1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

131 Commits

Author SHA1 Message Date
David Shaw
19de04694e * import.c (import_one): Do collapse_uids() before we do any cleaning
so keyserver mangled keys with doubled user IDs can be properly
cleaned - possibly sigs on the different user IDs cancel each other
out.

* import.c (parse_import_options), export.c (parse_export_options):
List "xxx-clean" before the longer options so we don't end up with a
partial match on the longer options.

* trustdb.c (clean_uids_from_key): Return proper number of cleaned
user IDs.  Don't count user IDs as cleaned unless we actually delete
something.
2005-11-02 05:22:01 +00:00
David Shaw
4afa18bcaa * main.h, misc.c (parse_options): Add the ability to have help
strings in xxx-options commands.

* keyserver.c (keyserver_opts), import.c (parse_import_options),
export.c (parse_export_options), g10.c (parse_list_options, main):
Add help strings to xxx-options.
2005-09-14 22:31:21 +00:00
Werner Koch
a1cdf3c75f Converted all m_free to xfree etc. 2005-07-27 18:10:56 +00:00
Werner Koch
862652ebe1 Preparing a release 2005-07-26 15:41:04 +00:00
Werner Koch
a486501c0b * gpg.sgml (http):
* g10.c, options.h: New option --exit-on-status-write-error.
* status.c (write_status_text): Make use of this option.
2005-07-22 16:28:40 +00:00
David Shaw
8238e7698b * trustdb.c (clean_uids_from_key): Don't keep a valid selfsig around
when compacting a uid.  There is no reason to make an attacker's job
easier - this way they only have a revocation which is useless in
bringing the uid back.

* keydb.h, kbnode.c (undelete_kbnode): Removed.  No longer needed.

* import.c (chk_self_sigs): Allow a uid revocation to be enough to
allow importing a particular uid (no self sig needed).  This allows
importing compacted uids.
2005-07-09 02:34:04 +00:00
David Shaw
07e9d532b1 * keygen.c (save_unprotected_key_to_card): Fix gcc4 warning.
* options.h, import.c (parse_import_options, import_one): Add
import-clean-uids option to automatically compact unusable uids when
importing.  Like import-clean-sigs, this may nodify the local keyring.

* trustdb.c (clean_uids_from_key): Only allow selfsigs to be a
candidate for re-inclusion.
2005-06-14 03:55:19 +00:00
David Shaw
f3c4b07d05 * options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Add import-clean-sigs option to automatically clean a key
when importing.  Note that when importing a key that is already on the
local keyring, the clean applies to the merged key - i.e. existing
superceded or invalid signatures are removed.
2005-06-12 21:17:46 +00:00
David Shaw
1594883f2f * options.h, import.c (parse_import_options, delete_inv_parts):
import-unusable-sigs is now a noop.
2005-06-10 03:15:25 +00:00
Werner Koch
7d4043ca57 Updated FSF street address and preparations for a release candidate. 2005-05-31 08:39:18 +00:00
David Shaw
2dbfc709ad * trustdb.h, trustdb.c (trustdb_check_or_update): New. If the trustdb
is dirty and --interactive is set, do an --update-trustdb.  If not
interactive, do a --check_trustdb unless --no-auto-check-trustdb is
set.

* import.c (import_keys_internal): Moved from here.

* keyserver.c (keyserver_refresh): Call it here after all refreshing
has happened so that we don't rebuild after each preferred keyserver
set of imports, but do one big rebuild at the end.  This is Debian bug
#293816, noted by Kurt Roeckx.
2005-02-06 17:38:43 +00:00
Werner Koch
b2b2786be1 * gpgv.c (tty_fprintf): New stub.
* card-util.c (card_status): Create asecret key stub on the fly
and print more information about a card key.
* import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New.
* getkey.c (get_seckeyblock_byfprint): New.
* keylist.c (print_card_key_info): New.
2005-01-20 17:21:40 +00:00
David Shaw
14ce45565d * Makefile.am: Use @LIBUSB@ instead of @LIBUSB_LIBS@
* import.c (delete_inv_parts): Comments on import-unusable-sigs.
2005-01-03 15:15:34 +00:00
David Shaw
fbee22ac0c * options.h, import.c (parse_import_options, delete_inv_parts): Add
import-unusable-sigs flag to enable importing unusable (currently:
expired) sigs.

* options.h, export.c (parse_export_options, do_export_stream): Add
export-unusable-sigs flag to enable exporting unusable (currently:
expired) sigs.
2005-01-01 21:21:11 +00:00
David Shaw
6dedf7a068 * options.h, export.c (parse_export_options, do_export_stream), import.c
(parse_import_options, import_keys_internal): Make the import-options and
export-options distinct since they can be mixed together as part of
keyserver-options.
2004-11-26 15:51:37 +00:00
Werner Koch
f294ce2d8b * export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow
secret key export.
* import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise
2004-10-14 10:48:15 +00:00
Werner Koch
151ca81f1a Added SELInux hacks and did some cleanups. 2004-10-13 18:10:06 +00:00
David Shaw
4d26ab92cc * main.h: Create S2K_DIGEST_ALGO macro so we do not need to always set
opt.s2k_digest_algo.  This helps fix a problem with PGP 2.x encrypted
symmetric messages.  Change all callers (encode.c, g10.c, keyedit.c,
keygen.c, passphrase.c, sign.c).

* armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some
more quoted strings.  Always use 'user ID', not 'user id', "quotes" for
user IDs, etc.
2004-09-24 20:34:38 +00:00
David Shaw
45f99c58bb * card-util.c (fetch_url, card_edit): Use the pubkey URL stored on the
card to fetch an updated copy.  Works with either straight URLs or HKP or
LDAP keyservers.

* keyserver-internal.h, keyserver.c (keyserver_import_fprint), import.c
(revocation_present): Use a keyserver_spec so the caller can pass in
whatever keyserver they like.
2004-09-11 15:42:19 +00:00
David Shaw
9d4327ba4d * keydb.h, getkey.c (get_user_id_printable): Rename to get_user_id_native
and remove the printable stuff since we're print-ifying valid utf8
characters.  Change all callers in import.c, sign.c, keylist.c, and
encode.c.
2004-08-23 17:55:49 +00:00
David Shaw
d20a79dd07 * options.h, keyserver.c (parse_keyserver_options): Remove duplicate code
from parse_keyserver_options by calling the generic parse_options.

* keyserver.c (keyserver_spawn, keyserver_refresh), g10.c (main), gpgv.c
(main), mainproc.c (check_sig_and_print), import.c (revocation_present):
Change all callers.
2004-04-15 18:16:17 +00:00
David Shaw
a9b00b06d1 * options.h, import.c, keyserver-internal.h, g10.c, mainproc.c,
keyserver.c (parse_keyserver_uri): Parse keyserver URI into a structure.
Cleanup for new "guess my keyserver" functionality, as well as refreshing
via a preferred keyserver subpacket.
2004-04-14 21:33:45 +00:00
David Shaw
2286674b9e * options.h: Encapsulate keyserver details. Change all callers. 2004-04-14 17:56:23 +00:00
David Shaw
36a5e54e54 * trustdb.c (update_min_ownertrust, validate_keys): Do not use keystr
functions in log_debug.

* import.c (import_one): Try and collapse user IDs when importing a key
for the first time.

* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify.  Also use the proper date string when prompting for confirmation.

* g10.c (main): Maintain ordering of multiple Comment lines. Requested by
Peter Hyman.
2004-03-19 23:15:27 +00:00
David Shaw
309273f869 * import.c (check_prefs_warning, check_prefs): --keyid-format conversion
and a little better text. (import_one, import_secret_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, merge_blocks): Still
more --keyid-format conversions.
2004-03-15 20:00:42 +00:00
David Shaw
c9aa5000d7 * keyserver.c (argsep): Move to misc.c.
* main.h, misc.c (parse_options), export.c (parse_export_options),
import.c (parse_import_options), g10.c (main): Use it here to allow for
options with optional arguments.  Change all callers.
2004-02-14 05:03:45 +00:00
David Shaw
f407bb6a97 * import.c (check_prefs): Some language fixes. (sec_to_pub_keyblock,
import_secret_one): Without knowing the number of MPIs there are, we
cannot try and sk-to-pk-ize a key.
2004-02-14 01:54:12 +00:00
David Shaw
cefe95dc77 * import.c (check_prefs): New function to check preferences on a public
key to ensure that it does not advertise any that we cannot fulfill.  Use
the keyedit command list function to optionally rewrite the prefs.
(import_one, import_secret_one): Use it here when importing a public key
that we have the secret half of, or when importing a secret key that we
have the public half of.
2004-02-12 19:18:27 +00:00
David Shaw
8765757006 * import.c (import_one): Do the revocation check even in the case when a
key, a revocation key set in a direct key signature, and a revocation from
that revocation key, all arrive piecemeal. Needless to say, this is pretty
obscure.
2004-02-12 16:31:07 +00:00
David Shaw
2a785147be * options.h, g10.c (main), import.c (parse_import_options, import_one,
import_secret_one), keyserver.c (keyserver_refresh): Change --merge-only
to --import-option merge-only.  Deprecate --merge-only.
2003-12-31 04:58:52 +00:00
David Shaw
392e6da660 * main.h, misc.c (parse_options): Add a "noisy" flag to enable and disable
the messages about which option didn't match or matched ambiguously.
Change all callers (g10.c, keyserver.c).

