1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

8646 Commits

Author SHA1 Message Date
Werner Koch
e1fc053dc1
gpgconf: Tweak the use of ldapserver.
* tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
invisible.
(known_options_dirmngr): Add "ldapserver".
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and makr it as obsolete.
--

We want to use "ldapserver" in dirmngr but need to keep using
"keyserver" in gpgsm for existant versions of Kleopatra etc.

GnuPG-bug-id: 5801
2022-01-27 15:22:48 +01:00
Werner Koch
eefa2d19ee
gpgconf: Some more fixes for the backported stuff.
* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
have a default.  Remove runtime flag.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
(known_options_gpg_agent): Add a few missing runtime flags.  Remove
"options".  Add "check-sym-passphrase-pattern".
(known_options_scdaemon, known_options_gpgsm): Remove "options".
(dirmngr): Ditto.

* tools/gpgconf-comp.c (is_known_option): Return only options having a
value for name.  Thus we list list options from the known_options
tables.
2022-01-26 16:43:46 +01:00
Werner Koch
85300587cc
gpgconf: Fix --list-options for forced options
* tools/gpgconf-comp.c: Remove assert.h and replace all assert calls
by log_assert.
(known_options_gpg): Add "keyserver" as invisible.  Remove "options".
(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
(gc_component): Add field known_pseudo_options.
(struct read_line_wrapper_parm_s): New.
(read_line_wrapper): New.
(retrieve_options_from_program): Use read_line_wrapper to handle
pseudo options.
(retrieve_options_from_program): Ignore to be ignored options.  Add
failsafe code to avoid calling percent_escape with NULL.
--

GnuPG-bug-id: 5341,5800

Due to reading the list of options from the argparser of the
component, we had no more information about the pseudo options and
thus could not emit them.  Well, there is just one pseudo option right
now, but with this change we have a generalized concept for them:
Pseudo options are used to convey information from a component to
gpgconf; for example build-in values.

This is a combined backport of patches to master.
2022-01-26 13:32:17 +01:00
Werner Koch
d8e6d1e9ed
common: Fix returning of option attributes for options with args.
* common/argparse.c (gnupg_argparse): Set attribute flags
--
GnuPG-bug-id: 5799

This is a backport from the fix in libgpg-error in case gnupg 2.2 is
build against an older version of libgpg-error.
2022-01-25 19:05:16 +01:00
Werner Koch
38c666ec3f
scd: Also prefer Yubikeys if no reader port is given.
* scd/apdu.c (select_a_reader): Extend the white list.
2022-01-25 19:02:38 +01:00
Werner Koch
b64cae5abb
doc: Add comments on the legacy status of gpgconf.conf.
--
2022-01-25 10:09:49 +01:00
Ingo Klöcker
9f64bf6c0b po: Remove duplicate message definitions
--

This fixes fatal errors reported by msgfmt which made the build fail.

Note: The other translation of "Please re-enter this passphrase" uses
"das Passwort" instead of "die Passphrase". I chose to keep the
translation using "das Passwort" which seems to be the preferred
translation of "passphrase" used in almost all German strings.

Fixes-commit: c54f7e154f1e1054af5b4819450d03aa05ad9106
Cherry picking translations is dangerous. Sorting messages by msgid
should make it less dangerous and would make it much easier to spot
duplicates.
2022-01-17 14:20:27 +01:00
Werner Koch
c54f7e154f
po: Make agent/commands.c translatable and update German translation.
--

GnuPG-bug-id: 4777

This also fixes a bad fuzzy translation which accidently had been
commited without realizing that there was indeed a change (from
"... GnuPG" to "... %s").

(cherry picked from commit 5ed1567e7c6b08988a134effb3c1f42ef6d5319a)
2022-01-17 09:00:40 +01:00
NIIBE Yutaka
4cc724639c gpg: Fix adding the list of ultimate trusted keys.
* g10/keygen.c (do_generate_keypair): Remove call to
register_trusted_keyid for updating user_utk_list.
* g10/trust.c (register_trusted_keyid): Remove.
(update_ownertrust): Add call to tdb_update_utk.
* g10/trustdb.c (tdb_register_trusted_keyid): Make it internal
function by adding "static" qualifier.
Replace calls of register_trusted_keyid to tdb_register_trusted_keyid.
(tdb_update_utk): New.
* g10/trustdb.h (tdb_update_utk): New.

