mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
dirmngr: Auto-sownload the swdb.lst
* dirmngr/dirmngr.h (struct opt): Add field allow_version_check. * dirmngr/dirmngr.c (oAllowVersionCheck): New. (opts): Add --allow-version-check. (network_activity_seen): New variable. (parse_rereadable_options): Set opt.allow_version_check. (main) <aGPGConfList>: Do not anymore set the no change flag for Windows. Add allow-version-check. (netactivity_action): Set network_activity_seen. (housekeeping_thread): Call dirmngr_load_swdb. * tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check. Make "use-tor" available at Basic level. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
c45ca316a5
commit
bd91f92ace
@ -131,6 +131,7 @@ enum cmd_and_opt_values {
|
|||||||
oFakedSystemTime,
|
oFakedSystemTime,
|
||||||
oForce,
|
oForce,
|
||||||
oAllowOCSP,
|
oAllowOCSP,
|
||||||
|
oAllowVersionCheck,
|
||||||
oSocketName,
|
oSocketName,
|
||||||
oLDAPWrapperProgram,
|
oLDAPWrapperProgram,
|
||||||
oHTTPWrapperProgram,
|
oHTTPWrapperProgram,
|
||||||
@ -176,6 +177,8 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
ARGPARSE_s_n (oBatch, "batch", N_("run without asking a user")),
|
ARGPARSE_s_n (oBatch, "batch", N_("run without asking a user")),
|
||||||
ARGPARSE_s_n (oForce, "force", N_("force loading of outdated CRLs")),
|
ARGPARSE_s_n (oForce, "force", N_("force loading of outdated CRLs")),
|
||||||
ARGPARSE_s_n (oAllowOCSP, "allow-ocsp", N_("allow sending OCSP requests")),
|
ARGPARSE_s_n (oAllowOCSP, "allow-ocsp", N_("allow sending OCSP requests")),
|
||||||
|
ARGPARSE_s_n (oAllowVersionCheck, "allow-version-check",
|
||||||
|
N_("allow online software version check")),
|
||||||
ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")),
|
ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")),
|
||||||
ARGPARSE_s_n (oDisableLDAP, "disable-ldap", N_("inhibit the use of LDAP")),
|
ARGPARSE_s_n (oDisableLDAP, "disable-ldap", N_("inhibit the use of LDAP")),
|
||||||
ARGPARSE_s_n (oIgnoreHTTPDP,"ignore-http-dp",
|
ARGPARSE_s_n (oIgnoreHTTPDP,"ignore-http-dp",
|
||||||
@ -289,6 +292,10 @@ static int disable_check_own_socket;
|
|||||||
/* Counter for the active connections. */
|
/* Counter for the active connections. */
|
||||||
static int active_connections;
|
static int active_connections;
|
||||||
|
|
||||||
|
/* This flag is set by any network access and used by the housekeeping
|
||||||
|
* thread to run background network tasks. */
|
||||||
|
static int network_activity_seen;
|
||||||
|
|
||||||
/* The timer tick used for housekeeping stuff. For Windows we use a
|
/* The timer tick used for housekeeping stuff. For Windows we use a
|
||||||
longer period as the SetWaitableTimer seems to signal earlier than
|
longer period as the SetWaitableTimer seems to signal earlier than
|
||||||
the 2 seconds. All values are in seconds. */
|
the 2 seconds. All values are in seconds. */
|
||||||
@ -526,6 +533,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
|||||||
opt.ignore_ldap_dp = 0;
|
opt.ignore_ldap_dp = 0;
|
||||||
opt.ignore_ocsp_service_url = 0;
|
opt.ignore_ocsp_service_url = 0;
|
||||||
opt.allow_ocsp = 0;
|
opt.allow_ocsp = 0;
|
||||||
|
opt.allow_version_check = 0;
|
||||||
opt.ocsp_responder = NULL;
|
opt.ocsp_responder = NULL;
|
||||||
opt.ocsp_max_clock_skew = 10 * 60; /* 10 minutes. */
|
opt.ocsp_max_clock_skew = 10 * 60; /* 10 minutes. */
|
||||||
opt.ocsp_max_period = 90 * 86400; /* 90 days. */
|
opt.ocsp_max_period = 90 * 86400; /* 90 days. */
|
||||||
@ -588,6 +596,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
|||||||
case oIgnoreOCSPSvcUrl: opt.ignore_ocsp_service_url = 1; break;
|
case oIgnoreOCSPSvcUrl: opt.ignore_ocsp_service_url = 1; break;
|
||||||
|
|
||||||
case oAllowOCSP: opt.allow_ocsp = 1; break;
|
case oAllowOCSP: opt.allow_ocsp = 1; break;
|
||||||
|
case oAllowVersionCheck: opt.allow_version_check = 1; break;
|
||||||
case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
|
case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
|
||||||
case oOCSPSigner:
|
case oOCSPSigner:
|
||||||
opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str);
|
opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str);
|
||||||
@ -1329,15 +1338,6 @@ main (int argc, char **argv)
|
|||||||
char *filename;
|
char *filename;
|
||||||
char *filename_esc;
|
char *filename_esc;
|
||||||
|
|
||||||
#ifdef HAVE_W32_SYSTEM
|
|
||||||
/* On Windows systems, dirmngr always runs as system daemon, and
|
|
||||||
the per-user configuration is never used. So we short-cut
|
|
||||||
everything to use the global system configuration of dirmngr
|
|
||||||
above, and here we set the no change flag to make these
|
|
||||||
read-only. */
|
|
||||||
flags |= GC_OPT_FLAG_NO_CHANGE;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* First the configuration file. This is not an option, but it
|
/* First the configuration file. This is not an option, but it
|
||||||
is vital information for GPG Conf. */
|
