* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status. Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.
--
It is common that an organization distributes binary keyrings with
signature cache (Tag 12, Trust Packet) and people use gpgv to validate
signature with such keyrings. In such a use case, it is possible that
the key validation itself is skipped.
For the purpose of gpgv validation of signatures, we should not depend
on signature cache in keyrings (if any), but we should validate the key
by its self signature for primary key, and back signature for subkey.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/options.h (EXPORT_PKA_FORMAT): New.
* g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
* g10/export.c: Include zb32.h.
(parse_export_options): Add options "export-pka" and "export-dane".
(do_export): Do not armor if either of these option is set.
(print_pka_or_dane_records): New.
(do_export_stream): Implement new options.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpgscm/tests.scm (call-check): Capture stdout and stderr, and
return stdout if the child exited successfully, or include stderr in
the error.
* tests/openpgp/version.scm: Demonstrate this by checking the stdout.
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/mkdefsinc.c (print_filename): New.
(main): Use it here.
--
Our Jenkins uses an @ in directory names and thus our builds break.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to
'keyfile'.
(store_key_as_pending): Add arg 'r_fname' to make of the keyfile.
(send_confirmation_request): Add arg 'keyfile'.
(process_new_key): Pass on the name of the keyfile.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
(opts): Add options --recipient-file and --hidden-recipient-file.
(main): Implement them. Also remove duplicate code from similar
options.
* g10/keydb.h (PK_LIST_FROM_FILE): New.
(PK_LIST_SHIFT): Bump up.
* g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
(find_and_check_key): Add and implement arg FROM_FILE.
(build_pk_list): Pass new value for new arg.
* g10/getkey.c (get_pubkey_fromfile): New.
* g10/gpgv.c (read_key_from_file): New stub.
* g10/test-stubs.c (read_key_from_file): New stub.
* g10/server.c (cmd_recipient): Add flag --file.
* g10/import.c (read_key_from_file): New.
* tests/openpgp/defs.scm (key-file1): New.
(key-file2): New.
* tests/openpgp/setup.scm: Add their private keys and import the
key-file1.
* tests/openpgp/encrypt.scm: Add new test.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oNoKeyring): New.
(opts): Add "--no-keyring".
(main): Do not register any keyring if the option is used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (NODE_GOOD_SELFSIG): New. Use instead of 1.
(NODE_BAD_SELFSIG): New. Use instead of 2.
(NODE_DELETION_MARK): New. Use instead of 4.
(NODE_FLAG_A): New. Use to mark new nodes in merge_blocks.
(chk_self_sigs): Remove unused args FNAME and PK.
(import_one): Adjust call. Simplify error return because
chk_self_sigs does not return an error code.
(append_uid, append_key, merge_sigs, merge_keysigs): Remove unsued
args FNAME and KEYID.
(merge_blocks, import_one, import_secret_one)
(import_revoke_cert): Remove unused arg FNAME.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (merge_selfsigs): Remove arg CTX. Add args REQ_USAGE
and WANT_EXACT.
(finish_lookup): Adjust caller. Set LOOKUP_NOT_SELECTED here...
(lookup): and not here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/armor.c (check_input): Call is_armored only if LEN >= 2.
(unarmor_pump): Use a 2 byte buffer for is_armored.
--
Fixes-commit: 605276ef8cd449bfd574ae6c498fa5d7d265c5c7
Signed-off-by: Werner Koch <wk@gnupg.org>
This fixes problems with long socket names, e.g. when doing distcheck.
* tests/gpgscm/tests.scm (path-join): New function.
(with-temporary-working-directory): Honor 'TMP'.
(make-temporary-file): Likewise.
* tests/migrations/Makefile.am (TMP): Default to '/tmp'.
(TESTS_ENVIRONMENT): Set 'TMP'.
* tests/openpgp/Makefile.am (TMP): Default to '/tmp'.
(TESTS_ENVIRONMENT): Set 'TMP'.
Signed-off-by: Justus Winter <justus@g10code.com>
* tools/gpgtar.c (cmd_and_opt_values): New values.
(opts): New actions.
(parse_arguments): Handle new actions.
* tests/openpgp/gpgtar.scm: Test new interface.
Signed-off-by: Justus Winter <justus@g10code.com>
* tools/gpg-wks-client.c (aRead): New.
(opts): Add command "--read".
(main): Implement that.
--
This command allows to process alread decrypted Web Key Service
messages. It can for example be used in /etc/mailcap
--8<---------------cut here---------------start------------->8---
application/vnd.gnupg.wks; gpg-wks-client -v --read --send;\
needsterminal; description=Web Key Service message
--8<---------------cut here---------------end--------------->8---
to allow Mutt to process confirmation requests.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/send-mail.c, tools/send-mail.h: New.
* tools/wks-util.c: New.
* tools/Makefile.am (gpg_wks_server_SOURCES): Add them.
(gpg_wks_client_SOURCES): Ditto.
* tools/gpg-wks.h (opt): Add fields use_sendmail and output.
* tools/gpg-wks-client.c: Add options --send and --output. Rename
command --send to --create.
(command_send, send_confirmation_response): Output via wks_send_mime.
* tools/gpg-wks-server.c: Add options --send and --output.
(send_confirmation_request): Output via wks_send_mime.
(check_and_publish): Add hack for name-value bug.
--
With this code, a dedicated user on the server along with a procmail
script, it was possible to run a basic test.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-wks.h (opt): Add 'default_from' and 'extra_headers'.
* tools/gpg-wks-server.c (oFrom, oHeader): New.
(parse_arguments): Set them and check args.
(get_submission_address): New.
(send_confirmation_request): Set correct From address. Add extra
headers.
(process_new_key): Return an error code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/mime-maker.c (add_header): Check header name and allow
name-value syntax.
(mime_maker_add_header): Add mode for a syntax check.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oImportFilter): New.
(opts): Add --import-filter.
(main): Handle option.
* g10/import.c: Include recsel.h, init.h, and mbox-util.h.
(import_keep_uid): New global var.
(cleanup_import_globals): New.
(parse_and_set_import_filter): New.
(filter_getval): New.
(apply_keep_uid_filter): New.
(import_one): Apply filter if set.
--
Funny new option. It can for example be used to export a key with
only one user id:
gpg --no-options --import --import-options import-export \
--import-filter keep-uid='mbox=wk@gnupg.org' \
< full-key.pub > key-with-one-uid.pub
More features will eventually be added.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (PKT_user_id): Add field 'mbox'.
* g10/free-packet.c (free_user_id): Free that.
--
This will be required by the coming import filter.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.c (keydb_release): Clear keyblock cache.
(keydb_get_keyblock): Revert previous change.
* kbx/keybox-blob.c (create_blob_finish): Free previous buffer, free
fixups after applying them.
(_keybox_release_blob): Free buffer. Currently, the buffer has been
extracted before the keybox is released, but this is the right thing
to do here.
Fixes-commit: c57501cc
Signed-off-by: Justus Winter <justus@g10code.com>