1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

123 Commits

Author SHA1 Message Date
NIIBE Yutaka
f182c284fb
tests: Support semihosted environment.
* Makefile.am (check-all): Add EXEEXT.
* agent/all-tests.scm: Append EXEEXT.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 13:59:06 +09:00
Werner Koch
ed54fd53d1
tools: Need to set the dir for common.conf
* tools/gpg-connect-agent.c (main): Set dirs.
* tools/gpg-card.c (main): Ditto.
--
Fixes-commit: 203dcc19eb
2022-09-21 09:41:39 +02:00
Werner Koch
171725c971
g13: Remove unused variable.
--
2022-08-02 18:45:06 +02:00
NIIBE Yutaka
fe535cf265 agent,gpg,tools: Fix use of log_get_fd.
* agent/call-daemon.c (daemon_start): Don't put file descriptor from
log_get_fd to no_close_list.
* agent/call-pinentry.c (start_pinentry): Likewise.
* common/call-gpg.c (start_gpg): Likewise.
* call-syshelp.c (start_syshelp): Likewise.
* tools/gpg-connect-agent.c (main): Likewise.

--

GnuPG-bug-id: 5921
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-22 13:34:06 +09:00
NIIBE Yutaka
09df630e4b tests: Enable tests with keyboxd only when it's configured.
* tests/gpgscm/tests.scm (in-objdir): Move from...
* g13/all-tests.scm: ... here.
* tests/openpgp/all-tests.scm (keyboxd-enabled?): New.
(tests): Enable when keyboxd-enabled?.

--

GnuPG-bug-id: 5966
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-10 11:49:06 +09:00
NIIBE Yutaka
adf24ce618 tests: Skip testsing g13 when it's not enabled.
* g13/all-tests.scm: Skip the test by examining $objdir/Makefile.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 11:12:57 +09:00
NIIBE Yutaka
83e0a9d6b9 build: Fix library dependency of g13 test program.
* g13/Makefile.am (t_common_ldadd): Add GPG_ERROR_LIBS.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-02-12 15:33:11 +09:00
Werner Koch
60e1ce6612
g13: Add missing header
--
2020-11-25 10:23:55 +01:00
Werner Koch
b7f4e2d71f
g13: Include a now missing header file.
* g13/create.c: Include sysutuls.h
--

This is needed due to the recent switch from stat to gnupg_stat.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-04 16:13:05 +01:00
Werner Koch
18e5dd7b03
Replace all calls to stat by gnupg_stat.
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--

Yet another wrapper for Unicode support on Windows.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 16:38:06 +02:00
Werner Koch
c94ee1386e
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
2020-10-20 12:15:55 +02:00
Werner Koch
32aac55875
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:54:17 +02:00
Werner Koch
ba463128ce
Use gpgrt's new option parser for the remaining daemons.
* scd/scdaemon.c: Switch to the new option parser and enable a global
conf file.
* dirmngr/dirmngr.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto.  Do not force verbose mode.
* dirmngr/dirmngr_ldap.c: Switch to the new option parser.
* dirmngr/dirmngr-client.c: Switch to the new option parser.
--

This finalizes the switch to the new option parser.  What's left is to
remove the old argparser code from common.

g13-syshelp does not anymore default to --verbose because that can now
be enabled in /etc/gnupg/g13-syshelp.conf.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-21 21:45:13 +01:00
Werner Koch
0e8f6e2aa9
gpg: Use gpgrt's new option parser to provide a global conf file.
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h.  Do this also for all main modules which use our option
parser except for gpg.  Replace calls to strusage by calls to
gpgrt_strusage everywhere.

* g10/gpg.c (opts): Change type to gpgrt_opt_t.  Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t.  Rework the option
parser to make use of the new gpgrt_argparser.
--

This is not yet finished but a make check works.  gpg has the most
complex and oldest option handling and thus this is the first
migration target.  SE-Linux checks and version-ed config files are
missing and will be added later.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 11:13:32 +01:00
Daniel Kahn Gillmor
0904b8ef34 Spelling cleanup.
No functional changes, just fixing minor spelling issues.

