* tests/openpgp/run-tests.scm: Use sequential test runner if only one
test is given.
--
This allows one to set the environment variable TESTFLAGS to
'--parallel' and enjoy faster test execution times without interfering
with stdio when one works on a single test.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/dns.c (FD_SETSIZE): Bump up to 1024.
(dns_poll): Return an error instead of hitting an assertion failure.
--
For unknown reasons socket() return fd with values 244, 252, 268. The
latter is above the FD_SETSIZE of 256. It seems that select has been
build with a highler FD_SETSIZE limit. Bump up to a reasonable large
value.
A better solution would be to grab some code from npth_eselect to
replace select. We could also use npth_eselect direclty in
dns-stuff.c instead of using dns_res_poll.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time.
(faketime): New function.
(days->seconds): Likewise.
(GPG): Use faketime.
(check-counts): Also check the number of expected days with signatures
and encryptions. Update callers. Extend tests.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* tests/gpgscm/scheme.c (mk_atom): Change associativity of the ::
infix-operator. This makes it possible to naturally express accessing
nested structures (e.g. a:🅱️:c).
Signed-off-by: Justus Winter <justus@g10code.com>
* build-aux/speedo/w32/inst.nsi: Use ExecToLog instead of
ExecWait.
--
nsExec is a standard nsis call to spawn a process and
wait for it to finish. ExecToLog redirects stdout and stderr
of the process call and adds it to the log window instead
of opening a temporary console window.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* configure.ac (DNSLIB) {W32]: Add -liphlpapi.
* dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define
WIN32_LEAN_AND_MEAN.
(libdns_init) [W32]: Use GetNetworkParams to get the nameserver.
* dirmngr/t-dns-stuff.c (init_sockets): New.
(main): Call it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (libdns_tor_port): New var.
(set_dns_nameserver): Clear that var.
(libdns_init): Init var to the default port.
(libdns_switch_port_p): New func.
(resolve_dns_name): Use function to switch the port
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (libdns_reinit_pending): New var.
(enable_recursive_resolver): Set var.
(set_dns_nameserver): Ditto.
(libdns_init): Avoid double initialization.
(libdns_deinit): New.
(reload_dns_stuff): New.
(libdns_res_open): Act upon LIBDNS_REINIT_PENDING.
* dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release
memory.
* dirmngr/dirmngr.c (cleanup): Ditto.
(dirmngr_sighup_action): Call reload_dns_stuff to set
LIBDNS_REINIT_PENDING.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (tor_credentials): Replace by ...
(tor_socks_user, tor_socks_password): new vars.
(enable_dns_tormode): Set these new vars.
(libdns_res_open): Tell libdns the socks credentials.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (libdns_res_open): New. Replace all libdns_init
and dns-res_open by a call to this func.
(libdns_res_submit): New wrapper. Replace all dns_res_sumbit calls.
(libdns_res_wait): New function.
(resolve_name_libdns): Replace loop by libdns_res_wait.
(get_dns_cert_libdns): Ditto.
(getsrv_libdns): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (aApplyProfile): New.
(opts): New command --apply-profile.
(main): Implement that command.
* tools/gpgconf-comp.c (option_check_validity): Add arg VERBATIM.
(change_options_program): Ditto.
(change_one_value): Ditto.
(gc_component_change_options): Ditto.
(gc_apply_profile): New.
--
Here is an example for a profile
--8<---------------cut here---------------start------------->8---
# foo.prf - Sample profile
[gpg]
compliance de-vs
default-new-key-algo brainpoolP256r1+brainpoolP256r1
[gpgsm]
enable-crl-checks
[gpg-agent]
default-cache-ttl 900
max-cache-ttl [] 3600
no-allow-mark-trusted
no-allow-external-cache
enforce-passphrase-constraints
min-passphrase-len 9
min-passphrase-nonalpha 0
[dirmngr]
keyserver hkp://keys.gnupg.net
allow-ocsp
--8<---------------cut here---------------end--------------->8---
Note that flags inside of brackets are allowed after the option name.
The only defined flag for now is "[default]". In case the value
starts with a bracket, it is possible to insert "[]" as a nop-flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpg.texi: Remove comment about options being parsed in-order.
They aren't.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7572d27
* g10/tofu.c (write_stats_status): Use the number of days with
signatures / encryptions to compute the validity, not the total number
of signatures / encryptions.
(BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
(FULL_TRUST_THRESHOLD): Likewise.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
line.
* g10/tofu.c (write_stats_status): Take additional parameters
signature_days and encryption_days. Update callers. Include them in
the tfs record and TOFU status lines.
(show_statistics): Compute the number of days on which we saw a
message signed by FINGERPRINT, and the number of days on which we
encrypted a message to it.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* doc/gpg.texi: Improve the subsection on unattended key generation by
suggesting the quick key manipulation interface as an alternative, and
by suggesting alternatives to '%pubring' and '%secring'. Simplify
examples accordingly.