--

Backport of master commit of:
	4aeeaa65ad09fa72ee21c5597b1ce6255ec7dfa8

GnuPG-bug-id: 5742
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-17 13:58:58 +09:00
Werner Koch
f16c535eee
gpgconf: Add command aliases -L -K -R.
* tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts.
--

I have to type them to often ;-)
2022-01-12 20:32:31 +01:00
Werner Koch
96db487a4d
common,w32: Improve HKCU->HKLM fallback
* common/w32-reg.c (read_w32_registry_string): Add another fallback.
--

We use the same method in gpgme and libgpg-error since 2017 - should
be done here as well.  Thus the fallback also happens if the key
exists but not the actual entry.
2022-01-12 14:48:55 +01:00
Werner Koch
bf4cf04a54
gpgtar: List and extract using extended headers.
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--

GnuPG-bug-id: 5754
2022-01-10 09:28:10 +01:00
Werner Koch
ec69ceab26
gpgtar: Create extended header for long file names
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr.  Detect and store long file and link
names.  Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--

GnuPG-bug-id: 5754
2022-01-10 09:24:58 +01:00
Werner Koch
c4153f7021
build: Fixes recent commits to still build with gpgrt 1.27.
* agent/gpg-agent.c (main): Use gnupg_argparse.
* tools/gpgconf-comp.c: Use gnupg_opt_t.
* tools/gpgconf.c (show_version_gnupg): Use strusage.
--
2021-12-30 10:48:44 +01:00
Werner Koch
c69c51bce0
gpgconf: Do not list ignored options and mark forced options as r/o.
* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
the no_change flag for forced options.
(retrieve_options_from_program): Put the attributes into the option
table.
--

(cherry picked from commit 42785d7c8a524129d9fe1a5afae553ff73f8e25b)
This commit also marks the end of the back port as requested by
GnuPG-bug-id: 5732
2021-12-30 10:23:01 +01:00
Werner Koch
bf284fdf22
dirmngr: Re-group the options in the --help output.
--

This looks better and is also required for further simplifications of
gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4c43fabbb0124bacbbaad2521a3085709e7f8249)
2021-12-30 09:23:45 +01:00
Werner Koch
5fb71a8e03
gpgsm: Re-group the options in the --help output.
--

This looks better and is also required for further simplifications of
gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9bc3e7ec037e54c6521d7ac259604836518baa1b)
2021-12-30 09:07:13 +01:00
Werner Koch
f7bde071cc
gpg: Re-group the options in the --help output.
* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
use ARGPARSE_ignore and remove the code in the option switch.
--

This looks better and is also required for further simplifications of
gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 41eb5108ce59244d961df43bbf73b8aa6e95e9cd)
2021-12-29 22:52:38 +01:00
Werner Koch
7f9791e167
scd: Re-group the options in the --help output.
--

This looks better and is also required for further simplifications of
gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit daf5f4355db7c4203f5b7e01807956328a7d173c)
2021-12-29 21:24:42 +01:00
Werner Koch
7e535503a9
agent: Re-group the options in the --help output.
* agent/gpg-agent.c (oGreeting): Remove non existant dummy option.
--

This looks better and is also required for further simplifications of
gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c693b7f4ade97357c33b410728bb741674255487)
2021-12-29 15:47:34 +01:00
Werner Koch
5934027115
gpgconf: Take care of --homedir when reading/updating options.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
(gc_component_check_options): Pass --homedir if needed.
(retrieve_options_from_program): Take care of --homedir.
--

This is related to bug 4882 but different due all the code changes.

GnuPG-bug-id: 4882
Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from master (2.3).
2021-12-29 10:10:44 +01:00
Werner Koch
7a3a1ef370
gpgconf: Rewrite the gpgconf-comp module.
* tools/gpgconf.h (gc_component_t): Change type to ...
(gc_component_id_t): this.
(GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
directly.
* tools/gpgconf-comp.c: Major rework.
--

The primary reason for this rework is to support the global options.
A second reason is to clean up the code and simplify it so that we do
not anymore need to maintain a list of options in the components _and_
in gpgconf-comp.c.

