* tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case
the loop is never run.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 021c27510b)
* tools/gpg-check-pattern.c (read_file): Check length before calling
fread.
--
The problem with an empty file is that es_fread is called to read one
element of length zero which seems to be undefined behaviour and
results in ENOENT on my test box.
* tools/gpg-wks-client.c (mirror_one_key): Test for no domain
specified.
--
The code did not really work if no domain was given. It worked but
filtered out all keys so that no key was actually exported.
* tools/gpg-wks-client.c (opt): New option --no-add-revocs.
(main): Make --add-revocs the default.
(command_send): Rename to ...
(command_create): to match the command name.
* tools/wks-util.c (wks_get_key): Change from export-minimal to
export-clean
--
To properly work with tusted introducers et al. it is important to also
upload valid key signatures to the Web Key Directory.
* tools/gpgtar.c: Add option --no-compress.
* tools/gpgtar.h (opt): Add field no_compress.
* tools/gpgtar-create.c (gpgtar_create): Pass -z0 to gpg.
--
This option is probably easier to remember than --gpg-args '-z0'.
* tools/gpgtar.c (main): Write status line before exit.
--
Due to the new way we support gpgtar in GPGME we need status lines to
detect a final error.
GnuPG-bug-id: 6497
* tools/gpgtar.c (main): Don't allow logging via the Registry. Forbid
using stdout for status-fd in crypt mode.
--
Without that check a status output would be mixed up with the input to
the internal call of gpg.
Using the Registry key to enable logging is very annoying.
* tools/gpgconf.c (show_configs): Add a list of envvars and print
them.
--
Note that for simplicity we to not distinguish between Windows and
Linux here.
* tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in
spawn.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
Note that this fix does not handle file descripotors passed via the
--gpg-args options.
GnuPG-bug-id: 6348
* tools/gpg-wks.h (opt): Add add_revocs.
* tools/wks-util.c (wks_get_key): Add arg 'binary'.
(wks_armor_key): New.
(wks_find_add_revocs): New.
(wks_cmd_install_key): Get key in binary mode and add revocations if
enabled.
* tools/gpg-wks-client.c (oAddRevocs): New.
(opts): Add --add-revocs.
(parse_arguments): Set option,
(command_send): Get key in binary mode, add revocations if enabled,
and explictly armor key. Remove kludge to skip the Content-type line
in no_encrypt mode.
(mirror_one_keys_userid): Always filter the key to get rid of the
armor as received from dirmngr. Add revocations from the local
keyring.
--
Note that this also fixes an oddity of the new mirror command which
used to store the keys armored as received from dirmngr.
* tools/gpg-wks-client.c (domain_matches_mbox): New.
(mirror_one_key): Skip non-matching domains.
(command_mirror): Change args to allow for several domains.
--
Although dirmngr returns only the keys matching a certain domain,
those keys still may have user ids from other domains. Now we publish
only the user-ids as specified on the command line.
GnuPG-bug-id: T6224
(cherry picked from commit 0a151548b6)
* tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New.
(opts): Add --mirror, --no-autostart, and --blacklist.
(parse_arguments): Parse new options.
(main): Implement aMirror.
(mirror_one_key_parm): New.
(mirror_one_keys_userid, mirror_one_key): New.
(command_mirror): New.
* tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags.
* tools/wks-util.c (wks_cmd_install_key): Factor some code out to ...
(wks_install_key_core): new.
* tools/call-dirmngr.c (wkd_dirmngr_ks_get): New.
--
This implements the basic LDAP to WKD mirroring. The blacklist
option and domain restrictions are not yet fully implemented.
Take care: In OpenLDAP you may need to increase the paged result limit
by using a configuration like:
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcLimits
olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited
GnuPG-bug-id: 6224
Backported-from-master: 7ccd489aa2
* common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a
string.
(read_w32_reg_string): Add arg r_hklm_fallback and change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key. Indicate whether the HKLM fallback was used.
