gpg: Check gpg-agent version before 2.1 migration.

* g10/call-agent.c, g10/call-agent.h (agent_get_version): New. * g10/migrate.c (migrate_secring): Abort migration if agent_get_version returns not at least 2.1.0 -- GnuPG-bug-id: 1718 On the first installation of GnuPG 2.1 it is likely that an old gpg-agent is still running in the environment. In that case the migration would fail. Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2024-12-22 10:19:57 +01:00 · 2014-09-19 19:38:13 +02:00 · 2014-09-19 19:38:13 +02:00 · a6fcdbc9e0
commit a6fcdbc9e0
parent 09a8f75f30
3 changed files with 55 additions and 0 deletions
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@ -2277,3 +2277,33 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
                         cache_nonce_status_cb, &cn_parm);
  return err;
 }
+
+/* Return the version reported by gpg-agent.  */
+gpg_error_t
+agent_get_version (ctrl_t ctrl, char **r_version)
+{
+  gpg_error_t err;
+  membuf_t data;
+
+  err = start_agent (ctrl, 0);
+  if (err)
+    return err;
+
+  init_membuf (&data, 64);
+  err = assuan_transact (agent_ctx, "GETINFO version",
+                        membuf_data_cb, &data,
+                        NULL, NULL, NULL, NULL);
+  if (err)
+    {
+      xfree (get_membuf (&data, NULL));
+      *r_version = NULL;
+    }
+  else
+    {
+      put_membuf (&data, "", 1);
+      *r_version = get_membuf (&data, NULL);
+      if (!*r_version)
+        err = gpg_error_from_syserror ();
+    }
+  return err;
+}
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@ -192,6 +192,8 @@ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip,
 /* Change the passphrase of a key.  */
 gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
                          char **cache_nonce_addr, char **passwd_nonce_addr);
+/* Get the version reported by gpg-agent.  */
+gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version);


 #endif /*GNUPG_G10_CALL_AGENT_H*/
--- a/g10/migrate.c
+++ b/g10/migrate.c
@ -29,6 +29,7 @@
 #include "keydb.h"
 #include "util.h"
 #include "main.h"
+#include "call-agent.h"


 #ifdef HAVE_DOSISH_SYSTEM
@ -46,6 +47,7 @@ migrate_secring (ctrl_t ctrl)
  dotlock_t lockhd = NULL;
  char *secring = NULL;
  char *flagfile = NULL;
+  char *agent_version = NULL;

  secring = make_filename (opt.homedir, "secring" EXTSEP_S "gpg", NULL);
  if (access (secring, F_OK))
@ -72,6 +74,27 @@ migrate_secring (ctrl_t ctrl)
      goto leave;
    }

+  if (!agent_get_version (ctrl, &agent_version))
+    {
+      if (!gnupg_compare_version (agent_version, "2.1.0"))
+        {
+          log_error ("error: GnuPG agent version \"%s\" is too old. ",
+                     agent_version);
+          log_error ("Please install an updated GnuPG agent.\n");
+          log_error ("migration aborted\n");
+          xfree (agent_version);
+          goto leave;
+        }
+      xfree (agent_version);
+    }
+  else
+    {
+      log_error ("error: GnuPG agent unusable. "
+                 "Please check that a GnuPG agent can be started.\n");
+      log_error ("migration aborted\n");
+      goto leave;
+    }
+
  log_info ("porting secret keys from '%s' to gpg-agent\n", secring);
  if (!import_old_secring (ctrl, secring))
    {