diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index af9150640..3f03ff4dc 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -81,6 +81,7 @@ enum cmd_and_opt_values oDebugAll, oDebugLevel, oDebugWait, + oDebugQuickRandom, oNoGreeting, oNoOptions, oHomedir, @@ -149,6 +150,7 @@ static ARGPARSE_OPTS opts[] = { { oDebugAll, "debug-all" ,0, "@"}, { oDebugLevel, "debug-level" ,2, "@"}, { oDebugWait,"debug-wait",1, "@"}, + ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"), { oNoDetach, "no-detach" ,0, N_("do not detach from the console")}, { oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")}, { oLogFile, "log-file" ,2, N_("use a log file for the server")}, @@ -730,6 +732,11 @@ main (int argc, char **argv ) default_config = 0; /* --no-options */ else if (pargs.r_opt == oHomedir) opt.homedir = pargs.r.ret_str; + else if (pargs.r_opt == oDebugQuickRandom) + { + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + } + } /* Initialize the secure memory. */ @@ -847,6 +854,10 @@ main (int argc, char **argv ) # endif break; + case oDebugQuickRandom: + /* Only used by the first stage command line parser. */ + break; + case oWriteEnvFile: /* dummy */ break; default : pargs.err = configfp? 1:2; break; diff --git a/common/asshelp.c b/common/asshelp.c index e97d39603..3fc28a156 100644 --- a/common/asshelp.c +++ b/common/asshelp.c @@ -363,7 +363,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx, assuan_context_t ctx; int did_success_msg = 0; char *sockname; - const char *argv[5]; + const char *argv[6]; *r_ctx = NULL; @@ -380,10 +380,31 @@ start_new_gpg_agent (assuan_context_t *r_ctx, { char *abs_homedir; lock_spawn_t lock; + char *program = NULL; + const char *program_arg = NULL; + char *p; + const char *s; + int i; /* With no success start a new server. */ if (!agent_program || !*agent_program) agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT); + else if ((s=strchr (agent_program, '|')) && s[1] == '-' && s[2]=='-') + { + /* Hack to insert an additional option on the command line. */ + program = xtrystrdup (agent_program); + if (!program) + { + gpg_error_t tmperr = gpg_err_make (errsource, + gpg_err_code_from_syserror ()); + xfree (sockname); + assuan_release (ctx); + return tmperr; + } + p = strchr (program, '|'); + *p++ = 0; + program_arg = p; + } if (verbose) log_info (_("no running gpg-agent - starting '%s'\n"), @@ -404,6 +425,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx, log_error ("error building filename: %s\n",gpg_strerror (tmperr)); xfree (sockname); assuan_release (ctx); + xfree (program); return tmperr; } @@ -416,30 +438,32 @@ start_new_gpg_agent (assuan_context_t *r_ctx, xfree (sockname); assuan_release (ctx); xfree (abs_homedir); + xfree (program); return tmperr; } /* If the agent has been configured for use with a standard socket, an environment variable is not required and thus we we can savely start the agent here. */ - - argv[0] = "--homedir"; - argv[1] = abs_homedir; - argv[2] = "--use-standard-socket"; - argv[3] = "--daemon"; - argv[4] = NULL; + i = 0; + argv[i++] = "--homedir"; + argv[i++] = abs_homedir; + argv[i++] = "--use-standard-socket"; + if (program_arg) + argv[i++] = program_arg; + argv[i++] = "--daemon"; + argv[i++] = NULL; if (!(err = lock_spawning (&lock, homedir, "agent", verbose)) && assuan_socket_connect (ctx, sockname, 0, 0)) { - err = gnupg_spawn_process_detached (agent_program, argv,NULL); + err = gnupg_spawn_process_detached (program? program : agent_program, + argv, NULL); if (err) log_error ("failed to start agent '%s': %s\n", agent_program, gpg_strerror (err)); else { - int i; - for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++) { if (verbose) @@ -462,6 +486,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx, unlock_spawning (&lock, "agent"); xfree (abs_homedir); + xfree (program); } xfree (sockname); if (err) diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 7eadf5923..a4079d7ed 