMIC="$gnupg_cv_export_dynamic"
|
||||
if test $have_pth = no; then
|
||||
AC_MSG_WARN([[
|
||||
***
|
||||
*** Found Pth version $_pth_version, but require at least
|
||||
*** version $_req_version. Please upgrade Pth first.
|
||||
***]])
|
||||
fi
|
||||
])
|
||||
|
||||
#####################################################################
|
||||
# Check for SysV IPC (from GIMP)
|
||||
# And see whether we have a SHM_LOCK (FreeBSD does not have it).
|
||||
#####################################################################
|
||||
dnl GNUPG_CHECK_IPC
|
||||
dnl
|
||||
define(GNUPG_CHECK_IPC,
|
||||
[ AC_CHECK_HEADERS(sys/ipc.h sys/shm.h)
|
||||
if test "$ac_cv_header_sys_shm_h" = "yes"; then
|
||||
AC_MSG_CHECKING(whether IPC_RMID allowes subsequent attaches)
|
||||
AC_CACHE_VAL(gnupg_cv_ipc_rmid_deferred_release,
|
||||
AC_TRY_RUN([
|
||||
#include <sys/types.h>
|
||||
#include <sys/ipc.h>
|
||||
#include <sys/shm.h>
|
||||
int main()
|
||||
{
|
||||
int id;
|
||||
char *shmaddr;
|
||||
id = shmget (IPC_PRIVATE, 4, IPC_CREAT | 0777);
|
||||
if (id == -1)
|
||||
exit (2);
|
||||
shmaddr = shmat (id, 0, 0);
|
||||
shmctl (id, IPC_RMID, 0);
|
||||
if ((char*) shmat (id, 0, 0) == (char*) -1)
|
||||
{
|
||||
shmdt (shmaddr);
|
||||
exit (1);
|
||||
}
|
||||
shmdt (shmaddr);
|
||||
shmdt (shmaddr);
|
||||
exit (0);
|
||||
}
|
||||
],
|
||||
gnupg_cv_ipc_rmid_deferred_release="yes",
|
||||
gnupg_cv_ipc_rmid_deferred_release="no",
|
||||
gnupg_cv_ipc_rmid_deferred_release="assume-no")
|
||||
)
|
||||
if test "$gnupg_cv_ipc_rmid_deferred_release" = "yes"; then
|
||||
AC_DEFINE(IPC_RMID_DEFERRED_RELEASE,1,
|
||||
[Defined if we can do a deferred shm release])
|
||||
AC_MSG_RESULT(yes)
|
||||
else
|
||||
if test "$gnupg_cv_ipc_rmid_deferred_release" = "no"; then
|
||||
AC_MSG_RESULT(no)
|
||||
else
|
||||
AC_MSG_RESULT([assuming no])
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING(whether SHM_LOCK is available)
|
||||
AC_CACHE_VAL(gnupg_cv_ipc_have_shm_lock,
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <sys/ipc.h>
|
||||
#include <sys/shm.h>],[
|
||||
int shm_id;
|
||||
shmctl(shm_id, SHM_LOCK, 0);
|
||||
],
|
||||
gnupg_cv_ipc_have_shm_lock="yes",
|
||||
gnupg_cv_ipc_have_shm_lock="no"
|
||||
)
|
||||
)
|
||||
if test "$gnupg_cv_ipc_have_shm_lock" = "yes"; then
|
||||
AC_DEFINE(IPC_HAVE_SHM_LOCK,1,
|
||||
[Defined if a SysV shared memory supports the LOCK flag])
|
||||
AC_MSG_RESULT(yes)
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
fi
|
||||
])
|
||||
|
||||
|
||||
######################################################################
|
||||
# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock
|
||||
# is not called from uid 0 (not tested whether uid 0 works)
|
||||
@ -448,295 +220,206 @@ define(GNUPG_CHECK_MLOCK,
|
||||
])
|
||||
|
||||
|
||||
################################################################
|
||||
# GNUPG_PROG_NM - find the path to a BSD-compatible name lister
|
||||
AC_DEFUN(GNUPG_PROG_NM,
|
||||
[AC_MSG_CHECKING([for BSD-compatible nm])
|
||||
AC_CACHE_VAL(ac_cv_path_NM,
|
||||
[if test -n "$NM"; then
|
||||
# Let the user override the test.
|
||||
ac_cv_path_NM="$NM"
|
||||
else
|
||||
IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
|
||||
for ac_dir in /usr/ucb /usr/ccs/bin $PATH /bin; do
|
||||
test -z "$ac_dir" && ac_dir=.
