security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Install a dirmngr.conf file. 

* g10/dirmngr-conf.skel: New.
* g10/Makefile.am (EXTRA_DIST): Add file.
(install-data-local, uninstall-local): Install that file.
* g10/openfile.c (copy_options_file): Add arg "name", return a value,
simplify with xstrconcat, and factor warning message out to:
(try_make_homedir): here.  Also install dirmngr.conf.
* g10/options.skel: Remove --keyserver entry.
--

The option --keyserver in gpg has been deprecated in favor of
--keyserver in dirmngr.conf.  Thus we need to install a skeleton file
for dirmngr to set a default keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-10-05 19:48:47 +02:00
parent ae471fa978
commit f3959f14b6
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 87 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
g10/Makefile.am
View File

@ -18,7 +18,8 @@
## Process this file with automake to produce Makefile.in
EXTRA_DIST = options.skel distsigkey.gpg ChangeLog-2011 gpg-w32info.rc \
EXTRA_DIST = options.skel dirmngr-conf.skel distsigkey.gpg \
ChangeLog-2011 gpg-w32info.rc \
gpg.w32-manifest.in test.c t-keydb-keyring.kbx
AM_CPPFLAGS = -I$(top_srcdir)/common
@ -164,11 +165,14 @@ install-data-local:
$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)
$(INSTALL_DATA) $(srcdir)/options.skel \
$(DESTDIR)$(pkgdatadir)/gpg-conf.skel
$(INSTALL_DATA) $(srcdir)/dirmngr-conf.skel \
$(DESTDIR)$(pkgdatadir)/dirmngr-conf.skel
$(INSTALL_DATA) $(srcdir)/distsigkey.gpg \
$(DESTDIR)$(pkgdatadir)/distsigkey.gpg
uninstall-local:
-@rm $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
-@rm $(DESTDIR)$(pkgdatadir)/dirmngr-conf.skel
-@rm $(DESTDIR)$(pkgdatadir)/distsigkey.gpg

61
g10/dirmngr-conf.skel Normal file
View File

@ -0,0 +1,61 @@
# dirmngr-conf.skel - Skeleton to create dirmngr.conf.
# (Note that the first three lines are not copied.)
#
# dirmngr.conf - Options for Dirmngr
# Written in 2015 by The GnuPG Project <https://gnupg.org>
#
# To the extent possible under law, the authors have dedicated all
# copyright and related and neighboring rights to this file to the
# public domain worldwide. This file is distributed without any
# warranty. You should have received a copy of the CC0 Public Domain
# Dedication along with this file. If not, see
# <http://creativecommons.org/publicdomain/zero/1.0/>.
#
#
# Unless you specify which option file to use (with the command line
# option "--options filename"), the file ~/.gnupg/dirmngr.conf is used
# by dirmngr. The file can contain any long options which are valid
# for Dirmngr. If the first non white space character of a line is a
# '#', the line is ignored. Empty lines are also ignored. See the
# dirmngr man page or the manual for a list of options.
#
# --keyserver URI
#
# GPG can send and receive keys to and from a keyserver. These
# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP
# support).
#
# Example HKP keyservers:
# hkp://keys.gnupg.net
#
# Example HKPS keyservers (see --hkp-cacert below):
# hkps://hkps.pool.sks-keyservers.net
#
# Example LDAP keyservers:
# ldap://pgp.surfnet.nl:11370
#
# Regular URL syntax applies, and you can set an alternate port
# through the usual method:
# hkp://keyserver.example.net:22742
#
# Most users just set the name and type of their preferred keyserver.
# Note that most servers (with the notable exception of
# ldap://keyserver.pgp.com) synchronize changes with each other. Note
# also that a single server name may actually point to multiple
# servers via DNS round-robin. hkp://keys.gnupg.net is an example of
# such a "server", which spreads the load over a number of physical
# servers.
keyserver hkp://keys.gnupg.net
# --hkp-cacert FILENAME
#
# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to
# know the root certificates for verification of the TLS certificates
# used for the connection. Enter the full name of a file with the
# root certificates here. If that file is in PEM format a ".pem"
# suffix is expected. This option may be given multiple times to add
# more root certificates.
#hkp-cacert /path/to/CA/sks-keyservers.netCA.pem

