[Pkg-gnupg-commit] [gnupg2] 268/292: dirmngr: Auto-sownload the swdb.lst

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Nov 21 06:31:50 UTC 2016 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit bd91f92ace09263e3a91177f2a1644379baeb08a
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Nov 17 10:14:14 2016 +0100

    dirmngr: Auto-sownload the swdb.lst
    
    * dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
    * dirmngr/dirmngr.c (oAllowVersionCheck): New.
    (opts): Add --allow-version-check.
    (network_activity_seen): New variable.
    (parse_rereadable_options): Set opt.allow_version_check.
    (main) <aGPGConfList>: Do not anymore set the no change flag for
    Windows.  Add allow-version-check.
    (netactivity_action): Set network_activity_seen.
    (housekeeping_thread): Call dirmngr_load_swdb.
    * tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
    Make "use-tor" available at Basic level.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 dirmngr/dirmngr.c    | 33 +++++++++++++++++++++++----------
 dirmngr/dirmngr.h    |  1 +
 doc/dirmngr.texi     |  9 +++++++++
 tools/gpgconf-comp.c |  5 ++++-
 4 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index db5079c..9d4fb14 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -131,6 +131,7 @@ enum cmd_and_opt_values {
   oFakedSystemTime,
   oForce,
   oAllowOCSP,
+  oAllowVersionCheck,
   oSocketName,
   oLDAPWrapperProgram,
   oHTTPWrapperProgram,
@@ -176,6 +177,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oBatch,    "batch",       N_("run without asking a user")),
   ARGPARSE_s_n (oForce,    "force",       N_("force loading of outdated CRLs")),
   ARGPARSE_s_n (oAllowOCSP, "allow-ocsp", N_("allow sending OCSP requests")),
+  ARGPARSE_s_n (oAllowVersionCheck, "allow-version-check",
+                N_("allow online software version check")),
   ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")),
   ARGPARSE_s_n (oDisableLDAP, "disable-ldap", N_("inhibit the use of LDAP")),
   ARGPARSE_s_n (oIgnoreHTTPDP,"ignore-http-dp",
@@ -289,6 +292,10 @@ static int disable_check_own_socket;
 /* Counter for the active connections.  */
 static int active_connections;
 
+/* This flag is set by any network access and used by the housekeeping
+ * thread to run background network tasks.  */
+static int network_activity_seen;
+
 /* The timer tick used for housekeeping stuff.  For Windows we use a
    longer period as the SetWaitableTimer seems to signal earlier than
    the 2 seconds.  All values are in seconds. */
@@ -526,6 +533,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.ignore_ldap_dp = 0;
       opt.ignore_ocsp_service_url = 0;
       opt.allow_ocsp = 0;
+      opt.allow_version_check = 0;
       opt.ocsp_responder = NULL;
       opt.ocsp_max_clock_skew = 10 * 60;      /* 10 minutes.  */
       opt.ocsp_max_period = 90 * 86400;       /* 90 days.  */
@@ -588,6 +596,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oIgnoreOCSPSvcUrl: opt.ignore_ocsp_service_url = 1; break;
 
     case oAllowOCSP: opt.allow_ocsp = 1; break;
+    case oAllowVersionCheck: opt.allow_version_check = 1; break;
     case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
     case oOCSPSigner:
       opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str);
@@ -1329,15 +1338,6 @@ main (int argc, char **argv)
       char *filename;
       char *filename_esc;
 
-#ifdef HAVE_W32_SYSTEM
-      /* On Windows systems, dirmngr always runs as system daemon, and
-	 the per-user configuration is never used.  So we short-cut
-	 everything to use the global system configuration of dirmngr
-	 above, and here we set the no change flag to make these
-	 read-only.  */
-      flags |= GC_OPT_FLAG_NO_CHANGE;
-#endif
-
       /* First the configuration file.  This is not an option, but it
 	 is vital information for GPG Conf.  */
       if (!opt.config_filename)
@@ -1375,6 +1375,7 @@ main (int argc, char **argv)
       es_printf ("max-replies:%lu:%u\n",
               flags | GC_OPT_FLAG_DEFAULT, DEFAULT_MAX_REPLIES);
       es_printf ("allow-ocsp:%lu:\n", flags | GC_OPT_FLAG_NONE);
+      es_printf ("allow-version-check:%lu:\n", flags | GC_OPT_FLAG_NONE);
       es_printf ("ocsp-responder:%lu:\n", flags | GC_OPT_FLAG_NONE);
       es_printf ("ocsp-signer:%lu:\n", flags | GC_OPT_FLAG_NONE);
 
@@ -1723,7 +1724,7 @@ dirmngr_sighup_action (void)
 static void
 netactivity_action (void)
 {
-  log_debug ("network activity seen\n");
+  network_activity_seen = 1;
 }
 
 
@@ -1782,6 +1783,7 @@ housekeeping_thread (void *arg)
 {
   static int sentinel;
   time_t curtime;
+  struct server_control_s ctrlbuf;
 
   (void)arg;
 
@@ -1795,7 +1797,18 @@ housekeeping_thread (void *arg)
   if (opt.verbose > 1)
     log_info ("starting housekeeping\n");
 
+  memset (&ctrlbuf, 0, sizeof ctrlbuf);
+  dirmngr_init_default_ctrl (&ctrlbuf);
+
   ks_hkp_housekeeping (curtime);
+  if (network_activity_seen)
+    {
+      network_activity_seen = 0;
+      if (opt.use_tor || opt.allow_version_check)
+        dirmngr_load_swdb (&ctrlbuf, 0);
+    }
+
+  dirmngr_deinit_default_ctrl (&ctrlbuf);
 
   if (opt.verbose > 1)
     log_info ("ready with housekeeping\n");
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 42b3b2b..da1c4be 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -92,6 +92,7 @@ struct
 
   int running_detached; /* We are running in detached mode.  */
   int use_tor;          /* Tor mode has been enabled.  */
+  int allow_version_check; /* --allow-version-check is active.  */
 
   int force;          /* Force loading outdated CRLs. */
 
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 300068e..73afbc3 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -244,6 +244,15 @@ this still leaks the DNS queries; e.g. to lookup the hosts in a
 keyserver pool.  Certain other features are disabled if this mode is
 active.
 
+ at item --allow-version-check
+ at opindex allow-version-check
+Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get
+the list of current software versions.  If this option is enabled, or
+if @option{use-tor} is active, the list is retrieved when the local
+copy does not exist or is older than 5 to 7 days.  See the option
+ at option{--query-swdb} of the command @command{gpgconf} for more
+details.
+
 @item --keyserver @var{name}
 @opindex keyserver
 Use @var{name} as your keyserver.  This is the server that @command{gpg}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 48c1b68..cd99c81 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -909,11 +909,14 @@ static gc_option_t gc_options_dirmngr[] =
    { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
      "dirmngr", "force loading of outdated CRLs",
      GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+   { "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+     "dirmngr", "allow online software version check",
+     GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
 
    { "Tor",
      GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
      "gnupg", N_("Options controlling the use of Tor") },
-   { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+   { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
      "dirmngr", "route all network traffic via TOR",
       GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list