|
||||
if test -f $ac_dir/nm; then
|
||||
# Check to see if the nm accepts a BSD-compat flag.
|
||||
# Adding the `sed 1q' prevents false positives on HP-UX, which says:
|
||||
# nm: unknown option "B" ignored
|
||||
if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
|
||||
ac_cv_path_NM="$ac_dir/nm -B"
|
||||
elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
|
||||
ac_cv_path_NM="$ac_dir/nm -p"
|
||||
else
|
||||
ac_cv_path_NM="$ac_dir/nm"
|
||||
fi
|
||||
break
|
||||
fi
|
||||
done
|
||||
IFS="$ac_save_ifs"
|
||||
test -z "$ac_cv_path_NM" && ac_cv_path_NM=nm
|
||||
fi])
|
||||
NM="$ac_cv_path_NM"
|
||||
AC_MSG_RESULT([$NM])
|
||||
AC_SUBST(NM)
|
||||
])
|
||||
|
||||
# GNUPG_SYS_NM_PARSE - Check for command ro grab the raw symbol name followed
|
||||
# by C symbol name from nm.
|
||||
AC_DEFUN(GNUPG_SYS_NM_PARSE,
|
||||
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
|
||||
AC_REQUIRE([GNUPG_PROG_NM])dnl
|
||||
# Check for command to grab the raw symbol name followed by C symbol from nm.
|
||||
AC_MSG_CHECKING([command to parse $NM output])
|
||||
AC_CACHE_VAL(ac_cv_sys_global_symbol_pipe,
|
||||
[# These are sane defaults that work on at least a few old systems.
|
||||
# {They come from Ultrix. What could be older than Ultrix?!! ;)}
|
||||
dnl [copied from libgcrypt]
|
||||
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
|
||||
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
|
||||
dnl Test for liblibgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS
|
||||
dnl
|
||||
AC_DEFUN(AM_PATH_LIBGCRYPT,
|
||||
[ AC_ARG_WITH(libgcrypt-prefix,
|
||||
AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
|
||||
[prefix where LIBGCRYPT is installed (optional)]),
|
||||
libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
|
||||
if test x$libgcrypt_config_prefix != x ; then
|
||||
libgcrypt_config_args="$libgcrypt_config_args --prefix=$libgcrypt_config_prefix"
|
||||
if test x${LIBGCRYPT_CONFIG+set} != xset ; then
|
||||
LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
|
||||
fi
|
||||
fi
|
||||
|
||||
changequote(,)dnl
|
||||
# Character class describing NM global symbol codes.
|
||||
ac_symcode='[BCDEGRSTU]'
|
||||
|
||||
# Regexp to match symbols that can be accessed directly from C.
|
||||
ac_sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
|
||||
|
||||
# Transform the above into a raw symbol and a C symbol.
|
||||
ac_symxfrm='\1 \1'
|
||||
|
||||
# Define system-specific variables.
|
||||
case "$host_os" in
|
||||
aix*)
|
||||
ac_symcode='[BCDTU]'
|
||||
;;
|
||||
freebsd* | netbsd* | openbsd* | bsdi* | sunos* | cygwin32* | mingw32*)
|
||||
ac_sympat='_\([_A-Za-z][_A-Za-z0-9]*\)'
|
||||
ac_symxfrm='_\1 \1'
|
||||
;;
|
||||
irix*)