* main.h, import.c (import_options), export.c (export_options): Pass the
noisy flag through.
2003-12-28 03:46:43 +00:00
David Shaw
db5ab5e730 * packet.h, build-packet.c (hash_public_key): Remove function ...
* keydb.h, keyid.c (hash_public_key, do_fingerprint_md): ... and make a
new one here that shares code with the fingerprint calculations.  This
removes some duplicated functionality, and is also around 14% faster.
(Every bit helps).

* import.c (import_one): No longer need the Elgamal import warning.

* getkey.c (get_pubkey_fast): This one is sort of obscure. get_pubkey_fast
returns the primary key when requesting a subkey, so if a user has a key
signed by a subkey (we don't do this, but used to), AND that key is not
self-signed, AND the algorithm of the subkey in question is not present in
GnuPG, AND the algorithm of the primary key that owns the subkey in
question is present in GnuPG, then we will try and verify the subkey
signature using the primary key algorithm and hit a BUG().  The fix is to
not return a hit if the keyid is not the primary.  All other users of
get_pubkey_fast already expect a primary only.
2003-12-11 01:07:42 +00:00
David Shaw
869c6bb7e4 * misc.c (compress_algo_to_string, string_to_compress_algo,
check_compress_algo): Add bzip2.

* compress.c (compress_filter): Make static to help force the use of
push_compress_filter.  Remove default algorithm setting since that is done
in push_compress_filter now.

* main.h: Use named algorithm.

* filter.h, compress.c (push_compress_filter, push_compress_filter2): New.
Figure out which is the appropriate compression filter to use, and push it
into place.

* compress.c (handle_compressed), encode.c (encode_simple, encode_crypt),
sign.c (sign_file, sign_symencrypt_file), import.c (read_block), export.c
(do_export): Use push_compress_filter instead of pushing the compression
filter ourselves.

* compress-bz2.c: New.  Bzlib versions of the compression filter routines.

* Makefile.am: Include compress-bz2.c if bz2lib is available.
2003-10-31 05:39:02 +00:00
David Shaw
6ad91b2b3a * import.c (import_one): Show the keyid when giving the Elgamal slow
import warning.

* g10.c (main): Older versions used --comment "" to indicate no comment.
Don't add an empty comment.
2003-10-14 23:30:14 +00:00
David Shaw
d8273544e1 * gpgv.c: Remove extra semicolon (typo).
* options.skel: Note that keyserver.pgp.com isn't synchronized, and
explain the roundrobin a bit better.

* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids,
merge_blocks): Make much quieter during import of slightly munged, but
recoverable, keys. Use log_error for unrecoverable import failures.

* keyring.c (keyring_rebuild_cache): Comment.

* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.
2003-08-21 23:20:58 +00:00
David Shaw
a2cf3caa98 * packet.h, sig-check.c (signature_check2, do_check, do_check_messages):
Provide a signing-key-is-revoked flag.  Change all callers.

* status.h, status.c (get_status_string): New REVKEYSIG status tag for a
good signature from a revoked key.

* mainproc.c (do_check_sig, check_sig_and_print): Use it here.

* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual
signatures on import rather than using keyid or class matching.  This does
not change actual behavior with a key, but does mean that all sigs are
imported whether they will be used or not.

* parse-packet.c (parse_signature): Don't give "signature packet without
xxxx" warnings for experimental pk algorithms.  An experimental algorithm
may not have a notion of (for example) a keyid (i.e. PGP's x.509 stuff).
2003-08-13 03:31:36 +00:00
Werner Koch
1c24b139e7 * import.c (import_keys_internal): Invalidate the cache so that
the file descriptor gets closed.  Fixes bug reported by Juan
F. Codagnone.
2003-06-08 21:35:25 +00:00
Werner Koch
5880657f5e * import.c (import_keys_internal): Invalidate the cache so that
the file descriptor gets closed.  Fixes bug reported by Juan
F. Codagnone.
2003-06-08 21:23:48 +00:00
David Shaw
ff43d07819 * main.h, misc.c (parse_options): New general option line parser. Fix the
bug in the old version that did not handle report syntax errors after a
valid entry.

* import.c (parse_import_options), export.c (parse_export_options): Call
it here instead of duplicating the code.
2003-05-31 21:52:16 +00:00
David Shaw
3afe991bb8 * packet.h, build-packet.c (build_sig_subpkt), export.c
(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c
(dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old
sig cache subpacket.  This wasn't completely harmless as it caused
subpacket 101 to disappear on import and export.

* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex.  This is step one in simplifying them. No
functional change yet, just use a macro to check for compliance level.

