diff --git a/doc/gpg.texi b/doc/gpg.texi index 26179bd77..8ea819926 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -906,6 +906,24 @@ Signs a public key with your secret key but marks it as non-exportable. This is a shortcut version of the subcommand "lsign" from @option{--edit-key}. +@ifset gpgtwoone +@item --quick-sign-key @code{fpr} [@code{names}] +@itemx --quick-lsign-key @code{name} +@opindex quick-sign-key +@opindex quick-lsign-key +Directly sign a key from the passphrase without any further user +interaction. The @code{fpr} must be the verified primary fingerprint +of a key in the local keyring. If no @code{names} are given, all +useful user ids are signed; with given [@code{names}] only useful user +ids matching one of theses names are signed. The command +@option{--quick-lsign-key} marks the signatures as non-exportable. + +This command uses reasonable defaults and thus does not provide the +full flexibility of the "sign" subcommand from @option{--edit-key}. +Its intended use to help unattended signing using a list of verified +fingerprints. +@end ifset + @ifclear gpgone @item --passwd @var{user_id} @opindex passwd @@ -1177,7 +1195,7 @@ for the key fingerprint, "%t" for the extension of the image type (e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"), "%v" for the single-character calculated validity of the image being viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g. -"full"), +"full"), "%U" for a base32 encoded hash of the user ID, and "%%" for an actual percent sign. If neither %i or %I are present, then the photo will be supplied to the viewer on standard input. @@ -1431,7 +1449,9 @@ Set what trust model GnuPG should follow. The models are: trusted. You generally won't use this unless you are using some external validation scheme. This option also suppresses the "[uncertain]" tag printed with signature checks when there is no - evidence that the user ID is bound to the key. + evidence that the user ID is bound to the key. Note that this + trust model still does not allow the use of expired, revoked, or + disabled keys. @item auto @opindex trust-mode:auto @@ -1482,6 +1502,10 @@ mechanisms, in the order they are to be tried: position of this mechanism in the list does not matter. It is not required if @code{local} is also used. + @item clear + Clear all defined mechanisms. This is useful to override + mechanisms given in a config file. + @end table @item --keyid-format @code{short|0xshort|long|0xlong} @@ -1606,16 +1630,29 @@ are available for all keyserver types, some common options are: program uses internally (libcurl, openldap, etc). @item check-cert +@ifset gpgtwoone + This option has no more function since GnuPG 2.1. Use the + @code{dirmngr} configuration options instead. +@end ifset +@ifclear gpgtwoone Enable certificate checking if the keyserver presents one (for hkps or ldaps). Defaults to on. +@end ifclear @item ca-cert-file +@ifset gpgtwoone + This option has no more function since GnuPG 2.1. Use the + @code{dirmngr} configuration options instead. +@end ifset +@ifclear gpgtwoone Provide a certificate store to override the system default. Only necessary if check-cert is enabled, and the keyserver is using a certificate that is not present in a system default certificate list. Note that depending on the SSL library that the keyserver helper is built with, this may actually be a directory or a file. +@end ifclear + @end table @item --completes-needed @code{n} @@ -1696,6 +1733,25 @@ been given. Given that this option is not anymore used by @command{gpg2}, it should be avoided if possible. @end ifset + +@ifclear gpgone +@item --agent-program @var{file} +@opindex agent-program +Specify an agent program to be used for secret key operations. The +default value is the @file{/usr/bin/gpg-agent}. This is only used +as a fallback when the environment variable @code{GPG_AGENT_INFO} is not +set or a running agent cannot be connected. +@end