mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
gpg: Deprecate the --keyserver option.
* g10/keyserver.c (keyserver_refresh): Change return type to gpg_error_t. Use gpg_dirmngr_ks_list to print the name of the keyserver to use. (keyserver_search): Do not print the "no keyserver" error message. The same error is anyway returned from dirmngr. * g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword". (ks_status_cb): Handle other status keywords. (gpg_dirmngr_ks_list): New. * tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver". (gc_options_dirmngr): Add "Keyserver" group and "keyserver". -- Along with the corresponding dirmngr change this option allows to configure the keyserver only in dirmngr.conf. Existing configurations will continue to work. However, GUIs using gpgconf now the keyserver option under the dirmngr (aka Key Acquirer) tab unless they are in export mode in which the keyserver option is also show for gpg. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
a48e6de603
commit
ae471fa978
@ -1504,6 +1504,9 @@ ignored if the option --with-colons is used.
|
|||||||
|
|
||||||
@item --keyserver @code{name}
|
@item --keyserver @code{name}
|
||||||
@opindex keyserver
|
@opindex keyserver
|
||||||
|
This option is deprecated - please use the @option{--keyserver} in
|
||||||
|
@file{dirmngr.conf} instead.
|
||||||
|
|
||||||
Use @code{name} as your keyserver. This is the server that
|
Use @code{name} as your keyserver. This is the server that
|
||||||
@option{--recv-keys}, @option{--send-keys}, and @option{--search-keys}
|
@option{--recv-keys}, @option{--send-keys}, and @option{--search-keys}
|
||||||
will communicate with to receive keys from, send keys to, and search for
|
will communicate with to receive keys from, send keys to, and search for
|
||||||
@ -1586,6 +1589,7 @@ are available for all keyserver types, some common options are:
|
|||||||
@option{--recv-keys} command as a whole. Defaults to 30 seconds.
|
@option{--recv-keys} command as a whole. Defaults to 30 seconds.
|
||||||
|
|
||||||
@item http-proxy=@code{value}
|
@item http-proxy=@code{value}
|
||||||
|
This options is deprecated.
|
||||||
Set the proxy to use for HTTP and HKP keyservers.
|
Set the proxy to use for HTTP and HKP keyservers.
|
||||||
This overrides any proxy defined in @file{dirmngr.conf}.
|
This overrides any proxy defined in @file{dirmngr.conf}.
|
||||||
|
|
||||||
|
@ -44,6 +44,7 @@
|
|||||||
/* Parameter structure used to gather status info. */
|
/* Parameter structure used to gather status info. */
|
||||||
struct ks_status_parm_s
|
struct ks_status_parm_s
|
||||||
{
|
{
|
||||||
|
const char *keyword; /* Look for this keyword or NULL for "SOURCE". */
|
||||||
char *source;
|
char *source;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -334,7 +335,7 @@ clear_context_flags (ctrl_t ctrl, assuan_context_t ctx)
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Status callback for ks_get and ks_search. */
|
/* Status callback for ks_list, ks_get and ks_search. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ks_status_cb (void *opaque, const char *line)
|
ks_status_cb (void *opaque, const char *line)
|
||||||
{
|
{
|
||||||
@ -342,7 +343,7 @@ ks_status_cb (void *opaque, const char *line)
|
|||||||
gpg_error_t err = 0;
|
gpg_error_t err = 0;
|
||||||
const char *s;
|
const char *s;
|
||||||
|
|
||||||
if ((s = has_leading_keyword (line, "SOURCE")))
|
if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
|
||||||
{
|
{
|
||||||
if (!parm->source)
|
if (!parm->source)
|
||||||
{
|
{
|
||||||
@ -356,6 +357,44 @@ ks_status_cb (void *opaque, const char *line)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* Run the "KEYSERVER" command to return the name of the used
|
||||||
|
keyserver at R_KEYSERVER. */
|
||||||
|
gpg_error_t
|
||||||
|
gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
|
||||||