|
||||
# Cannot use undefined symbols on IRIX because inlined functions mess us up.
|
||||
ac_symcode='[BCDEGRST]'
|
||||
;;
|
||||
solaris*)
|
||||
ac_symcode='[BDTU]'
|
||||
;;
|
||||
esac
|
||||
|
||||
# If we're using GNU nm, then use its standard symbol codes.
|
||||
if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then
|
||||
ac_symcode='[ABCDGISTUW]'
|
||||
fi
|
||||
|
||||
case "$host_os" in
|
||||
cygwin32* | mingw32*)
|
||||
# We do not want undefined symbols on cygwin32. The user must
|
||||
# arrange to define them via -l arguments.
|
||||
ac_symcode='[ABCDGISTW]'
|
||||
;;
|
||||
esac
|
||||
changequote([,])dnl
|
||||
|
||||
# Write the raw and C identifiers.
|
||||
ac_cv_sys_global_symbol_pipe="sed -n -e 's/^.* $ac_symcode $ac_sympat$/$ac_symxfrm/p'"
|
||||
|
||||
# Check to see that the pipe works correctly.
|
||||
ac_pipe_works=no
|
||||
cat > conftest.$ac_ext <<EOF
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
char nm_test_var;
|
||||
void nm_test_func(){}
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
int main(){nm_test_var='a';nm_test_func;return 0;}
|
||||
EOF
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
# Now try to grab the symbols.
|
||||
ac_nlist=conftest.nm
|
||||
if AC_TRY_EVAL(NM conftest.$ac_objext \| $ac_cv_sys_global_symbol_pipe \> $ac_nlist) && test -s "$ac_nlist"; then
|
||||
|
||||
# Try sorting and uniquifying the output.
|
||||
if sort "$ac_nlist" | uniq > "$ac_nlist"T; then
|
||||
mv -f "$ac_nlist"T "$ac_nlist"
|
||||
ac_wcout=`wc "$ac_nlist" 2>/dev/null`
|
||||
changequote(,)dnl
|
||||
ac_count=`echo "X$ac_wcout" | sed -e 's,^X,,' -e 's/^[ ]*\([0-9][0-9]*\).*$/\1/'`
|
||||
changequote([,])dnl
|
||||
(test "$ac_count" -ge 0) 2>/dev/null || ac_count=-1
|
||||
AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
|
||||
min_libgcrypt_version=ifelse([$1], ,0.4.4,$1)
|
||||
AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
|
||||
ok=no
|
||||
if test "$LIBGCRYPT_CONFIG" != "no" ; then
|
||||
req_major=`echo $min_libgcrypt_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
|
||||
req_minor=`echo $min_libgcrypt_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
|
||||
req_micro=`echo $min_libgcrypt_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
|
||||
libgcrypt_config_version=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --version`
|
||||
major=`echo $libgcrypt_config_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
|
||||
minor=`echo $libgcrypt_config_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
|
||||
micro=`echo $libgcrypt_config_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
|
||||
if test "$major" -gt "$req_major"; then
|
||||
ok=yes
|
||||
else
|
||||
rm -f "$ac_nlist"T
|
||||
ac_count=-1
|
||||
fi
|
||||
|
||||
# Make sure that we snagged all the symbols we need.
|
||||
if egrep ' nm_test_var$' "$ac_nlist" >/dev/null; then
|
||||
if egrep ' nm_test_func$' "$ac_nlist" >/dev/null; then
|
||||
cat <<EOF > conftest.c
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
EOF
|
||||
# Now generate the symbol file.
|
||||
sed 's/^.* \(.*\)$/extern char \1;/' < "$ac_nlist" >> conftest.c
|
||||
|
||||
cat <<EOF >> conftest.c
|
||||
#if defined (__STDC__) && __STDC__
|
||||
# define __ptr_t void *
|
||||
#else
|
||||
# define __ptr_t char *
|
||||
#endif
|
||||
|
||||
/* The number of symbols in dld_preloaded_symbols, -1 if unsorted. */
|
||||
int dld_preloaded_symbol_count = $ac_count;
|
||||
|
||||
/* The mapping between symbol names and symbols. */
|
||||
struct {
|
||||
char *name;
|
||||
__ptr_t address;
|
||||
}
|
||||
changequote(,)dnl
|
||||
dld_preloaded_symbols[] =
|
||||
changequote([,])dnl
|
||||
{
|
||||
EOF
|
||||
sed 's/^\(.*\) \(.*\)$/ {"\1", (__ptr_t) \&\2},/' < "$ac_nlist" >> conftest.c
|
||||
cat <<\EOF >> conftest.c
|
||||
{0, (__ptr_t) 0}
|
||||
};
