* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--
This is a partial reversion of
7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it
earlier today, and came to the conclusion that:
* the risk of metadata leakage represented by a default
--auto-key-retrieve, both in e-mail (as a "web bug") and in other
contexts where GnuPG is used to verified signatures, is quite high.
* the advantages of --auto-key-retrieve (in terms of signature
verification) can sometimes be achieved in other ways, such as when
a signed message includes a copy of its own key.
* when those other ways are not useful, a graphical, user-facing
application can still offer the user the opportunity to choose to
fetch the key; or it can apply its own policy about when to set
--auto-key-retrieve, without needing to affect the defaults.
Note that --auto-key-retrieve is specifically about signature
verification. Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate. This change
does not touch the --auto-key-locate default of "local,wkd". The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/gpg.texi: Document new option.
* g10/call-dirmngr.c (create_context): Fail if option is given.
* g10/gpg.c (cmd_and_opt_values): New value.
(opts): New option.
(gpgconf_list): Add new option.
(main): Handle new option.
* g10/options.h (struct opt): New field 'disable_dirmngr'.
* tools/gpgconf-comp.c (gc_options_gpg): New option.
GnuPG-bug-id: 3334
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/examples/systemd-user/*.service: Drop redundant After=*.socket
directive.
--
systemd.socket(5) says:
Socket units will have a Before= dependency on the service which
they trigger added implicitly.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/examples/systemd-user/*.service: drop RefuseManualStart=true
--
These user services can be safely started manually as long as at least
their primary sockets are available. They'll just start with nothing
to do, which should be fine.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
keyserver options. Set the default for --auto-key-locate to
"local,wkd". Reset that default iff --auto-key-locate has been given
in the option file or in the commandline.
* g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
--
GnuPG-bug-id: 3324
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (IMPORT_DRY_RUN): New.
* g10/import.c (parse_import_options): Add "show-only".
(import_one): use that as alternative to opt.dry_run.
--
This is just a convenience thing for
--import-options import-show --dry-run
Signed-off-by: Werner Koch <wk@gnupg.org>
--
dev.gnupg org is the development platform but the canonical bug
address is and has always been bugs.gnupg.org. We should keep on
using this address for the case that we switch the tracker again or
split it off the development system.
That is also the reason why we should keep on communicating a plain
bug number without the 'T' prefix.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
This status code allows to report whether an encryption operation was
compliant to de-vs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpg.texi: Document the new import option.
* g10/gpg.c (main): Make the new option default to yes.
* g10/import.c (parse_import_options): Parse the new option.
(import_one): Act on the new option.
* g10/options.h (IMPORT_REPAIR_KEYS): New macro.
GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New
enums.
(opts): New options --connect-timeout and --connect-quick-timeout.
(DEFAULT_CONNECT_TIMEOUT): New.
(DEFAULT_CONNECT_QUICK_TIMEOUT): New.
(parse_rereadable_options): Handle new options.
(post_option_parsing): New. Use instead of direct calls to
set_debug() and set_tor_mode ().
(main): Setup default timeouts.
(dirmngr_init_default_ctrl): Set standard connect timeout.
* dirmngr/dirmngr.h (opt): New fields connect_timeout and
connect_quick_timeout.
(server_control_s): New field timeout.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to
http_raw_connect.
* dirmngr/ks-engine-hkp.c (send_request): Call
http_session_set_timeout.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get)
(cmd_ks_fetch): Implement --quick option.
--
The standard connect timeouts are way to long so we add a timeout to
the connect calls. Also implement the --quick option which is already
used by gpg for non-important requests (e.g. looking up a key for
verification).
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information will be picked up by the frontend and
presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--
OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256. This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/. Since
the project has transitioned to a better workflow for supporting
contributions, we should ensure that our documentation points to the
right place.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* build-aux/speed/w32/inst.nsi: stop installing skeleton files.
* doc/gpg.texi: stop documenting skeleton files.
* g10/Makefile.am: stop installing skeleton files.
* g10/openfile.c (copy_options_file): Remove.
(try_make_homedir): do not call copy_options_file.
--
The defaults for gpg and dirmngr are good. Both programs should work
fine for the simple case without any config file. The skeleton config
files were being copied at first use (when the defaults are fine).
But when the user needs to fiddle with them (after they've become
sophisticated users), they're likely out of date because gpg has been
upgraded since then. So they're used for documentation, but they're
stale documentation, which is probably worse than a clean empty file.
GnuPG-bug-id: 3086
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
* dirmngr/dirmngr.c (oDisableIPv6): New const.