is vital information for GPG Conf. */
|
||||||
if (!opt.config_filename)
|
if (!opt.config_filename)
|
||||||
@ -1375,6 +1375,7 @@ main (int argc, char **argv)
|
|||||||
es_printf ("max-replies:%lu:%u\n",
|
es_printf ("max-replies:%lu:%u\n",
|
||||||
flags | GC_OPT_FLAG_DEFAULT, DEFAULT_MAX_REPLIES);
|
flags | GC_OPT_FLAG_DEFAULT, DEFAULT_MAX_REPLIES);
|
||||||
es_printf ("allow-ocsp:%lu:\n", flags | GC_OPT_FLAG_NONE);
|
es_printf ("allow-ocsp:%lu:\n", flags | GC_OPT_FLAG_NONE);
|
||||||
|
es_printf ("allow-version-check:%lu:\n", flags | GC_OPT_FLAG_NONE);
|
||||||
es_printf ("ocsp-responder:%lu:\n", flags | GC_OPT_FLAG_NONE);
|
es_printf ("ocsp-responder:%lu:\n", flags | GC_OPT_FLAG_NONE);
|
||||||
es_printf ("ocsp-signer:%lu:\n", flags | GC_OPT_FLAG_NONE);
|
es_printf ("ocsp-signer:%lu:\n", flags | GC_OPT_FLAG_NONE);
|
||||||
|
|
||||||
@ -1723,7 +1724,7 @@ dirmngr_sighup_action (void)
|
|||||||
static void
|
static void
|
||||||
netactivity_action (void)
|
netactivity_action (void)
|
||||||
{
|
{
|
||||||
log_debug ("network activity seen\n");
|
network_activity_seen = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1782,6 +1783,7 @@ housekeeping_thread (void *arg)
|
|||||||
{
|
{
|
||||||
static int sentinel;
|
static int sentinel;
|
||||||
time_t curtime;
|
time_t curtime;
|
||||||
|
struct server_control_s ctrlbuf;
|
||||||
|
|
||||||
(void)arg;
|
(void)arg;
|
||||||
|
|
||||||
@ -1795,7 +1797,18 @@ housekeeping_thread (void *arg)
|
|||||||
if (opt.verbose > 1)
|
if (opt.verbose > 1)
|
||||||
log_info ("starting housekeeping\n");
|
log_info ("starting housekeeping\n");
|
||||||
|
|
||||||
|
memset (&ctrlbuf, 0, sizeof ctrlbuf);
|
||||||
|
dirmngr_init_default_ctrl (&ctrlbuf);
|
||||||
|
|
||||||
ks_hkp_housekeeping (curtime);
|
ks_hkp_housekeeping (curtime);
|
||||||
|
if (network_activity_seen)
|
||||||
|
{
|
||||||
|
network_activity_seen = 0;
|
||||||
|
if (opt.use_tor || opt.allow_version_check)
|
||||||
|
dirmngr_load_swdb (&ctrlbuf, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
dirmngr_deinit_default_ctrl (&ctrlbuf);
|
||||||
|
|
||||||
if (opt.verbose > 1)
|
if (opt.verbose > 1)
|
||||||
log_info ("ready with housekeeping\n");
|
log_info ("ready with housekeeping\n");
|
||||||
|
|||||||
@ -92,6 +92,7 @@ struct
|
|||||||
|
|
||||||
int running_detached; /* We are running in detached mode. */
|
int running_detached; /* We are running in detached mode. */
|
||||||
int use_tor; /* Tor mode has been enabled. */
|
int use_tor; /* Tor mode has been enabled. */
|
||||||
|
int allow_version_check; /* --allow-version-check is active. */
|
||||||
|
|
||||||
int force; /* Force loading outdated CRLs. */
|
int force; /* Force loading outdated CRLs. */
|
||||||
|
|
||||||
|
|||||||
@ -244,6 +244,15 @@ this still leaks the DNS queries; e.g. to lookup the hosts in a
|
|||||||
keyserver pool. Certain other features are disabled if this mode is
|
keyserver pool. Certain other features are disabled if this mode is
|
||||||
active.
|
active.
|
||||||
|
|
||||||
|
@item --allow-version-check
|
||||||
|
@opindex allow-version-check
|
||||||
|
Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get
|
||||||
|
the list of current software versions. If this option is enabled, or
|
||||||
|
if @option{use-tor} is active, the list is retrieved when the local
|
||||||
|
copy does not exist or is older than 5 to 7 days. See the option
|
||||||
|
@option{--query-swdb} of the command @command{gpgconf} for more
|
||||||
|
details.
|
||||||
|
|
||||||
@item --keyserver @var{name}
|
@item --keyserver @var{name}
|
||||||
@opindex keyserver
|
@opindex keyserver
|
||||||
Use @var{name} as your keyserver. This is the server that @command{gpg}
|
Use @var{name} as your keyserver. This is the server that @command{gpg}
|
||||||
|
|||||||
@ -909,11 +909,14 @@ static gc_option_t gc_options_dirmngr[] =
|
|||||||
{ "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
{ "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
||||||
"dirmngr", "force loading of outdated CRLs",
|
"dirmngr", "force loading of outdated CRLs",
|
||||||
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
|
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
|
||||||
|
{ "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
||||||
|
"dirmngr", "allow online software version check",
|
||||||
|
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
|
||||||
|
|
||||||
{ "Tor",
|
{ "Tor",
|
||||||
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
|
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
|
||||||
"gnupg", N_("Options controlling the use of Tor") },
|
"gnupg", N_("Options controlling the use of Tor") },
|
||||||
{ "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
|
{ "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
||||||
"dirmngr", "route all network traffic via TOR",
|
"dirmngr", "route all network traffic via TOR",
|
||||||
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
|
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user