diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index db5079c5d..9d4fb1474 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -131,6 +131,7 @@ enum cmd_and_opt_values { oFakedSystemTime, oForce, oAllowOCSP, + oAllowVersionCheck, oSocketName, oLDAPWrapperProgram, oHTTPWrapperProgram, @@ -176,6 +177,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oBatch, "batch", N_("run without asking a user")), ARGPARSE_s_n (oForce, "force", N_("force loading of outdated CRLs")), ARGPARSE_s_n (oAllowOCSP, "allow-ocsp", N_("allow sending OCSP requests")), + ARGPARSE_s_n (oAllowVersionCheck, "allow-version-check", + N_("allow online software version check")), ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")), ARGPARSE_s_n (oDisableLDAP, "disable-ldap", N_("inhibit the use of LDAP")), ARGPARSE_s_n (oIgnoreHTTPDP,"ignore-http-dp", @@ -289,6 +292,10 @@ static int disable_check_own_socket; /* Counter for the active connections. */ static int active_connections; +/* This flag is set by any network access and used by the housekeeping + * thread to run background network tasks. */ +static int network_activity_seen; + /* The timer tick used for housekeeping stuff. For Windows we use a longer period as the SetWaitableTimer seems to signal earlier than the 2 seconds. All values are in seconds. */ @@ -526,6 +533,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.ignore_ldap_dp = 0; opt.ignore_ocsp_service_url = 0; opt.allow_ocsp = 0; + opt.allow_version_check = 0; opt.ocsp_responder = NULL; opt.ocsp_max_clock_skew = 10 * 60; /* 10 minutes. */ opt.ocsp_max_period = 90 * 86400; /* 90 days. */ @@ -588,6 +596,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oIgnoreOCSPSvcUrl: opt.ignore_ocsp_service_url = 1; break; case oAllowOCSP: opt.allow_ocsp = 1; break; + case oAllowVersionCheck: opt.allow_version_check = 1; break; case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break; case oOCSPSigner: opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str); @@ -1329,15 +1338,6 @@ main (int argc, char **argv) char *filename; char *filename_esc; -#ifdef HAVE_W32_SYSTEM - /* On Windows systems, dirmngr always runs as system daemon, and - the per-user configuration is never used. So we short-cut - everything to use the global system configuration of dirmngr - above, and here we set the no change flag to make these - read-only. */ - flags |= GC_OPT_FLAG_NO_CHANGE; -#endif - /* First the configuration file. This is not an option, but it is vital information for GPG Conf. */ if (!opt.config_filename) @@ -1375,6 +1375,7 @@ main (int argc, char **argv) es_printf ("max-replies:%lu:%u\n", flags | GC_OPT_FLAG_DEFAULT, DEFAULT_MAX_REPLIES); es_printf ("allow-ocsp:%lu:\n", flags | GC_OPT_FLAG_NONE); + es_printf ("allow-version-check:%lu:\n", flags | GC_OPT_FLAG_NONE); es_printf ("ocsp-responder:%lu:\n", flags | GC_OPT_FLAG_NONE); es_printf ("ocsp-signer:%lu:\n", flags | GC_OPT_FLAG_NONE); @@ -1723,7 +1724,7 @@ dirmngr_sighup_action (void) static void netactivity_action (void) { - log_debug ("network activity seen\n"); + network_activity_seen = 1; } @@ -1782,6 +1783,7 @@ housekeeping_thread (void *arg) { static int sentinel; time_t curtime; + struct server_control_s ctrlbuf; (void)arg; @@ -1795,7 +1797,18 @@ housekeeping_thread (void *arg) if (opt.verbose > 1) log_info ("starting housekeeping\n"); + memset (&ctrlbuf, 0, sizeof ctrlbuf); + dirmngr_init_default_ctrl (&ctrlbuf); + ks_hkp_housekeeping (curtime); + if (network_activity_seen) + { + network_activity_seen = 0; + if (opt.use_tor || opt.allow_version_check) + dirmngr_load_swdb (&ctrlbuf, 0); + } + + dirmngr_deinit_default_ctrl (&ctrlbuf); if (opt.verbose > 1) log_info ("ready with housekeeping\n"); diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 42b3b2bba..da1c4beff 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -92,6 +92,7 @@ struct int running_detached; /* We are running in detached mode. */ int use_tor; /* Tor mode has been enabled. */ + int allow_version_check; /* --allow-version-check is active. */ int force; /* Force loading outdated CRLs. */ diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 300068ed4..73afbc318 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -244,6 +244,15 @@ this still leaks the DNS queries; e.g. to lookup the hosts in a keyserver pool. Certain other features are disabled if this mode is active. +@item --allow-version-check +@opindex allow-version-check +Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get +the list of current software versions. If this option is enabled, or +if @option{use-tor} is active, the list is retrieved when the local +copy does not exist or is older than 5 to 7 days. See the option +@option{--query-swdb} of the command @command{gpgconf} for more +details. + @item --keyserver @var{name} @opindex keyserver Use @var{name} as your keyserver. This is the server that @command{gpg} diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 48c1b68bf..cd99c8132 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -909,11 +909,14 @@ static gc_option_t gc_options_dirmngr[] = { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, "dirmngr", "force loading of outdated CRLs", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, + { "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, + "dirmngr", "allow online software version check", + GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, { "Tor", GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC, "gnupg", N_("Options controlling the use of Tor") }, - { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, + { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, "dirmngr", "route all network traffic via TOR", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },