mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
See ChangeLog: Wed Sep 6 14:59:09 CEST 2000 Werner Koch
This commit is contained in:
parent
74b7fe6a7e
commit
d14ecc1759
@ -1,3 +1,7 @@
|
||||
Wed Sep 6 14:59:09 CEST 2000 Werner Koch <wk@openit.de>
|
||||
|
||||
* configure.in (GNUPG_HOMEDIR): New.
|
||||
|
||||
Fri Aug 25 16:05:38 CEST 2000 Werner Koch <wk@openit.de>
|
||||
|
||||
* configure.in: Changes to allow for Solaris random device.
|
||||
|
2
NEWS
2
NEWS
@ -15,6 +15,8 @@ Noteworthy changes in the current CVS branch STABLE-BRANCH-1-0
|
||||
|
||||
* New configuration option --with-egd-socket.
|
||||
|
||||
* The --trusted-key option is back after it left us with 0.9.5
|
||||
|
||||
|
||||
Noteworthy changes in version 1.0.2 (2000-07-12)
|
||||
----------------------------------------------
|
||||
|
3
THANKS
3
THANKS
@ -30,6 +30,7 @@ Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
|
||||
Dave Dykstra dwd@bell-labs.com
|
||||
David Ellement ellement@sdd.hp.com
|
||||
David Hallinan hallinan@rtd.com
|
||||
David Mathog MATHOG@seqaxp.bio.caltech.edu
|
||||
Dimitri dmitri@advantrix.com
|
||||
Dirk Lattermann dlatt@t-online.de
|
||||
Ed Boraas ecxjo@esperanto.org
|
||||
@ -44,6 +45,7 @@ Frank Stajano frank.stajano@cl.cam.ac.uk
|
||||
Frank Tobin ftobin@uiuc.edu
|
||||
Gabriel Rosenkoetter gr@eclipsed.net
|
||||
Gaël Quéri gqueri@mail.dotcom.fr
|
||||
Giampaolo Tomassoni g.tomassoni@libero.it
|
||||
Greg Louis glouis@dynamicro.on.ca
|
||||
Greg Troxel gdt@ir.bbn.com
|
||||
Gregory Steuck steuck@iname.com
|
||||
@ -84,6 +86,7 @@ Markus Friedl Markus.Friedl@informatik.uni-erlangen.de
|
||||
Martin Kahlert martin.kahlert@provi.de
|
||||
Martin Hamilton
|
||||
Martin Schulte schulte@thp.uni-koeln.de
|
||||
Matt Kraai kraai@alumni.carnegiemellon.edu
|
||||
Matthew Skala mskala@ansuz.sooke.bc.ca
|
||||
Matthias Urlichs smurf@noris.de
|
||||
Max Valianskiy maxcom@maxcom.ml.org
|
||||
|
4
TODO
4
TODO
@ -1,5 +1,7 @@
|
||||
|
||||
* configure option to set EGD entropy socket name
|
||||
* Think more whether the setting to ultimately trusted is a good idea.!!
|
||||
|
||||
* add some minor things vor VMS.
|
||||
|
||||
* Don't get the ultimately trusted keys from the secring but store
|
||||
it permanently in the trustdb. This way we don't need a secring at all.
|
||||
|
@ -702,10 +702,16 @@ cat >g10defs.tmp <<G10EOF
|
||||
#define G10_LOCALEDIR "c:/lib/gnupg/locale"
|
||||
#define GNUPG_LIBDIR "c:/lib/gnupg"
|
||||
#define GNUPG_DATADIR "c:/lib/gnupg"
|
||||
#define GNUPG_HOMEDIR "c:/gnupg"
|
||||
#else
|
||||
#define G10_LOCALEDIR "${prefix}/${DATADIRNAME}/locale"
|
||||
#define GNUPG_LIBDIR "${libdir}/gnupg"
|
||||
#define GNUPG_DATADIR "${datadir}/gnupg"
|
||||
#ifdef __VMS
|
||||
#define GNUPG_HOMEDIR "/SYS\$LOGIN/gnupg"
|
||||
#else
|
||||
#define GNUPG_HOMEDIR "~/.gnupg"
|
||||
#endif
|
||||
#endif
|
||||
G10EOF
|
||||
if cmp -s g10defs.h g10defs.tmp 2>/dev/null; then
|
||||
|
11
doc/gpg.sgml
11
doc/gpg.sgml
@ -389,6 +389,17 @@ Sign a public key with you secret key but mark it as non-exportable.