ifclear + +@ifset gpgtwoone +@item --dirmngr-program @var{file} +@opindex dirmngr-program +Specify a dirmngr program to be used for keyserver access. The +default value is @file{/usr/sbin/dirmngr}. This is only used as a +fallback when the environment variable @code{DIRMNGR_INFO} is not set or +a running dirmngr cannot be connected. +@end ifset + @item --lock-once @opindex lock-once Lock the databases the first time a lock is requested @@ -2053,6 +2109,15 @@ Since GnuPG 2.0.10, this mode is always used and thus this option is obsolete; it does not harm to use it though. @end ifclear +@ifset gpgtwoone +@item --legacy-list-mode +@opindex legacy-list-mode +Revert to the pre-2.1 public key list mode. This only affects the +human readable output and not the machine interface +(i.e. @code{--with-colons}). Note that the legacy format does not +allow to convey suitable information for elliptic curves. +@end ifset + @item --with-fingerprint @opindex with-fingerprint Same as the command @option{--fingerprint} but changes only the format @@ -2062,6 +2127,12 @@ of the output and may be used together with another command. @item --with-keygrip @opindex with-keygrip Include the keygrip in the key listings. + +@item --with-secret +@opindex with-secret +Include info about the presence of a secret key in public key listings +done with @code{--with-colons}. + @end ifset @end table @@ -2244,9 +2315,13 @@ a message that PGP 2.x will not be able to handle. Note that `PGP available, but the MIT release is a good common baseline. This option implies @option{--rfc1991 --disable-mdc ---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo -IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables -@option{--textmode} when encrypting. +--no-force-v4-certs --escape-from-lines --force-v3-sigs +@ifclear gpgone +--allow-weak-digest-algos +@end ifclear +--cipher-algo IDEA --digest-algo +MD5--compress-algo ZIP}. It also disables @option{--textmode} when +encrypting. @item --pgp6 @opindex pgp6 @@ -2702,6 +2777,14 @@ necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. +@ifclear gpgone +@item --allow-weak-digest-algos +@opindex allow-weak-digest-algos +Signatures made with the broken MD5 algorithm are normally rejected +with an ``invalid digest algorithm'' message. This option allows the +verification of signatures made with such weak algorithms. +@end ifclear + @item --no-default-keyring @opindex no-default-keyring Do not add the default keyrings to the list of keyrings. Note that @@ -2963,18 +3046,33 @@ files; They all live in in the current home directory (@pxref{option @table @file - @item ~/.gnupg/secring.gpg - The secret keyring. You should backup this file. - - @item ~/.gnupg/secring.gpg.lock - The lock file for the secret keyring. - @item ~/.gnupg/pubring.gpg The public keyring. You should backup this file. @item ~/.gnupg/pubring.gpg.lock The lock file for the public keyring. +@ifset gpgtwoone + @item ~/.gnupg/pubring.kbx + The public keyring using a different format. This file is sharred + with @command{gpgsm}. You should backup this file. + + @item ~/.gnupg/pubring.kbx.lock + The lock file for @file{pubring.kbx}. +@end ifset + + @item ~/.gnupg/secring.gpg +@ifclear gpgtwoone + The secret keyring. You should backup this file. +@end ifclear +@ifset gpgtwoone + A secret keyring as used by GnuPG versions before 2.1. It is not + used by GnuPG 2.1 and later. + + @item ~/.gnupg/.gpg-v21-migrated + File indicating that a migration to GnuPG 2.1 has taken place. +@end ifset + @item ~/.gnupg/trustdb.gpg The trust database. There is no need to backup this file; it is better to backup the ownertrust values (@pxref{option --export-ownertrust}). @@ -2985,6 +3083,9 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/random_seed A file used to preserve the state of the internal random pool. + @item ~/.gnupg/secring.gpg.lock + The lock file for the secret keyring. + @item /usr[/local]/share/gnupg/options.skel