1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-01 20:18:44 +01:00
Commit Graph

9493 Commits

Author SHA1 Message Date
NIIBE Yutaka
1080e91efd scd,pcsc: Use a single context.
* scd/apdu.c (pcsc): New variable.
(struct reader_table_s): Remove pcsc.context from member.
(pcsc_get_status, connect_pcsc_card): Use pcsc.context.
(close_pcsc_reader): Release pcsc.context here with reference count.
(pcsc_init): New.
(open_pcsc_reader): Don't call pcsc_establish_context here.  Call
close_pcsc_reader instead of pcsc_release_context.
(apdu_open_reader): Call pcsc_init if needed.
(apdu_init): Initialize pcsc.count and pcsc.context.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-11 10:11:25 +09:00
NIIBE Yutaka
f44aa290c1 scd: Clean up the structure for future fix of PC/SC.
* scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
(open_ccid_reader): Follow the change.
(apdu_dev_list_start, apdu_dev_list_finish): Likewise.
(apdu_open_reader): Likewise.
* scd/ccid-driver.c (ccid_dev_scan): Use void *.
(ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
* scd/ccid-driver.h: Change the APIs.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-11 10:11:18 +09:00
Werner Koch
ce9906b008
gpg: First rough implementation of keyboxd access for key lookup.
* g10/Makefile.am: Add nPth flags.
* g10/gpg.c: Include npth.h.
(gpg_deinit_default_ctrl): Deinit call-keyboxd local data.
(main): Init nPth.
* g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and
remove the search result and the assuan context.
* g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields.
(lock_datastream, unlock_datastream): New.
(gpg_keyboxd_deinit_session_data): Adjust for changed data structures.
(prepare_data_pipe): New.
(open_context): Return kbl instead of an Assuan context.  Init mutexes
etc.
(close_context): Merge into ...
(keydb_release): here.  Adjust for changed data structures.
(datastream_thread): New.
(keydb_get_keyblock): Implement datastream stuff.
(keydb_search): Ditto.

* common/asshelp.c (wait_for_sock): Add arg connect_flags.
(start_new_service): Set FDPASSING flag for the keyboxd.
--

This code as a lot of rough edges, in particular it relies on a well
behaving keyboxd.  We need to add code to shutdown the datastream
reader thread in case of errors and to properly get it up again.  We
also need to make really sure that both threads run in lockstep so
that the datastream thread is only active while we are sending a
command to the keyboxd.

We should also see whether we can depend nPth initialization on the
--use-keyboxd option to avoid any problems with nPth.

And we need to test on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-10 16:05:54 +02:00
Werner Koch
6c327b4dd6
kbx: Allow fd-passing for the keyboxd.
* kbx/kbxserver.c: Include host2net.h
(struct server_local_s): Add field outstream.
(prepare_outstream): New.
(kbxd_writen): New.
(kbxd_write_data_line): Write to file descrptor.  Disable the slow
human reader friendly data line formatting.
(cmd_search, cmd_next): Disable data logging.
(kbxd_start_command_handler): Add OUTPUT command.
* kbx/keyboxd.c (main): Enable log monitor.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-10 15:52:12 +02:00
Werner Koch
2f0fdab8aa
common: Allow a readlimit for iobuf_esopen.
* common/iobuf.c (file_es_filter_ctx_t): Add fields use_readlimit and
readlimit.
(file_es_filter): Implement them.
(iobuf_esopen): Add new arg readlimit.
* g10/decrypt-data.c (decrypt_data): Adjust for change.
* g10/import.c (import_keys_es_stream): Ditto.
--

This comes handy for (length,datablob) style streams.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-10 15:45:58 +02:00
Andre Heinecke
c69a37dcbd
doc: Fix distchek for generated eps file
* doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Add
gnupg-module-overview.eps, gnupg-card-architecture.eps
(DISTCLEANFILES): Remove them.