---

Most of these were identified from the command line by running:

  codespell \
    --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
    --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
    doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
    NEWS README README.maint TODO

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 18:07:46 -05:00
Werner Koch
6aff8a1328
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 21d9bd8b87)

- Applied respective chnages also to gpg-card and keyboxd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:50:47 +01:00
Werner Koch
f2ac6742d4
Return better error code for some getinfo IPC commands.
* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
* g13/server.c (cmd_getinfo): Ditto.
* sm/server.c (cmd_getinfo): Ditto.
--

GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require
a later version for gnupg 2.  Thus we can switch to this more
descriptive code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-03 16:33:10 +02:00
Daniel Kahn Gillmor
54eb375ff1 all: fix spelling and typos
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 15:56:18 -04:00
Werner Koch
20539ea5ca
Merge branch 'STABLE-BRANCH-2-2' 2018-02-22 16:19:56 +01:00
Werner Koch
f19ff78f0f
common: Use new function to print status strings.
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2018-02-14 12:21:44 +01:00
Werner Koch
b56dfdfc18
Use the gpgrt log functions if possible.
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix.  Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex.  Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--

This patch enables the use of the log function from libgpgrt (aka
libgpg-error).  Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions.  Eventually the
whole divert stuff can be removed.

The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string.  Note that this is fully specified
standard C behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
Justus Winter
f4365790da
tests: Make it possible to run all tests using our infrastructure.
* Makefile.am (TESTS_ENVIRONMENT): New variable.
(check-all): New phony target to run all tests.
* tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
whether the GPGME test suite is available instead of exiting the
process.
* tests/gpgscm/init.scm (export): New macro.
* tests/gpgscm/tests.scm (run-tests): New function.
(load-tests): Likewise.
* tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
of tests to 'all-tests.scm'.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.
* tests/gpgme/Makefile.am: To select the tests to run, use the
variable 'TESTS'.  This harmonizes the interface with the automake
test suite.
* tests/gpgsm/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.
* tests/openpgp/README: Likewise.
* agent/all-tests.scm: New file.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.
* tests/gpgme/all-tests.scm: Likewise.
* tests/gpgsm/all-tests.scm: Likewise.
* tests/migrations/all-tests.scm: Likewise.
* tests/openpgp/all-tests.scm: Likewise.
* tests/run-tests.scm: Likewise.
--

This change allows us to run all tests in parallel and write one XML
report capturing the results of every test.  It also lays the
foundation to parametrize test suites.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-11 18:12:37 +02:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka
10519270d3 g13: Fix for Solaris.
* configure.ac: Check sys/mkdev.h.
* g13/sh-dmcrypt.c: Include sys/mkdev.h.

--

GnuPG-bug-id: 3098
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-20 20:43:29 +09:00
NIIBE Yutaka
c3cc9551dc g13: Include sys/sysmacros.h if available.
* configure.ac: Add test for sys/sysmacros.h.
* g13/sh-dmcrypt.c: Include sys/sysmacros.h.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-11 19:59:07 +09:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Daniel Kahn Gillmor
ccb420380b Fix spelling.
--

Clean up several other misspellings noticed while reviewing Yuri's
de-duplication patch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Justus Winter
f8ce31a7bf
g13: Fix build on macOS.
* g13/Makefile.am (t_common_ldadd): Add iconv.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-13 10:18:45 +01:00
Werner Koch
5b6ebfb924
g13: Improve printing of debug infos.
* g13/g13tuple.c (all_printable): Make it work.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-02 13:30:37 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Justus Winter
445f0c13d7 Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:59:56 +02:00
Daniel Kahn Gillmor
0d67241e31 Fix more spelling
* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
  tests/pkits/README, tools/applygnupgdefaults,
  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
  minor spelling cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-17 16:00:37 +09:00
Werner Koch
0ac671f8a2
common: Add an assuan logging monitor.
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 11:58:48 +02:00
Werner Koch
f02ceb6c6e
g13: Allow the use of a g13tab label for --mount.
* g13/mount.c (g13_mount_container): Do not run the first access check
if syshelp is required.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-14 20:23:12 +02:00
Werner Koch
b781113cf1
g13: Implement --umount for dm-crypt.
* g13/g13.c (main): Implement command --umount.
* g13/mount.c (g13_umount_container): use the syshelper if needed.
* g13/backend.c (be_umount_container): New.
* g13/be-dmcrypt.c (be_dmcrypt_umount_container): New.
* g13/call-syshelp.c (call_syshelp_run_umount): New.
* g13/sh-cmd.c (cmd_umount): New.
(register_commands): Register UMOUNT.
* g13/sh-dmcrypt.c (sh_dmcrypt_umount_container): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-14 20:17:51 +02:00
Werner Koch
c9a0bccc77
g13: Fix double free bug.
* g13/sh-cmd.c (cmd_mount, cmd_resume): Do not xfree TIUPLES.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-13 19:42:18 +02:00
Werner Koch
7009206402
g13: Consider g13tab for a mount command.
* g13/sh-cmd.c (cmd_getkeyblob): New.
(register_commands): Register it.
* g13/call-syshelp.c (getkeyblob_data_cb): New.
(call_syshelp_get_keyblob): New.
* g13/mount.c: Include callsyshelp.h.
(g13_mount_container): Ask syshelp whether the filename is managed by
g13tab.  Call syshelp to get the encrypted keyblob in this case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-13 19:40:32 +02:00
Werner Koch
37e932658c
g13: Move some function around.
* g13/keyblob.c (g13_keyblob_decrypt): Move to ...
* g13/server.c: to here.
* g13/suspend.c, g13/mount.c: Include server.h.
* g13/Makefile.am (g13_syshelp_SOURCES): Add keyblob.c
--