The skeleton options file. diff --git a/doc/yat2m.c b/doc/yat2m.c index 5dc81bf59..2ac43902a 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005 g10 Code GmbH + * Copyright (C) 2005, 2013 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ */ /* - This is a simple textinfo to man page converter. It needs some + This is a simple texinfo to man page converter. It needs some special markup in th e texinfo and tries best to get a create man page. It has been designed for the GnuPG man pages and thus only a few texinfo commands are supported. @@ -107,6 +107,9 @@ character. */ #define LINESIZE 1024 +/* Number of allowed condition nestings. */ +#define MAX_CONDITION_NESTING 10 + /* Option flags. */ static int verbose; static int quiet; @@ -117,10 +120,6 @@ static const char *opt_select; static const char *opt_include; static int opt_store; -/* The only define we understand is -D gpgone. Thus we need a simple - boolean tro track it. */ -static int gpgone_defined; - /* Flag to keep track whether any error occurred. */ static int any_error; @@ -129,7 +128,7 @@ static int any_error; struct macro_s { struct macro_s *next; - char *value; /* Malloced value. */ + char *value; /* Malloced value. */ char name[1]; }; typedef struct macro_s *macro_t; @@ -137,6 +136,24 @@ typedef struct macro_s *macro_t; /* List of all defined macros. */ static macro_t macrolist; +/* List of global macro names. The value part is not used. */ +static macro_t predefinedmacrolist; + +/* Object to keep track of @isset and @ifclear. */ +struct condition_s +{ + int manverb; /* "manverb" needs special treatment. */ + int isset; /* This is an @isset condition. */ + char name[1]; /* Name of the condition macro. */ +}; +typedef struct condition_s *condition_t; + +/* The stack used to evaluate conditions. And the current states. */ +static condition_t condition_stack[MAX_CONDITION_NESTING]; +static int condition_stack_idx; +static int cond_is_active; /* State of ifset/ifclear */ +static int cond_in_verbatim; /* State of "manverb". */ + /* Object to store one line of content. */ struct line_buffer_s @@ -313,7 +330,158 @@ isodatestring (void) } +/* Add NAME to the list of predefined macros which are global for all + files. */ +static void +add_predefined_macro (const char *name) +{ + macro_t m; + for (m=predefinedmacrolist; m; m = m->next) + if (!strcmp (m->name, name)) + break; + if (!m) + { + m = xcalloc (1, sizeof *m + strlen (name)); + strcpy (m->name, name); + m->next = predefinedmacrolist; + predefinedmacrolist = m; + } +} + + +/* Create or update a macro with name MACRONAME and set its values TO + MACROVALUE. Note that ownership of the macro value is transferred + to this function. */ +static void +set_macro (const char *macroname, char *macrovalue) +{ + macro_t m; + + for (m=macrolist; m; m = m->next) + if (!strcmp (m->name, macroname)) + break; + if (m) + free (m->value); + else + { + m = xcalloc (1, sizeof *m + strlen (macroname)); + strcpy (m->name, macroname); + m->next = macrolist; + macrolist = m; + } + m->value = macrovalue; + macrovalue = NULL; +} + + +/* Return true if the macro NAME is set, i.e. not the empty string and + not evaluating to 0. */ +static int +macro_set_p (const char *name) +{ + macro_t m; + + for (m = macrolist; m ; m = m->next) + if (!strcmp (m->name, name)) + break; + if (!m || !m->value || !*m->value) + return 0; + if ((*m->value & 0x80) || !isdigit (*m->value)) + return 1; /* Not a digit but some other string. */ + return !!atoi (m->value); +} + + +/* Evaluate the current conditions. */ +static void +evaluate_conditions (const char *fname, int lnr) +{ + int i; + + /* for (i=0; i < condition_stack_idx; i++) */ + /* inf ("%s:%d: stack[%d] %s %s %c", */ + /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */ + /* condition_stack[i]->name, */ + /* (macro_set_p (condition_stack[i]->name) */ + /* ^ !condition_stack[i]->isset)? 