security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-23 15:07:03 +01:00
Code Activity

make check does work again

Browse Source
This commit is contained in:
Werner Koch 2001-09-28 10:43:03 +00:00
parent c1a0e80f71
commit aa971d5c89
9 changed files with 98 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -1,3 +1,12 @@
2001-09-28 Werner Koch <wk@gnupg.org>
* configure.ac: From now on add a string "-cvs" to the version to
indicate that this is a pre-release of the given version number.
2001-09-26 Werner Koch <wk@gnupg.org>
* configure.ac [MINGW32]: Switched from wsock.dll to ws2_32.dll.
2001-09-09 Werner Koch <wk@gnupg.org> 2001-09-09 Werner Koch <wk@gnupg.org>
* configure.ac: autoconf changed the name of the maintainer mode * configure.ac: autoconf changed the name of the maintainer mode

9
TODO
View File

@ -1,8 +1,9 @@
* getkey does not return revoked/expired keys - therefore it is not
possible to override it.
* Selection using +wordlist does not work. * Selection using +wordlist does not work.
* Make the offtbl in keyring.c global.
* Always use the primary key to sign other keys. * Always use the primary key to sign other keys.
* add listing of notation data * add listing of notation data
@ -75,8 +76,7 @@
* export by user-IDs does only export the first matching name which leads * export by user-IDs does only export the first matching name which leads
to a problem in cases where there are 2 keys with identically to a problem in cases where there are 2 keys with identically
user-IDs. user-IDs.
--> Check whether this is still true. --> Check whether this is still true - yes it is.
* With option -i prompt before adding a key to the keyring and show some * With option -i prompt before adding a key to the keyring and show some
info what we are about to add. info what we are about to add.
@ -105,7 +105,6 @@ Nice to have
* use DEL and ^H for erasing the previous character (util/ttyio.c). * use DEL and ^H for erasing the previous character (util/ttyio.c).
or better readline. or better readline.
* Print a warning if the directory mode is wrong. * Print a warning if the directory mode is wrong.
* Do a real fix for bug #7 or document that it is a PGP 5 error.
* preferences of hash algorithms are not yet used. * preferences of hash algorithms are not yet used.
* add test cases for invalid data (scrambled armor or other random data) * add test cases for invalid data (scrambled armor or other random data)
* add checking of armor trailers * add checking of armor trailers

7
configure.ac
View File

@ -21,7 +21,10 @@ dnl (Process this file with autoconf to produce a configure script.)
AC_REVISION($Revision$)dnl AC_REVISION($Revision$)dnl
AC_PREREQ(2.52) AC_PREREQ(2.52)
AC_INIT(gnupg,1.0.6b) dnl A snapshot release has a letter appended. CVS files before a release
dnl are suffixed with the string "-cvs", so "1.0.6a-cvs" is a cvs version
dnl between 1.0.6 and 1.0.6a.
AC_INIT(gnupg,1.0.6b-cvs)
AC_CONFIG_SRCDIR(g10/g10.c) AC_CONFIG_SRCDIR(g10/g10.c)
AC_CONFIG_AUX_DIR(scripts) AC_CONFIG_AUX_DIR(scripts)
AC_CONFIG_HEADERS(config.h) AC_CONFIG_HEADERS(config.h)
@ -786,7 +789,7 @@ GNUPG_CHECK_GNUMAKE
# mysterious reasons - the final link step shoudl bail out. # mysterious reasons - the final link step shoudl bail out.
case "${target}" in case "${target}" in
*-*-mingw32*) *-*-mingw32*)
LIBS="$LIBS -lwsock32" LIBS="$LIBS -lws2_32"
;; ;;
*) *)
;; ;;

3
doc/gpg.sgml
View File

@ -1175,8 +1175,8 @@ modifications, you can use this option to disable the caching. It
probably does not make sense to disable it because all kind of damage probably does not make sense to disable it because all kind of damage
can be done if someone else has write access to your public keyring. can be done if someone else has write access to your public keyring.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<varlistentry>
<term>--no-sig-create-check</term> <term>--no-sig-create-check</term>
<listitem><para> <listitem><para>
GnuPG normally verifies each signature right after creation to protect GnuPG normally verifies each signature right after creation to protect
@ -1187,6 +1187,7 @@ However, due to the fact that the signature creation needs manual
interaction, this performance penalty does not matter in most settings. interaction, this performance penalty does not matter in most settings.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<term>--no-auto-check-trustdb</term> <term>--no-auto-check-trustdb</term>
<listitem><para> <listitem><para>
If GnuPG feels that its information about the Web-of-Trust has to be If GnuPG feels that its information about the Web-of-Trust has to be

