* tools/gpg-auth.c (ssh_authorized_keys): Move free after printing error
message.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
(cherry picked from commit 9adaa79ab43e2f87178b8ee5ab1a353cba384606)
* tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case
the loop is never run.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 021c27510b52f86a95ae70b5f4ed5d2c3886c3e8)
* tools/gpg-check-pattern.c (read_file): Check length before calling
fread.
--
The problem with an empty file is that es_fread is called to read one
element of length zero which seems to be undefined behaviour and
results in ENOENT on my test box.
* tools/gpg-wks-client.c (mirror_one_key): Test for no domain
specified.
--
The code did not really work if no domain was given. It worked but
filtered out all keys so that no key was actually exported.
* tools/gpg-wks-client.c (oRealClean): New.
(opts): Add "realclean".
(parse_arguments): Implement.
(main): Take a copy of the module name to fix bad assignment from a
former patch.
* tools/gpg-wks-server.c (main): Ditto.
* tools/gpg-wks.h (opt): Add field realclean.
* tools/wks-util.c (wks_get_key): Call gpg with export-realclean
depending on the new option.
--
The default for gpg-wks-client is to install keys with all valid key
signatures. The new option will eventually allow to install the keys
only with key signatures done by trusted-keys. Also the export-option
is in gpg, it requires one more gpg patch to make it actually work.
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program. Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--
GnuPG-bug-id: 7017
* tools/gpg-wks-client.c (wrong_args): Take two args. Change all
callers.
(main): Pass ARGPARSE_FLAG_COMMAND for recent gpgrt version.
--
This requires gpgrt 1.48. Of course "gpg-wks-client --create ..."
continues to work.
* kbx/keyboxd.c (create_directories): Following the behavior of
gpg-agent, call create_public_keys_directory after mkdir.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-wks-client.c (opt): New option --no-add-revocs.
(main): Make --add-revocs the default.
(command_send): Rename to ...
(command_create): to match the command name.
* tools/wks-util.c (wks_get_key): Change from export-minimal to
export-clean
--
To properly work with tusted introducers et al. it is important to also
upload valid key signatures to the Web Key Directory.
* tools/gpgtar.c: Add option --no-compress.
* tools/gpgtar.h (opt): Add field no_compress.
* tools/gpgtar-create.c (gpgtar_create): Pass -z0 to gpg.
--
This option is probably easier to remember than --gpg-args '-z0'.
* tools/gpgtar.c (main): Write status line before exit.
--
Due to the new way we support gpgtar in GPGME we need status lines to
detect a final error.
GnuPG-bug-id: 6497
* common/util.h (GNUPG_MODULE_NAME_GPGTAR): New.
* common/homedir.c (gnupg_module_name): Add it.
* tools/gpgtar.c: Include comopt.h.
(enum cmd_and_opt_values): Add oDebug.
(opts): Add --debug.
(any_debug): New.
(main): Parse common.conf.
--
Having a way to see the output of gpgtar is often useful for
debugging. The only effect of the debug option is to show whether
common.conf was read.
* tools/gpgtar.c (main): Don't allow logging via the Registry. Forbid
using stdout for status-fd in crypt mode.
--
Without that check a status output would be mixed up with the input to
the internal call of gpg.
Using the Registry key to enable logging is very annoying.
* tools/gpgconf.c (show_configs): Add a list of envvars and print
them.
--
Note that for simplicity we to not distinguish between Windows and
Linux here.
* tools/wks-util.c (write_to_file): Rename to ...
(wks_write_to_file): this, make global, and support NULL for fname.
* tools/gpg-wks-client.c (command_check): Write to key.
* tools/call-dirmngr.c (wkd_get_status_cb): Deetect and output warning
and note stati from dirmngr.
--
This is in particular helpful to check for non-proper TLS
certificates.
* tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in
spawn.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
Note that this fix does not handle file descripotors passed via the
--gpg-args options.
GnuPG-bug-id: 6348
* tools/gpg-wks.h (opt): Add add_revocs.
* tools/wks-util.c (wks_get_key): Add arg 'binary'.
(wks_armor_key): New.
(wks_find_add_revocs): New.
(wks_cmd_install_key): Get key in binary mode and add revocations if
enabled.
* tools/gpg-wks-client.c (oAddRevocs): New.
(opts): Add --add-revocs.
(parse_arguments): Set option,
(command_send): Get key in binary mode, add revocations if enabled,
and explictly armor key. Remove kludge to skip the Content-type line
in no_encrypt mode.
(mirror_one_keys_userid): Always filter the key to get rid of the
armor as received from dirmngr. Add revocations from the local
keyring.
--
Note that this also fixes an oddity of the new mirror command which
used to store the keys armored as received from dirmngr.