* g10/gpg.c: Add options --allow-v3-keys and --no-allow-v3-keys.
(main): Enable --allow-v3-keys in --pgp2 mode.
* g10/options.h (opt): Add field allow_v3_keys.
* g10/import.c (delete_v3_subkeys): New.
(import_one): Skip v3 keys and delete v3 subkeys.
(import_print_stats): Print stats on v3 keys and subkeys.
* g10/getkey.c (finish_lookup): Skip v3 keys.
--
This is a first take on disabling v3 keys. We may need to add some
tweaks to make decryption using an existing v3 key easier. There is
no need to disallow decryption.
Thanks to Georgi Guninski to put some pressure on us to finally do
what PGP 2 folks will probably don’t like. See the discussion on
gnupg-devel starting 2012-06-22.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems. We now use two \x27 characters ('...').
The proper solution would be to use the correct Unicode symmetric
quotes here. However this has the disadvantage that the system
requires Unicode support. We don't want that today. If Unicode is
available a generated po file can be used to output proper quotes. A
simple sed script like the one used for en@quote is sufficient to
change them.
The changes have been done by applying
sed -i "s/\`\([^'\`]*\)'/'\1'/g"
to most files and fixing obvious problems by hand. The msgid strings in
the po files were fixed with a similar command.
* configure.ac: Add all the require m4 magic.
--
This also removes the hack to allow custom version numbers which are
not considered a development version. A custom version number can be
done anyway by simply setting the version to it and tag the release
with it.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove. Also remove all callers.
* common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this
status anymore.
--
To keep the number of actually used algorithms low, we want to support
IDEA only in a basically read-only way (unless --pgp2 is used during
key generation). It does not make sense to suggest the use of this
old 64 bit blocksize algorithm. However, there is old data available
where it might be helpful to have IDEA available.
* common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES.
--
In general this is not required because automake does this for files
in BUILT_SOURCES anyway. However, having them in CLEANFILES is wrong.
This is bug#1398.
* agent/trustlist.c (clear_trusttable): New.
(agent_reload_trustlist): Use new function.
(read_trustfiles): Require to be called with lock held.
(agent_istrusted): Factor all code out to ...
(istrusted_internal): new. Add ALREADY_LOCKED arg. Make sure the
table islocked. Do not print TRUSTLISTFLAG stati if called internally.
(agent_marktrusted): Replace calls to agent_reload_trustlist by
explicit code.
--
In contrast to pth, npth does not use recursive mutexes by default.
However, the code in trustlist.c assumed recursive locks and thus we
had to rework it.
When the KILLSCD command had been sent a race condition would occur
causing PID -1 getting killed, which on Linux seems to terminate all
applications for the current user.
GnuPG requires that options are given before other arguments. This
can sometimes be confusing. We now print a warning if we found an
argument looking alike a long option without being preceded by the
stop option. This is bug#1343.
* common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New.
* common/argparse.c (arg_parse): Set new flag.
* g10/gpg.c (main): Print the warning.
* agent/gpg-agent.c (main): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
* g13/g13.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
This is not yet fully implemented. It will eventually allow to
support pinpad equipped readers which do not support variable length
pin lengths.
* agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and
parse pinlen info. Change all callers to pass NULL for it.
* agent/command.c: Include asshelp.h.
(cmd_pkdecrypt, cmd_genkey, cmd_preset_passphrase)
(pinentry_loopback): Use print_assuan_status for INQUIRE_MAXLEN.
For the shared code parts it is cumbersome to pass an error sourse
variable to each function. Its value is always a constant for a given
binary and thus a global variable makes things a lot easier than the
former macro stuff.
* common/init.c (default_errsource): New global var.
(init_common_subsystems): Rename to _init_common_subsystems. Set
DEFAULT_ERRSOURCE.
* common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT.
(init_common_subsystems): New macro.
* common/util.h (default_errsource): Add declaration.
* kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
* g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
recreating a cert.
This is used by various things in --edit-key like setpref, primary,
etc. Suggested by Christian Aistleitner.
Since there isn't a way to prompt the user to insert the smartcard when
pinentry-mode=loopback, return GPG_ERR_CARD_NOT_PRESENT instead of
GPG_ERR_NO_PIN_ENTRY.
* agent/divert-scd.c (ask_for_card): Return GPG_ERR_CARD_NOT_PRESENT
when pinentry-mode=loopback.
Fix pinentry-mode=loopback when cancelling an inquire from scdaemon.
This is similar to commit 4f21f8d but for both protocol command
cancellation and pinentry cancellation.
* agent/call-scd.c (agent_card_pkdecrypt): Check for
GPG_ERR_ASS_CANCELED.
(agent_card_pksign): Ditto.
* configure.ac: Remove cruft to allow building without npth.
--
Previous versions of GnuPG allowed to build a subset of it without
support of Pth. Meanwhile gpg-agent is a requirement even for gpg and
thus it does not make any sense to allow such a restricted build.