34
g10/openfile.c
View File

@ -375,10 +375,11 @@ open_sigfile (const char *sigfilename, progress_filter_context_t *pfx)
/****************
* Copy the option file skeleton to the given directory.
* Copy the option file skeleton for NAME to the given directory.
* Returns true if the new option file has any option.
*/
static void
copy_options_file (const char *destdir)
static int
copy_options_file (const char *destdir, const char *name)
{
const char *datadir = gnupg_datadir ();
char *fname;
@ -390,10 +391,9 @@ copy_options_file (const char *destdir)
int any_option = 0;
if (opt.dry_run)
return;
return 0;
fname = xmalloc (strlen(datadir) + strlen(destdir) + 15);
strcpy (stpcpy(fname, datadir), DIRSEP_S "gpg-conf" SKELEXT);
fname = xstrconcat (datadir, DIRSEP_S, name, "-conf", SKELEXT, NULL);
src = fopen (fname, "r");
if (src && is_secured_file (fileno (src)))
{
@ -405,9 +405,10 @@ copy_options_file (const char *destdir)
{
log_info (_("can't open '%s': %s\n"), fname, strerror(errno));
xfree(fname);
return;
return 0;
}
strcpy (stpcpy (fname, destdir), DIRSEP_S GPGEXT_GPG EXTSEP_S "conf");
xfree (fname);
fname = xstrconcat (destdir, DIRSEP_S, name, EXTSEP_S, "conf", NULL);
oldmask = umask (077);
if (is_secured_filename (fname))
@ -424,7 +425,7 @@ copy_options_file (const char *destdir)
log_info (_("can't create '%s': %s\n"), fname, strerror(errno) );
fclose (src);
xfree (fname);
return;
return 0;
}
while ((c = getc (src)) != EOF)
@ -455,11 +456,8 @@ copy_options_file (const char *destdir)
fclose (src);
log_info (_("new configuration file '%s' created\n"), fname);
if (any_option)
log_info (_("WARNING: options in '%s'"
" are not yet active during this run\n"),
fname);
xfree (fname);
return any_option;
}
@ -492,7 +490,15 @@ try_make_homedir (const char *fname)
fname, strerror(errno) );
else if (!opt.quiet )
log_info ( _("directory '%s' created\n"), fname );
copy_options_file( fname );
/* Note that we also copy a dirmngr.conf file here. This is
because gpg is likely the first invoked tool and thus creates
the directory. */
copy_options_file (fname, DIRMNGR_NAME);
if (copy_options_file (fname, GPG_NAME))
log_info (_("WARNING: options in '%s'"
" are not yet active during this run\n"),
fname);
}
}

32
g10/options.skel
View File

@ -95,39 +95,9 @@ require-cross-certification
#lock-once
# GnuPG can send and receive keys to and from a keyserver. These
# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
# support).
#
# Example HKP keyservers:
# hkp://keys.gnupg.net
#
# Example LDAP keyservers:
# ldap://pgp.surfnet.nl:11370
#
# Regular URL syntax applies, and you can set an alternate port
# through the usual method:
# hkp://keyserver.example.net:22742
#
# If you have problems connecting to a HKP server through a buggy http
# proxy, you can use keyserver option broken-http-proxy (see below),
# but first you should make sure that you have read the man page
# regarding proxies (keyserver option honor-http-proxy)
#
# Most users just set the name and type of their preferred keyserver.
# Note that most servers (with the notable exception of
# ldap://keyserver.pgp.com) synchronize changes with each other. Note
# also that a single server name may actually point to multiple
# servers via DNS round-robin. hkp://keys.gnupg.net is an example of
# such a "server", which spreads the load over a number of physical
# servers. To see the IP address of the server actually used, you may use
# the "--keyserver-options debug".
keyserver hkp://keys.gnupg.net
#keyserver http://http-keys.gnupg.net
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
# Common options for keyserver functions:
# (Note that the --keyserver option has been moved to dirmngr.conf)
#
# include-disabled = when searching, include keys marked as "disabled"
# on the keyserver (not all keyservers support this).