What we do now is to

 1. Read the option tables directly from the components using
    the new generic --dump-option-table option.  This includes
    the header (group) descriptions.

 2. Read the default values from the components as before using
    --gpgconf-list and update gpgconf's internal tables with
    that info.

 3. Read the options using gpgrt_argparser in the same way as we do
    this in the components.

The changes also do away with the second level notion of backends;
they were only used for dirmngr's extra dirmngr_ldapservers.conf file.
We intend to remove that file and replace it with a regular option so
that it will be similar on how OpenPGP keyservers are specified.

The whole thing will currently be slower than before (in particular on
Windows) but we can optimize that by keeping a cached version of the
option tables and the default values in a per homedir cache file.

There is also some work planned to remove most of the data returned by
--gpgconf-list.  What can also be done is to replace the internal
tables, which list the gpgconf maintainable options, by a configuration
file so that admins are able to maintain the list of these options.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from master (2.3)
2021-12-29 10:03:14 +01:00
Werner Koch
5f890f417f
gpgconf: Support reading global options (part 2).
* tools/gpgconf-comp.c: Remove all regular option descriptions.  They
are now read in from the component.  Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--

This second part removes all regular option descriptions because they
can be read from the components.  A few were missing in the components
and thus moved to there.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from master (2.3).
2021-12-29 09:42:45 +01:00
Werner Koch
7397872445
gpgconf: Support reading global options (part 1).
* tools/gpgconf.c (main): Set the config directories.
* tools/gpgconf-comp.c (gc_backend): Change the name of the config
files.
(struct gc_option): Add new field 'attr'.
(retrieve_options_from_program): Rewrite to use gpgrt_argparser.
--

We need to do larger changes to gpgconf so that it is possible to get
also global config options and their attributes.  The old code worked
along its own list of option and used a generic option file parser.
This has no support for global config files.  We now use
gnupgt_argparser so that we to do exactly the same as the component
does and thus delivers the actual option values as seen by the
component.

This is just a first step and we need to change more things.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from master (2.3).
2021-12-29 09:21:55 +01:00
Werner Koch
f0d034ebf4
common: New function xreallocarray
* common/miscellaneous.c (gnupg_reallocarray): New.
(xreallocarray): New.
--

Taken from libgpg-error so that we can build with older versions of
libgpg-error.
2021-12-29 09:21:00 +01:00
Werner Koch
449b331952
build: Add .git-blame-ignore-revs
--
2021-12-13 19:29:08 +01:00
Werner Koch
1af559a9a2
common,w32: Sync read_w32_registry_string with the gpgrt version
* common/w32-reg.c (get_root_key): Add short version of the root
classes.
--

The code here is only used by gpgconf's new --show-configs command.
Usually on Windows the code from gpgrt is used for reading the
registry.  This one here is an exception and when backporting it I
missed to add the HKCU etc al string.

Fixes-commit: 6c6c404883e52545ed38293384c95fdacb7227c4
GnuPG-bug-id: 5724
2021-12-13 19:25:48 +01:00
NIIBE Yutaka
14de7b1e59 gpg: Accept Ed25519 private key in SOS which reserves leading zeros.
* g10/parse-packet.c (sos_read): Backport from 2.3.
(parse_key): Use sos_read for Ed25519 private key.

--

Note that we keep the code of sos_read as same as 2.3.  Even it is
set, the GCRYMPI_FLAG_USER2 flag is not used.