(opts): New option --disable-ipv6.
(parse_rereadable_options): Set that option.
* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
(set_dns_disable_ipv6): New.
(resolve_name_standard): Make use of it.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
OPT.DISABLE_IPV6.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
(agent_protect): Make the default protection mode depend on the extend
key format option.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_trust): Rename to ...
(parse_ring_trust): this. Change args and implement new ring trust
packet format.
(parse): Add special ring trust packet handling.
* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
KEYSRC.
(PKT_public_key): Ditto.
(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
(PKT_ring_trust): New.
(struct packet_struct): Remove member RING_TRUST.
(strcu parse_packet_ctx_s): Add field SKIP_META.
(init_parse_packet): Init SKIPT_META.
* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
(free_user_id): Ditto.
* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
lines.
* g10/build-packet.c (build_packet_and_meta): New.
(do_ring_trust): New.
* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
in backup mode.
(do_export_one_keyblock): Ditto.
* g10/import.c (read_block): Add arg WITH_META. Skip ring trust
packets if that ism not set.
(import): Call read_block WITH_META in restore mode.
* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not
yet used, though.
* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
(build_keyblock_image): Ditto. Use build_packet_and_meta.
* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
ring trust packets.
(write_keyblock): Use build_packet_and_meta. Remove special treatment
of ring trust packets and initialization of the signature caches.
--
This patch introduced the framework to store meta data for keys and
user ids in the keyrings/keyboxes. Ring trust packets are
implementation defined and have always been used in gpg to cache the
signature verification status.
Ring trust packets are only exported with the export option "backup"
and only imported with the import option "restore".
The new code uses a cleaner way to handle the ring trust packets: When
the parser reads a ring trust packet and the previously read packet
matches the type of that ring trust packet, the information is stored
in that previously read packet (signature, user id, or primary key)
and the next packet is read immediately. Thus only the parser sees
the ring trust packets. Ring trust packets are written by using the
new function build_packet_and_meta instead of build_packet. That
function writes a ring trust packet when the needed information is
available.
As a side-effect of this patch the signature status cache works again
and "gpg --check-sigs" is thus much faster.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20.
--
We add them now to early catch error in parsers which arbitrary limit
the number of fields in --with-colon listings.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (aQuickSetPrimaryUid): New const.
(opts): New command --quick-set-primary-uid.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ...
(quick_find_keyblock): new func.
(keyedit_quick_revuid): Use quick_find_keyblock.
(keyedit_quick_set_primary): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (gnupg_pk_is_compliant): New.
* g10/keylist.c (print_compliance_flags): New.
(list_keyblock_colon): Call it here.
* sm/keylist.c (print_compliance_flags): New.
(list_cert_colon): Call it here.
--
This patch is to convey information about DE_VS compliant keys to the
caller. The double digit value is used so that parsers do the right
thing and don't just look for a single digit.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/export.c (export_seckeys): Add arg OPTIONS and pass it to
do_export.
(export_secsubkeys): Ditto.
* g10/gpg.c (main): Pass opt.export_options to export_seckeys and
export_secsubkeys
--
Back in the old days we did not used the export options for secret
keys export because of a lot of duplicated code and that the old
secring.gpg was anyway smaller that the pubring.gpg. With 2.1 it was
pretty easy to enable it.
Reported-by: Peter Lebbing
GnuPG-bug-id: 2973
* doc/gpg.texi: Clarify usage and expiration arguments for key
generation.
* tests/openpgp/quick-key-manipulation.scm: Test all variants.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/export.c (parse_export_options): Add "backup" and its alias
"export-backup".
(do_export_one_keyblock): Export ring trust packets in backup mode.
* g10/import.c (parse_import_options): Add "restore" and its alias
"import-restore".
(read_block): Import ring trust packets.
--
These options are intended to, well, backup and restore keys between
GnuPG implementations. These options may eventually be enhanced to
backup and restore all public key related information.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): If the parameter for --faked-system-time
ends with a '!', freeze time at the specified point.
* common/gettime.c (gnupg_set_time): Allow to freeze the time
at an arbitrary time instead of only the current time.
* doc/gpg.texi: Update documentation for --faked-system-time.
--
This patch allows the user to modify the behavior of the
--faked-system-time option: by appending a '!' to the parameter,
time in GnuPG will be frozen at the specified time, instead of
advancing normally from that time onward.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* scd/app.c (app_get_serial_and_stamp): Remove.
(app_get_serialno): New.
(app_write_learn_status): Use send_status_direct.
(app_getattr): Use app_get_serialno for SERIALNO and
send with send_status_direct.