|
{
|
||||||
|
gpg_error_t err;
|
||||||
|
assuan_context_t ctx;
|
||||||
|
struct ks_status_parm_s stparm;
|
||||||
|
|
||||||
|
memset (&stparm, 0, sizeof stparm);
|
||||||
|
stparm.keyword = "KEYSERVER";
|
||||||
|
*r_keyserver = NULL;
|
||||||
|
|
||||||
|
err = open_context (ctrl, &ctx);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
err = assuan_transact (ctx, "KEYSERVER", NULL, NULL,
|
||||||
|
NULL, NULL, ks_status_cb, &stparm);
|
||||||
|
if (err)
|
||||||
|
goto leave;
|
||||||
|
if (!stparm.source)
|
||||||
|
{
|
||||||
|
err = gpg_error (GPG_ERR_NO_KEYSERVER);
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
|
||||||
|
*r_keyserver = stparm.source;
|
||||||
|
stparm.source = NULL;
|
||||||
|
|
||||||
|
leave:
|
||||||
|
xfree (stparm.source);
|
||||||
|
close_context (ctrl, ctx);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Data callback for the KS_SEARCH command. */
|
/* Data callback for the KS_SEARCH command. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
|
@ -21,6 +21,7 @@
|
|||||||
|
|
||||||
void gpg_dirmngr_deinit_session_data (ctrl_t ctrl);
|
void gpg_dirmngr_deinit_session_data (ctrl_t ctrl);
|
||||||
|
|
||||||
|
gpg_error_t gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver);
|
||||||
gpg_error_t gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
|
gpg_error_t gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
|
||||||
gpg_error_t (*cb)(void*, int, char *),
|
gpg_error_t (*cb)(void*, int, char *),
|
||||||
void *cb_value);
|
void *cb_value);
|
||||||
|
@ -37,7 +37,7 @@ int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
|
|||||||
struct keyserver_spec *keyserver);
|
struct keyserver_spec *keyserver);
|
||||||
int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
|
int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
|
||||||
struct keyserver_spec *keyserver);
|
struct keyserver_spec *keyserver);
|
||||||
int keyserver_refresh (ctrl_t ctrl, strlist_t users);
|
gpg_error_t keyserver_refresh (ctrl_t ctrl, strlist_t users);
|
||||||
gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens);
|
gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens);
|
||||||
int keyserver_fetch (ctrl_t ctrl, strlist_t urilist);
|
int keyserver_fetch (ctrl_t ctrl, strlist_t urilist);
|
||||||
int keyserver_import_cert (ctrl_t ctrl, const char *name,
|
int keyserver_import_cert (ctrl_t ctrl, const char *name,
|
||||||
|
@ -1357,10 +1357,12 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
|
|||||||
/* Note this is different than the original HKP refresh. It allows
|
/* Note this is different than the original HKP refresh. It allows
|
||||||
usernames to refresh only part of the keyring. */
|
usernames to refresh only part of the keyring. */
|
||||||
|
|
||||||
int
|
gpg_error_t
|
||||||
keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
||||||
{
|
{
|
||||||
int rc,count,numdesc,fakev3=0;
|
gpg_error_t err;
|
||||||
|
int count, numdesc;
|
||||||
|
int fakev3 = 0;
|
||||||
KEYDB_SEARCH_DESC *desc;
|
KEYDB_SEARCH_DESC *desc;
|
||||||
unsigned int options=opt.keyserver_options.import_options;
|
unsigned int options=opt.keyserver_options.import_options;
|
||||||
|
|
||||||
@ -1381,9 +1383,9 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
|||||||
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
|
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
|
||||||
fakev3=1;
|
fakev3=1;
|
||||||
|
|
||||||
rc=keyidlist(users,&desc,&numdesc,fakev3);
|
err = keyidlist (users, &desc, &numdesc, fakev3);
|
||||||
if(rc)
|
if (err)
|
||||||
return rc;
|
return err;
|
||||||
|
|
||||||
count=numdesc;
|
count=numdesc;
|
||||||
if(count>0)
|
if(count>0)
|
||||||
@ -1403,11 +1405,11 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
|||||||
/* We use the keyserver structure we parsed out before.
|
/* We use the keyserver structure we parsed out before.
