diff options
author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:12 +0900 |
---|---|---|
committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:12 +0900 |
commit | 88d11242422e9ef0e94e472b61527faeb0a95bde (patch) | |
tree | 11fa1591c810418a938677279e0022bbb62fde7a /doc | |
parent | 38e6451f41db54227426835fea3069d721d1a0a5 (diff) | |
download | gpg2-88d11242422e9ef0e94e472b61527faeb0a95bde.tar.gz gpg2-88d11242422e9ef0e94e472b61527faeb0a95bde.tar.bz2 gpg2-88d11242422e9ef0e94e472b61527faeb0a95bde.zip |
Imported Upstream version 2.1.14upstream/2.1.14
Diffstat (limited to 'doc')
-rw-r--r-- | doc/HACKING | 2 | ||||
-rw-r--r-- | doc/Makefile.am | 4 | ||||
-rw-r--r-- | doc/gpg-agent.texi | 2 | ||||
-rw-r--r-- | doc/gpg.texi | 256 | ||||
-rw-r--r-- | doc/mkdefsinc.c | 42 | ||||
-rw-r--r-- | doc/tools.texi | 6 | ||||
-rw-r--r-- | doc/yat2m.c | 45 |
7 files changed, 308 insertions, 49 deletions
diff --git a/doc/HACKING b/doc/HACKING index d2168d6..94e65d8 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -46,6 +46,8 @@ are - scd :: The scdaemon component - ccid :: The CCID driver in scdaemon - dirmngr :: The dirmngr component + - wks :: The web key service tools + - tools :: Other code in tools - w32 :: Windows related code - po :: Translations - build :: Changes to the build system diff --git a/doc/Makefile.am b/doc/Makefile.am index bc06cd5..52ac398 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -32,7 +32,7 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \ help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt -EXTRA_DIST = samplekeys.asc mksamplekeys \ +EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \ gnupg-module-overview.png gnupg-module-overview.pdf \ gnupg-card-architecture.png gnupg-card-architecture.pdf \ @@ -46,7 +46,7 @@ BUILT_SOURCES = gnupg-module-overview.png gnupg-module-overview.pdf \ info_TEXINFOS = gnupg.texi -dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles) +dist_pkgdata_DATA = $(helpfiles) nobase_dist_doc_DATA = FAQ DETAILS HACKING DCO TRANSLATE OpenPGP KEYSERVER \ $(examples) diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 37774dd..cd5d751 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -815,7 +815,7 @@ it by adding this to your init script: @example unset SSH_AGENT_PID if [ "$@{gnupg_SSH_AUTH_SOCK_by:-0@}" -ne $$ ]; then - export SSH_AUTH_SOCK="$@{HOME@}/.gnupg/S.gpg-agent.ssh" + export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" fi @end example @end cartouche diff --git a/doc/gpg.texi b/doc/gpg.texi index be80450..38f417e 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -233,7 +233,7 @@ read from STDIN. If only a one argument is given, it is expected to be a complete signature. With more than 1 argument, the first should be a detached signature -and the remaining files ake up the the signed data. To read the signed +and the remaining files make up the the signed data. To read the signed data from STDIN, use @samp{-} as the second filename. For security reasons a detached signature cannot read the signed material from STDIN without denoting it in the above way. @@ -281,9 +281,10 @@ List all keys from the public keyrings, or just the keys given on the command line. Avoid using the output of this command in scripts or other programs as -it is likely to change as GnuPG changes. See @option{--with-colons} for a -machine-parseable key listing command that is appropriate for use in -scripts and other programs. +it is likely to change as GnuPG changes. See @option{--with-colons} +for a machine-parseable key listing command that is appropriate for +use in scripts and other programs. Never use the regular output for +scripts - it is only for human consumption. @item --list-secret-keys @itemx -K @@ -291,7 +292,7 @@ scripts and other programs. List all keys from the secret keyrings, or just the ones given on the command line. A @code{#} after the letters @code{sec} means that the secret key is not usable (for example, if it was created via -@option{--export-secret-subkeys}). +@option{--export-secret-subkeys}). See also @option{--list-keys}. @item --list-sigs @opindex list-sigs @@ -569,7 +570,7 @@ Use the source, Luke :-). The output format is still subject to change. @item --enarmor -@item --dearmor +@itemx --dearmor @opindex enarmor @opindex dearmor Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor. @@ -1040,6 +1041,15 @@ the interactive sub-command @code{adduid} of @option{--edit-key} the white space removed, it is expected to be UTF-8 encoded, and no checks on its form are applied. +@item --quick-revuid @var{user-id} @var{user-id-to-revoke} +@opindex quick-revuid +This command revokes a User ID on an existing key. It cannot be used +to revoke the last User ID on key (some non-revoked User ID must +remain), with revocation reason ``User ID is no longer valid''. If +you want to specify a different revocation reason, or to supply +supplementary revocation text, you should use the interactive +sub-command @code{revuid} of @option{--edit-key}. + @item --passwd @var{user_id} @opindex passwd Change the passphrase of the secret key belonging to the certificate @@ -1361,6 +1371,10 @@ Note that this adds a keyring to the current list. If the intent is to use the specified keyring alone, use @option{--keyring} along with @option{--no-default-keyring}. +If the the option @option{--no-keyring} has been used no keyrings will +be used at all. + + @item --secret-keyring @code{file} @opindex secret-keyring This is an obsolete option and ignored. All secret keys are stored in @@ -2023,6 +2037,22 @@ limited countermeasure against traffic analysis. If this option or @option{--recipient} is not specified, GnuPG asks for the user ID unless @option{--default-recipient} is given. +@item --recipient-file @var{file} +@itemx -f +@opindex recipient-file +This option is similar to @option{--recipient} except that it +encrypts to a key stored in the given file. @var{file} must be the +name of a file containing exactly one key. @command{gpg} assumes that +the key in this file is fully valid. + +@item --hidden-recipient-file @var{file} +@itemx -F +@opindex hidden-recipient-file +This option is similar to @option{--hidden-recipient} except that it +encrypts to a key stored in the given file. @var{file} must be the +name of a file containing exactly one key. @command{gpg} assumes that +the key in this file is fully valid. + @item --encrypt-to @code{name} @opindex encrypt-to Same as @option{--recipient} but this one is intended for use in the @@ -2041,11 +2071,6 @@ recipients given either by use of @option{--recipient} or by the asked user id. No trust checking is performed for these user ids and even disabled keys can be used. -@item --encrypt-to-default-key -@opindex encrypt-to-default-key -If the default secret key is taken from @option{--default-key}, then -also encrypt to that key. - @item --no-encrypt-to @opindex no-encrypt-to Disable the use of all @option{--encrypt-to} and @@ -2179,6 +2204,18 @@ opposite meaning. The options are: subkey. Defaults to no for regular @option{--import} and to yes for keyserver @option{--recv-keys}. + @item import-show + Show a listing of the key as imported right before it is stored. + This can be combined with the option @option{--dry-run} to only look + at keys. + + @item import-export + Run the entire import code but instead of storing the key to the + local keyring write it to the output. The export options + @option{export-pka} and @option{export-dane} affect the output. This + option can be used to remove all invalid parts from a key without the + need to store it. + @item merge-only During import, allow key updates to existing keys, but do not allow any new keys to be imported. Defaults to no. @@ -2198,6 +2235,47 @@ opposite meaning. The options are: Defaults to no. @end table +@item --import-filter @code{@var{name}=@var{expr}} +@itemx --export-filter @code{@var{name}=@var{expr}} +@opindex import-filter +@opindex export-filter +These options define an import/export filter which are applied to the +imported/exported keyblock right before it will be stored/written. +@var{name} defines the type of filter to use, @var{expr} the +expression to evaluate. The option can be used several times which +then appends more expression to the same @var{name}. + +@noindent +The available filter types are: + +@table @asis + + @item keep-uid + This filter will keep a user id packet and its dependent packets in + the keyblock if the expression evaluates to