* sign.c (sign_file): Fix bug that causes spurious compression preference
warning.

* sign.c (clearsign_file): Fix bug that prevents proper warning message
from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key.

* main.h, misc.c (compliance_option_string, compliance_string,
compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New
functions to put the "this message may not be usable...." warning in one
place.

* options.h, g10.c (main): Part two of the simplification.  Use a single
enum to indicate what we are compliant to (1991, 2440, PGPx, etc.)

* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys.

* options.h, g10.c (main): Give algorithm warnings for algorithms chosen
against the --pgpX and --openpgp rules.

* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp
mode.

* sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of
0.
2003-05-03 04:07:45 +00:00
David Shaw
874214d0a0 * import.c (import_revoke_cert): Remove ultimate trust when revoking an
ultimately trusted key.

* keyedit.c (sign_uids): Allow replacing expired signatures. Allow
duplicate signatures with --expert.

* pkclist.c (check_signatures_trust): Don't display a null fingerprint
when checking a signature with --always-trust enabled.

* filter.h (progress_filter_context_t), progress.c (handle_progress),
plaintext.c (ask_for_detached_datafile, hash_datafiles): Fix compiler
warnings.  Make "what" constant.

* build-packet.c (do_plaintext): Do not create invalid literal packets
with >255-byte names.
2003-04-23 21:18:39 +00:00
David Shaw
3cf45b304e * main.h, g10.c (main), import.c (parse_import_options,
fix_pks_corruption): It's really PKS corruption, not HKP corruption.
Keep the old repair-hkp-subkey-bug command as an alias.

* g10.c (main): Rename --no-version to --no-emit-version for consistency.
Keep --no-version as an alias.
2003-04-09 01:57:46 +00:00
David Shaw
d2548b3f60 * keydb.h: Err on the side of making an unknown signature a SIG rather
than a CERT.

* import.c (delete_inv_parts): Discard any key signatures that aren't key
types (i.e. 0x00, 0x01, etc.)

* g10.c (main): Add deprecated option warning for --list-ownertrust.  Add
--compression-algo alias for --compress-algo.  Change --version output
strings to match "showpref" strings, and make translatable.

* status.c (do_get_from_fd): Accept 'y' as well as 'Y' for --command-fd
boolean input.

* trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX)

* keyedit.c (show_key_with_all_names_colon): Show no-ks-modify flag.
2003-03-24 20:05:53 +00:00
David Shaw
6291f18371 * keyedit.c (menu_revuid): Properly handle a nonselfsigned uid on a v4 key
(treat as a v4 revocation).

* import.c (print_import_check): Do not re-utf8 convert user IDs.
2003-02-02 15:47:43 +00:00
David Shaw
e247a0b3e0 * import.c (import_one): Only do the work to create the status display for
interactive import if status is enabled.

* keyring.c (keyring_search): skipfnc didn't work properly with non-keyid
searches.  Noted by Stefan Bellon.

* getkey.c (merge_selfsigs_main): Remove some unused code and make sure
that the pk selfsigversion member accounts for 1F direct sigs.
2003-01-03 21:41:53 +00:00
Stefan Bellon
54a7e71a36 fixed type problem 2002-12-27 22:17:25 +00:00
David Shaw
f3f1015f6a * keydb.h, getkey.c (key_byname): Flag to enable or disable including
disabled keys.  Keys specified via keyid (i.e. 0x...) are always included.

* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.

* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt.  Do include disabled keys for the default key and
--encrypt-to.

* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.

* gpgv.c (is_disabled): Stub.

* keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.

* keyedit.c (enable_disable_key): Comment.

* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
2002-12-26 22:22:50 +00:00
Timo Schulz
15a2a3cd1f 2002-12-22 Timo Schulz <ts@winpt.org>
* import.c (print_import_check): New.
        (import_one): Use it here.
        Use merge_keys_and_selfsig in the interactive mode to avoid
        wrong key information.
        * status.h: Add new status code.
        * status.c: Ditto.
2002-12-22 20:53:20 +00:00
David Shaw
6a4bd944a8 * pkclist.c (do_we_trust): Tweak language to refer to the "named
user" rather than "owner".  Noted by Stefan Bellon.

* trustdb.h, trustdb.c (trustdb_pending_check): New function to
check if the trustdb needs a check.

* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.

* options.skel: Include the required '=' sign in the sample
'group' option.  Noted by Stefan Bellon.

* import.c (chk_self_sigs): Don't try and check a subkey as if it
was a signature.
2002-12-13 21:10:53 +00:00
David Shaw
eb9607707e * tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
RECTYPE_TRUST records a bit.

* g10.c (main): Comment out --list-trust-path until it can be implemented.

* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.

* keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.
2002-12-11 17:50:38 +00:00