--
The files needs to be added so that it is properly
included in the dist tarball. As the rule
for it was moved into maintainer mode by 58bab1a.
2019-09-10 10:07:19 +02:00
Werner Koch
aba82684fe
gpg: New option --use-keyboxd.
* g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts.
(opts): New options --use-keyboxd and --keyboxd-program.
(main): Implement them.
* g10/keydb.c: Move some defs out to ...
* g10/keydb-private.h: new file.
* g10/keydb.c: prefix function names with "internal" and move original
functions to ...
* g10/call-keyboxd.c: new file.  Divert to the internal fucntion if
--use-keyboxd is used.  Add a CTRL arg to most fucntions and change
all callers.
* g10/Makefile.am (common_source): Add new files.
(noinst_PROGRAMS): Do bot build gpgcompose.
--

Note that this is just the framework with only a basic implementation
of searching via keyboxd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 15:01:47 +02:00
Werner Koch
5e00c1773d
kbx: Fix keyboxd search first.
* kbx/kbxserver.c (cmd_next): Switch to mode next if needed.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:25:02 +02:00
Werner Koch
1545b948e1
kbx: Allow searching from start.
* kbx/kbxserver.c (cmd_search): Detect empty pattern.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 09:01:28 +02:00
Stephan Mueller
e825aea2ba
gpg: expand GPG groups when resolving a key
* g10/expand-group.c: New
* g10/pkclist.c: Extract expand_group and expand_id into expand-group.c.
* g10/keydb.h: Add prototypes of expand_id and expand_group.
* g10/getkey.c: Use expand_group before resolving key references.
* g10/Makefile.am: Compile expand-group.c.
--

When searching a key by its name, try to expand the provided name in
case it is a GPG group reference. This GPG group resolution is performed
before the individual keys are verified.

This allows key listing using a GPG group reference. In particular, this
modification fixes the encryption to group support in KDE's Kmail which
is broken since version 18.04.

Signed-off-by: Stephan Mueller <stephan.mueller@atsec.com>

- Changed new filename to use a dash instead of an underscore.
- Indendation changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-06 17:12:38 +02:00
Werner Koch
d9c4c3776b
gpg: Make --quiet work on --send-keys.
* g10/keyserver.c (keyserver_put): Act upon --quiet.
--

Suggested-by: Robin H. Johnson <robbat2@gentoo.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-06 16:48:53 +02:00
Werner Koch
209caaff66
gpg: Prepare parser for the new attestation certificates.
* common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New.
* g10/keydb.h (IS_ATTST_SIGS): New.
(IS_CERT): Include the new one.
* g10/sign.c (mk_notation_policy_etc): Do not put notations into
attestation key signatures.
* g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo.
Print the attestation sigs.
(parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS.
(can_handle_critical): Ditto.
(enum_sig_subpkt): Pass digest algo to dump_sig_subpkt.
--

This change allows to list the new subpacket with --list-packets.
Example output:

  :signature packet: algo 22, keyid C694723A1370EAB1
          version 4, created 1567097576, md5len 0, sigclass 0x16
          digest algo 8, begin of digest ff 0c
          hashed subpkt 2 len 4 (sig created 2019-08-29)
          hashed subpkt 37 len 32 (attst-sigs: 1
                                   A794C6E9CCFE2F34C67E07[...])
          hashed subpkt 33 len 21 (issuer fpr v4 156A3872[...])
          subpkt 16 len 8 (issuer key ID C694723A1370EAB1)
          data: [256 bits]
          data: [256 bits]

GnuPG-bug-id: 4694
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 21:27:13 +02:00
Werner Koch
e1d9be730c
gpg: Rework the signature subpacket iteration function.
* g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args
so that the entire signature packet is available.  Change all callers.
(parse_sig_subpkt): Ditto.
--

This patch is a prerequisite to support the new attestation key
signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 20:38:23 +02:00
Werner Koch
7febb4f247
scd: Implement auto-switching between Yubikey apps.
* scd/app.c (apptype_from_keyref): New.
(maybe_switch_app): Add arg 'keyref' and use this also for switching.
Change all callers to pass a keyref if needed.
--

A drawback of this auto-switching is that the PIN cache of the cards
are cleared.  That could be mitigated by having our own cache but we
always tried to avoid that.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 14:07:27 +02:00
Werner Koch
5d9eb060b7
scd:openpgp: Avoid PIN caching issues after re-select.
* scd/app-openpgp.c (do_reselect): Clear PIN cache flags.
--