* scd/app-openpgp.c (do_getattr): Likewise.
* scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0.
(cmd_learn): Likewise. Don't inquire with TIMESTAMP of 0.
--
In the SERIALNO protocol, timestamp used to be considered, but had never
used at all. In the new implementation, removed card/token is always
detected and connection becomes invalid, no timestamp is required any
more. Examined scute and poldi as well for this protocol change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* doc/examples/systemd-user/*.service: Add ExecReload directives to
indicate the canonical way to reload the services.
GnuPG recommends reloading the agent and dirmngr with "gpgconf
--reload". if anyone is running them as systemd user services, they
might ask them to reload in the systemd way, so teach systemd the
right thing to do.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New.
(opt_timeout): New var.
(set_dns_timeout): New.
(libdns_res_open): Set the default timeout.
(libdns_res_wait): Use configurable timeout.
(resolve_name_libdns): Ditto.
* dirmngr/dirmngr.c (oResolverTimeout): New const.
(opts): New option --resolver-timeout.
(parse_rereadable_options): Set that option.
(main) <aGPGConfList>: Add --nameserver and --resolver-timeout.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout
and --nameserver.
* dirmngr/http.c (connect_server): Fix yesterday introduced bug in
error diagnostic.
--
This timeout is a pretty crude thing because libdns has a few other
internal timeouts as well.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (aApplyProfile): New.
(opts): New command --apply-profile.
(main): Implement that command.
* tools/gpgconf-comp.c (option_check_validity): Add arg VERBATIM.
(change_options_program): Ditto.
(change_one_value): Ditto.
(gc_component_change_options): Ditto.
(gc_apply_profile): New.
--
Here is an example for a profile
--8<---------------cut here---------------start------------->8---
# foo.prf - Sample profile
[gpg]
compliance de-vs
default-new-key-algo brainpoolP256r1+brainpoolP256r1
[gpgsm]
enable-crl-checks
[gpg-agent]
default-cache-ttl 900
max-cache-ttl [] 3600
no-allow-mark-trusted
no-allow-external-cache
enforce-passphrase-constraints
min-passphrase-len 9
min-passphrase-nonalpha 0
[dirmngr]
keyserver hkp://keys.gnupg.net
allow-ocsp
--8<---------------cut here---------------end--------------->8---
Note that flags inside of brackets are allowed after the option name.
The only defined flag for now is "[default]". In case the value
starts with a bracket, it is possible to insert "[]" as a nop-flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/DETAILS: Mention that 'PINENTRY_LAUNCHED may carry extra
information.
Fixes-commit: c1ea0b577a468030d2b006317ba27fc1746c4b14
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpg.texi: Remove comment about options being parsed in-order.
They aren't.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7572d27
* doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
line.
* g10/tofu.c (write_stats_status): Take additional parameters
signature_days and encryption_days. Update callers. Include them in
the tfs record and TOFU status lines.
(show_statistics): Compute the number of days on which we saw a
message signed by FINGERPRINT, and the number of days on which we
encrypted a message to it.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* doc/gpg.texi: Improve the subsection on unattended key generation by
suggesting the quick key manipulation interface as an alternative, and
by suggesting alternatives to '%pubring' and '%secring'. Simplify
examples accordingly.
GnuPG-bug-id: 2400
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpg.texi: New subsections on programmatic use of GnuPG,
ephemeral home directories, and the quick key manipulation interface.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename options.
(main): Update errors.
* doc/gpg.texi: Update accordingly.
--
I decided not to keep the old versions as aliases in the documentation
because the interface is a fairly recent addition.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename option.
* g10/call-agent.c (agent_scd_learn): Update comment.
* doc/gpg.texi: Update accordingly.
--
This change has a surprising side effect. Previously, --edit was an
alias for --edit-key, because the argument parser actually accepts
unique prefixes of all options. With this change, however, --edit is
ambiguous.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename option.
* doc/gpg.texi: Update accordingly.
--
This is a rather long name, but I believe that this command is rarely
used, and in places where it is used frequently, the process is likely
automated.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpg.texi: Add the old version of every option that was updated
with the last change set.
* doc/gpgsm.texi: Likewise.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac: Add option --disable-libdns
(USE_LIBDNS): New ac_subst and am_conditional.
(USE_C99_CFLAGS): Set only if libdns is used.
* dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
(dirmngr_SOURCES) [USE_LIBDNS0: here.
(t_common_src): Ditto.
* dirmngr/dirmngr.c (oRecursiveResolver): New constant.
