From af935bd41030ed12b53a4ba42b9e398facf08310 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 17 Dec 2009 17:25:26 +0000 Subject: [PATCH] Implement --faked-systrem-time for gpg. Typo and comment fixes. --- doc/DETAILS | 13 +++++++------ doc/gpg.texi | 7 +++++++ doc/gpgsm.texi | 2 +- g10/ChangeLog | 4 ++++ g10/gpg.c | 22 ++++++++++++++++++++++ g10/server.c | 4 ++-- kbx/keybox-blob.c | 3 +++ sm/certchain.c | 6 +++--- 8 files changed, 49 insertions(+), 12 deletions(-) diff --git a/doc/DETAILS b/doc/DETAILS index 89f9e86a1..8bbaeb771 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -221,12 +221,13 @@ more arguments in future versions. GOODSIG The signature with the keyid is good. For each signature only - one of the three codes GOODSIG, BADSIG or ERRSIG will be - emitted and they may be used as a marker for a new signature. - The username is the primary one encoded in UTF-8 and %XX - escaped. The fingerprint may be used instead of the long keyid - if it is available. This is the case with CMS and might - eventually also be available for OpenPGP. + one of the codes GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, REVKEYSIG + or ERRSIG will be emitted. In the past they were used as a + marker for a new signature; new code should use the NEWSIG + status instead. The username is the primary one encoded in + UTF-8 and %XX escaped. The fingerprint may be used instead of + the long keyid if it is available. This is the case with CMS + and might eventually also be available for OpenPGP. EXPSIG The signature with the keyid is good, but the signature is diff --git a/doc/gpg.texi b/doc/gpg.texi index b405e5b71..4fdff42e4 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2188,6 +2188,13 @@ Enable debug output from the included CCID driver for smartcards. Note that this option is only available on some system. @end ifset +@item --faked-system-time @var{epoch} +@opindex faked-system-time +This option is only useful for testing; it sets the system time back or +forth to @var{epoch} which is the number of seconds elapsed since the year +1970. Alternatively @var{epoch} may be given as a full ISO time string +(e.g. "20070924T154812"). + @item --enable-progress-filter Enable certain PROGRESS status outputs. This option allows frontends to display a progress indicator while gpg is processing larger files. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index b2c290934..b354ece90 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -450,7 +450,7 @@ However the standard model (shell) is in that case always tried first. @opindex ignore-cert-extension Add @var{oid} to the list of ignored certificate extensions. The @var{oid} is expected to be in dotted decimal form, like -@code{2.5.29.3}. This option may used more than once. Critical +@code{2.5.29.3}. This option may be used more than once. Critical flagged certificate extensions matching one of the OIDs in the list are treated as if they are actually handled and thus the certificate won't be rejected due to an unknown critical extension. Use this diff --git a/g10/ChangeLog b/g10/ChangeLog index a19ee313e..e0db8d0c2 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,7 @@ +2009-12-17 Werner Koch + + * gpg.c: Add new option --faked-system-time. + 2009-12-15 Werner Koch * keydb.c (keydb_add_resource): s/readonly/read_only/g. diff --git a/g10/gpg.c b/g10/gpg.c index 5ef4f4c99..cce9f6e90 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -362,6 +362,7 @@ enum cmd_and_opt_values oDisableDSA2, oAllowMultipleMessages, oNoAllowMultipleMessages, + oFakedSystemTime, oNoop }; @@ -704,6 +705,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"), ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), + ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), /* Aliases. I constantly mistype these, and assume other people do as well. */ @@ -2963,6 +2965,15 @@ main (int argc, char **argv) opt.flags.allow_multiple_messages=0; break; + case oFakedSystemTime: + { + time_t faked_time = isotime2epoch (pargs.r.ret_str); + if (faked_time == (time_t)(-1)) + faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10); + gnupg_set_time (faked_time, 0); + } + break; + case oNoop: break; default: @@ -3069,6 +3080,17 @@ main (int argc, char **argv) if( opt.batch ) tty_batchmode( 1 ); + if (gnupg_faked_time_p ()) + { + gnupg_isotime_t tbuf; + + log_info (_("WARNING: running with faked system time: ")); + gnupg_get_isotime (tbuf); + dump_isotime (tbuf); + log_printf ("\n"); + } + + gcry_control (GCRYCTL_RESUME_SECMEM_WARN); if(require_secmem && !got_secmem) diff --git a/g10/server.c b/g10/server.c index d817f7f6c..37acceebf 100644 --- a/g10/server.c +++ b/g10/server.c @@ -608,7 +608,7 @@ static const char hlp_passwd[] = static gpg_error_t cmd_passwd (assuan_context_t ctx, char *line) { - ctrl_t ctrl = assuan_get_pointer (ctx); + /* ctrl_t ctrl = assuan_get_pointer (ctx); */ gpg_error_t err; line = skip_options (line); @@ -629,7 +629,7 @@ register_commands (assuan_context_t ctx) { const char *name; assuan_handler_t handler; - assuan_handler_t help; + const char * const help; } table[] = { { "RECIPIENT", cmd_recipient }, { "SIGNER", cmd_signer }, diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c index 64e534f9f..de2add65a 100644 --- a/kbx/keybox-blob.c +++ b/kbx/keybox-blob.c @@ -315,6 +315,9 @@ add_fixup (KEYBOXBLOB blob, u32 off, u32 val) static u32 make_timestamp (void) { +#ifdef __GNUC__ +#warning using time and not gnupg_get_time +#endif return time(NULL); } diff --git a/sm/certchain.c b/sm/certchain.c index 37ac9c15d..bbb8bbe8d 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -241,9 +241,9 @@ unknown_criticals (ksba_cert_t cert, int listmode, estream_t fp) ; unsupported = !known[i]; - /* If this critical extension is not supoported, check the list - of to be ignored extensions to se whether we claim that it is - supported. */ + /* If this critical extension is not supported. Check the list + of to be ignored extensions to see whether we claim that it + is supported. */ if (unsupported && opt.ignored_cert_extensions) { for (sl=opt.ignored_cert_extensions;