* configure.ac: New option --enable-gnupg-builddir-envvar.
(ENABLE_GNUPG_BUILDDIR_ENVVAR): New ac_define.
* common/homedir.c (gnupg_set_builddir_from_env): Consider
ENABLE_GNUPG_BUILDDIR_ENVVAR.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Rename to ...
(AM_DISTCHECK_CONFIGURE_FLAGS): this to be future proof. Add option
--enable-gnupg-builddir-envvar.
--
Our regression test suite makes use of the envvar GNUPG_BUILDDIR. Now
the code in gnupg for evaluating this envvar is only included in a
development version (that is one with a "-betaNNN" suffix). For a
real release the envvar is not considered. However during a "make
distcheck" a "make check" is done for the build directory. Without
defining that envar we would try to run binaries in the install
directory ("_inst" sub-directory) which are not yet installed at that
time.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Add option --default-trust-store.
(DEFAULT_TRUST_STORE_FILE): New ac_define.
* dirmngr/certcache.c: Include ksba-io-support.h.
(total_trusted_certificates, total_system_trusted_certificates): New.
(put_cert): Manage the new counters.
(cert_cache_deinit): Reset them.
(cert_cache_print_stats): Print them.
(is_trusted_cert): Add arg WITH_SYSTRUST. Change all callers to pass
false.
(load_certs_from_file): New.
(load_certs_from_system): New.
(cert_cache_init): Load system certificates.
--
Note that this code does not yet allow to load the system certificates
on Windows.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_HEADERS): Add stdint.h.
* common/t-gettime.c: Include stdint.h.
(UINTMAX_C): Define replacement.
(test_isotime2epoch): Use UINTMAX_C for the >32 bit constants.
--
This is for example the case on 32 bit OpenBSD.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (DNSLIB) {W32]: Add -liphlpapi.
* dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define
WIN32_LEAN_AND_MEAN.
(libdns_init) [W32]: Use GetNetworkParams to get the nameserver.
* dirmngr/t-dns-stuff.c (init_sockets): New.
(main): Call it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Add option --disable-libdns
(USE_LIBDNS): New ac_subst and am_conditional.
(USE_C99_CFLAGS): Set only if libdns is used.
* dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
(dirmngr_SOURCES) [USE_LIBDNS0: here.
(t_common_src): Ditto.
* dirmngr/dirmngr.c (oRecursiveResolver): New constant.
(opts): New option "--recursive-resolver".
(parse_rereadable_options): Set option.
* dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
* dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
new variables.
* dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
Also build and call dnslib functions only if USE_DNSLIB is defined.
(recursive_resolver): New var.
(enable_recursive_resolver): New func.
(recursive_resolver_p): New func.
--
In case users run into problems building GnuPG, the configure option
allows to disable that support and continue w/o Tor support using the
system resolver.
--recursive-resolver was easy enough to implement and may be useful in
some situation. It does not fully work, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (USE_C99_CFLAGS): New ac_subst. Set to -std=gnu99 for
gcc.
* dirmngr/Makefile.am (AM_CFLAGS): Add USE_C99_CFLAGS.
(t_http_CFLAGS): Ditto.
(t_ldap_parse_uri_CFLAGS): Ditto.
(t_dns_stuff_CFLAGS): Ditto.
--
C99 and the GCC option is required for use with dns.c which makes
heavy use of C99 features. We should consider to switch GnuPG
entirely to C99 but enable gcc warnings to detect features which are
not supported by not-real-c99 compilers and which makes audits
harder (VLA etc.).
Signed-off-by: Werner Koch <wk@gnupg.org>
* autogen.rc: Remove '--with-adns' argument.
* configure.ac: Remove check for ADNS.
* dirmngr/dns-stuff.c: Remove all code that uses ADNS.
* dirmngr/server.c (cmd_getinfo): Update status line.
* doc/dirmngr.texi: Do not mention ADNS.
--
We used ADNS to support queries over Tor. However, our patch to ADNS
that adds Tor support was never accepted upstream. Furthermore, there
are other shortcomings that let us to consider alternatives.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/dirmngr.c (oStandardResolver): New constant.
(opts): New option --standard-resolver.
(parse_rereadable_options): Set option.
* dirmngr/dns-stuff.c: Refactor all code to support the new option.
(standard_resolver): New var.
(enable_standard_resolver, standard_resolver_p): New func.
* dirmngr/http.c (connect_server): Remove USE_DNS_SRV build
conditional.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/server.c (cmd_getinfo) <dnsinfo>: Take care of new option
* configure.ac (HAVE_ADNS_IF_TORMODE): Remove var ADNSLIB. ac_define
USE_ADNS in the adns checking code. Remove options --disable-dns-srv
and --disable-dns-cert. Always look for the system resolver. Print
warning if no system resolver was found.
(USE_DNS_CERT, USE_DNS_SRV): Remove ac_defines.