|
||||
This is a shortcut version of the subcommand "lsign" from --edit.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--trusted-key <parameter>long key ID</parameter></term>
|
||||
<listitem><para>
|
||||
Assume that the specified key (which must be given
|
||||
as a full 8 byte key ID) is as trustworthy as one of
|
||||
your own secret keys. This option is useful if you
|
||||
don't want to keep your secret keys (or one of them)
|
||||
online but still be able to check the validity of a given
|
||||
recipient's or signator's key.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--delete-key &ParmName;</term>
|
||||
<listitem><para>
|
||||
|
@ -1,3 +1,16 @@
|
||||
Wed Sep 6 14:59:09 CEST 2000 Werner Koch <wk@openit.de>
|
||||
|
||||
* passphrase.c (hash_passphrase): Removed funny assert. Reported by
|
||||
David Mathog.
|
||||
|
||||
* openfile.c (try_make_homedir): Changes for non-Posix systems.
|
||||
* g10.c (main): Take the default homedir from macro.
|
||||
|
||||
* g10.c: The --trusted-key option is back.
|
||||
* trustdb.c (verify_own_key): Handle this option.
|
||||
(add_ultimate_key): Moved stuff from verify_own_key to this new func.
|
||||
(register_trusted_key): New.
|
||||
|
||||
Fri Aug 25 16:05:38 CEST 2000 Werner Koch <wk@openit.de>
|
||||
|
||||
* parse-packet.c (dump_sig_subpkt): Print info about the ARR.
|
||||
|
@ -195,6 +195,7 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
oNoAutoKeyRetrieve,
|
||||
oMergeOnly,
|
||||
oTryAllSecrets,
|
||||
oTrustedKey,
|
||||
oEmu3DESS2KBug, /* will be removed in 1.1 */
|
||||
oEmuMDEncodeBug,
|
||||
aTest };
|
||||
@ -295,6 +296,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oCompletesNeeded, "completes-needed", 1, "@"},
|
||||
{ oMarginalsNeeded, "marginals-needed", 1, "@"},
|
||||
{ oMaxCertDepth, "max-cert-depth", 1, "@" },
|
||||
{ oTrustedKey, "trusted-key", 2, N_("|KEYID|ulimately trust this key")},
|
||||
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
|
||||
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
|
||||
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
|
||||
@ -635,11 +637,7 @@ main( int argc, char **argv )
|
||||
opt.homedir = getenv("GNUPGHOME");
|
||||
#endif
|
||||
if( !opt.homedir || !*opt.homedir ) {
|
||||
#ifdef HAVE_DRIVE_LETTERS
|
||||
opt.homedir = "c:/gnupg";
|
||||
#else
|
||||
opt.homedir = "~/.gnupg";
|
||||
#endif
|
||||
opt.homedir = GNUPG_HOMEDIR;
|
||||
}
|
||||
|
||||
/* check whether we have a config file on the commandline */
|
||||
@ -937,6 +935,7 @@ main( int argc, char **argv )
|
||||
break;
|
||||
case oMergeOnly: opt.merge_only = 1; break;
|
||||
case oTryAllSecrets: opt.try_all_secrets = 1; break;
|
||||
case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
|
||||
|
||||
default : pargs.err = configfp? 1:2; break;
|
||||
}
|
||||
|
@ -316,10 +316,24 @@ copy_options_file( const char *destdir )
|
||||
void
|
||||
try_make_homedir( const char *fname )
|
||||
{
|
||||
const char *defhome = GNUPG_HOMEDIR;
|
||||
|
||||
/* Create the directory only if the supplied directory name
|
||||
* is the same as the default one. This way we avoid to create
|
||||
* arbitrary directories when a non-default homedirectory is used.
|
||||
* To cope with HOME, we do compare only the suffix if we see that
|
||||
* the default homedir does start with a tilde.