GnuPG-bug-id: 2400
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpg.texi: New subsections on programmatic use of GnuPG,
ephemeral home directories, and the quick key manipulation interface.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and
their statistics on the status fd.
(get_trust): Likewise, if we don't call ask_about_binding.
(show_statistics): Have the caller pass the policy as returned by
get_policy. Add argument only_status_fd and don't emit any output on
stdout if it is set. Update callers.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (main): Avoid translating arguments to 'wrong_args'.
--
Translating these messages is a burden for translators, and we only
have translations for very few of them as it is.
If we want to localize these messages, I'd suggest to translate the
placeholders (e.g. 'filename').
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename options.
(main): Update errors.
* doc/gpg.texi: Update accordingly.
--
I decided not to keep the old versions as aliases in the documentation
because the interface is a fairly recent addition.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename option.
* g10/call-agent.c (agent_scd_learn): Update comment.
* doc/gpg.texi: Update accordingly.
--
This change has a surprising side effect. Previously, --edit was an
alias for --edit-key, because the argument parser actually accepts
unique prefixes of all options. With this change, however, --edit is
ambiguous.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename option.
* doc/gpg.texi: Update accordingly.
--
This is a rather long name, but I believe that this command is rarely
used, and in places where it is used frequently, the process is likely
automated.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpg.texi: Add the old version of every option that was updated
with the last change set.
* doc/gpgsm.texi: Likewise.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* common/homedir.c (gnupg_build_directory): New variable.
(gnupg_module_name_called): Likewise.
(gnupg_set_builddir): New function.
(gnupg_set_builddir_from_env): Likewise.
(gnupg_module_name): Support locating components in the build tree.
* common/util.h (gnupg_set_builddir): New prototype.
* tests/openpgp/defs.scm (tools): Drop 'gpg and 'gpg-agent.
(tool): Rename to 'tool-hardcoded.
(gpg-conf): New function, with accessors for the results.
(gpg-components): New variable.
(tool): New function.
* tools/gpgconf.c (enum cmd_and_opt_values): New key.
(opts): New option '--build-prefix'.
(main): Handle new option.
--
This change makes sure that the components from the build tree are
used, and not some older installed version in PATH. It also lets us
make GPGME use components from the build tree, making it possible to
execute GPGME's test suite with them.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/defs.scm (gpg-has-option?): New function.
(have-opt-always-trust): Use a simpler test for that option. This way
that is less distracting when we run the tests with verbose=3.
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac: Add option --disable-libdns
(USE_LIBDNS): New ac_subst and am_conditional.
(USE_C99_CFLAGS): Set only if libdns is used.
* dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
(dirmngr_SOURCES) [USE_LIBDNS0: here.
(t_common_src): Ditto.
* dirmngr/dirmngr.c (oRecursiveResolver): New constant.
(opts): New option "--recursive-resolver".
(parse_rereadable_options): Set option.
* dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
* dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
new variables.
* dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
Also build and call dnslib functions only if USE_DNSLIB is defined.
(recursive_resolver): New var.
(enable_recursive_resolver): New func.
(recursive_resolver_p): New func.
--
In case users run into problems building GnuPG, the configure option
allows to disable that support and continue w/o Tor support using the
system resolver.
--recursive-resolver was easy enough to implement and may be useful in
some situation. It does not fully work, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (dns_free): New macro.
(libdns): Move var to the top.
(libdns_error_to_gpg_error): Map error codes to the new gpg-error
codes.
(resolve_name_libdns): Restructure code.
(getsrv_libdns): New.
(get_dns_cname_libdns): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c: Include dirmngr-err.h to set the correct error
source.
(get_h_errno_as_gpg_error): New.
(get_dns_cert_libdns): Fix error code.
(getsrv_libdns): Add arg R_COUNT and return an error code.
(getsrv_standard): Ditto. Fix handling of res_query errors and
provide the correct size for the return buffer.
(getsrv): Adjust for changed worker functions.
(get_dns_cname_standard): Fix handling of res_query errors and provide
the correct size for the return buffer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (USE_C99_CFLAGS): New ac_subst. Set to -std=gnu99 for
gcc.
* dirmngr/Makefile.am (AM_CFLAGS): Add USE_C99_CFLAGS.
(t_http_CFLAGS): Ditto.
(t_ldap_parse_uri_CFLAGS): Ditto.
(t_dns_stuff_CFLAGS): Ditto.
--
C99 and the GCC option is required for use with dns.c which makes
heavy use of C99 features. We should consider to switch GnuPG
entirely to C99 but enable gcc warnings to detect features which are
not supported by not-real-c99 compilers and which makes audits
harder (VLA etc.).
Signed-off-by: Werner Koch <wk@gnupg.org>
Justus Winter