This is done to be able to use keyblob read code in syshelp w/o
requiring linking to call-gpg.c

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-13 17:39:28 +02:00
Werner Koch
b57f553212
g13: New command --find-device.
* common/status.h (STATUS_BLOCKDEV: New.
* g13/call-syshelp.c: Include "call-syshelp.h".
(finddevice_status_cb, call_syshelp_find_device): New.
* g13/g13.c (aFindDevice): New.
(opts): Add "--find-device".
(main): Implement --find-device.
* g13/sh-cmd.c (cmd_finddevice): New.
(register_commands): Register new command.
--

This might be useful for scripting.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-13 13:49:41 +02:00
Daniel Kahn Gillmor
61c2a1fa6d
Call log_set_prefix() with human-readable labels.
* agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
* dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
* g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
* tests/gpgscm/main.c, tools/gpg-check-pattern.c
* tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
* tools/symcryptrun.c: Invoke log_set_prefix() with
human-readable labels.

--

Some invocations of log_set_prefix() were done with raw numeric values
instead of values that humans can understand.  Use symbolic
representations instead of numeric for better readability.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-12 12:16:19 +02:00
Ben Kibbey
49829c29e5 Cleanup initialization of libgcrypt.
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.

--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-08-09 10:47:46 +02:00
Werner Koch
acb27915f8
g13: Fix memleak.
* g13/g13tuple.c (create_tupledesc): Init refcount to 1.
--

The old code somehow assumed that calloc was used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-12 23:04:39 +02:00
Werner Koch
22a7ef01aa
Replace use of opt.homedir by accessor functions.
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--

This will make detection of a non-default homedir easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
Werner Koch
5d991e333a
common: Extend gnupg_create_inbound_pipe et al.
* common/exechelp-posix.c (gnupg_create_inbound_pipe): Add args 'r_fp'
and 'nonblock'.
(gnupg_create_outbound_pipe): Ditto.
* common/exechelp-w32.c (gnupg_create_inbound_pipe): Add non yet
functional args 'r_fp' and 'nonblock'.
(gnupg_create_outbound_pipe): Ditto.
* common/exechelp-w32ce.c (gnupg_create_inbound_pipe): Ditto.
(gnupg_create_outbound_pipe): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 15:41:55 +02:00
Justus Winter
e77c85577d common: Consolidate Assuan server argument handling.
* common/Makefile.am (common_sources): Add new files.
* common/server-help.c: New file.
* common/server-help.h: Likewise.
* agent/command.c: Drop argument handling primitives in favor of using
the consolidated ones.
* dirmngr/server.c: Likewise.
* g10/server.c: Likewise.
* g13/server.c: Likewise.
* scd/command.c: Likewise.
* sm/server.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-02 14:14:33 +01:00
Werner Koch
f7968db30b
g13: Add commands --suspend and --remove.
* g13/g13.c (aSuspend, aResume): New.
(opts): Add commands --suspend and --resume.
(main): Implement dummy command aUmount.  Implement commands aResume
and aSuspend.
* g13/sh-cmd.c (cmd_suspend): New.
(cmd_resume): New.
(register_commands): Add commands RESUME and SUSPEND.
* g13/server.c (cmd_suspend): New.
(cmd_resume): New.
(register_commands): Add commands RESUME and SUSPEND.
* g13/be-dmcrypt.c (be_dmcrypt_suspend_container): New.
(be_dmcrypt_resume_container): New.
* g13/backend.c (be_suspend_container): New.
(be_resume_container): New.
* g13/suspend.c, g13/suspend.h: New.
* g13/mount.c (parse_header, read_keyblob_prefix, read_keyblob)
(decrypt_keyblob, g13_is_container): Move to ...
* g13/keyblob.c: new file.
(keyblob_read): Rename to g13_keyblob_read and make global.
(keyblob_decrypt): Rename to g13_keyblob_decrypt and make global.
* g13/sh-dmcrypt.c (check_blockdev): Add arg expect_busy.
(sh_dmcrypt_suspend_container): New.
(sh_dmcrypt_resume_container): New.
* g13/call-syshelp.c (call_syshelp_run_suspend): New.
(call_syshelp_run_resume): New.
--

