* agent/gpg-agent.c (main): Move detection up.
--
The problem is that PARGS is re-used and when detecting a possible
incorrect use, the flag that "--" has already been seen has gone.
--
The last key is new. As usual the key is on a dedicated card with the
Admin PIN accessible to a few core hackers.
# ------------------------ >8 ------------------------
pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15]
5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key)
uid Andre Heinecke (Release Signing Key)
sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key)
sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <aheinecke@intevation.de>
pub ed25519 2020-08-24 [SC] [expires: 2030-06-30]
6DAA6E64A76D2840571B4902528897B826403ADA
uid Werner Koch (dist signing 2020)
sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020)
sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig)
sig 63113AE866587D0A 2020-08-24 wk@gnupg.org
sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing)
sig F2AD85AC1E42B367 2020-08-24 Werner Koch <wk@gnupg.org>
pub ed25519 2021-05-19 [SC] [expires: 2027-04-04]
AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
uid Niibe Yutaka (GnuPG Release Key)
sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key)
sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <gniibe@fsij.org>
sig E267B052364F028D 2021-09-14 NIIBE Yutaka <gniibe@fsij.org>
pub brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31]
02F38DFF731FF97CB039A1DA549E695E905BA208
uid GnuPG.com (Release Signing Key 2021)
sig 3 549E695E905BA208 2021-10-15 GnuPG.com (Release Signing Key 2021)
sig 528897B826403ADA 2021-10-15 Werner Koch (dist signing 2020)
sig E3FDFF218E45B72B 2021-10-15 Werner Koch (wheatstone commit signing)
* g10/tdbdump.c (export_ownertrust): Skip records marked with the
option --trusted-key.
(import_ownertrust): Clear the trusted-key flag.
* g10/tdbio.h (struct trust_record): Add field flags.
* g10/tdbio.c (tdbio_dump_record): Improve output.
(tdbio_read_record, tdbio_write_record): Handle flags.
* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
the flag for new --trusted-keys.
(tdb_update_ownertrust): Add arg as_trusted_key. Update callers.
--
GnuPG-bug-id: 5685
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keyboxd.c (oStealSocket): New const.
(opts): Add option.
(steal_socket): New file global flag.
(main): Set option.
(create_server_socket): Implement option.
--
* agent/gpg-agent.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.
(create_server_socket): Implement option.
* dirmngr/dirmngr.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option. Add comment to eventually implement it.
--
Note that --steal-socket has currently no effect on dirmngr because
dirmngr does this anway.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/backend-kbx.c (be_kbx_search): Initialize skipped_long_blobs
value which is passed to keybox_search and incremented there.
(be_kbx_seek): Likewise.
--
GnuPG-bug-id: 5393
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* g10/keygen.c (parse_revocation_key): Store the fingerprint length in
created structure.
--
GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* agent/sexp-secret.c (fixup_when_ecc_private_key): Initialize buffer to
avoid its use on unexpected inputs.
--
GnuPG-bug-id: 5393
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* tools/gpgconf.c (aShowConfigs): New.
(opts): Add --show-configs.
(CUTLINE_FMT): New.
(show_version_gnupg): Add arg "prefix" and adjust caller.
(my_copy_file): New.
(show_configs_one_file): New.New.
(show_configs): New.
(main): Call show_configs.
--
The ability to have a consolidated list of all config files is very
useful for support cases. This is in particular important due to the
global config files and their conditional constructs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c (known_options_gpg): Add "keyserver".
--
This allows Kleopatra to read and change the keyserver that is used
by gpg if the deprecated keyserver option in gpg.conf is set.
GnuPG-bug-id: 5462
* g10/gpg.c (oOverrideComplianceCheck): New.
(opts): Add new option.
(main): Set option and add check for batch mode.
* g10/options.h (opt): Add flags.override_compliance_check.
* g10/sig-check.c (check_signature2): Factor complaince checking out
to ...
(check_key_verify_compliance): this. Turn error into a warning in
override mode.
--
There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode. This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.
GnuPG-bug-id: 5655
* Makefile.am (all-local): New to setup symlinks.
(distclean-local): New.
* tests/Makefile.am: Remove the gpgconf related targets. Just keep
gpgconf.ctl.in in EXTRA_DIST
* tests/cms/Makefile.am (GNUPG_BUILD_ROOT):
* tests/gpgme/Makefile.am (GPGSCM_PATH):
* tests/openpgp/Makefile.am (GNUPG_BUILD_ROOT):
* tests/pkits/Makefile.am (GNUPG_BUILD_ROOT):
* tests/tpm2dtests/defs.scm (tools): Revert to the former values.
* tests/openpgp/defs.scm (tools): Ditto.
--
This
Fixes-commit: 399ebf6d873d4178c1d527aa4df34bf16a76360e
Fixes-commit: 84fcd8e6eb7e0786399e1f6461c3f60b0db2d070
because we ran into problems with the idea of first doing a
test-install for the checks. "make distcheck" turned out to
be too problematic. Symlinks are a better way of doing this.
Also fixes
GnuPG-bug-id: 5634
* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
(i18n_localegettext): Ditto.
* tools/gpgconf-comp.c (my_dgettext): Ditto.
--
On Unix, gnupg_localedir() returns the locale directory relative to
the root directory of the gnupg installation if specified in the
gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR.
GnuPG-bug-id: 5999
* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.
--
This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
GnuPG-bug-id: 5639
* agent/protect.c (USE_CLOCK_GETTIME): New macro.
(calibrate_get_time): Only use clock_gettime if USE_CLOCK_GETTIME.
--
GnuPG-bug-id: 5623
Fixes-commit: 380bce13d94ff03c96e39ac1d834f382c5c730a1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/defs.scm: We expect that stuff is now installed.
(tools): Fix the names.
(intsalled?, bin-prefix): Remove.
(tool-hardcoded): Simplify.
(gpg-conf'): Simplify.
(GNUPG_BUILDDIR): Do not anymore set this envvar.
* tests/tpm2dtests/defs.scm: Ditto.
--
This simplifies things a bit.
* tests/gpgconf.ctl.in: New.
* tests/Makefile.am (EXTRA_DIST): Add new file.
(TESTINST_DIRS): New.
(clean-local): New.
(clean-local-testinst): New.
(check-recursive): New hook.
(bin/gpgconf.ctl): Run a test install.
* tests/cms/Makefile.am (TESTS_ENVIRONMENT): Set new envvar
GNUPG_BUILD_ROOT.
* tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto.
--
Right now this helps only with the global configuraion dir which is
now not set and thus the build host'ss own /etc/gnupg does not anymore
affect the build.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (MYPROC_SELF_EXE): New.
(unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as
fallback.
--
In addition this adds a fallback method for AIX etc which do not have
an easy way to get the info.
* common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
(gnupg_sysconfdir): Return it.
--
Our regression test suite has the problem that we can't disable the
use of the global config files or test them using the regualr
binaries. This new keyword will allow us to overcome the problem.