[Pkg-gnupg-commit] [gnupg2] 268/292: dirmngr: Auto-sownload the swdb.lst
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 21 06:31:50 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit bd91f92ace09263e3a91177f2a1644379baeb08a
Author: Werner Koch <wk at gnupg.org>
Date: Thu Nov 17 10:14:14 2016 +0100
dirmngr: Auto-sownload the swdb.lst
* dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
* dirmngr/dirmngr.c (oAllowVersionCheck): New.
(opts): Add --allow-version-check.
(network_activity_seen): New variable.
(parse_rereadable_options): Set opt.allow_version_check.
(main) <aGPGConfList>: Do not anymore set the no change flag for
Windows. Add allow-version-check.
(netactivity_action): Set network_activity_seen.
(housekeeping_thread): Call dirmngr_load_swdb.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
Make "use-tor" available at Basic level.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
dirmngr/dirmngr.c | 33 +++++++++++++++++++++++----------
dirmngr/dirmngr.h | 1 +
doc/dirmngr.texi | 9 +++++++++
tools/gpgconf-comp.c | 5 ++++-
4 files changed, 37 insertions(+), 11 deletions(-)
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index db5079c..9d4fb14 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -131,6 +131,7 @@ enum cmd_and_opt_values {
oFakedSystemTime,
oForce,
oAllowOCSP,
+ oAllowVersionCheck,
oSocketName,
oLDAPWrapperProgram,
oHTTPWrapperProgram,
@@ -176,6 +177,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oBatch, "batch", N_("run without asking a user")),
ARGPARSE_s_n (oForce, "force", N_("force loading of outdated CRLs")),
ARGPARSE_s_n (oAllowOCSP, "allow-ocsp", N_("allow sending OCSP requests")),
+ ARGPARSE_s_n (oAllowVersionCheck, "allow-version-check",
+ N_("allow online software version check")),
ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")),
ARGPARSE_s_n (oDisableLDAP, "disable-ldap", N_("inhibit the use of LDAP")),
ARGPARSE_s_n (oIgnoreHTTPDP,"ignore-http-dp",
@@ -289,6 +292,10 @@ static int disable_check_own_socket;
/* Counter for the active connections. */
static int active_connections;
+/* This flag is set by any network access and used by the housekeeping
+ * thread to run background network tasks. */
+static int network_activity_seen;
+
/* The timer tick used for housekeeping stuff. For Windows we use a
longer period as the SetWaitableTimer seems to signal earlier than
the 2 seconds. All values are in seconds. */
@@ -526,6 +533,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.ignore_ldap_dp = 0;
opt.ignore_ocsp_service_url = 0;
opt.allow_ocsp = 0;
+ opt.allow_version_check = 0;
opt.ocsp_responder = NULL;
opt.ocsp_max_clock_skew = 10 * 60; /* 10 minutes. */
opt.ocsp_max_period = 90 * 86400; /* 90 days. */
@@ -588,6 +596,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oIgnoreOCSPSvcUrl: opt.ignore_ocsp_service_url = 1; break;
case oAllowOCSP: opt.allow_ocsp = 1; break;
+ case oAllowVersionCheck: opt.allow_version_check = 1; break;
case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
case oOCSPSigner:
opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str);
@@ -1329,15 +1338,6 @@ main (int argc, char **argv)
char *filename;
char *filename_esc;
-#ifdef HAVE_W32_SYSTEM
- /* On Windows systems, dirmngr always runs as system daemon, and
- the per-user configuration is never used. So we short-cut
- everything to use the global system configuration of dirmngr
- above, and here we set the no change flag to make these
- read-only. */
- flags |= GC_OPT_FLAG_NO_CHANGE;
-#endif
-
/* First the configuration file. This is not an option, but it
is vital information for GPG Conf. */
if (!opt.config_filename)
@@ -1375,6 +1375,7 @@ main (int argc, char **argv)
es_printf ("max-replies:%lu:%u\n",
flags | GC_OPT_FLAG_DEFAULT, DEFAULT_MAX_REPLIES);
es_printf ("allow-ocsp:%lu:\n", flags | GC_OPT_FLAG_NONE);
+ es_printf ("allow-version-check:%lu:\n", flags | GC_OPT_FLAG_NONE);
es_printf ("ocsp-responder:%lu:\n", flags | GC_OPT_FLAG_NONE);
es_printf ("ocsp-signer:%lu:\n", flags | GC_OPT_FLAG_NONE);
@@ -1723,7 +1724,7 @@ dirmngr_sighup_action (void)
static void
netactivity_action (void)
{
- log_debug ("network activity seen\n");
+ network_activity_seen = 1;
}
@@ -1782,6 +1783,7 @@ housekeeping_thread (void *arg)
{
static int sentinel;
time_t curtime;
+ struct server_control_s ctrlbuf;
(void)arg;
@@ -1795,7 +1797,18 @@ housekeeping_thread (void *arg)
if (opt.verbose > 1)
log_info ("starting housekeeping\n");
+ memset (&ctrlbuf, 0, sizeof ctrlbuf);
+ dirmngr_init_default_ctrl (&ctrlbuf);
+
ks_hkp_housekeeping (curtime);
+ if (network_activity_seen)
+ {
+ network_activity_seen = 0;
+ if (opt.use_tor || opt.allow_version_check)
+ dirmngr_load_swdb (&ctrlbuf, 0);
+ }
+
+ dirmngr_deinit_default_ctrl (&ctrlbuf);
if (opt.verbose > 1)
log_info ("ready with housekeeping\n");
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 42b3b2b..da1c4be 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -92,6 +92,7 @@ struct
int running_detached; /* We are running in detached mode. */
int use_tor; /* Tor mode has been enabled. */
+ int allow_version_check; /* --allow-version-check is active. */
int force; /* Force loading outdated CRLs. */
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 300068e..73afbc3 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -244,6 +244,15 @@ this still leaks the DNS queries; e.g. to lookup the hosts in a
keyserver pool. Certain other features are disabled if this mode is
active.
+ at item --allow-version-check
+ at opindex allow-version-check
+Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get
+the list of current software versions. If this option is enabled, or
+if @option{use-tor} is active, the list is retrieved when the local
+copy does not exist or is older than 5 to 7 days. See the option
+ at option{--query-swdb} of the command @command{gpgconf} for more
+details.
+
@item --keyserver @var{name}
@opindex keyserver
Use @var{name} as your keyserver. This is the server that @command{gpg}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 48c1b68..cd99c81 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -909,11 +909,14 @@ static gc_option_t gc_options_dirmngr[] =
{ "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"dirmngr", "force loading of outdated CRLs",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "allow online software version check",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "Tor",
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
"gnupg", N_("Options controlling the use of Tor") },
- { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"dirmngr", "route all network traffic via TOR",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list