true. + +@end table + +For the syntax of the expression see the chapter "FILTER EXPRESSIONS". +The property names for the expressions depend on the actual filter +type and are indicated in the following table. + +The available properties are: + +@table @asis + + @item uid + A string with the user id. (keep-uid) + + @item mbox + The addr-spec part of a user id with mailbox or the empty string. + (keep-uid) + + @item primary + Boolean indicating whether the user id is the primary one. (keep-uid) + +@end table + @item --export-options @code{parameters} @opindex export-options This is a space or comma delimited string that gives options for @@ -2244,6 +2322,18 @@ opposite meaning. The options are: most recent self-signature on each user ID. This option is the same as running the @option{--edit-key} command "minimize" before export except that the local copy of the key is not modified. Defaults to no. + + @item export-pka + Instead of outputting the key material output PKA records suitable + to put into DNS zone files. An ORIGIN line is printed before each + record to allow diverting the records to the corresponding zone file. + + @item export-dane + Instead of outputting the key material output OpenPGP DANE records + suitable to put into DNS zone files. An ORIGIN line is printed before + each record to allow diverting the records to the corresponding zone + file. + @end table @item --with-colons @@ -2255,20 +2345,6 @@ as it is easily machine parsed. The details of this format are documented in the file @file{doc/DETAILS}, which is included in the GnuPG source distribution. - -@item --print-pka-records -@opindex print-pka-records -Modify the output of the list commands to print PKA records suitable -to put into DNS zone files. An ORIGIN line is printed before each -record to allow diverting the records to the corresponding zone file. - -@item --print-dane-records -@opindex print-dane-records -Modify the output of the list commands to print OpenPGP DANE records -suitable to put into DNS zone files. An ORIGIN line is printed before -each record to allow diverting the records to the corresponding zone -file. - @item --fixed-list-mode @opindex fixed-list-mode Do not merge primary user ID and primary key in @option{--with-colon} @@ -2463,6 +2539,13 @@ Reset all packet, cipher and digest options to strict RFC-4880 behavior. Note that this is currently the same thing as @option{--openpgp}. +@item --rfc4880bis +@opindex rfc4880bis +Enable experimental features from proposed updates to RFC-4880. This +option can be used in addition to the other compliance options. +Warning: The behavior may change with any GnuPG release and created +keys or data may not be usable with future GnuPG versions. + @item --rfc2440 @opindex rfc2440 Reset all packet, cipher and digest options to strict RFC-2440 @@ -2940,6 +3023,10 @@ and do not provide alternate keyrings via @option{--keyring} or @option{--secret-keyring}, then GnuPG will still use the default public or secret keyrings. +@item --no-keyring +@opindex no-keyring +Do not add use any keyrings even if specified as options. + @item --skip-verify @opindex skip-verify Skip the signature verification step. This may be @@ -3170,7 +3257,6 @@ current home directory (@pxref{option --homedir}). @end table -@c man:.RE Note that on larger installations, it is useful to put predefined files into the directory @file{@value{SYSCONFSKELDIR}} so that newly created users start up with a working configuration. @@ -3245,7 +3331,6 @@ files; They all live in in the current home directory (@pxref{option @end table -@c man:.RE Operation is further controlled by a few environment variables: @table @asis @@ -3338,6 +3423,123 @@ user for the filename. @include specify-user-id.texi @end ifset +@mansect filter expressions +@chapheading FILTER EXPRESSIONS + +The options @option{--import-filter} and @option{--export-filter} use +expressions with this syntax (square brackets indicate an optional +part and curly braces a repetition, white space between the elements +are allowed): + +@c man:.RS +@example + [lc] @{[@{flag@}] PROPNAME op VALUE [lc]@} +@end example +@c man:.RE + +The name of a property (@var{PROPNAME}) may only consist of letters, +digits and underscores. The