The --suspend command can be used before a hibernate operation to make
the encrypted partition inaccessible and wipe the key from the memory.
Before --suspend is called a sync(1) should be run to make sure that
their are no dirty buffers (dmsetup, as called by g13, actually does
this for you but it does not harm to do it anyway.  After the
partition has been suspended a

  echo 3 >proc/sys/vm/drop_caches

required to flush all caches which may still have content from the
encrypted partition.

The --resume command reverses the effect of the suspend but to do this
it needs to decrypt again.  Now, if the .gnupg directory lives on the
encrypted partition this will be problematic because due to the
suspend all processes accessing data on the encrypted partition will
be put into an uninterruptible sleep (ps(1) shows a state of 'D').
This needs to be avoided.  A workaround is to have a separate GnuPG
home directory (say, "~/.gnupg-fallback") with only the public keys
required to decrypt the partition along with a properly setup
conf files.  A

  GNUPGHOME=$(pwd)/.gnupg-fallback g13 --resume

should then be able to resume the encrypted partition using the
private key stored on a smartcard.

The implementation is pretty basic right now but useful to me.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-23 15:40:28 +01:00
Werner Koch
f26867928c
g13: Run mount after dmsetup.
* g13/g13-syshelp.c (main): Reject userids with a slash.
* g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Run mount if a
mountpoint is known.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-23 15:40:28 +01:00
Werner Koch
86f3bb144a
g13: Require a confirmation before g13 is used for DM-Crypt.
* g13/g13-syshelp.c (g13_syshelp_i_know_what_i_am_doing):
* g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Call it.
(sh_dmcrypt_mount_container): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:30:14 +01:00
Werner Koch
b0e6ab1109
g13: Second chunk of code to support dm-crypt.
* g13/be-dmcrypt.c, g13/be-dmcrypt.h: New.
* g13/Makefile.am (g13_SOURCES): Add them.
* g13/backend.c: Include be-dmcrypt.h and call-syshelp.h.
(no_such_backend): Rename to _no_such_backend and provide replacement
macro.
(be_is_supported_conttype): Support DM-Crypt.
(be_take_lock_for_create): Call set_segvice for DM-Crypt.
(be_create_new_keys): Make it a dummy for DM-Crypt.
(be_create_container): Call be_dmcrypt_create_container.
(be_mount_container): call be_dmcrypt_mount_container.
* g13/g13-syshelp.c (main): Enable verbose mode.
* g13/g13tuple.c (get_tupledesc_data): New.
* g13/g13tuple.h (unref_tupledesc): New.
* g13/g13.h (server_control_): Add field "recipients".
* g13/g13.c (main): Fix setting of recipients via cmdline.
(g13_deinit_default_ctrl): Release recipients list.
(g13_request_shutdown): New.  Replace all direct update of
shutdown_pending by calls this function.
* g13/server.c (server_local_s): Remove field recipients which is now
part of CTRL.
(reset_notify, cmd_recipient, cmd_create): Adjust for this change.
* g13/create.c (encrypt_keyblob): Rename to g13_encrypt_keyblob.
(g13_create_container): Support DM-Crypt.
* g13/mount.c (parse_header): Allow for meta data copies.
(g13_mount_container): Support DM-Crypt.
* g13/sh-cmd.c (cmd_create): Make it work.
(cmd_mount): New.
* g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Make it work.
(sh_dmcrypt_mount_container): New.
--

With this patch we can now create an encrypted partition and partly
mount it (i.e. setup keys and create the mapped device). We do not yet
create a file system or mount that file system

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:54 +01:00