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
EOF
|
||||
# Now try linking the two files.
|
||||
mv conftest.$ac_objext conftestm.$ac_objext
|
||||
ac_save_LIBS="$LIBS"
|
||||
ac_save_CFLAGS="$CFLAGS"
|
||||
LIBS="conftestm.$ac_objext"
|
||||
CFLAGS="$CFLAGS$no_builtin_flag"
|
||||
if AC_TRY_EVAL(ac_link) && test -s conftest; then
|
||||
ac_pipe_works=yes
|
||||
else
|
||||
echo "configure: failed program was:" >&AC_FD_CC
|
||||
cat conftest.c >&AC_FD_CC
|
||||
if test "$major" -eq "$req_major"; then
|
||||
if test "$minor" -gt "$req_minor"; then
|
||||
ok=yes
|
||||
else
|
||||
if test "$minor" -eq "$req_minor"; then
|
||||
if test "$micro" -ge "$req_micro"; then
|
||||
ok=yes
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
LIBS="$ac_save_LIBS"
|
||||
CFLAGS="$ac_save_CFLAGS"
|
||||
else
|
||||
echo "cannot find nm_test_func in $ac_nlist" >&AC_FD_CC
|
||||
fi
|
||||
else
|
||||
echo "cannot find nm_test_var in $ac_nlist" >&AC_FD_CC
|
||||
fi
|
||||
else
|
||||
echo "cannot run $ac_cv_sys_global_symbol_pipe" >&AC_FD_CC
|
||||
fi
|
||||
else
|
||||
echo "$progname: failed program was:" >&AC_FD_CC
|
||||
cat conftest.c >&AC_FD_CC
|
||||
fi
|
||||
rm -rf conftest*
|
||||
|
||||
# Do not use the global_symbol_pipe unless it works.
|
||||
test "$ac_pipe_works" = yes || ac_cv_sys_global_symbol_pipe=
|
||||
if test $ok = yes; then
|
||||
LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --cflags`
|
||||
LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --libs`
|
||||
AC_MSG_RESULT(yes)
|
||||
ifelse([$2], , :, [$2])
|
||||
else
|
||||
LIBGCRYPT_CFLAGS=""
|
||||
LIBGCRYPT_LIBS=""
|
||||
AC_MSG_RESULT(no)
|
||||
ifelse([$3], , :, [$3])
|
||||
fi
|
||||
AC_SUBST(LIBGCRYPT_CFLAGS)
|
||||
AC_SUBST(LIBGCRYPT_LIBS)
|
||||
])
|
||||
|
||||
ac_result=yes
|
||||
if test -z "$ac_cv_sys_global_symbol_pipe"; then
|
||||
ac_result=no
|
||||
fi
|
||||
AC_MSG_RESULT($ac_result)
|
||||
])
|
||||
|
||||
# GNUPG_SYS_LIBTOOL_CYGWIN32 - find tools needed on cygwin32
|
||||
AC_DEFUN(GNUPG_SYS_LIBTOOL_CYGWIN32,
|
||||
[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
|
||||
AC_CHECK_TOOL(AS, as, false)
|
||||
])
|
||||
dnl [Copied from libksba]
|
||||
dnl AM_PATH_KSBA([MINIMUM-VERSION,
|
||||
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
|
||||
dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS
|
||||
dnl
|
||||
AC_DEFUN(AM_PATH_KSBA,
|
||||
[ AC_ARG_WITH(ksba-prefix,
|
||||
AC_HELP_STRING([--with-ksba-prefix=PFX],
|
||||
[prefix where KSBA is installed (optional)]),
|
||||
ksba_config_prefix="$withval", ksba_config_prefix="")
|
||||
if test x$ksba_config_prefix != x ; then
|
||||
ksba_config_args="$ksba_config_args --prefix=$ksba_config_prefix"