37
doc/gpg.texi
View File

@ -316,23 +316,40 @@ not be expected to successfully import such a key.
@itemx ---fast-import @code{files} @itemx ---fast-import @code{files}
Import/merge keys. This adds the given keys to the Import/merge keys. This adds the given keys to the
keyring. keyring.
The fast version does not build The fast version does not update
the trustdb; this can be done at any time with the the trustdb; this can be done at any time with the
command ---update-trustdb. command ---update-trustdb.
There are a few other options which control how this command works. There are a few other options which control how this command works.
Most notable here is the ---merge-only option which does not insert new keys Most notable here is the ---merge-only option which does not insert new keys
but does only the merging of new signatures, user-IDs and subkeys. but does only the merging of new signatures, user-IDs and subkeys.
See also the option ---allow-secret-key-import.
@item ---recv-keys @code{key IDs} @item ---recv-keys @code{key IDs}
Import the keys with the given key IDs from a HKP Import the keys with the given key IDs from a HKP
keyserver. Option ---keyserver must be used to keyserver. Option ---keyserver must be used to
give the name of this keyserver. give the name of this keyserver.
@item ---export-ownertrust @item ---recv-keys @code{key IDs}
List the assigned ownertrust values in ASCII format Import the keys with the given key IDs from a HKP
for backup purposes. keyserver. Option ---keyserver must be used to
give the name of this keyserver.
@item ---update-trustdb
Do trust DB maintenance. This command goes over all keys and builds
the Web-of-Trust. This is an intercative command because it may has to
ask for the "ownertrust" values of keys. The user has to give an
estimation in how far she trusts the owner of the displayed key to
correctly certify (sign) other keys. It does only ask for that value
if it has not yet been assigned to a key. Using the edit menu, that
value can be changed at any time later.
@item ---check-trustdb
Do trust DB maintenance without user interaction. Form time to time
the trust database must be updated so that expired keys and resulting
changes in the Web-of_trust can be tracked. GnuPG tries to figure
when this is required and then does it implicitly; this command can be
used to force such a check. The processing is identically to that of
---update-trustdb but it skips keys with a not yet defined "ownertrust".
@item ---import-ownertrust @code{files} @item ---import-ownertrust @code{files}
Update the trustdb with the ownertrust values stored Update the trustdb with the ownertrust values stored
@ -703,6 +720,12 @@ for DSA keys), and so this option can be used to disable it.
However, due to the fact that the signature creation needs manual However, due to the fact that the signature creation needs manual
interaction, this performance penalty does not matter in most settings. interaction, this performance penalty does not matter in most settings.
@item ---no-auto-check-trustdb
If GnuPG feels that its information about the Web-of-Trust has to be
updated, it automatically runs the ---check-trustdb command
internally. As this is a time consuming process, this option allow to
disable the automatic invocation.
@item ---throw-keyid @item ---throw-keyid
Do not put the keyid into encrypted packets. This option Do not put the keyid into encrypted packets. This option
hides the receiver of the message and is a countermeasure hides the receiver of the message and is a countermeasure
@ -905,9 +928,7 @@ handing out the secret key.
Don't insert new keys into the keyrings while doing an import. Don't insert new keys into the keyrings while doing an import.
@item ---allow-secret-key-import @item ---allow-secret-key-import
Allow import of secret keys. The import command normally skips secret This is an obsolete option and is not used anywhere.
keys because a secret key can otherwise be used to attack the trust
calculation.
@item ---try-all-secrets @item ---try-all-secrets
Don't look at the key ID as stored in the message but try all secret keys in Don't look at the key ID as stored in the message but try all secret keys in

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2001-09-28 Werner Koch <wk@gnupg.org>
* tdbio.c (migrate_from_v2): Check return code of tbdio_sync.
* tdbdump.c (import_ownertrust): Do a tdbio_sync().
* keyring.c: Made the offtbl an global object.
2001-09-27 Werner Koch <wk@gnupg.org> 2001-09-27 Werner Koch <wk@gnupg.org>
* pkclist.c (do_edit_ownertrust): Allow settin of ultimate trust. * pkclist.c (do_edit_ownertrust): Allow settin of ultimate trust.