GnuPG-bug-id: 5120
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-07 15:37:55 +09:00
NIIBE Yutaka
4cf8bdb048 po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-07 14:28:45 +09:00
Werner Koch
65c80d6b0f
Post release updates
--
2021-11-23 11:48:27 +01:00
Werner Koch
457f6ac1ef
Release 2.2.33 gnupg-2.2.33 2021-11-23 10:52:07 +01:00
Werner Koch
9adee2dd33
po: Auto update
--
2021-11-23 10:51:31 +01:00
Ineiev
007fea8ce9
po: Update Russian translation. 2021-11-23 10:04:03 +01:00
Werner Koch
985fb25c46
gpg: New option --forbid-gen-key.
* g10/gpg.c (oForbidGenKey, opts): New option.
(mopt): New local struct
(gen_key_forbidden): New.
(main): Set and handle the option.
--

In large system installation it is sometimes useful to make it a bit
harder for users to generate their own keys.  An example is a policy
to not use on-disk keys.
2021-11-22 21:05:16 +01:00
Werner Koch
40d2c93165
gpgconf: Include output of --list-dirs in --show-configs.
* tools/gpgconf.c (list_dirs): Add arg special.
(show_other_registry_entries): Print the Homedir.
(show_configs): List directories.
2021-11-19 09:34:53 +01:00
Werner Koch
7f31891ab1
gpgconf: --show-configs now prints a bunch of Registry entries.
* tools/gpgconf.c (show_other_registry_entries): New.
(show_configs): Call it.  Minor reformatting.
--
2021-11-18 21:46:41 +01:00
Werner Koch
58652f4c0b
gpgconf: Extend --show-config to show envvars.
* tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain
things.
(show_configs_one_file): New arg LISTP to be passed thru.
(show_configs): Show envars and regisiry values.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-18 21:46:06 +01:00
Werner Koch
6c6c404883
common,w32: New function read_w32_reg_string.
* common/w32-reg.c (read_w32_reg_string): New.

* common/t-w32-reg.c (test_read_registry): Add another test.
2021-11-18 21:45:02 +01:00
Werner Koch
6ee01c1d26
gpg,gpgsm: Add option --min-rsa-length.
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
2021-11-18 21:11:10 +01:00
Werner Koch
f453d52e53
po: Replace "PIN-Cache" by "Passwort Cache" in German.
--

For whatever reason (maybe because it is shorter) we used the term
"PIN" instead of "Passphrase" or "Passwort".  That is confusing
because there is no cache for smartcard PINs.
2021-11-18 16:53:23 +01:00
Werner Koch
c9343bec83
sm: Detect circular chains in --list-chain.
* sm/keylist.c (list_cert_chain): Break loop for a too long chain.
--

This avoids endless loops in case of circular chain definitions.  We
use such a limit at other palces as well.  Example for such a chain is

# ------------------------ >8 ------------------------
           ID: 0xBE231B05
          S/N: 51260A931CE27F9CC3A55F79E072AE82
        (dec): 107864989418777835411218143713715990146
       Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
      Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
     sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53
     sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05
      md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6
      pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678
       certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82
      keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9
    notBefore: 2005-06-07 08:09:10
     notAfter: 2019-06-24 19:06:30
     hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
      keyType: rsa2048
    subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A
    authKeyId: [none]
 authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
[...]

Certified by
           ID: 0xCE2E4C63
          S/N: 46EAF096054CC5E3FA65EA6E9F42C664
        (dec): 94265836834010752231943569188608722532
       Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
      Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
     sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73
     sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63
      md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27
      pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840
       certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664
      keygrip: 10678FB5A458D99B7692851E49849F507688B847
    notBefore: 2005-06-07 08:09:10
     notAfter: 2020-05-30 10:48:38
     hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
      keyType: rsa2048
    subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
    authKeyId: [none]
 authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A
     keyUsage: certSign crlSign
[...]

Which has a circular dependency on subKeyId/authkeyId.ki.
2021-11-15 17:54:08 +01:00
NIIBE Yutaka
b6b735edab
scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.
* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.

--

GnuPG-bug-id: 5682
Co-authored-by: Klas Lindfors
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-11-15 17:54:04 +01:00
Ingo Klöcker
027e34235b
build: Fix several "include file not found" problems
* dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS.
* kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add
NPTH_CFLAGS.
* tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS,
gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS.
--

The tools include gcrypt.h via common/util.h.

