mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Update sub-options of --keyserver-options
* g10/options.h (KEYSERVER_HTTP_PROXY): New. (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove. (KEYSERVER_TIMEOUT): New. * common/keyserver.h (KEYSERVER_TIMEOUT): Remove. * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files" and "keep-temp-files". Add "http-proxy" and "timeout". (parse_keyserver_options): Remove 1.2 compatibility option "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files" code. -- Note that many of these options where implicitly used by passing any unknown option down to the former keyserver helpers. The don't exist anymore thus we need to make them explicit. Another patch will convey them to dirmngr. Temp files are not anymore used thus they can be removed and will be ignored when used. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
62b2cee85f
commit
da1990bac7
@ -34,7 +34,6 @@
|
||||
#define KEYSERVER_KEY_EXISTS 7 /* key already exists */
|
||||
#define KEYSERVER_KEY_INCOMPLETE 8 /* key incomplete (EOF) */
|
||||
#define KEYSERVER_UNREACHABLE 9 /* unable to contact keyserver */
|
||||
#define KEYSERVER_TIMEOUT 10 /* timeout while accessing keyserver */
|
||||
|
||||
/* Must be 127 due to shell internal magic. */
|
||||
#define KEYSERVER_SCHEME_NOT_FOUND 127
|
||||
|
@ -269,7 +269,7 @@ value to access HTTP servers.
|
||||
@item --http-proxy @var{host}[:@var{port}]
|
||||
@opindex http-proxy
|
||||
Use @var{host} and @var{port} to access HTTP servers. The use of this
|
||||
options overrides the environment variable @env{http_proxy} regardless
|
||||
option overrides the environment variable @env{http_proxy} regardless
|
||||
whether @option{--honor-http-proxy} has been set.
|
||||
|
||||
|
||||
|
36
doc/gpg.texi
36
doc/gpg.texi
@ -1545,7 +1545,7 @@ need to send keys to more than one server. The keyserver
|
||||
@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
|
||||
keyserver each time you use it.
|
||||
|
||||
@item --keyserver-options @code{name=value1 }
|
||||
@item --keyserver-options @code{name=value}
|
||||
@opindex keyserver-options
|
||||
This is a space or comma delimited string that gives options for the
|
||||
keyserver. Options can be prefixed with a `no-' to give the opposite
|
||||
@ -1598,20 +1598,20 @@ are available for all keyserver types, some common options are:
|
||||
this option is not used with HKP keyservers, as they do not support
|
||||
retrieving keys by subkey id.
|
||||
|
||||
@ifclear gpgtwoone
|
||||
@item use-temp-files
|
||||
On most Unix-like platforms, GnuPG communicates with the keyserver
|
||||
helper program via pipes, which is the most efficient method. This
|
||||
option forces GnuPG to use temporary files to communicate. On some
|
||||
platforms (such as Win32 and RISC OS), this option is always enabled.
|
||||
@end ifclear
|
||||
|
||||
@ifclear gpgtwoone
|
||||
@item keep-temp-files
|
||||
If using `use-temp-files', do not delete the temp files after using
|
||||
them. This option is useful to learn the keyserver communication
|
||||
protocol by reading the temporary files.
|
||||
|
||||
@item verbose
|
||||
Tell the keyserver helper program to be more verbose. This option can
|
||||
be repeated multiple times to increase the verbosity level.
|
||||
@end ifclear
|
||||
|
||||
@item timeout
|
||||
Tell the keyserver helper program how long (in seconds) to try and
|
||||
@ -1622,9 +1622,13 @@ are available for all keyserver types, some common options are:
|
||||
@option{--recv-keys} command as a whole. Defaults to 30 seconds.
|
||||
|
||||
@item http-proxy=@code{value}
|
||||
Set the proxy to use for HTTP and HKP keyservers. This overrides the
|
||||
"http_proxy" environment variable, if any.
|
||||
|
||||
Set the proxy to use for HTTP and HKP keyservers.
|
||||
@ifset gpgtwoone
|
||||
This overrides any proxy defined in @file{dirmngr.conf}.
|
||||
@end ifset
|
||||
@ifclear gpgtwoone
|
||||
This overrides the "http_proxy" environment variable, if any.
|
||||
@end ifclear
|
||||
|
||||
@ifclear gpgtwoone
|
||||
@item max-cert-size
|
||||
@ -1632,11 +1636,27 @@ are available for all keyserver types, some common options are:
|
||||
Defaults to 16384 bytes.
|
||||
@end ifclear
|
||||
|
||||
@item verbose
|
||||
@ifset gpgtwoone
|
||||
This option has no more function since GnuPG 2.1. Use the
|
||||
@code{dirmngr} configuration options instead.
|
||||
@end ifset
|
||||
@ifclear gpgtwoone
|
||||
Tell the keyserver helper program to be more verbose. This option can
|
||||
be repeated multiple times to increase the verbosity level.
