From a6fcdbc9e0fc0e45a3badc23813e689e83059b61 Mon Sep 17 00:00:00 2001 From: Andre Heinecke Date: Fri, 19 Sep 2014 19:38:13 +0200 Subject: [PATCH] gpg: Check gpg-agent version before 2.1 migration. * g10/call-agent.c, g10/call-agent.h (agent_get_version): New. * g10/migrate.c (migrate_secring): Abort migration if agent_get_version returns not at least 2.1.0 -- GnuPG-bug-id: 1718 On the first installation of GnuPG 2.1 it is likely that an old gpg-agent is still running in the environment. In that case the migration would fail. Signed-off-by: Andre Heinecke --- g10/call-agent.c | 30 ++++++++++++++++++++++++++++++ g10/call-agent.h | 2 ++ g10/migrate.c | 23 +++++++++++++++++++++++ 3 files changed, 55 insertions(+) diff --git a/g10/call-agent.c b/g10/call-agent.c index 58f4a92c5..080df1867 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -2277,3 +2277,33 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, cache_nonce_status_cb, &cn_parm); return err; } + +/* Return the version reported by gpg-agent. */ +gpg_error_t +agent_get_version (ctrl_t ctrl, char **r_version) +{ + gpg_error_t err; + membuf_t data; + + err = start_agent (ctrl, 0); + if (err) + return err; + + init_membuf (&data, 64); + err = assuan_transact (agent_ctx, "GETINFO version", + membuf_data_cb, &data, + NULL, NULL, NULL, NULL); + if (err) + { + xfree (get_membuf (&data, NULL)); + *r_version = NULL; + } + else + { + put_membuf (&data, "", 1); + *r_version = get_membuf (&data, NULL); + if (!*r_version) + err = gpg_error_from_syserror (); + } + return err; +} diff --git a/g10/call-agent.h b/g10/call-agent.h index 1deb8548a..5b4cd0931 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -192,6 +192,8 @@ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, /* Change the passphrase of a key. */ gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, char **cache_nonce_addr, char **passwd_nonce_addr); +/* Get the version reported by gpg-agent. */ +gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version); #endif /*GNUPG_G10_CALL_AGENT_H*/ diff --git a/g10/migrate.c b/g10/migrate.c index 9a21cfe8e..5cb3512d9 100644 --- a/g10/migrate.c +++ b/g10/migrate.c @@ -29,6 +29,7 @@ #include "keydb.h" #include "util.h" #include "main.h" +#include "call-agent.h" #ifdef HAVE_DOSISH_SYSTEM @@ -46,6 +47,7 @@ migrate_secring (ctrl_t ctrl) dotlock_t lockhd = NULL; char *secring = NULL; char *flagfile = NULL; + char *agent_version = NULL; secring = make_filename (opt.homedir, "secring" EXTSEP_S "gpg", NULL); if (access (secring, F_OK)) @@ -72,6 +74,27 @@ migrate_secring (ctrl_t ctrl) goto leave; } + if (!agent_get_version (ctrl, &agent_version)) + { + if (!gnupg_compare_version (agent_version, "2.1.0")) + { + log_error ("error: GnuPG agent version \"%s\" is too old. ", + agent_version); + log_error ("Please install an updated GnuPG agent.\n"); + log_error ("migration aborted\n"); + xfree (agent_version); + goto leave; + } + xfree (agent_version); + } + else + { + log_error ("error: GnuPG agent unusable. " + "Please check that a GnuPG agent can be started.\n"); + log_error ("migration aborted\n"); + goto leave; + } + log_info ("porting secret keys from '%s' to gpg-agent\n", secring); if (!import_old_secring (ctrl, secring)) {