It seems that the verification status of the OpenPGP app on a Yubikey
is reset on a select.  We need to reflect this in our cache to avoid a
"Bad PIN" error on computing a signature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 13:53:58 +02:00
Werner Koch
61ed02211a
doc: Update description of --debug
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 13:12:14 +02:00
Werner Koch
947b44e835
scd:piv: Allow the keygrip as alternative to a keyref.
* scd/app-piv.c (find_dobj_by_keyref): Allow the keygrip as input.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 13:03:00 +02:00
Werner Koch
c8d739a356
scd: Improve locking of app_do_with_keygrip.
* scd/app.c (app_do_with_keygrip): Lock once per card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 13:02:59 +02:00
Werner Koch
4e701953fe
scd: New debug flag "app".
* scd/scdaemon.h (DBG_APP_VALUE, DBG_APP): New.
* scd/scdaemon.c (debug_flags): Add "app".
* scd/app.c (xstrapptype): New.
(app_readcert, app_readkey, app_getattr): Add debug output.
(app_setattr, app_sign, app_auth): Ditto.
(app_writecert, app_writekey, app_change_pin): Ditto.
(app_check_pin): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 13:02:59 +02:00
NIIBE Yutaka
9f39e0167d agent: Fix ask_for_card to allow a key on multiple cards.
* agent/divert-scd.c (ask_for_card): Don't use SERIALNO to select
card, but use KEYGRIP.

GnuPG-bug-id: 4695
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-05 17:18:39 +09:00
Werner Koch
fed9c93e05
scd: New sub-command cmd_has_option for GETINFO.
* scd/command.c (cmd_getinfo): Add cmd_has_option sub-command.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-04 13:50:12 +02:00
Werner Koch
9a0d8f2d89
scd: Add option --all to the SERIALNO command.
* scd/command.c (cmd_serialno): Add option --all.
(open_card_with_request): Implement that option.
* scd/app.c (select_all_additional_applications_internal): New.
(select_additional_application): Add mode to call new function.
--

This option is currently only useful for Yubikeys and basically
ignored with other cards.  Its use is

  SERIALNO --all
  LEARN --force --multi

which will then print keypairinfo and other stuff for the OpenPGP and
PIV application of a Yubikey.  Scute is going to use this to allow
using certificates from OpenPGP and PIV at the same time.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-04 13:38:58 +02:00
Werner Koch
fa25837942
scd: Fix Error checking in additioal app selection.
* scd/app.c (select_additional_application): Return error for unknown
NAME.
--

ERR was only set but not used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-04 12:27:54 +02:00
Werner Koch
5cf5a04bae
scd: Add option --multi to the LEARN command.
* scd/app-common.h (APP_LEARN_FLAG_MULTI): New.
* scd/command.c (cmd_learn): Add option --multi.
* scd/app.c (app_write_learn_status): Factor some code out to ...
(write_learn_status_core): new.
(app_write_learn_status): Implement flag --multi.
--

This new option is intended to return information about all active
applications of the current card.  Thus if a "SERIALNO openpgp" and a
"SERIALNO piv" has been done in a session the command "LEARN --force
--multi" returns information about both applications.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-04 12:08:07 +02:00
Werner Koch
2cdea776cd
scd: Use a macro for the flag parameter of learn_status.
* scd/app-common.h (APP_LEARN_FLAG_KEYPAIRINFO): New flag macro..
* scd/command.c (cmd_learn): Pass that flag instead of a plain number.
* scd/app-nks.c (do_learn_status_core): Use new flag.
* scd/app-p15.c (do_learn_status): Ditto.
* scd/app-piv.c (do_learn_status): Ditto.
* scd/app-sc-hsm.c (do_learn_status): Ditto.
* scd/app.c (app_write_learn_status): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-04 10:45:29 +02:00
Werner Koch
1d277c9670
doc: Fix grammar error.
--
GnuPG-bug-id: 4691
2019-08-30 08:32:22 +02:00
Werner Koch
e64f0dfd72
gpg,sm: Implement keybox compression run and release lock in gpgsm
* g10/keydb.c (keydb_add_resource): Call keybox_compress.
* sm/keydb.c (keydb_add_resource): Release the lock after a compress.
--

Note that in gpgsm we already did the compress run but we didn't
released the lock on the file.  This might have been a reason for some
strange hangs.