't':'f'); */ + + cond_is_active = 1; + cond_in_verbatim = 0; + if (condition_stack_idx) + { + for (i=0; i < condition_stack_idx; i++) + { + if (condition_stack[i]->manverb) + cond_in_verbatim = (macro_set_p (condition_stack[i]->name) + ^ !condition_stack[i]->isset); + else if (!(macro_set_p (condition_stack[i]->name) + ^ !condition_stack[i]->isset)) + { + cond_is_active = 0; + break; + } + } + } + + /* inf ("%s:%d: active=%d verbatim=%d", */ + /* fname, lnr, cond_is_active, cond_in_verbatim); */ +} + + +/* Push a condition with condition macro NAME onto the stack. If + ISSET is true, a @isset condition is pushed. */ +static void +push_condition (const char *name, int isset, const char *fname, int lnr) +{ + condition_t cond; + int manverb = 0; + + if (condition_stack_idx >= MAX_CONDITION_NESTING) + { + err ("%s:%d: condition nested too deep", fname, lnr); + return; + } + + if (!strcmp (name, "manverb")) + { + if (!isset) + { + err ("%s:%d: using \"@ifclear manverb\" is not allowed", fname, lnr); + return; + } + manverb = 1; + } + + cond = xcalloc (1, sizeof *cond + strlen (name)); + cond->manverb = manverb; + cond->isset = isset; + strcpy (cond->name, name); + + condition_stack[condition_stack_idx++] = cond; + evaluate_conditions (fname, lnr); +} + + +/* Remove the last condition from the stack. ISSET is used for error + reporting. */ +static void +pop_condition (int isset, const char *fname, int lnr) +{ + if (!condition_stack_idx) + { + err ("%s:%d: unbalanced \"@end %s\"", + fname, lnr, isset?"isset":"isclear"); + return; + } + condition_stack_idx--; + free (condition_stack[condition_stack_idx]); + condition_stack[condition_stack_idx] = NULL; + evaluate_conditions (fname, lnr); +} + + + /* Return a section buffer for the section NAME. Allocate a new buffer if this is a new section. Keep track of the sections in THEPAGE. This function may reallocate the section array in THEPAGE. */ @@ -862,14 +1030,8 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) int lnr = 0; /* Fixme: The following state variables don't carry over to include files. */ - int in_verbatim = 0; int skip_to_end = 0; /* Used to skip over menu entries. */ int skip_sect_line = 0; /* Skip after @mansect. */ - int ifset_nesting = 0; /* How often a ifset has been seen. */ - int ifclear_nesting = 0; /* How often a ifclear has been seen. */ - int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */ - int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */ - int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */ int item_indent = 0; /* How far is the current @item indented. */ /* Helper to define a macro. */ @@ -883,7 +1045,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) { size_t n = strlen (line); int got_line = 0; - char *p; + char *p, *pend; lnr++; if (!n || line[n-1] != '\n') @@ -930,26 +1092,12 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "macro", 5) && (p[5]==' '||p[5]=='\t'||!p[5])) { - macro_t m; - if (macrovalueused) macrovalue[--macrovalueused] = 0; /* Kill the last LF. */ macrovalue[macrovalueused] = 0; /* Terminate macro. */ macrovalue = xrealloc (macrovalue, macrovalueused+1); - for (m= macrolist; m; m = m->next) - if (!strcmp (m->name, macroname)) - break; - if (m) - free (m->value); - else - { - m = xcalloc (1, sizeof *m + strlen (macroname)); - strcpy (m->name, macroname); - m->next = macrolist; - macrolist = m; - } - m->value = macrovalue; + set_macro (macroname, macrovalue); macrovalue = NULL; free (macroname); macroname = NULL; @@ -997,23 +1145,33 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) if (n == 6 && !memcmp (line, "@ifset", 6) && (line[6]==' '||line[6]=='\t')) { - ifset_nesting++; - - if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7])) + for (p=line+7; *p == ' ' || *p == '\t'; p++) + ; + if (!