53
g10/keyring.c
View File

@ -35,10 +35,14 @@
#include "main.h" /*for check_key_signature()*/ #include "main.h" /*for check_key_signature()*/
#include "i18n.h" #include "i18n.h"
/* off_item is a funny named for an object used to keep track of known
* keys. The idea was to use the offset to seek to the known keyblock, but
* this is not possible if more than one process is using the keyring.
*/
struct off_item { struct off_item {
struct off_item *next; struct off_item *next;
u32 kid[2]; u32 kid[2];
off_t off; /*off_t off;*/
}; };
typedef struct off_item **OffsetHashTable; typedef struct off_item **OffsetHashTable;
@ -48,8 +52,6 @@ typedef struct keyring_name *KR_NAME;
struct keyring_name { struct keyring_name {
struct keyring_name *next; struct keyring_name *next;
int secret; int secret;
OffsetHashTable offtbl;
int offtbl_ready;
DOTLOCK lockhd; DOTLOCK lockhd;
int is_locked; int is_locked;
char fname[1]; char fname[1];
@ -59,6 +61,9 @@ typedef struct keyring_name const * CONST_KR_NAME;
static KR_NAME kr_names; static KR_NAME kr_names;
static int active_handles; static int active_handles;
static OffsetHashTable kr_offtbl;
static int kr_offtbl_ready;
struct keyring_handle { struct keyring_handle {
int secret; /* this is for a secret keyring */ int secret; /* this is for a secret keyring */
@ -119,6 +124,7 @@ new_offset_hash_table (void)
return tbl; return tbl;
} }
#if 0
static void static void
release_offset_hash_table (OffsetHashTable tbl) release_offset_hash_table (OffsetHashTable tbl)
{ {
@ -130,6 +136,7 @@ release_offset_hash_table (OffsetHashTable tbl)
release_offset_items (tbl[i]); release_offset_items (tbl[i]);
m_free (tbl); m_free (tbl);
} }
#endif
static struct off_item * static struct off_item *
lookup_offset_hash_table (OffsetHashTable tbl, u32 *kid) lookup_offset_hash_table (OffsetHashTable tbl, u32 *kid)
@ -151,7 +158,7 @@ update_offset_hash_table (OffsetHashTable tbl, u32 *kid, off_t off)
{ {
if (k->kid[0] == kid[0] && k->kid[1] == kid[1]) if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
{ {
k->off = off; /*k->off = off;*/
return; return;
} }
} }
@ -159,7 +166,7 @@ update_offset_hash_table (OffsetHashTable tbl, u32 *kid, off_t off)
k = new_offset_item (); k = new_offset_item ();
k->kid[0] = kid[0]; k->kid[0] = kid[0];
k->kid[1] = kid[1]; k->kid[1] = kid[1];
k->off = off; /*k->off = off;*/
k->next = tbl[(kid[1] & 0x07ff)]; k->next = tbl[(kid[1] & 0x07ff)];
tbl[(kid[1] & 0x07ff)] = k; tbl[(kid[1] & 0x07ff)] = k;
} }
@ -201,12 +208,14 @@ keyring_register_filename (const char *fname, int secret)
kr = m_alloc (sizeof *kr + strlen (fname)); kr = m_alloc (sizeof *kr + strlen (fname));
strcpy (kr->fname, fname); strcpy (kr->fname, fname);
kr->secret = !!secret; kr->secret = !!secret;
kr->offtbl = new_offset_hash_table ();
kr->offtbl_ready = 0;
kr->lockhd = NULL; kr->lockhd = NULL;
kr->is_locked = 0; kr->is_locked = 0;
kr->next = kr_names; kr->next = kr_names;
kr_names = kr; kr_names = kr;
/* create the offset table the first time a function here is used */
if (!kr_offtbl)
kr_offtbl = new_offset_hash_table ();
} }
@ -479,11 +488,9 @@ keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb)
rc = do_copy (3, hd->found.kr->fname, kb, hd->secret, rc = do_copy (3, hd->found.kr->fname, kb, hd->secret,
hd->found.offset, hd->found.n_packets ); hd->found.offset, hd->found.n_packets );
if (!rc) { if (!rc) {
if (hd->current.kr && hd->current.kr->offtbl) if (!hd->secret && kr_offtbl)
{ {
/* we do not have the offset but as it is not use it does not update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
* matter*/
update_offset_hash_table_from_kb (hd->current.kr->offtbl, kb, 0);
} }
/* better reset the found info */ /* better reset the found info */
hd->found.kr = NULL; hd->found.kr = NULL;
@ -521,10 +528,9 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
/* do the insert */ /* do the insert */
rc = do_copy (1, fname, kb, hd->secret, 0, 0 ); rc = do_copy (1, fname, kb, hd->secret, 0, 0 );
if (!rc && hd->current.kr && hd->current.kr->offtbl) if (!rc && !hd->secret && kr_offtbl)
{ {
/* we do not have the offset but as it is not use it does not matter*/ update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
update_offset_hash_table_from_kb (hd->current.kr->offtbl, kb, 0);
} }
return rc; return rc;
@ -835,11 +841,10 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
int need_uid, need_words, need_keyid, need_fpr, any_skip; int need_uid, need_words, need_keyid, need_fpr, any_skip;
int pk_no, uid_no; int pk_no, uid_no;
int initial_skip; int initial_skip;
int use_offtbl;
PKT_user_id *uid = NULL; PKT_user_id *uid = NULL;
PKT_public_key *pk = NULL; PKT_public_key *pk = NULL;
PKT_secret_key *sk = NULL; PKT_secret_key *sk = NULL;
OffsetHashTable offtbl;
int offtbl_ready;
/* figure out what information we need */ /* figure out what information we need */
need_uid = need_words = need_keyid = need_fpr = any_skip = 0; need_uid = need_words = need_keyid = need_fpr = any_skip = 0;
@ -881,17 +886,16 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
if (rc) if (rc)
return rc; return rc;
offtbl = hd->secret? NULL:hd->current.kr->offtbl; use_offtbl = !hd->secret && kr_offtbl;
offtbl_ready = hd->current.kr->offtbl_ready; if (!use_offtbl)
if (!offtbl)
; ;
else if (!offtbl_ready) else if (!kr_offtbl_ready)
need_keyid = 1; need_keyid = 1;
else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID) else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
{ {
struct off_item *oi; struct off_item *oi;
oi = lookup_offset_hash_table (offtbl, desc[0].u.kid); oi = lookup_offset_hash_table (kr_offtbl, desc[0].u.kid);
if (!oi) if (!oi)
{ /* We know that we don't have this key */ { /* We know that we don't have this key */
hd->found.kr = NULL; hd->found.kr = NULL;
@ -958,8 +962,8 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
if (need_keyid) if (need_keyid)
keyid_from_pk (pk, aki); keyid_from_pk (pk, aki);
if (offtbl && !offtbl_ready) if (use_offtbl && !kr_offtbl_ready)
update_offset_hash_table (offtbl, aki, main_offset); update_offset_hash_table (kr_offtbl, aki, main_offset);
} }
else if (pkt.pkttype == PKT_USER_ID) { else if (pkt.pkttype == PKT_USER_ID) {
uid = pkt.pkt.user_id; uid = pkt.pkt.user_id;
@ -1052,7 +1056,8 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
hd->current.eof = 1; hd->current.eof = 1;
/* if we scanned the entire keyring, we are sure that /* if we scanned the entire keyring, we are sure that
* all known key IDs are in our offtbl, mark that. */ * all known key IDs are in our offtbl, mark that. */
hd->current.kr->offtbl_ready = 1; if (use_offtbl)
kr_offtbl_ready = 1;
} }
else else
hd->current.error = rc; hd->current.error = rc;