GnuPG-bug-id: 5592
2021-11-14 18:18:41 +01:00
Werner Koch
a43efc9294
agent: Print the non-option warning earlier.
* agent/gpg-agent.c (main): Move detection up.
--

The problem is that PARGS is re-used and when detecting a possible
incorrect use, the flag that "--" has already been seen has gone.
2021-11-14 18:09:22 +01:00
Werner Koch
d2b2dc4549
Update release signing keys
--

The last key is new.  As usual the key is on a dedicated card with the
Admin PIN accessible to a few core hackers.

# ------------------------ >8 ------------------------

pub   rsa3072 2017-03-17 [SC] [expires: 2027-03-15]
      5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
sig    R     BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
uid                      Andre Heinecke (Release Signing Key)
sig 3        BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
sig          1FDF723CF462B6B1 2017-03-17  Andre Heinecke <aheinecke@intevation.de>

pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
      6DAA6E64A76D2840571B4902528897B826403ADA
uid                      Werner Koch (dist signing 2020)
sig 3        528897B826403ADA 2020-08-24  Werner Koch (dist signing 2020)
sig          249B39D24F25E3B6 2020-08-24  Werner Koch (dist sig)
sig          63113AE866587D0A 2020-08-24  wk@gnupg.org
sig          E3FDFF218E45B72B 2020-08-24  Werner Koch (wheatstone commit signing)
sig          F2AD85AC1E42B367 2020-08-24  Werner Koch <wk@gnupg.org>

pub   ed25519 2021-05-19 [SC] [expires: 2027-04-04]
      AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
uid                      Niibe Yutaka (GnuPG Release Key)
sig 3        E98E9B2D19C6C8BD 2021-05-19  Niibe Yutaka (GnuPG Release Key)
sig          00B45EBD4CA7BABE 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>
sig          E267B052364F028D 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>

pub   brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31]
      02F38DFF731FF97CB039A1DA549E695E905BA208
uid                      GnuPG.com (Release Signing Key 2021)
sig 3        549E695E905BA208 2021-10-15  GnuPG.com (Release Signing Key 2021)
sig          528897B826403ADA 2021-10-15  Werner Koch (dist signing 2020)
sig          E3FDFF218E45B72B 2021-10-15  Werner Koch (wheatstone commit signing)
2021-11-13 21:02:22 +01:00
Werner Koch
bc6d56282e
gpg: Remove stale ultimately trusted keys from the trustdb.
* g10/tdbdump.c (export_ownertrust): Skip records marked with the
option --trusted-key.
(import_ownertrust): Clear the trusted-key flag.
* g10/tdbio.h (struct trust_record): Add field flags.
* g10/tdbio.c (tdbio_dump_record): Improve output.
(tdbio_read_record, tdbio_write_record): Handle flags.
* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
the flag for new --trusted-keys.
(tdb_update_ownertrust): Add arg as_trusted_key.  Update callers.
--

GnuPG-bug-id: 5685
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-13 20:59:17 +01:00
Werner Koch
8fe3f57643
gpgconf: New command --show-configs.
* tools/gpgconf.c (aShowConfigs): New.
(opts): Add --show-configs.
(CUTLINE_FMT): New.
(show_version_gnupg): Add arg "prefix" and adjust caller.
(my_copy_file): New.
(show_configs_one_file): New.New.
(show_configs): New.
(main): Call show_configs.
--

The ability to have a consolidated list of all config files is very
useful for support cases.  This is in particular important due to the
global config files and their conditional constructs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-13 20:58:57 +01:00
Werner Koch
6507c6ab10
agent,dirmngr: New option --steal-socket
* agent/gpg-agent.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.
(create_server_socket): Implement option.

* dirmngr/dirmngr.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.  Add comment to eventually implement it.
--

Note that --steal-socket has currently no effect on dirmngr because
dirmngr does this anway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-13 15:07:35 +01:00
Werner Koch
751b978ee1
doc: Clarify the "ntds" AKL mechanism.
--
2021-11-12 16:15:17 +01:00
NIIBE Yutaka
0982c6cb19 scd: More conservative selection of a card reader.
* scd/apdu.c (select_a_reader): Only SPRx32 is in the white list.

--

GnuPG-bug-id: 5644
Fixes-commit: 752422a792cecf459b37f517d634bcf272292b14
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-11-10 11:58:16 +09:00