|
||||
if test x${KSBA_CONFIG+set} != xset ; then
|
||||
KSBA_CONFIG=$ksba_config_prefix/bin/ksba-config
|
||||
fi
|
||||
fi
|
||||
|
||||
# GNUPG_SYS_SYMBOL_UNDERSCORE - does the compiler prefix global symbols
|
||||
# with an underscore?
|
||||
AC_DEFUN(GNUPG_SYS_SYMBOL_UNDERSCORE,
|
||||
[tmp_do_check="no"
|
||||
case "${target}" in
|
||||
i386-emx-os2 | i[3456]86-pc-os2*emx | i386-pc-msdosdjgpp | *-*-cygwin)
|
||||
ac_cv_sys_symbol_underscore=yes
|
||||
;;
|
||||
*)
|
||||
if test "$cross_compiling" = yes; then
|
||||
ac_cv_sys_symbol_underscore=yes
|
||||
else
|
||||
tmp_do_check="yes"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
if test "$tmp_do_check" = "yes"; then
|
||||
AC_REQUIRE([GNUPG_PROG_NM])dnl
|
||||
AC_REQUIRE([GNUPG_SYS_NM_PARSE])dnl
|
||||
AC_MSG_CHECKING([for _ prefix in compiled symbols])
|
||||
AC_CACHE_VAL(ac_cv_sys_symbol_underscore,
|
||||
[ac_cv_sys_symbol_underscore=no
|
||||
cat > conftest.$ac_ext <<EOF
|
||||
void nm_test_func(){}
|
||||
int main(){nm_test_func;return 0;}
|
||||
EOF
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
# Now try to grab the symbols.
|
||||
ac_nlist=conftest.nm
|
||||
if AC_TRY_EVAL(NM conftest.$ac_objext \| $ac_cv_sys_global_symbol_pipe \> $ac_nlist) && test -s "$ac_nlist"; then
|
||||
# See whether the symbols have a leading underscore.
|
||||
if egrep '^_nm_test_func' "$ac_nlist" >/dev/null; then
|
||||
ac_cv_sys_symbol_underscore=yes
|
||||
AC_PATH_PROG(KSBA_CONFIG, ksba-config, no)
|
||||
min_ksba_version=ifelse([$1], ,0.4.4,$1)
|
||||
AC_MSG_CHECKING(for KSBA - version >= $min_ksba_version)
|
||||
ok=no
|
||||
if test "$KSBA_CONFIG" != "no" ; then
|
||||
req_major=`echo $min_ksba_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
|
||||
req_minor=`echo $min_ksba_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
|
||||
req_micro=`echo $min_ksba_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
|
||||
ksba_config_version=`$KSBA_CONFIG $ksba_config_args --version`
|
||||
major=`echo $ksba_config_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
|
||||
minor=`echo $ksba_config_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
|
||||
micro=`echo $ksba_config_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
|
||||
if test "$major" -gt "$req_major"; then
|
||||
ok=yes
|
||||
else
|
||||
if egrep '^nm_test_func ' "$ac_nlist" >/dev/null; then
|
||||
:
|
||||
else
|
||||
echo "configure: cannot find nm_test_func in $ac_nlist" >&AC_FD_CC
|
||||
fi
|
||||
if test "$major" -eq "$req_major"; then
|
||||
if test "$minor" -gt "$req_minor"; then
|
||||
ok=yes
|
||||
else
|
||||
if test "$minor" -eq "$req_minor"; then
|
||||
if test "$micro" -ge "$req_micro"; then