|
||||
*/
|
||||
if( opt.dry_run )
|
||||
return;
|
||||
if( strlen(fname) >= 7
|
||||
&& !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) {
|
||||
|
||||
if ( ( *defhome == '~'
|
||||
&& ( strlen(fname) >= strlen (defhome+1)
|
||||
&& !strcmp(fname+strlen(defhome+1)-strlen(defhome+1),
|
||||
defhome+1 ) ))
|
||||
|| ( *defhome != '~'
|
||||
&& !compare_filenames( fname, defhome ) )
|
||||
) {
|
||||
if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) )
|
||||
log_fatal( _("%s: can't create directory: %s\n"),
|
||||
fname, strerror(errno) );
|
||||
|
@ -279,7 +279,6 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
|
||||
else {
|
||||
md_write( md, s2k->salt, 8 );
|
||||
count -= 8;
|
||||
assert( count >= 0 );
|
||||
md_write( md, pw, count );
|
||||
}
|
||||
}
|
||||
|
118
g10/trustdb.c
118
g10/trustdb.c
@ -109,6 +109,7 @@ static TN used_tns;
|
||||
static int alloced_tns;
|
||||
static int max_alloced_tns;
|
||||
|
||||
static struct keyid_list *trusted_key_list;
|
||||
|
||||
static LOCAL_ID_TABLE new_lid_table(void);
|
||||
static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag );
|
||||
@ -463,6 +464,63 @@ lid_from_keyid_no_sdir( u32 *keyid )
|
||||
************* Initialization ****************
|
||||
***********************************************/
|
||||
|
||||
void
|
||||
register_trusted_key( const char *string )
|
||||
{
|
||||
u32 keyid[2];
|
||||
struct keyid_list *r;
|
||||
|
||||
if( classify_user_id( string, keyid, NULL, NULL, NULL ) != 11 ) {
|
||||
log_error(_("'%s' is not a valid long keyID\n"), string );
|
||||
return;
|
||||
}
|
||||
|
||||
for( r = trusted_key_list; r; r = r->next )
|
||||
if( r->keyid[0] == keyid[0] && r->keyid[1] == keyid[1] )
|
||||
return;
|
||||
r = m_alloc( sizeof *r );
|
||||
r->keyid[0] = keyid[0];
|
||||
r->keyid[1] = keyid[1];
|
||||
r->next = trusted_key_list;
|
||||
trusted_key_list = r;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
add_ultimate_key( PKT_public_key *pk, u32 *keyid )
|
||||
{
|
||||
int rc;
|
||||
|
||||
/* first make sure that the pubkey is in the trustdb */
|
||||
rc = query_trust_record( pk );
|
||||
if( rc == -1 && opt.dry_run )
|
||||
return;
|
||||
if( rc == -1 ) { /* put it into the trustdb */
|
||||
rc = insert_trust_record_by_pk( pk );
|
||||
if( rc ) {
|
||||
log_error(_("key %08lX: can't put it into the trustdb\n"),
|
||||
(ulong)keyid[1] );
|
||||
return;
|
||||
}
|
||||
}
|
||||
else if( rc ) {
|
||||
log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] );
|
||||
return;
|
||||
}
|
||||
|
||||
if( DBG_TRUST )
|
||||
log_debug("key %08lX.%lu: stored into ultikey_table\n",
|
||||
(ulong)keyid[1], pk->local_id );
|
||||
|
||||
if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
|
||||
log_error(_("key %08lX: already in trusted key table\n"),
|
||||
(ulong)keyid[1]);
|
||||
else if( opt.verbose > 1 )
|
||||
log_info(_("key %08lX: accepted as trusted key.\n"),
|
||||
(ulong)keyid[1]);
|
||||
|
||||
}
|
||||
|
||||
/****************
|
||||
* Verify that all our public keys are in the trustdb.