(opts): New option "--recursive-resolver".
(parse_rereadable_options): Set option.
* dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
* dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
new variables.
* dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
Also build and call dnslib functions only if USE_DNSLIB is defined.
(recursive_resolver): New var.
(enable_recursive_resolver): New func.
(recursive_resolver_p): New func.
--
In case users run into problems building GnuPG, the configure option
allows to disable that support and continue w/o Tor support using the
system resolver.
--recursive-resolver was easy enough to implement and may be useful in
some situation. It does not fully work, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* autogen.rc: Remove '--with-adns' argument.
* configure.ac: Remove check for ADNS.
* dirmngr/dns-stuff.c: Remove all code that uses ADNS.
* dirmngr/server.c (cmd_getinfo): Update status line.
* doc/dirmngr.texi: Do not mention ADNS.
--
We used ADNS to support queries over Tor. However, our patch to ADNS
that adds Tor support was never accepted upstream. Furthermore, there
are other shortcomings that let us to consider alternatives.
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpg.texi: Document that fact.
* g10/keygen.c (quick_generate_keypair): Use a default value.
* tests/openpgp/quick-key-manipulation.scm: Test that fact.
GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--
This new option is intended to be used in the forthcoming
--set-profile command of gpgconf. It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (oStandardResolver): New constant.
(opts): New option --standard-resolver.
(parse_rereadable_options): Set option.
* dirmngr/dns-stuff.c: Refactor all code to support the new option.
(standard_resolver): New var.
(enable_standard_resolver, standard_resolver_p): New func.
* dirmngr/http.c (connect_server): Remove USE_DNS_SRV build
conditional.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/server.c (cmd_getinfo) <dnsinfo>: Take care of new option
* configure.ac (HAVE_ADNS_IF_TORMODE): Remove var ADNSLIB. ac_define
USE_ADNS in the adns checking code. Remove options --disable-dns-srv
and --disable-dns-cert. Always look for the system resolver. Print
warning if no system resolver was found.
(USE_DNS_CERT, USE_DNS_SRV): Remove ac_defines.
(HAVE_SYSTEM_RESOLVER): New ac_define.
(USE_DNS_SRV): Remove am_conditional; not used anyway.
--
This option allows for runtime switching to the system's standard
resolver. This is mainly useful to work around possible bugs in the
optional resolver libraries (as of now ADNS). Note that on Windows
there is no code to use systems's resolver and thus for full
functionality dirmngr must be build with a separate resolver.
This patch also does way with configure options to disable the use of
CERT and SRV records.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY. Add
a new field called VALIDITY.
* g10/tofu.c (write_stats_status): Update output accordingly.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Change TOFU_STATS as discussed offline with Werner, Justus and Andre.
* doc/Makefile.am: Ship gpg-agent-browser.socket alongside the other
systemd user service example files.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
* dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
* doc/dirmngr.texi: Document this behavior.
--
A user who doesn't specify a keyserver, but asks gnupg to fetch a key
currently just gets a simple error messages "No keyserver available".
If the user is asking to contact a keyserver, we should have a
reasonable default, and not require them to fiddle with settings when
they might not know what settings to choose. This patch makes the
default hkps://hkps.pool.sks-keyservers.net.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
the HKPS pool, and they have not specified any hkp-cacert, then we
should default to the system CAs, rather than nothing.
* doc/dirmngr.texi: Document choice of CAs.
--
Consider three possible classes of dirmngr configuration:
a) no hkps:// keyserver URLs at all (communication with keyservers is
entirely in the clear)
b) hkps:// keyserver URLs, but no hkp-cacert directives
c) hkps:// keyserver URLs, and at least one hkp-cacert directive
class (a) provides no confidentiality of requests.
class (b) currently will never work because the server certificate
cannot be validated.
class (c) is currently supported as intended.
This patch allows users with configurations in class (b) to work as
most users expect (relying on the system certificate authorities),
without affecting users in classes (a) or (c).
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
o minor indentation fix
- wk
* dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
* dirmngr/dirmngr.c (oAllowVersionCheck): New.
(opts): Add --allow-version-check.
(network_activity_seen): New variable.
(parse_rereadable_options): Set opt.allow_version_check.
(main) <aGPGConfList>: Do not anymore set the no change flag for
Windows. Add allow-version-check.
(netactivity_action): Set network_activity_seen.
(housekeeping_thread): Call dirmngr_load_swdb.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
Make "use-tor" available at Basic level.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified"
timestamp.