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -293,6 +293,14 @@ When running in server mode, wait @var{n} seconds before entering the actual processing loop and print the pid. This gives time to attach a debugger. +@item --debug-quick-random +@opindex debug-quick-random +This option inhibits the use the very secure random quality level +(Libgcrypt’s @code{GCRY_VERY_STRONG_RANDOM}) and degrades all request +down to standard random quality. It is only used for testing and +shall not be used for any production quality keys. This option is +only effective when given on the command line. + @item --no-detach @opindex no-detach Don't detach the process from the console. This is mainly useful for diff --git a/doc/gpg.texi b/doc/gpg.texi index cddf46238..e894f5c18 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1710,7 +1710,10 @@ This is dummy option. It has no effect when used with @command{gpg2}. @item --agent-program @var{file} @opindex agent-program Specify an agent program to be used for secret key operations. The -default value is the @file{/usr/bin/gpg-agent}. +default value is determined by running @command{gpgconf} with the +option @option{--list-dirs}. Note that the pipe symbol (@code{|}) is +used for a regression test suite hack and may thus not be used in the +file name. @ifclear gpgtwoone This is only used as a fallback when the environment variable @code{GPG_AGENT_INFO} is not diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index bc6326ca4..34b6024bc 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -358,7 +358,9 @@ Change the default name of the policy file to @var{filename}. @item --agent-program @var{file} @opindex agent-program Specify an agent program to be used for secret key operations. The -default value is the @file{/usr/local/bin/gpg-agent}. +default value is determined by running the command @command{gpgconf}. +Note that the pipe symbol (@code{|}) is used for a regression test +suite hack and may thus not be used in the file name. @ifclear gpgtwoone This is only used as a fallback when the environment variable @code{GPG_AGENT_INFO} is not diff --git a/doc/tools.texi b/doc/tools.texi index d9ce81eb1..d556b6da4 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1199,7 +1199,11 @@ Try to be as quiet as possible. @item --agent-program @var{file} @opindex agent-program -Specify the agent program to be started if none is running. +Specify the agent program to be started if none is running. The +default value is determined by running @command{gpgconf} with the +option @option{--list-dirs}. Note that the pipe symbol (@code{|}) is +used for a regression test suite hack and may thus not be used in the +file name. @ifset gpgtwoone @item --dirmngr-program @var{file} diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc index b7320d562..941f786bc 100755 --- a/tests/openpgp/defs.inc +++ b/tests/openpgp/defs.inc @@ -244,10 +244,9 @@ for f in gpg.conf gpg-agent.conf ; do case "$f" in gpg.conf) [ -n "${opt_always}" ] && echo "no-auto-check-trustdb" >>"$f" - echo "agent-program $GPG_AGENT" >>"$f" + echo "agent-program ${GPG_AGENT}|--debug-quick-random" >>"$f" echo "allow-weak-digest-algos" >>"$f" - - ;; + ;; gpg-agent.conf) echo "pinentry-program $PINENTRY" >>"$f" ;; diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test index cae8b6840..057bcf018 100755 --- a/tests/openpgp/version.test +++ b/tests/openpgp/version.test @@ -39,9 +39,12 @@ done # create a faked random seed file. Note that we need to set the # agent-program so that gpg-connect-agent is able to start the agent # we are currently testing and not an already installed one. +# The "|--debug-quick-random" is a hack to start gpg-agent with +# that option on the command line. info "Starting the agent" $MKTDATA 600 >random_seed -if $GPG_CONNECT_AGENT -v --agent-program="$GPG_AGENT" /bye; then +if $GPG_CONNECT_AGENT -v \ + --agent-program="${GPG_AGENT}|--debug-quick-random" /bye; then : else error "starting the gpg-agent failed"