*p) { - if (in_verbatim) - err ("%s:%d: nested \"@ifset manverb\"", fname, lnr); - else - in_verbatim = ifset_nesting; + err ("%s:%d: name missing after \"@ifset\"", fname, lnr); + continue; } - else if (!strncmp (p, "gpgone", 6) - && (p[6]==' '||p[6]=='\t'||!p[6])) + for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++) + ; + *pend = 0; /* Ignore rest of the line. */ + push_condition (p, 1, fname, lnr); + continue; + } + else if (n == 8 && !memcmp (line, "@ifclear", 8) + && (line[8]==' '||line[8]=='\t')) + { + for (p=line+9; *p == ' ' || *p == '\t'; p++) + ; + if (!*p) { - if (in_gpgone) - err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr); - else - in_gpgone = ifset_nesting; + err ("%s:%d: name missing after \"@ifsclear\"", fname, lnr); + continue; } + for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++) + ; + *pend = 0; /* Ignore rest of the line. */ + push_condition (p, 0, fname, lnr); continue; } else if (n == 4 && !memcmp (line, "@end", 4) @@ -1021,40 +1179,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "ifset", 5) && (p[5]==' '||p[5]=='\t'||!p[5])) { - if (in_verbatim && ifset_nesting == in_verbatim) - in_verbatim = 0; - if (in_gpgone && ifset_nesting == in_gpgone) - in_gpgone = 0; - - if (ifset_nesting) - ifset_nesting--; - else - err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr); - continue; - } - else if (n == 8 && !memcmp (line, "@ifclear", 8) - && (line[8]==' '||line[8]=='\t')) - { - ifclear_nesting++; - - if (!strncmp (p, "gpgone", 6) - && (p[6]==' '||p[6]=='\t'||!p[6])) - { - if (not_in_gpgone) - err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr); - else - not_in_gpgone = ifclear_nesting; - } - - else if (!strncmp (p, "isman", 5) - && (p[5]==' '||p[5]=='\t'||!p[5])) - { - if (not_in_man) - err ("%s:%d: nested \"@ifclear isman\"", fname, lnr); - else - not_in_man = ifclear_nesting; - } - + pop_condition (1, fname, lnr); continue; } else if (n == 4 && !memcmp (line, "@end", 4) @@ -1062,23 +1187,13 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "ifclear", 7) && (p[7]==' '||p[7]=='\t'||!p[7])) { - if (not_in_gpgone && ifclear_nesting == not_in_gpgone) - not_in_gpgone = 0; - if (not_in_man && ifclear_nesting == not_in_man) - not_in_man = 0; - - if (ifclear_nesting) - ifclear_nesting--; - else - err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr); + pop_condition (0, fname, lnr); continue; } } /* Take action on ifset/ifclear. */ - if ( (in_gpgone && !gpgone_defined) - || (not_in_gpgone && gpgone_defined) - || not_in_man) + if (!cond_is_active) continue; /* Process commands. */ @@ -1090,7 +1205,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) { skip_to_end = 0; } - else if (in_verbatim) + else if (cond_in_verbatim) { got_line = 1; } @@ -1182,7 +1297,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) else if (!skip_to_end) got_line = 1; - if (got_line && in_verbatim) + if (got_line && cond_in_verbatim) add_content (*section_name, line, 1); else if (got_line && thepage.name && *section_name && !in_pause) add_content (*section_name, line, 0); @@ -1201,6 +1316,8 @@ top_parse_file (const char *fname, FILE *fp) { char *section_name = NULL; /* Name of the current section or NULL if not in a section. */ + macro_t m; + while (macrolist) { macro_t next = macrolist->next; @@ -1208,6 +1325,10 @@ top_parse_file (const char *fname, FILE *fp) free (macrolist); macrolist = next; } + for (m=predefinedmacrolist; m; m = m->next) + set_macro (m->name, xstrdup ("1")); + cond_is_active = 1; + cond_in_verbatim = 0; parse_file (fname, fp, §ion_name, 0); free (section_name); @@ -1223,6 +1344,12 @@ main (int argc, char **argv) opt_source = "GNU"; opt_release = ""; + /* Define default macros. The trick is that these macros are not + defined when using the actual texinfo renderer. */ + add_predefined_macro ("isman"); + add_predefined_macro ("manverb"); + + /* Option parsing. */ if (argc) { argc--; argv++; @@ -1327,8 +1454,7 @@ main (int argc, char **argv) argc--; argv++; if (argc) { - if (!strcmp (*argv, "gpgone")) - gpgone_defined = 1; + add_predefined_macro (*argv); argc--; argv++; } }