9
g10/tdbdump.c
View File

@ -128,6 +128,7 @@ import_ownertrust( const char *fname )
unsigned int otrust; unsigned int otrust;
byte fpr[20]; byte fpr[20];
int any = 0; int any = 0;
int rc;
init_trustdb(); init_trustdb();
if( !fname || (*fname == '-' && !fname[1]) ) { if( !fname || (*fname == '-' && !fname[1]) ) {
@ -142,7 +143,6 @@ import_ownertrust( const char *fname )
while( fgets( line, DIM(line)-1, fp ) ) { while( fgets( line, DIM(line)-1, fp ) ) {
TRUSTREC rec; TRUSTREC rec;
int rc;
if( !*line || *line == '#' ) if( !*line || *line == '#' )
continue; continue;
@ -210,6 +210,13 @@ import_ownertrust( const char *fname )
fclose(fp); fclose(fp);
if (any) if (any)
{
revalidation_mark (); revalidation_mark ();
rc = tdbio_sync ();
if (rc)
log_error (_("trustdb: sync failed: %s\n"), g10_errstr(rc) );
}
} }

6
g10/tdbio.c
View File

@ -1455,7 +1455,7 @@ migrate_from_v2 ()
int ottable_size, ottable_used; int ottable_size, ottable_used;
byte oldbuf[40]; byte oldbuf[40];
ulong recno; ulong recno;
int count; int rc, count;
ottable_size = 5; ottable_size = 5;
ottable = m_alloc (ottable_size * sizeof *ottable); ottable = m_alloc (ottable_size * sizeof *ottable);
@ -1555,7 +1555,9 @@ migrate_from_v2 ()
} }
revalidation_mark (); revalidation_mark ();
tdbio_sync (); rc = tdbio_sync ();
if (rc)
log_fatal ("failed to sync `%s'\n", db_name);
log_info ("migrated %d version 2 ownertrusts\n", count); log_info ("migrated %d version 2 ownertrusts\n", count);
m_free (ottable); m_free (ottable);
} }