|
||||||
Note that a preferred keyserver without a scheme://
|
Note that a preferred keyserver without a scheme://
|
||||||
will be interpreted as hkp:// */
|
will be interpreted as hkp:// */
|
||||||
rc = keyserver_get (ctrl, &desc[i], 1, keyserver, NULL, NULL);
|
err = keyserver_get (ctrl, &desc[i], 1, keyserver, NULL, NULL);
|
||||||
if(rc)
|
if (err)
|
||||||
log_info(_("WARNING: unable to refresh key %s"
|
log_info(_("WARNING: unable to refresh key %s"
|
||||||
" via %s: %s\n"),keystr_from_desc(&desc[i]),
|
" via %s: %s\n"),keystr_from_desc(&desc[i]),
|
||||||
keyserver->uri,gpg_strerror (rc));
|
keyserver->uri,gpg_strerror (err));
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* We got it, so mark it as NONE so we don't try and
|
/* We got it, so mark it as NONE so we don't try and
|
||||||
@ -1424,16 +1426,22 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
|||||||
|
|
||||||
if(count>0)
|
if(count>0)
|
||||||
{
|
{
|
||||||
if(opt.keyserver && !opt.quiet)
|
char *tmpuri;
|
||||||
{
|
|
||||||
if(count==1)
|
|
||||||
log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
|
|
||||||
else
|
|
||||||
log_info(_("refreshing %d keys from %s\n"),
|
|
||||||
count,opt.keyserver->uri);
|
|
||||||
}
|
|
||||||
|
|
||||||
rc=keyserver_get (ctrl, desc, numdesc, NULL, NULL, NULL);
|
err = gpg_dirmngr_ks_list (ctrl, &tmpuri);
|
||||||
|
if (!err)
|
||||||
|
{
|
||||||
|
if (!opt.quiet)
|
||||||
|
{
|
||||||
|
if(count==1)
|
||||||
|
log_info(_("refreshing 1 key from %s\n"), tmpuri);
|
||||||
|
else
|
||||||
|
log_info(_("refreshing %d keys from %s\n"), count, tmpuri);
|
||||||
|
}
|
||||||
|
xfree (tmpuri);
|
||||||
|
|
||||||
|
err = keyserver_get (ctrl, desc, numdesc, NULL, NULL, NULL);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
xfree(desc);
|
xfree(desc);
|
||||||
@ -1445,7 +1453,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
|||||||
if(!(opt.keyserver_options.import_options&IMPORT_FAST))
|
if(!(opt.keyserver_options.import_options&IMPORT_FAST))
|
||||||
check_or_update_trustdb ();
|
check_or_update_trustdb ();
|
||||||
|
|
||||||
return rc;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1463,12 +1471,6 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
|
|||||||
if (!tokens)
|
if (!tokens)
|
||||||
return 0; /* Return success if no patterns are given. */
|
return 0; /* Return success if no patterns are given. */
|
||||||
|
|
||||||
if (!opt.keyserver)
|
|
||||||
{
|
|
||||||
log_error (_("no keyserver known (use option --keyserver)\n"));
|
|
||||||
return gpg_error (GPG_ERR_NO_KEYSERVER);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Write global options */
|
/* Write global options */
|
||||||
|
|
||||||
/* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
|
/* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
|
||||||
|
@ -724,8 +724,8 @@ static gc_option_t gc_options_gpg[] =
|
|||||||
{ "Keyserver",
|
{ "Keyserver",
|
||||||
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
|
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
|
||||||
"gnupg", N_("Configuration for Keyservers") },
|
"gnupg", N_("Configuration for Keyservers") },
|
||||||
{ "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
{ "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
|
||||||
"gnupg", N_("|URL|use keyserver at URL"),
|
"gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
|
||||||
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
|
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
|
||||||
{ "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
{ "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
||||||
"gnupg", N_("allow PKA lookups (DNS requests)"),
|
"gnupg", N_("allow PKA lookups (DNS requests)"),
|
||||||
@ -735,8 +735,6 @@ static gc_option_t gc_options_gpg[] =
|
|||||||
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
|
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
GC_OPTION_NULL
|
GC_OPTION_NULL
|
||||||
};
|
};
|
||||||
#endif /*BUILD_WITH_GPG*/
|
#endif /*BUILD_WITH_GPG*/
|
||||||
@ -915,6 +913,13 @@ static gc_option_t gc_options_dirmngr[] =
|
|||||||
"dirmngr", "route all network traffic via TOR",
|
"dirmngr", "route all network traffic via TOR",
|
||||||
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
|
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
|
||||||
|
|
||||||
|
{ "Keyserver",
|
||||||
|
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
|
||||||
|
"gnupg", N_("Configuration for Keyservers") },
|
||||||
|
{ "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
||||||
|
"gnupg", N_("|URL|use keyserver at URL"),
|
||||||
|
GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
|
||||||
|
|
||||||
{ "HTTP",
|
{ "HTTP",
|
||||||
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
|
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
|
||||||
"gnupg", N_("Configuration for HTTP servers") },
|
"gnupg", N_("Configuration for HTTP servers") },
|
||||||
|
Loading…
x
Reference in New Issue
Block a user