|
||||
ok=yes
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "configure: cannot run $ac_cv_sys_global_symbol_pipe" >&AC_FD_CC
|
||||
fi
|
||||
else
|
||||
echo "configure: failed program was:" >&AC_FD_CC
|
||||
cat conftest.c >&AC_FD_CC
|
||||
fi
|
||||
rm -rf conftest*
|
||||
])
|
||||
else
|
||||
AC_MSG_CHECKING([for _ prefix in compiled symbols])
|
||||
fi
|
||||
AC_MSG_RESULT($ac_cv_sys_symbol_underscore)
|
||||
if test x$ac_cv_sys_symbol_underscore = xyes; then
|
||||
AC_DEFINE(WITH_SYMBOL_UNDERSCORE,1,
|
||||
[Defined if compiled symbols have a leading underscore])
|
||||
fi
|
||||
if test $ok = yes; then
|
||||
KSBA_CFLAGS=`$KSBA_CONFIG $ksba_config_args --cflags`
|
||||
KSBA_LIBS=`$KSBA_CONFIG $ksba_config_args --libs`
|
||||
AC_MSG_RESULT(yes)
|
||||
ifelse([$2], , :, [$2])
|
||||
else
|
||||
KSBA_CFLAGS=""
|
||||
KSBA_LIBS=""
|
||||
AC_MSG_RESULT(no)
|
||||
ifelse([$3], , :, [$3])
|
||||
fi
|
||||
AC_SUBST(KSBA_CFLAGS)
|
||||
AC_SUBST(KSBA_LIBS)
|
||||
])
|
||||
|
||||
dnl Stolen from gcc
|
||||
dnl Define MKDIR_TAKES_ONE_ARG if mkdir accepts only one argument instead
|
||||
dnl of the usual 2.
|
||||
AC_DEFUN(GNUPG_FUNC_MKDIR_TAKES_ONE_ARG,
|
||||
[AC_CHECK_HEADERS(sys/stat.h unistd.h direct.h)
|
||||
AC_CACHE_CHECK([if mkdir takes one argument], gnupg_cv_mkdir_takes_one_arg,
|
||||
[AC_TRY_COMPILE([
|
||||
#include <sys/types.h>
|
||||
#ifdef HAVE_SYS_STAT_H
|
||||
# include <sys/stat.h>
|
||||
#endif
|
||||
#ifdef HAVE_UNISTD_H
|
||||
# include <unistd.h>
|
||||
#endif
|
||||
#ifdef HAVE_DIRECT_H
|
||||
# include <direct.h>
|
||||
#endif], [mkdir ("foo", 0);],
|
||||
gnupg_cv_mkdir_takes_one_arg=no, gnupg_cv_mkdir_takes_one_arg=yes)])
|
||||
if test $gnupg_cv_mkdir_takes_one_arg = yes ; then
|
||||
AC_DEFINE(MKDIR_TAKES_ONE_ARG,1,
|
||||
[Defined if mkdir() does not take permission flags])
|
||||
fi
|
||||
|
||||
|
||||
dnl AM_PATH_OPENSC([MINIMUM-VERSION,
|
||||
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
|
||||
dnl Test for OpenSC and define OPENSC_CFLAGS and OPENSC_LIBS
|
||||
dnl
|
||||
AC_DEFUN(AM_PATH_OPENSC,
|
||||
[ AC_ARG_WITH(opensc-prefix,
|
||||
AC_HELP_STRING([--with-opensc-prefix=PFX],
|
||||
[prefix where OpenSC is installed (optional)]),
|
||||
opensc_config_prefix="$withval", opensc_config_prefix="")
|
||||
if test x$opensc_config_prefix != x ; then
|
||||
opensc_config_args="$opensc_config_args --prefix=$opensc_config_prefix"
|
||||
if test x${OPENSC_CONFIG+set} != xset ; then
|
||||
OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
|
||||
min_opensc_version=ifelse([$1], ,0.7.0,$1)
|
||||
AC_MSG_CHECKING(for OpenSC - version >= $min_opensc_version)
|
||||