description for the filter type +describes which properties are defined. If an undefined property is +used it evaluates to the empty string. Unless otherwise noted, the +@var{VALUE} must always be given and may not be the empty string. No +quoting is defined for the value, thus the value may not contain the +strings @code{&&} or @code{||}, which are used as logical connection +operators. The flag @code{--} can be used to remove this restriction. + +Numerical values are computed as long int; standard C notation +applies. @var{lc} is the logical connection operator; either +@code{&&} for a conjunction or @code{||} for a disjunction. A +conjunction is assumed at the begin of an expression. Conjunctions +have higher precedence than disjunctions. If @var{VALUE} starts with +one of the characters used in any @var{op} a space after the +@var{op} is required. + +@noindent +The supported operators (@var{op}) are: + +@table @asis + + @item =~ + Substring must match. + + @item !~ + Substring must not match. + + @item = + The full string must match. + + @item <> + The full string must not match. + + @item == + The numerical value must match. + + @item != + The numerical value must not match. + + @item <= + The numerical value of the field must be LE than the value. + + @item < + The numerical value of the field must be LT than the value. + + @item >= + The numerical value of the field must be GT than the value. + + @item >= + The numerical value of the field must be GE than the value. + + @item -n + True if value is not empty (no value allowed). + + @item -z + True if value is empty (no value allowed). + + @item -t + Alias for "PROPNAME != 0" (no value allowed). + + @item -f + Alias for "PROPNAME == 0" (no value allowed). + +@end table + +@noindent +Values for @var{flag} must be space separated. The supported flags +are: + +@table @asis + @item -- + @var{VALUE} spans to the end of the expression. + @item -c + The string match in this part is done case-sensitive. +@end table + +The filter options concatenate several specifications for a filter of +the same type. For example the four options in this example: + +@c man:.RS +@example + --import-option keep-uid="uid =~ Alfa" + --import-option keep-uid="&& uid !~ Test" + --import-option keep-uid="|| uid =~ Alpha" + --import-option keep-uid="uid !~ Test" +@end example +@c man:.RE + +@noindent +which is equivalent to + +@c man:.RS +@example + --import-option \ + keep-uid="uid =~ Alfa" && uid !~ Test" || uid =~ Alpha" && "uid !~ Test" +@end example +@c man:.RE + +imports only the user ids of a key containing the strings "Alfa" +or "Alpha" but not the string "test". + + @mansect return value @chapheading RETURN VALUE diff --git a/doc/mkdefsinc.c b/doc/mkdefsinc.c index f3e2f35..b8fbed6 100644 --- a/doc/mkdefsinc.c +++ b/doc/mkdefsinc.c @@ -140,6 +140,27 @@ get_date_from_files (char **files) } +/* We need to escape file names for Texinfo. */ +static void +print_filename (const char *prefix, const char *name) +{ + const char *s; + + fputs (prefix, stdout); + for (s=name; *s; s++) + switch (*s) + { + case '@': fputs ("@atchar{}", stdout); break; + case '{': fputs ("@lbracechar{}", stdout); break; + case '}': fputs ("@rbracechar{}", stdout); break; + case ',': fputs ("@comma{}", stdout); break; + case '\\':fputs ("@backslashchar{}", stdout); break; + case '#': fputs ("@hashchar{}", stdout); break; + default: putchar (*s); break; + } + putchar('\n'); +} + int main (int argc, char **argv) @@ -288,17 +309,16 @@ main (int argc, char **argv) fputs ("\n@c Directories\n\n", stdout); - fputs ("@set BINDIR " GNUPG_BINDIR "\n" - "@set LIBEXECDIR " GNUPG_LIBEXECDIR "\n" - "@set LIBDIR " GNUPG_LIBDIR "\n" - "@set DATADIR " GNUPG_DATADIR "\n" - "@set SYSCONFDIR " GNUPG_SYSCONFDIR "\n" - "@set LOCALSTATEDIR " GNUPG_LOCALSTATEDIR "\n" - "@set LOCALCACHEDIR " GNUPG_LOCALSTATEDIR - /* */ "/cache/" PACKAGE_NAME "\n" - "@set LOCALRUNDIR " GNUPG_LOCALSTATEDIR - /* */ "/run/" PACKAGE_NAME "\n" - , stdout); + print_filename ("@set BINDIR ", GNUPG_BINDIR ); + print_filename ("@set LIBEXECDIR ", GNUPG_LIBEXECDIR ); + print_filename ("@set LIBDIR ", GNUPG_LIBDIR ); + print_filename ("@set DATADIR ", GNUPG_DATADIR ); + print_filename ("@set SYSCONFDIR ", GNUPG_SYSCONFDIR ); + print_filename ("@set LOCALSTATEDIR ", GNUPG_LOCALSTATEDIR ); + print_filename ("@set LOCALCACHEDIR ", (GNUPG_LOCALSTATEDIR + "/cache/" PACKAGE_NAME)); + print_filename ("@set LOCALRUNDIR ", (GNUPG_LOCALSTATEDIR + "/run/" PACKAGE_NAME)); p = xstrdup (GNUPG_SYSCONFDIR); pend = strrchr (p, '/'); diff --git a/doc/tools.texi b/doc/tools.texi index 8fdaa96..577df8e 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -280,7 +280,7 @@ Check the options for the component @var{component}. Update all configuration files with values taken from the global configuration file (usually @file{/etc/gnupg/gpgconf.conf}). -@item --list-dirs +@item --list-dirs [@var{names}] Lists the directories used by @command{gpgconf}. One directory is listed per line, and each line consists of a colon-separated list where the first field names the directory type (for example @code{sysconfdir}) @@ -288,7 +288,9 @@ and the second field contains the percent-escaped directory. Although they are not directories, the socket file names used by @command{gpg-agent} and @command{dirmngr} are printed as well. Note that the socket file names and the @code{homedir} lines are the default -names and they may be overridden by command line switches. +names and they may be overridden by command line switches. If +@var{names} are given only the directories or file names specified by +the list names are printed without any escaping. @item --list-config [@var{filename}] List the global configuration file in a colon separated format. If diff --git a/doc/yat2m.c b/doc/yat2m.c index 3de908c..9b76f19 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005, 2013, 2015 g10 Code GmbH + * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -13,7 +13,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. + * along with this program; if not, see <https://www.gnu.org/licenses/>. */ /* @@ -104,6 +104,29 @@ #include <time.h> +#if __GNUC__ +# define MY_GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) +#else +# define MY_GCC_VERSION 0 +#endif + +#if MY_GCC_VERSION >= 20500 +# define ATTR_PRINTF(f, a) __attribute__ ((format(printf,f,a))) +# define ATTR_NR_PRINTF(f, a) __attribute__ ((noreturn, format(printf,f,a))) +#else +# define ATTR_PRINTF(f, a) +# define ATTR_NR_PRINTF(f, a) +#endif +#if MY_GCC_VERSION >= 30200 +# define ATTR_MALLOC __attribute__ ((__malloc__)) +#else +# define ATTR_MALLOC +#endif + + + #define PGM "yat2m" #define VERSION "1.0" @@ -214,8 +237,16 @@ static const char * const standard_sections[] = static void proc_texi_buffer (FILE *fp, const char *line, size_t len, int *table_level, int *eol_action); +static void die (const char *format, ...) ATTR_NR_PRINTF(1,2); +static void err (const char *format, ...) ATTR_PRINTF(1,2); +static void inf (const char *format, ...) ATTR_PRINTF(1,2); +static void *xmalloc (size_t n) ATTR_MALLOC; +static void *xcalloc (size_t n, size_t m) ATTR_MALLOC; + +/*-- Functions --*/ + /* Print diagnostic message and exit with failure. */ static void die (const char *format, ...) @@ -558,7 +589,7 @@ get_section_buffer (const char *name) for (i=0; i < thepage.n_sections; i++) if (!thepage.sections[i].name) break; - if (i < thepage.n_sections) + if (thepage.n_sections && i < thepage.n_sections) sect = thepage.sections + i; else { @@ -715,7 +746,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "subsection", 6, "\n.SS " }, { "chapheading", 0}, { "item", 2, ".TP\n.B " }, - { "itemx", 2, ".TP\n.B " }, + { "itemx", 2, ".TQ\n.B " }, { "table", 3 }, { "itemize", 3 }, { "bullet", 0, "* " }, @@ -762,6 +793,8 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { if ((*table_level)-- > 1) fputs (".RE\n", fp); + else + fputs (".P\n", fp); } else if (n >= 7 && !memcmp (s, "example", 7) && (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n')) @@ -853,7 +886,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } else inf ("texinfo command '%s' not supported (%.*s)", command, - ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); + (int)((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); } if (*rest == '{') @@ -965,7 +998,7 @@ proc_texi_buffer (FILE *fp, const char *line, size_t len, assert (n <= len); s += n; len -= n; s--; len++; - in_cmd = 0; + /* in_cmd = 0; -- doc only */ } } |