(dirmngr_load_swdb): Avoid unnecessary disk or network access witout
FORCE. Do not update swdb.lst if it did not change.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oOverrideSessionKeyFD): New.
(opts): Add option --override-session-key-fd.
(main): Handle that option.
(read_sessionkey_from_fd): New.
--
The override-session-key feature was designed to mitigate the effect
of the British RIP act by allowing to keep the private key private and
hand out only a session key. For that use case the leaking of the
session key would not be a problem. However there are other use
cases, for example fast re-decryption after an initial decryption,
which would benefit from concealing the session key from other users.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpgv.c (oEnableSpecialFilenames): New.
(opts): Add option --enable-special-filenames.
(main): Implement that option.
--
This is the same option we have in gpg. It allows to use commands
like
gpgv --enable-special-filenames -- '-&3' - <msg 3<msg.sig
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oCompliance): New.
(opts): Add "--compliance".
(parse_tofu_policy): Use a generic description string for "help".
(parse_compliance_option): New.
(main): Add option oCompliance. Factor out code for compliance
setting to ...
(set_compliance_option): new.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
These configuration files and instructions enable clean and simple
daemon supervision on machines that run systemd.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Removed the detailed ChangeLog entry because that is not needed for
doc changes.
- Added an entry to doc/examples/README.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
With commit d83ba4897bf217d1045c58d1b99e52bd31c58812 all system daemon
features have been removed and thus this should be reflected in the
man page.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (query_swdb): Insert new field with the installed
version. Check that the supplied version does not contain a colon.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (aQuerySWDB): New.
(opts): Add --query-swdb.
(valid_swdb_name_p): New.
(query_swdb): New.
(main): Implement command --query-swdb.
--
Right now this command is not very useful because dimngr has not yet
been changed to create the swdb.lst. For manual tests the swdb.lst
file from the Net can be used with these additional lines:
.filedate 20161102T130337
.verified 20161102T150000
There were several different variant spellings of "passphrase". This
should fix them all for all English text.
I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/dirmngr.c (main): Add new --supervised command, which is a
mode designed for running under a process supervision system like
systemd or runit.
* doc/dirmngr.texi: document --supervised option.
--
"dirmngr --supervised" is a way to invoke dirmngr such that a system
supervisor like systemd can provide socket-activated startup, log
management, and scheduled shutdown.
When running in this mode, dirmngr:
* Does not open its own listening socket; rather, it expects to be
given a listening socket on file descriptor 3.
* Does not detach from the invoking process, staying in the
foreground instead.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/gpg-agent.texi: document "gpgconf --kill gpg-agent" for manual
agent termination.
This was requested in a side-comment in https://bugs.debian.org/840669
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/options.h (DBG_MPI): New.
* g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
* g10/parse-packet.c (set_packet_list_mode): Use dbg macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (get_socket_path): Rename to ...
(get_socket_name): this. This is to comply with the GNU coding guide.
Use xtrymalloc instead of malloc. Do not build for W32.
(map_supervised_sockets): Use strtokenize and set the the socket names
here.
(main): Adjust for above change. Do not close the socket.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (get_socket_path): New function for POSIX systems
to return the path for a provided unix-domain socket.
(map_supervised_sockets): New function to inspect $LISTEN_FDS and
$LISTEN_FDNAMES and map them to the specific functionality offered by
the agent.
(main): Add --supervised command. When used, listen on already-open
file descriptors instead of opening our own.
* doc/gpg-agent.texi: Document --supervised option.
--
"gpg-agent --supervised" is a way to invoke gpg-agent such that a
system supervisor like systemd can provide socket-activated startup,
log management, and scheduled shutdown.
When running in this mode, gpg-agent:
* Does not open its own listening socket; rather, it expects to be
given a listening socket on incoming file descriptors.
* Does not detach from the invoking process, staying in the
foreground instead. Unless otherwise specified, logs are sent to
stderr.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
'browser-socket', enable ssh socket by default, but do not emit the
'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
* doc/gpg-agent.texi: Update documentation.
--
This change enables the restricted, browser, and ssh socket by
default. Note that in all cases, the user has to do some additional
configuration to her setup to make use of these features. Therefore,
this should not break any existing setups, but makes it simpler to
discover and use these features.
Signed-off-by: Justus Winter <justus@g10code.com>
--
The commands --help, --version, --dump-options are special in that
they can't be abbreciated on the command line. This is to avoid
problems with regular options with the same prefix.
Fixes-commit: 0a27d8a57c4c990fcada4278a1ce2e6fc9043e9
Signed-off-by: Werner Koch <wk@gnupg.org>