ok=no
|
||||
if test "$OPENSC_CONFIG" != "no" ; then
|
||||
req_major=`echo $min_opensc_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
|
||||
req_minor=`echo $min_opensc_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
|
||||
req_micro=`echo $min_opensc_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
|
||||
opensc_config_version=`$OPENSC_CONFIG $opensc_config_args --version`
|
||||
major=`echo $opensc_config_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
|
||||
minor=`echo $opensc_config_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
|
||||
micro=`echo $opensc_config_version | \
|
||||
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
|
||||
if test "$major" -gt "$req_major"; then
|
||||
ok=yes
|
||||
else
|
||||
if test "$major" -eq "$req_major"; then
|
||||
if test "$minor" -gt "$req_minor"; then
|
||||
ok=yes
|
||||
else
|
||||
if test "$minor" -eq "$req_minor"; then
|
||||
if test "$micro" -ge "$req_micro"; then
|
||||
ok=yes
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if test $ok = yes; then
|
||||
OPENSC_CFLAGS=`$OPENSC_CONFIG $opensc_config_args --cflags`
|
||||
OPENSC_LIBS=`$OPENSC_CONFIG $opensc_config_args --libs`
|
||||
OPENSC_LIBS="$OPENSC_LIBS -lpcsclite -lpthread"
|
||||
AC_MSG_RESULT(yes)
|
||||
ifelse([$2], , :, [$2])
|
||||
else
|
||||
OPENSC_CFLAGS=""
|
||||
OPENSC_LIBS=""
|
||||
AC_MSG_RESULT(no)
|
||||
ifelse([$3], , :, [$3])
|
||||
fi
|
||||
AC_SUBST(OPENSC_CFLAGS)
|
||||
AC_SUBST(OPENSC_LIBS)
|
||||
])
|
||||
|
||||
|
||||
|
162
autogen.sh
162
autogen.sh
@ -1,5 +1,163 @@
|
||||
#!/bin/sh
|
||||
# Run this to generate all the initial makefiles, etc.
|
||||
# It is only needed for the CVS version.
|
||||
|
||||
autogen_sh="`dirname $0`/scripts/autogen.sh"
|
||||
exec $autogen_sh $*
|
||||
# have_version(prog, list of executables, required version)
|
||||
#
|
||||
# Returns true and sets $prog to the first executable with the
|
||||
# required minimum major.minor.
|
||||
have_version ()
|
||||
{
|
||||
found=0
|
||||
|
||||
for prog in $2 :
|
||||
do
|
||||
ver=$($prog --version \
|
||||
| gawk '{ if (match($0, /[0-9]+\.[0-9]+/))
|
||||
{
|
||||
print substr($0, RSTART, RLENGTH); ok=1; exit 0;
|
||||
}
|
||||
}
|
||||
|
||||
END {
|
||||
if (! ok)
|
||||
exit 1;
|
||||
}')
|
||||
|
||||
if test $? = 0
|
||||
then
|
||||
if expr 0$ver '>=' 0$3 >/dev/null 2>&1
|
||||
then
|
||||
echo Using $prog
|
||||
found=1
|
||||
export $1="$prog"
|
||||
break
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
if test 0$found = 01
|
||||
then
|
||||
true
|
||||
else
|
||||
echo "*** Error. Could not find an appropriate executable for $1 with "
|
||||
echo "at least version $3."
