From aa971d5c894036162bae96daa30d81ad811267d3 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 28 Sep 2001 10:43:03 +0000 Subject: [PATCH] make check does work again --- ChangeLog | 9 +++++++++ TODO | 9 ++++----- configure.ac | 7 +++++-- doc/gpg.sgml | 3 ++- doc/gpg.texi | 37 +++++++++++++++++++++++++++-------- g10/ChangeLog | 8 ++++++++ g10/keyring.c | 53 ++++++++++++++++++++++++++++----------------------- g10/tdbdump.c | 9 ++++++++- g10/tdbio.c | 6 ++++-- 9 files changed, 98 insertions(+), 43 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1441f180d..707c52956 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2001-09-28 Werner Koch + + * configure.ac: From now on add a string "-cvs" to the version to + indicate that this is a pre-release of the given version number. + +2001-09-26 Werner Koch + + * configure.ac [MINGW32]: Switched from wsock.dll to ws2_32.dll. + 2001-09-09 Werner Koch * configure.ac: autoconf changed the name of the maintainer mode diff --git a/TODO b/TODO index 117cc8e11..1c7d0b980 100644 --- a/TODO +++ b/TODO @@ -1,8 +1,9 @@ + + * getkey does not return revoked/expired keys - therefore it is not + possible to override it. * Selection using +wordlist does not work. - * Make the offtbl in keyring.c global. - * Always use the primary key to sign other keys. * add listing of notation data @@ -75,9 +76,8 @@ * export by user-IDs does only export the first matching name which leads to a problem in cases where there are 2 keys with identically user-IDs. - --> Check whether this is still true. + --> Check whether this is still true - yes it is. - * With option -i prompt before adding a key to the keyring and show some info what we are about to add. @@ -105,7 +105,6 @@ Nice to have * use DEL and ^H for erasing the previous character (util/ttyio.c). or better readline. * Print a warning if the directory mode is wrong. - * Do a real fix for bug #7 or document that it is a PGP 5 error. * preferences of hash algorithms are not yet used. * add test cases for invalid data (scrambled armor or other random data) * add checking of armor trailers diff --git a/configure.ac b/configure.ac index 814fe22e8..83580eba9 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,10 @@ dnl (Process this file with autoconf to produce a configure script.) AC_REVISION($Revision$)dnl AC_PREREQ(2.52) -AC_INIT(gnupg,1.0.6b) +dnl A snapshot release has a letter appended. CVS files before a release +dnl are suffixed with the string "-cvs", so "1.0.6a-cvs" is a cvs version +dnl between 1.0.6 and 1.0.6a. +AC_INIT(gnupg,1.0.6b-cvs) AC_CONFIG_SRCDIR(g10/g10.c) AC_CONFIG_AUX_DIR(scripts) AC_CONFIG_HEADERS(config.h) @@ -786,7 +789,7 @@ GNUPG_CHECK_GNUMAKE # mysterious reasons - the final link step shoudl bail out. case "${target}" in *-*-mingw32*) - LIBS="$LIBS -lwsock32" + LIBS="$LIBS -lws2_32" ;; *) ;; diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 386b256e2..2f8557ac9 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -1175,8 +1175,8 @@ modifications, you can use this option to disable the caching. It probably does not make sense to disable it because all kind of damage can be done if someone else has write access to your public keyring. - + --no-sig-create-check GnuPG normally verifies each signature right after creation to protect @@ -1187,6 +1187,7 @@ However, due to the fact that the signature creation needs manual interaction, this performance penalty does not matter in most settings. + --no-auto-check-trustdb If GnuPG feels that its information about the Web-of-Trust has to be diff --git a/doc/gpg.texi b/doc/gpg.texi index b95543567..5193eb11c 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -316,23 +316,40 @@ not be expected to successfully import such a key. @itemx ---fast-import @code{files} Import/merge keys. This adds the given keys to the keyring. -The fast version does not build +The fast version does not update the trustdb; this can be done at any time with the command ---update-trustdb. There are a few other options which control how this command works. Most notable here is the ---merge-only option which does not insert new keys but does only the merging of new signatures, user-IDs and subkeys. -See also the option ---allow-secret-key-import. @item ---recv-keys @code{key IDs} Import the keys with the given key IDs from a HKP keyserver. Option ---keyserver must be used to give the name of this keyserver. -@item ---export-ownertrust -List the assigned