|
||||
@end ifclear
|
||||
|
||||
@item debug
|
||||
@ifset gpgtwoone
|
||||
This option has no more function since GnuPG 2.1. Use the
|
||||
@code{dirmngr} configuration options instead.
|
||||
@end ifset
|
||||
@ifclear gpgtwoone
|
||||
Turn on debug output in the keyserver helper program. Note that the
|
||||
details of debug output depends on which keyserver helper program is
|
||||
being used, and in turn, on any libraries that the keyserver helper
|
||||
program uses internally (libcurl, openldap, etc).
|
||||
@end ifclear
|
||||
|
||||
@item check-cert
|
||||
@ifset gpgtwoone
|
||||
|
@ -91,13 +91,14 @@ static struct parse_options keyserver_opts[]=
|
||||
{
|
||||
/* some of these options are not real - just for the help
|
||||
message */
|
||||
{"max-cert-size",0,NULL,NULL},
|
||||
{"max-cert-size",0,NULL,NULL}, /* MUST be the first in this array! */
|
||||
|
||||
{"include-revoked",0,NULL,N_("include revoked keys in search results")},
|
||||
{"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
|
||||
{"use-temp-files",0,NULL,
|
||||
N_("use temporary files to pass data to keyserver helpers")},
|
||||
{"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL,
|
||||
N_("do not delete temporary files after using them")},
|
||||
{"http-proxy", KEYSERVER_HTTP_PROXY, NULL,
|
||||
N_("override proxy options set for dirmngr")},
|
||||
{"timeout", KEYSERVER_TIMEOUT, NULL,
|
||||
N_("override timeout options set for dirmngr")},
|
||||
{"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
|
||||
NULL},
|
||||
{"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
|
||||
@ -155,37 +156,13 @@ parse_keyserver_options(char *options)
|
||||
if(tok[0]=='\0')
|
||||
continue;
|
||||
|
||||
/* For backwards compatibility. 1.2.x used honor-http-proxy and
|
||||
there are a good number of documents published that recommend
|
||||
it. */
|
||||
if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
|
||||
tok="http-proxy";
|
||||
else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
|
||||
tok="no-http-proxy";
|
||||
|
||||
/* We accept quite a few possible options here - some options to
|
||||
handle specially, the keyserver_options list, and import and
|
||||
export options that pertain to keyserver operations. Note
|
||||
that you must use strncasecmp here as there might be an
|
||||
=argument attached which will foil the use of strcasecmp. */
|
||||
export options that pertain to keyserver operations. */
|
||||
|
||||
#ifdef EXEC_TEMPFILE_ONLY
|
||||
if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
|
||||
ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
|
||||
log_info(_("WARNING: keyserver option '%s' is not used"
|
||||
" on this platform\n"),tok);
|
||||
#else
|
||||
if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
|
||||
opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
|
||||
else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
|
||||
opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
|
||||
#endif
|
||||
else if(!parse_options(tok,&opt.keyserver_options.options,
|
||||
keyserver_opts,0)
|
||||
&& !parse_import_options(tok,
|
||||
&opt.keyserver_options.import_options,0)
|
||||
&& !parse_export_options(tok,
|
||||
&opt.keyserver_options.export_options,0))
|
||||
if (!parse_options (tok,&opt.keyserver_options.options, keyserver_opts,0)
|
||||
&& !parse_import_options(tok,&opt.keyserver_options.import_options,0)
|
||||
&& !parse_export_options(tok,&opt.keyserver_options.export_options,0))
|
||||
{
|
||||
/* All of the standard options have failed, so the option was
|
||||
destined for a keyserver plugin as used by GnuPG < 2.1 */
|
||||
@ -204,6 +181,7 @@ parse_keyserver_options(char *options)
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
free_keyserver_spec(struct keyserver_spec *keyserver)
|
||||
{
|
||||
|
@ -361,8 +361,8 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
||||
#define VERIFY_PKA_TRUST_INCREASE (1<<8)
|
||||
#define VERIFY_SHOW_PRIMARY_UID_ONLY (1<<9)
|
||||
|
||||
#define KEYSERVER_USE_TEMP_FILES (1<<0)
|
||||
#define KEYSERVER_KEEP_TEMP_FILES (1<<1)
|
||||
#define KEYSERVER_HTTP_PROXY (1<<0)
|
||||
#define KEYSERVER_TIMEOUT (1<<1)
|
||||
#define KEYSERVER_ADD_FAKE_V3 (1<<2)
|
||||
#define KEYSERVER_AUTO_KEY_RETRIEVE (1<<3)
|
||||
#define KEYSERVER_HONOR_KEYSERVER_URL (1<<4)
|
||||
|
Loading…
x
Reference in New Issue
Block a user