|
||||
*/
|
||||
@ -474,7 +532,27 @@ verify_own_keys(void)
|
||||
PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
|
||||
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
|
||||
u32 keyid[2];
|
||||
struct keyid_list *kl;
|
||||
|
||||
|
||||
/* put the trusted keys into the ultikey table */
|
||||
for( kl = trusted_key_list; kl; kl = kl->next ) {
|
||||
keyid[0] = kl->keyid[0];
|
||||
keyid[1] = kl->keyid[1];
|
||||
/* get the public key */
|
||||
memset( pk, 0, sizeof *pk );
|
||||
rc = get_pubkey( pk, keyid );
|
||||
if( rc ) {
|
||||
log_info(_("key %08lX: no public key for trusted key - skipped\n"),
|
||||
(ulong)keyid[1] );
|
||||
}
|
||||
else {
|
||||
add_ultimate_key( pk, keyid );
|
||||
release_public_key_parts( pk );
|
||||
}
|
||||
}
|
||||
|
||||
/* And now add all secret keys to the ultikey table */
|
||||
while( !(rc=enum_secret_keys( &enum_context, sk, 0 ) ) ) {
|
||||
int have_pk = 0;
|
||||
|
||||
@ -487,6 +565,10 @@ verify_own_keys(void)
|
||||
log_info(_("NOTE: secret key %08lX is NOT protected.\n"),
|
||||
(ulong)keyid[1] );
|
||||
|
||||
for( kl = trusted_key_list; kl; kl = kl->next ) {
|
||||
if( kl->keyid[0] == keyid[0] && kl->keyid[1] == keyid[1] )
|
||||
goto skip; /* already in trusted key table */
|
||||
}
|
||||
|
||||
/* see whether we can access the public key of this secret key */
|
||||
memset( pk, 0, sizeof *pk );
|
||||
@ -504,33 +586,8 @@ verify_own_keys(void)
|
||||
goto skip;
|
||||
}
|
||||
|
||||
/* make sure that the pubkey is in the trustdb */
|
||||
rc = query_trust_record( pk );
|
||||
if( rc == -1 && opt.dry_run )
|
||||
goto skip;
|
||||
if( rc == -1 ) { /* put it into the trustdb */
|
||||
rc = insert_trust_record_by_pk( pk );
|
||||
if( rc ) {
|
||||
log_error(_("key %08lX: can't put it into the trustdb\n"),
|
||||
(ulong)keyid[1] );
|
||||
goto skip;
|
||||
}
|
||||
}
|
||||
else if( rc ) {
|
||||
log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] );
|
||||
goto skip;
|
||||
add_ultimate_key( pk, keyid );
|
||||
|
||||
}
|
||||
|
||||
if( DBG_TRUST )
|
||||
log_debug("key %08lX.%lu: stored into ultikey_table\n",
|
||||
(ulong)keyid[1], pk->local_id );
|
||||
if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
|
||||
log_error(_("key %08lX: already in trusted key table\n"),
|
||||
(ulong)keyid[1]);
|
||||
else if( opt.verbose > 1 )
|
||||
log_info(_("key %08lX: accepted as trusted key.\n"),
|
||||
(ulong)keyid[1]);
|
||||
skip:
|
||||
release_secret_key_parts( sk );
|
||||
if( have_pk )
|
||||
@ -541,6 +598,15 @@ verify_own_keys(void)
|
||||
else
|
||||
rc = 0;
|
||||
|
||||
/* release the trusted keyid table */
|
||||
{ struct keyid_list *kl2;
|
||||
for( kl = trusted_key_list; kl; kl = kl2 ) {
|
||||
kl2 = kl->next;
|
||||
m_free( kl );
|
||||
}
|
||||
trusted_key_list = NULL;
|
||||
}
|
||||
|
||||
enum_secret_keys( &enum_context, NULL, 0 ); /* free context */
|
||||
free_secret_key( sk );
|
||||
free_public_key( pk );
|
||||
|
@ -1,3 +1,11 @@
|
||||
Wed Sep 6 14:59:09 CEST 2000 Werner Koch <wk@openit.de>
|
||||
|
||||
* secmem.c (secmem_realloc): check for failed secmem_malloc. By
|
||||
Matt Kraai.
|
||||
|
||||
* strgutil.c (utf8_to_native): Fixed null ptr problem. By
|
||||
Giampaolo Tomassoni.
|
||||
|
||||
Thu Jul 27 10:02:38 CEST 2000 Werner Koch <wk@openit.de>
|
||||
|
||||
* iobuf.c: Use setmode() at several places to set stdin and stdout
|
||||
|
@ -347,9 +347,11 @@ secmem_realloc( void *p, size_t newsize )
|
||||
if( newsize < size )
|
||||
return p; /* it is easier not to shrink the memory */
|
||||
a = secmem_malloc( newsize );
|
||||
if ( a ) {
|
||||
memcpy(a, p, size);
|
||||
memset((char*)a+size, 0, newsize-size);
|
||||
secmem_free(p);
|
||||
}
|
||||
return a;
|
||||
}
|
||||
|
||||
|
@ -424,6 +424,7 @@ utf8_to_native( const char *string, size_t length )
|
||||
case 0 : n++; if( p ) *p++ = '0'; break;
|
||||
default: n += 3;
|
||||
sprintf( p, "x%02x", *s );
|
||||
if ( p )
|
||||
p += 3;
|
||||
break;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user