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
PGM=NEWPG
|
||||
lib_config_files=""
|
||||
autoconf_vers=2.52
|
||||
automake_vers=1.5
|
||||
aclocal_vers=1.5
|
||||
#libtool_vers=1.3
|
||||
|
||||
DIE=no
|
||||
if test "$1" = "--build-w32"; then
|
||||
shift
|
||||
target=i386--mingw32
|
||||
if [ ! -f ./config.guess ]; then
|
||||
echo "./config.guess not found" >&2
|
||||
exit 1
|
||||
fi
|
||||
host=`./config.guess`
|
||||
|
||||
if ! mingw32 --version >/dev/null; then
|
||||
echo "We need at least version 0.3 of MingW32/CPD" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f config.h ]; then
|
||||
if grep HAVE_DOSISH_SYSTEM config.h | grep undef >/dev/null; then
|
||||
echo "Pease run a 'make distclean' first" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
crossinstalldir=`mingw32 --install-dir`
|
||||
crossbindir=`mingw32 --get-bindir 2>/dev/null` \
|
||||
|| crossbindir="$crossinstalldir/bin"
|
||||
crossdatadir=`mingw32 --get-datadir 2>/dev/null` \
|
||||
|| crossdatadir="$crossinstalldir/share"
|
||||
crosslibdir=`mingw32 --get-libdir 2>/dev/null` \
|
||||
|| crosslibdir="$crossinstalldir/i386--mingw32/lib"
|
||||
crossincdir=`mingw32 --get-includedir 2>/dev/null` \
|
||||
|| crossincdir="$crossinstalldir/i386--mingw32/include"
|
||||
CC=`mingw32 --get-path gcc`
|
||||
CPP=`mingw32 --get-path cpp`
|
||||
AR=`mingw32 --get-path ar`
|
||||
RANLIB=`mingw32 --get-path ranlib`
|
||||
export CC CPP AR RANLIB
|
||||
|
||||
disable_foo_tests=""
|
||||
if [ -n "$lib_config_files" ]; then
|
||||
for i in $lib_config_files; do
|
||||
j=`echo $i | tr '[a-z-]' '[A-Z_]'`
|
||||
eval "$j=${crossbindir}/$i"
|
||||
export $j
|
||||
disable_foo_tests="$disable_foo_tests --disable-`echo $i| \
|
||||
sed 's,-config$,,'`-test"
|
||||
if [ ! -f "${crossbindir}/$i" ]; then
|
||||
echo "$i not installed for MingW32" >&2
|
||||
DIE=yes
|
||||
fi
|
||||
done
|
||||
fi
|
||||
[ $DIE = yes ] && exit 1
|
||||
|
||||
./configure --host=${host} --target=${target} ${disable_foo_tests} \
|
||||
--bindir=${crossbindir} --libdir=${crosslibdir} \
|
||||
--datadir=${crossdatadir} --includedir=${crossincdir} \
|
||||
--enable-maintainer-mode $*
|
||||
exit $?
|
||||
fi
|
||||
|
||||
if ! have_version autoconf "$autoconf autoconf" $autoconf_vers
|
||||
then
|
||||
DIE="yes"
|
||||
fi
|
||||
|
||||
if have_version automake "$automake automake automake-1.6" $automake_vers
|
||||
then
|
||||
if ! have_version aclocal "$aclocal aclocal aclocal-1.6" $aclocal_vers
|
||||
then
|
||||
DIE='yes'
|
||||
fi
|
||||
else
|
||||
DIE='yes'
|
||||
fi
|
||||
|
||||
#if (libtool --version) < /dev/null > /dev/null 2>&1 ; then
|
||||
# if (libtool --version | awk 'NR==1 { if( $4 >= '$libtool_vers') \
|
||||
# exit 1; exit 0; }');
|
||||
# then
|
||||
# echo "**Error**: "\`libtool\'" is too old."
|
||||
# echo ' (version ' $libtool_vers ' or newer is required)'
|
||||
# DIE="yes"
|
||||
# fi
|
||||
#else
|
||||
# echo
|
||||
# echo "**Error**: You must have "\`libtool\'" installed to compile $PGM."
|
||||
# echo ' (version ' $libtool_vers ' or newer is required)'
|
||||
# DIE="yes"
|
||||
#fi
|
||||
|
||||
if test "$DIE" = "yes"; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#echo "Running libtoolize... Ignore non-fatal messages."
|
||||
#echo "no" | libtoolize
|
||||
|
||||
echo "Running gettextize... Ignore non-fatal messages."
|
||||
echo "no" | gettextize
|
||||
|
||||
echo "Running $aclocal"
|
||||
$aclocal
|
||||
echo "Running autoheader..."
|
||||
autoheader
|
||||
echo "Running $automake --gnu -a"
|
||||
$automake --gnu -a
|
||||
echo "Running $autoconf"
|
||||
$autoconf
|
||||
|
1100
configure.ac
1100
configure.ac
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user