(HAVE_SYSTEM_RESOLVER): New ac_define.
(USE_DNS_SRV): Remove am_conditional; not used anyway.
--
This option allows for runtime switching to the system's standard
resolver. This is mainly useful to work around possible bugs in the
optional resolver libraries (as of now ADNS). Note that on Windows
there is no code to use systems's resolver and thus for full
functionality dirmngr must be build with a separate resolver.
This patch also does way with configure options to disable the use of
CERT and SRV records.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
* dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
* doc/dirmngr.texi: Document this behavior.
--
A user who doesn't specify a keyserver, but asks gnupg to fetch a key
currently just gets a simple error messages "No keyserver available".
If the user is asking to contact a keyserver, we should have a
reasonable default, and not require them to fiddle with settings when
they might not know what settings to choose. This patch makes the
default hkps://hkps.pool.sks-keyservers.net.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* configure.ac (HAVE_NANOSLEEP): Test for nanosleep.
* common/sysutils.c: Always include time.h.
(gnupg_usleep): New.
--
This function has been compiled from nPth and Libassuan.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (GPG_AGENT_SOCK_NAME): Change name to *.extra.
(GPG_AGENT_EXTRA_SOCK_NAME): Change name to *browser.
--
There has been quite some fuzz about the naming of the (new) default
socket files. The used names do not match the names of the option.
Because these are just names we now change the names to match the
names of the options instead of changing the option names to something
we can't agree upon.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (run_tests, RUN_TESTS, RUN_GPG_TESTS): Remove
variables. They are misleadingly named, as they inhibit building the
tests. There is no reason not to build the tests even when
cross-compiling, as they are only run if one does 'make check'.
* Makefile: Adapt accordingly.
* tests/Makefile.am: Adapt accordingly. Avoid building 'asschk' on
Windows as it uses non-portable functions.
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
'browser-socket', enable ssh socket by default, but do not emit the
'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
* doc/gpg-agent.texi: Update documentation.
--
This change enables the restricted, browser, and ssh socket by
default. Note that in all cases, the user has to do some additional
configuration to her setup to make use of these features. Therefore,
this should not break any existing setups, but makes it simpler to
discover and use these features.
Signed-off-by: Justus Winter <justus@g10code.com>
We use gpgtar to unpack test data, hence we always build it. If the
user opts out, we simply don't install it.
* configure.ac: Add comment.
* tests/migrations/Makefile.am (required_pgms): Make sure gpgtar is
built.
* tools/Makefile.am: Always build gpgtar, but do not install it if the
user used '--disable-gpgtar'.
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
(do_encryption): Always support OCB.
(do_decryption): Ditto.
(agent_unprotect): Ditto.
* dirmngr/server.c (is_tor_running): Unconditionally build this.
--
Although not technically required, it is easier to require them to
avoid bug reports due to too old library versions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Add option --enable-wks-tools
* tools/gpg-wks-client.c: New.
* tools/gpg-wks-server.c: New.
* tools/gpg-wks.h: new.
* tools/wks-receive.c: New.
* tools/call-dirmngr.c, tools/call-dirmngr.h: New.
--
Note that this is just a starting point and not a finished
implementation. Here is how to test the system using
foo@test.gnupg.org as example.
Prepare:
mkdir /var/lib/gnupg/wks
chmod o-rwx /var/lib/gnupg/wks
mkdir /var/lib/gnupg/wks/test.gnupg.org
Run the protocol:
./gpg-wks-client -v --send FPR USERID >x
./gpg-wks-server -v --receive <x >y
./gpg-wks-client --receive <y >z
./gpg-wks-server -v --receive <z
You should also setup a cron job to rsync
/var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (BUILD_HOSTNAME): Set to "<anon>" bey default.
* build-aux/speedo.mk (speedo_pkg_gnupg_configure): Add
--enable-build-timestamp.
--
Debian-bug-id: 826309
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_FUNCS): Remove tests for funopen.
--
Meanwhile we are using the portable functions from libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (LIBUSB_LIBS): Use LIBUSB_NAME for AC_CHECK_LIB.
--
Thanks to Michael Sinatra.
GnuPG-bug-id: 2367
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/Makefile.am (SUBDIRS): Remove migrations.
* configure.ac (AC_CONFIG_FILES): Remove migrations Makefile.
--
The tests introduced with commit defbc70b require some non-portable
tools like mktemp and basename. They further fail with "make
distcheck". Removed for now.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Do nor require libiconv for W32.
* common/utf8conv.c [W32]: Do not incluce iconv.h. Request
libgpg-error iconv macros.
(jnlib_iconv): Use ICONV_CONST macro.
* build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv.
* build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--
Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Print an error message and die if the internal ccid
driver is requested but no suitable libusb is found.