GnuPG-bug-id: 4644
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 15:51:43 +02:00
Werner Koch
5ef0d7a795
kbx: Include deleted records into the --stats output.
* kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in
account.
--

This also changes the numbering of the records to reflect the real
record number.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 15:44:05 +02:00
Werner Koch
30aaa4ba00
kbx: Fix regression in compression trigger from July 18
* kbx/keybox-update.c (keybox_compress): Change condition back.
Also use make_timestamp for CUT_TIME.
--

Fixes-commit: 824ca6f042
Note that the original change was not backported to 2.2.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 15:42:15 +02:00
Werner Koch
d058d80ed0
gpg: Allow --locate-external-key even with --no-auto-key-locate.
* g10/getkey.c (akl_empty_or_only_local): New.
* g10/gpg.c (DEFAULT_AKL_LIST): New.
(main): Use it here.
(main) <aLocateExtKeys>: Set default AKL if none is set.
--

This better matches the expectations of the user.  The used list in
this case is the default list ("local,wkd") with local ignored by the
command anyway.

GnuPG-bug-id: 4662
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 13:22:15 +02:00
Werner Koch
d7aca1bef6
gpg: Silence some warning messages during -Kv.
* g10/options.h (glo_ctrl): Add flag silence_parse_warnings.
* g10/keylist.c (list_all): Set that during secret key listsings.
* g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do
 not print info message normally emitted inh verbose mode.
(can_handle_critical_notation, enum_sig_subpkt): Ditto.
(parse_signature, parse_key, parse_attribute_subpkts): Ditto.
--

Those messages are annoying because they might be emitted due to
parsing public keys which are latter not shows because the secret part
is missing.  No functional regressions are expected because --verbose
should not change anything.

Note that this suppression is only done if no arguments are given to
the command; that is if a listing of the entire keyring is requested.
Thus to see the earnings anyway, a listing of a single or group of
keys can be requested.

GnuPG-bug-id: 4627
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 12:50:41 +02:00
Werner Koch
f14ddeb89c
gpg: Do not show two informational diagnostics with quiet.
* g10/trustdb.c (verify_own_keys): Silence informational diagnostic.
--

This silences these notes with --quiet
  gpg: Note: RFC4880bis features are enabled.
  gpg: key EE65E8C75D41FD1D marked as ultimately trusted

GnuPG-bug-id: 4634
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 11:45:49 +02:00
Werner Koch
2a45800b2f
gpgconf: Suggest the use of --gpgconf-test on --launch problems.
* tools/gpgconf-comp.c (gc_component_launch): Change suggestion.
--

GnuPG-bug-id: 4668
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 10:43:53 +02:00
Werner Koch
d3f5d8544f
gpg: Extend --quick-gen-key for creating keys from a card.
* g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
support the special algo "card".
(parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
Handle the "card" algo.  Adjust callers.
(parse_algo_usage_expire): Add arg R_KEYGRIP.
(quickgen_set_para): Add arg KEYGRIP and put it into the parameter
list.
(quick_generate_keypair): Handle algo "card".
(generate_keypair): Also handle the keygrips as returned by
parse_key_parameter_string.
(ask_algo): Support ed25519 from a card.
--

Note that this allows to create a new OpenPGP key from an initialized
OpenPGP card or from any other supported cards.  It has been tested
with the TCOS Netkey card.  Right now a stub file for the cards might
be needed; this can be achieved by running "gpgsm --learn" with the
card plugged in.

Example:

  gpg --quick-gen-key foo@example.org card

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-22 16:38:27 +02:00
Werner Koch
b3226d91d0
gpg: Use modern spelling for the female salutation.
--
GnuPG-bug-id: 4682

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-22 10:24:16 +02:00
NIIBE Yutaka
6f760e6eb0 gpg: Factor export_ssh_key.
* g10/export.c (export_one_ssh_key): Factor out.
(export_ssh_key): Use export_one_ssh_key.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-22 14:18:05 +09:00
NIIBE Yutaka
e00e68135c dns: Fix irrelevant use of tmpfile.
* dirmngr/dns.c (dns_trace_open): Don't use tmpfile.