ownertrust values in ASCII format -for backup purposes. +@item ---recv-keys @code{key IDs} +Import the keys with the given key IDs from a HKP +keyserver. Option ---keyserver must be used to +give the name of this keyserver. + +@item ---update-trustdb +Do trust DB maintenance. This command goes over all keys and builds +the Web-of-Trust. This is an intercative command because it may has to +ask for the "ownertrust" values of keys. The user has to give an +estimation in how far she trusts the owner of the displayed key to +correctly certify (sign) other keys. It does only ask for that value +if it has not yet been assigned to a key. Using the edit menu, that +value can be changed at any time later. + +@item ---check-trustdb +Do trust DB maintenance without user interaction. Form time to time +the trust database must be updated so that expired keys and resulting +changes in the Web-of_trust can be tracked. GnuPG tries to figure +when this is required and then does it implicitly; this command can be +used to force such a check. The processing is identically to that of +---update-trustdb but it skips keys with a not yet defined "ownertrust". @item ---import-ownertrust @code{files} Update the trustdb with the ownertrust values stored @@ -703,6 +720,12 @@ for DSA keys), and so this option can be used to disable it. However, due to the fact that the signature creation needs manual interaction, this performance penalty does not matter in most settings. +@item ---no-auto-check-trustdb +If GnuPG feels that its information about the Web-of-Trust has to be +updated, it automatically runs the ---check-trustdb command +internally. As this is a time consuming process, this option allow to +disable the automatic invocation. + @item ---throw-keyid Do not put the keyid into encrypted packets. This option hides the receiver of the message and is a countermeasure @@ -905,9 +928,7 @@ handing out the secret key. Don't insert new keys into the keyrings while doing an import. @item ---allow-secret-key-import -Allow import of secret keys. The import command normally skips secret -keys because a secret key can otherwise be used to attack the trust -calculation. +This is an obsolete option and is not used anywhere. @item ---try-all-secrets Don't look at the key ID as stored in the message but try all secret keys in diff --git a/g10/ChangeLog b/g10/ChangeLog index cb40e3e75..6eebdf4ab 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +2001-09-28 Werner Koch + + * tdbio.c (migrate_from_v2): Check return code of tbdio_sync. + + * tdbdump.c (import_ownertrust): Do a tdbio_sync(). + + * keyring.c: Made the offtbl an global object. + 2001-09-27 Werner Koch * pkclist.c (do_edit_ownertrust): Allow settin of ultimate trust. diff --git a/g10/keyring.c b/g10/keyring.c index cdfb65861..1ca36ad7c 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -35,10 +35,14 @@ #include "main.h" /*for check_key_signature()*/ #include "i18n.h" +/* off_item is a funny named for an object used to keep track of known + * keys. The idea was to use the offset to seek to the known keyblock, but + * this is not possible if more than one process is using the keyring. + */ struct off_item { struct off_item *next; u32 kid[2]; - off_t off; + /*off_t off;*/ }; typedef struct off_item **OffsetHashTable; @@ -48,8 +52,6 @@ typedef struct keyring_name *KR_NAME; struct keyring_name { struct keyring_name *next; int secret; - OffsetHashTable offtbl; - int offtbl_ready; DOTLOCK lockhd; int is_locked; char fname[1]; @@ -59,6 +61,9 @@ typedef struct keyring_name const * CONST_KR_NAME; static KR_NAME kr_names; static int active_handles; +static OffsetHashTable kr_offtbl; +static int kr_offtbl_ready; + struct keyring_handle { int secret; /* this is for a secret keyring */ @@ -119,6 +124,7 @@ new_offset_hash_table (void) return tbl; } +#if 0 static void release_offset_hash_table (OffsetHashTable tbl) { @@ -130,6 +136,7 @@ release_offset_hash_table (OffsetHashTable tbl) release_offset_items (tbl[i]); m_free (tbl); } +#endif static struct off_item * lookup_offset_hash_table (OffsetHashTable tbl, u32 *kid) @@ -151,7 +158,7 @@ update_offset_hash_table (OffsetHashTable tbl, u32 *kid, off_t off) { if (k->kid[0] == kid[0] && k->kid[1] == kid[1]) { - k->off = off; + /*k->off = off;*/ return; } } @@ -159,7 +166,7 @@ update_offset_hash_table (OffsetHashTable tbl, u32 *kid, off_t off) k = new_offset_item (); k->kid[0] = kid[0]; k->kid[1] = kid[1]; - k->off = off; + /*k->off = off;*/ k->next = tbl[(kid[1] & 0x07ff)]; tbl[(kid[1] & 0x07ff)] = k; } @@ -201,12 +208,14 @@ keyring_register_filename (const char *fname, int secret) kr = m_alloc (sizeof *kr + strlen (fname)); strcpy (kr->fname, fname); kr->secret = !!secret; - kr->offtbl = new_offset_hash_table (); - kr->offtbl_ready = 0; kr->lockhd = NULL; kr->is_locked = 0; kr->next = kr_names; kr_names = kr; + + /* create the offset table the first time a function here is used */ + if (!kr_offtbl) + kr_offtbl = new_offset_hash_table (); } @@ -479,11 +488,9 @@ keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb) rc = do_copy (3, hd->found.kr->fname, kb, hd->secret, hd->found.offset, hd->found.n_packets ); if (!rc) { - if (hd->current.kr && hd->current.kr->offtbl) + if (!hd->secret && kr_offtbl) { - /* we do not have the offset but as it is not use it does not - * matter*/ - update_offset_hash_table_from_kb (hd->current.kr->offtbl, kb, 0); + update_offset_hash_table_from_kb (kr_offtbl, kb, 0); } /* better reset the found info */ hd->found.kr = NULL; @@ -521,10 +528,9 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb) /* do the insert */ rc = do_copy (1, fname, kb, hd->secret, 0, 0 ); - if (!rc && hd->current.kr && hd->current.kr->offtbl) + if (!rc && !hd->secret && kr_offtbl) { - /* we do not have the offset but as it is not use it does not matter*/ - update_offset_hash_table_from_kb (hd->current.kr->offtbl, kb, 0); + update_offset_hash_table_from_kb (kr_offtbl, kb, 0); } return rc; @@ -835,11 +841,10 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc) int need_uid, need_words, need_keyid, need_fpr, any_skip; int pk_no, uid_no; int initial_skip; + int use_offtbl; PKT_user_id *uid = NULL; PKT_public_key *pk = NULL; PKT_secret_key *sk = NULL; - OffsetHashTable offtbl; - int offtbl_ready; /* figure out what information we need */ need_uid = need_words = need_keyid = need_fpr = any_skip = 0; @@ -881,17 +886,16 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc) if (rc) return rc; - offtbl = hd->secret? NULL:hd->current.kr->offtbl; - offtbl_ready = hd->current.kr->offtbl_ready; - if (!offtbl) + use_offtbl = !hd->secret && kr_offtbl; + if (!use_offtbl) ; - else if (!offtbl_ready) + else if (!kr_offtbl_ready) need_keyid = 1; else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID) { struct off_item *oi; - oi = lookup_offset_hash_table (offtbl, desc[0].u.kid); + oi = lookup_offset_hash_table (kr_offtbl, desc[0].u.kid); if (!oi) { /* We know that we don't have this key */ hd->found.kr = NULL; @@ -958,8 +962,8 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc) if (need_keyid) keyid_from_pk (pk, aki); - if (offtbl && !offtbl_ready) - update_offset_hash_table (offtbl, aki, main_offset); + if (use_offtbl && !kr_offtbl_ready) + update_offset_hash_table (kr_offtbl, aki, main_offset); } else if (pkt.pkttype == PKT_USER_ID) { uid = pkt.pkt.user_id; @@ -1052,7 +1056,8 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc) hd->current.eof = 1; /* if we scanned the entire keyring, we are sure that * all known key IDs are in our offtbl, mark that. */ - hd->current.kr->offtbl_ready = 1; + if (use_offtbl) + kr_offtbl_ready = 1; } else hd->current.error = rc; diff --git a/g10/tdbdump.c b/g10/tdbdump.c index 092d18257..cd46f1f5a 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -128,6 +128,7 @@ import_ownertrust( const char *fname ) unsigned int otrust; byte fpr[20]; int any = 0; + int rc; init_trustdb(); if( !fname || (*fname == '-' && !fname[1]) ) { @@ -142,7 +143,6 @@ import_ownertrust( const char *fname ) while( fgets( line, DIM(line)-1, fp ) ) { TRUSTREC rec; - int rc; if( !*line || *line == '#' ) continue; @@ -210,6 +210,13 @@ import_ownertrust( const char *fname ) fclose(fp); if (any) + { revalidation_mark (); + rc = tdbio_sync (); + if (rc) + log_error (_("trustdb: sync failed: %s\n"), g10_errstr(rc) ); + } + } + diff --git a/g10/tdbio.c b/g10/tdbio.c index 59bcc8530..50064cf59 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -1455,7 +1455,7 @@ migrate_from_v2 () int ottable_size, ottable_used; byte oldbuf[40]; ulong recno; - int count; + int rc, count; ottable_size = 5; ottable = m_alloc (ottable_size * sizeof *ottable); @@ -1555,7 +1555,9 @@ migrate_from_v2 () } revalidation_mark (); - tdbio_sync (); + rc = tdbio_sync (); + if (rc) + log_fatal ("failed to sync `%s'\n", db_name); log_info ("migrated %d version 2 ownertrusts\n", count); m_free (ottable); }