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac: Add hack to disable libusb for Windows. Also use
$host instead of $target in the switch
--
The new test for libusb does not support cross-compiling. As a quick
workaround we disable libusb for Windows because we can't use it anyway.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (HAVE_LIBUSB): Clear if no header file was found.
(LIBUSB_LIBS): Ditto.
--
This allows to use commit d0d9708 when libusb is installed without the
header files.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (LIBUSB_CPPFLAGS): New.
* scd/Makefile.am (AM_CPPFLAGS): Add LIBUSB_CPPFLAGS.
* scd/ccid-driver.c: Use libusb 1.0 API.
--
Changes are straightforward, not use any new features.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac: Only add the user supplied CFLAGS after running any
autoconf tests.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
If the user's CFLAGS include -Werror, then some configure tests fail.
To avoid this, we only add the user's CFLAGS after all of the
configure tests have run.
* configure.ac: Define the automake conditional SQLITE3.
* tests/openpgp/Makefile.am (TESTS): Move the sqlite3 dependent tests
to...
(sqlite3_dependent_tests): ... this new variable. If SQLITE3 is not
defined, then clear this variable.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-g13. Remove
--enable-gpgtar because that is enabled anyway.
* configure.ac: Do not build g13 by default.
--
The g13 part is not very useful for a standard user right now, thus do
not build it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define.
(USE_DNS_CERT): Prefer ADNS over the system resolver.
* dirmngr/dns-cert.c (tor_mode): New global var.
(enable_dns_tormode): New func.
(get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode.
* dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.
* configure.ac: Add option --dsiable-tofu and --disable-sqlite.
(NEED_SQLITE_VERSION): New var.
(USE_TOFU): New ac_define and am_conditional.
* autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
pkg-config find the correct .pc file.
* g10/Makefile.am (tofu_source): New. Build only if enabled.
* g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
(parse_tofu_policy)[!USE_TOFU]: Disable all.
(parse_tofu_db_format)[!USE_TOFU]: Disable all.
(main) <aTOFUPolicy>[!USE_TOFU]: Skip.
* g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
call tofu functions.
* g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
* g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
processing.
--
This allows to build a minimal version of GnuPG. It is also currently
required to build for Windows.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
--
This is based on
libgpg-error commit d620005fd1a655d591fccb44639e22ea445e4554
but changed to be disabled by default. Check there for some
background.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/dns-cert.c (get_dns_cert): Make r_key optional.
* common/pka.c: Rewrite for the new hash based lookup.
* common/t-pka.c: New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--
Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.
The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time. Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified. Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key. Having a solid way of getting a key matching
a mail address is however a must have.
More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase. The auto-key-locate mechanism
should also be able to continue key fetching with another methods once
the fingerprint has been retrieved with PKA.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.w32-manifest.in: New.
* g10/gpg-w32info.rc: Add manifest.
* g10/Makefile.am (EXTRA_DIST): Add manifest.
(gpg-w32info.o): Depend on manifest.
* configure.ac (BUILD_VERSION): New.
(AC_CONFIG_FILES): Add manifest.
--
There are no dependencies yet defined - we need to do this for the
libs first.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_HEADERS): Check for sys.select.h
* tools/watchgnupg.c: Include it.
--
It seems http://www.musl-libc.org/ is quite limited and requires
the use sys/select.h instead of unistd.h et al.
* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.
* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"
* common/t-timestuff.c: Use putenv if setenv is not available.
--
gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X. This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.
In part two we will address the functions
mkdtemp
setenv
unsetenv
strpbrk
which may bot be implemented on all platforms. They are not required
on a libc based system.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac <adns>: Use adns_free as probe function for libadns.
(HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro.
(ADNSLIBS): Do not ac_subst - it is only used within configure.
--
adns_free is required on Windows anyway (for robustness reasons) and
it has been around for so long now that we do not need a separate
test. An upstream adns 1.5 has meanwhile been release but I doubt that
this has the required Windows code - and it is not libtool based
anyway.
--
Also fixed some of my own copyright notices due to the termination of
my assignment. The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
* configure.ac: Add option --disable-ldap.
(USE_LDAP): New ac_define and am_conditional.
* dirmngr/Makefile.am: Take care of USE_LDAP.
* dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
and do not call any ldap function.
* dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
* dirmngr/crlfetch.c (!USE_LDAP): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.
--
This is a cherry-pick of 534e2876ac from
STABLE-BRANCH-1-4 against master
Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.
Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.
Debian-bug-id: 739424
Minor edits by wk.
GnuPG-bug-id: 1732
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options. Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--
The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--
This is only the configure stuff. If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.
* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
* configure.ac: Do not allow to disable sha256.
* configure.ac: Remove option --build-agent-only.
(FAKE_CURL, GPGKEYS_CURL): Remove check for cURL
(GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused
SENDMAIL check.
(GPGKEYS_KDNS): Remove ac_subst.
* autogen.rc (final_info): Remove suggestion to use the removed option
--enable-mailto.
Werner Koch