GnuPG-bug-id: 4228
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-22 12:51:17 +09:00
Werner Koch
ce403c74db
gpg: In a list of card keys show the standard keys.
* g10/keygen.c (ask_algo): Identify the standard keys.
--

The asterisks mark the usages of a key as retruned by scd via the
$AUTHKEYID et al. attributes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-21 15:26:34 +02:00
Werner Koch
0d2c9ef29c
scd:nks: Extend keypairinfo with usage flags.
* scd/app-nks.c (do_learn_status_core): Return usage.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0a9053eff0)
2019-08-21 14:57:27 +02:00
Werner Koch
671e54d62c
scd:nks: Support attributes $ENCRKEYID and $SIGNKEYID.
* scd/app-nks.c (do_getattr): Add new attributes.
--

Note that these were already added to 2.2 as part of
commit 23784f8bf0

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-21 14:18:43 +02:00
Werner Koch
c97c2e578d
gpg: New option --use-only-openpgp-card
* g10/gpg.c (opts): Add option.
(main): Set flag.
* g10/options.h: Add flags.use_only_openpgp_card.
* g10/call-agent.c (start_agent): Implement option.
--

With the previous patch we switch to autoselect an application
instead of requesting an openpgp card.  This option allows to revert
this in case of use use cases which expected the former behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c185f6dfbd)
This was first added to the 2.2 branch.
2019-08-21 14:13:51 +02:00
NIIBE Yutaka
6fae96094c scd: Fix check_application_conflict.
* scd/scd/app.c (check_application_conflict): Compare APPTYPE.

Fixes-commit: 5a5288d051
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-21 12:42:32 +09:00
NIIBE Yutaka
8dc19d35e8 scd: Fix selecting additional APP.
* scd/app.c (select_additional_application_internal): Factor out.
(select_additional_application): Getting the lock and call
select_additional_application_internal, set current_apptype, then.
(select_application): Call select_additional_application_internal
for Yubikey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-21 12:01:21 +09:00
NIIBE Yutaka
4781c4a866 scd: Fix how select_additional_application is called.
* scd/app.c (check_application_conflict): Check against current APP.
(select_additional_application): Update current_apptype of CTRL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-21 12:01:21 +09:00
NIIBE Yutaka
09d000babb scd: Fix resetting CARD_CTX.
* scd/app.c (deallocate_card): Don't call scd_clear_current_app.
(card_reset): Reset ctrl->current_apptype.
* scd/command.c (open_card_with_request): Likewise.
(send_client_notifications): Likewise.
(scd_clear_current_app): Remove.

--

It's too late to call scd_clear_current_app from deallocate_card,
because CARD_CTX is already reset.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-21 12:01:21 +09:00
NIIBE Yutaka
d4f135c34b scd: Fix switching to another APP.
* scd/app.c (select_additional_application): Initialize card of APP.
Break after the selection.
Don't free APP if success.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-21 12:01:21 +09:00
Daniel Kahn Gillmor
b7793c3af3 doc: fix minor spelling and tense errors
* doc/{gpg,gpgsm,wks}.texi: minor orthographic cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-08-20 15:16:19 -04:00
Daniel Kahn Gillmor
cba6e1bd72 doc: clarify CARD event counter.
* doc/gpg-agent.texi: improve documentation of CARD entry in
GETEVENTCOUNTER description.

--

"stati" is unclear and confusing, and describing something in the
singular is almost always less ambiguous than leaving it in the
plural.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-08-20 15:12:05 -04:00
Andre Heinecke
0b7088dc80 speedo, w32: Add w32-wixlib target for MSI package
* Makefile.am (EXTRA_DIST): Add wixlib.wxs
* build-aux/speedo.mk (w32-wixlib): New target.
(w32-release): Build wixlib if WIXPREFIX is set.
(help): Add documentation.
* build-aux/speedo/w32/wixlib.wxs

--
This build a wixlib of the Windows binaries of GnuPG.
A wixlib is a module that can be linked into another
wix project to create an installer including this
module. Gpg4win uses the wixlib from GnuPG for
it's MSI Package.

To build the wixlib you need wine with wine-mono installed
and the wixtoolset.

When calling speedo set the variable WIXPREFIX to
the location containing the extracted toolset.

e.g.:

    make -f build-aux/speedo.mk w32-wixlib WIXPREFIX=~/wix
2019-08-08 13:08:22 +02:00
Werner Koch
4964691861 build: Sign all Windows binaries.
* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
(AUTHENTICODE_TOOL): New.
(AUTHENTICODE_FILES): New.
(installer): Sign listed files.
(AUTHENTICODE_SIGNHOST): New macro.
(sign-installer): Use that macro instead of direct use of osslsigncode.
--

This also adds code to support signing via a Token.  Because there is
no specification of that token, I was not able to write a free driver
for it.  Thus we resort to use a running Windows-10 instance with an
enabled ssh server to do the code signing.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e6901c2bc8)
2019-08-08 13:05:23 +02:00