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--
Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <pbreuch@mail.upb.de>
GnuPG-bug-id: 6098
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
--
These changes are helpful for phone support.
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
--
The intention of this mostly forgotten registry entry was to allow for
easy debugging of the tools. However, with the global config
files (and in 2.3 with common.conf) things are anyway better. We
disable the use for the commonly used tools so that it does not look
like calling gpg on the command line seems to block with no output if
the log server (e.g. tcp://1.2.3.4:11111) is not reachable.
* tools/gpgtar.c: New option --with-log.
* tools/gpgtar.h (opt): Add field with_log.
* tools/gpgtar-extract.c (gpgtar_extract): Move directory string
building up. Add option --log-file if needed.
* tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it
is used outside of its scope.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
* tools/gpgtar.h (opt): Add new flags.
* tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and
--require-compliance.
(main): Init signals.
* tools/gpgtar-create.c: Add new header files.
(gpgtar_create): Rework to use a pipe for encryption and signing.
* tools/gpgtar-list.c: Add new header files.
(gpgtar_list): Rework to use a pipe for decryption.
* tools/gpgtar-extract.c: Add new header files.
(gpgtar_extract): Rework to use a pipe for decryption.
--
Fixes-commit: 40dbee86f3
* tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
flag for the arg parser only in --verbose mode.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ad1254b59d)
GnuPG-bug-id: 5874
* tools/gpgtar.c: Replace assert by log_assert.
* tools/gpgtar-extract.c: Ditto.
(extract_regular): Create files with sysopen flag.
* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.
--
Note that for this change libgpg-error 1.45 is required for Windows.
* tools/gpgconf-comp.c: Remove "quiet" and two unsupported options
--
The --quiet option is not intended for config files and thus should
not be displayed by config dialogs.
* tools/gpgconf.h (gc_component_id_t): Fix the order.
--
The order has not been adjusted here in 2.2 after we have changed the
order of the gc_components array to have a more logical layout of the
tabs in Gpa and Kleopatra's setting dialogs. In 2.3 everything is
correct, probably because we have another component (keyboxd) there.
* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
proxy in never-use-tor Mode.
* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
Windows.
--
This delay of 2 or 3 seconds is in particular annoying on Windows.
This is now suppressed, as it should be, if --no-use-tor is used.
The second patch is unrelated
* tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
invisible.
(known_options_dirmngr): Add "ldapserver".
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and makr it as obsolete.
--
We want to use "ldapserver" in dirmngr but need to keep using
"keyserver" in gpgsm for existant versions of Kleopatra etc.
GnuPG-bug-id: 5801
* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
have a default. Remove runtime flag.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
(known_options_gpg_agent): Add a few missing runtime flags. Remove
"options". Add "check-sym-passphrase-pattern".
(known_options_scdaemon, known_options_gpgsm): Remove "options".
(dirmngr): Ditto.
* tools/gpgconf-comp.c (is_known_option): Return only options having a
value for name. Thus we list list options from the known_options
tables.
* tools/gpgconf-comp.c: Remove assert.h and replace all assert calls
by log_assert.
(known_options_gpg): Add "keyserver" as invisible. Remove "options".
(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
(gc_component): Add field known_pseudo_options.
(struct read_line_wrapper_parm_s): New.
(read_line_wrapper): New.
(retrieve_options_from_program): Use read_line_wrapper to handle
pseudo options.
(retrieve_options_from_program): Ignore to be ignored options. Add
failsafe code to avoid calling percent_escape with NULL.
--
GnuPG-bug-id: 5341,5800
Due to reading the list of options from the argparser of the
component, we had no more information about the pseudo options and
thus could not emit them. Well, there is just one pseudo option right
now, but with this change we have a generalized concept for them:
Pseudo options are used to convey information from a component to
gpgconf; for example build-in values.
This is a combined backport of patches to master.
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--
GnuPG-bug-id: 5754
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr. Detect and store long file and link
names. Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--
GnuPG-bug-id: 5754